Re: [Samba] Windows 7 Home to Ubuntu 10.4 Samba 3.4.7 Access denied
On 6/7/2010 1:04 PM, Christian PERRIER wrote: Quoting Guy Rouillier (guyr-...@burntmail.com): I have spent many hours researching and trying many different things, starting with this: http://wiki.samba.org/index.php/Windows7. However, I still cannot get Windows 7 Home Premium to connect to a Samba share using user-based security. XP works fine. I keep getting access denied. Just this evening, I finally tried share level security, and both XP and 7 can connect to that, so I'm using that for now. BTW, this valid users = %S thing shoul dbe removed from your [global] section. valid users is a share-level setting and %S is meant to be replace by the share name. IMHO, having it in the [global] section can't do anything good. At best, it is just useless. At worse, this could be the cause of some problems. Not yours, probably as it is overriden by the valid users = guy setting in [data]but I would suggest dropping settings that are piled up in smb.conf *unless* you *know* that there is a need for them. Thank you *very* much. That was the problem. Windows 7 now works with security=user. Ugh. That entry was left over from the initial smb.conf that Samba provided upon install. I left it in case I wanted to do something with home directories later. Since I turned off user shares, I thought that entry would be harmless (though as you say, also useless.) Turns out I was wrong. One unrelated (minor) oddity I stumbled across while trying to figure this out has to do with wildcard expansion. My clients are mainly Windows boxes. I get the following (N: is the Samba share on the Ubuntu box): N:\utildir ac* Volume in drive N is data Volume Serial Number is 0160-027E Directory of N:\util 04/26/2002 02:44 PM66 authenejbcp.bat 05/28/2010 10:40 PM46,899,200 ActivePython-2.6.5.12-win32-x86.msi 11/27/2009 04:49 AM24,884,830 ActiveTcl8.6.0.0b2.291226-win32-ix86-thre aded.exe 05/27/2010 03:26 PM18,941,656 ActivePerl-5.10.1.1007-MSWin32-x86-291969 .msi 4 File(s) 90,725,752 bytes 0 Dir(s) 534,097,600,512 bytes free I don't know why it thinks authenejbcp.bat begins with ac. If I do dir act* it only shows the 3 Active* files; if I do dir au* it only shows me files beginning with au, including authenejbcp.bat above. BTW, this is a fresh Ubuntu install - no previous version. -- Guy Rouillier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net vampire
This is my first crack at samba4 Downloaded via git couple hours ago followed the howto at http://wiki.samba.org/index.php/Samba4/HOWTO#Step_1:_Download_Samba4, and everything worked great. I was able to create my domain, join winxp and win 7 to it, manage the domain users and groups through winxp. I then followed the howto at http://wiki.samba.org/index.php/Samba4/Winbind to get my winbind working, and everything looks good. Started following the howto at http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to add another DC. ran the command: net vampire calgary.itcandox.loc -Uadministrator --realm=calgary.itcandox.loc --target-dir=/usr/local/samba/private/ It always fail at the end with the following output: CLDAP response: forest=calgary.itcandox.loc dns=calgary.itcandox.loc netbios=CALGARY server_site=Default-First-Site-Name client_site=Default-First-Site-Name Become DC [(null)] of Domain[CALGARY]/[calgary.itcandox.loc] Promotion Partner is Server[pdc1.calgary.itcandox.loc] from Site[Default-First-Site-Name] Options:crossRef behavior_version[2] schema object_version[47] domain behavior_version[2] domain w2k3_update_revision[8] Provision for Become-DC test using python New Server in Site[Default-First-Site-Name] DSA Instance [(null)] invocationId[None] Paths under targetdir[/usr/local/samba/private/] Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Please install the phpLDAPadmin configuration located at /usr/local/samba/private/private/phpldapadmin-config.php into /etc/phpldapadmin/config.php Once the above files are installed, your Samba4 server will be ready to use Server Role: domain controller Hostname: PDC2 NetBIOS Domain:CALGARY DNS Domain:calgary.itcandox.loc DOMAIN SID:S-1-5-21-3652794813-3175583696-3763304489 Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[87/1550] linked_values[0/0] Analyze and apply schema objects Failed to add prefixMap and schemaInfo Object class violation libnet_BecomeDC() failed - NT_STATUS_UNSUCCESSFUL Traceback (most recent call last): File bin/python/samba/netcmd/__init__.py, line 99, in _run return self.run(*args, **kwargs) File bin/python/samba/netcmd/vampire.py, line 51, in run (domain_name, domain_sid) = net.vampire(domain=domain, target_dir=target_dir) RuntimeError: NT_STATUS_UNSUCCESSFUL Any ideas of what am I doing wrong? Ibrahim -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] strange couldn't find service error message
Matt Ingram wrote: There's about 10 users in the group. All of them can access the share fine, except for one guy. He's a valid user and has many other share drives on this system that are working fine. All 10 users are using a Windows XP platform. The log.smbd has an entry like this for his requests: username (192.168.1.145) couldn't find service share-name for the folder The for the folder part of the error stands out to me, but I don't know what it means. using smbclient locally (and remotely) I can map to this share using his credentials fine.. the share in smb.conf looks like this [share-name] path=/usr/local/share/groups/share-name valid users = @share-name @ntadmin admin users = @ntadmin force group = share-name create mask = 0660 directory mask = 0770 any thoughts ? Is the problem restricted to this guy's computer - can you connect to the share from his computer using someone else's credentials, or connect to the share from another computer using his? Are the share name, group name and user name all using plain ASCII characters? Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Joining samba domain fails
I am attempting to join my server to a samba 3.4 domain, and having a few issues. The error it keeps returning is NT_STATUS_END_OF_FILE when i attempt to use the net rpc join command. Find my debug output from the command, as well as the serves SMB.conf attached smb.conf # Global parameters [global] workgroup = CHOCOLATE server string = Nemo netbios name = nemo #hosts allow = 172.24.0. 172.20.0. #interfaces = em0 tun1 #bind interfaces only = Yes # passwd backend encrypt passwords = yes passdb backend = ldapsam:ldap://firstyear.ath.cx/ enable privileges = yes pam password change= Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes # Log options log level = 10 log file = /var/log/samba/%m max log size = 50 syslog = 0 # Name resolution name resolve order = wins bcast host # misc timeserver = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 use sendfile = yes veto files = /*.eml/*.nws/*.{*}/ veto oplock files = /*.doc/*.xls/*.mdb/ deadtime = 120 # Dos-Attribute map hidden = No map system = No map archive = No map read only = No store dos attributes = Yes # scripts invoked by samba add user script = /usr/local/sbin/smbldap-useradd -m %u delete user script= /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p %g delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u add machine script= /usr/local/sbin/smbldap-useradd -w %m # LDAP-iConfiguration ldap delete dn= Yes ldap ssl = start tls ldap passwd sync = Yes ldap suffix = dc=chocolate,dc=lan ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups,ou=Domain ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=chocolate,dc=lan idmap backend = ldap:ldap://firstyear.ath.cx idmap uid = 1-2 idmap gid = 1-2 # logon options logon script = logon.bat logon path = \%Lprofiles%u logon path = logon home = \%L%U logon drive = H: # setting up as domain controller username map = /usr/local/samba/usermap preferred master = Yes wins support = Yes domain logons = Yes domain master = Yes local master = Yes os level = 64 map acl inherit = Yes unix charset = UTF8 # Share Definitions == [netlogon] comment = Network Logon Service path = /storage/samba/netlogon guest ok = yes locking = no [homes] comment = Home Directories valid users = %S read only = No browseable = No [Profiles] comment = Network Profiles Service path = /storage/samba/profiles read only = No profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/ profile acls = Yes [data] comment = Data Directory path = /home/data write list = @smbdomain read only = No create mask = 0777 directory mask = 0777 debug log [r...@nemo ~]# net rpc join -d 10 -S 172.24.0.254 -U root [2010/06/08 20:11:42, 5] lib/debug.c:407(debug_dump_status) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 [2010/06/08 20:11:42, 3] param/loadparm.c:9040(lp_load_ex) lp_load_ex: refreshing parameters [2010/06/08 20:11:42, 3] param/loadparm.c:4848(init_globals) Initialising global parameters [2010/06/08 20:11:42, 2] param/loadparm.c:4699(max_open_files) max_open_files: sysctl_max (11095) below minimum Windows limit (16384) [2010/06/08 20:11:42, 2] param/loadparm.c:4707(max_open_files) rlimit_max: rlimit_max (11095) below minimum Windows limit (16384) [2010/06/08 20:11:42, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file
[Samba] how to set a default password smbldap-useradd tool 0.9.5?
Hi, is there an option to set a default password using smbldap-useradd, and if so, how? Thanks and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows7 samba oplock errors
Hello, we struggeled now for several months but we couldn't manage to get this scenario working: Client: Windows7 Server: Samba 3.3.8. (RHEL 5.5) connected to Active Directory via Winbind Something seems to be wrong with the opLocks: as soon as we try to make any Samba share offline available, it fails. Client error: process cannot access the file because it is being used by another process Server error: oplock break failed for file ... As far as I understand this, oplocks are enabled by default on Vista or Win7 clients. On the server we enabled oplocks in smb.conf oplocks = yes level2 oplocks = yes kernel oplocks = no Does anyone use (Samba-) offline folder on win7 clients without any errors ? best regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Asynchronous I/O
Thanks, Jeremy! Andy Currently aio on Linux is horribly broken due to a conservative glibc, which limits asynchronous requests to one outstanding one per file descriptor (which pretty much makes all io synchronous on Linux, whether you set aio sizes or not :-( ). I think this is a bug which needs fixing but haven't yet had time to do the work to prove this to glibc maintanence. This will be increasingly important for SMB2, as the Windows redirector now properly pipelines io (which the SMB1 redirector doesn't). Currently the only way to get real aio on Linux is to use Volker's vfs_aio_fork module, which uses processes to get true async io working. Volker is also doing a lot of work making aio work correctly on Linux (he has a git branch you can track for this). Should be working properly in 3.6.x and above (that's the plan :-). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] wins or windbind problem? - help please
WINS handles machine name resolution and locating domain controllers. WINS is a legacy of NT4 days when DNS was something for unix users only.You could probably work around the multiple WINS server issues by using lmhosts (I had some success with that) but it is probably simpler to just designate a primary WINS server- since it sounds like everything is on the same LAN (no multiple subnets or routing.) I never had luck editing the wins data files. Winbind handles looking up user accounts in other domains and allocating them uid and gids in the local domain. The major advantage of using a Microsoft server as a WINS server is that it handles WINS replication- which can be useful if you have a routed network and need multiple WINS servers.I don't know how many clients a single WINS server can support- if you have under 50 Windows machines I think you are OK.It is also easier to view entries, add static entries and purge old entries with a Windows WINS server. But I don't think that justifies migrating from Samba WINS server if that Samba one is working fine. On 06/07/2010 06:40 PM, Pablo Chamorro C. wrote: I have four domains in my LAN. I set up trust relationships for the domains, having each PDC working as wins server for each domain but I hd not set up winbind. I have samba3-3.3.12 + ldap (openldap 2.4.21) as users backend. I mean, I have wins support = yes for each PDC, and I can access to the shared folders of each PDC from any windows computer from my LAN. The samba docs are pretty clear. In order for interdomain trusts to work all PDC's must use the same wins server. I apreciate your time and your answer. Well, in the samba docs you can also read that the use of interdomain trusts requires use of winbind, that's why I'm asking. Well, In the redhat docs, I found also: In a mixed NT/2000/2003 server and Samba environment, it is recommended that you use the Microsoft WINS capabilities. That's why I'm asking for an advice from people who have more experience and knowledge. Thank you, Pablo Chamorro The problem is accessing to windows PCs from different domains. I mean, from pc1-domain1 I can't list the shares of pc2-domain2 (access denied), and when I try to connect to \\pc2-domain2\share the error message is: \\pc2-domain2 is not accesible There are currently no logon servers to service the request logon. Previously I shared the 'share' folder in pc2-domain2 PC and added permissions for users from domain1 and domain2 successfully. Trying from a Linux server, a guest try shows: [user]$ smbclient //pc2-domain2/share Password: Anonymous login successful Domain=[SMINERO] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] tree connect failed: NT_STATUS_ACCESS_DENIED Trying using a user account from domain2: [user]$ smbclient //pc2-domain2/share -U domain2/user Password: session setup failed: NT_STATUS_NO_LOGON_SERVERS The domain2 PDC log is: domain_client_validate: Domain password server not available. [2010/06/05 08:43:40, 5] auth/auth.c:check_ntlm_password(272) check_ntlm_password: winbind authentication for user [x] FAILED with error NT_STATUS_NO_LOGON_SERVERS [2010/06/05 08:43:40, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [xx] - [x] FAILED with error NT_STATUS_NO_LOGON_SERVERS. I tried adding PDC data from the wins.dat file from PDC2 to the wins.file from PDC1 (and in the other way) but it didn't work. I have this: PDC2#00 1275960126 172.25.1.24 66R PDC2#03 1275960126 172.25.1.24 66R PDC2#20 1275960126 172.25.1.24 66R PDC1#00 1276005993 172.25.1.8 66R PDC1#03 1276005993 172.25.1.8 66R PDC1#20 1276005993 172.25.1.8 66R Please, here my questions: 1. Could you please give me an advice for my problem? 2. Should I setup only an only wins server? The one from samba4wins? Where? In one of the PDCs or in other server? Thank you, Pablo Chamorro --- Ext. 8705 Tel: +57 (2) 7302593/7320752/7323272 - Fax: +57 (2) 7325014 Calle 27 N° 9 ESTE - 25, Barrio La Carolina - Pasto Este mensaje de correo electrónico fue analizado por el antivirus institucional Mcafee y su contenido está dirigido para el uso exclusivo de los destinatarios direccionados y puede contener información que es privilegiada, confidencial y exime de divulgación bajo Ley Aplicable. Si usted no es un destinatario previsto o el agente responsable de entregar este email al destinatario (s) previsto, se le notifica por este medio que cualquier uso, difusión, distribución o copia de esta comunicación está prohibida y puede terminantemente ser ilegal. Si usted recibió este email por error, notifique por favor al remitente inmediatamente contestando a este email o por teléfono y borre el email que se le envió por error. This electronic mail message was scanned by the Mcafee anti-virus and its contents are intended only for the use of the addressed
Re: [Samba] Specific GID
You could try using the wbinfo command #wbinfo --set-uid-mapping=UID,SID #wbinfo --set-gid-mapping=GID,SID I have used it with an LDAP backend- I don't know about RID backends. I think it is backend agnostic. On 06/04/2010 05:23 PM, Linux Addict wrote: Hello List, I am using RID for idmapping to authenticate Windows 2003 AD Domain and following is the configuration. idmap domains = default, DOMAIN idmap uid = 1 - 9 idmap gid = 1 - 9 idmap config default:default = Yes idmap config DOMAIN:backend = rid idmap config DOMAIN:range = 1 - 9 What I want to do is for a specific AD group, group1, I want to set the GID to something like 50. Is that possible? Any hint is appreciated. ~LA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Microsoft OneNote 2007 painfully slow
On Mon, Jun 7, 2010 at 6:06 PM, Jeremy Allison j...@samba.org wrote: On Mon, Jun 07, 2010 at 02:44:50PM -0600, Robert LeBlanc wrote: We have a user trying to share a OneNote 2007 notebook and it takes minutes to load a 20 KB notebook. I've opened a 500 KB Excel spreadsheet from the same share and it took seconds. Has anyone else run into this problem? We are running Samba 3.4.8 on Debian Squeeze. Minutes is very strange. Can you set the user's smbd to debug level 10 and look into the timestamped log and see where there are gaps in the timestamp record ? That should give you a clue as to what might be going on. Jeremy. How can I set a single user's smbd process to debug 10? We have hundreds of users on this system so I don't want to fill up the disks with logs from everyone. Thanks, Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain Trusts
Greetings List, I’ve been attempting to establish a two way domain trust between Samba Domains. The reasons why are numerous but mainly so that our Samba PDC supports Window7. Domain A is Samba 3.0.33 and domain B is Samba 3.3.12 and I’ve established that domain B trusts domain A without issue,however when I attempt to trust domain B on domain A, I get the following error. “Could not connect to server DomainA PDC. Storing password for trusted domain failed.” I’m certain the password is correct. _ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain Trusts
Greetings List, I’ve been attempting to establish a two way domain trust between Samba Domains. The reasons why are numerous but mainly so that our Samba PDC supports Window7. Domain A is Samba 3.0.33 and domain B is Samba 3.3.12 and I’ve established that domain B trusts domain A without issue,however when I attempt to trust domain B on domain A, I get the following error. “Could not connect to server DomainA PDC. Storing password for trusted domain failed.” I’m certain the password is correct. _ Hotmail is redefining busy with tools for the New Busy. Get more from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Microsoft OneNote 2007 painfully slow
On Tue, Jun 08, 2010 at 08:42:15AM -0600, Robert LeBlanc wrote: On Mon, Jun 7, 2010 at 6:06 PM, Jeremy Allison j...@samba.org wrote: On Mon, Jun 07, 2010 at 02:44:50PM -0600, Robert LeBlanc wrote: We have a user trying to share a OneNote 2007 notebook and it takes minutes to load a 20 KB notebook. I've opened a 500 KB Excel spreadsheet from the same share and it took seconds. Has anyone else run into this problem? We are running Samba 3.4.8 on Debian Squeeze. Minutes is very strange. Can you set the user's smbd to debug level 10 and look into the timestamped log and see where there are gaps in the timestamp record ? That should give you a clue as to what might be going on. Jeremy. How can I set a single user's smbd process to debug 10? We have hundreds of users on this system so I don't want to fill up the disks with logs from everyone. Use smbstatus to find out the process id, then use smbcontrol to set a specific process to a different debuglevel on the fly. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net vampire
On 8 June 2010 08:31, Ibrahim Hamouda ihamo...@itcanint.net wrote: This is my first crack at samba4 Downloaded via git couple hours ago followed the howto at http://wiki.samba.org/index.php/Samba4/HOWTO#Step_1:_Download_Samba4, and everything worked great. I was able to create my domain, join winxp and win 7 to it, manage the domain users and groups through winxp. I then followed the howto at http://wiki.samba.org/index.php/Samba4/Winbind to get my winbind working, and everything looks good. Started following the howto at http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to add another DC. ran the command: net vampire calgary.itcandox.loc -Uadministrator --realm=calgary.itcandox.loc --target-dir=/usr/local/samba/private/ It always fail at the end with the following output: CLDAP response: forest=calgary.itcandox.loc dns=calgary.itcandox.loc netbios=CALGARY server_site=Default-First-Site-Name client_site=Default-First-Site-Name Become DC [(null)] of Domain[CALGARY]/[calgary.itcandox.loc] Promotion Partner is Server[pdc1.calgary.itcandox.loc] from Site[Default-First-Site-Name] Options:crossRef behavior_version[2] schema object_version[47] domain behavior_version[2] domain w2k3_update_revision[8] Provision for Become-DC test using python New Server in Site[Default-First-Site-Name] DSA Instance [(null)] invocationId[None] Paths under targetdir[/usr/local/samba/private/] Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Please install the phpLDAPadmin configuration located at /usr/local/samba/private/private/phpldapadmin-config.php into /etc/phpldapadmin/config.php Once the above files are installed, your Samba4 server will be ready to use Server Role: domain controller Hostname: PDC2 NetBIOS Domain: CALGARY DNS Domain: calgary.itcandox.loc DOMAIN SID: S-1-5-21-3652794813-3175583696-3763304489 Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[87/1550] linked_values[0/0] Analyze and apply schema objects Failed to add prefixMap and schemaInfo Object class violation libnet_BecomeDC() failed - NT_STATUS_UNSUCCESSFUL Traceback (most recent call last): File bin/python/samba/netcmd/__init__.py, line 99, in _run return self.run(*args, **kwargs) File bin/python/samba/netcmd/vampire.py, line 51, in run (domain_name, domain_sid) = net.vampire(domain=domain, target_dir=target_dir) RuntimeError: NT_STATUS_UNSUCCESSFUL Any ideas of what am I doing wrong? It looks like a recent commit broke this. See this thread on samba-technical: http://lists.samba.org/archive/samba-technical/2010-June/071438.html -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net vampire
I see Somebody out there to fix this? Will be nice to get this working ASAP On 2010-06-08, at 9:52 AM, Michael Wood wrote: On 8 June 2010 08:31, Ibrahim Hamouda ihamo...@itcanint.net wrote: This is my first crack at samba4 Downloaded via git couple hours ago followed the howto at http://wiki.samba.org/index.php/Samba4/HOWTO#Step_1:_Download_Samba4, and everything worked great. I was able to create my domain, join winxp and win 7 to it, manage the domain users and groups through winxp. I then followed the howto at http://wiki.samba.org/index.php/Samba4/Winbind to get my winbind working, and everything looks good. Started following the howto at http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to add another DC. ran the command: net vampire calgary.itcandox.loc -Uadministrator --realm=calgary.itcandox.loc --target-dir=/usr/local/samba/private/ It always fail at the end with the following output: CLDAP response: forest=calgary.itcandox.loc dns=calgary.itcandox.loc netbios=CALGARY server_site=Default-First-Site-Name client_site=Default-First-Site-Name Become DC [(null)] of Domain[CALGARY]/[calgary.itcandox.loc] Promotion Partner is Server[pdc1.calgary.itcandox.loc] from Site[Default-First-Site-Name] Options:crossRef behavior_version[2] schema object_version[47] domain behavior_version[2] domain w2k3_update_revision[8] Provision for Become-DC test using python New Server in Site[Default-First-Site-Name] DSA Instance [(null)] invocationId[None] Paths under targetdir[/usr/local/samba/private/] Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Please install the phpLDAPadmin configuration located at /usr/local/samba/private/private/phpldapadmin-config.php into /etc/phpldapadmin/config.php Once the above files are installed, your Samba4 server will be ready to use Server Role: domain controller Hostname: PDC2 NetBIOS Domain:CALGARY DNS Domain:calgary.itcandox.loc DOMAIN SID:S-1-5-21-3652794813-3175583696-3763304489 Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[133/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=calgary,DC=itcandox,DC=loc] objects[87/1550] linked_values[0/0] Analyze and apply schema objects Failed to add prefixMap and schemaInfo Object class violation libnet_BecomeDC() failed - NT_STATUS_UNSUCCESSFUL Traceback (most recent call last): File bin/python/samba/netcmd/__init__.py, line 99, in _run return self.run(*args, **kwargs) File bin/python/samba/netcmd/vampire.py, line 51, in run (domain_name, domain_sid) = net.vampire(domain=domain, target_dir=target_dir) RuntimeError: NT_STATUS_UNSUCCESSFUL Any ideas of what am I doing wrong? It looks like a recent commit broke this. See this thread on samba-technical: http://lists.samba.org/archive/samba-technical/2010-June/071438.html -- Michael Wood esiot...@gmail.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-tools
0.9.4-1 I was wondering maybe this has more to do with ldap then smbldap-tools, or maybe a combo of both??? On Mon, Jun 7, 2010 at 10:33 PM, Miguel Medalha miguelmeda...@sapo.pt wrote: Which version of smbldap-tools are you using? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] cannot see or browse a share from a VPN client
Hello. I have three separate networks on my LAN: wired network (192.168.0.0/24) wireless network (192.168.5.0/24) VPN (172.16.15.0/24) Here is an ASCII art showing my setup: ,--. ppp0 --eth1eth0--192.168.0.0/24---to LAN switch | wlan0--192.168.5.0/24--- WLAN | tun0--172.16.15.0/24--- VPN |__| | ROUTER: Samba and VPN server machine ROUTER is running Debian Testing and 2.6.30-2-686 kernel. The VPN client mentioned below is a Dell laptop running Ubuntu Karmic. I have setup Samba with a shared folder on the VPN server. I can browse the Samba network from wireless machines fine. But I cannot do so from a wireless machine with a VPN connection, i.e. VPN clients from my WLAN do not see the Samba network (from Gnome Network browsing GUI). This is what I wanted to achieve but it is not working. What am I missing here? I have the following in smb.conf file (wireless clients are not allowed intentinally, the idea is to allow them only via VPN): hosts allow = 127.0.0.1 192.168.0.0/24 172.16.15.0/24 hosts deny = 0.0.0.0/0 Now, at this point, from a machine on wireless LAN, I am able to mount the samba shared folder on ROUTER using sudo smbmount -o user=guest. However, I do not see the share from Gnome's Network GUI tool. On the other hand, if the machine is put on the wired network, and is connected via VPN, the GUI can see the share without any problems. In short, smbmount works from LAN and from VPN, but Gnome Network browsing works only from LAN and not from VPN. What have I missed in the setup? In case this is relevant, when I start samba on the firewall machine ROUTER , I see the following in its log: * Samba name server ROUTER is now a local master browser for workgroup ROUTERSMB on subnet 192.168.0.1 * SNIP * Samba name server ROUTER is now a local master browser for workgroup ROUTERSMB on subnet 192.168.5.1 * Why do only these two networks act as a local browser and why doesn't VPN (172.16.15.0/24) also do so? Thanks in advance. -- Please reply to this list only. I read this list on its corresponding newsgroup on gmane.org. Replies sent to my email address are just filtered to a folder in my mailbox and get periodically deleted without ever having been read. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Microsoft OneNote 2007 painfully slow
On Tue, Jun 8, 2010 at 9:16 AM, Jeremy Allison j...@samba.org wrote: Use smbstatus to find out the process id, then use smbcontrol to set a specific process to a different debuglevel on the fly. That is really cool, thanks for sharing! I could not get the debuging to work with just smb:10, I had to set all the logs to level 10 to get anything, and then the log kept disappearing. I changed the 10M limit in smb.conf to 100M and reloaded smbd, but for some reason, the log would still get wiped and started over again. I can't get a good log, if I watch the size of the log, it's all over the place, I don't know how to get a good log file. I moved the OneNote Notebook to a Windows server and when I launch it, it would take about 6 seconds to load (OneNote does not have the notebook, I browse to the share and open it. When I'm done, I right-click the notebook and close it, otherwise OneNote would open really fast and then sync the notebook in the background). On the Samba share, it consistently takes 2 minutes and 10 seconds. From some of the logs, it looks like the whole smbd process is restarted as it gets all the information about my user (SIDs, groups, etc). I'm still at a loss as to what to do. Thanks, Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-tools
Maybe you should upgrade your smbldap-tools? I am using both 0.9.5-1 and 0.9.6-pre1 and both create the entries you describe in your first post. I used the -a switch only and all the attributes you quote are filled. With the versions I use it is also possible to specify custom LDAP attributes on the command line. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba printing from 64-bit windows server 2008
Some additional information on this problem: I set up wireshark to do a packet trace of the connection attempt. I'm not familiar enough with what the traffic should look like to know whats unusual, but the one thing that jumped out at me towards the end of the conversation was a SPOOLSS OpenPrinterEx request on the network printer, followed by a response with the return code of 5 - Access denied. Aha! I say to myself, must be a permissions problem... but a packet trace of the successful connection from the XP box shows several similar Access denied messages. Maybe its irrelevant, but it seemed worth mentioning. I also upped the debug level on smbd and captured a more detailed log. The Printer handle not found message is still the most relevant-looking thing there; the details around it look like: [2010/06/08 11:35:36, 3] smbd/ipc.c:handle_trans(442) trans \PIPE\ data=44 params=0 setup=2 [2010/06/08 11:35:36, 3] smbd/ipc.c:named_pipe(393) named pipe command on name [2010/06/08 11:35:36, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1231) search for pipe pnum=71df [2010/06/08 11:35:36, 3] smbd/ipc.c:api_fd_reply(351) Got API command 0x26 on pipe spoolss (pnum 71df) [2010/06/08 11:35:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(500) free_pipe_context: destroying talloc pool of size 0 [2010/06/08 11:35:36, 4] rpc_server/srv_pipe.c:api_rpcTNP(2352) api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2010/06/08 11:35:36, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(179) Policy not found: [000] 00 00 00 00 18 00 00 00 00 00 00 00 0E 4C 78 8D .Lx. [010] 28 24 00 00 ($.. [2010/06/08 11:35:36, 2] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(273) find_printer_index_by_hnd: Printer handle not found: Policy not found: [000] 00 00 00 00 18 00 00 00 00 00 00 00 0E 4C 78 8D \ .Lx. [010] 28 24 00 00 ($.. [2010/06/08 11:35:36, 2] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(273) find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OURS:9256:9256) [2010/06/08 11:35:36, 4] rpc_server/srv_pipe.c:api_rpcTNP(2387) api_rpcTNP: bad handle fault return. (I don't want to post a full log or the full packet trace - way too much for a mailing list. If no one recognises the problem from this much then I'll attach full data to a bug report.) Thanks for any suggestions, - rob. On 06/07/2010 03:51 PM, Rob Moser wrote: I have a redhat EL5 samba server hosting a collection of printers and joined to a domain. I can connect to this server and print happily from a 32-bit XP box on the domain, but a 64-bit windows server 2008 box cannot connect, and returns the error 0x06d1. I get the same results with samba 3.0.33 (came with redhat), 3.5.3 (the latest from sernet), and 3.3.12 (this message from the samba-technical archives - http://lists.samba.org/archive/samba-technical/2010-February/069145.html - mentions that at least as of February there were issues with 3.4.x+ and 64-bit OS'.) /var/log/samba/log.smb from the time around the failed connection contains: [2010/06/07 14:45:24, 2] lib/access.c:check_access(406) Allowed connection from :::134.114.138.126 (:::134.114.138.126) [Repeated many times] [2010/06/07 14:45:24, 2] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(273) find_printer_index_by_hnd: Printer handle not found: find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OURS:29459:29459) From the 2008 machine, I can browse the samba server in wexplorer and see the printers, but trying to set up a networked printer generates the error above. Any suggestions? Thanks, - rob. # testparm Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: idmap domains Ignoring unknown parameter idmap domains Processing section [printers] Processing section [print$] Processing section [drivers$] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = NAU-STUDENTS realm = STUDENTS.FROOT.NAU.EDU netbios aliases = dev-acadprtsrv2.ucc.nau.edu server string = Samba Server security = ADS log level = 2 max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 SO_KEEPALIVE printcap name = cups wins server = 134.114.138.35 idmap alloc backend = tdb idmap uid = 1 - 400 idmap gid = 1 - 400 winbind use default domain = Yes idmap alloc config:range = 1 - 400 idmap config FROOT:range = 301 - 400 idmap config FROOT:backend = tdb idmap config FROOT:default = no idmap config
Re: [Samba] Windows 7 Home to Ubuntu 10.4 Samba 3.4.7 Access denied
Quoting Guy Rouillier (guyr-...@burntmail.com): Thank you *very* much. That was the problem. Windows 7 now works with security=user. Ugh. That entry was left over from the initial smb.conf that Samba provided upon install. I left it in case I Hmmm. If Ubuntu default smb.conf includes valid users = %S *in the [global] section*, this is definitely a bug. However, I really wonder how it was introduced as the Debian package only has it in [homes]. So, indeed, I doubt this entry is a leftover from the original genuine install of Ubuntu's samba package. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-tools
is there a current site that is maintaining smbldap-tools? I was able to find 0.9.5, but has the same issue. where is 0.9.6? On Tue, Jun 8, 2010 at 11:37 AM, Miguel Medalha miguelmeda...@sapo.pt wrote: Maybe you should upgrade your smbldap-tools? I am using both 0.9.5-1 and 0.9.6-pre1 and both create the entries you describe in your first post. I used the -a switch only and all the attributes you quote are filled. With the versions I use it is also possible to specify custom LDAP attributes on the command line. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-tools
is there a current site that is maintaining smbldap-tools? https://gna.org/projects/smbldap-tools/ where is 0.9.6? At the maintainer's site: http://www.iallanis.info/ It is currently unavailable but it happened before and it always came back. Maybe it will one again. Search for a package smbldap-tools-0.9.6-pre1.noarch.rpm. If you don't find it I can send it to you by e-mail. If you are on RHEL/CentOS 5.x, the EPEL repository contains specific version 0.9.5.1 packages for that distro: smbldap-tools-0.9.5-1.el5.rf.noarch As I wrote in my post, this version correctly fills the attributes you quoted. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Win7 enum missing in samba 3.5.3
Hello: Reviewing the code in ~include/smb.h file in samba 3.5.3 and the enum for remote_arch_types, I have some questions: 1. Windows 7 is missing there...is there is specific reason for leaving it out? There are references to win7 elsewhere in the code. 2. My client is Win7 but during Negotiation, it is detected as RA_WIN2K! Is that an issue? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] issues with pam_winbind and ability to use old windows password
I'm currently using an implementation of pam_winbind to authenticate users on linux servers via Active Directory. This works as expected apart from an issue whereby after changing a password, a user can login with both their old and their new password. Having done a bit of investigation, it appears that this is a 'feature' from Microsoft as described in http://support.microsoft.com/kb/906305/en-us and http://community.ca.com/blogs/securityadvisor/archive/2007/12/11/microsoft-ntlm-authentication-behavior-allows-using-of-old-passwords.aspx The systems that currently use pam_winbind are a combination of RHEL 4/5 and SLES 10/11 servers with the samba packages that are released with the distro. If anyone is aware of a way to address the issue without having to modify anything on the windows domain controller, it would be greatly appreciated. Thanks, Matt Delves -- - Matthew Delves System Administrator Information Systems Networks Infrastructure University of Ballarat ph: 03 5327 9732 email: m.del...@ballarat.edu.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] pam_winbind and krb5_auth
Hey list, I'm wondering if there is any advantage to be gained by using kerberos with pam_winbind. I've configured pam_winbind and enabled krb5_auth though apart from being granted a ticket, I'm unsure as to any advantage that would be gained by enabling Kerberos. Thanks, Matt Delves -- - Matthew Delves System Administrator Information Systems Networks Infrastructure University of Ballarat ph: 03 5327 9732 email: m.del...@ballarat.edu.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] pam_winbind and krb5_auth
If you configure SSH and NFS, you get passwords logins and mounts. I think mount.smb can use it as well as smbclient. I know that KDE auto logs me into Samba/WIndows file shares without a password just like Windows. If you have Kerberos websites, you can configure your browser to pass tickets and get single-signon. There are quiet a few things you can do. If you have to enter a password, there is usually a way to enable Kerberos for it. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Tue, Jun 8, 2010 at 9:17 PM, Matthew Delves m.del...@ballarat.edu.auwrote: Hey list, I'm wondering if there is any advantage to be gained by using kerberos with pam_winbind. I've configured pam_winbind and enabled krb5_auth though apart from being granted a ticket, I'm unsure as to any advantage that would be gained by enabling Kerberos. Thanks, Matt Delves -- - Matthew Delves System Administrator Information Systems Networks Infrastructure University of Ballarat ph: 03 5327 9732 email: m.del...@ballarat.edu.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] pam_winbind and krb5_auth
On 9/06/2010 at 1:22 pm, Robert LeBlanc rob...@leblancnet.us wrote: If you configure SSH and NFS, you get passwords logins and mounts. I think mount.smb can use it as well as smbclient. I know that KDE auto logs me into Samba/WIndows file shares without a password just like Windows. If you have Kerberos websites, you can configure your browser to pass tickets and get single-signon. There are quiet a few things you can do. If you have to enter a password, there is usually a way to enable Kerberos for it. Thanks for that explanation. That's more when using Linux as a workstation. I'm using Linux as a server and am wanting to use Kerberos authentication as a way of achieving SSO. Currently I have the linux server setup so that it retrieves a kerberos ticket when a user logs in via ssh, though when I tell PuTTY to authenticate using kerberos, it still asks for a password. Is there a way to track down just what is going on there? Thanks, Matt Delves. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] pam_winbind and krb5_auth
On Tue, Jun 8, 2010 at 10:48 PM, Matthew Delves m.del...@ballarat.edu.auwrote: On 9/06/2010 at 1:22 pm, Robert LeBlanc rob...@leblancnet.us wrote: If you configure SSH and NFS, you get passwords logins and mounts. I think mount.smb can use it as well as smbclient. I know that KDE auto logs me into Samba/WIndows file shares without a password just like Windows. If you have Kerberos websites, you can configure your browser to pass tickets and get single-signon. There are quiet a few things you can do. If you have to enter a password, there is usually a way to enable Kerberos for it. Thanks for that explanation. That's more when using Linux as a workstation. I'm using Linux as a server and am wanting to use Kerberos authentication as a way of achieving SSO. Currently I have the linux server setup so that it retrieves a kerberos ticket when a user logs in via ssh, though when I tell PuTTY to authenticate using kerberos, it still asks for a password. Is there a way to track down just what is going on there? It took me a long time to get Kerberos SSH working. My best friends were ssh - and running sshd in debug mode. It will take a while, but the passwordless login is very nice. I was able to do if from Mac and Linux, I think I got Putty working on one Window's machine, but it required a special version of Putty from what I remember. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Tue Jun 8 06:00:01 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-06-07 00:00:03.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-06-08 00:00:03.0 -0600 @@ -1,10 +1,10 @@ -Build status as of Mon Jun 7 06:00:01 2010 +Build status as of Tue Jun 8 06:00:01 2010 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 30 1 0 -ldb 30 16 0 +ccache 30 2 0 +ldb 30 17 0 libreplace 30 11 0 lorikeet 0 0 0 pidl 19 19 0 @@ -16,7 +16,7 @@ samba_3_master 28 28 0 samba_3_next 28 28 6 samba_4_0_test 30 30 0 -samba_4_0_waf 30 29 7 +samba_4_0_waf 30 29 0 talloc 30 12 0 tdb 28 17 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 984fec2... s3-waf: fix the the waf build. from 096a3d3... Make aio_ex owned by a talloc context, not neccessarily on the null context. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 984fec252af70ef54461ca84a6afedb97ff81dec Author: Günther Deschner g...@samba.org Date: Tue Jun 8 10:56:41 2010 +0200 s3-waf: fix the the waf build. Guenther --- Summary of changes: source3/wscript_build |5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/wscript_build b/source3/wscript_build index c0e102c..6206d2f 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -398,7 +398,7 @@ RPC_EVENTLOG_SRC = '''rpc_server/srv_eventlog_nt.c NPA_TSTREAM_SRC = '''../libcli/named_pipe_auth/npa_tstream.c''' RPC_NCACN_NP_INTERNAL = '''rpc_server/srv_pipe_register.c rpc_server/rpc_ncacn_np_internal.c -rpc_server/srv_lsa_hnd.c''' +rpc_server/rpc_handles.c''' RPC_PIPE_SRC = '''rpc_server/srv_pipe_hnd.c rpc_server/srv_pipe.c ${RPC_NCACN_NP_INTERNAL}''' @@ -647,6 +647,7 @@ WINBINDD_SRC1 = '''winbindd/winbindd.c auth/server_info.c auth/server_info_sam.c auth/user_info.c + auth/user_util.c rpc_server/srv_samr_chgpasswd.c ../nsswitch/libwbclient/wb_reqtrans.c''' @@ -672,7 +673,7 @@ SMBD_SRC_MAIN = '''smbd/server.c smbd/server_exit.c''' BUILDOPT_SRC = '''smbd/build_options.c''' SMBD_SRC_SRV = '''smbd/server_reload.c smbd/files.c smbd/connection.c - smbd/utmp.c smbd/session.c smbd/map_username.c + smbd/utmp.c smbd/session.c smbd/dfree.c smbd/dir.c smbd/password.c smbd/conn.c smbd/share_access.c smbd/fileio.c smbd/ipc.c smbd/lanman.c smbd/negprot.c -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7a7f28d... Revert s3:smbd Fix segfault if register_existing_vuid() fails via 3e50215... Revert s3:smbd Give the kerberos session key a parent via 34b29b1... Revert s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS from 984fec2... s3-waf: fix the the waf build. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7a7f28d96dd80d3ce175b0caee0c2169de7b810b Author: Volker Lendecke v...@samba.org Date: Tue Jun 8 10:26:43 2010 +0200 Revert s3:smbd Fix segfault if register_existing_vuid() fails This reverts commit 8f1cec5faf4e26de8b979059e99f2a66558b. commit 3e502159c751d85c09df4e74a63c95738fad2d7d Author: Volker Lendecke v...@samba.org Date: Tue Jun 8 10:26:35 2010 +0200 Revert s3:smbd Give the kerberos session key a parent This reverts commit 4a7f45b7e1cef13bc28d7ee50dd4b5519bdec397. commit 34b29b11986095531488cd0139ecec6dd22e55d3 Author: Volker Lendecke v...@samba.org Date: Tue Jun 8 10:26:08 2010 +0200 Revert s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS This reverts commit edba46ce94c335411ab337eeb4ef6f88fb3aae80. Conflicts: source3/auth/auth_ntlmssp.c --- Summary of changes: source3/auth/auth_ntlmssp.c | 10 -- source3/include/proto.h |5 ++--- source3/rpc_server/srv_pipe.c |7 +++ source3/smbd/sesssetup.c | 20 +--- source3/smbd/smb2_sesssetup.c |7 +++ 5 files changed, 17 insertions(+), 32 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 7184fa6..df4666a 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -84,9 +84,8 @@ void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state) } -NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, - struct auth_ntlmssp_state *auth_ntlmssp_state, - struct auth_serversupplied_info **_server_info) +struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, + struct auth_ntlmssp_state *auth_ntlmssp_state) { struct auth_serversupplied_info *server_info = auth_ntlmssp_state-server_info; data_blob_free(server_info-user_session_key); @@ -96,11 +95,10 @@ NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, auth_ntlmssp_state-ntlmssp_state-session_key.data, auth_ntlmssp_state-ntlmssp_state-session_key.length); if (auth_ntlmssp_state-ntlmssp_state-session_key.length !server_info-user_session_key.data) { - return NT_STATUS_NO_MEMORY; + return NULL; } auth_ntlmssp_state-server_info = NULL; - *_server_info = talloc_steal(mem_ctx, server_info); - return NT_STATUS_OK; + return talloc_steal(mem_ctx, server_info); } struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state) diff --git a/source3/include/proto.h b/source3/include/proto.h index 2f68f0e..f0538ee 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -54,9 +54,8 @@ NTSTATUS auth_netlogond_init(void); /* The following definitions come from auth/auth_ntlmssp.c */ -NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, - struct auth_ntlmssp_state *auth_ntlmssp_state, - struct auth_serversupplied_info **_server_info); +struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, + struct auth_ntlmssp_state *auth_ntlmssp_state); struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state); const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *auth_ntlmssp_state); const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_state); diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 4678aeb..d1f9823 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -713,10 +713,9 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) TALLOC_FREE(p-server_info); - status = auth_ntlmssp_server_info(p, a, p-server_info); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, (auth_ntlmssp_server_info failed to obtain the server info for authenticated user: %s\n, - nt_errstr(status))); + p-server_info = auth_ntlmssp_server_info(p, a); + if (p-server_info == NULL) { + DEBUG(0, (auth_ntlmssp_server_info failed to obtain the
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 575b101... s3-netdomjoin-gui: Fix Bug #7500. Fix 'not a string literal' warning in netdomjoin-gui. from 7a7f28d... Revert s3:smbd Fix segfault if register_existing_vuid() fails http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 575b1018c65312e9eab562cf4851524cf2f8f24a Author: Günther Deschner g...@samba.org Date: Tue Jun 8 11:25:00 2010 +0200 s3-netdomjoin-gui: Fix Bug #7500. Fix 'not a string literal' warning in netdomjoin-gui. Patch from Buchan Milne bgmi...@mandriva.org. Thanks! Guenther --- Summary of changes: .../examples/netdomjoin-gui/netdomjoin-gui.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c b/source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c index c482113..50c22d9 100644 --- a/source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c +++ b/source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c @@ -520,7 +520,7 @@ static void callback_do_hostname_change(GtkWidget *widget, GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE, - str); + %s,str); gtk_window_set_modal(GTK_WINDOW(dialog), TRUE); gtk_window_set_transient_for(GTK_WINDOW(dialog), GTK_WINDOW(state-window_main)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via aeacb02... s3-selftest: disable domain creds smbclient_s3 tests for now. from 575b101... s3-netdomjoin-gui: Fix Bug #7500. Fix 'not a string literal' warning in netdomjoin-gui. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit aeacb023b966dfe2943a5fa799a7b1bc4df4181c Author: Günther Deschner g...@samba.org Date: Tue Jun 8 14:34:20 2010 +0200 s3-selftest: disable domain creds smbclient_s3 tests for now. Not sure they were ever working before. With this patch, make selftest is down to 4 failures from 259 tests. (two times LOCK9 from s3 smbtorture, one spoolss notify test and samba3.posix_s3.unix.info2). Guenther --- Summary of changes: source3/selftest/tests.sh |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/selftest/tests.sh b/source3/selftest/tests.sh index 7bd7639..d2af4b2 100755 --- a/source3/selftest/tests.sh +++ b/source3/selftest/tests.sh @@ -133,11 +133,11 @@ export PASSWORD # plain plantest blackbox.smbclient_s3.plain dc BINDIR=$BINDIR script/tests/test_smbclient_s3.sh \$SERVER \$SERVER_IP \$USERNAME \$PASSWORD \$USERID \$LOCAL_PATH plantest blackbox.smbclient_s3.plain member creds member BINDIR=$BINDIR script/tests/test_smbclient_s3.sh \$SERVER \$SERVER_IP \$SERVER\$USERNAME \$PASSWORD \$USERID \$LOCAL_PATH -plantest blackbox.smbclient_s3.plain domain creds member BINDIR=$BINDIR script/tests/test_smbclient_s3.sh \$SERVER \$SERVER_IP \$DOMAIN\$DC_USERNAME \$DC_PASSWORD \$USERID \$LOCAL_PATH +#plantest blackbox.smbclient_s3.plain domain creds member BINDIR=$BINDIR script/tests/test_smbclient_s3.sh \$SERVER \$SERVER_IP \$DOMAIN\$DC_USERNAME \$DC_PASSWORD \$USERID \$LOCAL_PATH # sign, only the member server allows signing plantest blackbox.smbclient_s3.sign member creds member BINDIR=$BINDIR script/tests/test_smbclient_s3.sh \$SERVER \$SERVER_IP \$SERVER\$USERNAME \$PASSWORD \$USERID \$LOCAL_PATH --signing=required -plantest blackbox.smbclient_s3.sign domain creds member BINDIR=$BINDIR script/tests/test_smbclient_s3.sh \$SERVER \$SERVER_IP \$DOMAIN\$DC_USERNAME \$DC_PASSWORD \$USERID \$LOCAL_PATH --signing=required +#plantest blackbox.smbclient_s3.sign domain creds member BINDIR=$BINDIR script/tests/test_smbclient_s3.sh \$SERVER \$SERVER_IP \$DOMAIN\$DC_USERNAME \$DC_PASSWORD \$USERID \$LOCAL_PATH --signing=required # encrypted plantest blackbox.smbclient_s3.crypt dc BINDIR=$BINDIR script/tests/test_smbclient_s3.sh \$SERVER \$SERVER_IP \$USERNAME \$PASSWORD \$USERID \$LOCAL_PATH -e -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fd9e02d... Fix for bug 7501 - SMB2: CREATE request replies getting mangled. from aeacb02... s3-selftest: disable domain creds smbclient_s3 tests for now. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fd9e02d5f3a2d98fe14b10b52c4ca3e654a6bd3e Author: Ira Cooper sa...@ira.wakeful.net Date: Tue Jun 8 11:20:23 2010 -0700 Fix for bug 7501 - SMB2: CREATE request replies getting mangled. Code for dup_smb2_req() was duplicating the wrong vector (i, instead of i+2) when returning a non-minimal SMB2 response. --- Summary of changes: source3/smbd/smb2_server.c |4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index df25570..009cc77 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -551,9 +551,7 @@ static struct smbd_smb2_request *dup_smb2_req(const struct smbd_smb2_request *re outvec[i+2].iov_base = ((uint8_t *)outvec[i].iov_base) + (OUTVEC_ALLOC_SIZE - 1); outvec[i+2].iov_len = 1; - } else if (!dup_smb2_vec(outvec, - req-out.vector, - i)) { + } else if (!dup_smb2_vec(outvec, req-out.vector, i+2)) { break; } } -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.0.114-148-g18168da
The branch, master has been updated via 18168da84a6aa8d69465e43402444c7ec979604a (commit) via ae5b89dca00ca080c70868430fa54ba07bd6f5f4 (commit) via 2638dbae7bf1a35ed37802e35e179e435a5d622a (commit) via 3f939956ddd693cba6ea5c655288f4f5ca95f768 (commit) via a6fed3f577c7ec51df38ed15ecb9db6ea2ae7c8f (commit) via dc081d40051b9204bb38e4de7dfe8d78656593d0 (commit) from b977901a49a9fed45cc8a2fe880eb749f58278f6 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 18168da84a6aa8d69465e43402444c7ec979604a Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Jun 9 09:17:35 2010 +1000 Some ctdb ... commands can be run without having the main daemon running. In that case, when the main daemon is not running the ctdb context will be initialized to NULL, since we can not connect. Move the calls to read the ctdb socketname and connecting via libctdb to only happen when we are executing a ctdb ... command that requires that we talk to the actual daemon. Otherwise we will get an ugly SEGV for the ctdb ... commandline tool when trying to run a command that is supposed to work also when the daemon is down. commit ae5b89dca00ca080c70868430fa54ba07bd6f5f4 Author: Rusty Russell ru...@rustcorp.com.au Date: Tue Jun 8 18:09:42 2010 +0930 libctdb: connect TDB logging to our logging A simple connector function, made a bit more complex because TDB adds a '\n' and we don't. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 2638dbae7bf1a35ed37802e35e179e435a5d622a Author: Rusty Russell ru...@rustcorp.com.au Date: Tue Jun 8 18:10:36 2010 +0930 libctdb: always check header hasn't changed on local tdb The code on which this is based could alter the header: a normal client can't. If we use this differently later we can change this. For the moment it's a nice extra check. We optimize out the record write altogether when the record hasn't changed, rather than just suppressing the seqnum update. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 3f939956ddd693cba6ea5c655288f4f5ca95f768 Author: Rusty Russell ru...@rustcorp.com.au Date: Tue Jun 8 17:11:40 2010 +0930 libctdb: more bool conversion, and accompany lock by ctdb_db in API I missed some int-bool conversions previously, particularly the return of ctdb_writerecord(). By always handing functions ctdb_connection or ctdb_db, we keep it consistent with the rest of the API and can do extra lock consistency checks. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit a6fed3f577c7ec51df38ed15ecb9db6ea2ae7c8f Author: Rusty Russell ru...@rustcorp.com.au Date: Tue Jun 8 16:53:17 2010 +0930 libctdb: clarify logging levels Now we have more messages, it seems to make sense to document their usage and make them consistent. In particular, LOG_CRIT for internal libctdb problems, LOG_ALERT for API misuse. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit dc081d40051b9204bb38e4de7dfe8d78656593d0 Author: Rusty Russell ru...@rustcorp.com.au Date: Tue Jun 8 16:52:23 2010 +0930 libctdb: use magic to detect free/invalid locks Rather than using a binary, we use a magic value for locking. We also split out the dont have the lock yet from the do have the lock paths for clarity and extra checking. This should detect a superset of the previous case, even if they free (and reuse) the lock memory. Signed-off-by: Rusty Russell ru...@rustcorp.com.au --- Summary of changes: include/ctdb.h| 34 +--- libctdb/ctdb.c| 130 +--- libctdb/libctdb_private.h | 13 - libctdb/local_tdb.c | 55 +++ libctdb/logging.c | 52 ++ libctdb/messages.c|2 +- libctdb/sync.c|2 +- libctdb/tst.c |8 ++- tools/ctdb.c | 21 9 files changed, 222 insertions(+), 95 deletions(-) Changeset truncated at 500 lines: diff --git a/include/ctdb.h b/include/ctdb.h index 0dc5da7..e4aff86 100644 --- a/include/ctdb.h +++ b/include/ctdb.h @@ -46,6 +46,23 @@ * programs; these can be found in the section marked Synchronous API. */ +/** + * ctdb_log_fn_t - logging function for ctdbd + * @log_priv: private (typesafe) arg via ctdb_connect + * @severity: syslog-style severity + * @format: printf-style format string. + * @ap: arguments for formatting. + * + * The severity passed to log() are as per syslog(3). In particular, + * LOG_DEBUG is used for tracing, LOG_WARNING is used for unusual + * conditions which don't necessarily return an error
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0c5d0e1... Second part of fix for 7501 - SMB2: CREATE request replies getting mangled. from fd9e02d... Fix for bug 7501 - SMB2: CREATE request replies getting mangled. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0c5d0e1c37daf5b802e990bde8469934ae33f6cc Author: Jeremy Allison j...@samba.org Date: Tue Jun 8 17:44:05 2010 -0700 Second part of fix for 7501 - SMB2: CREATE request replies getting mangled. Based on code from Ira Cooper sa...@ira.wakeful.net, and also advice on refactoring the patch into a function call. outbuf vectors can be reallocated by smb2 processing code, so when returning interim responses we must not make assumptions about vector size. Jeremy --- Summary of changes: source3/smbd/smb2_server.c | 134 ++-- 1 files changed, 67 insertions(+), 67 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 009cc77..d7be0de 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -476,23 +476,71 @@ void smbd_server_connection_terminate_ex(struct smbd_server_connection *sconn, exit_server_cleanly(reason); } -static bool dup_smb2_vec(struct iovec *dstvec, - const struct iovec *srcvec, - int offset) +static bool dup_smb2_vec3(TALLOC_CTX *ctx, + struct iovec *outvec, + const struct iovec *srcvec) { + /* vec[0] is always boilerplate and must +* be allocated with size OUTVEC_ALLOC_SIZE. */ - if (srcvec[offset].iov_len - srcvec[offset].iov_base) { - dstvec[offset].iov_base = talloc_memdup(dstvec, - srcvec[offset].iov_base, - srcvec[offset].iov_len); - if (!dstvec[offset].iov_base) { + outvec[0].iov_base = talloc_memdup(ctx, + srcvec[0].iov_base, + OUTVEC_ALLOC_SIZE); + if (!outvec[0].iov_base) { + return false; + } + outvec[0].iov_len = SMB2_HDR_BODY; + + /* +* If this is a standard vec[1] of length 8, +* pointing to srcvec[0].iov_base + SMB2_HDR_BODY, +* then duplicate this. Else use talloc_memdup(). +*/ + + if (srcvec[1].iov_len == 8 + srcvec[1].iov_base == + ((uint8_t *)srcvec[0].iov_base) + + SMB2_HDR_BODY) { + outvec[1].iov_base = ((uint8_t *)outvec[1].iov_base) + + SMB2_HDR_BODY; + outvec[1].iov_len = 8; + } else { + outvec[1].iov_base = talloc_memdup(ctx, + srcvec[1].iov_base, + srcvec[1].iov_len); + if (!outvec[1].iov_base) { return false; } - dstvec[offset].iov_len = srcvec[offset].iov_len; + outvec[1].iov_len = srcvec[1].iov_len; + } + + /* +* If this is a standard vec[2] of length 1, +* pointing to srcvec[0].iov_base + (OUTVEC_ALLOC_SIZE - 1) +* then duplicate this. Else use talloc_memdup(). +*/ + + if (srcvec[2].iov_base + srcvec[2].iov_len) { + if (srcvec[2].iov_base == + ((uint8_t *)srcvec[0].iov_base) + + (OUTVEC_ALLOC_SIZE - 1) + srcvec[2].iov_len == 1) { + /* Common SMB2 error packet case. */ + outvec[2].iov_base = ((uint8_t *)outvec[0].iov_base) + + (OUTVEC_ALLOC_SIZE - 1); + } else { + outvec[2].iov_base = talloc_memdup(ctx, + srcvec[2].iov_base, + srcvec[2].iov_len); + if (!outvec[2].iov_base) { + return false; + } + } + outvec[2].iov_len = srcvec[2].iov_len; } else { - dstvec[offset].iov_base = NULL; - dstvec[offset].iov_len = 0; + outvec[2].iov_base = NULL; + outvec[2].iov_len = 0; } return true; } @@ -528,30 +576,9 @@ static struct smbd_smb2_request *dup_smb2_req(const struct smbd_smb2_request *re outvec[0].iov_len = 4; memcpy(newreq-out.nbt_hdr, req-out.nbt_hdr, 4); + /* Setup the vectors identically to the ones in req. */
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 34a8324... Fix a valgrind error found by SMB2-COMPOUND test. from 0c5d0e1... Second part of fix for 7501 - SMB2: CREATE request replies getting mangled. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 34a8324409961c4837e83c714fb1a285f238312d Author: Jeremy Allison j...@samba.org Date: Tue Jun 8 21:20:07 2010 -0700 Fix a valgrind error found by SMB2-COMPOUND test. If a file is closed we must also NULL out all chained_fsp pointers when the fsp is freed to prevent invalid pointer access. Jeremy. --- Summary of changes: source3/smbd/files.c |8 source3/smbd/globals.h |3 +++ source3/smbd/smb2_glue.c | 20 3 files changed, 31 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/files.c b/source3/smbd/files.c index 43956e3..7ad5ce3 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -503,6 +503,14 @@ void file_free(struct smb_request *req, files_struct *fsp) req-chain_fsp = NULL; } + /* +* Clear all possible chained fsp +* pointers in the SMB2 request queue. +*/ + if (req != NULL req-smb2req) { + remove_smb2_chained_fsp(fsp); + } + /* Closing a file can invalidate the positive cache. */ if (fsp == fsp_fi_cache.fsp) { ZERO_STRUCT(fsp_fi_cache); diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 9df2554..3533d60 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -277,6 +277,7 @@ NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req); NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req); struct smb_request *smbd_smb2_fake_smb_request(struct smbd_smb2_request *req); +void remove_smb2_chained_fsp(files_struct *fsp); NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req); NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *req); @@ -353,6 +354,8 @@ struct smbd_smb2_request { bool async; bool cancelled; + /* fake smb1 request. */ + struct smb_request *smb1req; struct files_struct *compat_chain_fsp; NTSTATUS next_status; diff --git a/source3/smbd/smb2_glue.c b/source3/smbd/smb2_glue.c index d6252ef..8b595af 100644 --- a/source3/smbd/smb2_glue.c +++ b/source3/smbd/smb2_glue.c @@ -49,6 +49,26 @@ struct smb_request *smbd_smb2_fake_smb_request(struct smbd_smb2_request *req) smbreq-mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID); smbreq-chain_fsp = req-compat_chain_fsp; smbreq-smb2req = req; + req-smb1req = smbreq; return smbreq; } + +/* + Called from file_free() to remove any chained fsp pointers. +*/ + +void remove_smb2_chained_fsp(files_struct *fsp) +{ + struct smbd_server_connection *sconn = smbd_server_conn; + struct smbd_smb2_request *smb2req; + + for (smb2req = sconn-smb2.requests; smb2req; smb2req = smb2req-next) { + if (smb2req-compat_chain_fsp == fsp) { + smb2req-compat_chain_fsp = NULL; + } + if (smb2req-smb1req smb2req-smb1req-chain_fsp == fsp) { + smb2req-smb1req-chain_fsp = NULL; + } + } +} -- Samba Shared Repository
[SCM] CTDB repository - branch 1.0.112 updated - ctdb-1.0.111-99-g615801f
The branch, 1.0.112 has been updated via 615801f246ed6c9e6cf402b8647ac65b667ba802 (commit) via fe5b91161c236385ddafe67291fd6f27cd5887c2 (commit) via 89205049bfc3368fae1c7100db19dbd77327a1d5 (commit) via 2d3cc33576d5e0b62fddbc644bbe125564473edc (commit) from 9a38f9598e6f81fe25347487b51b62703a41922f (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=1.0.112 - Log - commit 615801f246ed6c9e6cf402b8647ac65b667ba802 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Jun 9 14:31:05 2010 +1000 add extra logging for failed ctdb_ltdb_unlock() for a few more places it is called from commit fe5b91161c236385ddafe67291fd6f27cd5887c2 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Jun 9 14:17:35 2010 +1000 add additional logging when tdb_chainunlock() fails so we can see where it was called from when it fails commit 89205049bfc3368fae1c7100db19dbd77327a1d5 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Jun 9 13:54:10 2010 +1000 print the db name qwhen a chainunlock fails too commit 2d3cc33576d5e0b62fddbc644bbe125564473edc Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Jun 9 13:52:22 2010 +1000 when tdb_chainunlock() fails, print the tdb error that occured --- Summary of changes: common/ctdb_ltdb.c|2 +- server/ctdb_call.c| 47 +--- server/ctdb_daemon.c | 17 +-- server/ctdb_ltdb_server.c |6 - 4 files changed, 59 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/common/ctdb_ltdb.c b/common/ctdb_ltdb.c index d35b690..6ce5c90 100644 --- a/common/ctdb_ltdb.c +++ b/common/ctdb_ltdb.c @@ -191,7 +191,7 @@ int ctdb_ltdb_unlock(struct ctdb_db_context *ctdb_db, TDB_DATA key) { int ret = tdb_chainunlock(ctdb_db-ltdb-tdb, key); if (ret != 0) { - DEBUG(DEBUG_ERR,(__location__ tdb_chainunlock failed on database %s\n, ctdb_db-db_name)); + DEBUG(DEBUG_ERR,(tdb_chainunlock failed on db %s [%s]\n, ctdb_db-db_name, tdb_errorstr(ctdb_db-ltdb-tdb))); } return ret; } diff --git a/server/ctdb_call.c b/server/ctdb_call.c index 6ad9305..dc6dc95 100644 --- a/server/ctdb_call.c +++ b/server/ctdb_call.c @@ -245,6 +245,7 @@ static void ctdb_become_dmaster(struct ctdb_db_context *ctdb_db, struct ctdb_call_state *state; struct ctdb_context *ctdb = ctdb_db-ctdb; struct ctdb_ltdb_header header; + int ret; DEBUG(DEBUG_DEBUG,(pnn %u dmaster response %08x\n, ctdb-pnn, ctdb_hash(key))); @@ -254,7 +255,11 @@ static void ctdb_become_dmaster(struct ctdb_db_context *ctdb_db, if (ctdb_ltdb_store(ctdb_db, key, header, data) != 0) { ctdb_fatal(ctdb, ctdb_reply_dmaster store failed\n); - ctdb_ltdb_unlock(ctdb_db, key); + + ret = ctdb_ltdb_unlock(ctdb_db, key); + if (ret != 0) { + DEBUG(DEBUG_ERR,(__location__ ctdb_ltdb_unlock() failed with error %d\n, ret)); + } return; } @@ -263,20 +268,31 @@ static void ctdb_become_dmaster(struct ctdb_db_context *ctdb_db, if (state == NULL) { DEBUG(DEBUG_ERR,(pnn %u Invalid reqid %u in ctdb_become_dmaster from node %u\n, ctdb-pnn, hdr-reqid, hdr-srcnode)); - ctdb_ltdb_unlock(ctdb_db, key); + + ret = ctdb_ltdb_unlock(ctdb_db, key); + if (ret != 0) { + DEBUG(DEBUG_ERR,(__location__ ctdb_ltdb_unlock() failed with error %d\n, ret)); + } return; } if (hdr-reqid != state-reqid) { /* we found a record but it was the wrong one */ DEBUG(DEBUG_ERR, (Dropped orphan in ctdb_become_dmaster with reqid:%u\n from node %u, hdr-reqid, hdr-srcnode)); - ctdb_ltdb_unlock(ctdb_db, key); + + ret = ctdb_ltdb_unlock(ctdb_db, key); + if (ret != 0) { + DEBUG(DEBUG_ERR,(__location__ ctdb_ltdb_unlock() failed with error %d\n, ret)); + } return; } ctdb_call_local(ctdb_db, state-call, header, state, data, ctdb-pnn); - ctdb_ltdb_unlock(ctdb_db, state-call-key); + ret = ctdb_ltdb_unlock(ctdb_db, key); + if (ret != 0) { + DEBUG(DEBUG_ERR,(__location__ ctdb_ltdb_unlock() failed with error %d\n, ret)); + } state-state = CTDB_CALL_DONE; if (state-async.fn) { @@ -364,7 +380,11 @@ void ctdb_request_dmaster(struct ctdb_context *ctdb, struct ctdb_req_header *hdr ctdb_become_dmaster(ctdb_db, hdr, key, data, c-rsn); } else {
[SCM] CTDB repository - branch master updated - ctdb-1.0.114-152-g5c0fea9
The branch, master has been updated via 5c0fea90c6474a51992a9c4aeb6af7dfeb213ee0 (commit) via 0c091b3db6bdefd371787d87bc749593ea8e3c76 (commit) via 7932156d7f25870e6937faca08bf75d3cdbad2e5 (commit) via dcdd2010905b9007fbf7ab71f576cfbd48acce8a (commit) from 18168da84a6aa8d69465e43402444c7ec979604a (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 5c0fea90c6474a51992a9c4aeb6af7dfeb213ee0 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Jun 9 14:31:05 2010 +1000 add extra logging for failed ctdb_ltdb_unlock() for a few more places it is called from commit 0c091b3db6bdefd371787d87bc749593ea8e3c76 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Jun 9 14:17:35 2010 +1000 add additional logging when tdb_chainunlock() fails so we can see where it was called from when it fails commit 7932156d7f25870e6937faca08bf75d3cdbad2e5 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Jun 9 13:54:10 2010 +1000 print the db name qwhen a chainunlock fails too commit dcdd2010905b9007fbf7ab71f576cfbd48acce8a Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Jun 9 13:52:22 2010 +1000 when tdb_chainunlock() fails, print the tdb error that occured --- Summary of changes: common/ctdb_ltdb.c|2 +- server/ctdb_call.c| 47 +--- server/ctdb_daemon.c | 17 +-- server/ctdb_ltdb_server.c |6 - 4 files changed, 59 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/common/ctdb_ltdb.c b/common/ctdb_ltdb.c index d35b690..6ce5c90 100644 --- a/common/ctdb_ltdb.c +++ b/common/ctdb_ltdb.c @@ -191,7 +191,7 @@ int ctdb_ltdb_unlock(struct ctdb_db_context *ctdb_db, TDB_DATA key) { int ret = tdb_chainunlock(ctdb_db-ltdb-tdb, key); if (ret != 0) { - DEBUG(DEBUG_ERR,(__location__ tdb_chainunlock failed on database %s\n, ctdb_db-db_name)); + DEBUG(DEBUG_ERR,(tdb_chainunlock failed on db %s [%s]\n, ctdb_db-db_name, tdb_errorstr(ctdb_db-ltdb-tdb))); } return ret; } diff --git a/server/ctdb_call.c b/server/ctdb_call.c index e07b98c..6ef73fe 100644 --- a/server/ctdb_call.c +++ b/server/ctdb_call.c @@ -245,6 +245,7 @@ static void ctdb_become_dmaster(struct ctdb_db_context *ctdb_db, struct ctdb_call_state *state; struct ctdb_context *ctdb = ctdb_db-ctdb; struct ctdb_ltdb_header header; + int ret; DEBUG(DEBUG_DEBUG,(pnn %u dmaster response %08x\n, ctdb-pnn, ctdb_hash(key))); @@ -254,7 +255,11 @@ static void ctdb_become_dmaster(struct ctdb_db_context *ctdb_db, if (ctdb_ltdb_store(ctdb_db, key, header, data) != 0) { ctdb_fatal(ctdb, ctdb_reply_dmaster store failed\n); - ctdb_ltdb_unlock(ctdb_db, key); + + ret = ctdb_ltdb_unlock(ctdb_db, key); + if (ret != 0) { + DEBUG(DEBUG_ERR,(__location__ ctdb_ltdb_unlock() failed with error %d\n, ret)); + } return; } @@ -263,20 +268,31 @@ static void ctdb_become_dmaster(struct ctdb_db_context *ctdb_db, if (state == NULL) { DEBUG(DEBUG_ERR,(pnn %u Invalid reqid %u in ctdb_become_dmaster from node %u\n, ctdb-pnn, hdr-reqid, hdr-srcnode)); - ctdb_ltdb_unlock(ctdb_db, key); + + ret = ctdb_ltdb_unlock(ctdb_db, key); + if (ret != 0) { + DEBUG(DEBUG_ERR,(__location__ ctdb_ltdb_unlock() failed with error %d\n, ret)); + } return; } if (hdr-reqid != state-reqid) { /* we found a record but it was the wrong one */ DEBUG(DEBUG_ERR, (Dropped orphan in ctdb_become_dmaster with reqid:%u\n from node %u, hdr-reqid, hdr-srcnode)); - ctdb_ltdb_unlock(ctdb_db, key); + + ret = ctdb_ltdb_unlock(ctdb_db, key); + if (ret != 0) { + DEBUG(DEBUG_ERR,(__location__ ctdb_ltdb_unlock() failed with error %d\n, ret)); + } return; } ctdb_call_local(ctdb_db, state-call, header, state, data, ctdb-pnn); - ctdb_ltdb_unlock(ctdb_db, state-call-key); + ret = ctdb_ltdb_unlock(ctdb_db, key); + if (ret != 0) { + DEBUG(DEBUG_ERR,(__location__ ctdb_ltdb_unlock() failed with error %d\n, ret)); + } state-state = CTDB_CALL_DONE; if (state-async.fn) { @@ -364,7 +380,11 @@ void ctdb_request_dmaster(struct ctdb_context *ctdb, struct ctdb_req_header *hdr ctdb_become_dmaster(ctdb_db, hdr, key, data, c-rsn); } else {
[SCM] CTDB repository - branch master updated - ctdb-1.0.114-153-g9b4a83e
The branch, master has been updated via 9b4a83e49c5df80df8498b7384c5f53f390c1d9d (commit) from 5c0fea90c6474a51992a9c4aeb6af7dfeb213ee0 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 9b4a83e49c5df80df8498b7384c5f53f390c1d9d Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Jun 9 15:12:26 2010 +1000 We can not be holding a chainlock at this stage, so the tdb_chainunlock() call is bogus ( a child process might be holding the lock, but not the main daemon) --- Summary of changes: server/ctdb_ltdb_server.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_ltdb_server.c b/server/ctdb_ltdb_server.c index 1ce7283..03c62ac 100644 --- a/server/ctdb_ltdb_server.c +++ b/server/ctdb_ltdb_server.c @@ -141,7 +141,6 @@ int ctdb_ltdb_lock_requeue(struct ctdb_db_context *ctdb_db, /* now the contended path */ h = ctdb_lockwait(ctdb_db, key, lock_fetch_callback, state); if (h == NULL) { - tdb_chainunlock(tdb, key); return -1; } -- CTDB repository