[Samba] WG: Samba PDC and big files
Hello, If I understand it right you want to have the same Outlook profile for the users no matter on which workstation they login? The first thing all user must have the same Version of Outlook! And use an IMAP SERVER Then you must work with prf files for outlook for eauch user in your netlogon path of samba I am working with kixstart. On sigining in each user get his pref file. You can download files from Microsoft. Snipp of a prf-file outlook 2003, see section Account1 for settings. Example, see Service1 for the path of outlook.pst on my samba: PathToPersonalFolders=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pst ;Automatically generated PRF file from the Microsoft Office Customization and Installation Wizard ; ** ; Section 1 - Profile Defaults ; ** [General] Custom=1 ProfileName=test DefaultProfile=Yes OverwriteProfile=Yes ModifyDefaultProfileIfPresent=FALSE ;DefaultStore=Service1 ; ** ; Section 2 - Services in Profile ; ** [Service List] ;ServiceX=Microsoft Outlook Client Service1=Personal Folders ;Service2=Unicode Personal Folders Service2=Outlook Address Book Service3=Personal Address Book ;*** ; Section 3 - List of internet accounts ;*** [Internet Account List] ;Account1=I_Mail Account1=IMAP_I_Mail ;Account3=INET_HTTP ;*** ; Section 4 - Default values for each service. ;*** [Service1] UniqueService=No Name=Mein persönlicher Ordner PathToPersonalFolders=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pst EncryptionType=0x8000 ;[Service2] ;UniqueService=No ;Name=Another Personal Folder ;PathToPersonalFolders=%USERPROFILE%\local settings\application data\microsoft\outlook\o23utlook.pst ;EncryptionType=0x4000 [Service2] [Service3] NameOfPAB=Persönliches Adress Buch Path=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pab ShowNamesBy=0 ;*** ; Section 5 - Values for each internet account. ;*** ;[Account1] ;UniqueService=No ;AccountName=Outlook Tips POP3 ;POP3Server=mail.outlook-tips.net ;SMTPServer=mail.outlook-tips.net ;POP3UserName=outlookt ;emailaddress=t...@outlook-tips.net ;POP3UseSPA=0 ;DisplayName= ;ReplyEMailAddress= ;SMTPUseAuth=1 ;SMTPAuthMethod=0 ;ConnectionType=0 ;LeaveOnServer=0x0 ;ConnectionOID=MyConnection ;POP3Port=110 ;POP3UseSSL=0 ;ServerTimeOut=60 ;SMTPPort=25 ;SMTPUseSSL=0 [Account1] UniqueService=No AccountName=TPLKIMAP IMAPServer=192.168.135.248 SMTPServer=192.168.135.248 IMAPUserName=testuser emailaddress=testu...@tropenklinik.de IMAPUseSPA=0 DisplayName=Testuser replyemailaddress=testu...@tropenklinik.de SMTPUseAuth=0 SMTPAuthMethod=0 ConnectionType=0 RootFolder= ConnectionOID=192.168.135.248 IMAPPort=143 IMAPUseSSL=0 ServerTimeOut=60 SMTPPort=25 SMTPUseSSL=0 ;[Account3] ;UniqueService=No ;HttpServer=http://services.msn.com/svcs/hotmail/httpmail.asp ;username=porem...@hotmail.com ;Organization= ;Reply= ;Account=Poremsky-Hotmail ;emailaddress=porem...@hotmail.com ;FullName=Diane Poremsky ;Connection Type=0 ;ConnectOID= ;*** ; Section 6 - Mapping for profile properties ;*** [Microsoft Exchange Server] ServiceName=MSEMS MDBGUID=5494A1C0297F101BA58708002B2A2517 MailboxName=PT_STRING8,0x6607 HomeServer=PT_STRING8,0x6608 OfflineAddressBookPath=PT_STRING8,0x660E OfflineFolderPath=PT_STRING8,0x6610 [Exchange Global Section] SectionGUID=13dbb0c8aa05101a9bb000aa002fc45a MailboxName=PT_STRING8,0x6607 HomeServer=PT_STRING8,0x6608 RPCoverHTTPflags=PT_LONG,0x6623 RPCProxyServer=PT_UNICODE,0x6622 RPCProxyPrincipalName=PT_UNICODE,0x6625 RPCProxyAuthScheme=PT_LONG,0x6627 CachedExchangeConfigFlags=PT_LONG,0x6629 [Microsoft Mail] ServiceName=MSFS ServerPath=PT_STRING8,0x6600 Mailbox=PT_STRING8,0x6601 Password=PT_STRING8,0x67f0 RememberPassword=PT_BOOLEAN,0x6606 ConnectionType=PT_LONG,0x6603 UseSessionLog=PT_BOOLEAN,0x6604 SessionLogPath=PT_STRING8,0x6605 EnableUpload=PT_BOOLEAN,0x6620 EnableDownload=PT_BOOLEAN,0x6621 UploadMask=PT_LONG,0x6622 NetBiosNotification=PT_BOOLEAN,0x6623 NewMailPollInterval=PT_STRING8,0x6624 DisplayGalOnly=PT_BOOLEAN,0x6625 UseHeadersOnLAN=PT_BOOLEAN,0x6630 UseLocalAdressBookOnLAN=PT_BOOLEAN,0x6631 UseExternalToHelpDeliverOnLAN=PT_BOOLEAN,0x6632 UseHeadersOnRAS=PT_BOOLEAN,0x6640 UseLocalAdressBookOnRAS=PT_BOOLEAN,0x6641 UseExternalToHelpDeliverOnRAS=PT_BOOLEAN,0x6639 ConnectOnStartup=PT_BOOLEAN,0x6642
[Samba] Samba printserver with ADS stops every Friday
Hello, we have a printserver with samba 3.4.3 and ADS. Every Friday morning, the server stops working and we get error messages. [2010/06/25 10:44:32, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! The only way to access the server again, is to login on the domain or the server. We have tried everything (restart the server, rejoin the domain) but every Friday the same problem. Thanks Hubertus Phywe Systeme GmbH Co. KG, Göttingen Registergericht: Handelsregister Göttingen HRA 3798 Geschäftsführender Gesellschafter: Rolf Lucas-Nülle Geschäftsführer: Klaus Elias Der Inhalt dieser E-Mail ist ausschliesslich für den bezeichneten Adressaten bestimmt. Jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail durch unberechtigte Dritte ist unzulässig. Wir bitten Sie, sich mit dem Absender der E-Mail in Verbindung zu setzen, falls Sie nicht der Adressat dieser E-Mail sind und das Material von Ihrem Computer zu löschen. This e-mail and any attachments are confidential and intended solely for the addressee. The perusal, publication, copying or dissemination of the contents of this e-mail by unauthorised third parties is prohibited. If you are not the intended recipient of this e-mail, please delete it and immediately notify the sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba printserver with ADS stops every Friday
On Fri, Jun 25, 2010 at 12:53:08PM +0200, Bartkowski, Hubertus wrote: we have a printserver with samba 3.4.3 and ADS. Every Friday morning, the server stops working and we get error messages. [2010/06/25 10:44:32, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! The only way to access the server again, is to login on the domain or the server. We have tried everything (restart the server, rejoin the domain) but every Friday the same problem. This sounds like an expired ticket on the client. What kind of client is this? Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba winbind problem with trusted domains
--- Original message --- Subject: Re: [Samba] samba winbind problem with trusted domains From: *...@ppu appaji04cn...@gmail.com To: t...@tms3.com Date: Friday, 25/06/2010 4:09 AM hi yes netbios is active on windows machines and i m able to ping samba server with .domain.extension. it is asking for user authentiation but it is not taking when i give user ID and PWD. I had that problem with 3.0.9 on FreeBSD YEARS ago...can't remember what I did. Let's see: In smb.conf, this wouldn't hurt: workgroup = (NETBIOS NAME OF AD DOMAIN) Since you have WIndoze servers, turning on WINS on it and adding: wins server = wins ip addy remote announce = wins ip addy/netbios workgroup name remore browse sync = wins ip addy You also want to do some nbtstat commands on the workstations to see if they are resolving netbios properly. Something else just dawned on me, something about W2K8 and NTLMv2 credentials. IDK maybe the netbios name is trying to auth by NTLMv2 and IP addy by kerberos...Like I said IDK, need to see packets. Cheers, TMS III On Thu, Jun 24, 2010 at 6:26 PM, t...@tms3.com wrote: SNIP thanks for your reply .Those are trusted domains and wbinfo-m is showing all the trusted domains. Anyways I have resolved the problem with Likewise open backend authentication tool. :) . But now I am facing another problem . i am not able to access samba shares using netbios name Is netbios active on windows machines? How is netbios being handled even with full machine FQDN wherears it is accessible with IP address. Is the samba machine in DNS? ping myserver.mydomain.extention can you please help me On Wed, Jun 23, 2010 at 6:16 PM, t...@tms3.com wrote: On Wednesday 23/06/2010 at 12:12 am, *...@ppu wrote: hi all i am new to samba and struggling with trusted domains authentication from many days .i have a win2k3 domain(corp.raju.ad )and win2k8 domain ( testraju.ad) . i have joined samba server as a member to win2k8 domain (testraju.ad) using net ads join commands / i m able to access samba shares using testraju.ad user ID's successfully , while authenticating with corp.raju.ad users i m unable to.log is showing as NT_STATUS NO_SUCH USER In such situations, the forrest testaju.ad must have a trust with corp.raju.ad, which would be controlled by the Windoze DC's. Samba NT style domain trusts are not applicable to member servers. Member servers are little more than domain joined machines. Cheers, TMS III follwing is my smb.conf file [global] log file = /var/log/samba/%m load printers = yes idmap gid = 600-200 interfaces = 127.0.0.1 eth0 encrypt passwords = yes realm = testraju.ad winbind use default domain = true template shell = /bin/bash netbios name = slclinuxfs001 winbind enum users = no idmap uid = 600-200 password server = hsttestadc001.testraju.ad winbind nested groups = YeS workgroup = test winbind enum groups = no security = ADS max log size = 5 bind interfaces only = true log level = 3 #winbind separator = \ [raju] comment = test share path = /tmp/raju browsable = yes available = yes writable = yes readonly = no valid users = @RAJU\domain users @TEST\domain users wbinfo -m is listing all trusted domains . i m able to authenticate trusted domain user with wbinfo --authenticate=raju\\pa72635%password (2 back slashes) i have enabled logging on and following is the client log when i access with trusted domain user ID . [2010/06/23 12:47:38.010714, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []...@[hicmbsa001] with the new password interface [2010/06/23 12:47:38.010761, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [slclinuxfs001]...@[hicmbsa001] [2010/06/23 12:47:38.011642, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.011670, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/06/23 12:47:38.011709, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.011812, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/06/23 12:47:38.011921, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.011946, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/06/23 12:47:38.011969, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) -
[Samba] migration of PDC tdbsam backend to BDC - failed to fetch domain database
Hello According to NT4 Migration Using tdbsam Backend http://samba.org/samba/docs/man/Samba-Guide/ntmigration.html#id2604610 I would like to transfer PDC settings (users,groups sids) to BDC and later make from BDC PDC machine. I have Fedora Core 7 PDC(hostname serwer) and Centos 5.4 BDC (hostname serwer2) both on tdbsam backends. I have copied smb.conf, passwd,group,shadow,secrets.tdb files from FC7 to centos 5.4 I have changed smb.conf on Centos BDC : -domain master =no -netbios name = serwer2 all rest settings are the same like on smb.conf from PDC. From BDC I'm executing commands: (PDC IP 10.10.10.1) net rpc join -I 10.10.10.1 -W geodezja -U root Joined domain GEODEZJA but when I would like to vampire accounts net rpc vampire -I 10.10.10.1 -U root I have receive error: Fetching DOMAIN database FAILED to fetch domain database: NT code 0x1c010002 in /var/log/messages on PDC i have receive : Jun 25 15:16:33 localhost smbd[8657]: [2010/06/25 15:16:33, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478) Jun 25 15:16:33 localhost smbd[8657]: _net_auth2: creds_server_check failed. Rejecting auth request from client SERWER2 machine account SERWER2$ Jun 25 15:16:33 localhost smbd[8657]: [2010/06/25 15:16:33, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478) Jun 25 15:16:33 localhost smbd[8657]: _net_auth2: creds_server_check failed. Rejecting auth request from client SERWER2 machine account SERWER2$ What am I doing wrong ??? PLEASE HELP!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migration of PDC tdbsam backend to BDC - failed to fetch domain database
What version of samba? The vampire command can be used to pull account info from an NT4 server into a Samba 3.x domain. I am not sure if it can be used against a Samba 3.x server. I could be wrong. Samba 4 would be a different situation. You may be able to copy the samba private and samba locks directories over from PDC to BDC instead. On 06/25/2010 09:19 AM, Hubert Choma wrote: Hello According to NT4 Migration Using tdbsam Backend http://samba.org/samba/docs/man/Samba-Guide/ntmigration.html#id2604610 I would like to transfer PDC settings (users,groups sids) to BDC and later make from BDC PDC machine. I have Fedora Core 7 PDC(hostname serwer) and Centos 5.4 BDC (hostname serwer2) both on tdbsam backends. I have copied smb.conf, passwd,group,shadow,secrets.tdb files from FC7 to centos 5.4 I have changed smb.conf on Centos BDC : -domain master =no -netbios name = serwer2 all rest settings are the same like on smb.conf from PDC. From BDC I'm executing commands: (PDC IP 10.10.10.1) net rpc join -I 10.10.10.1 -W geodezja -U root Joined domain GEODEZJA but when I would like to vampire accounts net rpc vampire -I 10.10.10.1 -U root I have receive error: Fetching DOMAIN database FAILED to fetch domain database: NT code 0x1c010002 in /var/log/messages on PDC i have receive : Jun 25 15:16:33 localhost smbd[8657]: [2010/06/25 15:16:33, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478) Jun 25 15:16:33 localhost smbd[8657]: _net_auth2: creds_server_check failed. Rejecting auth request from client SERWER2 machine account SERWER2$ Jun 25 15:16:33 localhost smbd[8657]: [2010/06/25 15:16:33, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478) Jun 25 15:16:33 localhost smbd[8657]: _net_auth2: creds_server_check failed. Rejecting auth request from client SERWER2 machine account SERWER2$ What am I doing wrong ??? PLEASE HELP!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Anyone try 'ssh server and get Password for DOMAIN\USER:
I might be wrong but couldn't you modify /etc/nsswitch.conf to use passwd: files winbind group: files winbind instead? IS the Samba server the PDC? Do you have local unix accounts on it? On 06/25/2010 01:12 AM, L. A. Walsh wrote: I'm trying to use 'ssh' as a domain user from a workstation into my server. When I ssh as a non-domain user, it doesn't tack on a domain (or workstation) name, so it just works, but when I log in from from my Samba domain, it tacks it on (and the linux security stuff doesn't like domain\ either. Should the pam_winbind module be able to authenticate this type of user name against the domain? If not, is there a module that does? thanks, linda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] LDAP Account Manager 3.1.0 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 LDAP Account Manager (LAM) 3.1.0 - June 25th, 2010 == LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: - - This release adds Asterisk voicemail support and lamdaemon no longer requires the PHP SSH2 extension. LAM Pro now supports to manage sudo entries. The usability was also improved. Lamdaemon users and those who managed workstations with the inetOrgPerson hack please read the version specific upgrade instructions: http://www.ldap-account-manager.org/static/doc/manual/ch01s02.html#a_versUpgrade Debian users may need to install the JQuery-UI package: http://packages.debian.org/squeeze/libjs-jquery-ui Full changelog: http://www.ldap-account-manager.org/lamcms/changelog Features: - - * management of various account types * Unix * Samba 3 * Kolab 2 * Asterisk * phpGroupwWare * DHCP * SSH keys * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * multiple configuration files * multi-language support: Catalan, Chinese (Traditional + Simplified), Czech, Dutch, English, French, German, Hungarian, Italian, Japanese, Polish, Portuguese, Russian and Spanish * support for LDAP+SSL/TLS Availability: - - This software is available under the GNU General Public License V2.0. You can get the newest version at http://www.ldap-account-manager.org. File formats: DEB, RPM, tar.gz There is also a FreeBSD port. Debian users may use the packages in unstable. Demo installation: - -- You can try our demo installation online. http://www.ldap-account-manager.org/lamcms/liveDemo Support: - If you find a bug please file a bug report. For questions or implementing new features please use the mailinglist and feature request tracker at our homepage http://www.ldap-account-manager.org. Authors Copyright: - Copyright (C) 2003 - 2010: Michael Duergner mich...@duergner.com Roland Gruber p...@rolandgruber.de Tilo Lutz tilol...@gmx.de LAM is published under the GNU General Public License. The complete list of licenses can be found in the copyright file. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkwk8+EACgkQq/ywNCsrGZ6A/ACeIiTt6rtVHE1IZeJ/QzKIfFIs +c4An37LWf8DPwyhOs5uqO+/v46EKTQf =ULg2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Encryption
On Tue, 01 Dec 2009 08:23:01 -0800, Jeremy Allison wrote: On Tue, Dec 01, 2009 at 10:01:57AM -0600, Cameron Laird wrote: What are the prospects for smb transport encryption? Where can I learn more? It's implemented via the UNIX extension mechanism between smbclient and smbd for versions of Samba 3.2.x and greater. Not yet implemented in the Linux CIFSFS client or MacOSX client. The encryption feature of smbclient seems really great! But it is too bad that it is only in smbclient and not in smbmount/mount.cifs. Is there any technical barrier to implementing it in smbmount? I used to use sshfs to remotely mount my home directories between different computers running Linux, but I have switched to Samba for better performance. I would like to be able to keep using Samba without worrying about the relative lack of security. (I know this isn't really Samba's fault, but a legacy of its origins.) Dan Lenski -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Encryption
On Fri, Jun 25, 2010 at 06:44:17PM +, Dan Lenski wrote: On Tue, 01 Dec 2009 08:23:01 -0800, Jeremy Allison wrote: On Tue, Dec 01, 2009 at 10:01:57AM -0600, Cameron Laird wrote: What are the prospects for smb transport encryption? Where can I learn more? It's implemented via the UNIX extension mechanism between smbclient and smbd for versions of Samba 3.2.x and greater. Not yet implemented in the Linux CIFSFS client or MacOSX client. The encryption feature of smbclient seems really great! But it is too bad that it is only in smbclient and not in smbmount/mount.cifs. Is there any technical barrier to implementing it in smbmount? No technical barrier, just the willingness of someone to write the code :-). I used to use sshfs to remotely mount my home directories between different computers running Linux, but I have switched to Samba for better performance. I would like to be able to keep using Samba without worrying about the relative lack of security. (I know this isn't really Samba's fault, but a legacy of its origins.) Steve French and Jeff Layton are the experts in the Linux CIFS kernel code, try bugging them :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Encryption
On Sun, 18 Apr 2010 10:29:38 -0400, simo wrote: On Sun, 2010-04-18 at 10:05 -0400, Nico Kadel-Garcia wrote: Reviewing the docs, this tool requires Samba 3.2 or later on both the client and server sides. I'm therefore assuming that it's not compatible with a contemporary Windows fileserver: can you confirm this? Does anyone know if NetApp supports such encryption? It is an extension created by the Samba Team as part of unix extensions, and at the moment the only client that implements it is smbclient. Not even the in kernel cifs driver implements it. And we have no knowledge of any other implementer adopting it yet. Does anyone know a time-frame for inclusion of transport encryption in the kernel CIFS driver? I'm really looking forward to this feature! Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Encryption
On Fri, Jun 25, 2010 at 06:54:08PM +, Dan Lenski wrote: On Sun, 18 Apr 2010 10:29:38 -0400, simo wrote: On Sun, 2010-04-18 at 10:05 -0400, Nico Kadel-Garcia wrote: Reviewing the docs, this tool requires Samba 3.2 or later on both the client and server sides. I'm therefore assuming that it's not compatible with a contemporary Windows fileserver: can you confirm this? Does anyone know if NetApp supports such encryption? It is an extension created by the Samba Team as part of unix extensions, and at the moment the only client that implements it is smbclient. Not even the in kernel cifs driver implements it. And we have no knowledge of any other implementer adopting it yet. Does anyone know a time-frame for inclusion of transport encryption in the kernel CIFS driver? I'm really looking forward to this feature! Steve, Jeff ping ? :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Encryption
On Fri, 25 Jun 2010 12:20:41 -0700 Jeremy Allison j...@samba.org wrote: On Fri, Jun 25, 2010 at 06:54:08PM +, Dan Lenski wrote: On Sun, 18 Apr 2010 10:29:38 -0400, simo wrote: On Sun, 2010-04-18 at 10:05 -0400, Nico Kadel-Garcia wrote: Reviewing the docs, this tool requires Samba 3.2 or later on both the client and server sides. I'm therefore assuming that it's not compatible with a contemporary Windows fileserver: can you confirm this? Does anyone know if NetApp supports such encryption? It is an extension created by the Samba Team as part of unix extensions, and at the moment the only client that implements it is smbclient. Not even the in kernel cifs driver implements it. And we have no knowledge of any other implementer adopting it yet. Does anyone know a time-frame for inclusion of transport encryption in the kernel CIFS driver? I'm really looking forward to this feature! Steve, Jeff ping ? :-) Sadly, there are enough bugs in this area that it may be a bit before we get around to adding new features. I know Shirish was poking around in here a while back, but I think he's working on other stuff now. I think before we can reasonably add that we really need to move all of the cifs crypto to use the kernel's standard crypto libs rather than the homegrown routines they use now. There are some definite problems wrt to unicode in there (not directly related to crypto, but it needs fixing). NTLMSSP auth is also busted which is a rather important item. -- Jeff Layton jlay...@samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] wbinfo messed up (was Re: Anyone try 'ssh server and get Password for DOMAIN\USER:)
Gaiseric Vandal wrote: IS the Samba server the PDC? Do you have local unix accounts on it? (yes, yes).. I might be wrong but couldn't you modify /etc/nsswitch.conf to use passwd: files winbind group: files winbind instead? --- I tried this -- but then I couldn't log in at all! I'm thinking my winbind is screwy -- that may be all or part of the problem. Symptoms: wbinfo -u shows: lindaw (my user name) wbinfo -n lindaw returns: (expected) S-1-5-21-3-7-3-80026 SID_USER (1) BUT: wbinfo -i lindaw says:Could not get info for user lindaw wbinfo --own-domain returns: BLISS wbinfo --ping-dcreturns: checking the NETLOGON dc connection succeeded BUT: wbinfo --dsgetdcname=BLISS returns: Could not find dc for BLISS wbinfo -m BUILTIN BLISS wbinfo -m wbinfo --sid-aliases=S-1-5-21-3-7-3-80026 80026 wbinfo --user-sids=S-1-5-21-3-7-3-80026 Could not get group SIDs for user SID S-1-5-21-3-7-3-80026 --- So It has partial information, but can't give info on me, can't verify passwords, can't give groups, but maps user id's... It DOESN'T show the same groups as net rpc groups list -- it shows a *fraction* of what the net command shows - net rpc groups list shows 20 groups, wbinfo -g shows 8. Should these be close? or the same? How can they be out of sync and if they should be the same, how do I resync them? Net groups shows the correct listing. On 06/25/2010 01:12 AM, L. A. Walsh wrote: I'm trying to use 'ssh' as a domain user from a workstation into my server. When I ssh as a non-domain user, it doesn't tack on a domain (or workstation) name, so it just works, but when I log in from from my Samba domain, it tacks it on (and the linux security stuff doesn't like domain\ either. Should the pam_winbind module be able to authenticate this type of user name against the domain? If not, is there a module that does? thanks, linda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Encryption
On Fri, Jun 25, 2010 at 2:34 PM, Jeff Layton jlay...@samba.org wrote: On Fri, 25 Jun 2010 12:20:41 -0700 Jeremy Allison j...@samba.org wrote: On Fri, Jun 25, 2010 at 06:54:08PM +, Dan Lenski wrote: On Sun, 18 Apr 2010 10:29:38 -0400, simo wrote: On Sun, 2010-04-18 at 10:05 -0400, Nico Kadel-Garcia wrote: Reviewing the docs, this tool requires Samba 3.2 or later on both the client and server sides. I'm therefore assuming that it's not compatible with a contemporary Windows fileserver: can you confirm this? Does anyone know if NetApp supports such encryption? It is an extension created by the Samba Team as part of unix extensions, and at the moment the only client that implements it is smbclient. Not even the in kernel cifs driver implements it. And we have no knowledge of any other implementer adopting it yet. Does anyone know a time-frame for inclusion of transport encryption in the kernel CIFS driver? I'm really looking forward to this feature! Steve, Jeff ping ? :-) Sadly, there are enough bugs in this area that it may be a bit before we get around to adding new features. I know Shirish was poking around in here a while back, but I think he's working on other stuff now. I think before we can reasonably add that we really need to move all of the cifs crypto to use the kernel's standard crypto libs rather than the homegrown routines they use now. There are some definite problems wrt to unicode in there (not directly related to crypto, but it needs fixing). NTLMSSP auth is also busted which is a rather important item. -- Jeff Layton jlay...@samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Right now, I am at a stage where NTLMv2 authentication using NTMSSP works. (It definitely was broken against Windows 7 and Windows 2008 server). But signing does not. I am working on making NTLM2 Session Security work. For signing, as I understand, I am attempting to use kernel crypto APIs (for things like the key exchanged in type 3 message in ntlmssp) Point of this is, I am trying to use kernel crypto APIs henceforth. Along the way, I would consider converting existing mac generation routine to crypto kernel APIs. I am definitely considering implementing encryption also. If I am generating all these server and client signing and sealing keys, it may be little easier to go one step further and implement both, signing and sealing. I was mainly focussing on signing but will start investigating sealing also. NTLM2 session security implementation looks daunting though, I am just beginging to look into arc4 encryption to genereate ciphertext. I do not see a problem with existing mac routines but converting them to standard kernel crypto APIs should be way to go. There are definitely issues in how cifs vfs client module implements ntlmssp protocol like how we decide/choose flags in type 1 message and how we react to flags in type 2 message etc. Signing for ntlmv2 is definitely busted. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] wbinfo messed up (was Re: Anyone try 'ssh server and get Password for DOMAIN\USER:)
If wbinfo -s and wbinfo -n both show the same uid-sid mappings then winbind itself should be ok # wbinfo -n jsmith S-1-5-21----1234 User (1) # wbinfo -s S-1-5-21----1234 MYDOMAIN\jsmith 1 # Does getent passwd and getent group return Windows users? Does id MYDOMAIN\jsmith If not you may be missing the libnss_winbind or nss_winbind file in /usr/lib (or /usr/local/lib) depending on OS and where samba was installed. The group thing is weird. wbinfo -g shows more groups than net rpc group list But wbinfo -g shows groups from trusted domains and the BUILTIN domain. I would check the results of net groupmap list. Make sure that Domain Users and Domain Administrators are mapped. On 06/25/2010 03:59 PM, Linda W wrote: Gaiseric Vandal wrote: IS the Samba server the PDC? Do you have local unix accounts on it? (yes, yes).. I might be wrong but couldn't you modify /etc/nsswitch.conf to use passwd: files winbind group: files winbind instead? --- I tried this -- but then I couldn't log in at all! I'm thinking my winbind is screwy -- that may be all or part of the problem. Symptoms: wbinfo -u shows: lindaw (my user name) wbinfo -n lindaw returns: (expected) S-1-5-21-3-7-3-80026 SID_USER (1) BUT: wbinfo -i lindawsays: Could not get info for user lindaw wbinfo --own-domainreturns: BLISS wbinfo --ping-dcreturns: checking the NETLOGON dc connection succeeded BUT: wbinfo --dsgetdcname=BLISS returns: Could not find dc for BLISS wbinfo -m BUILTIN BLISS wbinfo -m wbinfo --sid-aliases=S-1-5-21-3-7-3-80026 80026 wbinfo --user-sids=S-1-5-21-3-7-3-80026 Could not get group SIDs for user SID S-1-5-21-3-7-3-80026 --- So It has partial information, but can't give info on me, can't verify passwords, can't give groups, but maps user id's... It DOESN'T show the same groups as net rpc groups list -- it shows a *fraction* of what the net command shows - net rpc groups list shows 20 groups, wbinfo -g shows 8. Should these be close? or the same? How can they be out of sync and if they should be the same, how do I resync them? Net groups shows the correct listing. On 06/25/2010 01:12 AM, L. A. Walsh wrote: I'm trying to use 'ssh' as a domain user from a workstation into my server. When I ssh as a non-domain user, it doesn't tack on a domain (or workstation) name, so it just works, but when I log in from from my Samba domain, it tacks it on (and the linux security stuff doesn't like domain\ either. Should the pam_winbind module be able to authenticate this type of user name against the domain? If not, is there a module that does? thanks, linda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Fri Jun 25 06:00:01 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-06-24 00:00:03.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-06-25 00:00:31.0 -0600 @@ -1,10 +1,10 @@ -Build status as of Thu Jun 24 06:00:02 2010 +Build status as of Fri Jun 25 06:00:01 2010 Build counts: Tree Total Broken Panic build_farm 0 0 0 ccache 30 2 0 -ldb 30 11 0 +ldb 30 9 0 libreplace 30 11 0 lorikeet 0 0 0 pidl 19 19 0 @@ -14,9 +14,9 @@ samba-web0 0 0 samba_3_current 28 28 4 samba_3_master 28 28 1 -samba_3_next 28 28 4 +samba_3_next 28 28 3 samba_4_0_test 30 30 0 samba_4_0_waf 30 30 0 talloc 30 7 0 -tdb 28 9 0 +tdb 28 7 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 92cfc63... s4 upgradeprovision: Try to support older Pythons. from 163ed44... s4/drs: DsReplicaSync should search partition to Sync http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 92cfc632871e742dedf26ebd43ac789ebed0860c Author: Michael Wood esiot...@gmail.com Date: Fri Jun 25 08:46:13 2010 +0200 s4 upgradeprovision: Try to support older Pythons. Use split(sep, 1) instead of partition(sep). Signed-off-by: Matthias Dieter Wallnöfer m...@samba.org --- Summary of changes: source4/scripting/python/samba/upgradehelpers.py |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/upgradehelpers.py b/source4/scripting/python/samba/upgradehelpers.py index 377ac29..74a157d 100755 --- a/source4/scripting/python/samba/upgradehelpers.py +++ b/source4/scripting/python/samba/upgradehelpers.py @@ -422,7 +422,7 @@ def identic_rename(ldbobj, dn): :param lbdobj: An Ldb Object :param dn: DN of the object to manipulate -(before, sep, after)=str(dn).partition('=') +(before, after) = str(dn).split('=', 1) ldbobj.rename(dn, ldb.Dn(ldbobj, %s=foo%s % (before, after))) ldbobj.rename(ldb.Dn(ldbobj, %s=foo%s % (before, after)), dn) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 408a3aa... s4:lib/registry/ldb.c - cosmetic - fix comment via 14386e6... s4:lib/registry/ldb.c - cosmetic - wrap lines from 92cfc63... s4 upgradeprovision: Try to support older Pythons. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 408a3aa3085e783523ed80bb328a3c65159900ab Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 16:06:11 2010 +0200 s4:lib/registry/ldb.c - cosmetic - fix comment commit 14386e6ec50b55039be6a719a17b185e651ee025 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 16:05:31 2010 +0200 s4:lib/registry/ldb.c - cosmetic - wrap lines --- Summary of changes: source4/lib/registry/ldb.c |7 +++ 1 files changed, 3 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/registry/ldb.c b/source4/lib/registry/ldb.c index 2310bab..01d82e2 100644 --- a/source4/lib/registry/ldb.c +++ b/source4/lib/registry/ldb.c @@ -329,8 +329,8 @@ static WERROR cache_subkeys(struct ldb_key_data *kd) struct ldb_result *res; int ret; - ret = ldb_search(c, c, res, kd-dn, LDB_SCOPE_ONELEVEL, NULL, (key=*)); - + ret = ldb_search(c, c, res, kd-dn, LDB_SCOPE_ONELEVEL, +NULL, (key=*)); if (ret != LDB_SUCCESS) { DEBUG(0, (Error getting subkeys for '%s': %s\n, ldb_dn_get_linearized(kd-dn), ldb_errstring(c))); @@ -352,7 +352,6 @@ static WERROR cache_values(struct ldb_key_data *kd) ret = ldb_search(c, c, res, kd-dn, LDB_SCOPE_ONELEVEL, NULL, (value=*)); - if (ret != LDB_SUCCESS) { DEBUG(0, (Error getting values for '%s': %s\n, ldb_dn_get_linearized(kd-dn), ldb_errstring(c))); @@ -441,7 +440,7 @@ static WERROR ldb_get_value_by_id(TALLOC_CTX *mem_ctx, struct hive_key *k, { struct ldb_key_data *kd = talloc_get_type(k, struct ldb_key_data); - /* if default value exists, give it back */ + /* if the default value exists, give it back */ if (W_ERROR_IS_OK(ldb_get_default_value(mem_ctx, k, name, data_type, data))) { if (idx == 0) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5c98ccd... s4 python: Add unit tests related to PyLong/PyInt handling via 3fc9675... ldb: Fix a wrong changetype in unit test via 7703b89... pidl: Finish to fix the python generated code for 64bit integers via 0802f35... smbtorture: Fix loading of --load-list. via 653b30f... selftest: Clarify generation of idlist option. from 408a3aa... s4:lib/registry/ldb.c - cosmetic - fix comment http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5c98ccd70601c475f3bcb34e6a233069c9f542f6 Author: Matthieu Patou m...@matws.net Date: Tue Jun 22 00:58:48 2010 +0400 s4 python: Add unit tests related to PyLong/PyInt handling Signed-off-by: Jelmer Vernooij jel...@samba.org commit 3fc9675e93c3bfb3381b06bce3d2b130952e9026 Author: Matthieu Patou m...@matws.net Date: Tue Jun 22 19:57:22 2010 +0400 ldb: Fix a wrong changetype in unit test Signed-off-by: Jelmer Vernooij jel...@samba.org commit 7703b89ae57d76a3246db7489c77c9de848ea832 Author: Matthieu Patou m...@matws.net Date: Mon Jun 21 10:48:58 2010 +0400 pidl: Finish to fix the python generated code for 64bit integers Signed-off-by: Jelmer Vernooij jel...@samba.org commit 0802f354ea837b8884c861d6d98f20aa746e4445 Author: Jelmer Vernooij jel...@samba.org Date: Fri Jun 25 02:40:37 2010 +0200 smbtorture: Fix loading of --load-list. commit 653b30f91f7f9e13f16d5d6134adaa04b0675257 Author: Jelmer Vernooij jel...@samba.org Date: Fri Jun 25 02:35:29 2010 +0200 selftest: Clarify generation of idlist option. --- Summary of changes: pidl/lib/Parse/Pidl/Samba4/Python.pm | 33 ++-- selftest/selftest.pl |2 + source4/lib/ldb/tests/test-controls.sh |2 +- .../scripting/python/samba/tests/dcerpc/unix.py| 13 ++- source4/selftest/tests.sh |1 + source4/torture/smbtorture.c | 22 +++-- 6 files changed, 57 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm b/pidl/lib/Parse/Pidl/Samba4/Python.pm index 4687a53..4c5cc1b 100644 --- a/pidl/lib/Parse/Pidl/Samba4/Python.pm +++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm @@ -820,13 +820,40 @@ sub ConvertObjectFromPythonData($$;$) $actual_ctype = $actual_ctype-{DATA}; } - if ($actual_ctype-{TYPE} eq ENUM or $actual_ctype-{TYPE} eq BITMAP or - $actual_ctype-{TYPE} eq SCALAR and ( - expandAlias($actual_ctype-{NAME}) =~ /^(u?int[0-9]*|hyper|NTTIME|time_t|NTTIME_hyper|NTTIME_1sec|dlong|udlong|udlongr)$/)) { + if ($actual_ctype-{TYPE} eq ENUM or $actual_ctype-{TYPE} eq BITMAP) { $self-pidl(PY_CHECK_TYPE(PyInt_Type, $cvar, $fail);); $self-pidl($target = PyInt_AsLong($cvar);); return; } + if ($actual_ctype-{TYPE} eq SCALAR ) { + if (expandAlias($actual_ctype-{NAME}) =~ /^(u?int64|hyper|dlong|udlong|udlongr|NTTIME_hyper|NTTIME|NTTIME_1sec)$/) { + $self-pidl(if (PyObject_TypeCheck($cvar, PyLong_Type)) {); + $self-indent; + $self-pidl($target = PyLong_AsLongLong($cvar);); + $self-deindent; + $self-pidl(} else {); + $self-indent; + $self-pidl(if (PyObject_TypeCheck($cvar, PyInt_Type)) {); + $self-indent; + $self-pidl($target = PyInt_AsLong($cvar);); + $self-deindent; + $self-pidl(} else {); + $self-indent; + $self-pidl(PyErr_Format(PyExc_TypeError, \Expected type %s or %s\,\\); + $self-pidl( PyInt_Type.tp_name, PyLong_Type.tp_name);); + $self-pidl($fail); + $self-deindent; + $self-pidl(}); + $self-deindent; + $self-pidl(}); + return; + } + if (expandAlias($actual_ctype-{NAME}) =~ /^(char|u?int[0-9]*|time_t)$/) { + $self-pidl(PY_CHECK_TYPE(PyInt_Type, $cvar, $fail);); + $self-pidl($target = PyInt_AsLong($cvar);); + return; + } + } if ($actual_ctype-{TYPE} eq STRUCT or $actual_ctype-{TYPE} eq INTERFACE) { my $ctype_name = $self-use_type_variable($ctype); diff --git a/selftest/selftest.pl b/selftest/selftest.pl index b0296e1..7f5aa76 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -944,6 +944,8 @@ $envvarstr
Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthias, On Fri, 2010-06-25 at 01:49 -0500, Matthias Dieter Wallnöfer wrote: - Log - commit 408a3aa3085e783523ed80bb328a3c65159900ab Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 16:06:11 2010 +0200 s4:lib/registry/ldb.c - cosmetic - fix comment commit 14386e6ec50b55039be6a719a17b185e651ee025 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 16:05:31 2010 +0200 s4:lib/registry/ldb.c - cosmetic - wrap lines --- Summary of changes: source4/lib/registry/ldb.c |7 +++ 1 files changed, 3 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/registry/ldb.c b/source4/lib/registry/ldb.c index 2310bab..01d82e2 100644 --- a/source4/lib/registry/ldb.c +++ b/source4/lib/registry/ldb.c @@ -329,8 +329,8 @@ static WERROR cache_subkeys(struct ldb_key_data *kd) struct ldb_result *res; int ret; - ret = ldb_search(c, c, res, kd-dn, LDB_SCOPE_ONELEVEL, NULL, (key=*)); - + ret = ldb_search(c, c, res, kd-dn, LDB_SCOPE_ONELEVEL, + NULL, (key=*)); if (ret != LDB_SUCCESS) { DEBUG(0, (Error getting subkeys for '%s': %s\n, ldb_dn_get_linearized(kd-dn), ldb_errstring(c))); Is this sort of change really necessary ? I don't see how this is cosmetically better than what it was previously. It also didn't overrun the 80 character boundary (as set by our coding style). This just makes it harder to read the output of git blame; please refrain from changes like this, at least in lib/registry. Cheers, Jelmer signature.asc Description: This is a digitally signed message part
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7cf0443... s3: Fix a winbind crash via a9523f1... s3: Fix a winbind crash from 5c98ccd... s4 python: Add unit tests related to PyLong/PyInt handling http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7cf04431594e09043b3b53144fc8511d20b088ee Author: Volker Lendecke v...@samba.org Date: Fri Jun 25 11:47:30 2010 +0200 s3: Fix a winbind crash nss_get_info_cached might deep inside sequence_number() invalidate the ads_struct without telling its callers. commit a9523f17ea2cd85a130e081f3a89cffbee1fdc06 Author: Volker Lendecke v...@samba.org Date: Tue Jun 22 15:59:44 2010 +0200 s3: Fix a winbind crash nss_get_info_cached might have invalidated ads deep inside. --- Summary of changes: source3/winbindd/winbindd_ads.c | 17 - 1 files changed, 16 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index faa4d8e..00b53a2 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -549,15 +549,30 @@ static NTSTATUS query_user(struct winbindd_domain *domain, info-acct_name = ads_pull_username(ads, mem_ctx, msg); - nss_get_info_cached( domain, sid, mem_ctx, ads, msg, + status = nss_get_info_cached( domain, sid, mem_ctx, ads, msg, info-homedir, info-shell, info-full_name, gid); info-primary_gid = gid; + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, (nss_get_info_cached failed: %s\n, + nt_errstr(status))); + goto done; + } if (info-full_name == NULL) { info-full_name = ads_pull_string(ads, mem_ctx, msg, name); } + /* +* We have to re-fetch ads from the domain, +* nss_get_info_cached might have invalidated it. +*/ + ads = ads_cached_connection(domain); + if (ads == NULL) { + domain-last_status = NT_STATUS_SERVER_DISABLED; + goto done; + } + if (!ads_pull_uint32(ads, msg, primaryGroupID, group_rid)) { DEBUG(1,(No primary group for %s !?\n, sid_string_dbg(sid))); -- Samba Shared Repository
s4: rid pool and other provision fixes
Hi Tridge, The local dc account get the value of nextRid and the intial rIDAvailablePool starts with nextRid + x + 100. x was 0 in my dcpromo with a local rid counter of 50. I'll test more combinations... I'm wondering why x is 1 in some cases and the rIDAvailablePool starts at 1101 when nextRid was 1000, instead of starting with 1100. Maybe it depends on the functional level. I've done some testing with a w2k8r2 server and commpared dcpromo with function levels (forest/domain) 4/4, 3/3, 2/2 and 0/0. And x is always 0, but I found that we need to create the RID Set for the local dc in provision, instead of runtime (when the first account is created). dcpromo sets the rIDNextRID to lowest value of rIDPreviousAllocationPool. And as rIDNextRID is not the rid of the next user, but the rid of the last user, the first user gets rIDNextRID + 1, which is 1101 in most cases. I also noticed that rIDUsedPool is never updated on a w2k8r2 server (at least if it's the rid master itself). The changes can be found here: http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-s3upgrade-review If they're no objections I've planed to push this changes tomorrow if make test doesn't show any additional errors. metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 17cd3d0... s3: In copy_netr_SamInfo3 copy all of the sids array from 7cf0443... s3: Fix a winbind crash http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 17cd3d06cb00db9a94375e00aa42832e25c05726 Author: Volker Lendecke v...@samba.org Date: Fri Jun 25 16:56:38 2010 +0200 s3: In copy_netr_SamInfo3 copy all of the sids array --- Summary of changes: source3/auth/server_info.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index a43c4f9..bb38080 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -551,6 +551,7 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, } if (orig-sidcount) { + info3-sidcount = orig-sidcount; info3-sids = talloc_array(info3, struct netr_SidAttr, orig-sidcount); RET_NOMEM(info3-sids); @@ -558,6 +559,8 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, info3-sids[i].sid = sid_dup_talloc(info3-sids, orig-sids[i].sid); RET_NOMEM(info3-sids[i].sid); + info3-sids[i].attributes = + orig-sids[i].attributes; } } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 175d947... s3: In make_server_info_info3, check the result of copy_netr_SamInfo3 from 17cd3d0... s3: In copy_netr_SamInfo3 copy all of the sids array http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 175d9478fea24812046299be6a0224bdc699feb9 Author: Volker Lendecke v...@samba.org Date: Fri Jun 25 17:06:00 2010 +0200 s3: In make_server_info_info3, check the result of copy_netr_SamInfo3 --- Summary of changes: source3/auth/auth_util.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index d8e8387..837e58b 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -,6 +,10 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* copy in the info3 */ result-info3 = i3 = copy_netr_SamInfo3(result, info3); + if (result-info3 == NULL) { + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; + } /* Fill in the unix info we found on the way */ result-utok.uid = pwd-pw_uid; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 36b95fe... s3:net [rpc] registry: be as user-friendly as possible wrt to the normalization change via 8e4f812... s3:registry: improve logic of upgrade code in regdb_init() via 3703b79... s3:registry: fix some debug messages in regdb_ini() via 15bacaf... s3-registry: Convert registry key delimiter from slash to backslash. via f540833... s3-registry: Added a db upgrade function to normalize the key delimiter. from 175d947... s3: In make_server_info_info3, check the result of copy_netr_SamInfo3 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 36b95fee152d348926fad1bcdc9f05312bb2aad5 Author: Michael Adam ob...@samba.org Date: Fri Jun 25 17:26:34 2010 +0200 s3:net [rpc] registry: be as user-friendly as possible wrt to the normalization change The registry has been changed to use '\' as a key delimiter instead of '/'. Originally, one could mix both characters in the specification of registry key for net [rpc] registry. Now this can not work any more, since '/' is generally treated as a valid character of a key name. Now, to be as user-friendly as possible, the net [rpc] registry code has been changed to still support '/' as a key name delimiter if no '\' character is found in the given registry path string. In that case, all '/' characters are converted to '\' characters before proceeding. If on the other hand, a '\' character is found in the path string, then no conversion is assumed, and it is hence assumed that the path is already in the correct form and '/' characters are supposed to be part of the key names. commit 8e4f8128234f0015c9d63bb18821487bb3e7b06e Author: Michael Adam ob...@samba.org Date: Fri Jun 25 14:34:04 2010 +0200 s3:registry: improve logic of upgrade code in regdb_init() Don't overwrite unknown versions (0 or 2) of the registry. commit 3703b79b11eecf3d8f2232b400bb8a2dd5b55876 Author: Michael Adam ob...@samba.org Date: Fri Jun 25 12:32:22 2010 +0200 s3:registry: fix some debug messages in regdb_ini() commit 15bacaf3c594ac24cf26b0329723e873a5cae43d Author: Andreas Schneider a...@samba.org Date: Thu Jun 24 16:33:37 2010 +0200 s3-registry: Convert registry key delimiter from slash to backslash. This is needed to support keynames containing a '/' like TCP/IP. Which is used in serveral standard paths. Signed-off-by: Michael Adam ob...@samba.org commit f540833632ffe2c743e90ef9df1627e69b7a0c7b Author: Andreas Schneider a...@samba.org Date: Thu Jun 24 15:26:04 2010 +0200 s3-registry: Added a db upgrade function to normalize the key delimiter. This converts the key delimiter from a slash to a blackslash. We need to support keynames with a backslash. Signed-off-by: Michael Adam ob...@samba.org --- Summary of changes: source3/include/reg_db.h |1 + source3/lib/adt_tree.c | 12 ++-- source3/registry/reg_api.c | 10 -- source3/registry/reg_backend_db.c| 163 +- source3/registry/reg_cachehook.c |6 -- source3/registry/reg_util_internal.c | 23 ++--- source3/utils/net_registry_util.c| 11 ++- 7 files changed, 164 insertions(+), 62 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/reg_db.h b/source3/include/reg_db.h index 5cafa0a..774093d 100644 --- a/source3/include/reg_db.h +++ b/source3/include/reg_db.h @@ -23,6 +23,7 @@ #define REG_TDB_FLAGS TDB_SEQNUM #define REGVER_V1 1 /* first db version with write support */ +#define REGVER_V2 2 /* version 2 with normalized keys */ #define REG_VALUE_PREFIXSAMBA_REGVAL #define REG_SECDESC_PREFIX SAMBA_SECDESC diff --git a/source3/lib/adt_tree.c b/source3/lib/adt_tree.c index 7f4a39d..6d48161 100644 --- a/source3/lib/adt_tree.c +++ b/source3/lib/adt_tree.c @@ -46,7 +46,7 @@ static bool trim_tree_keypath( char *path, char **base, char **new_path ) *base = path; - p = strchr( path, '/' ); + p = strchr( path, '\\' ); if ( p ) { *p = '\0'; @@ -214,7 +214,7 @@ WERROR pathtree_add(struct sorted_tree *tree, const char *path, void *data_p) DEBUG(8,(pathtree_add: Enter\n)); - if ( !path || *path != '/' ) { + if ( !path || *path != '\\' ) { DEBUG(0,(pathtree_add: Attempt to add a node with a bad path [%s]\n, path ? path : NULL )); return WERR_INVALID_PARAM; @@ -225,7 +225,7 @@ WERROR pathtree_add(struct sorted_tree *tree, const char *path, void *data_p) return WERR_INVALID_PARAM; } - /* move past the first '/' */ + /* move past the first '\\' */
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6d97360... s3:registry: use regdb_store_regdb_version() in regdb_init(). via 2f44dcc... s3:registry: use regdb_store_regdb_version() in regdb_upgrade_v1_to_v2() via 5641ee0... s3:registry: add a function regdb_store_regdb_version() via a9bec6b... s3:registry: rename regdb_upgrade_to_version_2() - regdb_upgrade_v1_to_v2() from 36b95fe... s3:net [rpc] registry: be as user-friendly as possible wrt to the normalization change http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6d973607c3bfec6d82347727b1bf800348c74202 Author: Michael Adam ob...@samba.org Date: Fri Jun 25 18:13:06 2010 +0200 s3:registry: use regdb_store_regdb_version() in regdb_init(). commit 2f44dcc96b5a02379995c8ba6270ff8d89e56953 Author: Michael Adam ob...@samba.org Date: Fri Jun 25 18:12:28 2010 +0200 s3:registry: use regdb_store_regdb_version() in regdb_upgrade_v1_to_v2() commit 5641ee02fdbd768b90ca8de43ce2f14b007e4245 Author: Michael Adam ob...@samba.org Date: Fri Jun 25 18:11:35 2010 +0200 s3:registry: add a function regdb_store_regdb_version() commit a9bec6b779edd2feead5fae5cb25cf1f862eaaf2 Author: Michael Adam ob...@samba.org Date: Fri Jun 25 18:04:52 2010 +0200 s3:registry: rename regdb_upgrade_to_version_2() - regdb_upgrade_v1_to_v2() --- Summary of changes: source3/registry/reg_backend_db.c | 61 - 1 files changed, 33 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c index 9a0e632..a31f7fb 100644 --- a/source3/registry/reg_backend_db.c +++ b/source3/registry/reg_backend_db.c @@ -439,10 +439,32 @@ static int regdb_normalize_keynames_fn(struct db_record *rec, return 0; } -static WERROR regdb_upgrade_to_version_2(void) +static WERROR regdb_store_regdb_version(uint32_t version) +{ + NTSTATUS status; + const char *version_keyname = INFO/version; + + if (!regdb) { + return WERR_CAN_NOT_COMPLETE; + } + + status = dbwrap_trans_store_int32(regdb, version_keyname, version); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, (regdb_init: error storing %s = %d: %s\n, + version_keyname, version, nt_errstr(status))); + return ntstatus_to_werror(status); + } else { + DEBUG(10, (regdb_init: stored %s = %d\n, + version_keyname, version)); + return WERR_OK; + } +} + +static WERROR regdb_upgrade_v1_to_v2(void) { TALLOC_CTX *mem_ctx; int rc; + WERROR werr; mem_ctx = talloc_stackframe(); if (mem_ctx == NULL) { @@ -452,7 +474,13 @@ static WERROR regdb_upgrade_to_version_2(void) rc = regdb-traverse(regdb, regdb_normalize_keynames_fn, mem_ctx); talloc_destroy(mem_ctx); - return (rc == -1 ? WERR_REG_IO_FAILURE : WERR_OK); + + if (rc == -1) { + return WERR_REG_IO_FAILURE; + } + + werr = regdb_store_regdb_version(REGVER_V2); + return werr; } /*** @@ -493,23 +521,12 @@ WERROR regdb_init(void) vers_id = dbwrap_fetch_int32(regdb, vstring); if (vers_id == -1) { - NTSTATUS status; - DEBUG(10, (regdb_init: registry version uninitialized (got %d), initializing to version %d\n, vers_id, expected_version)); - status = dbwrap_trans_store_int32(regdb, vstring, REGVER_V2); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, (regdb_init: error storing %s = %d: %s\n, - vstring, expected_version, nt_errstr(status))); - return ntstatus_to_werror(status); - } else { - DEBUG(10, (regdb_init: stored %s = %d\n, - vstring, expected_version)); - } - - return WERR_OK; + werr = regdb_store_regdb_version(expected_version); + return werr; } if (vers_id expected_version || vers_id == 0) { @@ -520,8 +537,6 @@ WERROR regdb_init(void) } if (vers_id == REGVER_V1) { - NTSTATUS status; - DEBUG(10, (regdb_init: got registry db version %d, upgrading to version %d\n, REGVER_V1, REGVER_V2)); @@ -529,22 +544,12 @@ WERROR regdb_init(void) return WERR_REG_IO_FAILURE; } - werr = regdb_upgrade_to_version_2(); + werr = regdb_upgrade_v1_to_v2(); if
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 86be54e... Change talloc_autofree_context() to frame in Andrew's schannel.tdb TDB_CLEAR_IF_FIRST changes. Using talloc_autofree_context() has undesirable effects when forked subprocesses exit. via c84b74d... schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync() via cfece16... s3:schannel Open the schannel_state.tdb at startup via 58d0b63... s4:schannel Open the schannel_store.tdb at startup via 825b2f4... libcli/auth make open_schannel_session_store() public from 6d97360... s3:registry: use regdb_store_regdb_version() in regdb_init(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 86be54ec61153d6ecd6967fa0f8c65880bbb088c Author: Jeremy Allison j...@samba.org Date: Fri Jun 25 12:02:08 2010 -0700 Change talloc_autofree_context() to frame in Andrew's schannel.tdb TDB_CLEAR_IF_FIRST changes. Using talloc_autofree_context() has undesirable effects when forked subprocesses exit. Jeremy. commit c84b746c74ad28597f069a43a0a3d334b04a Author: Andrew Bartlett abart...@samba.org Date: Wed Jun 23 10:37:13 2010 +1000 schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync() By making this DB TDB_NOSYNC, and by making that safe with TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server. This particularly helps the source4/ 'make test', which otherwise tries to disable fsync() in ldb. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org commit cfece164981142168aa6c846c7433f0459fb6de7 Author: Andrew Bartlett abart...@samba.org Date: Wed Jun 23 10:36:32 2010 +1000 s3:schannel Open the schannel_state.tdb at startup This will allow future TDB_CLEAR_IF_FIRST behaviour Signed-off-by: Jeremy Allison j...@samba.org commit 58d0b638c802241655b205b1974e48f477c2eaeb Author: Andrew Bartlett abart...@samba.org Date: Wed Jun 23 10:33:15 2010 +1000 s4:schannel Open the schannel_store.tdb at startup This will allow TDB_CLEAR_IF_FIRST behaviour in future Signed-off-by: Jeremy Allison j...@samba.org commit 825b2f456c136b33d139ee76e58426437bce65b8 Author: Andrew Bartlett abart...@samba.org Date: Wed Jun 23 10:31:50 2010 +1000 libcli/auth make open_schannel_session_store() public This will allow TDB_CLEAR_IF_FIRST to be used Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: libcli/auth/schannel_proto.h |3 ++ libcli/auth/schannel_state_tdb.c | 44 - source3/smbd/server.c|8 +++ source4/smbd/server.c|8 +++ 4 files changed, 24 insertions(+), 39 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/schannel_proto.h b/libcli/auth/schannel_proto.h index eee7199..f1731a7 100644 --- a/libcli/auth/schannel_proto.h +++ b/libcli/auth/schannel_proto.h @@ -23,6 +23,9 @@ #ifndef _LIBCLI_AUTH_SCHANNEL_PROTO_H__ #define _LIBCLI_AUTH_SCHANNEL_PROTO_H__ +struct tdb_wrap *open_schannel_session_store(TALLOC_CTX *mem_ctx, +const char *private_dir); + NTSTATUS netsec_incoming_packet(struct schannel_state *state, TALLOC_CTX *mem_ctx, bool do_unseal, diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c index 9e76781..0dcc336 100644 --- a/libcli/auth/schannel_state_tdb.c +++ b/libcli/auth/schannel_state_tdb.c @@ -35,18 +35,13 @@ #define SECRETS_SCHANNEL_STATE SECRETS/SCHANNEL /** - Open or create the schannel session store tdb. + Open or create the schannel session store tdb. Non-static so it can + be called from parent processes to corectly handle TDB_CLEAR_IF_FIRST ***/ -#define SCHANNEL_STORE_VERSION_1 1 -#define SCHANNEL_STORE_VERSION_2 2 /* should not be used */ -#define SCHANNEL_STORE_VERSION_CURRENT SCHANNEL_STORE_VERSION_1 - -static struct tdb_wrap *open_schannel_session_store(TALLOC_CTX *mem_ctx, - const char *private_dir) +struct tdb_wrap *open_schannel_session_store(TALLOC_CTX *mem_ctx, +const char *private_dir) { - TDB_DATA vers; - uint32_t ver; struct tdb_wrap *tdb_sc = NULL; char *fname = talloc_asprintf(mem_ctx, %s/schannel_store.tdb, private_dir); @@ -54,7 +49,7 @@ static struct tdb_wrap *open_schannel_session_store(TALLOC_CTX *mem_ctx, return NULL; } - tdb_sc = tdb_wrap_open(mem_ctx, fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + tdb_sc =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via afc6d2f... Don't use frame as the talloc ctx in open_schannel_session_store(), as this breaks running from inetd (we free frame below). Use NULL instead. from 86be54e... Change talloc_autofree_context() to frame in Andrew's schannel.tdb TDB_CLEAR_IF_FIRST changes. Using talloc_autofree_context() has undesirable effects when forked subprocesses exit. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit afc6d2f46d6aed07f828ef2f0aa6b62250468132 Author: Jeremy Allison j...@samba.org Date: Fri Jun 25 13:29:00 2010 -0700 Don't use frame as the talloc ctx in open_schannel_session_store(), as this breaks running from inetd (we free frame below). Use NULL instead. Jeremy. --- Summary of changes: source3/smbd/server.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 24788a9..1b00f2c 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1025,7 +1025,7 @@ extern void build_options(bool screen); } if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) { - if (!open_schannel_session_store(frame, lp_private_dir())) { + if (!open_schannel_session_store(NULL, lp_private_dir())) { DEBUG(0,(ERROR: Samba cannot open schannel store for secured NETLOGON operations.\n)); exit(1); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e40afe9... Move UCS2 macros to common code from afc6d2f... Don't use frame as the talloc ctx in open_schannel_session_store(), as this breaks running from inetd (we free frame below). Use NULL instead. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e40afe975accd8199ffe54ea9f3c4dedd02edb02 Author: Jelmer Vernooij jel...@samba.org Date: Fri Jun 25 21:51:23 2010 +0200 Move UCS2 macros to common code --- Summary of changes: lib/util/charset/charset.h | 23 +++ source3/include/smb.h | 21 - 2 files changed, 23 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/charset/charset.h b/lib/util/charset/charset.h index cc57b3e..68907aa 100644 --- a/lib/util/charset/charset.h +++ b/lib/util/charset/charset.h @@ -40,6 +40,29 @@ typedef enum {CH_UTF16LE=0, CH_UTF16=0, CH_UNIX, CH_DISPLAY, CH_DOS, CH_UTF8, CH typedef uint16_t smb_ucs2_t; /* + * SMB UCS2 (16-bit unicode) internal type. + * smb_ucs2_t is *always* in little endian format. + */ + +#ifdef WORDS_BIGENDIAN +#define UCS2_SHIFT 8 +#else +#define UCS2_SHIFT 0 +#endif + +/* turn a 7 bit character into a ucs2 character */ +#define UCS2_CHAR(c) ((c) UCS2_SHIFT) + +/* return an ascii version of a ucs2 character */ +#define UCS2_TO_CHAR(c) (((c) UCS2_SHIFT) 0xff) + +/* Copy into a smb_ucs2_t from a possibly unaligned buffer. Return the copied smb_ucs2_t */ +#define COPY_UCS2_CHAR(dest,src) (((unsigned char *)(dest))[0] = ((unsigned char *)(src))[0],\ + ((unsigned char *)(dest))[1] = ((unsigned char *)(src))[1], (dest)) + + + +/* * for each charset we have a function that pulls from that charset to * a ucs2 buffer, and a function that pushes to a ucs2 buffer * */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 3cbd0c0..defecd7 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -144,27 +144,6 @@ typedef union unid_t { gid_t gid; } unid_t; -/* - * SMB UCS2 (16-bit unicode) internal type. - * smb_ucs2_t is *always* in little endian format. - */ - -#ifdef WORDS_BIGENDIAN -#define UCS2_SHIFT 8 -#else -#define UCS2_SHIFT 0 -#endif - -/* turn a 7 bit character into a ucs2 character */ -#define UCS2_CHAR(c) ((c) UCS2_SHIFT) - -/* return an ascii version of a ucs2 character */ -#define UCS2_TO_CHAR(c) (((c) UCS2_SHIFT) 0xff) - -/* Copy into a smb_ucs2_t from a possibly unaligned buffer. Return the copied smb_ucs2_t */ -#define COPY_UCS2_CHAR(dest,src) (((unsigned char *)(dest))[0] = ((unsigned char *)(src))[0],\ - ((unsigned char *)(dest))[1] = ((unsigned char *)(src))[1], (dest)) - /* pipe string names */ #define PIPE_LANMAN \\PIPE\\LANMAN -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2f7fe9d... s4/net-drs: Fix error messages typo and formatting via 0c8ffc9... s4/drs-test: Fix whitespaces and permissions for delete_object.py test from e40afe9... Move UCS2 macros to common code http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2f7fe9db023022c03e104dcc43a39f20bf5c804b Author: Kamen Mazdrashki kame...@samba.org Date: Fri Jun 25 15:56:35 2010 +0300 s4/net-drs: Fix error messages typo and formatting commit 0c8ffc9f15bdd66b3a6971691aadf76b245e Author: Kamen Mazdrashki kame...@samba.org Date: Fri Jun 25 14:56:03 2010 +0300 s4/drs-test: Fix whitespaces and permissions for delete_object.py test Sorry I've missed to do this before --- Summary of changes: source4/torture/drs/python/delete_object.py | 10 +- source4/utils/net/drs/net_drs_showrepl.c| 14 +++--- 2 files changed, 12 insertions(+), 12 deletions(-) mode change 100755 = 100644 source4/torture/drs/python/delete_object.py Changeset truncated at 500 lines: diff --git a/source4/torture/drs/python/delete_object.py b/source4/torture/drs/python/delete_object.py old mode 100755 new mode 100644 index 6b75b80..29c7565 --- a/source4/torture/drs/python/delete_object.py +++ b/source4/torture/drs/python/delete_object.py @@ -101,7 +101,7 @@ class DrsDeleteObjectTestCase(samba.tests.TestCase): def _make_username(self): return DrsDelObjUser_ + time.strftime(%s, time.gmtime()) - + def _check_user(self, sam_ldb, user_orig, is_deleted): # search the user by guid as it may be deleted guid_str = self._GUID_string(user_orig[objectGUID][0]) @@ -120,7 +120,7 @@ class DrsDeleteObjectTestCase(samba.tests.TestCase): self.assertEquals(user_cur[isDeleted][0],TRUE) self.assertTrue(not(objectCategory in user_cur)) self.assertTrue(not(sAMAccountType in user_cur)) -self.assertTrue(dodn in str(user_cur[dn]), +self.assertTrue(dodn in str(user_cur[dn]), User %s is deleted but it is not located under %s! % (name_orig, dodn)) self.assertEquals(name_cur, name_orig + \nDEL: + guid_str) else: @@ -135,10 +135,10 @@ class DrsDeleteObjectTestCase(samba.tests.TestCase): net_cmd = os.path.abspath(./bin/net) # make command line credentials string creds = samba.tests.cmdline_credentials -cmd_line_auth = -U%s/%s%%%s % (creds.get_domain(), +cmd_line_auth = -U%s/%s%%%s % (creds.get_domain(), creds.get_username(), creds.get_password()) # bin/net drs replicate Dest_DC_NAME Src_DC_NAME Naming Context -cmd_line = %s drs replicate %s %s %s %s % (net_cmd, DC, fromDC, +cmd_line = %s drs replicate %s %s %s %s % (net_cmd, DC, fromDC, self.domain_dn, cmd_line_auth) ret = os.system(cmd_line) self.assertEquals(ret, 0, Replicating %s from %s has failed! % (DC, fromDC)) @@ -213,7 +213,7 @@ def connect_samdb(samdb_url): samdb_url = ldap://%s; % samdb_url # user 'paged_search' module when connecting remotely ldb_options = [modules:paged_searches] - + return SamDB(url=samdb_url, lp=samba.tests.env_loadparm(), session_info=system_session(), diff --git a/source4/utils/net/drs/net_drs_showrepl.c b/source4/utils/net/drs/net_drs_showrepl.c index b5d355e..d429df4 100644 --- a/source4/utils/net/drs/net_drs_showrepl.c +++ b/source4/utils/net/drs/net_drs_showrepl.c @@ -126,7 +126,7 @@ static bool net_drs_showrepl_print_dc_info(struct net_drs_context *drs_ctx) /* parse NTDS Settings DN */ if (!net_drs_parse_ntds_dn(dn, mem_ctx, dc_name, site_name, NULL)) { - d_printf(Unexptected: Failed to parse %s DN!\n, + d_printf(Unexpected: Failed to parse %s DN!\n, ldb_dn_get_linearized(dn)); goto failed; } @@ -224,7 +224,7 @@ static bool net_drs_exec_DsReplicaGetInfo(struct net_drs_context *drs_ctx, } if (info_type != info_type_got) { - d_printf(DsReplicaGetInfo: Error requested info %d, got info %d, + d_printf(DsReplicaGetInfo: Error requested info %d, got info %d.\n, info_type, info_type_got); return false; } @@ -302,7 +302,7 @@ static bool net_drs_showrepl_print_inbound_neihbors(struct net_drs_context *drs_ bret = net_drs_exec_DsReplicaGetInfo(drs_ctx, DRSUAPI_DS_REPLICA_INFO_NEIGHBORS, replica_info); if (!bret) { - d_printf(DsReplicaGetInfo() failed for