Re: [Samba] Error 0x000003e6 when trying to connect to a printer from w2k8 (x64)
Hi Rob, thanks for your tip. I tried it, but it didn't help. The error still persists. Regards Thorsten Am 12.07.2010 17:46, schrieb Rob Moser: Hi Thorsten, I can't be sure that its exactly the same error, but I had a very similar problem that I solved like this: In the policy editor, for the group policy that you're using to control your print servers, explicitly disable the policy: Computer Configuration:Policies:Administrative Templates:Printers:Always render print jobs on the server Windows documentation says this defaults to disabled, but we have found this to be (at least partially) untrue for W2k8 - if you need it disabled then disable it explicitly. Hopefully that works for you... - rob. On 07/12/2010 08:09 AM, Thorsten Leiser wrote: Hello, I'm trying to connect my W2k8 (x64) Server farm to our new installed printserver based on debian lenny with sernet samba 3.5.4 installed. Everytime i try to connect to a printer share via point and print, it fails with error 0x03e6. When i do the same from Windows XP or from our old w2k3 (x64) server farm everything works excellent. Does anybody know a workaround. I installed nearly 80 printers on the samba server and i don't want to do this again. Regards Thorsten -- Thorsten Leiser IT-Systembetreuung SYNCHRON Gesellschaft für betriebswirtschaftliche Beratung und Informationssysteme mbH Liebknechtstr. 50 70565 Stuttgart-Vaihingen Fon: 0711/7868-356 Fax: 0711/7868-446 www.synchron-is.de Sitz der Gesellschaft: Stuttgart Registergericht: Amtsgericht Stuttgart, HRB 8619 GF: Michael Schober - - - - - - - - - Diese E-Mail beinhaltet vertrauliche und/oder rechtlich geschuetzte Daten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged data. If you are not the intended recipient or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the content in this e-mail is strictly forbidden. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] two PDCs
How did you get it working like that so quickly? Did you get it working with two primary domain controllers? (As opposed to one PDC and two BDC's?) It shuld be some misunderstanding, because I didn't. I still planning the setup. Of course, my users only visited each others' offices occasionally. If you have tons of movement between the offices, a one-domain solution may be forced upon you... Unfortunately, a lot of users are roaming users (teachers with laptop, and users). My plan is that I will set up separate profile shares on both side, but at least they can use their own username and even change their password. So, I would like to try the multi-PDC scenario with master and slave LDAP server, but I worry about a little. It makes very little sense to have multiple PDC's, and only adds to both administrative and user confusion IMHO. Give the present workings of OpenLDAP, just pick a replication strategy the makes sense and use a single domain. I've built and run a single domain on a 15 node VPN with multi-master OpenLDAP backend, and it is remarkably resilient. About multi-master replication. Scott wrote that he had to deal with it a lot, so he didn't recommended that. But, I need one domain, because a lot of users uses both site. So, I have the following options: 1. PDCs on each site, with the same domain, as chapter 6 describes. a. Master LDAP server in the HQ, and slave in the branch site, according to the SaMBa guide. b. Branch site uses master LDAP server too. It looks tepmting, but difficult/dangerous to me. 2. PDC on the HQ, BDC on the branch site a. branch site uses slave LDAP server. b. Branch site uses master LDAP server too. In 1/a and 2/a, the VPN outage could be problem. Am I right? As i know, only PDC writes to the LDAP database. Is that true? Because in case of VPN outage, this situation has the same drawback. So, my main problem is the unreliable ADSL line. Can we live with slave server in the branch office? How are you intending to keep roaming profiles in sync (the files on the server, not the stuff in LDAP)? Are you going to use rsync? Unless users jump from office to office, why bother. I would set road warriors with local profiles and and sync their stuff in a manner appropriate to there schedules/primary location. Students will have that problem, but they have to bow to it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] circumvent the proxy user
Hello everybody, my company wants to integrate all Unix servers into active directory. For normal account management I decided more or less to go down the winbind route. To have all information in one place, we also want to put sudoers in the AD. Now the question is, how can I access the information ? I don't think, winbind can provide sudoers information. So, I guess I have to maintain a separate ldap.conf for sudo. But, how does sudo authenticate to the LDAP server (the user is authenticated using pam and thus through winbind (unless NOPASSWD is defined)) - The standard answer is: use a proxy user. But I dont like it - How does winbind authenticate to the LDAP server ? Would it be possible to do the same with nss_ldap ? - Somebody suggested to use SASL - GSS_API - Kerberos. But how do I handle non-AD users, or the NOPASSWD case ? Sincerely Bernhard -- Minds are like parachutes They only function when open -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind and authentication with local accounts
Hi everyone, I have a problem with my samba and winbind configuration: before I switched the config (from local user authentication to AD authentication using winbind) my users were able to authenticate for example as “peter”. Now, after switching, they are forced to use SAMBASERVERNAME\peter. If they use only “peter” winbind tries to authenticate them against the AD which fails. Is there a way to “teach” winbind to try to authenticate every user locally if they dont use DOMAIN\peter ? Hope you understand my problem in spite of my bad English ☺ My configuration: SLES11 SP0 samba-3.2.7-11.6 samba-winbind-3.2.7-11.6 krb5-1.6.3-133.10 smb.conf: [global] workgroup = DOMAIN netbios aliases = SAMBASERVER interfaces = eth0, 127.0.0.1/8 bind interfaces only = Yes ;security = ADS security = ADS password server = 192.168.1.1 load printers = No disable spoolss = Yes show add printer wizard = No ;printcap name = cups logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile encrypt passwords = Yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers kernel oplocks = No ldap ssl = no printing = bsd ;cups options = raw print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j include = /etc/samba/dhcp.conf log level = 1 realm = DOMAIN.DE template homedir = /home/%D/%U template shell = /bin/bash usershare allow guests = No winbind refresh tickets = yes winbind offline logon = yes idmap gid = 1-2 idmap uid = 1-2 winbind enum users = yes winbind enum groups = yes idmap backend = ad idmap config DOMAIN : backend = ad winbind nss info = rfc2307 krb5.conf [libdefaults] default_realm = DOMAIN.DE clockskew = 300 [realms] DOMAIN.DE = { kdc = 192.168.1.1 admin_server = 192.168.1.1 default_domain = domain.de } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [domain_realm] .domain.de = DOMAIN.DE [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false minimum_uid = 1 } Cheers, Philipp SL Netzwerktechnik GmbH Philipp Braband Networking Team Florinstrasse 18 56218 Muelheim-Kaerlich Telefon: +49 261 92736 308 Fax: Email: pbrab...@sul.de www: http://www.sul.de www: http://www.controlseries.de www: http://www.monitoring-solution.de SL Netzwerktechnik GmbH - Geschaeftsfuehrer Goetz Schmitt, Oliver Schmitt Sitz der Gesellschaft: Muelheim-Kaerlich - Amtsgericht Koblenz HRB 135 53 USt-ID: DE 171698897 - USt-ID: Luxembourg LU 18934643 Diese E-Mail kann vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht der beabsichtigte Empfaenger sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender telefonisch oder per E-Mail und loeschen Sie diese E-Mail aus Ihrem System. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. Wir haften nicht fuer die Unversehrtheit von E-Mails, nachdem sie unseren Einflussbereich verlassen haben. This e -mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately by call or e-mail and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. We are not responsible for the integrity of e-mails after they have left our sphere of control. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error 0x000003e6 when trying to connect to a printer from w2k8 (x64)
On 07/12/2010 08:09 AM, Thorsten Leiser wrote: Hello, I'm trying to connect my W2k8 (x64) Server farm to our new installed printserver based on debian lenny with sernet samba 3.5.4 installed. Everytime i try to connect to a printer share via point and print, it fails with error 0x03e6. When i do the same from Windows XP or from our old w2k3 (x64) server farm everything works excellent. Does anybody know a workaround. I installed nearly 80 printers on the samba server and i don't want to do this again. Regards Thorsten -- Hi Thorsten, I had the same problem as you with a 2k8R2 server, and I fixed it by changing the version of pscript5.dll (and the other ps* files) on my samba server (in /usr/share/cups/drivers/x64). I was using the Win7/Vista 64bit pscript5.dll file, but I had to change it to the version shipped with 2k8 64bit. Once I did that, the problems disappeared (and the driver still works win Win7 64bit and Vista 64bit). Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem mapping Samba shares in Windows
Hi, In our company we are currently running a Samba server and Windows XP clients. At the moment we are having problems with mapping Samba shares in Windows. Shares are being mapped through a windows startup script, which executes net use (with the option persistent:no) command. For most users this works most of the time, nevertheless it often fails, the exect reason for this isn't clear yet. When this happens, the samba server prompts for username and password on executing the mapping script again (after logging on). This should not be nessecary since the user already is already logged on at that moment. After rebooting serveral times without making any changes, the script does work and all drives are mapped correctly. What could be the cause of this problem? Thanks in advance, Sincerely, Inaki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error 0x000003e6 when trying to connect to a printer from w2k8 (x64)
Am 13.07.2010 11:15, schrieb Sean Crosby: On 07/12/2010 08:09 AM, Thorsten Leiser wrote: Hello, I'm trying to connect my W2k8 (x64) Server farm to our new installed printserver based on debian lenny with sernet samba 3.5.4 installed. Everytime i try to connect to a printer share via point and print, it fails with error 0x03e6. When i do the same from Windows XP or from our old w2k3 (x64) server farm everything works excellent. Does anybody know a workaround. I installed nearly 80 printers on the samba server and i don't want to do this again. Regards Thorsten -- Hi Thorsten, I had the same problem as you with a 2k8R2 server, and I fixed it by changing the version of pscript5.dll (and the other ps* files) on my samba server (in /usr/share/cups/drivers/x64). I was using the Win7/Vista 64bit pscript5.dll file, but I had to change it to the version shipped with 2k8 64bit. Once I did that, the problems disappeared (and the driver still works win Win7 64bit and Vista 64bit). Sean Hi Sean, I replaced the drivers without success. I don't think it's a drivers problem in my case. The driver works perfect on our old samba 3.2.5 server. Thanks for your effort. Regards Thorsten -- Thorsten Leiser IT-Systembetreuung SYNCHRON Gesellschaft für betriebswirtschaftliche Beratung und Informationssysteme mbH Liebknechtstr. 50 70565 Stuttgart-Vaihingen Fon: 0711/7868-356 Fax: 0711/7868-446 www.synchron-is.de Sitz der Gesellschaft: Stuttgart Registergericht: Amtsgericht Stuttgart, HRB 8619 GF: Michael Schober - - - - - - - - - Diese E-Mail beinhaltet vertrauliche und/oder rechtlich geschuetzte Daten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged data. If you are not the intended recipient or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the content in this e-mail is strictly forbidden. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem mapping Samba shares in Windows
On 13/07/2010, at 6:55 PM, Informatica wrote: Hi, In our company we are currently running a Samba server and Windows XP clients. At the moment we are having problems with mapping Samba shares in Windows. Shares are being mapped through a windows startup script, which executes net use (with the option persistent:no) command. For most users this works most of the time, nevertheless it often fails, the exect reason for this isn't clear yet. When this happens, the samba server prompts for username and password on executing the mapping script again (after logging on). This should not be nessecary since the user already is already logged on at that moment. After rebooting serveral times without making any changes, the script does work and all drives are mapped correctly. What could be the cause of this problem? Can you post your smb.conf, as this could be many issues. Also, could you post your samba logs? i find this logging config puts all the data nicely into one file (as it could be client or server side issues) log level = 1 log file = /var/log/samba/samba.log max log size = 50 syslog = 0 Make sure you touch the file first and set it as writable. William -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] two PDCs
About multi-master replication. Scott wrote that he had to deal with it a lot, so he didn't recommended that. But, I need one domain, because a lot of users uses both site. So, I have the following options: 1. PDCs on each site, with the same domain, as chapter 6 describes. Look, I'm not sure if my emails are getting through or not, but drop this multi PDC thing. It's just more complexity. You need some sort of LDAP replication because you want authentication done locally. Multi-master is more difficult to set up, but more flexible. There are other schemes. I had some 16 servers setup this way and had very few difficulties. It is quite resilient and reliable. Here is a good primer: http://www.zytrax.com/books/ldap/ch7/ a. Master LDAP server in the HQ, and slave in the branch site, according to the SaMBa guide. b. Branch site uses master LDAP server too. It looks tepmting, but difficult/dangerous to me. 2. PDC on the HQ, BDC on the branch site a. branch site uses slave LDAP server. b. Branch site uses master LDAP server too. In 1/a and 2/a, the VPN outage could be problem. Am I right? No, the b's are the problem if the VPN is down. They're calling the master which is at the other end of the VPN. The a's have a slave copy. All is good, unless they need to write to LDAP. How much LDAP writing goes on in the branch? As i know, only PDC writes to the LDAP database. Is that true? No. If you're using smbldap-tools, the ldap calls are made via smbldap_bind.conf. So with multi-master this whole dual PDC thing is fairly useless. See, Multi-master...all are writable. Question: 1. Which office writes to LDAP? 2. Who does the writing? 3. Is there likely to be a mutually exclusive write, at approximately the same instant, during a VPN outage? Because in case of VPN outage, this situation has the same drawback. So, my main problem is the unreliable ADSL line. Can we live with slave server in the branch office? Yes, using Replication refreshOnly or Replication refreshAndPersist. You can truly go apeshit with this stuff, making only pieces of the DIT available to branches. Very nifty once you get it down. How are you intending to keep roaming profiles in sync (the files on the server, not the stuff in LDAP)? Are you going to use rsync? Unless users jump from office to office, why bother. I would set road warriors with local profiles and and sync their stuff in a manner appropriate to there schedules/primary location. Students will have that problem, but they have to bow to it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem mapping Samba shares in Windows
Hi, In our company we are currently running a Samba server and Windows XP clients. At the moment we are having problems with mapping Samba shares in Windows. Shares are being mapped through a windows startup script, which executes net use (with the option persistent:no) command. For most users this works most of the time, nevertheless it often fails, the exect reason for this isn't clear yet. When this happens, the samba server prompts for username and password on executing the mapping script again (after logging on). This should not be nessecary since the user already is already logged on at that moment. Just a shot in the dark, but I'd check to make sure contact to the server is actually being made during login. Doesn't seem like it. After rebooting serveral times without making any changes, the script does work and all drives are mapped correctly. What could be the cause of this problem? Thanks in advance, Sincerely, Inaki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] KVNO keeps getting higher and higher
Richard Smits wrote: Richard Smits wrote: Hello, We have clients running Fedora 11. They are running samba and winbind version 3.4.2.0.42. samba-winbind-3.4.2-0.42.fc11.x86_64 samba-3.4.2-0.42.fc11.x86_64 samba-common-3.4.2-0.42.fc11.x86_64 Our problem is that the KVNO (Key Version Number) msDS-KeyVersionNumber keeps changing in the AD and is getting higher and higher. We are at 16 now and counting. The problem is that I have to recreate a new keytab file because our clients are also using a nfs4/krb5 mount on another server. When the version is higher than local in the keytab, the krb5 security will not work anymore. I have talked to the Windows sysadmins and the say that the password for a computer object is changed every 30 days, but my experience is that the key is increased every couple of days it seems. But the strange thing is that this is not for every computer object. There are also linux servers with AD computer objects that still have version 2 ? How is this possible ? This is a mystery for me. The other servers are using pam_winbind. Could that be the reason why the number will not increase in their case ? I hope to get some hints why this keeps happening. Greetings .. Richard Well, I am still having this problem, but have captured it in a logfile. It was in the 2003 DC security log. I seems that the computer object password in the AD is changed. Why ? And why would winbind not negotiate in a normal manner so this could be avoided. See logfile below... Does anyone has a clue why this is happening ? Greetings ... -- 27-4-201012:49:56SecuritySuccess AuditAccount Management 646NT AUTHORITY\ANONYMOUS LOGONSRVxxx Computer Account Changed: - Target Account Name:linuxserver$ Target Domain:DASTUD Target Account ID:DOMAIN\linuxserver$ Caller User Name:SRVxxx$ Caller Domain:DASTUD Caller Logon ID:(0x0,0x3E7) Privileges:- Changed Attributes: Sam Account Name:- Display Name:- User Principal Name:- Home Directory:- Home Drive:- Script Path:- Profile Path:- User Workstations:- Password Last Set:4/27/2010 12:49:56 PM Account Expires:- Primary Group ID:- AllowedToDelegateTo:- Old UAC Value:- New UAC Value:- User Account Control:- User Parameters:- Sid History:- Logon Hours:- DNS Host Name:- Service Principal Names:- 27-4-201012:49:56SecuritySuccess AuditAccount Management 646NT AUTHORITY\ANONYMOUS LOGONSRVxxx Computer Account Changed: - Target Account Name:linuxserver$ Target Domain:DASTUD Target Account ID:DOMAIN\linuxserver$ Caller User Name:SRVxxx$ Caller Domain:DASTUD Caller Logon ID:(0x0,0x3E7) Privileges:- Changed Attributes: Sam Account Name:- Display Name:- User Principal Name:- Home Directory:- Home Drive:- Script Path:- Profile Path:- User Workstations:- Password Last Set:4/27/2010 12:49:56 PM Account Expires:- Primary Group ID:- AllowedToDelegateTo:- Old UAC Value:- New UAC Value:- User Account Control:- User Parameters:- Sid History:- Logon Hours:- DNS Host Name:- Service Principal Names:- Well, I just want to say that this problem has been solved. It took a long time, but this is the solution : The new samba versions has a different syntax in the smb.conf file. In the old versions of samba, there was a line that said : use kerberos keytab = yes But in the newer versions, they changed the syntax of this line to : kerberos method = secrets and keytab This line says that the AD communication will use the keytab file, AND the sessions.tdb file. If you do not have this line, it only uses the session.tdb, and your keytab will be out of sync in a couple of days. Greetings .. Richard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind and authentication with local accounts
Depends on where you're talking about your users authenticating, but it sounds like you need a: winbind use default domain = yes in your smb.conf. - rob. On 07/13/2010 02:00 AM, Philipp Braband wrote: Hi everyone, I have a problem with my samba and winbind configuration: before I switched the config (from local user authentication to AD authentication using winbind) my users were able to authenticate for example as “peter”. Now, after switching, they are forced to use SAMBASERVERNAME\peter. If they use only “peter” winbind tries to authenticate them against the AD which fails. Is there a way to “teach” winbind to try to authenticate every user locally if they dont use DOMAIN\peter ? Hope you understand my problem in spite of my bad English ☺ My configuration: SLES11 SP0 samba-3.2.7-11.6 samba-winbind-3.2.7-11.6 krb5-1.6.3-133.10 smb.conf: [global] workgroup = DOMAIN netbios aliases = SAMBASERVER interfaces = eth0, 127.0.0.1/8 bind interfaces only = Yes ;security = ADS security = ADS password server = 192.168.1.1 load printers = No disable spoolss = Yes show add printer wizard = No ;printcap name = cups logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile encrypt passwords = Yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers kernel oplocks = No ldap ssl = no printing = bsd ;cups options = raw print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j include = /etc/samba/dhcp.conf log level = 1 realm = DOMAIN.DE template homedir = /home/%D/%U template shell = /bin/bash usershare allow guests = No winbind refresh tickets = yes winbind offline logon = yes idmap gid = 1-2 idmap uid = 1-2 winbind enum users = yes winbind enum groups = yes idmap backend = ad idmap config DOMAIN : backend = ad winbind nss info = rfc2307 krb5.conf [libdefaults] default_realm = DOMAIN.DE clockskew = 300 [realms] DOMAIN.DE = { kdc = 192.168.1.1 admin_server = 192.168.1.1 default_domain = domain.de } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [domain_realm] .domain.de = DOMAIN.DE [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false minimum_uid = 1 } Cheers, Philipp SL Netzwerktechnik GmbH Philipp Braband Networking Team Florinstrasse 18 56218 Muelheim-Kaerlich Telefon: +49 261 92736 308 Fax: Email: pbrab...@sul.de www: http://www.sul.de www: http://www.controlseries.de www: http://www.monitoring-solution.de SL Netzwerktechnik GmbH - Geschaeftsfuehrer Goetz Schmitt, Oliver Schmitt Sitz der Gesellschaft: Muelheim-Kaerlich - Amtsgericht Koblenz HRB 135 53 USt-ID: DE 171698897 - USt-ID: Luxembourg LU 18934643 Diese E-Mail kann vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht der beabsichtigte Empfaenger sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender telefonisch oder per E-Mail und loeschen Sie diese E-Mail aus Ihrem System. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. Wir haften nicht fuer die Unversehrtheit von E-Mails, nachdem sie unseren Einflussbereich verlassen haben. This e -mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately by call or e-mail and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. We are not responsible for the integrity of e-mails after they have left our sphere of control. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Close_remove_share_mode: Could not get share mode lock for file...
Hey folks... I'm using the Redhat Samba package (samba-3.0.33-3.15.el5_4.1) and I'm having a problem with one specific user. When she opens a project for her program, there are several shape files which need to open. Unfortunately, performance is EXTREMELY slow for her; everyone else who accesses the project can open it up quickly and normally. A tail of /var/log/samba/IP address.log shows several of these errors: close_remove_share_mode: Could not get share mode lock for file... Can this be resolved by deleting a .tdb file somewhere? She has permissions to said files. Bill Dorrian Unix/Linux Systems Support (904) 232-2742 Give a man a fish and you've freed him up for the day to write a poem, compose a song, or howl at the Gods. Teach a man to fish and you've condemned him to a lifetime as a fisherman. -Rodney Anonymous -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows/Linux groups combined
My scenario: I have a Windows AD group call Creative Team. I also have outside users, who are not in AD that connect directly to my RHEL 5.5 Linux Samba system. They have a local user account. They are members of the local group cr2. How can I map the groups so that any Windows user in Creative Team, can access any directory with group permissions to cr2? I've tried net groupmap, but that doesn't seem to be doing what I want to do. I'd just prefer the 2 groups to act the same. Thanks in advance. Chad McCan --- This email is intended solely for the use of the addressee and may contain information that is confidential, proprietary, or both. If you receive this email in error please immediately notify the sender and delete the email. --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Digitally encrypt or sign secure channel data
Hello! Our security department recently implemented the Digital Signing settings on our Windows 2003 domain controller. I'm trying to set up a RHEL5 server to simply act as a file server, although I'm able to join the domain successfully, I'm getting errors when I attempt to access the RH server from the Windows side. The error I get is: Trust relationship between this workstation and the primary domain failed Now googling this problem I've found several posts that indicated that I need to disable the following: Domain Member: Digitally encrypt or sign secure channel data (always) The problem is, I cannot do that. So, I'm hoping that there may be a work around for this on the Samba side. I have loaded the most recent version of Samba (3.5). Thank you in advance for your help! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Failed in net ads join
Use net ads join to join a Windows AD, But it fails. It is some error message. libnet_join_ok: failed to get schannel session key from server wscc-s-003040.westshore.edu for domain WSCCNET. Error was NT_STATUS_ACCESS_DENIED Failed to join domain: failed to verify domain membership after joining: Access denied John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Invitation to connect on LinkedIn
LinkedIn Ks Tan requested to add you as a connection on LinkedIn: -- Serge, I'd like to add you to my professional network on LinkedIn. - Ks Accept invitation from Ks Tan http://www.linkedin.com/e/mzateh-gblp8fsi-6q/vTWyDe4yCEPPQyWVLZMh1H4yCEPPQGFCi7/blk/I755912476_3/pmpxnSRJrSdvj4R5fnhv9ClRsDgZp6lQs6lzoQ5AomZIpn8_cRYSdPgOcjARdjt9bSIUcAVGkBcTbPsTdP4Rc3kSd34LrCBxbOYWrSlI/EML_comm_afe/ View invitation from Ks Tan http://www.linkedin.com/e/mzateh-gblp8fsi-6q/vTWyDe4yCEPPQyWVLZMh1H4yCEPPQGFCi7/blk/I755912476_3/0PnPoTd38NejkRdQALqnpPbOYWrSlI/svi/ -- DID YOU KNOW you can be the first to know when a trusted member of your network changes jobs? With Network Updates on your LinkedIn home page, you'll be notified as members of your network change their current position. Be the first to know and reach out! http://www.linkedin.com/ -- (c) 2010, LinkedIn Corporation -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Using +group in valid users is not working
Hi, I had a similar problem, please check your /etc/nsswitch.conf settings. Try to change settings to group: files winbind and then you can use directly AD Domain Groups. Cheers Pavol On 07/13/2010 02:00 AM, Lee, Andrien wrote: Hi Björn Thanks for your response. The problem I'm having is that payoff in this instance is actually a UNIX group. If I set valid users as +payoff I get the same problem with the same error message. It just isn't recognising that bbancroft is a member of the local UNIX group payoff. Cheers Andrien Lee -Original Message- From: Björn Jacke [mailto:b...@sernet.de] On 2010-07-12 at 14:19 +1000 Lee, Andrien sent off: I have included a level 3 log from log.smbd up to the first rejection, along with the relevant smb.conf info that I am aware of. The log is for a connection to a share with valid users = @payoff, where bbancroft is a member of the payoff group. make sure you don't run into the 16/32 Groups/User limitation of Solaris and also make sure to use @DOMAIN\group instread of @group. Cheers Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Tue Jul 13 06:00:01 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-07-12 00:00:02.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-07-13 00:00:02.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Mon Jul 12 06:00:01 2010 +Build status as of Tue Jul 13 06:00:01 2010 Build counts: Tree Total Broken Panic @@ -12,11 +12,11 @@ rsync30 12 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 28 28 4 -samba_3_master 28 28 4 -samba_3_next 28 28 6 +samba_3_current 30 30 4 +samba_3_master 30 30 4 +samba_3_next 30 30 6 samba_4_0_test 30 30 0 -samba_4_0_waf 30 28 1 +samba_4_0_waf 32 30 1 talloc 30 7 0 tdb 28 7 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0c93b7d... s3-dcerpc: Remove unused functions and headers via bc6a3e0... s3-dcerpc: Use dcerpc_push_ncacn_packet() in api_pipe_alter_context() via 3ba93a9... s3-dcerpc: Use dcerpc_push_dcerpc_auth() for spnego auth continuations. via 7050073... s3-dceprc: Use dcerpc_push_ncacn_packet() in api_pipe_bind_req() via f6648c5... s3-dcerpc: Use a DATA_BLOB in bind processing and avoid one mem copy via 8213bba... s3-dcerpc: Rearrange api_pipe_bind_req() to do checks before allocating memory via 87605e2... s3-dcerpc: fix dcerpc_push_ncacn_packet, pass arg by address via fe9036c... s3-dcerpc: pass the packet to setup_bind_nack() via 272704e... s3-dceprc: Add debug messages via 4ba8923... s3-dcerpc: Remove unused members via 29a3142... s3-dcerpc: Remove unused functions via 8e235df... s3-dcerpc: Use dcerpc_pull_ncacn_packet() to unmarshall dceprc requests via e340aa4... dcerpc: move dcerpc_pull_auth_trailer into a the common dcerpc_util.c file via 77fb364... s3-dceprc: Store opnum in its own variable via a138b3d... s3-dceprc use a DATA_BLOB to hold the curren pdu in pipes_struct via d078b54... s3-dcerpc: use dceprc_push_ncacn_packet_header in create_next_pdu_noauth() via 53e9c26... s3-dcerpc: Use dcerpc_push_ncacn_packet_header() in create_next_pdu_schannel() via 98913d8... s3-dcerpc: use dcerpc_push_ncacn_packet_header() in create_next_pdu_ntlmssp() via 77699c7... sr-dcerpc: add dcerpc_push_ncacn_packet_header() via aca330a... s3-dcerpc delay rpc header unmarshalling via 43064a7... s3-dcerpc: Remove unused headers via cf664b7... s3-dcerpc: Use dcerpc_set_frag_length() via ea66d8e... s3-dcerpc: link against ../librpc/rpc/dcerpc_util.c via 716f9d6... s4-dcerpc: move some util functions up to main librpc directory. via 2297913... s3-dcerpc: Remove unused prototype from 25d487b... s3-dcerpc: Fix ntlmssp sign/seal. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0c93b7dff7600074977bb4504169488b090f1d46 Author: Simo Sorce i...@samba.org Date: Sun Jul 11 17:49:06 2010 -0400 s3-dcerpc: Remove unused functions and headers Signed-off-by: Günther Deschner g...@samba.org commit bc6a3e0030f262d9182b241d09df403483c1bf03 Author: Simo Sorce i...@samba.org Date: Sun Jul 11 17:35:02 2010 -0400 s3-dcerpc: Use dcerpc_push_ncacn_packet() in api_pipe_alter_context() Signed-off-by: Günther Deschner g...@samba.org commit 3ba93a986faa8cc3c7d6deaa753573ae6c654cea Author: Simo Sorce i...@samba.org Date: Sun Jul 11 17:07:19 2010 -0400 s3-dcerpc: Use dcerpc_push_dcerpc_auth() for spnego auth continuations. Signed-off-by: Günther Deschner g...@samba.org commit 70500734f9840eaf77f3077e1e64498692af2323 Author: Simo Sorce i...@samba.org Date: Sun Jul 11 11:48:22 2010 -0400 s3-dceprc: Use dcerpc_push_ncacn_packet() in api_pipe_bind_req() Signed-off-by: Günther Deschner g...@samba.org commit f6648c500b79b0575ccff7b9057c4006c21acadd Author: Simo Sorce i...@samba.org Date: Sun Jul 11 11:15:40 2010 -0400 s3-dcerpc: Use a DATA_BLOB in bind processing and avoid one mem copy Also move dcerpc_push_dcerpc_auth() invocation in api_pipe_bind_req() to simplify the workflow. Signed-off-by: Günther Deschner g...@samba.org commit 8213bba892c419022efdb3d800647ef3bcf51388 Author: Simo Sorce i...@samba.org Date: Sun Jul 11 10:47:32 2010 -0400 s3-dcerpc: Rearrange api_pipe_bind_req() to do checks before allocating memory Signed-off-by: Günther Deschner g...@samba.org commit 87605e2030262bc24b59468fe4b5837e8ff584b0 Author: Simo Sorce i...@samba.org Date: Sun Jul 11 12:18:13 2010 -0400 s3-dcerpc: fix dcerpc_push_ncacn_packet, pass arg by address There is no need to copy the whole structure twice by passing it in by value. Signed-off-by: Günther Deschner g...@samba.org commit fe9036cf5bd8aa775a0419be8effae257d6f97f2 Author: Simo Sorce i...@samba.org Date: Sun Jul 11 10:37:07 2010 -0400 s3-dcerpc: pass the packet to setup_bind_nack() Allows to not rely on p-call_id but use the value directly from the request packet header. Signed-off-by: Günther Deschner g...@samba.org commit 272704e8c24cff706c5ce38567f7ab35b335cf92 Author: Simo Sorce i...@samba.org Date: Sat Jul 10 18:53:36 2010 -0400 s3-dceprc: Add debug messages Signed-off-by: Günther Deschner g...@samba.org commit 4ba89230ae03d00f9c6a0882df1361c5369b77a9 Author: Simo Sorce i...@samba.org Date: Sat Jul 10 17:05:58 2010 -0400 s3-dcerpc: Remove unused members Signed-off-by: Günther Deschner g...@samba.org commit 29a3142be856b010ccebb153afad0bf6499d5b56 Author:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0b2d965... s4: Reorganized dsHeuristics reset so the code can be reused from 0c93b7d... s3-dcerpc: Remove unused functions and headers http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0b2d965e4bd7ccc694ddff2342936c5c7d5dd9e5 Author: Nadezhda Ivanova nivan...@samba.org Date: Tue Jul 13 17:15:54 2010 +0300 s4: Reorganized dsHeuristics reset so the code can be reused Moved the setting of dsHeuristics to a method as soon we will have to set other values as well in different tests --- Summary of changes: source4/dsdb/tests/python/acl.py | 91 -- 1 files changed, 38 insertions(+), 53 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py index 471335f..6387fce 100755 --- a/source4/dsdb/tests/python/acl.py +++ b/source4/dsdb/tests/python/acl.py @@ -79,6 +79,9 @@ class AclTests(samba.tests.TestCase): self.base_dn = self.find_basedn(self.ldb_admin) self.domain_sid = self.find_domain_sid(self.ldb_admin) self.user_pass = samba123@ +res = self.ldb_admin.search(base=, expression=, scope=SCOPE_BASE, + attrs=[configurationNamingContext]) +self.configuration_dn = res[0][configurationNamingContext][0] print baseDN: %s % self.base_dn def get_user_dn(self, name): @@ -220,6 +223,23 @@ url: www.example.com self.create_active_user(self.ldb_admin, self.get_user_dn(username)) self.ldb_admin.enable_account((sAMAccountName= + username + )) +def set_dsheuristics(self, dsheuristics): +m = Message() +m.dn = Dn(self.ldb_admin, CN=Directory Service, CN=Windows NT, CN=Services, + + self.configuration_dn) +if dsheuristics is not None: +m[dSHeuristics] = MessageElement(dsheuristics, FLAG_MOD_REPLACE, + dSHeuristics) +else: +m[dSHeuristics] = MessageElement([], FLAG_MOD_DELETE, dsHeuristics) +self.ldb_admin.modify(m) + +def set_minPwdAge(self, value): +m = Message() +m.dn = Dn(self.ldb_admin, self.base_dn) +m[minPwdAge] = MessageElement(value, FLAG_MOD_REPLACE, minPwdAge) +self.ldb_admin.modify(m) + #tests on ldap add operations class AclAddTests(AclTests): @@ -1038,8 +1058,26 @@ class AclCARTests(AclTests): self.ldb_user = self.get_ldb_connection(self.user_with_wp, self.user_pass) self.ldb_user2 = self.get_ldb_connection(self.user_with_pc, self.user_pass) +res = self.ldb_admin.search(CN=Directory Service, CN=Windows NT, CN=Services, + + self.configuration_dn, scope=SCOPE_BASE, attrs=[dSHeuristics]) +if dSHeuristics in res[0]: +self.dsheuristics = res[0][dSHeuristics][0] +else: +self.dsheuristics = None + +res = self.ldb_admin.search(self.base_dn, scope=SCOPE_BASE, attrs=[minPwdAge]) +self.minPwdAge = res[0][minPwdAge][0] + +# Set the dSHeuristics to have the tests run against Windows Server +self.set_dsheuristics(1) +# Set minPwdAge to 0 +self.set_minPwdAge(0) + def tearDown(self): super(AclCARTests, self).tearDown() +#restore original values +self.set_dsheuristics(self.dsheuristics) +self.set_minPwdAge(self.minPwdAge) self.delete_force(self.ldb_admin, self.get_user_dn(self.user_with_wp)) self.delete_force(self.ldb_admin, self.get_user_dn(self.user_with_pc)) @@ -1294,42 +1332,6 @@ if not :// in host: host = ldap://%s; % host ldb = SamDB(host, credentials=creds, session_info=system_session(), lp=lp) -# Gets back the configuration basedn -res = ldb.search(base=, expression=, scope=SCOPE_BASE, - attrs=[configurationNamingContext]) -configuration_dn = res[0][configurationNamingContext][0] - -# Gets back the cbasedn -res = ldb.search(base=, expression=, scope=SCOPE_BASE, - attrs=[defaultNamingContext]) -base_dn = res[0][defaultNamingContext][0] - -# Get the old dSHeuristics if it was set -res = ldb.search(CN=Directory Service, CN=Windows NT, CN=Services, - + configuration_dn, scope=SCOPE_BASE, attrs=[dSHeuristics]) -if dSHeuristics in res[0]: - dsheuristics = res[0][dSHeuristics][0] -else: - dsheuristics = None - -# Set the dSHeuristics to have the tests run against Windows Server -m = Message() -m.dn = Dn(ldb, CN=Directory Service, CN=Windows NT, CN=Services, - + configuration_dn) -m[dSHeuristics] = MessageElement(1, FLAG_MOD_REPLACE, - dSHeuristics) -ldb.modify(m) - -# Get the current minPwdAge -res = ldb.search(base_dn, scope=SCOPE_BASE, attrs=[minPwdAge]) -minPwdAge =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0e31a3a... s3-ldb: fix build warning. from 0b2d965... s4: Reorganized dsHeuristics reset so the code can be reused http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0e31a3af9457ff425efc19f952a4a9d07211e068 Author: Günther Deschner g...@samba.org Date: Tue Jul 13 16:45:52 2010 +0200 s3-ldb: fix build warning. Guenther --- Summary of changes: source3/lib/ldb_compat.c | 45 + 1 files changed, 1 insertions(+), 44 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/ldb_compat.c b/source3/lib/ldb_compat.c index e6e0f08..d3b1266 100644 --- a/source3/lib/ldb_compat.c +++ b/source3/lib/ldb_compat.c @@ -22,6 +22,7 @@ */ #include includes.h +#include lib/ldb_compat.h static struct ldb_parse_tree *ldb_parse_filter(void *mem_ctx, const char **s); @@ -48,50 +49,6 @@ static int ldb_parse_hex2char(const char *x) /* - structures for ldb_parse_tree handling code -*/ -enum ldb_parse_op { LDB_OP_AND=1, LDB_OP_OR=2, LDB_OP_NOT=3, - LDB_OP_EQUALITY=4, LDB_OP_SUBSTRING=5, - LDB_OP_GREATER=6, LDB_OP_LESS=7, LDB_OP_PRESENT=8, - LDB_OP_APPROX=9, LDB_OP_EXTENDED=10 }; - -struct ldb_parse_tree { - enum ldb_parse_op operation; - union { - struct { - struct ldb_parse_tree *child; - } isnot; - struct { - const char *attr; - struct ldb_val value; - } equality; - struct { - const char *attr; - int start_with_wildcard; - int end_with_wildcard; - struct ldb_val **chunks; - } substring; - struct { - const char *attr; - } present; - struct { - const char *attr; - struct ldb_val value; - } comparison; - struct { - const char *attr; - int dnAttributes; - char *rule_id; - struct ldb_val value; - } extended; - struct { - unsigned int num_elements; - struct ldb_parse_tree **elements; - } list; - } u; -}; - -/* decode a RFC2254 binary string representation of a buffer. Used in LDAP filters. */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 53e1586... s3-waf: fix the build. from 0e31a3a... s3-ldb: fix build warning. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 53e1586e2a2c32ad57524343de81f9cff5882b48 Author: Günther Deschner g...@samba.org Date: Tue Jul 13 17:07:49 2010 +0200 s3-waf: fix the build. Guenther --- Summary of changes: source3/wscript_build |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/wscript_build b/source3/wscript_build index e231a41..8f18c3e 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -301,6 +301,7 @@ LIBMSRPC_GEN_SRC = '''../librpc/gen_ndr/cli_lsa.c ../librpc/gen_ndr/cli_epmapper.c ../librpc/gen_ndr/cli_drsuapi.c ../librpc/gen_ndr/cli_spoolss.c + ../librpc/rpc/dcerpc_util.c ${LIBNDR_GEN_SRC} ${RPCCLIENT_NDR_SRC}''' -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5bdb8b4... Revert Remove the global char *LastDir. from 53e1586... s3-waf: fix the build. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5bdb8b472ce9c8072d4ffade4075f9ec17ae3819 Author: Jeremy Allison j...@samba.org Date: Tue Jul 13 09:30:35 2010 -0700 Revert Remove the global char *LastDir. Volker pointed out I'd missed the last directory cache part of this code. Return us to caching the directory we're in (reduces sys call load). Mea maxima culpa. Jeremy. This reverts commit 2f30aea3324f32f9b8555e961256fc1280da2871. --- Summary of changes: source3/smbd/globals.c |1 + source3/smbd/globals.h |1 + source3/smbd/vfs.c | 21 - 3 files changed, 22 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/globals.c b/source3/smbd/globals.c index 5df835d..324d13a 100644 --- a/source3/smbd/globals.c +++ b/source3/smbd/globals.c @@ -105,6 +105,7 @@ int conn_ctx_stack_ndx = 0; struct vfs_init_function_entry *backends = NULL; char *sparse_buf = NULL; +char *LastDir = NULL; /* Current number of oplocks we have outstanding. */ int32_t exclusive_oplocks_open = 0; diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 9d9688f..c618efa 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -115,6 +115,7 @@ extern int conn_ctx_stack_ndx; struct vfs_init_function_entry; extern struct vfs_init_function_entry *backends; extern char *sparse_buf; +extern char *LastDir; /* Current number of oplocks we have outstanding. */ extern int32_t exclusive_oplocks_open; diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 7df51cf..d4e9f02 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -707,7 +707,26 @@ const char *vfs_readdirname(connection_struct *conn, void *p, int vfs_ChDir(connection_struct *conn, const char *path) { - return SMB_VFS_CHDIR(conn,path); + int res; + + if (!LastDir) { + LastDir = SMB_STRDUP(); + } + + if (strcsequal(path,.)) + return(0); + + if (*path == '/' strcsequal(LastDir,path)) + return(0); + + DEBUG(4,(vfs_ChDir to %s\n,path)); + + res = SMB_VFS_CHDIR(conn,path); + if (!res) { + SAFE_FREE(LastDir); + LastDir = SMB_STRDUP(path); + } + return(res); } /*** -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f85167a... s3-winbind: Don't cache queries to builtin and own sam domain. via 57ebc8a... s3-winbind: Set status before we leave in some msrpc functions. from 5bdb8b4... Revert Remove the global char *LastDir. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f85167a161b078b0ffa23598a4a548fb2fd54cbf Author: Andreas Schneider a...@samba.org Date: Tue Jul 13 15:37:13 2010 +0200 s3-winbind: Don't cache queries to builtin and own sam domain. commit 57ebc8af8061e1a81a46300154ac6c4d489b302a Author: Andreas Schneider a...@samba.org Date: Wed Jul 7 14:27:04 2010 +0200 s3-winbind: Set status before we leave in some msrpc functions. --- Summary of changes: source3/winbindd/winbindd_cache.c | 32 +--- source3/winbindd/winbindd_msrpc.c |4 2 files changed, 33 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index a3e202b..631a14d 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -669,6 +669,26 @@ static struct cache_entry *wcache_fetch_raw(char *kstr) return centry; } +static bool is_my_own_sam_domain(struct winbindd_domain *domain) +{ + if (strequal(domain-name, get_global_sam_name()) +sid_equal(domain-sid, get_global_sam_sid())) { + return true; + } + + return false; +} + +static bool is_builtin_domain(struct winbindd_domain *domain) +{ + if (strequal(domain-name, BUILTIN) + sid_equal(domain-sid, global_sid_Builtin)) { + return true; + } + + return false; +} + /* fetch an entry from the cache, with a varargs key. auto-fetch the sequence number and return status @@ -684,7 +704,9 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache, char *kstr; struct cache_entry *centry; - if (!winbindd_use_cache()) { + if (!winbindd_use_cache() || + is_my_own_sam_domain(domain) || + is_builtin_domain(domain)) { return NULL; } @@ -4681,7 +4703,9 @@ bool wcache_fetch_ndr(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, TDB_DATA key, data; bool ret = false; - if (!wcache_opnum_cacheable(opnum)) { + if (!wcache_opnum_cacheable(opnum) || + is_my_own_sam_domain(domain) || + is_builtin_domain(domain)) { return false; } @@ -4737,7 +4761,9 @@ void wcache_store_ndr(struct winbindd_domain *domain, uint32_t opnum, TDB_DATA key, data; uint32_t dom_seqnum, last_check; - if (!wcache_opnum_cacheable(opnum)) { + if (!wcache_opnum_cacheable(opnum) || + is_my_own_sam_domain(domain) || + is_builtin_domain(domain)) { return; } diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 780a675..714e657 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -438,6 +438,8 @@ static NTSTATUS msrpc_query_user(struct winbindd_domain *domain, if ( !winbindd_can_contact_domain( domain ) ) { DEBUG(10,(query_user: No incoming trust for domain %s\n, domain-name)); + /* Tell the cache manager not to remember this one */ + status = NT_STATUS_SYNCHRONIZATION_REQUIRED; goto done; } @@ -562,6 +564,8 @@ static NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, if (!winbindd_can_contact_domain(domain)) { DEBUG(10,(msrpc_lookup_useraliases: No incoming trust for domain %s\n, domain-name)); + /* Tell the cache manager not to remember this one */ + status = NT_STATUS_SYNCHRONIZATION_REQUIRED; goto done; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 80b47fc... s3-libnet: better separate headers. from f85167a... s3-winbind: Don't cache queries to builtin and own sam domain. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 80b47fcb0a73fb97a1b918173a61c55831239a0a Author: Günther Deschner g...@samba.org Date: Fri Jul 2 00:14:04 2010 +0200 s3-libnet: better separate headers. Guenther --- Summary of changes: source3/lib/netapi/joindomain.c |3 +- source3/libnet/libnet.h | 30 --- source3/libnet/libnet_dssync.c |2 +- source3/libnet/libnet_dssync.h |7 +++ source3/libnet/libnet_dssync_keytab.c |5 ++- source3/libnet/libnet_join.c|3 +- source3/libnet/libnet_keytab.c |4 +- source3/libnet/libnet_keytab.h | 18 +++ source3/libnet/libnet_proto.h | 85 --- source3/libnet/libnet_samsync.c |2 +- source3/libnet/libnet_samsync.h | 11 source3/libnet/libnet_samsync_display.c |2 +- source3/libnet/libnet_samsync_keytab.c |2 +- source3/libnet/libnet_samsync_passdb.c |2 +- source3/rpc_server/srv_wkssvc_nt.c |3 +- source3/utils/net.h |1 - source3/utils/net_ads.c |4 ++ source3/utils/net_lookup.c |1 + source3/utils/net_rpc_samsync.c |2 + 19 files changed, 61 insertions(+), 126 deletions(-) delete mode 100644 source3/libnet/libnet.h delete mode 100644 source3/libnet/libnet_proto.h Changeset truncated at 500 lines: diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c index 4936d77..336f9dc 100644 --- a/source3/lib/netapi/joindomain.c +++ b/source3/lib/netapi/joindomain.c @@ -23,7 +23,8 @@ #include lib/netapi/netapi.h #include lib/netapi/netapi_private.h #include lib/netapi/libnetapi.h -#include libnet/libnet.h +#include librpc/gen_ndr/libnet_join.h +#include libnet/libnet_join.h #include libcli/auth/libcli_auth.h #include ../librpc/gen_ndr/cli_wkssvc.h diff --git a/source3/libnet/libnet.h b/source3/libnet/libnet.h deleted file mode 100644 index 86eb9d0..000 --- a/source3/libnet/libnet.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * libnet Support - * Copyright (C) Guenther Deschner 2007 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see http://www.gnu.org/licenses/. - */ - -#ifndef __LIBNET_H__ -#define __LIBNET_H__ - -#include smb_krb5.h -#include libnet/libnet_keytab.h -#include libnet/libnet_samsync.h -#include libnet/libnet_dssync.h -#include librpc/gen_ndr/libnet_join.h -#include libnet/libnet_proto.h - -#endif diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 1a2b1ca..e9a788b 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -21,7 +21,7 @@ #include includes.h -#include libnet/libnet.h +#include libnet/libnet_dssync.h #include ../libcli/drsuapi/drsuapi.h #include ../librpc/gen_ndr/cli_drsuapi.h diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index e05aaa3..91f48f5 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -58,3 +58,10 @@ struct dssync_context { }; extern const struct dssync_ops libnet_dssync_keytab_ops; + +/* The following definitions come from libnet/libnet_dssync.c */ + +NTSTATUS libnet_dssync_init_context(TALLOC_CTX *mem_ctx, + struct dssync_context **ctx_p); +NTSTATUS libnet_dssync(TALLOC_CTX *mem_ctx, + struct dssync_context *ctx); diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index f7f706d..b0c745d 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -19,7 +19,10 @@ */ #include includes.h -#include libnet/libnet.h +#include smb_krb5.h +#include ads.h +#include libnet/libnet_dssync.h +#include libnet/libnet_keytab.h #include librpc/gen_ndr/ndr_drsblobs.h #if defined(HAVE_ADS) defined(ENCTYPE_ARCFOUR_HMAC) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 7fd7259..e2b9179 100644
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7dad325... s3-libnet: add missing header file, sorry. from 80b47fc... s3-libnet: better separate headers. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7dad3251e3a2e672441e8306f5a015dc32019657 Author: Günther Deschner g...@samba.org Date: Tue Jul 13 23:35:25 2010 +0200 s3-libnet: add missing header file, sorry. Guenther --- Summary of changes: source3/libnet/libnet_join.h | 13 + 1 files changed, 13 insertions(+), 0 deletions(-) create mode 100644 source3/libnet/libnet_join.h Changeset truncated at 500 lines: diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h new file mode 100644 index 000..5659828 --- /dev/null +++ b/source3/libnet/libnet_join.h @@ -0,0 +1,13 @@ +/* The following definitions come from libnet/libnet_join.c */ + +NTSTATUS libnet_join_ok(const char *netbios_domain_name, + const char *machine_name, + const char *dc_name); +WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx **r); +WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, +struct libnet_UnjoinCtx **r); +WERROR libnet_Join(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r); +WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, +struct libnet_UnjoinCtx *r); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 14cf257... s4-smbtorture: rename rpc/bind.c to rpc/multi_bind.c. from 7dad325... s3-libnet: add missing header file, sorry. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 14cf257969a1cd793dd69214a6d255722a8a5499 Author: Günther Deschner g...@samba.org Date: Tue Jul 13 23:57:07 2010 +0200 s4-smbtorture: rename rpc/bind.c to rpc/multi_bind.c. Guenther --- Summary of changes: source4/torture/config.mk|2 +- source4/torture/rpc/{bind.c = multi_bind.c} |0 source4/torture/wscript_build|2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename source4/torture/rpc/{bind.c = multi_bind.c} (100%) Changeset truncated at 500 lines: diff --git a/source4/torture/config.mk b/source4/torture/config.mk index 09af078..025834f 100644 --- a/source4/torture/config.mk +++ b/source4/torture/config.mk @@ -128,7 +128,7 @@ torture_rpc_OBJ_FILES = $(addprefix $(torturesrcdir)/rpc/, \ unixinfo.o samr.o samr_accessmask.o wkssvc.o srvsvc.o svcctl.o atsvc.o \ eventlog.o epmapper.o winreg.o initshutdown.o oxidresolve.o remact.o mgmt.o \ scanner.o autoidl.o countcalls.o testjoin.o schannel.o netlogon.o remote_pac.o samlogon.o \ - samsync.o bind.o dssetup.o alter_context.o bench.o samba3rpc.o rpc.o async_bind.o \ + samsync.o multi_bind.o dssetup.o alter_context.o bench.o samba3rpc.o rpc.o async_bind.o \ handles.o frsapi.o object_uuid.o ntsvcs.o browser.o) $(eval $(call proto_header_template,$(torturesrcdir)/rpc/proto.h,$(torture_rpc_OBJ_FILES:.o=.c))) diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/multi_bind.c similarity index 100% rename from source4/torture/rpc/bind.c rename to source4/torture/rpc/multi_bind.c diff --git a/source4/torture/wscript_build b/source4/torture/wscript_build index 05b47e4..bfa8b9b 100644 --- a/source4/torture/wscript_build +++ b/source4/torture/wscript_build @@ -40,7 +40,7 @@ bld.SAMBA_SUBSYSTEM('TORTURE_NDR', bld.SAMBA_MODULE('torture_rpc', - source='rpc/join.c rpc/lsa.c rpc/lsa_lookup.c rpc/session_key.c rpc/echo.c rpc/dfs.c rpc/drsuapi.c rpc/drsuapi_cracknames.c rpc/dssync.c rpc/dsgetinfo.c rpc/spoolss.c rpc/spoolss_notify.c rpc/spoolss_win.c rpc/spoolss_access.c rpc/unixinfo.c rpc/samr.c rpc/samr_accessmask.c rpc/wkssvc.c rpc/srvsvc.c rpc/svcctl.c rpc/atsvc.c rpc/eventlog.c rpc/epmapper.c rpc/winreg.c rpc/initshutdown.c rpc/oxidresolve.c rpc/remact.c rpc/mgmt.c rpc/scanner.c rpc/autoidl.c rpc/countcalls.c rpc/testjoin.c rpc/schannel.c rpc/netlogon.c rpc/remote_pac.c rpc/samlogon.c rpc/samsync.c rpc/bind.c rpc/dssetup.c rpc/alter_context.c rpc/bench.c rpc/samba3rpc.c rpc/rpc.c rpc/async_bind.c rpc/handles.c rpc/frsapi.c rpc/object_uuid.c rpc/ntsvcs.c rpc/browser.c', + source='rpc/join.c rpc/lsa.c rpc/lsa_lookup.c rpc/session_key.c rpc/echo.c rpc/dfs.c rpc/drsuapi.c rpc/drsuapi_cracknames.c rpc/dssync.c rpc/dsgetinfo.c rpc/spoolss.c rpc/spoolss_notify.c rpc/spoolss_win.c rpc/spoolss_access.c rpc/unixinfo.c rpc/samr.c rpc/samr_accessmask.c rpc/wkssvc.c rpc/srvsvc.c rpc/svcctl.c rpc/atsvc.c rpc/eventlog.c rpc/epmapper.c rpc/winreg.c rpc/initshutdown.c rpc/oxidresolve.c rpc/remact.c rpc/mgmt.c rpc/scanner.c rpc/autoidl.c rpc/countcalls.c rpc/testjoin.c rpc/schannel.c rpc/netlogon.c rpc/remote_pac.c rpc/samlogon.c rpc/samsync.c rpc/multi_bind.c rpc/dssetup.c rpc/alter_context.c rpc/bench.c rpc/samba3rpc.c rpc/rpc.c rpc/async_bind.c rpc/handles.c rpc/frsapi.c rpc/object_uuid.c rpc/ntsvcs.c rpc/browser.c', autoproto='rpc/proto.h', subsystem='smbtorture', init_function='torture_rpc_init', -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bfdd85d... s3-selftest: enable RPC-BIND against s3. via 595c5a2... s4-smbtorture: add very simple RPC-BIND testsuite. from 14cf257... s4-smbtorture: rename rpc/bind.c to rpc/multi_bind.c. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bfdd85d4a592fcf95d9cea4f63d86330df62ac58 Author: Günther Deschner g...@samba.org Date: Wed Jul 14 01:32:02 2010 +0200 s3-selftest: enable RPC-BIND against s3. Guenther commit 595c5a2498d0c71731c9d5cee0bfd53746350b9d Author: Günther Deschner g...@samba.org Date: Wed Jul 14 01:31:12 2010 +0200 s4-smbtorture: add very simple RPC-BIND testsuite. Guenther --- Summary of changes: source3/script/tests/test_posix_s3.sh |2 +- source4/torture/config.mk |2 +- source4/torture/rpc/bind.c| 96 + source4/torture/rpc/rpc.c |1 + source4/torture/wscript_build |2 +- 5 files changed, 100 insertions(+), 3 deletions(-) create mode 100644 source4/torture/rpc/bind.c Changeset truncated at 500 lines: diff --git a/source3/script/tests/test_posix_s3.sh b/source3/script/tests/test_posix_s3.sh index 3864b6b..59551d0 100755 --- a/source3/script/tests/test_posix_s3.sh +++ b/source3/script/tests/test_posix_s3.sh @@ -49,7 +49,7 @@ rpc=$rpc RPC-LSA-PRIVILEGES rpc=$rpc RPC-SAMR RPC-SAMR-USERS RPC-SAMR-USERS-PRIVILEGES RPC-SAMR-PASSWORDS rpc=$rpc RPC-SAMR-PASSWORDS-PWDLASTSET RPC-SAMR-LARGE-DC RPC-SAMR-MACHINE-AUTH rpc=$rpc RPC-NETLOGON-S3 RPC-NETLOGON-ADMIN -rpc=$rpc RPC-SCHANNEL RPC-SCHANNEL2 RPC-BENCH-SCHANNEL1 RPC-JOIN +rpc=$rpc RPC-SCHANNEL RPC-SCHANNEL2 RPC-BENCH-SCHANNEL1 RPC-JOIN RPC-BIND local=LOCAL-NSS-WRAPPER LOCAL-NDR diff --git a/source4/torture/config.mk b/source4/torture/config.mk index 025834f..49273d0 100644 --- a/source4/torture/config.mk +++ b/source4/torture/config.mk @@ -129,7 +129,7 @@ torture_rpc_OBJ_FILES = $(addprefix $(torturesrcdir)/rpc/, \ eventlog.o epmapper.o winreg.o initshutdown.o oxidresolve.o remact.o mgmt.o \ scanner.o autoidl.o countcalls.o testjoin.o schannel.o netlogon.o remote_pac.o samlogon.o \ samsync.o multi_bind.o dssetup.o alter_context.o bench.o samba3rpc.o rpc.o async_bind.o \ - handles.o frsapi.o object_uuid.o ntsvcs.o browser.o) + handles.o frsapi.o object_uuid.o ntsvcs.o browser.o bind.o) $(eval $(call proto_header_template,$(torturesrcdir)/rpc/proto.h,$(torture_rpc_OBJ_FILES:.o=.c))) diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c new file mode 100644 index 000..b36e54c --- /dev/null +++ b/source4/torture/rpc/bind.c @@ -0,0 +1,96 @@ +/* + Unix SMB/CIFS implementation. + test suite for rpc bind operations + + Copyright (C) Guenther Deschner 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include includes.h +#include torture/rpc/torture_rpc.h +#include librpc/gen_ndr/ndr_lsa_c.h +#include lib/cmdline/popt_common.h + +static bool test_openpolicy(struct torture_context *tctx, + struct dcerpc_pipe *p) +{ + struct dcerpc_binding_handle *b = p-binding_handle; + struct policy_handle *handle; + + torture_assert(tctx, + test_lsa_OpenPolicy2(b, tctx, handle), + failed to open policy); + + torture_assert(tctx, + test_lsa_Close(b, tctx, handle), + failed to close policy); + + return true; +} + +static bool test_bind(struct torture_context *tctx, + const void *private_data) +{ + struct dcerpc_binding *binding; + struct dcerpc_pipe *p; + const uint32_t *flags = (const uint32_t *)private_data; + + torture_assert_ntstatus_ok(tctx, + torture_rpc_binding(tctx, binding), + failed to parse binding string); + + binding-flags |= *flags; + + torture_assert_ntstatus_ok(tctx, + dcerpc_pipe_connect_b(tctx, p, binding, + ndr_table_lsarpc, + cmdline_credentials, +