Re: [Samba] Changing password on unix client joined to AD
Lorenzo Milesi wrote: - Messaggio originale - GDM not support this feature: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/114620 if you want, you can hack gdm) This sounds strange, because Googling around I found some infos about GDM allowing password change... I don't know if this could be a problem of the new GDM or what... oh sorry, I was inattentive. mb this can fix problem: echo auth required pam_deny.so/etc/pam.d/common-auth echo password required pam_deny.so/etc/pam.d/common-password ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Changing password on unix client joined to AD
k.maksimov wrote: Lorenzo Milesi wrote: - Messaggio originale - GDM not support this feature: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/114620 if you want, you can hack gdm) This sounds strange, because Googling around I found some infos about GDM allowing password change... I don't know if this could be a problem of the new GDM or what... oh sorry, I was inattentive. mb this can fix problem: echo auth required pam_deny.so/etc/pam.d/common-auth echo password required pam_deny.so/etc/pam.d/common-password ? sorry, s/required/requisite/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
Gilles ha scritto: On Wed, 28 Jul 2010 17:44:49 +0200, Nico De Ranter n...@sonycom.com wrote: I believe testparm will skip any attribute with default values. Thanks for the tip. That's not the cause of the issue then :-/ At this point, I can finally get XP to show shared folders if I first try to connect to them blindly through Run \\srv\share. There were a few things I noticed along the way: - restart smbd works, but restart nmbd doesn't. OTOH, /etc/init.d/smbd restart works... and /etc/init.d/nmbd restart as well. Go figure A samba init script should take care of restarting both services IMHO, because they're really supposed to go together. Therefore it's not strange that they ported to upstart only the main init.d script (the one referring to smbd). That's all IMHO, of course. - apparently, we must remove package libpam-smbpass, and install smbfs and winbind AFAIKT, smbfs is needed only if you want to mount samba shares, i.e. for using the linux system as a samba *client*, not server. I'm not 100% sure, though. Regarding winbind, I find it strange that it didn't get installed along with the rest of samba... - /etc/nsswitch.conf requires adding wins to hosts - I added the following to a share, with no idea if they're really needed: [share] [...] available = yes public = yes writable = yes Thank you. Don't know about available param, but public and writable shouldn't affect visibility of the server in windows neighborhood. -- Marcello Romani -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does anybody use idmap_adex?
On Wed, 2010-07-28 at 17:48 +0200, Michael Adam wrote: Hi Nico, Nico De Ranter wrote: Actually I was just about to start using it. Guess I shouldn't? I'm looking for a solution to integrate an existing linux environment into a Windows AD environment. I already added all rc2307 info on the AD server. Now I need a way for the linux systems to fetch the username, uid, gif, shell and homedir from AD. Using LDAP directly is not an option as I can't do anonymous binds so that would require a hardcoded AD user and password on all systems (correct me if I'm wrong) According to the man pages it looks like idmap_adex will do exactly what I want. However I haven't been able to get it to work. Will idmap_adex disappear (if so, I won't invest anymore time in it)? Is there another way I can do this? The older ad idmap and nss backend is there. (man idmap_ad) This is also maintained. I guess this would also suit your needs. Judging by the man page and the comments I found on-line this will only do uid/gid. I need to retrieve the shell and homedirectory from AD too. Nico -- With kind regards Nico De Ranter Senior System Administrator Techsoft Centre Technology and Software Centre Europe The Corporate Village - Da Vincilaan 7-D1 - B-1935 Zaventem - Belgium Phone:+32 (0)2 700 8641 Fax: +32 (0)2 700 8622 E-mail:nico.deran...@eu.sony.com A division of Sony Europe (Belgium) N.V. VAT BE 0413.825.160 - RPR Brussels Fortis - BIC GEBABEBB - IBAN BE41293037680010 The information contained in this message or any of its attachments may be confidential and is intended for the exclusive use of the addressee(s). Any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited without the express permission of the sender. The views expressed in this email are those of the individual and not necessarily those of Sony or Sony affiliated companies. Sony email is for business use only. This email and any response may be monitored by Sony to be in compliance with Sony's global policies and standards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2008 R2 Failover Clustering using Samba 4 AD
Hello, Setting up a virt Centos Box on Hyper-V is easy, working on the fly. I myself try to do the same only with real machines. One node already running with samba 4 AD alpha 12. The test adding new users And group policies are all well and done. My Howto in the list: HOWTO centOS 5.5 samba4 dns dynamic update The second step will be building the second node witch ads replication on behalf of a second centos 5.5 box. Greetings --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Aggarwal, Ajay Gesendet: Mittwoch, 28. Juli 2010 17:19 An: samba@lists.samba.org Betreff: [Samba] 2008 R2 Failover Clustering using Samba 4 AD I am trying to see if Hyper-V 2008 R2 Failover Clustering will work with Samba 4 as the Active Directory server. Have installed Samba 4 (version alpha12) on CentOS 5.4. Anybody else tried this before? Please share your experiences here. Thanks, Ajay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
On Thu, 29 Jul 2010 08:55:16 +0200, Marcello Romani mrom...@ottotecnica.com wrote: A samba init script should take care of restarting both services IMHO, because they're really supposed to go together. Therefore it's not strange that they ported to upstart only the main init.d script (the one referring to smbd). That's all IMHO, of course. That's also what I thought, but /etc/init.d/ contains two separate scripts (smbd and nmbd; no trace of samba, as specified in the Ubuntu documentation www.tinyurl.com/ubuntu-samba-doc), and since since I couldn't see the shares from Windows, I figured I might have to launch both separately. /etc/init.d/smbd doesn't seem to launch nmbd, but I'm no shell expert: http://pastebin.com/fJB89Uc8 AFAIKT, smbfs is needed only if you want to mount samba shares, i.e. for using the linux system as a samba *client*, not server. I'm not 100% sure, though. Regarding winbind, I find it strange that it didn't get installed along with the rest of samba... The problem is that I couldn't find an up-to-date documentation that would say precisely what needs to be installed in Ubuntu and show a very basic smb.conf that would work. Docs either assume people will just append their stuff to the big default smb.conf... and somehow figure out what packages need to be installed. Don't know about available param, but public and writable shouldn't affect visibility of the server in windows neighborhood. I added those because I saw them in some documentation... but at this point, I'm clueless at what packages are really needed, and what needs to be done in smb.conf to share a writable folder. Actually, I'm seeing something funny... but this is for another thread. Thank you all for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does anybody use idmap_adex?
Hi Tobias, do you store your users' homedirectory and shell in AD? I tought idmap_ad couldn't do that? (will have another look) Nico On Wed, 2010-07-28 at 23:39 +0200, Mucke, Tobias, FCI4 wrote: Hi, Actually I am using the Backend Idmap_AD. I thought Idmap_adex is still under heavy development. Tobias Mit freundlichen Grüßen Tobias Mucke -- With kind regards Nico De Ranter Senior System Administrator Techsoft Centre Technology and Software Centre Europe The Corporate Village - Da Vincilaan 7-D1 - B-1935 Zaventem - Belgium Phone:+32 (0)2 700 8641 Fax: +32 (0)2 700 8622 E-mail:nico.deran...@eu.sony.com A division of Sony Europe (Belgium) N.V. VAT BE 0413.825.160 - RPR Brussels Fortis - BIC GEBABEBB - IBAN BE41293037680010 The information contained in this message or any of its attachments may be confidential and is intended for the exclusive use of the addressee(s). Any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited without the express permission of the sender. The views expressed in this email are those of the individual and not necessarily those of Sony or Sony affiliated companies. Sony email is for business use only. This email and any response may be monitored by Sony to be in compliance with Sony's global policies and standards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Purging Windows cache after NetBIOS namechange?
Hello XP(SP3) seems to take a long time to update its list of shares after changing the NetBIOS name used in Samba (eg. going from LINUX to UBUNTU). Is there a command in Windows that can purge the data, and perform a new broadcast/WINS call to get the list of hosts and shares? Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does anybody use idmap_adex?
Hi Nico, Yes shell, home, geco are all stored in AD and can be retrieved by idmap_ad. I have looked that up in the header files and it works for me. Tobias Mit freundlichen Grüßen Tobias Mucke LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 Message sent from handheld via BlackBerry Server. - Originalnachricht - Von: Nico De Ranter n...@sonycom.com An: Mucke, Tobias, FCI4 Cc: sa...@samba.org sa...@samba.org Gesendet: Thu Jul 29 09:50:57 2010 Betreff: Re: [Samba] Does anybody use idmap_adex? Hi Tobias, do you store your users' homedirectory and shell in AD? I tought idmap_ad couldn't do that? (will have another look) Nico On Wed, 2010-07-28 at 23:39 +0200, Mucke, Tobias, FCI4 wrote: Hi, Actually I am using the Backend Idmap_AD. I thought Idmap_adex is still under heavy development. Tobias Mit freundlichen Grüßen Tobias Mucke -- With kind regards Nico De Ranter Senior System Administrator Techsoft Centre Technology and Software Centre Europe The Corporate Village - Da Vincilaan 7-D1 - B-1935 Zaventem - Belgium Phone:+32 (0)2 700 8641 Fax: +32 (0)2 700 8622 E-mail:nico.deran...@eu.sony.com A division of Sony Europe (Belgium) N.V. VAT BE 0413.825.160 - RPR Brussels Fortis - BIC GEBABEBB - IBAN BE41293037680010 The information contained in this message or any of its attachments may be confidential and is intended for the exclusive use of the addressee(s). Any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited without the express permission of the sender. The views expressed in this email are those of the individual and not necessarily those of Sony or Sony affiliated companies. Sony email is for business use only. This email and any response may be monitored by Sony to be in compliance with Sony's global policies and standards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
On Wed, 28 Jul 2010 18:20:36 +0200, Christian PERRIER bubu...@debian.org wrote: I advice against messing up with browsing parameters without knwoing exactly what you're doing... Better increase the log level (try log level = 3) and log at /var/log/samba/log.nmbd Thanks for the tip. It is. This is the Ubuntu package and It Works(tm)..:-) Apparently, not that well ;-) http://ubuntuforums.org/showthread.php?t=1468111 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Purging Windows cache after NetBIOS namechange?
On Thu, 29 Jul 2010 10:31:58 +0200, Gilles gilles.gana...@free.fr wrote: XP(SP3) seems to take a long time to update its list of shares after changing the NetBIOS name used in Samba (eg. going from LINUX to UBUNTU). Apparently, it's not a cache issue but something else. In smb.conf, after adding log level = 3, /var/log/samba/log.nmbd says that Samba adds both (previous NetBIOS name) LINUX and (current name) UBUNTU: [2010/07/29 10:47:42, 0] nmbd/nmbd.c:854(main) nmbd version 3.4.7 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [...] add_name_to_subnet: Added netbios name UBUNTU03 with first IP 192.168.0.8 ttl=258293 nb_flags=66 to subnet WINS_SERVER_SUBNET [2010/07/29 10:47:42, 3] nmbd/nmbd_namelistdb.c:250(add_name_to_subnet) add_name_to_subnet: Added netbios name UBUNTU20 with first IP 192.168.0.8 ttl=258293 nb_flags=66 to subnet WINS_SERVER_SUBNET [2010/07/29 10:47:42, 3] nmbd/nmbd_namelistdb.c:250(add_name_to_subnet) add_name_to_subnet: Added netbios name LINUX00 with first IP 192.168.0.8 ttl=256220 nb_flags=66 to subnet WINS_SERVER_SUBNET [2010/07/29 10:47:42, 3] nmbd/nmbd_namelistdb.c:250(add_name_to_subnet) add_name_to_subnet: Added netbios name WORKGROUP00 with first IP 0.0.0.0 ttl=258293 nb_flags=e4 to subnet WINS_SERVER_SUBNET [2010/07/29 10:47:42, 3] nmbd/nmbd_namelistdb.c:250(add_name_to_subnet) add_name_to_subnet: Added netbios name UBUNTU00 with first IP 192.168.0.8 ttl=258293 nb_flags=66 to subnet WINS_SERVER_SUBNET [2010/07/29 10:47:42, 3] nmbd/nmbd_namelistdb.c:250(add_name_to_subnet) add_name_to_subnet: Added netbios name LINUX03 with first IP 192.168.0.8 ttl=256220 nb_flags=66 to subnet WINS_SERVER_SUBNET [2010/07/29 10:47:42, 3] nmbd/nmbd_namelistdb.c:250(add_name_to_subnet) add_name_to_subnet: Added netbios name WORKGROUP1e with first IP 0.0.0.0 ttl=258293 nb_flags=e4 to subnet WINS_SERVER_SUBNET [2010/07/29 10:47:42, 3] nmbd/nmbd_namelistdb.c:250(add_name_to_subnet) add_name_to_subnet: Added netbios name LINUX20 with first IP 192.168.0.8 ttl=256220 nb_flags=66 to subnet WINS_SERVER_SUBNET Why does it add LINUX, although it's not mentionned in /etc/samba/smb.conf? Here's smb.conf: [global] workgroup = WORKGROUP ;investigating netbios name = LINUX netbios name = UBUNTU server string = Samba Server %v security = user guest account = nobody dns proxy = no wins support = yes remote announce = 192.168.0.255 log level = 3 Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
Gilles ha scritto: On Thu, 29 Jul 2010 08:55:16 +0200, Marcello Romani mrom...@ottotecnica.com wrote: A samba init script should take care of restarting both services IMHO, because they're really supposed to go together. Therefore it's not strange that they ported to upstart only the main init.d script (the one referring to smbd). That's all IMHO, of course. That's also what I thought, but /etc/init.d/ contains two separate scripts (smbd and nmbd; no trace of samba, as specified in the Ubuntu documentation www.tinyurl.com/ubuntu-samba-doc), and since since I couldn't see the shares from Windows, I figured I might have to launch both separately. /etc/init.d/smbd doesn't seem to launch nmbd, but I'm no shell expert: http://pastebin.com/fJB89Uc8 Yes, it seems to care only about the process name it's been given, smbd in this case. I havent studied upstart so it might also be possible that somewhere in its configuration it's specified that smbd goes along with nmbd. But that's just useless speculation... Tha strange thing is, on my Ubuntu 9.10 desktop machine I have /etc/init.d/samba Go figure... AFAIKT, smbfs is needed only if you want to mount samba shares, i.e. for using the linux system as a samba *client*, not server. I'm not 100% sure, though. Regarding winbind, I find it strange that it didn't get installed along with the rest of samba... The problem is that I couldn't find an up-to-date documentation that would say precisely what needs to be installed in Ubuntu and show a very basic smb.conf that would work. Docs either assume people will just append their stuff to the big default smb.conf... and somehow figure out what packages need to be installed. I usually do something similar to aptitude search samba and install what seems to be the main package, which hopefully will pull all the required dependencies. Then I install the -doc package, which tipically contains the up-to-date docs. But I'm sure you already know that :-) Don't know about available param, but public and writable shouldn't affect visibility of the server in windows neighborhood. I added those because I saw them in some documentation... but at this point, I'm clueless at what packages are really needed, and what needs to be done in smb.conf to share a writable folder. maybe add guest ok = yes Actually, I'm seeing something funny... but this is for another thread. Thank you all for your help. Well I think I'll stop here as I don't have ubuntu server at hand. I hope I've been of some help. Good luck. -- Marcello Romani -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
On Thu, 29 Jul 2010 11:30:20 +0200, Marcello Romani mrom...@ottotecnica.com wrote: Yes, it seems to care only about the process name it's been given, smbd in this case. I havent studied upstart so it might also be possible that somewhere in its configuration it's specified that smbd goes along with nmbd. But that's just useless speculation... Tha strange thing is, on my Ubuntu 9.10 desktop machine I have /etc/init.d/samba Go figure... As to why whoever is in charge (if any...) of the Samba packages for Ubuntu decide it was a good idea to do this... Updating the official documentation on the Ubuntu site should be a requirement when making any such change. Thanks a lot for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does anybody use idmap_adex?
Doh, you are right, it works with ad. Sigh, wasted a lot of time trying to get adex working :-). Strange thing is: 'getent passwd' gives me the correct list of all users with proper uid/gid/homedir/shell, however 'getent passwd username' doesn't and I can't log on using that user. I guess this would be a pam issue? Nico On Thu, 2010-07-29 at 10:41 +0200, Mucke, Tobias, FCI4 wrote: Hi Nico, Yes shell, home, geco are all stored in AD and can be retrieved by idmap_ad. I have looked that up in the header files and it works for me. Tobias Mit freundlichen Grüßen Tobias Mucke -- With kind regards Nico De Ranter Senior System Administrator Techsoft Centre Technology and Software Centre Europe The Corporate Village - Da Vincilaan 7-D1 - B-1935 Zaventem - Belgium Phone:+32 (0)2 700 8641 Fax: +32 (0)2 700 8622 E-mail:nico.deran...@eu.sony.com A division of Sony Europe (Belgium) N.V. VAT BE 0413.825.160 - RPR Brussels Fortis - BIC GEBABEBB - IBAN BE41293037680010 The information contained in this message or any of its attachments may be confidential and is intended for the exclusive use of the addressee(s). Any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited without the express permission of the sender. The views expressed in this email are those of the individual and not necessarily those of Sony or Sony affiliated companies. Sony email is for business use only. This email and any response may be monitored by Sony to be in compliance with Sony's global policies and standards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
Quoting Gilles (gilles.gana...@free.fr): It is. This is the Ubuntu package and It Works(tm)..:-) Apparently, not that well ;-) http://ubuntuforums.org/showthread.php?t=1468111 Ah, this upstart thing*that* is a Ubuntu change to the Debian package. Not my responsibility, then..:-) (at least until we adopt upstrat in Debian) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
On Thu, 29 Jul 2010 06:49:44 -0400, Christian PERRIER bubu...@debian.org wrote: Ah, this upstart thing*that* is a Ubuntu change to the Debian package. Not my responsibility, then..:-) (at least until we adopt upstrat in Debian) So what's the correct way on Ubuntu 10.04 to (re)start Samba, including smbd and nmbd? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
The correct way to restart the smbd and nmbd in Ubuntu 10.04 is sudo service smbd restart sudo service nmbd restart -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Gilles Sent: 29 July 2010 12:09 To: samba@lists.samba.org Subject: Re: [Samba] [Ubuntu 10.04] Share not visible from XP? On Thu, 29 Jul 2010 06:49:44 -0400, Christian PERRIER bubu...@debian.org wrote: Ah, this upstart thing*that* is a Ubuntu change to the Debian package. Not my responsibility, then..:-) (at least until we adopt upstrat in Debian) So what's the correct way on Ubuntu 10.04 to (re)start Samba, including smbd and nmbd? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
On Thu, 29 Jul 2010 12:23:41 +0100, Adam Stirk adam.st...@brantano.co.uk wrote: The correct way to restart the smbd and nmbd in Ubuntu 10.04 is sudo service smbd restart sudo service nmbd restart Thanks Adam. I read somewhere on the Net that calling restart on a non-running process triggers an error. Can you confirm? Also, does the order in which we (re)start smbd and nmbd matter? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
Hallo, Gilles, Du meintest am 29.07.10: So what's the correct way on Ubuntu 10.04 to (re)start Samba, including smbd and nmbd? If the daemons run and only need to re-read the smb.conf: killall -HUP smbd killall -HUP nmbd on Linux machines. I know - there are some Unix machines beyond Linux where killall does work in a slightly other way than on Linux. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
On Thu, Jul 29, 2010 at 8:48 AM, Helmut Hullen hul...@t-online.de wrote: Hallo, Gilles, Du meintest am 29.07.10: So what's the correct way on Ubuntu 10.04 to (re)start Samba, including smbd and nmbd? If the daemons run and only need to re-read the smb.conf: killall -HUP smbd killall -HUP nmbd on Linux machines. I think that on ubuntu you could user just /etc/init.d/samba reload -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
On Thu, 29 Jul 2010 08:58:23 -0300, Leonardo Carneiro chesterma...@gmail.com wrote: I think that on ubuntu you could user just /etc/init.d/samba reload Right... but that was until recently, while the latest Samba package is different ;-) # /etc/init.d/samba restart -su: /etc/init.d/samba: No such file or directory # /etc/init.d/nmbd restart Rather than invoking init scripts through /etc/init.d, use the service(8) utility, e.g. service nmbd restart Since the script you are attempting to invoke has been converted to an Upstart job, you may also use the restart(8) utility, e.g. restart nmbd nmbd start/running, process 1932 # /etc/init.d/smbd restart Rather than invoking init scripts through /etc/init.d, use the service(8) utility, e.g. service smbd restart Since the script you are attempting to invoke has been converted to an Upstart job, you may also use the restart(8) utility, e.g. restart smbd smbd start/running, process 1941 So it looks like the right way is # restart nmbd nmbd start/running, process 1951 # restart smbd smbd start/running, process 1955 It'd be easier to add restart samba which would take care of both smbd and nmbd. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba] DNS update failed!
В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov написал: В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал: Alexander R. Fahrutdinov wrote: В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал: Anton wrote: On 28 July 2010 01:45, k.maksimov k.maksi...@butb.by wrote: I have two networks: 192.168.1.0 with netmask 255.255.255.0 and 172.16.0.0 with netmask 255.255.254.0, when I join in domain in first network hostname registered successfully, but in second network: sudo net ads join -U admin Enter admin's password: Using short domain name -- BUTB Joined 'TH-2-011' to realm 'butb.by' DNS update failed! As far as I can tell (I'm not entirely certain though) this is an Active Directory / Windows Server configuration issue around loosening permissions enough for the DHCP service to update the DNS records. I don't know exactly what settings need to be configured though, as I didn't manage to get it working either. In the end I decided to keep the standard security and just use static IPs and DNS records for winbind machines. I'm use static IP and I haven't DHCP. and this problem not an AD: Windows machines successfully update DNS. also I have ~200 machines and I can't add every DNS record manually. It seems, secure DNS update has broken in samba. I tried to use different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got an error during DNS update, in spite of wbinfo -t and net ads info commands output was OK. Secure DNS update via nss-update script has sucssefully completed, but it requires a domain admin creditionals. Guys from http://rc.quest.com/topics/ddns/old.php create a patch for nss- update and GSSAPI library to use machine account instead admin one, but I don't try this. So, I don't promise to disable the secure DNS update, because it decrease AD security. Perghaps, somebody tell us, what we doing wrong? Earlier I tested DNS update on samba package included in Debian Etch, Lenny and testing Debian branch. Now I download CentOS distribution and try to update DNS via net ads dns register -P command. I'm surprised when command reports Successfully registered hostname with DNS with samba 3.0.33 and 3.5.4 versions. So, it isn't samba problem, but problem of specific distribution. And what's your distribution? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Purging Windows cache after NetBIOS namechange?
On Thu, 29 Jul 2010 11:02:05 +0200, Gilles gilles.gana...@free.fr wrote: Apparently, it's not a cache issue but something else. No matter how long I wait after changing Samba's NetBIOS name and restarting nmbd/smbd, XP still shows both names: http://img32.imageshack.us/img32/782/sambanetbiosnamenotupda.jpg I know it looks like an XP browsing issue, not Samba's fault, but if someone's already experienced this and knows what to do, I'm all ears. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Ubuntu 10.04] Share not visible from XP?
On Thu, Jul 29, 2010 at 9:07 AM, Gilles gilles.gana...@free.fr wrote: On Thu, 29 Jul 2010 08:58:23 -0300, Leonardo Carneiro chesterma...@gmail.com wrote: I think that on ubuntu you could user just /etc/init.d/samba reload Right... but that was until recently, while the latest Samba package is different ;-) # /etc/init.d/samba restart -su: /etc/init.d/samba: No such file or directory # /etc/init.d/nmbd restart Rather than invoking init scripts through /etc/init.d, use the service(8) utility, e.g. service nmbd restart Since the script you are attempting to invoke has been converted to an Upstart job, you may also use the restart(8) utility, e.g. restart nmbd nmbd start/running, process 1932 # /etc/init.d/smbd restart Rather than invoking init scripts through /etc/init.d, use the service(8) utility, e.g. service smbd restart Since the script you are attempting to invoke has been converted to an Upstart job, you may also use the restart(8) utility, e.g. restart smbd smbd start/running, process 1941 So it looks like the right way is # restart nmbd nmbd start/running, process 1951 # restart smbd smbd start/running, process 1955 It'd be easier to add restart samba which would take care of both smbd and nmbd. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba UU, tks for the info Gilles, i was not aware of this change at all. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba] DNS update failed!
Alexander R. Fahrutdinov wrote: В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov написал: В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал: Alexander R. Fahrutdinov wrote: В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал: Anton wrote: On 28 July 2010 01:45, k.maksimov k.maksi...@butb.by wrote: I have two networks: 192.168.1.0 with netmask 255.255.255.0 and 172.16.0.0 with netmask 255.255.254.0, when I join in domain in first network hostname registered successfully, but in second network: sudo net ads join -U admin Enter admin's password: Using short domain name -- BUTB Joined 'TH-2-011' to realm 'butb.by' DNS update failed! As far as I can tell (I'm not entirely certain though) this is an Active Directory / Windows Server configuration issue around loosening permissions enough for the DHCP service to update the DNS records. I don't know exactly what settings need to be configured though, as I didn't manage to get it working either. In the end I decided to keep the standard security and just use static IPs and DNS records for winbind machines. I'm use static IP and I haven't DHCP. and this problem not an AD: Windows machines successfully update DNS. also I have ~200 machines and I can't add every DNS record manually. It seems, secure DNS update has broken in samba. I tried to use different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got an error during DNS update, in spite of wbinfo -t and net ads info commands output was OK. Secure DNS update via nss-update script has sucssefully completed, but it requires a domain admin creditionals. Guys from http://rc.quest.com/topics/ddns/old.php create a patch for nss- update and GSSAPI library to use machine account instead admin one, but I don't try this. So, I don't promise to disable the secure DNS update, because it decrease AD security. Perghaps, somebody tell us, what we doing wrong? Earlier I tested DNS update on samba package included in Debian Etch, Lenny and testing Debian branch. Now I download CentOS distribution and try to update DNS via net ads dns register -P command. I'm surprised when command reports Successfully registered hostname with DNS with samba 3.0.33 and 3.5.4 versions. So, it isn't samba problem, but problem of specific distribution. And what's your distribution? I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in network 192.168.1.0/24 dns updated successfully via net ads dns register -P. So, it's samba problem:) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2008 R2 Failover Clustering using Samba 4 AD
Hi Daniel, Yes saw your notes on how to make DNS dynamic updates work on centos 5.5. I am in the process of trying your suggestions. One additional problem I ran into was package python-dns was required too... which I had to manually download. But I don't think dynamic DNS updates are holding up my testing of making Hyper-V 2008 R2 failover clustering work with Samba 4 Active Directory. Here I am running into some issues which seems to be Samba 4 AD related and I was wondering if anybody else here in this list has tried to use Samba 4 AD with Hyper-v 2008 R2 Failover Clustering before... -Ajay -Original Message- From: Daniel Müller [mailto:muel...@tropenklinik.de] Sent: Thursday, July 29, 2010 3:49 AM To: Aggarwal, Ajay; samba@lists.samba.org Subject: AW: [Samba] 2008 R2 Failover Clustering using Samba 4 AD Hello, Setting up a virt Centos Box on Hyper-V is easy, working on the fly. I myself try to do the same only with real machines. One node already running with samba 4 AD alpha 12. The test adding new users And group policies are all well and done. My Howto in the list: HOWTO centOS 5.5 samba4 dns dynamic update The second step will be building the second node witch ads replication on behalf of a second centos 5.5 box. Greetings --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Aggarwal, Ajay Gesendet: Mittwoch, 28. Juli 2010 17:19 An: samba@lists.samba.org Betreff: [Samba] 2008 R2 Failover Clustering using Samba 4 AD I am trying to see if Hyper-V 2008 R2 Failover Clustering will work with Samba 4 as the Active Directory server. Have installed Samba 4 (version alpha12) on CentOS 5.4. Anybody else tried this before? Please share your experiences here. Thanks, Ajay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] printer Advanced tab grayed
Hello, I would like to upload windows printer driver to my Samba through the printer Advanced tab as described in that doc http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#id2582657 but this tab is totally grayed. I can imagine it's a permission issue but I'm not sure at all. Any idea, Frederic -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [SAMBA] Problem connecting Computer to network
I am trying to attempt to set up a samba ldap PDC server.
When I try and connect a computer to the network I get error 'Username could
not be found'
I have included smbldap.conf ##smbldap.conf
slapd.conf ##slapd.conf
the smb.conf ##smb.conf
the results of slapcat ##slapcat
the eriror log for log.roor ##log.root
The error I marked as interesting ##interesting , shows that it can't create
the user or maybe something else. But up until that time there didn't seem
to be a problem.
##smbldap.conf
SID=S-1-5-21-2244683438-1300233924-2635510394
sambaDomain=internaltest
slaveLDAP=127.0.0.1
slavePort=389
masterLDAP=127.0.0.1
masterPort=389
ldapTLS=0
ldapSSL=0
verify=none
cafile=/etc/smbldap-tools/ca.pem
clientcert=/etc/smbldap-tools/smbldap-tools.iallanis.info.pem
clientkey=/etc/smbldap-tools/smbldap-tools.iallanis.info.key
suffix=dc=internaltest
usersdn=ou=Users,${suffix}
computersdn=ou=Computers,${suffix}
groupsdn=ou=Groups,${suffix}
idmapdn=ou=Idmap,${suffix}
sambaUnixIdPooldn=sambaDomainName=${sambaDomain},${suffix}
scope=sub
hash_encrypt=SSHA
crypt_salt_format=%s
userLoginShell=/bin/bash
userHome=/home/%U
userHomeDirectoryMode=700
userGecos=System User
defaultUserGid=513
defaultComputerGid=515
skeletonDir=/etc/skel
defaultMaxPasswordAge=45
userSmbHome=\\PDC-TEST2\%U
userProfile=\\PDC-TEST2\profiles\%U
userHomeDrive=H:
userScript=logon.bat
mailDomain=internaltest.com
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
##slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix dc=internaltest
rootdn cn=Manager,dc=internaltest
rootpw {SSHA}a7kYChHl9wXQKkJJYJ+JRLi/4EE2PH+B
password-hash {SSHA}
directory /var/lib/ldap
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass pres,eq
index default sub
##smb.conf
# Global parameters
[global]
workgroup = internaltest
netbios name = PDC-TEST2
#security = DOMAIN
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
#min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
unix password sync = no
ldap passwd sync = yes
# method 2:
#unix password sync = no
#ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = Changing *\nNew password* %n\n *Retype new
password* %n\n
log level = 3
syslog = 0
log file = /var/log/samba/log.%U
max log size = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
SO_KEEPALIVE
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
# passdb backend = ldapsam:ldap://ldap1.company.com ldap://
ldap2.company.com
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=internaltest
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 1-2
idmap gid = 1-2
winbind trusted domains only = Yes
ldap admin dn = cn=Manager,dc=internaltest
ldap suffix = dc=internaltest
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m %u
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel %u
add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
#delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u
%g
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
# printers configuration
#printer admin = @Print Operators
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
ldap ssl = off
nt acl support = yes
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest
Re: [Samba] Does anybody use idmap_adex?
On 29 July 2010 12:00, Nico De Ranter n...@sonycom.com wrote: Doh, you are right, it works with ad. Sigh, wasted a lot of time trying to get adex working :-). Strange thing is: 'getent passwd' gives me the correct list of all users with proper uid/gid/homedir/shell, however 'getent passwd username' doesn't and I can't log on using that user. I guess this would be a pam issue? NSS, not PAM. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] i/o error
I am trying to mount a share from samba 3.0.34 server and am getting the following error: --- mount -t cifs -o username=pprad...@mydomain.edu //x.x.5.197/ppradhan /mnt/ Password: mount error(5): Input/output error Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) --- however, if I use windows XP machine to mount the share I can do it without any problem but can't do it my linux and macosx client using CLI Any ideas? Thanks! Paras. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Kerberos: Principal may not act as server ERROR
Our environment: samba4 (alpha12) running on centos 5.4. We are experimenting with Hyper-V 2008 R2 Failover Clustering, which requires Active Directory. We are trying to see if samba-4 will work as the AD server. We are trying to create 2 node failover cluster. Both nodes have joined the domain successfully (with samba-4 as the DC). But subsequent steps of creating the Failover Cluster are failing and we see following error in samba log Kerberos: TGS-REQ administra...@sambalime.stratus.com from ipv4:10.90.0.87:49614 for administra...@sambalime.stratus.com [canonicalize, renewable, forwardable] Kerberos: Principal may not act as server -- administra...@sambalime.stratus.com Kerberos: Failed building TGS-REP to ipv4:10.90.0.87:49614 Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Is something wrong with our configuration (smb.conf)? -Ajay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba server running in AD domain, local users can still access share
If you're running winbind, something like the following should work: valid users = DOMAIN\user1, @DOMAIN\group1 Dale On 07/29/2010 12:38 AM, David Roid wrote: Hello all, I have a Samba 3.5 server running in an AD domain and domain users can access nonpublic shares with their credentials. Good since this is what I want. However accidentally I found that local users (of the server itself) could also access nonpublic shares with their credentials. Is this a bug or Samba works this way, accepting both local and domain users? Is there anyway I can make the server just dedicates to AD domain users? Thanks and Regards David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] printer Advanced tab grayed
See SePrintOperatorPrivilege in: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html Dale On 07/29/2010 9:35 AM, Frédéric SOSSON wrote: Hello, I would like to upload windows printer driver to my Samba through the printer Advanced tab as described in that doc http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#id2582657 but this tab is totally grayed. I can imagine it's a permission issue but I'm not sure at all. Any idea, Frederic -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SAMBA] Problem connecting Computer to network
When you try to join a computer to the network, you mean you are trying
to join a Windows PC (e.g. XP Pro) to the domain? Or you are trying to
join the PDC machine to the domain?
I would guess you need to manually create the PDC's unix account, even
if samba is going to create the other unix accounts for you. (I don't
have samba do this myself.) Does getent passwd show the accounts for
your PDC and other computers? If you manually create the unix account
for a computer, is it able to join the domain?
On 07/29/2010 11:10 AM, Clark Johnston wrote:
I am trying to attempt to set up a samba ldap PDC server.
When I try and connect a computer to the network I get error 'Username could
not be found'
I have included smbldap.conf ##smbldap.conf
slapd.conf ##slapd.conf
the smb.conf ##smb.conf
the results of slapcat ##slapcat
the eriror log for log.roor ##log.root
The error I marked as interesting ##interesting , shows that it can't create
the user or maybe something else. But up until that time there didn't seem
to be a problem.
##smbldap.conf
SID=S-1-5-21-2244683438-1300233924-2635510394
sambaDomain=internaltest
slaveLDAP=127.0.0.1
slavePort=389
masterLDAP=127.0.0.1
masterPort=389
ldapTLS=0
ldapSSL=0
verify=none
cafile=/etc/smbldap-tools/ca.pem
clientcert=/etc/smbldap-tools/smbldap-tools.iallanis.info.pem
clientkey=/etc/smbldap-tools/smbldap-tools.iallanis.info.key
suffix=dc=internaltest
usersdn=ou=Users,${suffix}
computersdn=ou=Computers,${suffix}
groupsdn=ou=Groups,${suffix}
idmapdn=ou=Idmap,${suffix}
sambaUnixIdPooldn=sambaDomainName=${sambaDomain},${suffix}
scope=sub
hash_encrypt=SSHA
crypt_salt_format=%s
userLoginShell=/bin/bash
userHome=/home/%U
userHomeDirectoryMode=700
userGecos=System User
defaultUserGid=513
defaultComputerGid=515
skeletonDir=/etc/skel
defaultMaxPasswordAge=45
userSmbHome=\\PDC-TEST2\%U
userProfile=\\PDC-TEST2\profiles\%U
userHomeDrive=H:
userScript=logon.bat
mailDomain=internaltest.com
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
##slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix dc=internaltest
rootdn cn=Manager,dc=internaltest
rootpw {SSHA}a7kYChHl9wXQKkJJYJ+JRLi/4EE2PH+B
password-hash {SSHA}
directory /var/lib/ldap
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass pres,eq
index default sub
##smb.conf
# Global parameters
[global]
workgroup = internaltest
netbios name = PDC-TEST2
#security = DOMAIN
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
#min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
unix password sync = no
ldap passwd sync = yes
# method 2:
#unix password sync = no
#ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = Changing *\nNew password* %n\n *Retype new
password* %n\n
log level = 3
syslog = 0
log file = /var/log/samba/log.%U
max log size = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
SO_KEEPALIVE
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
# passdb backend = ldapsam:ldap://ldap1.company.com ldap://
ldap2.company.com
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=internaltest
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 1-2
idmap gid = 1-2
winbind trusted domains only = Yes
ldap admin dn = cn=Manager,dc=internaltest
ldap suffix = dc=internaltest
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m %u
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel %u
add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
#delete group script = /usr/sbin/smbldap-groupdel %g
Re: [Samba] Samba + Winbind + Windows 2003 AD
as req. I will resend part of first message: My Samba config: http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] XX hds XXX [...] # wbinfo -g [...] bg XX bg hds bg XXX [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. I know there can be a problem with this if the resolv-names is not working # ping addc.UNDERVISNING.LOCAL PING addc.birke-gym.dk (10.3.17.1) 56(84) bytes of data. 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128 time=0.211 ms 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128 time=0.207 ms # ping mail.UNDERVISNING.LOCAL PING mail.birke-gym.dk (127.0.1.1) 56(84) bytes of data. 64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=1 ttl=64 time=0.099 ms 64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=2 ttl=64 time=0.094 ms My krb5-conf: Med Venlig Hilsen / Best Regards Henrik Dige Semark Den 19-07-2010 01:49, Necos Secon skrev: I accidentally deleted the first set of messages in my email for this thread, but does your DNS resolve properly? What does your resolv.conf look like? Also, what do these files look like: krb5.conf smb.conf There's an option in smb.conf, winbind enum users, which needs to be set in order for getent to function properly. There is a corresponding option for groups as well. Look at them and let us know. Date: Mon, 19 Jul 2010 01:12:41 +0200 From:h...@semark.dk To:esiot...@gmail.com CC:samba@lists.samba.org Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD Hi Micheal Sorry for not sending that information in the first place, but I though that it was so basic that it wasn't necessary. My nsswitch.conf: # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files services: db files ethers: db files protocols: db files rpc:db files netgroup: nis I will mean that it is the way to do this (and it works just fine on the UNIX servers that run there own Domain Controller) Med Venlig Hilsen / Best Regards Henrik Dige Semark Den 18-07-2010 17:03, Michael Wood skrev: On 18 July 2010 01:34, Henrik Dige Semarkh...@semark.dk wrote: Hey out there. I have to join my UNIX server with an existing Win2k3 AD network. My system info: Debian Lenny Samba - 3.4.8 Winbind - 3.4.8 Windows Server 2003 with 2000-style-AD My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD. I have successfully joined my UNIX server to the AD, without problems. # net ads join -U Administrator Enter Administrator's password: Using short domain name -- TEST Joined 'MAIL' to realm 'TEST.LOCAL' My Samba config:http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] # wbinfo -g [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. Do you have winbind specified in your nsswitch.conf file as mentioned here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2654732 _ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows users can login but OS X users cannot
On Sun, Feb 21, 2010 at 2:32 AM, grant little grantlid...@gmail.com wrote: ~:=) woohoo! I am pleased to report, that samba 3.5.0rc3, just released yesterday for debian, appears to have fixed this problem. I just installed the experimental version of that and at least on the initial test I just did, I can now login to the same share from both windows clients and OS X with winbind not running on the samba server. I have more tests to do but it is looking good so far. Thanks to all the samba and debian teams for making my life a little easier. I was previously stuck in a rut between using centos 5.4 with samba 3.0.33 that worked from both clients but centos 5.4 would not support having the operating system on GPT hard drives and ubuntu 9.10 which would support GPT hard drives but had a buggy version of samba as previously described. So thanks for lifting me out of the rut and I look forward to the 3.5.0 final release version. On Sat, Feb 20, 2010 at 1:31 PM, grant little grantlid...@gmail.comwrote: Thanks Alex. I'm not using winbind, just kerberos and LDAP and I have in all cases tried both domain\username as well as username. Here's a better dump of the ip log that appens on a failed login attempt that seems to show that the authentication is OK from os x: [2010/02/20 13:13:17, 3] smbd/process.c:1453(process_smb) Transaction 2 of length 366 (0 toread) [2010/02/20 13:13:17, 3] smbd/process.c:1272(switch_message) switch message SMBsesssetupX (pid 6039) conn 0x0 [2010/02/20 13:13:17, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/20 13:13:17, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc801 [2010/02/20 13:13:17, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2010/02/20 13:13:17, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[Mac OS X 10.6] NativeLanMan=[SMBFS 1.6.0] PrimaryDomain=[] [2010/02/20 13:13:17, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[grant] domain=[AD] workstation=[GRANT] len1=24 len2=126 [2010/02/20 13:13:19, 3] smbd/oplock.c:911(init_oplocks) init_oplocks: initializing messages. [2010/02/20 13:13:19, 3] smbd/oplock_linux.c:219(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2010/02/20 13:13:19, 3] smbd/process.c:1453(process_smb) Transaction 0 of length 51 (0 toread) [2010/02/20 13:13:19, 3] smbd/process.c:1272(switch_message) switch message SMBnegprot (pid 6040) conn 0x0 [2010/02/20 13:13:19, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/20 13:13:19, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [NT LM 0.12] [2010/02/20 13:13:19, 3] smbd/negprot.c:387(reply_nt1) using SPNEGO [2010/02/20 13:13:19, 3] smbd/negprot.c:672(reply_negprot) Selected protocol NT LM 0.12 [2010/02/20 13:13:21, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/20 13:13:21, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/02/20 13:13:21, 3] smbd/server.c:848(exit_server_common) Server exit (failed to receive smb request) -- what's weird is that there's no sign of the login in auth.log only the test via windows cleint a few seconds before: Feb 20 13:12:14 servername smbd[6033]: pam_unix(samba:session): session opened for user grant by (uid=0) Feb 20 13:12:24 servername smbd[6033]: pam_unix(samba:session): session closed for user grant after that nothing... On Sat, Feb 20, 2010 at 11:17 AM, Alex Ferrara a...@receptiveit.com.auwrote: I have seen this behaviour recently using Samba 3.4.5 from the Lucid tree on Ubuntu 9.10 Try using domain\username for the username To me, it appears to be a bug in winbind not using the default domain, but I could be wrong. Sent from my iPhone On 20/02/2010, at 8:29 PM, grant little grantlid...@gmail.com wrote: Hello, having spent many hours scouring archives, docs, books and googling without finding an answer I need to ask your help on this. running samba 3.4.0-3ubuntu5.3 on ubuntu 9.10 server, client users can login to the share from windows clients but the same users is denied access when connecting from OS X via GO/Connect To Server in format smb://fqdnofserver user authentication is to active directory using kerberos and LDAP and am not running winbind pam.d/samba is set to allow smb logins, that is shell logins are not permitted for active directory authenticated users. here's that snippet: # /etc/pam.d/samba auth sufficient pam_krb5.so minimum_uid=1000 use_first_pass account sufficient pam_ldap.so use_first_pass session sufficient pam_ldap.so I have tested my configs on samba 3.0.33 on CENTOS and it works fine there for both OS X and windows the share is setup on /shares/asgs with these permissions: drwxrwsrwx 8 root root 87 2010-02-20 00:17
Re: [Samba] [samba] DNS update failed!
В сообщении от 29 июля 2010 17:05:53 автор k.maksimov написал: Alexander R. Fahrutdinov wrote: В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov написал: В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал: Alexander R. Fahrutdinov wrote: В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал: Anton wrote: On 28 July 2010 01:45, k.maksimov k.maksi...@butb.by wrote: I have two networks: 192.168.1.0 with netmask 255.255.255.0 and 172.16.0.0 with netmask 255.255.254.0, when I join in domain in first network hostname registered successfully, but in second network: sudo net ads join -U admin Enter admin's password: Using short domain name -- BUTB Joined 'TH-2-011' to realm 'butb.by' DNS update failed! As far as I can tell (I'm not entirely certain though) this is an Active Directory / Windows Server configuration issue around loosening permissions enough for the DHCP service to update the DNS records. I don't know exactly what settings need to be configured though, as I didn't manage to get it working either. In the end I decided to keep the standard security and just use static IPs and DNS records for winbind machines. I'm use static IP and I haven't DHCP. and this problem not an AD: Windows machines successfully update DNS. also I have ~200 machines and I can't add every DNS record manually. It seems, secure DNS update has broken in samba. I tried to use different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got an error during DNS update, in spite of wbinfo -t and net ads info commands output was OK. Secure DNS update via nss-update script has sucssefully completed, but it requires a domain admin creditionals. Guys from http://rc.quest.com/topics/ddns/old.php create a patch for nss- update and GSSAPI library to use machine account instead admin one, but I don't try this. So, I don't promise to disable the secure DNS update, because it decrease AD security. Perghaps, somebody tell us, what we doing wrong? Earlier I tested DNS update on samba package included in Debian Etch, Lenny and testing Debian branch. Now I download CentOS distribution and try to update DNS via net ads dns register -P command. I'm surprised when command reports Successfully registered hostname with DNS with samba 3.0.33 and 3.5.4 versions. So, it isn't samba problem, but problem of specific distribution. And what's your distribution? I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in network 192.168.1.0/24 dns updated successfully via net ads dns register -P. So, it's samba problem:) Now I trying to update DNS from CentOS with two NICs: 192.168.33.131 and 10.0.3.15, and both addresses is being added to DNS sucsessfully. PS: net ads dns register -P -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Thu Jul 29 06:00:02 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-07-28 00:00:03.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-07-29 00:00:03.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Wed Jul 28 06:00:02 2010 +Build status as of Thu Jul 29 06:00:02 2010 Build counts: Tree Total Broken Panic @@ -13,8 +13,8 @@ samba-docs 0 0 0 samba-web0 0 0 samba_3_current 32 32 4 -samba_3_master 32 32 4 -samba_3_next 32 31 6 +samba_3_master 32 32 3 +samba_3_next 32 32 6 samba_4_0_test 32 32 0 samba_4_0_waf 36 35 1 talloc 32 7 0
[SCM] CTDB repository - branch master updated - ctdb-1.0.114-160-g1f453aa
The branch, master has been updated via 1f453aa4b5e749468c7788afac09c6f0900ea18f (commit) from f26b59d8b96a70baa80ab1bad406ee6a21330b68 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 1f453aa4b5e749468c7788afac09c6f0900ea18f Author: Evan Kinney evan.kin...@sas.com Date: Wed Jul 28 22:48:46 2010 -0400 ctdb: Fixed use of reserved word private in typedefs In include/ctdb.h, ctdb_callback_t and ctdb_rrl_callback_t were defined with a void *private variable. The variable name was changed to void *private_data to avoid issues encountered in the Samba autoconf script. Evan Kinney evan.kin...@sas.com --- Summary of changes: include/ctdb.h |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/include/ctdb.h b/include/ctdb.h index e4aff86..13e6448 100644 --- a/include/ctdb.h +++ b/include/ctdb.h @@ -177,7 +177,7 @@ void ctdb_request_free(struct ctdb_connection *ctdb, struct ctdb_request *req); * actual private parameter. */ typedef void (*ctdb_callback_t)(struct ctdb_connection *ctdb, - struct ctdb_request *req, void *private); + struct ctdb_request *req, void *private_data); /** * struct ctdb_db - connection to a particular open TDB @@ -247,7 +247,7 @@ struct ctdb_lock; typedef void (*ctdb_rrl_callback_t)(struct ctdb_db *ctdb_db, struct ctdb_lock *lock, TDB_DATA data, - void *private); + void *private_data); /** * ctdb_readrecordlock_async - read and lock a record -- CTDB repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 749b946... Fix tdb_check() to work with read-only tdb databases. The function tdb_lockall() uses F_WRLCK internally, which doesn't work on a fd opened with O_RDONLY. Use tdb_lockall_read() instead. from a2e20cf... s3: Fix cli_qpathinfo2 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 749b94656e1670493f075ba59c13d0a770f60ba8 Author: Jeremy Allison j...@samba.org Date: Wed Jul 28 05:15:40 2010 -0700 Fix tdb_check() to work with read-only tdb databases. The function tdb_lockall() uses F_WRLCK internally, which doesn't work on a fd opened with O_RDONLY. Use tdb_lockall_read() instead. Jeremy. --- Summary of changes: lib/tdb/common/check.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tdb/common/check.c b/lib/tdb/common/check.c index 6bbfd7d..2c64043 100644 --- a/lib/tdb/common/check.c +++ b/lib/tdb/common/check.c @@ -311,7 +311,7 @@ int tdb_check(struct tdb_context *tdb, struct tdb_record rec; bool found_recovery = false; - if (tdb_lockall(tdb) == -1) + if (tdb_lockall_read(tdb) == -1) return -1; /* Make sure we know true size of the underlying file. */ @@ -412,12 +412,12 @@ int tdb_check(struct tdb_context *tdb, } free(hashes); - tdb_unlockall(tdb); + tdb_unlockall_read(tdb); return 0; free: free(hashes); unlock: - tdb_unlockall(tdb); + tdb_unlockall_read(tdb); return -1; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e8d3867... s3-spoolss: Increased debug level for trace output.
via b2be8f2... s3-spoolss: Fixed debug statements and increased level.
from bc1c82e... Fix tdb_check() to work with read-only tdb databases.
The function tdb_lockall() uses F_WRLCK internally, which doesn't work on a fd
opened with O_RDONLY. Use tdb_lockall_read() instead.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e8d386704e4c126b979ffe6c8b588fb311cc2e34
Author: Andreas Schneider a...@samba.org
Date: Thu Jul 29 20:48:01 2010 +0200
s3-spoolss: Increased debug level for trace output.
commit b2be8f2267a2fdee2d9fce6a100225eea8e7928b
Author: Andreas Schneider a...@samba.org
Date: Thu Jul 29 20:45:07 2010 +0200
s3-spoolss: Fixed debug statements and increased level.
---
Summary of changes:
source3/rpc_server/srv_spoolss_util.c | 11 ++-
1 files changed, 6 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_spoolss_util.c
b/source3/rpc_server/srv_spoolss_util.c
index 768171a..c5fad1a 100644
--- a/source3/rpc_server/srv_spoolss_util.c
+++ b/source3/rpc_server/srv_spoolss_util.c
@@ -904,7 +904,7 @@ static WERROR winreg_printer_query_binary(TALLOC_CTX
*mem_ctx,
value_len,
result);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, (winreg_printer_query_dword: Could not query value
%s: %s\n,
+ DEBUG(2, (winreg_printer_query_binary: Could not query value
%s: %s\n,
wvalue.name, nt_errstr(status)));
if (!W_ERROR_IS_OK(result)) {
goto done;
@@ -934,7 +934,7 @@ static WERROR winreg_printer_query_binary(TALLOC_CTX
*mem_ctx,
value_len,
result);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, (winreg_printer_query_dword: Could not query value
%s: %s\n,
+ DEBUG(2, (winreg_printer_query_binary: Could not query value
%s: %s\n,
wvalue.name, nt_errstr(status)));
if (!W_ERROR_IS_OK(result)) {
result = ntstatus_to_werror(status);
@@ -975,7 +975,7 @@ static WERROR winreg_printer_query_dword(TALLOC_CTX
*mem_ctx,
value_len,
result);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, (winreg_printer_query_dword: Could not query value
%s: %s\n,
+ DEBUG(2, (winreg_printer_query_dword: Could not query value
%s: %s\n,
wvalue.name, nt_errstr(status)));
if (!W_ERROR_IS_OK(result)) {
goto done;
@@ -1011,7 +1011,7 @@ static WERROR winreg_printer_query_dword(TALLOC_CTX
*mem_ctx,
value_len,
result);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, (winreg_printer_query_dword: Could not query value
%s: %s\n,
+ DEBUG(2, (winreg_printer_query_dword: Could not query value
%s: %s\n,
wvalue.name, nt_errstr(status)));
if (!W_ERROR_IS_OK(result)) {
result = ntstatus_to_werror(status);
@@ -3148,7 +3148,8 @@ WERROR winreg_printer_get_changeid(TALLOC_CTX *mem_ctx,
goto done;
}
- DEBUG(0, (winreg_printer_get_changeid: get changeid from %s\n, path));
+ DEBUG(10, (winreg_printer_get_changeid: get changeid from %s\n,
path));
+
result = winreg_printer_query_dword(tmp_ctx,
winreg_pipe,
key_hnd,
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4f43030... Fix bug #7589 - ntlm_auth fails to use cached
credentials.
from e8d3867... s3-spoolss: Increased debug level for trace output.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4f4303048260ca19a5feef6b9338add1a19fb53c
Author: Jeremy Allison j...@samba.org
Date: Thu Jul 29 12:44:00 2010 -0700
Fix bug #7589 - ntlm_auth fails to use cached credentials.
In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
of the mapped username, but fails to canonicalize the actual username
sent to the backend domain process. When winbind default domain
is set this can lead to credentials being cached with an index of
user: user, not DOMAIN\user. All other code paths that use
canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
correctly canonicalize the data sent to the backend. All calls
the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
correctly call canonicalize_username() to create the credential
lookup key.
Jeremy.
---
Summary of changes:
source3/winbindd/winbindd_pam_auth.c | 12 +---
1 files changed, 5 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam_auth.c
b/source3/winbindd/winbindd_pam_auth.c
index 94d98ec..4f963a3 100644
--- a/source3/winbindd/winbindd_pam_auth.c
+++ b/source3/winbindd/winbindd_pam_auth.c
@@ -35,7 +35,7 @@ struct tevent_req *winbindd_pam_auth_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req, *subreq;
struct winbindd_pam_auth_state *state;
struct winbindd_domain *domain;
- fstring name_domain, name_user, mapped_user;
+ fstring name_domain, name_user;
char *mapped = NULL;
NTSTATUS status;
@@ -62,17 +62,15 @@ struct tevent_req *winbindd_pam_auth_send(TALLOC_CTX
*mem_ctx,
status = normalize_name_unmap(state, request-data.auth.user, mapped);
- /* If the name normalization didnt' actually do anything,
- just use the original name */
+ /* If the name normalization changed something, copy it over the given
+ name */
if (NT_STATUS_IS_OK(status)
|| NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
- fstrcpy(mapped_user, mapped);
- } else {
- fstrcpy(mapped_user, request-data.auth.user);
+ fstrcpy(request-data.auth.user, mapped);
}
- if (!canonicalize_username(mapped_user, name_domain, name_user)) {
+ if (!canonicalize_username(request-data.auth.user, name_domain,
name_user)) {
tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
return tevent_req_post(req, ev);
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 5bc0db4... Fix bug #7589 - ntlm_auth fails to use cached
credentials.
from 749b946... Fix tdb_check() to work with read-only tdb databases.
The function tdb_lockall() uses F_WRLCK internally, which doesn't work on a fd
opened with O_RDONLY. Use tdb_lockall_read() instead.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 5bc0db425f71ec8b7a570294b04cb2fb6d27be69
Author: Jeremy Allison j...@samba.org
Date: Thu Jul 29 12:44:00 2010 -0700
Fix bug #7589 - ntlm_auth fails to use cached credentials.
In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
of the mapped username, but fails to canonicalize the actual username
sent to the backend domain process. When winbind default domain
is set this can lead to credentials being cached with an index of
user: user, not DOMAIN\user. All other code paths that use
canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
correctly canonicalize the data sent to the backend. All calls
the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
correctly call canonicalize_username() to create the credential
lookup key.
Jeremy.
---
Summary of changes:
source3/winbindd/winbindd_pam_auth.c | 12 +---
1 files changed, 5 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam_auth.c
b/source3/winbindd/winbindd_pam_auth.c
index 94d98ec..4f963a3 100644
--- a/source3/winbindd/winbindd_pam_auth.c
+++ b/source3/winbindd/winbindd_pam_auth.c
@@ -35,7 +35,7 @@ struct tevent_req *winbindd_pam_auth_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req, *subreq;
struct winbindd_pam_auth_state *state;
struct winbindd_domain *domain;
- fstring name_domain, name_user, mapped_user;
+ fstring name_domain, name_user;
char *mapped = NULL;
NTSTATUS status;
@@ -62,17 +62,15 @@ struct tevent_req *winbindd_pam_auth_send(TALLOC_CTX
*mem_ctx,
status = normalize_name_unmap(state, request-data.auth.user, mapped);
- /* If the name normalization didnt' actually do anything,
- just use the original name */
+ /* If the name normalization changed something, copy it over the given
+ name */
if (NT_STATUS_IS_OK(status)
|| NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
- fstrcpy(mapped_user, mapped);
- } else {
- fstrcpy(mapped_user, request-data.auth.user);
+ fstrcpy(request-data.auth.user, mapped);
}
- if (!canonicalize_username(mapped_user, name_domain, name_user)) {
+ if (!canonicalize_username(request-data.auth.user, name_domain,
name_user)) {
tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
return tevent_req_post(req, ev);
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via a8cd3ef... s3: Do the ftruncate write cache optimization in one
place
via a86cad3... Revert s3: Avoid pwrite calls for the 1-byte writes
with zero content
via fec8505... s3: Avoid an unnecessary ftruncate call
from 4f43030... Fix bug #7589 - ntlm_auth fails to use cached
credentials.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit a8cd3ef99eb70d70b9272b6e3ab5cc737195e06c
Author: Volker Lendecke v...@samba.org
Date: Thu Jul 29 14:48:06 2010 +0200
s3: Do the ftruncate write cache optimization in one place
Instead of hand-tuning all the cases that are below this piece of code,
this is
a general case that we can catch upfront.
commit a86cad3921c4a8ddbcab1929c825356aec4fe76a
Author: Volker Lendecke v...@samba.org
Date: Thu Jul 29 14:21:14 2010 +0200
Revert s3: Avoid pwrite calls for the 1-byte writes with zero content
This reverts commit 6763730304627a58139450fd3e03a0ce48e31bb9.
commit fec8505e0be067a09929216cfe476802f21d14fe
Author: Volker Lendecke v...@samba.org
Date: Thu Jul 29 17:04:18 2010 +0200
s3: Avoid an unnecessary ftruncate call
If we just created the file, it has length 0 by definition. This is still
done
while holding the share mode lock, so no race around wrt other cifs clients.
---
Summary of changes:
source3/smbd/fileio.c | 85 -
source3/smbd/open.c |2 +-
2 files changed, 36 insertions(+), 51 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c
index e5a2888..b4e8a1d 100644
--- a/source3/smbd/fileio.c
+++ b/source3/smbd/fileio.c
@@ -401,6 +401,37 @@ nonop=%u allocated=%u active=%u direct=%u perfect=%u
readhits=%u\n,
fsp-fh-pos = pos + n;
+ if ((n == 1) (data[0] == '\0') (pos wcp-file_size)) {
+ int ret;
+
+ /*
+* This is a 1-byte write of a 0 beyond the EOF and
+* thus implicitly also beyond the current active
+* write cache, the typical file-extending (and
+* allocating, but we're using the write cache here)
+* write done by Windows. We just have to ftruncate
+* the file and rely on posix semantics to return
+* zeros for non-written file data that is within the
+* file length.
+*
+* We can not use wcp_file_size_change here because we
+* might have an existing write cache, and
+* wcp_file_size_change assumes a change to just the
+* end of the current write cache.
+*/
+
+ wcp-file_size = pos + 1;
+ ret = SMB_VFS_FTRUNCATE(fsp, wcp-file_size);
+ if (ret == -1) {
+ DEBUG(0,(wcp_file_size_change (%s): ftruncate of size
%.0f
+error %s\n, fsp_str_dbg(fsp),
+(double)wcp-file_size, strerror(errno)));
+ return -1;
+ }
+ return 1;
+ }
+
+
/*
* If we have active cache and it isn't contiguous then we flush.
* NOTE: There is a small problem with running out of disk
@@ -649,31 +680,10 @@ nonop=%u allocated=%u active=%u direct=%u perfect=%u
readhits=%u\n,
*/
flush_write_cache(fsp, WRITE_FLUSH);
-
- if (data[0] == '\0') {
- /*
-* This is a 1-byte write of a 0
-* beyond the EOF, the typical
-* file-extending (and allocating, but
-* we're using the write cache here)
-* write done by Windows. We just have
-* to ftruncate the file and rely on
-* posix semantics to return zeros for
-* non-written file data that is
-* within the file length.
-*
-* We have to cheat the offset to make
-* wcp_file_size_change do the right
-* thing with the ftruncate call.
-*/
- wcp-offset = pos + 1;
- wcp-data_size = 0;
- } else {
- wcp-offset = wcp-file_size;
- wcp-data_size = pos - wcp-file_size + 1;
- memset(wcp-data, '\0', wcp-data_size);
-
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via dbaa892... s3: Do the ftruncate write cache optimization in one
place
via 3a311f3... Revert s3: Avoid pwrite calls for the 1-byte writes
with zero content
via a86e338... s3: Avoid an unnecessary ftruncate call
from 5bc0db4... Fix bug #7589 - ntlm_auth fails to use cached
credentials.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit dbaa89214e1c4b63ea3a88716478488422ae8dc5
Author: Volker Lendecke v...@samba.org
Date: Thu Jul 29 14:48:06 2010 +0200
s3: Do the ftruncate write cache optimization in one place
Instead of hand-tuning all the cases that are below this piece of code,
this is
a general case that we can catch upfront.
commit 3a311f387679f3589ffb38e7e57c1920d83a45a1
Author: Volker Lendecke v...@samba.org
Date: Thu Jul 29 14:21:14 2010 +0200
Revert s3: Avoid pwrite calls for the 1-byte writes with zero content
This reverts commit 6763730304627a58139450fd3e03a0ce48e31bb9.
commit a86e338a048ea70af850e24956f4c461143f336a
Author: Volker Lendecke v...@samba.org
Date: Thu Jul 29 17:04:18 2010 +0200
s3: Avoid an unnecessary ftruncate call
If we just created the file, it has length 0 by definition. This is still
done
while holding the share mode lock, so no race around wrt other cifs clients.
---
Summary of changes:
source3/smbd/fileio.c | 85 -
source3/smbd/open.c |2 +-
2 files changed, 36 insertions(+), 51 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c
index e5a2888..b4e8a1d 100644
--- a/source3/smbd/fileio.c
+++ b/source3/smbd/fileio.c
@@ -401,6 +401,37 @@ nonop=%u allocated=%u active=%u direct=%u perfect=%u
readhits=%u\n,
fsp-fh-pos = pos + n;
+ if ((n == 1) (data[0] == '\0') (pos wcp-file_size)) {
+ int ret;
+
+ /*
+* This is a 1-byte write of a 0 beyond the EOF and
+* thus implicitly also beyond the current active
+* write cache, the typical file-extending (and
+* allocating, but we're using the write cache here)
+* write done by Windows. We just have to ftruncate
+* the file and rely on posix semantics to return
+* zeros for non-written file data that is within the
+* file length.
+*
+* We can not use wcp_file_size_change here because we
+* might have an existing write cache, and
+* wcp_file_size_change assumes a change to just the
+* end of the current write cache.
+*/
+
+ wcp-file_size = pos + 1;
+ ret = SMB_VFS_FTRUNCATE(fsp, wcp-file_size);
+ if (ret == -1) {
+ DEBUG(0,(wcp_file_size_change (%s): ftruncate of size
%.0f
+error %s\n, fsp_str_dbg(fsp),
+(double)wcp-file_size, strerror(errno)));
+ return -1;
+ }
+ return 1;
+ }
+
+
/*
* If we have active cache and it isn't contiguous then we flush.
* NOTE: There is a small problem with running out of disk
@@ -649,31 +680,10 @@ nonop=%u allocated=%u active=%u direct=%u perfect=%u
readhits=%u\n,
*/
flush_write_cache(fsp, WRITE_FLUSH);
-
- if (data[0] == '\0') {
- /*
-* This is a 1-byte write of a 0
-* beyond the EOF, the typical
-* file-extending (and allocating, but
-* we're using the write cache here)
-* write done by Windows. We just have
-* to ftruncate the file and rely on
-* posix semantics to return zeros for
-* non-written file data that is
-* within the file length.
-*
-* We have to cheat the offset to make
-* wcp_file_size_change do the right
-* thing with the ftruncate call.
-*/
- wcp-offset = pos + 1;
- wcp-data_size = 0;
- } else {
- wcp-offset = wcp-file_size;
- wcp-data_size = pos - wcp-file_size + 1;
- memset(wcp-data, '\0',
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via b7f0290... We should be using the winbindd separator in this case,
not hardcoding a \\ value.
from a8cd3ef... s3: Do the ftruncate write cache optimization in one
place
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit b7f029016a6a3fb98652c65f27ae80ad78048396
Author: Jeremy Allison j...@samba.org
Date: Thu Jul 29 13:47:27 2010 -0700
We should be using the winbindd separator in this case, not hardcoding a \\
value.
Jeremy.
---
Summary of changes:
source3/winbindd/winbindd_pam.c |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index bf113e8..010245f 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1469,7 +1469,9 @@ enum winbindd_result winbindd_dual_pam_auth(struct
winbindd_domain *domain,
parse_domain_user(mapped_user, name_domain, name_user);
if ( mapped_user != state-request-data.auth.user ) {
- fstr_sprintf( domain_user, %s\\%s, name_domain, name_user );
+ fstr_sprintf( domain_user, %s%c%s, name_domain,
+ *lp_winbind_separator(),
+ name_user );
safe_strcpy( state-request-data.auth.user, domain_user,
sizeof(state-request-data.auth.user)-1 );
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 019... We should be using the winbindd separator in this case,
not hardcoding a \\ value.
from dbaa892... s3: Do the ftruncate write cache optimization in one
place
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 0199500ece1e23514e22bb65350bd92bd6cf
Author: Jeremy Allison j...@samba.org
Date: Thu Jul 29 13:47:27 2010 -0700
We should be using the winbindd separator in this case, not hardcoding
a \\ value.
Jeremy.
---
Summary of changes:
source3/winbindd/winbindd_pam.c |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index bf113e8..010245f 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1469,7 +1469,9 @@ enum winbindd_result winbindd_dual_pam_auth(struct
winbindd_domain *domain,
parse_domain_user(mapped_user, name_domain, name_user);
if ( mapped_user != state-request-data.auth.user ) {
- fstr_sprintf( domain_user, %s\\%s, name_domain, name_user );
+ fstr_sprintf( domain_user, %s%c%s, name_domain,
+ *lp_winbind_separator(),
+ name_user );
safe_strcpy( state-request-data.auth.user, domain_user,
sizeof(state-request-data.auth.user)-1 );
}
--
Samba Shared Repository
