Re: [Samba] [RESOLVED] Server Migration
rsa31 wrote: [RESOLVED] by installing backport samba 3.4.8 from Debian Lenny -- View this message in context: http://old.nabble.com/-RESOLVED--Samba--Server-Migration-tp29387524p29468347.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] delete machine script
Hello, on my (Debian 5.x / Samba 3.2.5 / passdb backend = tdbsam ) server works the add machine script perfect but i remove the machine accounts manually. Exists anywhere a delete machine script solution ? (delete user script doesn't work) Thanks, Christian Kroll signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows Vista keeps on deleting cached roaming profile
I have a couple of Windows Vista Computers that i freshly (re)installed, updated to SP2 + all updates, and joined to my domain... i also got an empty profile on the server (the storage folder is there, but there are no files inside) When i log into the domain Windows creates all files and folders just fine and stores a cache of that profile in c:\users\username (like it should), And when i log out, Windows will write all the files it just created (pictures, desktop, ntuser.dat) to the server perfectly however if i login to the computer locally (not using the domain), and when i go to the c:\users\ folder the folder of the username is gone :( while i like it to stay there! so far i tried: - reinstalling windows multiple times - setting the following GPO's (although i never touched those) - computer\Administrative Templates\System\User Profiles\Delete userprofiles older than a specific number of days == disabled - computer\Administrative Templates\System\User Profiles\Delete cached copies of roaming profiles == disabled - computer\Administrative Templates\System\User Profiles\Leave Windows Installer and group Policy software == enabled - computer\Administrative Templates\System\User Profiles\Only allow local user Profiles == disabled - computer\Administrative Templates\System\User Profiles\Prevent Roaming profile changes propagating to the server == disabled - computer\Administrative Templates\System\User Profiles\Wait for remote user profile == enabled - computer\Administrative Templates\System\User Profiles\Slow network connection timeout for user profiles == disabled - User\Administrative Templates\System\User Profiles\Limit Profile Size == disabled - adding the following registry setting: - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\ DeleteRoamingCache=0 This is with: - Gentoo Linux - Samba 3.5.2 (clustered with CTDB 1.0.114) - LDAP backend -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error: You do not have permission to change your password
I'm using Samba v3.5.4-62 on Fedora 13 PDC Using LDAP passdb backend and do the following... 1. Login as user on Windows system using domain user name and password - Login successful 2. Press Ctrl-Alt-Del 3. Press Change Password 4. Enter old and new password as prompted 5. Receive response You do not have permission to change your password. I receive the following repeated twice in /var/log/samba/log.smbd... [2010/08/17 16:13:53.884482, 0] libsmb/ntlmssp_sign.c:222(ntlmssp_check_packet) NTLMSSP NTLM1 packet check failed due to invalid signature! [2010/08/17 16:13:53.884592, 0] rpc_server/srv_pipe_hnd.c:398(process_request_pdu) process_request_pdu: failed to do auth processing. [2010/08/17 16:13:53.884668, 0] rpc_server/srv_pipe_hnd.c:399(process_request_pdu) process_request_pdu: error was NT_STATUS_ACCESS_DENIED. This was generated from a WindowsNT4 system. The issue can also be duplicated from Windows XP clients. My smb.conf file on this system (PDC): [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = yes #encrypt passwords = yes username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = scripts/%U.bat logon path = logon drive = security = user domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes smb ports = 139 #remote announce = 10.30.0.254/CORPDOM 10.20.255.255/CORPDOM 10.20.0.255/CORPDOM #remote browse sync = 10.20.255.255 10.30.255.255 #remote announce = 10.30.255.255 #remote browse sync = 10.30.255.255 ldap suffix = dc=brcrp,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=brcrp,dc=com ldap ssl = no #ldap passwd sync = yes unix password sync = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password:*%n\n*Retype*new*password:*%n\n* #client lanman auth = yes #unix password sync = yes #passwd program = /usr/sbin/smbldap-passwd -u %u idmap backend = ldap:ldap://127.0.0.1 idmap uid = 15000-2 idmap gid = 15000-2 printing = cups [netlogon] comment = Network Logon Service path = /pub guest ok = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error: You do not have permission to change your password
I am pretty sure that the password command and script is run as root, not as the user changing the password.What happens if you run the password commands on the samba server? I don't have smbldap tools on my system (Solaris, so not provided by the Sun distro) so I had to rely on the OS password tools. By default, root is not going to have sufficient privledges to change ldap passwords. If you don't enable password sync, are you able to change your Windows password? On 08/18/2010 08:49 AM, Christopher Springer wrote: I'm using Samba v3.5.4-62 on Fedora 13 PDC Using LDAP passdb backend and do the following... 1. Login as user on Windows system using domain user name and password - Login successful 2. Press Ctrl-Alt-Del 3. Press Change Password 4. Enter old and new password as prompted 5. Receive response You do not have permission to change your password. I receive the following repeated twice in /var/log/samba/log.smbd... [2010/08/17 16:13:53.884482, 0] libsmb/ntlmssp_sign.c:222(ntlmssp_check_packet) NTLMSSP NTLM1 packet check failed due to invalid signature! [2010/08/17 16:13:53.884592, 0] rpc_server/srv_pipe_hnd.c:398(process_request_pdu) process_request_pdu: failed to do auth processing. [2010/08/17 16:13:53.884668, 0] rpc_server/srv_pipe_hnd.c:399(process_request_pdu) process_request_pdu: error was NT_STATUS_ACCESS_DENIED. This was generated from a WindowsNT4 system. The issue can also be duplicated from Windows XP clients. My smb.conf file on this system (PDC): [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = yes #encrypt passwords = yes username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = scripts/%U.bat logon path = logon drive = security = user domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes smb ports = 139 #remote announce = 10.30.0.254/CORPDOM 10.20.255.255/CORPDOM 10.20.0.255/CORPDOM #remote browse sync = 10.20.255.255 10.30.255.255 #remote announce = 10.30.255.255 #remote browse sync = 10.30.255.255 ldap suffix = dc=brcrp,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=brcrp,dc=com ldap ssl = no #ldap passwd sync = yes unix password sync = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password:*%n\n*Retype*new*password:*%n\n* #client lanman auth = yes #unix password sync = yes #passwd program = /usr/sbin/smbldap-passwd -u %u idmap backend = ldap:ldap://127.0.0.1 idmap uid = 15000-2 idmap gid = 15000-2 printing = cups [netlogon] comment = Network Logon Service path = /pub guest ok = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error: You do not have permission to change your password
You need ldap passwd sync = yes no unix password sync = yes Then try to change it on your linux box. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Mittwoch, 18. August 2010 15:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error: You do not have permission to change your password I am pretty sure that the password command and script is run as root, not as the user changing the password.What happens if you run the password commands on the samba server? I don't have smbldap tools on my system (Solaris, so not provided by the Sun distro) so I had to rely on the OS password tools. By default, root is not going to have sufficient privledges to change ldap passwords. If you don't enable password sync, are you able to change your Windows password? On 08/18/2010 08:49 AM, Christopher Springer wrote: I'm using Samba v3.5.4-62 on Fedora 13 PDC Using LDAP passdb backend and do the following... 1. Login as user on Windows system using domain user name and password - Login successful 2. Press Ctrl-Alt-Del 3. Press Change Password 4. Enter old and new password as prompted 5. Receive response You do not have permission to change your password. I receive the following repeated twice in /var/log/samba/log.smbd... [2010/08/17 16:13:53.884482, 0] libsmb/ntlmssp_sign.c:222(ntlmssp_check_packet) NTLMSSP NTLM1 packet check failed due to invalid signature! [2010/08/17 16:13:53.884592, 0] rpc_server/srv_pipe_hnd.c:398(process_request_pdu) process_request_pdu: failed to do auth processing. [2010/08/17 16:13:53.884668, 0] rpc_server/srv_pipe_hnd.c:399(process_request_pdu) process_request_pdu: error was NT_STATUS_ACCESS_DENIED. This was generated from a WindowsNT4 system. The issue can also be duplicated from Windows XP clients. My smb.conf file on this system (PDC): [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = yes #encrypt passwords = yes username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = scripts/%U.bat logon path = logon drive = security = user domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes smb ports = 139 #remote announce = 10.30.0.254/CORPDOM 10.20.255.255/CORPDOM 10.20.0.255/CORPDOM #remote browse sync = 10.20.255.255 10.30.255.255 #remote announce = 10.30.255.255 #remote browse sync = 10.30.255.255 ldap suffix = dc=brcrp,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=brcrp,dc=com ldap ssl = no #ldap passwd sync = yes unix password sync = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password:*%n\n*Retype*new*password:*%n\n* #client lanman auth = yes #unix password sync = yes #passwd program = /usr/sbin/smbldap-passwd -u %u idmap backend = ldap:ldap://127.0.0.1 idmap uid = 15000-2 idmap gid = 15000-2 printing = cups [netlogon] comment = Network Logon Service path = /pub guest ok = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error: You do not have permission to change your password
Results of testing as requested - [r...@localhost ~]# smbldap-passwd kennyz Changing UNIX and samba passwords for kennyz New password: enter pass Retype new password: enter pass No errors returned. User is able to login with new password. Commented out unix password sync = yes. Still same result...You do not have permission to change your password. Thank you for your help! We'll keep trying... Chris On 08/18/2010 09:48 AM, Gaiseric Vandal wrote: I am pretty sure that the password command and script is run as root, not as the user changing the password.What happens if you run the password commands on the samba server? I don't have smbldap tools on my system (Solaris, so not provided by the Sun distro) so I had to rely on the OS password tools. By default, root is not going to have sufficient privledges to change ldap passwords. If you don't enable password sync, are you able to change your Windows password? On 08/18/2010 08:49 AM, Christopher Springer wrote: I'm using Samba v3.5.4-62 on Fedora 13 PDC Using LDAP passdb backend and do the following... 1. Login as user on Windows system using domain user name and password - Login successful 2. Press Ctrl-Alt-Del 3. Press Change Password 4. Enter old and new password as prompted 5. Receive response You do not have permission to change your password. I receive the following repeated twice in /var/log/samba/log.smbd... [2010/08/17 16:13:53.884482, 0] libsmb/ntlmssp_sign.c:222(ntlmssp_check_packet) NTLMSSP NTLM1 packet check failed due to invalid signature! [2010/08/17 16:13:53.884592, 0] rpc_server/srv_pipe_hnd.c:398(process_request_pdu) process_request_pdu: failed to do auth processing. [2010/08/17 16:13:53.884668, 0] rpc_server/srv_pipe_hnd.c:399(process_request_pdu) process_request_pdu: error was NT_STATUS_ACCESS_DENIED. This was generated from a WindowsNT4 system. The issue can also be duplicated from Windows XP clients. My smb.conf file on this system (PDC): [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = yes #encrypt passwords = yes username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = scripts/%U.bat logon path = logon drive = security = user domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes smb ports = 139 #remote announce = 10.30.0.254/CORPDOM 10.20.255.255/CORPDOM 10.20.0.255/CORPDOM #remote browse sync = 10.20.255.255 10.30.255.255 #remote announce = 10.30.255.255 #remote browse sync = 10.30.255.255 ldap suffix = dc=brcrp,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=brcrp,dc=com ldap ssl = no #ldap passwd sync = yes unix password sync = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password:*%n\n*Retype*new*password:*%n\n* #client lanman auth = yes #unix password sync = yes #passwd program = /usr/sbin/smbldap-passwd -u %u idmap backend = ldap:ldap://127.0.0.1 idmap uid = 15000-2 idmap gid = 15000-2 printing = cups [netlogon] comment = Network Logon Service path = /pub guest ok = Yes browseable = No -- Christopher Springer IS/IT Systems Administrator BRC Rubber Plastics, Inc 260-693-2171 x389 csprin...@brcrp.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error: You do not have permission to change your password
After changing these lines my smb.conf now looks like the following (just including this so we're clear on the changes I've made thus far) [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = yes #encrypt passwords = yes username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = scripts/%U.bat logon path = logon drive = security = user domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes smb ports = 139 #remote announce = 10.30.0.254/CORPDOM 10.20.255.255/CORPDOM 10.20.0.255/CORPDOM #remote browse sync = 10.20.255.255 10.30.255.255 #remote announce = 10.30.255.255 #remote browse sync = 10.30.255.255 ldap suffix = dc=brcrp,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=brcrp,dc=com ldap ssl = no ldap passwd sync = yes #unix password sync = yes passwd program = /usr/sbin/smbldap-passwd -u %u #passwd chat = *New*password:*%n\n*Retype*new*password:*%n\n* #client lanman auth = yes #unix password sync = yes #passwd program = /usr/sbin/smbldap-passwd -u %u idmap backend = ldap:ldap://127.0.0.1 idmap uid = 15000-2 idmap gid = 15000-2 printing = cups [netlogon] comment = Network Logon Service path = /pub guest ok = Yes browseable = No I still receive the same error when trying to change the user password on the Windows system. Chris On 08/18/2010 10:00 AM, Daniel Müller wrote: You need ldap passwd sync = yes no unix password sync = yes Then try to change it on your linux box. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Mittwoch, 18. August 2010 15:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error: You do not have permission to change your password I am pretty sure that the password command and script is run as root, not as the user changing the password.What happens if you run the password commands on the samba server? I don't have smbldap tools on my system (Solaris, so not provided by the Sun distro) so I had to rely on the OS password tools. By default, root is not going to have sufficient privledges to change ldap passwords. If you don't enable password sync, are you able to change your Windows password? On 08/18/2010 08:49 AM, Christopher Springer wrote: I'm using Samba v3.5.4-62 on Fedora 13 PDC Using LDAP passdb backend and do the following... 1. Login as user on Windows system using domain user name and password - Login successful 2. Press Ctrl-Alt-Del 3. Press Change Password 4. Enter old and new password as prompted 5. Receive response You do not have permission to change your password. I receive the following repeated twice in /var/log/samba/log.smbd... [2010/08/17 16:13:53.884482, 0] libsmb/ntlmssp_sign.c:222(ntlmssp_check_packet) NTLMSSP NTLM1 packet check failed due to invalid signature! [2010/08/17 16:13:53.884592, 0] rpc_server/srv_pipe_hnd.c:398(process_request_pdu) process_request_pdu: failed to do auth processing. [2010/08/17 16:13:53.884668, 0] rpc_server/srv_pipe_hnd.c:399(process_request_pdu) process_request_pdu: error was NT_STATUS_ACCESS_DENIED. This was generated from a WindowsNT4 system. The issue can also be duplicated from Windows XP clients. My smb.conf file on this system (PDC): [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = yes #encrypt passwords = yes username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = scripts/%U.bat logon path = logon drive = security
Re: [Samba] Error: You do not have permission to change your password
I did some additional testing... It turns out that I was able to change the password successfully using... smbldap-passwd kennyz But then I tried changing with the -u option as follows... smbldap-passwd -u kennyz This did not return an error but it also apparently did not change the user's password because I can't login as the user now. I do not know how to interpret this behaviour but I'm hoping it can give you guys a clue as to what is truly the problem here. Thanks. -- Chris On 08/18/2010 10:00 AM, Daniel Müller wrote: You need ldap passwd sync = yes no unix password sync = yes Then try to change it on your linux box. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Mittwoch, 18. August 2010 15:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error: You do not have permission to change your password I am pretty sure that the password command and script is run as root, not as the user changing the password.What happens if you run the password commands on the samba server? I don't have smbldap tools on my system (Solaris, so not provided by the Sun distro) so I had to rely on the OS password tools. By default, root is not going to have sufficient privledges to change ldap passwords. If you don't enable password sync, are you able to change your Windows password? On 08/18/2010 08:49 AM, Christopher Springer wrote: I'm using Samba v3.5.4-62 on Fedora 13 PDC Using LDAP passdb backend and do the following... 1. Login as user on Windows system using domain user name and password - Login successful 2. Press Ctrl-Alt-Del 3. Press Change Password 4. Enter old and new password as prompted 5. Receive response You do not have permission to change your password. I receive the following repeated twice in /var/log/samba/log.smbd... [2010/08/17 16:13:53.884482, 0] libsmb/ntlmssp_sign.c:222(ntlmssp_check_packet) NTLMSSP NTLM1 packet check failed due to invalid signature! [2010/08/17 16:13:53.884592, 0] rpc_server/srv_pipe_hnd.c:398(process_request_pdu) process_request_pdu: failed to do auth processing. [2010/08/17 16:13:53.884668, 0] rpc_server/srv_pipe_hnd.c:399(process_request_pdu) process_request_pdu: error was NT_STATUS_ACCESS_DENIED. This was generated from a WindowsNT4 system. The issue can also be duplicated from Windows XP clients. My smb.conf file on this system (PDC): [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = yes #encrypt passwords = yes username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = scripts/%U.bat logon path = logon drive = security = user domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes smb ports = 139 #remote announce = 10.30.0.254/CORPDOM 10.20.255.255/CORPDOM 10.20.0.255/CORPDOM #remote browse sync = 10.20.255.255 10.30.255.255 #remote announce = 10.30.255.255 #remote browse sync = 10.30.255.255 ldap suffix = dc=brcrp,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=brcrp,dc=com ldap ssl = no #ldap passwd sync = yes unix password sync = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password:*%n\n*Retype*new*password:*%n\n* #client lanman auth = yes #unix password sync = yes #passwd program = /usr/sbin/smbldap-passwd -u %u idmap backend = ldap:ldap://127.0.0.1 idmap uid = 15000-2 idmap gid = 15000-2 printing = cups [netlogon] comment = Network Logon Service path = /pub guest ok = Yes browseable = No -- Christopher Springer IS/IT Systems Administrator BRC Rubber Plastics, Inc 260-693-2171 x389 csprin...@brcrp.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error: You do not have permission to change your password
You only changed unix-password: tuepdc:~ # smbldap-passwd --help (c) Jerome Tournier - IDEALX 2004 (http://www.idealx.com)- Licensed under the GPL Usage: /usr/local/sbin/smbldap-passwd [options] [username] -h, -?, --help show this help message -s update only samba password -u update only UNIX password Just use smbldap-passwd USER --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Christopher Springer [mailto:csprin...@brcrp.com] Gesendet: Mittwoch, 18. August 2010 16:28 An: muel...@tropenklinik.de Cc: gaiseric.van...@gmail.com; samba@lists.samba.org Betreff: Re: [Samba] Error: You do not have permission to change your password I did some additional testing... It turns out that I was able to change the password successfully using... smbldap-passwd kennyz But then I tried changing with the -u option as follows... smbldap-passwd -u kennyz This did not return an error but it also apparently did not change the user's password because I can't login as the user now. I do not know how to interpret this behaviour but I'm hoping it can give you guys a clue as to what is truly the problem here. Thanks. -- Chris On 08/18/2010 10:00 AM, Daniel Müller wrote: You need ldap passwd sync = yes no unix password sync = yes Then try to change it on your linux box. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Mittwoch, 18. August 2010 15:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error: You do not have permission to change your password I am pretty sure that the password command and script is run as root, not as the user changing the password.What happens if you run the password commands on the samba server? I don't have smbldap tools on my system (Solaris, so not provided by the Sun distro) so I had to rely on the OS password tools. By default, root is not going to have sufficient privledges to change ldap passwords. If you don't enable password sync, are you able to change your Windows password? On 08/18/2010 08:49 AM, Christopher Springer wrote: I'm using Samba v3.5.4-62 on Fedora 13 PDC Using LDAP passdb backend and do the following... 1. Login as user on Windows system using domain user name and password - Login successful 2. Press Ctrl-Alt-Del 3. Press Change Password 4. Enter old and new password as prompted 5. Receive response You do not have permission to change your password. I receive the following repeated twice in /var/log/samba/log.smbd... [2010/08/17 16:13:53.884482, 0] libsmb/ntlmssp_sign.c:222(ntlmssp_check_packet) NTLMSSP NTLM1 packet check failed due to invalid signature! [2010/08/17 16:13:53.884592, 0] rpc_server/srv_pipe_hnd.c:398(process_request_pdu) process_request_pdu: failed to do auth processing. [2010/08/17 16:13:53.884668, 0] rpc_server/srv_pipe_hnd.c:399(process_request_pdu) process_request_pdu: error was NT_STATUS_ACCESS_DENIED. This was generated from a WindowsNT4 system. The issue can also be duplicated from Windows XP clients. My smb.conf file on this system (PDC): [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = yes #encrypt passwords = yes username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = scripts/%U.bat logon path = logon drive = security = user domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes smb ports = 139 #remote announce = 10.30.0.254/CORPDOM 10.20.255.255/CORPDOM 10.20.0.255/CORPDOM #remote browse sync = 10.20.255.255 10.30.255.255 #remote announce = 10.30.255.255 #remote browse sync = 10.30.255.255 ldap suffix = dc=brcrp,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix =
Re: [Samba] Error: You do not have permission to change your password
Using that from the command line I'm able to change the user's password and successfully login. However, that didn't solve my problem when the user tries to change their password and I receive You do not have permission to change your password. Thanks for your help thus far. Chris On 08/18/2010 10:47 AM, Daniel Müller wrote: You only changed unix-password: tuepdc:~ # smbldap-passwd --help (c) Jerome Tournier - IDEALX 2004 (http://www.idealx.com)- Licensed under the GPL Usage: /usr/local/sbin/smbldap-passwd [options] [username] -h, -?, --help show this help message -s update only samba password -u update only UNIX password Just use smbldap-passwd USER --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Christopher Springer [mailto:csprin...@brcrp.com] Gesendet: Mittwoch, 18. August 2010 16:28 An: muel...@tropenklinik.de Cc: gaiseric.van...@gmail.com; samba@lists.samba.org Betreff: Re: [Samba] Error: You do not have permission to change your password I did some additional testing... It turns out that I was able to change the password successfully using... smbldap-passwd kennyz But then I tried changing with the -u option as follows... smbldap-passwd -u kennyz This did not return an error but it also apparently did not change the user's password because I can't login as the user now. I do not know how to interpret this behaviour but I'm hoping it can give you guys a clue as to what is truly the problem here. Thanks. -- Chris On 08/18/2010 10:00 AM, Daniel Müller wrote: You need ldap passwd sync = yes no unix password sync = yes Then try to change it on your linux box. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Mittwoch, 18. August 2010 15:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error: You do not have permission to change your password I am pretty sure that the password command and script is run as root, not as the user changing the password.What happens if you run the password commands on the samba server? I don't have smbldap tools on my system (Solaris, so not provided by the Sun distro) so I had to rely on the OS password tools. By default, root is not going to have sufficient privledges to change ldap passwords. If you don't enable password sync, are you able to change your Windows password? On 08/18/2010 08:49 AM, Christopher Springer wrote: I'm using Samba v3.5.4-62 on Fedora 13 PDC Using LDAP passdb backend and do the following... 1. Login as user on Windows system using domain user name and password - Login successful 2. Press Ctrl-Alt-Del 3. Press Change Password 4. Enter old and new password as prompted 5. Receive response You do not have permission to change your password. I receive the following repeated twice in /var/log/samba/log.smbd... [2010/08/17 16:13:53.884482, 0] libsmb/ntlmssp_sign.c:222(ntlmssp_check_packet) NTLMSSP NTLM1 packet check failed due to invalid signature! [2010/08/17 16:13:53.884592, 0] rpc_server/srv_pipe_hnd.c:398(process_request_pdu) process_request_pdu: failed to do auth processing. [2010/08/17 16:13:53.884668, 0] rpc_server/srv_pipe_hnd.c:399(process_request_pdu) process_request_pdu: error was NT_STATUS_ACCESS_DENIED. This was generated from a WindowsNT4 system. The issue can also be duplicated from Windows XP clients. My smb.conf file on this system (PDC): [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = yes #encrypt passwords = yes username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = scripts/%U.bat logon path = logon drive = security = user domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes smb ports = 139 #remote announce = 10.30.0.254/CORPDOM
[Samba] Samba 3.4.7 in Ubuntu 10.04 and WinBindd
Greetings- I have sort of fallen out of the loop with major milestones in the Samba project... I was really up on Samba back in the 3.0.x days. Used to be, a Samba PDC would only run smbd and nmbd tasks. Now I see winbindd tasks as well. I peeked in its log and it does not seem too happy. [2010/08/18 09:20:14, 0] winbindd/winbindd.c:1252(main) winbindd version 3.4.7 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/08/18 09:20:14, 0] winbindd/winbindd_cache.c:2578(initialize_winbindd_cache) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2010/08/18 09:20:59, 1] lib/util_tdb.c:521(tdb_wrap_log) tdb(/var/run/samba/mutex.tdb): tdb_lock failed on list 127 ltype=1 (Interrupted system call) [2010/08/18 09:20:59, 0] lib/util_tdb.c:69(tdb_chainlock_with_timeout_internal) tdb_chainlock_with_timeout_internal: alarm (40) timed out for key LDSLNX01 in tdb /var/run/samba/mutex.tdb [2010/08/18 09:20:59, 1] lib/server_mutex.c:71(grab_named_mutex) Could not get the lock for LDSLNX01 [2010/08/18 09:20:59, 0] winbindd/winbindd_cm.c:782(cm_prepare_connection) cm_prepare_connection: mutex grab failed for LDSLNX01 [2010/08/18 09:22:02, 0] libsmb/namequery.c:75(saf_store) saf_store: refusing to store 0 length domain or servername! [2010/08/18 09:22:02, 1] winbindd/winbindd_cm.c:977(cm_prepare_connection) failed tcon_X with NT_STATUS_END_OF_FILE [2010/08/18 09:23:04, 0] libsmb/namequery.c:75(saf_store) saf_store: refusing to store 0 length domain or servername! [2010/08/18 09:23:04, 1] winbindd/winbindd_cm.c:977(cm_prepare_connection) failed tcon_X with NT_STATUS_END_OF_FILE [2010/08/18 09:24:14, 1] lib/util_tdb.c:521(tdb_wrap_log) tdb(/var/run/samba/mutex.tdb): tdb_lock failed on list 127 ltype=1 (Interrupted system call) [2010/08/18 09:24:14, 0] lib/util_tdb.c:69(tdb_chainlock_with_timeout_internal) tdb_chainlock_with_timeout_internal: alarm (40) timed out for key LDSLNX01 in tdb /var/run/samba/mutex.tdb [2010/08/18 09:24:14, 1] lib/server_mutex.c:71(grab_named_mutex) Could not get the lock for LDSLNX01 [2010/08/18 09:24:14, 0] winbindd/winbindd_cm.c:782(cm_prepare_connection) cm_prepare_connection: mutex grab failed for LDSLNX01 [2010/08/18 09:24:57, 1] lib/util_tdb.c:521(tdb_wrap_log) tdb(/var/run/samba/mutex.tdb): tdb_lock failed on list 127 ltype=1 (Interrupted system call) [2010/08/18 09:24:57, 0] lib/util_tdb.c:69(tdb_chainlock_with_timeout_internal) tdb_chainlock_with_timeout_internal: alarm (40) timed out for key LDSLNX01 in tdb /var/run/samba/mutex.tdb [2010/08/18 09:24:57, 1] lib/server_mutex.c:71(grab_named_mutex) Could not get the lock for LDSLNX01 [2010/08/18 09:24:57, 0] winbindd/winbindd_cm.c:782(cm_prepare_connection) cm_prepare_connection: mutex grab failed for LDSLNX01 [2010/08/18 09:25:47, 0] libsmb/namequery.c:75(saf_store) saf_store: refusing to store 0 length domain or servername! [2010/08/18 09:25:47, 1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host LDSLNX01! [2010/08/18 09:25:47, 0] winbindd/winbindd_dual.c:186(async_request_timeout_handler) async_request_timeout_handler: child pid 1166 is not responding. Closing connection to it. [2010/08/18 09:25:47, 1] winbindd/winbindd_util.c:303(trustdom_recv) Could not receive trustdoms Specifically: Could not get the lock for LDSLNX01 failed tcon_X with NT_STATUS_END_OF_FILE Could not receive trustdoms Is this normal? Does this mean that by upgrading all the way from Samba 3.0.14a on Debian to 3.3.2 on Ubuntu 9.04, and now with the jump to 3.4.7 on Ubuntu 10.04, is there some setup steps that never got done? Our environment is Samba PDC with a mix of Linux and Window workstations. No Windows servers, no AD, etc... TIA! Sincerely, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 in Ubuntu 10.04 and WinBindd
Michael Lueck wrote: Is this normal? Does this mean that by upgrading all the way from Samba 3.0.14a on Debian So much for my memory! Seems we were coming from 3.0.26a-1 on Debian Sarge, To Ubuntu 9.04, and now all the way up to 3.4.7 on Ubuntu 10.04. My apologies. Sincerely, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error: You do not have permission to change your password
I've done some additional testing via ldapmodify and found that I can login as the LDAP user and the user has permission to change his/her own password hash. Does Samba bind to the LDAP directory as the user that is changing the password or as the user as defined by ldap admin dn? Any other thoughts on this issue? Thanks all for your help! Chris On 08/18/2010 10:47 AM, Daniel Müller wrote: You only changed unix-password: tuepdc:~ # smbldap-passwd --help (c) Jerome Tournier - IDEALX 2004 (http://www.idealx.com)- Licensed under the GPL Usage: /usr/local/sbin/smbldap-passwd [options] [username] -h, -?, --help show this help message -s update only samba password -u update only UNIX password Just use smbldap-passwd USER --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Christopher Springer [mailto:csprin...@brcrp.com] Gesendet: Mittwoch, 18. August 2010 16:28 An: muel...@tropenklinik.de Cc: gaiseric.van...@gmail.com; samba@lists.samba.org Betreff: Re: [Samba] Error: You do not have permission to change your password I did some additional testing... It turns out that I was able to change the password successfully using... smbldap-passwd kennyz But then I tried changing with the -u option as follows... smbldap-passwd -u kennyz This did not return an error but it also apparently did not change the user's password because I can't login as the user now. I do not know how to interpret this behaviour but I'm hoping it can give you guys a clue as to what is truly the problem here. Thanks. -- Chris On 08/18/2010 10:00 AM, Daniel Müller wrote: You need ldap passwd sync = yes no unix password sync = yes Then try to change it on your linux box. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Mittwoch, 18. August 2010 15:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error: You do not have permission to change your password I am pretty sure that the password command and script is run as root, not as the user changing the password.What happens if you run the password commands on the samba server? I don't have smbldap tools on my system (Solaris, so not provided by the Sun distro) so I had to rely on the OS password tools. By default, root is not going to have sufficient privledges to change ldap passwords. If you don't enable password sync, are you able to change your Windows password? On 08/18/2010 08:49 AM, Christopher Springer wrote: I'm using Samba v3.5.4-62 on Fedora 13 PDC Using LDAP passdb backend and do the following... 1. Login as user on Windows system using domain user name and password - Login successful 2. Press Ctrl-Alt-Del 3. Press Change Password 4. Enter old and new password as prompted 5. Receive response You do not have permission to change your password. I receive the following repeated twice in /var/log/samba/log.smbd... [2010/08/17 16:13:53.884482, 0] libsmb/ntlmssp_sign.c:222(ntlmssp_check_packet) NTLMSSP NTLM1 packet check failed due to invalid signature! [2010/08/17 16:13:53.884592, 0] rpc_server/srv_pipe_hnd.c:398(process_request_pdu) process_request_pdu: failed to do auth processing. [2010/08/17 16:13:53.884668, 0] rpc_server/srv_pipe_hnd.c:399(process_request_pdu) process_request_pdu: error was NT_STATUS_ACCESS_DENIED. This was generated from a WindowsNT4 system. The issue can also be duplicated from Windows XP clients. My smb.conf file on this system (PDC): [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = yes #encrypt passwords = yes username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = scripts/%U.bat logon path = logon drive = security = user domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes smb
Re: [Samba] Windows Vista keeps on deleting cached roaming profile
I have a couple of Windows Vista Computers that i freshly (re)installed, updated to SP2 + all updates, and joined to my domain... i also got an empty profile on the server (the storage folder is there, but there are no files inside) Read through this thread: http://lists.samba.org/archive/samba/2010-May/156130.html and see if anything in there helps. Note, use sort by subject and read all entries in the thread, the thread links do not always find all thread entries. Relevant parts of my smb.conf: logon script = scripts\everybody.bat logon path = \\%L\profiles\%U\%a domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No ldap ssl = no csc policy = disable hide files = /desktop.ini/Desktop.ini/ [netlogon] comment = Contains login script which just mounts PDB area path = /u1/usr/netlogon [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = No browsable = No [profiles] comment = user's profile directories, by windows version path = /u1/usr/profiles read only = No create mask = 0700 directory mask = 0700 browseable = No browsable = No profile acls = Yes Home directories are in /u1/usr/people, profiles are in /u1/usr/profiles. For reasons I do not recall the file protections are a little odd in profiles: ls -al profiles #edited to just show one user entry total 16 drwxr-xrwx 4 root root 4096 2010-05-27 09:48 ./ drwxrwxr-x 5 root root 4096 2010-05-12 15:32 ../ drwx-- 4 mathog biostaff 4096 2010-05-27 15:12 mathog/ My everybody.bat file is irrelevant to your problem, all it does is mount a data directory from the samba server. However, if you have a script in there it could conceivably be causing problems if it causes errors. Regards, David Mathog mat...@caltech.edu Manager, Sequence Analysis Facility, Biology Division, Caltech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error: You do not have permission to change your password
samba should bind as the ldap admin and with the password specified with the smbpasswd -w command.Assuming the user's unix password is also stored in ldap, I would have thought the ldap passwd sync option would have worked- it never did for me though. On 08/18/2010 11:41 AM, Christopher Springer wrote: I've done some additional testing via ldapmodify and found that I can login as the LDAP user and the user has permission to change his/her own password hash. Does Samba bind to the LDAP directory as the user that is changing the password or as the user as defined by ldap admin dn? Any other thoughts on this issue? Thanks all for your help! Chris On 08/18/2010 10:47 AM, Daniel Müller wrote: You only changed unix-password: tuepdc:~ # smbldap-passwd --help (c) Jerome Tournier - IDEALX 2004 (http://www.idealx.com)- Licensed under the GPL Usage: /usr/local/sbin/smbldap-passwd [options] [username] -h, -?, --help show this help message -s update only samba password -u update only UNIX password Just use smbldap-passwd USER --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Christopher Springer [mailto:csprin...@brcrp.com] Gesendet: Mittwoch, 18. August 2010 16:28 An: muel...@tropenklinik.de Cc: gaiseric.van...@gmail.com; samba@lists.samba.org Betreff: Re: [Samba] Error: You do not have permission to change your password I did some additional testing... It turns out that I was able to change the password successfully using... smbldap-passwd kennyz But then I tried changing with the -u option as follows... smbldap-passwd -u kennyz This did not return an error but it also apparently did not change the user's password because I can't login as the user now. I do not know how to interpret this behaviour but I'm hoping it can give you guys a clue as to what is truly the problem here. Thanks. -- Chris On 08/18/2010 10:00 AM, Daniel Müller wrote: You need ldap passwd sync = yes no unix password sync = yes Then try to change it on your linux box. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Mittwoch, 18. August 2010 15:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error: You do not have permission to change your password I am pretty sure that the password command and script is run as root, not as the user changing the password.What happens if you run the password commands on the samba server? I don't have smbldap tools on my system (Solaris, so not provided by the Sun distro) so I had to rely on the OS password tools. By default, root is not going to have sufficient privledges to change ldap passwords. If you don't enable password sync, are you able to change your Windows password? On 08/18/2010 08:49 AM, Christopher Springer wrote: I'm using Samba v3.5.4-62 on Fedora 13 PDC Using LDAP passdb backend and do the following... 1. Login as user on Windows system using domain user name and password - Login successful 2. Press Ctrl-Alt-Del 3. Press Change Password 4. Enter old and new password as prompted 5. Receive response You do not have permission to change your password. I receive the following repeated twice in /var/log/samba/log.smbd... [2010/08/17 16:13:53.884482, 0] libsmb/ntlmssp_sign.c:222(ntlmssp_check_packet) NTLMSSP NTLM1 packet check failed due to invalid signature! [2010/08/17 16:13:53.884592, 0] rpc_server/srv_pipe_hnd.c:398(process_request_pdu) process_request_pdu: failed to do auth processing. [2010/08/17 16:13:53.884668, 0] rpc_server/srv_pipe_hnd.c:399(process_request_pdu) process_request_pdu: error was NT_STATUS_ACCESS_DENIED. This was generated from a WindowsNT4 system. The issue can also be duplicated from Windows XP clients. My smb.conf file on this system (PDC): [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = yes #encrypt passwords = yes username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script =
[Samba] netbios uses incorrect broadcast value and termintaes
Hi All, I am using samba Version 3.5.4 on AIX 6.1. The installation is through pware binary ( pware53.samba.rte 3.5.4.0). There seems to be a strange issue with NetBios where it terminates with the following error logged just after starting. The diagnosis fails in step 4 of Samba Diagnosis test (nmblookup -B BIGSERVER __SAMBA_) because no netbios (nmbd) is running. snippet from nmbd logs: [2010/08/18 08:42:17, 0] nmbd/nmbd.c:857(main) nmbd version 3.5.4 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2010/08/18 08:42:17.538633, 2] lib/tallocmsg.c:106(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2010/08/18 08:42:17.538669, 2] lib/dmallocmsg.c:77(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED rlimit_max: rlimit_max (2048) below minimum Windows limit (16384) [2010/08/18 08:42:17.539962, 2] nmbd/nmbd.c:890(main) Becoming a daemon. [2010/08/18 08:42:17.567091, 2] lib/interface.c:340(add_interface) added interface en0 ip=10.209.86.7 bcast=*10.209.87.239* netmask= [2010/08/18 08:42:17.567158, 2] lib/interface.c:340(add_interface) added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask= [2010/08/18 08:42:17.567208, 2] nmbd/nmbd_subnetdb.c:299(create_subnets) create_subnets: Ignoring loopback interface. [2010/08/18 08:42:17.567289, 0] lib/util_sock.c:875(open_socket_in) bind failed on port 137 socket_addr = 10.209.87.239. Error = Can't assign requested address [2010/08/18 08:42:17.567524, 0] nmbd/nmbd_subnetdb.c:118(make_subnet) nmbd_subnetdb:make_subnet() Failed to open nmb bcast socket on interface 10.209.87.239 for port 137. Error was Can't assign requested address [2010/08/18 08:42:17.567682, 0] nmbd/nmbd.c:963(main) ERROR: Failed when creating subnet lists. Exiting. The address 10.209.87.239 is nowhere present on my system. Here is the output of ifconfig -a: bash-3.00# ifconfig -a en0: flags=5e080863,c0UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),PSEG,LARGESEND,CHAIN inet 10.209.86.7 netmask 0xfc00 broadcast 10.209.87.255 tcp_sendspace 131072 tcp_recvspace 65536 rfc1323 0 lo0: flags=e08084bUP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT inet 127.0.0.1 netmask 0xff00 broadcast 127.255.255.255 inet6 ::1/0 tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1 And here is my smb.conf file: bash-3.00# testparm Load smb config files from /opt/pware/lib/smb.conf rlimit_max: rlimit_max (2000) below minimum Windows limit (16384) Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = SAMBA allow trusted domains = No map to guest = Bad User passdb backend = smbpasswd log level = 2 passdb:3 auth:3 winbind:3 log file = /var/log/samba/log.%m load printers = No printcap name = /dev/null disable spoolss = Yes local master = No domain master = No ldap idmap suffix = ou=cifsidmap idmap backend = idmap_rid:WORKGROUP=1-2 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes kernel change notify = No dos filemode = Yes netbios name = test_nmb Please help in nailing down the issue. Regards, Yatish -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error: You do not have permission to change your password
Well, I have a partially working configuration now...that is to say that it DOES work for WinXP and later but it does NOT work for WinNT4 systems (2k not tested). I must've made a mistake in testing because now it seems that the XP systems are able to change passwords just fine. For the life of me I cannot get rid of the NTLM error messages when trying to change passwords on a WinNT4 system. I'm also having trouble figuring out what items in the Samba LDAP schema are still in use and which ones should be controlled by other applications (smbldap-usermod, pdbedit, etc). A good reference on deprecated LDAP entries would be greatly appreciated! I realize I still need to change the LDAP directory to use a separate user for replication, etc but I'm trying to take small steps here :) working smb.conf - [global] log level = 1 workgroup = CORPDOM netbios name = CORPPDC passdb backend = ldapsam:ldap://127.0.0.1 username map = /etc/samba/smbusers printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = scripts/%U.bat logon path = logon drive = security = user domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes smb ports = 139 ldap suffix = dc=brcrp,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=brcrp,dc=com ldap ssl = no ldap passwd sync = yes printing = cups [netlogon] comment = Network Logon Service path = /pub guest ok = Yes browseable = No working slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include/etc/openldap/schema/corba.schema include/etc/openldap/schema/core.schema include/etc/openldap/schema/cosine.schema include/etc/openldap/schema/duaconf.schema include/etc/openldap/schema/dyngroup.schema include/etc/openldap/schema/inetorgperson.schema include/etc/openldap/schema/java.schema include/etc/openldap/schema/misc.schema include/etc/openldap/schema/nis.schema include/etc/openldap/schema/openldap.schema include/etc/openldap/schema/ppolicy.schema include/etc/openldap/schema/collective.schema include/etc/openldap/schema/samba.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referralldap://root.openldap.org pidfile/var/run/openldap/slapd.pid argsfile/var/run/openldap/slapd.args # Load dynamic backend modules: # modulepath/usr/lib/openldap # or /usr/lib64/openldap # moduleload accesslog.la # moduleload auditlog.la # moduleload back_sql.la # moduleload denyop.la # moduleload dyngroup.la # moduleload dynlist.la # moduleload lastmod.la # moduleload pcache.la # moduleload ppolicy.la # moduleload refint.la # moduleload retcode.la # moduleload rwm.la moduleload syncprov.la # moduleload translucent.la # moduleload unique.la # moduleload valsort.la # The next three lines allow use of TLS for encrypting connections using a # dummy test certificate which you can generate by changing to # /etc/pki/tls/certs, running make slapd.pem, and fixing permissions on # slapd.pem so that the ldap user or group can read it. Your client software # may balk at self-signed certificates, however. # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt # TLSCertificateFile /etc/pki/tls/certs/slapd.pem # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem # Sample security restrictions #Require integrity protection (prevent hijacking) #Require 112-bit (3DES or better) encryption for updates #Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: #Root DSE: allow anyone to read it #Subschema (sub)entry DSE: allow anyone to read it #Other DSEs: #Allow self write access #Allow authenticated users read access #Allow anonymous users to authenticate #Directives needed to implement policy: # access to dn.base= by * read # access to dn.base=cn=Subschema by * read # access to * #by self write #by users read #by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., access to * by * read) # # rootdn can always read and write EVERYTHING!
Re: [Samba] Server Migration
On 2010-08-09 at 05:48 -0700 rsa31 sent off: However, authentication is denied for 70% of computers with the error message: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client xxx machine account xxx$. that rings a bell. You use LDAP? Even if you succeeded with 3.4 now maybe you want to try 3.5 with the second patch from https://bugzilla.samba.org/show_bug.cgi?id=7262 Cheers Björn -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] enable client to join domain with no or any password?
It looks like I am getting a little ahead of myself. Make that WAY ahead of myself. I _really_ do not understand the transaction between the client and the server when it joins or removes itself from a domain. I monitored this with log level set to 31 and wireshark running with host (server address). Then tried to remove a client from the domain first with powershell's remove-computer and then with start-control panels-system and change the name. (on client) powershell remove-computer -cred root (enter password) (enter Y) triggers on server, with logging at 31 [2010/08/18 14:04:38, 5] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/08/18 14:04:38, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/08/18 14:04:38, 10] passdb/pdb_smbpasswd.c:1283(smbpasswd_getsampwnam) getsampwnam (smbpasswd): search by name: root (runs through a zillion users like this one) [2010/08/18 14:04:38, 5] passdb/pdb_smbpasswd.c:527(getsmbfilepwent) getsmbfilepwent: returning passwd entry for user auser, uid 2288 (until it gets to this) [2010/08/18 14:04:38, 5] passdb/pdb_smbpasswd.c:527(getsmbfilepwent) getsmbfilepwent: returning passwd entry for user root, uid 0 [2010/08/18 14:04:38, 7] passdb/pdb_smbpasswd.c:346(endsmbfilepwent) endsmbfilepwent_internal: closed password file. [2010/08/18 14:04:38, 10] passdb/pdb_smbpasswd.c:1305(smbpasswd_getsampwnam) getsampwnam (smbpasswd): found by name: root [2010/08/18 14:04:38, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user root [2010/08/18 14:04:38, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2010/08/18 14:04:38, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2010/08/18 14:04:38, 10] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username root, was [2010/08/18 14:04:38, 11] passdb/pdb_get_set.c:509(pdb_set_init_flags) element 12 - now SET [2010/08/18 14:04:38, 10] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name root, was [2010/08/18 14:04:38, 11] passdb/pdb_get_set.c:509(pdb_set_init_flags) element 13 - now SET [2010/08/18 14:04:38, 10] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain SAF, was [2010/08/18 14:04:38, 11] passdb/pdb_get_set.c:521(pdb_set_init_flags) element 14 - now DEFAULT [2010/08/18 14:04:38, 11] passdb/pdb_get_set.c:521(pdb_set_init_flags) element 20 - now DEFAULT [2010/08/18 14:04:38, 10] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\safserver\profiles\root\UNKNOWN, was (it is trying to do a normal login, but this isn't a normal account, in particular it does NOT have a home directory or an existing profile) Meanwhile wireshark on the client shows 5 12:05:15.585593000 131.215.12.46 131.215.12.42 SMB_NETLOGON SAM LOGON request from client 6 12:05:15.586523000 131.215.12.42 131.215.12.46 SMB_NETLOGON SAM Response - user unknown 7 12:05:15.68510 131.215.12.46 131.215.12.42 SMB_NETLOGON Query for PDC from SAF04 8 12:05:15.68579 131.215.12.42 131.215.12.46 SMB_NETLOGON Response from PDC: host SAFSERVER, domain SAF (this disconnect fails) (On client use start- control panel - SYSTEM to change SAF (Domain) - NOTSAF (workgroup) Wireshark shows the same 4 records as above, of course with a different time stamp, but BEFORE the client prompts for an account to use. Enter the account info (root/password for room in smbpasswd) and hit return and nothing new shows up in wireshark! Huh How can the client remove itself from the server without telling the server? Perhaps that actually happens at the mandatory reboot, where, inconveniently, wireshark is not running on the client.) FINALLY, just to make life really strange, this machine has no default suffix (). That isn't the strange part, there is a SearchList registry entry (bio.caltech.edu,caltech.edu) and since the machine answers to both machine.bio.caltech.edu and machine.caltech.edu everything works fine. When the machine is added back to the Samba domain with start - control panel - system W7 pops up an error message about the default suffix, and changes the suffix to the domain name at the mandatory reboot. Yes, it was told NOT to do this (under more options). This is a problem as the Domain name is not a proper DNS suffix, so that screws up the network. It can be set back to from a command prompt with: reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v Domain /t REG_SZ /d /f but at the next boot the value is once again filled in with the Samba domain. In a command prompt ping thismachine (shows thismachine.SAF) but ping anothermachine (shows anothermachine.bio.caltech.edu) W7 seems hell bent on filling in the
[Samba] help making fileserver
Hi, folks ! Perhaps somebody can help me with a litle isuue. I´ve got a PDC with Ubuntu+Samba 3.5 +LDAP working fine in my network. But now I’m trying to implement a fileserver that autenticate against my domain server. If someone have any idea about how to do it and can give me a link or some clue about it, I really will apreciate it! Thank you very much for your time. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help Samba Configuration
Hello from Noob.. I want to mount a windows share under linux samba specified directory. But I want only the doc files to be listed... Wondows Machine (Has Myfolder, Herfolder, HisHerFolder and NooneFolder) -- All shared with read write for user1. Linux Machine has windowsDOCS under which I want to mount all the four folders. But limit showing only *.doc files to be visible. Then expose WindowsDOCS through Samba share and underneath them only doc files are visible under read mode. Can this be done? Or is there a simpler way? Anil -- View this message in context: http://old.nabble.com/Help-Samba-Configuration-tp29477856p29477856.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows 7 64 bit xerox print drivers
Samba 3.4.7 Ubuntu 10.04 Has anyone out there got Xerox 64 bit drivers working in a point and print samba set up? And if so, which Xerox drivers? And which method of driver installation? I'm at a complete loss. We currently have an environment with 500 + desktops and a couple dozen Xerox workgroup docucolor MFPs that are running fine now with XP clients and a Samba print server. We're moving to Win 7 64 bit clients over the next couple of months and this is going to be a huge stumbling block. Several months ago I posted a problem I was having installing 64 bit Xerox drivers into a shared samba queue. 32 bit drivers seem to be fine but the 64 bit are a world of pain. There didn't seem to be any resolution at that time and hoping things may have changed in the last few months. I've had success with 64 bit HP drivers ... just not Xerox. When adding the 64 bit driver as an additional driver under the sharing tab of the queue of the samba server, it complains, The specified location does not contain the driver driver name here for the requested processor architecture. It clearly is a 64 version, it will install locally. As far as cupsaddsmb is concerned ... it just doesn't seem to work with 64 bit ... unless I'm doing something wrong ... which is completely likely :) If anyone could shed some light on this, it would be immensely appreciated. Thanking you all in advance. Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help me
I need create a samba, but i need create with chroot can you explain me? eu preciso criar um samba, mas preciso que seja criado por baixo de um chroot poderiam me ensinar? Att, Gustavo Menezes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 connect to FreeBSD samba
I'm having trouble connecting my windows 7 machine to my Samba server that i set up on a FreeBSD VM. The FreeBSD version is 7.2 and the samba version is 3. I followed the directions here http://www.mrp3.com/windows-to-unix-samba.html to set it up as a domain controller exactly.. except for adding the samba_dns_update script because i didn't find it being asked for in the config file. The name of my Windows computer is Pushkin-PC so like it says in the script I added it using adduser and put it under the machines group. I added it as Pushkin-PC$ though.. as the site showed. then I did smbpasswd -a Pushkin-PC$ which also made me make a password. Then the script said to finalize it by doing the command smbpasswd -m Pushkin-PC$ .. but when I executed that command i got the errors: Failed to set password for user Pushkin-PC$. Failed to modify password entry for user Pushkin-PC$. I couldn't figure out why... Here's my config file.. all the uncommented parts: server string = WORKGROUP server string = Samba Server security = user hosts allow = 192.168.1 192.168.2 127. load printers = yes printing = cups log file = /var/log/samba/log.%m max log size = 50 passdb backend = tdbsam include = /usr/local/etc/smb.conf.%m local master = yes os level = 33 domain master = yes preferred master = auto domain logons = yes logon path = \\%L\Profiles\%U wins support = yes dns proxy = no add user script = /usr/local/sbin/smb-add-user %u add group script = /usr/local/sbin/smb-add-group %g add machine script = /usr/local/sbin/smb-add-machine %u add user to group script = /usr/local/sbin/smb-add-user-group %u %g delete user script = /usr/local/sbin/smb-rm-user %u delete user from group script = /usr/local/sbin/smb-rm-user-group %u %g delete group script = /usr/local/sbin/smb-rm-group %g [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /usr/local/lib/samba/netlogon guest ok = yes writeable = no share modes = no [profiles] path = /usr/local/lib/samba/profiles browseable = no guest ok = yes [printers] comment =All Pringers path = /var/spool/samba browseable = no guest ok = no writeable = no printable = yes anyways, when try to connect my windows pc (Pushin-PC) to samba.. i do the following command: \\192.168.198.137\Pushkin-PC$ the ip is the freebsd's ip running samba. and I get the following error: The network path was not found. Help? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 Domain adding problem
Hi, We got Windows7 we are using FreeBSD 7 and using Samba 3.3.10, I am trying to add windows 7 machine to samba Domain, It say 'The Specified Domain either does not exist or could not be contacted But it will add to domain, If i log in with the domain user it say's Trust relation between workstation the primary domain failed I have gone through this link http://wiki.samba.org/index.php/Windows http://wiki.samba.org/index.php/Windows7 7 Kindly suggest me to do over come this problem Regards Kiran Patil System Administrator Ph: (+91)80.2656.7924 | Mobile: (+91)984.561.9297 Global Automation www.global.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission issue (I think)
No love. I'm getting exactly the same thing. I have attached the log file. I blew away the log file right before I attempted the operation (I attempted a rename). It's interesting, smbstatus still reports RDONLY. I removed NT ACL support entirely (and the tcp buffer sizes) and bounced the service. -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Wednesday, August 11, 2010 10:32 AM To: Massner, Keith Cc: samba@lists.samba.org Subject: Re: [Samba] Permission issue (I think) On Wed, Aug 11, 2010 at 10:27:22AM -0700, Massner, Keith wrote: I'm attempting to modify/delete files from Vista and am getting an intermittent error that permission is denied. Frustrating. I can create new files all day long. I might be able to rename it once or twice. But then I'll get a permission denied error. I can NEVER delete a file I created. What I want is a share that is world readable, writeable, modifiable, etc. Yes, I know its insecure. But its just me. I'm using Samba 3.5.4 on CentOS 5.5, 32 bit. Yep, I have set all file permissions and ownership. Also of note is that the same directory is exported for NFS (and mounted via nfs on a media player when its turned on). NFS has no permissions problems. Lsattr shows nothing interesting. A sample of smbstatus is: 4667 500DENY_NONE 0x20089 RDONLY NONE /storage1/SharedMedia Music/Alison Krauss/Lonely Runs Both Ways/02 Restless.mp3 Wed Aug 11 01:44:54 2010 Here's my stuff: [global] log file = /var/log/samba/%m.log ; Take this out once you figure this crap out. log level = 10 netbios name = marvin interfaces = 192.168.2.11/24 usershare owner only = false null passwords = yes server string = Samba Server Version %v (%h) security = SHARE encrypt passwords = Yes username map = /etc/samba/smbusers max log size = 50 preferred master = Yes acl check permissions = No guest ok = Yes guest only = Yes nt acl support = No This may be your problem. We *never* test without NT ACL support being set to yes anymore. This option should really be removed. Remove it from your smb.conf and retry. cups options = raw load printers = No socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 Second guessing the kernel on SNDBUF and RCVBUF sizes is also a bad idea. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Is Samba supposed to work like this?
I have Samba 3.0.33-3.28.el5 running on a CentOS 5.5 server. The samba server is added as a Member server of our Windows 2003 AD, and winbind is working OK. I have a question about the assigning of permissions via the Windows XP file/folder properties dialog. My background is mainly in Windows, but I do grasp the concept of UNIX file permissions. When I attempt to modify the permissions on a folder that is in the share folder, the behavior isn't the same as it would be as if I were doing this on a Windows machine. If my user ID is not the UNIX OWNER of the share folder, then any attempt I make to change permissions gives me an access denied message. The permissions on the share are 775. Once I am the owner of the share, When I attempt to add a Windows ACE to the ACL, and give it full permissions, and click the Apply button, the entry remains, but the checkboxes for the permissions have all been cleared. I cannot get the permissions to Stick. Also, the permissions in the security tab are not always listed for a given Access Control Entry. All the checkboxes are blank, except for the Special Permissions box. I would think that If I granted ALL access to the ACE, then it should show all the boxes as checked without me having to go into the advanced screen. Is SAMBA supposed to be this different from how a Windows server would react, or is there something just not configured right in samba? Is there some sort of recommended best practices for configuring samba so it DOES work like a windows server? Follow us on twitter- Get the latest in industry updates, Health Care reform news, and other information at http://twitter.com/CBCANews. NOTICE: The information contained in this electronic message, and any attachments accompanying this transmission, may be legally privileged and/or confidential and protected health information. This information is intended only for the use of the individual(s) and/or entity identified above. The authorized recipient of this information is prohibited from disclosing this information to any other party unless required to do so by law or regulation and is required to protect the information after its stated need has been fulfilled. If you are not the intended recipient, or an employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, printing, copying, forwarding, or distributing of this information is strictly prohibited. If you have received this communication in error, please notify the sender immediately, by telephone or return fax/email, to advise of wrongful receipt and confirm your understanding of this Notice. Thank You. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (force) create mode not instantly applied
Hi, if I connect from a winxp machine to my samba share and create a new file, it does not get the permissions specified by create mask and force create mode at first. Only after I modify the permissions on the client, the file finally gets the right permissions on the server. Thereby it does not matter what I change on the client, even if I remove all access rights. After clicking OK, the permissions of the file would be set to the specified (force) create mode and cannot be changed from the client any more. Example: - connect to samba share from winxp - create file test.txt from client - file gets rw--w, but should get rw-rw-r-- (664, see smb.conf) - edit file permissions from winxp, e.g. delete all; click OK - file now has rw-rw-r-- on the server - view permissions again in winxp; correctly mapped; cannot be altered It's the same thing for creating directories (except that the initial permissions differ). When connecting from a linux client, the permissions are set correctly on file creation. I haven't tried microsoft clients other than WinXP yet. Any ideas how to make samba set the desired permissions right on file creation, without manual intervention? Here's my config: client: WinXP Prof. SP3 server: OpenSUSE 11.1 Kernel 2.6.27.45-0.1-pae Samba 3.5.4-1.1-2382-SUSE-CODE11 smb.conf: [global] server string = samba %h workgroup = MNS_SVR1 encrypt passwords = Yes printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = No local master = Yes netbios name = MNSSVR1 os level = 65 passdb backend = tdbsam security = user wins support = No pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat debug = Yes passwd chat timeout = 4 unix password sync = Yes client lanman auth = No client plaintext auth = No invalid users = root @wheel obey pam restrictions = Yes [share1] path = /data/samba-shares/share1 read only = No valid users = @share-access read list = @share-access write list = @share-write-access security mask = 0664 force security mode = 0664 create mode = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 directory security mask = 0775 force directory security mode = 0775 force group = share-write-access browseable = Yes writable = Yes map archive = No map hidden = No map readonly = No vfs objects = scannedonly scannedonly:domain_socket = True scannedonly:socketname = /var/lib/scannedonly/scannedonly-socket Thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] admin users = user0 (how force admin permission?)
Hi folks :-) in a samba share I've: valid users = user0 user1 user2 user3 admin users = user0 If I write a new file by user0 (admin) this file has root permission: -rw-r--r-- 1 root user0 131870 2010-08-06 15:35 20100806 name_of_file can I force to have an user0 permission like this (maintening admin user option in samba?): -rw-r--r-- 1 user0 user0 131870 2010-08-06 15:35 20100806 name_of_file thanks :-) Pol -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba ACL sub folder permission changes
Dear samba team, Please help me on the below issue. I have connected a samba share from my device to my windows XP machine . that samba share has ACL support enabled . 1) The shared folder names is user1 and the user name I logged into samba share is also user1. 2) I have created a text file , and sub folder in the samba share from my windows PC. 3) I can change write permission of the owner user1 and the group users , and Everyone from the security - advanced settings - 4) for the sub folder I cannot change the permissions for the owner user1 , I can change for the group users and Everyone also. whenever I tried to disable the Write attributes and Write extended attributes , it is simply ignoring the changes and again showing full control in advance security windows. Please suggest how to handle this?. here is my samba.conf -[Global] server string= storage Workgroup= WORKGROUP security= user domain master= yes preferred master= yes local master= yes os level= 20 invalid users= bin daemon adm sync shutdown halt mail news uucp gopher map to guest= Bad User host msdfs= yes null passwords= yes strict allocate= no encrypt passwords= yes passdb backend= smbpasswd printcap name= lpstat printing= cups printable= no load printers= yes max smbd processes= 500 max smbd processes= 2500 getwd cache= yes display charset= UTF-8 log level= 10 syslog= 0 max log size= 50 use sendfile= yes [Printers] path= /mnt/soho_storage/samba/spool printable= yes only guest= yes use client driver= yes comment= All Printers [Backups] path= /mnt/soho_storage/samba/shares/SP0/Backups/ max connections= 50 max connections= 250 directory mode= 0777 create mode= 0777 follow symlinks= yes wide links= no nt acl support= no dos filemode= no writeable= yes public= yes store dos attributes= yes write list= guest [Documents] path= /mnt/soho_storage/samba/shares/SP0/Documents/ max connections= 50 max connections= 250 directory mode= 0777 create mode= 0777 follow symlinks= yes wide links= no nt acl support= no dos filemode= no writeable= yes public= yes store dos attributes= yes write list= guest [Pictures] path= /mnt/soho_storage/samba/shares/SP0/Pictures/ max connections= 50 max connections= 250 directory mode= 0777 create mode= 0777 follow symlinks= yes wide links= no nt acl support= no dos filemode= no writeable= yes public= yes store dos attributes= yes write list= guest [user1] path= /mnt/soho_storage/samba/shares/SP0/user1/ max connections= 50 max connections= 250 directory mode= 0777 create mode= 0777 follow symlinks= yes wide links= no nt acl support= yes dos filemode= yes writeable= no valid users= admin user1 user2 store dos attributes= yes write list= admin user1 user2 [user2] path= /mnt/soho_storage/samba/shares/SP0/user2/ max connections= 50 max connections= 250 directory mode= 0777 create mode= 0777 follow symlinks= yes wide links= no nt acl support= yes dos filemode= yes writeable= no valid users= admin user1 user2 store dos attributes= yes write list= admin user1 user2 -- Thanks in advance Suresh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Authenticate to existing LDAP server
Hello, I am on a college campus that has an existing LDAP server that I cannot change. I would like to configure my Samba server to authenticate using the campus LDAP, however the LDAP server only has the userPassword field, and no Samba-specific entries. I've got the Linux box on which the Samba server is installed, working great authenticating user logins against the campus LDAP. Now I'd like to do the same for Samba. Any ideas anyone? Thank you!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba/Winbind issue
Hi, I have an issue with Samba using winbind. We have Active Directory groups with underscores (for example sambagroup_underscore). But an underscore in Samba (Unix) is a space in Active Directory. So my question is what character is used in Samba (Unix) for an underscore in Active Directory? Or are there other solutions to solve this? I would be very happy if you can help me! Met vriendelijke groet, Kind regards, Walter van der Heijden | AIX/RedHat System Specialist ABN AMRO | IO /Expertise /Midrange /Unix Polanerbaan 11 | 3447 GN Woerden | Netherlands | W04.00.40 Tel.: +31 (0) 30 2260597 Denk aan het milieu voordat u deze e-mail print * DISCLAIMER * This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V, which has its seat at Amsterdam, the Netherlands, and is registered in the Commercial Register under number 34334259, including its group companies, shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. - Dit bericht (inclusief de eventuele bijlagen) is vertrouwelijk. Wanneer u dit bericht ten onrechte heeft ontvangen, dient u de afzender hiervan onmiddellijk per kerende e-mail op de hoogte te brengen en dit bericht te verwijderen uit uw systeem. Elk onbevoegd gebruik en/of onbevoegde verspreiding van dit bericht is niet toegestaan. U wordt erop gewezen dat e-mail berichten aan wijziging onderhevig kunnen zijn. ABN AMRO Bank N.V., statutair gevestigd te Amsterdam en ingeschreven in het handelsregister van de Kamer van Koophandel onder nummer 34334259, en haar groepsmaatschappijen, is niet aansprakelijk voor de onjuiste en onvolledige overdracht van de informatie in dit bericht noch voor mogelijke vertraging in de ontvangst van dit bericht of schade aan uw systeem als gevolg van dit bericht. ABN AMRO Bank N.V. (en haar groepsmaatschappijen) staat er niet voor in dat de integriteit van dit bericht behouden is gebleven noch dat dit bericht vrij is van virussen, niet is onderschept of vatbaar is geweest voor tussenkomst (door derden). * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] authentication from one samba to another
Hi, We have one samba server in our office. Let take it as A. We have created one new samba on another machine. Let take it as a B. Can users of A server authenticate using their credential with B server. I dont want to copy smb passwd file between the servers. Regards, Vidyadhar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Wed Aug 18 06:00:02 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-08-17 00:00:03.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-08-18 00:00:03.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Tue Aug 17 06:00:02 2010 +Build status as of Wed Aug 18 06:00:02 2010 Build counts: Tree Total Broken Panic @@ -16,7 +16,7 @@ samba_3_current 32 32 4 samba_3_master 32 31 0 samba_3_next 32 32 5 -samba_4_0_waf 36 34 3 +samba_4_0_waf 36 33 2 talloc 32 6 0 tdb 30 8 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5a2f6c9... s3:selftest This test does not fail anymore (Samba4's smbtorture has been fixed) from effc61c... smbtorture: Make SAMBA3CASEINSENSITIVE report failures properly. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5a2f6c970027aacf8505d0971b44907900959f6d Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 18 13:15:03 2010 +1000 s3:selftest This test does not fail anymore (Samba4's smbtorture has been fixed) --- Summary of changes: source3/selftest/knownfail |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/selftest/knownfail b/source3/selftest/knownfail index 803d973..e69de29 100644 --- a/source3/selftest/knownfail +++ b/source3/selftest/knownfail @@ -1 +0,0 @@ -samba3.posix_s3.rpc.spoolss.notify # currently broken, see https://bugzilla.samba.org/show_bug.cgi?id=7486 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 59289d4... s3-build: only include smb_signing.h where needed. from 5a2f6c9... s3:selftest This test does not fail anymore (Samba4's smbtorture has been fixed) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 59289d4fa9e5f6f2ff6abd13e8f07ca6ee3e2a3c Author: Günther Deschner g...@samba.org Date: Tue Aug 17 15:03:58 2010 +0200 s3-build: only include smb_signing.h where needed. Guenther --- Summary of changes: source3/include/includes.h |1 - source3/libsmb/clientgen.c |1 + source3/libsmb/clisigning.c |1 + source3/libsmb/smb_signing.c |1 + source3/param/loadparm.c |2 ++ source3/smbd/signing.c |2 +- 6 files changed, 6 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/includes.h b/source3/include/includes.h index 23ea30a..64b4a77 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -639,7 +639,6 @@ extern void *cmdline_lp_ctx; #include messages.h #include locking.h #include smb_perfcount.h -#include smb_signing.h #include smb.h #include nameserv.h #include ../lib/util/byteorder.h diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 608288d..5c6c86d 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -19,6 +19,7 @@ */ #include includes.h +#include smb_signing.h /*** Setup the word count and byte count for a client smb message. diff --git a/source3/libsmb/clisigning.c b/source3/libsmb/clisigning.c index 0d0e926..1752edb 100644 --- a/source3/libsmb/clisigning.c +++ b/source3/libsmb/clisigning.c @@ -20,6 +20,7 @@ */ #include includes.h +#include smb_signing.h bool cli_simple_set_signing(struct cli_state *cli, const DATA_BLOB user_session_key, diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index d4b350f..c926b48 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -21,6 +21,7 @@ #include includes.h #include ../lib/crypto/md5.h +#include smb_signing.h /* Used by the SMB signing functions. */ diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index fa74470..f02ef26 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -60,6 +60,8 @@ #include ads.h #include ../librpc/gen_ndr/svcctl.h +#include smb_signing.h + #ifdef HAVE_SYS_SYSCTL_H #include sys/sysctl.h #endif diff --git a/source3/smbd/signing.c b/source3/smbd/signing.c index 5370f57..ad7fa87 100644 --- a/source3/smbd/signing.c +++ b/source3/smbd/signing.c @@ -21,7 +21,7 @@ #include includes.h #include smbd/globals.h - +#include smb_signing.h /*** Called to validate an incoming packet from the client. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 536d4d4... s3: Fix an uninitialized variable via a847f13... s3: Use pipe_struct-client_id-name for pjob.clientmachine via 29093bc... s3: Move initializing pjob.clientname to print_job_start() via 4b5e252... s3: Add client_id to pipes_struct via 6d10684... s3: Remove unneeded client_address from connection_struct via 7b6835e... s3: Add smbd_server_connection-client_id via ac7b633... s3: Lift smbd_server_fd from reload_services() from 59289d4... s3-build: only include smb_signing.h where needed. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 536d4d48bfc3e915be210988fa7d9f6433d875f2 Author: Volker Lendecke v...@samba.org Date: Wed Aug 18 11:17:52 2010 +0200 s3: Fix an uninitialized variable commit a847f13d7b0c8606471792a50e9c64d1f6bd430c Author: Volker Lendecke v...@samba.org Date: Tue Aug 17 09:34:27 2010 +0200 s3: Use pipe_struct-client_id-name for pjob.clientmachine commit 29093bc0009bbcd5f9a98a2f4611fc3eb65f2539 Author: Volker Lendecke v...@samba.org Date: Tue Aug 17 09:17:26 2010 +0200 s3: Move initializing pjob.clientname to print_job_start() commit 4b5e252354660501576c8452f48514852f40270e Author: Volker Lendecke v...@samba.org Date: Mon Aug 16 11:01:26 2010 +0200 s3: Add client_id to pipes_struct commit 6d10684556e9f9e847ec03dd8af057e8d4558e35 Author: Volker Lendecke v...@samba.org Date: Mon Aug 16 09:39:29 2010 +0200 s3: Remove unneeded client_address from connection_struct commit 7b6835ec1da127713d0a412edcbe0a3c1bcc6192 Author: Volker Lendecke v...@samba.org Date: Mon Aug 16 08:30:36 2010 +0200 s3: Add smbd_server_connection-client_id commit ac7b63384d3f8afdb768f95e7744380f4df07d76 Author: Volker Lendecke v...@samba.org Date: Sun Aug 15 16:13:00 2010 +0200 s3: Lift smbd_server_fd from reload_services() --- Summary of changes: source3/auth/auth_ntlmssp.c|2 +- source3/include/ntdomain.h |2 +- source3/include/printing.h |1 + source3/include/proto.h|7 +-- source3/include/smb.h |7 +-- source3/lib/util_sock.c|5 ++--- source3/printing/nt_printing_migrate.c |1 + source3/printing/printing.c| 11 +++ source3/rpc_server/rpc_ncacn_np_internal.c | 15 --- source3/rpc_server/srv_netlog_nt.c |5 +++-- source3/rpc_server/srv_pipe_hnd.c | 17 +++-- source3/rpc_server/srv_spoolss_nt.c| 15 --- source3/rpc_server/srv_spoolss_util.c |1 + source3/smbd/connection.c |2 +- source3/smbd/globals.h |1 + source3/smbd/lanman.c | 14 +++--- source3/smbd/negprot.c |4 ++-- source3/smbd/pipes.c |1 + source3/smbd/process.c |6 +++--- source3/smbd/reply.c |2 +- source3/smbd/server.c | 27 --- source3/smbd/server_reload.c | 11 ++- source3/smbd/service.c | 14 ++ source3/smbd/sesssetup.c | 10 +- source3/smbd/smb2_sesssetup.c |2 +- source3/torture/vfstest.c |2 +- source3/winbindd/winbindd_samr.c |2 ++ 27 files changed, 107 insertions(+), 80 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index a910201..d533ac9 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -122,7 +122,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, /* sub_set_smb_name checks for weird internally */ sub_set_smb_name(auth_ntlmssp_state-ntlmssp_state-user); - reload_services(smbd_messaging_context(), True); + reload_services(smbd_messaging_context(), smbd_server_fd(), True); nt_status = make_user_info_map(user_info, auth_ntlmssp_state-ntlmssp_state-user, diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 071e915..073efe5 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -131,7 +131,7 @@ struct pipe_auth_data { struct pipes_struct { struct pipes_struct *next, *prev; - char client_address[INET6_ADDRSTRLEN]; + struct client_address *client_id; struct auth_serversupplied_info *server_info; struct messaging_context *msg_ctx; diff --git a/source3/include/printing.h b/source3/include/printing.h index b5fd98d..a16917f 100644 ---
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 937da4d... s3-lib: Fixed a possible crash bug. via 555b175... s3-printing: Added function to update the queue. via 7e9d602... s3-printing: Rename jobs_changed functions to jobs_added. from 536d4d4... s3: Fix an uninitialized variable http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 937da4d14111e1cd32f514a9382291f12764c1c9 Author: Andreas Schneider a...@samba.org Date: Wed Aug 18 12:08:47 2010 +0200 s3-lib: Fixed a possible crash bug. Volker please check! commit 555b175212d5c7e5b8628d4d5e3cba4541037dbb Author: Andreas Schneider a...@samba.org Date: Thu Apr 29 14:00:30 2010 +0200 s3-printing: Added function to update the queue. commit 7e9d6021c91919f2e457e1e471cb253886aad9aa Author: Andreas Schneider a...@samba.org Date: Thu Apr 29 13:43:40 2010 +0200 s3-printing: Rename jobs_changed functions to jobs_added. --- Summary of changes: source3/include/printing.h |2 +- source3/lib/serverid.c |2 + source3/printing/printing.c | 256 +-- 3 files changed, 203 insertions(+), 57 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/printing.h b/source3/include/printing.h index a16917f..180f6a0 100644 --- a/source3/include/printing.h +++ b/source3/include/printing.h @@ -83,7 +83,7 @@ extern struct printif iprint_printif; #ifndef PRINT_SPOOL_PREFIX #define PRINT_SPOOL_PREFIX smbprn. #endif -#define PRINT_DATABASE_VERSION 6 +#define PRINT_DATABASE_VERSION 7 /* There can be this many printing tdb's open, plus any locked ones. */ #define MAX_PRINT_DBS_OPEN 1 diff --git a/source3/lib/serverid.c b/source3/lib/serverid.c index 5523eca..6adad7e 100644 --- a/source3/lib/serverid.c +++ b/source3/lib/serverid.c @@ -157,6 +157,8 @@ bool serverid_register_msg_flags(const struct server_id id, bool do_reg, data-msg_flags = ~msg_flags; } + ZERO_STRUCT(tdbdata); + status = rec-store(rec, tdbdata, 0); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, (Storing serverid.tdb record failed: %s\n, diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 4240ddf..ca6139c 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -30,7 +30,7 @@ extern struct current_user current_user; extern userdom_struct current_user_info; /* Current printer interface */ -static bool remove_from_jobs_changed(const char* sharename, uint32 jobid); +static bool remove_from_jobs_added(const char* sharename, uint32 jobid); /* the printing backend revolves around a tdb database that stores the @@ -558,19 +558,97 @@ static uint32 map_to_spoolss_status(uint32 lpq_status) return 0; } +/*** + Append a jobid to the 'jobs changed' list. +***/ + +static bool add_to_jobs_changed(struct tdb_print_db *pdb, uint32_t jobid) +{ + TDB_DATA data; + uint32_t store_jobid; + + SIVAL(store_jobid, 0, jobid); + data.dptr = (uint8 *) store_jobid; + data.dsize = 4; + + DEBUG(10,(add_to_jobs_added: Added jobid %u\n, (unsigned int)jobid )); + + return (tdb_append(pdb-tdb, string_tdb_data(INFO/jobs_changed), + data) == 0); +} + +/*** + Remove a jobid from the 'jobs changed' list. +***/ + +static bool remove_from_jobs_changed(const char* sharename, uint32_t jobid) +{ + struct tdb_print_db *pdb = get_print_db_byname(sharename); + TDB_DATA data, key; + size_t job_count, i; + bool ret = False; + bool gotlock = False; + + if (!pdb) { + return False; + } + + ZERO_STRUCT(data); + + key = string_tdb_data(INFO/jobs_changed); + + if (tdb_chainlock_with_timeout(pdb-tdb, key, 5) == -1) + goto out; + + gotlock = True; + + data = tdb_fetch(pdb-tdb, key); + + if (data.dptr == NULL || data.dsize == 0 || (data.dsize % 4 != 0)) + goto out; + + job_count = data.dsize / 4; + for (i = 0; i job_count; i++) { + uint32 ch_jobid; + + ch_jobid = IVAL(data.dptr, i*4); + if (ch_jobid == jobid) { + if (i job_count -1 ) + memmove(data.dptr + (i*4), data.dptr + (i*4) + 4, (job_count - i - 1)*4 ); + data.dsize -= 4; + if (tdb_store(pdb-tdb, key, data, TDB_REPLACE) == -1) + goto out; + break; +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b9353c6... s3: Fix serverid_register_msg_flags from 937da4d... s3-lib: Fixed a possible crash bug. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b9353c65c0662895c8e87f3d1c6657ccfa12 Author: Volker Lendecke v...@samba.org Date: Wed Aug 18 13:20:50 2010 +0200 s3: Fix serverid_register_msg_flags Thanks, Andreas, for pointing this out! (How drunk have I been?...) --- Summary of changes: source3/lib/serverid.c |6 ++ 1 files changed, 2 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/serverid.c b/source3/lib/serverid.c index 6adad7e..0fac375 100644 --- a/source3/lib/serverid.c +++ b/source3/lib/serverid.c @@ -124,7 +124,7 @@ bool serverid_register_msg_flags(const struct server_id id, bool do_reg, struct serverid_key key; struct serverid_data *data; struct db_record *rec; - TDB_DATA tdbkey, tdbdata; + TDB_DATA tdbkey; NTSTATUS status; bool ret = false; @@ -157,9 +157,7 @@ bool serverid_register_msg_flags(const struct server_id id, bool do_reg, data-msg_flags = ~msg_flags; } - ZERO_STRUCT(tdbdata); - - status = rec-store(rec, tdbdata, 0); + status = rec-store(rec, rec-value, 0); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, (Storing serverid.tdb record failed: %s\n, nt_errstr(status))); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 71dfa62... s3-ads: cleanup ads_keytab_list() via 64d8300... s3-ads: cleanup ads_keytab_create_default() via 3a99123... s3-ads: cleanup ads_keytab_add_entry() via d6d1ed8... s3-ads: Split, simplify and cleanup keytab functions from b9353c6... s3: Fix serverid_register_msg_flags http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 71dfa62b61380396785c7856c38f45c77c966ff0 Author: Simo Sorce i...@samba.org Date: Wed Aug 18 06:46:53 2010 -0400 s3-ads: cleanup ads_keytab_list() commit 64d8300a56eb0891389a5a2afc5e4902c2d909a2 Author: Simo Sorce i...@samba.org Date: Wed Aug 18 06:09:27 2010 -0400 s3-ads: cleanup ads_keytab_create_default() commit 3a9912370dc36500d207aeb9d1ae58834526b6c3 Author: Simo Sorce i...@samba.org Date: Wed Aug 18 04:33:32 2010 -0400 s3-ads: cleanup ads_keytab_add_entry() commit d6d1ed8bdfb290ac6e1fa4264f2b84d0e4790d98 Author: Simo Sorce i...@samba.org Date: Wed Aug 18 04:16:41 2010 -0400 s3-ads: Split, simplify and cleanup keytab functions add helper function for both smb_krb5_kt_add_entry_ext() and ads_keytab_flush() --- Summary of changes: source3/libads/kerberos_keytab.c | 756 -- 1 files changed, 404 insertions(+), 352 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index 386ce83..d2215ec 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -35,130 +35,184 @@ /** **/ -int smb_krb5_kt_add_entry_ext(krb5_context context, - krb5_keytab keytab, - krb5_kvno kvno, - const char *princ_s, - krb5_enctype *enctypes, - krb5_data password, - bool no_salt, - bool keep_old_entries) +static krb5_error_code seek_and_delete_old_entries(krb5_context context, + krb5_keytab keytab, + krb5_kvno kvno, + const char *princ_s, + krb5_principal princ, + bool flush, + bool keep_old_entries) { - krb5_error_code ret = 0; + krb5_error_code ret; krb5_kt_cursor cursor; + krb5_kt_cursor zero_csr; krb5_keytab_entry kt_entry; - krb5_principal princ = NULL; - int i; + krb5_keytab_entry zero_kt_entry; char *ktprinc = NULL; - ZERO_STRUCT(kt_entry); ZERO_STRUCT(cursor); - - ret = smb_krb5_parse_name(context, princ_s, princ); - if (ret) { - DEBUG(1,(smb_krb5_kt_add_entry_ext: smb_krb5_parse_name(%s) failed (%s)\n, princ_s, error_message(ret))); - goto out; - } + ZERO_STRUCT(zero_csr); + ZERO_STRUCT(kt_entry); + ZERO_STRUCT(zero_kt_entry); - /* Seek and delete old keytab entries */ ret = krb5_kt_start_seq_get(context, keytab, cursor); - if (ret != KRB5_KT_END ret != ENOENT ) { - DEBUG(3,(smb_krb5_kt_add_entry_ext: Will try to delete old keytab entries\n)); - while(!krb5_kt_next_entry(context, keytab, kt_entry, cursor)) { - bool compare_name_ok = False; + if (ret == KRB5_KT_END ret == ENOENT ) { + /* no entries */ + return 0; + } + + DEBUG(3, (__location__ : Will try to delete old keytab entries\n)); + while (!krb5_kt_next_entry(context, keytab, kt_entry, cursor)) { + bool name_ok = False; - ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, ktprinc); + if (!flush (princ_s != NULL)) { + ret = smb_krb5_unparse_name(talloc_tos(), context, + kt_entry.principal, + ktprinc); if (ret) { - DEBUG(1,(smb_krb5_kt_add_entry_ext: smb_krb5_unparse_name failed (%s)\n, - error_message(ret))); + DEBUG(1, (__location__ + : smb_krb5_unparse_name failed + (%s)\n, error_message(ret))); goto out;
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d7c8fb2... s3: async cli_list via 77761d9... s3: Add cli_flush from 71dfa62... s3-ads: cleanup ads_keytab_list() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d7c8fb21bb0a29bb7227d4b242aba2f1524f6c48 Author: Volker Lendecke v...@samba.org Date: Tue Aug 10 07:44:15 2010 +0200 s3: async cli_list commit 77761d9adcf34a9d1cd4567422c98efac101b3f6 Author: Volker Lendecke v...@samba.org Date: Fri Aug 13 14:01:03 2010 +0200 s3: Add cli_flush --- Summary of changes: source3/include/proto.h| 31 +- source3/libsmb/clifile.c | 103 + source3/libsmb/clilist.c | 1043 +++- source3/torture/masktest.c | 47 ++- source3/torture/torture.c |9 +- 5 files changed, 811 insertions(+), 422 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 5c664eb..4f63a77 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2070,6 +2070,8 @@ NTSTATUS cli_ntcreate(struct cli_state *cli, uint16_t *pfid); uint8_t *smb_bytes_push_str(uint8_t *buf, bool ucs2, const char *str, size_t str_len, size_t *pconverted_size); +uint8_t *smb_bytes_push_bytes(uint8_t *buf, uint8_t prefix, + const uint8_t *bytes, size_t num_bytes); struct tevent_req *cli_open_create(TALLOC_CTX *mem_ctx, struct event_context *ev, struct cli_state *cli, const char *fname, @@ -2334,12 +2336,22 @@ bool unwrap_pac(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, DATA_BLOB *unwrapped_ /* The following definitions come from libsmb/clilist.c */ -int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, -void (*fn)(const char *, struct file_info *, const char *, - void *), void *state); -int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, -void (*fn)(const char *, struct file_info *, const char *, - void *), void *state); +NTSTATUS cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, + void (*fn)(const char *, struct file_info *, +const char *, void *), void *state); +NTSTATUS cli_list_trans(struct cli_state *cli, const char *mask, + uint16_t attribute, int info_level, + void (*fn)(const char *mnt, struct file_info *finfo, + const char *mask, void *private_data), + void *private_data); +struct tevent_req *cli_list_send(TALLOC_CTX *mem_ctx, +struct tevent_context *ev, +struct cli_state *cli, +const char *mask, +uint16_t attribute, +uint16_t info_level); +NTSTATUS cli_list_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, + struct file_info **finfo, size_t *num_finfo); NTSTATUS cli_list(struct cli_state *cli,const char *Mask,uint16 attribute, void (*fn)(const char *, struct file_info *, const char *, void *), void *state); @@ -2483,6 +2495,13 @@ NTSTATUS cli_qpathinfo(TALLOC_CTX *mem_ctx, struct cli_state *cli, uint32_t max_rdata, uint8_t **rdata, uint32_t *num_rdata); +struct tevent_req *cli_flush_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct cli_state *cli, + uint16_t fnum); +NTSTATUS cli_flush_recv(struct tevent_req *req); +NTSTATUS cli_flush(TALLOC_CTX *mem_ctx, struct cli_state *cli, uint16_t fnum); + /* The following definitions come from libsmb/clirap2.c */ struct rap_group_info_1; struct rap_user_info_1; diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index 48af0cc..d6b2e31 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -91,6 +91,26 @@ uint8_t *smb_bytes_push_str(uint8_t *buf, bool ucs2, true, pconverted_size); } +uint8_t *smb_bytes_push_bytes(uint8_t *buf, uint8_t prefix, + const uint8_t *bytes, size_t num_bytes) +{ + size_t buflen; + + if (buf == NULL) { + return NULL; + } + buflen = talloc_get_size(buf); + + buf = TALLOC_REALLOC_ARRAY(NULL, buf, uint8_t, + buflen + 1 + num_bytes); + if (buf == NULL) { + return NULL; + } + buf[buflen] = prefix; + memcpy(buf[buflen+1],
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1ab17f1... s3-ads: Remove unused wrapper and make function static from d7c8fb2... s3: async cli_list http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1ab17f13a27429d34439c0ba3b77685e3a55c2c3 Author: Simo Sorce i...@samba.org Date: Wed Aug 18 09:36:54 2010 -0400 s3-ads: Remove unused wrapper and make function static --- Summary of changes: source3/include/krb5_protos.h|8 --- source3/libads/kerberos_keytab.c | 39 +++-- 2 files changed, 12 insertions(+), 35 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h index 0b8aa71..e229a14 100644 --- a/source3/include/krb5_protos.h +++ b/source3/include/krb5_protos.h @@ -124,14 +124,6 @@ krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx, krb5_context context, krb5_keytab keytab, const char **keytab_name); -int smb_krb5_kt_add_entry_ext(krb5_context context, - krb5_keytab keytab, - krb5_kvno kvno, - const char *princ_s, - krb5_enctype *enctypes, - krb5_data password, - bool no_salt, - bool keep_old_entries); krb5_error_code smb_krb5_get_credentials(krb5_context context, krb5_ccache ccache, krb5_principal me, diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index d2215ec..10c7087 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -180,14 +180,14 @@ out: return ret; } -int smb_krb5_kt_add_entry_ext(krb5_context context, - krb5_keytab keytab, - krb5_kvno kvno, - const char *princ_s, - krb5_enctype *enctypes, - krb5_data password, - bool no_salt, - bool keep_old_entries) +static int smb_krb5_kt_add_entry(krb5_context context, +krb5_keytab keytab, +krb5_kvno kvno, +const char *princ_s, +krb5_enctype *enctypes, +krb5_data password, +bool no_salt, +bool keep_old_entries) { krb5_error_code ret; krb5_keytab_entry kt_entry; @@ -250,23 +250,6 @@ out: return (int)ret; } -static int smb_krb5_kt_add_entry(krb5_context context, -krb5_keytab keytab, -krb5_kvno kvno, -const char *princ_s, -krb5_enctype *enctypes, -krb5_data password) -{ - return smb_krb5_kt_add_entry_ext(context, -keytab, -kvno, -princ_s, -enctypes, -password, -false, -false); -} - /** Adds a single service principal, i.e. 'host' to the system keytab ***/ @@ -415,7 +398,8 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) /* add the fqdn principal to the keytab */ ret = smb_krb5_kt_add_entry(context, keytab, kvno, - princ_s, enctypes, password); + princ_s, enctypes, password, + false, false); if (ret) { DEBUG(1, (__location__ : Failed to add entry to keytab\n)); goto out; @@ -424,7 +408,8 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) /* add the short principal name if we have one */ if (short_princ_s) { ret = smb_krb5_kt_add_entry(context, keytab, kvno, - short_princ_s, enctypes, password); + short_princ_s, enctypes, password, + false, false); if (ret) { DEBUG(1, (__location__
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ce60e8d... librpc/rpc: call do_ndr_print hook in dcerpc_binding_handle_call*() from 1ab17f1... s3-ads: Remove unused wrapper and make function static http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ce60e8d69735bc2d5c6f776c84dea2e17dae95ac Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 18 15:47:15 2010 +0200 librpc/rpc: call do_ndr_print hook in dcerpc_binding_handle_call*() metze --- Summary of changes: librpc/rpc/binding_handle.c | 10 ++ 1 files changed, 10 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/rpc/binding_handle.c b/librpc/rpc/binding_handle.c index 153d7d1..75b2ded 100644 --- a/librpc/rpc/binding_handle.c +++ b/librpc/rpc/binding_handle.c @@ -311,6 +311,11 @@ struct tevent_req *dcerpc_binding_handle_call_send(TALLOC_CTX *mem_ctx, state-push-flags |= LIBNDR_FLAG_NDR64; } + if (h-ops-do_ndr_print) { + h-ops-do_ndr_print(h, NDR_IN | NDR_SET_VALUES, +state-r_ptr, state-call); + } + /* push the structure into a blob */ ndr_err = state-call-ndr_push(state-push, NDR_IN, state-r_ptr); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -401,6 +406,11 @@ static void dcerpc_binding_handle_call_done(struct tevent_req *subreq) return; } + if (h-ops-do_ndr_print) { + h-ops-do_ndr_print(h, NDR_OUT, +state-r_ptr, state-call); + } + if (h-ops-ndr_validate_out) { error = h-ops-ndr_validate_out(h, state-pull, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8f7bf85... s3: Remove an unused variable from ce60e8d... librpc/rpc: call do_ndr_print hook in dcerpc_binding_handle_call*() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8f7bf85c40068523b607b01a141d24e27b9f4be1 Author: Volker Lendecke v...@samba.org Date: Wed Aug 18 16:44:04 2010 +0200 s3: Remove an unused variable --- Summary of changes: source3/smbd/service.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/service.c b/source3/smbd/service.c index d66a7a0..ef74b39 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -650,7 +650,6 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, struct smb_filename *smb_fname_cpath = NULL; fstring dev; int ret; - char *addr; bool on_err_call_dis_hook = false; bool claimed_connection = false; uid_t effuid; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via ec78096... From master: b9353c65c0662895c8e87f3d1c6657ccfa12. from 0060b1e... s3:winbindd: don't ignore 'result' in wb_dsgetdcname_done() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ec78096e7cc4ca60dd8741a065fd33156001558b Author: Jeremy Allison j...@samba.org Date: Wed Aug 18 11:07:49 2010 -0700 From master: b9353c65c0662895c8e87f3d1c6657ccfa12. Volker Lendecke v...@samba.org s3: Fix serverid_register_msg_flags. --- Summary of changes: source3/lib/serverid.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/serverid.c b/source3/lib/serverid.c index 5523eca..0fac375 100644 --- a/source3/lib/serverid.c +++ b/source3/lib/serverid.c @@ -124,7 +124,7 @@ bool serverid_register_msg_flags(const struct server_id id, bool do_reg, struct serverid_key key; struct serverid_data *data; struct db_record *rec; - TDB_DATA tdbkey, tdbdata; + TDB_DATA tdbkey; NTSTATUS status; bool ret = false; @@ -157,7 +157,7 @@ bool serverid_register_msg_flags(const struct server_id id, bool do_reg, data-msg_flags = ~msg_flags; } - status = rec-store(rec, tdbdata, 0); + status = rec-store(rec, rec-value, 0); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, (Storing serverid.tdb record failed: %s\n, nt_errstr(status))); -- Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch v3-6-test updated
On Wed, Aug 18, 2010 at 01:08:44PM -0500, Jeremy Allison wrote: The branch, v3-6-test has been updated via ec78096... From master: b9353c65c0662895c8e87f3d1c6657ccfa12. from 0060b1e... s3:winbindd: don't ignore 'result' in wb_dsgetdcname_done() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ec78096e7cc4ca60dd8741a065fd33156001558b Author: Jeremy Allison j...@samba.org Date: Wed Aug 18 11:07:49 2010 -0700 From master: b9353c65c0662895c8e87f3d1c6657ccfa12. Volker Lendecke v...@samba.org s3: Fix serverid_register_msg_flags. Thanks! I'd forgotten 3.6. Volker
[SCM] CTDB repository - branch master updated - ctdb-1.0.114-250-g25c4ce7
The branch, master has been updated via 25c4ce7e919f13226219f036bcffd2be76b2f06c (commit) from c3eb53509331045074579468d94ed7e31101bba4 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 25c4ce7e919f13226219f036bcffd2be76b2f06c Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Aug 19 07:18:22 2010 +1000 On RHEL,service nfs stop;service nfs start and service nfs restart sometimes (very rarely) fails to restart the service. Add a function to restart NFSd on SLES and RHEL-like systems. If we detect the system is unhealthy due to kNFSd not running, try to restart the service again service nfs restart and hope for the best. CQ1019372 --- Summary of changes: config/events.d/60.nfs |7 ++- config/functions |7 +++ 2 files changed, 13 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/config/events.d/60.nfs b/config/events.d/60.nfs index d403792..637efe8 100755 --- a/config/events.d/60.nfs +++ b/config/events.d/60.nfs @@ -78,7 +78,12 @@ case $1 in # check that NFS responds to rpc requests [ $CTDB_NFS_SKIP_KNFSD_ALIVE_CHECK = yes ] || { - ctdb_check_rpc NFS 13 3 + (ctdb_check_rpc NFS 13 3) + [ $? = 0 ] || { + echo Trying to restart NFS service + startstop_nfs restart + exit 1 + } } # and that its directories are available diff --git a/config/functions b/config/functions index 69c5ce1..35b7db2 100755 --- a/config/functions +++ b/config/functions @@ -366,6 +366,9 @@ startstop_nfs() { stop) service nfsserver stop /dev/null 21 ;; + restart) + service nfsserver restart + ;; esac ;; rhel) @@ -378,6 +381,10 @@ startstop_nfs() { service nfs stop /dev/null 21 service nfslock stop /dev/null 21 ;; + restart) + service nfslock restart + service nfs restart + ;; esac ;; *) -- CTDB repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3423060... Fix bug 7563 - Creation of symlink using smbclient is buggy. from 8f7bf85... s3: Remove an unused variable http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 34230608dfa7e9f4aa0c633e7a92df37ca94d28f Author: Jeremy Allison j...@samba.org Date: Mon Aug 16 16:31:33 2010 -0700 Fix bug 7563 - Creation of symlink using smbclient is buggy. Fix semantics of symlink. oldpath should be an untouched blob, newpath should fit the share path semantics. Jeremy. --- Summary of changes: source3/client/client.c | 22 +- 1 files changed, 9 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/client/client.c b/source3/client/client.c index e11e3bf..ce5b4e6 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -2869,21 +2869,16 @@ static int cmd_symlink(void) char *newname = NULL; char *buf = NULL; char *buf2 = NULL; - char *targetname = NULL; - struct cli_state *targetcli; + struct cli_state *newcli; if (!next_token_talloc(ctx, cmd_ptr,buf,NULL) || !next_token_talloc(ctx, cmd_ptr,buf2,NULL)) { d_printf(symlink oldname newname\n); return 1; } - oldname = talloc_asprintf(ctx, - %s%s, - client_get_cur_dir(), - buf); - if (!oldname) { - return 1; - } + /* Oldname (link target) must be an untouched blob. */ + oldname = buf; + newname = talloc_asprintf(ctx, %s%s, client_get_cur_dir(), @@ -2892,19 +2887,20 @@ static int cmd_symlink(void) return 1; } - if (!cli_resolve_path(ctx, , auth_info, cli, oldname, targetcli, targetname)) { + /* New name must be present in share namespace. */ + if (!cli_resolve_path(ctx, , auth_info, cli, newname, newcli, newname)) { d_printf(link %s: %s\n, oldname, cli_errstr(cli)); return 1; } - if (!SERVER_HAS_UNIX_CIFS(targetcli)) { + if (!SERVER_HAS_UNIX_CIFS(newcli)) { d_printf(Server doesn't support UNIX CIFS calls.\n); return 1; } - if (!NT_STATUS_IS_OK(cli_posix_symlink(targetcli, targetname, newname))) { + if (!NT_STATUS_IS_OK(cli_posix_symlink(newcli, oldname, newname))) { d_printf(%s symlinking files (%s - %s)\n, - cli_errstr(targetcli), newname, targetname); + cli_errstr(newcli), newname, newname); return 1; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 2e7c697... Fix bug 7563 - Creation of symlink using smbclient is buggy. from ec78096... From master: b9353c65c0662895c8e87f3d1c6657ccfa12. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 2e7c697f1c4f81c30029b47949dd8b1013a0aa97 Author: Jeremy Allison j...@samba.org Date: Mon Aug 16 16:31:33 2010 -0700 Fix bug 7563 - Creation of symlink using smbclient is buggy. Fix semantics of symlink. oldpath should be an untouched blob, newpath should fit the share path semantics. Jeremy. --- Summary of changes: source3/client/client.c | 22 +- 1 files changed, 9 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/client/client.c b/source3/client/client.c index 81e3cd4..b0c931c 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -2845,21 +2845,16 @@ static int cmd_symlink(void) char *newname = NULL; char *buf = NULL; char *buf2 = NULL; - char *targetname = NULL; - struct cli_state *targetcli; + struct cli_state *newcli; if (!next_token_talloc(ctx, cmd_ptr,buf,NULL) || !next_token_talloc(ctx, cmd_ptr,buf2,NULL)) { d_printf(symlink oldname newname\n); return 1; } - oldname = talloc_asprintf(ctx, - %s%s, - client_get_cur_dir(), - buf); - if (!oldname) { - return 1; - } + /* Oldname (link target) must be an untouched blob. */ + oldname = buf; + newname = talloc_asprintf(ctx, %s%s, client_get_cur_dir(), @@ -2868,19 +2863,20 @@ static int cmd_symlink(void) return 1; } - if (!cli_resolve_path(ctx, , auth_info, cli, oldname, targetcli, targetname)) { + /* New name must be present in share namespace. */ + if (!cli_resolve_path(ctx, , auth_info, cli, newname, newcli, newname)) { d_printf(link %s: %s\n, oldname, cli_errstr(cli)); return 1; } - if (!SERVER_HAS_UNIX_CIFS(targetcli)) { + if (!SERVER_HAS_UNIX_CIFS(newcli)) { d_printf(Server doesn't support UNIX CIFS calls.\n); return 1; } - if (!NT_STATUS_IS_OK(cli_posix_symlink(targetcli, targetname, newname))) { + if (!NT_STATUS_IS_OK(cli_posix_symlink(newcli, oldname, newname))) { d_printf(%s symlinking files (%s - %s)\n, - cli_errstr(targetcli), newname, targetname); + cli_errstr(newcli), newname, newname); return 1; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via da25541... Fix bug 7626 - Typo in configure samba_cv__CC_NEGATIVE_ENUM_VALUES two underscores. from 3423060... Fix bug 7563 - Creation of symlink using smbclient is buggy. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit da2554117e2d9dc4bde7d47d6e81d5d572ca1d02 Author: Jeremy Allison j...@samba.org Date: Wed Aug 18 16:25:15 2010 -0700 Fix bug 7626 - Typo in configure samba_cv__CC_NEGATIVE_ENUM_VALUES two underscores. Noticed by b...@sernet.de. --- Summary of changes: source3/configure.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 627ec7f..5156159 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -343,7 +343,7 @@ AC_CACHE_CHECK([that the C compiler understands negative enum values],samba_cv_C return 0; } ], - samba_cv_CC_NEGATIVE_ENUM_VALUES=yes,samba_cv__CC_NEGATIVE_ENUM_VALUES=no)]) + samba_cv_CC_NEGATIVE_ENUM_VALUES=yes,samba_cv_CC_NEGATIVE_ENUM_VALUES=no)]) if test x$samba_cv_CC_NEGATIVE_ENUM_VALUES != xyes; then AC_MSG_WARN([using --uint-enums for pidl]) PIDL_ARGS=$PIDL_ARGS --uint-enums -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via b26e86c... Fix bug 7626 - Typo in configure samba_cv__CC_NEGATIVE_ENUM_VALUES two underscores. from 2e7c697... Fix bug 7563 - Creation of symlink using smbclient is buggy. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit b26e86c3b11ec38f0f5a9d4ce3ea3256946e5353 Author: Jeremy Allison j...@samba.org Date: Wed Aug 18 16:25:15 2010 -0700 Fix bug 7626 - Typo in configure samba_cv__CC_NEGATIVE_ENUM_VALUES two underscores. Noticed by b...@sernet.de. (cherry picked from commit da2554117e2d9dc4bde7d47d6e81d5d572ca1d02) --- Summary of changes: source3/configure.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index bfd6abb..cb685c6 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -339,7 +339,7 @@ AC_CACHE_CHECK([that the C compiler understands negative enum values],samba_cv_C return 0; } ], - samba_cv_CC_NEGATIVE_ENUM_VALUES=yes,samba_cv__CC_NEGATIVE_ENUM_VALUES=no)]) + samba_cv_CC_NEGATIVE_ENUM_VALUES=yes,samba_cv_CC_NEGATIVE_ENUM_VALUES=no)]) if test x$samba_cv_CC_NEGATIVE_ENUM_VALUES != xyes; then AC_MSG_WARN([using --uint-enums for pidl]) PIDL_ARGS=$PIDL_ARGS --uint-enums -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 89899f5... s4-drs: ATTIDs for deleted attributes should be based on msDs-IntId value if it exists via e050274... s4-test: make better error message for ATTID checks via c3cf388... s4-test: Change attribute syntax and value for readability via a46ead0... s4-test: Enable drs.rpc.msdsintid test case - it should be passing now via 6950724... s4-dsdb: No need for dsdb_syntax_one_DN_drsuapi_to_ldb() to be public via 6a51afc... s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDs via 35d886d... s4-dsdb-syntax: ATTID should be msDs-IntId value for the attributeSchema object via fffc98f... s4: fix few comment typos via d01804d... s4-schema_syntax.c: Fix white spaces and alignment via c5ec1f3... s4-dsdb: Use dsdb_syntax_ctx in *_drsuapi_to_ldb functions via b5af7b9... s4-dsdb: Use dsdb_syntax_ctx in *_ldb_to_drsuapi functions via ca80918... s4-dsdb: Use dsdb_syntax_ctx in *_validate_ldb functions via b7d1586... s4-dsdb: Add context structure for dsdb_syntax conversion functions via 20a8481... s4-test-dssync: remove unused variable from da25541... Fix bug 7626 - Typo in configure samba_cv__CC_NEGATIVE_ENUM_VALUES two underscores. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 89899f55dc1fb137a0adfd734c87b65039f598a4 Author: Kamen Mazdrashki kame...@samba.org Date: Thu Aug 19 03:17:36 2010 +0300 s4-drs: ATTIDs for deleted attributes should be based on msDs-IntId value if it exists commit e05027401f4733e43b62148fa5c59559f49b4c1b Author: Kamen Mazdrashki kame...@samba.org Date: Thu Aug 19 03:08:29 2010 +0300 s4-test: make better error message for ATTID checks commit c3cf388eaf322b7646aa464774baa324be81a56d Author: Kamen Mazdrashki kame...@samba.org Date: Thu Aug 19 02:47:14 2010 +0300 s4-test: Change attribute syntax and value for readability When it comes to read logs and dumping data received Octet String syntax comes in handy commit a46ead0724f54a6034913fe5d1da077140d58133 Author: Kamen Mazdrashki kame...@samba.org Date: Wed Aug 18 13:21:10 2010 +0300 s4-test: Enable drs.rpc.msdsintid test case - it should be passing now commit 695072478d5d5bd476524228fc09cde200abcf6b Author: Kamen Mazdrashki kame...@samba.org Date: Wed Aug 18 03:19:45 2010 +0300 s4-dsdb: No need for dsdb_syntax_one_DN_drsuapi_to_ldb() to be public It is intended to be used in schema_syntax.c module commit 6a51afcfdbcbce7813fb59c0655e4178268ca70e Author: Kamen Mazdrashki kame...@samba.org Date: Wed Aug 18 03:52:48 2010 +0300 s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDs Depending on which NC is being replicated, GetNCChanges() returns either ATTID based on local prefixMap or msDs-IntId value of the attributeSchema class for the attribute being replicated. If set, msDs-IntId value is always returned when replicating object form NC other than Schema NC. Objects in Schema NC replica always use prefixMap based ATTIDs. commit 35d886db176123b3ef3a0436463f59edcaed1322 Author: Kamen Mazdrashki kame...@samba.org Date: Wed Aug 18 03:06:53 2010 +0300 s4-dsdb-syntax: ATTID should be msDs-IntId value for the attributeSchema object in case object replicated is not in Schema NC and attributeSchema object has msDs-IntId attribute value set commit fffc98f33e333b8711da053e5cd5ddcc601cd275 Author: Kamen Mazdrashki kame...@samba.org Date: Tue Aug 17 04:48:24 2010 +0300 s4: fix few comment typos commit d01804dda9d1e1793f3e1d2f863ced7e900c Author: Kamen Mazdrashki kame...@samba.org Date: Tue Aug 17 04:44:52 2010 +0300 s4-schema_syntax.c: Fix white spaces and alignment commit c5ec1f3d9246f5737279340bf1755baf542d982b Author: Kamen Mazdrashki kame...@samba.org Date: Tue Aug 17 04:20:46 2010 +0300 s4-dsdb: Use dsdb_syntax_ctx in *_drsuapi_to_ldb functions commit b5af7b9a1eb70db949c83fe6b55e402b82a2a9a4 Author: Kamen Mazdrashki kame...@samba.org Date: Tue Aug 17 04:12:54 2010 +0300 s4-dsdb: Use dsdb_syntax_ctx in *_ldb_to_drsuapi functions commit ca809186137e259060032ef61d9d3e93cddad298 Author: Kamen Mazdrashki kame...@samba.org Date: Tue Aug 17 03:58:26 2010 +0300 s4-dsdb: Use dsdb_syntax_ctx in *_validate_ldb functions commit b7d1586ccd05a78a4fae512c54fa39dda408e08b Author: Kamen Mazdrashki kame...@samba.org Date: Tue Aug 17 03:21:46 2010 +0300 s4-dsdb: Add context structure for dsdb_syntax conversion functions This structure is intended to hold context-dependent data. Syntax-conversion and object-conversion functions need that data to convert objects and attributes from drs-to-ldb and ldb-to-drs correctly. For instance: ATTID value depends on whether we are converting object from
[SCM] CTDB repository - branch master updated - ctdb-1.0.114-259-g3afa5d9
The branch, master has been updated via 3afa5d945a56952a7f211af068d671945de960e5 (commit) via 13e58d92f5f1723e850a82ae030d0ca57e89b1ee (commit) via dc301b324d2c14a2425a965c076113c4fe97903e (commit) via 68b3761a0874429b90731741f0531f76dcfbb081 (commit) via 08f7f85477610a4916c1ec866aa467b28f1bbec3 (commit) via aeb70c7e7822854eb87873a5c7783e27e6e72318 (commit) via d8df6835a931082af232c4b94f1dede6f16169f9 (commit) via 8e518950ba281502318d6300f7a5ec6cdf6b5674 (commit) via f5d7dc679501e607c2c83a248a89d3cada9df146 (commit) from 25c4ce7e919f13226219f036bcffd2be76b2f06c (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 3afa5d945a56952a7f211af068d671945de960e5 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Aug 19 14:48:19 2010 +1000 We need the deprecated talloc_append_string() for now so set the TALLOC_DEPRECATED sympol to allow use of this call from ctdb_client.c commit 13e58d92f5f1723e850a82ae030d0ca57e89b1ee Merge: dc301b324d2c14a2425a965c076113c4fe97903e 68b3761a0874429b90731741f0531f76dcfbb081 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Aug 19 13:17:56 2010 +1000 Merge commit 'rusty/ports-from-1.0.112' into foo commit dc301b324d2c14a2425a965c076113c4fe97903e Merge: 25c4ce7e919f13226219f036bcffd2be76b2f06c d8df6835a931082af232c4b94f1dede6f16169f9 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Aug 19 13:16:35 2010 +1000 Merge commit 'rusty/vacuum-fix-master' commit 68b3761a0874429b90731741f0531f76dcfbb081 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jul 19 19:29:09 2010 +0930 logging: give a unique logging name to each forked child. This means we can distinguish which child is logging, esp. via syslog where we have no pid. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 08f7f85477610a4916c1ec866aa467b28f1bbec3 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jul 26 13:58:48 2010 +0930 takeover: prevent crash by avoiding free in traverse on RST timeout After 5 attempts to send a RST to a client without any response, we free con; this is done during a traverse. This frees the node we are walking through (the node is made a child of con down in rb_tree.c's trbt_create_node() (Valgrind would catch this, as Martin confirmed). So, we create a temporary parent and reparent onto that; then we free that parent after the traverse, thus deleting the unwanted nodes. CQ:S1019041 Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit aeb70c7e7822854eb87873a5c7783e27e6e72318 Author: Martin Schwenke mar...@meltin.net Date: Tue Jul 6 17:54:43 2010 +1000 Move NAT gateway firewall rules to recovered|updatenatgw events. The existing code wasn't working as designed in the start event. It should work here. BZ: 62613 Signed-off-by: Martin Schwenke mar...@meltin.net commit d8df6835a931082af232c4b94f1dede6f16169f9 Author: Rusty Russell ru...@rustcorp.com.au Date: Wed Jul 21 12:28:04 2010 +0930 vacuum: disabling vacuuming during a freeze We shouldn't even think about vacuuming when we've frozen the database (which is earlier than when we set CTDB_RECOVERY_ACTIVE) CQ:S1018154 S1018349 Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 8e518950ba281502318d6300f7a5ec6cdf6b5674 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jul 26 16:08:07 2010 +0930 vacuum: fix crash on vacuum abort Martin Schwenke discovered that 517f05e42f17766b1e8db8f1f4789cbad968e304 (freeze: abort vacuuming when we're going to freeze.) used ctdb_db for a logging message which is in fact uninitialized, causing a crash (even if it wasn't actually logged). Initialize it properly. Also fix incorrect format in another logging message introduced in that same change. CQ:S1019093 Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit f5d7dc679501e607c2c83a248a89d3cada9df146 Author: Rusty Russell ru...@rustcorp.com.au Date: Wed Jul 21 12:29:55 2010 +0930 freeze: abort vacuuming when we're going to freeze. There are some reports of freeze timeouts, and it looks like vacuuming might be the culprit. So we add code to tell them to abort when a freeze is going on. (This is based on the 1.0.112 branch version 517f05e42f, but far simpler since tdb is now robust against processes being killed during transaction commit) CQ:S1018154 S1018349 Signed-off-by: Rusty Russell ru...@rustcorp.com.au --- Summary of changes: client/ctdb_client.c | 11 ++- common/ctdb_logging.c|2 +- config/events.d/11.natgw |6 ++ include/ctdb_client.h