[Samba] samba caching group memberships
Hi all, our setup is Samba 3.3 in W2K8 domain. It seems samba cache group memberships somewhere and after adding user to a new group it's necessary to relogin for that user to get new memberships. Is it possible to eliminate that nasty procedure? Thanks. -- Vladimir Vassiliev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows seven
Hello, i'm using samba 3.2.5 on debian lenny. Our service have some windows 7 station. I saw on the wiki (http://wiki.samba.org/index.php/Windows7) that only Samba 3.4 and Samba 3.3 worked. Is there really no way to make work samba 3.2.5 (as domain controller)with windows 7. If not, what is the best way? use backport, compile the last samba version (wich version) or wait for the next debian version ? thanks for your help -- --- Pascal --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net ads printer publish ?
Should that command work? I'm getting Unable to do enumdataex error. Samba version is 3.5.6, windows drivers are installed and cupsaddsmb command is done. Domain controller is samba4 git version less than month old. regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba caching group memberships
Actually, this group cache behavior is *Windows* behavior. Group membership is loaded at login time and not refreshed until you log out and back in. It's annoying @ times. Having been a Novell NetWare user in my ancient past, it was something of a shock to me too. Brian C. On Oct 21, 2010 2:35 AM, Vladimir Vassiliev v...@edu.yar.ru wrote: Hi all, our setup is Samba 3.3 in W2K8 domain. It seems samba cache group memberships somewhere and after adding user to a new group it's necessary to relogin for that user to get new memberships. Is it possible to eliminate that nasty procedure? Thanks. -- Vladimir Vassiliev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows seven
Is there really no way to make work samba 3.2.5 (as domain controller)with windows 7. No If not, what is the best way? use backport, compile the last samba version (wich version) or wait for the next debian version Very good quality, pre-compiled Enterprise Samba versions for several OSs, including Debian: ftp://ftp.sernet.de/pub/samba/ http://ftp.sernet.de/pub/samba/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows seven
Dne 21.10.2010 11:50, Pascal Legrand napsal(a): Hello, i'm using samba 3.2.5 on debian lenny. Our service have some windows 7 station. I saw on the wiki (http://wiki.samba.org/index.php/Windows7) that only Samba 3.4 and Samba 3.3 worked. Is there really no way to make work samba 3.2.5 (as domain controller)with windows 7. If not, what is the best way? use backport, compile the last samba version (wich version) or wait for the next debian version ? thanks for your help Use debian backports, now its official supported deb http://www.backports.org/debian lenny-backports main contrib non-free -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Accented characters in share names
Nicolas Jungers wrote: I'm facing a problem that should be common but for which I don't find much info. I'm trying to smbmount some smb share served by a w2k3 server. I've no problem to mount the shares unless their name includes accented letters. I've successfully replaced the spaces in the names by \040 but replacing the accented letter by their UTF-8 and latin-1 in octal value, but that doesn't seems to do the trick. The client is a ubuntu 10.04 with mount.cifs version: 1.12-3.4.7 Anybody knows the way to express arbitrary characters in a smbmount stanza? Current mount.cifs version in the 3.4 series seems to be 1.14-3.4.9. Guessing: I think w2k3 uses UCS-2; what happens if you replace the accented letter by its UCS-2 code? Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows seven
On Thu, 21 Oct 2010 12:50:26 +0200, Vladimir Psenicka vladimir.pseni...@gmail.com wrote: Dne 21.10.2010 11:50, Pascal Legrand napsal(a): Hello, i'm using samba 3.2.5 on debian lenny. Our service have some windows 7 station. I saw on the wiki (http://wiki.samba.org/index.php/Windows7) that only Samba 3.4 and Samba 3.3 worked. Is there really no way to make work samba 3.2.5 (as domain controller)with windows 7. If not, what is the best way? use backport, compile the last samba version (wich version) or wait for the next debian version ? thanks for your help Use debian backports, now its official supported deb http://www.backports.org/debian lenny-backports main contrib non-free Hello i use backports version of samba on debian lenny successfully for now 8 months without any problem on 3 domain controllers for my company. --- Le domaine famille-fontes.net est auto hébergé à mon domicile. Contactez moi si vous souhaitez faire de même. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error was Transport endpoint is not connected
Inactivity timeout either on the NAS or somewhere else on the network? If the network connectivity is interrupted, that would break the backup and give a genuine transport endpoint error. Does changing the time of the job make any difference? Moray. To err is human. To purr, feline Gaiseric Vandal wrote: The following may help explain the error: http://wiki.samba.org/index.php/Samba_Myths So if you copy the file it is OK, but if the backup job runs an integrity check first it fails? What is involved in the integrity check? Is it somehow opening a connection to the server before starting the integrity check? On 10/19/2010 03:05 AM, robert.gehr wrote: I tried it with smb ports 139 to no avail. Same problem. The backup job takes that long because the windows box first runs an integrity check. If I just copy the file manually it takes a couple of minutes. As already mentioned the other samba server 3.4.7 works without any problems. What does that error message actually mean? Does it mean a network error has occurred, the server has run into a timeout, the server can no longer resolve the name of the client or what? Ideas are welcome. Rob On Fri, 2010-10-15 at 14:57 +0200, Gaiseric Vandal wrote: Did you try changing smb.conf on the NAS to be port 139 only? Also, it seems that 55 GB should not take one hour to copy (55 GBytes is 440 Gbit, and at 1 Gbit/sec and 60 secs / min, the transfer sohuld take about minutes- at least in theory.) I am guessing it is dropping because it tries to reestablish a connection part way through the transfer. On 10/15/2010 07:12 AM, robert.gehr wrote: Nice try. The backup fails exactly the moment the message appears in the log. So I would say it is something to worry about. Has really no one any ideas why this all of a sudden comes up. Thanks for any hints Rob On Tue, 2010-10-12 at 08:41 +0200, Daniel Müller wrote: This message only says: I established to one of the ports 139 or 445 and dropped the other. It is nothing to trouble about. --- EDV Daniel Mller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tbingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Montag, 11. Oktober 2010 16:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error was Transport endpoint is not connected By default samba listens on two TCP ports- 445 and 139. You can specify this in smb.conf smb ports = 445 139 445 is the newer smb over tcp.139 is the older smb over netbios over tcp/ip. 445 was for Windows 2000 and newer clients.. I am not sure why samba enables 445 by default since as far as I know it does not support smb-over-tcp (without the NBT/netbios over tcp stuff.) If you set smb ports = 139 in your smb.conf you should see endpoint messages disappear. I think what happens is Win 2000 (and newer) clients will initially try to connect on port 445, find it isn't really compatible, and then dump down to NBT on port 139. So your NAS may be occasionally connecting on port 139 without problems and occasionally connecting on port 445, and which point it fails. OR- the endpoint errors may be completely unrelated, but you just don't look for when when the NAS is working. Is the NAS part of the domain? Is it a windows or linux/samba based device? My samba server is a PDC. XP clients in the domain connect with no problems regardless of if smb ports is 139 only or 139 + 445. XP/Win7 clients NOT in the domain can't connect to shares if 445 is disabled, which indicates they are connecting to 445 1st. On 10/11/2010 08:57 AM, robert.gehr wrote: Hello All I used to back up a Mssql database (about 55GB) to a samba share without any problems. The samba server Server-A was running version 3.4.7 We just got one of those Netgear ReadyNas3200 things and I tried to backup up to a share there which sometimes works and sometimes not in wich case I get the following error: snip--- [2010/10/08 21:32:26.937834, 0] lib/util_sock.c:474(read_fd_with_timeout) [2010/10/08 21:32:26.966404, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. ---snap- The samba version on the ReadyNas is 3.5.4 On the windows side nothing has changed apart form the destination to the new share. The ReadyNas performs pretty well and I do not get any network errors or otherwise. To rule out some network problem I exported a nfs share on the ReadyNas which I
Re: [Samba] samba caching group memberships
Thanks. Still not clear for me is it cached on SMB-server when SMB-client connects or on client when user logs in? 21.10.2010 14:20, Brian Cowan пишет: Actually, this group cache behavior is *Windows* behavior. Group membership is loaded at login time and not refreshed until you log out and back in. It's annoying @ times. Having been a Novell NetWare user in my ancient past, it was something of a shock to me too. Brian C. -- Vladimir Vassiliev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrading Samba-LDAP
John Drescher wrote: I am looking to upgrade my Samba server to Samba 3.5.x from Samba 3.0.20 and openldap from 2.2.13 to 2.3.43. Is there anyway to do this and still keep my current domain intact? The interest in upgrading is so that we can suppport Win 7 systems. Of course you can keep your current domain intact. Do you have more than 1 ldap server? I highly recommend that. John Is it really as simple as just migrating my ldap data over to another ldap version on a server with a new release of Samba and changing the local sids? I may have gotten confused when reading something in the upgrade from 3.0.x to the 3.0.23 version in the documentation. (old documentation) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Broken support for Smart Card Logon in Windows 2003 and XP
17 okt 2010 kl. 20.31 skrev Николай Домуховский: 2010/10/7 Love Hörnquist Åstrand l...@kth.se: 6 okt 2010 kl. 02:49 skrev Michael Wood: hx509_cms_create_signed function and make sigctx.cmsidflag always equal CMS_ID_NAME) I think this failed because you are looking at enveloped data and not signed data. try patching fill_CMSIdentifier() in hx509_cms_envelope_1() instead. Love Thanks, Love. I've tried patching hx509_cms_ebvelope_1() but it didn't help. But now, I'm think, I've found real issue: XP box include in KRB5_AS_REQ only one supported digest algorithm: md5withRSAEncryption (1.2.840.113549.1.1.4) (and this is only supported algorithm for XP, 2000 and 2003 - this is written in secrion 2.2 of MS-PKCA). But response from Samba (I found a way to decrypt it!!!) contains digital signature made with sha512WithRSAEncryptions (in fact it is rather hard to understand openssl ans1parse output, but fact that there is no md5withRSAEncryption signature). So it looks like some bug in Heimdal code - I will investigate it further and try to locate exact place, where wrong signature formed, but maybe you already know answer... P.S. If you need I can send trafic capture files and decrypted KDC answers (both form Windows DC and from Samba). You can probably change the code in kdc/pkinit.c around 870 that sets up the supported cms types it will use, if you use hx509_signature_rsa_with_md5() and hx509_signature_md5() instead of SHA1 it might work for you. Love -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] getpeername failed
Hello all, I have a simple share on samba 3.2.5-4lenny13 defined like this : [global] workgroup = MYDOMAIN realm = MYDOMAIN.ORG server string = %h server security = ADS obey pam restrictions = Yes load printers = No idmap uid = 1-2 idmap gid = 1-2 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes [myshare] comment = myshare path = /home/myshare valid users = MYDOMAIN\myuser1, MYDOMAIN\myuser2 write list = MYDOMAIN\myuser1, MYDOMAIN\myuser2 force group = mygroup read only = No I can mount it from a linux for any user. I can access it from a Windows7 for myuser1 (admin on AD). getent passwd | grep myuser2 return myuser2. But I have this message for myuser2 (not admin) on W7 : getpeername failed. Error was Noeud final de transport n'est pas connecté read_socket_with_timeout: client 0.0.0.0 read error = Aucun chemin d'accès pour atteindre l'hôte cible. I browsed Google and the only response I saw was an upgrade of samba but I can't (need to be in stable Debian version), and it doesn't explain why myuser1 can connect. Please CC me because I'm not subscribed. Thank's in advance. -- David Dumortier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming profiles and delete files reappearing.
Hello. I see a lot of people having this problem, but found not solution so far. The setup: samba 3.0.37 on FreeBSD 7.3/i386 acting as PDC; a similar BDC (only amd64) and XP clients. Users have roaming profiles on the PDC. What happens is: _ a laptop user disconnects from the network (so the local and server profiles are fully synchronized); _ at home [s]he deletes some files; _ back in the office, he connects to the net and logons; _ Windows copies everything missing back from the net, so what [s]he deleted is there again. This happens on more than one client (although I cannot tell if it happens on all of them). Considering other replies I've seen: _ I already disabled offline caching on the profile's share; _ I disabled Windows restore points; _ I have no folder redirections; _ the users only use their computer (they do not logon on different ones); _ the clocks are synchronized; _ the clients are updated to the latest SP. No errors are logged in smbd.log or in Windows's Event Viewer or displayed at logon/logoff. From full_audit's log, I see that, at logon, Windows succesfully reads any file that is in the server copy of the profile. My guess is that the client does not do any date comparison to check which profile is newer, but I have no idea why. Any help? bye Thanks av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming profiles and delete files reappearing.
Hello. I see a lot of people having this problem, but found not solution so far. The setup: samba 3.0.37 on FreeBSD 7.3/i386 acting as PDC; a similar BDC (only amd64) and XP clients. Users have roaming profiles on the PDC. What happens is: _ a laptop user disconnects from the network (so the local and server profiles are fully synchronized); _ at home [s]he deletes some files; _ back in the office, he connects to the net and logons; _ Windows copies everything missing back from the net, so what [s]he deleted is there again. This happens on more than one client (although I cannot tell if it happens on all of them). Considering other replies I've seen: _ I already disabled offline caching on the profile's share; _ I disabled Windows restore points; _ I have no folder redirections; _ the users only use their computer (they do not logon on different ones); _ the clocks are synchronized; _ the clients are updated to the latest SP. No errors are logged in smbd.log or in Windows's Event Viewer or displayed at logon/logoff. From full_audit's log, I see that, at logon, Windows succesfully reads any file that is in the server copy of the profile. My guess is that the client does not do any date comparison to check which profile is newer, but I have no idea why. Any help? bye Thanks av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming profiles and delete files reappearing.
Hello. I see a lot of people having this problem, but found not solution so far. The setup: samba 3.0.37 on FreeBSD 7.3/i386 acting as PDC; a similar BDC (only amd64) and XP clients. Users have roaming profiles on the PDC. What happens is: _ a laptop user disconnects from the network (so the local and server profiles are fully synchronized); _ at home [s]he deletes some files; _ back in the office, he connects to the net and logons; _ Windows copies everything missing back from the net, so what [s]he deleted is there again. This happens on more than one client (although I cannot tell if it happens on all of them). Considering other replies I've seen: _ I already disabled offline caching on the profile's share; _ I disabled Windows restore points; _ I have no folder redirections; _ the users only use their computer (they do not logon on different ones); _ the clocks are synchronized; _ the clients are updated to the latest SP. No errors are logged in smbd.log or in Windows's Event Viewer or displayed at logon/logoff. From full_audit's log, I see that, at logon, Windows succesfully reads any file that is in the server copy of the profile. My guess is that the client does not do any date comparison to check which profile is newer, but I have no idea why. Any help? bye Thanks av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] HELP Documentation for Installation of SAMBA
HI, Can you please provide a step by step guide on installing and configuring SAMBA on AIX 6.1 server. Thanks Regards, Sameer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Joining ubuntu client to samba domain
Hi I have installed a smba pdc with openLDAP. With windows clients i can use it without problems (join the domain, login with users ). But i can't join the domain with my ubuntu client 10.04. I have try this to join: sudo net join -W firma1 -U administrator but i get the following error: cannot join as standalone machine. smb.conf: [global] # Domain name .. workgroup = firma1 # Server name - as seen by Windows PCs .. netbios name = ldap # Be a PDC .. domain logons = Yes domain master = Yes # Be a WINS server .. wins support = true security = domain obey pam restrictions = Yes dns proxy = No os level = 35 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes # Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del unix password sync = no ldap passwd sync = yes # Printing from PCs will go via CUPS .. load printers = yes printing = cups printcap name = cups # Use LDAP for Samba user accounts and groups .. passdb backend = ldapsam:ldap://localhost # This must match init.ldif .. ldap suffix = dc=firma1,dc=de # The password for cn=admin MUST be stored in /etc/samba/secrets.tdb # This is done by running 'sudo smbpasswd -w'. ldap admin dn = cn=admin,dc=firma1,dc=de # 4 OUs that Samba uses when creating user accounts, computer accounts, etc. # (Because we are using smbldap-tools, call them 'Users', 'Computers', etc.) ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap # Samba and LDAP server are on the same server in this firma1. ldap ssl = no # Scripts for Samba to use if it creates users, groups, etc. add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' # Script that Samba users when a PC joins the domain .. # (when changing 'Computer Properties' on the PC) add machine script = /usr/sbin/smbldap-useradd -w '%u' # Values used when a new user is created .. # (Note: '%L' does not work properly with smbldap-tools 0.9.4-1) logon drive = logon home = logon path = logon script = # This is required for Windows XP client .. server signing = auto server schannel = Auto [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No [Profiles] comment = Roaming Profile Share path = /var/lib/samba/profiles read only = Noprofile acls = Yes browsable = No -- View this message in context: http://samba.2283325.n4.nabble.com/Joining-ubuntu-client-to-samba-domain-tp3005055p3005055.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] too many queued ntlmauthenticator requests and squid failed
Hi Guys, I have been running squid with AD authentication and security group authentication for the last 6 months, and suddenly squid failed with the following error message (squid): Too many queued ntlmauthenticator requests. (I tried to start squid in a off peak time there were only 35 users, still it says Too many queued ntlmauthenticator requests. What can cause this issue ? Iam using samba-3.4.8-59.fc12.x86_64 samba-winbind-clients-3.4.8-59.fc12.x86_64 samba-common-3.4.8-59.fc12.x86_64 samba-client-3.4.8-59.fc12.x86_64 samba-winbind-devel-3.4.8-59.fc12.x86_64 samba-winbind-3.4.8-59.fc12.x86_64 Squid Cache: Version 3.0.STABLE24 configure options: '--prefix=3D/usr/local/squid' '--enable-auth=3Dntlm,bas= ic' '--enable-external-acl-helpers=3Dwbinfo_group' and also iam getting the following error [2010/10/18 10:28:58, 3] winbindd/winbindd_cm.c:1597(connection_ok) connection_ok: Connection to for domain xxx is not connected (but if I use the net join command it says joined to domain) According to my squid report normally there are 700 people connecting to the proxy, but now its says winbind maximum connection exceeds 200, Squid working fine without AD authentication through smb/winbind This is my smb.conf [global] workgroup =zzz realm = zz.COM password server = * #netbios name = server string = Samba file and print server security = ADS encrypt passwords = yes log level = 2 log file = /var/log/samba/%m max log size = 50 winbind separator = \. #printcap name = cups #printing = cups ##new idmap cache time = 1800 idmap negative cache time = 300 winbind cache time = 1800 ##end new idmap uid = 15000-2 idmap gid = 15000-2 #winbind use default domain = yes nt acl support = yes map acl inherit = yes winbind enum users = yes winbind enum groups = yes #client ntlmv2 auth = yes template homedir = /home/%D/%U template shell = /bin/bash ldap passwd sync = yes Appreciate your help on this. Thanks, Tharanga -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows seven
THanks for your answers. But what about dependancy ? when i install samba (and only samba) from backports, does the system install also dependancy from backports ? what about the system stability? sorry but i'm not very strong with backports use thanks again -- --- Pascal --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows seven
Dne 21.10.2010 13:50, Pascal Legrand napsal(a): THanks for your answers. But what about dependancy ? when i install samba (and only samba) from backports, does the system install also dependancy from backports ? Yes what about the system stability? It works :-) sorry but i'm not very strong with backports use thanks again -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change password via ctrl+alt+del
Hello Samba Friends, I'm using openldap as well. The users can change the password with ctrl+alt+del. However the parameter ``sambaPwdCanChange'' is set to 0. So this can not be the only trick. On Tue, Oct 12, 2010 at 08:03:28AM +0200, Daniel Müller wrote: If you are with openldap You need to set for the user : sambaPwdCanChange=1 For Your Domain: sambaMaxPwdAge to your needs --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Dienstag, 12. Oktober 2010 01:47 An: samba@lists.samba.org Betreff: Re: [Samba] Change password via ctrl+alt+del Is this an XP machine? Do you have password sync enabled? If password sync is enabled BUT the chat script (or whatever mechanism you use to change the unix password) is broken then password change can fail. The first thing I would try would be disabling the password sync feature and seeing if that works. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Rodolfo Barbosa Sent: Monday, October 11, 2010 6:41 PM To: samba@lists.samba.org Subject: [Samba] Change password via ctrl+alt+del Guys, How do I enable the password changing via ctrl+alt+del on a windows workstation? This function worked on my previous PDC but I can't get it work on my actual PDC. I looked at the samba log file of the workstation and I saw the following line: user cannot change password now, must wait until never Debian GNU Linux 5.0 Samba 3.5.5 LDAP backend Thank's -- Rodolfo Barbosa Lunar Consultoria barbosa.rodo...@lunarconsultoria.com.br CEL: +55 (35) 9132-0764 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, De jrus wah, Willy * Dr. W.K. Offermans -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] getent group fails on member server after upgrade to 3.5.5
I have a member server joined to a samba 3 domain. It was working fine with 3.4.8 but after an upgrade to 3.5.5 (debian lenny with backports) getent group no longer works. getent passwd works fine, wbinfo -u and wbinfo -g work fine I upgraded some other servers which are DC's and those work fine. winbind.log shows [2010/10/21 14:06:13.918006, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [16709]: request interface version [2010/10/21 14:06:13.918103, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [16709]: request location of privileged pipe [2010/10/21 14:06:13.918288, 3] winbindd/winbindd_getgrent.c:51(winbindd_getgrent_send) [16709]: getgrent [2010/10/21 14:06:14.618332, 5] winbindd/winbindd_getgrent.c:149(winbindd_getgrent_recv) getgrent failed: NT_STATUS_NONE_MAPPED Relevant parts of smb.conf security = domain ldap ssl = Off idmap backend = ldap:ldap://170.130.105.39 idmap uid = 8-9 idmap gid = 8-9 idmap alloc backend = ldap idmap alloc config: ldap_url = ldap://170.130.105.39 idmap alloc config: ldap_base_dn = ou=idmap,dc=gibb,dc=co,dc=za idmap alloc config: ldap_user_dn = cn=admin,ou=people,dc=gibb,dc=co,dc=za idmap alloc config: range = 8-9 password server = * winbind enum groups = yes winbind enum users = yes Relevant part of nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat hosts: files dns wins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba caching group memberships
On Thu, Oct 21, 2010 at 03:26:12PM +0400, Vladimir Vassiliev wrote: Thanks. Still not clear for me is it cached on SMB-server when SMB-client connects or on client when user logs in? That depends on whether you are using Kerberos or NTLM. With Kerberos, you have to re-login to the client. With NTLM, a reconnect to the server is enough. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba caching group memberships
I think you'll find that the answer can be both. But, only during the context of that connection to the samba server. This is because the client sends its authentication info to the server when it connects. I don't really know if/when the samba server verifies group membership on the domain beyond asking if the credentials are valid. On Oct 21, 2010 7:26 AM, Vladimir Vassiliev v...@edu.yar.ru wrote: Thanks. Still not clear for me is it cached on SMB-server when SMB-client connects or on client when user logs in? 21.10.2010 14:20, Brian Cowan пишет: Actually, this group cache behavior is *Windows* behavior. Group membership is loaded at login time and not refreshed until you log out and back in. It's annoying @ times. Having been a Novell NetWare user in my ancient past, it was something of a shock to me too. Brian C. -- Vladimir Vassiliev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On 10/21/2010 12:42 AM, Jeremy Allison wrote: On Wed, Oct 20, 2010 at 10:29:41PM -0400, Robert Moskowitz wrote: I want admin to be able to access other user data to clean up any messes they have. Kind of standard here at home with my kids getting into challenges and asking for help. Or they did an assignment from the wrong login, and now I have to move it around. More my wife tends to just use my login and access her files. Well I will have to skin this cat another way. Most likely set up some symlinks and ID groups. Look into the admin user parameter. Anyone coming in as that user is mapped to root, with full priviliges. Just create an admin user, set admin user = admin in the [global] section and don't tell anyone else the password :-). oow That is valuable. And risky. I think I will try it! And I ASSuME that admin user = admin1, admin2 works as well? Did a quick google search and did not find anything on this (sometimes I have to fix things from my wife's login; she is in the middle of something and needs a bit of help...). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] HELP Documentation for Installation of SAMBA
From: Sameer Chawnekar sameer.chawne...@archpharmalabs.com Can you please provide a step by step guide on installing and configuring SAMBA on AIX 6.1 server. http://tinyurl.com/2egmh99 JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] INCLUDEs in smb.conf
Do I need a separate INCLUDE in each section, or can I have one INCLUDE at the end and just include needed sections? Way 1: smb.conf: [Global] ... INCLUDE smb-global.conf [netlogon] .. smb-global.conf: sambaPwdCanChange=1 Way 2: smb.conf: [Global] ... [netlogon] .. INCLUDE smb-custom.conf smb-custom.conf: [Global] sambaPwdCanChange=1 [TestShare] . Which way??? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles and delete files reappearing.
From: Andrea Venturoli m...@netfence.it What happens is: _ a laptop user disconnects from the network (so the local and server profiles are fully synchronized); _ at home [s]he deletes some files; _ back in the office, he connects to the net and logons; _ Windows copies everything missing back from the net, so what [s]he deleted is there again. Almost same here, but on even older samba (3.0.28)... Almost same because, while the deleted files are still present on the server, they do not get synced back to the client... I also had an issue with the nvidia service bug prior to that... JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Move preserve ACL
Hello, we had some trouble with moving files on a Samba share. We have one share with many subfolders and acl on each folder, when i move a file into another subfolder the file keeps the permissions of the first folder. I as a network administrator know that this is a normal behavior but our users don't get it :( So i need a solution. I heard that there is the possibility to bypass this with a VFS module. Does anyone have the same problem and knows about a solution? Best regards Roland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] INCLUDEs in smb.conf
As I know, includes on Samba are like includes at Apache: You don't need to separete in sections, because each include has it own section. I don't know if you Way 1 will work, but Way 2 will. I always do something like: [global] INCLUDE share.adm.conf INCLUDE share.people.conf share.people.conf: [Person1] [Person2] share.adm.conf: [Share 1] [Share 2] (Sorry my poor enghish) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] INCLUDEs in smb.conf
On 10/21/2010 11:49 AM, Jefferson Diego Gomes wrote: As I know, includes on Samba are like includes at Apache: Now that actually makes sense! I have little experience editing includes in Apache, but lots in Asterisk. You don't need to separete in sections, because each include has it own section. Got it. Thanks. I don't know if you Way 1 will work, but Way 2 will. I always do something like: [global] INCLUDE share.adm.conf INCLUDE share.people.conf share.people.conf: [Person1] [Person2] share.adm.conf: [Share 1] [Share 2] (Sorry my poor enghish) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba - Rejecting auth request debug log
and maybe somebody can have a look at it and elighten us. Your log seems to have been stripped from the message. Yes - thats right, you can find it here too https://bugzilla.samba.org/show_bug.cgi?id=7678 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Trusted domain users unwantedly mapping onto local domain users
Having set up two way trust between a Samba domain (with LDAP backend) and an AD domain, I find that 1. Users from the trusted domain are authenticated against the proper DC (that is, their regular password works), but only if there is a corresponding local domain user. 2. Users from the trusted domain are being mapped onto Samba/POSIX users associated with the local Samba domain, despite the fact that the correct idmap objects are being created in the directory. If they connect to a share, they connect as the local domain user (although, oddly, they can create new files and directories but not delete old ones). More information: The local domain uses an LDAP backend, with ldapsam:editposix and ldapsam:trusted set. LDAP is used for all domain configs (BUILTIN, OFFICE domain and external domains). Winbind is used on the domain controllers for GID/UID allocation (and for id mappings for foreign domains), but nss_ldap is used on all the servers, DC or member, to provide the POSIX user information via nsswitch.conf. winbind is not currently running on the member servers (not needed for a single domain because of nss_ldap). All this was working perfectly. Adding the domain trust worked flawlessly. Then I tried - on the PDC and BDC only - to try have users from the trusted domain connecting to shares. So I changed nsswitch.conf from passwd: files ldap group: files ldap to passwd: files ldap winbind group: files ldap winbind I added details of the AD domain's PDC to krb5.conf, set the auth user file and restarted winbindd for luck. * wbinfo -u and wbinfo -g list the trusted domain users and groups. * getent passwd returns the trusted users in the list as TRUSTED\user.name. * The idmap OU in the directory now has two dozen entries (the AD domain is only used for one specialist part of the company). So far so good. getent group and getent passwd shows the TRUSTED domain users have been added and are visible as POSIX users. TRUSTED userr can authenticate to any OFFICE member servers using their own passwords (with the important caveat mentioned abouve). At this point, I'm at something of a loss. I can ssh into the domain controller as TRUSTED\test.user, whether or not there is a corresponding user in the local domain, and the correct UID and GID will be assigned, but I can only connect to Samba as that user if there is a corresponding local domain user and I am then assigned their UID and GID. Can anybody suggest what I may have missed? I can post the relevant domain controller configs. I don't know if it's relevant to this, but winbind keeps trying to write to krb5.conf and being blocked by selinux. Haven't had time to investigate that. -- Bruce I unfortunately do not know how to turn cheese into gold. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On Thu, Oct 21, 2010 at 11:05:57AM -0400, Robert Moskowitz wrote: On 10/21/2010 12:42 AM, Jeremy Allison wrote: On Wed, Oct 20, 2010 at 10:29:41PM -0400, Robert Moskowitz wrote: I want admin to be able to access other user data to clean up any messes they have. Kind of standard here at home with my kids getting into challenges and asking for help. Or they did an assignment from the wrong login, and now I have to move it around. More my wife tends to just use my login and access her files. Well I will have to skin this cat another way. Most likely set up some symlinks and ID groups. Look into the admin user parameter. Anyone coming in as that user is mapped to root, with full priviliges. Just create an admin user, set admin user = admin in the [global] section and don't tell anyone else the password :-). oow That is valuable. And risky. I think I will try it! And I ASSuME that admin user = admin1, admin2 works as well? Did a quick google search and did not find anything on this (sometimes I have to fix things from my wife's login; she is in the middle of something and needs a bit of help...). Yes, admin user is a list parameter. Anyone on that list == root. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] INCLUDEs in smb.conf
Hallo, Robert, Du meintest am 21.10.10: Do I need a separate INCLUDE in each section, or can I have one INCLUDE at the end and just include needed sections? include replaces the calling line with the lines of the invoked file. You can put many include lines into the smb.conf. At nearly(?) every place. Please excuse my gerlish ... Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group fails on member server after upgrade to 3.5.5
Neil, Winbind 3.5.5 is not working properly in Squeeze either. Using idmap backend rid with ads security, It will work for a while, but eventually becomes unresponsive. I tried to report this yesterday, but I assume the zipped log file I attached caused it to be rejected. I tried 3.5.6 on a system this morning, and there is no improvement. My primary error message was and still is [2010/10/21 11:26:06.806089, 1] winbindd/winbindd_util.c:289(trustdom_recv) Could not receive trustdoms Lately, there seems to be more than the usual number of winbind problems. http://lists.samba.org/archive/samba/2010-October/158883.html Dale On 10/21/2010 7:44 AM, Neil Price wrote: I have a member server joined to a samba 3 domain. It was working fine with 3.4.8 but after an upgrade to 3.5.5 (debian lenny with backports) getent group no longer works. getent passwd works fine, wbinfo -u and wbinfo -g work fine I upgraded some other servers which are DC's and those work fine. winbind.log shows [2010/10/21 14:06:13.918006, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [16709]: request interface version [2010/10/21 14:06:13.918103, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [16709]: request location of privileged pipe [2010/10/21 14:06:13.918288, 3] winbindd/winbindd_getgrent.c:51(winbindd_getgrent_send) [16709]: getgrent [2010/10/21 14:06:14.618332, 5] winbindd/winbindd_getgrent.c:149(winbindd_getgrent_recv) getgrent failed: NT_STATUS_NONE_MAPPED Relevant parts of smb.conf security = domain ldap ssl = Off idmap backend = ldap:ldap://170.130.105.39 idmap uid = 8-9 idmap gid = 8-9 idmap alloc backend = ldap idmap alloc config: ldap_url = ldap://170.130.105.39 idmap alloc config: ldap_base_dn = ou=idmap,dc=gibb,dc=co,dc=za idmap alloc config: ldap_user_dn = cn=admin,ou=people,dc=gibb,dc=co,dc=za idmap alloc config: range = 8-9 password server = * winbind enum groups = yes winbind enum users = yes Relevant part of nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat hosts: files dns wins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Guest shares in an ADS security model
Hello, I have no control over the active directory. I just authenticate a subset of its members to give them access to the fileserver. Does this mean that there is no true guest access when using ADS ? On Wed, Oct 20, 2010 at 3:34 PM, Michael Wood esiot...@gmail.com wrote: On 20 October 2010 17:52, Madhusudan Singh singh.madhusu...@gmail.com wrote: Seems pathetic to reply to my own message, but since I cannot find any working examples via Google, I have to ask this question. Should be simple enough for the resident gurus to answer ? I would guess you need to enable to Guest user in Active Directory and then set up the share such that the Guest user has access. On Mon, Oct 18, 2010 at 10:38 AM, Madhusudan Singh singh.madhusu...@gmail.com wrote: Are these possible ? I am trying to setup a guest access printer attached to a working fileserver that authenticates its users against a Windows AD. I keep getting authentication requests on attempting to connect to the printer. Before I post my smb.conf, I need to know if what I am trying to do is even possible, -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file locking on linux samba with mac osx and windows have no function?
hallo list, I have the following problem: smb.conf [global] server string = file1.int.stayfriends.de unix extensions = No socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY dns proxy = No ldap ssl = no read only = No create mask = 0660 directory mask = 0770 #map hidden = Yes #map system = Yes # 3. Logging Options: log file = /var/log/samba/%m.log max log size = 50 log level = 3 [cd-depart] comment = Allgemeine Daten Test Daten path = /test/cd-dpart/ valid users = @smb-cd mac osx and windows can access a file at the same time. smbstatus: Samba version 3.2.3 PID Username Group Machine --- 10019 cd1 cd2 palandt (:::192.168.56.101) 9167 cd2 cd2 macbookpro-a0cc (:::192.168.56.1) Service pid machine Connected at --- IPC$ 10019 palandt Thu Oct 21 15:02:09 2010 cd-depart10019 palandt Thu Oct 21 15:02:09 2010 IPC$ 10019 palandt Thu Oct 21 15:02:09 2010 cd-depart9167 macbookpro-a0cc Thu Oct 21 14:21:48 2010 Locked files: Pid UidDenyMode Access R/W Oplock SharePath Name Time -- 100191002 DENY_NONE 0x11RDONLY NONE /test/cd-dpart . Thu Oct 21 15:02:09 2010 9167 1004 DENY_NONE 0x11RDONLY NONE /test/cd-dpart . Thu Oct 21 14:21:48 2010 how do I reach, that further access only read granted bei samba? thanks in advanced jhn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] INCLUDEs in smb.conf
On 21 October 2010 17:19, Robert Moskowitz r...@htt-consult.com wrote: Do I need a separate INCLUDE in each section, or can I have one INCLUDE at the end and just include needed sections? Way 1: smb.conf: [Global] ... INCLUDE smb-global.conf Note that the syntax is: include = /path/to/smb-global.conf Don't forget the =. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Guest shares in an ADS security model
On 21 October 2010 20:54, Madhusudan Singh singh.madhusu...@gmail.com wrote: Hello, I have no control over the active directory. I just authenticate a subset of its members to give them access to the fileserver. Does this mean that there is no true guest access when using ADS ? I do not know enough about AD to answer your question. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trusted domain users unwantedly mapping onto local domain users
I have similar issues. II am running Samba 3.4 (compiled from source) on Solaris 10- so selinux is NOT an issue for me. Otherwise I have similar config (LDAP backend for samba, trusted domains to windows 2003 server.) thought this used to work but a month or so ago it wasn't. getent passwd and wbinfo -u showed users from the trusted domain. wbinfo -s / wbinfo -n showed uid-to-sid and sid-to-uid mappings were ok. The log seemed to show users in the trusted domain being valid, but then complains that that user does not exisit. -- [2010/09/13 08:02:04, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WINDOMAIN]\[li n...@[winserver] with the new password interface [2010/09/13 08:02:04, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [windomain]\[winus...@[winserver] ... pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/09/13 08:02:04, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [winuser] - [winuser] FAILED with e rror NT_STATUS_NO_SUCH_USER -- I partly resolved this by creating dummy accounts for users (/bin/false as the shell) for the trusted domains (the passwords are different.)The trusted domain only has about 5 or 6 users. I have not tried ssh'ing in as a trusted domain user (I definately don't want that available..) It is weird, because the trusted users ARE definately authenticating using there own passwords.Maybe it is trying to validate the user name via kerberos but then validates the password via NTLM? Do you have an entry in krb5.conf for the trusted domain? I think that is more of an issue for locating the DC. At some point I changed the forest and domain modes on the Windows 2003 DC from mixed to native. That may have broken something but the end users from the trusted domain might not have reported it until several weeks later. (It is apparently a resource they only need occasionally.) I haven't had a chance to look into this further, since I have a work around. On 10/21/2010 11:59 AM, Bruce Richardson wrote: Having set up two way trust between a Samba domain (with LDAP backend) and an AD domain, I find that 1. Users from the trusted domain are authenticated against the proper DC (that is, their regular password works), but only if there is a corresponding local domain user. 2. Users from the trusted domain are being mapped onto Samba/POSIX users associated with the local Samba domain, despite the fact that the correct idmap objects are being created in the directory. If they connect to a share, they connect as the local domain user (although, oddly, they can create new files and directories but not delete old ones). More information: The local domain uses an LDAP backend, with ldapsam:editposix and ldapsam:trusted set. LDAP is used for all domain configs (BUILTIN, OFFICE domain and external domains). Winbind is used on the domain controllers for GID/UID allocation (and for id mappings for foreign domains), but nss_ldap is used on all the servers, DC or member, to provide the POSIX user information via nsswitch.conf. winbind is not currently running on the member servers (not needed for a single domain because of nss_ldap). All this was working perfectly. Adding the domain trust worked flawlessly. Then I tried - on the PDC and BDC only - to try have users from the trusted domain connecting to shares. So I changed nsswitch.conf from passwd: files ldap group: files ldap to passwd: files ldap winbind group: files ldap winbind I added details of the AD domain's PDC to krb5.conf, set the auth user file and restarted winbindd for luck. * wbinfo -u and wbinfo -g list the trusted domain users and groups. * getent passwd returns the trusted users in the list as TRUSTED\user.name. * The idmap OU in the directory now has two dozen entries (the AD domain is only used for one specialist part of the company). So far so good. getent group and getent passwd shows the TRUSTED domain users have been added and are visible as POSIX users. TRUSTED userr can authenticate to any OFFICE member servers using their own passwords (with the important caveat mentioned abouve). At this point, I'm at something of a loss. I can ssh into the domain controller as TRUSTED\test.user, whether or not there is a corresponding user in the local domain, and the correct UID and GID will be assigned, but I can only connect to Samba as that user if there is a corresponding local domain user and I am then assigned their UID and GID. Can anybody suggest what I may have missed? I can post the
Re: [Samba] Trusted domain users unwantedly mapping onto local domain users
On Thu, Oct 21, 2010 at 05:02:55PM -0400, Gaiseric Vandal wrote: I have not tried ssh'ing in as a trusted domain user (I definately don't want that available..) It's not something I want to make available, but it was an important test to prove that winbind was creating the correct idmap entries and that this was making functional POSIX accounts available to the Linux host. What I don't understand is why Samba isn't mapping the trusted domain users onto those accounts. Do you have an entry in krb5.conf for the trusted domain? I think that is more of an issue for locating the DC. I do. At some point I changed the forest and domain modes on the Windows 2003 DC from mixed to native. That may have broken something I'm surprised anything is working for you. I didn't think trust relationships between Samba or NT4 and AD would work at all if AD was in native mode. -- Bruce If the universe were simple enough to be understood, we would be too simple to understand it. signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Move preserve ACL
I as a network administrator know that this is a normal behavior but our users don't get it :( So i need a solution. I heard that there is the possibility to bypass this with a VFS module As a network administrator, your best solution is to inform your users instead of going along with bad practices and laziness. It's not difficult, just plain binary alternative: move - keep permissions copy - acquire permissions of destination -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trusted domain users unwantedly mapping onto local domain users
Re ssh - I should try that. Windows 2003 Native mode- you can't have NT4 BDC's in the domain. Trusts with NT4 domains are OK (at least should be.) Samba (as a PDC) emulates an NT4 domain but still seems to use kerberos for locating DC's (which would make sense if you want it to be an active directory domain member.) I also have trusts set up with my samba domain and a Windows 2008 domain (in Win 2003 mode)- but I haven't tested that much to see if it is something specific to samba or some weird issue with the windows 2003 domain. FYI- since I went to samba 3.4 from 3.03 idmap does NOT automatically create entries in LDAP. I had to manually create them in ldap. I had the entries that samba 3.0.x would create as a template so, for a small number of users and groups not have big a challenge. (alternately could use wbinfo --allocate-gid and wbinfo --allocate-uid.) On 10/21/2010 05:15 PM, Bruce Richardson wrote: On Thu, Oct 21, 2010 at 05:02:55PM -0400, Gaiseric Vandal wrote: I have not tried ssh'ing in as a trusted domain user (I definately don't want that available..) It's not something I want to make available, but it was an important test to prove that winbind was creating the correct idmap entries and that this was making functional POSIX accounts available to the Linux host. What I don't understand is why Samba isn't mapping the trusted domain users onto those accounts. Do you have an entry in krb5.conf for the trusted domain? I think that is more of an issue for locating the DC. I do. At some point I changed the forest and domain modes on the Windows 2003 DC from mixed to native. That may have broken something I'm surprised anything is working for you. I didn't think trust relationships between Samba or NT4 and AD would work at all if AD was in native mode. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Slow Samba over VPN
Hello. I have Samba on Ibex running over VPN, and am having problems with speed reading and writing from XP and 7 boxes. It takes, for example, 16 minutes to transfer four files for a total of 1.2MB. I assume that this problem is due to SMB block size and the latency I'm dealing with, always between 200 and 500ms. How can I properly configure client and server to negotiate a suitable block size / tcp window to reduce the number of transactions and up the speed? Thanks, Colin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds
I am having trouble setting up winbind authentication. I have successfully joined the domain winbind -t OK winbind -u OK winbind -g OK winbind -K 'DOMAIN\user%password' OK winbind -a 'DOMAIN\user%password' FAIL For winbind -a: Plaintext authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED challenge/response authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED Am using SAMBA 3.0.33 on Redhat 5.4 patched to latest. I have previously configured many SAMBA servers -- This email is from Civica Pty Limited and it, together with any attachments, is confidential to the intended recipient(s) and the contents may be legally privileged or contain proprietary and private information. It is intended solely for the person to whom it is addressed. If you are not an intended recipient, you may not review, copy or distribute this email. If received in error, please notify the sender and delete the message from your system immediately. Any views or opinions expressed in this email and any files transmitted with it are those of the author only and may not necessarily reflect the views of Civica and do not create any legally binding rights or obligations whatsoever. Unless otherwise pre-agreed by exchange of hard copy documents signed by duly authorised representatives, contracts may not be concluded on behalf of Civica by email. Please note that neither Civica nor the sender accepts any responsibility for any viruses and it is your responsibility to scan the email and the attachments (if any). All email received and sent by Civica may be monitored to protect the business interests of Civica. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds
What kind of domain - samba PDC or Windows Active Directory ? Maybe the samba version is just too old. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Steven Moyse Sent: Thursday, October 21, 2010 8:52 PM To: samba@lists.samba.org Subject: [Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds I am having trouble setting up winbind authentication. I have successfully joined the domain winbind -t OK winbind -u OK winbind -g OK winbind -K 'DOMAIN\user%password' OK winbind -a 'DOMAIN\user%password' FAIL For winbind -a: Plaintext authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED challenge/response authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED Am using SAMBA 3.0.33 on Redhat 5.4 patched to latest. I have previously configured many SAMBA servers -- This email is from Civica Pty Limited and it, together with any attachments, is confidential to the intended recipient(s) and the contents may be legally privileged or contain proprietary and private information. It is intended solely for the person to whom it is addressed. If you are not an intended recipient, you may not review, copy or distribute this email. If received in error, please notify the sender and delete the message from your system immediately. Any views or opinions expressed in this email and any files transmitted with it are those of the author only and may not necessarily reflect the views of Civica and do not create any legally binding rights or obligations whatsoever. Unless otherwise pre-agreed by exchange of hard copy documents signed by duly authorised representatives, contracts may not be concluded on behalf of Civica by email. Please note that neither Civica nor the sender accepts any responsibility for any viruses and it is your responsibility to scan the email and the attachments (if any). All email received and sent by Civica may be monitored to protect the business interests of Civica. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Application will not run for domain user
I have set up a Samba PDC using the Amahi.org distro, so there might be some things they still have a bit off... Anyway, I have a somewhat old program, Quicken 2000. On my old Win2K workstation on an old NT server, it ran just fine for domain users. The software is installed on the workstation, and the data is on the server. But on my new XP Pro workstation on my new Samba PDC, it only runs for a local user, and that user is a super user (I have not created a regular user on the system yet). It will not run for the domain user. I reinstalled the software while logged on as the domain user. I got prompted to supply a user with admin privs for the install, which I did. I still cannot run the program from the domain user. Where do I look to fix this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Application will not run for domain user
Two possible options: 1) It may not be a local vs domain user issue. It may be an administrator vs non administrator issus. Can you add the domain user to the local administrators group? 2) It may be the file permissions- samba doesn't always translate the unix acl's to windows properly. If you can run quicken with the data on the XP machines local hard drive than this is the case. What is the Samba PDC OS and File system? I found Solaris 10 ZFS was especially tricky. If you right click on a network directory or file, and check the permissions do you get an warning about permissions being incorrectly ordered? Can you check effective permissions to see if a deny group is overriding an allow user? -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Robert Moskowitz Sent: Thursday, October 21, 2010 10:48 PM To: samba@lists.samba.org Subject: [Samba] Application will not run for domain user I have set up a Samba PDC using the Amahi.org distro, so there might be some things they still have a bit off... Anyway, I have a somewhat old program, Quicken 2000. On my old Win2K workstation on an old NT server, it ran just fine for domain users. The software is installed on the workstation, and the data is on the server. But on my new XP Pro workstation on my new Samba PDC, it only runs for a local user, and that user is a super user (I have not created a regular user on the system yet). It will not run for the domain user. I reinstalled the software while logged on as the domain user. I got prompted to supply a user with admin privs for the install, which I did. I still cannot run the program from the domain user. Where do I look to fix this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Application will not run for domain user
On 10/21/2010 11:11 PM, Gaiseric Vandal wrote: Two possible options: 1) It may not be a local vs domain user issue. It may be an administrator vs non administrator issus. Can you add the domain user to the local administrators group? OK. That was it. Though I added the user into the Power User group. Kind of hokey that was needed. Good thing there are only a couple computers here on my network. And I had to reboot twice. After the change, I still could not run the program, so on a hunch I reboot. Then XP could not access the user profile information and created a temp profile. A second reboot got everything working. 2) It may be the file permissions- samba doesn't always translate the unix acl's to windows properly. If you can run quicken with the data on the XP machines local hard drive than this is the case. What is the Samba PDC OS and File system? I found Solaris 10 ZFS was especially tricky. If you right click on a network directory or file, and check the permissions do you get an warning about permissions being incorrectly ordered? Can you check effective permissions to see if a deny group is overriding an allow user? I knew this was not the case. I was able to access the file(s) just fine from the local user by browsing and mounting the share. I got this set. Now we will see what is the next issue to pop up... -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Robert Moskowitz Sent: Thursday, October 21, 2010 10:48 PM To: samba@lists.samba.org Subject: [Samba] Application will not run for domain user I have set up a Samba PDC using the Amahi.org distro, so there might be some things they still have a bit off... Anyway, I have a somewhat old program, Quicken 2000. On my old Win2K workstation on an old NT server, it ran just fine for domain users. The software is installed on the workstation, and the data is on the server. But on my new XP Pro workstation on my new Samba PDC, it only runs for a local user, and that user is a super user (I have not created a regular user on the system yet). It will not run for the domain user. I reinstalled the software while logged on as the domain user. I got prompted to supply a user with admin privs for the install, which I did. I still cannot run the program from the domain user. Where do I look to fix this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Thu Oct 21 06:00:01 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-10-20 00:00:45.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-10-21 00:00:02.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Wed Oct 20 06:00:03 2010 +Build status as of Thu Oct 21 06:00:01 2010 Build counts: Tree Total Broken Panic @@ -15,8 +15,8 @@ samba-web0 0 0 samba_3_current 32 32 5 samba_3_master 32 24 0 -samba_3_next 32 31 0 -samba_4_0_test 36 30 0 -talloc 32 8 0 +samba_3_next 32 29 0 +samba_4_0_test 36 31 0 +talloc 32 6 0 tdb 30 11 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 8044a20 ldb:ldb_modules.c - if we don't find the associated dynamic
object then please close the handle
via 0b8b9ae ldb:ldb_tdb/ldb_cache.c - remove a superflous talloc_free
via de9b737 ldb:ldb_tdb/ldb_cache.c - in this function we don't use LDB
return codes
via 4a33071 s4:lib/util/charset/iconv.c - remove a distinction which
can never happen
from 94dc630 Now we have SeSystemSecurity, remove the source3-only
#ifdef.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 8044a20d8d84e740ca5c6d76bacaa977d691f3d0
Author: Matthias Dieter Wallnöfer m...@samba.org
Date: Thu Oct 21 08:51:46 2010 +0200
ldb:ldb_modules.c - if we don't find the associated dynamic object then
please close the handle
Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org
Autobuild-Date: Thu Oct 21 07:52:44 UTC 2010 on sn-devel-104
commit 0b8b9aed34b9ad80d36860840e024330ae7cd671
Author: Matthias Dieter Wallnöfer m...@samba.org
Date: Thu Oct 21 09:03:31 2010 +0200
ldb:ldb_tdb/ldb_cache.c - remove a superflous talloc_free
Didn't realise that this is already called by ltdb_attributes_unload.
commit de9b7372334483786c856db9b55ae0f24308f27f
Author: Matthias Dieter Wallnöfer m...@samba.org
Date: Thu Oct 21 08:45:06 2010 +0200
ldb:ldb_tdb/ldb_cache.c - in this function we don't use LDB return codes
commit 4a33071e831b56f85bfd39918227e81b46360e35
Author: Matthias Dieter Wallnöfer m...@samba.org
Date: Wed Oct 20 19:55:28 2010 +0200
s4:lib/util/charset/iconv.c - remove a distinction which can never happen
ret-cd_direct is never set before. It is set in the if upperwards but
then the function is terminated with return.
---
Summary of changes:
lib/util/charset/iconv.c |5 +
source4/lib/ldb/common/ldb_modules.c |1 +
source4/lib/ldb/ldb_tdb/ldb_cache.c |6 ++
3 files changed, 4 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/charset/iconv.c b/lib/util/charset/iconv.c
index 2dac333..66a8180 100644
--- a/lib/util/charset/iconv.c
+++ b/lib/util/charset/iconv.c
@@ -159,7 +159,7 @@ static bool is_utf16(const char *name)
}
int smb_iconv_t_destructor(smb_iconv_t hwd)
-{
+{
#ifdef HAVE_NATIVE_ICONV
if (hwd-cd_pull != NULL hwd-cd_pull != (iconv_t)-1)
iconv_close(hwd-cd_pull);
@@ -260,9 +260,6 @@ _PUBLIC_ smb_iconv_t smb_iconv_open_ex(TALLOC_CTX *mem_ctx,
const char *tocode,
}
if (is_utf16(tocode)) {
ret-direct = sys_iconv;
- /* could be set just above - so we need to close iconv */
- if (ret-cd_direct != NULL ret-cd_direct != (iconv_t)-1)
- iconv_close(ret-cd_direct);
ret-cd_direct = ret-cd_pull;
ret-cd_pull = NULL;
return ret;
diff --git a/source4/lib/ldb/common/ldb_modules.c
b/source4/lib/ldb/common/ldb_modules.c
index ec71c8d..b8f155d 100644
--- a/source4/lib/ldb/common/ldb_modules.c
+++ b/source4/lib/ldb/common/ldb_modules.c
@@ -320,6 +320,7 @@ static void *ldb_dso_load_symbol(struct ldb_context *ldb,
const char *name,
sym = dlsym(handle, symbol);
if (sym == NULL) {
+ dlclose(handle);
ldb_debug(ldb, LDB_DEBUG_ERROR, no symbol `%s' found in %s:
%s, symbol, path, dlerror());
return NULL;
}
diff --git a/source4/lib/ldb/ldb_tdb/ldb_cache.c
b/source4/lib/ldb/ldb_tdb/ldb_cache.c
index 6b1eb5b..697f742 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_cache.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_cache.c
@@ -120,7 +120,7 @@ static int ltdb_attributes_load(struct ldb_module *module)
if (ldb-schema.attribute_handler_override) {
/* we skip loading the @ATTRIBUTES record when a module is
supplying
its own attribute handling */
- return LDB_SUCCESS;
+ return 0;
}
dn = ldb_dn_new(module, ldb, LTDB_ATTRIBUTES);
@@ -348,10 +348,8 @@ int ltdb_cache_load(struct ldb_module *module)
talloc_free(ltdb-cache-last_attribute.name);
memset(ltdb-cache-last_attribute, 0,
sizeof(ltdb-cache-last_attribute));
- ltdb_attributes_unload(module);
-
talloc_free(ltdb-cache-indexlist);
- talloc_free(ltdb-cache-attributes);
+ ltdb_attributes_unload(module); /* calls internally talloc_free */
ltdb-cache-indexlist = ldb_msg_new(ltdb-cache);
ltdb-cache-attributes = ldb_msg_new(ltdb-cache);
--
Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthias,
- Log -
commit 8044a20d8d84e740ca5c6d76bacaa977d691f3d0
Author: Matthias Dieter Wallnöfer m...@samba.org
Date: Thu Oct 21 08:51:46 2010 +0200
ldb:ldb_modules.c - if we don't find the associated dynamic object then
please close the handle
Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org
Autobuild-Date: Thu Oct 21 07:52:44 UTC 2010 on sn-devel-104
diff --git a/source4/lib/ldb/common/ldb_modules.c
b/source4/lib/ldb/common/ldb_modules.c
index ec71c8d..b8f155d 100644
--- a/source4/lib/ldb/common/ldb_modules.c
+++ b/source4/lib/ldb/common/ldb_modules.c
@@ -320,6 +320,7 @@ static void *ldb_dso_load_symbol(struct ldb_context *ldb,
const char *name,
sym = dlsym(handle, symbol);
if (sym == NULL) {
+ dlclose(handle);
ldb_debug(ldb, LDB_DEBUG_ERROR, no symbol `%s' found in %s:
%s, symbol, path, dlerror());
return NULL;
I think we should call dlclose() after ldb_debug() otherwise dlerror()
may not return
the desired result.
metze
signature.asc
Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3c74871 ldb:ldb_modules.c - dlclose could cause inference on
dlerror
from 6c3e670 waf: check the linker accepts a set of ldflags before using
them
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3c748714bb2a81004673db8a77ea5699f3cc73d0
Author: Matthias Dieter Wallnöfer m...@samba.org
Date: Thu Oct 21 10:28:32 2010 +0200
ldb:ldb_modules.c - dlclose could cause inference on dlerror
Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org
Autobuild-Date: Thu Oct 21 09:28:19 UTC 2010 on sn-devel-104
---
Summary of changes:
source4/lib/ldb/common/ldb_modules.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/lib/ldb/common/ldb_modules.c
b/source4/lib/ldb/common/ldb_modules.c
index b8f155d..1b0f6f7 100644
--- a/source4/lib/ldb/common/ldb_modules.c
+++ b/source4/lib/ldb/common/ldb_modules.c
@@ -320,8 +320,8 @@ static void *ldb_dso_load_symbol(struct ldb_context *ldb,
const char *name,
sym = dlsym(handle, symbol);
if (sym == NULL) {
- dlclose(handle);
ldb_debug(ldb, LDB_DEBUG_ERROR, no symbol `%s' found in %s:
%s, symbol, path, dlerror());
+ dlclose(handle);
return NULL;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2c0ff51 s4-waf: we don't need the smbtorture.static for s3 any more
via 6120ef9 autobuild: don't cleanup the pid file within the retry loop
via 4fa0ceb waf: RPC_NDR_WINBIND is samba4 specific
from 3c74871 ldb:ldb_modules.c - dlclose could cause inference on
dlerror
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2c0ff5113cd9ef966f9ee3bcc723a6a28f1197da
Author: Andrew Tridgell tri...@samba.org
Date: Thu Oct 21 21:17:57 2010 +1100
s4-waf: we don't need the smbtorture.static for s3 any more
this breaks the build farm
Pair-Programmed-With: Andrew Bartlett abart...@samba.org
Autobuild-User: Andrew Tridgell tri...@samba.org
Autobuild-Date: Thu Oct 21 11:04:21 UTC 2010 on sn-devel-104
commit 6120ef9f9e76c417cc105db8be3834516312a9eb
Author: Andrew Tridgell tri...@samba.org
Date: Thu Oct 21 20:41:06 2010 +1100
autobuild: don't cleanup the pid file within the retry loop
if we rebase and retry we need to keep the pid file
commit 4fa0ceb7517de755b20179f2728532811f62c845
Author: Andrew Tridgell tri...@samba.org
Date: Thu Oct 21 20:21:10 2010 +1100
waf: RPC_NDR_WINBIND is samba4 specific
this caused problems with the s3 waf build
---
Summary of changes:
librpc/wscript_build |2 +-
script/autobuild.py |3 ++-
source4/librpc/wscript_build |8
source4/torture/wscript_build | 11 ---
4 files changed, 11 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/wscript_build b/librpc/wscript_build
index c40d07b..4a45095 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -484,7 +484,7 @@ bld.SAMBA_LIBRARY('NDR_SAMBA',
# a grouping library for RPC_NDR subsystems that may be used by more than one
target
bld.SAMBA_LIBRARY('RPC_NDR_SAMBA',
source=[],
- deps='RPC_NDR_DRSUAPI RPC_NDR_LSA RPC_NDR_WINBIND
RPC_NDR_WINREG',
+ deps='RPC_NDR_DRSUAPI RPC_NDR_LSA RPC_NDR_WINREG',
private_library=True,
grouping_library=True
)
diff --git a/script/autobuild.py b/script/autobuild.py
index 3fae59f..357cb16 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -278,7 +278,6 @@ def write_pidfile(fname):
f = open(fname, mode='w')
f.write(%u\n % os.getpid())
f.close()
-cleanup_list.append(fname)
def rebase_tree(url):
@@ -473,6 +472,8 @@ while True:
cleanup()
raise
+cleanup_list.append(gitroot + /autobuild.pid)
+
blist.kill_kids()
if options.tail:
print(waiting for tail to flush)
diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build
index 83f7df3..920d6a2 100755
--- a/source4/librpc/wscript_build
+++ b/source4/librpc/wscript_build
@@ -110,6 +110,14 @@ bld.SAMBA_LIBRARY('NDR_SAMBA4',
grouping_library=True
)
+# a grouping library for RPC_NDR subsystems that may be used by more than one
target
+bld.SAMBA_LIBRARY('RPC_NDR_SAMBA4',
+ source=[],
+ deps='RPC_NDR_WINBIND',
+ private_library=True,
+ grouping_library=True
+ )
+
bld.SAMBA_PIDL_TABLES('GEN_NDR_TABLES', 'gen_ndr/tables.c')
diff --git a/source4/torture/wscript_build b/source4/torture/wscript_build
index bb0964a..7371965 100644
--- a/source4/torture/wscript_build
+++ b/source4/torture/wscript_build
@@ -154,17 +154,6 @@ bld.SAMBA_BINARY('smbtorture',
pyembed=True
)
-# this is used in the build farm to build a smbtorture.static binary for s3
-bld.SAMBA_BINARY('smbtorture.static',
- source=[],
- deps='torturemain torture popt POPT_SAMBA POPT_CREDENTIALS
dcerpc LIBCLI_SMB SMBREADLINE ' + TORTURE_MODULES,
- enabled = bld.env.BUILD_FARM,
- pyembed=True
- )
-bld.env.NONSHARED_BINARIES.append('smbtorture.static')
-
-
-
bld.SAMBA_BINARY('gentest',
source='gentest.c',
manpages='man/gentest.1',
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 62c4af9 tdb: Set _PUBLIC_ in C file rather than header files
(Debian bug 600898)
from 2c0ff51 s4-waf: we don't need the smbtorture.static for s3 any more
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 62c4af99428abb2d4ac1b18454d72e0c8cbb67e8
Author: Jelmer Vernooij jel...@samba.org
Date: Thu Oct 21 11:51:37 2010 +0200
tdb: Set _PUBLIC_ in C file rather than header files (Debian bug 600898)
Autobuild-User: Jelmer Vernooij jel...@samba.org
Autobuild-Date: Thu Oct 21 11:47:22 UTC 2010 on sn-devel-104
---
Summary of changes:
lib/tdb/common/check.c |2 +-
lib/tdb/common/dump.c |4 +-
lib/tdb/common/error.c |4 +-
lib/tdb/common/freelist.c |2 +-
lib/tdb/common/freelistcheck.c |2 +-
lib/tdb/common/hash.c |2 +-
lib/tdb/common/lock.c | 34 +--
lib/tdb/common/open.c | 18 +++---
lib/tdb/common/tdb.c | 40 +++---
lib/tdb/common/transaction.c | 14 ++--
lib/tdb/common/traverse.c |8 +-
lib/tdb/include/tdb.h | 124
12 files changed, 126 insertions(+), 128 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/common/check.c b/lib/tdb/common/check.c
index 58c9c26..bbb566c 100644
--- a/lib/tdb/common/check.c
+++ b/lib/tdb/common/check.c
@@ -322,7 +322,7 @@ static size_t dead_space(struct tdb_context *tdb, tdb_off_t
off)
return len;
}
-int tdb_check(struct tdb_context *tdb,
+_PUBLIC_ int tdb_check(struct tdb_context *tdb,
int (*check)(TDB_DATA key, TDB_DATA data, void *private_data),
void *private_data)
{
diff --git a/lib/tdb/common/dump.c b/lib/tdb/common/dump.c
index 9f770f8..67de04e 100644
--- a/lib/tdb/common/dump.c
+++ b/lib/tdb/common/dump.c
@@ -80,7 +80,7 @@ static int tdb_dump_chain(struct tdb_context *tdb, int i)
return tdb_unlock(tdb, i, F_WRLCK);
}
-void tdb_dump_all(struct tdb_context *tdb)
+_PUBLIC_ void tdb_dump_all(struct tdb_context *tdb)
{
int i;
for (i=0;itdb-header.hash_size;i++) {
@@ -90,7 +90,7 @@ void tdb_dump_all(struct tdb_context *tdb)
tdb_dump_chain(tdb, -1);
}
-int tdb_printfreelist(struct tdb_context *tdb)
+_PUBLIC_ int tdb_printfreelist(struct tdb_context *tdb)
{
int ret;
long total_free = 0;
diff --git a/lib/tdb/common/error.c b/lib/tdb/common/error.c
index 9197918..281 100644
--- a/lib/tdb/common/error.c
+++ b/lib/tdb/common/error.c
@@ -27,7 +27,7 @@
#include tdb_private.h
-enum TDB_ERROR tdb_error(struct tdb_context *tdb)
+_PUBLIC_ enum TDB_ERROR tdb_error(struct tdb_context *tdb)
{
return tdb-ecode;
}
@@ -46,7 +46,7 @@ static struct tdb_errname {
{TDB_ERR_RDONLY, write not permitted} };
/* Error string for the last tdb error */
-const char *tdb_errorstr(struct tdb_context *tdb)
+_PUBLIC_ const char *tdb_errorstr(struct tdb_context *tdb)
{
uint32_t i;
for (i = 0; i sizeof(emap) / sizeof(struct tdb_errname); i++)
diff --git a/lib/tdb/common/freelist.c b/lib/tdb/common/freelist.c
index 79e3c34..927078a 100644
--- a/lib/tdb/common/freelist.c
+++ b/lib/tdb/common/freelist.c
@@ -367,7 +367,7 @@ tdb_off_t tdb_allocate(struct tdb_context *tdb, tdb_len_t
length, struct tdb_rec
/*
return the size of the freelist - used to decide if we should repack
*/
-int tdb_freelist_size(struct tdb_context *tdb)
+_PUBLIC_ int tdb_freelist_size(struct tdb_context *tdb)
{
tdb_off_t ptr;
int count=0;
diff --git a/lib/tdb/common/freelistcheck.c b/lib/tdb/common/freelistcheck.c
index 8d1ebab..ab6e78f 100644
--- a/lib/tdb/common/freelistcheck.c
+++ b/lib/tdb/common/freelistcheck.c
@@ -43,7 +43,7 @@ static int seen_insert(struct tdb_context *mem_tdb, tdb_off_t
rec_ptr)
return tdb_store(mem_tdb, key, data, TDB_INSERT);
}
-int tdb_validate_freelist(struct tdb_context *tdb, int *pnum_entries)
+_PUBLIC_ int tdb_validate_freelist(struct tdb_context *tdb, int *pnum_entries)
{
struct tdb_context *mem_tdb = NULL;
struct tdb_record rec;
diff --git a/lib/tdb/common/hash.c b/lib/tdb/common/hash.c
index c07297e..2472ed1 100644
--- a/lib/tdb/common/hash.c
+++ b/lib/tdb/common/hash.c
@@ -374,7 +374,7 @@ static uint32_t hashlittle( const void *key, size_t length )
return c;
}
-unsigned int tdb_jenkins_hash(TDB_DATA *key)
+_PUBLIC_ unsigned int tdb_jenkins_hash(TDB_DATA *key)
{
return hashlittle(key-dptr, key-dsize);
}
diff --git a/lib/tdb/common/lock.c b/lib/tdb/common/lock.c
index 803feee..c6a2485 100644
--- a/lib/tdb/common/lock.c
+++ b/lib/tdb/common/lock.c
@@ -27,7 +27,7 @@
#include tdb_private.h
-void tdb_setalarm_sigptr(struct tdb_context *tdb, volatile sig_atomic_t *ptr)
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5785f08 s4-dsdb extended_dn_out: Move lazy dereference control
creation to lazy-init
from 62c4af9 tdb: Set _PUBLIC_ in C file rather than header files
(Debian bug 600898)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5785f08268bac332d09bdf71d1907ecb54f3b5bd
Author: Andrew Bartlett abart...@samba.org
Date: Thu Oct 21 21:08:45 2010 +1100
s4-dsdb extended_dn_out: Move lazy dereference control creation to lazy-init
We didn't seem to get the control created by the time we do searches here.
Andrew Bartlett
Autobuild-User: Anatoliy Atanasov anato...@samba.org
Autobuild-Date: Thu Oct 21 12:29:54 UTC 2010 on sn-devel-104
---
Summary of changes:
source4/dsdb/samdb/ldb_modules/extended_dn_out.c | 131 +-
1 files changed, 77 insertions(+), 54 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
index 3126dd2..7d1826e 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn_out.c
@@ -46,8 +46,58 @@ struct extended_dn_out_private {
bool dereference;
bool normalise;
struct dsdb_openldap_dereference_control *dereference_control;
+ const char **attrs;
};
+/* Do the lazy init of the derererence control */
+
+static int extended_dn_out_dereference_setup_control(struct ldb_context *ldb,
struct extended_dn_out_private *p)
+{
+ const struct dsdb_schema *schema;
+ struct dsdb_openldap_dereference_control *dereference_control;
+ struct dsdb_attribute *cur;
+
+ unsigned int i = 0;
+ if (p-dereference_control) {
+ return LDB_SUCCESS;
+ }
+
+ schema = dsdb_get_schema(ldb, p);
+ if (!schema) {
+ /* No schema on this DB (yet) */
+ return LDB_SUCCESS;
+ }
+
+ p-dereference_control = dereference_control
+ = talloc_zero(p, struct dsdb_openldap_dereference_control);
+
+ if (!p-dereference_control) {
+ return ldb_oom(ldb);
+ }
+
+ for (cur = schema-attributes; cur; cur = cur-next) {
+ if (dsdb_dn_oid_to_format(cur-syntax-ldap_oid) !=
DSDB_NORMAL_DN) {
+ continue;
+ }
+ dereference_control-dereference
+ = talloc_realloc(p, dereference_control-dereference,
+struct dsdb_openldap_dereference *, i
+ 2);
+ if (!dereference_control) {
+ return ldb_oom(ldb);
+ }
+ dereference_control-dereference[i] =
talloc(dereference_control-dereference,
+struct dsdb_openldap_dereference);
+ if (!dereference_control-dereference[i]) {
+ return ldb_oom(ldb);
+ }
+ dereference_control-dereference[i]-source_attribute =
cur-lDAPDisplayName;
+ dereference_control-dereference[i]-dereference_attribute =
p-attrs;
+ i++;
+ dereference_control-dereference[i] = NULL;
+ }
+ return LDB_SUCCESS;
+}
+
static char **copy_attrs(void *mem_ctx, const char * const * attrs)
{
char **nattrs;
@@ -661,13 +711,29 @@ static int extended_dn_out_search(struct ldb_module
*module, struct ldb_request
/* Add in dereference control, if we were asked to, we are
* using the 'dereference' mode (such as with an OpenLDAP
* backend) and have the control prepared */
- if (control p p-dereference p-dereference_control) {
- ret = ldb_request_add_control(down_req,
- DSDB_OPENLDAP_DEREFERENCE_CONTROL,
- critical, p-dereference_control);
+ if (control p p-dereference) {
+ ret = extended_dn_out_dereference_setup_control(ldb, p);
if (ret != LDB_SUCCESS) {
return ret;
}
+
+ /* We should always have this, but before the schema
+* is with us, things get tricky */
+ if (p-dereference_control) {
+
+ /* This control must *not* be critical,
+* because if this particular request did not
+* return any dereferencable attributes in the
+* end, then OpenLDAP will reply with
+* unavailableCriticalExtension, rather than
+* just an empty return control */
+ ret = ldb_request_add_control(down_req,
+
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 915e419 tdb: Set _PUBLIC_ in C file rather than header files
(Debian bug 600898)
from 31c74ba talloc: make header C++ safe
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 915e41950a09ef755a3b14d587ffba3a8b29e726
Author: Jelmer Vernooij jel...@samba.org
Date: Thu Oct 21 11:51:37 2010 +0200
tdb: Set _PUBLIC_ in C file rather than header files (Debian bug 600898)
Autobuild-User: Jelmer Vernooij jel...@samba.org
Autobuild-Date: Thu Oct 21 11:47:22 UTC 2010 on sn-devel-104
(cherry picked from commit 62c4af99428abb2d4ac1b18454d72e0c8cbb67e8)
---
Summary of changes:
lib/tdb/common/check.c |2 +-
lib/tdb/common/dump.c |4 +-
lib/tdb/common/error.c |4 +-
lib/tdb/common/freelist.c |2 +-
lib/tdb/common/freelistcheck.c |2 +-
lib/tdb/common/hash.c |2 +-
lib/tdb/common/lock.c | 34 +--
lib/tdb/common/open.c | 18 +++---
lib/tdb/common/tdb.c | 40 +++---
lib/tdb/common/transaction.c | 14 ++--
lib/tdb/common/traverse.c |8 +-
lib/tdb/include/tdb.h | 124
12 files changed, 126 insertions(+), 128 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/common/check.c b/lib/tdb/common/check.c
index 58c9c26..bbb566c 100644
--- a/lib/tdb/common/check.c
+++ b/lib/tdb/common/check.c
@@ -322,7 +322,7 @@ static size_t dead_space(struct tdb_context *tdb, tdb_off_t
off)
return len;
}
-int tdb_check(struct tdb_context *tdb,
+_PUBLIC_ int tdb_check(struct tdb_context *tdb,
int (*check)(TDB_DATA key, TDB_DATA data, void *private_data),
void *private_data)
{
diff --git a/lib/tdb/common/dump.c b/lib/tdb/common/dump.c
index 9f770f8..67de04e 100644
--- a/lib/tdb/common/dump.c
+++ b/lib/tdb/common/dump.c
@@ -80,7 +80,7 @@ static int tdb_dump_chain(struct tdb_context *tdb, int i)
return tdb_unlock(tdb, i, F_WRLCK);
}
-void tdb_dump_all(struct tdb_context *tdb)
+_PUBLIC_ void tdb_dump_all(struct tdb_context *tdb)
{
int i;
for (i=0;itdb-header.hash_size;i++) {
@@ -90,7 +90,7 @@ void tdb_dump_all(struct tdb_context *tdb)
tdb_dump_chain(tdb, -1);
}
-int tdb_printfreelist(struct tdb_context *tdb)
+_PUBLIC_ int tdb_printfreelist(struct tdb_context *tdb)
{
int ret;
long total_free = 0;
diff --git a/lib/tdb/common/error.c b/lib/tdb/common/error.c
index 9197918..281 100644
--- a/lib/tdb/common/error.c
+++ b/lib/tdb/common/error.c
@@ -27,7 +27,7 @@
#include tdb_private.h
-enum TDB_ERROR tdb_error(struct tdb_context *tdb)
+_PUBLIC_ enum TDB_ERROR tdb_error(struct tdb_context *tdb)
{
return tdb-ecode;
}
@@ -46,7 +46,7 @@ static struct tdb_errname {
{TDB_ERR_RDONLY, write not permitted} };
/* Error string for the last tdb error */
-const char *tdb_errorstr(struct tdb_context *tdb)
+_PUBLIC_ const char *tdb_errorstr(struct tdb_context *tdb)
{
uint32_t i;
for (i = 0; i sizeof(emap) / sizeof(struct tdb_errname); i++)
diff --git a/lib/tdb/common/freelist.c b/lib/tdb/common/freelist.c
index 79e3c34..927078a 100644
--- a/lib/tdb/common/freelist.c
+++ b/lib/tdb/common/freelist.c
@@ -367,7 +367,7 @@ tdb_off_t tdb_allocate(struct tdb_context *tdb, tdb_len_t
length, struct tdb_rec
/*
return the size of the freelist - used to decide if we should repack
*/
-int tdb_freelist_size(struct tdb_context *tdb)
+_PUBLIC_ int tdb_freelist_size(struct tdb_context *tdb)
{
tdb_off_t ptr;
int count=0;
diff --git a/lib/tdb/common/freelistcheck.c b/lib/tdb/common/freelistcheck.c
index 8d1ebab..ab6e78f 100644
--- a/lib/tdb/common/freelistcheck.c
+++ b/lib/tdb/common/freelistcheck.c
@@ -43,7 +43,7 @@ static int seen_insert(struct tdb_context *mem_tdb, tdb_off_t
rec_ptr)
return tdb_store(mem_tdb, key, data, TDB_INSERT);
}
-int tdb_validate_freelist(struct tdb_context *tdb, int *pnum_entries)
+_PUBLIC_ int tdb_validate_freelist(struct tdb_context *tdb, int *pnum_entries)
{
struct tdb_context *mem_tdb = NULL;
struct tdb_record rec;
diff --git a/lib/tdb/common/hash.c b/lib/tdb/common/hash.c
index c07297e..2472ed1 100644
--- a/lib/tdb/common/hash.c
+++ b/lib/tdb/common/hash.c
@@ -374,7 +374,7 @@ static uint32_t hashlittle( const void *key, size_t length )
return c;
}
-unsigned int tdb_jenkins_hash(TDB_DATA *key)
+_PUBLIC_ unsigned int tdb_jenkins_hash(TDB_DATA *key)
{
return hashlittle(key-dptr, key-dsize);
}
diff --git a/lib/tdb/common/lock.c b/lib/tdb/common/lock.c
index 803feee..c6a2485 100644
--- a/lib/tdb/common/lock.c
+++ b/lib/tdb/common/lock.c
@@ -27,7 +27,7 @@
#include tdb_private.h
-void tdb_setalarm_sigptr(struct
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 050075f Add SeSecurityPrivilige.
from 915e419 tdb: Set _PUBLIC_ in C file rather than header files
(Debian bug 600898)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 050075f2162bda35728c878258a5b833fed37357
Author: Jeremy Allison j...@samba.org
Date: Thu Oct 21 12:16:45 2010 -0700
Add SeSecurityPrivilige.
Jeremy.
---
Summary of changes:
source3/include/privileges.h |2 ++
source3/lib/privileges_basic.c |2 ++
source3/lib/util_seaccess.c|6 +-
source3/smbd/nttrans.c | 10 ++
source3/smbd/open.c| 27 ++-
5 files changed, 21 insertions(+), 26 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/privileges.h b/source3/include/privileges.h
index 35fccd3..e30c988 100644
--- a/source3/include/privileges.h
+++ b/source3/include/privileges.h
@@ -61,6 +61,7 @@ typedef struct {
#define SE_BACKUP { { 0x0200, 0x, 0x,
0x } }
#define SE_RESTORE { { 0x0400, 0x, 0x,
0x } }
#define SE_TAKE_OWNERSHIP { { 0x0800, 0x, 0x,
0x } }
+#define SE_SECURITY{ { 0x1000, 0x, 0x,
0x } }
/* defined in lib/privilegs_basic.c */
@@ -74,6 +75,7 @@ extern const SE_PRIV se_disk_operators;
extern const SE_PRIV se_remote_shutdown;
extern const SE_PRIV se_restore;
extern const SE_PRIV se_take_ownership;
+extern const SE_PRIV se_security;
/*
diff --git a/source3/lib/privileges_basic.c b/source3/lib/privileges_basic.c
index c970478..5843895 100644
--- a/source3/lib/privileges_basic.c
+++ b/source3/lib/privileges_basic.c
@@ -46,6 +46,7 @@ const SE_PRIV se_disk_operators = SE_DISK_OPERATOR;
const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN;
const SE_PRIV se_restore = SE_RESTORE;
const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
+const SE_PRIV se_security = SE_SECURITY;
/
This is a list of privileges reported by a WIndows 2000 SP4 AD DC
@@ -106,6 +107,7 @@ PRIVS privs[] = {
{SE_PRINT_OPERATOR, SePrintOperatorPrivilege, Manage
printers, { 0x1001,0x0 }},
{SE_ADD_USERS, SeAddUsersPrivilege, Add users and
groups to the domain, { 0x1002,0x0 }},
{SE_DISK_OPERATOR, SeDiskOperatorPrivilege, Manage disk
shares, { 0x1003,0x0 }},
+ {SE_SECURITY, SeSecurityPrivilege, Manage
auditing and security log,{ 0x0008,0x0 }},
{SE_END, , , { 0x0, 0x0 }}
};
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index b81db43..a8b6ca5 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -179,17 +179,13 @@ NTSTATUS se_access_check(const struct security_descriptor
*sd,
bits_remaining));
}
-#if 0
- /* We need to support SeSecurityPrivilege for this. */
-
if (access_desired SEC_FLAG_SYSTEM_SECURITY) {
- if (user_has_privileges(token, sec_security)) {
+ if (user_has_privileges(token, se_security)) {
bits_remaining = ~SEC_FLAG_SYSTEM_SECURITY;
} else {
return NT_STATUS_PRIVILEGE_NOT_HELD;
}
}
-#endif
/* a NULL dacl allows access */
if ((sd-type SEC_DESC_DACL_PRESENT) sd-dacl == NULL) {
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index f0b6eb2..efa1e8b 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1836,6 +1836,16 @@ NTSTATUS smbd_do_query_security_desc(connection_struct
*conn,
* Get the permissions to return.
*/
+ if ((security_info_wanted SECINFO_SACL)
+ !(fsp-access_mask SEC_FLAG_SYSTEM_SECURITY)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if ((security_info_wanted (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP))
+ !(fsp-access_mask SEC_STD_READ_CONTROL)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
if (!lp_nt_acl_support(SNUM(conn))) {
status = get_null_nt_acl(mem_ctx, psd);
} else {
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 413bc6c..6f88ba8 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -2503,8 +2503,8 @@ static NTSTATUS open_directory(connection_struct *conn,
return status;
}
- /* We need to support SeSecurityPrivilege for this. */
- if (access_mask SEC_FLAG_SYSTEM_SECURITY) {
+ if
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c529317 Lowercase socket_wrapper name.
from 5785f08 s4-dsdb extended_dn_out: Move lazy dereference control
creation to lazy-init
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c529317fe2b48e045b35a613cfd1ad3f03b68435
Author: Jelmer Vernooij jel...@samba.org
Date: Thu Oct 21 21:43:13 2010 +0200
Lowercase socket_wrapper name.
Avoid linking against socket_wrapper outside of developer mode.
Autobuild-User: Jelmer Vernooij jel...@samba.org
Autobuild-Date: Thu Oct 21 20:26:11 UTC 2010 on sn-devel-104
---
Summary of changes:
lib/socket_wrapper/wscript |2 +-
lib/socket_wrapper/wscript_build|2 +-
lib/tdb/include/tdb.h |1 +
lib/tdb/tdb.exports |1 +
lib/tdb/tdb.signatures |1 +
source3/wscript_build |7 +++
source4/torture/local/wscript_build |2 +-
7 files changed, 9 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/socket_wrapper/wscript b/lib/socket_wrapper/wscript
index 9afd115..70474d7 100644
--- a/lib/socket_wrapper/wscript
+++ b/lib/socket_wrapper/wscript
@@ -11,5 +11,5 @@ def set_options(opt):
def configure(conf):
if (Options.options.enable_socket_wrapper or Options.options.developer or
Options.options.enable_selftest):
conf.DEFINE('SOCKET_WRAPPER', 1)
-conf.ADD_GLOBAL_DEPENDENCY('SOCKET_WRAPPER')
+conf.ADD_GLOBAL_DEPENDENCY('socket_wrapper')
diff --git a/lib/socket_wrapper/wscript_build b/lib/socket_wrapper/wscript_build
index a3546a0..e100ccc 100644
--- a/lib/socket_wrapper/wscript_build
+++ b/lib/socket_wrapper/wscript_build
@@ -1,6 +1,6 @@
#!/usr/bin/env python
-bld.SAMBA_LIBRARY('SOCKET_WRAPPER',
+bld.SAMBA_LIBRARY('socket_wrapper',
source='socket_wrapper.c',
group='base_libraries',
private_library=True,
diff --git a/lib/tdb/include/tdb.h b/lib/tdb/include/tdb.h
index 115c6fa..38d8197 100644
--- a/lib/tdb/include/tdb.h
+++ b/lib/tdb/include/tdb.h
@@ -101,6 +101,7 @@ void tdb_set_max_dead(struct tdb_context *tdb, int
max_dead);
int tdb_reopen(struct tdb_context *tdb);
int tdb_reopen_all(int parent_longlived);
+__attribute__((deprecated)) void tdb_logging_function(struct tdb_context *tdb,
tdb_log_func);
void tdb_set_logging_function(struct tdb_context *tdb, const struct
tdb_logging_context *log_ctx);
enum TDB_ERROR tdb_error(struct tdb_context *tdb);
const char *tdb_errorstr(struct tdb_context *tdb);
diff --git a/lib/tdb/tdb.exports b/lib/tdb/tdb.exports
index 73b8fd6..09b9a96 100644
--- a/lib/tdb/tdb.exports
+++ b/lib/tdb/tdb.exports
@@ -23,6 +23,7 @@
tdb_freelist_size;
tdb_get_flags;
tdb_get_logging_private;
+ tdb_logging_function;
tdb_get_seqnum;
tdb_hash_size;
tdb_increment_seqnum_nonblock;
diff --git a/lib/tdb/tdb.signatures b/lib/tdb/tdb.signatures
index 7706d18..1201077 100644
--- a/lib/tdb/tdb.signatures
+++ b/lib/tdb/tdb.signatures
@@ -56,6 +56,7 @@ void tdb_increment_seqnum_nonblock (struct tdb_context *);
void tdb_remove_flags (struct tdb_context *, unsigned int);
void tdb_setalarm_sigptr (struct tdb_context *, volatile sig_atomic_t *);
void tdb_set_logging_function (struct tdb_context *, const struct
tdb_logging_context *);
+void tdb_logging_function(struct tdb_context *tdb, tdb_log_func);
void tdb_set_max_dead (struct tdb_context *, int);
int tdb_check (struct tdb_context *, int (*) (TDB_DATA, TDB_DATA, void *),
void *);
TDB_DATA tdb_null;
diff --git a/source3/wscript_build b/source3/wscript_build
index e08218f..7516f7a 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -959,7 +959,6 @@ bld.SAMBA_LIBRARY('libsmbsharemodes',
bld.SAMBA_LIBRARY('libaddns',
source=LIBADDNS_SRC,
-deps='SOCKET_WRAPPER',
public_deps='talloc krb5 k5crypto com_err gssapi
gssapi_krb5',
private_library=True,
vars=locals())
@@ -1121,7 +1120,7 @@ bld.SAMBA_SUBSYSTEM('SMBD_BASE',
PARAM_WITHOUT_REG LIBS LIBSMB POPT_SAMBA KRBCLIENT AVAHI
LIBMSRPC_GEN LIBMSRPC LIBADS LIBADS_SERVER LIBADS_PRINTER
vfs vfs_default vfs_posixacl auth rpc LOCKING LIBAFS
LIBAFS_SETTOKEN PROFILE
-PRINTING PRINTBACKEND NDR_XATTR REGFIO SOCKET_WRAPPER
+PRINTING PRINTBACKEND NDR_XATTR REGFIO
LIBSMBCONF REG_FULL
''',
vars=locals())
@@ -1287,7 +1286,7 @@ bld.SAMBA_BINARY('smbclient',
source=CLIENT_SRC,
deps='''talloc tdb cap resolv POPT_SAMBA PASSDB LIBSMB
LIB_NONSMBD
Re: [SCM] Samba Shared Repository - branch master updated
Hi Jelmer, - Log - commit c529317fe2b48e045b35a613cfd1ad3f03b68435 Author: Jelmer Vernooij jel...@samba.org Date: Thu Oct 21 21:43:13 2010 +0200 Lowercase socket_wrapper name. Avoid linking against socket_wrapper outside of developer mode. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Thu Oct 21 20:26:11 UTC 2010 on sn-devel-104 --- Summary of changes: lib/socket_wrapper/wscript |2 +- lib/socket_wrapper/wscript_build|2 +- lib/tdb/include/tdb.h |1 + lib/tdb/tdb.exports |1 + lib/tdb/tdb.signatures |1 + diff --git a/lib/tdb/include/tdb.h b/lib/tdb/include/tdb.h index 115c6fa..38d8197 100644 --- a/lib/tdb/include/tdb.h +++ b/lib/tdb/include/tdb.h @@ -101,6 +101,7 @@ void tdb_set_max_dead(struct tdb_context *tdb, int max_dead); int tdb_reopen(struct tdb_context *tdb); int tdb_reopen_all(int parent_longlived); +__attribute__((deprecated)) void tdb_logging_function(struct tdb_context *tdb, tdb_log_func); void tdb_set_logging_function(struct tdb_context *tdb, const struct tdb_logging_context *log_ctx); enum TDB_ERROR tdb_error(struct tdb_context *tdb); const char *tdb_errorstr(struct tdb_context *tdb); diff --git a/lib/tdb/tdb.exports b/lib/tdb/tdb.exports index 73b8fd6..09b9a96 100644 --- a/lib/tdb/tdb.exports +++ b/lib/tdb/tdb.exports @@ -23,6 +23,7 @@ tdb_freelist_size; tdb_get_flags; tdb_get_logging_private; + tdb_logging_function; tdb_get_seqnum; tdb_hash_size; tdb_increment_seqnum_nonblock; diff --git a/lib/tdb/tdb.signatures b/lib/tdb/tdb.signatures index 7706d18..1201077 100644 --- a/lib/tdb/tdb.signatures +++ b/lib/tdb/tdb.signatures @@ -56,6 +56,7 @@ void tdb_increment_seqnum_nonblock (struct tdb_context *); void tdb_remove_flags (struct tdb_context *, unsigned int); void tdb_setalarm_sigptr (struct tdb_context *, volatile sig_atomic_t *); void tdb_set_logging_function (struct tdb_context *, const struct tdb_logging_context *); +void tdb_logging_function(struct tdb_context *tdb, tdb_log_func); void tdb_set_max_dead (struct tdb_context *, int); int tdb_check (struct tdb_context *, int (*) (TDB_DATA, TDB_DATA, void *), void *); TDB_DATA tdb_null; What have this tdb changes todo with the rest? metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c74ef7a waf: Mark the replacement zlib private so that it can build
on machine without a system zlib
via 4ea7d46 replace: use replace for non 'samba' compliant strptime
via 2d0ac59 replace: use a wrapper around strtoll if it didn't behave
as expected
from c529317 Lowercase socket_wrapper name.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c74ef7acf49f5e447373643c2e28c1dad56f451d
Author: Matthieu Patou m...@matws.net
Date: Fri Oct 22 01:01:53 2010 +0400
waf: Mark the replacement zlib private so that it can build on machine
without a system zlib
Autobuild-User: Matthieu Patou m...@samba.org
Autobuild-Date: Thu Oct 21 21:47:46 UTC 2010 on sn-devel-104
commit 4ea7d4694a8353fc55ecd12cb09b9c91ffde7b3f
Author: Matthieu Patou m...@matws.net
Date: Thu Oct 21 02:14:39 2010 +0400
replace: use replace for non 'samba' compliant strptime
commit 2d0ac59fcc490517b202180f49b178ab80c2534e
Author: Matthieu Patou m...@matws.net
Date: Thu Oct 21 00:13:54 2010 +0400
replace: use a wrapper around strtoll if it didn't behave as expected
---
Summary of changes:
lib/replace/replace.c | 50 +++-
lib/replace/replace.h | 12 +++
lib/replace/wscript | 36 +++
lib/zlib/wscript |1 +
4 files changed, 97 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index a00f705..5ecda92 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -3,6 +3,7 @@
replacement routines for broken systems
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Jelmer Vernooij 2005-2008
+ Copyright (C) Matthieu Patou 2010
** NOTE! The following LGPL license applies to the replace
** library. This does NOT imply that all of Samba is released
@@ -502,6 +503,7 @@ char *rep_strtok_r(char *s, const char *delim, char
**save_ptr)
}
#endif
+
#ifndef HAVE_STRTOLL
long long int rep_strtoll(const char *str, char **endptr, int base)
{
@@ -515,7 +517,29 @@ long long int rep_strtoll(const char *str, char **endptr,
int base)
# error You need a strtoll function
#endif
}
-#endif
+#else
+#ifdef HAVE_BSD_STRTOLL
+#ifdef HAVE_STRTOQ
+long long int rep_strtoll(const char *str, char **endptr, int base)
+{
+ long long int nb = strtoq(str, endptr, base);
+ /* In linux EINVAL is only returned if base is not ok */
+ if (errno == EINVAL) {
+ if (base == 0 || (base 1 base 37)) {
+ /* Base was ok so it's because we were not
+* able to make the convertion.
+* Let's reset errno.
+*/
+ errno = 0;
+ }
+ }
+ return nb;
+}
+#else
+#error You need the strtoq function
+#endif /* HAVE_STRTOQ */
+#endif /* HAVE_BSD_STRTOLL */
+#endif /* HAVE_STRTOLL */
#ifndef HAVE_STRTOULL
@@ -531,7 +555,29 @@ unsigned long long int rep_strtoull(const char *str, char
**endptr, int base)
# error You need a strtoull function
#endif
}
-#endif
+#else
+#ifdef HAVE_BSD_STRTOLL
+#ifdef HAVE_STRTOUQ
+long long int rep_strtoull(const char *str, char **endptr, int base)
+{
+ unsigned long long int nb = strtouq(str, endptr, base);
+ /* In linux EINVAL is only returned if base is not ok */
+ if (errno == EINVAL) {
+ if (base == 0 || (base 1 base 37)) {
+ /* Base was ok so it's because we were not
+* able to make the convertion.
+* Let's reset errno.
+*/
+ errno = 0;
+ }
+ }
+ return nb;
+}
+#else
+#error You need the strtouq function
+#endif /* HAVE_STRTOUQ */
+#endif /* HAVE_BSD_STRTOLL */
+#endif /* HAVE_STRTOULL */
#ifndef HAVE_SETENV
int rep_setenv(const char *name, const char *value, int overwrite)
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 10c7ee7..8f820a9 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -283,14 +283,26 @@ char *rep_strcasestr(const char *haystack, const char
*needle);
char *rep_strtok_r(char *s, const char *delim, char **save_ptr);
#endif
+
+
#ifndef HAVE_STRTOLL
+long long int rep_strtoll(const char *str, char **endptr, int base);
#define strtoll rep_strtoll
+#else
+#ifdef HAVE_BSD_STRTOLL
long long int rep_strtoll(const char *str, char **endptr, int base);
+#define strtoll rep_strtoll
+#endif
#endif
#ifndef HAVE_STRTOULL
#define strtoull rep_strtoull
unsigned long long int rep_strtoull(const char *str, char **endptr, int base);
+#else
+#ifdef HAVE_BSD_STRTOLL
+long long int rep_strtoull(const char
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2a00138 s4-dsdb/schema_syntax: Separate validation for numericoid
OID values
via 14cb61d asn1_tests: Implement negative unit-tests for
ber_write_OID_String()
via 6b63ad6 asn1: ber_write_OID_String() to be more picky about
supplied OID
from c74ef7a waf: Mark the replacement zlib private so that it can build
on machine without a system zlib
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2a001381e88b18b8612cdc2a40d9ea3c825548ea
Author: Kamen Mazdrashki kame...@samba.org
Date: Wed Oct 20 13:49:46 2010 +0300
s4-dsdb/schema_syntax: Separate validation for numericoid OID values
This implementation doesn't use prefixMap/Schema to validate
numericoid OIDs. We may not have this OID yet, so I see no point
checking schema for if we have it.
Side effect of using prefixMap/Schema for validating numericoids
is that we mistakenly add the OID to the prefixMap.
This led to a corrupted prefixMap in LDB.
Autobuild-User: Kamen Mazdrashki kame...@samba.org
Autobuild-Date: Thu Oct 21 23:32:26 UTC 2010 on sn-devel-104
commit 14cb61da8fe4fb24c3e066e5731d0be00ddb893b
Author: Kamen Mazdrashki kame...@samba.org
Date: Wed Oct 20 13:46:34 2010 +0300
asn1_tests: Implement negative unit-tests for ber_write_OID_String()
commit 6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f
Author: Kamen Mazdrashki kame...@samba.org
Date: Wed Oct 20 13:45:59 2010 +0300
asn1: ber_write_OID_String() to be more picky about supplied OID
Now function will check for invalid OID handling cases where:
- sub-identifier has invalid characters (non-digit)
- 'dot' separator found on unexpected place. For instance
'.' at start or end of the OID. Two '.' in a row.
---
Summary of changes:
lib/util/asn1.c |5 +++
lib/util/tests/asn1_tests.c | 22 +++
source4/dsdb/schema/schema_syntax.c | 50 --
3 files changed, 74 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 2a71f2f..21d4bd4 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -221,10 +221,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB
*blob, const char *OID)
char *newp;
int i;
+ if (!isdigit(*p)) return false;
v = strtoul(p, newp, 10);
if (newp[0] != '.') return false;
p = newp + 1;
+ if (!isdigit(*p)) return false;
v2 = strtoul(p, newp, 10);
if (newp[0] != '.') return false;
p = newp + 1;
@@ -237,9 +239,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB
*blob, const char *OID)
i = 1;
while (*p) {
+ if (!isdigit(*p)) return false;
v = strtoul(p, newp, 10);
if (newp[0] == '.') {
p = newp + 1;
+ /* check for empty last component */
+ if (!*p) return false;
} else if (newp[0] == '\0') {
p = newp;
} else {
diff --git a/lib/util/tests/asn1_tests.c b/lib/util/tests/asn1_tests.c
index b11e9d5..97f7756 100644
--- a/lib/util/tests/asn1_tests.c
+++ b/lib/util/tests/asn1_tests.c
@@ -64,6 +64,17 @@ static const struct oid_data oid_data_ok[] = {
},
};
+/* Data for successful OIDs conversions */
+static const char *oid_data_err[] = {
+ , /* empty OID */
+ .2.5.4.130, /* first sub-identifier is empty */
+ 2.5.4.130., /* last sub-identifier is empty */
+ 2..5.4.130, /* second sub-identifier is empty */
+ 2.5..4.130, /* third sub-identifier is empty */
+ 2.abc.4.130, /* invalid sub-identifier */
+ 2.5abc.4.130, /* invalid sub-identifier (alpha-numeric)*/
+};
+
/* Data for successful Partial OIDs conversions */
static const struct oid_data partial_oid_data_ok[] = {
{
@@ -104,6 +115,7 @@ static bool test_ber_write_OID_String(struct
torture_context *tctx)
mem_ctx = talloc_new(tctx);
+ /* check for valid OIDs */
for (i = 0; i ARRAY_SIZE(oid_data_ok); i++) {
torture_assert(tctx, ber_write_OID_String(mem_ctx, blob,
data[i].oid),
ber_write_OID_String failed);
@@ -117,6 +129,16 @@ static bool test_ber_write_OID_String(struct
torture_context *tctx)
data[i].oid, data[i].bin_oid));
}
+ /* check for invalid OIDs */
+ for (i = 0; i ARRAY_SIZE(oid_data_err); i++) {
+ torture_assert(tctx,
+ !ber_write_OID_String(mem_ctx, blob,
oid_data_err[i]),
+
