Re: [Samba] Samba 3.4 / 3.5: Printer settings not available for normal users
Am 18.01.2011 02:09, schrieb Jack Downes: I don't consider this one a problem and don't want this behavior to go away. Then I think, we have different problems. Here's a longer description of mine: Normally the admin uploads drivers to the samba server using the APW. Then the admin configures the printers (number of trays, etc.). And when users add a printer, the driver is downloaded to the workstation and the settings the admin made, are preconfigured. Some of this settings can only be set as admin, what makes sense (e. g. number of tray). Other settings the user can change (settings button in the general tab) like default tray, duplex,... The problem that came up in 3.4 and still exists, is that e. g. for Sharp MX-2600 drivers, the settings the admin made are not visible for normal users (like number of trays). So the user only sees 2 instead of 5 trays here. And the user have no way to change this, because it's greyed out. This is before/after switching to 3.4 or higher from the viewpoint of a normal user: https://bugzilla.samba.org/attachment.cgi?id=5961 If I grant SePrintOperatorPrivilege to the user, all settings are correct. But then he can administrate the printers. And this nobody really wants. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Sorting Filenames - SMB
Hello, I'm using samba 3.0.33-3.29.el5_5.1 on a linux system and accessing the shares on a windows 2k client. To me it looks like file names are not sorted when accessing them via samba shares, but it's works on samba 3.0.24 If i do a dir c: for instance filenames are sorted, but if I do the same on a samba share using a Visula Basic 6 program they are not sorted. This causes some problems for me and I'd like to know if there is a way to make either windows sort them on its own (not in the explorer, but for every programm accessing these shares! ) or make samba sort them before sending them to the windows machine. Any help is appreciated. Thanks in advance. -- -- Best Regards Francesco Alfano System Engineer Phone: +39 (091) 409092 Fax: +39 (091) 6766932 e-mail: c...@reroberto.it e-mail: edace...@yahoo.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind uselessly using up Idmap range in ldap
On 17/01/11 16:33, Gaiseric Vandal wrote: I started on samba 3.0.x and upgrades to 3.4.x.Still having only partial success myself.I have different ou objects in ldap for the allocation range and each trusted domain . My smb.conf (editted somewhat) is below. I would that the idmapping would be created in the correct OU for each domain. I also found that the idmap id would be allocated from the idmap alloc config range, regardless of the range specified for the particular domain. So the an idmap entry would be created for the TRUSTEDOMAIN1 in the ou=trusteddomain container but with a UID in the 3 range not the 4 range. Not sure if this provides any insight. Hi, This is what sernet told me: I had a lengthy discussion with the developer, who did (actually still does) the rewrite of the idmap code for 3.6 which is urgently needed. It turns out that there are much more limitations in the current code base than I thought. Actually allocation can only be done by a single idmap backend and that is the default backend. So, it seems that idmap alloc backend cannot be used any more. I am using the default backend as suggested here. Thanks Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. Transact is operated by Integrated Financial Arrangements plc Domain House, 5-7 Singer Street, London EC2A 4BQ Tel: (020) 7608 4900 Fax: (020) 7608 5300 (Registered office: as above; Registered in England and Wales under number: 3727592) Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba not knowing new users
What do you mean users are in smb.conf? ok, this was wrong. i meant there are the correct sections for my users. How are you creating the users? Can you see the user or users with pdbedit? i can see the users in my smbpasswd, but if i use pdbedit -L there are only a few users listed. i have to ask my buddy for errors when creating the users because this is done by script. after restarting service smbd my missing users are immediately able to log in but with pdbedit -L they are still not shown. so iam in doubt if there is an error when creating the user, but i will try to get further information. Thanks, Hajo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade from 3.0.14 to 3.5 causes slow login
Hi all. Don’t know if this has be asked before, but since I find many results about “processing delayed initial logon reply for client” but none that’s solves my problem I’m asking here. Due to need of adding Windows 7 machines to our domain, I must upgrade our good old samba 3.0.14+openldap setup. That’s causing some issues being the most obvious the fact that all logins from XP workstations started to take much longer, the logon scripts run much slower (increased from seconds to minutes), and that the nmbd file gets flooded with the “processing delayed initial logon reply for client” message. I didn’t change anything in the smb.conf file. Is there any config tweak that I’m missing? Here’s my conf file (this is for a BDC): # Global parameters [global] smb ports = 139 enable privileges = yes dos charset = 860 unix charset = utf-8 netbios name = si-lnx01 netbios aliases = netfiles-inf,netfiles-dsi,inf-lnx01,netprinters-dsi,netprinters-inf workgroup = INE server string = DC Informatica bind interfaces only = yes interfaces = (removed) min passwd length = 5 passdb backend = ldapsam:ldap://127.0.0.1 idmap backend = ldap:ldap://127.0.0.1 username map = /etc/samba/smbusers log level = 3 log file = /var/log/samba/log.%m max log size = 5000 name resolve order = wins lmhosts bcast time server = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd -m %u add group script = /usr/local/sbin/smbldap-groupadd -pa %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u add machine script = /usr/local/sbin/smbldap-useradd -w %u logon path = logon home = domain logons = yes os level = 33 preferred master = yes domain master = no local master = yes wins support = no wins server = (removed) ldap suffix = dc=ine,dc=pt ldap machine suffix = ou=Computers ldap user suffix = ou=users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = (removed) ldap ssl = no ldap delete dn = no ldap passwd sync = yes remote announce = (removed) remote browse sync = (removed) idmap uid = 1000-10 idmap gid = 1000-10 admin users = (removed) security = user template shell = /bin/false printer admin = (removed) load printers = Yes nt acl support = Yes printing = cups use client driver = No deadtime = 10 guest account = nobody dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no host msdfs = yes veto files = /lost+found/,aquota.group,aquota.user store dos attributes = yes Best Regards. Bruno Guerreiro Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) � destinada exclusivamente �s pessoas nela indicadas e tem natureza confidencial. Se receber esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e ficheiros, sem tomar conhecimento do respectivo conte�do e sem reproduzi-la ou divulg�-la. Confidentiality Warning: This e-mail message (and any attached files) is confidential and is intended solely for the use of the individual or entity to whom it is addressed. lf you are not the intended recipient of this message please notify the sender and delete and destroy all copies immediately. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba not knowing new users
so iam in doubt if there is an error when creating the user, but i will try to get further information. so, getting back with this information: script is adding sections to smbd.conf, creates systemuser by useradd and finally it is creating the samba-user by smbpasswd -sa my buddy tells there is no error etc. what could be the problem that some new users only work after restarting smbd service? it happens not every time... Thanks, Hajo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba not knowing new users
Is this server a PDC or standalone server? What is the backend for samba accounts? Do you create unix accounts first as well, or are you using winbind/idmap backend to allocate unix id's for the samba accounts. Do accounts show up with wbinfo -u ? On 01/18/2011 09:28 AM, Hajo Locke wrote: so iam in doubt if there is an error when creating the user, but i will try to get further information. so, getting back with this information: script is adding sections to smbd.conf, creates systemuser by useradd and finally it is creating the samba-user by smbpasswd -sa my buddy tells there is no error etc. what could be the problem that some new users only work after restarting smbd service? it happens not every time... Thanks, Hajo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to minimize authentication traffic
Hi, i have to set up a new server far away from home. At the central i have a Win 2008 native AD server with a samba AD member. Now i have to install a new server at an other location with a 1 Mbit/s connection. I don't know yet how reliable the connection will be. The users faraway should not need to manual authenticate to fileservers in the Central. What would you recommend? I thought about an new domain with domain trusts. Or should i make it just an AD member (what happens if the AD Server is not reachable?) I think an other setup i have done years before (PDC -LDAP -[P|B]DC) will not work with AD. Any suggestions? Thanks Andreas -- Andreas Grabner +43 676 840 775 101 andr...@vianova.cc Via Nova Mediendesign GmbH Augasse 24 A- 7400 oberwart +4333 52 / 32 860 www.vianova.cc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to minimize authentication traffic
--- Original message --- Subject: [Samba] How to minimize authentication traffic From: Andreas Grabner andr...@vianova.cc To: samba@lists.samba.org Date: Tuesday, 18/01/2011 8:28 AM Hi, i have to set up a new server far away from home. At the central i have a Win 2008 native AD server with a samba AD member. Now i have to install a new server at an other location with a 1 Mbit/s connection. I don't know yet how reliable the connection will be. The users faraway should not need to manual authenticate to fileservers in the Central. What would you recommend? I thought about an new domain with domain trusts. Or should i make it just an AD member (what happens if the AD Server is not reachable?) I think an other setup i have done years before (PDC -LDAP -[P|B]DC) will not work with AD. If you don't need exchange you could try a Samba4 AD joined server and local DNS. Depending on the size of the sattelite location YMMV. For a large critical production environment, your best bet at this time would of course be another M$ server. Any suggestions? Thanks Andreas -- Andreas Grabner +43 676 840 775 101 andr...@vianova.cc Via Nova Mediendesign GmbH Augasse 24 A- 7400 oberwart +4333 52 / 32 860 http://www.vianova.cc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to minimize authentication traffic
You should be able to have a Samba PDC in the faraway site and set up trusts with the AD PDC in the central site. If the faraway users don't need to access files on the central server, than you probably don't even need trusts. On 01/18/2011 11:33 AM, t...@tms3.com wrote: --- Original message --- Subject: [Samba] How to minimize authentication traffic From: Andreas Grabner andr...@vianova.cc To: samba@lists.samba.org Date: Tuesday, 18/01/2011 8:28 AM Hi, i have to set up a new server far away from home. At the central i have a Win 2008 native AD server with a samba AD member. Now i have to install a new server at an other location with a 1 Mbit/s connection. I don't know yet how reliable the connection will be. The users faraway should not need to manual authenticate to fileservers in the Central. What would you recommend? I thought about an new domain with domain trusts. Or should i make it just an AD member (what happens if the AD Server is not reachable?) I think an other setup i have done years before (PDC -LDAP -[P|B]DC) will not work with AD. If you don't need exchange you could try a Samba4 AD joined server and local DNS. Depending on the size of the sattelite location YMMV. For a large critical production environment, your best bet at this time would of course be another M$ server. Any suggestions? Thanks Andreas -- Andreas Grabner +43 676 840 775 101 andr...@vianova.cc Via Nova Mediendesign GmbH Augasse 24 A- 7400 oberwart +4333 52 / 32 860 http://www.vianova.cc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question on how to get Samba to use larger pread/write calls.
On 17 January 2011 08:14, Chris Duffy c...@small-tree.com wrote: We are testing Samba 3 (and 4) on Fedora Core 13, 10Gbit connection with a Mac OS 10.6.4 system as the client. We will be adding some Windows machines sooner or later with 10Gbit interfaces. We are seeing 100-150MBytes/sec read or write performance between the Mac and the FC13 system over 10Gbit interface but it should be capable of 400-500MBytes/sec. We have a local raid on the FC13 system that runs 1GByte/sec locally using an Areca 1880-ix-16 raid card (6Gbit version). It has 16 fast Hitachi disks in a Raid5 format using xfs filesystem. The problem here is that samba is poking the Areca at 128KByte I/O's on preads and writes, i.e. shown to us using strace on the smbd daemons that are running. Using vmstat/iostat/sar utilities, we see 100% utilization of the Areca card because the average wait time is real high and the average queue length to it is also high..too many small I/O's. This is not the case if I run fio or dd locally to/from the Areca's raid using 1-4MByte I/O's. I see fast I/O... I do not see any way to increase the size of Samba's pread/write's in the smb.conf documentation. I am sure it may be just a matter of getting the source code and making some changes to allow larger sized IO's butand of course I suppose Windows clients may complain but I remember that back in the old Irix days with the group of engineers in Australia I worked with, we had Samba screaming fast but not sure if they tweaked the version of Samba on Irix to do this. Hi Chris :) IIRC, we used a carefully tweaked read ahead module to make sure that I/Os were hitting the disks properly aligned and of reasonable size. http://www.samba.org/samba/docs/man/manpages-3/vfs_readahead.8.html Can you guys come up with a way for us to allow the reads/writes to/from the disks to be tunable up to say 4MB in size? Thx chris duffy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] What version plays well with Windows 7?
I am currently running version 3.3.2 on an older Fedora machine that works just fine with XP. I am trying to get a Win7 machine to work but keep getting trust relationship errors on the final step in the configuration on the Win machine. This is the error in the logs: Jan 17 18:51:00 yoda smbd[32288]: _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client HPLAP machine account HPLAP$ Jan 17 18:51:00 yoda smbd[32288]: [2011/01/17 18:51:00, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546) I installed the reg hacks to no avail. I have read some conflicting reports as to the minimum version that works with Win 7 but what is the official answer? Is it 3.4? Thanks in advance... Ed -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What version plays well with Windows 7?
Hello Ed, I don't have the answer to your question, but have you also installed the hotfix listed here: http://wiki.samba.org/index.php/Windows7? (maybe that page has the official answer, i.e. 3.3+? :)) - Farhan On Tue, Jan 18, 2011 at 12:14 PM, Ed Kasky e...@esson.net wrote: I am currently running version 3.3.2 on an older Fedora machine that works just fine with XP. I am trying to get a Win7 machine to work but keep getting trust relationship errors on the final step in the configuration on the Win machine. This is the error in the logs: Jan 17 18:51:00 yoda smbd[32288]: _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client HPLAP machine account HPLAP$ Jan 17 18:51:00 yoda smbd[32288]: [2011/01/17 18:51:00, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546) I installed the reg hacks to no avail. I have read some conflicting reports as to the minimum version that works with Win 7 but what is the official answer? Is it 3.4? Thanks in advance... Ed -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] LDAP PDC: Can join domain, but cannot login afterwards.
Hi, I am setting up a PDC with LDAP, but having no luck with it. Basically, the Win XP computer successfully joins the domain, but after restarting when I try to login it says The system cannot log you on now because the domain THEBITGURU.LAN is not available. I am running a Ubuntu 10.10 server with Samba 3.5.4 and OpenLDAP 2.4.3 (slapd). I have compressed all of the samba logs (/var/log/samba) files along with the smb.conf: http://www.thebitguru.com/site_media/uploads/samba_troubleshooting.tar.gz I turned up the logging (log level = 4) and created a folder with the log files after each step. Below is what I have gathered so far about the different steps. *Relevant Notes* 1. I installed ClearOS on another virtual machine and set it up as a PDC. This same WinXP virtual machine successfully joined that domain and was able to login without any issues. So, I am concluding that the client is setup correctly. 1. I even tried comparing the smb.conf files and updating the one my actual server, but no luck. 2. Another Windows 7 machine with the changes listed on http://wiki.samba.org/index.php/Windows7 behaves similarly, i.e. cannot login after joining the domain. 3. I can mount the share (\\visionary\shared) served by this server on both WinXP and Windows 7 without any issues. This tells me that the authentication with the LDAP server is working OK. * * *Domain Join (log files in after_domain_join folder)* 1. Note how the sending machine correctly sent the user and domains in this case. [2011/01/18 10:24:35.521835, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth) Got user=[root] domain=[THEBITGURU.LAN] workstation=[VIRTUALXP-32744] len1=24 len2=24 2. Also, note that the user authentication and mapping seemed to work OK in this case. [2011/01/18 10:24:35.521954, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [THEBITGURU.LAN]\[root]@[VIRTUALXP-32744] . . . [2011/01/18 10:24:35.523891, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: root 3. Even though the Win XP system says that it joined the domain OK, the following output in the log file seems suspicious. This is at the end of log.virtualxp-32744. [2011/01/18 10:24:36.932921, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2011/01/18 10:24:36.933031, 3] smbd/server.c:906(exit_server_common) Server exit (failed to receive smb request) *First Failed Login** (log files in after_first_failed_login folder)* 1. Unlike #1 above, in this case we neither see the user nor the domain. I think this is where the problem lies. [2011/01/18 10:26:01.920055, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth) Got user=[] domain=[] workstation=[VIRTUALXP-32744] len1=1 len2=0 2. The server still falls back to the domain, but still no user. [2011/01/18 10:26:01.920172, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [THEBITGURU.LAN]\[]@[VIRTUALXP-32744] 3. So it goes looking for the guest user. [2011/01/18 10:26:01.922536, 3] auth/auth.c:265(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded 4. There might be other weird things, for instance, the Server exit (failed to receive smb request) message, but I can figure out the issue with #1 then I am thinking that the rest will be fixed. I have tried a lot of stuff, but haven't had any luck. What should I do next to fix this issue? Thanks! Farhan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
Hello, I'm trying to use samba v3.3.8 on Centos 5.5 to act as a PDC, using ldap as the backend for users, groups, and computers. The ldap I'm using is Centos Directory Server v8.1. The setting is a new, never used before, installation of samba and ldap. There are no users other than what exists by default after a Centos install. The smb.conf contains what is my best guess for the desired goal. The problem at the moment (besides having to guess at what to put in smb.conf - see below) is that smbd exits about 2 minutes after I start it. Here are what I think are the relevant bits from the log.smbd: [2011/01/18 13:40:42, 2] lib/smbldap_util.c:smbldap_search_domain_info(277) smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=CHI))] [2011/01/18 13:40:42, 2] lib/smbldap.c:smbldap_open_connection(856) smbldap_open_connection: connection opened [2011/01/18 13:40:42, 3] lib/smbldap.c:smbldap_connect_system(1067) ldap_connect_system: successful connection to the LDAP server [2011/01/18 13:40:42, 4] lib/smbldap.c:smbldap_open(1143) The LDAP server is successfully connected [2011/01/18 13:41:12, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1519) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2011/01/18 13:41:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=0)) [2011/01/18 13:42:12, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2011/01/18 13:42:27, 3] groupdb/mapping.c:pdb_create_builtin_alias(786) pdb_create_builtin_alias: Could not get a gid out of winbind [2011/01/18 13:42:27, 2] auth/token_util.c:create_local_nt_token(450) WARNING: Failed to create BUILTIN\Administrators group! Can Winbind allocate gids? [2011/01/18 13:42:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2011/01/18 13:43:12, 1] passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2871) User account [nobody] not found! [2011/01/18 13:43:12, 0] smbd/server.c:main(1404) ERROR: failed to setup guest info. winbind is running. log.winbindd contains nothing useful to me. log.winbindd-idmap contains lines suggesting it can't bind to the ldap server: 2011/01/18 13:42:41, 2] lib/smbldap.c:smbldap_connect_system(1052) failed to bind to server ldap://localhost with dn=uid=samba,ou=Special Users, dc=infinityhealthcare,dc=com Error: Invalid credentials and [2011/01/18 13:42:49, 1] lib/smbldap.c:another_ldap_try(1231) Connection to LDAP server failed for the 8 try! Why doesn't the smbd log say something equivalent? In fact, it suggests the opposite, saying that The LDAP server is successfully connected. I did set the samba admin dn's password with the command smbpasswd -W before starting either winbindd or smbd, and also verified that it is correct using the command ldapsearch -x -h localhost -s sub -b ou=people,dc=infinityhealthcare,dc=com -Duid=samba,ou=Special Users,dc=infinityhealthcare,dc=com -W. Any ideas or suggestions? Thanks, Jon The rest of this email is my smb.conf: = [global] workgroup = CHI server string = Samba Server Version %v netbios name = SAMBAPDC log file = /var/log/samba/log.%m log level = 4 max log size = 50 security = user passdb backend = ldapsam:ldap://localhost domain master = yes preferred master = yes domain logons = yes logon drive = N: logon path = \\%L\Profiles\%u logon script = %u.bat ldap admin dn = uid=samba,ou=Special Users,dc=infinityhealthcare,dc=com ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = out=IDmap ldap machine suffix = ou=Computers ldap suffix = dc=infinityhealthcare,dc=com ldap delete dn = no ldapsam:trusted = yes ldapsam:editposix = yes ldap ssl = off idmap backend = ldap:ldap://localhost idmap uid = 5000-5 idmap gid = 5000-5 winbind enum groups = yes winbind nested groups = yes template shell = /sbin/nologin template homedir = /home/%D/%U winbind use default domain = yes wins support = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
On 18/01/11 20:04, Jon Detert wrote: ldap idmap suffix = out=IDmap Could the out instead of ou be your issue? Cheers Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. Transact is operated by Integrated Financial Arrangements plc Domain House, 5-7 Singer Street, London EC2A 4BQ Tel: (020) 7608 4900 Fax: (020) 7608 5300 (Registered office: as above; Registered in England and Wales under number: 3727592) Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
Nt- I don't use the ldapsam:editposix option myself, if I understand it correctly it means you don't have to precreate the underlying unix accounts. However, I believe you still need to do the following Create a samba Administrator account Create samba Domain Admins and Domain Users groups. Explicitly specify the uid or username for the guest user. Set ldap password for the idmap backend (net idmap secret thedomain ) smbpasswd -w sets the ldap password samba to access ldap for users and groups. But idmap needs the ldap password set as well eg. net idmap secret MYDOMAIN net idmap secret alloc I don't know if when using the ldapsam:editposix option you can use smbpasswd to create the user accounts. Also, I used net groupmap add to create the mappings between the samba Domain Admins group and the unix group by the same name. If it were me, I would also create local unix groups for Domain Admins (e.g. with gid 512), Domain Users etc and then use net groupmap to map the unix gids to the Windows well known id's. net groupmap add ntgroup=Domain Admins unixgroup=512 rid=512 type=domain net groupmap add ntgroup=Domain Users unixgroup=513 rid=513 type=domain net groupmap add ntgroup=Domain Guests unixgroup=514 rid=514 type=domain net groupmap add ntgroup=Domain Computers unixgroup=515 rid=515 type=domain net groupmap add ntgroup=Domain Controllers unixgroup=516 rid=516 type=domain I would create a unix Administrator user in the Domain Admins group then use smbpasswd to create the samba Administrator account. I use Apache Directory Studio for browsing and editing ldap entries. You may find having a GUI ldap browser and editor really useful. You should be able to tell if your LDAP groups have unix gids and samba sids. This way you can get basic functionality working, then you can start troubleshooting windbind and idmap . On 01/18/2011 03:04 PM, Jon Detert wrote: Hello, I'm trying to use samba v3.3.8 on Centos 5.5 to act as a PDC, using ldap as the backend for users, groups, and computers. The ldap I'm using is Centos Directory Server v8.1. The setting is a new, never used before, installation of samba and ldap. There are no users other than what exists by default after a Centos install. The smb.conf contains what is my best guess for the desired goal. The problem at the moment (besides having to guess at what to put in smb.conf - see below) is that smbd exits about 2 minutes after I start it. Here are what I think are the relevant bits from the log.smbd: [2011/01/18 13:40:42, 2] lib/smbldap_util.c:smbldap_search_domain_info(277) smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=CHI))] [2011/01/18 13:40:42, 2] lib/smbldap.c:smbldap_open_connection(856) smbldap_open_connection: connection opened [2011/01/18 13:40:42, 3] lib/smbldap.c:smbldap_connect_system(1067) ldap_connect_system: successful connection to the LDAP server [2011/01/18 13:40:42, 4] lib/smbldap.c:smbldap_open(1143) The LDAP server is successfully connected [2011/01/18 13:41:12, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1519) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2011/01/18 13:41:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=0)) [2011/01/18 13:42:12, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2011/01/18 13:42:27, 3] groupdb/mapping.c:pdb_create_builtin_alias(786) pdb_create_builtin_alias: Could not get a gid out of winbind [2011/01/18 13:42:27, 2] auth/token_util.c:create_local_nt_token(450) WARNING: Failed to create BUILTIN\Administrators group! Can Winbind allocate gids? [2011/01/18 13:42:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2011/01/18 13:43:12, 1] passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2871) User account [nobody] not found! [2011/01/18 13:43:12, 0] smbd/server.c:main(1404) ERROR: failed to setup guest info. winbind is running. log.winbindd contains nothing useful to me. log.winbindd-idmap contains lines suggesting it can't bind to the ldap server: 2011/01/18 13:42:41, 2] lib/smbldap.c:smbldap_connect_system(1052) failed to bind to server ldap://localhost with dn=uid=samba,ou=Special Users, dc=infinityhealthcare,dc=com Error: Invalid credentials and [2011/01/18 13:42:49, 1] lib/smbldap.c:another_ldap_try(1231) Connection to LDAP server failed for the 8 try! Why doesn't the smbd log say something equivalent? In fact, it suggests the opposite, saying that The LDAP server is successfully connected. I did set the samba admin dn's password with the command smbpasswd -W before starting either winbindd
Re: [Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
On Tue, Jan 18, 2011 at 2:25 PM, Alex Crow ac...@integrafin.co.uk wrote: On 18/01/11 20:04, Jon Detert wrote: ldap idmap suffix = out=IDmap Could the out instead of ou be your issue? wow, thanks. However, sadly, sloppiness is not my only issue. I fixed that typo, restarted winbindd and smbd, but smbd still dies with the same messages. Am I missing a step I was supposed to do which would have created some default, expected, groups and users to exist? - Jon Cheers Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. Transact is operated by Integrated Financial Arrangements plc Domain House, 5-7 Singer Street, London EC2A 4BQ Tel: (020) 7608 4900 Fax: (020) 7608 5300 (Registered office: as above; Registered in England and Wales under number: 3727592) Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
On Tue, Jan 18, 2011 at 2:35 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Nt- I don't use the ldapsam:editposix option myself, if I understand it correctly it means you don't have to precreate the underlying unix accounts. That is my understanding as well. I've never used it before, however. However, I believe you still need to do the following Create a samba Administrator account Create samba Domain Admins and Domain Users groups. Explicitly specify the uid or username for the guest user. Set ldap password for the idmap backend (net idmap secret thedomain ) the log messages tend to support this belief. smbpasswd -w sets the ldap password samba to access ldap for users and groups. But idmap needs the ldap password set as well eg. I don't understand that. There is no separate idmap process, afaik. Why can't the 'idmap' functionality get the same ldap credentials that smbd and winbindd evidently get from the smb.conf and the secrets.tdb files? net idmap secret MYDOMAIN net idmap secret alloc In any case, I tried the above, and got the same error for both command : The only currently supported backend is LDAP My smb.conf has a line expressly saying idmap backend = ldap:ldap://localhost;. Does smbd have to be running before running the 'net idmap' commands? If so, I'm screwed, cuz now that I fixed the 'out=IDmap' typo, smbd dies immediately after trying to start it. Ideas? Thanks, Jon I don't know if when using the ldapsam:editposix option you can use smbpasswd to create the user accounts. Also, I used net groupmap add to create the mappings between the samba Domain Admins group and the unix group by the same name. If it were me, I would also create local unix groups for Domain Admins (e.g. with gid 512), Domain Users etc and then use net groupmap to map the unix gids to the Windows well known id's. net groupmap add ntgroup=Domain Admins unixgroup=512 rid=512 type=domain net groupmap add ntgroup=Domain Users unixgroup=513 rid=513 type=domain net groupmap add ntgroup=Domain Guests unixgroup=514 rid=514 type=domain net groupmap add ntgroup=Domain Computers unixgroup=515 rid=515 type=domain net groupmap add ntgroup=Domain Controllers unixgroup=516 rid=516 type=domain I would create a unix Administrator user in the Domain Admins group then use smbpasswd to create the samba Administrator account. I use Apache Directory Studio for browsing and editing ldap entries. You may find having a GUI ldap browser and editor really useful. You should be able to tell if your LDAP groups have unix gids and samba sids. This way you can get basic functionality working, then you can start troubleshooting windbind and idmap . On 01/18/2011 03:04 PM, Jon Detert wrote: Hello, I'm trying to use samba v3.3.8 on Centos 5.5 to act as a PDC, using ldap as the backend for users, groups, and computers. The ldap I'm using is Centos Directory Server v8.1. The setting is a new, never used before, installation of samba and ldap. There are no users other than what exists by default after a Centos install. The smb.conf contains what is my best guess for the desired goal. The problem at the moment (besides having to guess at what to put in smb.conf - see below) is that smbd exits about 2 minutes after I start it. Here are what I think are the relevant bits from the log.smbd: [2011/01/18 13:40:42, 2] lib/smbldap_util.c:smbldap_search_domain_info(277) smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=CHI))] [2011/01/18 13:40:42, 2] lib/smbldap.c:smbldap_open_connection(856) smbldap_open_connection: connection opened [2011/01/18 13:40:42, 3] lib/smbldap.c:smbldap_connect_system(1067) ldap_connect_system: successful connection to the LDAP server [2011/01/18 13:40:42, 4] lib/smbldap.c:smbldap_open(1143) The LDAP server is successfully connected [2011/01/18 13:41:12, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1519) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2011/01/18 13:41:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=0)) [2011/01/18 13:42:12, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2011/01/18 13:42:27, 3] groupdb/mapping.c:pdb_create_builtin_alias(786) pdb_create_builtin_alias: Could not get a gid out of winbind [2011/01/18 13:42:27, 2] auth/token_util.c:create_local_nt_token(450) WARNING: Failed to create BUILTIN\Administrators group! Can Winbind allocate gids? [2011/01/18 13:42:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2011/01/18 13:43:12, 1]
Re: [Samba] What version plays well with Windows 7?
On 01/18/2011 11:17, Farhan Ahmad wrote: Hello Ed, I don't have the answer to your question, but have you also installed the hotfix listed here: http://wiki.samba.org/index.php/Windows7? (maybe that page has the official answer, i.e. 3.3+? :)) - Farhan On Tue, Jan 18, 2011 at 12:14 PM, Ed Kaskye...@esson.net wrote: I am currently running version 3.3.2 on an older Fedora machine that works just fine with XP. I am trying to get a Win7 machine to work but keep getting trust relationship errors on the final step in the configuration on the Win machine. This is the error in the logs: Jan 17 18:51:00 yoda smbd[32288]: _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client HPLAP machine account HPLAP$ Jan 17 18:51:00 yoda smbd[32288]: [2011/01/17 18:51:00, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546) I installed the reg hacks to no avail. I have read some conflicting reports as to the minimum version that works with Win 7 but what is the official answer? Is it 3.4? Thanks in advance... Ed -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba We've got a mix of Windows XP Pro (90%) clients, and Windows 7 Pro at our facility. We have no issues with authentication with Samba 3.4.9 and 3.5.6. The machine is configured as a domain member though with MS AD servers running the show. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Compiler error while building Samba 3.5.6
I am trying to build Samba 3.5.6 on an HP-UX 11.11 system, and I get this error: Compiling libsmb/libsmb_thread_impl.c In file included from ./../nsswitch/winbind_nss.h:54, from ./../nsswitch/winbind_nss_config.h:49, from ./../nsswitch/winbind_client.h:1, from include/includes.h:681, from libsmb/libsmb_thread_impl.c:20: ./../nsswitch/winbind_nss_hpux.h:133: error: field '__h_errno' declared as a function I'm using gcc (4.2.3) and GNU make (3.8.2) to do this. Any ideas as to what I might do to fix this? Thanks. Stan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
On 18/01/11 21:08, Jon Detert wrote: On Tue, Jan 18, 2011 at 2:35 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Nt- I don't use the ldapsam:editposix option myself, if I understand it correctly it means you don't have to precreate the underlying unix accounts. That is my understanding as well. I've never used it before, however. I've not tried it, I'm not even sure if it really works. Has anyone on the list used such a config in production? However, I believe you still need to do the following Create a samba Administrator account Create samba Domain Admins and Domain Users groups. Explicitly specify the uid or username for the guest user. Set ldap password for the idmap backend (net idmap secret thedomain ) the log messages tend to support this belief. You can create them yourself, but if you want an easier life, see the end of this post (smbldap-tools) smbpasswd -w sets the ldap password samba to access ldap for users and groups. But idmap needs the ldap password set as well eg. It doesn't. smbpasswd -w is sufficient. I don't understand that. There is no separate idmap process, afaik. Why can't the 'idmap' functionality get the same ldap credentials that smbd and winbindd evidently get from the smb.conf and the secrets.tdb files? net idmap secret MYDOMAIN net idmap secret alloc You do *not* need this is the you are not using explicit idmap alloc, just the default idmap range. idmap alloc is apparently not working. In any case, I tried the above, and got the same error for both command : The only currently supported backend is LDAP My smb.conf has a line expressly saying idmap backend = ldap:ldap://localhost;. Does smbd have to be running before running the 'net idmap' commands? If so, I'm screwed, cuz now that I fixed the 'out=IDmap' typo, smbd dies immediately after trying to start it. You should leave the config as is. smbd really should not die. Are you sure smbd is not still running? Did you join your own domain on the PDC (eg net rpc join -S localhost)? Ideas? Thanks, Jon I think you need to use the smbldap-tools. Once configured correctly they will prepopulate your LDAP tree for for you. There should be packages in the repos for most distros. Cheers Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. Transact is operated by Integrated Financial Arrangements plc Domain House, 5-7 Singer Street, London EC2A 4BQ Tel: (020) 7608 4900 Fax: (020) 7608 5300 (Registered office: as above; Registered in England and Wales under number: 3727592) Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] UID Matching
Good afternoon... Currently my Unix and Windows UID's don't match, nowhere close to it. I use AD for the Windows side of the house from a Win2K8 Server and I still use NIS for the Unix/Linux side of the house. I don't do single sign-on yet, so everyone in the building has a Windows account and a Unix account with two different UID's, but the same username. Now, I'm at a point where I need to share a filesystem from a Samba server to Windows, but it also needs to be accessible via NFS to the Unix users at the same time. What is the best way to do this and get some cohesion between the UID's??? I was thinking I could extend AD with the Unix stuff but then stopped and realized I'd be better of asking the world than guessing, in a production environment. Thanks! -b -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
On Tuesday 18 January 2011 4:08:36 pm Jon Detert wrote: On Tue, Jan 18, 2011 at 2:35 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Nt- I don't use the ldapsam:editposix option myself, if I understand it correctly it means you don't have to precreate the underlying unix accounts. That is my understanding as well. I've never used it before, however. However, I believe you still need to do the following Create a samba Administrator account Create samba Domain Admins and Domain Users groups. Explicitly specify the uid or username for the guest user. Set ldap password for the idmap backend (net idmap secret thedomain ) the log messages tend to support this belief. smbpasswd -w sets the ldap password samba to access ldap for users and groups. But idmap needs the ldap password set as well eg. I don't understand that. There is no separate idmap process, afaik. Why can't the 'idmap' functionality get the same ldap credentials that smbd and winbindd evidently get from the smb.conf and the secrets.tdb files? net idmap secret MYDOMAIN net idmap secret alloc In any case, I tried the above, and got the same error for both command : The only currently supported backend is LDAP My smb.conf has a line expressly saying idmap backend = ldap:ldap://localhost;. Does smbd have to be running before running the 'net idmap' commands? If so, I'm screwed, cuz now that I fixed the 'out=IDmap' typo, smbd dies immediately after trying to start it. Ideas? Thanks, Jon I don't know if when using the ldapsam:editposix option you can use smbpasswd to create the user accounts. Also, I used net groupmap add to create the mappings between the samba Domain Admins group and the unix group by the same name. If it were me, I would also create local unix groups for Domain Admins (e.g. with gid 512), Domain Users etc and then use net groupmap to map the unix gids to the Windows well known id's. net groupmap add ntgroup=Domain Admins unixgroup=512 rid=512 type=domain net groupmap add ntgroup=Domain Users unixgroup=513 rid=513 type=domain net groupmap add ntgroup=Domain Guests unixgroup=514 rid=514 type=domain net groupmap add ntgroup=Domain Computers unixgroup=515 rid=515 type=domain net groupmap add ntgroup=Domain Controllers unixgroup=516 rid=516 type=domain I would create a unix Administrator user in the Domain Admins group then use smbpasswd to create the samba Administrator account. I use Apache Directory Studio for browsing and editing ldap entries. You may find having a GUI ldap browser and editor really useful. You should be able to tell if your LDAP groups have unix gids and samba sids. This way you can get basic functionality working, then you can start troubleshooting windbind and idmap . On 01/18/2011 03:04 PM, Jon Detert wrote: Hello, I'm trying to use samba v3.3.8 on Centos 5.5 to act as a PDC, using ldap as the backend for users, groups, and computers. The ldap I'm using is Centos Directory Server v8.1. The setting is a new, never used before, installation of samba and ldap. There are no users other than what exists by default after a Centos install. The smb.conf contains what is my best guess for the desired goal. The problem at the moment (besides having to guess at what to put in smb.conf - see below) is that smbd exits about 2 minutes after I start it. Here are what I think are the relevant bits from the log.smbd: [2011/01/18 13:40:42, 2] lib/smbldap_util.c:smbldap_search_domain_inf o(277) smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomain Name=CHI))] [2011/01/18 13:40:42, 2] lib/smbldap.c:smbldap_open_connection(856) smbldap_open_connection: connection opened [2011/01/18 13:40:42, 3] lib/smbldap.c:smbldap_connect_system(1067) ldap_connect_system: successful connection to the LDAP server [2011/01/18 13:40:42, 4] lib/smbldap.c:smbldap_open(1143) The LDAP server is successfully connected [2011/01/18 13:41:12, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1519) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2011/01/18 13:41:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber= 0)) [2011/01/18 13:42:12, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(sambaSID=S -1-5-32-544)) [2011/01/18 13:42:27, 3] groupdb/mapping.c:pdb_create_builtin_alias(7 86) pdb_create_builtin_alias: Could not get a gid out of winbind [2011/01/18 13:42:27, 2] auth/token_util.c:create_local_nt_token(450) WARNING: Failed to create BUILTIN\Administrators group! Can Winbind allocate gids? [2011/01/18 13:42:57, 4]
Re: [Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
I use idmap backend to support domain trusts. I have a OU in ldap for unix uid (or gid) to samba sid mappings for each trusted domain. I also have an ou for alloc which is where the next available uid and gid params are supported. Each of these required LDAP account and password being specifically set. I don't know if this applies to idmap used for in your case. I think the idmap stuff is handled by winbind not smbd, but not sure. Try temporarily disabling all the winbind/idmap stuff and see if you can get it started. On 01/18/2011 04:08 PM, Jon Detert wrote: On Tue, Jan 18, 2011 at 2:35 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Nt- I don't use the ldapsam:editposix option myself, if I understand it correctly it means you don't have to precreate the underlying unix accounts. That is my understanding as well. I've never used it before, however. However, I believe you still need to do the following Create a samba Administrator account Create samba Domain Admins and Domain Users groups. Explicitly specify the uid or username for the guest user. Set ldap password for the idmap backend (net idmap secret thedomain ) the log messages tend to support this belief. smbpasswd -w sets the ldap password samba to access ldap for users and groups. But idmap needs the ldap password set as well eg. I don't understand that. There is no separate idmap process, afaik. Why can't the 'idmap' functionality get the same ldap credentials that smbd and winbindd evidently get from the smb.conf and the secrets.tdb files? net idmap secret MYDOMAIN net idmap secret alloc In any case, I tried the above, and got the same error for both command : The only currently supported backend is LDAP My smb.conf has a line expressly saying idmap backend = ldap:ldap://localhost;. Does smbd have to be running before running the 'net idmap' commands? If so, I'm screwed, cuz now that I fixed the 'out=IDmap' typo, smbd dies immediately after trying to start it. Ideas? Thanks, Jon I don't know if when using the ldapsam:editposix option you can use smbpasswd to create the user accounts. Also, I used net groupmap add to create the mappings between the samba Domain Admins group and the unix group by the same name. If it were me, I would also create local unix groups for Domain Admins (e.g. with gid 512), Domain Users etc and then use net groupmap to map the unix gids to the Windows well known id's. net groupmap add ntgroup=Domain Admins unixgroup=512 rid=512 type=domain net groupmap add ntgroup=Domain Users unixgroup=513 rid=513 type=domain net groupmap add ntgroup=Domain Guests unixgroup=514 rid=514 type=domain net groupmap add ntgroup=Domain Computers unixgroup=515 rid=515 type=domain net groupmap add ntgroup=Domain Controllers unixgroup=516 rid=516 type=domain I would create a unix Administrator user in the Domain Admins group then use smbpasswd to create the samba Administrator account. I use Apache Directory Studio for browsing and editing ldap entries.You may find having a GUI ldap browser and editor really useful. You should be able to tell if your LDAP groups have unix gids and samba sids. This way you can get basic functionality working, then you can start troubleshooting windbind and idmap . On 01/18/2011 03:04 PM, Jon Detert wrote: Hello, I'm trying to use samba v3.3.8 on Centos 5.5 to act as a PDC, using ldap as the backend for users, groups, and computers. The ldap I'm using is Centos Directory Server v8.1. The setting is a new, never used before, installation of samba and ldap. There are no users other than what exists by default after a Centos install. The smb.conf contains what is my best guess for the desired goal. The problem at the moment (besides having to guess at what to put in smb.conf - see below) is that smbd exits about 2 minutes after I start it. Here are what I think are the relevant bits from the log.smbd: [2011/01/18 13:40:42, 2] lib/smbldap_util.c:smbldap_search_domain_info(277) smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=CHI))] [2011/01/18 13:40:42, 2] lib/smbldap.c:smbldap_open_connection(856) smbldap_open_connection: connection opened [2011/01/18 13:40:42, 3] lib/smbldap.c:smbldap_connect_system(1067) ldap_connect_system: successful connection to the LDAP server [2011/01/18 13:40:42, 4] lib/smbldap.c:smbldap_open(1143) The LDAP server is successfully connected [2011/01/18 13:41:12, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1519) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2011/01/18 13:41:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=0)) [2011/01/18 13:42:12, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2481) ldapsam_getgroup: Did not
Re: [Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
On Tuesday 18 January 2011 4:39:39 pm Alex Crow wrote: On 18/01/11 21:08, Jon Detert wrote: On Tue, Jan 18, 2011 at 2:35 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Nt- I don't use the ldapsam:editposix option myself, if I understand it correctly it means you don't have to precreate the underlying unix accounts. That is my understanding as well. I've never used it before, however. I've not tried it, I'm not even sure if it really works. Has anyone on the list used such a config in production? However, I believe you still need to do the following Create a samba Administrator account Create samba Domain Admins and Domain Users groups. Explicitly specify the uid or username for the guest user. Set ldap password for the idmap backend (net idmap secret thedomain ) the log messages tend to support this belief. You can create them yourself, but if you want an easier life, see the end of this post (smbldap-tools) smbpasswd -w sets the ldap password samba to access ldap for users and groups. But idmap needs the ldap password set as well eg. It doesn't. smbpasswd -w is sufficient. I don't understand that. There is no separate idmap process, afaik. Why can't the 'idmap' functionality get the same ldap credentials that smbd and winbindd evidently get from the smb.conf and the secrets.tdb files? net idmap secret MYDOMAIN net idmap secret alloc You do *not* need this is the you are not using explicit idmap alloc, just the default idmap range. idmap alloc is apparently not working. In any case, I tried the above, and got the same error for both command : The only currently supported backend is LDAP My smb.conf has a line expressly saying idmap backend = ldap:ldap://localhost;. Does smbd have to be running before running the 'net idmap' commands? If so, I'm screwed, cuz now that I fixed the 'out=IDmap' typo, smbd dies immediately after trying to start it. You should leave the config as is. smbd really should not die. Are you sure smbd is not still running? Did you join your own domain on the PDC (eg net rpc join -S localhost)? Ideas? Thanks, Jon I think you need to use the smbldap-tools. Once configured correctly they will prepopulate your LDAP tree for for you. There should be packages in the repos for most distros. Cheers Alex I'd underscore Alex's last comment - use smbldap-tools. A lot of tutorials have you add an smb.conf directives such as: add user script = /usr/local/sbin/smbldap-useradd -m %u If you install the tools via RPM, change those directives to read: add user script = /usr/sbin/smbldap-useradd -m %u Again, HTH. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
On Tue, Jan 18, 2011 at 3:39 PM, Alex Crow ac...@integrafin.co.uk wrote: On 18/01/11 21:08, Jon Detert wrote: On Tue, Jan 18, 2011 at 2:35 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: -- snip -- net idmap secret MYDOMAIN net idmap secret alloc You do *not* need this is the you are not using explicit idmap alloc, just the default idmap range. idmap alloc is apparently not working. I _am_ specifying ranges via 'idmap uid' and 'idmap gid'. I assume that's different than what you meant by 'default idmap range'. In any case, I tried the above, and got the same error for both command : The only currently supported backend is LDAP My smb.conf has a line expressly saying idmap backend = ldap:ldap://localhost;. Does smbd have to be running before running the 'net idmap' commands? If so, I'm screwed, cuz now that I fixed the 'out=IDmap' typo, smbd dies immediately after trying to start it. You should leave the config as is. smbd really should not die. Are you sure smbd is not still running? Did you join your own domain on the PDC (eg net rpc join -S localhost)? yes, I'm sure. 'ps -ef | grep mbd' shows just the nmbd process, not any smbd process. Also, the log.smbd ends with 'ERROR: failed to setup guest info.'. No, I did not join my own domain. Should I have? I think you need to use the smbldap-tools. Once configured correctly they will prepopulate your LDAP tree for for you. There should be packages in the repos for most distros. I'll look into that. Centos doesn't have smbldap-tools in it's official repos. I imagine that someone has made rpms, though, for centos. Thanks, Jon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID Matching
Just to clarify , by uid you mean then numerical user id? Unix uid's are different that Windows SID's - so they will never be identical. Samba has idmapping functionality to map unix id's (e.g. 123) to samba sid's (e.g S-1-5-xx-a-bbb-cc-1123) Since you already have active directory in place you probably want to do the following: - configure samba as a member server of the windows AD domain - configure unix authentication to use the samba server in place of NIS (e.g. when you log in to unix, /etc/nsswitch.conf is configured to resolve password and groups via winbind.) Samba shd allocate unix id's for your windows accounts, but unfortunately they will not end up being the same as your existing uid's. Windows Server has (at least 2003 did) Services for Unix, which should add some basic NIS functionality to Windows Server. It at least lets your Windows account store some basic unix account info. But I don't know if you can configure samba to use those. On 01/18/2011 04:44 PM, Brian D. McGrew wrote: Good afternoon... Currently my Unix and Windows UID's don't match, nowhere close to it. I use AD for the Windows side of the house from a Win2K8 Server and I still use NIS for the Unix/Linux side of the house. I don't do single sign-on yet, so everyone in the building has a Windows account and a Unix account with two different UID's, but the same username. Now, I'm at a point where I need to share a filesystem from a Samba server to Windows, but it also needs to be accessible via NFS to the Unix users at the same time. What is the best way to do this and get some cohesion between the UID's??? I was thinking I could extend AD with the Unix stuff but then stopped and realized I'd be better of asking the world than guessing, in a production environment. Thanks! -b -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
Run the following command- and make sure that that the guest account is mapping to a real unix account. #testparm -v | grep guest account On 01/18/2011 05:11 PM, Jon Detert wrote: On Tue, Jan 18, 2011 at 3:39 PM, Alex Crowac...@integrafin.co.uk wrote: On 18/01/11 21:08, Jon Detert wrote: On Tue, Jan 18, 2011 at 2:35 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: -- snip -- net idmap secret MYDOMAIN net idmap secret alloc You do *not* need this is the you are not using explicit idmap alloc, just the default idmap range. idmap alloc is apparently not working. I _am_ specifying ranges via 'idmap uid' and 'idmap gid'. I assume that's different than what you meant by 'default idmap range'. In any case, I tried the above, and got the same error for both command : The only currently supported backend is LDAP My smb.conf has a line expressly saying idmap backend = ldap:ldap://localhost;. Does smbd have to be running before running the 'net idmap' commands? If so, I'm screwed, cuz now that I fixed the 'out=IDmap' typo, smbd dies immediately after trying to start it. You should leave the config as is. smbd really should not die. Are you sure smbd is not still running? Did you join your own domain on the PDC (eg net rpc join -S localhost)? yes, I'm sure. 'ps -ef | grep mbd' shows just the nmbd process, not any smbd process. Also, the log.smbd ends with 'ERROR: failed to setup guest info.'. No, I did not join my own domain. Should I have? I think you need to use the smbldap-tools. Once configured correctly they will prepopulate your LDAP tree for for you. There should be packages in the repos for most distros. I'll look into that. Centos doesn't have smbldap-tools in it's official repos. I imagine that someone has made rpms, though, for centos. Thanks, Jon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID Matching
Samba shd allocate unix id's for your windows accounts, but unfortunately they will not end up being the same as your existing uid's. - Is there any way around this? Perhaps Windows Services for Unix? Will Samba read the Unix UID from SFU if it's installed??? I _HAVE_ to get the UID's to match. Not all my Windows users use Unix, but, ALL my Unix users use Windows --- and the Windows users also need access to all the files. Without getting the UID's to match up, I don't see how I'm going to make this work... Unless, I'm thinking shortsighted and there is other info I'm unaware of? -b -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
On Tue, Jan 18, 2011 at 4:24 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Run the following command- and make sure that that the guest account is mapping to a real unix account. #testparm -v | grep guest account it is mapping to 'nobody', which looks like this: # getent passwd nobody nobody:x:99:99:Nobody:/:/sbin/nologin # On 01/18/2011 05:11 PM, Jon Detert wrote: On Tue, Jan 18, 2011 at 3:39 PM, Alex Crowac...@integrafin.co.uk wrote: On 18/01/11 21:08, Jon Detert wrote: On Tue, Jan 18, 2011 at 2:35 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: -- snip -- net idmap secret MYDOMAIN net idmap secret alloc You do *not* need this is the you are not using explicit idmap alloc, just the default idmap range. idmap alloc is apparently not working. I _am_ specifying ranges via 'idmap uid' and 'idmap gid'. I assume that's different than what you meant by 'default idmap range'. In any case, I tried the above, and got the same error for both command : The only currently supported backend is LDAP My smb.conf has a line expressly saying idmap backend = ldap:ldap://localhost;. Does smbd have to be running before running the 'net idmap' commands? If so, I'm screwed, cuz now that I fixed the 'out=IDmap' typo, smbd dies immediately after trying to start it. You should leave the config as is. smbd really should not die. Are you sure smbd is not still running? Did you join your own domain on the PDC (eg net rpc join -S localhost)? yes, I'm sure. 'ps -ef | grep mbd' shows just the nmbd process, not any smbd process. Also, the log.smbd ends with 'ERROR: failed to setup guest info.'. No, I did not join my own domain. Should I have? I think you need to use the smbldap-tools. Once configured correctly they will prepopulate your LDAP tree for for you. There should be packages in the repos for most distros. I'll look into that. Centos doesn't have smbldap-tools in it's official repos. I imagine that someone has made rpms, though, for centos. Thanks, Jon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What version plays well with Windows 7?
Farhan, Yes I did and made the changes suggested in the registry. But I missed the version info at the top. 3.3.7 was tested. I wonder if there were any changes from 3.3.2... Ed -- On Jan 18, 2011, at 10:17 AM, Farhan Ahmad far...@thebitguru.com wrote: Hello Ed, I don't have the answer to your question, but have you also installed the hotfix listed here: http://wiki.samba.org/index.php/Windows7? (maybe that page has the official answer, i.e. 3.3+? :)) - Farhan On Tue, Jan 18, 2011 at 12:14 PM, Ed Kasky e...@esson.net wrote: I am currently running version 3.3.2 on an older Fedora machine that works just fine with XP. I am trying to get a Win7 machine to work but keep getting trust relationship errors on the final step in the configuration on the Win machine. This is the error in the logs: Jan 17 18:51:00 yoda smbd[32288]: _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client HPLAP machine account HPLAP$ Jan 17 18:51:00 yoda smbd[32288]: [2011/01/17 18:51:00, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546) I installed the reg hacks to no avail. I have read some conflicting reports as to the minimum version that works with Win 7 but what is the official answer? Is it 3.4? Thanks in advance... Ed -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UID Matching
As a disclaimer, I am not using samba as a AD member server- although I am also thinking about how I might make that happen. I am reading the man page for idmap_ad. The idmap_ad plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307/SFU schema extensions. This module implements only the idmap API, and is READONLY. Mappings must be provided in advance by the administrator by adding the posixAccount/posixGroup classes and relative attribute/value pairs to the user and group objects in the AD. So on closer reading it does suggest it will pick up the unix UID and unix GID directly from AD.I had confused this earlier with the idmap_rid backend. Are you also using autofs for your unix clients? On 01/18/2011 05:35 PM, Brian D. McGrew wrote: Samba shd allocate unix id's for your windows accounts, but unfortunately they will not end up being the same as your existing uid's. - Is there any way around this? Perhaps Windows Services for Unix? Will Samba read the Unix UID from SFU if it's installed??? I _HAVE_ to get the UID's to match. Not all my Windows users use Unix, but, ALL my Unix users use Windows --- and the Windows users also need access to all the files. Without getting the UID's to match up, I don't see how I'm going to make this work... Unless, I'm thinking shortsighted and there is other info I'm unaware of? -b -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-tools and phpldapadmin
On Mon, Jan 17, 2011 at 4:38 AM, Dimitri Yioulos dyiou...@firstbhph.com wrote: On Saturday 15 January 2011 4:26:03 pm William Brown wrote: If I enter the command smbldap-useradd -a -m -M juser -g Domain Users -G Domain Admins -G Administrators -c Joe User juser (beginning and ending parens for clarity), I do indeed create the type of user I'm trying to create. And, that user appears in the list of users in PhpLdapAdmin. However, if I create the same type of user using the PhpLdapAdmin Samba3 Account template, the user doesn't have the same attributes as the ones created via smbldap-useradd. Yes, there are schema extensions in samba's ldap admin tool that extend the posix account. You can convert an existing user iirc with that command, since the posix password hash is irrerversible. Also pay attention you MUST use the smbpasswod tool to change passwords, else the userPassword and smbPassword feilds will de-sync. I could probably create a bash script that invokes smbldap-useradd for my users to use to create accounts, but they're CLI-phobic, so I really want to get PhpLdapAdmin to do this. How can I accomplish this PhpLdapAdmin/smbldap-useradd integration? I'm really not a programmer, so messing with the PhpLdapAdmin xml files is daunting to me if, in fact, this is how it's done. I've looked through all of the config files associated with the PDC set-up, but simply don't see anything in them that would do the trick. sorry, but edit the templates. Look here http://phpldapadmin.sourceforge.net/wiki/index. php/Templates Also, create a user in ldap, and one in smb, then compare the differences. Some of the fields are autogenerated as well iirc, You can likely cheat with the value tag, to call php, that calls your smb script. Something like valuesystem(smbldap-useradd -a -m -M uid ) might do it (you will need to substitute in values like i did with uid ) If anyone has accomplished this, I would greatly appreciate your help! Thanks. Dimitri -- Thank you both for your responses. I was afraid I'd hear, sorry, but edit the templates. Now, I know the old saw about, If you give a man a fish ... , but if someone has already created such a template, and is willing to share it, I'd be extremely grateful. It's not laziness, it's lack of skill in this area. Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi guys. What I can add to this thread is that, for your safe. 1) Don't use samba 3.0.x, doesn't support windows 7, if someone came with a machine like, your are doom. Use samba 3x is ready to be use as PDC and support windows 7, windows 2008, etc. 2) The only issue is that u have to setup smbldap-tools by hand because doesn't have support for samba 3x, but is to easy, I can help u. 3) I try phpldapadmin but I prefer Mandriva MDS, is the same, ajax interface to openldap, I prefer this one is very clean and stable. I can help u setup this one to. Migrate from samba 3.0.x to samba 3.x is not a issue, you just have to upgrade samba, review your settings, maybe some are on on samba 3.0.x and off on samba3x is what I have seen in my deployments. My two cents!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] trust relation between 2 networks firewall issues!!!
Hi. I have 2 separate networks. Net-A 192.168.50.0/24 Net-B 172.16.2.0/16 I have 1 Samba PDC+LDAP on each site. I want to create a trust relation between both networks, what ports do I have to open in my fw to make this works? thanks!!! Centos 5.5 Samba 3x. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relation between 2 networks firewall issues!!!
Hi. I have 2 separate networks. Net-A 192.168.50.0/24 Net-B 172.16.2.0/16 I have 1 Samba PDC+LDAP on each site. I want to create a trust relation between both networks, what ports do I have to open in my fw to make this works? 137, 138, 139, 389. For secure LDAP 636. For modern smb 445. thanks!!! Centos 5.5 Samba 3x. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ADS OS fields with samba 3.3.2
Hi everybody, I am using samba 3.3.2 provided by Debian and I am looking for a way to populate this fields[1] during domain join against w2k3 sp3. I was reading the mailing list and I found a thread[2] from 3 years ago that speak about the problem but I can not get the solution. There is anybody who knows how to do it? Thank you in advanced. [1] operatingSystem, operatingSystemVersion, operatingSystemServicePack [2] http://lists.samba.org/archive/samba-technical/2007-March/052305.html Time is of the essence Jacobo José Peña Peña Analista Operaciones TI GGTO - GOC Gerencia Operaciones TI Centralizadas Coordinación Operaciones de Hosting - Hosting Windows Telfs.: 0212-500-1408 Para atención de solicitudes por favor contactar al Centro de Interacción Corporativo (0212-5008745) o generar caso a través de la herramienta de Gestión Remedy. Para mayor información: instructivo INS-0800 Solicitud de Servicios a la Gerencia Operaciones TI Centralizadas ubicado en http://cired.cantv.com.ve/docs/ http://cired.cantv.com.ve/docs/ Por favor emitir Agradecimientos, Sugerencias o Quejas por http://escritorio.cantv.net/Reportes/opinion.pl http://escritorio.cantv.net/Reportes/opinion.pl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Linker error (ld) when compiling samba 3.5.4
OS: AIX 6.1 TL05 SP4 Compiler: gcc Samba: 3.5.4 When compiling, I am receiving the following error: (many Duplicate symbol warnings before this) ld: 0711-224 WARNING: Duplicate symbol: talloc_increase_ref_count ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information. ld: 0711-317 ERROR: Undefined symbol: .error_message ld: 0711-317 ERROR: Undefined symbox: .create_kerberos_key_from_string_direct collect2: ld returned 8 exit status make: 1254-004 The error code from the last command is 1. I was looking through the archives and found a posting that matched my exact problem but couldn't find the response to it. The thread article was on May 12, 2010 at 11:01am. I see in the libsmb/clikrb5.c source that the function error_message isn't defined so I assumed that this should be defined in /lib/syscalls.exp but it is not. Do I need to define it in this file or am I way off base? Appreciate any help. Bob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What version plays well with Windows 7?
May be following fact help you Win 7 cannot join to Samba 3.2.11, can join to Samba 3.2.12 and 3.2.15, but a lot registry editing required. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Para meters] DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\] “LmCompatibilityLevel”=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] Update=no DisablePasswordChange=dword: MaximumPasswordAge=dword:001e RequireSignOrSeal=dword:0001 RequireStrongKey=dword:0001 SealSecureChannel=dword:0001 SignSecureChannel=dword:0001 Thanks On 1/19/11, Ed Kasky e...@esson.net wrote: Farhan, Yes I did and made the changes suggested in the registry. But I missed the version info at the top. 3.3.7 was tested. I wonder if there were any changes from 3.3.2... Ed -- On Jan 18, 2011, at 10:17 AM, Farhan Ahmad far...@thebitguru.com wrote: Hello Ed, I don't have the answer to your question, but have you also installed the hotfix listed here: http://wiki.samba.org/index.php/Windows7? (maybe that page has the official answer, i.e. 3.3+? :)) - Farhan On Tue, Jan 18, 2011 at 12:14 PM, Ed Kasky e...@esson.net wrote: I am currently running version 3.3.2 on an older Fedora machine that works just fine with XP. I am trying to get a Win7 machine to work but keep getting trust relationship errors on the final step in the configuration on the Win machine. This is the error in the logs: Jan 17 18:51:00 yoda smbd[32288]: _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client HPLAP machine account HPLAP$ Jan 17 18:51:00 yoda smbd[32288]: [2011/01/17 18:51:00, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546) I installed the reg hacks to no avail. I have read some conflicting reports as to the minimum version that works with Win 7 but what is the official answer? Is it 3.4? Thanks in advance... Ed -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxmantra.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Compiler error while building Samba 3.5.6
On Tue, Jan 18, 2011 at 04:39:01PM -0500, stan.pietkiew...@statcan.gc.ca wrote: I am trying to build Samba 3.5.6 on an HP-UX 11.11 system, and I get this error: Compiling libsmb/libsmb_thread_impl.c In file included from ./../nsswitch/winbind_nss.h:54, from ./../nsswitch/winbind_nss_config.h:49, from ./../nsswitch/winbind_client.h:1, from include/includes.h:681, from libsmb/libsmb_thread_impl.c:20: ./../nsswitch/winbind_nss_hpux.h:133: error: field '__h_errno' declared as a function I'm using gcc (4.2.3) and GNU make (3.8.2) to do this. Any ideas as to what I might do to fix this? You might try the attached patch from master. If you want this to be fixed in 3.5.7, please open a bug report at https://bugzilla.samba.org. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen nsswitch/winbind_nss_hpux.h |7 ++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/nsswitch/winbind_nss_hpux.h b/nsswitch/winbind_nss_hpux.h index 40a352d..dba70a7 100644 --- a/nsswitch/winbind_nss_hpux.h +++ b/nsswitch/winbind_nss_hpux.h @@ -130,7 +130,12 @@ typedef struct nss_XbyY_args { void *returnval; int erange; - int h_errno; + /* + * h_errno is defined as function call macro for multithreaded applications + * in HP-UX. *this* h_errno is not used in the HP-UX codepath of our nss + * modules, so let's simply rename it: + */ + int h_errno_unused; nss_status_t status; } nss_XbyY_args_t; -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What version plays well with Windows 7?
3.2.15 and up with: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Para meters] DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\] LmCompatibilityLevel=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] Update=no DisablePasswordChange=dword: MaximumPasswordAge=dword:001e RequireSignOrSeal=dword:0001 RequireStrongKey=dword:0001 SealSecureChannel=dword:0001 SignSecureChannel=dword:0001 --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Ed Kasky Gesendet: Mittwoch, 19. Januar 2011 00:33 An: Farhan Ahmad Cc: samba@lists.samba.org Betreff: Re: [Samba] What version plays well with Windows 7? Farhan, Yes I did and made the changes suggested in the registry. But I missed the version info at the top. 3.3.7 was tested. I wonder if there were any changes from 3.3.2... Ed -- On Jan 18, 2011, at 10:17 AM, Farhan Ahmad far...@thebitguru.com wrote: Hello Ed, I don't have the answer to your question, but have you also installed the hotfix listed here: http://wiki.samba.org/index.php/Windows7? (maybe that page has the official answer, i.e. 3.3+? :)) - Farhan On Tue, Jan 18, 2011 at 12:14 PM, Ed Kasky e...@esson.net wrote: I am currently running version 3.3.2 on an older Fedora machine that works just fine with XP. I am trying to get a Win7 machine to work but keep getting trust relationship errors on the final step in the configuration on the Win machine. This is the error in the logs: Jan 17 18:51:00 yoda smbd[32288]: _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client HPLAP machine account HPLAP$ Jan 17 18:51:00 yoda smbd[32288]: [2011/01/17 18:51:00, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546) I installed the reg hacks to no avail. I have read some conflicting reports as to the minimum version that works with Win 7 but what is the official answer? Is it 3.4? Thanks in advance... Ed -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a1e1f02 s4-gensec Extend python bindings for GENSEC and the associated test via 24a4b9a s4-auth Extend python bindings to allow ldb and message to be specified via 08051ae s4-pygensec Fix indentation of py_gensec_start_mech_by_name() via 489e337 s4-torture Remove unused temp dirs from the RPC-PAC test. via 4e2e5ea s4-pyldb Fix tp_basicsize for PyLdbDn via 147f075 s4-pygensec Add bindings for server_start() and update() via 969c1b5 s4-pyauth Add bindings for auth_context_create() as AuthContext() via 017fbcd s4-pyauth Use py_talloc_get_type() for greater talloc binding safety via 9b643c8 s4-gensec Don't steal the auth_context, reference it. from d5173ca pidl:wscript: don't warn about pidl gammar file changes for now http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a1e1f02efea3a6c1f419a7d93498718d46636d2b Author: Andrew Bartlett abart...@samba.org Date: Tue Jan 18 19:14:45 2011 +1100 s4-gensec Extend python bindings for GENSEC and the associated test This now tests a real GENSEC exchange, including wrap and unwrap, using GSSAPI. Therefore, it now needs to access a KDC. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104 commit 24a4b9a7387f75c6d6a922800bef9b2178747f86 Author: Andrew Bartlett abart...@samba.org Date: Tue Jan 18 19:13:19 2011 +1100 s4-auth Extend python bindings to allow ldb and message to be specified This will allow for some more tokenGroups tests in future. Andrew Bartlett commit 08051ae29e53e83844bffb67bfe8ecf1cf4dc887 Author: Andrew Bartlett abart...@samba.org Date: Mon Jan 17 16:26:21 2011 +1100 s4-pygensec Fix indentation of py_gensec_start_mech_by_name() commit 489e3372d629a56b8f6c433f99ae750d16eecc2c Author: Andrew Bartlett abart...@samba.org Date: Mon Jan 17 16:24:16 2011 +1100 s4-torture Remove unused temp dirs from the RPC-PAC test. The code previously required the creation of a messaging context, but this isn't done any more, so we don't need the tmp dir to put it in. Andrew Bartlett commit 4e2e5eafb2dfd60fcddd27efa95ff17a52311fec Author: Andrew Bartlett abart...@samba.org Date: Mon Jan 17 16:23:23 2011 +1100 s4-pyldb Fix tp_basicsize for PyLdbDn This wasn't actually causing problems before, as the structures were the same size. Andrew Bartlett commit 147f075c471d26bcf7d9e9ecafb88ff102414de4 Author: Andrew Bartlett abart...@samba.org Date: Mon Jan 17 16:23:02 2011 +1100 s4-pygensec Add bindings for server_start() and update() commit 969c1b58eb325d4741097c1f7b9a81c67b23270d Author: Andrew Bartlett abart...@samba.org Date: Mon Jan 17 16:22:31 2011 +1100 s4-pyauth Add bindings for auth_context_create() as AuthContext() commit 017fbcdd101b3e8503ce643202fdbaa6d076a995 Author: Andrew Bartlett abart...@samba.org Date: Mon Jan 17 16:21:28 2011 +1100 s4-pyauth Use py_talloc_get_type() for greater talloc binding safety This does a talloc check of the returned pointer before casting it. Andrew Bartlett commit 9b643c8c83bda42b5f8ad1d9ca0419e1e1c0e372 Author: Andrew Bartlett abart...@samba.org Date: Mon Jan 17 16:20:09 2011 +1100 s4-gensec Don't steal the auth_context, reference it. We don't want to steal this pointer away from the caller if it's been set up from python. Andrew Bartlett --- Summary of changes: source4/auth/auth.h|1 + source4/auth/gensec/gensec.c |8 +- source4/auth/gensec/pygensec.c | 345 ++-- source4/auth/ntlm/auth.c |2 +- source4/auth/pyauth.c | 141 +- source4/auth/samba_server_gensec.c | 15 +- source4/auth/wscript_build |2 +- source4/lib/ldb/pyldb.c|2 +- source4/scripting/python/samba/tests/gensec.py | 57 - source4/selftest/tests.py |2 +- source4/torture/rpc/remote_pac.c |9 - 11 files changed, 529 insertions(+), 55 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/auth.h b/source4/auth/auth.h index 33c398d..6d3dede 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -233,6 +233,7 @@ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, struct loadparm_context *lp_ctx, struct ldb_context *sam_ctx, struct auth_context **auth_ctx); +const char
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 757cfc2 release-scripts: add build-htmlman-nogit via 30e9ab1 release-scripts: add build-htmlman-git via 156c188 release-scripts: add gpl header comment to build-manpages-nogit via 9e1bc39 release-scripts: add gpl header comment to build-manpages-git via 7fe7d65 release-scripts: remove commented out line from git-version via f622ba2 packaging/RHEL-CTDB: add the smbta-util manpage via bb25419 packaging/RHEL-CTDB: add the pam_winbind.conf manpage via bf08669 packaging/RHEL-CTDB: do not use an external docs tarball but build the manpages via 5a1 packaging/RHEL-CTDB: untangle the various %doc entries to single lines via 891bff8 docs: Remove template itemizedlist/listitem from man.xsl from a1e1f02 s4-gensec Extend python bindings for GENSEC and the associated test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 757cfc296a6dcf2810a1a2e554ebd586125a91d3 Author: Michael Adam ob...@samba.org Date: Tue Jan 18 14:20:12 2011 +0100 release-scripts: add build-htmlman-nogit non-git version of a script to ease building of html version of manpages Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Tue Jan 18 15:07:09 CET 2011 on sn-devel-104 commit 30e9ab185761664311a260ac5a005a081e0e217e Author: Michael Adam ob...@samba.org Date: Tue Jan 18 14:20:12 2011 +0100 release-scripts: add build-htmlman-git git version of a script to ease building of html version of manpages commit 156c1888393d41fec0e29aa16e592424d5c79825 Author: Michael Adam ob...@samba.org Date: Tue Jan 18 14:17:15 2011 +0100 release-scripts: add gpl header comment to build-manpages-nogit commit 9e1bc39f7603880264f6a59e4c35b93800aad579 Author: Michael Adam ob...@samba.org Date: Tue Jan 18 14:18:08 2011 +0100 release-scripts: add gpl header comment to build-manpages-git commit 7fe7d656e2c9b6bc3020cda570bf39dc875fe0ce Author: Michael Adam ob...@samba.org Date: Tue Jan 18 14:17:15 2011 +0100 release-scripts: remove commented out line from git-version commit f622ba281005e23d6e134c9a16d90b5bc81fbfdd Author: Michael Adam ob...@samba.org Date: Tue Jan 18 01:06:32 2011 +0100 packaging/RHEL-CTDB: add the smbta-util manpage commit bb25419e468669a9742b0f3203c5483703ecdafa Author: Michael Adam ob...@samba.org Date: Tue Jan 18 01:06:18 2011 +0100 packaging/RHEL-CTDB: add the pam_winbind.conf manpage commit bf08669903ed39fc82d1ed9c51892b322f49d7d5 Author: Michael Adam ob...@samba.org Date: Thu Sep 9 17:56:03 2010 +0200 packaging/RHEL-CTDB: do not use an external docs tarball but build the manpages commit 5a1543f7776f7aad77efc205b5a9fc0f72f0 Author: Michael Adam ob...@samba.org Date: Thu Sep 9 17:14:20 2010 +0200 packaging/RHEL-CTDB: untangle the various %doc entries to single lines commit 891bff8747bc81bee6c0f7f564c79ffbe4b15e13 Author: Michael Adam ob...@samba.org Date: Tue Jan 18 13:00:51 2011 +0100 docs: Remove template itemizedlist/listitem from man.xsl This seems to have been basically taken from the manpages/lists.xls from the docbook-xsl stylesheets. But it references a variable list-indent that older versions of docbook-xsl (e.g. 1.69) do not provide. This makes the manpage build break on older systems. Removing the definition lets the build succeed, using the system-definition of the itemizedlist/listitem. The diff between the docbook's (version 1.75.1) definition of itemizedlist/listitem and the definition in our man.xls is this: -- with this patch -- without this patch @@ -53,5 +53,7 @@ !-- * seems to require the extra space. -- xsl:call-template name=roff-if-end/ xsl:apply-templates/ - xsl:text.RE#10;/xsl:text + xsl:if test= following-sibling::listitem +xsl:text#10;.RE#10;/xsl:text + /xsl:if /xsl:template I.e. the version of man.xsl made insertion if .RE conditional. I hope this does not break anything severely. The diff for e.g. the resulting winbindd.8 manpage is this: --- with this patch +++ witout this patch: @@ -375,7 +375,6 @@ \m[blue]\fBwinbind: rpc only\fR\m[] Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\. -.RE .SH EXAMPLE SETUP .PP To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup\. This was tested on an early Red Hat Linux box\. Cheers --- Summary of changes: docs-xml/xslt/man.xsl| 60 -- packaging/RHEL-CTDB/makerpms.sh |7
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via ee048da release-scripts: add build-htmlman-nogit via 61f1064 release-scripts: add build-htmlman-git via a9d7d79 release-scripts: add gpl header comment to build-manpages-nogit via 9284833 release-scripts: add gpl header comment to build-manpages-git via 3f10470 release-scripts: remove commented out line from git-version via 796452a packaging/RHEL-CTDB: add the smbta-util manpage via e405c40 packaging/RHEL-CTDB: add the pam_winbind.conf manpage via d4a1ec6 packaging/RHEL-CTDB: do not use an external docs tarball but build the manpages via 94d8c98 packaging/RHEL-CTDB: untangle the various %doc entries to single lines via c510a5e docs: Remove template itemizedlist/listitem from man.xsl from b561963 s3-auth: Fixed account lockout check. (cherry picked from commit ad6560564350616b2925d097460876bd56555acf) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ee048dac3e7f073727b84cbc6772e158152f1a67 Author: Michael Adam ob...@samba.org Date: Tue Jan 18 14:20:12 2011 +0100 release-scripts: add build-htmlman-nogit non-git version of a script to ease building of html version of manpages Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Tue Jan 18 15:07:09 CET 2011 on sn-devel-104 commit 61f1064ada52f21c61a8e7743cfb5c4461db0b47 Author: Michael Adam ob...@samba.org Date: Tue Jan 18 14:20:12 2011 +0100 release-scripts: add build-htmlman-git git version of a script to ease building of html version of manpages commit a9d7d79c89ef97f425aba6490161fe7de6d59903 Author: Michael Adam ob...@samba.org Date: Tue Jan 18 14:17:15 2011 +0100 release-scripts: add gpl header comment to build-manpages-nogit commit 92848330bc574948394adf5113ed4df3fa01c6a6 Author: Michael Adam ob...@samba.org Date: Tue Jan 18 14:18:08 2011 +0100 release-scripts: add gpl header comment to build-manpages-git commit 3f10470f00fc81ab0dc7cb25866854fb4072abd9 Author: Michael Adam ob...@samba.org Date: Tue Jan 18 14:17:15 2011 +0100 release-scripts: remove commented out line from git-version commit 796452aa234fcc57b1fcf5cdeca09bbdd1316403 Author: Michael Adam ob...@samba.org Date: Tue Jan 18 01:06:32 2011 +0100 packaging/RHEL-CTDB: add the smbta-util manpage commit e405c4081a874726adf76fdf97030adb71ccfce6 Author: Michael Adam ob...@samba.org Date: Tue Jan 18 01:06:18 2011 +0100 packaging/RHEL-CTDB: add the pam_winbind.conf manpage commit d4a1ec61cbea3a2381db1a06c3a76d6188a472e3 Author: Michael Adam ob...@samba.org Date: Thu Sep 9 17:56:03 2010 +0200 packaging/RHEL-CTDB: do not use an external docs tarball but build the manpages commit 94d8c98b042eeb4a8983906f600d172378baaac2 Author: Michael Adam ob...@samba.org Date: Thu Sep 9 17:14:20 2010 +0200 packaging/RHEL-CTDB: untangle the various %doc entries to single lines commit c510a5e08e4aefdf01dca5123abab6a74060682e Author: Michael Adam ob...@samba.org Date: Tue Jan 18 13:00:51 2011 +0100 docs: Remove template itemizedlist/listitem from man.xsl This seems to have been basically taken from the manpages/lists.xls from the docbook-xsl stylesheets. But it references a variable list-indent that older versions of docbook-xsl (e.g. 1.69) do not provide. This makes the manpage build break on older systems. Removing the definition lets the build succeed, using the system-definition of the itemizedlist/listitem. The diff between the docbook's (version 1.75.1) definition of itemizedlist/listitem and the definition in our man.xls is this: -- with this patch -- without this patch @@ -53,5 +53,7 @@ !-- * seems to require the extra space. -- xsl:call-template name=roff-if-end/ xsl:apply-templates/ - xsl:text.RE#10;/xsl:text + xsl:if test= following-sibling::listitem +xsl:text#10;.RE#10;/xsl:text + /xsl:if /xsl:template I.e. the version of man.xsl made insertion if .RE conditional. I hope this does not break anything severely. The diff for e.g. the resulting winbindd.8 manpage is this: --- with this patch +++ witout this patch: @@ -375,7 +375,6 @@ \m[blue]\fBwinbind: rpc only\fR\m[] Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\. -.RE .SH EXAMPLE SETUP .PP To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup\. This was tested on an early Red Hat Linux box\. Cheers --- Summary of changes: docs-xml/xslt/man.xsl| 60 --
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f6077f2 s4-tests: Added a test for correct inheritance of IO flagged ACEs. via fed9250 s4-security: Fixed incorrect inheritance of IO flagged ACES from 757cfc2 release-scripts: add build-htmlman-nogit http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f6077f23b773d521938539fe142cd2675c3978b3 Author: Nadezhda Ivanova nivan...@samba.org Date: Tue Jan 18 15:58:18 2011 +0200 s4-tests: Added a test for correct inheritance of IO flagged ACEs. Autobuild-User: Nadezhda Ivanova nivan...@samba.org Autobuild-Date: Tue Jan 18 15:53:46 CET 2011 on sn-devel-104 commit fed925079b988502674c48555e27e3ee9d214b4b Author: Nadezhda Ivanova nivan...@samba.org Date: Tue Jan 18 15:56:19 2011 +0200 s4-security: Fixed incorrect inheritance of IO flagged ACES They should be inherited without the IO flag unless they contain generic information. --- Summary of changes: libcli/security/create_descriptor.c |5 + source4/dsdb/tests/python/sec_descriptor.py | 18 ++ 2 files changed, 23 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/create_descriptor.c b/libcli/security/create_descriptor.c index e5fa9b8..643c98d 100644 --- a/libcli/security/create_descriptor.c +++ b/libcli/security/create_descriptor.c @@ -157,6 +157,11 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx, tmp_acl-aces[tmp_acl-num_aces] = *ace; tmp_acl-aces[tmp_acl-num_aces].flags |= SEC_ACE_FLAG_INHERITED_ACE; + /* remove IO flag from the child's ace */ + if (ace-flags SEC_ACE_FLAG_INHERIT_ONLY + !desc_ace_has_generic(tmp_ctx, ace)) { + tmp_acl-aces[tmp_acl-num_aces].flags = ~SEC_ACE_FLAG_INHERIT_ONLY; + } if (is_container (ace-flags SEC_ACE_FLAG_OBJECT_INHERIT)) tmp_acl-aces[tmp_acl-num_aces].flags |= SEC_ACE_FLAG_INHERIT_ONLY; diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py index bab0476..de71dae 100755 --- a/source4/dsdb/tests/python/sec_descriptor.py +++ b/source4/dsdb/tests/python/sec_descriptor.py @@ -1637,6 +1637,24 @@ class DaclDescriptorTests(DescriptorTests): self.assertTrue((A;ID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU) in desc_sddl) self.assertTrue((A;CIIOID;GA;;;DU) in desc_sddl) +def test_215(self): + Make sure IO flag is removed in child objects + +ou_dn = OU=test_inherit_ou_p, + self.base_dn +ou_dn1 = OU=test_inherit_ou1, + ou_dn +ou_dn5 = OU=test_inherit_ou5, + ou_dn1 +# Create inheritable-free OU +mod = D:P(A;CI;WPRPLCCCDCWDRC;;;DA) +tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) +self.ldb_admin.create_ou(ou_dn, sd=tmp_desc) +mod = D:(A;CIIO;WP;;;DU) +tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) +self.ldb_admin.create_ou(ou_dn1, sd=tmp_desc) +self.ldb_admin.create_ou(ou_dn5) +desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn5) +self.assertTrue((A;CIID;WP;;;DU) in desc_sddl) +self.assertFalse((A;CIIOID;WP;;;DU) in desc_sddl) + -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 93733e4 s4:tls_tstream: also use a dynamic buffer for the pull side via 361b4ed s4:tls_tstream: fix partial reads, so that the gnutls layer doesn't read the same data twice from f6077f2 s4-tests: Added a test for correct inheritance of IO flagged ACEs. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 93733e4e316dc7f80bbc002778914b9dc09fe6d7 Author: Stefan Metzmacher me...@samba.org Date: Tue Dec 14 15:24:22 2010 +0100 s4:tls_tstream: also use a dynamic buffer for the pull side Maybe that fixes the remaining issues with some gnutls versions. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Tue Jan 18 17:26:08 CET 2011 on sn-devel-104 commit 361b4ed016a06717682e4071aa499a52b6c29dda Author: Stefan Metzmacher me...@samba.org Date: Tue Dec 14 15:00:15 2010 +0100 s4:tls_tstream: fix partial reads, so that the gnutls layer doesn't read the same data twice metze --- Summary of changes: source4/lib/tls/tls_tstream.c | 22 ++ 1 files changed, 18 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c index e113757..c64b2ea 100644 --- a/source4/lib/tls/tls_tstream.c +++ b/source4/lib/tls/tls_tstream.c @@ -58,7 +58,7 @@ struct tstream_tls { } push; struct { - uint8_t buffer[1024]; + uint8_t *buf; struct iovec iov; struct tevent_req *subreq; } pull; @@ -293,6 +293,7 @@ static ssize_t tstream_tls_pull_function(gnutls_transport_ptr ptr, tstream_context_data(stream, struct tstream_tls); struct tevent_req *subreq; + size_t len; if (tlss-error != 0) { errno = tlss-error; @@ -305,14 +306,20 @@ static ssize_t tstream_tls_pull_function(gnutls_transport_ptr ptr, } if (tlss-pull.iov.iov_base) { + uint8_t *b; size_t n; + b = (uint8_t *)tlss-pull.iov.iov_base; + n = MIN(tlss-pull.iov.iov_len, size); - memcpy(buf, tlss-pull.iov.iov_base, n); + memcpy(buf, b, n); tlss-pull.iov.iov_len -= n; + b += n; + tlss-pull.iov.iov_base = (char *)b; if (tlss-pull.iov.iov_len == 0) { tlss-pull.iov.iov_base = NULL; + TALLOC_FREE(tlss-pull.buf); } return n; @@ -322,8 +329,15 @@ static ssize_t tstream_tls_pull_function(gnutls_transport_ptr ptr, return 0; } - tlss-pull.iov.iov_base = tlss-pull.buffer; - tlss-pull.iov.iov_len = MIN(size, sizeof(tlss-pull.buffer)); + len = MIN(size, UINT16_MAX); + + tlss-pull.buf = talloc_array(tlss, uint8_t, len); + if (tlss-pull.buf == NULL) { + return -1; + } + + tlss-pull.iov.iov_base = (char *)tlss-pull.buf; + tlss-pull.iov.iov_len = len; subreq = tstream_readv_send(tlss, tlss-current_ev, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 13c318d s4:tls_tstream: also use a dynamic buffer for the pull side via c436d7e s4:tls_tstream: fix partial reads, so that the gnutls layer doesn't read the same data twice via f6861c4 s3:build: don't use librpc/gen_ndr/cli_echo.[ch] anymore via e181920 s3:torture: use dcerpc_echo_X() functions via b0f9f30 s3:rpcclient: use dcerpc_echo_X() functions from ee048da release-scripts: add build-htmlman-nogit http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 13c318d5417bdb8d807a1c4e5e845d091f387768 Author: Stefan Metzmacher me...@samba.org Date: Tue Dec 14 15:24:22 2010 +0100 s4:tls_tstream: also use a dynamic buffer for the pull side Maybe that fixes the remaining issues with some gnutls versions. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Tue Jan 18 17:26:08 CET 2011 on sn-devel-104 (cherry picked from commit 93733e4e316dc7f80bbc002778914b9dc09fe6d7) commit c436d7e9e75d4642f91f1d0a86b97dedd3cf5b4c Author: Stefan Metzmacher me...@samba.org Date: Tue Dec 14 15:00:15 2010 +0100 s4:tls_tstream: fix partial reads, so that the gnutls layer doesn't read the same data twice metze (cherry picked from commit 361b4ed016a06717682e4071aa499a52b6c29dda) commit f6861c4b0ead5259242e857c162a3168679b2707 Author: Stefan Metzmacher me...@samba.org Date: Sat Jan 15 09:17:55 2011 +0100 s3:build: don't use librpc/gen_ndr/cli_echo.[ch] anymore metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Mon Jan 17 09:34:12 CET 2011 on sn-devel-104 (cherry picked from commit 528bcedbc55e9fa9e700db74c2f7e7323c3f08c1) commit e181920573caea5b4784f7cf5e21385c2955fff8 Author: Stefan Metzmacher me...@samba.org Date: Sat Jan 15 09:15:34 2011 +0100 s3:torture: use dcerpc_echo_X() functions metze (cherry picked from commit 494e57d913ba2502b9a4bd3172228949590e0ae6) commit b0f9f30ba4057487e4241a7da4325875a7edcc64 Author: Stefan Metzmacher me...@samba.org Date: Sat Jan 15 09:14:56 2011 +0100 s3:rpcclient: use dcerpc_echo_X() functions metze (cherry picked from commit 85db5c9f8f76822999765650def55b8342ef6244) --- Summary of changes: source3/Makefile.in |3 +- source3/rpcclient/cmd_echo.c | 67 source3/torture/test_async_echo.c | 10 +++-- source3/wscript_build |8 +--- source4/lib/tls/tls_tstream.c | 22 ++-- 5 files changed, 64 insertions(+), 46 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index dd719a1..1ebc579 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -357,8 +357,7 @@ LIBCLI_DRSUAPI_OBJ = librpc/gen_ndr/ndr_drsuapi_c.o LIBCLI_DFS_OBJ = librpc/gen_ndr/ndr_dfs_c.o -LIBCLI_ECHO_OBJ = librpc/gen_ndr/cli_echo.o \ - librpc/gen_ndr/ndr_echo_c.o +LIBCLI_ECHO_OBJ = librpc/gen_ndr/ndr_echo_c.o LIBCLI_INITSHUTDOWN_OBJ = librpc/gen_ndr/ndr_initshutdown_c.o diff --git a/source3/rpcclient/cmd_echo.c b/source3/rpcclient/cmd_echo.c index cf5f9e0..78787b0 100644 --- a/source3/rpcclient/cmd_echo.c +++ b/source3/rpcclient/cmd_echo.c @@ -20,38 +20,41 @@ #include includes.h #include rpcclient.h -#include ../librpc/gen_ndr/cli_echo.h +#include ../librpc/gen_ndr/ndr_echo_c.h static NTSTATUS cmd_echo_add_one(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { + struct dcerpc_binding_handle *b = cli-binding_handle; uint32 request = 1, response; - NTSTATUS result; + NTSTATUS status; if (argc 2) { printf(Usage: %s [num]\n, argv[0]); return NT_STATUS_OK; } - if (argc == 2) + if (argc == 2) { request = atoi(argv[1]); + } - result = rpccli_echo_AddOne(cli, mem_ctx, request, response); - - if (!NT_STATUS_IS_OK(result)) + status = dcerpc_echo_AddOne(b, mem_ctx, request, response); + if (!NT_STATUS_IS_OK(status)) { goto done; + } printf(%d + 1 = %d\n, request, response); done: - return result; + return status; } static NTSTATUS cmd_echo_data(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { + struct dcerpc_binding_handle *b = cli-binding_handle; uint32 size, i; - NTSTATUS result; + NTSTATUS status; uint8_t *in_data = NULL, *out_data = NULL; if (argc != 2) { @@ -63,29 +66,30 @@ static NTSTATUS cmd_echo_data(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, if ( (in_data =
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via ec9c8d2 Fix error where Windows client spoolss returns WERR_INVALID_DATA W_ERROR(0x000D) on opening a printer. We can't return zero for devmode-size. Guenther please check ! (cherry picked from commit e78e3e396ae812ed9e5897eb2833c51c85e49b83) from 13c318d s4:tls_tstream: also use a dynamic buffer for the pull side http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ec9c8d2b8f4f5304dfb2ab2f9618a66c9107b3c6 Author: Jeremy Allison j...@samba.org Date: Tue Jan 18 14:00:44 2011 -0800 Fix error where Windows client spoolss returns WERR_INVALID_DATA W_ERROR(0x000D) on opening a printer. We can't return zero for devmode-size. Guenther please check ! (cherry picked from commit e78e3e396ae812ed9e5897eb2833c51c85e49b83) --- Summary of changes: source3/rpc_server/srv_spoolss_util.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c index a2c47b0..89cdc2d 100644 --- a/source3/rpc_server/srv_spoolss_util.c +++ b/source3/rpc_server/srv_spoolss_util.c @@ -2210,6 +2210,10 @@ WERROR winreg_get_printer(TALLOC_CTX *mem_ctx, } } + if (info2-devmode) { + info2-devmode-size = ndr_size_spoolss_DeviceMode(info2-devmode, 0); + } + result = winreg_get_printer_secdesc(info2, server_info, msg_ctx, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7754b75 Fix error where Windows client spoolss returns WERR_INVALID_DATA W_ERROR(0x000D) on opening a printer. We can't return zero for devmode-size. Guenther please check ! from 93733e4 s4:tls_tstream: also use a dynamic buffer for the pull side http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7754b75065c1e7bd3c0c6b2bf2f88394d3655a0e Author: Jeremy Allison j...@samba.org Date: Tue Jan 18 14:00:44 2011 -0800 Fix error where Windows client spoolss returns WERR_INVALID_DATA W_ERROR(0x000D) on opening a printer. We can't return zero for devmode-size. Guenther please check ! Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Tue Jan 18 23:45:33 CET 2011 on sn-devel-104 --- Summary of changes: source3/rpc_server/srv_spoolss_util.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c index a2c47b0..89cdc2d 100644 --- a/source3/rpc_server/srv_spoolss_util.c +++ b/source3/rpc_server/srv_spoolss_util.c @@ -2210,6 +2210,10 @@ WERROR winreg_get_printer(TALLOC_CTX *mem_ctx, } } + if (info2-devmode) { + info2-devmode-size = ndr_size_spoolss_DeviceMode(info2-devmode, 0); + } + result = winreg_get_printer_secdesc(info2, server_info, msg_ctx, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 49969e6 s3-winbind: no need to include ../librpc/gen_ndr/cli_lsa.h in winbindd/winbindd_msrpc.c. via 5efe656 s3-rpc_client: no need to include ../librpc/gen_ndr/ndr_lsa_c.h anymore. via 6feed0c s3-netlogon: no need to include ../librpc/gen_ndr/ndr_lsa_c.h anymore. via 6ed4121 s3-netlogon: no need to include ../librpc/gen_ndr/cli_samr.h anymore. via 430664d s3-net: use correct spoolss header in net rpc. via 66bc2f9 s3-net: use correct spoolss header in net_ads.c. from 7754b75 Fix error where Windows client spoolss returns WERR_INVALID_DATA W_ERROR(0x000D) on opening a printer. We can't return zero for devmode-size. Guenther please check ! http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 49969e6aeb6607620177146461e114820a4c002c Author: Günther Deschner g...@samba.org Date: Tue Jan 18 18:05:29 2011 +0100 s3-winbind: no need to include ../librpc/gen_ndr/cli_lsa.h in winbindd/winbindd_msrpc.c. Guenther Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Wed Jan 19 00:37:46 CET 2011 on sn-devel-104 commit 5efe6566a0c6fb668df81eb5e524244cff442271 Author: Günther Deschner g...@samba.org Date: Tue Jan 18 16:32:20 2011 +0100 s3-rpc_client: no need to include ../librpc/gen_ndr/ndr_lsa_c.h anymore. Guenther commit 6feed0c9d293426c05b4b1167fd01be35844be2c Author: Günther Deschner g...@samba.org Date: Tue Jan 18 16:32:05 2011 +0100 s3-netlogon: no need to include ../librpc/gen_ndr/ndr_lsa_c.h anymore. Guenther commit 6ed4121d5400598b58521807c2caa41a4422f778 Author: Günther Deschner g...@samba.org Date: Tue Jan 18 14:27:17 2011 +0100 s3-netlogon: no need to include ../librpc/gen_ndr/cli_samr.h anymore. Guenther commit 430664d7696c8265adf6ed144fdefd1e424844a1 Author: Günther Deschner g...@samba.org Date: Tue Jan 18 22:53:59 2011 +0100 s3-net: use correct spoolss header in net rpc. Guenther commit 66bc2f912712f74c646d6e619d73a8b6a1eb9478 Author: Günther Deschner g...@samba.org Date: Tue Jan 18 22:35:17 2011 +0100 s3-net: use correct spoolss header in net_ads.c. Guenther --- Summary of changes: source3/rpc_client/cli_lsarpc.c|2 +- source3/rpc_server/srv_netlog_nt.c |4 ++-- source3/utils/net_ads.c|2 +- source3/utils/net_rpc.c|2 +- source3/winbindd/winbindd_msrpc.c |1 - 5 files changed, 5 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index e4a989a..36239f5 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -23,7 +23,7 @@ */ #include includes.h -#include ../librpc/gen_ndr/cli_lsa.h +#include ../librpc/gen_ndr/ndr_lsa_c.h #include rpc_client/cli_lsarpc.h #include rpc_client/init_lsa.h #include ../libcli/security/security.h diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 487e07d..ff0f72b 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -29,8 +29,8 @@ #include ../librpc/gen_ndr/srv_netlogon.h #include ../librpc/gen_ndr/srv_samr.h #include ../librpc/gen_ndr/srv_lsa.h -#include ../librpc/gen_ndr/cli_samr.h -#include ../librpc/gen_ndr/cli_lsa.h +#include ../librpc/gen_ndr/ndr_samr_c.h +#include ../librpc/gen_ndr/ndr_lsa_c.h #include rpc_client/cli_lsarpc.h #include librpc/gen_ndr/messaging.h #include ../lib/crypto/md4.h diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index ac14184..c8b141d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -23,7 +23,7 @@ #include includes.h #include utils/net.h #include librpc/gen_ndr/ndr_krb5pac.h -#include ../librpc/gen_ndr/cli_spoolss.h +#include ../librpc/gen_ndr/ndr_spoolss.h #include nsswitch/libwbclient/wbclient.h #include ads.h #include libads/cldap.h diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 18e6b63..388ceb8 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -30,7 +30,7 @@ #include rpc_client/cli_lsarpc.h #include ../librpc/gen_ndr/ndr_netlogon_c.h #include ../librpc/gen_ndr/ndr_srvsvc_c.h -#include ../librpc/gen_ndr/cli_spoolss.h +#include ../librpc/gen_ndr/ndr_spoolss.h #include ../librpc/gen_ndr/ndr_initshutdown_c.h #include ../librpc/gen_ndr/ndr_winreg_c.h #include secrets.h diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 8b2e550..dade76a 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -28,7 +28,6 @@ #include ../librpc/gen_ndr/cli_samr.h #include rpc_client/cli_samr.h -#include ../librpc/gen_ndr/cli_lsa.h #include
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 147134d s3-winbind: no need to include ../librpc/gen_ndr/cli_lsa.h in winbindd/winbindd_msrpc.c. via aeaa567 s3-rpc_client: no need to include ../librpc/gen_ndr/ndr_lsa_c.h anymore. via 6ca2a50 s3-netlogon: no need to include ../librpc/gen_ndr/ndr_lsa_c.h anymore. via a7d51f3 s3-netlogon: no need to include ../librpc/gen_ndr/cli_samr.h anymore. via 1b496df s3-net: use correct spoolss header in net rpc. via 4ac245f s3-net: use correct spoolss header in net_ads.c. from ec9c8d2 Fix error where Windows client spoolss returns WERR_INVALID_DATA W_ERROR(0x000D) on opening a printer. We can't return zero for devmode-size. Guenther please check ! (cherry picked from commit e78e3e396ae812ed9e5897eb2833c51c85e49b83) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 147134d552ae92660ca80351afec7d91e75b5fd2 Author: Günther Deschner g...@samba.org Date: Tue Jan 18 18:05:29 2011 +0100 s3-winbind: no need to include ../librpc/gen_ndr/cli_lsa.h in winbindd/winbindd_msrpc.c. Guenther Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Wed Jan 19 00:37:46 CET 2011 on sn-devel-104 (cherry picked from commit 49969e6aeb6607620177146461e114820a4c002c) commit aeaa5679fc502a5fbb23212e0e7f910748113a48 Author: Günther Deschner g...@samba.org Date: Tue Jan 18 16:32:20 2011 +0100 s3-rpc_client: no need to include ../librpc/gen_ndr/ndr_lsa_c.h anymore. Guenther (cherry picked from commit 5efe6566a0c6fb668df81eb5e524244cff442271) commit 6ca2a508ed7e08084138b4e327bdd8f9f1b8c0cb Author: Günther Deschner g...@samba.org Date: Tue Jan 18 16:32:05 2011 +0100 s3-netlogon: no need to include ../librpc/gen_ndr/ndr_lsa_c.h anymore. Guenther (cherry picked from commit 6feed0c9d293426c05b4b1167fd01be35844be2c) commit a7d51f36f18cffcf950a4ebdb600879e9ff99dae Author: Günther Deschner g...@samba.org Date: Tue Jan 18 14:27:17 2011 +0100 s3-netlogon: no need to include ../librpc/gen_ndr/cli_samr.h anymore. Guenther (cherry picked from commit 6ed4121d5400598b58521807c2caa41a4422f778) commit 1b496df812b19a2fab27f1e45d259748053c04ec Author: Günther Deschner g...@samba.org Date: Tue Jan 18 22:53:59 2011 +0100 s3-net: use correct spoolss header in net rpc. Guenther (cherry picked from commit 430664d7696c8265adf6ed144fdefd1e424844a1) commit 4ac245f8256ff8bc6abb33a076def5d31c0f6aad Author: Günther Deschner g...@samba.org Date: Tue Jan 18 22:35:17 2011 +0100 s3-net: use correct spoolss header in net_ads.c. Guenther (cherry picked from commit 66bc2f912712f74c646d6e619d73a8b6a1eb9478) --- Summary of changes: source3/rpc_client/cli_lsarpc.c|2 +- source3/rpc_server/srv_netlog_nt.c |4 ++-- source3/utils/net_ads.c|2 +- source3/utils/net_rpc.c|2 +- source3/winbindd/winbindd_msrpc.c |1 - 5 files changed, 5 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index e4a989a..36239f5 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -23,7 +23,7 @@ */ #include includes.h -#include ../librpc/gen_ndr/cli_lsa.h +#include ../librpc/gen_ndr/ndr_lsa_c.h #include rpc_client/cli_lsarpc.h #include rpc_client/init_lsa.h #include ../libcli/security/security.h diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 487e07d..ff0f72b 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -29,8 +29,8 @@ #include ../librpc/gen_ndr/srv_netlogon.h #include ../librpc/gen_ndr/srv_samr.h #include ../librpc/gen_ndr/srv_lsa.h -#include ../librpc/gen_ndr/cli_samr.h -#include ../librpc/gen_ndr/cli_lsa.h +#include ../librpc/gen_ndr/ndr_samr_c.h +#include ../librpc/gen_ndr/ndr_lsa_c.h #include rpc_client/cli_lsarpc.h #include librpc/gen_ndr/messaging.h #include ../lib/crypto/md4.h diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index ac14184..c8b141d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -23,7 +23,7 @@ #include includes.h #include utils/net.h #include librpc/gen_ndr/ndr_krb5pac.h -#include ../librpc/gen_ndr/cli_spoolss.h +#include ../librpc/gen_ndr/ndr_spoolss.h #include nsswitch/libwbclient/wbclient.h #include ads.h #include libads/cldap.h diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 18e6b63..388ceb8 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -30,7 +30,7 @@ #include rpc_client/cli_lsarpc.h #include ../librpc/gen_ndr/ndr_netlogon_c.h #include ../librpc/gen_ndr/ndr_srvsvc_c.h -#include
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via bf352d2 Fix net usersidlist not to skip every other user from 147134d s3-winbind: no need to include ../librpc/gen_ndr/cli_lsa.h in winbindd/winbindd_msrpc.c. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit bf352d2e0eb2c855c686c562077ad27790b694b7 Author: Olly Betts o...@survex.com Date: Tue Jan 18 10:07:13 2011 + Fix net usersidlist not to skip every other user Remove double increment from for loop over users in get_user_tokens(), left over from when this used to be a while loop. Bug was introduced in 1e39a619. --- Summary of changes: source3/utils/net_rpc.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 388ceb8..6bebd49 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -4386,7 +4386,6 @@ static bool get_user_tokens(struct net_context *c, int *num_tokens, } get_user_sids(domain, user, (result[i].token)); - i+=1; } TALLOC_FREE(frame); wbcFreeMemory(users); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f8f1711 Fix net usersidlist not to skip every other user from 49969e6 s3-winbind: no need to include ../librpc/gen_ndr/cli_lsa.h in winbindd/winbindd_msrpc.c. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f8f1711f61d8b3befe10173081cecaa431f0c714 Author: Olly Betts o...@survex.com Date: Tue Jan 18 10:07:13 2011 + Fix net usersidlist not to skip every other user Remove double increment from for loop over users in get_user_tokens(), left over from when this used to be a while loop. Bug was introduced in 1e39a619. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Jan 19 01:34:29 CET 2011 on sn-devel-104 --- Summary of changes: source3/utils/net_rpc.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 388ceb8..6bebd49 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -4386,7 +4386,6 @@ static bool get_user_tokens(struct net_context *c, int *num_tokens, } get_user_sids(domain, user, (result[i].token)); - i+=1; } TALLOC_FREE(frame); wbcFreeMemory(users); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 6197253 Add DELETE-LN test to show bug #7863 - Unlink may unlink wrong file when hardlinks are involved (cherry picked from commit 0ab05aabc2a9d51821b2b4238b97b7e516a2e450) from bf352d2 Fix net usersidlist not to skip every other user http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 6197253ad8ca5b8bba63865156911cecb1e1907b Author: Jeremy Allison j...@samba.org Date: Tue Jan 18 16:57:25 2011 -0800 Add DELETE-LN test to show bug #7863 - Unlink may unlink wrong file when hardlinks are involved (cherry picked from commit 0ab05aabc2a9d51821b2b4238b97b7e516a2e450) --- Summary of changes: source3/torture/torture.c | 111 + 1 files changed, 111 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/torture/torture.c b/source3/torture/torture.c index ba0e6b8..9822923 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -3998,6 +3998,116 @@ static bool run_deletetest(int dummy) return correct; } +static bool run_deletetest_ln(int dummy) +{ + struct cli_state *cli; + const char *fname = \\delete1; + const char *fname_ln = \\delete1_ln; + uint16_t fnum; + uint16_t fnum1; + NTSTATUS status; + bool correct = true; + time_t t; + + printf(starting deletetest-ln\n); + + if (!torture_open_connection(cli, 0)) { + return false; + } + + cli_unlink(cli, fname, aSYSTEM | aHIDDEN); + cli_unlink(cli, fname_ln, aSYSTEM | aHIDDEN); + + cli_sockopt(cli, sockops); + + /* Create the file. */ + if (!NT_STATUS_IS_OK(cli_open(cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE, fnum))) { + printf(open of %s failed (%s)\n, fname, cli_errstr(cli)); + return false; + } + + if (!NT_STATUS_IS_OK(cli_close(cli, fnum))) { + printf(close1 failed (%s)\n, cli_errstr(cli)); + return false; + } + + /* Now create a hardlink. */ + if (!NT_STATUS_IS_OK(cli_nt_hardlink(cli, fname, fname_ln))) { + printf(nt hardlink failed (%s)\n, cli_errstr(cli)); + return false; + } + + /* Open the original file. */ + status = cli_ntcreate(cli, fname, 0, FILE_READ_DATA, + FILE_ATTRIBUTE_NORMAL, + FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, + FILE_OPEN_IF, 0, 0, fnum); + if (!NT_STATUS_IS_OK(status)) { + printf(ntcreate of %s failed (%s)\n, fname, nt_errstr(status)); + return false; + } + + /* Unlink the hard link path. */ + status = cli_ntcreate(cli, fname_ln, 0, DELETE_ACCESS, + FILE_ATTRIBUTE_NORMAL, + FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, + FILE_OPEN_IF, 0, 0, fnum1); + if (!NT_STATUS_IS_OK(status)) { + printf(ntcreate of %s failed (%s)\n, fname_ln, nt_errstr(status)); + return false; + } + status = cli_nt_delete_on_close(cli, fnum1, true); + if (!NT_STATUS_IS_OK(status)) { + d_printf((%s) failed to set delete_on_close %s: %s\n, + __location__, fname_ln, nt_errstr(status)); + return false; + } + + status = cli_close(cli, fnum1); + if (!NT_STATUS_IS_OK(status)) { + printf(close %s failed (%s)\n, + fname_ln, nt_errstr(status)); + return false; + } + + status = cli_close(cli, fnum); + if (!NT_STATUS_IS_OK(status)) { + printf(close %s failed (%s)\n, + fname, nt_errstr(status)); + return false; + } + + /* Ensure the original file is still there. */ +status = cli_getatr(cli, fname, NULL, NULL, t); +if (!NT_STATUS_IS_OK(status)) { +printf(%s getatr on file %s failed (%s)\n, + __location__, + fname, + nt_errstr(status)); +correct = False; +} + + /* Ensure the link path is gone. */ + status = cli_getatr(cli, fname_ln, NULL, NULL, t); + if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { +printf(%s, getatr for file %s returned wrong error code %s + - should have been deleted\n, + __location__, + fname_ln, nt_errstr(status)); +correct = False; +} + + cli_unlink(cli, fname, aSYSTEM | aHIDDEN); + cli_unlink(cli, fname_ln, aSYSTEM | aHIDDEN); + + if (!torture_close_connection(cli)) { +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7d8e970 waf: change private libraries to use the same soname as public libraries via bc0230b pygensec: remove special case handling for None for buffers from f8f1711 Fix net usersidlist not to skip every other user http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7d8e9706f7829feaef928424e76bd7df6e223762 Author: Andrew Tridgell tri...@samba.org Date: Wed Jan 19 11:04:05 2011 +1100 waf: change private libraries to use the same soname as public libraries See http://lists.samba.org/archive/samba-technical/2011-January/075816.html for a description of the reason behind this change Pair-Programmed-With: Andrew Bartlett abart...@samba.org Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Wed Jan 19 02:21:06 CET 2011 on sn-devel-104 commit bc0230be1d3d439fd5219a2123d4195b178870bc Author: Andrew Tridgell tri...@samba.org Date: Wed Jan 19 10:31:28 2011 +1100 pygensec: remove special case handling for None for buffers always returning a buffer makes life easier for callers Pair-Programmed-With: Andrew Bartlett abart...@samba.org --- Summary of changes: buildtools/wafsamba/samba_bundled.py | 12 ++--- source4/auth/gensec/pygensec.c | 63 +++- source4/scripting/python/samba/tests/gensec.py |2 +- 3 files changed, 34 insertions(+), 43 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_bundled.py b/buildtools/wafsamba/samba_bundled.py index 27234fb..2e3e130 100644 --- a/buildtools/wafsamba/samba_bundled.py +++ b/buildtools/wafsamba/samba_bundled.py @@ -6,13 +6,11 @@ from samba_utils import * def PRIVATE_NAME(bld, name, private_extension, private_library): '''possibly rename a library to include a bundled extension''' -if bld.env.DISABLE_SHARED or not private_extension: -return name -if name in bld.env.PRIVATE_EXTENSION_EXCEPTION and not private_library: -return name -extension = getattr(bld.env, 'PRIVATE_EXTENSION', '') -if extension: -return name + '-' + extension + +# we now use the same private name for libraries as the public name. +# see http://git.samba.org/?p=tridge/junkcode.git;a=tree;f=shlib for a +# demonstration that this is the right thing to do +# also see http://lists.samba.org/archive/samba-technical/2011-January/075816.html return name diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c index da62018..cd05bd7 100644 --- a/source4/auth/gensec/pygensec.c +++ b/source4/auth/gensec/pygensec.c @@ -349,24 +349,25 @@ static PyObject *py_gensec_have_feature(PyObject *self, PyObject *args) static PyObject *py_gensec_update(PyObject *self, PyObject *args) { NTSTATUS status; - TALLOC_CTX *mem_ctx; DATA_BLOB in, out; PyObject *ret, *py_in; struct gensec_security *security = py_talloc_get_type(self, struct gensec_security); + PyObject *finished_processing; if (!PyArg_ParseTuple(args, O, py_in)) return NULL; mem_ctx = talloc_new(NULL); - if (py_in == Py_None) { - in = data_blob_null; - } else { - in.data = (uint8_t *)PyString_AsString(py_in); - in.length = PyString_Size(py_in); + if (!PyString_Check(py_in)) { + PyErr_Format(PyExc_TypeError, expected a string); + return NULL; } + in.data = (uint8_t *)PyString_AsString(py_in); + in.length = PyString_Size(py_in); + status = gensec_update(security, mem_ctx, in, out); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) @@ -375,18 +376,16 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args) talloc_free(mem_ctx); return NULL; } - if (out.length != 0) { - ret = PyString_FromStringAndSize((const char *)out.data, out.length); - } else { - ret = Py_None; - } + ret = PyString_FromStringAndSize((const char *)out.data, out.length); talloc_free(mem_ctx); - if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) - { - return PyTuple_Pack(2, Py_False, ret); + + if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + finished_processing = Py_False; } else { - return PyTuple_Pack(2, Py_True, ret); + finished_processing = Py_True; } + + return PyTuple_Pack(2, finished_processing, ret); } static PyObject *py_gensec_wrap(PyObject *self, PyObject *args) @@ -403,12 +402,12 @@ static PyObject *py_gensec_wrap(PyObject *self, PyObject
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1b43996 Add DELETE-LN test to show bug #7863 - Unlink may unlink wrong file when hardlinks are involved from 7d8e970 waf: change private libraries to use the same soname as public libraries http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1b439960224cb97e328204cdf79654f565043679 Author: Jeremy Allison j...@samba.org Date: Tue Jan 18 16:57:25 2011 -0800 Add DELETE-LN test to show bug #7863 - Unlink may unlink wrong file when hardlinks are involved Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Jan 19 03:06:32 CET 2011 on sn-devel-104 --- Summary of changes: source3/torture/torture.c | 111 + 1 files changed, 111 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/torture/torture.c b/source3/torture/torture.c index ba0e6b8..9822923 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -3998,6 +3998,116 @@ static bool run_deletetest(int dummy) return correct; } +static bool run_deletetest_ln(int dummy) +{ + struct cli_state *cli; + const char *fname = \\delete1; + const char *fname_ln = \\delete1_ln; + uint16_t fnum; + uint16_t fnum1; + NTSTATUS status; + bool correct = true; + time_t t; + + printf(starting deletetest-ln\n); + + if (!torture_open_connection(cli, 0)) { + return false; + } + + cli_unlink(cli, fname, aSYSTEM | aHIDDEN); + cli_unlink(cli, fname_ln, aSYSTEM | aHIDDEN); + + cli_sockopt(cli, sockops); + + /* Create the file. */ + if (!NT_STATUS_IS_OK(cli_open(cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE, fnum))) { + printf(open of %s failed (%s)\n, fname, cli_errstr(cli)); + return false; + } + + if (!NT_STATUS_IS_OK(cli_close(cli, fnum))) { + printf(close1 failed (%s)\n, cli_errstr(cli)); + return false; + } + + /* Now create a hardlink. */ + if (!NT_STATUS_IS_OK(cli_nt_hardlink(cli, fname, fname_ln))) { + printf(nt hardlink failed (%s)\n, cli_errstr(cli)); + return false; + } + + /* Open the original file. */ + status = cli_ntcreate(cli, fname, 0, FILE_READ_DATA, + FILE_ATTRIBUTE_NORMAL, + FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, + FILE_OPEN_IF, 0, 0, fnum); + if (!NT_STATUS_IS_OK(status)) { + printf(ntcreate of %s failed (%s)\n, fname, nt_errstr(status)); + return false; + } + + /* Unlink the hard link path. */ + status = cli_ntcreate(cli, fname_ln, 0, DELETE_ACCESS, + FILE_ATTRIBUTE_NORMAL, + FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, + FILE_OPEN_IF, 0, 0, fnum1); + if (!NT_STATUS_IS_OK(status)) { + printf(ntcreate of %s failed (%s)\n, fname_ln, nt_errstr(status)); + return false; + } + status = cli_nt_delete_on_close(cli, fnum1, true); + if (!NT_STATUS_IS_OK(status)) { + d_printf((%s) failed to set delete_on_close %s: %s\n, + __location__, fname_ln, nt_errstr(status)); + return false; + } + + status = cli_close(cli, fnum1); + if (!NT_STATUS_IS_OK(status)) { + printf(close %s failed (%s)\n, + fname_ln, nt_errstr(status)); + return false; + } + + status = cli_close(cli, fnum); + if (!NT_STATUS_IS_OK(status)) { + printf(close %s failed (%s)\n, + fname, nt_errstr(status)); + return false; + } + + /* Ensure the original file is still there. */ +status = cli_getatr(cli, fname, NULL, NULL, t); +if (!NT_STATUS_IS_OK(status)) { +printf(%s getatr on file %s failed (%s)\n, + __location__, + fname, + nt_errstr(status)); +correct = False; +} + + /* Ensure the link path is gone. */ + status = cli_getatr(cli, fname_ln, NULL, NULL, t); + if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { +printf(%s, getatr for file %s returned wrong error code %s + - should have been deleted\n, + __location__, + fname_ln, nt_errstr(status)); +correct = False; +} + + cli_unlink(cli, fname, aSYSTEM | aHIDDEN); + cli_unlink(cli, fname_ln, aSYSTEM | aHIDDEN); + + if (!torture_close_connection(cli)) { +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7f87d58 s3: Add wbinfo --dc-info from 1b43996 Add DELETE-LN test to show bug #7863 - Unlink may unlink wrong file when hardlinks are involved http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7f87d58900c2adf4d79f4dc7859a96f1d00d819b Author: Volker Lendecke v...@samba.org Date: Mon Jan 10 17:25:00 2011 +0100 s3: Add wbinfo --dc-info wbinfo --dc-info prints the current DC name and IP address. This helps diagnosing problems that might happen when a later wbinfo --ping-dc fails. This patch started out by using the SAF and NBT cache entires, but those are relatively short-lived. So I decided to invent a new gencache entry with a very long timeout. We need to go via the gencache because when for some reason a winbind child process is stuck, we can't query it for the current DC it's connected to. This must eventually go away again when we have a fully async winbind. Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Wed Jan 19 08:40:28 CET 2011 on sn-devel-104 --- Summary of changes: nsswitch/libwbclient/wbc_util.c| 86 + nsswitch/libwbclient/wbclient.h| 15 +- nsswitch/wbinfo.c | 33 + nsswitch/winbind_struct_protocol.h |4 +- source3/winbindd/winbindd.c|1 + source3/winbindd/winbindd_cm.c | 93 source3/winbindd/winbindd_misc.c | 50 +++ source3/winbindd/winbindd_proto.h |4 ++ 8 files changed, 284 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c index e2e657a..d2783f3 100644 --- a/nsswitch/libwbclient/wbc_util.c +++ b/nsswitch/libwbclient/wbc_util.c @@ -203,6 +203,92 @@ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) return wbc_status; } +/* Get the list of current DCs */ +wbcErr wbcDcInfo(const char *domain, size_t *num_dcs, +const char ***dc_names, const char ***dc_ips) +{ + struct winbindd_request request; + struct winbindd_response response; + const char **names = NULL; + const char **ips = NULL; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + size_t extra_len; + int i; + char *p; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (domain != NULL) { + strncpy(request.domain_name, domain, + sizeof(request.domain_name) - 1); + } + + wbc_status = wbcRequestResponse(WINBINDD_DC_INFO, + request, response); + BAIL_ON_WBC_ERROR(wbc_status); + + names = wbcAllocateStringArray(response.data.num_entries); + BAIL_ON_PTR_ERROR(names, wbc_status); + + ips = wbcAllocateStringArray(response.data.num_entries); + BAIL_ON_PTR_ERROR(names, wbc_status); + + wbc_status = WBC_ERR_INVALID_RESPONSE; + + p = (char *)response.extra_data.data; + + if (response.length (sizeof(struct winbindd_response)+1)) { + goto done; + } + + extra_len = response.length - sizeof(struct winbindd_response); + + if (p[extra_len-1] != '\0') { + goto done; + } + + for (i=0; iresponse.data.num_entries; i++) { + char *q; + + q = strchr(p, '\n'); + if (q == NULL) { + goto done; + } + names[i] = strndup(p, q-p); + BAIL_ON_PTR_ERROR(names[i], wbc_status); + p = q+1; + + q = strchr(p, '\n'); + if (q == NULL) { + goto done; + } + ips[i] = strndup(p, q-p); + BAIL_ON_PTR_ERROR(ips[i], wbc_status); + p = q+1; + } + if (p[0] != '\0') { + goto done; + } + +wbc_status = WBC_ERR_SUCCESS; +done: + if (response.extra_data.data) + free(response.extra_data.data); + + if (WBC_ERROR_IS_OK(wbc_status)) { + *num_dcs = response.data.num_entries; + *dc_names = names; + names = NULL; + *dc_ips = ips; + ips = NULL; + } + wbcFreeMemory(names); + wbcFreeMemory(ips); + return wbc_status; +} /* Resolve a NetbiosName via WINS */ wbcErr wbcResolveWinsByName(const char *name, char **ip) diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index e2f9890..39670ab 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -192,7 +192,6 @@ struct wbcDomainInfo {