[Samba] join an ubuntu desktop client do samba domain, and login in
Hello, I did all the steps to build a DC, i even joined windows clients ok. Now i want to add a ubuntu desktop. Ok, i modified the Workgroup and other parameters in smb.conf, i ran the net rpc join -S DOMPDC -UAdministrator%password i got an OK messange. Now, i reboot, the login screen appears and.? i cant login with MyDomain\Myuser, nor i cant find an user management screen to add my domain users... i cant find info on that, how do i login with domain users in an ubuntu desktop? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Advice for W2K migration to samba
Hallo, I'm running a W2K AD network with about 20 clients (mostly Windows XP machines, some Ubuntu 10.04 clients). I also have a couple of samba servers (debian 5) which are joined to the domain. I need to upgrade from W2K to something which is not EOL. The AD server is also a print server for the domain. I only have about 20 user accounts, so recreating them from scratch would be not a big problem. Also, the user profiles are not stored on the server (no roaming profiles). I read samba4 is still in alpha stage (alpha14 is listed on the wiki), but in terms of functionality provided is would the best replacement for my AD server. I would be glad to hear from someone who has done the switch from W2K AD to samba3 or samba4. Also, any advice or success/failure stories in similar setups would be great. Thanks in advance. -- Marcello Romani -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] join an ubuntu desktop client do samba domain, and login in
Il 03/03/2011 09:15, fdel...@rojatex.com ha scritto: Hello, I did all the steps to build a DC, i even joined windows clients ok. Now i want to add a ubuntu desktop. Ok, i modified the Workgroup and other parameters in smb.conf, i ran the net rpc join -S DOMPDC -UAdministrator%password i got an OK messange. Now, i reboot, the login screen appears and.? i cant login with MyDomain\Myuser, nor i cant find an user management screen to add my domain users... i cant find info on that, how do i login with domain users in an ubuntu desktop? thanks Although a bit dated, I belive this might be helpful: http://www.ubuntugeek.com/how-to-add-ubuntu-804-to-win-server-2003-active-directory-domain.html It talks about Likewise-open. -- Marcello Romani -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.5.7 tries to authenticate on ADS by machine name, not username
Hi There's a lot of this all over the web but there doesn't seem to be much in the way of in-depth investigation. I have a RHEL5.3 server on which I've installed samba 3.5.7 from http://ftp.sernet.de/pub/samba/3.5/rhel/5/i386/ It's set up with identical kdc.conf and smb.conf files to a server I set up on the same network last week which is working flawlessly. I can log on to the shares as long as I use \\192.168.x.x\share but if I use \\netbiosname\share I get extended error from XP. Now the various suggestions from the web are that when you log in using the IP it authenticates using ntlmssp but using the name it authenticates using kerberos. So just to make sure, I'll check kerberos auth: /etc/samba wbinfo -K geoff.winkless Enter geoff.winkless's password: plaintext kerberos password authentication for [geoff.winkless] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 Kerberos seems fine... log.smbd suggests that the system is trying to authenticate with the client machine name as the username (wtf?). Here's the section from the log when I try to log in (domain name is replaced with , server is guava, client is -001119): [2011/03/03 08:20:09.107028, 3] smbd/oplock.c:895(init_oplocks) init_oplocks: initializing messages. [2011/03/03 08:20:09.108415, 3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2011/03/03 08:20:09.109092, 3] smbd/process.c:1485(process_smb) Transaction 0 of length 72 (0 toread) [2011/03/03 08:20:09.109241, 2] smbd/reply.c:554(reply_special) netbios connect: name1=GUAVA 0x20 name2=-001119 0x0 [2011/03/03 08:20:09.109419, 2] smbd/reply.c:565(reply_special) netbios connect: local=guava remote=-001119, name type = 0 [2011/03/03 08:20:09.09, 3] smbd/process.c:1485(process_smb) Transaction 0 of length 137 (0 toread) [2011/03/03 08:20:09.111223, 3] smbd/process.c:1294(switch_message) switch message SMBnegprot (pid 2815) conn 0x0 [2011/03/03 08:20:09.111309, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/03/03 08:20:09.111326, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2011/03/03 08:20:09.111342, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LANMAN1.0] [2011/03/03 08:20:09.111355, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2011/03/03 08:20:09.111366, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LM1.2X002] [2011/03/03 08:20:09.111376, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LANMAN2.1] [2011/03/03 08:20:09.111587, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [NT LM 0.12] [2011/03/03 08:20:09.113207, 3] smbd/negprot.c:404(reply_nt1) using SPNEGO [2011/03/03 08:20:09.113298, 3] smbd/negprot.c:691(reply_negprot) Selected protocol NT LM 0.12 [2011/03/03 08:20:09.114628, 3] smbd/process.c:1485(process_smb) Transaction 1 of length 1428 (0 toread) [2011/03/03 08:20:09.115007, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 2815) conn 0x0 [2011/03/03 08:20:09.115062, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/03/03 08:20:09.115169, 3] smbd/sesssetup.c:1436(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2011/03/03 08:20:09.115249, 2] smbd/sesssetup.c:1391(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2011/03/03 08:20:09.115314, 3] smbd/sesssetup.c:1190(reply_sesssetup_and_X_spnego) Doing spnego session setup [2011/03/03 08:20:09.115380, 3] smbd/sesssetup.c:1232(reply_sesssetup_and_X_spnego) NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2011/03/03 08:20:09.115489, 3] smbd/sesssetup.c:806(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1197 [2011/03/03 08:20:09.127334, 3] libads/authdata.c:304(decode_pac_data) Found account name from PAC: -001119$ [-001119$] [2011/03/03 08:20:09.127570, 3] smbd/sesssetup.c:338(reply_spnego_kerberos) Ticket name is [-001119$@LAN..CO.UK] [2011/03/03 08:20:09.146847, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/03/03 08:20:09.146977, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/03/03 08:20:09.147045, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/03/03 08:20:09.148006, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/03/03 08:20:09.148144, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-644159478-2111868696-1206633297-1475] [2011/03/03 08:20:09.148527, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-644159478-2111868696-1206633297-515] [2011/03/03
Re: [Samba] Migrating (vampire) from NT4 to samba 3.5.7
On 02/03/11 15:43, Veiko Kukk wrote: Also, on NT4 there is group named Domain Users, but that too does not get imported to ldap database. It's empty on linux box, getent group output gives: ... Domain Users:*:513: I investigated some more and found out that if I do net rpc group MEMBERS Domain Users, group members get listed. EKRPTEST\kasutaja1 EKRPTEST\kasutaja2 EKRPTEST\kasutaja3 EKRPTEST\kasutaja4 Then why getent group does not list members of Domain Users? -- Veiko -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating (vampire) from NT4 to samba 3.5.7
On 10:08:23 wrote Veiko Kukk: On 02/03/11 15:43, Veiko Kukk wrote: Also, on NT4 there is group named Domain Users, but that too does not get imported to ldap database. It's empty on linux box, getent group output gives: ... Domain Users:*:513: I investigated some more and found out that if I do net rpc group MEMBERS Domain Users, group members get listed. EKRPTEST\kasutaja1 EKRPTEST\kasutaja2 EKRPTEST\kasutaja3 EKRPTEST\kasutaja4 Then why getent group does not list members of Domain Users? dump the groups out of ldap :-) ldapsearch -x -LLL '(|(objectclass=posixGroup)(objectclass=sambaGroupMapping))' and you will see, that samba uses TWO DIFFERENT group definitions. It's your choice, which you will use in the future. Read Samba by Example to find your way to do it right. -- Veiko -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.5.7 tries to authenticate on ADS by machine name, not username
On 3 March 2011 08:27, Geoff Winkless sa...@geoff.dj wrote: log.smbd suggests that the system is trying to authenticate with the client machine name as the username (wtf?). Interestingly, if I force authentication with the correct username using (on the XP box) net use \\guava\$ /user:\geoff.winkless everything works fine, which suggests that XP is defaulting to sending the wrong information. Upping the debug level does confirm that XP doesn't send the username in the authentication packets. Is there some machine-trust mechanism that XP is trying to make use of that samba doesn't understand? Should samba be returning I don't understand that, what's your username?? to the XP client, rather than trying to read the machine name as a username? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba WINS issues over VPN
Openvpn should work this issue. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Mittwoch, 2. März 2011 20:44 An: Samba Betreff: [Samba] Samba WINS issues over VPN I am running Samba 3.4.8 as a PDC on Solaris 10.I recently made this the WINS master- previously the BDC (Samba 3.0.37 on another Solaris 10 server.) I also use Sonicwall ipsec VPN for remote access (Windows XP clients.) The sonicwall client creates a virtual NIC on the client so that the client can have an IP address directly on the company LAN (ie. the same LAN as the samba servers.) I can, via dhcp, assign the WINS server IP to the sonicwall clients. All ports should be open through the firewall between the sonicwall client NIC and the corporate LAN. VPN clients can map network drives to windows or samba servers over the VPN. NetBIOS broadcasts may be blocked. It appears to that WINS functionality does not work over VPN. There are two pieces of evidence: 1. No Wins.dat registration over VPN. On the WINS server, I can view look at the wins.dat file to see which machines registered with the wins server. If I connect from an XP laptop over the VPN, I do not see the machine in wins.dat. (It does get added to browse.dat.) 2. NBlookup fails over VPN. Microsoft provides a tool called nblookup for doing NetBios name lookups by querying a name server.You can optionally specify the WINS server if the client is not configured to use one, or it you want to query a different WINS server. e.g nblookup SOMEMACHINE nblookup -s IP_OF_WINS_SERVER SOMEMACHINE http://support.microsoft.com/kb/830578 If the XP laptop is connected directly to the corporate LAN, nblookup works fine. If the XP laptop is connected via VPN, then nblookup fails, even if I specify the wins server IP address. I tried this with both the current WINS server as well as the old WINS server (prior to the cutover.) I would appreciate advice. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating (vampire) from NT4 to samba 3.5.7
On 10:08:23 wrote Veiko Kukk: On 02/03/11 15:43, Veiko Kukk wrote: Also, on NT4 there is group named Domain Users, but that too does not get imported to ldap database. It's empty on linux box, getent group output gives: ... Domain Users:*:513: I investigated some more and found out that if I do net rpc group MEMBERS Domain Users, group members get listed. EKRPTEST\kasutaja1 EKRPTEST\kasutaja2 EKRPTEST\kasutaja3 EKRPTEST\kasutaja4 Then why getent group does not list members of Domain Users? dump the groups out of ldap :-) ldapsearch -x -LLL '(|(objectclass=posixGroup) (objectclass=sambaGroupMapping))' and you will see, that samba uses TWO DIFFERENT group definitions. It's your choice, which you will use in the future. Read Samba by Example to find your way to do it right. AND do remember, that both worlds (posix and windows) knows two different kind of groups: normal groups and primary groups. normal groups defines their members in the group definition. primary groups defines their members in the user definition. Also remember that Windows and samba knows and may uses nested groups, where posix have no equivalant. But modern nss implementaions knows how to handle nested groups. openldap may also support nested groups. I investigated some more and found out that if I do net rpc group MEMBERS Domain Users, group members get listed. EKRPTEST\kasutaja1 EKRPTEST\kasutaja2 EKRPTEST\kasutaja3 EKRPTEST\kasutaja4 Here, you have queried a so called primary group. Your group specialusers1 is a normal group. Check how the members are defined. Maybe you must reconfigure the PAM/NSS-system to use winbindd instead of ldap. -- Good luck Harry Jede -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use another attribute than the uid ?
2011/3/3 raphael gommeaux raphael.gomme...@gmail.com: -- Question : Anybody know how to force samba to use another attribute than the uid ? To use Samba 3.0.14a or earlier version and ldap filter parameter is the only way, I think. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Default Keyboard Layout changed to english.
Hello, it's been allmost a week since i wrote to this list and i haven't gotten a single replay yet, so i thought i'd ask, if nobody knows what the problem is or is my questrion that stupid, that there's no point in answering? UPDATE: I also discovered, that after the update, roaming profile users (xp machines) can't see/change their desktop backgrounds and if they try to open image files from desktop... the window opens and closes right away (works fine if u open picture from shared pictures but if u copy the same picture to desktop then it won't open). PS: And i haven't made any kind of changes to xp computers (besides leaving and rejoining domain after update). Also... if users (xp roaming again) add Estonian keyboard, then when they log out and in again... its set to English once more. (On normal computer i would just delete the English keyboard and add Estonian as default but i can't do that here because even if i remove english keyboard, it still remains... luckly if i have two kb-s set, then there's a icon on taskbar that allows me to switch it to Estonian... for a while anyway). With regards, Kalev 25.02.2011 10:58, Kalev Riivik kirjutas: Hello, i upgraded debian from lenny to squeeze and i managed to mess up config file or update (cuz i'm quite noob when it comes to linux). I'm gonna try to explain best to my abillity, how i got where i am right now (bear in mind that this is my first time in this list). Since smbpasswd and pdbedit had mysteriously vanished after upgrade, i did reinstall to samba (3.5.6 PDC with roaming profiles). Since i did backup of entire /etc folder i put the old smb.conf back, but what happened was that nobody was able to log in (from xp). So what i had to do, was leave and rejoin the domain with all of the computers. After that it appeared that i had to input everyone's password again. Then some people were able to log in and others were not after a bit of research i found out that those people that couldn't log in had special (estonian) characters in their name (like äöüõ or šž etc), so i added unix charset = UTF8 to the smb.conf and it seemed to work (later replaced UTF8 with ISO-8859-15 and it still worked). The problem i'm having, is that when I (or anybody else) logs into xp machine with roaming profile, the default keyboard layout is set to US and they can't change it (but that might be because of gpedit policies i set up in xp machines). When i log in with local user (to xp) then keyboard is fine. I did try to find solution on the internet, but the posts i found about this problem were without answers. Any kind of help is appriciated With regards, Kalev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba WINS issues over VPN
Thanks for the suggestion.Do you use OpenVPN- if you do then I can be fairly confident that the issue is related with Sonicwall. Ripping out and replacing my existing VPN infrastructure however is not an easy solution, The practical problem is that I have an issue with accessing sone Samba server over VPN by name. Every other samba or windows server is fine.I can't quite figure out what is wrong with the one samba server (I have another post to the forums on this) but if I could get WINS working over VPN that would probably resolve the problem. I will open up the issue with Sonicwall support. At least, in theory, it sounds like WINS should work over VPN. Thanks On 03/03/2011 05:18 AM, Daniel Müller wrote: Openvpn should work this issue. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Mittwoch, 2. März 2011 20:44 An: Samba Betreff: [Samba] Samba WINS issues over VPN I am running Samba 3.4.8 as a PDC on Solaris 10.I recently made this the WINS master- previously the BDC (Samba 3.0.37 on another Solaris 10 server.) I also use Sonicwall ipsec VPN for remote access (Windows XP clients.) The sonicwall client creates a virtual NIC on the client so that the client can have an IP address directly on the company LAN (ie. the same LAN as the samba servers.) I can, via dhcp, assign the WINS server IP to the sonicwall clients. All ports should be open through the firewall between the sonicwall client NIC and the corporate LAN. VPN clients can map network drives to windows or samba servers over the VPN. NetBIOS broadcasts may be blocked. It appears to that WINS functionality does not work over VPN. There are two pieces of evidence: 1. No Wins.dat registration over VPN. On the WINS server, I can view look at the wins.dat file to see which machines registered with the wins server. If I connect from an XP laptop over the VPN, I do not see the machine in wins.dat. (It does get added to browse.dat.) 2. NBlookup fails over VPN. Microsoft provides a tool called nblookup for doing NetBios name lookups by querying a name server.You can optionally specify the WINS server if the client is not configured to use one, or it you want to query a different WINS server. e.g nblookup SOMEMACHINE nblookup -s IP_OF_WINS_SERVER SOMEMACHINE http://support.microsoft.com/kb/830578 If the XP laptop is connected directly to the corporate LAN, nblookup works fine. If the XP laptop is connected via VPN, then nblookup fails, even if I specify the wins server IP address. I tried this with both the current WINS server as well as the old WINS server (prior to the cutover.) I would appreciate advice. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can not delete files via Samba in some cases
Hi List, my problem is the following: I use Samba 3.5 with AD password authentification and uid/gid information in local files. Everything seems to work so far, when i create files via samba the created files have correct user/group information on linux filesystem level (so i think id mapping works basicly). The only thing that does not work is deleting files which - belong to other users from the same group and - are stored in directories which belong to other users from the same group, although the file/directory permissions are correct, and the same delete operation works via rm locally. (So the behavior on samba level is like as the sticky bit on that directory is set). In other test cases create/delete operations work as expected. Any help very appreciated! Regards, Markus -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S4 and phpldapadmin
thx, administrator@REALM did the trick.
strange DN , btw.
here is the phpldapadmin-config.php i used:
-
$servers = new Datastore();
$servers-newServer('ldap_pla');
$servers-SetValue('server','name','Samba4 LDAP Server');
$servers-SetValue('server','host','ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldapi');
$servers-SetValue('login','auth_type','session');
$servers-SetValue('login','attr','dn');
---
Cheers, Collen
On Thu, 03 Mar 2011 07:54:11 +1100, Andrew Bartlett wrote:
On Wed, 2011-03-02 at 14:55 +0100, Collen Blijenberg wrote:
Hi, i found some problem with the phpldapadmin-config.php
that was created with samba4
if i try to use it, i get an:
fatal error: class 'ldapservers' not found in .. (line nr)
i can fidel with the setting and make it work better with
version 1.2.0.5 from phpldapadmin.
but after that i can only login anonymous.
using the administrator account, created during provisioning
won't work..
do i need a special DN orso ?!
I've not actually tried the phpLDAPAdmin tool in quite some time - so
it's quite possible that we no longer generate the correct syntax.
As to what to log in as, I understand you could at one time log in as
administrator@REALM, but otherwise use
cn=administrator,cn=users,dc=YOUR,dc=REALM
What changes did you make to the generated config file for it to work
for you?
Andrew Bartlett
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] root preexec script run multiple times
Hi all, In a normal situation, should I expect a [global] root preexec script to be run only ONCE per user logon? I have set some logging in my root preexec script, and have noticed that usually it will be run only once on the share IPC$. However, SOMETIMES I also see it executed on different (existing) share names, or two/three/four times in a row on the same IPC$ share. (with only a few seconds in between) Running multiple copies of the same script messes up my script. :-( So: I this normal behaviour..? This is on suse 9 enterprise, samba version 3.0.26a. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] root preexec script run multiple times
On Thu, Mar 03, 2011 at 04:17:02PM +0100, mourik jan heupink wrote: In a normal situation, should I expect a [global] root preexec script to be run only ONCE per user logon? I have set some logging in my root preexec script, and have noticed that usually it will be run only once on the share IPC$. However, SOMETIMES I also see it executed on different (existing) share names, or two/three/four times in a row on the same IPC$ share. (with only a few seconds in between) Running multiple copies of the same script messes up my script. :-( So: I this normal behaviour..? This is on suse 9 enterprise, samba version 3.0.26a. Yes, it is normal. The client is free to connect and disconnect to shares as many times as it chooses. But it should never happen that from one smbd the script is run more than once simultaneously. Regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Speed problem Ubuntu WD TV Live
Dear all, I have experiencing some speed issues recently when moving files using Samba between a linux box (Kubuntu 10.10) and a media player called WD TV Live. Both are wired to a 100 Mb network, together with a Windows 7 box. In principle I believe is not a hardware issue. When I move files between the WD TV Live and the Windows box I get speeds of around 8 MB/s. Between Kubuntu and WDTV I get less than 1 MB/s. I have tried booting from a live version of Kubuntu and still the same speed issue. However, moving files from a Knoppix live speed is fine. It seems a (K)Ubuntu problem. By default Ubuntu ships with smbclient 3.4.7. I have also installed samba4-clients, which replaced smbclient. I did purge all configuration files before updating. I believe the samba version in the WDTV is 3.5.4. I haven't seen significant differences between kubuntu and knoppix at kernel level. Any orientation would be much appreciated... i'm starting to be desperate :-). Thanks, -- Sergio Ruiz +41 76 759 9267 - Suisse -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] root preexec script run multiple times
Yes, it is normal. The client is free to connect and disconnect to shares as many times as it chooses. But it should never happen that from one smbd the script is run more than once simultaneously. Ok, thanks for clearing that up so quickly. :-) MJ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] join an ubuntu desktop client do samba domain, and login in
On Thu, 2011-03-03 at 09:25 +0100, Marcello Romani wrote: Il 03/03/2011 09:15, fdel...@rojatex.com ha scritto: Hello, I did all the steps to build a DC, i even joined windows clients ok. Now i want to add a ubuntu desktop. Ok, i modified the Workgroup and other parameters in smb.conf, i ran the net rpc join -S DOMPDC -UAdministrator%password i got an OK messange. Now, i reboot, the login screen appears and.? i cant login with MyDomain\Myuser, nor i cant find an user management screen to add my domain users... i cant find info on that, how do i login with domain users in an ubuntu desktop? thanks Although a bit dated, I belive this might be helpful: http://www.ubuntugeek.com/how-to-add-ubuntu-804-to-win-server-2003-active-directory-domain.html It talks about Likewise-open. -- Marcello Romani I was charged with this task recently, took quite a bit of time to put everything together, but I have it working. I am not clear if you are using a samba pdc or a windows pdc, I expect the ubuntu workstation set up should be close or the same for either. I use a samba pdc, and I found it necessary to refine my group permissions system using the net command to get this working (the command that brought it all together was `net sam mapunixgroup` or some such, which led to having to remap group users, which led to shares on windows workstations with domain permissions breaking, which led to several applications breaking until permissions were re-applied). In other words, this only works if all your ducks are in a row on the samba pdc. But I have a handful of ubuntu machines in a primarily XP environment connecting to a Samba pdc. The ubuntu machines will also work through an openswan vpn. This set up will allow users to log in with just their domain.name (instead of DOMAIN\domain.name), and will mount the same shares as the windows computers will do via the logon script. Here are the notes, good luck with everything: 1. sudo su 2. apt-get install winbind samba libpam-mount smbfs 3. mv /etc/hosts /etc/hosts.orig 4. vi /etc/hosts = set this file so that it contains only the following lines: 127.0.0.1 localhost TEST1 TEST1.ctfn.ca 127.0.1.1 TEST1 192.168.150.10 pdc pdc.domain.com 5. mkdir /home/DOMAIN 6. vi /etc/nsswitch.conf = modify the following 3 lines, leave the rest of the file as is: passwd: compat winbind group: compat winbind hosts: files dns wins mdns4_minimal mdns4 7. mv /etc/samba/smb.conf /etc/samba/smb.conf.orig 8. vi /etc/samba/smb.conf = copy/paste the following into this file: [global] ;Workstation Settings workgroup = DOMAIN netbios name = TEST1 server string = %h security = domain idmap backend = tdb idmap uid = 15000-2 idmap gid = 15000-2 wins server = 192.168.150.10 winbind use default domain = yes winbind enum groups = yes winbind enum users = yes password server = 192.168.150.10 template shell = /bin/bash template homedir = /home/%D/%U ;Logging log level = 2 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d 9. /etc/init.d/smbd restart 10. /etc/init.d/nmbd restart 11. /etc/init.d/winbind restart 12. net join DOMAIN = If this does not return a line stating join Domain DOMAIN was successful, stop and review, you missed something. 13. cd /etc/pam.d = Note: modifying files in this location incorrectly may result in locking you out of the machine. Boot from a live cd and copy the original files back to fix. 14. mv common-account common-account.orig 15. vi common-account = copy/paste the following into this file: account [success=2 default=ignore] pam_winbind.so account [success=1 default=ignore] pam_unix.so account requisite pam_deny.so account required pam_permit.so 16. mv common-auth common-auth.orig 17. vi common-auth = copy/paste the following into this file: auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_winbind.so use_first_pass auth requisite pam_deny.so auth optional pam_mount.so auth required pam_permit.so 18. mv common-session common-session.orig 19. vi common-session = copy/paste the following into this file: session required
Re: [Samba] Can not delete files via Samba in some cases
Would this parameter help you? dos filemode (S) The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter allows a user who has write access to the file (by whatever means, including an ACL permission) to modify the permissions (including ACL) on it. Note that a user belonging to the group owning the file will not be allowed to change permissions if the group is only granted read access. Ownership of the file/directory may also be changed. Note that using the VFS modules acl_xattr or acl_tdb which store native Windows as meta-data will automatically turn this option on for any share for which they are loaded, as they require this option to emulate Windows ACLs correctly. Default: //|dos filemode|/ = |no| / On 03/03/2011 8:37 AM, markus hansen wrote: Hi List, my problem is the following: I use Samba 3.5 with AD password authentification and uid/gid information in local files. Everything seems to work so far, when i create files via samba the created files have correct user/group information on linux filesystem level (so i think id mapping works basicly). The only thing that does not work is deleting files which - belong to other users from the same group and - are stored in directories which belong to other users from the same group, although the file/directory permissions are correct, and the same delete operation works via rm locally. (So the behavior on samba level is like as the sticky bit on that directory is set). In other test cases create/delete operations work as expected. Any help very appreciated! Regards, Markus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] pam_winbind([sshd|su|...]:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
I've been getting these in my log for some time and was wondering what I had to do to get 'pam_winbind' to 'work' with my samba 'DC'? In looking around the net, others w/this error message were having a problem with blocking login's and password changes, completely. In my case, I have the 'pam_winbind.so' module in '/etc/pam.d/common-passwd' setup with 'password sufficient', instead of 'password required', and have other modules (like pam_unix2) that can continue the authorization should pam_winbind fail. So the above error doesn't seem to prevent any valid operation from succeeding, BUT I'm wondering why I am getting the error. I.e. 1) is it a mistake for samba (or winbind, or whoever) to have configured winbind to be in the pam-authorization chain *at-all*? OR 2) Since I am trying to run my samba server as a DC (my local Win7 Workstation is joined to the domain), I *should* have this module in the stack, but somehow it isn't configured correctly (this is what I believe to be the case). In the case of 2, the errors seem to occur only on authorizations occurring on the DC (i.e. the main machine running samba in DC mode). So somehow, winbind isn't setup to correct process 'unix' validations through my samba DC. Is this type of 'unix' verification supported against a 3.5.4 Samba DC, or is this only supported for testing against a windows DC? I.e. if it is the later, then I shouldn't try to use winbind at all(?) :-(. If it is supported, any idea where I might look to see why winbind isn't supporting 'local' Samba DC validation? I could just take the route of 'disabling' any attempt at using winbind for my unix validation attempts as an 'easy way out' to get rid of these messages, but I'd prefer to fix the problem rather than bury it, **IF POSSIBLE**... So, is this a lost cause, or an arcane misconfiguration? If the latter, any idea where to look for the break? I have a feeling it has something to do with local login's having no Domain name attached to them (i.e., because they are 'local', and it not realizing that 'local' = 'Domain'... but that's a pure guess on my part... Ideas? Thanks... Linda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Debian Lenny 5.04 and DMS in Windows 2000 Native Domain + Forest with Samba 3.2.5
Hello All, I have been struggling with this for a long, long time. I came here looking for answers. So, I have a VM running Debian Lenny. I install the apt package samba, which installs 3.2.5. I work in a large university with an extensive Active Directory environment, both forest and domain running in Win2k native mode. There is a NetApp filer which houses all our admin files, scripts, and installers. Nothing really special. The computer, FILESERVER, is in the child domain of the forest, whose root domain is DOMAIN.FOREST.UNIVERSITY.TLD. The root domain is FOREST.UNIVERSITY.TLD. Now, can I mount this without joining the domain? I have tried reading the documentation, and I think this is telling me no. Use of raw SMB over TCP/IP (No NetBIOS layer) can be done only with Active Directory domains. Samba is not an Active Directory domain controller: ergo, it is not possible to run Samba as a domain controller and at the same time not use NetBIOS. Where Samba is used as an Active Directory domain member server (DMS) it is possible to configure Samba to not use NetBIOS over TCP/IP. A Samba DMS can integrate fully into an Active Directory domain, however, if NetBIOS over TCP/IP is disabled, it is necessary to manually create appropriate DNS entries for the Samba DMS because they will not be automatically generated either by Samba, or by the ADS environment. [0] So if I do not need to join this Debian VM to the domain, what is the proper config and/or command structure? I have toyed with disable netbios = yes and security = ads, but it still does now work well. When I run smbclient, I can pull up a connection just fine, browse files, and even upload. smbclient -L fileserver.domain.forest.university.tld\\PubShare0 -W DOMAIN.FOREST.UNIVERSITY.TLD -U my_ad_account However, mounting it never, ever works. It mentions NBT being disabled when getting a share list, among all the shares listed. Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$IPC Remote IPC ETC$Disk Remote Administration C$ Disk Remote Administration Data$ Disk PubShare0 Disk PubShare1 Disk PubShare2 Disk PubShare3 Disk PubShare5 Disk PubShare5 Disk Connection to fileserver.domain.forest.university.tld failed (Error NT_STATUS_CONNECTION_REFUSED) NetBIOS over TCP disabled -- no workgroup available When I mount, I envitably get an IO error. BACC-UTIL-VM:/home/me# whoami root BACC-UTIL-VM:/home/me# smbmount //fileserver.domain.forest.university.tld/PubShare0 /mnt/fileserver/pubshare0/ --verbose -o domain=DOMAIN.FOREST.UNIVERSITY.TLD,user=my_ad_account Password: mount.cifs kernel mount options: unc=//fileserver.domain.forest.university.tld\share,ip=10.XXX.XX.XX,ver=1,domain=GEORGETOWN.MEI.GEORGETOWN.EDU,user=ajs67,pass=mount error 5 = Input/output error Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) BACC-UTIL-VM:/home/me# Why is this? Will it go away if and when I join the domain? The IP address is accurate and their are proper DNS entries. None of the variations I try work. As someone clued me in on IRC, NBT is probably the culprit here, so I want to better understand the underlying principle, and then figure out the correct config for the future. Sorry for the outrageously long email, but I love my Linux and hate my Windows. This will make my transition much, much easier. Best, _AJS [0]http://samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2580798 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Debian Lenny 5.04 and DMS in Windows 2000 Native Domain + Forest with Samba 3.2.5
All, Please also excuse my inability to properly format email or scrub log data. I have serious issues today, apparently. Regards, _AJS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Debian Lenny 5.04 and DMS in Windows 2000 Native Domain +Forest with Samba 3.2.5
Hello All, I have been struggling with this for a long, long time. I came here looking for answers. So, I have a VM running Debian Lenny. I install the apt package samba, which installs 3.2.5. I work in a large university with an extensive Active Directory environment, both forest and domain running in Win2k native mode. There is a NetApp filer which houses all our admin files, scripts, and installers. Nothing really special. The computer, FILESERVER, is in the child domain of the forest, whose root domain is DOMAIN.FOREST.UNIVERSITY.TLD. The root domain is FOREST.UNIVERSITY.TLD. Now, can I mount this without joining the domain? I have tried reading the documentation, and I think this is It's quite unclear what you are trying to accomplish. What are your goals/purposes with this VM? telling me no. Use of raw SMB over TCP/IP (No NetBIOS layer) can be done only with Active Directory domains. Samba is not an Active Directory domain controller: ergo, it is not possible to run Samba as a domain controller and at the same time not use NetBIOS. Where Samba is used as an Active Directory domain member server (DMS) it is possible to configure Samba to not use NetBIOS over TCP/IP. A Samba DMS can integrate fully into an Active Directory domain, however, if NetBIOS over TCP/IP is disabled, it is necessary to manually create appropriate DNS entries for the Samba DMS because they will not be automatically generated either by Samba, or by the ADS environment. [0] So if I do not need to join this Debian VM to the domain, what is the proper config and/or command structure? I have toyed with disable netbios = yes and security = ads, but it still does now work well. When I run smbclient, I can pull up a connection just fine, browse files, and even upload. smbclient -L fileserver.domain.forest.university.tld\\PubShare0 -W DOMAIN.FOREST.UNIVERSITY.TLD -U my_ad_account However, mounting it never, ever works. It mentions NBT being disabled when getting a share list, among all the shares listed. Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$IPC Remote IPC ETC$Disk Remote Administration C$ Disk Remote Administration Data$ Disk PubShare0 Disk PubShare1 Disk PubShare2 Disk PubShare3 Disk PubShare5 Disk PubShare5 Disk Connection to fileserver.domain.forest.university.tld failed (Error NT_STATUS_CONNECTION_REFUSED) NetBIOS over TCP disabled -- no workgroup available When I mount, I envitably get an IO error. BACC-UTIL-VM:/home/me# whoami root BACC-UTIL-VM:/home/me# smbmount //fileserver.domain.forest.university.tld/PubShare0 /mnt/fileserver/pubshare0/ --verbose -o domain=DOMAIN.FOREST.UNIVERSITY.TLD,user=my_ad_account Password: mount.cifs kernel mount options: unc=//fileserver.domain.forest.university.tld\share,ip=10.XXX.XX.XX,ver=1,domain=GEORGETOWN.MEI.GEORGETOWN.EDU,user=ajs67,pass=mount error 5 = Input/output error Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) BACC-UTIL-VM:/home/me# Why is this? Will it go away if and when I join the domain? The IP address is accurate and their are proper DNS entries. None of the variations I try work. As someone clued me in on IRC, NBT is probably the culprit here, so I want to better understand the underlying principle, and then figure out the correct config for the future. Sorry for the outrageously long email, but I love my Linux and hate my Windows. This will make my transition much, much easier. Best, _AJS [0]http://samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2580798 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] pam_winbind([sshd|su|...]:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
Hi Linda, On Thu, 2011-03-03 at 11:31 -0800, Linda Walsh wrote: In my case, I have the 'pam_winbind.so' module in '/etc/pam.d/common-passwd' setup with 'password sufficient', instead of 'password required', and have other modules (like pam_unix2) that can continue the authorization should pam_winbind fail. So the above error doesn't seem to prevent any valid operation from succeeding, I am unable to speak to the error specifically, but I do have some practise with a similar kind of setup... I just recently posted how I get ubuntu machines to validate domain credentials against a samba pdc. I can say from experience that the same methodology works when applied to the pdc itself, however the configurations were slightly different. So that post might give you some guidelines to go with. In this case, I believe if you are using sufficient and that fails, then it will continue down the list till it finds one that does succeed. so the error doesn't prevent success, but it probably does prevent success with that module (ie your local unix account is working as opposed to the domain account). BUT I'm wondering why I am getting the error. I.e. 1) is it a mistake for samba (or winbind, or whoever) to have configured winbind to be in the pam-authorization chain *at-all*? OR No, if you want to log into a unix box with a domain account, I think you need to have the winbind.so config in your pam.d files on that unix box. 2) Since I am trying to run my samba server as a DC (my local Win7 Workstation is joined to the domain), I *should* have this module in the stack, but somehow it isn't configured correctly (this is what I believe to be the case). In the case of 2, the errors seem to occur only on authorizations occurring on the DC (i.e. the main machine running samba in DC mode). So somehow, winbind isn't setup to correct process 'unix' validations through my samba DC. Your pdc must have wins server enabled, your smb.conf has to define the wins server and the password server, among other things. You will basically have to configure the winbind client and the wins server in your smb.conf. commands like wbinfo -g, wbinfo -u, getent group and getent passwd need to all be working in order for authentication against the samba pdc to work. If those four commands don't produce expected results, I can all but promise that things won't work as expected. As stated with the other post, I needed to mess with the net command quite a bit to get things working. Though the windows computers were working flawlessly on the existing domain before I implemented ubuntu boxes, using winbind forced me to clean up my user/group situation. If your user/group accounts are not correctly configured, then no amount of fiddling with winbind is going to make it work. Hence my ability to tell you that you can use winbind on the pdc itself, doing so was one of the things that enabled me to narrow in on that particular problem. Is this type of 'unix' verification supported against a 3.5.4 Samba DC, or is this only supported for testing against a windows DC? I.e. if it is the later, then I shouldn't try to use winbind at all(?) :-(. If you want to log into a unix box with a windows Domain Account, you need winbind. Or another method than the one I use... If it is supported, any idea where I might look to see why winbind isn't supporting 'local' Samba DC validation? Make sure your nsswitch.conf file is configured correctly. Make sure your pdc is joined to its own domain. Make sure you can use the various switches of wbinfo to go through a user/group account backwards and forwards. I could just take the route of 'disabling' any attempt at using winbind for my unix validation attempts as an 'easy way out' to get rid of these messages, but I'd prefer to fix the problem rather than bury it, **IF POSSIBLE**... So, is this a lost cause, or an arcane misconfiguration? If the latter, any idea where to look for the break? Definitely not a lost cause, probably a regular misconfiguration as opposed to arcane. I have a feeling it has something to do with local login's having no Domain name attached to them (i.e., because they are 'local', and it not realizing that 'local' = 'Domain'... but that's a pure guess on my part... There is an smb.conf entry called use default domain or some such that prevents the requirement of DOMAIN\ in the username DOMAIN \domain.name. I personally found it much easier to not enable that until after I had everything working, because then I could tell the difference between a domain account and a local account. With it enabled, the two accounts are indistinguishable by name. After I knew domain authentication was working, I then implemented the setting to make life easier for my users... Ideas? Plenty, but that is for another mailing list... Thanks... Linda Bob Miller 334-7117/660-5315 http://computerisms.ca
[Samba] Sharing a caching NFS mount with samba?
I am trying to set up a caching link between two points, that can be shared with windows and *nix. In both locations, I have linux-based servers with data, which have caching NFS mounts (that is, mount -t nfs -o fsc, with cachefilesd). These mounts are working correctly and I have tested the cache locally to much success. What I have not been able to get working is sharing those mounts with Windows-based workstations via samba. When I access a samba share of the NFS mount, windows clients *can* correctly access the data; however, they fetch the original file from the origin server every time, apparently bypassing the NFS cache. Does anyone know how I can avoid this behavior? Thanks, -Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] pam_winbind([sshd|su|...]:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
Bob Miller wrote: ... lotsa stuff... tnx, will have to do a bit of investigation at this point Thanks for the 'encouragement' (i.e. it works for you!) Gives me something to go on ... (though may take a while to verify all the nuts bolts...). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Needs advice on using Samba on Windows 2008
Hi All, I would like to find out whether there are any special steps required when mapping shared Samba drive on Windows 2008 R2 servers. It appears that additional setup is required on Windows 2008 since earlier version of Windows did not encounter any difficulty at all. On the other hand, the success rate on Windows 2008 R2 have been limited yet I am puzzled why some work while others don't. Some can see the server while others don't. The Samba servers ( I also value input on which is the latest working version Samba that runs on Solaris 10 and where to find them? Many Thanks, Jack3.0.37) run on Sparc SunFire Solaris 10. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Advice for W2K migration to samba
On Thu, 2011-03-03 at 09:17 +0100, Marcello Romani wrote: Hallo, I'm running a W2K AD network with about 20 clients (mostly Windows XP machines, some Ubuntu 10.04 clients). I also have a couple of samba servers (debian 5) which are joined to the domain. I need to upgrade from W2K to something which is not EOL. The AD server is also a print server for the domain. I only have about 20 user accounts, so recreating them from scratch would be not a big problem. Also, the user profiles are not stored on the server (no roaming profiles). I read samba4 is still in alpha stage (alpha14 is listed on the wiki), but in terms of functionality provided is would the best replacement for my AD server. I would be glad to hear from someone who has done the switch from W2K AD to samba3 or samba4. Also, any advice or success/failure stories in similar setups would be great. Thanks in advance. This (Windows 2000 - Samba4) certainly has been made to work, multiple times. Those successful migrations that I know of were via Windows 2003 due to an odd Kerberos interop issue between Samba4 and Windows 2000. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with Windows Vista and Linux Samba share
On 2011-02-28 17:22, Per Dalgas Jakobsen wrote: Hi I've set up a Debian machine with Samba 3.5.6, acting as a stand-alone server (NAS). I have a Windows Vista client participating in a company domain, but the client should have access to the Samba (which is not on the domain). I can connect from the Windows client to the Samba server using the servers IP-address. I can immediately browse around, open and creating files and directories. Then after a minute or so, Windows cannot use or reconnect to the share anymore... I have to delete the connection net use z: /delete and then make a new connection. /etc/samba/smb.conf: --- [global] workgroup = XYZ netbios name = XYZ-NAS server string = %h server (Samba %v) log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 encrypt passwords = yes [data] comment = Our data path = /data/ browseable = yes writable = yes valid users = abc public = no --- Any suggestion as to what I am doing wrong? What I really want to achieve; is to have my own little NAS attached physically to the company network, but not in any way participating in, or disturbing that network - I do not want to anger the IT department. Only one user should get access to the NAS. I hope someone can help me out... ~Per *bump* Not a single little hint? ~Per -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use another attribute than the uid ?
On Thu, 2011-03-03 at 19:51 +0900, TAKAHASHI Motonobu wrote: 2011/3/3 raphael gommeaux raphael.gomme...@gmail.com: -- Question : Anybody know how to force samba to use another attribute than the uid ? To use Samba 3.0.14a or earlier version and ldap filter parameter is the only way, I think. Even this (and it would be insecure, and very unsupported) isn't likely to work well, we do expect the schema to match our schema. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Speed problem Ubuntu WD TV Live
I have experiencing some speed issues recently when moving files using Samba between a linux box (Kubuntu 10.10) and a media player called WD TV Live. Hi again, I'm not sure if my messages get through, as I don't receive a copy... a confirmation would be much appreciated. I have some additional information on the speed problem... Now I'm using a completely different card, the one integrated in the motherboard: nVidia Corporation MCP55 Ethernet. Speed a bit higher, but still slow (around 1.4 Mb/s). Something really weird I have found... if I send two files at the same time, I get double speed, triple if the number of files is three. So it doesn't seem like an overall bottleneck, but more at a file level. Another piece of information... I managed to boot the computer with a different linux distro (Slax) and I have the same speed problem, so it might not be a distro-related problem. I'm not sure if posting logs would help... Thanks for your help! I would loose hair with this issue if I wouldn't be bald already... -- Sergio Ruiz +41 76 759 9267 - Suisse -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
On Mon, Feb 28, 2011 at 4:35 PM, Karolin Seeger ksee...@samba.org wrote: Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. Hello dear Samba team, Could you please clarify one thing here - does that DoS/loop happen with _only_ smbd serving that malicious client, or that would crash the whole Samba service? thanks, Alexander -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use another attribute than the uid ?
Thank you for your answers. It is unfortunately what i thought. I'll try to change the configuration of my openldap and add the overlay rwm. It should allow me to map the uid attribute to another attribute. Maybe it could meet my needs. Raphaël. 2011/3/4 Andrew Bartlett abart...@samba.org On Thu, 2011-03-03 at 19:51 +0900, TAKAHASHI Motonobu wrote: 2011/3/3 raphael gommeaux raphael.gomme...@gmail.com: -- Question : Anybody know how to force samba to use another attribute than the uid ? To use Samba 3.0.14a or earlier version and ldap filter parameter is the only way, I think. Even this (and it would be insecure, and very unsupported) isn't likely to work well, we do expect the schema to match our schema. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 875d9b8 lib/util: LIBCRYPTO is in common already, so add it to
samba-util-common.
from ba77274 s3-includes: remove global include of system/readline.h.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 875d9b8098884c196dc1ec95ca70a772aece6610
Author: Günther Deschner g...@samba.org
Date: Thu Mar 3 17:02:55 2011 +0100
lib/util: LIBCRYPTO is in common already, so add it to samba-util-common.
Guenther
Autobuild-User: Günther Deschner g...@samba.org
Autobuild-Date: Thu Mar 3 18:08:30 CET 2011 on sn-devel-104
---
Summary of changes:
lib/util/wscript_build |4 ++--
source3/wscript_build |2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index 0468b74..e8883a3 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -8,7 +8,7 @@ bld.SAMBA_LIBRARY('samba-util-common',
genrand.c fsusage.c blocking.c become_daemon.c
data_blob.c signal.c system.c params.c util.c util_id.c
util_net.c
util_strlist.c idtree.c debug.c''',
- public_deps='talloc pthread',
+ public_deps='talloc pthread LIBCRYPTO',
# until we get all the dependencies in this library in common
# we need to allow this library to be built with unresolved
symbols
allow_undefined_symbols=True,
@@ -24,7 +24,7 @@ if bld.env._SAMBA_BUILD_ == 4:
ms_fnmatch.c parmlist.c substitute.c util_str.c
''',
deps='samba-util-common',
- public_deps='talloc LIBCRYPTO CHARSET execinfo
uid_wrapper',
+ public_deps='talloc CHARSET execinfo uid_wrapper',
public_headers='attr.h byteorder.h data_blob.h memory.h
safe_string.h time.h talloc_stack.h xfile.h dlinklist.h util.h',
header_path= [ ('dlinklist.h util.h', '.'), ('*',
'util') ],
local_include=False,
diff --git a/source3/wscript_build b/source3/wscript_build
index e4511da..71670e9 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -946,7 +946,7 @@ bld.SAMBA3_SUBSYSTEM('CHARSET3',
bld.SAMBA3_SUBSYSTEM('samba-util3',
source='',
-deps='talloc CHARSET3 LIBCRYPTO samba-util-common')
+deps='talloc CHARSET3 samba-util-common')
bld.SAMBA3_SUBSYSTEM('ldb3',
source='lib/ldb_compat.c')
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7b139a4 s3: Use dom_sid_string_buf in sid_to_fstring
via 7051747 Add dom_sid_string_buf
via f8a13c7 s3: Use dom_sid_string in _lsa_lookup_sids_internal
via ae28029 s3: Remove an obsolete comment
via 01da00a s3: Fix some nonempty blank lines
from 875d9b8 lib/util: LIBCRYPTO is in common already, so add it to
samba-util-common.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7b139a49dced08c4500960738bd0c06b5a57000e
Author: Volker Lendecke v...@samba.org
Date: Thu Mar 3 17:02:40 2011 +0100
s3: Use dom_sid_string_buf in sid_to_fstring
Autobuild-User: Volker Lendecke vlen...@samba.org
Autobuild-Date: Thu Mar 3 22:56:57 CET 2011 on sn-devel-104
commit 70517477f8deafc8027388d0597bbd53bd407c58
Author: Volker Lendecke v...@samba.org
Date: Thu Mar 3 16:59:39 2011 +0100
Add dom_sid_string_buf
This prints into a fixed buffer with the same overflow semantics as snprintf
has: Return required string length, regardless of whether it fit or not.
commit f8a13c7dbc9b0e2246fb52d4a4d5db3b23bd2340
Author: Volker Lendecke v...@samba.org
Date: Thu Mar 3 16:20:56 2011 +0100
s3: Use dom_sid_string in _lsa_lookup_sids_internal
commit ae28029f6788c2cbb31b2f1c9d0bf47d75bf398d
Author: Volker Lendecke v...@samba.org
Date: Thu Mar 3 15:26:12 2011 +0100
s3: Remove an obsolete comment
commit 01da00abfd8763f43ec1f155ed87df4a394c01c9
Author: Volker Lendecke v...@samba.org
Date: Thu Mar 3 12:51:57 2011 +0100
s3: Fix some nonempty blank lines
---
Summary of changes:
libcli/security/dom_sid.c | 49 ++
libcli/security/dom_sid.h |3 ++
source3/include/idmap.h |6 ++--
source3/lib/util_sid.c |4 +--
source3/passdb/lookup_sid.c |4 +--
source3/rpc_server/lsa/srv_lsa_nt.c |5 +---
6 files changed, 46 insertions(+), 25 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 217d7bb..809f20c 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -347,34 +347,59 @@ bool dom_sid_in_domain(const struct dom_sid *domain_sid,
}
/*
- convert a dom_sid to a string
+ Convert a dom_sid to a string, printing into a buffer. Return the
+ string length. If it overflows, return the string length that would
+ result (buflen needs to be +1 for the terminating 0).
*/
-char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
+int dom_sid_string_buf(const struct dom_sid *sid, char *buf, int buflen)
{
- int i, ofs, maxlen;
+ int i, ofs;
uint32_t ia;
- char *ret;
if (!sid) {
- return talloc_strdup(mem_ctx, (NULL SID));
+ strlcpy(buf, (NULL SID), buflen);
+ return 10; /* strlen((NULL SID)) */
}
- maxlen = sid-num_auths * 11 + 25;
- ret = talloc_array(mem_ctx, char, maxlen);
- if (!ret) return talloc_strdup(mem_ctx, (SID ERR));
-
ia = (sid-id_auth[5]) +
(sid-id_auth[4] 8 ) +
(sid-id_auth[3] 16) +
(sid-id_auth[2] 24);
- ofs = snprintf(ret, maxlen, S-%u-%lu,
+ ofs = snprintf(buf, buflen, S-%u-%lu,
(unsigned int)sid-sid_rev_num, (unsigned long)ia);
for (i = 0; i sid-num_auths; i++) {
- ofs += snprintf(ret + ofs, maxlen - ofs, -%lu,
+ ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), -%lu,
(unsigned long)sid-sub_auths[i]);
}
+ return ofs;
+}
- return ret;
+/*
+ convert a dom_sid to a string
+*/
+char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
+{
+ char buf[DOM_SID_STR_BUFLEN];
+ char *result;
+ int len;
+
+ len = dom_sid_string_buf(sid, buf, sizeof(buf));
+
+ if (len+1 sizeof(buf)) {
+ return talloc_strdup(mem_ctx, (SID ERR));
+ }
+
+ /*
+* Avoid calling strlen (via talloc_strdup), we already have
+* the length
+*/
+ result = (char *)talloc_memdup(mem_ctx, buf, len+1);
+
+ /*
+* beautify the talloc_report output
+*/
+ talloc_set_name_const(result, result);
+ return result;
}
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index c65471b..3493fab 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -71,6 +71,9 @@ NTSTATUS dom_sid_split_rid(TALLOC_CTX *mem_ctx, const struct
dom_sid *sid,
struct dom_sid **domain, uint32_t *rid);
bool dom_sid_in_domain(const struct dom_sid *domain_sid,
const struct dom_sid *sid);
+
+#define
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via a5d5457 socket_wrapper: use swrap_sendmsg_before()/after() in
swrap_writev()
via e831376 socket_wrapper: use swrap_sendmsg_before()/after() in
swrap_sendmsg()
via 4a736f0 socket_wrapper: use swrap_sendmsg_before()/after() in
swrap_send()
via a2db6b4 socket_wrapper: use swrap_sendmsg_before()/after() in
swrap_sendto()
via 8c6d7d7 socket_wrapper: add swrap_sendmsg_before/after helper
functions
via c9ae810 socket_wrapper: replace recvmsg() correctly
via ec028b5 socket_wrapper: readv() should only work on connected
sockets
via 7bdc3db socket_wrapper: move swrap_ioctl() above the send*/recv*
functions
via 0ad8d45 socket_wrapper: fix compiler warnings
via e3c0d66 socket_wrapper: don't allow connect() to the broadcast
address
from 7b139a4 s3: Use dom_sid_string_buf in sid_to_fstring
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit a5d54579ea949f4cd7c975c3f5d0006a9035
Author: Stefan Metzmacher me...@samba.org
Date: Sat Oct 30 16:23:49 2010 +0200
socket_wrapper: use swrap_sendmsg_before()/after() in swrap_writev()
metze
Autobuild-User: Stefan Metzmacher me...@samba.org
Autobuild-Date: Thu Mar 3 23:43:39 CET 2011 on sn-devel-104
commit e831376f914d729b9ff3f39c5841846359c712aa
Author: Stefan Metzmacher me...@samba.org
Date: Sat Oct 30 16:23:49 2010 +0200
socket_wrapper: use swrap_sendmsg_before()/after() in swrap_sendmsg()
This also adds the same logic for broadcast as in swrap_sendto()
for SOCK_DGRAM.
metze
commit 4a736f0fbe58fabf6c0a0650cbc38882cb0446ab
Author: Stefan Metzmacher me...@samba.org
Date: Sat Oct 30 16:23:49 2010 +0200
socket_wrapper: use swrap_sendmsg_before()/after() in swrap_send()
metze
commit a2db6b4dba2650c582aa4572276d96dac521a3d8
Author: Stefan Metzmacher me...@samba.org
Date: Sat Oct 30 16:23:49 2010 +0200
socket_wrapper: use swrap_sendmsg_before()/after() in swrap_sendto()
metze
commit 8c6d7d7b2797c051885e12e3cdf3da158cf4fe25
Author: Stefan Metzmacher me...@samba.org
Date: Sat Oct 30 16:08:49 2010 +0200
socket_wrapper: add swrap_sendmsg_before/after helper functions
Currently have almost the same logic in swrap_send(), swrap_sendto(),
swrap_writev() and swrap_sendmsg(), this helper functions
let combine all the logic in 2 places.
metze
commit c9ae8102099ed66c776c79e88f1a582f3e213fbc
Author: Stefan Metzmacher me...@samba.org
Date: Thu Mar 3 15:37:17 2011 +0100
socket_wrapper: replace recvmsg() correctly
metze
commit ec028b555bbca84e1f949c6632099f8407c0d695
Author: Stefan Metzmacher me...@samba.org
Date: Sat Oct 30 16:28:23 2010 +0200
socket_wrapper: readv() should only work on connected sockets
metze
commit 7bdc3db9ea53808d975b3579dcf673a0eafa
Author: Stefan Metzmacher me...@samba.org
Date: Sat Oct 30 16:19:33 2010 +0200
socket_wrapper: move swrap_ioctl() above the send*/recv* functions
metze
commit 0ad8d459c6f47a0d70c8af2b19e6585a38f34cb4
Author: Stefan Metzmacher me...@samba.org
Date: Wed Mar 2 20:46:45 2011 +0100
socket_wrapper: fix compiler warnings
metze
commit e3c0d6611087184b37399df2bf04053c60c9f043
Author: Stefan Metzmacher me...@samba.org
Date: Sat Oct 30 16:07:31 2010 +0200
socket_wrapper: don't allow connect() to the broadcast address
This will simplify other code later.
metze
---
Summary of changes:
lib/socket_wrapper/socket_wrapper.c | 655 +--
lib/socket_wrapper/socket_wrapper.h |6 +
2 files changed, 398 insertions(+), 263 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/socket_wrapper/socket_wrapper.c
b/lib/socket_wrapper/socket_wrapper.c
index 563c3a8..02cce3f 100644
--- a/lib/socket_wrapper/socket_wrapper.c
+++ b/lib/socket_wrapper/socket_wrapper.c
@@ -296,7 +296,7 @@ static int convert_un_in(const struct sockaddr_un *un,
struct sockaddr *in, sock
switch(type) {
case SOCKET_TYPE_CHAR_TCP:
case SOCKET_TYPE_CHAR_UDP: {
- struct sockaddr_in *in2 = (struct sockaddr_in *)in;
+ struct sockaddr_in *in2 = (struct sockaddr_in *)(void *)in;
if ((*len) sizeof(*in2)) {
errno = EINVAL;
@@ -314,7 +314,7 @@ static int convert_un_in(const struct sockaddr_un *un,
struct sockaddr *in, sock
#ifdef HAVE_IPV6
case SOCKET_TYPE_CHAR_TCP_V6:
case SOCKET_TYPE_CHAR_UDP_V6: {
- struct sockaddr_in6 *in2 = (struct sockaddr_in6 *)in;
+ struct sockaddr_in6 *in2 = (struct sockaddr_in6 *)(void *)in;
if ((*len) sizeof(*in2)) {
errno = EINVAL;
@@ -352,7 +352,7
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 6b3d68f s3-waf: add check for SEEKDIR_RETURNS_VOID.
via 0fb246b s3-waf: add check for HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR.
via 9167d70 libreplace: move struct timespec checks into libreplace
(where timespec is already used).
from a5d5457 socket_wrapper: use swrap_sendmsg_before()/after() in
swrap_writev()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 6b3d68fffd8c16c14b16e802d1a074ef12b3b0dc
Author: Günther Deschner g...@samba.org
Date: Thu Mar 3 22:55:09 2011 +0100
s3-waf: add check for SEEKDIR_RETURNS_VOID.
Guenther
Autobuild-User: Günther Deschner g...@samba.org
Autobuild-Date: Fri Mar 4 01:13:54 CET 2011 on sn-devel-104
commit 0fb246ba7340c58fdb419ed434f8b17a21f24953
Author: Günther Deschner g...@samba.org
Date: Thu Mar 3 22:10:40 2011 +0100
s3-waf: add check for HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR.
Guenther
commit 9167d70e77c2f4c8e6de64fbf06bd3bee23542d2
Author: Günther Deschner g...@samba.org
Date: Thu Mar 3 16:26:48 2011 +0100
libreplace: move struct timespec checks into libreplace (where timespec
is already used).
Bjoern, Metze, please check.
Guenther
---
Summary of changes:
lib/replace/libreplace.m4 | 23 +++
lib/replace/system/time.h |7 +++
lib/replace/wscript|1 +
source3/configure.in | 23 ---
source3/include/includes.h |8
source3/wscript| 13 +++--
6 files changed, 42 insertions(+), 33 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4
index 24fc5cd..808d5d1 100644
--- a/lib/replace/libreplace.m4
+++ b/lib/replace/libreplace.m4
@@ -303,6 +303,29 @@ if test x$libreplace_cv_have_clock_gettime = xyes ; then
SMB_CHECK_CLOCK_ID(CLOCK_REALTIME)
fi
+AC_CACHE_CHECK([for struct timespec type],libreplace_cv_struct_timespec, [
+AC_TRY_COMPILE([
+#include sys/types.h
+#if STDC_HEADERS
+#include stdlib.h
+#include stddef.h
+#endif
+#if TIME_WITH_SYS_TIME
+# include sys/time.h
+# include time.h
+#else
+# if HAVE_SYS_TIME_H
+# include sys/time.h
+# else
+# include time.h
+# endif
+#endif
+],[struct timespec ts;],
+ libreplace_cv_struct_timespec=yes,libreplace_cv_struct_timespec=no)])
+if test x$libreplace_cv_struct_timespec = xyes; then
+ AC_DEFINE(HAVE_STRUCT_TIMESPEC,1,[Whether we have struct timespec])
+fi
+
AC_CHECK_FUNCS([printf memset memcpy],,[AC_MSG_ERROR([Required function not
found])])
echo LIBREPLACE_BROKEN_CHECKS: END
diff --git a/lib/replace/system/time.h b/lib/replace/system/time.h
index 5fce4db..b6d2609 100644
--- a/lib/replace/system/time.h
+++ b/lib/replace/system/time.h
@@ -46,6 +46,13 @@ struct utimbuf {
};
#endif
+#ifndef HAVE_STRUCT_TIMESPEC
+struct timespec {
+ time_t tv_sec;/* Seconds. */
+ long tv_nsec; /* Nanoseconds. */
+};
+#endif
+
#ifndef HAVE_MKTIME
/* define is in replace.h */
time_t rep_mktime(struct tm *t);
diff --git a/lib/replace/wscript b/lib/replace/wscript
index d0bbe96..c24d6e7 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -219,6 +219,7 @@ def configure(conf):
'HAVE_%s' % c,
msg='Checking whether the clock_gettime clock ID %s
is available' % c)
+conf.CHECK_TYPE('struct timespec', headers='sys/time.h time.h')
# these headers need to be tested as a group on freebsd
conf.CHECK_HEADERS(headers='sys/socket.h net/if.h', together=True)
diff --git a/source3/configure.in b/source3/configure.in
index b4794f2..8d32a1b 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -951,29 +951,6 @@ if test x$samba_cv_struct_sigevent = xyes; then
[#include signal.h])
fi
-AC_CACHE_CHECK([for struct timespec type],samba_cv_struct_timespec, [
-AC_TRY_COMPILE([
-#include sys/types.h
-#if STDC_HEADERS
-#include stdlib.h
-#include stddef.h
-#endif
-#if TIME_WITH_SYS_TIME
-# include sys/time.h
-# include time.h
-#else
-# if HAVE_SYS_TIME_H
-# include sys/time.h
-# else
-# include time.h
-# endif
-#endif
-],[struct timespec ts;],
- samba_cv_struct_timespec=yes,samba_cv_struct_timespec=no)])
-if test x$samba_cv_struct_timespec = xyes; then
- AC_DEFINE(HAVE_STRUCT_TIMESPEC,1,[Whether we have struct timespec])
-fi
-
# and glibc has setresuid under linux but the function does
# nothing until kernel 2.1.44! very dumb.
AC_CACHE_CHECK([for real setresuid],samba_cv_have_setresuid,[
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 9d55c4a..d715db6 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -425,14 +425,6 @@ typedef long blksize_t;
typedef long blkcnt_t;
#endif
-#ifndef
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e63f0df s3-waf: add wildcard commands from main wscript. via ef87f97 s3-nterr: use strcasecmp in nt_status_string_to_code(). via dc35442 s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.c via 9f4b3b1 s4-nterr: some minor cosmetic edits to further match s3 nterr. via d36 s3-nterr: within nt_errstr() compare codes using NT_STATUS_V(). via 199809b nterr: make sure both nt_err_desc structs are the same. via 45710a0 nterr: make sure both nt_errs structs are the same. via 648a9fb s4-nterr: add _N macro handling as in s3-nterr. via c1089c1 s3-nterr: make nt_err_desc static const. via cb8c0e1 nterr: remove space indents (use tabs instead), following coding standards. via 2f46942 nterr: remove trailing whitespace. from 6b3d68f s3-waf: add check for SEEKDIR_RETURNS_VOID. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e63f0dfba173e9553ec2bb009b58113b4270f437 Author: Günther Deschner g...@samba.org Date: Wed Mar 2 23:13:29 2011 +0100 s3-waf: add wildcard commands from main wscript. Guenther Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Fri Mar 4 02:11:11 CET 2011 on sn-devel-104 commit ef87f970b324d20cdd1b754a3096cf47b78a490f Author: Günther Deschner g...@samba.org Date: Thu Mar 3 01:11:43 2011 +0100 s3-nterr: use strcasecmp in nt_status_string_to_code(). Guenther commit dc35442fb163c6f14cf8c5730056a4a094ead85a Author: Günther Deschner g...@samba.org Date: Thu Mar 3 01:05:33 2011 +0100 s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.c Guenther commit 9f4b3b103fea1f2b5f54bae79a86b1490ddc21eb Author: Günther Deschner g...@samba.org Date: Thu Mar 3 00:41:11 2011 +0100 s4-nterr: some minor cosmetic edits to further match s3 nterr. Guenther commit d3635282b7d22c7d5e21f525c4f24fd774b1 Author: Günther Deschner g...@samba.org Date: Thu Mar 3 00:39:44 2011 +0100 s3-nterr: within nt_errstr() compare codes using NT_STATUS_V(). This is to avoid future very special NT_STATUS_EQUAL semantics within s4. Guenther commit 199809b3cc51109aca9b8f2c4f21bd5bf69d36c5 Author: Günther Deschner g...@samba.org Date: Thu Mar 3 00:06:13 2011 +0100 nterr: make sure both nt_err_desc structs are the same. Guenther commit 45710a05c5daccc3f1b2127ce24a87850fc42e33 Author: Günther Deschner g...@samba.org Date: Wed Mar 2 23:51:56 2011 +0100 nterr: make sure both nt_errs structs are the same. Guenther commit 648a9fbc033c7949cfe01052802d314c55da6138 Author: Günther Deschner g...@samba.org Date: Wed Mar 2 23:40:58 2011 +0100 s4-nterr: add _N macro handling as in s3-nterr. Guenther commit c1089c130ba24ff71dafdea2b53df46056b49aeb Author: Günther Deschner g...@samba.org Date: Wed Mar 2 23:40:05 2011 +0100 s3-nterr: make nt_err_desc static const. Guenther commit cb8c0e177687769638ee3aef59a86c4c4a80b971 Author: Günther Deschner g...@samba.org Date: Thu Mar 3 01:16:22 2011 +0100 nterr: remove space indents (use tabs instead), following coding standards. Guenther commit 2f46942e08d1465bdbdbb88bf3ba3018dde25d61 Author: Günther Deschner g...@samba.org Date: Wed Mar 2 23:16:35 2011 +0100 nterr: remove trailing whitespace. Guenther --- Summary of changes: source3/libsmb/nterr.c | 85 +++- source3/wscript | 12 ++- source4/auth/auth.h |1 - source4/auth/gensec/gensec.h|2 +- source4/auth/ntlm/auth_util.c | 24 --- source4/ldap_server/ldap_bind.c |4 +- source4/libcli/util/nterr.c | 276 --- source4/smb_server/smb/sesssetup.c | 10 +- source4/smb_server/smb2/sesssetup.c |4 +- source4/utils/ntlm_auth.c |2 +- 10 files changed, 232 insertions(+), 188 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c index 5fa9ade..1ba2691 100644 --- a/source3/libsmb/nterr.c +++ b/source3/libsmb/nterr.c @@ -1,18 +1,18 @@ -/* +/* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Luke Kenneth Casson Leighton 1997-2001. - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of *
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3560db3 debug: fixed a valgrind error from e63f0df s3-waf: add wildcard commands from main wscript. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3560db3da3e3b25c98287701dbc6478358457495 Author: Andrew Tridgell tri...@samba.org Date: Fri Mar 4 12:23:16 2011 +1100 debug: fixed a valgrind error Thanks to Volker for spotting this one! Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Fri Mar 4 03:09:52 CET 2011 on sn-devel-104 --- Summary of changes: lib/util/debug.c |5 - 1 files changed, 4 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/debug.c b/lib/util/debug.c index d2f3d92..c7ba19e 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -255,6 +255,7 @@ int debug_add_class(const char *classname) int ndx; int *new_class_list; char **new_name_list; + int default_level; if (!classname) return -1; @@ -274,12 +275,14 @@ int debug_add_class(const char *classname) new_class_list = DEBUGLEVEL_CLASS; } + default_level = DEBUGLEVEL_CLASS[DBGC_ALL]; + new_class_list = talloc_realloc(NULL, new_class_list, int, ndx + 1); if (!new_class_list) return -1; DEBUGLEVEL_CLASS = new_class_list; - DEBUGLEVEL_CLASS[ndx] = DEBUGLEVEL_CLASS[DBGC_ALL]; + DEBUGLEVEL_CLASS[ndx] = default_level; new_name_list = talloc_realloc(NULL, classname_table, char *, ndx + 1); if (!new_name_list) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 2a5e9ef s3: Use dom_sid_string_buf in sid_to_fstring
via d640350 Add dom_sid_string_buf
via 28fdc60 s3: Use dom_sid_string in _lsa_lookup_sids_internal
via 8bd0bc2 s3: Remove an obsolete comment
via 14d9515 s3: Fix some nonempty blank lines
from 880fb9c s3: Pass the aio_force operation through vfs_gpfs
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 2a5e9efc76fbc9e608273007d5447de49b8aec7e
Author: Volker Lendecke v...@samba.org
Date: Thu Mar 3 17:02:40 2011 +0100
s3: Use dom_sid_string_buf in sid_to_fstring
Autobuild-User: Volker Lendecke vlen...@samba.org
Autobuild-Date: Thu Mar 3 22:56:57 CET 2011 on sn-devel-104
commit d64035043053707dde17d97ef082ebe9e653daea
Author: Volker Lendecke v...@samba.org
Date: Thu Mar 3 16:59:39 2011 +0100
Add dom_sid_string_buf
This prints into a fixed buffer with the same overflow semantics as snprintf
has: Return required string length, regardless of whether it fit or not.
commit 28fdc60a7f87e0bb6c93c4bfa8a7417abe6745f6
Author: Volker Lendecke v...@samba.org
Date: Thu Mar 3 16:20:56 2011 +0100
s3: Use dom_sid_string in _lsa_lookup_sids_internal
commit 8bd0bc2fa2db1e2062ec7acbb9ba30bc8c61fe88
Author: Volker Lendecke v...@samba.org
Date: Thu Mar 3 15:26:12 2011 +0100
s3: Remove an obsolete comment
commit 14d95151c9aff506dd93da7fcbc8e4e7587a19c8
Author: Volker Lendecke v...@samba.org
Date: Thu Mar 3 12:51:57 2011 +0100
s3: Fix some nonempty blank lines
---
Summary of changes:
libcli/security/dom_sid.c | 49 ++
libcli/security/dom_sid.h |3 ++
source3/include/idmap.h |6 ++--
source3/lib/util_sid.c |4 +--
source3/passdb/lookup_sid.c |4 +--
source3/rpc_server/lsa/srv_lsa_nt.c |5 +---
6 files changed, 46 insertions(+), 25 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 217d7bb..809f20c 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -347,34 +347,59 @@ bool dom_sid_in_domain(const struct dom_sid *domain_sid,
}
/*
- convert a dom_sid to a string
+ Convert a dom_sid to a string, printing into a buffer. Return the
+ string length. If it overflows, return the string length that would
+ result (buflen needs to be +1 for the terminating 0).
*/
-char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
+int dom_sid_string_buf(const struct dom_sid *sid, char *buf, int buflen)
{
- int i, ofs, maxlen;
+ int i, ofs;
uint32_t ia;
- char *ret;
if (!sid) {
- return talloc_strdup(mem_ctx, (NULL SID));
+ strlcpy(buf, (NULL SID), buflen);
+ return 10; /* strlen((NULL SID)) */
}
- maxlen = sid-num_auths * 11 + 25;
- ret = talloc_array(mem_ctx, char, maxlen);
- if (!ret) return talloc_strdup(mem_ctx, (SID ERR));
-
ia = (sid-id_auth[5]) +
(sid-id_auth[4] 8 ) +
(sid-id_auth[3] 16) +
(sid-id_auth[2] 24);
- ofs = snprintf(ret, maxlen, S-%u-%lu,
+ ofs = snprintf(buf, buflen, S-%u-%lu,
(unsigned int)sid-sid_rev_num, (unsigned long)ia);
for (i = 0; i sid-num_auths; i++) {
- ofs += snprintf(ret + ofs, maxlen - ofs, -%lu,
+ ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), -%lu,
(unsigned long)sid-sub_auths[i]);
}
+ return ofs;
+}
- return ret;
+/*
+ convert a dom_sid to a string
+*/
+char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
+{
+ char buf[DOM_SID_STR_BUFLEN];
+ char *result;
+ int len;
+
+ len = dom_sid_string_buf(sid, buf, sizeof(buf));
+
+ if (len+1 sizeof(buf)) {
+ return talloc_strdup(mem_ctx, (SID ERR));
+ }
+
+ /*
+* Avoid calling strlen (via talloc_strdup), we already have
+* the length
+*/
+ result = (char *)talloc_memdup(mem_ctx, buf, len+1);
+
+ /*
+* beautify the talloc_report output
+*/
+ talloc_set_name_const(result, result);
+ return result;
}
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index c65471b..3493fab 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -71,6 +71,9 @@ NTSTATUS dom_sid_split_rid(TALLOC_CTX *mem_ctx, const struct
dom_sid *sid,
struct dom_sid **domain, uint32_t *rid);
bool dom_sid_in_domain(const struct dom_sid *domain_sid,
const struct dom_sid *sid);
+
+#define DOM_SID_STR_BUFLEN (15*11+25)
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 1525783 socket_wrapper: use swrap_sendmsg_before()/after() in swrap_writev() via c9a0e4b socket_wrapper: use swrap_sendmsg_before()/after() in swrap_sendmsg() via 0a65c23 socket_wrapper: use swrap_sendmsg_before()/after() in swrap_send() via 684b594 socket_wrapper: use swrap_sendmsg_before()/after() in swrap_sendto() via 00e93ca socket_wrapper: add swrap_sendmsg_before/after helper functions via 4ae3d54 socket_wrapper: replace recvmsg() correctly via 4722271 socket_wrapper: readv() should only work on connected sockets via 50108fb socket_wrapper: move swrap_ioctl() above the send*/recv* functions via b0eb58c socket_wrapper: fix compiler warnings via 2e0534a socket_wrapper: don't allow connect() to the broadcast address via b1a14a2 Fix some nonempty blank lines (cherry picked from commit 78525270733a79a6e2def662d7340382cb648414) from 2a5e9ef s3: Use dom_sid_string_buf in sid_to_fstring http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 15257836ab70122823aabdb2073e96282d200eab Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 30 16:23:49 2010 +0200 socket_wrapper: use swrap_sendmsg_before()/after() in swrap_writev() metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Thu Mar 3 23:43:39 CET 2011 on sn-devel-104 (cherry picked from commit a5d54579ea949f4cd7c975c3f5d0006a9035) commit c9a0e4bfcb1e3bf226004ce27b99da712c74b233 Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 30 16:23:49 2010 +0200 socket_wrapper: use swrap_sendmsg_before()/after() in swrap_sendmsg() This also adds the same logic for broadcast as in swrap_sendto() for SOCK_DGRAM. metze (cherry picked from commit e831376f914d729b9ff3f39c5841846359c712aa) commit 0a65c2324f89b56792403de9b7df042262eccca5 Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 30 16:23:49 2010 +0200 socket_wrapper: use swrap_sendmsg_before()/after() in swrap_send() metze (cherry picked from commit 4a736f0fbe58fabf6c0a0650cbc38882cb0446ab) commit 684b594b5106353c508cda885e9d00c3c266e6d7 Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 30 16:23:49 2010 +0200 socket_wrapper: use swrap_sendmsg_before()/after() in swrap_sendto() metze (cherry picked from commit a2db6b4dba2650c582aa4572276d96dac521a3d8) commit 00e93ca79b934e4907667494e3ae7471a3b50325 Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 30 16:08:49 2010 +0200 socket_wrapper: add swrap_sendmsg_before/after helper functions Currently have almost the same logic in swrap_send(), swrap_sendto(), swrap_writev() and swrap_sendmsg(), this helper functions let combine all the logic in 2 places. metze (cherry picked from commit 8c6d7d7b2797c051885e12e3cdf3da158cf4fe25) commit 4ae3d540f46a87947d48e62838b7b6849e5c5c5b Author: Stefan Metzmacher me...@samba.org Date: Thu Mar 3 15:37:17 2011 +0100 socket_wrapper: replace recvmsg() correctly metze (cherry picked from commit c9ae8102099ed66c776c79e88f1a582f3e213fbc) commit 472227167df70ac2f77b24114b50d69527ef6fe7 Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 30 16:28:23 2010 +0200 socket_wrapper: readv() should only work on connected sockets metze (cherry picked from commit ec028b555bbca84e1f949c6632099f8407c0d695) commit 50108fb6740fd5f44b29c8dc745fffac37578cac Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 30 16:19:33 2010 +0200 socket_wrapper: move swrap_ioctl() above the send*/recv* functions metze (cherry picked from commit 7bdc3db9ea53808d975b3579dcf673a0eafa) commit b0eb58cc78068c7edc2a09c7fa5c94d04802c124 Author: Stefan Metzmacher me...@samba.org Date: Wed Mar 2 20:46:45 2011 +0100 socket_wrapper: fix compiler warnings metze (cherry picked from commit 0ad8d459c6f47a0d70c8af2b19e6585a38f34cb4) commit 2e0534a7ed886a3e29140d961e2a393856e2c3c6 Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 30 16:07:31 2010 +0200 socket_wrapper: don't allow connect() to the broadcast address This will simplify other code later. metze (cherry picked from commit e3c0d6611087184b37399df2bf04053c60c9f043) commit b1a14a2acd594a63740fbafdce7ec6e5de452edc Author: Volker Lendecke v...@samba.org Date: Sat Feb 12 12:18:16 2011 +0100 Fix some nonempty blank lines (cherry picked from commit 78525270733a79a6e2def662d7340382cb648414) Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: lib/socket_wrapper/socket_wrapper.c | 673 +-- lib/socket_wrapper/socket_wrapper.h |6 + 2 files changed,
