Re: [Samba] [SOLVED] Windows 7 client not mounting 'HOME' share.
Le 26/07/2011 20:40, Miguel Medalha a écrit : On 2011-07-26 19:31, Miguel Medalha wrote: Workstations successfully registered with the PDC, users can login, profiles are found and updated, network shares are all mounted during login (logon script = %G.bat) except for the home directory of the user. I met the same problem more than once and I found that I have to remove the corresponding entries from the LDAP database (sambaHomePath and sambaHomeDrive attributes). If these attributes are set, the user does not connect to his home service. The homedir needs to be only in smb.conf. I must add that, according to documentation, the home directory LDAP attributes need only to be set for a particular user if they differ from the general setting. Quoting from The Official Samba 3.5 HOWTO: « 11.4.4.8 LDAP Special Attributes for sambaSamAccounts The sambaSamAccount ObjectClass is composed of the attributes shown in next tables: Part A, and Part B. The majority of these parameters are only used when Samba is acting as a PDC of a domain (refer to Domain Control, for details on how to configure Samba as a PDC). The following four attributes are only stored with the sambaSamAccount entry if the values are non-default values: • sambaHomePath • sambaLogonScript • sambaProfilePath • sambaHomeDrive These attributes are only stored with the sambaSamAccount entry if the values are non-default values. For example, assume MORIA has now been configured as a PDC and that logon home = \\%L\%u was defined in its smb.conf file. When a user named ‘becky’ logs on to the domain, the logon home string is expanded to \\MORIA\becky. If the smbHome attribute exists in the entry ‘uid=becky,ou=People,dc=samba,dc=org’, this value is used. However, if this attribute does not exist, then the value of the logon home parameter is used in its place. Samba will only write the attribute value to the directory entry if the value is something other than the default (e.g., \\MOBY\becky). » I agree and this is my case. None of these parameters is present in my user's LDAP entry. Yet, my user has to mount his homedir himself. I finally found the solution : it appears that the logon home parameter should be set to the following value : logon home = \\%L\%U instead of the one I was using : logon home = \\%L\homes\%U I don't really understand why. Anybody could explain ? Thanks for your help. JC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
Am 26.07.2011 19:27, schrieb Jeremy Allison: On Tue, Jul 26, 2011 at 07:18:15PM +0200, Malte Forkel wrote: Am 26.07.2011 19:08, schrieb John Drescher: On Tue, Jul 26, 2011 at 1:04 PM, Malte Forkel malte.for...@berlin.de wrote: Am 26.07.2011 18:42, schrieb Chris Weiss: On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkel malte.for...@berlin.de wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? yes, it depends on the application. If the app closes the file and leaves the share, samba honors that. if the app keeps the file handle open, samba does too. So an application (like SciTE) might open a file, read and display its contents, and close the file while continuing to display it. And in contrast, a different application might not close the file while it is displaying its contents? Exactly. John Well, thanks to all of you for your help. In summary then, it looks to me like I won't be able to reliably detect if there is any client out there who would be disappointed if the server shuts down. Of course you will ! smbstatus does this as I keep repeating. If an application has opened and closed the file and keeps it in memory, then the user won't be disappointed if the server is shut down, they'll get an IO error on save and have to do a save as to a local (or other remote) drive. If an application keeps the file open (so it's not safely stored in memory) then smbstatus will show this and you don't shut the server down. You seem to think there's some magic option that will show you client intent, not client activity. Client activity is all you need to care about, and smbstatus show you this. Doesn't matter if applications are running or not, whether that have actual files open is all that matters. Jeremy. Well, I guess some people get disappointed more easily than others :-) I understand that users won't loose any data if the server shuts down and they save as their changes. But having to re-synchronize those files with those on the server once it is up again is something I'd like to avoid. Plus, the open files (from a user perspective) might just be an indicator that the user would like to use other capabilities of the server as well. E.g., he might do remote development of an application on the server using Eclipse on the Windows machine. If I found out that the server had shut down when I try to compile a new version (implicitly saving changed files before), I'd be disappointed. Malte -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net rpc idmap restore does not work
Hi In the samba HOWTO collection here http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html Creating an IDMAP Database Dump File there is a command net idmap restore /var/lib/samba/winbindd_idmap.tdb idmap_dump.txt the point is: it doesn't work. It just does nothing, except of printing a lot of lines like this: ignoring invalid line [] ignoring invalid line [BB] Looks like the winbindd_idmap.tdb file is not changed after this command has been run. The actual dump was done like this: net idmap dump /var/lib/samba/winbindd_idmap.tdb idmap_dump.txt The system I'm testing it on is Debian 6.1, samba 3.5.6. Regards P. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
Il 26/07/2011 10:06, Malte Forkel ha scritto: Am 25.07.2011 23:34, schrieb Chris Weiss: On Mon, Jul 25, 2011 at 3:50 PM, Pascal Valoispascal.val...@devinci.fr wrote: Le 25/07/11 22:44, Jeremy Allison a écrit : On Mon, Jul 25, 2011 at 10:21:35PM +0200, Malte Forkel wrote: Hi, I'm running Samba 3.2.5 on a server which I'd like to shut down when it is not used by any client. Is there a way to detect whether any user has opened a file on the server? smbstatus will tell you. slight correction, smbstatus tells you what file are used and by who, currently. not who HAS opened a file. smbstatus will also tell you who has an active connection to what shares, even if they have yet to actually open some file. while it's possible for someone to open a file in app that reads to ram then closes, such as notepad.exe, making edits and letting them sit without saving for long enough that an smb client would disconnect the session is unlikely given the save often mentality that most have gotten from using PC's. From application crashes, to power outages, to 2 year old kids pressing buttons, save often! Thanks for your suggestions! so depending on what you mean by has opened (opened before and still use it, or opened before and may have close it), smbstatus may be the answer or not. By has opened I mean opened before and still use it. Actually, something more like would be disappointed if the server went down. Ideally, a user might e.g. open a couple of source files to analyze them and after a while (without making changes of saving anything) try to open another file in the same directory. I've done a couple of experiments with smbstatus, specifically its -S and -L options. My clients run Windows 7 SP1 and Windows XP SP3. While a Windows Expolores is opened for a share (or one of its subdirectories), smbstatus -S will list that share. But once the Explorer is closed, the entry is cleared. Similarly, using a File Open Dialog only produces a short lived entry. smbstatus -L does not seem to produce any list entries once a user has opened a file. May be I have to specify some more specific locking in smb.conf? I've also experimented with root preexec and root postexec. Those seem to be triggered at the same time the output of smbstatus -S changes. Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? I suggest trying smbstatus -B too (shows byterange locks). Also, reading the whole thread it seems to me (FWIW) that the only way to be 100% sure that a samba restart won't disappoint anyone is have smbstatus show no active connection. -- Marcello Romani -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC 3.4 + wins server
Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Ghost connections
All, Why do some connections to shares not die? Sometimes when a user logs out of their account smbstatus shows them still connected to the shares. The connection will stay until samba is restarted. This was causing some problems on the shares with file locking. To work around the problem about a month ago I put a cron job in that restarts the samba processes in the middle of the night but that does not solve the problem of the ghost users. Sent on the Sprint® Now Network from my BlackBerry® -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
clear the logs and monitor for a few days,, If there is not real activity just shut down the service and see if anyone complains they can't access something.. After a few days/weeks/months pull the server. Might not be the perfect scenario but if smbstatus isn't displaying what you need then this might make you feel better about it lol On 07/27/2011 04:33 AM, Malte Forkel wrote: Am 26.07.2011 19:27, schrieb Jeremy Allison: On Tue, Jul 26, 2011 at 07:18:15PM +0200, Malte Forkel wrote: Am 26.07.2011 19:08, schrieb John Drescher: On Tue, Jul 26, 2011 at 1:04 PM, Malte Forkelmalte.for...@berlin.de wrote: Am 26.07.2011 18:42, schrieb Chris Weiss: On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkelmalte.for...@berlin.de wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? yes, it depends on the application. If the app closes the file and leaves the share, samba honors that. if the app keeps the file handle open, samba does too. So an application (like SciTE) might open a file, read and display its contents, and close the file while continuing to display it. And in contrast, a different application might not close the file while it is displaying its contents? Exactly. John Well, thanks to all of you for your help. In summary then, it looks to me like I won't be able to reliably detect if there is any client out there who would be disappointed if the server shuts down. Of course you will ! smbstatus does this as I keep repeating. If an application has opened and closed the file and keeps it in memory, then the user won't be disappointed if the server is shut down, they'll get an IO error on save and have to do a save as to a local (or other remote) drive. If an application keeps the file open (so it's not safely stored in memory) then smbstatus will show this and you don't shut the server down. You seem to think there's some magic option that will show you client intent, not client activity. Client activity is all you need to care about, and smbstatus show you this. Doesn't matter if applications are running or not, whether that have actual files open is all that matters. Jeremy. Well, I guess some people get disappointed more easily than others :-) I understand that users won't loose any data if the server shuts down and they save as their changes. But having to re-synchronize those files with those on the server once it is up again is something I'd like to avoid. Plus, the open files (from a user perspective) might just be an indicator that the user would like to use other capabilities of the server as well. E.g., he might do remote development of an application on the server using Eclipse on the Windows machine. If I found out that the server had shut down when I try to compile a new version (implicitly saving changed files before), I'd be disappointed. Malte -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] VFS Objects Recycle questions
I have a need to setup the recycle vfs object on our server. On my test server, I have all of the shares on a single drive and have put the following into each share: vfs_objects = recycle recycle:repository = [Actual Path and Partition that the share is located] recycle:directory_mode = 770 recycle:keeptree = Yes recycle:touch_mtime = Yes recycle:versions = Yes It works like a charm. All of the files when deleted from each share are dumped into the RecycleBin share, I have created a new share just for the RecycleBin that I have also mounted that I can perform a final delete on the files located within. On the live server, there are several partitions with shares split across the several partitions. The setup is the same, in terms of having the above entered into the individual shares and the RecycleBin for each share is located on the same partition/mount point that the share is located. Example: [share1] wide links = no writeable = yes path = /mnt/disk2/share1 write list = @share1 force group = share1 comment = Job Files and Related valid users = @share1 create mode = 770 user = @share1 directory mode = 770 vfs_objects = recycle recycle:repository = /mnt/disk2/sharebin/%u recycle:directory_mode = 770 recycle:keeptree = Yes recycle:touch_mtime = Yes recycle:versions = Yes [sharebin] wide links = no writeable = yes path = /mnt/disk2/sharebin write list = @share1 force directory mode = 770 force group = share1 sync always = yes force create mode = 770 comment = Location of Recycle Bin valid users = @share1 create mode = 770 user = @share1 directory mode = 770 Everything else matches, the folders exist, the folder permissions are the same, it's just a no go on relinking the files on a delete command from the share1 share. -- Regards, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to detect active users
I usually just use smbstatus. if I'm looking into a user issue, it's usually smbstatus | grep userid. Then I can get the PID and give it a kill -HUP to load new shares, etc, IF they don;t have any open files. - Original Message - From: Aaron E. ssures...@gmail.com To: samba@lists.samba.org Sent: Wednesday, July 27, 2011 6:21:28 AM Subject: Re: [Samba] How to detect active users clear the logs and monitor for a few days,, If there is not real activity just shut down the service and see if anyone complains they can't access something.. After a few days/weeks/months pull the server. Might not be the perfect scenario but if smbstatus isn't displaying what you need then this might make you feel better about it lol On 07/27/2011 04:33 AM, Malte Forkel wrote: Am 26.07.2011 19:27, schrieb Jeremy Allison: On Tue, Jul 26, 2011 at 07:18:15PM +0200, Malte Forkel wrote: Am 26.07.2011 19:08, schrieb John Drescher: On Tue, Jul 26, 2011 at 1:04 PM, Malte Forkelmalte.for...@berlin.de wrote: Am 26.07.2011 18:42, schrieb Chris Weiss: On Tue, Jul 26, 2011 at 3:06 AM, Malte Forkelmalte.for...@berlin.de wrote: Currently, I'm not even sure Samba preserves the kind of state information required to detect the usage scenario I'm interested in. Is there any concept of an open file in Windows/Samba, after all? May be it depends on the application used to open the file? yes, it depends on the application. If the app closes the file and leaves the share, samba honors that. if the app keeps the file handle open, samba does too. So an application (like SciTE) might open a file, read and display its contents, and close the file while continuing to display it. And in contrast, a different application might not close the file while it is displaying its contents? Exactly. John Well, thanks to all of you for your help. In summary then, it looks to me like I won't be able to reliably detect if there is any client out there who would be disappointed if the server shuts down. Of course you will ! smbstatus does this as I keep repeating. If an application has opened and closed the file and keeps it in memory, then the user won't be disappointed if the server is shut down, they'll get an IO error on save and have to do a save as to a local (or other remote) drive. If an application keeps the file open (so it's not safely stored in memory) then smbstatus will show this and you don't shut the server down. You seem to think there's some magic option that will show you client intent, not client activity. Client activity is all you need to care about, and smbstatus show you this. Doesn't matter if applications are running or not, whether that have actual files open is all that matters. Jeremy. Well, I guess some people get disappointed more easily than others :-) I understand that users won't loose any data if the server shuts down and they save as their changes. But having to re-synchronize those files with those on the server once it is up again is something I'd like to avoid. Plus, the open files (from a user perspective) might just be an indicator that the user would like to use other capabilities of the server as well. E.g., he might do remote development of an application on the server using Eclipse on the Windows machine. If I found out that the server had shut down when I try to compile a new version (implicitly saving changed files before), I'd be disappointed. Malte -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC 3.4 + wins server
On 07/27/2011 05:52 AM, Jubacca wrote: Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes What OS? Did you compile from source? I ran into the following weird issue once: Two servers with samba bundled with the OS. One server with samba compiled from source. Windows machines connecting from VPN- with the firewall blocking netbios traffic. The Windows clients could connect by name to the 1st 2 servers, but only by IP to the 3rd one, even tho DNS name resolution worked. (I could add an lmhosts entry on the client but this is clunky.) This indicated to be that the server does try to resolve client names or ip's and that something I did when I compiled samba broke this functionality. Snooping traffic DID show the client reaching the server but some sort of handshaking NOT completing. I would turn up the general log level. I would also snoop traffic for a client with out WINS to see if it is even locating the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC 3.4 + wins server
Linux Ubuntu 10.04 LTS - I used the package of distribution. On 27/07/2011 16.18, Gaiseric Vandal wrote: On 07/27/2011 05:52 AM, Jubacca wrote: Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes What OS? Did you compile from source? I ran into the following weird issue once: Two servers with samba bundled with the OS. One server with samba compiled from source. Windows machines connecting from VPN- with the firewall blocking netbios traffic. The Windows clients could connect by name to the 1st 2 servers, but only by IP to the 3rd one, even tho DNS name resolution worked. (I could add an lmhosts entry on the client but this is clunky.) This indicated to be that the server does try to resolve client names or ip's and that something I did when I compiled samba broke this functionality. Snooping traffic DID show the client reaching the server but some sort of handshaking NOT completing. I would turn up the general log level. I would also snoop traffic for a client with out WINS to see if it is even locating the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] WinPopup to Windows 7?
Is smbclient -M supposed to work to a Windows 7 machine? Using samba3-3.4.9-42.el5 I get: # echo Hello world | smbclient -NM PC167 Connection to PC167 failed. Error NT_STATUS_BAD_NETWORK_NAME The name resolves correctly, and the command works to an XP client with Messenger service enabled. Win 7 has its own MSG.EXE program for that sort of thing, which apparently no longer requires the Messenger service. If the WinPopup protocol is no longer supported, does Samba have another messaging command? Moray. To err is human; to purr, feline. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net join DNS
Is there an option to the net command to not have it update DNS in AD? We are joining servers using the net ads join command and it's changing our static DNS entries to dynamic ones which then get deleted when AD does its DNS scavenging. It seems that dynamically updating DNS is the default. The command we're running is: net ads join -U adminuser%adminpasswd Thanks - Mike Mike Auleta UNIX Administrator Conde Nast Publications (302) 830-4688 michael_aul...@condenast.com This e-mail, including attachments, is intended for the person(s) or company named and may contain confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please delete this message and notify the sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain trust between Samba 3.5.9 and Windows 2008 Active Directory crashes lsass.exe which makes AD Domain Controller reboot
Hi Trying to set up a one way trust between a 2008 Active Directory domain and a Samba 3.5.9 server which is configured as a PDC. There is already an existing trust between AD and an NT4 domain so AD has been configured to support NTLM authentication (see below for full details). With no domain trust, using smbclient either anonymously or with a valid user on the DC (e.g. Administrator) works ok,. When a domain trust is created as follows: On samba server net rpc trustdom add AD password pdbedit -Lw ad\$ shows that the trust account is set up correctly (i.e. I appearing in the square brackets ) net rpc trustdom list shows the domain trust is ok On AD DC: Add new trust for the Samba domain in the normal way using the trust password above This validates ok. Now smbclient -U% still ok but smbclient -UAdministrator causes the DC to crash, When it comes back up, the following appears in the Application Eventlog: Log Name: Application Source:Application Error Date: 27/07/2011 16:25:07 Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: LIVEDC.ad.gordian.co.uk Description: Faulting application lsass.exe, version 6.0.6002.18005, time stamp 0x49e01c84, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e02d47, exception code 0x8003, fault offset 0x000348d8, process id 0x244, application start time 0x01cc41619f198970. Event Xml: Event xmlns=http://schemas.microsoft.com/win/2004/08/events/event; System Provider Name=Application Error / EventID Qualifiers=01000/EventID Level2/Level Task100/Task Keywords0x80/Keywords TimeCreated SystemTime=2011-07-27T15:25:07.000Z / EventRecordID17693/EventRecordID ChannelApplication/Channel ComputerLIVEDC.ad.gordian.co.uk/Computer Security / /System followed by Log Name: Application Source:Microsoft-Windows-Wininit Date: 27/07/2011 16:25:20 Event ID: 1015 Task Category: None Level: Error Keywords: Classic User: N/A Computer: LIVEDC.ad.gordian.co.uk Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted. Event Xml: Event xmlns=http://schemas.microsoft.com/win/2004/08/events/event; System Provider Name=Microsoft-Windows-Wininit Guid={206f6dea-d3c5-4d10-bc72-989f03c8b84b} EventSourceName=Wininit / EventID Qualifiers=491521015/EventID Version0/Version Level2/Level Task0/Task Opcode0/Opcode Keywords0x80/Keywords TimeCreated SystemTime=2011-07-27T15:25:20.000Z / EventRecordID17694/EventRecordID Correlation / Execution ProcessID=0 ThreadID=0 / ChannelApplication/Channel ComputerLIVEDC.ad.gordian.co.uk/Computer Security / /System EventData DataC:\Windows\system32\lsass.exe/Data Data255/Data /EventData /Event EventData Datalsass.exe/Data Data6.0.6002.18005/Data Data49e01c84/Data Datantdll.dll/Data Data6.0.6002.18005/Data Data49e02d47/Data Data8003/Data Data000348d8/Data Data244/Data Data01cc41619f198970/Data /EventData /Event Here's the smb.conf with comments stripped: [global] workgroup = CTGDOMAIN server string = Samba 3.5.9 Server PDC security = user hosts allow = 192.168.56. 192.168.153. 127. load printers = no log file = /opt/samba/var/log.%m max log size = 50 interfaces = e1000g0 lo* bind interfaces only = yes local master = yes domain master = yes preferred master = yes domain logons = yes logon path = \\%L\Profiles\%U wins support = yes name resolve order = lmhosts wins hosts broadcast dns proxy = no add user script = /usr/sbin/useradd %u add group script = /usr/sbin/groupadd %g add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %u delete user script = /usr/sbin/userdel %u delete user from group script = /usr/sbin/userdel %u %g delete group script = /usr/sbin/groupdel %g [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /opt/samba/lib/netlogon guest ok = yes writable = no share modes = no [Profiles] path = /opt/samba/profiles browseable = no guest ok = yes Has anyone else seen this issue or have any ideas about the best way to debug? thanks tim P.S. AD policy configuration Network access: Allow anonymous SID/Name translation ENABLED Network access: Do not allow anonymous enumeration of SAM accounts DISABLED Network access: Do not allow anonymous enumeration of SAM accounts and shares DISABLED Network access: Let Everyone permissions apply to anonymous users
Re: [Samba] VFS Objects Recycle questions
Please disregard. It started working, out of the blue. (Yes, I had previously initiated my changes, forced a restart and even waited a good handful of minutes before performing a test delete.) -- Regards, Robert Adkins II -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Robert Adkins II Sent: Wednesday, July 27, 2011 9:27 AM To: samba@lists.samba.org Subject: [Samba] VFS Objects Recycle questions I have a need to setup the recycle vfs object on our server. On my test server, I have all of the shares on a single drive and have put the following into each share: vfs_objects = recycle recycle:repository = [Actual Path and Partition that the share is located] recycle:directory_mode = 770 recycle:keeptree = Yes recycle:touch_mtime = Yes recycle:versions = Yes It works like a charm. All of the files when deleted from each share are dumped into the RecycleBin share, I have created a new share just for the RecycleBin that I have also mounted that I can perform a final delete on the files located within. On the live server, there are several partitions with shares split across the several partitions. The setup is the same, in terms of having the above entered into the individual shares and the RecycleBin for each share is located on the same partition/mount point that the share is located. Example: [share1] wide links = no writeable = yes path = /mnt/disk2/share1 write list = @share1 force group = share1 comment = Job Files and Related valid users = @share1 create mode = 770 user = @share1 directory mode = 770 vfs_objects = recycle recycle:repository = /mnt/disk2/sharebin/%u recycle:directory_mode = 770 recycle:keeptree = Yes recycle:touch_mtime = Yes recycle:versions = Yes [sharebin] wide links = no writeable = yes path = /mnt/disk2/sharebin write list = @share1 force directory mode = 770 force group = share1 sync always = yes force create mode = 770 comment = Location of Recycle Bin valid users = @share1 create mode = 770 user = @share1 directory mode = 770 Everything else matches, the folders exist, the folder permissions are the same, it's just a no go on relinking the files on a delete command from the share1 share. -- Regards, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] printer preferences admin
Samba 3.5.9. We have printers exported to Windows and have the following options configured: enable privileges = yes load printers = yes printing = cups printcap name = cups cups options = raw [printers] admin users = @printer-admins comment = All Printers browseable = yes path = /var/spool/samba printable = yes public = yes [print$] admin users = @printer-admins write list = @printer-admins comment = Printer Drivers path = /var/lib/samba/printers browseable = yes guest ok = no create mode = 2777 root preexec = /usr/bin/renice +18 -p %d and net rpc rights list: .. BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Unix Group\printer-admins SePrintOperatorPrivilege SeDiskOperatorPrivilege Everyone No privileges assigned .. Everything works great, including printing and installing printers on clients, EXCEPT when members of @printer-admins go into the printer properties via a Windows machine, all administrative options are grayed out. The only way I've determined that fixes this is to add @printer-admins to the [global] admin users. Having them as admin users under [printers] and [print$] doesn't seem to do it, nor does the rights assignment. Is this expected? Am I missing a setting? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS Objects Recycle questions / Round Two
It's working, for at least three user accounts, but it isn't working for all user accounts. If I attempt to delete a file through Samba while using my login, the file just disappears, it isn't relinked into the RecycleBin. However, if other accounts perform a delete through Samba, the file is relinked into the RecycleBin. Any ideas? -- Regards, Robert Adkins II -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Robert Adkins II Sent: Wednesday, July 27, 2011 1:22 PM To: samba@lists.samba.org Subject: Re: [Samba] VFS Objects Recycle questions Please disregard. It started working, out of the blue. (Yes, I had previously initiated my changes, forced a restart and even waited a good handful of minutes before performing a test delete.) -- Regards, Robert Adkins II -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Robert Adkins II Sent: Wednesday, July 27, 2011 9:27 AM To: samba@lists.samba.org Subject: [Samba] VFS Objects Recycle questions I have a need to setup the recycle vfs object on our server. On my test server, I have all of the shares on a single drive and have put the following into each share: vfs_objects = recycle recycle:repository = [Actual Path and Partition that the share is located] recycle:directory_mode = 770 recycle:keeptree = Yes recycle:touch_mtime = Yes recycle:versions = Yes It works like a charm. All of the files when deleted from each share are dumped into the RecycleBin share, I have created a new share just for the RecycleBin that I have also mounted that I can perform a final delete on the files located within. On the live server, there are several partitions with shares split across the several partitions. The setup is the same, in terms of having the above entered into the individual shares and the RecycleBin for each share is located on the same partition/mount point that the share is located. Example: [share1] wide links = no writeable = yes path = /mnt/disk2/share1 write list = @share1 force group = share1 comment = Job Files and Related valid users = @share1 create mode = 770 user = @share1 directory mode = 770 vfs_objects = recycle recycle:repository = /mnt/disk2/sharebin/%u recycle:directory_mode = 770 recycle:keeptree = Yes recycle:touch_mtime = Yes recycle:versions = Yes [sharebin] wide links = no writeable = yes path = /mnt/disk2/sharebin write list = @share1 force directory mode = 770 force group = share1 sync always = yes force create mode = 770 comment = Location of Recycle Bin valid users = @share1 create mode = 770 user = @share1 directory mode = 770 Everything else matches, the folders exist, the folder permissions are the same, it's just a no go on relinking the files on a delete command from the share1 share. -- Regards, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Users cannot change password
Hello. I'm running a domain with Samba 3.5. on FreeBSD with an LDAP backend. Suddenly users cannot change their passwords anymore. They are just told they can't do that now, but in the logs I see: user XX does not have permissions to change password Any hint? bye Thanks av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 133fb0e s3-spoolss: Use get_session_info_system(). via b77f626 s3-spoolss: Free the info2 structure in _spoolss_GetPrinter. via f26441d s3-spoolss: Use tmp_ctx everywhere in _spoolss_DeletePrinterDriverEx. via fea4a31 s3-spoolss: Use tmp_ctx in winreg_enum_printer_key_internal. via c58c0ba s3-spoolss: Use tmp_ctx in winreg_printer_deleteform1_internal. via 80c1a8e s3-spoolss: Use tmp_ctx in winreg_printer_setform1_internal. via baccb06 s3-spoolss: Use tmp_ctx in winreg_printer_addform1_internal. via a6ea154 s3-spoolss: Use tmp_ctx in winreg_printer_getform1_internal. via f49917a s3-spoolss: Use tmp_ctx in winreg_printer_enumforms1_internal. via 81eae6e s3-spoolss: Use tmp_ctx in winreg_set_printer_secdesc_internal. via 41c2e71 s3-spoolss: Use tmp_ctx in winreg_get_printer_secdesc_internal. via 022a13f s3-spoolss: Use tmp_ctx in winreg_add_driver_internal. via ff6294e s3-spoolss: Use tmp_ctx in winreg_del_driver_internal. via 72ac68e s3-spoolss: Use tmp_ctx in winreg_get_driver_list_internal. via 2e2631f s3-spoolss: Use tmp_ctx in winreg_get_driver_internal. via 1068295 s3-spoolss: Use tmp_ctx in winreg_delete_printer_dataex_internal. via e6e80ea s3-spoolss: Use tmp_ctx in winreg_get_printer_dataex_internal. via 7aef2f6 s3-spoolss: Use tmp_ctx in winreg_enum_printer_dataex_internal. via 311d6db s3-spoolss: Use tmp_ctx in winreg_set_printer_dataex_internal. via 2b0adab s3-spoolss: Use tmp_ctx in winreg_update_printer_internal. via 34dc5a5 s3-spoolss: Use tmp_ctx in winreg_create_printer_internal. via f9359a2 s3-spoolss: Use tmp_ctx in winreg_get_printer_internal. via 20afdee s3-spoolss: Use tmp_ctx in winreg_printer_get_changeid_internal. via ba74c5d s3-spoolss: Use tmp_ctx in winreg_printer_update_changeid_internal. via 43604dd s3-spoolss: Use tmp_ctx in winreg_delete_printer_key_internal. via bed0672 s3-spoolss: Free local in winreg_printer_binding_handle. via 99e03be s3-spoolss: Improve memory efficiency. via 8831402 s3-rpc_client: Fix memory context in winreg_enum_printer_dataex(). via 5045281 s3-rpc_client: Close policy handles before creating defaults. via f8afaa7 s3-rpc_client: Close the hive handle before we open it again. via a0597b7 s3-rpc_client: Close hive if opening of the key fails. via fe7e4ac s3-rpc_server: Copy correct local tsocket address. from 3276060 s3:idmap_tdb2: remove the undocumented option of the silly name tdb:idmap2.tdb http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 133fb0ebcc070bd3ae4aebcc3a759eca98101495 Author: Andreas Schneider a...@samba.org Date: Tue Jul 26 10:40:40 2011 +0200 s3-spoolss: Use get_session_info_system(). Autobuild-User: Andreas Schneider a...@cryptomilk.org Autobuild-Date: Wed Jul 27 10:38:34 CEST 2011 on sn-devel-104 commit b77f626def8cd4bf20eb15b98bc8655aab22c32a Author: Andreas Schneider a...@samba.org Date: Mon Jul 25 21:52:29 2011 +0200 s3-spoolss: Free the info2 structure in _spoolss_GetPrinter. commit f26441d8ba8cf89f6b08b64ae40e75d6ab2d2aa3 Author: Andreas Schneider a...@samba.org Date: Mon Jul 25 21:48:40 2011 +0200 s3-spoolss: Use tmp_ctx everywhere in _spoolss_DeletePrinterDriverEx. commit fea4a3111be2550550194dfa56272feb5688407b Author: Andreas Schneider a...@samba.org Date: Mon Jul 25 21:41:14 2011 +0200 s3-spoolss: Use tmp_ctx in winreg_enum_printer_key_internal. commit c58c0ba0bdf470233a35bb105abf7e3ad9e927f1 Author: Andreas Schneider a...@samba.org Date: Mon Jul 25 21:40:12 2011 +0200 s3-spoolss: Use tmp_ctx in winreg_printer_deleteform1_internal. commit 80c1a8e04e4d287bcd58091d65549e499c2fa11a Author: Andreas Schneider a...@samba.org Date: Mon Jul 25 21:39:01 2011 +0200 s3-spoolss: Use tmp_ctx in winreg_printer_setform1_internal. commit baccb06658fde3d49b58c6aeb17f0e9c320dbd01 Author: Andreas Schneider a...@samba.org Date: Mon Jul 25 21:38:12 2011 +0200 s3-spoolss: Use tmp_ctx in winreg_printer_addform1_internal. commit a6ea1542c549d33f56877fdac0dfd87a76518778 Author: Andreas Schneider a...@samba.org Date: Mon Jul 25 21:37:25 2011 +0200 s3-spoolss: Use tmp_ctx in winreg_printer_getform1_internal. commit f49917ade0c4dda99d7188e8556b35a76f3f39b0 Author: Andreas Schneider a...@samba.org Date: Mon Jul 25 21:36:34 2011 +0200 s3-spoolss: Use tmp_ctx in winreg_printer_enumforms1_internal. commit 81eae6ebd4746e4c14fe86e7a77ce78a172d9234 Author: Andreas Schneider a...@samba.org Date: Mon Jul 25 21:35:24 2011 +0200 s3-spoolss: Use tmp_ctx in winreg_set_printer_secdesc_internal. commit 41c2e711bd04892c68a94d62c98e51bf95af33e8 Author: Andreas Schneider
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via abf3573 s3:modules fix Bug 8330 NFSv4 ACL merging logic is broken from 133fb0e s3-spoolss: Use get_session_info_system(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit abf3573c21510717edb0fb9ce5080c1a24c35714 Author: Christian Ambach a...@samba.org Date: Wed Jul 27 14:46:00 2011 +0200 s3:modules fix Bug 8330 NFSv4 ACL merging logic is broken we should not merge ACEs with different flags (e.g. CI/OI/I/) Otherwise ACLs get wrong entries and thus wrong semantics Example: ACL:BUILTIN\Users:ALLOWED/0x0/FULL ACL:BUILTIN\Users:ALLOWED/I/READ got merged to ACL:BUILTIN\Users:ALLOWED/I/FULL This is not the same and also leads to wrong displays in the Windows ACL dialog Autobuild-User: Christian Ambach a...@samba.org Autobuild-Date: Wed Jul 27 16:03:51 CEST 2011 on sn-devel-104 --- Summary of changes: source3/modules/nfs4_acls.c |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 09ef522..f1c2904 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -519,8 +519,7 @@ static SMB_ACE4PROP_T *smbacl4_find_equal_special( if (ace-flags == aceNew-flags ace-aceType==aceNew-aceType - ((ace-aceFlagsSMB_ACE4_INHERIT_ONLY_ACE)== -(aceNew-aceFlagsSMB_ACE4_INHERIT_ONLY_ACE)) + ace-aceFlags==aceNew-aceFlags (ace-aceFlagsSMB_ACE4_IDENTIFIER_GROUP)== (aceNew-aceFlagsSMB_ACE4_IDENTIFIER_GROUP) ) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated
The branch, v3-3-test has been updated via 02621d4 WHATSNEW: Start release notes for 3.3.17. via f6469f2 VERSION: Bump version number up to 3.6.17. via cb05204 s3-swat: Fix typo. via 6b7a7d8 s3 swat: Create random nonce in CGI mode via e16316d s3 swat: Add time component to XSRF token via 5f9d559 s3 swat: Add XSRF protection to printer page via 37fc575 s3 swat: Add XSRF protection to password page via d7056ec s3 swat: Add XSRF protection to shares page via 43bb2d4 s3 swat: Add XSRF protection to globals page via 5aae531 s3 swat: Add XSRF protection to wizard page via 8aee102 s3 swat: Add XSRF protection to wizard_params page via 6af465a s3 swat: Add XSRF protection to viewconfig page via ad92cde s3 swat: Add XSRF protection to status page via e90a2cc s3 swat: Add support for anti-XSRF token via 0f96d0f s3 swat: Allow getting the user's HTTP auth password via c93a3b6 s3 swat: Fix possible XSS attack (bug #8289) via c5e163d WAHTSNEW: Prepare release notes for 3.3.16. via 351ff10 VERSION: Bump version number up to 3.3.16. from d9c0ace s3:nmbd_packets: return the used number of sockets in create_listen_fdset() (bug #8276) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 02621d4e819d4ea42bda5e8f6dbaae638f1b9f5c Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:51:52 2011 +0200 WHATSNEW: Start release notes for 3.3.17. Karolin (cherry picked from commit 0fb8c85001ee0657be20aae81716d9c309420652) commit f6469f23c9b1aee8d020b0be82ab843b89e3c8c9 Author: Karolin Seeger ksee...@samba.org Date: Tue Jul 26 20:49:58 2011 +0200 VERSION: Bump version number up to 3.6.17. Karolin (cherry picked from commit a646b2e5ad0e19f8506bff3ff8b0ce2e3bcbf061) commit cb05204c531826fd2bc5e225bd35759de7bcd59b Author: Karolin Seeger ksee...@samba.org Date: Sun Jul 24 21:09:38 2011 +0200 s3-swat: Fix typo. Thanks to Simo for reporting! Karolin (cherry picked from commit f571f362deaa5bfbdb22c3a7d8409bab9b6c8d82) commit 6b7a7d865bdb8e61537ba4795e24facee2df240e Author: Kai Blin k...@samba.org Date: Tue Jul 12 08:08:24 2011 +0200 s3 swat: Create random nonce in CGI mode In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin k...@samba.org The last 12 patches address bug #8290 (CSRF vulnerability in SWAT). This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT). (cherry picked from commit 3973cfa50024983618a44ffdb9f756b642b85be7) commit e16316d08e2b0e3d857fd6d72abdde2c19eaf5c9 Author: Kai Blin k...@samba.org Date: Sat Jul 9 09:52:07 2011 +0200 s3 swat: Add time component to XSRF token Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 11e281228f334bf3d384df5655136f0b4b4068aa) commit 5f9d5599b47a9f1a8319e8b87220ae53a06926d4 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:06:13 2011 +0200 s3 swat: Add XSRF protection to printer page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 407ae61fbfc8ee1643a4db8ea9b104f031b32e0f) commit 37fc575e5eebf83d97fd08531d0b600f6f8f022b Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:05:38 2011 +0200 s3 swat: Add XSRF protection to password page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 4850456845d2da5e3451716a5ad4ca0ef034e01f) commit d7056ec2d31ede5f03c1dc0da09a6c26a0f07b77 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:48 2011 +0200 s3 swat: Add XSRF protection to shares page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit ef457a20422cfa8231e25b539d2cd87f299686b9) commit 43bb2d4e9f162f2aaa4ae56dba27170fe1b8e9ae Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:04:12 2011 +0200 s3 swat: Add XSRF protection to globals page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit 8fb3064eeaa3640af6c8b91aa5859d8bfb6d0888) commit 5aae5319d34a9bf8c9f1f28883ac77a053b9a217 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:44 2011 +0200 s3 swat: Add XSRF protection to wizard page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit eb22fd73060534700d514ec295985549131c7569) commit 8aee1024450155fd37b776bfa0bbfef063638590 Author: Kai Blin k...@samba.org Date: Fri Jul 8 15:03:15 2011 +0200 s3 swat: Add XSRF protection to wizard_params page Signed-off-by: Kai Blin k...@samba.org (cherry picked from commit
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via c69ab42 s3: Test for __attribute__((destructor)) (cherry picked from commit 36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0) from 7b8ba88 WHATSNEW: Start release notes for 3.5.11. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit c69ab4252d9aea274f44f96b1e3f41ca57185987 Author: Volker Lendecke v...@samba.org Date: Mon May 10 11:53:03 2010 +0200 s3: Test for __attribute__((destructor)) (cherry picked from commit 36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0) Fix bug #8322 (HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR is missing from 3.5.x). --- Summary of changes: source3/configure.in | 16 1 files changed, 16 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 2c9fe1e..2494593 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1331,6 +1331,22 @@ if test x$samba_cv_stat_dos_flags = xyes ; then AC_DEFINE(HAVE_STAT_DOS_FLAGS, 1, [whether there is DOS flags support in the stat struct]) fi +AC_CACHE_CHECK([whether we can compile with __attribute__((destructor))], + samba_cv_function_attribute_destructor, + [ +AC_COMPILE_IFELSE( + [ + __attribute__((destructor)) + static void cleanup(void) { } + ], + samba_cv_function_attribute_destructor=yes) + ]) + +if test x$samba_cv_function_attribute_destructor = xyes ; then + AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR, 1, +[whether we can compile with __attribute__((destructor))]) +fi + # # needed for SRV lookups AC_CHECK_LIB(resolv, dn_expand) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 742b8c3 s3:idmap_tdb2: remove the undocumented option of the silly name tdb:idmap2.tdb via 55019ce s3:idmap_tdb2: remove a legacy comment (cherry picked from commit 67cd2f9d867fad1f7df2d6a6a5cdb723336ac495) via 4369aeb s3:idmap_tdb2: remove legacy comment (cherry picked from commit 4b5ada3d27198b49771acb70ae979087235be783) via 5a5b069 s3:idmap_tdb2: remove superfluous initialization with bogus comment (cherry picked from commit 551185573899b6e608863f833633d40ae04458d8) via 7f56b62 s3:idmap_tdb2: fix a legacy comment that does not apply any more (cherry picked from commit 7d3dc2164b3929c642127659593e69fc865a6184) via 2abe73e s3:doc: add an example with idmap script to the idmap_tdb2 manpage (cherry picked from commit 86973eee43605a3680fb51470a81ea9ca7f1b515) via 66216f6 s3:docs: remove legacy text from the example in the idmap_tdb2 manpage (cherry picked from commit 2f253c2791ccb2421f26f563e3983ee950da1d05) via 29e3919 s3:doc: clarify the idmap script section in the idmap_tdb2 manpage (cherry picked from commit 4daab85ae60f2821a1d9d98f1edff6a318e8e3c1) via 22b9dc3 s3:docs:idmap_tdb2: update the documentation of idmap script via 7812ce5 s3:idmap_tdb2: deprecate the idmap:script parameter and use idmap config * : script instead from 5f9bc14 WHATSNEW: Start release notes for 3.6.0. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 742b8c3c14ec8708eb5bfe5e7960c1c93ec0096c Author: Michael Adam ob...@samba.org Date: Fri Jun 24 10:15:02 2011 +0200 s3:idmap_tdb2: remove the undocumented option of the silly name tdb:idmap2.tdb In ancient times, when ctdb had not support for persistent databases and tdb2 was introduced as a two-layer solution and it was more important than today to be able to change the location of the permanent database file because it had to reside on shared storage. But these were times when idmap_tdb2 was not even officially released. Nowadays, with ctdb handling the persistent idmap2.tdb database, the path is stripped anyways, so this undocumented option has become unnecessary and is hence removed. Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Wed Jul 27 05:37:57 CEST 2011 on sn-devel-104 (cherry picked from commit 3276060da4e7d495bd5cf5cbf7237e64d948ee77) The last 10 patches address bug #8328 (final cleanup of idmap_tdb2 code and docs needed for release). commit 55019ced08d235a3ba9ae27b06379fcb827f9b28 Author: Michael Adam ob...@samba.org Date: Thu Jun 9 13:36:54 2011 +0200 s3:idmap_tdb2: remove a legacy comment (cherry picked from commit 67cd2f9d867fad1f7df2d6a6a5cdb723336ac495) commit 4369aeb41c2fafd6a1e0baff5cbb05d223e869ab Author: Michael Adam ob...@samba.org Date: Thu Jun 9 13:35:21 2011 +0200 s3:idmap_tdb2: remove legacy comment (cherry picked from commit 4b5ada3d27198b49771acb70ae979087235be783) commit 5a5b069166d5f224526f6cae049fa14cf35c426a Author: Michael Adam ob...@samba.org Date: Thu Jun 9 13:34:04 2011 +0200 s3:idmap_tdb2: remove superfluous initialization with bogus comment (cherry picked from commit 551185573899b6e608863f833633d40ae04458d8) commit 7f56b6269792300237193b69541f73fb32a986b3 Author: Michael Adam ob...@samba.org Date: Thu Jun 9 13:07:54 2011 +0200 s3:idmap_tdb2: fix a legacy comment that does not apply any more (cherry picked from commit 7d3dc2164b3929c642127659593e69fc865a6184) commit 2abe73e5eed10af4ee030449322ddbc4c7054c08 Author: Michael Adam ob...@samba.org Date: Fri Jun 24 11:38:05 2011 +0200 s3:doc: add an example with idmap script to the idmap_tdb2 manpage (cherry picked from commit 86973eee43605a3680fb51470a81ea9ca7f1b515) commit 66216f6325f33c2a1d7c3e114754efc78d61aae2 Author: Michael Adam ob...@samba.org Date: Fri Jun 24 11:36:33 2011 +0200 s3:docs: remove legacy text from the example in the idmap_tdb2 manpage (cherry picked from commit 2f253c2791ccb2421f26f563e3983ee950da1d05) commit 29e39194aaa15c44178b16a4abc5583f5ff4688f Author: Michael Adam ob...@samba.org Date: Fri Jun 24 11:35:51 2011 +0200 s3:doc: clarify the idmap script section in the idmap_tdb2 manpage (cherry picked from commit 4daab85ae60f2821a1d9d98f1edff6a318e8e3c1) commit 22b9dc3f66c6786a962d7cb462b372fb955a199e Author: Michael Adam ob...@samba.org Date: Fri Jun 24 10:59:04 2011 +0200 s3:docs:idmap_tdb2: update the documentation of idmap script to reflect the new variant idmap config * : script of configuring the idmap script (cherry picked from commit 2aa19b4aeb9de43a0e2b94ad1202f2068b29c710) commit 7812ce547973a0ad5a69c64e8e708e1b9f3a8687 Author: Michael Adam ob...@samba.org Date: Tue Jun 7 18:00:36 2011 +0200 s3:idmap_tdb2: deprecate the idmap:script parameter and use idmap
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 0f9a24b s3:torture: remove a file accidentially committed with 3b2fe4728d6d916508b677e696ecad88f8b7b9fd from 742b8c3 s3:idmap_tdb2: remove the undocumented option of the silly name tdb:idmap2.tdb http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 0f9a24b7dc9aaae6145ec409191fc16b07c601a8 Author: Michael Adam ob...@samba.org Date: Tue May 17 14:30:13 2011 +0200 s3:torture: remove a file accidentially committed with 3b2fe4728d6d916508b677e696ecad88f8b7b9fd Fix bug #8329 (a code file was accidentially commited). --- Summary of changes: source3/torture/test_notify_online.c | 294 -- 1 files changed, 0 insertions(+), 294 deletions(-) delete mode 100644 source3/torture/test_notify_online.c Changeset truncated at 500 lines: diff --git a/source3/torture/test_notify_online.c b/source3/torture/test_notify_online.c deleted file mode 100644 index b9ebc00..000 --- a/source3/torture/test_notify_online.c +++ /dev/null @@ -1,294 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Make sure that for offline files pread and pwrite trigger a notify - Copyright (C) Volker Lendecke 2011 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see http://www.gnu.org/licenses/. -*/ - -#include includes.h -#include torture/proto.h -#include libcli/security/security.h -#include lib/util/tevent_ntstatus.h -#include libsmb/libsmb.h - -extern char *test_filename; - -struct notify_online_state { - struct tevent_context *ev; - struct cli_state *cli; - uint16_t dnum; - const char *fname; - uint16_t fnum; - bool got_notify; -}; - -static void notify_online_opened_dir(struct tevent_req *subreq); -static void notify_online_notify_callback(struct tevent_req *subreq); -static void notify_online_opened_file(struct tevent_req *subreq); -static void notify_online_sent_read(struct tevent_req *subreq); -static void notify_online_sent_closefile(struct tevent_req *subreq); -static void notify_online_waited(struct tevent_req *subreq); -static void notify_online_sent_closedir(struct tevent_req *subreq); - -static struct tevent_req *notify_online_send( - TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct cli_state *cli, const char *dname, const char *fname) -{ - struct tevent_req *req, *subreq; - struct notify_online_state *state; - - req = tevent_req_create(mem_ctx, state, struct notify_online_state); - if (req == NULL) { - return NULL; - } - state-ev = ev; - state-cli = cli; - state-fname = fname; - - subreq = cli_ntcreate_send( - state, ev, cli, dname, EXTENDED_RESPONSE_REQUIRED, - SEC_FILE_READ_DATA, 0, - FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, - FILE_OPEN, 0, 0); - if (tevent_req_nomem(subreq, req)) { - return tevent_req_post(req, ev); - } - tevent_req_set_callback(subreq, notify_online_opened_dir, req); - return req; -} - -static void notify_online_opened_dir(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data( - subreq, struct tevent_req); - struct notify_online_state *state = tevent_req_data( - req, struct notify_online_state); - NTSTATUS status; - - status = cli_ntcreate_recv(subreq, state-dnum); - TALLOC_FREE(subreq); - if (tevent_req_nterror(req, status)) { - return; - } - subreq = cli_notify_send(state, state-ev, state-cli, state-dnum, -128, FILE_NOTIFY_CHANGE_ATTRIBUTES, false); - if (tevent_req_nomem(subreq, req)) { - return; - } - tevent_req_set_callback(subreq, notify_online_notify_callback, req); - - subreq = cli_ntcreate_send( - state, state-ev, state-cli, state-fname, 0, - GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL, - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_OPEN, FILE_NON_DIRECTORY_FILE, 0); - if (tevent_req_nomem(subreq, req)) { - return; - } - tevent_req_set_callback(subreq,
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 146549d Fix bug #8324 - smbclient cannot list directories from a big-endian machine. from 0f9a24b s3:torture: remove a file accidentially committed with 3b2fe4728d6d916508b677e696ecad88f8b7b9fd http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 146549d7250fefb365675154f0916c37e56faa5d Author: Jeremy Allison j...@samba.org Date: Tue Jul 26 15:16:29 2011 -0700 Fix bug #8324 - smbclient cannot list directories from a big-endian machine. Two uses of the setup array are not being correctly byte-swapped to little endian. --- Summary of changes: source3/libsmb/clilist.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c index d74d3d8..59d01b7 100644 --- a/source3/libsmb/clilist.c +++ b/source3/libsmb/clilist.c @@ -573,7 +573,7 @@ static struct tevent_req *cli_list_trans_send(TALLOC_CTX *mem_ctx, state-max_matches = 1366; /* Match W2k */ - state-setup[0] = TRANSACT2_FINDFIRST; + SSVAL(state-setup[0], 0, TRANSACT2_FINDFIRST); nlen = 2*(strlen(mask)+1); state-param = TALLOC_ARRAY(state, uint8_t, 12+nlen+2); @@ -735,7 +735,7 @@ static void cli_list_trans_done(struct tevent_req *subreq) return; } - state-setup[0] = TRANSACT2_FINDNEXT; + SSVAL(state-setup[0], 0, TRANSACT2_FINDNEXT); nlen = 2*(strlen(state-mask) + 1); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 94a2328 s3: Avoid calls to cli_dos/nt_error in torture via a7f8d9e s3: Fix formatting in check_error() via 34faeb8 s3:test_async_echo: unsure the desired smb message sequence from abf3573 s3:modules fix Bug 8330 NFSv4 ACL merging logic is broken http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 94a2328367b2098bf5e125ddbd1e8c9bfde20efe Author: Volker Lendecke v...@samba.org Date: Wed Jul 27 21:51:45 2011 +0200 s3: Avoid calls to cli_dos/nt_error in torture Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Wed Jul 27 23:07:51 CEST 2011 on sn-devel-104 commit a7f8d9e798bd5cf4ff16382b45e20e4b2a4c0bf8 Author: Volker Lendecke v...@samba.org Date: Wed Jul 27 21:51:13 2011 +0200 s3: Fix formatting in check_error() commit 34faeb8bba86fff57466c06682b7dcbffc48a52a Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 27 18:35:00 2011 +0200 s3:test_async_echo: unsure the desired smb message sequence We want to start sending echo requests once the rpc related smb operation arrived the smb layer. metze --- Summary of changes: source3/torture/test_async_echo.c | 10 +++ source3/torture/torture.c | 48 +++- 2 files changed, 35 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/torture/test_async_echo.c b/source3/torture/test_async_echo.c index 6f82939..f1d44ee 100644 --- a/source3/torture/test_async_echo.c +++ b/source3/torture/test_async_echo.c @@ -20,6 +20,7 @@ #include includes.h #include torture/proto.h #include libsmb/libsmb.h +#include async_smb.h #include rpc_client/cli_pipe.h #include librpc/gen_ndr/ndr_echo_c.h @@ -100,6 +101,15 @@ bool run_async_echo(int dummy) tevent_req_set_callback(req, rpccli_sleep_done, num_reqs); num_reqs += 1; + /* Wait until the rpc operation arrives at the smb layer */ + while (tevent_req_is_in_progress(req) + !cli_has_async_calls(cli)) { + if (tevent_loop_once(ev) != 0) { + printf(tevent_loop_once failed\n); + goto fail; + } + } + req = cli_echo_send(ev, ev, cli, 1, data_blob_const(hello, 5)); if (req == NULL) { printf(cli_echo_send failed\n); diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 36d263d..90a9068 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -503,35 +503,35 @@ static bool check_both_error(int line, NTSTATUS status, /* check if the server produced the expected error code */ -static bool check_error(int line, struct cli_state *c, +static bool check_error(int line, NTSTATUS status, uint8 eclass, uint32 ecode, NTSTATUS nterr) { -if (cli_is_dos_error(c)) { + if (NT_STATUS_IS_DOS(status)) { uint8 cclass; uint32 num; /* Check DOS error */ -cli_dos_error(c, cclass, num); + cclass = NT_STATUS_DOS_CLASS(status); + num = NT_STATUS_DOS_CODE(status); if (eclass != cclass || ecode != num) { printf(unexpected error code class=%d code=%d\n, (int)cclass, (int)num); printf( expected %d/%d %s (line=%d)\n, - (int)eclass, (int)ecode, nt_errstr(nterr), line); + (int)eclass, (int)ecode, nt_errstr(nterr), + line); return False; } } else { -NTSTATUS status; - /* Check NT error */ -status = cli_nt_error(c); - if (NT_STATUS_V(nterr) != NT_STATUS_V(status)) { -printf(unexpected error code %s\n, nt_errstr(status)); -printf( expected %s (line=%d)\n, nt_errstr(nterr), line); +printf(unexpected error code %s\n, + nt_errstr(status)); +printf( expected %s (line=%d)\n, nt_errstr(nterr), + line); return False; } } @@ -2921,7 +2921,7 @@ static bool run_unlinktest(int dummy) printf(error: server allowed unlink on an open file\n); correct = False; } else { - correct = check_error(__LINE__, cli, ERRDOS, ERRbadshare, + correct = check_error(__LINE__, status, ERRDOS, ERRbadshare, NT_STATUS_SHARING_VIOLATION); } @@ -4874,9 +4874,9 @@ static bool
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9cde691 nbt: fix WinXP S3 domain join: alignment of nbt_netlogon_response_from_pdc from 94a2328 s3: Avoid calls to cli_dos/nt_error in torture http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9cde691b87238c14b2f2f4660694d76e99892308 Author: Andrew Bartlett abart...@samba.org Date: Wed Jul 27 12:04:26 2011 +1000 nbt: fix WinXP S3 domain join: alignment of nbt_netlogon_response_from_pdc This fixes WinXP joining a Samba3 domain, which was broken on hosts with an even number of characters in the host name. The alignment requested in the structure was ignored because of the overall NDR_NOALIGN set on the packet. Andrew Bartlett Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Thu Jul 28 00:30:26 CEST 2011 on sn-devel-104 --- Summary of changes: librpc/idl/nbt.idl |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl index cbfa966..ee9a64e 100644 --- a/librpc/idl/nbt.idl +++ b/librpc/idl/nbt.idl @@ -494,7 +494,7 @@ interface nbt } nbt_netlogon_query_for_pdc; /* response from pdc */ - typedef [flag(NDR_NOALIGN),public] struct { + typedef [public] struct { netlogon_command command; astring pdc_name; [flag(NDR_ALIGN2)] DATA_BLOB _pad; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d82256c Use existing ISDOT and ISDOTDOT macros. from 9cde691 nbt: fix WinXP S3 domain join: alignment of nbt_netlogon_response_from_pdc http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d82256ca119eb8315cc69ba725ba71c386caa901 Author: Jeremy Allison j...@samba.org Date: Mon Jul 25 16:12:45 2011 -0700 Use existing ISDOT and ISDOTDOT macros. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Thu Jul 28 02:09:20 CEST 2011 on sn-devel-104 --- Summary of changes: source3/smbd/filename.c |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index ec8d113..610a4ce 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -987,8 +987,7 @@ NTSTATUS check_name(connection_struct *conn, const char *name) { if (IS_VETO_PATH(conn, name)) { /* Is it not dot or dot dot. */ - if (!((name[0] == '.') (!name[1] || - (name[1] == '.' !name[2] { + if (!(ISDOT(name) || ISDOTDOT(name))) { DEBUG(5,(check_name: file path name %s vetoed\n, name)); return map_nt_error_from_unix(ENOENT); -- Samba Shared Repository