Re: [Samba] Samba4 home share problem
On 30 April 2013 06:56, Daniel Müller muel...@tropenklinik.de wrote: Need to be: [home] not [homes] http://www.sloop.net/smb.conf.html#SECTION DESCRIPTIONS shows [homes] not singular [home] HTH DaveP And you are up and running --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Csányi Krisztián Gesendet: Samstag, 23. März 2013 20:34 An: samba@lists.samba.org Betreff: [Samba] Samba4 home share problem Hi, I have installed Samba4 and the home share functionality is not working. Samba version: 4.0.1 OS: Debian Squeeze Kernel: 2.6.32-5-amd64 The smb.conf: [global] workgroup = TESZT realm = TESZT.HU netbios name = FILESERVER server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes log level = 3 syslog = 3 syslog only = yes logon path = # logon home = \\fileserver\homes\%U logon drive = H: logon script = %U.cmd [netlogon] path = /opt/samba4/var/lib/samba/sysvol/fileserver.teszt.hu/scripts read only = No [sysvol] path = /opt/samba4/var/lib/samba/sysvol read only = No [homes] path = /home read only = no After a net use h: /home command on client I get this: System error 53 has occured. The network path was not found. The user I try: Administrator and the client OS is Windows XP Pro. I think the rights on the server are ok. When I try to set the home for Administrator in AD I get the answer: The system could not create the startfolder (\\fileserver\homes\Administrator), because can't find path. Is there anybody who can use this functionality? Please help. Thanks for the replies. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Dave Pawson XSLT XSL-FO FAQ. Docbook FAQ. http://www.dpawson.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 3.6.14 Available for Download
Hi Andriy, On Mon, Apr 29, 2013 at 04:36:48PM +0300, Andriy Syrovenko wrote: Is the fix for #9746 included? Seems like it was requested for inclusion in 3.6.x more then 3 weeks ago (https://bugzilla.samba.org/show_bug.cgi?id=9746#c20), but is not mentioned in the announcement. :( no, unfortunately it is not included. It somehow slipped through my fingers, I am afraid. The patch has just been pushed to the release branch and will be included in Samba 3.6.15 (scheduled for June 10). Cheers, Karolin -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 classicupgrade w7 clients errors
These are the current settings for the password expiration policy in the domain: Password complexity: on Store plaintext passwords: off Password history length: 0 Minimum password length: 8 Minimum password age (days): 0 Maximum password age (days): 0 Is it necessary to set a value? A lot of users are seeing the pop-up windows needs your credentials. Log off and on again. On Mon, Apr 29, 2013 at 3:11 AM, Andrew Bartlett abart...@samba.org wrote: On Sun, 2013-04-28 at 14:31 +0200, Andreas Calvo wrote: I've changed some of my test users passwords, just to renew the password expiration date. I may check if they are still expired or if I have to set a new expiration policy. Is it set as a GPO or using the samba-tools? Password expiry for the domain is applied using samba-tool: samba-tool domain passwordsettings As Samba can't read GPO files (but can serve them to clients), we don't follow anything from the GPO. The only exception is that if a windows DC shares the domain, and it has the GPO files, it will 'fix' the directory to match the GPO. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- Atentamente, Andreas Calvo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 classicupgrade w7 clients errors
We faced the following error while testing a Kerberos login on a linux machine joined in the domain by likewise-open: root@test:/etc# kinit test Password for test@MYDOMAIN.LOCAL miquel@SCYTL_INT.LOCAL: Warning: Your password will expire in less than one hour on Thu Jan 1 01:00:00 1970 What do actually mean: Minimum password age (days): 0 Maximum password age (days): 0 I've dumped all users from the builtin LDAP in Samba v4, and none of them had any reference to the password expiration date - they did have a value for the last time they changed the password though. It seems that it is really important to set a password expiration date after a classic upgrade, isn't it? On Tue, Apr 30, 2013 at 10:00 AM, Andreas Calvo flipy@gmail.com wrote: These are the current settings for the password expiration policy in the domain: Password complexity: on Store plaintext passwords: off Password history length: 0 Minimum password length: 8 Minimum password age (days): 0 Maximum password age (days): 0 Is it necessary to set a value? A lot of users are seeing the pop-up windows needs your credentials. Log off and on again. On Mon, Apr 29, 2013 at 3:11 AM, Andrew Bartlett abart...@samba.orgwrote: On Sun, 2013-04-28 at 14:31 +0200, Andreas Calvo wrote: I've changed some of my test users passwords, just to renew the password expiration date. I may check if they are still expired or if I have to set a new expiration policy. Is it set as a GPO or using the samba-tools? Password expiry for the domain is applied using samba-tool: samba-tool domain passwordsettings As Samba can't read GPO files (but can serve them to clients), we don't follow anything from the GPO. The only exception is that if a windows DC shares the domain, and it has the GPO files, it will 'fix' the directory to match the GPO. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- Atentamente, Andreas Calvo -- Atentamente, Andreas Calvo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 dynamically enable or disable share
On Mon, 2013-04-29 at 07:05 -0700, Mauricio Alvarez wrote: Michael, I really don't want to repartition--again! But yes, your idea is intresting. As a point of note that is what LVM is for, the 20th century called and wants partitions back. Getting back on topic why not consider using registry based share definitions and make use of the available parameter. And then have Samba come up with the shares in available = no configuration, and when the script that mounts the disk is successful it updates the share definition so that it becomes available = yes using net conf? JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] segfault Re: Errors, errors, errors in log
On Mon, 29 Apr 2013 22:39:05 +0400 Александр Свиридов ooo_satu...@mail.ru wrote: Yes, I compiled it from source. So, as far as I uderstand you, you suggest me to delete samba and install it again from source. If I am right, than I have three questions. 1) How can I save current AD settings, to upload them into new samba? Running make install should not overwrite any runtime state. That said, backups are always encouraged. 2) As I understand I have revision: 5727bfa. It has a meaning to install new revision only if new revision has the necessary fix. But how can I check it? After updating your source tree, you can check to see whether the proposed fix is included by running git log. Please see: https://wiki.samba.org/index.php/Build_Samba#Updating_via_git Cheers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ACL defaults and masks
Hello! In samba 3 we used create mask , force create.. to set file permisions. In samba 4 as I understand those options are ignored and default acls are used instead. But, is it possible to set by default different permisions on files and folders? For example on folders rwx, and on files rw-. Because I dont want to give x permision to file as I think it can be dangerous. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 home share problem
So for the homes (Yes HOMES not HOME) share to work you need winbind functioning (not necessarily pam auth, but at least winbind). You can follow http://wiki.samba.org/index.php/Samba4/Winbind ... If I get some time today I will write up some sharing stuff in the S4 howto. You will also need to add under [global] template homedir = /home/%U (if you want /home/username to work, it defaults to /home/DOMAIN/USERNAME or template homedir = /home/%D/%U ) Ricky On Tue, Apr 30, 2013 at 1:53 AM, Dave Pawson dave.paw...@gmail.com wrote: On 30 April 2013 06:56, Daniel Müller muel...@tropenklinik.de wrote: Need to be: [home] not [homes] http://www.sloop.net/smb.conf.html#SECTION DESCRIPTIONS shows [homes] not singular [home] HTH DaveP And you are up and running --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Csányi Krisztián Gesendet: Samstag, 23. März 2013 20:34 An: samba@lists.samba.org Betreff: [Samba] Samba4 home share problem Hi, I have installed Samba4 and the home share functionality is not working. Samba version: 4.0.1 OS: Debian Squeeze Kernel: 2.6.32-5-amd64 The smb.conf: [global] workgroup = TESZT realm = TESZT.HU netbios name = FILESERVER server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes log level = 3 syslog = 3 syslog only = yes logon path = # logon home = \\fileserver\homes\%U logon drive = H: logon script = %U.cmd [netlogon] path = /opt/samba4/var/lib/samba/sysvol/fileserver.teszt.hu/scripts read only = No [sysvol] path = /opt/samba4/var/lib/samba/sysvol read only = No [homes] path = /home read only = no After a net use h: /home command on client I get this: System error 53 has occured. The network path was not found. The user I try: Administrator and the client OS is Windows XP Pro. I think the rights on the server are ok. When I try to set the home for Administrator in AD I get the answer: The system could not create the startfolder (\\fileserver\homes\Administrator), because can't find path. Is there anybody who can use this functionality? Please help. Thanks for the replies. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Dave Pawson XSLT XSL-FO FAQ. Docbook FAQ. http://www.dpawson.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 home share problem
On 30/04/13 14:32, Ricky Nance wrote: So for the homes (Yes HOMES not HOME) share to work you need winbind functioning (not necessarily pam auth, but at least winbind). You can follow http://wiki.samba.org/index.php/Samba4/Winbind ... If I get some time today I will write up some sharing stuff in the S4 howto. You will also need to add under [global] template homedir = /home/%U (if you want /home/username to work, it defaults to /home/DOMAIN/USERNAME or template homedir = /home/%D/%U ) Ricky @Ricky. Maybe you could you include information about being able to have whatever home directory you like by pulling unixHomeDirectory? It overcomes the restriction of the smb.conf template. I don't think the DC winbind does this yet so include a health warning too? Maybe this would be a good place to link out to: https://wiki.samba.org/index.php/Samba4/Domain_Member since the s4 howto seems to cater only for the DC (if it's the howto I think you have in mind) Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 migration
Follow the classic upgrade howto: https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO On Tue, Apr 2, 2013 at 10:28 AM, alxgrb alexander.gro...@nowcast.de wrote: I have a question ... How can I migrate existing LDAP users ( or schemas) on Ubuntu 10.04.2 to the new Samba4 (Ubuntu 12.04.2) server? Does anyone have an idea? Thanks for support Alex -- View this message in context: http://samba.2283325.n4.nabble.com/Samba4-migration-tp4646168.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Atentamente, Andreas Calvo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can't ping on the samba server with it's name
FIrst thing that comes to mind: is the machine that the samba4 AD DC is on also set as primary DNS on the client? A little bit more details about the setup would be welcome (clients receive ip-settings via dhcp? or static ips in a test-env?) Michael 2013/4/21 Ikram Dissem ikramdis...@gmail.com Hi, I'm trying to configure samba as an AD DC so i'm referring to the configuration described on the sambawiki Everytthing works fine except that when i wont to manage Samba AD domain with windows, this one didn't ping on the server machine only by the IP adress. it can't recognize the server by it's name i attached two capture screens one concerning the error and the other concerning ip adress of the samba server i really don't know how to solve this problem, i should administrate the samba domain as soon as possible Thanks for your response -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.13 configuration file issue
On Tue, Mar 26, 2013 at 02:22:19PM +0100, taom...@inwind.it wrote: https://bbs.archlinux.org/viewtopic.php?id=160161 This is my issue report for 3.6.13 version. Looking at the thread posts, it is a common issue. After some test what I found is that samba (only 3.6.13 version) in share mode completely ignores the force user and force group directives. Please add this to the bug tracking system, I don't have a bugzilla account and I think it would be ridiculous creating it only for one issue report. Known bug which will be fixed in the next version. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba4] crash of winbind after ls -l /usr/local/samba/var/locks/sysvol
Many thanks Michae for your answer,l here the results of bisect and some samba 'strange' console output. I hope this can help best regards Philippe - to produce the problem : - ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-fhs make install samba -i -M single wbinfo --uid-info 300 - last bisect : - git bisect good f77d5d6479c879c8770fbc9a6ca5656ef3e41019 is the first bad commit commit f77d5d6479c879c8770fbc9a6ca5656ef3e41019 Author: Timur Bakeyev ti...@freebsd.org Date: Wed Feb 27 16:25:07 2013 -0800 Fix bug # 9666 - Broken filtering of link-local addresses. This patch should address the problem with Link Local addresses on FreeBSD and Linux. Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Mar 1 18:21:19 CET 2013 on sn-devel-104 :04 04 e022079ce7298f5cfa9d99e51e7afedb35048b02 164c1aba055b0179d3b47f415f6e3e5b3cd7 M lib - and interesting : the samba console log when the wbinfo is working well is MUCH shorter : wbinfo ok : - Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 interpret_string_addr_internal: getaddrinfo failed for name (null) (flags 4) [Name or service not known] not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 interpret_addr: host address is invalid for host fe80::5246:5dff:fea3:7167%eth0 Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] wbinfo doing samba crash :: - Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 interpret_string_addr_internal: getaddrinfo failed for name (null) (flags 4) [Name or service not known] not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 /usr/sbin/smbd: Allowed connection from 192.168.1.113 (192.168.1.113) /usr/sbin/smbd: init_oplocks: initializing messages. /usr/sbin/smbd: Transaction 0 of length 194 (0 toread) /usr/sbin/smbd: switch message SMBnegprot (pid 14995) conn 0x0 /usr/sbin/smbd: Requested protocol [PC NETWORK PROGRAM 1.0] /usr/sbin/smbd: Requested protocol [MICROSOFT NETWORKS 1.03] /usr/sbin/smbd: Requested protocol [MICROSOFT NETWORKS 3.0] /usr/sbin/smbd: Requested protocol [LANMAN1.0] /usr/sbin/smbd: Requested protocol [LM1.2X002] /usr/sbin/smbd: Requested protocol [DOS LANMAN2.1] /usr/sbin/smbd: Requested protocol [LANMAN2.1] /usr/sbin/smbd: Requested protocol [Samba] /usr/sbin/smbd: Requested protocol [NT LANMAN 1.0] /usr/sbin/smbd: Requested protocol [NT LM 0.12] /usr/sbin/smbd: GENSEC backend 'gssapi_spnego' registered /usr/sbin/smbd: GENSEC backend 'gssapi_krb5' registered /usr/sbin/smbd: GENSEC backend 'gssapi_krb5_sasl' registered /usr/sbin/smbd: GENSEC backend 'schannel' registered /usr/sbin/smbd: GENSEC backend 'spnego' registered /usr/sbin/smbd: GENSEC backend 'ntlmssp' registered /usr/sbin/smbd: GENSEC backend 'krb5' registered /usr/sbin/smbd: GENSEC backend 'fake_gssapi_krb5' registered /usr/sbin/smbd: ldb_wrap open
Re: [Samba] LDAP_Migration_to_Samba
Hello Alexander Am 03.04.2013 10:32, schrieb Alexander Grober: Can it be possible to migrate an existing LDAP users ( or schemas) on Ubuntu 10.04.2 to the new Samba4 (Ubuntu 12.04.2) server? What exaclty you want to do? Is your current LDAP a samba3 installation? Then this might be the page you are looking for: http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO Or is it just a LDAP server with unix accounts? Then you can write a small script that brings the accounts and its attributes to samba4. You only have to assign new passwords with samba-tool then (can be scripted, too). Please provide some more information what exactly you want to do. Then it's easier to help. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Update DNS Records When Client IP Changes
I recently changed my entire DHCP setup around causing all my clients to receive new IP addresses. I was running it so that all the clients used DHCP, but the DHCP server was issuing out preferred addresses, so basically none of the client's addresses ever changed. When I changed my DHCP setup I did away with the preferred addresses setup and now all my clients are issued IP addresses at random. The problem is that the Samba 4.0.5 server (running the internal DNS server) still has all the old A records for the old addresses. I was under the impression that the entries (since they were created automatically when the computer joined the domain) were dynamic and changed if the client's IP address changed. Thats how it was when I ran Server 2008 R2. Is this not the case in Samba? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] how to upload printer driver from 64bit windows 7/8?
Hello, Anyone know how to upload 64bit printer driver to a samba server from x64 windows so that all x64 PC can do point and print? When I browser to //server with 64bit windows 7/8 , there's no Printers folder at the server. I cannot view the printer properties and upload printer driver as I usually do with 32bit windows XP. Any help? Thanks Kind regards Graeme Porter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem joining Member Server to domain
I am following this guide https://wiki.samba.org/index.php/Samba4/Domain_Member to add my Samba 4.0.3 file server as a Member Server, but I am stuck with an error message after trying to run this command: # net ads join -U administrator Using short domain name -- SAM Joined 'HOSTNAME' to dns domain 'sam.ba' No DNS domain configured for hostname. Unable to perform DNS Update. DNS update failed: NT_STATUS_INVALID_PARAMETER # The error is the same whether trying to connect Windows 2008 R2 or Samba 4 AD DC. Kerberos and Samba configuration files are the same as in the guide. After changing the entry in hosts file to 127.0.0.1 hostname.sam.ba hostname the error message becomes: # net ads join -U administrator Enter administrator's password: Using short domain name -- SAM Joined 'HOSTNAME' to dns domain 'sam.ba' DNS Update for hostname.sam.ba failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL # I am able to set this server up and running as an additional DC, but not as a Member Server. How to troubleshoot this error? Or maybe there is a better option to authenticate users against AD for Samba 4 file share access? -- View this message in context: http://samba.2283325.n4.nabble.com/Problem-joining-Member-Server-to-domain-tp4647512.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 24d68d7 s3-smbd: Split make_serverinfo_from_username guest
parameters into two parts
from 022d37a WHATSNEW: Start release notes for Samba 3.6.15.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 24d68d799553b0806e580a47aed70a4eaac09191
Author: Andrew Bartlett abart...@samba.org
Date: Thu Apr 4 09:53:34 2013 +1100
s3-smbd: Split make_serverinfo_from_username guest parameters into two parts
This handles differently the case where we are the guest (from
security=share) and
when we are forced to be a different user with force user. We want to
maintain
only the is_guest flag if were forced to become any other user, we need the
rest
of the token to change.
Andrew Bartlett
Fix bug #9746 - guest ok + force user + force group doesn't work.
---
Summary of changes:
source3/auth/auth_util.c |3 ++-
source3/auth/proto.h |1 +
source3/smbd/service.c |4 ++--
3 files changed, 5 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 0e1f437..288f461 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -902,6 +902,7 @@ static NTSTATUS make_new_session_info_system(TALLOC_CTX
*mem_ctx,
NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
const char *username,
+ bool use_guest_token,
bool is_guest,
struct auth_serversupplied_info
**presult)
{
@@ -925,7 +926,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
result-nss_token = true;
result-guest = is_guest;
- if (is_guest) {
+ if (use_guest_token) {
status = make_server_info_guest(mem_ctx, result);
} else {
status = create_local_token(result);
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index b23d827..3d1fa06 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -149,6 +149,7 @@ NTSTATUS make_server_info_pw(struct
auth_serversupplied_info **server_info,
struct passwd *pwd);
NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
const char *username,
+ bool use_guest_token,
bool is_guest,
struct auth_serversupplied_info
**presult);
struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 6c8c8d3..a22b0df 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -656,7 +656,7 @@ static NTSTATUS create_connection_session_info(struct
smbd_server_connection *sc
return NT_STATUS_WRONG_PASSWORD;
}
- return make_serverinfo_from_username(mem_ctx, user, guest,
+ return make_serverinfo_from_username(mem_ctx, user, guest,
guest,
presult);
}
@@ -690,7 +690,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn,
int snum)
}
status = make_serverinfo_from_username(
- conn, fuser, conn-session_info-guest,
+ conn, fuser, false, conn-session_info-guest,
forced_serverinfo);
if (!NT_STATUS_IS_OK(status)) {
return status;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 65860c5 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when
parsing packets (bug #9382)
from 24d68d7 s3-smbd: Split make_serverinfo_from_username guest
parameters into two parts
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 65860c540faba0ca3542ee2edc0a16fa76a2bcde
Author: Stefan Metzmacher me...@samba.org
Date: Mon Nov 12 10:16:50 2012 +0100
s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug
#9382)
Now the logic matches the one in dcerpc_read_ncacn_packet_done().
Signed-off-by: Stefan Metzmacher me...@samba.org
Reviewed-by: Michael Adam ob...@samba.org
Reviewed-by: David Disseldorp dd...@suse.de
---
Summary of changes:
source3/librpc/rpc/dcerpc_helpers.c |4
1 files changed, 4 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/librpc/rpc/dcerpc_helpers.c
b/source3/librpc/rpc/dcerpc_helpers.c
index 7520d76..469e308 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -113,6 +113,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
ndr-flags |= LIBNDR_FLAG_BIGENDIAN;
}
+ if (CVAL(blob-data, DCERPC_PFC_OFFSET) DCERPC_PFC_FLAG_OBJECT_UUID) {
+ ndr-flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+ }
+
ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via dd07b3c bug 9830: fix panic in nt_printer_publish_ads
from 65860c5 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when
parsing packets (bug #9382)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit dd07b3c4973b169f07d227869dba8d0f4a76569a
Author: David Disseldorp dd...@samba.org
Date: Thu Apr 25 16:01:54 2013 +0200
bug 9830: fix panic in nt_printer_publish_ads
Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage
pointer doesn't get passed to ldap_get_dn().
Signed-off-by: David Disseldorp dd...@samba.org
---
Summary of changes:
source3/printing/nt_printing_ads.c | 10 --
1 files changed, 8 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/printing/nt_printing_ads.c
b/source3/printing/nt_printing_ads.c
index 5a0cd24..219124f 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -192,17 +192,23 @@ static WERROR nt_printer_publish_ads(struct
messaging_context *msg_ctx,
DEBUG(5, (publishing printer %s\n, printer));
/* figure out where to publish */
- ads_find_machine_acct(ads, res, global_myname());
+ ads_rc = ads_find_machine_acct(ads, res, global_myname());
+ if (!ADS_ERR_OK(ads_rc)) {
+ DEBUG(0, (failed to find machine account for %s\n,
+ global_myname()));
+ TALLOC_FREE(ctx);
+ return WERR_NOT_FOUND;
+ }
/* We use ldap_get_dn here as we need the answer
* in utf8 to call ldap_explode_dn(). JRA. */
srv_dn_utf8 = ldap_get_dn((LDAP *)ads-ldap.ld, (LDAPMessage *)res);
+ ads_msgfree(ads, res);
if (!srv_dn_utf8) {
TALLOC_FREE(ctx);
return WERR_SERVER_UNAVAILABLE;
}
- ads_msgfree(ads, res);
srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1);
if (!srv_cn_utf8) {
TALLOC_FREE(ctx);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 6287391 BUG 9817: Fix 'map untrusted to domain' with NTLMv2. from dd07b3c bug 9830: fix panic in nt_printer_publish_ads http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 62873916076d748f7c91868a6cd28d35e64d8dca Author: Andreas Schneider a...@samba.org Date: Wed Apr 24 15:27:21 2013 +0200 BUG 9817: Fix 'map untrusted to domain' with NTLMv2. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Günther Deschner g...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104 --- Summary of changes: source3/auth/auth_winbind.c | 10 -- 1 files changed, 8 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 2143353..57a8866 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, } /* Send off request */ - params.account_name = user_info-client.account_name; - params.domain_name = user_info-mapped.domain_name; + /* +* We need to send the domain name from the client to the DC. With +* NTLMv2 the domain name is part of the hashed second challenge, +* if we change the domain name, the DC will fail to verify the +* challenge cause we changed the domain name, this is like a +* man in the middle attack. +*/ + params.domain_name = user_info-client.domain_name; params.workstation_name = user_info-workstation_name; params.flags= 0; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7e80793 check_parent_exists() can change errno. Ensure we preserve
it across calls.
via c672ef1 winbind4: Fix bug 9832 -- talloc use after free
from 08d7cae regedit: Use color only when available.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7e807934e6550308efed814a20ce6d6dabbad557
Author: Anand Avati av...@redhat.com
Date: Mon Apr 29 15:21:00 2013 -0700
check_parent_exists() can change errno. Ensure we preserve it across calls.
Reviewed-by: Jeremy Allison j...@samba.org
Reviewed-by: Volker Lendecke v...@samba.org
Autobuild-User(master): Volker Lendecke v...@samba.org
Autobuild-Date(master): Tue Apr 30 11:00:11 CEST 2013 on sn-devel-104
commit c672ef11b1ed663b6366f321d3628acf05b3d0fe
Author: Volker Lendecke v...@samba.org
Date: Mon Apr 29 18:40:08 2013 +0200
winbind4: Fix bug 9832 -- talloc use after free
Signed-off-by: Volker Lendecke v...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
---
Summary of changes:
source3/smbd/filename.c |9 -
source4/winbind/wb_server.c |2 +-
2 files changed, 9 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index efa39f4..03e1d2d 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -450,13 +450,17 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
if (errno == ENOENT) {
/* Optimization when creating a new file - only
- the last component doesn't exist. */
+ the last component doesn't exist.
+ NOTE : check_parent_exists() doesn't preserve errno.
+ */
+ int saved_errno = errno;
status = check_parent_exists(ctx,
conn,
posix_pathnames,
smb_fname,
dirpath,
start);
+ errno = saved_errno;
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
@@ -529,13 +533,16 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
* Optimization for common case where the wildcard
* is in the last component and the client already
* sent the correct case.
+* NOTE : check_parent_exists() doesn't preserve errno.
*/
+ int saved_errno = errno;
status = check_parent_exists(ctx,
conn,
posix_pathnames,
smb_fname,
dirpath,
start);
+ errno = saved_errno;
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c
index f036749..335bdbc 100644
--- a/source4/winbind/wb_server.c
+++ b/source4/winbind/wb_server.c
@@ -75,7 +75,7 @@ static void wbsrv_call_loop(struct tevent_req *subreq)
if (!NT_STATUS_IS_OK(status)) {
const char *reason;
- reason = talloc_asprintf(call, wbsrv_call_loop:
+ reason = talloc_asprintf(wbsrv_conn, wbsrv_call_loop:
tstream_read_pdu_blob_recv() - %s,
nt_errstr(status));
if (!reason) {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated
via ae3aa28 BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
via ad6f289 bug 9830: fix panic in nt_printer_publish_ads
via 6886a68 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when
parsing packets (bug #9382)
from 7e140cf Ensure the RECVFILE path in vfs_pwrite_data() operates on a
blocking socket.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit ae3aa281ab43f67d4f8337bafdefc08bd44712ea
Author: Andreas Schneider a...@samba.org
Date: Wed Apr 24 15:27:21 2013 +0200
BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
Signed-off-by: Andreas Schneider a...@samba.org
Reviewed-by: Günther Deschner g...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
Autobuild-User(master): Andreas Schneider a...@cryptomilk.org
Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org
Autobuild-Date(v4-0-test): Tue Apr 30 11:16:19 CEST 2013 on sn-devel-104
commit ad6f2896dc558e7020d2727ed559b71f1c857098
Author: David Disseldorp dd...@samba.org
Date: Thu Apr 25 16:41:17 2013 +0200
bug 9830: fix panic in nt_printer_publish_ads
Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage
pointer doesn't get passed to ldap_get_dn().
Signed-off-by: David Disseldorp dd...@samba.org
Reviewed-By: Günther Deschner g...@samba.org
commit 6886a687388c33e48ce3c6caf7bd3cd392d6140e
Author: Stefan Metzmacher me...@samba.org
Date: Mon Nov 12 10:16:50 2012 +0100
s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug
#9382)
Now the logic matches the one in dcerpc_read_ncacn_packet_done().
Signed-off-by: Stefan Metzmacher me...@samba.org
Reviewed-by: Michael Adam ob...@samba.org
Reviewed-by: David Disseldorp dd...@suse.de
---
Summary of changes:
source3/auth/auth_winbind.c | 10 --
source3/librpc/rpc/dcerpc_helpers.c |4
source3/printing/nt_printing_ads.c | 10 --
3 files changed, 20 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index d4ace2c..2b5c84d 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct
auth_context *auth_context,
}
/* Send off request */
-
params.account_name = user_info-client.account_name;
- params.domain_name = user_info-mapped.domain_name;
+ /*
+* We need to send the domain name from the client to the DC. With
+* NTLMv2 the domain name is part of the hashed second challenge,
+* if we change the domain name, the DC will fail to verify the
+* challenge cause we changed the domain name, this is like a
+* man in the middle attack.
+*/
+ params.domain_name = user_info-client.domain_name;
params.workstation_name = user_info-workstation_name;
params.flags= 0;
diff --git a/source3/librpc/rpc/dcerpc_helpers.c
b/source3/librpc/rpc/dcerpc_helpers.c
index 5f8c793..d36c2da 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -111,6 +111,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
ndr-flags |= LIBNDR_FLAG_BIGENDIAN;
}
+ if (CVAL(blob-data, DCERPC_PFC_OFFSET) DCERPC_PFC_FLAG_OBJECT_UUID) {
+ ndr-flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+ }
+
ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
diff --git a/source3/printing/nt_printing_ads.c
b/source3/printing/nt_printing_ads.c
index b99a972..3a2baf4 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -192,17 +192,23 @@ static WERROR nt_printer_publish_ads(struct
messaging_context *msg_ctx,
DEBUG(5, (publishing printer %s\n, printer));
/* figure out where to publish */
- ads_find_machine_acct(ads, res, lp_netbios_name());
+ ads_rc = ads_find_machine_acct(ads, res, lp_netbios_name());
+ if (!ADS_ERR_OK(ads_rc)) {
+ DEBUG(0, (failed to find machine account for %s\n,
+ lp_netbios_name()));
+ TALLOC_FREE(ctx);
+ return WERR_NOT_FOUND;
+ }
/* We use ldap_get_dn here as we need the answer
* in utf8 to call ldap_explode_dn(). JRA. */
srv_dn_utf8 = ldap_get_dn((LDAP *)ads-ldap.ld, (LDAPMessage *)res);
+ ads_msgfree(ads, res);
if (!srv_dn_utf8) {
TALLOC_FREE(ctx);
return
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-04-30-1232/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-04-30-1232/samba3.stderr http://git.samba.org/autobuild.flakey/2013-04-30-1232/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-04-30-1232/samba.stderr http://git.samba.org/autobuild.flakey/2013-04-30-1232/samba.stdout The top commit at the time of the failure was: commit 7e807934e6550308efed814a20ce6d6dabbad557 Author: Anand Avati av...@redhat.com Date: Mon Apr 29 15:21:00 2013 -0700 check_parent_exists() can change errno. Ensure we preserve it across calls. Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Tue Apr 30 11:00:11 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5f82641 libsmb: Use sizeof instead of explicit numbers
via b8c1e30 libsmb: Use smb2_lease_push in smb2_create_send
via a8edad3 libcli: Add smb2_lease marshalling
via 96a8f6e libsmb: Move struct smb2_lease to common
from 7e80793 check_parent_exists() can change errno. Ensure we preserve
it across calls.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5f82641553e33bc236b6c8a4f5cfc1cf3b722eea
Author: Volker Lendecke v...@samba.org
Date: Thu Apr 25 14:24:08 2013 +0200
libsmb: Use sizeof instead of explicit numbers
Signed-off-by: Volker Lendecke v...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
Autobuild-User(master): Stefan Metzmacher me...@samba.org
Autobuild-Date(master): Tue Apr 30 16:02:19 CEST 2013 on sn-devel-104
commit b8c1e30a6f2213c0dbb43a55bd5e1f498a610cab
Author: Volker Lendecke v...@samba.org
Date: Thu Apr 25 14:19:36 2013 +0200
libsmb: Use smb2_lease_push in smb2_create_send
Signed-off-by: Volker Lendecke v...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
commit a8edad3743a60b9521b2cd759e22e6350c41cc06
Author: Volker Lendecke v...@samba.org
Date: Wed Apr 17 17:04:38 2013 +0200
libcli: Add smb2_lease marshalling
Signed-off-by: Volker Lendecke v...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
commit 96a8f6e0fb9042fe125c9552dfb4c3f6d19cb225
Author: Volker Lendecke v...@samba.org
Date: Wed Apr 17 16:48:21 2013 +0200
libsmb: Move struct smb2_lease to common
Signed-off-by: Volker Lendecke v...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
---
Summary of changes:
libcli/smb/smb2_lease.c | 86 +++
libcli/smb/smb2_lease.h | 50 ++
libcli/smb/smb_common.h |1 +
libcli/smb/wscript |2 +
source4/libcli/raw/interfaces.h | 17
source4/libcli/smb2/create.c| 34 +++
6 files changed, 155 insertions(+), 35 deletions(-)
create mode 100644 libcli/smb/smb2_lease.c
create mode 100644 libcli/smb/smb2_lease.h
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb2_lease.c b/libcli/smb/smb2_lease.c
new file mode 100644
index 000..10beaca
--- /dev/null
+++ b/libcli/smb/smb2_lease.c
@@ -0,0 +1,86 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ SMB2 Lease context handling
+
+ Copyright (C) Stefan Metzmacher 2012
+ Copyright (C) Volker Lendecke 2013
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see http://www.gnu.org/licenses/.
+*/
+
+#include includes.h
+#include ../libcli/smb/smb_common.h
+
+ssize_t smb2_lease_pull(uint8_t *buf, size_t len, struct smb2_lease *lease)
+{
+ int version;
+
+ switch (len) {
+ case 32:
+ version = 1;
+ break;
+ case 52:
+ version = 2;
+ break;
+ default:
+ return -1;
+ }
+
+ memcpy(lease-lease_key, buf, 16);
+ lease-lease_state = IVAL(buf, 16);
+ lease-lease_flags = IVAL(buf, 20);
+ lease-lease_duration = BVAL(buf, 24);
+
+ switch (version) {
+ case 1:
+ memcpy(lease-parent_lease_key, buf+32, 16);
+ lease-lease_epoch = SVAL(buf, 48);
+ break;
+ case 2:
+ ZERO_STRUCT(lease-parent_lease_key);
+ lease-lease_epoch = 0;
+ break;
+ }
+
+ return len;
+}
+
+bool smb2_lease_push(const struct smb2_lease *lease, uint8_t *buf, size_t len)
+{
+ int version;
+
+ switch (len) {
+ case 32:
+ version = 1;
+ break;
+ case 52:
+ version = 2;
+ break;
+ default:
+ return false;
+ }
+
+ memcpy(buf[0], lease-lease_key, 16);
+ SIVAL(buf, 16, lease-lease_state);
+ SIVAL(buf, 20, lease-lease_flags);
+ SBVAL(buf, 24, lease-lease_duration);
+
+ if (version == 2) {
+ memcpy(buf[32], lease-parent_lease_key, 16);
+ SIVAL(buf, 48, lease-lease_epoch);
+ }
+
+ return true;
+}
diff --git a/libcli/smb/smb2_lease.h
