Re: **** SPAM **** 6.5: Re: [Samba] Re: nazi spam in German over list address

2005-05-16 Thread Ronan Waide 
On May 16, [EMAIL PROTECTED] said:
 All
 
 Has any consideration been made to converting the list to a forum? in that 
 way everyone can just check the web site instead of checking the 
 inbox?  For those folk who rather read the mail most forum software can 

Somewhat off-topic for the list, and possibly discussed before, but
you can always read the list via one of the list-archive sites, such
as the official archive, http://lists.samba.org/archive/samba/
or via a mail-to-news gateway, nntp://news.gmane.org/

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Flames will be automatically sent to the Windows equivalent of /dev/null, once
 I find where that actually is. - Tony Collins
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: nazi spam in German over list address

2005-05-16 Thread Ronan Waide 
On May 16, [EMAIL PROTECTED] said:
 
 Basically if re-training your SPAM filter does not help and
 one really wants to get rid of all those junk mails, installing
 a challenge/response system like TMDA behind a statistical
 filter (e.g. DSPAM) would be a possible solution ...

Please don't do this. TDMA and its ilk mean that I get a challenge
email every time someone uses my domain as a forged source
address. And I get a lot of these. About two to three hundred per day,
in fact. And it makes me sufficiently annoyed to want to respond to
the damn things to make sure that the person who set them up gets all
the spam that their system is bouncing at me. Challenge/Response
systems improve life for a select few at the expense of the
email-receiving population at large and I really wish people would
exercise more thought before deploying them.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
One or more sentences in this post have been over-leavened with sarcasm and/or
 irony. The author fully expects to be misunderstood because of this, you
 illiterate morons. He doesn't care. - AjD
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: adddriver RPC

2003-04-02 Thread Ronan Waide 
On March 30, [EMAIL PROTECTED] said:
 Why is it that smbd tries to open the directory as a regular file?

This would be the point at which I say works for me! and fail to
understand what's happening on your end. Sorry!

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Each and every single person at [company] is a hydrocephalic ewok
 who couldn't slice his way out of a paper bag with a machete. - Jon Orwant

Re: rpc client timeouts

2003-04-02 Thread Ronan Waide 
On April 1, [EMAIL PROTECTED] said:
 Winbind calls into the rpc client, which starts fetching the list of members
 The rpc client sets a timeout and starts pulling the list of group members
 Fetching all 60k users takes longer than the timeout, the timeout fires and
 the rpc client returns failure

I don't think this is the case. Is your domain controller NT4? I've
encountered some problems with large RPC retrievals from NT4 which
appear to be caused by a bug in the Samba code somewhere, but I've not
had a whole lot of luck in solving the problem.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

my head's having a party right now, but I'm not there.
 - Aoife Morrison

HEAD fails to build with dmalloc enabled

2003-04-01 Thread Ronan Waide 
Compiling lib/adt_tree.c
lib/adt_tree.c: In function `sorted_tree_destroy':
lib/adt_tree.c:114: structure has no member named `_free_leap'
make: *** [lib/adt_tree.o] Error 1

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Junk food is considered part of the vegetable food group, because it comes
 from a plant. A big chemical plant. In New Jersey. - Kludge Dorsey

Re: HEAD fails to build with dmalloc enabled

2003-04-01 Thread Ronan Waide 
On April 2, [EMAIL PROTECTED] said:
 On Tue, 2003-04-01 at 23:41, Ronan Waide wrote:
  Compiling lib/adt_tree.c
  lib/adt_tree.c: In function `sorted_tree_destroy':
  lib/adt_tree.c:114: structure has no member named `_free_leap'
  make: *** [lib/adt_tree.o] Error 1
 
 It's due to dmalloc() using a CPP define to do the work.  Adding some
 brackets often fixes the issue.

Ok. having done make -k I've found a bunch more problems with dmalloc;
I'll see what I can do about them.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
Even buddy can be hard after a few beers.  You start wondering if there's two
 d's or one and if it's ie or y. That's why we came up with: Dude! 
 Although sometimes we end up calling each other dud. - Chuck O'Bryan

Re: Users able to execute windows .exe though execute bit not set

2003-04-01 Thread Ronan Waide 
On April 1, [EMAIL PROTECTED] said:
 I'm looking for some assistance regarding file permissions and the inability
 to stop the execution of a file even though the execute permission has not
 been set.

Execute bits are a Unix concept. Windows will execute any file it can
read that it understands the extension of and has a handler for.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

After explaining the situation to the machine clearly with appropriate use of
 a screwdriver... - Alan Cox

HEAD smbclient/smbtar problem

2003-04-01 Thread Ronan Waide 
[EMAIL PROTECTED] source]# smbclient //server/print\$ -U admin%passwd -Tc
Error opening local file //server/print$ - No such file or directory

It's picking up the share name as the tar file name. Even specifying a
filename after -Tc doesn't work. Sneaking tar.out in as the first
parameter doesn't fix things either as Samba then tries to parse that
as a share name.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

my head is full of songs I don't like, with lyrics about things you've said.
 - Veep

Re: Users able to execute windows .exe though execute bit not set

2003-04-01 Thread Ronan Waide 
On April 1, [EMAIL PROTECTED] said:
 
 Hmmm, I did some testing a week or so ago, and found that removing the 
 execute permission from ACLs on the file (esp inherited ones) prevents 
 Win2K from executing the file, although it does open the file for read 
 first.

Yep, turns out I opened my mouth without being completely sure of what
I was saying :)
 
 Since we have just added proper eXecute permission support to our (almost) 
 NT ACLs in the file system, let me check this today to see what the deal 
 is.

jmcd says it should work.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

for god's sake, give me some credit.  i may be an egocentric jerk, but i'm
 not a COMPLETE asshole. - Meredith

net rpc samsync patch

2003-03-31 Thread Ronan Waide 
Small patch to stop net rpc samsync from copying an empty comment when
syncing group data.

Cheers,
Waider.

Index: source/utils/net_rpc_samsync.c
===
RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v
retrieving revision 1.20
diff -u -r1.20 net_rpc_samsync.c
--- source/utils/net_rpc_samsync.c  30 Mar 2003 16:46:28 -  1.20
+++ source/utils/net_rpc_samsync.c  31 Mar 2003 09:09:46 -
@@ -521,7 +521,10 @@
map.sid = group_sid;
map.sid_name_use = SID_NAME_DOM_GRP;
fstrcpy(map.nt_name, name);
-   fstrcpy(map.comment, comment);
+
+if (delta-hdr_grp_desc.buffer) {
+fstrcpy(map.comment, comment);
+}
 
map.priv_set.count = 0;
map.priv_set.set = NULL;

-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
it's this new keyboard. damn thing types faster than i do. i wish i knew
 where my old one went. it was connected to the computer when i went to bed
 last night. - Nikolai Kingsley

Re: Large RPC bug found, I think

2003-03-26 Thread Ronan Waide 
On March 26, [EMAIL PROTECTED] said:
 What is the bug you're trying to fix ? ie. What is the behaviour
 that Windows shows that is not correct with the Samba code ?

The bug I'm seeing is that Samba isn't getting a response to the
WriteAndX request it's sending and times out.
 
 Also, I'd feel happier if you tested and compared with Win2000/WinXP
 rather than WinNT as NT is rather old these days

Yup, but I'm working with what I've got. I'll see if I can run a chack
against a Win2K box, but solving this problem for NT4 gets an
immediate problem off my list.
 
 Jeremy.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
It's too bad that most people don't get the fact that an object-oriented
 programming style has exactly nothing to do with the programming
 language you use. - Jamie Zawinski

Re: Mounting to a Windows Share

2003-03-25 Thread Ronan Waide 
On March 25, [EMAIL PROTECTED] said:
 Can anyone tell me if this is possible and if so what actions I must take?

Not presently possible. The files remain owned by the user/group that
you used for the smbmount command.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

dhalgren says to waider, dude, your computers aren't even countable, 
they're like some kind of giant unitary cruftdevice

Large RPC bug found, I think

2003-03-25 Thread Ronan Waide 
Ok, I think I've figured this out, but since I'm relatively new to
Samba internals I'm not entirely clear on how to fix it, or what I
might break with my fix.

In a large RPC call, such as an EnumPrinters 2 call with a big buffer,
the DCE/RPC stuff gets split into several SMB messages and tossed into
a WriteAndX loop. Running a comparison between Samba/NT4 and NT4/NT4,
I noticed the following:

* For all RPC traffic, if the RPC is unfragmented Samba sets both
  RPC_HDR_FIRST and RPC_HDR_LAST flags. NT4 sets neither if there's
  only as single RPC block. This is in rpc_api_pipe_req (possibly
  elsewhere). It's easily fixed, but I don't know if setting both
  flags is required behaviour for some other Windows version.

* The RPC bind I'm seeing has a max tx/rx buffer size of 5680
  bytes. This is independant of whether I use Samba or NT4 as the
  client.

* NT4 sends RPCs via WriteAndX in chunks of 4292 bytes and 1392 bytes
  (to make 5680 bytes per pair of WriteAndX requests) using the Raw
  Pipe Write, so two bytes represent the length of the data and the
  payload is 4290 bytes. As a side note, this length field throws
  ethereal off being able to decode these packets, as best I can
  tell.

* Samba sends RPCs chunked as 4096 bytes and 1584 bytes. It's not
  using the Raw Pipe Write.

And now, what I think are bugs as opposed to implementation details:
* NT4 only sets PIPE_START_MESSAGE on the very first packet; Samba
  sets this flag on all packets.

* NT4 sets the WriteAndX remaining field to 5680 (max tx size) for
  the first packet and 1390 (max tx less size of first packet) for the
  second packet. Samba sets the remaining field to the packet size
  if PIPE_START_MESSAGE is set, and to zero
  otherwise. (code in cli_issue_write)

* Lastly, from the packet traces it appears as if Samba issues each
  pair of writes before waiting for a response, while NT only issues a
  new write once it's got the previous response.

I've got as far as getting the PIPE_START_MESSAGE flag working
correctly. PIPE_RAW_MODE doesn't appear to be implemented in the
low-level SMB write stuff. I'm not clear on a clean way of fixing the
remaining field, though. Perhaps someone with a bit more
understanding of this code could use the above to determine if I have,
in fact, found a bug that needs fixing.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

For those that dont remember, PI is the big number that begins with three.
   - http://www.facade.com/legacy/amiinpi/

Re: RedHat's glibc-2.3.2 and Samba - assert_uid() failures?

2003-03-24 Thread Ronan Waide 
On March 24, [EMAIL PROTECTED] said:
 I've been debugging another massive fall-apart at my site :-(
 
 This time it appears that the installation of glibc=2.3.2-4.80.i686.rpm
 (required to fix a security issue) broke my installation.

This update also broke wine, but as far as I know the wine breakage is
caused by wine's abuse of threads for its own nefarious
purposes. Samba is pretty standard C (from what I've seen, anyway) and
doesn't appear to indulge in such tricks.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
Ferret wonders what kind of kitchen knife is three-and-three-quarters FEET
long.
troc says, you've never seen the Samurai Delicatessen skit?

samsync secure channel

2003-03-24 Thread Ronan Waide 
Hi folks,

I've been digging around a problem I've had recently where an NT4 PDC
is refusing to give me password hashes. Everything else from a samsync
run appears ok, just that the password hashes are missing. I've tried
to build an identical virtual machine, but can't figure out what's
causing the problem. The network in question doesn't currently have a
BDC, so I've not been able to verify that it's solely a Samba problem,
either. However, I have turned up some (potentially) interesting
stuff; in performing a samsync, NT4 compares with Samba as
follows:

NT4 PDC/NT4 BDC, traffic from BDC-PDC
* Negotiated Protocol level is 7
* Setup AndX and Tree Connect are in one packet
  (chained together as permitted by AndX).
  Anonymous user used.
* NT Create AndX, path = \\netlogon
  Security Tracking mode is dynamic
* DCE bind to NETLOGON pipe
  callid = 0
  No packet flags set
  Auth data filled in:
auth type = NETLOGON Secure Channel (0x68)
auth level = Packet security (0x06)
auth credentials include null-terminated Domain and PDC strings.
* Further traffic is encrypted based on the auth data

NT 4 PDC/Samba BDC, traffic from BDC-PDC
* Negotiated Protocol level is 8
* Separate Setup and Tree Connect AndX's
  Anonymous user used.
* NT Create AndX, path = \\netlogon
  Security tracking mode is dynamic
* DCE bind to NETLOGON pipe
  callid = 1
  First and Last frag flags set
  No auth data
* Further traffic appears to be entirely in the clear, but ethereal
  had trouble decoding it.

I'm not sure which, if any, of the above differences would be caused
by the different negotiated protocols - in fact, I'd expect level 8 to
be more secure than level 7, from what little I understand of the
protocol levels. I've also looked at the code that creates DCE packets
and there doesn't, at present, appear to be an easy way to signal that
the auth data should be activated - it's currently keyed off the
Sign/Seal stuff that Andrew was working on, and the auth data is fixed
length and fixed type (0x0a).

Anyway, I'm going to have to run up a BDC on the real network to
determine if any of the above explains why I can't get password hashes
from the PDC. If anyone has clues to throw me, feel free :)

Cheers,
Waider.

PS as ever, this is Samba HEAD, and NT4 SP6 + all Windows Update patches
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

anyplace where you cannot feel cold shall hold you in its arms forever.
- Corprew Reed

another net rpc vampire aesthetics patch

2003-03-24 Thread Ronan Waide 
There's a bunch of essentially duplicated code in net_rpc_samsync
which should probably be merged into a single block, but anyway. The
previous patch added more useful text for net rpc samdump. This does
likewise for net rpc vampire.

Also, I notice basic indent seems to be set to 5 rather than 4 in this
file. That explains my dubious indentation :)

Cheers,
Waider.

Index: utils/net_rpc_samsync.c
===
RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v
retrieving revision 1.19
diff -u -r1.19 net_rpc_samsync.c
--- utils/net_rpc_samsync.c 23 Mar 2003 01:33:13 -  1.19
+++ utils/net_rpc_samsync.c 24 Mar 2003 22:28:22 -
@@ -748,6 +748,9 @@
fetch_alias_mem(hdr_delta-target_rid,
delta-als_mem_info, dom_sid);
break;
+case SAM_DELTA_DOMAIN_INFO:
+d_printf(SAMBA_DELTA_DOMAIN_INFO not handled\n);
+break;
default:
d_printf(Unknown delta record type %d\n, hdr_delta-type);
break;
@@ -770,7 +773,20 @@
return;
}
 
-   d_printf(Fetching database %u\n, db_type);
+   switch( db_type ) {
+   case SAM_DATABASE_DOMAIN:
+   d_printf(Fetching DOMAIN database\n);
+   break;
+   case SAM_DATABASE_BUILTIN:
+   d_printf(Fetching BUILTIN database\n);
+   break;
+   case SAM_DATABASE_PRIVS:
+   d_printf(Fetching PRIVS databases\n);
+   break;
+   default:
+   d_printf(Fetching unknown database type %u\n, db_type );
+   break;
+   }
 
do {
result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds,

-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
The majority were fairly uncategorizable freaks, but you could tell that even
 the most normal-looking people there were still the weirdest people at their
 day job. - Jamie Zawinski

net rpc samsync: smarter patch than the previous one

2003-03-21 Thread Ronan Waide 
Thanks to pointers from Andrew Bartlett, I redid my samsync
sam_account_from_delta patch a little more sanely. Now it only marks
as changed things which have actually changed. This patch is against
current HEAD. The STRING_CHANGED macro and general style of the
additions is copied from rpc_server/srv_samr_util.c

Cheers,
Waider.

Index: utils/net_rpc_samsync.c
===
RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v
retrieving revision 1.18
diff -u -r1.18 net_rpc_samsync.c
--- utils/net_rpc_samsync.c 22 Feb 2003 12:14:08 -  1.18
+++ utils/net_rpc_samsync.c 21 Mar 2003 14:47:52 -
@@ -197,65 +197,137 @@
 }
 
 /* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */
+#define STRING_CHANGED (old_string  !new_string) ||\
+   (!old_string  new_string) ||\
+   (old_string  new_string  (strcmp(old_string, new_string) != 0))
 
 static NTSTATUS
 sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta)
 {
-   fstring s;
+const char *old_string, *new_string;
+time_t unix_time, stored_time;
uchar lm_passwd[16], nt_passwd[16];
static uchar zero_buf[16];
 
/* Username, fullname, home dir, dir drive, logon script, acct
   desc, workstations, profile. */
 
-   unistr2_to_ascii(s, delta-uni_acct_name, sizeof(s) - 1);
-   pdb_set_nt_username(account, s, PDB_CHANGED);
-
-   /* Unix username is the same - for sainity */
-   pdb_set_username(account, s, PDB_CHANGED);
-
-   unistr2_to_ascii(s, delta-uni_full_name, sizeof(s) - 1);
-   pdb_set_fullname(account, s, PDB_CHANGED);
-
-   unistr2_to_ascii(s, delta-uni_home_dir, sizeof(s) - 1);
-   pdb_set_homedir(account, s, PDB_CHANGED);
-
-   unistr2_to_ascii(s, delta-uni_dir_drive, sizeof(s) - 1);
-   pdb_set_dir_drive(account, s, PDB_CHANGED);
-
-   unistr2_to_ascii(s, delta-uni_logon_script, sizeof(s) - 1);
-   pdb_set_logon_script(account, s, PDB_CHANGED);
-
-   unistr2_to_ascii(s, delta-uni_acct_desc, sizeof(s) - 1);
-   pdb_set_acct_desc(account, s, PDB_CHANGED);
-
-   unistr2_to_ascii(s, delta-uni_workstations, sizeof(s) - 1);
-   pdb_set_workstations(account, s, PDB_CHANGED);
-
-   unistr2_to_ascii(s, delta-uni_profile, sizeof(s) - 1);
-   pdb_set_profile_path(account, s, PDB_CHANGED);
+if (delta-hdr_acct_name.buffer) {
+ old_string = pdb_get_nt_username(account);
+ new_string = unistr2_static(delta-uni_acct_name);
+
+ if (STRING_CHANGED) {
+  pdb_set_nt_username(account, new_string, PDB_CHANGED);
+  
+ }
+ 
+ /* Unix username is the same - for sanity */
+ old_string = pdb_get_username( account );
+ if (STRING_CHANGED) {
+  pdb_set_username(account, new_string, PDB_CHANGED);
+ }
+}
+
+if (delta-hdr_full_name.buffer) {
+ old_string = pdb_get_fullname(account);
+ new_string = unistr2_static(delta-uni_full_name);
+
+ if (STRING_CHANGED)
+  pdb_set_fullname(account, new_string, PDB_CHANGED);
+}
+
+if (delta-hdr_home_dir.buffer) {
+ old_string = pdb_get_homedir(account);
+ new_string = unistr2_static(delta-uni_home_dir);
+
+ if (STRING_CHANGED)
+  pdb_set_homedir(account, new_string, PDB_CHANGED);
+}
+
+if (delta-hdr_dir_drive.buffer) {
+ old_string = pdb_get_dir_drive(account);
+ new_string = unistr2_static(delta-uni_dir_drive);
+
+ if (STRING_CHANGED)
+  pdb_set_dir_drive(account, new_string, PDB_CHANGED);
+}
+
+if (delta-hdr_logon_script.buffer) {
+ old_string = pdb_get_logon_script(account);
+ new_string = unistr2_static(delta-uni_logon_script);
+
+ if (STRING_CHANGED)
+  pdb_set_logon_script(account, new_string, PDB_CHANGED);
+}
+
+if (delta-hdr_acct_desc.buffer) {
+ old_string = pdb_get_acct_desc(account);
+ new_string = unistr2_static(delta-uni_acct_desc);
+
+ if (STRING_CHANGED)
+  pdb_set_acct_desc(account, new_string, PDB_CHANGED);
+}
+
+if (delta-hdr_workstations.buffer) {
+ old_string = pdb_get_workstations(account);
+ new_string = unistr2_static(delta-uni_workstations);
+
+ if (STRING_CHANGED)
+  pdb_set_workstations(account, new_string, PDB_CHANGED);
+}
+
+if (delta-hdr_profile.buffer) {
+ old_string = pdb_get_profile_path(account);
+ new_string = unistr2_static(delta-uni_profile);
+
+ if (STRING_CHANGED)
+  pdb_set_profile_path(account, new_string, PDB_CHANGED);
+}
 
/* User and group sid */
-
-   pdb_set_user_sid_from_rid(account, delta-user_rid, PDB_CHANGED);
-   pdb_set_group_sid_from_rid(account, delta-group_rid, PDB_CHANGED);
+if (pdb_get_user_rid(account) != delta-user_rid)
+

another samsync diff (cosmetic)

2003-03-21 Thread Ronan Waide 
This makes samsync tell you what record types it's skipping, rather
than just dumping out the number corresponding to the type. It also
prints the database type instead of database 1, database 2, database
3.

Cheers,
Waider.

Index: utils/net_rpc_samsync.c
===
RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v
retrieving revision 1.18
diff -u -r1.18 net_rpc_samsync.c
--- utils/net_rpc_samsync.c 22 Feb 2003 12:14:08 -  1.18
+++ utils/net_rpc_samsync.c 21 Mar 2003 15:09:27 -
@@ -111,6 +111,37 @@
case SAM_DELTA_GROUP_INFO:
display_group_info(hdr_delta-target_rid, delta-group_info);
break;
+/* The following types are recognised but not handled */
+case SAM_DELTA_RENAME_GROUP:
+ d_printf(SAM_DELTA_RENAME_GROUP not handled\n);
+ break;
+case SAM_DELTA_RENAME_USER:
+ d_printf(SAM_DELTA_RENAME_USER not handled\n);
+ break;
+case SAM_DELTA_RENAME_ALIAS:
+ d_printf(SAM_DELTA_RENAME_ALIAS not handled\n);
+ break;
+case SAM_DELTA_POLICY_INFO:
+ d_printf(SAM_DELTA_POLICY_INFO not handled\n);
+ break;
+case SAM_DELTA_TRUST_DOMS:
+ d_printf(SAM_DELTA_TRUST_DOMS not handled\n);
+ break;
+case SAM_DELTA_PRIVS_INFO:
+ d_printf(SAM_DELTA_PRIVS_INFO not handled\n);
+ break;
+case SAM_DELTA_SECRET_INFO:
+ d_printf(SAM_DELTA_SECRET_INFO not handled\n);
+ break;
+case SAM_DELTA_DELETE_GROUP:
+ d_printf(SAM_DELTA_DELETE_GROUP not handled\n);
+ break;
+case SAM_DELTA_DELETE_USER:
+ d_printf(SAM_DELTA_DELETE_USER not handled\n);
+ break;
+case SAM_DELTA_MODIFIED_COUNT:
+ d_printf(SAM_DELTA_MODIFIED_COUNT not handled\n);
+ break;
default:
d_printf(Unknown delta record type %d\n, hdr_delta-type);
break;
@@ -132,7 +163,20 @@
return;
}
 
-   d_printf(Dumping database %u\n, db_type);
+switch( db_type ) {
+case SAM_DATABASE_DOMAIN:
+ d_printf(Dumping DOMAIN database\n);
+ break;
+case SAM_DATABASE_BUILTIN:
+ d_printf(Dumping BUILTIN database\n);
+ break;
+case SAM_DATABASE_PRIVS:
+ d_printf(Dumping PRIVS databases\n);
+ break;
+default:
+ d_printf(Dumping unknown database type %u\n, db_type );
+ break;
+}
 
do {
result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type,

-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

They posted while drunk, their souls are forfeit.
   - Bren, in the dspsrv orientation guide.

Re: adddriver RPC

2003-03-19 Thread Ronan Waide 
On March 19, [EMAIL PROTECTED] said:
 
 I put all the files in the print share at (\\dev\print$\w32x86).  The
 files are from Windows XP Professional SP1.  The files are, as
 reported by the printer test page:
 
 pscript.ntf
 pscript.hlp
 ps5ui.dll
 hplj5si1.ppd
 pscript5.dll
 
 I issued the following command from rpcclient:
 
 adddriver Windows NT x86 HP LaserJet 5Si/5Si MX 
 PS:pscript5.dll:hplj5si1.ppd:ps5ui.dll:pscript.hlp::pscript.ntf

The adddriver rpc expects to find the files in \\dev\print$; it will
move them to the w32x86 or win40 directory as appropriate. If you look
through your trace you'll find an error indicating that samba was
unable to obtain the cversion of one of the files due to a file not
found error.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Love wouldn't be blind if the braille wasn't so damned much fun.
 - Armistead Maupin

samsync: don't put into fields that should be null

2003-03-19 Thread Ronan Waide 
This patch prevents net rpc vampire from copying empty strings into
various fields; doing so can cause problems with pdb_ldap (and
possibly others).

Cheers,
Waider.

Index: source/utils/net_rpc_samsync.c
===
RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v
retrieving revision 1.18
diff -r1.18 net_rpc_samsync.c
218c218,219
   pdb_set_fullname(account, s, PDB_CHANGED);
---
   if ( strlen( s ))
 pdb_set_fullname(account, s, PDB_CHANGED);
221c222,223
   pdb_set_homedir(account, s, PDB_CHANGED);
---
   if ( strlen( s ))
 pdb_set_homedir(account, s, PDB_CHANGED);
224c226,227
   pdb_set_dir_drive(account, s, PDB_CHANGED);
---
   if ( strlen( s ))
 pdb_set_dir_drive(account, s, PDB_CHANGED);
227c230,231
   pdb_set_logon_script(account, s, PDB_CHANGED);
---
   if ( strlen( s ))
 pdb_set_logon_script(account, s, PDB_CHANGED);
230c234,235
   pdb_set_acct_desc(account, s, PDB_CHANGED);
---
 if ( strlen( s ))
 pdb_set_acct_desc(account, s, PDB_CHANGED);
233c238,239
   pdb_set_workstations(account, s, PDB_CHANGED);
---
 if ( strlen( s ))
 pdb_set_workstations(account, s, PDB_CHANGED);
236c242,243
   pdb_set_profile_path(account, s, PDB_CHANGED);
---
   if ( strlen( s ))
 pdb_set_profile_path(account, s, PDB_CHANGED);
402c409,411
   fstrcpy(map.comment, comment);
---
 
   if ( strlen( comment ))
 fstrcpy(map.comment, comment);

-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Repetition breeds inertia. - Douglas Coupland, _Microserfs_

net rpc vampire doesn't copy interdomain trust accounts

2003-03-19 Thread Ronan Waide 
Currently the code does the following checks:
 if the account is ACB_WSTRUST or ACB_SRVTRUST, 
   set up to create a machine account
 else if it's ACB_NORMAL,
   set up to create a normal account
 else
   error unknown account type

This currently fails for ACB_DOMTRUST. I'm not sure what the correct
fix is, but adding it to the first clause and treating it as if it
were a machine account seems to work okay.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
So, these portents, taken together with the eclipse and casting this
 disembowelled handset over my desk... um, ...  oh dear ... I think I need to
 order a new phone from MIS. - james coleman

Re: adddriver RPC

2003-03-19 Thread Ronan Waide 
On March 19, [EMAIL PROTECTED] said:
 
 Firstly, you first said that it expects the files in the w32x86/win40
 directories.

Oh, hmm, you're right. Sorry. The files go into the w32x86/win40
directories, but not into the 2/ or 0/ subdirectories of those. My
mistake.

Cheers,
Waider. 
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Sorry, but I use IE, so I'm clueless.
- Someone on netscape.public.mozilla.general

bug in ldap group stuff?

2003-03-18 Thread Ronan Waide 
I'm pretty sure this /was/ working, which is why I'm posting it here
rather than to [EMAIL PROTECTED] I'm doing a net rpc vampire, using ldap as a
backend, and I have a simple add group script which creates a group in
LDAP and prints out the GID of the group it's created for samba to
hoover up. However, the primaryGroupID appears to be set to some
completely random number instead of the correct GID - for example,
this account should have a primaryGroupID of Domain Users:

dn: uid=waider,ou=People,dc=company,dc=ie
objectClass: posixAccount
objectClass: account
objectClass: sambaAccount
uidNumber: 1126
gidNumber: 1000
homeDirectory: /home/waider
uid: waider
rid: 1181
primaryGroupID: 513
displayName: Ronan Waide
cn: Ronan Waide
description: yadda
smbHome: \\srv1\waider
homeDrive: H:
profilePath: \\pdc\profiles\waider
logonTime: 1046707306
logoffTime: 1040143165
kickoffTime: 2147483647
pwdLastSet: 1044452015
acctFlags: [U  ]

But the Domain Users group entry looks like this:

dn: gid=Domain Users,ou=Group,dc=company,dc=ie
objectClass: posixGroup
cn: Domain Users
gidNumber: 1002


getent group Domain Users returns this:
Domain Users:x:1002:

So why is Samba setting the primaryGroupID to 513?

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
if you can't live the lie, let it die/and if you can't live a life filled
 with strife/honey, just say oops/and jump through hoops/and get to the end of
 the line - FLC, Bear Hug (Come Find Yourself)

Re: bug in ldap group stuff?

2003-03-18 Thread Ronan Waide 
On March 18, [EMAIL PROTECTED] said:
 So why is Samba setting the primaryGroupID to 513?

Okay, I had made two basic errors here. One is that the above is an
RID, not a GID. The second was not double-checking my scripts'
output. The groupadd script was spitting out some garbage before the
GID, which Samba was reading as GID 0 and thus disregarding. Perhaps
the code that checks this case should log a warning!

Actually, it appears there's a hole in the documentation as well; the
primary group doesn't get mapped for me because I haven't set the set
primary group script, for which there appears to be no fallback.

set primary group script understands %u and %g as user and group
respectively.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

my head's having a party right now, but I'm not there.
 - Aoife Morrison

printer name not returned correctly

2003-03-14 Thread Ronan Waide 
Hi,

still messing about with printers. If I create a printer like so:

[TestP]
printer name = Test_Printer
printable = yes

and then do rpcclient enumprinters 2 against the server, I get:

servername:[\\server]
printername:[\\server\TestP]
sharename:[TestP]
portname:[HPLaserJet4050Series]
drivername:[HP LaserJet 4050 Series PCL 5e]
comment:[Created by rpcclient]
location:[]
sepfile:[]
printprocessor:[winprint]
datatype:[RAW]
parameters:[]
attributes:[0x1018]
priority:[0x0]
defaultpriority:[0x0]
starttime:[0x0]
untiltime:[0x0]
status:[0x0]
cjobs:[0x0]
averageppm:[0x0]

I would have expected printername to be \\server\Test_Printer, since
that's what my NT4 box is returning for a similar setup. I've traced
through the server code and it looks okay where it's retrieving the
info from the tdb file, so that would suggest that the information is
incorrect in the tdb file. And sure enough, ntprinters.tdb has TestP
in it several times, but no sign of Test_Printer. The default info2
structure assumes a printer name of \\server\share, so maybe that
would be a good place to start.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Crying for sympathy / crocodile cries / for the love of the crowd and the
 three cheers from everyone - The Cure, _Disintegration_

rpcclient: return real WERROR values to user

2003-03-14 Thread Ronan Waide 
This patch allows WERROR-based RPC calls to return their real value to
the user instead of NT_STATUS_OK/NT_STATUS_UNSUCCESSFUL. Basically
I've extended the cmd_set type to include a return type field and
instead of the NTSTATUS (*fn)() definition there's a NTSTATUS
(*ntfn)() and a WERROR (*wfn)(); the code chooses one based on the
setting of the type field, and invokes the correct errstr function on
the return value if it's not OK.

Cheers,
Waider.

Index: rpcclient/cmd_dfs.c
===
RCS file: /cvsroot/samba/source/rpcclient/cmd_dfs.c,v
retrieving revision 1.12
diff -u -r1.12 cmd_dfs.c
--- rpcclient/cmd_dfs.c 25 Feb 2003 23:34:56 -  1.12
+++ rpcclient/cmd_dfs.c 15 Mar 2003 00:07:14 -
@@ -227,11 +227,11 @@
 
{ DFS },
 
-   { dfsexist,   cmd_dfs_exist,   PI_NETDFS, Query DFS support, },
-   { dfsadd, cmd_dfs_add, PI_NETDFS, Add a DFS share,   },
-   { dfsremove,  cmd_dfs_remove,  PI_NETDFS, Remove a DFS share,},
-   { dfsgetinfo, cmd_dfs_getinfo, PI_NETDFS, Query DFS share info,  },
-   { dfsenum,cmd_dfs_enum,PI_NETDFS, Enumerate dfs shares,  },
+   { dfsexist,  RPC_RTYPE_NTSTATUS, cmd_dfs_exist,   NULL, PI_NETDFS, Query 
DFS support, },
+   { dfsadd,RPC_RTYPE_NTSTATUS, cmd_dfs_add, NULL, PI_NETDFS, Add a 
DFS share,   },
+   { dfsremove, RPC_RTYPE_NTSTATUS, cmd_dfs_remove,  NULL, PI_NETDFS, Remove a 
DFS share,},
+   { dfsgetinfo,RPC_RTYPE_NTSTATUS, cmd_dfs_getinfo, NULL, PI_NETDFS, Query 
DFS share info,  },
+   { dfsenum,   RPC_RTYPE_NTSTATUS, cmd_dfs_enum,NULL, PI_NETDFS, 
Enumerate dfs shares,  },
 
{ NULL }
 };
Index: rpcclient/cmd_ds.c
===
RCS file: /cvsroot/samba/source/rpcclient/cmd_ds.c,v
retrieving revision 1.4
diff -u -r1.4 cmd_ds.c
--- rpcclient/cmd_ds.c  25 Feb 2003 23:34:56 -  1.4
+++ rpcclient/cmd_ds.c  15 Mar 2003 00:07:14 -
@@ -53,7 +53,7 @@
 
{ LSARPC-DS },
 
-   { dsroledominfo,  cmd_ds_dsrole_getprimarydominfo,   PI_LSARPC_DS, 
Get Primary Domain Information,  },
+   { dsroledominfo, RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, 
PI_LSARPC_DS, Get Primary Domain Information,  },
 
{ NULL }
 };
Index: rpcclient/cmd_lsarpc.c
===
RCS file: /cvsroot/samba/source/rpcclient/cmd_lsarpc.c,v
retrieving revision 1.74
diff -u -r1.74 cmd_lsarpc.c
--- rpcclient/cmd_lsarpc.c  25 Feb 2003 06:24:13 -  1.74
+++ rpcclient/cmd_lsarpc.c  15 Mar 2003 00:07:14 -
@@ -741,20 +741,20 @@
 
{ LSARPC },
 
-   { lsaquery,cmd_lsa_query_info_policy,  PI_LSARPC, Query info 
policy, },
-   { lookupsids,  cmd_lsa_lookup_sids,PI_LSARPC, Convert SIDs 
to names, },
-   { lookupnames, cmd_lsa_lookup_names,   PI_LSARPC, Convert names 
to SIDs, },
-   { enumtrust,   cmd_lsa_enum_trust_dom, PI_LSARPC, Enumerate 
trusted domains,Usage: [preferred max number] [enum context (0)] },
-   { enumprivs,   cmd_lsa_enum_privilege, PI_LSARPC, Enumerate 
privileges,  },
-   { getdispname, cmd_lsa_get_dispname,   PI_LSARPC, Get the 
privilege name,},
-   { lsaenumsid,  cmd_lsa_enum_sids,  PI_LSARPC, Enumerate the 
LSA SIDS,},
-   { lsaenumprivsaccount, cmd_lsa_enum_privsaccounts, PI_LSARPC, Enumerate the 
privileges of an SID,},
-   { lsaenumacctrights,   cmd_lsa_enum_acct_rights,   PI_LSARPC, Enumerate the 
rights of an SID,},
-   { lsaenumacctwithright,cmd_lsa_enum_acct_with_right,PI_LSARPC,Enumerate 
accounts with a right,},
-   { lsaaddacctrights,cmd_lsa_add_acct_rights,PI_LSARPC, Add rights to 
an account,},
-   { lsaremoveacctrights, cmd_lsa_remove_acct_rights, PI_LSARPC, Remove rights 
from an account,},
-   { lsalookupprivvalue,  cmd_lsa_lookupprivvalue,PI_LSARPC, Get a 
privilege value given its name,  },
-   { lsaquerysecobj,  cmd_lsa_query_secobj,   PI_LSARPC, Query LSA 
security object,  },
+   { lsaquery,RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy,  NULL, 
PI_LSARPC, Query info policy, },
+   { lookupsids,  RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids,NULL, 
PI_LSARPC, Convert SIDs to names, },
+   { lookupnames, RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names,   NULL, 
PI_LSARPC, Convert names to SIDs, },
+   { enumtrust,   RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, 
PI_LSARPC, Enumerate trusted domains,Usage: [preferred max number] 
[enum context (0)] },
+   { enumprivs,   RPC_RTYPE_NTSTATUS,

failure to print (samba HEAD, cups, raw printers)

2003-03-13 Thread Ronan Waide 
hi folks,

again with the peculiar setup :) I've set up raw printers in cups to
match the windows network, and added the correct windows drivers to
feed them. One of the printers, a HP Colour LaserJet 8500 in PCL mode,
fails at the testpage stage with this message:

the data area passed to a system call is too small

I've done a trace of the attempt, which I can forward if required. I
thought this might be the large RPC bug that tpot was looking at, but
I'm not sure.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Anyway, yes. Known bug. Try entering only numbers as your phone number, no
brackets, dashes, widgets, knobs, fish or sliding trammel bars.

Re: failure to print (samba HEAD, cups, raw printers)

2003-03-13 Thread Ronan Waide 
On March 13, [EMAIL PROTECTED] said:
 hi folks,
 
 again with the peculiar setup :) I've set up raw printers in cups to
 match the windows network, and added the correct windows drivers to
 feed them. One of the printers, a HP Colour LaserJet 8500 in PCL mode,
 fails at the testpage stage with this message:

Uh, sorry. forgot to mention. The client is NT4SP6. By correct
windows drivers to feed them I mean the NT box downloads the same PCL
drivers from the Samba server as it would from the normal (NT) server.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
Andrea.B.Previtera says, I can't remember...we found a good cheap beer in an
undocumented irish pub...and we had pints and pints and pints to celebrate
something...

Re: adddriver RPC

2003-03-12 Thread Ronan Waide 
On March 12, [EMAIL PROTECTED] said:
 adddriver Windows NT x86 HP LaserJet 5Si/5Si MX 
 PS:pscript5.dll:hplj5si1.ppd:ps5ui.dll:pscript.hlp::pscript.ntf

Don't leave unused parameters blank. use the word NULL instead.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

vm-visit-when-saving is a vestige of the 1980's, when a 400MB disk drive
 could end your life if it fell out of a rack onto you. - Kyle Jones

Re: Printer driver parameter deprecated - what now?

2003-03-10 Thread Ronan Waide 
On March 10, [EMAIL PROTECTED] said:
 
 Uh...  How can Samba users be members of NT groups?  I did not know
 Samba supports that...  How do you add Unix users to NT groups for
 Samba?

I was just clarifying that when I said Printer Admins I wasn't
referring to the NT group.

 Yet, my problem remains unsolved.

I guess I misunderstood your problem. The details I gave are for
remotely adding a printer with drivers to a Samba box.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Repetition breeds inertia. - Douglas Coupland, _Microserfs_

segv in samba head

2003-03-10 Thread Ronan Waide 
background:
I had a stock redhat samba setup using security = share and sharing
out three directories - [homes] and two fixed locations. pretty
trivial setup. I built Samba 3 head (current as of this morning, but
the problem has been happening for at least a week) and tried
connecting to it from a NT4 PDC with a different domain name to the
samba server, and I get a segv. Debug level 10 doesn't give me a whole
lot to go on, so I ran smbd under gdb instead:

pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0

Program received signal SIGSEGV, Segmentation fault.
0x080952c6 in reply_sesssetup_and_X (conn=0x0, inbuf=0x403b2008 , 
outbuf=0x403d3008 , length=266, bufsize=131072) at smbd/sesssetup.c:721
721 if (server_info-guest) {

stacktrace:
#0  0x080952c6 in reply_sesssetup_and_X (conn=0x0, inbuf=0x403b2008 , 
outbuf=0x403d3008 , length=266, bufsize=131072) at smbd/sesssetup.c:721
#1  0x080ae095 in switch_message (type=115, inbuf=0x403b2008 , 
outbuf=0x403d3008 , size=266, bufsize=131072) at smbd/process.c:758
#2  0x080ae121 in construct_reply (inbuf=0x403b2008 , outbuf=0x403d3008 , 
size=266, bufsize=131072) at smbd/process.c:788
#3  0x080ae431 in process_smb (inbuf=0x403b2008 , outbuf=0x403d3008 )
at smbd/process.c:889
#4  0x080aedfa in smbd_process () at smbd/process.c:1298
#5  0x080731d4 in main (argc=6, argv=0xbfffe044) at smbd/server.c:907
#6  0x401e21c4 in __libc_start_main () from /lib/libc.so.6

Regardless of whether this turns out to be a misconfig on my part, a
panic is the wrong way to go about handling it. Especially since this
is just an upgrade from samba 2 to samba 3.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

They posted while drunk, their souls are forfeit.
   - Bren, in the dspsrv orientation guide.

rpcclient typo: patch

2003-03-10 Thread Ronan Waide 
when doing enumdomusers, rpcclient prints each one preceded by the
word group instead of user

Cheers,
Waider.

Index: rpcclient/cmd_samr.c
===
RCS file: /cvsroot/samba/source/rpcclient/cmd_samr.c,v
retrieving revision 1.157
diff -u -r1.157 cmd_samr.c
--- rpcclient/cmd_samr.c25 Feb 2003 06:24:13 -  1.157
+++ rpcclient/cmd_samr.c10 Mar 2003 13:13:03 -
@@ -684,7 +684,7 @@
NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
 
for (i = 0; i  num_dom_users; i++)
-   printf(group:[%s] rid:[0x%x]\n, 
+   printf(user:[%s] rid:[0x%x]\n, 
   dom_users[i], dom_rids[i]);
}

-- 
We are experiencing MVS processor spin loops, the programs are running while
 holding a disabled CPU. This is causing XCF communication delays to the point
 where we are losing VTAM RTP routing, are suffering OSPF adjacency failures on
 TCP/IP dynamic routing and MIM VCF failures. - Reported via Slashdot

Re: Printer driver parameter deprecated - what now?

2003-03-09 Thread Ronan Waide 
On March 9, [EMAIL PROTECTED] said:
  
  Uhmm...  I'm not sure.  So what do I do - create the share, create
  empty directories like 'w32x86' and 'win40' and then issue a setdriver
  RPC?
 
 Well, I tried that, does not work, I get:
 
 SetPrinter call failed!
 result was NT_STATUS_UNSUCCESSFUL

setdriver expects the following setup:
* you are a printer admin, or root.
  - this is the smb.conf printer admin group, not the Printer
Operators group in NT. I've not tried the latter, but I don't
believe it will work based on the current code.
* printer admins has to be defined in [global]
* upload the driver files to \\server\print$\w32x86 and win40 as
  appropriate. DON'T put them in the 0 or 2 subdirectories.
* Make sure that the user you're connecting as is able to write to the
  print$ directories
* Use adddriver (with appropriate parameters) to create the driver
  - note, this will not just update samba's notion of drivers, it will
also move the files from the w32x86 and win40 directories to an
appropriate subdirectory (based on driver version, I think, but
not important enough for me to find out)
* Use setdriver to associate the driver with a printer

The setdriver call will fail if the printer doesn't already exist in
samba's view of the world. Either create the printer in cups and
restart samba, or create an add printer command (see smb.conf doco)
and use RPC calls to create a printer. NB the add printer command MUST
return a single line of text indicating which port the printer was
added on. If it doesn't, Samba won't reload the printer
definitions. Although samba doesn't really support the notion of
ports, suitable add printer command and enumport command settings can
allow you pretty good remote control of the samba printer setup.

Hope this helps you somewhat.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Junk food is considered part of the vegetable food group, because it comes
 from a plant. A big chemical plant. In New Jersey. - Kludge Dorsey

breakage in cliconnect or thereabouts

2003-03-09 Thread Ronan Waide 
Hi folks,

* libsmb/smb_signing.c, libsmb/smbencrypt.c, Makefile.in, include/client.h, 
libsmb/cliconnect.c, libsmb/clientgen.c:
Change the way we sign SMB packets, to a function pointer interface.

The intention is to allow for NTLMSSP and kerberos signing of packets, but
for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA
spec)

Andrew Bartlett

some part of this change is currently stopping connections to an
NT4SP6 PDC working from Samba. I'm getting session request to SERVER
failed (Called name not present)

If I find the bug, I'll post further. If not, I'm sure someone else
will catch it :)

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

disclaimer: As I have stated before, my client was nowhere near the site at
 the time of the incident.  - Michael, the Chaotic

Re: more rpcclient bughunting: PRINTER_ALL_ACCESS vs MAXIMUM_ALLOWED_ACCESS

2003-03-05 Thread Ronan Waide 
On March 5, [EMAIL PROTECTED] said:
 
 I've checked in a fix.  It's odd that MAXIMUM_ALLOWED_ACCESS doesn't
 do what it's supposed to in this case.  Are you running the setdriver
 against a NT or Samba server?

Running against Samba HEAD, but just one sec...

Right, here's the summary of what I've found:

Samba HEAD - Samba HEAD (rpcclient setdriver)
* Asking for Maximum allowed access doesn't give you printer admin
  rights

Samba HEAD - NT4 SP6 (rpcclient setdriver)
* Asking for Maximum allowed access /does/ give you printer admin
  rights, even though the printer admin bitfield isn't set.

NT4 SP6 to Samba HEAD (Opening the Printers folder)
* First request is for
  Write Owner | Write DAC | Read Control | Delete
  Server Enum | Server Admin

* Second request appears to be the same in terms of requested access;
  something else might differ, but nothing immediately obvious.

* Third request asks for
  Read Control
  Server Enum

I set up a Printer Operator account to test this with, and it
succeeded on the first request (Server Admin), as does a Domain
Admin account. Finally, I removed the Printer Operator account from
Printer Operators but left it in printer admins on the samba
server, and it still succeeded at the first request. So I'm not sure
when the Printer Admin bit gets used, but it's not when you open the
Printers folder.

I don't right now have an easy way to test NT-NT /and/ capture the
bits; however, I think it's obvious from the above that Samba should
be responding to a MAXIMUM_ALLOWED_ACCESS request with
PRINTER_ACCESS_ADMINISTER rights. As it stands, it's going to get
punted:

srv_spoolss_nt.c:1577
==
/* Deny any object specific bits that don't apply to print
   servers (i.e printer and job specific bits) */

printer_default-access_required = SPECIFIC_RIGHTS_MASK;

if (printer_default-access_required 
~(SERVER_ACCESS_ADMINISTER | SERVER_ACCESS_ENUMERATE)) {
DEBUG(3, (access DENIED for non-printserver bits));
close_printer_handle(p, handle);
return WERR_ACCESS_DENIED;
}
==

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Your broker is a half-naked blue-and-orange crypto-anarchist?
  - Neal Stephenson / The Great Simoleon Caper

documentation omission: add printer command

2003-03-05 Thread Ronan Waide 
The add printer command program can output a single line of text,
which Samba will set as the port the new printer is connected to. From
my reading of the code, if this line /isn't/ output, Samba won't
reload its printer shares.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

It doesn't corner well.  It doesn't have to.  It just warps space until the
 street is facing the right way.  - Blair P. Houghton

bug (or maybe not) in printing subsystem

2003-03-03 Thread Ronan Waide 
Hi folks,

tracked down a problem I mentioned last week with printing. When you
use the rpcclient adddriver command as follows:

adddriver Windows NT x86 name:NULL:NULL:NULL:NULL:NULL:NULL:NULL

you get a NT_STATUS_UNSUCCESSFUL error, which further investigation
reveals to be caused by an Access Denied error upstream. Further
investigation of /that/ reveals that get_correct_cversion in
printing/nt_printing.c is attempting to open the W32X86 directory as a
file. This is, as far as I can tell, because the second field in the
second parameter above is the driver file; setting it to NULL is
somehow causing this problem. Setting the driver file to a valid
printer driver file cures the problem.

I don't know if this is a bug or just misuse on my part of the
rpcclient command :)

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
Some people just don't know which side of the good/evil thing to side
with, despite the obvious fun now, pay later advantages of the evil
side for those of us who need instant gratification.

Re: problem retrieving level 3 info for NT printer drivers

2003-02-27 Thread Ronan Waide 
On February 27, [EMAIL PROTECTED] said:
 
 try again with HEAD.  The Samba 2-2 client rpc code cannot handle
 fragmented PDU's too well.

Sorry, should have mentioned. This is with HEAD. Tim Potter has been
having a look at tcpdump plus a level ten debug trace of the rpcclient
run.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

even when american adverts try for the oblique and wordless, they're so
 obvious they may as well put the logo on a fish and slap you with it. - AjD

[Samba] more rpcclient weirdness

2003-02-26 Thread Ronan Waide 
rpcclient $ adddriver Windows NT x86 HP CLJ 8500 - 
PCL:NULL:NULL:NULL:NULL:NULL:NULL:NULL
result was NT_STATUS_UNSUCCESSFUL
rpcclient $ adddriver Windows 4.0 HP CLJ 8500 - 
PCL:NULL:NULL:NULL:NULL:NULL:NULL:NULL
Printer Driver HP CLJ 8500 - PCL successfully installed.
rpcclient $ 

This is HEAD, bang up-to-date. I'm trying to figure it out as I mail
this.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

There's a certain uniformity of suck that must be maintained or the UNIX
 community won't take you seriously. - Rocco Caputo on naming books.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: more rpcclient weirdness

2003-02-26 Thread Ronan Waide 
On February 26, [EMAIL PROTECTED] said:
 rpcclient $ adddriver Windows NT x86 HP CLJ 8500 - 
 PCL:NULL:NULL:NULL:NULL:NULL:NULL:NULL
 result was NT_STATUS_UNSUCCESSFUL
 rpcclient $ adddriver Windows 4.0 HP CLJ 8500 - 
 PCL:NULL:NULL:NULL:NULL:NULL:NULL:NULL
 Printer Driver HP CLJ 8500 - PCL successfully installed.
 rpcclient $ 

Running packet traces on this:
for reasons that are still unclear to me, the NT adddriver command
above gets an Access Denied response. Er. I would've thought that
adddriver is just going to update a TDB file somewhere, and nothing
else? Plus, why is there a difference between adding an NT and a
Windows 4.0 driver?

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Derrick says, Well, there are altar girls there. But it's a sin to hit on
jailbait in the house of the Lord.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

problem retrieving level 3 info for NT printer drivers

2003-02-26 Thread Ronan Waide 
Hi folks,

mentioned this briefly on samba@ about a week ago, but I've actually
done some tracking on it now. I'm still digging, but this is a summary
of what I've found.

symptoms: doing rpcclient SERVER enumdrivers level 3 fetches
information for the Windows 9x drivers, then stalls trying to retrieve
the NT information, before returning a timeout message. Level 1 and 2
work fine.

I ran ethereal and poked at the traces some, and this is what I get:

client: EnumPrinterDrivers request level 3
server: EnumPrinterDrivers reply, Insufficient Buffer
client: EnumPrinterDrivers request level 3 (this time with a buffer)
server: EnumPrinterDrivers reply

At this point, I have the Windows 4.0 drivers.

client: EnumPrinterDrivers request level 3
server: EnumPrinterDrivers reply, Insufficient Buffer
client: DCERPC request
server: no apparent response
client: SMB WriteAndXRequest
server: SMB WriteAndXResponse
server: SMB WriteAndXResponse
client: SMB WriteAndXRequest
client: SMB WriteAndXRequest

and that's about it. Error message goes hereabouts.

Having looked at the DCERPC request above, it appears to be contained
in a SMB WriteAndXRequest whereas the corresponding request with a
buffer for the Windows 4.0 drivers is a Transaction request. Also, the
DCERPC request appears to have the necessary bits appended after the
DCERPC header to make it a SPOOLSS request (as I'd expect) with the
required amount of buffer space, but ethereal certainly doesn't want
to read it as such, and my knowledge of SMB is pretty minimal. My
theory, such as it is, is that the buffer size is too big, for some
arbitrary meaning of the phrase too big. It's a 16452-byte buffer,
where the Windows 4.0 buffer size was something like 2400 bytes. I'm
going to play around with buffer sizes and see if I can at least get
the message sequences the way I'd expect 'em, but any light-shedding
would be appreciated :)

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Your broker is a half-naked blue-and-orange crypto-anarchist?
  - Neal Stephenson / The Great Simoleon Caper

smbmount: support lfs and unicode options

2003-02-25 Thread Ronan Waide 
Hi folks,

this is an updated version of Urban Widmark's smbmount patch to enable
lfs and unicode options to be switched on the command line. It's
diff'd against current CVS HEAD.

Cheers,
Waider.

Index: source/client/smbmount.c
===
RCS file: /cvsroot/samba/source/client/smbmount.c,v
retrieving revision 1.65
diff -a -u -r1.65 smbmount.c
--- source/client/smbmount.c15 Feb 2003 00:29:20 -  1.65
+++ source/client/smbmount.c25 Feb 2003 14:01:43 -
@@ -51,6 +51,8 @@
 static BOOL use_kerberos;
 /* TODO: Add code to detect smbfs version in kernel */
 static BOOL status32_smbfs = False;
+static BOOL smbfs_has_unicode = False;
+static BOOL smbfs_has_lfs = False;
 
 static void usage(void);
 
@@ -212,6 +214,12 @@
c-force_dos_errors = True;
}
 
+   if (!smbfs_has_lfs)
+ c-capabilities = ~CAP_LARGE_FILES;
+
+   if (!smbfs_has_unicode)
+ c-capabilities = ~CAP_UNICODE;
+
if (!cli_session_setup(c, username, 
   password, strlen(password),
   password, strlen(password),
@@ -828,6 +836,10 @@
mount_ro = 0;
} else if(!strcmp(opts, ro)) {
mount_ro = 1;
+   } else if(!strcmp(opts, unicode)) {
+   smbfs_has_unicode = True;
+   } else if(!strcmp(opts, lfs)) {
+   smbfs_has_lfs = True;
} else {
strncpy(p, opts, sizeof(pstring) - (p - options) - 1);
p += strlen(opts);

-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
#!/bin/perl -sp0777iX+d*lMLa^*lN%0]dsXx++lMlN/dsM0j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$kSK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)   # RSA in Perl

RE: [Samba] cupsaddsmb - why the heck can't Igetrpcclient-addprinterto work?

2003-02-21 Thread Ronan Waide 
On February 21, [EMAIL PROTECTED] said:
 Any idea where I can find a REdHat7.3 rpm for 1.1.18?
 
 I can't find one anywhere

try the cups website, or build from source.

Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

even when american adverts try for the oblique and wordless, they're so
 obvious they may as well put the logo on a fish and slap you with it. - AjD
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] cupsaddsmb - why the heck can'tIgetrpcclient-addprinterto work?

2003-02-21 Thread Ronan Waide 
On February 21, [EMAIL PROTECTED] said:
 
 Hmm ... couldn't seem to find it on the cups site (google couldn't either)

It's the first hit on google. I've no idea what you're trying to
search for. http://www.google.com/search?q=cups

 What are your opinions on this strategy?

If you don't build an up-to-date cups, you won't have a working
cups-based printing system with Samba. Sure, you'll have to be careful
when upgrading, but really. That's a given when you're upgrading,
regardless of whether you built from source or not. It ain't rocket
science.

Waider.
-- 
We are experiencing MVS processor spin loops, the programs are running while
 holding a disabled CPU. This is causing XCF communication delays to the point
 where we are losing VTAM RTP routing, are suffering OSPF adjacency failures on
 TCP/IP dynamic routing and MIM VCF failures. - Reported via Slashdot
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] cupsaddsmb - why the heck can'tIgetrpcclient-addprinterto work?

2003-02-21 Thread Ronan Waide 
On February 21, [EMAIL PROTECTED] said:
 If you download the cups source and unzip it, you will find a file called cups.spec 
in the top 
 level dir of the source. You can pass the spec file to rpm (or rpmbuild on newer 
redhat systems) 
 and it will create an rpm for you out of the dowloaded source files.

You don't even need to unzip the file. Just do rpm -ta
cups-1.18.tar.gz

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

AjD feels frustrated in his attempts to establish the delinitations of
  horror in puppy-burying.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] trying again - bug? (was re os X)

2003-02-19 Thread Ronan Waide 
On February 19, [EMAIL PROTECTED] said:
 didn't hear anything back on this, so i'm trying again:
 
 --
 i would bet someone's already asked and had this
 answered, but since the archives of these listss aren't
 searchable, and since i couldn't find the info in the
 docs or elsewhere on net, here goes:

Possibly you didn't get a reply because the list archives /are/
searchable. Try http://marc.theaimsgroup.com/ and scroll down.

Regards,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Junk food is considered part of the vegetable food group, because it comes
 from a plant. A big chemical plant. In New Jersey. - Kludge Dorsey
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Found MS-Word 97 Samba bug : diagnostic found!

2003-02-14 Thread Ronan Waide 
On February 14, [EMAIL PROTECTED] said:
 And, here what I have!!! : First file has NO PROBLEM, second one HAS 
 READ ONLY ERROR, (but not if the file is REOPEN again):
 
 -rw-rw-r--1 nobody   nogroup 37888 Feb 14 11:46 test_file_1.doc
 -rwxr--r--1 nobody   nogroup 37376 Feb 14  2003 test_file_2.doc
 
 Look at date Feb 14  2003: erkk!! this is not a standard date!!!

I presume that's output from ls -l. I would hazard a guess that your
server and client clocks are not in sync. If you're on linux, try ls
--full-time

Cheers,
Waider.
-- 
We are experiencing MVS processor spin loops, the programs are running while
 holding a disabled CPU. This is causing XCF communication delays to the point
 where we are losing VTAM RTP routing, are suffering OSPF adjacency failures on
 TCP/IP dynamic routing and MIM VCF failures. - Reported via Slashdot
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Found MS-Word 97 Samba bug : diagnostic found!

2003-02-14 Thread Ronan Waide 
On February 14, [EMAIL PROTECTED] said:
  I presume that's output from ls -l. I would hazard a guess that your
  server and client clocks are not in sync. If you're on linux, try ls
  --full-time
 
 Yes! It's ls -l output I've posted.
 
 And yes again, client and server are not in sync.
 
 Do you mean that way I've to install ntpd and sync date/hour mechanism 
 between samba server and clients?

You don't have to, but it's probably a good idea. Note that you can
run net time \\sambaserver /set on the clients to sync them up with
the server.
 
 Why? Is there any paragraph on this in the samba howto collection?

Dunno.

Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

It's a kludge to stop some old systems from breaking, as far as I know.
Much like the rest of Unix, really.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Off Topic, please ignore (was RE: [Samba] !!ATTENTION NEWBIES!!)

2003-02-13 Thread Ronan Waide 
On February 13, [EMAIL PROTECTED] said:
   If newbs tend to ask the same questions over and over and you
 don't like to see what they wrote, delete it. You don't have to respond
 and it's not that big of a deal to take a second to read something that
 you have no intention of responding positively to.

I think what you meant to say is:

Rule #x^2: FAQs are asked frequently. Get used to them.

(from the Rules of Usenet)

Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

FEH.  you decent guys are all alike. - Meredith
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] rpcclient enumdrivers 3 times out on NT drivers

2003-02-12 Thread Ronan Waide 
This is puzzling me (and hampering some work, slightly):

NT4SP6 + full updates server, with some printers attached.

rpcclient -U admin%pass enumdrivers 2 server gives me a list of stuff
like this:

[Windows 4.0]
Printer Driver Info 2:
Version: [0]
Driver Name: [HP LaserJet 5Si PCL 5e]
Architecture: [Windows 4.0]
Driver Path: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV]
Datafile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.PPD]
Configfile: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV]
...
...
...
[Windows NT x86]
Printer Driver Info 2:
Version: [2]
Driver Name: [Lexmark Optra R Plus Series]
Architecture: [Windows NT x86]
Driver Path: [\\SERVER\print$\W32X86\2\RASDD.DLL]
Datafile: [\\SERVER\print$\W32X86\2\OPTRA.DLL]
Configfile: [\\SERVER\print$\W32X86\2\RASDDUI.DLL]


rpcclient -U admin%pass enumdrivers 3 server, however, zips through
the Windows 4.0 stuff and then sits there before eventually giving
this:
[Windows 4.0]
Printer Driver Info 3:
Version: [0]
Driver Name: [HP LaserJet 5Si PCL 5e]
Architecture: [Windows 4.0]
Driver Path: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV]
Datafile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.PPD]
Configfile: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV]
Helpfile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.HLP]

Dependentfiles: [\\SERVER\print$\WIN40\0\hplj5si2.ppd]
Dependentfiles: [\\SERVER\print$\WIN40\0\hplj5si2.hlp]
Dependentfiles: [\\SERVER\print$\WIN40\0\adobeps4.drv]
Dependentfiles: [\\SERVER\print$\WIN40\0\pscript.ini]
Dependentfiles: [\\SERVER\print$\WIN40\0\psmon.dll]
Dependentfiles: [\\SERVER\print$\WIN40\0\iconlib.dll]
Dependentfiles: [\\SERVER\print$\WIN40\0\fonts.mfm]

Monitorname: [PostScript Language Monitor]
Defaultdatatype: []

cli_pipe: return critical error. Error was Call timed out: server did not respond 
after 1 milliseconds
cli_pipe: return critical error. Error was Call timed out: server did not respond 
after 1 milliseconds
cli_pipe: return critical error. Error was Call timed out: server did not respond 
after 1 milliseconds
cli_pipe: return critical error. Error was Call timed out: server did not respond 
after 1 milliseconds
result was NT_STATUS_UNSUCCESSFUL

I'm trying to hack up a printer cloning script that grabs all the
driver files and bits for a printer using enumdrivers and sticks them
onto another server using adddriver, addprinter, etc. Obviously the
above failure hampers that notion somewhat. Is this a flaw in
rpcclient or in the Windows box?

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

caitlin says, climbing satisfies 2 apparent needs of mind: bashing my knees
and shoe fetishism
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] rpcclient enumdrivers 3 times out on NT drivers

2003-02-12 Thread Ronan Waide 
On February 12, [EMAIL PROTECTED] said:
 This is puzzling me (and hampering some work, slightly):
 
 NT4SP6 + full updates server, with some printers attached.

Woopsy, forgot to mention:
Samba HEAD. Administrative user, joined to the domain, in printer
admins group, etc.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

It's a horrible thing to watch, almost like watching an infant tottering
 toward a porcupine. - Kyle Jones on MIS people writing C
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

rpcclient adddriver: core dump

2003-02-12 Thread Ronan Waide 
Samba HEAD

Looks like it's triggered by not closing quotes:

[root@workst1 root]# rpcclient -U admin%passwd -W GROUP workst1 -d2
added interface ip=192.168.168.250 bcast=192.168.168.255 nmask=255.255.255.0
rpcclient $ adddriver Windows 4.0 HP CL 8500 - 
PCL:HPCPCLA.DLL:HP_LJ85.PPD:HPCPCLA1.DLL:H
Segmentation fault

(the second param to addriver is incomplete due to a cut-and-paste
mishap; hitting return on it produces the segv.)

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

It never ceases to amaze me how a 50% pay rise, overtime and low mileage can
 make you swallow your pride so easily. - Alan Weadick

one more rpclient buglet

2003-02-12 Thread Ronan Waide 
Added a driver using:
(B  adddriver "Windows 4.0" "PR2:NULL:NULL:NULL:NULL:NULL:NULL:NULL"
(B
(BNow I get funny characters in the enumdrivers output:
(B[root@workst1 root]# rpcclient -U user%pass -c "enumdrivers 2" workst1  
(B
(B[Windows 4.0]
(BPrinter Driver Info 2:
(BVersion: [0]
(BDriver Name: [PR2]
(BArchitecture: [Windows 4.0]
(BDriver Path: [%/1€Œiso8859-15,A0(B`]
(BDatafile: [t]
(BConfigfile: [%/1€iso8859-15,A7Pa?(B]
(B
(BAlso
(B  adddriver "Windows NT x86" "PR2:NULL:NULL:NULL:NULL:NULL:NULL:NULL"
(B
(Bfails, but I'm not yet sure why.
(B
(BCheers,
(BWaider.
(B-- 
([EMAIL PROTECTED] / Yes, it /is/ very personal of me.
(B"So, while thinking about all this, I realized that my job could be
(B defined as systematically, judiciously, deliberately forgetting
(B things." - smarry

[Samba] which ACL attributes are supported by Samba?

2003-02-06 Thread Ronan Waide 
I've tried to determine this empirically, but have run foul of config
issues that won't be resolved in the immediate future. Basically, I
know that Samba + ACL + an acl-aware filesystem will allow me to
assign unix-style permissions to arbitrary groups of people for a
given file. However, Windows has additional permissions: delete, take
ownership, and, um, I think possibly one or two more. My question is
whether these are supported by Samba if I have extended attributes
switched on (which, as far as I can tell, should allow you to define
whatever attributes you like for any file)?

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

There's no place like ~. - Brian P. Casey
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] which ACL attributes are supported by Samba?

2003-02-06 Thread Ronan Waide 
On February 6, [EMAIL PROTECTED] said:
 you don't need ACL support for unix style permissions
 (user, group, world)
 ACLs are lists of arbitrary users that have the specified permissions on
 the files you choose.

You do if you want more than one set of user/group acls per file.

Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

I can't seem to undo 2,500 years of western rational thinking just by reading
 a couple Gary Snyder poems. - [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] which ACL attributes are supported by Samba?

2003-02-06 Thread Ronan Waide 
On February 6, [EMAIL PROTECTED] said:
 I just tried to set an acl on take ownership it doesn't stick - it
 should.
 Read and write attributes does stick.

Thanks, that's what I'd seen myself. I guess it's not supported at
present.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

theres no polite way to deal with sales ppl - Louise
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

bug in findsmb

2003-01-29 Thread Ronan Waide 
line #29:
  } else (m/-r/) {

should be
  } elsif (m/-r/) {

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

kate says, no, there's a lot of red in heliotrope.
kate says, we're talking like #993366 or so

Re: [Samba] File size limit = 2G?

2003-01-28 Thread Ronan Waide 
On January 28, [EMAIL PROTECTED] said:
 The linux box can see the large Windows files, but does not see their
 
 correct sizes -- it reports an absurdly big size when using ls -l. Files
 less 
 
 that 2GB show up correctly. Trying to create a 3G file on the Windows box
 
 from the linux box, using:

Looks to me like you're using smbmnt, which isn't technically part of
samba - it's part of the kernel. Urban Widmark has patches to enable
large file support at http://www.hojdpunkten.ac.se/054/samba/ 

Note, this was discussed in the archives recently. Use the archive
search at marc.theaimsgroup.com before posting questions.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
troc says, Or as the 'bot says in IRC: Look buddy, doesn't work is a strong
statement. Does it sit on the couch all day? Is it making faces at you?
Does it want more money? Please be specific!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help

2003-01-28 Thread Ronan Waide 
On January 28, [EMAIL PROTECTED] said:
 I don't have HPUX, so I don't know what to suggest for that. I just know
 getent won't work without winbindd in nsswitch.conf on Linux.

I think the point that was being made is that NSS support on HPUX only
supports a few known types, of which one is LDAP. The discussion was
basically about faking out the system so that what it thinks is LDAP
is actually winbind.

Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Love wouldn't be blind if the braille wasn't so damned much fun.
 - Armistead Maupin
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

core dump in rpcclient getdriver

2003-01-28 Thread Ronan Waide 
hi folks,

ran this command:
rpcclient -U Administrator%password PDC -c getdriver PRINTER

and got this output:

[Windows 4.0]
Segmentation fault (core dumped)

Here's the stacktrace:

#0  0x080a8abd in strlen_w (src=0x0) at lib/util_unistr.c:312
#1  0x0809bf6f in pull_ucs2 (base_ptr=0x0, dest=0xbfffd8c0 \027, src=0x0, 
dest_len=256, src_len=4294967295, flags=25) at lib/charcnv.c:570
#2  0x080a88b6 in rpcstr_pull (dest=0xbfffd8c0 \027, src=0x0, dest_len=256, 
src_len=-1, flags=1) at lib/util_unistr.c:173
#3  0x0806f118 in display_print_driver_3 (i1=0x81d61f8)
at rpcclient/cmd_spoolss.c:875
#4  0x0806f4bb in cmd_spoolss_getdriver (cli=0x81b3ed0, mem_ctx=0x81d5238, 
argc=2, argv=0x81d5208) at rpcclient/cmd_spoolss.c:984
#5  0x08069762 in do_cmd (cli=0x81b3ed0, cmd_entry=0x814b5d4, 
cmd=0x8152680 getdriver PR1) at rpcclient/rpcclient.c:497
#6  0x080698a1 in process_cmd (cli=0x81b3ed0, 
cmd=0x8152680 getdriver PR1) at rpcclient/rpcclient.c:556
#7  0x08069e54 in main (argc=6, argv=0xbaf4) at rpcclient/rpcclient.c:753
#8  0x4026e1c4 in __libc_start_main () from /lib/libc.so.6

Poking around in it, the default data type for the printer is NULL,
which is returned to the rpcclient as a null string. So when we get to
this:

875 rpcstr_pull(defaultdatatype, i1-defaultdatatype.buffer, 
sizeof(defaultdatatype), -1, STR_TERMINATE);

the coredump above is generated because i1-defaultdatatype.buffer is
NULL.

This only happens for a level 3 info dump - levels 1 and 2 are quite
okay. I presume the correct fix is to check at
rpcclient/cmd_spoolss.c:875 if the defaultdatatype is NULL or not, but
I'm not 100% sure, so I'll leave that to smarter folks :)

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
The folks from Sendmail gave me a pocket knife.  It has dozens of blades with
 a seemingly infinite number of functions, just like Sendmail.  The first time
 I used it, it broke, just like Sendmail. - Kludge Dorsey

Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help

2003-01-28 Thread Ronan Waide 
On January 28, [EMAIL PROTECTED] said:
 I don't have HPUX, so I don't know what to suggest for that. I just know
 getent won't work without winbindd in nsswitch.conf on Linux.

I think the point that was being made is that NSS support on HPUX only
supports a few known types, of which one is LDAP. The discussion was
basically about faking out the system so that what it thinks is LDAP
is actually winbind.

Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Love wouldn't be blind if the braille wasn't so damned much fun.
 - Armistead Maupin

Re: [Samba] NT PDC to Samba PDC migration

2003-01-27 Thread Ronan Waide 
On January 27, [EMAIL PROTECTED] said:
 Has anyone succeeded in doing a transparent (or an
 as-close-to-as-possible) migration of an NT4 PDC to a Samba PDC?

Yes, search the archives for the procedure I posted on Nov 25 or
thereabouts.

The only problem as such is that if you need to keep the PDC around,
you have to disable the netlogon service on it to stop it trying to
become the PDC again. That or rebuild it from scratch as a regular
server (non-DC).

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
It's ridiculous, you go and suddenly there's no email, or at least
 considerably less... I suppose we just have to face the fact that life does
 revolve around you... - Clarkey
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC+LDAP on FreeBSD

2003-01-22 Thread Ronan Waide 
On January 22, [EMAIL PROTECTED] said:
 1. What packages/ports do I need to install? Because most papers of LDAP 
 online I could find mentioned little about Openssl. However, as I know, 
 it's necessary for the option ldap ssl = start_tls in Samba . Also, I 
 didn't find any ports of nss_ldap, but nss_ldap was mentioned by all 
 samba+LDAP combination. What's wrong with that? nss_ladp didn't support 
 FreeBSD? Without nss_ladp, can I still achieve my goal: Samba+ LDAP as PDC?

FreeBSD doesn't support NSS, as I understand it. What the nss_*
modules do is act as lookup sources when the system needs to identify
a user, host, password, group, etc. So on a Linux system, for example,
you can instruct the system to first look in files (/etc/passwd, etc)
then try LDAP, and so on until a match is found or the sources are
exhausted.

In the case of Samba, this facility is not strictly necessary; Samba's
requirement for working NSS support is solely so it can look up a Unix
account or Group to match the SMB account or group information. You
can get around this by either creating Unix accounts for all your
Samba users, or using one of the non-unix account backends (ldap_nua,
in your case). Note, as far as I know the _nua backends are only
available in Samba 3.
 
 2. Individual configuration/setting for every package.

Tall order. Do you have a working LDAP setup already? You seem to have
a working Samba setup, so what you want is to migrate the information
in that into LDAP. I can't help you with that, since I've not done
it. I'd suggest browsing the mailing list archives.

 3. How to start every service?

Again, a tall order. I'm not a FreeBSD user, so I can't really help
you on this.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

buzzard says, If you are willing to put aside your kneejerk human speciesism,
the AIs are perfectly sympathetically 'no worse' than humans. matrix
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC+LDAP on FreeBSD

2003-01-22 Thread Ronan Waide 
On January 22, [EMAIL PROTECTED] said:
 i made some minor changes to the migrationtools to work properly. (some
 atrribute types are spelled wrong)

What changes? Seems like it might be worthwhile telling the people on
this list, if not the people at padl, about the errors.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

If at first you DO succeed, try not to look surprised - someone @ mot.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbfs + large UID's

2003-01-22 Thread Ronan Waide 
On January 22, [EMAIL PROTECTED] said:
 Is there any work in progress to fix that problem? I'm running Linux
 2.4.20 and SuSE 8.1 installed samba 2.2.5 but I've also played with
 samba-2.2-cvs as of today.

http://www.hojdpunkten.ac.se/054/samba/

Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

The interior decorating site is something to behold. Preferably with
 welders glasses. - AjD
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] sort-of fix for net rpc vampire account creation

2003-01-21 Thread Ronan Waide 
This patch allows net rpc vampire to create accounts in the same way
that smbpasswd does, i.e. it will attempt to use the appropriate
account creation function for the backend in use. From reading the
comments on the top of the local_password_change function, either I
shouldn't be going this route or local_password_change is due for some
sort of change in status. The only major caveat I've found is that
because net rpc vampire does a getpwnam_alloc() immediately after
account creation, which fails in my case because I'm using ldap_nua as
my backend so getpwnam_alloc() will /always/ fail.

Cheers,
Waider.

Index: source/utils/net_rpc_samsync.c
===
RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v
retrieving revision 1.16
diff -a -u -r1.16 net_rpc_samsync.c
--- source/utils/net_rpc_samsync.c  20 Dec 2002 20:23:06 -  1.16
+++ source/utils/net_rpc_samsync.c  21 Jan 2003 12:13:36 -
@@ -318,6 +318,24 @@
add_ret = smbrun(add_script,NULL);
DEBUG(1,(fetch_account: Running the command `%s' 
 gave %d\n, add_script, add_ret));
+   } else {
+ /* Need to add the user by other means */
+ int local_flags = LOCAL_ADD_USER; /* XXX */
+ BOOL ret;
+ pstring err_str;
+ pstring msg_str;
+
+ ret = local_password_change( account, local_flags, NEWPASS /* XXX 
+*/, err_str, sizeof( err_str ), msg_str, sizeof(msg_str));
+ if (*msg_str)
+   printf( msg_str );
+ if (*err_str)
+   fprintf(stderr, err_str);
+ if ( !ret ) {
+   /* FIXME any other cleanup? */
+   DEBUG(3, (Could not create account %s\n, account));
+   pdb_free_sam(sam_account);
+   return NT_STATUS_NO_SUCH_USER;
+ }
}
pw = getpwnam_alloc(account);
if (pw) {

-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Life? hell, i haven't had time to do laundry. I'll get all sorts of life
 soon enough if that keeps up. - AjD
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sort-of fix for net rpc vampire account creation

2003-01-21 Thread Ronan Waide 
On January 21, [EMAIL PROTECTED] said:
 sort of change in status. The only major caveat I've found is that
 because net rpc vampire does a getpwnam_alloc() immediately after
 account creation, which fails in my case because I'm using ldap_nua as
 my backend so getpwnam_alloc() will /always/ fail.

Errr. never finished this point. Because the getpwnam_alloc() fails,
the rest of the sync doesn't get executed. If you run net rpc vampire
a second time, though, the rest of the account info gets transferred.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

...all I can think that I taught you was after you have sent the e-mail pick
 up the phone - Paul Healy
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sort-of fix for net rpc vampire account creation

2003-01-21 Thread Ronan Waide 
Continuing the saga:
Groups are not migrated by the ldap_nua backend, even if I create a
posixGroup entry. After a bit of prodding, I found the latter was
because Samba had set up group mappings in group_mapping.tdb, which my
manually-created LDAP groups didn't agree with. Removing
group_mapping.tdb fixed /that/ problem - i.e. accounts have their
group information properly updated - but the basic problem, that
groups are not migrated - still exists. And it appears that
smbgroupedit is not capable of creating a new group in the same way
that smbpasswd is capable of creating a new user.

I'm copying this to samba-technical, since I believe it's an
implementation detail at this point.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
Some people just don't know which side of the good/evil thing to side
with, despite the obvious fun now, pay later advantages of the evil
side for those of us who need instant gratification.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sort-of fix for net rpc vampire account creation

2003-01-21 Thread Ronan Waide 
Continuing the saga:
Groups are not migrated by the ldap_nua backend, even if I create a
posixGroup entry. After a bit of prodding, I found the latter was
because Samba had set up group mappings in group_mapping.tdb, which my
manually-created LDAP groups didn't agree with. Removing
group_mapping.tdb fixed /that/ problem - i.e. accounts have their
group information properly updated - but the basic problem, that
groups are not migrated - still exists. And it appears that
smbgroupedit is not capable of creating a new group in the same way
that smbpasswd is capable of creating a new user.

I'm copying this to samba-technical, since I believe it's an
implementation detail at this point.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
Some people just don't know which side of the good/evil thing to side
with, despite the obvious fun now, pay later advantages of the evil
side for those of us who need instant gratification.

Re: [Samba] Samba-LDAP - Getting Computer accounts to livein ou=Computers

2003-01-20 Thread Ronan Waide 
On January 17, [EMAIL PROTECTED] said:
 Well, it is not called stable and surely there are still a lot of bugs
 somewhere. We've migrated our ~700 user network from ActiveDirectory to
 samba 3.0 about one month ago, and up to now there are surprisingly few
 problems (3.0 is running on our Domain Controllers only, the
 fileservers

Nice to see someone's testing out this code before I commit my network
to it :)

I'm currently trying to get net rpc vampire working with 
sam backend = ldap. I am a little confused by the absence of an
ldap-adduser script in the Samba CVS HEAD, since without an adduser
script I'm not getting any accounts created. Is Samba supposed to
create the ldap accounts itself, or is the ldap adduser script simply
deprecated, and what are people using to accomplish this right now?

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

There's a certain uniformity of suck that must be maintained or the UNIX
 community won't take you seriously. - Rocco Caputo on naming books.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP PDC, net rpc vampire

2003-01-20 Thread Ronan Waide 
still digging at this:

[2003/01/20 14:26:38, 2] passdb/pdb_ldap.c:ldapsam_connect_system(421)
  ldap_connect_system: succesful connection to the LDAP server
[2003/01/20 14:26:38, 4] passdb/pdb_ldap.c:ldapsam_open(472)
  The LDAP server is succesful connected
[2003/01/20 14:26:38, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1573)
  We don't find this user [Administrator] count=0
[2003/01/20 14:26:38, 3] utils/net_rpc_samsync.c:fetch_account_info(333)
  Could not create account Administrator
[2003/01/20 14:26:38, 0] passdb/passdb.c:pdb_free_sam(355)
  pdb_free_sam: SAM_ACCOUNT was NULL

At this point I am suspecting that it's expecting an LDAP account to
exist already because I'm using sam backend = ldap. I'll try ldap_nua
to see if it improves things, but if anyone can interrupt me and tell
me what I'm missing I'd appreciate it.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
yeah, you're in no position to be talking. telling dirty limericks to
 a cat lady on the other side of the planet at half past two in the
 morning? really, now. - Meredith.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: LDAP PDC, net rpc vampire

2003-01-20 Thread Ronan Waide 
On January 20, [EMAIL PROTECTED] said:
 At this point I am suspecting that it's expecting an LDAP account to
 exist already because I'm using sam backend = ldap. I'll try ldap_nua
 to see if it improves things, but if anyone can interrupt me and tell
 me what I'm missing I'd appreciate it.

Right, I think I've figured this out:

this is in utils/net_rpc_samsync.c

if (*add_script) {
int add_ret;
all_string_sub(add_script, %u, account,
   sizeof(account));
add_ret = smbrun(add_script,NULL);
DEBUG(1,(fetch_account: Running the command `%s' 
 gave %d\n, add_script, add_ret));
}

So this is expecting an add user/machine script.

The next line:

pw = getpwnam_alloc(account);

checks to see if the account was created. And finally:

if (pw) {
 /* stuff... */
} else {
DEBUG(3, (Could not create account %s\n, account));
pdb_free_sam(sam_account);
return NT_STATUS_NO_SUCH_USER;
}

prints an error message if the account /wasn't/ created.

So at this point, the only place a LDAP account will be created is if
getpwnam_alloc() does it. And, well, it doesn't. So for net rpc
vampire to work, you need a working ldap-oriented add user script.

Which goes back to my original question; the previously used script
has been put in the Attic. I'm guessing longterm the intention is to
use LDAP directly, rather than an intermediary script. But IMHO it'd
be better to leave the existing LDAP script in place until the new
LDAP stuff works?

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Your broker is a half-naked blue-and-orange crypto-anarchist?
  - Neal Stephenson / The Great Simoleon Caper
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] auto start

2003-01-13 Thread Ronan Waide 
On January 13, [EMAIL PROTECTED] said:
 3)  from a console (or, in case you have no GUI), you type 'ntsysv'. 
 Again, this gives you a list of services and checkboxes; tick off 'smb'.

And perhaps the best way, since it's the (current) Red Hat preferred
method:

open a console/root terminal and enter
 chkconfig smb on
 service smb start

chkconfig --list smb will show you the current status of Samba in
terms of which run levels it runs in. Practially speaking, chkconfig
smb on will switch it on for the levels that matter.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
One or more sentences in this post have been over-leavened with
 sarcasm and/or irony. The author fully expects to be misunderstood
 because of this, you illiterate morons. He doesn't care. - AjD
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: (no subject)

2003-01-09 Thread Ronan Waide 
On January 9, [EMAIL PROTECTED] said:
 samba is calling the 'add user script' option for creating machine
 accounts.  does the 'add machine script' option exist in 2.2.7?

Nope, it's new for Samba 3.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

i do this some times to check your still alive and have not been killed in
 some tragic accident involving alcohol, geekery, GPS and high voltage - Bob
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: (no subject)

2003-01-09 Thread Ronan Waide 
On January 9, [EMAIL PROTECTED] said:
 mmm
 Perhaps we should do this a bit differently then for the smbldap
 scripts, eh?
 
 when samba gives the machine name in %u, does it trail a dollar sign on
 it?   or does it just give the machine name alone?

Dunno, I've not traced it. I'm guessing it has the dollar on it, but
you'd need to monitor your logs to check.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
I spent a lot of time being 'depressed, despite', then some time being
'depressed, because' and 'depressed, in addition to which'. Currently
I think I'm at 'neutral, despite'.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RH8 and Samba 3

2003-01-08 Thread Ronan Waide 
On January 8, [EMAIL PROTECTED] said:
 On Wed, Jan 08, 2003 at 11:06:04AM -0600, Darin Bawden wrote:
  Greetings everyone,
  Just a quick question, I hope.  I installed the 3.0 alpha for an RH 8.0 test
  server.  In the smb.conf file I have printing=cups and printcap=cups.  In
 
 should this not be printecap=yer cups printcap fully qualified path name?
 

Nope. printcap=cups and printing=cups works just fine.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

for god's sake, give me some credit.  i may be an egocentric jerk, but i'm
 not a COMPLETE asshole. - Meredith
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

inconsistent properties (Samba 3.0-HEAD)

2003-01-07 Thread Ronan Waide 
Hi,

under current CVS samba I've set up a BDC to test some migration
stuff. If I look at it in Network Neighbourhood and view its
properties, it's listed as Windows NT 4.9 Primary. If, however, I look
at it in Server Manager, it's listed as Windows NT 4.9 Backup (which
is what I'd expect, since it /is/ a backup server).

Not a problem, just a note :)

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

I'm okay. I am not being starved, or beaten, or unnecessarily frightened. 
- Douglas Coupland, _Microserfs_

Re: [Samba] mounting smbfs...

2003-01-06 Thread Ronan Waide 
On January 6, [EMAIL PROTECTED] said:
 
 Try sudo.  Put a line into sudoers that allows your users to only use the 
 command mount -t smbfs //machine_name/share /home/usr_name/music

For user-level mounts, try adding the 'user' flag to the fstab:

//pdc/d   /mnt/tmpsmbfs   noauto,user 0 0

This will prompt the user for their password, and use their unix
username to do the mount. Note, for reasons that are not entirely
clear to me, the user must own the mount point, and only root can
unmount these partitions after they've been mounted. I may look into
this if I get time, as user mounts don't normally behave like that
(the user who mounts can also unmount, and the user doesn't need to
own the mountpoint)

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

These drives do not respond to the disk query in 24 hours, considered here to
 be more than a reasonable response time. - BorderWare Knowledgebase
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SWAT Question

2003-01-05 Thread Ronan Waide 
On January 5, [EMAIL PROTECTED] said:
 I am running a Samba Server on a 7.0 Linux machine.
 I am having poor luck in enabling SWAT. As this machine
 has no inetd.conf file but instead has a xinetd.conf file.
 To this file I have added the line:
 
 swat stream tcp nowait.400 root /usr/sbin/swat swat
 
 Then rebooted the system, restarted samba.
 Then I've tried to connect to the IP, http://10.0.2.26:901
 and it doesn't display the swat admin page.
 
 I am not sure what I'm doing wrong.
 
 Steve L

xinetd.conf is very different to inetd.conf. Rather than editing the
xinetd.conf file directly, put the details of the service into a file
in /etc/xinetd.d/ and format it like this:

# default: on
# description:  swat configures samba
service swat
{
socket_type = stream
protocol= tcp
port= 901
type= UNLISTED
wait= no
user= root
server  = /usr/sbin/swat
server_args = swat
disable = no
}

then restart xinetd (service xinetd restart) and try again.

Note, this is untested. You may need to check the xinetd.conf manual
page to make sure the above is formatted correctly.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

AjD feels frustrated in his attempts to establish the delinitations of
  horror in puppy-burying.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SWAT Question

2003-01-05 Thread Ronan Waide 
On January 5, [EMAIL PROTECTED] said:
 Indeed, Mr. Waide's answer should suffice; however, before you take the
 opportunity of creating that file, you may want to look in /etc/xinetd.d
 to see if there is a file called swat.  If that file is there, then
 you only need edit that file and change the disable=yes to
 disable=no and then, as he indicated, restart your smb service.
 
 Sean

better still, use chkconfig:

[root@qaz ~]# chkconfig --list | grep swat
  swat: off
[root@qaz ~]# chkconfig swat on

Note, this may not work in 7.0; I'm basing this (and the previous
post) on 7.3. The above is certainly the preferred way to
activate/deactivate services in 7.3 and up for which there is already
a file in /etc/xinetd.d

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

bc says, Tell me about Ireland
kate says, green, lumpy, no snakes.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] known bugs/issues/gotchas

2003-01-03 Thread Ronan Waide 
Hi sambafolks,

I see a number of topics cropping up here repeatedly over the last few
weeks:

* Files  4GB not supported
  This is confirmed and solved in 2.2.7a, but not in the current
  incarnation of smbfs (which is not part of samba, I know, but will
  get discussed here as a related topic)

* desktop.ini weirdness in profiles
  I've seen this mentioned a few times with no sign of a real
  solution.

* problems with Win2KSP3 clients
  Again, several mentions, no solutions offered

My question is, is there a canonical place to go where I can find a
list of /all/ bugs/issues currently under investigation by the samba
team? I see from the development page that you use IRC to coordinate
development, but I presume at some point this falls out into Tridge
is looking at the Win2KSP3 issue while Jerry is working on
desktop.ini

My main reason for asking is that I'm in the middle of a rather
complicated migration to Samba and I'd prefer to know up front what's
going to bite me, rather than having to fend off angry users
afterwards.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

There's a difference between not shy and stalking.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] known bugs/issues/gotchas

2003-01-03 Thread Ronan Waide 
On January 3, [EMAIL PROTECTED] said:
  * desktop.ini weirdness in profiles
I've seen this mentioned a few times with no sign of a real
solution.
 
 I'm not sure what you mean by this - given that what gets uploaded into

I believe Dragan Karnic (sp? sorry, don't have the name to hand!)
mentioned this most recently. Something along the lines of shortcuts
to folders getting mangled: when you click the shortcut, you get a
folder with two items, one of which is a second shortcut to the folder
and the other of which is a desktop.ini file. Those aren't the exact
details; I'll go mining the archives and see what I can dig up.
 
  * problems with Win2KSP3 clients
Again, several mentions, no solutions offered
 
 Please include details sufficient to identify the problem you
 specifically refer to.

Umm. I believe there was one mentioned just yesterday, in great detail
(someone who'd run through the entire DIAGNOSIS.TXT file step-by-step
and included the results of each test), the net result of which
appeared to be that Win2K could see the Samba server but couldn't
access the shares. Again, I'll go mining the archives.

 Not particularly.  Most issues get addressed on the samba-technical
 list, so reading the archives is often a good idea.  Certainly I don't
 know of any particular efforts on the two (rather vauge) bugs you have
 mentioned.  Read the CVS history at build.samba.org if you are wanting
 to follow development closer.

Yep, alas, I don't have as much time as I'd like to devote to that :)

I don't mean to pick holes in Samba, note. The two items I mentioned
above are things I've seen passing by on the list without any apparent
solution, and I've seen several mentions of both items, which is why I
asked if there was a list of such issues being maintained.
 
 If you detail your expected setup to the list, you might find people who
 can give you advise as to the more 'generic' or 'problem space' gotchas
 - these are more likely to cause you trouble than specific issues in the
 latest Samba.  (Simply because the main problems Samba has are problems
 we can't deal with - like the fact we run on Unix, not NT :-).

:)

Setup is, to be honest, a cross between trivial and convoluted: the
trivial part is that it's a small network, less than 100 people
total. The convoluted part is that it's an amalgamation of several
companies, so the network is a disaster. I've cleaned up most of the
stray workgroups and that sort of thing, but the following tasks
remain:

* Remove NT PDC, replace with Linux PDC
  - this is why I was messing about with net rpc vampire late last
year. I got no feedback on the description I posted about that, so
I assume I wasn't doing anything /to/ insane...

* Switch all local profiles to roaming
  - yes, this is a generic Windows Domain issue, not a Samba
issue. The roaming profiles will end up on a Samba server,
however, which is why I'm paying close attention any time someone
mentions a problem with them.

 Andrew Bartlett

Cheers,
Waider.
-- 
That actually holds as a general rule. French folk will often help out
in fluent english after you've stuttered for ten minutes, telling them
you are the son of a fermented potato and would like to wash your
wife's chilblains in some fresh orange juice.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using the right network interface

2003-01-02 Thread Ronan Waide 
On January 2, [EMAIL PROTECTED] said:
 Check that this says:
 
   interfaces = eth0 lo
 
 where lo is whatever the loopback interface is called on your system. To
 find it's name run 'ifconfig -a'

I'd realised that. I'm not exactly a newcomer to unix/samba :)
 
 What is the output of 'netstat -a'?

netstat was originally (I thought) showing nothing listening on
0.0.0.0. Reading the man page I realise this can't be right, since
nmbd needs to listen there for broadcast traffic. It's currently
showing a listener on 0.0.0.0. Tweaking socket address, interfaces,
and bind interfaces only doesn't appear to change this, but as I said
that's what I'd expect having read through the manual page. I'm just
suffering from some sort of delusion that I managed to switch the
service off at some point.
 
 HAve you set up a firewall on your system? How have you firewalled port
 137/udp?

No, the whole point of my setup is to try and configure any services
on the machine to be safe in the absence of a firewall. If I don't
have a listener on a given interface, then it doesn't matter if the
firewall is working or not, you can't get any information from that
interface for whatever service you're looking for.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

merde says, in other news, our mini-blimp blew away.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] applying ACL patches to Red Hat: update

2002-12-16 Thread Ronan Waide 
Okay, it appears that something in my patches (unposted!) breaks the
NFS daemon in such a way as to cause oopses. This is not good, so I'll
see if I can debug it before offering the patches for general
consumption.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

It's inherently difficult to get reliable information about an event that
 consisted of the destruction of all recorded information. - Neal Stephenson
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

leak of some sort in smbcacls

2002-12-15 Thread Ronan Waide 
Hi,

just spotted this while leafing through the CVS tree (some code elided
for clarity)

source/utils/smbcacls.c

static int cacl_dump(struct cli_state *cli, char *filename)
{
[-]
fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
[-]
if (!sd) {
printf(ERROR: secdesc query failed: %s\n, cli_errstr(cli));
return EXIT_FAILED;
}
[-]
cli_close(cli, fnum);
[-]
}


So basically, cli_close doesn't get called for fnum if the security
descriptor (sd) is null. Since smbacls appears to be designed for one
file at a time right now, this probably isn't a major issue.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
Anyone who doesn't meet these standards will be cast into the outer darkness,
 where there is not only wailing and gnashing of teeth, but squishy mud and
 frogs that go 'ribbit'. - joshua geller

Re: [Samba] newbie: Verification of the downloaded Samba source

2002-12-11 Thread Ronan Waide 
On Tue, 10 Dec 2002, alan brown wrote:
 Could not find a valid trust path to the key.  Let's see whether we can
 assign some missing owner trust values.
 No path leading to one of our keys found
 gpg: Warning: This key is not certified with a trusted signature.
 Gpg: There is no indication that the signature belongs to the owner.

All this is saying is that yes, the signature does check out against
the key you provided; however, gpg has no indication of the validity
of that key. The wrong way to solve this is to use gpg to set the key
to 'trusted'; the right way is to obtain a chain of keys that connects
the Samba key to a key you trust, such as your own. Obviously the
right way is more difficult since you need to obtain the keys that
signed the samba key, then the keys that signed /those/ keys, and so
on until you get to a key that you've signed yourself or a key that
you have declared as trusted.

This is pretty integral to GPG/PGP, so I'd suggest you read up on
these to learn more.

Cheers,
Waider. D9B006F7 in GPG land :)
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

`My fault' - what you say when you detonate a grenade in the midst of your
 comrades and send their body parts flying. - Julian Waldby
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using the right network interface

2002-12-11 Thread Ronan Waide 
On December 11, [EMAIL PROTECTED] said:
 Well, I thought I had bind interfaces only = Yes but it is commented
 out. I commented out the interfaces lines and restarted Samba. Now

Red Hat 7.3
samba-2.2.7-1.7.3

with the interfaces line, there's still a listener on the ppp0
interface (the one I don't want a listener on). Adding bind interfaces
only = yes makes that listener go away.

Thanks for the pointer. I'd gone through the manual page some months
ago and apparently missed this.

Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

No, I keep thinking you're a real country rather than a potato-worshipping
 bit of mud. - Susan Witterick
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba ACL

2002-12-11 Thread Ronan Waide 
On December 11, [EMAIL PROTECTED] said:
 Waider,
 Would you mind commenting further on what you had to do to get RedHat 8.0
 support ACLs.
 
 Thanks
 K.C.

Sure:
* Download kernel SRPM
* Modify patches[1]
* Spend several hours rebuilding kernel packages

[1] is obviously the tricky bit. I'm testing out the modified patches
at the moment, plus I've offered them to the bestbits guy but not yet
received a reply. I'll stick 'em on my website tomorrow at some point
and post the URL here for interested parties.

Note, I've done this for Red Hat 7.3 but since the kernel versions are
the same (2.4.18-18) I think the patches will apply easily enough to
the Red Hat 8.0 SRPM.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Life sucks. Get a helmet.
 - Denis Leary, as quoted by Susan Witterick on It never rains, it POURS.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using the right network interface

2002-12-10 Thread Ronan Waide 
On December 10, [EMAIL PROTECTED] said:
 Just having a senior moment here, but, I recall vaguely that samba will
 listening on all NIC's but ignores the ones you tell it to ignore with.
 
 Joel

Hmm. My home network config has samba configured to only listen on the
internal network, but nmb seems to ignore that and listen on the
external (ppp) network as well. And it definitely works, because I
occasionally have port-scanning morons successfully connecting to nmb
and getting a browse-list. Of course, they can't do anything more with
it, but.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

$HOME is where the .heart is.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] 2gb limit weird filenames

2002-12-10 Thread Ronan Waide 
For the record, stock RedHat 7.3 kernel (2.4.18-18.7.x) supports files
greater than 2GB.

Rather than debating the point as to whether various things
theoretically support  2GB files or not, it's rather easy to
empirically determine support using dd to create a file greater than
2GB.

Just my $.02 and all.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

My evil is unjust and cruel in the smallest and most annoying way possible.
  - Catherine Clarke
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Windows 2000 Password Authentication

2002-12-09 Thread Ronan Waide 
On December 9, [EMAIL PROTECTED] said:
 Is there a way to configure Samba so that all password authentication is
 done through the Windows domain controllers?  
 

I presume you mean all samba authentication: join your server to the
domain. This is covered pretty exhaustively in the documentation.

If you wish your unix authentication to be done via Samba also, look
at winbind and the documentation for that.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
Went to Lost World with Dave last nite before work. The two of us
 were destroyed and the movie sucked too. We are no longer in awe of
 dinosaurs. - Donal
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba ACL

2002-12-08 Thread Ronan Waide 
On December 7, [EMAIL PROTECTED] said:
 No, the option/s/ are all enabled in the kernel. What's missing, I
 think, is all the rest of the support: libacl, libattr, patched
 fileutils, etc. I'm currently rebuilding various bits and pieces to
 see if I can make it work without too much grief.

Okay, clarifying my clarification. The ACL defs are in the main
configuration section, but none of the patches in the rest of the
kernel tree appear to be present. Drat.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
That's something tas mentioned in passing once or twice...DSP, so
 what is it? If it's anything to do with the glorious Limerick era
 then David's probably better off out of it. - Dalton Moloney 29/03/1996
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba ACL

2002-12-07 Thread Ronan Waide 
On December 3, [EMAIL PROTECTED] said:
 
 So it looks like the option is turned on in the kernel config, but the 
 patch is not actually in the kernel.

No, the option/s/ are all enabled in the kernel. What's missing, I
think, is all the rest of the support: libacl, libattr, patched
fileutils, etc. I'm currently rebuilding various bits and pieces to
see if I can make it work without too much grief.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

Turtles. Big, green turtles. - Orla
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba ACL

2002-12-04 Thread Ronan Waide 
On December 4, [EMAIL PROTECTED] said:
 
  Actually, RedHat's recent precompiled kernels appear to have acls
  enabled by default.
 
 I installed RedHat 8.0 and acl on ext2/3 didn't work, with the precompiled
 Kernel from SGI and xfs acl work fine.

Yup, this is why I said appear to have rather than have.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

AjD feels frustrated in his attempts to establish the delinitations of
  horror in puppy-burying.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba ACL

2002-12-03 Thread Ronan Waide 
On December 3, [EMAIL PROTECTED] said:
 acls can work with ext2/ext3 but you have to apply the patches from
 bestbits.
 
 xfs is a better choice and has the acl stuff built in.

Actually, RedHat's recent precompiled kernels appear to have acls
enabled by default.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
The majority were fairly uncategorizable freaks, but you could tell that even
 the most normal-looking people there were still the weirdest people at their
 day job. - Jamie Zawinski
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: using samba as unix network filesystem

2002-12-02 Thread Ronan Waide 
On December 2, [EMAIL PROTECTED] said:
 
 The trouble is that if you enable this for any shared file space, your MS
 Windows client applications will break.

I think the point he was making is that he's using it solely for
Linux-to-Linux communication, which I think is the wrong tool for the
job, but hey.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

where's my surprise party, where's my cake and ice cream,
 where's my dozen roses, where's my unconditional love? - meredith
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: AW: [Samba] attrib +R myowndir fails to write-protect my own dir

2002-11-28 Thread Ronan Waide 
On November 28, [EMAIL PROTECTED] said:
 actually a second attempt at drawing your attention to the fact 
 that compliance with M$ quirks and kinks is not something to be 
 ashamed of but rather reason to be proud.

I think you'll find that the Samba team are quite familiar with this
opinion, especially in the context of the Samba TNG fork :)

Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

kate says, no, there's a lot of red in heliotrope.
kate says, we're talking like #993366 or so
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows XP

2002-11-26 Thread Ronan Waide 
On November 26, [EMAIL PROTECTED] said:
 
 You need to disable RequiresSignorSeal in the registry. If you check the
 Samba source tarball, ~samba/docs/Registry/WinXP_SignOrSeal.reg is the
 file you need to double-click on in XP to turn off this feature. The other
 way is to use the Security editor to turn this off.

I've a vague suspicion that this may bite me shortly, but anyway. Is
this registry fix necessary for the CVS/alpha code, and is it
documented somewhere other than in the comment at the top of the
registry file (i.e. what the heck does it do?)

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

purl Beware the lollipop of mediocrity. Lick it once and you suck forever.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows XP

2002-11-26 Thread Ronan Waide 
On November 26, [EMAIL PROTECTED] said:
 
 This feature was possible in Win2K but disabled by default, in WinXP it is
 enabled by default. It is necessary to turn it off in XP if you want to
 connect with NT4 servers also.

Aha, so if I have an NT4 server already I should consider this a
non-issue. That's fine. Thanks.

Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

I'd fix it for you, but I don't want to break into your site.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] nmblookup not honoring smb.conf?

2002-11-26 Thread Ronan Waide 
On November 26, [EMAIL PROTECTED] said:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On Wed, 20 Nov 2002, adam morley wrote:
 
  my problem is that while nmblookup is reading smb.conf (see attached
  strace) its not honoring the name resolve order line and checking with
  the wins server.  am i missing something obvious?
 
 Correct.  This is by design.  To query a WINS server use
 
   nmblookup -U ip of wins server -R name to resolve
 
 I think this is in the nmblookup man page.

Reminds me: is it also correct that nmbd ignores which address
it's supposed to listen on, and instead binds to 'em all? I prefer to
configure my services so that they're not visible on the
Internet-facing side of things even if my firewalling is broken, just
in case my firewalling gets broken somehow.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
When you say `I wrote a program that crashed Windows', people just stare
 at you blankly and say `Hey, I got those with the system, *for free*'
   - Linus Torvalds
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

  1   2   >