Re: **** SPAM **** 6.5: Re: [Samba] Re: nazi spam in German over list address
On May 16, [EMAIL PROTECTED] said: All Has any consideration been made to converting the list to a forum? in that way everyone can just check the web site instead of checking the inbox? For those folk who rather read the mail most forum software can Somewhat off-topic for the list, and possibly discussed before, but you can always read the list via one of the list-archive sites, such as the official archive, http://lists.samba.org/archive/samba/ or via a mail-to-news gateway, nntp://news.gmane.org/ Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Flames will be automatically sent to the Windows equivalent of /dev/null, once I find where that actually is. - Tony Collins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: nazi spam in German over list address
On May 16, [EMAIL PROTECTED] said: Basically if re-training your SPAM filter does not help and one really wants to get rid of all those junk mails, installing a challenge/response system like TMDA behind a statistical filter (e.g. DSPAM) would be a possible solution ... Please don't do this. TDMA and its ilk mean that I get a challenge email every time someone uses my domain as a forged source address. And I get a lot of these. About two to three hundred per day, in fact. And it makes me sufficiently annoyed to want to respond to the damn things to make sure that the person who set them up gets all the spam that their system is bouncing at me. Challenge/Response systems improve life for a select few at the expense of the email-receiving population at large and I really wish people would exercise more thought before deploying them. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. One or more sentences in this post have been over-leavened with sarcasm and/or irony. The author fully expects to be misunderstood because of this, you illiterate morons. He doesn't care. - AjD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: adddriver RPC
On March 30, [EMAIL PROTECTED] said: Why is it that smbd tries to open the directory as a regular file? This would be the point at which I say works for me! and fail to understand what's happening on your end. Sorry! Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Each and every single person at [company] is a hydrocephalic ewok who couldn't slice his way out of a paper bag with a machete. - Jon Orwant
Re: rpc client timeouts
On April 1, [EMAIL PROTECTED] said: Winbind calls into the rpc client, which starts fetching the list of members The rpc client sets a timeout and starts pulling the list of group members Fetching all 60k users takes longer than the timeout, the timeout fires and the rpc client returns failure I don't think this is the case. Is your domain controller NT4? I've encountered some problems with large RPC retrievals from NT4 which appear to be caused by a bug in the Samba code somewhere, but I've not had a whole lot of luck in solving the problem. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. my head's having a party right now, but I'm not there. - Aoife Morrison
HEAD fails to build with dmalloc enabled
Compiling lib/adt_tree.c lib/adt_tree.c: In function `sorted_tree_destroy': lib/adt_tree.c:114: structure has no member named `_free_leap' make: *** [lib/adt_tree.o] Error 1 Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Junk food is considered part of the vegetable food group, because it comes from a plant. A big chemical plant. In New Jersey. - Kludge Dorsey
Re: HEAD fails to build with dmalloc enabled
On April 2, [EMAIL PROTECTED] said: On Tue, 2003-04-01 at 23:41, Ronan Waide wrote: Compiling lib/adt_tree.c lib/adt_tree.c: In function `sorted_tree_destroy': lib/adt_tree.c:114: structure has no member named `_free_leap' make: *** [lib/adt_tree.o] Error 1 It's due to dmalloc() using a CPP define to do the work. Adding some brackets often fixes the issue. Ok. having done make -k I've found a bunch more problems with dmalloc; I'll see what I can do about them. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Even buddy can be hard after a few beers. You start wondering if there's two d's or one and if it's ie or y. That's why we came up with: Dude! Although sometimes we end up calling each other dud. - Chuck O'Bryan
Re: Users able to execute windows .exe though execute bit not set
On April 1, [EMAIL PROTECTED] said: I'm looking for some assistance regarding file permissions and the inability to stop the execution of a file even though the execute permission has not been set. Execute bits are a Unix concept. Windows will execute any file it can read that it understands the extension of and has a handler for. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. After explaining the situation to the machine clearly with appropriate use of a screwdriver... - Alan Cox
HEAD smbclient/smbtar problem
[EMAIL PROTECTED] source]# smbclient //server/print\$ -U admin%passwd -Tc Error opening local file //server/print$ - No such file or directory It's picking up the share name as the tar file name. Even specifying a filename after -Tc doesn't work. Sneaking tar.out in as the first parameter doesn't fix things either as Samba then tries to parse that as a share name. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. my head is full of songs I don't like, with lyrics about things you've said. - Veep
Re: Users able to execute windows .exe though execute bit not set
On April 1, [EMAIL PROTECTED] said: Hmmm, I did some testing a week or so ago, and found that removing the execute permission from ACLs on the file (esp inherited ones) prevents Win2K from executing the file, although it does open the file for read first. Yep, turns out I opened my mouth without being completely sure of what I was saying :) Since we have just added proper eXecute permission support to our (almost) NT ACLs in the file system, let me check this today to see what the deal is. jmcd says it should work. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. for god's sake, give me some credit. i may be an egocentric jerk, but i'm not a COMPLETE asshole. - Meredith
net rpc samsync patch
Small patch to stop net rpc samsync from copying an empty comment when syncing group data. Cheers, Waider. Index: source/utils/net_rpc_samsync.c === RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v retrieving revision 1.20 diff -u -r1.20 net_rpc_samsync.c --- source/utils/net_rpc_samsync.c 30 Mar 2003 16:46:28 - 1.20 +++ source/utils/net_rpc_samsync.c 31 Mar 2003 09:09:46 - @@ -521,7 +521,10 @@ map.sid = group_sid; map.sid_name_use = SID_NAME_DOM_GRP; fstrcpy(map.nt_name, name); - fstrcpy(map.comment, comment); + +if (delta-hdr_grp_desc.buffer) { +fstrcpy(map.comment, comment); +} map.priv_set.count = 0; map.priv_set.set = NULL; -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. it's this new keyboard. damn thing types faster than i do. i wish i knew where my old one went. it was connected to the computer when i went to bed last night. - Nikolai Kingsley
Re: Large RPC bug found, I think
On March 26, [EMAIL PROTECTED] said: What is the bug you're trying to fix ? ie. What is the behaviour that Windows shows that is not correct with the Samba code ? The bug I'm seeing is that Samba isn't getting a response to the WriteAndX request it's sending and times out. Also, I'd feel happier if you tested and compared with Win2000/WinXP rather than WinNT as NT is rather old these days Yup, but I'm working with what I've got. I'll see if I can run a chack against a Win2K box, but solving this problem for NT4 gets an immediate problem off my list. Jeremy. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It's too bad that most people don't get the fact that an object-oriented programming style has exactly nothing to do with the programming language you use. - Jamie Zawinski
Re: Mounting to a Windows Share
On March 25, [EMAIL PROTECTED] said: Can anyone tell me if this is possible and if so what actions I must take? Not presently possible. The files remain owned by the user/group that you used for the smbmount command. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. dhalgren says to waider, dude, your computers aren't even countable, they're like some kind of giant unitary cruftdevice
Large RPC bug found, I think
Ok, I think I've figured this out, but since I'm relatively new to Samba internals I'm not entirely clear on how to fix it, or what I might break with my fix. In a large RPC call, such as an EnumPrinters 2 call with a big buffer, the DCE/RPC stuff gets split into several SMB messages and tossed into a WriteAndX loop. Running a comparison between Samba/NT4 and NT4/NT4, I noticed the following: * For all RPC traffic, if the RPC is unfragmented Samba sets both RPC_HDR_FIRST and RPC_HDR_LAST flags. NT4 sets neither if there's only as single RPC block. This is in rpc_api_pipe_req (possibly elsewhere). It's easily fixed, but I don't know if setting both flags is required behaviour for some other Windows version. * The RPC bind I'm seeing has a max tx/rx buffer size of 5680 bytes. This is independant of whether I use Samba or NT4 as the client. * NT4 sends RPCs via WriteAndX in chunks of 4292 bytes and 1392 bytes (to make 5680 bytes per pair of WriteAndX requests) using the Raw Pipe Write, so two bytes represent the length of the data and the payload is 4290 bytes. As a side note, this length field throws ethereal off being able to decode these packets, as best I can tell. * Samba sends RPCs chunked as 4096 bytes and 1584 bytes. It's not using the Raw Pipe Write. And now, what I think are bugs as opposed to implementation details: * NT4 only sets PIPE_START_MESSAGE on the very first packet; Samba sets this flag on all packets. * NT4 sets the WriteAndX remaining field to 5680 (max tx size) for the first packet and 1390 (max tx less size of first packet) for the second packet. Samba sets the remaining field to the packet size if PIPE_START_MESSAGE is set, and to zero otherwise. (code in cli_issue_write) * Lastly, from the packet traces it appears as if Samba issues each pair of writes before waiting for a response, while NT only issues a new write once it's got the previous response. I've got as far as getting the PIPE_START_MESSAGE flag working correctly. PIPE_RAW_MODE doesn't appear to be implemented in the low-level SMB write stuff. I'm not clear on a clean way of fixing the remaining field, though. Perhaps someone with a bit more understanding of this code could use the above to determine if I have, in fact, found a bug that needs fixing. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. For those that dont remember, PI is the big number that begins with three. - http://www.facade.com/legacy/amiinpi/
Re: RedHat's glibc-2.3.2 and Samba - assert_uid() failures?
On March 24, [EMAIL PROTECTED] said: I've been debugging another massive fall-apart at my site :-( This time it appears that the installation of glibc=2.3.2-4.80.i686.rpm (required to fix a security issue) broke my installation. This update also broke wine, but as far as I know the wine breakage is caused by wine's abuse of threads for its own nefarious purposes. Samba is pretty standard C (from what I've seen, anyway) and doesn't appear to indulge in such tricks. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Ferret wonders what kind of kitchen knife is three-and-three-quarters FEET long. troc says, you've never seen the Samurai Delicatessen skit?
samsync secure channel
Hi folks, I've been digging around a problem I've had recently where an NT4 PDC is refusing to give me password hashes. Everything else from a samsync run appears ok, just that the password hashes are missing. I've tried to build an identical virtual machine, but can't figure out what's causing the problem. The network in question doesn't currently have a BDC, so I've not been able to verify that it's solely a Samba problem, either. However, I have turned up some (potentially) interesting stuff; in performing a samsync, NT4 compares with Samba as follows: NT4 PDC/NT4 BDC, traffic from BDC-PDC * Negotiated Protocol level is 7 * Setup AndX and Tree Connect are in one packet (chained together as permitted by AndX). Anonymous user used. * NT Create AndX, path = \\netlogon Security Tracking mode is dynamic * DCE bind to NETLOGON pipe callid = 0 No packet flags set Auth data filled in: auth type = NETLOGON Secure Channel (0x68) auth level = Packet security (0x06) auth credentials include null-terminated Domain and PDC strings. * Further traffic is encrypted based on the auth data NT 4 PDC/Samba BDC, traffic from BDC-PDC * Negotiated Protocol level is 8 * Separate Setup and Tree Connect AndX's Anonymous user used. * NT Create AndX, path = \\netlogon Security tracking mode is dynamic * DCE bind to NETLOGON pipe callid = 1 First and Last frag flags set No auth data * Further traffic appears to be entirely in the clear, but ethereal had trouble decoding it. I'm not sure which, if any, of the above differences would be caused by the different negotiated protocols - in fact, I'd expect level 8 to be more secure than level 7, from what little I understand of the protocol levels. I've also looked at the code that creates DCE packets and there doesn't, at present, appear to be an easy way to signal that the auth data should be activated - it's currently keyed off the Sign/Seal stuff that Andrew was working on, and the auth data is fixed length and fixed type (0x0a). Anyway, I'm going to have to run up a BDC on the real network to determine if any of the above explains why I can't get password hashes from the PDC. If anyone has clues to throw me, feel free :) Cheers, Waider. PS as ever, this is Samba HEAD, and NT4 SP6 + all Windows Update patches -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. anyplace where you cannot feel cold shall hold you in its arms forever. - Corprew Reed
another net rpc vampire aesthetics patch
There's a bunch of essentially duplicated code in net_rpc_samsync which should probably be merged into a single block, but anyway. The previous patch added more useful text for net rpc samdump. This does likewise for net rpc vampire. Also, I notice basic indent seems to be set to 5 rather than 4 in this file. That explains my dubious indentation :) Cheers, Waider. Index: utils/net_rpc_samsync.c === RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v retrieving revision 1.19 diff -u -r1.19 net_rpc_samsync.c --- utils/net_rpc_samsync.c 23 Mar 2003 01:33:13 - 1.19 +++ utils/net_rpc_samsync.c 24 Mar 2003 22:28:22 - @@ -748,6 +748,9 @@ fetch_alias_mem(hdr_delta-target_rid, delta-als_mem_info, dom_sid); break; +case SAM_DELTA_DOMAIN_INFO: +d_printf(SAMBA_DELTA_DOMAIN_INFO not handled\n); +break; default: d_printf(Unknown delta record type %d\n, hdr_delta-type); break; @@ -770,7 +773,20 @@ return; } - d_printf(Fetching database %u\n, db_type); + switch( db_type ) { + case SAM_DATABASE_DOMAIN: + d_printf(Fetching DOMAIN database\n); + break; + case SAM_DATABASE_BUILTIN: + d_printf(Fetching BUILTIN database\n); + break; + case SAM_DATABASE_PRIVS: + d_printf(Fetching PRIVS databases\n); + break; + default: + d_printf(Fetching unknown database type %u\n, db_type ); + break; + } do { result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. The majority were fairly uncategorizable freaks, but you could tell that even the most normal-looking people there were still the weirdest people at their day job. - Jamie Zawinski
net rpc samsync: smarter patch than the previous one
Thanks to pointers from Andrew Bartlett, I redid my samsync sam_account_from_delta patch a little more sanely. Now it only marks as changed things which have actually changed. This patch is against current HEAD. The STRING_CHANGED macro and general style of the additions is copied from rpc_server/srv_samr_util.c Cheers, Waider. Index: utils/net_rpc_samsync.c === RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v retrieving revision 1.18 diff -u -r1.18 net_rpc_samsync.c --- utils/net_rpc_samsync.c 22 Feb 2003 12:14:08 - 1.18 +++ utils/net_rpc_samsync.c 21 Mar 2003 14:47:52 - @@ -197,65 +197,137 @@ } /* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */ +#define STRING_CHANGED (old_string !new_string) ||\ + (!old_string new_string) ||\ + (old_string new_string (strcmp(old_string, new_string) != 0)) static NTSTATUS sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) { - fstring s; +const char *old_string, *new_string; +time_t unix_time, stored_time; uchar lm_passwd[16], nt_passwd[16]; static uchar zero_buf[16]; /* Username, fullname, home dir, dir drive, logon script, acct desc, workstations, profile. */ - unistr2_to_ascii(s, delta-uni_acct_name, sizeof(s) - 1); - pdb_set_nt_username(account, s, PDB_CHANGED); - - /* Unix username is the same - for sainity */ - pdb_set_username(account, s, PDB_CHANGED); - - unistr2_to_ascii(s, delta-uni_full_name, sizeof(s) - 1); - pdb_set_fullname(account, s, PDB_CHANGED); - - unistr2_to_ascii(s, delta-uni_home_dir, sizeof(s) - 1); - pdb_set_homedir(account, s, PDB_CHANGED); - - unistr2_to_ascii(s, delta-uni_dir_drive, sizeof(s) - 1); - pdb_set_dir_drive(account, s, PDB_CHANGED); - - unistr2_to_ascii(s, delta-uni_logon_script, sizeof(s) - 1); - pdb_set_logon_script(account, s, PDB_CHANGED); - - unistr2_to_ascii(s, delta-uni_acct_desc, sizeof(s) - 1); - pdb_set_acct_desc(account, s, PDB_CHANGED); - - unistr2_to_ascii(s, delta-uni_workstations, sizeof(s) - 1); - pdb_set_workstations(account, s, PDB_CHANGED); - - unistr2_to_ascii(s, delta-uni_profile, sizeof(s) - 1); - pdb_set_profile_path(account, s, PDB_CHANGED); +if (delta-hdr_acct_name.buffer) { + old_string = pdb_get_nt_username(account); + new_string = unistr2_static(delta-uni_acct_name); + + if (STRING_CHANGED) { + pdb_set_nt_username(account, new_string, PDB_CHANGED); + + } + + /* Unix username is the same - for sanity */ + old_string = pdb_get_username( account ); + if (STRING_CHANGED) { + pdb_set_username(account, new_string, PDB_CHANGED); + } +} + +if (delta-hdr_full_name.buffer) { + old_string = pdb_get_fullname(account); + new_string = unistr2_static(delta-uni_full_name); + + if (STRING_CHANGED) + pdb_set_fullname(account, new_string, PDB_CHANGED); +} + +if (delta-hdr_home_dir.buffer) { + old_string = pdb_get_homedir(account); + new_string = unistr2_static(delta-uni_home_dir); + + if (STRING_CHANGED) + pdb_set_homedir(account, new_string, PDB_CHANGED); +} + +if (delta-hdr_dir_drive.buffer) { + old_string = pdb_get_dir_drive(account); + new_string = unistr2_static(delta-uni_dir_drive); + + if (STRING_CHANGED) + pdb_set_dir_drive(account, new_string, PDB_CHANGED); +} + +if (delta-hdr_logon_script.buffer) { + old_string = pdb_get_logon_script(account); + new_string = unistr2_static(delta-uni_logon_script); + + if (STRING_CHANGED) + pdb_set_logon_script(account, new_string, PDB_CHANGED); +} + +if (delta-hdr_acct_desc.buffer) { + old_string = pdb_get_acct_desc(account); + new_string = unistr2_static(delta-uni_acct_desc); + + if (STRING_CHANGED) + pdb_set_acct_desc(account, new_string, PDB_CHANGED); +} + +if (delta-hdr_workstations.buffer) { + old_string = pdb_get_workstations(account); + new_string = unistr2_static(delta-uni_workstations); + + if (STRING_CHANGED) + pdb_set_workstations(account, new_string, PDB_CHANGED); +} + +if (delta-hdr_profile.buffer) { + old_string = pdb_get_profile_path(account); + new_string = unistr2_static(delta-uni_profile); + + if (STRING_CHANGED) + pdb_set_profile_path(account, new_string, PDB_CHANGED); +} /* User and group sid */ - - pdb_set_user_sid_from_rid(account, delta-user_rid, PDB_CHANGED); - pdb_set_group_sid_from_rid(account, delta-group_rid, PDB_CHANGED); +if (pdb_get_user_rid(account) != delta-user_rid) +
another samsync diff (cosmetic)
This makes samsync tell you what record types it's skipping, rather than just dumping out the number corresponding to the type. It also prints the database type instead of database 1, database 2, database 3. Cheers, Waider. Index: utils/net_rpc_samsync.c === RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v retrieving revision 1.18 diff -u -r1.18 net_rpc_samsync.c --- utils/net_rpc_samsync.c 22 Feb 2003 12:14:08 - 1.18 +++ utils/net_rpc_samsync.c 21 Mar 2003 15:09:27 - @@ -111,6 +111,37 @@ case SAM_DELTA_GROUP_INFO: display_group_info(hdr_delta-target_rid, delta-group_info); break; +/* The following types are recognised but not handled */ +case SAM_DELTA_RENAME_GROUP: + d_printf(SAM_DELTA_RENAME_GROUP not handled\n); + break; +case SAM_DELTA_RENAME_USER: + d_printf(SAM_DELTA_RENAME_USER not handled\n); + break; +case SAM_DELTA_RENAME_ALIAS: + d_printf(SAM_DELTA_RENAME_ALIAS not handled\n); + break; +case SAM_DELTA_POLICY_INFO: + d_printf(SAM_DELTA_POLICY_INFO not handled\n); + break; +case SAM_DELTA_TRUST_DOMS: + d_printf(SAM_DELTA_TRUST_DOMS not handled\n); + break; +case SAM_DELTA_PRIVS_INFO: + d_printf(SAM_DELTA_PRIVS_INFO not handled\n); + break; +case SAM_DELTA_SECRET_INFO: + d_printf(SAM_DELTA_SECRET_INFO not handled\n); + break; +case SAM_DELTA_DELETE_GROUP: + d_printf(SAM_DELTA_DELETE_GROUP not handled\n); + break; +case SAM_DELTA_DELETE_USER: + d_printf(SAM_DELTA_DELETE_USER not handled\n); + break; +case SAM_DELTA_MODIFIED_COUNT: + d_printf(SAM_DELTA_MODIFIED_COUNT not handled\n); + break; default: d_printf(Unknown delta record type %d\n, hdr_delta-type); break; @@ -132,7 +163,20 @@ return; } - d_printf(Dumping database %u\n, db_type); +switch( db_type ) { +case SAM_DATABASE_DOMAIN: + d_printf(Dumping DOMAIN database\n); + break; +case SAM_DATABASE_BUILTIN: + d_printf(Dumping BUILTIN database\n); + break; +case SAM_DATABASE_PRIVS: + d_printf(Dumping PRIVS databases\n); + break; +default: + d_printf(Dumping unknown database type %u\n, db_type ); + break; +} do { result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. They posted while drunk, their souls are forfeit. - Bren, in the dspsrv orientation guide.
Re: adddriver RPC
On March 19, [EMAIL PROTECTED] said: I put all the files in the print share at (\\dev\print$\w32x86). The files are from Windows XP Professional SP1. The files are, as reported by the printer test page: pscript.ntf pscript.hlp ps5ui.dll hplj5si1.ppd pscript5.dll I issued the following command from rpcclient: adddriver Windows NT x86 HP LaserJet 5Si/5Si MX PS:pscript5.dll:hplj5si1.ppd:ps5ui.dll:pscript.hlp::pscript.ntf The adddriver rpc expects to find the files in \\dev\print$; it will move them to the w32x86 or win40 directory as appropriate. If you look through your trace you'll find an error indicating that samba was unable to obtain the cversion of one of the files due to a file not found error. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Love wouldn't be blind if the braille wasn't so damned much fun. - Armistead Maupin
samsync: don't put into fields that should be null
This patch prevents net rpc vampire from copying empty strings into various fields; doing so can cause problems with pdb_ldap (and possibly others). Cheers, Waider. Index: source/utils/net_rpc_samsync.c === RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v retrieving revision 1.18 diff -r1.18 net_rpc_samsync.c 218c218,219 pdb_set_fullname(account, s, PDB_CHANGED); --- if ( strlen( s )) pdb_set_fullname(account, s, PDB_CHANGED); 221c222,223 pdb_set_homedir(account, s, PDB_CHANGED); --- if ( strlen( s )) pdb_set_homedir(account, s, PDB_CHANGED); 224c226,227 pdb_set_dir_drive(account, s, PDB_CHANGED); --- if ( strlen( s )) pdb_set_dir_drive(account, s, PDB_CHANGED); 227c230,231 pdb_set_logon_script(account, s, PDB_CHANGED); --- if ( strlen( s )) pdb_set_logon_script(account, s, PDB_CHANGED); 230c234,235 pdb_set_acct_desc(account, s, PDB_CHANGED); --- if ( strlen( s )) pdb_set_acct_desc(account, s, PDB_CHANGED); 233c238,239 pdb_set_workstations(account, s, PDB_CHANGED); --- if ( strlen( s )) pdb_set_workstations(account, s, PDB_CHANGED); 236c242,243 pdb_set_profile_path(account, s, PDB_CHANGED); --- if ( strlen( s )) pdb_set_profile_path(account, s, PDB_CHANGED); 402c409,411 fstrcpy(map.comment, comment); --- if ( strlen( comment )) fstrcpy(map.comment, comment); -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Repetition breeds inertia. - Douglas Coupland, _Microserfs_
net rpc vampire doesn't copy interdomain trust accounts
Currently the code does the following checks: if the account is ACB_WSTRUST or ACB_SRVTRUST, set up to create a machine account else if it's ACB_NORMAL, set up to create a normal account else error unknown account type This currently fails for ACB_DOMTRUST. I'm not sure what the correct fix is, but adding it to the first clause and treating it as if it were a machine account seems to work okay. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. So, these portents, taken together with the eclipse and casting this disembowelled handset over my desk... um, ... oh dear ... I think I need to order a new phone from MIS. - james coleman
Re: adddriver RPC
On March 19, [EMAIL PROTECTED] said: Firstly, you first said that it expects the files in the w32x86/win40 directories. Oh, hmm, you're right. Sorry. The files go into the w32x86/win40 directories, but not into the 2/ or 0/ subdirectories of those. My mistake. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Sorry, but I use IE, so I'm clueless. - Someone on netscape.public.mozilla.general
bug in ldap group stuff?
I'm pretty sure this /was/ working, which is why I'm posting it here rather than to [EMAIL PROTECTED] I'm doing a net rpc vampire, using ldap as a backend, and I have a simple add group script which creates a group in LDAP and prints out the GID of the group it's created for samba to hoover up. However, the primaryGroupID appears to be set to some completely random number instead of the correct GID - for example, this account should have a primaryGroupID of Domain Users: dn: uid=waider,ou=People,dc=company,dc=ie objectClass: posixAccount objectClass: account objectClass: sambaAccount uidNumber: 1126 gidNumber: 1000 homeDirectory: /home/waider uid: waider rid: 1181 primaryGroupID: 513 displayName: Ronan Waide cn: Ronan Waide description: yadda smbHome: \\srv1\waider homeDrive: H: profilePath: \\pdc\profiles\waider logonTime: 1046707306 logoffTime: 1040143165 kickoffTime: 2147483647 pwdLastSet: 1044452015 acctFlags: [U ] But the Domain Users group entry looks like this: dn: gid=Domain Users,ou=Group,dc=company,dc=ie objectClass: posixGroup cn: Domain Users gidNumber: 1002 getent group Domain Users returns this: Domain Users:x:1002: So why is Samba setting the primaryGroupID to 513? Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. if you can't live the lie, let it die/and if you can't live a life filled with strife/honey, just say oops/and jump through hoops/and get to the end of the line - FLC, Bear Hug (Come Find Yourself)
Re: bug in ldap group stuff?
On March 18, [EMAIL PROTECTED] said: So why is Samba setting the primaryGroupID to 513? Okay, I had made two basic errors here. One is that the above is an RID, not a GID. The second was not double-checking my scripts' output. The groupadd script was spitting out some garbage before the GID, which Samba was reading as GID 0 and thus disregarding. Perhaps the code that checks this case should log a warning! Actually, it appears there's a hole in the documentation as well; the primary group doesn't get mapped for me because I haven't set the set primary group script, for which there appears to be no fallback. set primary group script understands %u and %g as user and group respectively. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. my head's having a party right now, but I'm not there. - Aoife Morrison
printer name not returned correctly
Hi, still messing about with printers. If I create a printer like so: [TestP] printer name = Test_Printer printable = yes and then do rpcclient enumprinters 2 against the server, I get: servername:[\\server] printername:[\\server\TestP] sharename:[TestP] portname:[HPLaserJet4050Series] drivername:[HP LaserJet 4050 Series PCL 5e] comment:[Created by rpcclient] location:[] sepfile:[] printprocessor:[winprint] datatype:[RAW] parameters:[] attributes:[0x1018] priority:[0x0] defaultpriority:[0x0] starttime:[0x0] untiltime:[0x0] status:[0x0] cjobs:[0x0] averageppm:[0x0] I would have expected printername to be \\server\Test_Printer, since that's what my NT4 box is returning for a similar setup. I've traced through the server code and it looks okay where it's retrieving the info from the tdb file, so that would suggest that the information is incorrect in the tdb file. And sure enough, ntprinters.tdb has TestP in it several times, but no sign of Test_Printer. The default info2 structure assumes a printer name of \\server\share, so maybe that would be a good place to start. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Crying for sympathy / crocodile cries / for the love of the crowd and the three cheers from everyone - The Cure, _Disintegration_
rpcclient: return real WERROR values to user
This patch allows WERROR-based RPC calls to return their real value to the user instead of NT_STATUS_OK/NT_STATUS_UNSUCCESSFUL. Basically I've extended the cmd_set type to include a return type field and instead of the NTSTATUS (*fn)() definition there's a NTSTATUS (*ntfn)() and a WERROR (*wfn)(); the code chooses one based on the setting of the type field, and invokes the correct errstr function on the return value if it's not OK. Cheers, Waider. Index: rpcclient/cmd_dfs.c === RCS file: /cvsroot/samba/source/rpcclient/cmd_dfs.c,v retrieving revision 1.12 diff -u -r1.12 cmd_dfs.c --- rpcclient/cmd_dfs.c 25 Feb 2003 23:34:56 - 1.12 +++ rpcclient/cmd_dfs.c 15 Mar 2003 00:07:14 - @@ -227,11 +227,11 @@ { DFS }, - { dfsexist, cmd_dfs_exist, PI_NETDFS, Query DFS support, }, - { dfsadd, cmd_dfs_add, PI_NETDFS, Add a DFS share, }, - { dfsremove, cmd_dfs_remove, PI_NETDFS, Remove a DFS share,}, - { dfsgetinfo, cmd_dfs_getinfo, PI_NETDFS, Query DFS share info, }, - { dfsenum,cmd_dfs_enum,PI_NETDFS, Enumerate dfs shares, }, + { dfsexist, RPC_RTYPE_NTSTATUS, cmd_dfs_exist, NULL, PI_NETDFS, Query DFS support, }, + { dfsadd,RPC_RTYPE_NTSTATUS, cmd_dfs_add, NULL, PI_NETDFS, Add a DFS share, }, + { dfsremove, RPC_RTYPE_NTSTATUS, cmd_dfs_remove, NULL, PI_NETDFS, Remove a DFS share,}, + { dfsgetinfo,RPC_RTYPE_NTSTATUS, cmd_dfs_getinfo, NULL, PI_NETDFS, Query DFS share info, }, + { dfsenum, RPC_RTYPE_NTSTATUS, cmd_dfs_enum,NULL, PI_NETDFS, Enumerate dfs shares, }, { NULL } }; Index: rpcclient/cmd_ds.c === RCS file: /cvsroot/samba/source/rpcclient/cmd_ds.c,v retrieving revision 1.4 diff -u -r1.4 cmd_ds.c --- rpcclient/cmd_ds.c 25 Feb 2003 23:34:56 - 1.4 +++ rpcclient/cmd_ds.c 15 Mar 2003 00:07:14 - @@ -53,7 +53,7 @@ { LSARPC-DS }, - { dsroledominfo, cmd_ds_dsrole_getprimarydominfo, PI_LSARPC_DS, Get Primary Domain Information, }, + { dsroledominfo, RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, PI_LSARPC_DS, Get Primary Domain Information, }, { NULL } }; Index: rpcclient/cmd_lsarpc.c === RCS file: /cvsroot/samba/source/rpcclient/cmd_lsarpc.c,v retrieving revision 1.74 diff -u -r1.74 cmd_lsarpc.c --- rpcclient/cmd_lsarpc.c 25 Feb 2003 06:24:13 - 1.74 +++ rpcclient/cmd_lsarpc.c 15 Mar 2003 00:07:14 - @@ -741,20 +741,20 @@ { LSARPC }, - { lsaquery,cmd_lsa_query_info_policy, PI_LSARPC, Query info policy, }, - { lookupsids, cmd_lsa_lookup_sids,PI_LSARPC, Convert SIDs to names, }, - { lookupnames, cmd_lsa_lookup_names, PI_LSARPC, Convert names to SIDs, }, - { enumtrust, cmd_lsa_enum_trust_dom, PI_LSARPC, Enumerate trusted domains,Usage: [preferred max number] [enum context (0)] }, - { enumprivs, cmd_lsa_enum_privilege, PI_LSARPC, Enumerate privileges, }, - { getdispname, cmd_lsa_get_dispname, PI_LSARPC, Get the privilege name,}, - { lsaenumsid, cmd_lsa_enum_sids, PI_LSARPC, Enumerate the LSA SIDS,}, - { lsaenumprivsaccount, cmd_lsa_enum_privsaccounts, PI_LSARPC, Enumerate the privileges of an SID,}, - { lsaenumacctrights, cmd_lsa_enum_acct_rights, PI_LSARPC, Enumerate the rights of an SID,}, - { lsaenumacctwithright,cmd_lsa_enum_acct_with_right,PI_LSARPC,Enumerate accounts with a right,}, - { lsaaddacctrights,cmd_lsa_add_acct_rights,PI_LSARPC, Add rights to an account,}, - { lsaremoveacctrights, cmd_lsa_remove_acct_rights, PI_LSARPC, Remove rights from an account,}, - { lsalookupprivvalue, cmd_lsa_lookupprivvalue,PI_LSARPC, Get a privilege value given its name, }, - { lsaquerysecobj, cmd_lsa_query_secobj, PI_LSARPC, Query LSA security object, }, + { lsaquery,RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL, PI_LSARPC, Query info policy, }, + { lookupsids, RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids,NULL, PI_LSARPC, Convert SIDs to names, }, + { lookupnames, RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL, PI_LSARPC, Convert names to SIDs, }, + { enumtrust, RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, PI_LSARPC, Enumerate trusted domains,Usage: [preferred max number] [enum context (0)] }, + { enumprivs, RPC_RTYPE_NTSTATUS,
failure to print (samba HEAD, cups, raw printers)
hi folks, again with the peculiar setup :) I've set up raw printers in cups to match the windows network, and added the correct windows drivers to feed them. One of the printers, a HP Colour LaserJet 8500 in PCL mode, fails at the testpage stage with this message: the data area passed to a system call is too small I've done a trace of the attempt, which I can forward if required. I thought this might be the large RPC bug that tpot was looking at, but I'm not sure. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Anyway, yes. Known bug. Try entering only numbers as your phone number, no brackets, dashes, widgets, knobs, fish or sliding trammel bars.
Re: failure to print (samba HEAD, cups, raw printers)
On March 13, [EMAIL PROTECTED] said: hi folks, again with the peculiar setup :) I've set up raw printers in cups to match the windows network, and added the correct windows drivers to feed them. One of the printers, a HP Colour LaserJet 8500 in PCL mode, fails at the testpage stage with this message: Uh, sorry. forgot to mention. The client is NT4SP6. By correct windows drivers to feed them I mean the NT box downloads the same PCL drivers from the Samba server as it would from the normal (NT) server. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Andrea.B.Previtera says, I can't remember...we found a good cheap beer in an undocumented irish pub...and we had pints and pints and pints to celebrate something...
Re: adddriver RPC
On March 12, [EMAIL PROTECTED] said: adddriver Windows NT x86 HP LaserJet 5Si/5Si MX PS:pscript5.dll:hplj5si1.ppd:ps5ui.dll:pscript.hlp::pscript.ntf Don't leave unused parameters blank. use the word NULL instead. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. vm-visit-when-saving is a vestige of the 1980's, when a 400MB disk drive could end your life if it fell out of a rack onto you. - Kyle Jones
Re: Printer driver parameter deprecated - what now?
On March 10, [EMAIL PROTECTED] said: Uh... How can Samba users be members of NT groups? I did not know Samba supports that... How do you add Unix users to NT groups for Samba? I was just clarifying that when I said Printer Admins I wasn't referring to the NT group. Yet, my problem remains unsolved. I guess I misunderstood your problem. The details I gave are for remotely adding a printer with drivers to a Samba box. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Repetition breeds inertia. - Douglas Coupland, _Microserfs_
segv in samba head
background: I had a stock redhat samba setup using security = share and sharing out three directories - [homes] and two fixed locations. pretty trivial setup. I built Samba 3 head (current as of this morning, but the problem has been happening for at least a week) and tried connecting to it from a NT4 PDC with a different domain name to the samba server, and I get a segv. Debug level 10 doesn't give me a whole lot to go on, so I ran smbd under gdb instead: pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Program received signal SIGSEGV, Segmentation fault. 0x080952c6 in reply_sesssetup_and_X (conn=0x0, inbuf=0x403b2008 , outbuf=0x403d3008 , length=266, bufsize=131072) at smbd/sesssetup.c:721 721 if (server_info-guest) { stacktrace: #0 0x080952c6 in reply_sesssetup_and_X (conn=0x0, inbuf=0x403b2008 , outbuf=0x403d3008 , length=266, bufsize=131072) at smbd/sesssetup.c:721 #1 0x080ae095 in switch_message (type=115, inbuf=0x403b2008 , outbuf=0x403d3008 , size=266, bufsize=131072) at smbd/process.c:758 #2 0x080ae121 in construct_reply (inbuf=0x403b2008 , outbuf=0x403d3008 , size=266, bufsize=131072) at smbd/process.c:788 #3 0x080ae431 in process_smb (inbuf=0x403b2008 , outbuf=0x403d3008 ) at smbd/process.c:889 #4 0x080aedfa in smbd_process () at smbd/process.c:1298 #5 0x080731d4 in main (argc=6, argv=0xbfffe044) at smbd/server.c:907 #6 0x401e21c4 in __libc_start_main () from /lib/libc.so.6 Regardless of whether this turns out to be a misconfig on my part, a panic is the wrong way to go about handling it. Especially since this is just an upgrade from samba 2 to samba 3. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. They posted while drunk, their souls are forfeit. - Bren, in the dspsrv orientation guide.
rpcclient typo: patch
when doing enumdomusers, rpcclient prints each one preceded by the word group instead of user Cheers, Waider. Index: rpcclient/cmd_samr.c === RCS file: /cvsroot/samba/source/rpcclient/cmd_samr.c,v retrieving revision 1.157 diff -u -r1.157 cmd_samr.c --- rpcclient/cmd_samr.c25 Feb 2003 06:24:13 - 1.157 +++ rpcclient/cmd_samr.c10 Mar 2003 13:13:03 - @@ -684,7 +684,7 @@ NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) { for (i = 0; i num_dom_users; i++) - printf(group:[%s] rid:[0x%x]\n, + printf(user:[%s] rid:[0x%x]\n, dom_users[i], dom_rids[i]); } -- We are experiencing MVS processor spin loops, the programs are running while holding a disabled CPU. This is causing XCF communication delays to the point where we are losing VTAM RTP routing, are suffering OSPF adjacency failures on TCP/IP dynamic routing and MIM VCF failures. - Reported via Slashdot
Re: Printer driver parameter deprecated - what now?
On March 9, [EMAIL PROTECTED] said: Uhmm... I'm not sure. So what do I do - create the share, create empty directories like 'w32x86' and 'win40' and then issue a setdriver RPC? Well, I tried that, does not work, I get: SetPrinter call failed! result was NT_STATUS_UNSUCCESSFUL setdriver expects the following setup: * you are a printer admin, or root. - this is the smb.conf printer admin group, not the Printer Operators group in NT. I've not tried the latter, but I don't believe it will work based on the current code. * printer admins has to be defined in [global] * upload the driver files to \\server\print$\w32x86 and win40 as appropriate. DON'T put them in the 0 or 2 subdirectories. * Make sure that the user you're connecting as is able to write to the print$ directories * Use adddriver (with appropriate parameters) to create the driver - note, this will not just update samba's notion of drivers, it will also move the files from the w32x86 and win40 directories to an appropriate subdirectory (based on driver version, I think, but not important enough for me to find out) * Use setdriver to associate the driver with a printer The setdriver call will fail if the printer doesn't already exist in samba's view of the world. Either create the printer in cups and restart samba, or create an add printer command (see smb.conf doco) and use RPC calls to create a printer. NB the add printer command MUST return a single line of text indicating which port the printer was added on. If it doesn't, Samba won't reload the printer definitions. Although samba doesn't really support the notion of ports, suitable add printer command and enumport command settings can allow you pretty good remote control of the samba printer setup. Hope this helps you somewhat. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Junk food is considered part of the vegetable food group, because it comes from a plant. A big chemical plant. In New Jersey. - Kludge Dorsey
breakage in cliconnect or thereabouts
Hi folks, * libsmb/smb_signing.c, libsmb/smbencrypt.c, Makefile.in, include/client.h, libsmb/cliconnect.c, libsmb/clientgen.c: Change the way we sign SMB packets, to a function pointer interface. The intention is to allow for NTLMSSP and kerberos signing of packets, but for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA spec) Andrew Bartlett some part of this change is currently stopping connections to an NT4SP6 PDC working from Samba. I'm getting session request to SERVER failed (Called name not present) If I find the bug, I'll post further. If not, I'm sure someone else will catch it :) Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. disclaimer: As I have stated before, my client was nowhere near the site at the time of the incident. - Michael, the Chaotic
Re: more rpcclient bughunting: PRINTER_ALL_ACCESS vs MAXIMUM_ALLOWED_ACCESS
On March 5, [EMAIL PROTECTED] said: I've checked in a fix. It's odd that MAXIMUM_ALLOWED_ACCESS doesn't do what it's supposed to in this case. Are you running the setdriver against a NT or Samba server? Running against Samba HEAD, but just one sec... Right, here's the summary of what I've found: Samba HEAD - Samba HEAD (rpcclient setdriver) * Asking for Maximum allowed access doesn't give you printer admin rights Samba HEAD - NT4 SP6 (rpcclient setdriver) * Asking for Maximum allowed access /does/ give you printer admin rights, even though the printer admin bitfield isn't set. NT4 SP6 to Samba HEAD (Opening the Printers folder) * First request is for Write Owner | Write DAC | Read Control | Delete Server Enum | Server Admin * Second request appears to be the same in terms of requested access; something else might differ, but nothing immediately obvious. * Third request asks for Read Control Server Enum I set up a Printer Operator account to test this with, and it succeeded on the first request (Server Admin), as does a Domain Admin account. Finally, I removed the Printer Operator account from Printer Operators but left it in printer admins on the samba server, and it still succeeded at the first request. So I'm not sure when the Printer Admin bit gets used, but it's not when you open the Printers folder. I don't right now have an easy way to test NT-NT /and/ capture the bits; however, I think it's obvious from the above that Samba should be responding to a MAXIMUM_ALLOWED_ACCESS request with PRINTER_ACCESS_ADMINISTER rights. As it stands, it's going to get punted: srv_spoolss_nt.c:1577 == /* Deny any object specific bits that don't apply to print servers (i.e printer and job specific bits) */ printer_default-access_required = SPECIFIC_RIGHTS_MASK; if (printer_default-access_required ~(SERVER_ACCESS_ADMINISTER | SERVER_ACCESS_ENUMERATE)) { DEBUG(3, (access DENIED for non-printserver bits)); close_printer_handle(p, handle); return WERR_ACCESS_DENIED; } == Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Your broker is a half-naked blue-and-orange crypto-anarchist? - Neal Stephenson / The Great Simoleon Caper
documentation omission: add printer command
The add printer command program can output a single line of text, which Samba will set as the port the new printer is connected to. From my reading of the code, if this line /isn't/ output, Samba won't reload its printer shares. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It doesn't corner well. It doesn't have to. It just warps space until the street is facing the right way. - Blair P. Houghton
bug (or maybe not) in printing subsystem
Hi folks, tracked down a problem I mentioned last week with printing. When you use the rpcclient adddriver command as follows: adddriver Windows NT x86 name:NULL:NULL:NULL:NULL:NULL:NULL:NULL you get a NT_STATUS_UNSUCCESSFUL error, which further investigation reveals to be caused by an Access Denied error upstream. Further investigation of /that/ reveals that get_correct_cversion in printing/nt_printing.c is attempting to open the W32X86 directory as a file. This is, as far as I can tell, because the second field in the second parameter above is the driver file; setting it to NULL is somehow causing this problem. Setting the driver file to a valid printer driver file cures the problem. I don't know if this is a bug or just misuse on my part of the rpcclient command :) Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Some people just don't know which side of the good/evil thing to side with, despite the obvious fun now, pay later advantages of the evil side for those of us who need instant gratification.
Re: problem retrieving level 3 info for NT printer drivers
On February 27, [EMAIL PROTECTED] said: try again with HEAD. The Samba 2-2 client rpc code cannot handle fragmented PDU's too well. Sorry, should have mentioned. This is with HEAD. Tim Potter has been having a look at tcpdump plus a level ten debug trace of the rpcclient run. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. even when american adverts try for the oblique and wordless, they're so obvious they may as well put the logo on a fish and slap you with it. - AjD
[Samba] more rpcclient weirdness
rpcclient $ adddriver Windows NT x86 HP CLJ 8500 - PCL:NULL:NULL:NULL:NULL:NULL:NULL:NULL result was NT_STATUS_UNSUCCESSFUL rpcclient $ adddriver Windows 4.0 HP CLJ 8500 - PCL:NULL:NULL:NULL:NULL:NULL:NULL:NULL Printer Driver HP CLJ 8500 - PCL successfully installed. rpcclient $ This is HEAD, bang up-to-date. I'm trying to figure it out as I mail this. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. There's a certain uniformity of suck that must be maintained or the UNIX community won't take you seriously. - Rocco Caputo on naming books. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: more rpcclient weirdness
On February 26, [EMAIL PROTECTED] said: rpcclient $ adddriver Windows NT x86 HP CLJ 8500 - PCL:NULL:NULL:NULL:NULL:NULL:NULL:NULL result was NT_STATUS_UNSUCCESSFUL rpcclient $ adddriver Windows 4.0 HP CLJ 8500 - PCL:NULL:NULL:NULL:NULL:NULL:NULL:NULL Printer Driver HP CLJ 8500 - PCL successfully installed. rpcclient $ Running packet traces on this: for reasons that are still unclear to me, the NT adddriver command above gets an Access Denied response. Er. I would've thought that adddriver is just going to update a TDB file somewhere, and nothing else? Plus, why is there a difference between adding an NT and a Windows 4.0 driver? Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Derrick says, Well, there are altar girls there. But it's a sin to hit on jailbait in the house of the Lord. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
problem retrieving level 3 info for NT printer drivers
Hi folks, mentioned this briefly on samba@ about a week ago, but I've actually done some tracking on it now. I'm still digging, but this is a summary of what I've found. symptoms: doing rpcclient SERVER enumdrivers level 3 fetches information for the Windows 9x drivers, then stalls trying to retrieve the NT information, before returning a timeout message. Level 1 and 2 work fine. I ran ethereal and poked at the traces some, and this is what I get: client: EnumPrinterDrivers request level 3 server: EnumPrinterDrivers reply, Insufficient Buffer client: EnumPrinterDrivers request level 3 (this time with a buffer) server: EnumPrinterDrivers reply At this point, I have the Windows 4.0 drivers. client: EnumPrinterDrivers request level 3 server: EnumPrinterDrivers reply, Insufficient Buffer client: DCERPC request server: no apparent response client: SMB WriteAndXRequest server: SMB WriteAndXResponse server: SMB WriteAndXResponse client: SMB WriteAndXRequest client: SMB WriteAndXRequest and that's about it. Error message goes hereabouts. Having looked at the DCERPC request above, it appears to be contained in a SMB WriteAndXRequest whereas the corresponding request with a buffer for the Windows 4.0 drivers is a Transaction request. Also, the DCERPC request appears to have the necessary bits appended after the DCERPC header to make it a SPOOLSS request (as I'd expect) with the required amount of buffer space, but ethereal certainly doesn't want to read it as such, and my knowledge of SMB is pretty minimal. My theory, such as it is, is that the buffer size is too big, for some arbitrary meaning of the phrase too big. It's a 16452-byte buffer, where the Windows 4.0 buffer size was something like 2400 bytes. I'm going to play around with buffer sizes and see if I can at least get the message sequences the way I'd expect 'em, but any light-shedding would be appreciated :) Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Your broker is a half-naked blue-and-orange crypto-anarchist? - Neal Stephenson / The Great Simoleon Caper
smbmount: support lfs and unicode options
Hi folks, this is an updated version of Urban Widmark's smbmount patch to enable lfs and unicode options to be switched on the command line. It's diff'd against current CVS HEAD. Cheers, Waider. Index: source/client/smbmount.c === RCS file: /cvsroot/samba/source/client/smbmount.c,v retrieving revision 1.65 diff -a -u -r1.65 smbmount.c --- source/client/smbmount.c15 Feb 2003 00:29:20 - 1.65 +++ source/client/smbmount.c25 Feb 2003 14:01:43 - @@ -51,6 +51,8 @@ static BOOL use_kerberos; /* TODO: Add code to detect smbfs version in kernel */ static BOOL status32_smbfs = False; +static BOOL smbfs_has_unicode = False; +static BOOL smbfs_has_lfs = False; static void usage(void); @@ -212,6 +214,12 @@ c-force_dos_errors = True; } + if (!smbfs_has_lfs) + c-capabilities = ~CAP_LARGE_FILES; + + if (!smbfs_has_unicode) + c-capabilities = ~CAP_UNICODE; + if (!cli_session_setup(c, username, password, strlen(password), password, strlen(password), @@ -828,6 +836,10 @@ mount_ro = 0; } else if(!strcmp(opts, ro)) { mount_ro = 1; + } else if(!strcmp(opts, unicode)) { + smbfs_has_unicode = True; + } else if(!strcmp(opts, lfs)) { + smbfs_has_lfs = True; } else { strncpy(p, opts, sizeof(pstring) - (p - options) - 1); p += strlen(opts); -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. #!/bin/perl -sp0777iX+d*lMLa^*lN%0]dsXx++lMlN/dsM0j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$kSK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) # RSA in Perl
RE: [Samba] cupsaddsmb - why the heck can't Igetrpcclient-addprinterto work?
On February 21, [EMAIL PROTECTED] said: Any idea where I can find a REdHat7.3 rpm for 1.1.18? I can't find one anywhere try the cups website, or build from source. Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. even when american adverts try for the oblique and wordless, they're so obvious they may as well put the logo on a fish and slap you with it. - AjD -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] cupsaddsmb - why the heck can'tIgetrpcclient-addprinterto work?
On February 21, [EMAIL PROTECTED] said: Hmm ... couldn't seem to find it on the cups site (google couldn't either) It's the first hit on google. I've no idea what you're trying to search for. http://www.google.com/search?q=cups What are your opinions on this strategy? If you don't build an up-to-date cups, you won't have a working cups-based printing system with Samba. Sure, you'll have to be careful when upgrading, but really. That's a given when you're upgrading, regardless of whether you built from source or not. It ain't rocket science. Waider. -- We are experiencing MVS processor spin loops, the programs are running while holding a disabled CPU. This is causing XCF communication delays to the point where we are losing VTAM RTP routing, are suffering OSPF adjacency failures on TCP/IP dynamic routing and MIM VCF failures. - Reported via Slashdot -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] cupsaddsmb - why the heck can'tIgetrpcclient-addprinterto work?
On February 21, [EMAIL PROTECTED] said: If you download the cups source and unzip it, you will find a file called cups.spec in the top level dir of the source. You can pass the spec file to rpm (or rpmbuild on newer redhat systems) and it will create an rpm for you out of the dowloaded source files. You don't even need to unzip the file. Just do rpm -ta cups-1.18.tar.gz Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. AjD feels frustrated in his attempts to establish the delinitations of horror in puppy-burying. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] trying again - bug? (was re os X)
On February 19, [EMAIL PROTECTED] said: didn't hear anything back on this, so i'm trying again: -- i would bet someone's already asked and had this answered, but since the archives of these listss aren't searchable, and since i couldn't find the info in the docs or elsewhere on net, here goes: Possibly you didn't get a reply because the list archives /are/ searchable. Try http://marc.theaimsgroup.com/ and scroll down. Regards, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Junk food is considered part of the vegetable food group, because it comes from a plant. A big chemical plant. In New Jersey. - Kludge Dorsey -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Found MS-Word 97 Samba bug : diagnostic found!
On February 14, [EMAIL PROTECTED] said: And, here what I have!!! : First file has NO PROBLEM, second one HAS READ ONLY ERROR, (but not if the file is REOPEN again): -rw-rw-r--1 nobody nogroup 37888 Feb 14 11:46 test_file_1.doc -rwxr--r--1 nobody nogroup 37376 Feb 14 2003 test_file_2.doc Look at date Feb 14 2003: erkk!! this is not a standard date!!! I presume that's output from ls -l. I would hazard a guess that your server and client clocks are not in sync. If you're on linux, try ls --full-time Cheers, Waider. -- We are experiencing MVS processor spin loops, the programs are running while holding a disabled CPU. This is causing XCF communication delays to the point where we are losing VTAM RTP routing, are suffering OSPF adjacency failures on TCP/IP dynamic routing and MIM VCF failures. - Reported via Slashdot -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Found MS-Word 97 Samba bug : diagnostic found!
On February 14, [EMAIL PROTECTED] said: I presume that's output from ls -l. I would hazard a guess that your server and client clocks are not in sync. If you're on linux, try ls --full-time Yes! It's ls -l output I've posted. And yes again, client and server are not in sync. Do you mean that way I've to install ntpd and sync date/hour mechanism between samba server and clients? You don't have to, but it's probably a good idea. Note that you can run net time \\sambaserver /set on the clients to sync them up with the server. Why? Is there any paragraph on this in the samba howto collection? Dunno. Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It's a kludge to stop some old systems from breaking, as far as I know. Much like the rest of Unix, really. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Off Topic, please ignore (was RE: [Samba] !!ATTENTION NEWBIES!!)
On February 13, [EMAIL PROTECTED] said: If newbs tend to ask the same questions over and over and you don't like to see what they wrote, delete it. You don't have to respond and it's not that big of a deal to take a second to read something that you have no intention of responding positively to. I think what you meant to say is: Rule #x^2: FAQs are asked frequently. Get used to them. (from the Rules of Usenet) Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. FEH. you decent guys are all alike. - Meredith -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] rpcclient enumdrivers 3 times out on NT drivers
This is puzzling me (and hampering some work, slightly): NT4SP6 + full updates server, with some printers attached. rpcclient -U admin%pass enumdrivers 2 server gives me a list of stuff like this: [Windows 4.0] Printer Driver Info 2: Version: [0] Driver Name: [HP LaserJet 5Si PCL 5e] Architecture: [Windows 4.0] Driver Path: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV] Datafile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.PPD] Configfile: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV] ... ... ... [Windows NT x86] Printer Driver Info 2: Version: [2] Driver Name: [Lexmark Optra R Plus Series] Architecture: [Windows NT x86] Driver Path: [\\SERVER\print$\W32X86\2\RASDD.DLL] Datafile: [\\SERVER\print$\W32X86\2\OPTRA.DLL] Configfile: [\\SERVER\print$\W32X86\2\RASDDUI.DLL] rpcclient -U admin%pass enumdrivers 3 server, however, zips through the Windows 4.0 stuff and then sits there before eventually giving this: [Windows 4.0] Printer Driver Info 3: Version: [0] Driver Name: [HP LaserJet 5Si PCL 5e] Architecture: [Windows 4.0] Driver Path: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV] Datafile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.PPD] Configfile: [\\SERVER\print$\WIN40\0\ADOBEPS4.DRV] Helpfile: [\\SERVER\print$\WIN40\0\HPLJ5SI2.HLP] Dependentfiles: [\\SERVER\print$\WIN40\0\hplj5si2.ppd] Dependentfiles: [\\SERVER\print$\WIN40\0\hplj5si2.hlp] Dependentfiles: [\\SERVER\print$\WIN40\0\adobeps4.drv] Dependentfiles: [\\SERVER\print$\WIN40\0\pscript.ini] Dependentfiles: [\\SERVER\print$\WIN40\0\psmon.dll] Dependentfiles: [\\SERVER\print$\WIN40\0\iconlib.dll] Dependentfiles: [\\SERVER\print$\WIN40\0\fonts.mfm] Monitorname: [PostScript Language Monitor] Defaultdatatype: [] cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds result was NT_STATUS_UNSUCCESSFUL I'm trying to hack up a printer cloning script that grabs all the driver files and bits for a printer using enumdrivers and sticks them onto another server using adddriver, addprinter, etc. Obviously the above failure hampers that notion somewhat. Is this a flaw in rpcclient or in the Windows box? Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. caitlin says, climbing satisfies 2 apparent needs of mind: bashing my knees and shoe fetishism -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rpcclient enumdrivers 3 times out on NT drivers
On February 12, [EMAIL PROTECTED] said: This is puzzling me (and hampering some work, slightly): NT4SP6 + full updates server, with some printers attached. Woopsy, forgot to mention: Samba HEAD. Administrative user, joined to the domain, in printer admins group, etc. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It's a horrible thing to watch, almost like watching an infant tottering toward a porcupine. - Kyle Jones on MIS people writing C -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
rpcclient adddriver: core dump
Samba HEAD Looks like it's triggered by not closing quotes: [root@workst1 root]# rpcclient -U admin%passwd -W GROUP workst1 -d2 added interface ip=192.168.168.250 bcast=192.168.168.255 nmask=255.255.255.0 rpcclient $ adddriver Windows 4.0 HP CL 8500 - PCL:HPCPCLA.DLL:HP_LJ85.PPD:HPCPCLA1.DLL:H Segmentation fault (the second param to addriver is incomplete due to a cut-and-paste mishap; hitting return on it produces the segv.) Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It never ceases to amaze me how a 50% pay rise, overtime and low mileage can make you swallow your pride so easily. - Alan Weadick
one more rpclient buglet
Added a driver using: (B adddriver "Windows 4.0" "PR2:NULL:NULL:NULL:NULL:NULL:NULL:NULL" (B (BNow I get funny characters in the enumdrivers output: (B[root@workst1 root]# rpcclient -U user%pass -c "enumdrivers 2" workst1 (B (B[Windows 4.0] (BPrinter Driver Info 2: (BVersion: [0] (BDriver Name: [PR2] (BArchitecture: [Windows 4.0] (BDriver Path: [%/1iso8859-15,A0(B`] (BDatafile: [t] (BConfigfile: [%/1iso8859-15,A7Pa?(B] (B (BAlso (B adddriver "Windows NT x86" "PR2:NULL:NULL:NULL:NULL:NULL:NULL:NULL" (B (Bfails, but I'm not yet sure why. (B (BCheers, (BWaider. (B-- ([EMAIL PROTECTED] / Yes, it /is/ very personal of me. (B"So, while thinking about all this, I realized that my job could be (B defined as systematically, judiciously, deliberately forgetting (B things." - smarry
[Samba] which ACL attributes are supported by Samba?
I've tried to determine this empirically, but have run foul of config issues that won't be resolved in the immediate future. Basically, I know that Samba + ACL + an acl-aware filesystem will allow me to assign unix-style permissions to arbitrary groups of people for a given file. However, Windows has additional permissions: delete, take ownership, and, um, I think possibly one or two more. My question is whether these are supported by Samba if I have extended attributes switched on (which, as far as I can tell, should allow you to define whatever attributes you like for any file)? Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. There's no place like ~. - Brian P. Casey -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] which ACL attributes are supported by Samba?
On February 6, [EMAIL PROTECTED] said: you don't need ACL support for unix style permissions (user, group, world) ACLs are lists of arbitrary users that have the specified permissions on the files you choose. You do if you want more than one set of user/group acls per file. Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. I can't seem to undo 2,500 years of western rational thinking just by reading a couple Gary Snyder poems. - [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] which ACL attributes are supported by Samba?
On February 6, [EMAIL PROTECTED] said: I just tried to set an acl on take ownership it doesn't stick - it should. Read and write attributes does stick. Thanks, that's what I'd seen myself. I guess it's not supported at present. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. theres no polite way to deal with sales ppl - Louise -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
bug in findsmb
line #29: } else (m/-r/) { should be } elsif (m/-r/) { Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. kate says, no, there's a lot of red in heliotrope. kate says, we're talking like #993366 or so
Re: [Samba] File size limit = 2G?
On January 28, [EMAIL PROTECTED] said: The linux box can see the large Windows files, but does not see their correct sizes -- it reports an absurdly big size when using ls -l. Files less that 2GB show up correctly. Trying to create a 3G file on the Windows box from the linux box, using: Looks to me like you're using smbmnt, which isn't technically part of samba - it's part of the kernel. Urban Widmark has patches to enable large file support at http://www.hojdpunkten.ac.se/054/samba/ Note, this was discussed in the archives recently. Use the archive search at marc.theaimsgroup.com before posting questions. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. troc says, Or as the 'bot says in IRC: Look buddy, doesn't work is a strong statement. Does it sit on the couch all day? Is it making faces at you? Does it want more money? Please be specific! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Love wouldn't be blind if the braille wasn't so damned much fun. - Armistead Maupin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
core dump in rpcclient getdriver
hi folks, ran this command: rpcclient -U Administrator%password PDC -c getdriver PRINTER and got this output: [Windows 4.0] Segmentation fault (core dumped) Here's the stacktrace: #0 0x080a8abd in strlen_w (src=0x0) at lib/util_unistr.c:312 #1 0x0809bf6f in pull_ucs2 (base_ptr=0x0, dest=0xbfffd8c0 \027, src=0x0, dest_len=256, src_len=4294967295, flags=25) at lib/charcnv.c:570 #2 0x080a88b6 in rpcstr_pull (dest=0xbfffd8c0 \027, src=0x0, dest_len=256, src_len=-1, flags=1) at lib/util_unistr.c:173 #3 0x0806f118 in display_print_driver_3 (i1=0x81d61f8) at rpcclient/cmd_spoolss.c:875 #4 0x0806f4bb in cmd_spoolss_getdriver (cli=0x81b3ed0, mem_ctx=0x81d5238, argc=2, argv=0x81d5208) at rpcclient/cmd_spoolss.c:984 #5 0x08069762 in do_cmd (cli=0x81b3ed0, cmd_entry=0x814b5d4, cmd=0x8152680 getdriver PR1) at rpcclient/rpcclient.c:497 #6 0x080698a1 in process_cmd (cli=0x81b3ed0, cmd=0x8152680 getdriver PR1) at rpcclient/rpcclient.c:556 #7 0x08069e54 in main (argc=6, argv=0xbaf4) at rpcclient/rpcclient.c:753 #8 0x4026e1c4 in __libc_start_main () from /lib/libc.so.6 Poking around in it, the default data type for the printer is NULL, which is returned to the rpcclient as a null string. So when we get to this: 875 rpcstr_pull(defaultdatatype, i1-defaultdatatype.buffer, sizeof(defaultdatatype), -1, STR_TERMINATE); the coredump above is generated because i1-defaultdatatype.buffer is NULL. This only happens for a level 3 info dump - levels 1 and 2 are quite okay. I presume the correct fix is to check at rpcclient/cmd_spoolss.c:875 if the defaultdatatype is NULL or not, but I'm not 100% sure, so I'll leave that to smarter folks :) Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. The folks from Sendmail gave me a pocket knife. It has dozens of blades with a seemingly infinite number of functions, just like Sendmail. The first time I used it, it broke, just like Sendmail. - Kludge Dorsey
Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Love wouldn't be blind if the braille wasn't so damned much fun. - Armistead Maupin
Re: [Samba] NT PDC to Samba PDC migration
On January 27, [EMAIL PROTECTED] said: Has anyone succeeded in doing a transparent (or an as-close-to-as-possible) migration of an NT4 PDC to a Samba PDC? Yes, search the archives for the procedure I posted on Nov 25 or thereabouts. The only problem as such is that if you need to keep the PDC around, you have to disable the netlogon service on it to stop it trying to become the PDC again. That or rebuild it from scratch as a regular server (non-DC). Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It's ridiculous, you go and suddenly there's no email, or at least considerably less... I suppose we just have to face the fact that life does revolve around you... - Clarkey -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC+LDAP on FreeBSD
On January 22, [EMAIL PROTECTED] said: 1. What packages/ports do I need to install? Because most papers of LDAP online I could find mentioned little about Openssl. However, as I know, it's necessary for the option ldap ssl = start_tls in Samba . Also, I didn't find any ports of nss_ldap, but nss_ldap was mentioned by all samba+LDAP combination. What's wrong with that? nss_ladp didn't support FreeBSD? Without nss_ladp, can I still achieve my goal: Samba+ LDAP as PDC? FreeBSD doesn't support NSS, as I understand it. What the nss_* modules do is act as lookup sources when the system needs to identify a user, host, password, group, etc. So on a Linux system, for example, you can instruct the system to first look in files (/etc/passwd, etc) then try LDAP, and so on until a match is found or the sources are exhausted. In the case of Samba, this facility is not strictly necessary; Samba's requirement for working NSS support is solely so it can look up a Unix account or Group to match the SMB account or group information. You can get around this by either creating Unix accounts for all your Samba users, or using one of the non-unix account backends (ldap_nua, in your case). Note, as far as I know the _nua backends are only available in Samba 3. 2. Individual configuration/setting for every package. Tall order. Do you have a working LDAP setup already? You seem to have a working Samba setup, so what you want is to migrate the information in that into LDAP. I can't help you with that, since I've not done it. I'd suggest browsing the mailing list archives. 3. How to start every service? Again, a tall order. I'm not a FreeBSD user, so I can't really help you on this. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. buzzard says, If you are willing to put aside your kneejerk human speciesism, the AIs are perfectly sympathetically 'no worse' than humans. matrix -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC+LDAP on FreeBSD
On January 22, [EMAIL PROTECTED] said: i made some minor changes to the migrationtools to work properly. (some atrribute types are spelled wrong) What changes? Seems like it might be worthwhile telling the people on this list, if not the people at padl, about the errors. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. If at first you DO succeed, try not to look surprised - someone @ mot.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbfs + large UID's
On January 22, [EMAIL PROTECTED] said: Is there any work in progress to fix that problem? I'm running Linux 2.4.20 and SuSE 8.1 installed samba 2.2.5 but I've also played with samba-2.2-cvs as of today. http://www.hojdpunkten.ac.se/054/samba/ Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. The interior decorating site is something to behold. Preferably with welders glasses. - AjD -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] sort-of fix for net rpc vampire account creation
This patch allows net rpc vampire to create accounts in the same way that smbpasswd does, i.e. it will attempt to use the appropriate account creation function for the backend in use. From reading the comments on the top of the local_password_change function, either I shouldn't be going this route or local_password_change is due for some sort of change in status. The only major caveat I've found is that because net rpc vampire does a getpwnam_alloc() immediately after account creation, which fails in my case because I'm using ldap_nua as my backend so getpwnam_alloc() will /always/ fail. Cheers, Waider. Index: source/utils/net_rpc_samsync.c === RCS file: /cvsroot/samba/source/utils/net_rpc_samsync.c,v retrieving revision 1.16 diff -a -u -r1.16 net_rpc_samsync.c --- source/utils/net_rpc_samsync.c 20 Dec 2002 20:23:06 - 1.16 +++ source/utils/net_rpc_samsync.c 21 Jan 2003 12:13:36 - @@ -318,6 +318,24 @@ add_ret = smbrun(add_script,NULL); DEBUG(1,(fetch_account: Running the command `%s' gave %d\n, add_script, add_ret)); + } else { + /* Need to add the user by other means */ + int local_flags = LOCAL_ADD_USER; /* XXX */ + BOOL ret; + pstring err_str; + pstring msg_str; + + ret = local_password_change( account, local_flags, NEWPASS /* XXX +*/, err_str, sizeof( err_str ), msg_str, sizeof(msg_str)); + if (*msg_str) + printf( msg_str ); + if (*err_str) + fprintf(stderr, err_str); + if ( !ret ) { + /* FIXME any other cleanup? */ + DEBUG(3, (Could not create account %s\n, account)); + pdb_free_sam(sam_account); + return NT_STATUS_NO_SUCH_USER; + } } pw = getpwnam_alloc(account); if (pw) { -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Life? hell, i haven't had time to do laundry. I'll get all sorts of life soon enough if that keeps up. - AjD -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sort-of fix for net rpc vampire account creation
On January 21, [EMAIL PROTECTED] said: sort of change in status. The only major caveat I've found is that because net rpc vampire does a getpwnam_alloc() immediately after account creation, which fails in my case because I'm using ldap_nua as my backend so getpwnam_alloc() will /always/ fail. Errr. never finished this point. Because the getpwnam_alloc() fails, the rest of the sync doesn't get executed. If you run net rpc vampire a second time, though, the rest of the account info gets transferred. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. ...all I can think that I taught you was after you have sent the e-mail pick up the phone - Paul Healy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sort-of fix for net rpc vampire account creation
Continuing the saga: Groups are not migrated by the ldap_nua backend, even if I create a posixGroup entry. After a bit of prodding, I found the latter was because Samba had set up group mappings in group_mapping.tdb, which my manually-created LDAP groups didn't agree with. Removing group_mapping.tdb fixed /that/ problem - i.e. accounts have their group information properly updated - but the basic problem, that groups are not migrated - still exists. And it appears that smbgroupedit is not capable of creating a new group in the same way that smbpasswd is capable of creating a new user. I'm copying this to samba-technical, since I believe it's an implementation detail at this point. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Some people just don't know which side of the good/evil thing to side with, despite the obvious fun now, pay later advantages of the evil side for those of us who need instant gratification. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sort-of fix for net rpc vampire account creation
Continuing the saga: Groups are not migrated by the ldap_nua backend, even if I create a posixGroup entry. After a bit of prodding, I found the latter was because Samba had set up group mappings in group_mapping.tdb, which my manually-created LDAP groups didn't agree with. Removing group_mapping.tdb fixed /that/ problem - i.e. accounts have their group information properly updated - but the basic problem, that groups are not migrated - still exists. And it appears that smbgroupedit is not capable of creating a new group in the same way that smbpasswd is capable of creating a new user. I'm copying this to samba-technical, since I believe it's an implementation detail at this point. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Some people just don't know which side of the good/evil thing to side with, despite the obvious fun now, pay later advantages of the evil side for those of us who need instant gratification.
Re: [Samba] Samba-LDAP - Getting Computer accounts to livein ou=Computers
On January 17, [EMAIL PROTECTED] said: Well, it is not called stable and surely there are still a lot of bugs somewhere. We've migrated our ~700 user network from ActiveDirectory to samba 3.0 about one month ago, and up to now there are surprisingly few problems (3.0 is running on our Domain Controllers only, the fileservers Nice to see someone's testing out this code before I commit my network to it :) I'm currently trying to get net rpc vampire working with sam backend = ldap. I am a little confused by the absence of an ldap-adduser script in the Samba CVS HEAD, since without an adduser script I'm not getting any accounts created. Is Samba supposed to create the ldap accounts itself, or is the ldap adduser script simply deprecated, and what are people using to accomplish this right now? Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. There's a certain uniformity of suck that must be maintained or the UNIX community won't take you seriously. - Rocco Caputo on naming books. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP PDC, net rpc vampire
still digging at this: [2003/01/20 14:26:38, 2] passdb/pdb_ldap.c:ldapsam_connect_system(421) ldap_connect_system: succesful connection to the LDAP server [2003/01/20 14:26:38, 4] passdb/pdb_ldap.c:ldapsam_open(472) The LDAP server is succesful connected [2003/01/20 14:26:38, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1573) We don't find this user [Administrator] count=0 [2003/01/20 14:26:38, 3] utils/net_rpc_samsync.c:fetch_account_info(333) Could not create account Administrator [2003/01/20 14:26:38, 0] passdb/passdb.c:pdb_free_sam(355) pdb_free_sam: SAM_ACCOUNT was NULL At this point I am suspecting that it's expecting an LDAP account to exist already because I'm using sam backend = ldap. I'll try ldap_nua to see if it improves things, but if anyone can interrupt me and tell me what I'm missing I'd appreciate it. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. yeah, you're in no position to be talking. telling dirty limericks to a cat lady on the other side of the planet at half past two in the morning? really, now. - Meredith. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: LDAP PDC, net rpc vampire
On January 20, [EMAIL PROTECTED] said: At this point I am suspecting that it's expecting an LDAP account to exist already because I'm using sam backend = ldap. I'll try ldap_nua to see if it improves things, but if anyone can interrupt me and tell me what I'm missing I'd appreciate it. Right, I think I've figured this out: this is in utils/net_rpc_samsync.c if (*add_script) { int add_ret; all_string_sub(add_script, %u, account, sizeof(account)); add_ret = smbrun(add_script,NULL); DEBUG(1,(fetch_account: Running the command `%s' gave %d\n, add_script, add_ret)); } So this is expecting an add user/machine script. The next line: pw = getpwnam_alloc(account); checks to see if the account was created. And finally: if (pw) { /* stuff... */ } else { DEBUG(3, (Could not create account %s\n, account)); pdb_free_sam(sam_account); return NT_STATUS_NO_SUCH_USER; } prints an error message if the account /wasn't/ created. So at this point, the only place a LDAP account will be created is if getpwnam_alloc() does it. And, well, it doesn't. So for net rpc vampire to work, you need a working ldap-oriented add user script. Which goes back to my original question; the previously used script has been put in the Attic. I'm guessing longterm the intention is to use LDAP directly, rather than an intermediary script. But IMHO it'd be better to leave the existing LDAP script in place until the new LDAP stuff works? Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Your broker is a half-naked blue-and-orange crypto-anarchist? - Neal Stephenson / The Great Simoleon Caper -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auto start
On January 13, [EMAIL PROTECTED] said: 3) from a console (or, in case you have no GUI), you type 'ntsysv'. Again, this gives you a list of services and checkboxes; tick off 'smb'. And perhaps the best way, since it's the (current) Red Hat preferred method: open a console/root terminal and enter chkconfig smb on service smb start chkconfig --list smb will show you the current status of Samba in terms of which run levels it runs in. Practially speaking, chkconfig smb on will switch it on for the levels that matter. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. One or more sentences in this post have been over-leavened with sarcasm and/or irony. The author fully expects to be misunderstood because of this, you illiterate morons. He doesn't care. - AjD -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: (no subject)
On January 9, [EMAIL PROTECTED] said: samba is calling the 'add user script' option for creating machine accounts. does the 'add machine script' option exist in 2.2.7? Nope, it's new for Samba 3. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. i do this some times to check your still alive and have not been killed in some tragic accident involving alcohol, geekery, GPS and high voltage - Bob -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: (no subject)
On January 9, [EMAIL PROTECTED] said: mmm Perhaps we should do this a bit differently then for the smbldap scripts, eh? when samba gives the machine name in %u, does it trail a dollar sign on it? or does it just give the machine name alone? Dunno, I've not traced it. I'm guessing it has the dollar on it, but you'd need to monitor your logs to check. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. I spent a lot of time being 'depressed, despite', then some time being 'depressed, because' and 'depressed, in addition to which'. Currently I think I'm at 'neutral, despite'. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RH8 and Samba 3
On January 8, [EMAIL PROTECTED] said: On Wed, Jan 08, 2003 at 11:06:04AM -0600, Darin Bawden wrote: Greetings everyone, Just a quick question, I hope. I installed the 3.0 alpha for an RH 8.0 test server. In the smb.conf file I have printing=cups and printcap=cups. In should this not be printecap=yer cups printcap fully qualified path name? Nope. printcap=cups and printing=cups works just fine. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. for god's sake, give me some credit. i may be an egocentric jerk, but i'm not a COMPLETE asshole. - Meredith -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
inconsistent properties (Samba 3.0-HEAD)
Hi, under current CVS samba I've set up a BDC to test some migration stuff. If I look at it in Network Neighbourhood and view its properties, it's listed as Windows NT 4.9 Primary. If, however, I look at it in Server Manager, it's listed as Windows NT 4.9 Backup (which is what I'd expect, since it /is/ a backup server). Not a problem, just a note :) Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. I'm okay. I am not being starved, or beaten, or unnecessarily frightened. - Douglas Coupland, _Microserfs_
Re: [Samba] mounting smbfs...
On January 6, [EMAIL PROTECTED] said: Try sudo. Put a line into sudoers that allows your users to only use the command mount -t smbfs //machine_name/share /home/usr_name/music For user-level mounts, try adding the 'user' flag to the fstab: //pdc/d /mnt/tmpsmbfs noauto,user 0 0 This will prompt the user for their password, and use their unix username to do the mount. Note, for reasons that are not entirely clear to me, the user must own the mount point, and only root can unmount these partitions after they've been mounted. I may look into this if I get time, as user mounts don't normally behave like that (the user who mounts can also unmount, and the user doesn't need to own the mountpoint) Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. These drives do not respond to the disk query in 24 hours, considered here to be more than a reasonable response time. - BorderWare Knowledgebase -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT Question
On January 5, [EMAIL PROTECTED] said: I am running a Samba Server on a 7.0 Linux machine. I am having poor luck in enabling SWAT. As this machine has no inetd.conf file but instead has a xinetd.conf file. To this file I have added the line: swat stream tcp nowait.400 root /usr/sbin/swat swat Then rebooted the system, restarted samba. Then I've tried to connect to the IP, http://10.0.2.26:901 and it doesn't display the swat admin page. I am not sure what I'm doing wrong. Steve L xinetd.conf is very different to inetd.conf. Rather than editing the xinetd.conf file directly, put the details of the service into a file in /etc/xinetd.d/ and format it like this: # default: on # description: swat configures samba service swat { socket_type = stream protocol= tcp port= 901 type= UNLISTED wait= no user= root server = /usr/sbin/swat server_args = swat disable = no } then restart xinetd (service xinetd restart) and try again. Note, this is untested. You may need to check the xinetd.conf manual page to make sure the above is formatted correctly. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. AjD feels frustrated in his attempts to establish the delinitations of horror in puppy-burying. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT Question
On January 5, [EMAIL PROTECTED] said: Indeed, Mr. Waide's answer should suffice; however, before you take the opportunity of creating that file, you may want to look in /etc/xinetd.d to see if there is a file called swat. If that file is there, then you only need edit that file and change the disable=yes to disable=no and then, as he indicated, restart your smb service. Sean better still, use chkconfig: [root@qaz ~]# chkconfig --list | grep swat swat: off [root@qaz ~]# chkconfig swat on Note, this may not work in 7.0; I'm basing this (and the previous post) on 7.3. The above is certainly the preferred way to activate/deactivate services in 7.3 and up for which there is already a file in /etc/xinetd.d Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. bc says, Tell me about Ireland kate says, green, lumpy, no snakes. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] known bugs/issues/gotchas
Hi sambafolks, I see a number of topics cropping up here repeatedly over the last few weeks: * Files 4GB not supported This is confirmed and solved in 2.2.7a, but not in the current incarnation of smbfs (which is not part of samba, I know, but will get discussed here as a related topic) * desktop.ini weirdness in profiles I've seen this mentioned a few times with no sign of a real solution. * problems with Win2KSP3 clients Again, several mentions, no solutions offered My question is, is there a canonical place to go where I can find a list of /all/ bugs/issues currently under investigation by the samba team? I see from the development page that you use IRC to coordinate development, but I presume at some point this falls out into Tridge is looking at the Win2KSP3 issue while Jerry is working on desktop.ini My main reason for asking is that I'm in the middle of a rather complicated migration to Samba and I'd prefer to know up front what's going to bite me, rather than having to fend off angry users afterwards. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. There's a difference between not shy and stalking. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] known bugs/issues/gotchas
On January 3, [EMAIL PROTECTED] said: * desktop.ini weirdness in profiles I've seen this mentioned a few times with no sign of a real solution. I'm not sure what you mean by this - given that what gets uploaded into I believe Dragan Karnic (sp? sorry, don't have the name to hand!) mentioned this most recently. Something along the lines of shortcuts to folders getting mangled: when you click the shortcut, you get a folder with two items, one of which is a second shortcut to the folder and the other of which is a desktop.ini file. Those aren't the exact details; I'll go mining the archives and see what I can dig up. * problems with Win2KSP3 clients Again, several mentions, no solutions offered Please include details sufficient to identify the problem you specifically refer to. Umm. I believe there was one mentioned just yesterday, in great detail (someone who'd run through the entire DIAGNOSIS.TXT file step-by-step and included the results of each test), the net result of which appeared to be that Win2K could see the Samba server but couldn't access the shares. Again, I'll go mining the archives. Not particularly. Most issues get addressed on the samba-technical list, so reading the archives is often a good idea. Certainly I don't know of any particular efforts on the two (rather vauge) bugs you have mentioned. Read the CVS history at build.samba.org if you are wanting to follow development closer. Yep, alas, I don't have as much time as I'd like to devote to that :) I don't mean to pick holes in Samba, note. The two items I mentioned above are things I've seen passing by on the list without any apparent solution, and I've seen several mentions of both items, which is why I asked if there was a list of such issues being maintained. If you detail your expected setup to the list, you might find people who can give you advise as to the more 'generic' or 'problem space' gotchas - these are more likely to cause you trouble than specific issues in the latest Samba. (Simply because the main problems Samba has are problems we can't deal with - like the fact we run on Unix, not NT :-). :) Setup is, to be honest, a cross between trivial and convoluted: the trivial part is that it's a small network, less than 100 people total. The convoluted part is that it's an amalgamation of several companies, so the network is a disaster. I've cleaned up most of the stray workgroups and that sort of thing, but the following tasks remain: * Remove NT PDC, replace with Linux PDC - this is why I was messing about with net rpc vampire late last year. I got no feedback on the description I posted about that, so I assume I wasn't doing anything /to/ insane... * Switch all local profiles to roaming - yes, this is a generic Windows Domain issue, not a Samba issue. The roaming profiles will end up on a Samba server, however, which is why I'm paying close attention any time someone mentions a problem with them. Andrew Bartlett Cheers, Waider. -- That actually holds as a general rule. French folk will often help out in fluent english after you've stuttered for ten minutes, telling them you are the son of a fermented potato and would like to wash your wife's chilblains in some fresh orange juice. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On January 2, [EMAIL PROTECTED] said: Check that this says: interfaces = eth0 lo where lo is whatever the loopback interface is called on your system. To find it's name run 'ifconfig -a' I'd realised that. I'm not exactly a newcomer to unix/samba :) What is the output of 'netstat -a'? netstat was originally (I thought) showing nothing listening on 0.0.0.0. Reading the man page I realise this can't be right, since nmbd needs to listen there for broadcast traffic. It's currently showing a listener on 0.0.0.0. Tweaking socket address, interfaces, and bind interfaces only doesn't appear to change this, but as I said that's what I'd expect having read through the manual page. I'm just suffering from some sort of delusion that I managed to switch the service off at some point. HAve you set up a firewall on your system? How have you firewalled port 137/udp? No, the whole point of my setup is to try and configure any services on the machine to be safe in the absence of a firewall. If I don't have a listener on a given interface, then it doesn't matter if the firewall is working or not, you can't get any information from that interface for whatever service you're looking for. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. merde says, in other news, our mini-blimp blew away. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] applying ACL patches to Red Hat: update
Okay, it appears that something in my patches (unposted!) breaks the NFS daemon in such a way as to cause oopses. This is not good, so I'll see if I can debug it before offering the patches for general consumption. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. It's inherently difficult to get reliable information about an event that consisted of the destruction of all recorded information. - Neal Stephenson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
leak of some sort in smbcacls
Hi, just spotted this while leafing through the CVS tree (some code elided for clarity) source/utils/smbcacls.c static int cacl_dump(struct cli_state *cli, char *filename) { [-] fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ); [-] if (!sd) { printf(ERROR: secdesc query failed: %s\n, cli_errstr(cli)); return EXIT_FAILED; } [-] cli_close(cli, fnum); [-] } So basically, cli_close doesn't get called for fnum if the security descriptor (sd) is null. Since smbacls appears to be designed for one file at a time right now, this probably isn't a major issue. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Anyone who doesn't meet these standards will be cast into the outer darkness, where there is not only wailing and gnashing of teeth, but squishy mud and frogs that go 'ribbit'. - joshua geller
Re: [Samba] newbie: Verification of the downloaded Samba source
On Tue, 10 Dec 2002, alan brown wrote: Could not find a valid trust path to the key. Let's see whether we can assign some missing owner trust values. No path leading to one of our keys found gpg: Warning: This key is not certified with a trusted signature. Gpg: There is no indication that the signature belongs to the owner. All this is saying is that yes, the signature does check out against the key you provided; however, gpg has no indication of the validity of that key. The wrong way to solve this is to use gpg to set the key to 'trusted'; the right way is to obtain a chain of keys that connects the Samba key to a key you trust, such as your own. Obviously the right way is more difficult since you need to obtain the keys that signed the samba key, then the keys that signed /those/ keys, and so on until you get to a key that you've signed yourself or a key that you have declared as trusted. This is pretty integral to GPG/PGP, so I'd suggest you read up on these to learn more. Cheers, Waider. D9B006F7 in GPG land :) -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. `My fault' - what you say when you detonate a grenade in the midst of your comrades and send their body parts flying. - Julian Waldby -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On December 11, [EMAIL PROTECTED] said: Well, I thought I had bind interfaces only = Yes but it is commented out. I commented out the interfaces lines and restarted Samba. Now Red Hat 7.3 samba-2.2.7-1.7.3 with the interfaces line, there's still a listener on the ppp0 interface (the one I don't want a listener on). Adding bind interfaces only = yes makes that listener go away. Thanks for the pointer. I'd gone through the manual page some months ago and apparently missed this. Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. No, I keep thinking you're a real country rather than a potato-worshipping bit of mud. - Susan Witterick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ACL
On December 11, [EMAIL PROTECTED] said: Waider, Would you mind commenting further on what you had to do to get RedHat 8.0 support ACLs. Thanks K.C. Sure: * Download kernel SRPM * Modify patches[1] * Spend several hours rebuilding kernel packages [1] is obviously the tricky bit. I'm testing out the modified patches at the moment, plus I've offered them to the bestbits guy but not yet received a reply. I'll stick 'em on my website tomorrow at some point and post the URL here for interested parties. Note, I've done this for Red Hat 7.3 but since the kernel versions are the same (2.4.18-18) I think the patches will apply easily enough to the Red Hat 8.0 SRPM. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Life sucks. Get a helmet. - Denis Leary, as quoted by Susan Witterick on It never rains, it POURS. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On December 10, [EMAIL PROTECTED] said: Just having a senior moment here, but, I recall vaguely that samba will listening on all NIC's but ignores the ones you tell it to ignore with. Joel Hmm. My home network config has samba configured to only listen on the internal network, but nmb seems to ignore that and listen on the external (ppp) network as well. And it definitely works, because I occasionally have port-scanning morons successfully connecting to nmb and getting a browse-list. Of course, they can't do anything more with it, but. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. $HOME is where the .heart is. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 2gb limit weird filenames
For the record, stock RedHat 7.3 kernel (2.4.18-18.7.x) supports files greater than 2GB. Rather than debating the point as to whether various things theoretically support 2GB files or not, it's rather easy to empirically determine support using dd to create a file greater than 2GB. Just my $.02 and all. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. My evil is unjust and cruel in the smallest and most annoying way possible. - Catherine Clarke -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Windows 2000 Password Authentication
On December 9, [EMAIL PROTECTED] said: Is there a way to configure Samba so that all password authentication is done through the Windows domain controllers? I presume you mean all samba authentication: join your server to the domain. This is covered pretty exhaustively in the documentation. If you wish your unix authentication to be done via Samba also, look at winbind and the documentation for that. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Went to Lost World with Dave last nite before work. The two of us were destroyed and the movie sucked too. We are no longer in awe of dinosaurs. - Donal -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ACL
On December 7, [EMAIL PROTECTED] said: No, the option/s/ are all enabled in the kernel. What's missing, I think, is all the rest of the support: libacl, libattr, patched fileutils, etc. I'm currently rebuilding various bits and pieces to see if I can make it work without too much grief. Okay, clarifying my clarification. The ACL defs are in the main configuration section, but none of the patches in the rest of the kernel tree appear to be present. Drat. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. That's something tas mentioned in passing once or twice...DSP, so what is it? If it's anything to do with the glorious Limerick era then David's probably better off out of it. - Dalton Moloney 29/03/1996 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ACL
On December 3, [EMAIL PROTECTED] said: So it looks like the option is turned on in the kernel config, but the patch is not actually in the kernel. No, the option/s/ are all enabled in the kernel. What's missing, I think, is all the rest of the support: libacl, libattr, patched fileutils, etc. I'm currently rebuilding various bits and pieces to see if I can make it work without too much grief. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Turtles. Big, green turtles. - Orla -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ACL
On December 4, [EMAIL PROTECTED] said: Actually, RedHat's recent precompiled kernels appear to have acls enabled by default. I installed RedHat 8.0 and acl on ext2/3 didn't work, with the precompiled Kernel from SGI and xfs acl work fine. Yup, this is why I said appear to have rather than have. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. AjD feels frustrated in his attempts to establish the delinitations of horror in puppy-burying. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ACL
On December 3, [EMAIL PROTECTED] said: acls can work with ext2/ext3 but you have to apply the patches from bestbits. xfs is a better choice and has the acl stuff built in. Actually, RedHat's recent precompiled kernels appear to have acls enabled by default. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. The majority were fairly uncategorizable freaks, but you could tell that even the most normal-looking people there were still the weirdest people at their day job. - Jamie Zawinski -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: using samba as unix network filesystem
On December 2, [EMAIL PROTECTED] said: The trouble is that if you enable this for any shared file space, your MS Windows client applications will break. I think the point he was making is that he's using it solely for Linux-to-Linux communication, which I think is the wrong tool for the job, but hey. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. where's my surprise party, where's my cake and ice cream, where's my dozen roses, where's my unconditional love? - meredith -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: AW: [Samba] attrib +R myowndir fails to write-protect my own dir
On November 28, [EMAIL PROTECTED] said: actually a second attempt at drawing your attention to the fact that compliance with M$ quirks and kinks is not something to be ashamed of but rather reason to be proud. I think you'll find that the Samba team are quite familiar with this opinion, especially in the context of the Samba TNG fork :) Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. kate says, no, there's a lot of red in heliotrope. kate says, we're talking like #993366 or so -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP
On November 26, [EMAIL PROTECTED] said: You need to disable RequiresSignorSeal in the registry. If you check the Samba source tarball, ~samba/docs/Registry/WinXP_SignOrSeal.reg is the file you need to double-click on in XP to turn off this feature. The other way is to use the Security editor to turn this off. I've a vague suspicion that this may bite me shortly, but anyway. Is this registry fix necessary for the CVS/alpha code, and is it documented somewhere other than in the comment at the top of the registry file (i.e. what the heck does it do?) Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. purl Beware the lollipop of mediocrity. Lick it once and you suck forever. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP
On November 26, [EMAIL PROTECTED] said: This feature was possible in Win2K but disabled by default, in WinXP it is enabled by default. It is necessary to turn it off in XP if you want to connect with NT4 servers also. Aha, so if I have an NT4 server already I should consider this a non-issue. That's fine. Thanks. Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. I'd fix it for you, but I don't want to break into your site. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nmblookup not honoring smb.conf?
On November 26, [EMAIL PROTECTED] said: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 20 Nov 2002, adam morley wrote: my problem is that while nmblookup is reading smb.conf (see attached strace) its not honoring the name resolve order line and checking with the wins server. am i missing something obvious? Correct. This is by design. To query a WINS server use nmblookup -U ip of wins server -R name to resolve I think this is in the nmblookup man page. Reminds me: is it also correct that nmbd ignores which address it's supposed to listen on, and instead binds to 'em all? I prefer to configure my services so that they're not visible on the Internet-facing side of things even if my firewalling is broken, just in case my firewalling gets broken somehow. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. When you say `I wrote a program that crashed Windows', people just stare at you blankly and say `Hey, I got those with the system, *for free*' - Linus Torvalds -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba