tcon torture test
Hi, Herb and I looked at the TCON torture test a bit today. In our testing we found that Windows NT4, Win2K and most Samba versions fail it, so we both wonder which server ever passed this test. We tested NT4 SP3 and NT4 SP6, as well as Win2K server and Win2K workstation. I have also tested NT4 SP1. To refresh your memory, the TCON tests connects to a share and opens a file. It then writes to the file, and then connects to the same share again, and writes to the file that was originally opened and expects the second write to fail. Herb found an interesting case, though. It seems that Pillar Data's CIFS implementation, which is based on Samba 2.2.x, passes this test. This is surprising, because it suggests that Pillar has changed their version to pass this test, when so few other servers pass the test. Does anyone know of any servers pass the test, and why it is there? It is interesting to note that it is in the torture code in Samba 2.2.x as well, so it might be left over from a very early version of NT4. I wonder if it was only Win9X where this test succeeds? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Another way to fix pdbedit segfaults in Samba 3.0
As we know, the pdbedit from samba3.0 alpha21 got segfaults when you don't give the user_name. There is a fix about this on the CVS, but I think that the fix does not do that the pdbedit should do, that means, if you don't give the user_name the tool should show all users, but not exit like the fix did. I've fixed the problem in another way, that if you run pdbedit without a user_name it show all users, otherway, it show the user that you sepcified. I have tested it and it worked! The patch is following: (the pdbedit.c.rel is that from samba team) --- pdbedit.c.rel Thu Mar 6 13:30:16 2003 +++ pdbedit.c Thu Mar 6 13:30:43 2003 @@ -494,9 +494,6 @@ poptGetArg(pc); /* Drop argv[0], the program name */ - if (user_name == NULL) { - user_name = strdup(poptGetArg(pc)); - } if (!lp_load(dyn_CONFIGFILE,True,False,False)) { fprintf(stderr, Can't load %s - run testparm to debug it\n, dyn_CONFIGFILE); Jianliang Lu TieSse s.p.a. [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: quota group
At 21:55 05.03.2003 +1100, Andrew Bartlett wrote: Wouldn't it be better to report the smaller of the two quotas? Make this a BOOL for type 'group_quota' or even better an enum with values 'USER_QUOTA, GROUP_QUOTA'. I have allready defined an emun :-) If you can repatch this against HEAD, and check with metze (Stefan (metze) Metzmacher [EMAIL PROTECTED]) on how this might conflict with his work in this area. In particular, it might work out best that metze picks this up into his patch. (He is working on being able to modify the quota from an Windows client!). Ok, I will pick it up :-) I will also make this available on all platforms witch supports, group quotas. Either way, this certainly is a very nice idea! :-) metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Re: quota group
At 13:13 05.03.2003 +, David Lee wrote: In the devel/TODO there is a suggested coding project: Rewriting Samba's current filesystem quota support as a VFS module. I'm currently working on this There has also just been another thread from someone requesting some sort of directory-dependent result from df-like functionality. Is now the time to extract the handling of df (default), quota, dfree command into a generalised VFS structure, reimplementing those mechanisms in such a framework? the disk_free function is allready in the vfs framework and I'll add the vfs_get_quota vfs_set_quota functions metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Re: Detecting Windows OS Version through Samba
Thanx everyone, i found what i was looking for and send feedback just in case anybody needs it: http://winfingerprint.sourceforge.net/ Agis Andreou wrote: Hello everyone, I have a samba server and several wannabe clients on a different subnet. Is there a way to determine their windows os version through the network, (without actually asking their owners or trying to physicaly locate the hosts)? if i am not mistaken the info i'm looking for is exposed at least during the browser election proccess, but that is not enough since i am on a different subnet. NetBIOS is open to those machines. Is there a cmd line utility or source code for solaris/bsd/linux or windows that can be used for that purpose? thanx, Agis
Re: quota group
On Thu, 6 Mar 2003, Stefan (metze) Metzmacher wrote: At 13:13 05.03.2003 +, David Lee wrote: In the devel/TODO there is a suggested coding project: Rewriting Samba's current filesystem quota support as a VFS module. I'm currently working on this There has also just been another thread from someone requesting some sort of directory-dependent result from df-like functionality. Is now the time to extract the handling of df (default), quota, dfree command into a generalised VFS structure, reimplementing those mechanisms in such a framework? the disk_free function is allready in the vfs framework and I'll add the vfs_get_quota vfs_set_quota functions Sounds good. Thanks. In which CVS branches should I look for this? SAMBA_3_0 would be ideal because we are about to start some serious testing of other 3.0 aspects, and I could easily test some of this df/quota functionality at the same time. But HEAD would be OK. -- : David LeeI.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/South Road: : Durham: : Phone: +44 191 374 2882 U.K. :
Joining domains specifying auth realm
Samba-folk: I've run into a problem that I'd like to throw open for a general solution. The problem is joining an Active Directory, say AD1.COMPANY.COM, but specifying a different authentication realm for the username/password, say AD2.COMPANY.COM. For instance, this currently fails: net ads join AD1 -U username%password No matter what is specified on the command line or smb.conf (that I've found), it always tries to authenticate using [EMAIL PROTECTED]. How should we allow an alternate authentication domain be specified? Maybe: net ads join AD1 -U [EMAIL PROTECTED] or net ads join AD1 -A AD2.COMPANY.COM -U username%password Or have I missed something fundamental? Ken Ken Cross Network Storage Solutions Phone 865.675.4070 ext 31 [EMAIL PROTECTED]
Re: VFS related.
On Wed, Mar 05, 2003 at 06:43:52PM +0200, TUDOR Coserea wrote about 'VFS related.': Hi, I'm was trying to port my VFS module over *BSD. I had some problems and I want to share the results with you: 1. On OpenBSD 3.1 in dynamic module symbols are mangled with _ in front of name of the function so sym_dlsym(handle, vfs_init) don't work but sym_dlsym(handle, _vfs_init) is ok. I resolved this by forcing the compiler to generate vfs_init instead of _vfs_init: extern struct vfs_ops* rav_vfs_init(int*, struct vfs_ops *) asm (vfs_init); before function definition. I prefer that samba during configuring time to see how the name are mangled and to add '_' in OpenBSD case, or to try dlopen twice: one for symbol_name and if this fails for _symbol_name. 2. On NetBSD 1.6 (GENERIC) because I'm using some functions from smbd (in order to send messages to the client who access an infected file) I've got this error: [2003/03/05 19:39:46, 3] /usr/pkgsrc/net/samba/work/samba-2.2.6/source/smbd/vfs.c:vfs_init_custom(138) Initialising custom vfs hooks from /usr/local/lib/rav/ravsamba.so [2003/03/05 19:39:46, 0] /usr/pkgsrc/net/samba/work/samba-2.2.6/source/smbd/vfs.c:vfs_init_custom(143) Error opening /usr/local/lib/rav/ravsamba.so: /usr/local/lib/rav/ravsamba.so: Undefined PLT symbol dbgtext (reloc type = 7, symnum = 75) [2003/03/05 19:39:46, 0] /usr/pkgsrc/net/samba/work/samba-2.2.6/source/smbd/vfs.c:smbd_vfs_init(188) smbd_vfs_init: vfs_init_custom failed The problem resides in the default configuration of ld.elf_so. You might want to include in your VFS documentation the need to export the environment variable LD_BIND_NOW before starting smbd daemon on NetBSD. Which version of samba are you using? Is 'DYNEXP' set correctly and at all ? jelmer -- Jelmer Vernooij [EMAIL PROTECTED] - http://nl.linux.org/~jelmer/ 18:02:55 up 8 days, 4:15, 32 users, load average: 0.29, 0.28, 0.18 pgp0.pgp Description: PGP signature
3.0a22: Minor Issue with passwd program + kludge fix
I am using 3.0a22 as a PDC with LDAP SAM backend. I am using a python script as a passwd program to sync ldap passwords. My python script uses a first line of #!/usr/bin/env python and is normally mode 750, owned by root:root. It worked fine under 3.0a21. Under 3.0a21, the script no longer executes when a remote user requests a password change. I can make it work, but first let me say that with SMBD set to log level of 100 and passwd chat debug = YES, I see this: [2003/03/06 12:54:47, 3] smbd/chgpasswd.c:chat_with_program(441) Dochild for user mattro (uid=0,gid=0) [2003/03/06 12:54:47, 10] smbd/chgpasswd.c:dochild(215) Invoking '/usr/local/sbin/ldapsamutil.py -p mattro' as password change program. [2003/03/06 12:54:47, 0] lib/util_sock.c:read_socket_with_timeout(275) read_socket_with_timeout: timeout read. read error = Input/output error. [2003/03/06 12:54:47, 100] smbd/chgpasswd.c:expect(270) expect: expected [New Password: ] received [sh: /usr/local/sbin/ldapsamutil.py: Permission denied ] match no To make it work, I add read and execute bits for everybody (need read for python interpreter and execute to make the script executable) then it works. It's insecure, but it works. So it looks like the logfile entry above that says the child is executing as uid=0,gid=0 is not actually happening. Working modes for the script include 755 and 005, of all things, on a script owned by root:root. Nonworking modes for the script include 750 770, etc. If anyone would like to see more logfile data, please let me know. Thanks, Matt
Re: VFS related.
Hi, Jelmer Vernooij [EMAIL PROTECTED] writes: Which version of samba are you using? Is 'DYNEXP' set correctly and at all ? 2.2.4 and 2.2.7 DYNEXP=-Wl,--export-dynamic I found this in manual of ld.elf_so Relocation ld.elf_so will perform all necessary relocations immediately except for relocations relating to the Procedure Linkage Table (PLT). The PLT is used as a indirection method for procedure calls to globally defined functions. It allows, through the use of intermediate code, the delayed binding of a call to a globally defined function to be performed at pro- cedure call time. This `lazy' method is the default (see LD_BIND_NOW). LD_BIND_NOW If defined immediate binding of Procedure Link Table (PLT) entries is performed instead of the default lazy method. Regards, Tudore.
Restrict Anonymous
Hello list, Has anybody coded some sort of workaround for joining domains with RestrictAnonymous set? The typical behavior I see is for NT4 domains we're able to look up sequence, but never enumerate users and groups. For ADS domains, it seems that even looking up sequence from the domain fails. I appreciate any insight. Thanks, -Marc
Re: Restrict Anonymous
On Thu, 6 Mar 2003, Marc Kaplan wrote: Hello list, Has anybody coded some sort of workaround for joining domains with RestrictAnonymous set? The typical behavior I see is for NT4 domains we're able to look up sequence, but never enumerate users and groups. For ADS domains, it seems that even looking up sequence from the domain fails. Are you referring to domain joining or having winbindd function. If the latter, winbindd in head and Samba 3.0.0 allows you to specify a username and password that winbindd can use to perform functions that it used to be able to do. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
SessionSetup_and_X with VC=0
I was following an earlier thread Samba doesn't free network resource with XP clients, and in investigating the SessionSetup_and_X handling I have a couple of questions. (I only looked at 2.2.7a (not 3.0)) 1) It appears that in reply_sesssetup_and_X(), the VC is in essence ignored. When I look at an ethereal trace of browsing from a W2k workstation, many SessionSetups are transacted for user anonymous, and *new* uids are being issued. Is not reclaiming users by tracking VCs chewing up pdb entries? Or is the uid simply being advanced without *real* resource allocation for the guest user? 2) Is it possible to have multiple child smbds servicing one W2k workstation? If so, under what conditions? I can only get it to use the same negotiated session key over and over again. Thanks, Peter Hurley
RE: Restrict Anonymous
I am referring to having winbindd function in 3.0. How do I go about setting this option? Is it a smb.conf parameter? Thanks, -Marc -Original Message- From: Richard Sharpe [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2003 9:52 AM To: Marc Kaplan Cc: '[EMAIL PROTECTED]' Subject: Re: Restrict Anonymous On Thu, 6 Mar 2003, Marc Kaplan wrote: Hello list, Has anybody coded some sort of workaround for joining domains with RestrictAnonymous set? The typical behavior I see is for NT4 domains we're able to look up sequence, but never enumerate users and groups. For ADS domains, it seems that even looking up sequence from the domain fails. Are you referring to domain joining or having winbindd function. If the latter, winbindd in head and Samba 3.0.0 allows you to specify a username and password that winbindd can use to perform functions that it used to be able to do. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: Restrict Anonymous
Hi Marc, For winbindd to function, you must use wbinfo -A username%passwd to store the username and password of the user you want winbindd to use for authentication. Hope this helps, Don -Original Message- From: Marc Kaplan [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2003 11:52 To: '[EMAIL PROTECTED]' Subject: Restrict Anonymous Hello list, Has anybody coded some sort of workaround for joining domains with RestrictAnonymous set? The typical behavior I see is for NT4 domains we're able to look up sequence, but never enumerate users and groups. For ADS domains, it seems that even looking up sequence from the domain fails. I appreciate any insight. Thanks, -Marc
Re: SessionSetup_and_X with VC=0
I don't have all the answers here but I did write up some information about the intentions behind the VC number, and the problems with doing anything other than ignoring it. See: http://ubiqx.org/cifs/SMB.html#SMB.7 ...and scroll down a little. The interesting bit is probably in section 2.7.1.1. Chris -)- On Thu, Mar 06, 2003 at 04:55:50PM -0500, Peter Hurley wrote: I was following an earlier thread Samba doesn't free network resource with XP clients, and in investigating the SessionSetup_and_X handling I have a couple of questions. (I only looked at 2.2.7a (not 3.0)) 1) It appears that in reply_sesssetup_and_X(), the VC is in essence ignored. When I look at an ethereal trace of browsing from a W2k workstation, many SessionSetups are transacted for user anonymous, and *new* uids are being issued. Is not reclaiming users by tracking VCs chewing up pdb entries? Or is the uid simply being advanced without *real* resource allocation for the guest user? 2) Is it possible to have multiple child smbds servicing one W2k workstation? If so, under what conditions? I can only get it to use the same negotiated session key over and over again. Thanks, Peter Hurley -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: Joining domains specifying auth realm
On Fri, 2003-03-07 at 03:44, Ken Cross wrote: Samba-folk: I've run into a problem that I'd like to throw open for a general solution. The problem is joining an Active Directory, say AD1.COMPANY.COM, but specifying a different authentication realm for the username/password, say AD2.COMPANY.COM. For instance, this currently fails: net ads join AD1 -U username%password No matter what is specified on the command line or smb.conf (that I've found), it always tries to authenticate using [EMAIL PROTECTED]. How should we allow an alternate authentication domain be specified? Maybe: net ads join AD1 -U [EMAIL PROTECTED] or net ads join AD1 -A AD2.COMPANY.COM -U username%password Or have I missed something fundamental? If you kinit first, it should 'just work', but if you want to add the code so that we can login with -U [EMAIL PROTECTED] then this would be much appreciated! (To make it easy, just do it for kerberos logins) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Urgent help me
dear friends Our Client software used samba protocol. if firewall program disable, samba can work very well. Problem is what kind of port we have to open for samba protocol. There are ports we opened 137,138,139,445 (tcp/udp) 143,161 (tcp) but samba is not working Our DVR server used 2.0.7 version of samba in linux (slackware 7.1 , kernel 2.2.15) please can advice more dharanish _ Cricket World Cup 2003- News, Views and Match Reports. http://server1.msn.co.in/msnspecials/worldcup03/
Re: Urgent help me
On Fri, 7 Mar 2003, dharanesh dharanesh wrote: dear friends Our Client software used samba protocol. if firewall program disable, samba can work very well. Problem is what kind of port we have to open for samba protocol. There are ports we opened 137,138,139,445 (tcp/udp) 143,161 (tcp) but samba is not working Our DVR server used 2.0.7 version of samba in linux (slackware 7.1 , kernel 2.2.15) please can advice more Please use a tool like ethereal (see www.ethereal.com) to find which ports are being accessed. Then before you poke holes through your firewall, make sure that you really do want to allow uncontrolled sources access to your samba server. It could be very risky. - John T. dharanish _ Cricket World Cup 2003- News, Views and Match Reports. http://server1.msn.co.in/msnspecials/worldcup03/ -- John H Terpstra Email: [EMAIL PROTECTED]
Samba and Seq. Read ahead.
Please don't shoot me for cross posting, but I wanted to share this with everyone. Just thought you'd like to know that I've discovered a very interesting thing about AIX and Samba with respect to Sequential Read Ahead. I had been tracking a number of issues related to performance on my Samba 2.2.7a server and didn't have any issues other than lengthy profiles when I was running 4.3.3. Now that I'm at 5.1, the 32-bit and 64-bit kernel seem to do a *lot* of thinking about the history of your reading. When I realized that my cswitch was 1 and syscalls were 15 per 2 second vmstat interval, I knew I was doing some serious work, but I always seemed to have a fair amount of cpu wait. So I read *many* pages on the IBM site about tuning the VMM and none seemed to help until after some PMR's with IBM and some personal investigation. By defeating the read ahead mechanism with vmtune -r 0, our throughput has gone through the roof! Now the only thing we see is Kernel and User time no Wait at all! And the disks have been happier than ever. As I see it, we were agressively caching things that may be bumped out of memory before we ask for it since there are 550 WS's asking for roaming profiles at login time. Turns out my reads although sequential on the part of the smbd were really random in the sense that there was an onslaught of calls to the disks at one time. System is 6H1 with 6-RS64-III at 668MHz with 6GB memory. Disks are SSA 36.4 10k in 2 6+P/HS raid-5. Now it seems that single tuning has allowed Samba to work even better than it has! Also the addition of O_DIRECT and/or O_NOCACHE to the fd_open() call in source/smbd/open.c had no significant increase in performance. I thought someone might get to use this as well and share success with the Samba Team not related to a *bug*! Thanks for listening. PS: There are further tunings I'm looking into wrt to not allowing Gb ethernet interrupts to be serviced by CPU0, turns out the Gb card has a higher int service level than the system timer (so I'm told anyway) and can result in poor performance under *heavy* load. Anyone interested in that can look at bindintcpu. Bill
Problem with preexec ?
Hi there, A simple perl script creates logon batch file (%m.%u.bat) based on users name, client-machine and assigns shares based on users primary group. It is created on the netlogon share. The file can be something like this: net time \\linux /set /yes net use n: \\linux\netlogon net use h: \\linux\homes net use p: \\linux\public net use t: \\linux\tmp net use w: \\linux\Work net use n: /d /y If the user comes from Windows NT, XP or 2K, adding driver takes for ever (each drive a minute or so). Coming from Windows 9x just fails with: Error 55: The specified resource is not available. The computer that shared the resource might have been turned off, or the permissions might have been changed. For more information, contact your network administrator Setting time and adding netlogon share is without any problem. Interestingly enough, when preexec is not used, the same batch file from netlogon share works no problem whatsoever. Id like to create those batch files based on users, machine, etc. at logon time. Any help would be appreciated. Thanks. Andras Here is my configuration file. [global] workgroup = MPI netbios name = LINUX server string = MPI interfaces = 192.168.1.11/24 127.0.0.1/8 encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter OLD password* %o\n *Enter NEW password* %n\n *Reent er NEW password* %n\n *Password changed* username map = /etc/samba.d/private/smbusers log file = /var/log/samba.d/%m.log time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SN DBUF=8192 logon script = %m.%u.bat logon path = \\%N\%U\profile.%m logon drive = H: logon home = \\%L\%U\profile.%m domain logons = Yes os level = 99 preferred master = Yes domain master = Yes wins support = Yes lock dir = /var/cache/samba.d remote announce = 192.168.1.255 192.168.1.11 admin users = root ash hosts allow = 192.168.1. 127. 12.88.198. profile acls = Yes csc policy = disable root preexec = /etc/samba.d/logon.pl %u %G %L %m %a %U [homes] comment = Home path = %H valid users = %S read only = No create mask = 0770 directory mask = 0770 inherit acls = Yes guest ok = no [netlogon] comment = NetLogOn path = /etc/samba.d/netlogon browseable = No locking = No share modes = No [tmp] comment = Temp Files path = /var/tmp read only = No guest ok = Yes [profiles] path = \\%L\%H\profile.%m read only = No create mask = 0600 directory mask = 0700 [public] # path = /var/ftp/pub path = /mnt/hdc/mpi10/public read only = No create mask = 0771 directory mask = 0770 guest ok = Yes [Work] comment = Work path = /usr/local/MPI/Mpiwork valid users = @mpiw read only = No create mask = 0770 directory mask = 0770 guest ok = no [Account] comment = Account path = /usr/local/MPI/Accounting valid users = @mpia read list = @mpia write list = Arlene, ibh read only = No create mask = 0770 directory mask = 0770 guest ok = no [Corp] comment = Corp path = /usr/local/MPI/Corporate valid users = @mpic write list = Alan read only = No create mask = 0770 directory mask = 0770 guest ok = no [Mgt] comment = Mgt path = /usr/local/MPI/Management valid users = @mpim read only = No create mask = 0770 directory mask = 0770 guest ok = no
¸ßÆ·ÖÊPHP+MYSQL JSP+MYSQLÖ÷»ú,ȷʵ²»´í!
PHP+MYSQL JSP+MYSQL,! PHP JSP(http://now.net.cn/) ! 100MB popWEB, 2GCHINANET ! VDNS IP,URL,! http://now.net.cn/host ^_^ ! :2125591 2125561 [EMAIL PROTECTED] QQ: 175942002 175940641