RE: tmp files hanging around too long.
On Tue, 2003-04-01 at 10:19, MCCALL,DON (HP-USA,ex1) wrote: Hi Brad, We have noticed an extra open on files when you have 'map share modes = yes' in the smb.conf file; This causes a problem with deleting a file that you own IF the unix permissions are 0700. At least that's the symptom that came in for us; perhaps your tmp file issue is related. Can you do a testparm and see how that parameter is set on your system? testparm -v shows share modes = Yes i also have oplocks turned off for this share - maybe that's a problem... I'll mess with both settings later today... brad -- Bradley W. Langhorst [EMAIL PROTECTED]
tmp files hanging around too long.
I recently upgraded my a21 system to a22 runaway smbds seem to have disappeared. A new, less serious problem, has emerged. When a user keeps a word document open for a very long time i see a proliferation of locked temporary files (87 since yesterday) I'd like to help track down this problem but I'm not sure where to start... The logs show the the tmp files are opened and opened closed opened closed opened closed opened closed opened opened closed closed opened closed opened opened closed note that the last closed does not happen... this file is never used again - it just hangs around in the locked files is left on the disk until the program is closed. I know this looks like a word bug... but the client computers have not changed and I've only observed this phenomena since upgrading to alpha22. How can i help debug this? brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: Norton Ghost, rpc_server
On Tue, 2003-03-04 at 14:42, [EMAIL PROTECTED] wrote: Hi List! It's some time ago now that I asked wether it is possible to join a domain with a Windows 2000 client using the Norton Ghost console and Samba as pdc. I now found some info in Samba's logfiles, and so I can ask now for the feature that would be needed. on december 20th i wrote you this message... did you try what I suggested? what is still broken for you? Lars: I'm using ghost to image our desktop systems... I have it running a syspreped XP image that joins a temporary workgroup on initial load then i apply a machine specific configuration with the AI packages for that particular user, the right computer name, and joins the domain. If you have no need to specify names of computers you could easily use the sysprep commands to join the domain during the client mini-setup. (each one gets a semi-random name) To get the ghost domain joining to work I had to hack the registry and put in a user and password with permission to do domain operations. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NGServer\params there should be two Reg_SZ values Account Password with the appropriate values... best wishes! (easier than the script i think) brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: Corrupted JPEG File Names
On Thu, 2003-02-06 at 03:17, [EMAIL PROTECTED] wrote: Hello, I am setting up a music server and have run into some file corruption with Samba. Whenever I copy JPG files from either my Win2K machine or my WinXP machine, I get file corruption. take it to [EMAIL PROTECTED] have you run through diagnosis.txt? are you sure your network is setup properly? brad -- Bradley W. Langhorst [EMAIL PROTECTED]
machine names same as usernames - problems...
Since samba 2.2.8 seems to be on the way i thought i might raise this issue before release. I've seen a few users get confused by the fact that their machine name and their user name cannot be very similar adil (users) and adil$ (machine) cannot work. I think it's not good practice to have machine names and usernames be the same but i also don't think samba should fail cryptically in that situation... The usernames are different - why does this fail? I'm guessing that the $ gets stripped off somewhere but why? At minimum we should provide an explicit prohibion in the docs (doc patch for SAMBA2_2 follows) diff -u -r1.1.2.15 Samba-PDC-HOWTO.sgml --- docs/docbook/projdoc/Samba-PDC-HOWTO.sgml 28 Nov 2001 22:03:22 - 1.1.2.15 +++ docs/docbook/projdoc/Samba-PDC-HOWTO.sgml 6 Feb 2003 14:02:08 - @@ -288,6 +288,11 @@ account, and thus has no shared secret with the domain controller. /para +paraNote: Machine accounts must not have the same base names as user +accounts. eg. The machine account sambauser1$ is not allowed when +there is a regular user sambauser1. +/para + paraA Windows PDC stores each machine trust account in the Windows Registry. A Samba PDC, however, stores each machine trust account in two parts, as follows: -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: machine names same as usernames - problems...
On Thu, 2003-02-06 at 15:39, Andrew Bartlett wrote: adil (users) and adil$ (machine) cannot work. Why can't it work? I've seen this discussed a number of times, but never really been told why it doesn't work. That $ is there for exactly that reason you know - to make them different. i don't know - i probably should have said does not work instead of cannot work. I thought maybe the $ was there to identify machine accounts. I think it's not good practice to have machine names and usernames be the same but i also don't think samba should fail cryptically in that situation... Can you describe the failure please? I thought this was well known... The machine simply fails to join the domain. With a message about bad password or invalid machine account. brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: machine names same as usernames - problems... -- here's areal world NetBIOS clusterfsck ...
On Thu, 2003-02-06 at 17:28, Richard Sharpe wrote: When a workstation boots, it registers its workstation name as a NetBIOS name. Indeed, it registers several types of NetBIOS names, including a 00 name, a 03 name and, if you have enabled sharing, a 20 name. When a user tries to log on, the workstation also tries to register that user's name as a NetBIOS name, with types of 00 and 03. However, they clash with the already registered machine names. SOL. so i guess a doc patch is the way to go here... see my original post for a proposal. brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: passdb/pdb_ldap.c
On Thu, 2003-02-06 at 15:44, Robert Feldbauer wrote: I'm running the latest CVS of 3.0, getting the following error when compiling.. any insights? do you have all the libs you need on this machine? libldap stuff etc. you might try building a21 to test out your system - i know that builds with ldap support. brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: machine names same as usernames - problems...
On Thu, 2003-02-06 at 17:47, Richard Sharpe wrote: On Thu, 6 Feb 2003, Bradley W. Langhorst wrote: On Thu, 2003-02-06 at 15:39, Andrew Bartlett wrote: adil (users) and adil$ (machine) cannot work. Why can't it work? I've seen this discussed a number of times, but never really been told why it doesn't work. That $ is there for exactly that reason you know - to make them different. [...] Can you describe the failure please? I thought this was well known... The machine simply fails to join the domain. With a message about bad password or invalid machine account. Under what circumstances can't/doesn't this work? Does it not work only in the case that adil and adil$ both exist in the passwd database of the Samba server? it certainly fails in that situation. I've had less specific troubles with machines I thought you were just saying that there is no solution to this problem... When a user tries to log on, the workstation also tries to register that user's name as a NetBIOS name, with types of 00 and 03. However, they clash with the already registered machine names. SOL. I've just tested an XP machine joining to a samba3a21 domain (ldap backend) it fails with this in the log [2003/02/06 17:42:02, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(641) ldapsam_search_one_user: searching for:[((uid=bwlang$)(objectclass=sambaAccount))] [2003/02/06 17:42:03, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(641) ldapsam_search_one_user: searching for:[((uid=bwlang$)(objectclass=sambaAccount))] [2003/02/06 17:42:03, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1857) User already in the base, with samba properties [2003/02/06 17:42:03, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(2302) could not add user/computer bwlang$ to passdb. Check permissions? [2003/02/06 17:42:04, 2] smbd/server.c:exit_server(534) Closing connections the very nice descriptive error message on the client is Access is denied there was no account bwlang$ when i started there was an account bwlang. interestingly - the join created the bwlang$ account but failed nonetheless brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: Printing in Samba.
On Sat, 2003-02-01 at 07:43, Erik Jakobsen wrote: Hi. Please tell if this is the list to ask questions about printing samba. nope - ask at [EMAIL PROTECTED] brad
Re: ldap backend rejoining domain problem
I'm using the smbldap tools and have delete user script = /usr/sbin/smbldap-userdel.pl %u I don't delete the user at all. It could be a bug in your delete user script. ah - this is what i'm suggesting - that samba automatically delete the machine account when it a machine leaves the domain. I don't know if it should be via that delete user script (but i don't think it gets called during domain unjoining). The script does work okay when run at the command line. Do you think that auto-deletion of machine accounts makes sense? I think it does because you can end up with a bunch of orphan machine accounts over time as various mahcines leave the domain and rejoin under different names. brad
Re: ldap backend rejoining domain problem
On Mon, 2003-01-27 at 21:06, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 27 Jan 2003, Gerald (Jerry) Carter wrote: I have no problems joining, unjoining, and rejoining a Samab 3.0 domain (using an LDAP backend). Perhaps you could send me some logs files? I should have mentioned that this is using the latest SAMBA_3_0 cvs code. jerry - i know you've not had a chance to answer my last mail but I thought the following log excerpt might be interesting to you. The machine account was not deleted on my last test - on top of that the old machine account seems to still have the old password (i think that explains the mismatch below) [2003/01/27 22:48:50, 5] lib/util.c:dump_data(1761) [000] 36 36 61 82 90 BC FD B8 A7 17 5F 6D 59 B8 69 F3 66a. .._mY.i. [2003/01/27 22:48:50, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_session_key(61) clnt_chal: 58C1DAD55DCA026A [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_session_key(62) srv_chal : B058ECCC71090C85 [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_session_key(63) clnt+srv : 081AC7A2CED30EEF [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_session_key(64) sess_key : 8532903AE6372823 [2003/01/27 22:48:50, 4] libsmb/credentials.c:cred_create(90) cred_create [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_create(92) sess_key : 8532903AE6372823 [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_create(93) stor_cred: 58C1DAD55DCA026A [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_create(95) timecred : 58C1DAD55DCA026A [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_create(96) calc_cred: 45AE7B884A8EC8A9 [2003/01/27 22:48:50, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_assert(123) challenge : 8FAE4B1B4C05E3B3 [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_assert(124) calculated: 45AE7B884A8EC8A9 [2003/01/27 22:48:50, 5] libsmb/credentials.c:cred_assert(133) credentials check wrong [2003/01/27 22:48:50, 5] rpc_parse/parse_prs.c:prs_debug(81) 00 net_io_r_auth_2 I have the full log but it's 58K (too big for the list) let me know if you want it.
Re: group mapping and 3.0 pre21
On Fri, 2003-01-03 at 08:52, [EMAIL PROTECTED] wrote: Hi! I finally got the group mapping with smbgroupedit work fine here. The problem was that I had to fix the group type of my windows-groups on the samba-pdc. When I did a smbgroupedit -v -l, I got some groups with group type = unknow. With smbgroupedit -c (mygroup) -t d or -t l I made them local or domain groups. Now I can see and use them on the client. The next issue here is how to get my domain users into the power users on all my clients. I really don't want to do a net localgroup on all 100 client machines... But this is a Windows problem, not a samba problem. since you're using samba3 you can simply add all your power_users to a new unix group, map that unix group to a new domain group, and add the new domain group to the local power_users group on the workstations it's not a big deal for me to do that because i can just roll out a new system image with the correct group memberships... if you can't do that you might try to figure out a way to make a logon script that does what you want (i'm not sure that's possible) brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: pdbedit segfaults in SAMBA_3_0
On Tue, 2002-12-17 at 04:06, Simo Sorce wrote:
Can you send a backtrace?
Mine does not segfault (tough I'm using head not 3.0)
Simo.
simo:
how are you testing it?
I just rebuilt from SAMBA_3.0 (no debian patches or anything)
when i type pdbedit it segfaults
however if i provide a username it seems to work okay.
(which makes sense given the backtrace...)
I think it just needs this patch (or something like it that fits with how you all do
things).
diff -u -r1.39.2.7 pdbedit.c
--- utils/pdbedit.c 12 Nov 2002 23:20:49 - 1.39.2.7
+++ utils/pdbedit.c 21 Dec 2002 21:25:24 -
@@ -495,7 +495,14 @@
poptGetArg(pc); /* Drop argv[0], the program name */
if (user_name == NULL) {
- user_name = strdup(poptGetArg(pc));
+ if (poptPeekArg(pc) == NULL) {
+ fprintf(stderr, Can't use pdbedit without a username\n);
+ poptPrintHelp(pc, stderr, 0);
+ exit(1);
+ } else {
+ /*Don't try to duplicate a null string */
+ user_name = strdup(poptGetArg(pc));
+ }
}
if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
--
Bradley W. Langhorst [EMAIL PROTECTED]
joining a domain when account is already in passdb
During a recent reimaging of my desktop machines I found that logons fail with a cannot contact domain error when a freshly imaged machine tries to log in for the first time... I must delete and re-add the machine account to get it working... I assume this is because the password is now incorrect... If that's correct then shouldn't the process of joining a domain reset the machine account's password? brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: pdbedit segfaults in SAMBA_3_0
On Sat, 2002-12-21 at 16:26, Bradley W. Langhorst wrote: I think it just needs this patch (or something like it that fits with how you all do things). my patch just fixes the segfault when there are no arguments If i do pdbedit -l it segfaults again... I think maybe I'm fixing this problem the wrong way. Does the popt stuff not pull off all the arguments that it knows how to deal with (like -l)? I don't understand this well enough to fix it... brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: XP slow to print to Samba 3.0 alpha21 server
On Fri, 2002-12-20 at 15:12, Steve Langasek wrote: One additional bit of information -- I'm running the a21 that you sent me that deb patches for. It's not in heavy usage but I have not seen any problems with printing after i added the directory that the tdb's needed to be in. I'm using spoolss and only XPSP2 clients logged into the PDC (also the print server). We print probably 100p/day This server has been online in this configuration since monday with no obvious problems. brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: pdbedit segfaults in SAMBA_3_0
On Tue, 2002-12-17 at 04:06, Simo Sorce wrote:
Can you send a backtrace?
Mine does not segfault (tough I'm using head not 3.0)
Program received signal SIGSEGV, Segmentation fault.
0x400f43b0 in strdup () from /lib/libc.so.6
(gdb) bt
#0 0x400f43b0 in strdup () from /lib/libc.so.6
#1 0x0805caba in main ()
#2 0x4009a14f in __libc_start_main () from /lib/libc.so.6
maybe that helps...
looking through i see
if (user_name == NULL) {
user_name = strdup(poptGetArg(pc));
}
that looks right to me
brad
--
Bradley W. Langhorst [EMAIL PROTECTED]
extracting SID from user profile
I accidentally wiped out my /etc/samba directory during an upgrade so I restored from a backup which had a MACHINE.SID in it. now i've changed my domain SID and everything is funky. logins work but permissions are all screwed up. So i want to figure out what my SID was before the restore and switch back. I'm pretty sure that the Domain SID is stored in the user profiles but not as text. I though with richard sharpe's new reg editor i might be able to extract the SID. Suprisingly - nothing in the archives about how to get an SID out of a profile. I'm currently restoring secrets.tdb from tape and will try replacing my current secrets.tdb with the old one and run rpcclient's lsaquery to get the old sid... but that's going to take some time as the tape is not in the jukebox. thanks! brad -- Bradley W. Langhorst [EMAIL PROTECTED]
workgroup parameter missing from swat in a21
what happened to the workgroup parameter from a21's swat? is this intentionally missing or is it a bug? brad -- Bradley W. Langhorst [EMAIL PROTECTED]
pdbedit segfaults in SAMBA_3_0
it has not changed from alpha21 (which also segfaulted) a20 did not segfault i'm compiling with --with-ldapsam and --with-tdbsam tried both with and without steve's latest debian patches. as noted in the last check in (a month ago) Removed global_myworkgroup, global_myname, global_myscope. Added liberal dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. pdbedit -h shows help normally pdbedit -l segfaults pdbedit -b (tried all combinations of ldap ldapsam unix unixsam tdb tdbsam all segfault) here's my entire ./configure line in case you're interested --with-fhs \ --prefix=/usr \ --sysconfdir=/etc \ --libdir=/etc/samba \ --with-privatedir=/etc/samba \ --localstatedir=/var \ --with-netatalk \ --with-smbmount \ --with-pam \ --with-syslog \ --with-sambabook \ --with-utmp \ --with-readline \ --with-pam_smbpass \ --with-libsmbclient \ --with-winbind \ --with-msdfs \ --with-automount \ --with-acl-support \ --with-tdbsam \ --with-ldapsam I can compile a20 with a similar ./configure and don't see the pdbedit segfault brad -- Bradley W. Langhorst [EMAIL PROTECTED]
strange location for printing/*.tdb in latest
the printing tdbs are ending up in /var/run/samba/printing seems like those should be in cache... its not a problem with the rules file LOCKDIR is getting set to /var/cache/samba PIDDIR is /var/run/samba i don't understand what is happening with tdb files in printing.c so I don't now how to track this down further... brad -- Bradley W. Langhorst [EMAIL PROTECTED]
RE: runaway processes in 3.0a20
On Wed, 2002-12-11 at 16:42, Esh, Andrew wrote: Maybe have a look at /proc/17206 (or whatever PID is at the top of top), and see what is in the fd directory. the only unusual thing in there is /var/cache/samba/printing/.tdb here's the whole list: rwx--1 root root 64 Dec 13 09:28 0 - /dev/null lrwx--1 root root 64 Dec 13 09:28 1 - /dev/null lrwx--1 root root 64 Dec 13 09:28 10 - /var/run/samba/namecache.tdb lrwx--1 root root 64 Dec 13 09:28 11 - /var/run/samba/brlock.tdb lr-x--1 root root 64 Dec 13 09:28 12 - pipe:[22422712] l-wx--1 root root 64 Dec 13 09:28 13 - pipe:[22422712] lrwx--1 root root 64 Dec 13 09:28 14 - socket:[22423024] lrwx--1 root root 64 Dec 13 09:28 15 - /var/run/samba/locking.tdb lrwx--1 root root 64 Dec 13 09:28 16 - /var/cache/samba/printing/printers.tdb lrwx--1 root root 64 Dec 13 09:28 17 - /var/spool/samba/smbprn.0200.I6wwkb lrwx--1 root root 64 Dec 13 09:28 18 - /var/cache/samba/printing/lab_nec_unix.tdb lrwx--1 root root 64 Dec 13 09:28 19 - /var/cache/samba/printing/lab_phaser.tdb l-wx--1 root root 64 Dec 13 09:28 2 - /var/log/samba/log.smbd.jon kingsbury lrwx--1 root root 64 Dec 13 09:28 20 - /var/cache/samba/printing/Lexmark212.tdb lrwx--1 root root 64 Dec 13 09:28 21 - /var/lib/samba/ntdrivers.tdb lrwx--1 root root 64 Dec 13 09:28 22 - /var/lib/samba/ntprinters.tdb lrwx--1 root root 64 Dec 13 09:28 23 - /var/lib/samba/ntforms.tdb lrwx--1 root root 64 Dec 13 09:28 24 - /var/lib/samba/share_info.tdb lrwx--1 root root 64 Dec 13 09:28 25 - /var/lib/samba/registry.tdb lrwx--1 root root 64 Dec 13 09:28 26 - /var/lib/samba/netlogon_unigrp.tdb l-wx--1 root root 64 Dec 13 09:28 27 - /var/log/samba/log.smbd.hostname lrwx--1 root root 64 Dec 13 09:28 28 - socket:[22423025] lr-x--1 root root 64 Dec 13 09:28 29 - pipe:[22423026] l-wx--1 root root 64 Dec 13 09:28 3 - pipe:[2248] l-wx--1 root root 64 Dec 13 09:28 30 - pipe:[22423026] lrwx--1 root root 64 Dec 13 09:28 31 - socket:[22423064] lrwx--1 root root 64 Dec 13 09:28 32 - /var/lib/samba/group_mapping.tdb lrwx--1 root root 64 Dec 13 09:28 33 - /var/run/samba/sessionid.tdb lrwx--1 root root 64 Dec 13 09:28 35 - /var/cache/samba/printing/.tdb lr-x--1 root root 64 Dec 13 09:28 4 - /dev/urandom lrwx--1 root root 64 Dec 13 09:28 5 - /var/lib/samba/secrets.tdb lrwx--1 root root 64 Dec 13 09:28 6 - /var/lib/samba/account_policy.tdb l-wx--1 root root 64 Dec 13 09:28 7 - /var/run/samba/smbd.pid lrwx--1 root root 64 Dec 13 09:28 8 - /var/run/samba/messages.tdb lrwx--1 root root 64 Dec 13 09:28 9 - /var/run/samba/connections.tdb If you have debug symbols, you could also attach with gdb and do a stack backtrace, just to see where it is. Also single step a little to find out where the loop is being closed, and on what condition. here's the backtrace (gdb) where #0 0x08173b28 in rap_to_pjobid () #1 0x081750f4 in print_job_exists () #2 0x0807e638 in reply_trans () #3 0x080810e0 in api_reply () #4 0x080790c3 in send_trans_reply () #5 0x08079958 in reply_trans () #6 0x080a5b0e in respond_to_all_remaining_local_messages () #7 0x080a5bae in respond_to_all_remaining_local_messages () #8 0x080a5df3 in process_smb () #9 0x080a66c7 in smbd_process () #10 0x0807044f in main () #11 0x400e814f in __libc_start_main () from /lib/libc.so.6 I found a panic in the log for this one... [2002/12/12 17:11:38, 2] lib/access.c:check_access(327) Allowed connection from (132.177.45.114) [2002/12/12 17:11:38, 0] lib/fault.c:fault_report(36) === [2002/12/12 17:11:38, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 20669 (2.999+3.0.alpha20-4 for Debian) Please read the file BUGS.txt in the distribution [2002/12/12 17:11:38, 0] lib/fault.c:fault_report(39) === [2002/12/12 17:11:38, 0] lib/util.c:smb_panic(1151) PANIC: internal error [2002/12/12 17:11:38, 2] passdb/pdb_ldap.c:ldapsam_open_connection(267) ldap_open_connection: connection opened looks like something in the printing area? brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: samba 3.0 pre 21: group mapping and private groups?
On Thu, 2002-12-12 at 14:38, Lars O. Grobe wrote: Hi! I have samba 3.0 pre21 here, and a private groups installation, meaning that every user has an own group named like the user's login (user ONEUSER has primary group ONEUSER). I have used smbgroupedit to map my unix group users to the power users group (it's a shame, almost all windows applications require users having power users' rights). But now, if I log into my samba-controlled domain, log.smbd tells me that the user's primary group is not a NT-group and that NT doesn't like this ;-) i reported a couple of days ago that this message is printed even when the user's primary group IS a domain group. so far I've not seen any ill effects as a result. I'm beginning to think the error message is bogus. brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: samba 3.0 pre21:joining domain with windows 2000
On Thu, 2002-12-12 at 15:49, Lars O. Grobe wrote: Do the newer alphas store machine account infomation in the tdb per default? Do I have to define a passdb backend = tdbsam? So far I kept anything in smbpasswd, while I also had a secrets.tdb without really knowing why... ;-) I think the machine accounts will be stored in whatever passdb backend is listed first. sounds like you need it to be smbpasswd_nua unixsam. do you see the new machine account in smbpasswd? btw, what should I do if I don't want to use the root user to join the domain...? use the admin users param brad -- Bradley W. Langhorst [EMAIL PROTECTED]
RE: runaway processes in 3.0a20
RDONLY EXCLUSIVE+BATCH path_replaced10-100-7.5/121102/1B.001 Wed Dec 11 09:03:02 2002 19910 DENY_DOS 0x1 RDONLY EXCLUSIVE+BATCH path_replaced10-100-7.5/BlackboxPrototype/121102/2N.001 Wed Dec 11 09:05:59 2002 19910 DENY_NONE 0x1 RDONLY EXCLUSIVE+BATCH path_replaced10-100-7.5/BlackboxPrototype/121102/2N.001 Wed Dec 11 09:05:59 2002 19895 DENY_DOS 0x1 RDONLY EXCLUSIVE+BATCH path_replaced10-100-7.5/121102/1N.001 Wed Dec 11 09:03:04 2002 19895 DENY_NONE 0x1 RDONLY EXCLUSIVE+BATCH path_replaced10-100-7.5/121102/1N.001 Wed Dec 11 09:03:04 2002 here is the output of the first few lines of top PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 17206 sfchase 19 0 2932 2932 1964 R97.8 0.7 39:02 smbd 17753 root 9 0 900 900 660 S 0.9 0.2 8:56 top 19848 root 13 0 904 904 668 R 0.9 0.2 0:00 top 14394 root 9 0 1548 1548 800 S 0.1 0.4 0:25 nmbd 1 root 8 0 480 480 416 S 0.0 0.1 0:14 init so it looks like 17206 is a runaway... hostname:~# strace -p 17206 hostname:~# kill -HUP 17206;strace -p 17206 --- SIGSTOP (Stopped (signal)) --- hostname:~# kill 17206;strace -p 17206 --- SIGSTOP (Stopped (signal)) --- hostname:~# kill -9 17206;strace -p 17206 +++ killed by SIGKILL +++ not very interesting output from strace... am I doing something wrong? thanks brad --Original Message-- From: Bradley W. Langhorst [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 10:47 AM To: [EMAIL PROTECTED] Subject: runaway processes in 3.0a20 I just installed the debian a20 packages (thanks steve and eloy) i'm posting to technical because it's about an alpha releas Once or twice a day i have to kill runaway processes (-9 required) they seem to as much cpu as is available I just saw one client with three connections to the server 1 was acting normally and the other two were runaway. before I go searching too deeply I'd like to eliminate a local misconfiguration or packaging problem... has anyone else seen this? i'll try to reproduce in a21 or 3.0's head if nobody has an idea about this... brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- Bradley W. Langhorst [EMAIL PROTECTED]
runaway processes in 3.0a20
I just installed the debian a20 packages (thanks steve and eloy) i'm posting to technical because it's about an alpha releas Once or twice a day i have to kill runaway processes (-9 required) they seem to as much cpu as is available I just saw one client with three connections to the server 1 was acting normally and the other two were runaway. before I go searching too deeply I'd like to eliminate a local misconfiguration or packaging problem... has anyone else seen this? i'll try to reproduce in a21 or 3.0's head if nobody has an idea about this... brad -- Bradley W. Langhorst [EMAIL PROTECTED]
typo in Makefile.in
s/CONFIGFIR/CONFIGDIR/ brad -- Bradley W. Langhorst [EMAIL PROTECTED]
spurrious 'primary gid of user [bwlang] is not a Domain group !'
this is in samba3a20 and 3a21 with ldap_nua sam backend get this spurrious message in the logs [2002/12/08 01:12:01, 0] rpc_server/srv_util.c:get_domain_user_groups(342) get_domain_user_groups: primary gid of user [bwlang] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that that's bs: groups bwlang says: bwlang : labusers power_users src smbgroupedit -l |grep labusers -4 says: Privilege : No privilege Domain Users SID : S-1-5-21-1995982474-3671514283-3045899775-513 Unix group: labusers Group type: Domain group Comment : Privilege : No privilege dunno if this matters but it looks like a bug to me... (this was also reported by sambaguy in [EMAIL PROTECTED] with no responses) brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: DOMAIN SID
On Thu, 2002-11-28 at 11:38, [EMAIL PROTECTED] wrote: Hi ! Where the DOMAIN SID is stored when the LDAP backend is used ? it's in one of the tdb files... if you put a text file MACHINE.SID in your conf area it still gets imported (if i remember correctly) brad -- Bradley W. Langhorst [EMAIL PROTECTED]
ldap_nua requires guest exist and have rid 501?
Is that statement true? if so why? I've just tried an upgrade to 3.0a20 and domain logons stopped working for me. a downgrade restores functionality im using passdb backend = ldapsam_nua:ldap://.../ and i have this line in my smbusers file nobody = guest pcguest smbguest does this have something to do with this? - Always make guest rid 501 (abartlet) brad
Re: WindowsXP Pro. can't acccess to SAMBA act as PDC!!
On Tue, 2002-11-05 at 22:09, werachat sittiparsong wrote: this is not samba support this is samba-technical (for technical discussion about samba internals) this message belongs on [EMAIL PROTECTED] Dear Samba support so i've provided Samba act as PDC for Domain logon from Windows98SE clients for logon to that domian,itz work ass well but for my problem with WindowXP Pro. can't logon through SAMBA act as PDC. this is probably the signorseal problem you need to apply the reg file to your xp clients. google for signorseal for more info brad
Re: [PATCH] security hole in Samba 3.0 start tls handling
On Fri, 2002-11-01 at 09:48, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 30 Oct 2002, Andrew Bartlett wrote: No, no more than you can indicate SASL preferences in a URL. You *could* embed this information in a URI string, but there would be nothing particularly standard about this, and the LDAP libraries are unlikely to understand them -- so Samba will still have to parse these components out of the URL and handle them directly. That's fine then - but you can put quite a bit in that URL. (Like bind dn, search suffix and quite a few other things). No. Having a non-standard LDAP URI would be a bad thing. Too confusing to administer. Please do not do this. Find another way to specifiy start tls that extending the LDAP URI format (unless you want to get it through the LDAPbis WG). Maybe samba is the wrong end to enforce security... You can force tls mode on the ldap server end with a by ssf clause. Actually it's probably a disadvantage to use tls on a localhost ldap server. Why not have samba try tls mode if the ldapserver is not localhost and fall back if it can't do it? Maybe printing a warning to the logs? No config needed in this situation. That much smartness might be undesireable - in which case ldap ssl could be changed to ldap tls [yes, no] and a url of ldaps would mean SSL on port 636 brad
Re: Domain login from windows XP Version 5.1 SP1
take this to [EMAIL PROTECTED] is samba doing winbind or using security=domain? are your profiles stored on the PDC? brad On Thu, 2002-10-24 at 15:27, Lars Madsen wrote: Hi I have just upgraded a previous (I don't have the versione number any more) XP to XP version 5.1 (and later to SP1) Both are the professional danish version. With the previous XP I could join the XP machine to the domain, and efter setting requiresignorseal to 0, I could log on to the domain, everything was fine. But when I use XP 5.1 I can still join the domain, but now I can't login any more. I have checked and double check the registry setting, but i looks as if changing the setting has no effect. I run Mandrake 9.0 and I have tried both 2.2.6 and 2.2.5 none of them worked. Is it possible that MS has made som changes to the newer XP versions that samba does not handle? Can I see in the log files if anything changes when I change signorseal ? Which logfiles at which level do you need? Kind regards Lars L. Madsen
RE: Domain Admins - Plz help!
On Mon, 2002-10-14 at 16:29, Irving Carrion wrote: Sorry, I found the file group_mapping.tdb. You were right Simply deleting the old group_mapping.tdb file and restarting samba did the trick. Thanks! IRV wow - i never would have thought of a corrupt tdb... what tipped you off metze? brad
RE: [Samba] Desktop.ini and samba - Please comment
On Wed, 2002-07-31 at 18:26, Javid Abdul-AJAVID1 wrote: thanks but why do you think samba is looking for it well it's not samba - it's windows that is looking for the file... windows says - give me a file - samba says i don't have that file... brad -Original Message- From: Bradley W. Langhorst [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 31, 2002 5:22 PM To: Javid Abdul-AJAVID1 Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] Desktop.ini and samba - Please comment the desktop.ini is the file that stores the folder view settings. you can disable it by turning off the UI checkbox that says remember each folder's settings. i think it is not your problem. brad On Wed, 2002-07-31 at 18:04, Javid Abdul-AJAVID1 wrote: I was just wondering why does samba look for Desktop.ini when i am mapping to my home directory from w2k running samba 2.2.5 on sol2.6 , client is w2k am troubleshooting an weird issue where am not able to see all my unix home directory files on w2k log level10 is showing me that samba is looking for Desktop.ini could this be cousing something weired. thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: smbclient and ip address
I don't know the answer to this one but you might get more responses from [EMAIL PROTECTED] brad On Tue, 2002-08-27 at 07:25, Geeta Singh wrote: I am not able to use ip address in servername instead of netbios name, like smbclient //10.3.1.90/tvs1 -P -N It gives error: session request to *SMBSERVER failed (Called name not present) but when I use server netbios name instead of IP address it gets connected successfully. How can I connect to a server through smbclient if I know only the ip address of the server? Thanks in advance.
Re: WINS proxy
Do you mean add them to lmhosts? no - not lmhosts WINS set up the clients to use a WINS server (your samba box) it is on the network properties page. why would you change your domain master browser very often? Ok, this may be will work, but: 1. Clients sometimes changes their name (and workgroup) 2. What I should do with LMB, DMB? - it is changed VERY often, because clients are often do poweroff, reset. - and Samba cannot be LMB for all of workgroups. this doesn't belong on samba-technical now people on samba may be able to provide you a more step-by-step description of how to set up WINS. brad
Re: Undocumented smb.conf
I have a perl script that does this check (by comparing the smb.conf parsing code to the docbook stuff) Maybe somebody could put it into the release checking list? brad On Mon, 2002-08-19 at 13:30, Simo Sorce wrote: On Mon, 2002-08-19 at 09:55, Jelmer Vernooij wrote: Hi, I've done some work trying to figure out what smb.conf options in HEAD are currently not documented. Here they are: add group script add user to group script admin log ads server alternate permissions block size delete group script delete user from group script display charset hide unwriteable ok this one is the same as hide unreadable, but hides files you cannot write to. As always it only hides them so if you know the name you will be able to access them. hostname lookups mangling method This one make you able to select which mangling method is available Currently we have 'hash' and 'hash2' 'hash' is the old samba 2.2 compatible mangling algorithm 'hash2' (the default) is the new much better mangling algorithm max packet name cache timeout ntlm auth paranoid server security realm smb ports unicode unix charset wins partners disable netbios dos charset packet size vfs path wtmp directory Please either document them or send me a clue about what they should do so that I can document them. jelmer -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399
Re: Undocumented smb.conf
here it is...
just run it in the root of the cvs tree.
brad
On Mon, 2002-08-19 at 14:53, Jelmer Vernooij wrote:
Could you send it ? I'm interested since I now had to do it by hand..
jelmer
I have a perl script that does this check (by comparing the smb.conf
parsing code to the docbook stuff)
Maybe somebody could put it into the release checking list?
brad
On Mon, 2002-08-19 at 13:30, Simo Sorce wrote:
On Mon, 2002-08-19 at 09:55, Jelmer Vernooij wrote:
Hi,
I've done some work trying to figure out what smb.conf options in HEAD
are currently not documented. Here they are:
add group script
add user to group script
admin log
ads server
alternate permissions
block size
delete group script
delete user from group script
display charset
hide unwriteable
ok this one is the same as hide unreadable, but hides files you cannot
write to. As always it only hides them so if you know the name you will
be able to access them.
hostname lookups
mangling method
This one make you able to select which mangling method is available
Currently we have 'hash' and 'hash2'
'hash' is the old samba 2.2 compatible mangling algorithm
'hash2' (the default) is the new much better mangling algorithm
max packet
name cache timeout
ntlm auth
paranoid server security
realm
smb ports
unicode
unix charset
wins partners
disable netbios
dos charset
packet size
vfs path
wtmp directory
Please either document them or send me a clue about what they should
do so that I can document them.
jelmer
--
Simo Sorce - [EMAIL PROTECTED]
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
--
Jelmer Vernooij [EMAIL PROTECTED] - http://nl.linux.org/~jelmer/
Development And Underdevelopment: http://library.thinkquest.org/C0110231/
Listening to Error: The server (moosicd) doesn't seem to be running.
20:52:41 up 4 days, 19:17, 5 users, load average: 0.04, 0.01, 0.00
#!/usr/bin/perl -w
#reads in the list of parameters from the source
#compares this list to the list of parms documented in the docbook source
#prints out the names of the parameters that are in need of documentation
my $doc_file = ./docs/docbook/manpages/smb.conf.5.sgml;
my $source_file = ./source/param/loadparm.c;
my $ln;
my %params;
open(SOURCE, $source_file) ||
die Unable to open $source_file for input: $!\n;
open(DOC, $doc_file) ||
die Unable to open $doc_file for input: $!\n;
while ($ln= SOURCE) {
last if $ln =~ m/^static\ struct\ parm_struct\ parm_table.*/;
} #burn through the preceding lines
while ($ln = SOURCE) {
last if $ln =~ m/^\s*\}\;\s*$/;
#pull in the param names only
next if $ln =~ m/.*P_SEPARATOR.*/;
$ln =~ m/.*\(.*)\.*/;
$params{lc($1)}='not_found'; #not case sensitive
}
close SOURCE;
#now read in the params list from the docs
@doclines = DOC;
foreach $ln (grep (/\anchor\ id\=/, @doclines)) {
$ln =~ m/^.*\anchor\ id\=\.*\\\s*(?:\.*?\)*\s*(.*?)(?:\s*\(?[S,G]?\)?\s*(\\/term\)?){1}\s*$/;
#print got: $1 from: $ln;
if (exists $params{lc($1)}) {
$params{$1} = 'found';
}
}
foreach (keys %params) {
print $_\n if $params{$_} eq 'not_found';
}
Re: smbgroupedit patch
Here's an updated patch that implements a
-c group name -r to do dissociation
it also cleans up a couple of doc issues
I'm not sure if you'll like the null_group trick i used
but it seemed better than allocating an fstring
and modifying the arguments being passed to changegroup.
let me know if you want some changes...
brad
On Fri, 2002-08-09 at 19:43, Andrew Bartlett wrote:
Bradley W. Langhorst wrote:
I propose the following changes to smbgroupedit in HEAD
to keep others from getting burned as I did by a
subtle change of group type during a unix association
I can't believe how long it took me to figure out why my
my groups weren't showing up.
Index: source/utils/smbgroupedit.c
===
RCS file: /cvsroot/samba/source/utils/smbgroupedit.c,v
retrieving revision 1.21
diff -u -r1.21 smbgroupedit.c
--- source/utils/smbgroupedit.c 20 Jul 2002 12:03:11 - 1.21
+++ source/utils/smbgroupedit.c 13 Aug 2002 18:20:06 -
-49,12 +49,14
printf( -v list groups\n);
printf(-l long list (include details)\n);
printf(-s short list (default)\n);
- printf( -c SID change group\n);
+ printf( -c [SID|group] change group\n);
printf( -u unix group\n);
printf( -d descriptiongroup description\n);
- printf( -x group delete this group\n);
+ printf( -rremove unix-nt group mapping\n);
+ printf( -t[b|d|l] type: builtin, domain, local \n);
+ printf( -x [SID|group] delete this group\n);
printf(\n);
- printf(-t[b|d|l] type: builtin, domain, local \n);
+
exit(1);
}
-143,36 +145,43
/* Get the current mapping from the database */
if(!get_group_map_from_sid(sid, map, MAPPING_WITH_PRIV)) {
- printf(This SID does not exist in the database\n);
+ printf(This SID does not exist in the database: %s\n, sid_string);
return -1;
}
/* If a new Unix group is specified, check and change */
if (group!=NULL) {
+ if (strncmp(group,-1, strlen(group)) == 0){
+ printf(Dissociating unix groups from ntgroup: %s\n, map.nt_name);
+ map.gid=-1; /*dissociate the unix group*/
+ } else {
gid=nametogid(group);
if (gid==-1) {
- printf(The UNIX group does not exist\n);
+ printf(The UNIX group: %s does not exist\n, group);
return -1;
} else
map.gid=gid;
+ }
}
/*
* Allow changing of group type only between domain and local
* We disallow changing Builtin groups !!! (SID problem)
*/
- if (sid_type==SID_NAME_ALIAS
- || sid_type==SID_NAME_DOM_GRP
- || sid_type==SID_NAME_UNKNOWN) {
- if (map.sid_name_use==SID_NAME_ALIAS
- || map.sid_name_use==SID_NAME_DOM_GRP
- || map.sid_name_use==SID_NAME_UNKNOWN) {
- map.sid_name_use=sid_type;
+ /* Since we're changing a group we should really keep the
+ * old type unless the user explicitly specified a new type.
+ * It is not possible to specify the UNKNOWN type
+ */
+ if (sid_type != SID_NAME_UNKNOWN) {
+ if (sid_type != SID_NAME_WKN_GRP) {
+ if (map.sid_name_use !=SID_NAME_WKN_GRP) {
+map.sid_name_use=sid_type;
+ } else {
+printf(cannot change group type from builtin\n);
+ };
} else {
printf(cannot change group type to builtin\n);
- };
- } else {
- printf(cannot change group type from builtin\n);
+ }
}
if (ntgroup!=NULL)
-267,13 +276,16
BOOL priv = False;
BOOL group_type = False;
BOOL long_list = False;
-
+ BOOL unix_group = False;
+ BOOL remove_mapping = False;
+
char *group = NULL;
char *sid = NULL;
char *ntgroup = NULL;
char *privilege = NULL;
char *groupt = NULL;
char *group_desc = NULL;
+ char *null_group = -1;
enum SID_NAME_USE sid_type;
-312,7 +324,7
return 0;
}
- while ((ch = getopt(argc, argv, a:c:d:ln:p:st:u:vx:)) != EOF) {
+ while ((ch = getopt(argc, argv, a:c:d:ln:p:st:u:vx:r)) != EOF) {
switch(ch) {
case 'a':
add_group = True;
-344,6 +356,7
groupt=optarg;
break;
case 'u':
+ unix_group = True;
group=optarg;
break;
case 'v':
-353,23 +366,47
delete_group = True;
group=optarg;
break;
+ case 'r':
+ remove_mapping = True;
+ break;
/*default:
usage();*/
}
}
- if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) 1) {
+ if (((add_group?1:0) +
+ (view_group?1:0) +
+ (change_group?1:0) +
+ (delete_group?1:0)) 1) {
fprintf (stderr, Incompatible options on command line!\n);
usage();
exit(1);
}
-
- /* no option on command line - list groups */
- if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) == 0)
- view_group = True;
-
+ if (change_group) {
+ if (((remove_mapping?1:0)+
+ (delete_group?1:0)+
+ (unix_group?1:0)) 1 ){
+ fprintf(stderr, Group deletion (-x), removal of mapping (-r), and unix-NT group mapping
Re: smbgroupedit patch
On Fri, 2002-08-09 at 19:43, Andrew Bartlett wrote:
Bradley W. Langhorst wrote:
I propose the following changes to smbgroupedit in HEAD
to keep others from getting burned as I did by a
subtle change of group type during a unix association
I can't believe how long it took me to figure out why my
my groups weren't showing up.
Yes, the tools isn't the most intuitive - and that's *after* I allowed
SIDs to be specified by name...
I wasn't trying to make a comment about the tool - more about my own
shortcoming... I think it is pretty intuitive now, just that little
quirk about reverting to unknown group type was tough.
- if (sid_type != SID_NAME_UNKNOWN) {
- if (sid_type != SID_NAME_WKN_GRP) {
Why not just do an explict test on type builtin then...
i thought that was a test on builtin groups...
i screwed the direction of that diff up though so maybe that was
confusing.
/* If a new Unix group is specified, check and change */
if (group!=NULL) {
+ if (strncmp(group,-1, strlen(group)) == 0){
+ printf(Dissociating unix groups from ntgroup: %s\n,
map.nt_name);
+ map.gid=-1; /*dissociate the unix group*/
Looks like a good idea - but we might to better to just have an option
to 'disassociate'.
i thought about that but I wasn't sure how to fit it in
maybe a -c group name -d option?
+ printf(The UNIX group: s does not exist\n,
group);
Did you actually compile this? That looks like an aperstand to me, not
a % (percentage, format qualifier...).
ack that's a typo
it does compile but just prints out s instead of users, forgot to
test that bit of code
brad
Re: smbgroupedit patch
I propose the following changes to smbgroupedit in HEAD
to keep others from getting burned as I did by a
subtle change of group type during a unix association
I can't believe how long it took me to figure out why my
my groups weren't showing up.
brad
note: these diffs may be a little funky because I can't get access to
pserver.samba.org so I'm diffing against local copies
--- smbgroupedit.c Fri Aug 9 14:46:38 2002
+++ /home/bitc_home/bwlang/devel/samba-3.0a/source/utils/smbgroupedit.c
Thu Aug 8 18:36:53 2002
-161,20 +161,18
* Allow changing of group type only between domain and local
* We disallow changing Builtin groups !!! (SID problem)
*/
- /* Since we're changing a group we should really keep the
-* old type unless the user explicitly specified a new type.
-* It is not possible to specify the UNKNOWN type
-*/
- if (sid_type != SID_NAME_UNKNOWN) {
- if (sid_type != SID_NAME_WKN_GRP) {
- if (map.sid_name_use !=SID_NAME_WKN_GRP) {
- map.sid_name_use=sid_type;
+ if (sid_type==SID_NAME_ALIAS
+ || sid_type==SID_NAME_DOM_GRP
+ || sid_type==SID_NAME_UNKNOWN) {
+ if (map.sid_name_use==SID_NAME_ALIAS
+ || map.sid_name_use==SID_NAME_DOM_GRP
+ || map.sid_name_use==SID_NAME_UNKNOWN) {
+ map.sid_name_use=sid_type;
} else {
- printf(cannot change group type from builtin\n);
+ printf(cannot change group type to builtin\n);
};
- } else {
- printf(cannot change group type to builtin\n);
- }
+ } else {
+ printf(cannot change group type from builtin\n);
}
if (ntgroup!=NULL)
and here's a reminder for the doc file
---
/home/bitc_home/bwlang/devel/samba-3.0a/docs/textdocs/GROUP-MAPPING-HOWTO.txt
Thu Aug 8 18:34:58 2002
+++ docs/textdocs/GROUP-MAPPING-HOWTO.txt Fri Aug 9 15:04:47 2002
-58,3 +58,6
smbgroupedit -v
+
+Don't forget that you must set the type of any new groups to Domain for
them to show up in the NT user manager.
+ smbgroupedit -c group_name -td
here's an addition to dissociate groups
--- ../../samba-3.0a18/source/utils/smbgroupedit.c Fri Jun 7
10:33:33 2002
+++ utils/smbgroupedit.cFri Aug 9 15:27:49 2002
-147,30 +149,37
/* If a new Unix group is specified, check and change */
if (group!=NULL) {
+ if (strncmp(group,-1, strlen(group)) == 0){
+ printf(Dissociating unix groups from ntgroup: %s\n,
map.nt_name);
+ map.gid=-1; /*dissociate the unix group*/
+ } else {
gid=nametogid(group);
if (gid==-1) {
- printf(The UNIX group does not exist\n);
+ printf(The UNIX group: s does not exist\n,
group);
return -1;
} else
map.gid=gid;
+ }
}
Re: [Fwd: CVS update: samba/source/registry]
dunno what's up with samba-technical today...
I've got it working now.
(can't get a diff since cvs.samba.org is down just now)
probably this is the wrong fix but it does work.
line 790 of groupdb/mapping.c
/* list only the type or everything if UNKNOWN */
if (sid_name_use!=SID_NAME_UNKNOWN
sid_name_use!=map.sid_name_use
map.sid_name_use!=SID_NAME_UNKNOWN) {
the right fix is probably in the reading or writing to the tdb
here is my debug log
enum_group_mapping: group power_users is not of the requested type
[2002/08/09 13:38:24, 11] groupdb/mapping.c:enum_group_mapping(792)
sid_name_use: 2
[2002/08/09 13:38:24, 11] groupdb/mapping.c:enum_group_mapping(793)
map.sid_name_use = 8
[2002/08/09 13:38:24, 11] groupdb/mapping.c:enum_group_mapping(791)
enum_group_mapping: group Domain Admins is not of the requested type
[2002/08/09 13:38:24, 11] groupdb/mapping.c:enum_group_mapping(792)
sid_name_use: 2
[2002/08/09 13:38:24, 11] groupdb/mapping.c:enum_group_mapping(793)
map.sid_name_use = 8
[2002/08/09 13:38:24, 11] groupdb/mapping.c:enum_group_mapping(799)
enum_group_mapping: group Domain Guests is non mapped
[2002/08/09 13:38:24, 11] groupdb/mapping.c:enum_group_mapping(791)
enum_group_mapping: group Account Operators is not of the requested
type
[2002/08/09 13:38:24, 11] groupdb/mapping.c:enum_group_mapping(792)
sid_name_use: 2
note that my mapped groups are of type 8 (SID_NAME_UNKNOWN)
and the Domain Guest group (which is not mapped)
is type 2
i'll be looking in smbgroupedit for the bug (maybe you or somebody else
will find it first though)
brad
Re: samba-3.0 cvs: joining the domain with win2000
i've just been messing with this for XP joining (maybe 2k is similar) don't forget to turn of spnego and apply the signorseal fix to the client i also had problems with head trying to create machine accounts that were already in the ldap db or trying to create them twice. i spent a bit of time going through the logs at level 3 to get things running. I did not have to do the smbgroupedit thing (though groups are not working for me at all at the moment) brad On Fri, 2002-08-02 at 12:36, [EMAIL PROTECTED] wrote: Hi! I still don't get it... I just updated my cvs, recompiled... and I still can't get my machines join the domain. I have both add machine and add user script defined, and the machines which already are in the domain work. Older versions of samba needed root in the domain admins group. As this parameter is gone... do I have to add root to the Domain Admins windows-group? E.g. smbgroupedit -c Domain Admins -u root? Is there anyone outside able to join the samba-3-controlled domain with a windows 2000 client? Thank you, CU, Lars. (BTW: it would be nice if you send a copy of your reply directly to my email, as I didn't get all the list's traffic in the last days, and always browsing the online archives is quite bad... ;-) -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
cannot enum domains in head - BUFFER_OVERFLOW in log
I'm trying to get domain group mapping to work on my test domain (today's HEAD) but when I query the domain controller from an XP client for groups i get no results. So i thought i'd try rpcclient to do a enumdomgroups - NT_STATUS_UNSUCCESSFUL (see below) smbgroupedit shows a bunch of groups. I don't know what most of those with truncated SIDs are doing in there (and i can't delete them...) but the Domain Guests, Domain Users, and Domain Admins should show up right? unheq1:/var/log/samba# smbgroupedit -vs NT group (SID) - Unix group System Operators (S-1-5-32-549) - -1 Domain Users (S-1-5-21-1995982474-3671514283-3045899775-513) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Domain Admins (S-1-5-21-1995982474-3671514283-3045899775-512) - -1 Domain Guests (S-1-5-21-1995982474-3671514283-3045899775-514) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 I've just cleared out /var and reimported my SID from MACHINE.SID and added the ldap admin password to be sure it was not an invalid tdb problem. unheq1:/var/log/samba# rpcclient -U root unheq1 Password: rpcclient $ lsaquery domain LAUELAB_TEST has sid S-1-5-21-1995982474-3671514283-3045899775 rpcclient $ enumdomgroups result was NT_STATUS_UNSUCCESSFUL here is a level 10 log excerpt [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint32s(838) 0044 sub_auths : 0015 76f8468a dad6dcab b58cbdff [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_ntstatus(641) 0054 status: NT_STATUS_OK [2002/08/01 19:59:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(1206) api_rpcTNP: called api_ntlsa_rpc successfully [2002/08/01 19:59:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(548) free_pipe_context: destroying talloc pool of size 512 [2002/08/01 19:59:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(880) write_to_pipe: data_used = 30 [2002/08/01 19:59:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(911) read_from_pipe: 76a7 name: lsarpc len: 46 [2002/08/01 19:59:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(984) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(p-out_data.rdata) = 88. [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 00 smb_io_rpc_hdr hdr [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint8(553) major : 05 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint8(553) 0001 minor : 00 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint8(553) 0002 pkt_type : 02 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint8(553) 0003 flags : 03 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint8(553) 0004 pack_type0: 10 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint8(553) 0005 pack_type1: 00 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint8(553) 0006 pack_type2: 00 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint8(553) 0007 pack_type3: 00 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint16(582) 0008 frag_len : 0070 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint16(582) 000a auth_len : [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint32(611) 000c call_id : 0003 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_debug(81) 10 smb_io_rpc_hdr_resp resp [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint32(611) 0010 alloc_hint: 0058 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint16(582) 0014 context_id: [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint8(553) 0016 cancel_ct : 00 [2002/08/01 19:59:39, 5] rpc_parse/parse_prs.c:prs_uint8(553) 0017 reserved : 00 [2002/08/01 19:59:39, 5] smbd/ipc.c:send_trans_reply(91) send_trans_reply: buffer 46 too large [2002/08/01 19:59:39, 3] smbd/error.c:error_packet(110) error packet at smbd/ipc.c(99) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2002/08/01 19:59:39, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..46] [2002/08/01 19:59:39, 5] lib/util.c:show_msg(272)
joining to domain of current head
the HEAD code seems to have reverted to automagic machine account creation... I thought that was disabled - thus the addition of the add machine script parameter. I think I like the automagic add better but we can only have one... if i put a valid script like this in smb.conf add machine script = /usr/sbin/smbldap-useradd.pl -w %u domain joining fails with this in the logs (level 3) api_rpcTNP: rpc command: SAMR_CREATE_USER [2002/08/01 16:49:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2002/08/01 16:49:21, 3] smbd/uid.c:push_conn_ctx(279) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2002/08/01 16:49:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_open_connection(255) ldap_open_connection: connection opened [2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_connect_system(398) ldap_connect_system: succesful connection to the LDAP server [2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410) ldapsam_search_one_user: searching for:[((uid=pedersen$)(objectclass=sambaAccount))] [2002/08/01 16:49:21, 3] smbd/sec_ctx.c:pop_sec_ctx(395) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2002/08/01 16:49:21, 3] rpc_server/srv_samr_nt.c:_api_samr_create_user(2292) _api_samr_create_user: Running the command `/usr/sbin/smbldap-useradd.pl -w pedersen$' gave 0 [2002/08/01 16:49:21, 3] rpc_server/srv_samr_nt.c:_api_samr_create_user(2304) attempting to create non-unix account pedersen$ [2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_open_connection(255) ldap_open_connection: connection opened [2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_connect_system(398) ldap_connect_system: succesful connection to the LDAP server [2002/08/01 16:49:21, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410) ldapsam_search_one_user: searching for:[((uid=pedersen$)(objectclass=sambaAccount))] [2002/08/01 16:49:21, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1527) User already in the base, with samba properties [2002/08/01 16:49:21, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(2321) could not add user/computer pedersen$ to passdb. Check permissions? [2002/08/01 16:49:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(548) it looks like the logic has a problem... it calls the add script - gets a 0 (=success i think) but then it tries to add again then it finds that the user is already there but STILL tries to do the add and finally fails... with an invalid script like this add machine script = /usr/sbin/smbldap-usershow.pl %u i can join the domain here is the log for the successful join api_rpcTNP: rpc command: SAMR_CREATE_USER [2002/08/01 16:03:24, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2002/08/01 16:03:24, 3] smbd/uid.c:push_conn_ctx(279) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2002/08/01 16:03:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_open_connection(255) ldap_open_connection: connection opened [2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_connect_system(398) ldap_connect_system: succesful connection to the LDAP server [2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410) ldapsam_search_one_user: searching for:[((uid=pedersen$)(objectclass=sambaAccount))] [2002/08/01 16:03:24, 3] smbd/sec_ctx.c:pop_sec_ctx(395) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2002/08/01 16:03:24, 3] rpc_server/srv_samr_nt.c:_api_samr_create_user(2292) _api_samr_create_user: Running the command `/usr/sbin/smbldap-usershow.pl pedersen$' gave 1 [2002/08/01 16:03:24, 3] rpc_server/srv_samr_nt.c:_api_samr_create_user(2304) attempting to create non-unix account pedersen$ [2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_open_connection(255) ldap_open_connection: connection opened [2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_connect_system(398) ldap_connect_system: succesful connection to the LDAP server [2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410) ldapsam_search_one_user: searching for:[((uid=pedersen$)(objectclass=sambaAccount))] [2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(410) ldapsam_search_one_user: searching for:[uid=pedersen$] [2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1558) Adding new user [2002/08/01 16:03:24, 2] passdb/pdb_ldap.c:init_ldap_from_sam(901) Setting entry for user: pedersen$ [2002/08/01 16:03:24, 3] passdb/pdb_ldap.c:ldapsam_open_connection(255) ldap_open_connection: connection opened [2002/08/01 16:03:29, 3] passdb/pdb_ldap.c:ldapsam_connect_system(398) ldap_connect_system: succesful connection to the LDAP server [2002/08/01 16:03:29, 3] passdb/pdb_ldap.c:search_top_nua_rid(1081) ldapsam_get_next_available_nua_rid: searching for:[((uid=*)(objectclass=sambaAccount))] [2002/08/01
what happened to log level?
NULL?
how do i set the logging level?
brad
{Logging Options, P_SEP, P_SEPARATOR},
{admin log, P_BOOL, P_GLOBAL, Globals.bAdminLog, NULL, NULL, 0},
{log level, P_STRING, P_GLOBAL, NULL, handle_debug_list, NULL, 0},
{debuglevel, P_STRING, P_GLOBAL, NULL, handle_debug_list, NULL, 0},
{syslog, P_INTEGER, P_GLOBAL, Globals.syslog, NULL, NULL, 0},
{syslog only, P_BOOL, P_GLOBAL, Globals.bSyslogOnly, NULL, NULL, 0},
{log file, P_STRING, P_GLOBAL, Globals.szLogFile, NULL, NULL, 0},
man files always being installed in ...man/lang/... rather thanman/man#
I've fixed the installman.sh script with this patch Index: source/script/installman.sh === RCS file: /cvsroot/samba/source/script/installman.sh,v retrieving revision 1.11 diff -u -r1.11 installman.sh --- source/script/installman.sh 25 Sep 2001 02:01:29 - 1.11 +++ source/script/installman.sh 29 Jul 2002 15:43:33 - -18,6 +18,8 if [ X$lang = Xen ]; then echo Installing default man pages in $MANDIR/ lang=. + langdir=$MANDIR else echo Installing \$lang\ man pages in $MANDIR/lang/$lang + langdir=$MANDIR/lang/$lang fi -langdir=$MANDIR/lang/$lang for d in $MANDIR $MANDIR/lang $langdir $langdir/man1 $langdir/man5 $langdir/man7 $langdir/man8; do if [ ! -d $d ]; then mkdir $d -43,0 +44,0 if (rm -f $FNAME touch $FNAME); then rm $FNAME + echo \tinstalling $FNAME to $m if [ x$GROFF = x ] ; then cp $s $m# Copy raw nroff - else + else echo \t$FNAME # groff'ing can be slow, give the user # a warm fuzzy. $GROFF $s $FNAME # Process nroff, because man(1) (on
Re: write list parameter in 2.2.5?
this belongs on [EMAIL PROTECTED] maybe somebody will answer it there... my guess is that the write list parameter only has meaning on a read only share (just a guess though) brad On Sat, 2002-07-27 at 18:12, Eddie Lania wrote: Sorry to drop this on this list. I would like to administrate the [users] share. I am stuck here: - [netlogon] comment = Network Logon Service path = /home/netlogon locking = No read only = Yes guest ok = Yes write list = joepie, @Administrators create mask = 0644 directory mask = 0755 [homes] path = /home/users/%U read only = No browseable = No create mask = 0600 directory mask = 0700 [users] comment = Users directories path = /home/users read only = No create mask = 0600 write list = joepie, @Administrators directory mask = 0700 - But when I log in as joepie, I am not able to read/write to the [users] share. I am using Samba 2.2.5 --with-ldapsam on RH 7.0 with openldap. Everything else works OK. In fact, the combo ldap and samba works great here. No errors in debug. messages or samba logs. /usr/local/samba/bin/testparm gives no errors. what am I doing wrong here? Is this a bug, or is it my own mistake? Hey, keep up the good work! Samba rules ;-) Eddie.
installcp.sh
In my quest to test my CONFDIR LIBDIR separation patch i'm trying to do the build. looks like the codepages are not being installed by the makefile. bwlang@unheq1:~/devel/samba/samba-3.0a/source$ rgrep installcp.sh * script/CVS/Entries:/installcp.sh/1.5/Fri Jun 28 21:52:12 2002// script/CVS/Entries:/uninstallcp.sh/1.2/Fri Jun 28 21:52:12 2002// bwlang@unheq1:~/devel/samba/samba-3.0a/source$ and i don't see anything else that installs them... should i remove them from the debian packaging stuff or put installcp.sh into the makefile? thanks! brad
$(LIBDIR) vs $(CONFDIR)
I'm working on the debian packaging stuff of samba3. One part of that is the installation of libsmbclient I'd like to change the meaning to LIBDIR to be the directory where libraries (.a and .so files) should go ie. /usr/lib or /usr/local/lib right now LIBDIR means where the config files go I'd like to add a CONFDIR variable to handle that. I've also written a new installer script for libsmbclient in the same vein as installbin.sh can i start sending in patches for that stuff? brad
typo in samba2.spec.tmpl
couple of stray chars at the beginning of the file keep the rpm build script from working. brad
Re: Heads up warning on 2.2.5
On Fri, 2002-06-07 at 16:00, Gerald Carter wrote: On 7 Jun 2002, Bradley W. Langhorst wrote: The main things we are trying to straightened out are * some missing documentation, i think these params are without docs addprinter command deleteprinter command I know these are documented. the're in the source as addprinter command but in the doc file as add printer command (which is why my script doesn't think they exist) admin log L821 ssl ca certfile L804 max packet L857 groupname map L954 are you looking in SAMBA_2_2? wtmp directory packet size mangling method alternate permissions force directory security mode -valid L1048 ssl ca certdir tdb passwd file those are all valid parms in loadparm.c ie - they are in the param struct i've put the some of the line numbers for those parms above examples/VFS/recycle/ that dir does not exist in my tree probably because it is empty in cvsweb (but there is stuff int the attic) i'll be happy to submit a patch reconciling these inconsistencies but i don't know if you want them gone from the param struct or added to the man page. thanks! brad
script to find undocumented params
I wrote a little perl script to find those params that have no
documentation
I don't know what most of them do
but i'll get cracking on finding out
here's the output:
display charset
hostname lookups
ldap user suffix
add group script
realm
wins partners
addprinter command
unix charset
lock spin time
admin log
inherit acls
add user to group script
ssl ca certfile
winbind enum groups
max packet
unicode
delete user from group script
wtmp directory
packet size
mangling method
alternate permissions
force directory security mode
ads server
paranoid server security
-valid
ssl ca certdir
lock spin count
winbind enum users
use spnego
delete group script
deleteprinter command
ldap machine suffix
ntlm auth
dos charset
here's the script - in case somebody else wants it
#!/usr/bin/perl -w
#reads in the list of parameters from the source
#compares this list to the list of parms documented in the docbook
source
#prints out the names of the parameters that are in need of
documentation
my $doc_file = ./docs/docbook/manpages/smb.conf.5.sgml;
my $source_file = ./source/param/loadparm.c;
my $ln;
my %params;
open(SOURCE, $source_file) ||
die Unable to open $source_file for input: $!\n;
open(DOC, $doc_file) ||
die Unable to open $doc_file for input: $!\n;
while ($ln= SOURCE) {
last if $ln =~ m/^static\ struct\ parm_struct\ parm_table.*/;
} #burn through the preceding lines
while ($ln = SOURCE) {
last if $ln =~ m/^\s*\}\;\s*$/;
#pull in the param names only
next if $ln =~ m/.*P_SEPARATOR.*/;
$ln =~ m/.*\(.*)\.*/;
$params{lc($1)}='not_found'; #not case sensitive
}
close SOURCE;
#now read in the params list from the docs
doclines = DOC;
foreach $ln (grep (/\anchor\ id\=/, doclines)) {
$ln =~ m/^.*\anchor\
id\=\.*\\\s*(?:\.*?\)*\s*(.*?)(?:\s*\(?[S,G]?\)?\s*(\\/term\)?){1}\s*$/;
#print got: $1 from: $ln;
if (exists $params{lc($1)}) {
$params{$1} = 'found';
}
}
foreach (keys %params) {
print $_\n if $params{$_} eq 'not_found';
}
overriding dyn_CONFIGFILE in pdbedit with command line parameter
I decided to modify pdbedit to handle another
command line parameter -c /pathto/smb.conf
I've got that working - but I'm not sure it's safe
Is it reasonable to expect the popt stuff to give me back
null terminated string?
if so then find a simple patch below
are attachments not accepted by the listserver - i sent this twice
before but never saw anything on the list
brad
diff -r1.43 pdbedit.c
411a412
static char *configfile = NULL;
433a435
{configfile, c,POPT_ARG_STRING,configfile,0,use the
given path to the smb.conf file,NULL},
441a444,451
pc = poptGetContext(NULL, argc, (const char **) argv,
long_options,
POPT_CONTEXT_KEEP_FIRST);
while((opt = poptGetNextOpt(pc)) != -1);
if (configfile) {
safe_strcpy(dyn_CONFIGFILE,configfile, strlen(configfile));
/*override the default config file*/
}
450,451d459
pc = poptGetContext(NULL, argc, (const char **) argv,
long_options,
POPT_CONTEXT_KEEP_FIRST);
453d460
while((opt = poptGetNextOpt(pc)) != -1);
sysconfdir vs libdir for smb.conf
right now the Makefile says CONFIGFILE = $(LIBDIR)/smb.conf libdir is set by the ./configure script and is suggested to be /usr/lib or /usr/local/lib I want my smb.conf in /etc/samba (or at least /etc) not /usr or /usr/local there is a configure parameter sysconfdir that replaces sysconfdir in the makefile but sysconfdir does not exist in the make file so it's a useless parameter. I think maybe configure should be run with --sysconfdir=/etc or --sysconfdir=/etc/samba which should set up the make file to put smb.conf and friends there here is a patch to do that diff -r1.471 Makefile.in 46a47 CONFDIR = sysconfdir 55,57c56,58 CONFIGFILE = $(LIBDIR)/smb.conf LMHOSTSFILE = $(LIBDIR)/lmhosts DRIVERFILE = $(LIBDIR)/printers.def --- CONFIGFILE = $(CONFDIR)/smb.conf LMHOSTSFILE = $(CONFDIR)/lmhosts DRIVERFILE = $(CONFDIR)/printers.def
patch to fix ...lang/man* problem with rpm compilation
I think this is the wrong way to fix this but I don't know the right way. diff -r1.23 samba2.spec.tmpl 450,453c456,459 %attr(-,root,root) MANDIR_MACRO/man1/* %attr(-,root,root) MANDIR_MACRO/man5/* %attr(-,root,root) MANDIR_MACRO/man7/* %attr(-,root,root) MANDIR_MACRO/man8/* --- %attr(-,root,root) MANDIR_MACRO/lang/man1/* %attr(-,root,root) MANDIR_MACRO/lang/man5/* %attr(-,root,root) MANDIR_MACRO/lang/man7/* %attr(-,root,root) MANDIR_MACRO/lang/man8/*
joining machine to domain with ldapsam backend
I'm assuming that talk about samba3 belongs here, please let me know if i should take it to samba I'm trying to join a machine to today's head here is the what I get in the log file - how should we assign an RID to a machine account? do I need to add a special script in the add machine script parameter to make this work? how should we assign an RID to a machine account? [2002/04/23 20:32:53, 2] smbd/reply.c:reply_special(77) netbios connect: name1=BITC name2=TESTPC [2002/04/23 20:32:53, 2] smbd/reply.c:reply_special(96) netbios connect: local=bitc remote=testpc [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:53, 2] auth/auth.c:check_ntlm_password(256) check_password: authenticaion for user [root] - [root] - [root] suceeded [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:53, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:54, 2] lib/access.c:check_access(309) Allowed connection from (132.177.45.90) [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:54, 2] smbd/server.c:exit_server(498) Closing connections [2002/04/23 20:32:54, 2] lib/access.c:check_access(309) Allowed connection from (132.177.45.90) [2002/04/23 20:32:54, 2] smbd/reply.c:reply_special(77) netbios connect: name1=BITC name2=TESTPC [2002/04/23 20:32:54, 2] smbd/reply.c:reply_special(96) netbios connect: local=bitc remote=testpc [2002/04/23 20:32:54, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:55, 2] auth/auth.c:check_ntlm_password(256) check_password: authenticaion for user [root] - [root] - [root] suceeded [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:55, 2] lib/access.c:check_access(309) Allowed connection from (132.177.45.90) [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching for:[((uid=root)(objectclass=sambaAccount))] [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(498) Entry found for user: root [2002/04/23 20:32:55, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2102) Returning domain sid for domain LAUELAB - S-1-5-21-952143027-1224863391-451646606 [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_open_connection(206) ldap_open_connection: connection opened [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_connect_system(240) ldap_connect_system: successful connection to the LDAP server [2002/04/23 20:32:55, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(252) ldapsam_search_one_user: searching
head rpm build fails due to make_printerdef not building
maybe its a makefile problem? there is no object file after the build but I didn't see any obvious errors in the compilation step (other than the usual discarding qualifiers stuff) also --with-pam_smbpass cannot complete compilation with the current HEAD. I'll try to track down the first problem later if nobody else has had a look by the time I get back from teaching class. brad
