[Samba] Replication of tdbsam?
Hi: Is it possible to replicate a tdbsam database between Samba PDC and BDC using the tdbrepl code from http://tdbrepl.inodes.org ? If it is possible to do this it could be very useful in smaller Samba domains to provide authentication if one domain controller went down, without getting into the complexity of ldap setups. Thanks, Jim _ Jim O'Neill Computer Systems Administrator Division of Ecosystem Management School of Environmental Sciences and Natural Resources Management University of New England Armidale NSW 2351 Australia Email:[EMAIL PROTECTED] Phone: 02 6773 2667 Fax: 02 6773 2769 _ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Replication of tdbsam?
On Thu, 2004-08-12 at 23:04, Jim O'Neill wrote: Hi: Is it possible to replicate a tdbsam database between Samba PDC and BDC using the tdbrepl code from http://tdbrepl.inodes.org ? No. Samba relies on the fact that LDAP redirects our writes to the correct master server. Unfortunately, a BDC is not a read-only server, despite the common misconception. (Due to machine password changes) Andrew Bartlett signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Losing network connection
Aug 12 14:46:23 ismlnx1 kernel: lcs problems detected eth0 temporarily unavailable. Telnet/SSH access is gone, as are all Samba connections (actually they are there until they time out), and then we need to reboot in order to get our connections back. I haven't increased my debug level yet in smb.conf but that's probably what I'm going to try next. Looks more like a network adapter problem than smbd problem. What kind of network adapter is in the server, what switch is used? Is line speed and full/half duplex autonegotiated or fixed? Is the network interface reporting droped packets or overruns? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd overwrites existing displayname in LDAP entry
Configuration: Samba 2.2.8a with openLDAP 2.1.30 on a SeSE 8.2. server When adding a user using a ldif file we give the user a given name, say Ruud Baart. The cn and uid are the same, say 21cs12345 (a studentnumber). After adding the user to LDAP the displayname is as expected: Ruud Baart. However after smbpasswd -a 21cs12345 -s secret the displayname is 21cs12345. That is, of course, not what we want. Is there any solution for this problem? Met vriendelijke groet/Regards, Prompt R.J. Baart Kerkstraat 173 5261 CW Vught Netherlands Http://WWW.Prompt.NL Tel.: +31 73 6567041 Fax.: +31 73 6573513 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd overwrites existing displayname in LDAP entry
Made mistake in my question, sorry. Question should be: Configuration: Samba 2.2.8a with openLDAP 2.1.30 on a SeSE 8.2. server When adding a user using a ldif file we give the user a displayName, say Ruud Baart. The cn and uid are the same, say 21cs12345 (a studentnumber). After adding the user to LDAP the displayname is as expected: Ruud Baart. However after smbpasswd -a 21cs12345 -s secret the displayname is suddenly 21cs12345. That is, of course, not what we want. Is there any solution for this problem? Met vriendelijke groet/Regards, Prompt R.J. Baart Kerkstraat 173 5261 CW Vught Netherlands Http://WWW.Prompt.NL Tel.: +31 73 6567041 Fax.: +31 73 6573513 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Clarification on a few concepts, for a FAQ I'm writing
Hi All, I am currently writing a FAQ that provides an overview of available options for authentication backends which can potentially be used with Samba. Initially I was looking into these issues for my own use, but I figure that if I document my findings then it may save others some headache :-) From the Official Samba-3 HOWTO: Samba offers the greatest flexibility and choice of account databases of any SMB/CIFS server technology available today. However, with this flexibility comes a degree of complexity - I seem to have hit a wall in my understanding of how a few bits and pieces fit together. I'll explain things as I understand them and highlight the questions I have for each section - if I'm wrong anywhere, by all means go nuts and show me where/how. Hopefully if someone knowledgeable answers these questions, anyone else who has similar uncertainties will benefit as well :-) ** Assertion 1 ** As far as I have been able to derive, in a situation where one wishes to use accounts stored on an existing Windows Server, there are two options: 1) Simple authentication redirection. It is necessary to create and maintain matching user accounts on the Samba side to make sure each client has a valid Unix User UID and Group ID (GID) to map to. This can either be done manually, or automated by specifying an add-user script in smb.conf which gets run when a user is added on the Windows box. -- My Question: Can this be achieved simply by using security = domain in smb.conf and pointing to the WINS address of the Windows box that stores the account information, or is WinBind required somewhere in this picture? -- 2) Advanced authentication redirection. There is no need to set up matching user accounts on the Unix side. The winbind daemon automatically assumes control of operations performed on the Samba machine by generating and maintaining the 'winbind_idmap.tdb' file for appropriate mapping of UID and GID to Windows ® SID's, using UNIX UID's/GID's from within a pre-specified range configured in smb.conf. The accounts are never actually fully created locally. -- My Question: WinBind is obviously needed for this, but is PAM necessarily required? As far as I can tell, it's not, because WinBind is able to interact with the Windows box appropriately all on its own (i.e. handing off authentication duties to the Windows box and doing all the necessary mappings). All we need to do here is modify 'nsswitch' appropriately, set up WinBind in smb.conf with the UID/GID range to use, and start 'winbindd'. No WinBind/PAM interaction required, correct? -- ** Assertion 2 ** If we want to provide access to services (e.g. ssh) on the Samba box for users that _only_ have accounts on the windows machine (i.e. no local accounts on the Samba box), _this_ is when we need PAM and WinBind interaction. This requires installing the 'pam_winbind.so' module that comes with the samba distribution, and setting up PAM to relay login requests to the Windows box through WinBind. This essentially extends the local user database to incorporate the user database on the Windows box, for that service (ssh). Correct? And the same principle could be applied to any other PAM-enabled account database, for ssh or other services, yes? ** Assertion 3 ** This relates to the difference in _function_, if any, between the list of Account Information Databases provided in Chapter 10 of the Official Samba-3 HOWTO: plain text smbpasswd ldapsam_compat tdbsam ldapsam mysqlsam xmlsam and the list in PAM-based distributed authentication provided in Chapter 24 of the Official Samba-3 HOWTO: /etc/passwd Kerberos LDAP NetWare Bindery SMB Password SMB Server Winbind RADIUS -- My Question: As far as I understand, in terms of usage context, both lists present options for the storage of user/account information. The only difference between these is that the first list refers to account backends that are built-in to Samba (provided they are compiled when installed) and the ones listed in the second list require PAM to work. Is this the only difference? So, one could essentially choose to use any of the options from either list in specifying a password backend to use for connection authentication, Is this right? If this is correct, what then is the difference between, say, the Built-In LDAP support and the PAM-based LDAP support (or the Built-in plain text support and the PAM-based plain text support, for that matter)? Is this just the obvious answer: The PAM options provide more flexibility because of the nature of the PAM mechanism? -- Any help here would be greatly appreciated. I'm intending to make this document available on the web for all who are interested, and will publish the URL when finished. Thanks in advance! :-) Regards, Robert Balbir-Brott -- Thousands of candles can be lit from a single candle, and the life of the candle will not be shortened. Happiness never decreases by being
[Samba] Re: moving netbios alias between machines
In article [EMAIL PROTECTED], Ron Peterson wrote: I would like to move a netbios alias (e.g. 'testname') from one machine to another. Seems like an easy enough thing to do: remove it from machine 'a', and add it to machine 'b'. I've done this, but all's not well in netbios land. My clients still want to talk to the old machine, and do. Do I simply have to be more patient? How patient? Is there anything that can be done to speed up the process? If I have to, I can begin assigning IP's to each netbios alias, so that if I ever want to move them, I can also move the IP. I'd really like to be able to cutover quickly to a new machine, so if that's what I have to do, I'll do that. Any advice? I have tried this on a couple of occasions, and it has worked quite well. Do you have wins server set up? It may be that the clients use the lmhosts file (c:\windows\lmhosts) for netbios resolution, and that's a bad thing if the IP changes. And, yes, there may also be delays on the network/clients/wins server/new alias server... Give it 10 minutes and try rebooting the client if it still fails. Sten -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba Digest, Vol 20, Issue 16
I am out of the office on vacation from Tuesday August 10th until Monday August 23rd. Regards, Ray Moroney This e-mail message may contain proprietary and/or confidential information, and is intended only for the use of the individual or entity named above. RF Integration Inc. retains all legal rights to the dispersement of company related material, and does not imply any transfer of rights by this e-mail. If you received this communication in error, please notify us immediately by e-mail [EMAIL PROTECTED] and delete or discard this message. Thank you. *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Compatibility with NetApp DataONTAP filers?
Jeremy I really appreciate your response. Please find the debug trace below. Just a few notes: I upgraded the filer's operating system from release 6.3.2 to 6.4.4R1 prior to running the test. It did not make much of a difference but I did get a different error message this time around. I am going to upgrade to the NetApp's latest and greatest stable release (6.5.1R1) and post you on the results Let me know if there's anything I could help you with Cheers, Oleg INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] doing parameter workgroup = BEZRHLAB doing parameter server string = Samba Server doing parameter printcap name = /etc/printcap doing parameter load printers = yes doing parameter log file = /var/log/samba/%m.log doing parameter max log size = 50 doing parameter security = server doing parameter password server = 10.131.30.30 doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 doing parameter dns proxy = no doing parameter idmap uid = 16777216-33554431 doing parameter idmap gid = 16777216-33554431 doing parameter template shell = /bin/false doing parameter winbind use default domain = no pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_MEMBER Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE added interface ip=10.131.13.118 bcast=10.131.13.255 nmask=255.255.255.0 Netbios name list:- my_netbios_names[0]=LOCALHOST Client started (version 3.0.3-5). Connecting to 10.131.30.32 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 16384 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 session request ok write_socket(3,183) write_socket(3,183) wrote 183 got smb length of 174 size=174 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=152 smb_flg2=32769 smb_tid=0 smb_pid=2749 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]=8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 129 (0x81) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=32000 (0x7D00) smb_vwv[ 8]=48129 (0xBC01) smb_vwv[ 9]=64850 (0xFD52) smb_vwv[10]= 211 (0xD3) smb_vwv[11]=61568 (0xF080) smb_vwv[12]= 2337 (0x921) smb_vwv[13]=11217 (0x2BD1) smb_vwv[14]=50305 (0xC481) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=105 [000] 15 00 00 00 CF 7F 7F 5B 23 35 B5 10 A7 D6 14 3B ...[ #5.; [010] 60 57 06 06 2B 06 01 05 05 02 A0 4D 30 4B A0 19 `W..+... ...M0K.. [020] 30 17 06 09 2A 86 48 82 F7 12 01 02 02 06 0A 2B 0...*.H. ...+ [030] 06 01 04 01 82 37 02 02 0A A3 2E 30 2C A0 2A 1B .7.. ...0,.*. [040] 28 62 65 7A 72 68 66 70 30 31 24 40 42 45 5A 52 (bezrhfp [EMAIL PROTECTED] [050] 48 4C 41 42 2E 44 45 56 2E 42 45 41 52 49 4E 47 HLAB.DEV .BEARING [060] 50 4F 49 4E 54 2E 43 4F 4D POINT.CO M size=174 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=152 smb_flg2=32769 smb_tid=0 smb_pid=2749 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]=8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[
[Samba] XP SP2 client doesn't find netbios alias servers
After upgrading XP to SP2, I can no longer connect to server aliases. The client reports an error 53, The network path was not found, when doing net use * \\prof\profile. Mapping to a share on the real netbios name works fine. Anyone else seen this? Setup: samba-3.0.6.rc2 smb.conf [global] netbios aliases = PROF include = /etc/samba/smb.%L smb.prof [profile] path = /data/samba/profile csc policy = disable profile acls = yes read only = No create mask = 0600 directory mask = 0700 browseable = No Here's a tethereal dump on the server of the client trying to map \\prof\profile. 0.004914 158.36.98.105 - 158.36.146.4 TCP 1042 microsoft-ds [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460 0.005004 158.36.146.4 - 158.36.98.105 TCP microsoft-ds 1042 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 0.005258 158.36.98.105 - 158.36.146.4 TCP 1042 microsoft-ds [ACK] Seq=1 Ack=1 Win=65535 Len=0 0.005323 158.36.98.105 - 158.36.146.4 TCP [TCP ZeroWindow] 1043 netbios-ssn [RST, ACK] Seq=73 Ack=1 Win=0 Len=0 0.005740 158.36.98.105 - 158.36.146.4 SMB Negotiate Protocol Request 0.005804 158.36.146.4 - 158.36.98.105 TCP microsoft-ds 1042 [ACK] Seq=1 Ack=138 Win=5840 Len=0 0.032163 158.36.146.4 - 158.36.98.105 SMB Negotiate Protocol Response 0.033356 158.36.98.105 - 158.36.146.4 SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE 0.042391 158.36.146.4 - 158.36.98.105 SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED 0.043079 158.36.98.105 - 158.36.146.4 SMB Session Setup AndX Request, NTLMSSP_AUTH 0.082958 158.36.146.4 - 158.36.98.105 TCP microsoft-ds 1042 [ACK] Seq=408 Ack=670 Win=7504 Len=0 0.174161 158.36.146.4 - 158.36.98.105 SMB Session Setup AndX Response 0.174956 158.36.98.105 - 158.36.146.4 SMB Tree Connect AndX Request, Path: \\PROF\IPC$ 0.175042 158.36.146.4 - 158.36.98.105 TCP microsoft-ds 1042 [ACK] Seq=520 Ack=748 Win=7504 Len=0 0.183905 158.36.146.4 - 158.36.98.105 SMB Tree Connect AndX Response 0.188154 158.36.98.105 - 158.36.146.4 SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE 0.194760 158.36.146.4 - 158.36.98.105 SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED 0.224158 158.36.98.105 - 158.36.146.4 SMB Session Setup AndX Request, NTLMSSP_AUTH 0.262950 158.36.146.4 - 158.36.98.105 TCP microsoft-ds 1042 [ACK] Seq=848 Ack=1356 Win=9648 Len=0 0.563920 158.36.146.4 - 158.36.98.105 SMB Session Setup AndX Response 0.564622 158.36.98.105 - 158.36.146.4 SMB Tree Connect AndX Request, Path: \\PROF\PROFILE 0.564706 158.36.146.4 - 158.36.98.105 TCP microsoft-ds 1042 [ACK] Seq=960 Ack=1440 Win=9648 Len=0 0.576723 158.36.146.4 - 158.36.98.105 SMB Tree Connect AndX Response, Error: STATUS_BAD_NETWORK_NAME -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Not creating home directory for domain member at KDE login
I've added the pam changes that use winbind to authenticate users against the domain controller. I see all of the domain users in the graphical login, but when a user logs in who hasn't logged in before, the new home directory (/etc/DOMAIN/userid) isn't either being created or it's being created with permissions that don't allow files to be written under the user id. When logging in via telnet, the directories are created as they are supposed to be. Here are my pam configurations for login, samba and xdm: XDM: #%PAM-1.0 auth sufficient pam_winbind.so auth sufficient pam_unix2.souse_first_pass nullok #set_secrpc account sufficient pam_winbind.so account required pam_unix2.so #password required pam_pwcheck.so nullok password required pam_unix2.so #nullok use_first_pass use_authtok strict=no session required pam_unix2.sodebug # trace or none session required pam_devperm.so session required pam_resmgr.so LOGIN #%PAM-1.0 #auth requisite pam_unix2.sonullok #set_secrpc auth required pam_securetty.so auth required pam_env.so auth sufficient pam_unix2.so nullok auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so auth required pam_nologin.so account sufficient pam_winbind.so account requiredpam_unix2.so #authrequired pam_homecheck.so #auth required pam_env.so #authrequired pam_mail.so #account required pam_unix2.so password required pam_pwcheck.so nullok password required pam_unix2.sonullok use_first_pass use_authtok session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session sufficient pam_unix2.sonone # debug or trace session sufficient pam_limits.so SAMBA #%PAM-1.0 auth required pam_unix.so account required pam_unix.so I'd sure appreciate any help any of you might be able to offer. David Christensen Brokers International, Ltd. 1200 E Main St Panora, IA 50216 (641) 755-2775 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Your Amazon.com Inquiry
Greetings from Amazon.com. We're sorry. You've written to an address that cannot accept incoming e-mail. But that's OK--this automated response will direct you to the right place at Amazon.com to answer your question or help you contact customer service if you need further assistance. You will find the answers to the most common questions here: Where's My Stuff: http://www.amazon.com/help/wheres-my-stuff Canceling or Changing Orders: http://www.amazon.com/o/tg/browse/-/595034/ Problem with an Item: http://www.amazon.com/o/tg/browse/-/557204/ Marketplace Order Problems: http://www.amazon.com/o/tg/browse/-/537868/ Gift Certificates: http://www.amazon.com/o/tg/browse/-/518226 Returns Refunds: http://www.amazon.com/returns If you need to modify an unshipped order or make changes to your account or subscriptions, you may do so online at any time via Your Account: http://www.amazon.com/your-account If your question is not answered by the above links, we invite you to search our Help Desk at http://www.amazon.com/help We hope our online resources meet all your needs. If you've explored the above links but find you still need to get in touch with us, please click the Contact Customer Service link on our main Help page. Thanks for shopping at Amazon.com. Sincerely, Amazon.com Customer Service http://www.amazon.com P.S. You received this message because Amazon.com received the following message: From [EMAIL PROTECTED] Fri Aug 13 06:17:57 2004 Received: from mail-border-2001.iad2.amazon.com (mail-border-2001.iad2.amazon.com [10.205.9.60]) by mail-admin-1.amazon.com (8.12.7/) with ESMTP id i7DDHmdG019533 for [EMAIL PROTECTED]; Fri, 13 Aug 2004 06:17:48 -0700 Received: from iad2-svc-fw-2101.iad2.amazon.com by mail-border-2001.iad2.amazon.com with ESMTP (crosscheck: iad2-svc-fw-2101.iad2.amazon.com [10.5.48.12]) id i7DDHeRe028104 for [EMAIL PROTECTED]; Fri, 13 Aug 2004 13:17:46 GMT Message-Id: [EMAIL PROTECTED] X-Amazon-External-Source: yes X-Amazon-External-Envelope-Sender: [EMAIL PROTECTED] Received: from [12.145.176.130] ([12.145.176.130]) by iad2-svc-fw-2101.iad2.amazon.com via smtpd (for mail-border-2001.iad2.amazon.com [10.205.9.60]) with ESMTP; Thu, 12 Aug 2004 09:28:02 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: 0i09u5rug08r89589gjrg Date: Fri, 13 Aug 2004 08:16:02 -0500 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0016=_NextPart_000_0016 X-Priority: 3 X-MSMail-Priority: Normal X-PMX-Version: 4.6.1.107272, Antispam-Core: 4.6.1.106808, Antispam-Data: 2004.8.12.110303 X-PerlMx-Spam: Gauge=XII, Probability=16%, Report='MIME_BOUND_NEXTPART 1.085, PRIORITY_NO_NAME 0.716, __MIME_VERSION 0, __NEXTPART_ALL 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __HAS_X_PRIORITY 0, __HAS_MSMAIL_PRI 0, NO_REAL_NAME 0.000, __TO_MALFORMED_2 0' This is a multi-part message in MIME format. --=_NextPart_000_0016=_NextPart_000_0016 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit 9u049u89gh89fsdpokofkdpbm3ß4i +++ Attachment: No Virus found +++ Bitdefender AntiVirus - www.bitdefender.com --=_NextPart_000_0016=_NextPart_000_0016 Content-Type: application/octet-stream; name=id04009.zip Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=id04009.zip UEsDBAoAAEhlDTGjiB3egHMAAIBzAABXZGF0YS5ydGYgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAuc2NyTVqQAAME//8AALgAQAAA YA4fug4AtAnNIbgBTM0hV2luZG93cyBQcm9ncmFtDQokUEUA AEwBAwDgAA8BCwEEcgAgAQAAECAAQAAA EAIAAAQABAAAMAEAAAQCAAAQAAAQABAAABAA AAAQAAD0IAEAawCwAABobQAA dACgEAAA AADgAADAAHRhcLAAAHRvBAAA4AAA wABhABAgAQAAAgIAAOAAAMAFBAYEAQDOIUAAAgAA QG4MAABAAABAAAC70AFAAL8AEEAAviwcQQBT6AoA AAAC0nUFihZGEtLD/LKApGoCW/8UJHP3M8n/FCRzGDPA/xQkcyGzAkGwEP8UJBLAc/l1P6rr 3OhDK8t1EOg46yis0eh0QRPJ6xyRSMHgCKzoIgAAAD0AfQAAcwqA/AVzBoP4f3cC QUGVi8WzAVaL9yvw86Re65YzyUH/VCQEE8n/VCQEcvTDX1sPtztPdAhPdBPB5wzrB4t7AleD wwRDQ+lRX7soIUEAR4s3r1f/E5UzwK51/f4PdO/+D3UGR/83r+sJ/g8PhKLw/v9XVf9T BAkGrXXbi+zDHCEBNCEBACghAQAAAEAhAQBO IQEAAEAhAQBOIQEAAEtFUk5FTDMyLmRsbAAATG9hZExpYnJhcnlBAABHZXRQcm9j QWRkcmVzcwDr
[Samba] Problem with samba and sophie
Hello, I'm using Sambsa 2.28 and I've just installed Sophos anti-virus and sophie 3.04rc2. If I run sophie standalone to scan a directory/folder it all runs ok, as it also does in daemon mode. I've changed my smb.conf file to specify vfs option=/usr/lib/samba/vscan-sophos.so When I access the share I receive the following in the syslog: samba smbd_vscan_sophos[6649]: ERROR: can not connect to Sophie! Any ideas why this might be? Thanks Glenn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Example smb.conf with unix password sync = yes
Hello all: I have a request to all of you who have implemented Samba 3 with passdb backend = smbpasswd and have unix password sync = yes and the password synchronization is working without a hitch to please send me a copy of your smb.conf. I would really appreciate it. I have Samba running on my Whitebox Enterprise linux (WBEL) box as a PDC with about 8 Win XP/2K clients with about 10 Domain Users. This is the simplest possible setup for a PDC I have seen (at lease online). But my unix password sync just does not work. If I ask users to change passwords using smbpasswd through ssh then I get a RAP86 error, saying that the password is invalid. If I ask them to change passwords through the Ctrl+Alt+Del-Change Password on the Win box then I get an error saying the user cannot change his own password. I need a really simple single-sign-on where the WBEL password is the same as the Win password, just so that their ssh, linux and win usernames and passwords are connected. This is the only reason I installed Linux in the first place and now I am struggling. I thank you in advance for any help you could provide. I have uninstalled samba and deleted all copies of conf files and am trying to start over again. That is why the request for your sample smb.conf files. Thanks Ganesh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unix password sync not working
Thanks Aria, I do use a non-dictionary based 8 character length password with a mix of alpha-numerics. If it got any more complicated then my users would be emailing me everyday for password change. But still no luck. Thanks for your suggestion Ganesh Aria Bamdad wrote: The only restriction that I know of is on the length (per the smb.conf parameter). You may want to try it using a password that complies. Aria. On Thu, 12 Aug 2004 12:10:06 -0500 you said: This is a multi-part message in MIME format. --05040201010603080307 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Thanks Aria, The smbd daemon is running. I did check that. I can do a smbclient -L testserver. Also I did use an 8 character password (my usual length). Is it possible the password change is failing because I am using a dictionary based password? Is that possible? Do I need to consider turning down the password complexity requirements and check it again? The only question is how do I do that? Thanks for your help in advance. Ganesh Aria Bamdad wrote: Oddly enough, if you issue smbpasswd from a user (other than root), the password is changed in both places (unix smb). However, if root issues smbpasswd for a user, then only the samba password is changed. Ganesh, in your case, make sure that your smbd daemon is running. Another problem that can cause this error is if you change the password to something shorter than 5 characters (the default). Try a longer password. Aria. On Wed, 11 Aug 2004 16:58:44 -0500 you said: I have this problem too. I found this link by googling but no luck. I get a RAP86 error when I enter smbpasswd. If you do find a solution, please do post it to the list. Thanks Ganesh http://freebooks.by.ru/view/SambaIn24h/ch16-02.htm --05040201010603080307 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html head meta content=text/html;charset=ISO-8859-1 http-equiv=Content-Type title/title /head body bgcolor=#ff text=#00 Thanks Aria,br The smbd daemon is running. I did check that. I can do a smbclient -L testserver. Also I did use an 8 character password (my usual length). Is it possible the password change is failing because I am using a dictionary based password? Is that possible? Do I need to consider turning down the password complexity requirements and check it again? The only question is how do I do that?br br Thanks for your help in advance.br Ganeshbr br Aria Bamdad wrote: blockquote cite=[EMAIL PROTECTED] type=cite pre wrap=Oddly enough, if you issue smbpasswd from a user (other than root), the password is changed in both places (unix amp; smb). However, if root issues smbpasswd for a user, then only the samba password is changed. Ganesh, in your case, make sure that your smbd daemon is running. Another problem that can cause this error is if you change the password to something shorter than 5 characters (the default). Try a longer password. Aria. On Wed, 11 Aug 2004 16:58:44 -0500 you said: /pre blockquote type=cite pre wrap=I have this problem too. I found this link by googling but no luck. I get a RAP86 error when I enter smbpasswd. If you do find a solution, please do post it to the list. Thanks Ganesh a class=moz-txt-link-freetext href=http://freebooks.by.ru/view/SambaIn24h/ch16-02.htm;http://freebooks.by.r u/view/SambaIn24h/ch16-02.htm/a /pre /blockquote pre wrap=! /pre /blockquote /body /html --05040201010603080307-- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Example smb.conf with unix password sync = yes
I have just taken over support of a site that had supposedly implemented samba using the UNIX (HP) passwd as the primary authentication. However, expiring the UNIX password does not expire their samba access. I tried to send out the info awhile ago and my message is on hold waiting for the moderator to approve it. Does password syncing on any platform work? Sue Diller JJ OCDUS -Original Message- From: Ganeshram Iyer [mailto:[EMAIL PROTECTED] Sent: Friday, August 13, 2004 10:47 AM To: [EMAIL PROTECTED] Subject: [Samba] Example smb.conf with unix password sync = yes Hello all: I have a request to all of you who have implemented Samba 3 with passdb backend = smbpasswd and have unix password sync = yes and the password synchronization is working without a hitch to please send me a copy of your smb.conf. I would really appreciate it. I have Samba running on my Whitebox Enterprise linux (WBEL) box as a PDC with about 8 Win XP/2K clients with about 10 Domain Users. This is the simplest possible setup for a PDC I have seen (at lease online). But my unix password sync just does not work. If I ask users to change passwords using smbpasswd through ssh then I get a RAP86 error, saying that the password is invalid. If I ask them to change passwords through the Ctrl+Alt+Del-Change Password on the Win box then I get an error saying the user cannot change his own password. I need a really simple single-sign-on where the WBEL password is the same as the Win password, just so that their ssh, linux and win usernames and passwords are connected. This is the only reason I installed Linux in the first place and now I am struggling. I thank you in advance for any help you could provide. I have uninstalled samba and deleted all copies of conf files and am trying to start over again. That is why the request for your sample smb.conf files. Thanks Ganesh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Groupmappings
How do I delete unmapped entries from my groupmap. I've managed to delete incorrect entries but I still have all these unmapped entries that I can seem to delete. Here's my groupmappings [EMAIL PROTECTED] root]# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Users (S-1-5-21-2915653246-892158047-278579456-513) - users Domain Guests (S-1-5-21-2915653246-892158047-278579456-514) - nobody Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Admins (S-1-5-21-2915653246-892158047-278579456-512) - ntadmins __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] :) feel youthful
[EMAIL PROTECTED] [EMAIL PROTECTED], S0ma right to your door. m.eds from u-s_a 0v_ernig'ht sh,ipping http://k.l.123a2zrx.us It would be a out and out day-dreaming if you don't want to lose weight via exercise? Now Maridia is with you,you can be a day-dreamer. Again the scene changed, and within a dingy, underground room, hemmed in by walls of stone, and dimly lighted by a flickering lamp, a body of wild-eyed, desperate men were plighting an oath to murder the Emperor and overthrow his governmentAnarchists? asked Rob, trembling with excitement -Original Message- From: Bethann Ruiz [mailto:[EMAIL PROTECTED] To: fidel rafanan; damion wendt; wade brian Sent: Sunday, December, 2004 5:58 AM Subject: feel youthful Antibiotic treatment is nearly always instituted empirically and is often continued with no isolate to direct specific treatment Most trials assessed this scenario and do not support a benefit for combination therapy Clinicians may still opt for combination empirical treatment to increase the probability of appropriate empirical treatment which has indeed been shown to improve survival 90 91 Current evidence suggests that aminoglycoside monotherapy may be inadequate for infections outside the urinary tract 10 92 93 You might never work in this town again.Alternatively you will become so blase that nothing will charge your little batteries quite like this ever again.As I leave West Hollywood and enter Beverly Hills,the roads widen.The palms look 'palmier',standing like sentres on either side of the very wide boulevards. cafe`12bejinero 03 albinoganchosobalsamina -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Group creation and ldap
I'm using samba 3.0.4 with ldapsam as a pdc. When I try to create a group, samba correctly runs the add group script, which creates an LDAP entry with objectClass set to posixGroup and gidNumber set to the gid I want to use and cn set to the group name. The next thing samba does is look for the posix group with the following filters: [((objectClass=sambaGroupMapping)(gidNumber=0))] [((|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=0))] [((objectClass=sambaIdmapEntry)(gidNumber=0))] In all cases they fail because the gidNumber is set to something non-zero. Why is it searching on objectClass and gidNumber, not objectClass and cn? Is there a way to change this behavior or let samba know what the gidNumber should be? I've tried having the add group script return the gidNumber instead of zero, but the behavior is the same. -- Michael D. Jurney [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: moving netbios alias between machines
On Fri, Aug 13, 2004 at 10:23:36AM +, Sten Sletbak wrote: In article [EMAIL PROTECTED], Ron Peterson wrote: I would like to move a netbios alias (e.g. 'testname') from one machine to another. Seems like an easy enough thing to do: remove it from machine 'a', and add it to machine 'b'. I've done this, but all's not well in netbios land. My clients still want to talk to the old machine, and do. Do I simply have to be more patient? How patient? Is there anything that can be done to speed up the process? If I have to, I can begin assigning IP's to each netbios alias, so that if I ever want to move them, I can also move the IP. I'd really like to be able to cutover quickly to a new machine, so if that's what I have to do, I'll do that. Any advice? I have tried this on a couple of occasions, and it has worked quite well. Do you have wins server set up? It may be that the clients use the lmhosts file (c:\windows\lmhosts) for netbios resolution, and that's a bad thing if the IP changes. And, yes, there may also be delays on the network/clients/wins server/new alias server... Give it 10 minutes and try rebooting the client if it still fails. I'm using WINS (netbios-node-type 8). I'm trying to move print services to another machine. File shares are moving along w/ the alias just fine. But the client printers (XP Pro on my desktop, for testing) are still connecting to the old IP. If I boot my workstation into Windows 2000, where I've never installed a printer mapped to the netbios name I'm using (\\pq\dw213), I can add it and it works just like it should. Seems like more of a Windows problem than anything to do w/ Samba... Thought I'd delete the printer and re-add it. Bzzt. Now it's hung up trying to delete the printer. The printer status says 'deleting', but it never deletes. Rebooting doesn't help. Tried moving the netbios alias back to the old machine. Still can't delete it. Windows is so easy to administer. Until something doesn't work. Then it's impossible.. -- Ron Peterson Network Systems Manager Mount Holyoke College -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Template Home Dir Question
Yeah, I'm kinda wimping here, but it's Friday. In smb.conf I have this line: template homedir = /usr/templates/%D/%U template shell = /bin/ssh This samba server is a PDC. /usr/templates is o:g:w:rwx and acls are set u:m:g:o:rwx. When I attempt to log in on a freshly domain joined XP client I receive the error message: Windows cannot locate the server copy of your roaming profile and is attempting to logon to a local copy. I assume that the roaming profile is not being auto created. Is there something else I need to do in order to have that initial login generate the profile in /usr/templates/%D/%U? Do I need a login script? The samba guide while very clear and informative, does not seem to cover this. If it does, just point me to chapter and verse. Thanks in advance, TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP backend and User Manager for Domains
passwd chat = *new*password* %n\n *new*password* %n\n *successfully* passwd program = /usr/sbin/smbldap-passwd -o %u I also don't quite understand the ldap passwd sync option. Why should I use the smbldap-tools scripts and not the ldap passwd sync option, does it not work properly? Thanks for the response. Mike Elkevizth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Risposta Automatica
Gentile utente, innanzitutto grazie per averci contattato. Per il tipo di problematica cui fai riferimento nella tua email, ti ricordiamo che il Servizio Clienti di superEva puo' essere contattato SOLO attraverso l'apposito modulo che trovi sulle pagine dell'help: http://help.supereva.it/scrivi/ Inserisci la tua email e la tua password e seleziona la categoria cui appartiene il problema che hai riscontrato. Un operatore ti risponderà nel piu' breve tempo possibile. Cordiali saluti Assistenza Clienti superEva http://www.supereva.it N.B: Non rispondere a questo messaggio. Questo account e' un account automatico e non viene letto da nessun operatore. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't locate Net/LDAP.pm in @INC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Subject: | Re: [Samba] Can't locate Net/LDAP.pm in @INC | From: | Paul Gienger [EMAIL PROTECTED] | Date: | Thu, 12 Aug 2004 14:36:34 -0500 | To: | Sp0oKeR Labs [EMAIL PROTECTED] | CC: | [EMAIL PROTECTED], Pari [EMAIL PROTECTED] | | Sp0oKeR Labs wrote: | | Try | #perl -MCPAN -e 'install Net::LDAP' | | | Perhaps a more universal answer for posterity... | | The smbldap-tools package requires that you have LDAP support in your | perl installation. If you are using an RPM based linux distribution | you could try to search your RPM repository for a perl-ldap package | (Fedora Core 2 has one, that's the only linux distro I have on hand | ATM) since it's better to use rpm whenever you can in a rpm system. | This will also make sure that you get the module where the system | wants it as apparently you may be having a problem there. If the answer wil lbe for posterity: 1)Mandrake has included the smbldap-tools as part of samba since about 2.2.5 2)perl-ldap has been in main since about Mandrake 9.1 3)samba-ldap mostly works out-the-box since 10.0 (which is when samba3 moved to main),since perl-ldap is required by samba-server. Just uncomment the sample configurations in the provided smb.conf, change the values in /etc/samba/smbldap_conf.pm to your liking, run smbpasswd - -w $password, and smbldap-populate. Look for more features in the new version of Mandrake Corporate server ... 4)Fedora 2's perl-ldap packages seem not to have SSL support (since some perl SSL modules are not provided), meaning a wonderful security hole unless you install the required packages manually. Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBHO4drJK6UGDSBKcRAgVNAKDKStjBm57/k+fTVFFsiuAWOw2CHQCeJkzj /Ci8giNdbXasR8fiWRrFa2Q= =ZrgA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compatibility with NetApp DataONTAP filers?
On Fri, Aug 13, 2004 at 01:24:40PM +0100, Kalnichevski, Oleg wrote: Jeremy I really appreciate your response. Please find the debug trace below. Just a few notes: I upgraded the filer's operating system from release 6.3.2 to 6.4.4R1 prior to running the test. It did not make much of a difference but I did get a different error message this time around. I am going to upgrade to the NetApp's latest and greatest stable release (6.5.1R1) and post you on the results I did test here in the lab yesterday with the version NetApp had brought - I'm assuming it was the latest stable version - and had no problems connecting with smbclient. It looks like it might be a bug in their older implementations. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 and mounting NT share on Linux box
Hello again, Apologies for asking again, but does anyone have an idea where I might find with this? I've tried looking at the Samba How-To, the Samba list archives, Google, a couple Perens Series books, etc, haven't found the answer. Perhaps I am asking the question in the wrong way, i.e. searching for the wrong terms? Thanks in advance for any help with this. Ben jamaguy wrote: Hello everyone, I used to be able to mount an MS NT4 DOMAIN share from a machine running RedHat 9 (Samba v2.2.7a), but after upgrading to WHEL (also tried with SuSE 9.1/kernel 2.6.x running Samba 3 and it appears to have the same problem) (Samba v3.0.4) my samba mount script will no longer work. It successfully mounts the share but I get permission denied errors when attempting to ls -l , df, and/or cd to the mounted directory. I use the following in a script (which prompts for the password) smbmount //$SERVER/$SHARE /mnt/smb/$SHARE -o username=$USER,workgroup=$WORKGROUP,ip=$IP,rw I've also tried adding uid=$UID,gid=$GID (both su and non-su account id's) as well as dmask combinations. I'm sure the answer is simpler than I've thus far ventured to guess, though have just overlooked it. Anyone? Thank you very much in advance. Ben -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Compatibility with NetApp DataONTAP filers?
Jeremy, Would it be a big deal for you to find out the exact release version of the NetApp software you could successfully run smbclient against? Oleg -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Fri 8/13/2004 19:58 To: Kalnichevski, Oleg Cc: Jeremy Allison; [EMAIL PROTECTED] Subject:Re: [Samba] Compatibility with NetApp DataONTAP filers? On Fri, Aug 13, 2004 at 01:24:40PM +0100, Kalnichevski, Oleg wrote: Jeremy I really appreciate your response. Please find the debug trace below. Just a few notes: I upgraded the filer's operating system from release 6.3.2 to 6.4.4R1 prior to running the test. It did not make much of a difference but I did get a different error message this time around. I am going to upgrade to the NetApp's latest and greatest stable release (6.5.1R1) and post you on the results I did test here in the lab yesterday with the version NetApp had brought - I'm assuming it was the latest stable version - and had no problems connecting with smbclient. It looks like it might be a bug in their older implementations. Jeremy. *** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Does samba support windows RIS
Remote Installation Services (RIS) for Windows 2000 allows administrators to distribute an Riprep based drive image of a customized Windows 2000 installations to remote clients on a network. In addition, the RIP client uses PXE/DHCPbased remote boot technology to remotely install the OS on the local hard disk of a client computer. Basically I want to install windows over the network using a samba server. Does the latest samba support this feature? Thanks, --Louis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] help with LDAP and Samba
Hello Everyone, I am having some trouble and would greatly appreciate some assistance. I apologize if this has been on the list before I am however down to two hours before due date. I have use samba before with no problems but this is the first time I have had to do it with LDAP. The problem is no users appear to be authenticating and there are no errors in the logs. I followed the online tutorials and tried several variations to no avail. I would REALLY appreciate it if someone who has a working samba/OpenLDAP enviroment could take a moment to assist me. As I stated I am not getting any errors in the error logs. OpenLDAP is a production server being used as the authentication system for our email and TACACS, so that is working. I added the samba schema when I set it up as I knew it would be only a matter of time before we went to samba. Note in the config below I have tried it with and without the filter along with and without group/user/computer suffix. OS: Fedora Core 2 Samba: 3.0.3-5 below is my config for review: [global] workgroup = ventus.local server string = Ventus Samba Server hosts allow = 172.28.0. 127. printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 passdb backend = ldapsam:ldap://192.168.1.243/ ldap suffix = o=ventusnetworks.com,dc=na ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap machine suffix = ou=computers,o=ventusnetworks.com,dc=na ldap user suffix = o=ventusnetworks.com,dc=na ldap admin dn = cn=Manager,dc=na ldap delete dn = yes security = user null passwords = Yes encrypt passwords = yes unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 255 domain master = yes preferred master = yes domain logons = yes logon script = %m.bat logon script = %U.bat logon path = \\%L\Profiles\%U logon drive = U: name resolve order = wins lmhosts bcast wins support = yes dns proxy = no # Share Definitions == idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no [Profiles] path = /home/profiles browseable = no guest ok = yes [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files [tmp] comment = Temporary file space path = /tmp read only = no public = yes Ploease help, I am running out of time. Regards, Andre -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP SP2 (Official) and Samba 3
Gerald (Jerry) Carter schrieb: Are you sure there are no panics in the smbd log ? You may be able to still print. test2 # smbcontrol smbd debug 3 [...] Now printing a website with Internet Explorer. Then: test2 # cat /var/log/log.smbd | grep srv_spoolss_nt [2004/08/13 21:36:29, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:29, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:29, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:31, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:31, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:31, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:31, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:31, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:32, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:40, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:40, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:49, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:49, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:49, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:49, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:49, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:49, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:49, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:49, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:50, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:50, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:50, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:50, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:50, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:50, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:50, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:50, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:50, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:50, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:51, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:36:51, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:37:00, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:37:00, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:37:10, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) [2004/08/13 21:37:10, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(394) test2 # cat /var/log/log.smbd | grep panic test2 # No panic in the log. -- der tom [fli4l-/eis-team] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind and Kerberos problem
When I try to use kerberos with winbind to authenticate with a userid stored in Active Directory (AD), authentication fails because the principal name that kerberos is trying to use is the 'extended' id used by winbind. In other words, suppose my domain name is 'mydomain', the userid in AD is 'myid', and my smb.conf is set up to use a separator character of '+'. Therefore, I logon to the Linux box as mydomain+myid. If I don't use kerberos (via pam_winbind), I can logon fine. When I try to logon using kerberos (via pam_krb5), a sniffer trace on the domain controller reveals that the principal name passed to AD is mydomain+myid instead of just myid. Clearly, this is not going to work. Any ideas on how to correct this? Thanks. Hugh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Why both LMPass and NTPass: Migration Issue
Greetings! I am back to work the vampire migration issues. It looks like the computers sambaNTPasswords where migrated correctly but the sambaLMPasswords were not! And it seems to be Windows 2000 system only uses sambaNTPasswords while Windows XP systems using more than NTPassword. For Windows 2000 client, any domain user can login into the system without any problem. With Windows XPs and I got he Domain is not Availabe error. However, they can sign off the domain and rejoin the domain without problems. Does Windows XP systems need sambaLMPassword? Did I narrorwed down the problem a little? -- Kang Eric J Bennett [EMAIL PROTECTED] 07/26/2004 08:41 PM To Paul Gienger [EMAIL PROTECTED] cc Kang Sun [EMAIL PROTECTED], [EMAIL PROTECTED] Subject Re: [Samba] Samba/LDAP/PDC Questions -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Attempting vampire here when everything else works results in user accounts being created in the LDAP directory (and with a slight ugly hackish modification to the idealx smbldap-useradd script, posix accounts being created) and NTLM password hashes being set in the LDAP tree, and computer accounts being created *but* here is the catch, the NTLM password hashes for computer accounts are not created. So if we think of it as a four step process; 1. Create user accounts *OK* 2. Set user account password hashes *OK* 3. Create Machine accounts *OK* 4. Set Machine account password hashes *FAIL* Of course I'm not bothering to mention the other stuff that it does cause it's all a bit of black magic to me, but you get the general idea, it creates user groups as well and associates the appropriate accounts with the appropriate groups and handles the Unix UID / GID mapping to the NT equivalent security information. I'm trying to get more information on the entire process to provide debug logs to the samba team et al, but I've just been flat out on other stuff in the meantime which unfortunately has a higher priority than this at the moment, but I'll endeavour to get the diagnostic info asap, if someone else wanted to do it before me though, I assume the interesting stuff would be; smbd -d 10 -i smbd.log 21 tcpdump packet capture of traffic between NT PDC and Linux vampire process strace -f net rpc vampire -S pdc -U administrator%password vampire.log 21 And try to make sure you're not broadcasting your password hashes in potentially public bug logs. ^^ What I can tell you from looking at the process so far, is that the NT PDC is *definitely* providing machine account password hashes, it just appears that whatever samba should be doing with them, it is not. Best of luck Regards Eric J Bennett Paul Gienger wrote: | I'm not at all experienced with the vampire command, but I believe it is | supposed to bring passwords over. Perhaps someone can interject here | who does know what they're talking about??? | | (note: bringing back on list from an accidental, i suspect, pm) | | Kang Sun wrote: | | | Hello Paul, | | I have questions on migration. Some other people like Eric | Bennet and Mike Brodbelt posted the similar questions. But I cannot | find a definite answer to this question: would vampiring using | samba/ldap/smbldap-tools actually migrates passwords at all? | | If the add user/machine script from smb.conf is the only | tool vampiring process is calling, it certainly won't create password. | Below are the conversation between me and Mike. I hope you can help us. | | -- Kang | | Kang Sun wrote: | Hello Mike, | | I did similar things and have similar problems. | I looked at the ldap database, the migration did nothing but get all | the | names of users and machines. | If the smbldap-* scripts are the only things vampire process is | calling, I | don't see how would it would get anything else. | | Agreed, although when migrating with a tdbsam backend, the vampire | process will populate the tdbsam with NT passwords and suchlike, but | also runs the useradd scripts to add the posix users, so I thought that | there may be some other data that Samba puts into LDAP directly, not via | invoking the scripts. | | The documentation from John Terpstra's book (available online at | http://de.samba.org/samba/docs/man/Samba-Guide/migration.html#id2549828 ) | suggests that the process should work with an LDAP backend, but I'm | currently at a loss to see howm and I'm unable to replicate this, even | on a test network, with various versions of the Idealx smbldap-tools. It | doesn't appear to work as advertised at the moment. | | After vampiring, | | 1. All the computer accounts and user accounts (posixAccount as | well) are | created just like being created by by smbldap-useradd, with the default | parameters as defined in the smbldap.conf or smbldap_config.pm, eg, | profiles, logon scripts, etc, user name, etc. | | Yes, this seems to work when run from the command line. Vampiring seems |
Re: [Samba] Why both LMPass and NTPass: Migration Issue
On Fri, 2004-08-13 at 13:41, Kang Sun wrote: Greetings! I am back to work the vampire migration issues. It looks like the computers sambaNTPasswords where migrated correctly but the sambaLMPasswords were not! And it seems to be Windows 2000 system only uses sambaNTPasswords while Windows XP systems using more than NTPassword. For Windows 2000 client, any domain user can login into the system without any problem. With Windows XPs and I got he Domain is not Availabe error. However, they can sign off the domain and rejoin the domain without problems. Does Windows XP systems need sambaLMPassword? No. Did I narrorwed down the problem a little? No. There may be other issues here - I would look at issues such as the domain sid, and machine's sid for it's machine account. Samba does not read the LM password. (Except in a buggy case solved by Samba 3.0.4). I always suggest trying with the current code, so grab current SVN and retry. Andrew Bartlett signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problems with Mac files - Any resolution?
Hi Ashley, I don't think I have an answer for you, but I had a similar experience. We had a 2000 server set up that was sharing files to macs. I decided to rsync back it up to a more normal environment(*nix). I had all kinds of problems. I tried mounting the share via smb as you are trying. I tried cygwin/rsync on the 2000 machine, still had problems, though I think they were fewer, and it seems now that rsync was changing versions fast under cygwin at the time(may work good now?). I think a lot of the problems had to do with naming conventions and resource forks. I just pitched the 2000 server in the bucket and let the mac users use the Samba share from *nix if they were OSX, and earlier OS's use netatalk. Works like a charm. The mac users had to rename some files :) some of thier files were named really nasty ie. ( Carrrot Slicing photos/jaja's food plant/Feb. 3/2001.ext ) Do you have cygwin on the server? I would probably try it and see if it can read the files. If you are intending on using rsync, should be much cleaner/faster if it is running on both ends. --Mark.. On Fri, August 13, 2004 12:17 pm, Ashley M. Kirchner said: I haven't seen any solution to my original problem: http://lists.samba.org/archive/samba-technical/2004-August/036644.html David? Samba-Tech Team? Bueller? -- W | I haven't lost my mind; it's backed up on tape somewhere. + Ashley M. Kirchner mailto:[EMAIL PROTECTED] . 303.442.6410 x130 IT Director / SysAdmin / WebSmith . 800.441.3873 x130 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave. #6 http://www.pcraft.com . . .. Boulder, CO 80303, U.S.A. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ACL Windows GUI to set permissions?
I am implementing Samba 3.05 (Suse Pro 8.2 Reiser File System) member server as a file server on a Windows NT4 network with one NT server (PDC). I am currently using WINS for name resolution on the network. Shortly after adding the Samba member server, I will upgrade NT 4.0 server to Windows 2000 (need samba server to alleviate some nasty disk space constraints). The Samba member server is going into an NT4 domain, but will probably be upgraded to active directory shortly (when I get around to it.) Samba appears to be working properly. I am using winbind based identity resolution, and just about everything seems to be doing well. Access/permissions to various shares appears to be working properly. I would like to configure network share security via Windows, as I am much more familiar with it. I realize I need to set file permissions locally on linux as well as the share, and that there is not an exact correspondence. One of the reference documents gave me the impression I could manage share security from a windows machine, and I presumed they were recommending it. I have already set 'nt acl support = yes' in smb.conf file. In Win2K, when I try to access the security properties on a Samba share I have full rights to, all users are shown as not having any permissions. If I attempt to change ACL information, the check boxes get checkmarks, but when I close and re-open, all checkmarks are gone. When I click the advanced button, permissions are shown accurately. When I attempt to access security permissions on a directory (Samba share) I have full rights on from a Windows NT server I get a The system cannot find the file specified error message box. Is this the way it should work? Should I use LDAP rather than winbind? Is the Reiser file system causing my problems? Is there an easy utility to copy directories and files from the NT server to the Samba server? Also, root and admin don't seem to have rights at all, even though they are mapped in the /etc/samba/smbusers file. Config file listed below. # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2004/08/11 11:50:07 # Global parameters [global] workgroup = SP-CLE security = DOMAIN map to guest = Bad User username map = /etc/samba/smbusers client plaintext auth = No log level = 1 syslog = 0 log file = /var/log/samba/log.%m smb ports = 139 445 name resolve order = lmhosts wins bcast hosts wins server = 172.16.0.250 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template primary group = template shell = /bin/bash winbind separator = + map acl inherit = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [test] path = /usr/s/test valid users = SP-CLE+BABE read only = No Newbie written all over this one, eh? Thanks for any help, suggestions, places to look, constructive criticism. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Winbind sutff (Squid and Windows 2003)
Well, there's no nscd stuff in my system. :/ And it used to work without nscd. Yes. I restarted my computer. And after that, I couldn't use it (squid + auth) anymore. On Wed, 11 Aug 2004 10:38:51 +0100, Oliver Wickham [EMAIL PROTECTED] wrote: nscd is not really part of samba, its the name service caching daemon, which i believe is more related to nss. try 'man nscd' or check /etc/nscd.conf to see if it is installed. i restart mine with '/etc/rc.d/nscd restart', but I dont know if thats the same on FreeBSD. If that all seems too much, have you tried restarting the computer, cos that unsuprisingly also restarts nscd ;-) Good Luck, Olly -Original Message- From: Rivanor Soares [mailto:[EMAIL PROTECTED] Sent: 10 August 2004 20:15 To: Oliver Wickham Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Re: Winbind sutff (Squid and Windows 2003) Hi Oliver :) I upgraded samba 2.x to samba 3.x from ports install, which downloads samba source from the oficial mirror, and found nothing about nscd. :/ Thanks anyway!... On Tue, 10 Aug 2004 18:20:01 +0100, olly [EMAIL PROTECTED] wrote: Hi Rivanor, I really know nothing about FreeBSD, but I have seen that error before on SuSE Linux, when I upgraded samba versions without restarting nscd. Once nscd was restarted, all the problems seemed to go away. Hope this helps Oliver Rivanor Soares [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Fellows, hello... My first post. :) The environment: Samba 3.0.5, Windows 2003 (domain controller), Squid 2.5-STABLE and FreeBSD 5.2.1. I'm facing this problem: While trying to authenticate the users inside Windows 2003 through the proxy server, using the wb_auth auth program, i can see the lines below in my log.winbindd [2004/08/09 22:28:12, 0] nsswitch/winbindd.c:process_loop(726) process_loop: Invalid request size from pid 1235: 1304 bytes sent, should be 1824 This usually means that you are running old wbinfo, pam_winbind or libnss_winbind clients I successfully joined the domain using 'net join'. I can wbinfo to list the users too. But it's not enough! :P Does anyone face this anytime? Thanks in advance! :) -- Rivanor P. Soares [web_knows] The meeting is over. Agents are coming... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Rivanor P. Soares [web_knows] The meeting is over. Agents are coming... /listinfo/samba -- Rivanor P. Soares [web_knows] The meeting is over. Agents are coming... Any opinions expressed in this email are those of the individual and not necessarily Genetix Ltd (Genetix) or any company associated with it. This email and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. If you have received this email in error please notify Genetix by telephone on +44 (0)1425 624600. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. This mail and any attachments have been scanned for viruses prior to leaving the Genetix network. Genetix will not be liable for direct, special, indirect or consequential damages as a result of any virus being passed on, or arising from alteration of the contents of this message by a third party. -- Rivanor P. Soares [web_knows] The meeting is over. Agents are coming... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind sutff (Squid and Windows 2003)
Well, good tip... But I just couldn't find the $LOCKDIR/winbindd_privilaged/pipe in my system :/ Where's the lock dir? I found this one: /tmp/.winbind/pipe= At /var/lock i just found these two childs: winbindd_cache.tdb and winbindd_idmap.tdb []'s On Wed, 11 Aug 2004 17:02:34 +1000, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Have you set the winbind privileged pipe permissions as described here: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 That one passed me by the first time round and had me scratching my head :) Regards, Rob Hadfield Quoting Rivanor Soares [EMAIL PROTECTED]: Fellows, hello... My first post. :) The environment: Samba 3.0.5, Windows 2003 (domain controller), Squid 2.5-STABLE and FreeBSD 5.2.1. I'm facing this problem: While trying to authenticate the users inside Windows 2003 through the proxy server, using the wb_auth auth program, i can see the lines below in my log.winbindd [2004/08/09 22:28:12, 0] nsswitch/winbindd.c:process_loop(726) process_loop: Invalid request size from pid 1235: 1304 bytes sent, should be 1824 This usually means that you are running old wbinfo, pam_winbind or libnss_winbind clients I successfully joined the domain using 'net join'. I can wbinfo to list the users too. But it's not enough! :P Does anyone face this anytime? Thanks in advance! :) -- Rivanor P. Soares [web_knows] The meeting is over. Agents are coming... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Rivanor P. Soares [web_knows] The meeting is over. Agents are coming... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrade question
I'm trying to upgrade from Samba 2.27 to 3.0.6rc2-1 The os is Redhat 7.3 with XFS The RPM was compiled for a src RPM this is what I get: rpm -Uvh samba-3.0.6rc2-1.i386.rpm error: failed dependencies: CC is needed by samba-3.0.6rc2-1 /usr/bin/perl5 is needed by samba-3.0.6rc2-1 /usr/local/bin/perl is needed by samba-3.0.6rc2-1 What package is CC from? Where can I get it... or can I ignore this dependency? What about perl5 is that necessary? Thanks for any help you can give me! Brad Sagowitz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem when running samba on a network segment other than that of the clients
Hi all, My first post here... hopefully I can find the solution to the problem plaguing me since Wednesday. I have a somewhat more complex than usual home network: I have a router with a static IP, and it has two additional nics, each having a hub attached to them for multiple machines. One of these is my protected internal network, housing my windows machines and whatever else I'm playing with. This is 192.168.0.0/16. On the other, is my subnet given to me by my ISP. I have my freebsd machines running mail/web and other services. One is a fileserver I've just installed samba on. the network is 66.11.xxx.xxx/29. I learned that the reason the windows machines couldn't see the samba server is because broadcast packets are not forwarded on a router. I've learned to do this using fastroute on ipf and I knew it was working because when I didn't specify ports 137-139 my traceroute got affected. This however didn't solve my problem. If i connect to the server using //66.11.xxx.xxx/storage it works. On the other hand, windows still can't see the samba server as part of the workgroup. I've had someone else double check all the trivial stuff like workgroup name etc... Is there a setting I've overlooked perhaps that's not allowing the windows machines to see the server? Thanks, Sandro M -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem when running samba on a network segment other than that of the clients
Well, without a smb.conf snippit it makes it hard to tell anything. First instinct is to ask if you have setup WINS? Thats the easy way to do it. If not, maybe that information with give you a kick in the right direction. mallgood On Fri, 13 Aug 2004 20:20:06 -0400, liquid [EMAIL PROTECTED] wrote: Hi all, My first post here... hopefully I can find the solution to the problem plaguing me since Wednesday. I have a somewhat more complex than usual home network: I have a router with a static IP, and it has two additional nics, each having a hub attached to them for multiple machines. One of these is my protected internal network, housing my windows machines and whatever else I'm playing with. This is 192.168.0.0/16. On the other, is my subnet given to me by my ISP. I have my freebsd machines running mail/web and other services. One is a fileserver I've just installed samba on. the network is 66.11.xxx.xxx/29. I learned that the reason the windows machines couldn't see the samba server is because broadcast packets are not forwarded on a router. I've learned to do this using fastroute on ipf and I knew it was working because when I didn't specify ports 137-139 my traceroute got affected. This however didn't solve my problem. If i connect to the server using //66.11.xxx.xxx/storage it works. On the other hand, windows still can't see the samba server as part of the workgroup. I've had someone else double check all the trivial stuff like workgroup name etc... Is there a setting I've overlooked perhaps that's not allowing the windows machines to see the server? Thanks, Sandro M -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.11 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is the latest stable release of the Samba 2.2 code base. Please note that the Samba 2.2 code tree will reach its End-Of-Life on October 1, 2004. Administrators of existing Samba 2.2 installations are encouraged to upgrade to the latest Samba 3.0.x release prior to that date. The Samba 2.2.11 release addresses the following bug: ~ o Crashes in smbd triggered by a Windows XP SP2 client sending ~a FindNextPrintChangeNotify() request without previously ~issuing FindFirstPrintChangeNotify(). There are no further Samba 2.2.x releases planned at this time. The source code can be downloaded from : ~ http://download.samba.org/samba/ftp/ The uncompressed tarball and patch file have been signed using GnuPG. The Samba public key is available at ~ http://download.samba.org/samba/ftp/samba-pubkey.asc Binary packages are available at ~ http://download.samba.org/samba/ftp/Binary_Packages/ The release notes are also available on-line at ~ http://www.samba.org/samba/history/samba-2.2.11.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) ~ --Enjoy ~ The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBHWZlIR7qMdg1EfYRAloUAKChrdEvfSAou4cxVzVw/TnBuvYezACgn9lx /pLtykj0pTLH1PDxNGTCWgQ= =9wAM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: XP SP2 client doesn't find netbios alias servers
Sten Sletbak wrote: After upgrading XP to SP2, I can no longer connect to server aliases. snip Mapping to a share on the real netbios name works fine. I've seen that against real Win2K servers also using AD DNS. I always thought it was a M$ feature that you had to net use to either the real NetBIOS computername or the ipaddress. We have various scripts which resolve the name, then net use to the ipaddress. Doing so allows you to net use to the alias... wrapping the net use in a script that is. So, what is the truth on this. Must it be the real name or IP, or should aliases work in the M$ world... since Samba usually does not add features M$ does not offer I would think it behaves the same way a M$ server box would. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] My lack of understanding of idmap
Hello, I don't completely understand the BDC setup as described in the Chapter 6 of The Official Samba-3 HOWTO and Reference Guide. The reason is that the example setup uses LDAP idmap backend. For simplicity, the solution is discussed when both PDC and BDC use a Single Central LDAP Server. (I have never experimented with BDCs before, but have already set up a LDAP-backed PDC). As I understand, LDAP is used there for two purposes. First, the account database is there (typically, in sambaSamAccounts under ou={People,Computers},dc=example,dc=com, and in sambaGroupMappings under ou=Groups,dc=example,dc=com). Second, the mapping between SIDs, uids and gids is stored under ou=Idmap,dc=example,dc=com in sambaIdmapEntries and sambaSidEntries. Right? However, it also looks possible to store posix account information in posixAccounts under ou={People,Computers},dc=example,dc=com, as in fact many tools (LAM and those from IDEALX) do. Does it really work in a PDC + BDC setup? Are those two methods of storing uids and gids really mutually exclusive, as I suspect? What are benefits and drawbacks of each? Do I really need to set up idmap things and run winbindd if I want to keep posix information in posixAccounts? Thanks in advance, -- Alexander E. Patrakov -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: help with LDAP and Samba
Andre Cameron wrote: Hello Everyone, I am having some trouble and would greatly appreciate some assistance. I apologize if this has been on the list before I am however down to two hours before due date. I have use samba before with no problems but this is the first time I have had to do it with LDAP. The problem is no users appear to be authenticating and there are no errors in the logs. I followed the online tutorials and tried several variations to no avail. I would REALLY appreciate it if someone who has a working samba/OpenLDAP enviroment could take a moment to assist me. The main problem is that different tutorials don't mix with each other, and there is no error-free tutorial. The best one is from The Official Samba-3 HOWTO and Reference Guide. below is my config for review: [global] workgroup = ventus.local server string = Ventus Samba Server hosts allow = 172.28.0. 127. OK so far... printcap name = /etc/printcap Oh, you don't use CUPS? bad... the default is printcap name = cups load printers = yes This is the default and can be omitted log file = /var/log/samba/%m.log max log size = 50 OK passdb backend = ldapsam:ldap://192.168.1.243/ ldap suffix = o=ventusnetworks.com,dc=na OK ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) This is probably the curlpit - the working default is: ldap filter = (uid=%u) ldap machine suffix = ou=computers,o=ventusnetworks.com,dc=na ldap user suffix = o=ventusnetworks.com,dc=na ldap admin dn = cn=Manager,dc=na I assume that all those entries exist and that you didn't forget to run smbpass -w managerpassword ldap delete dn = yes OK security = user This is the default null passwords = Yes Hm... Ok encrypt passwords = yes This is the default unix password sync = Yes You don't need that in LDAP setup if you keep posix account information in LDAP using posixAccount objectclass, like LAM does. You probably want unix password sync = no, ldap password sync = yes and also mention pam_smbpass.so in /etc/pam.d/* and also install nss-ldap. Also you forgot to mention IDEALX scripts for adding users and group into LDAP, like: add user script = /var/lib/samba/smbldap/smbldap-useradd.pl -m '%u' delete user script = /var/lib/samba/smbldap/smbldap-userdel.pl %u add group script = /var/lib/samba/smbldap/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/smbldap/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/smbldap/smbldap-groupmod.pl \ -m '%g' '%u' delete user from group script = \ /var/lib/samba/smbldap/smbldap-groupmod.pl -x '%g' '%u' set primary group script = /var/lib/samba/smbldap/smbldap-usermod.pl \ -g '%g' '%u' add machine script = /var/lib/samba/smbldap/smbldap-useradd.pl -w '%u' passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* Not needed, since the password is kept in LDAP socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Overconfiguration local master = yes os level = 255 domain master = yes preferred master = yes domain logons = yes OK logon script = %m.bat logon script = %U.bat You can't have two logon scripts. Do you actually use them? logon path = \\%L\Profiles\%U logon drive = U: name resolve order = wins lmhosts bcast wins support = yes dns proxy = no Looks right. idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no I don't understand this idmap stuff. I know that it is needed when your SAMBA server is a member of a Windows-controlled domain, because there are no other sources of uids. But your situation is different, your PDC is SAMBA. I really don't know what should be done here in ihis case. My PDC doesn't use this winbindd/idmap stuff at all, because uids are in posixAccounts in LDAP. The rest of your file looks OK. I post my own smb.conf for comparison. -- Alexander E. Patrakov [global] debug level = 0 dos charset = CP866 unix charset = UTF-8 workgroup = DOMAIN netbios name = CONTROLLER interfaces = lo,eth1 bind interfaces only = yes passdb backend = ldapsam:ldap://127.0.0.1 # Warning: I don't run winbindd. and don't understand the following # four lines. I also don't understand if they are needed at all. algorithmic rid base = 1 idmap uid = 1-2 idmap gid = 1-2 idmap backend = ldap:ldap://127.0.0.1 domain master = yes local master = yes preferred master = yes os level = 65 security = user guest account = Guest template primary group = Domain Users domain logons = yes logon path = \\%L\profiles\%U add user script = /var/lib/samba/smbldap/smbldap-useradd.pl -m '%u' delete user script = /var/lib/samba/smbldap/smbldap-userdel.pl %u add group script = /var/lib/samba/smbldap/smbldap-groupadd.pl -p '%g' delete group script =
svn commit: samba r1803 - branches/SAMBA_4_0/source/libcli/ldap
Author: metze Date: 2004-08-13 06:27:02 + (Fri, 13 Aug 2004) New Revision: 1803 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1803nolog=1 Log: more progress on sasl binds, but decoding the response still fails metze Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c branches/SAMBA_4_0/source/libcli/ldap/ldap.h Changeset: Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2004-08-13 05:26:38 UTC (rev 1802) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2004-08-13 06:27:02 UTC (rev 1803) @@ -1066,6 +1066,26 @@ asn1_end_tag(data); } +static void ldap_decode_BindResponse(TALLOC_CTX *mem_ctx, +ASN1_DATA *data, +enum ldap_request_tag tag, +struct ldap_BindResponse *BindResp) +{ + asn1_start_tag(data, ASN1_APPLICATION(tag)); + asn1_read_enumerated(data, BindResp-response.resultcode); + asn1_read_OctetString_talloc(mem_ctx, data, BindResp-response.dn); + asn1_read_OctetString_talloc(mem_ctx, data, BindResp-response.errormessage); + if (asn1_peek_tag(data, ASN1_OCTET_STRING)) { + DATA_BLOB tmp_blob = data_blob(NULL, 0); + asn1_read_OctetString(data, tmp_blob); + BindResp-SASL.secblob = data_blob_talloc(mem_ctx, tmp_blob.data, tmp_blob.length); + data_blob_free(tmp_blob); + } else { + BindResp-SASL.secblob = data_blob(NULL, 0); + } + asn1_end_tag(data); +} + static BOOL add_attrib_to_array_talloc(TALLOC_CTX *mem_ctx, const struct ldap_attribute *attrib, struct ldap_attribute **attribs, @@ -1261,9 +1281,9 @@ case ASN1_APPLICATION(LDAP_TAG_BindResponse): { struct ldap_BindResponse *r = msg-r.BindResponse; msg-type = LDAP_TAG_BindResponse; - ldap_decode_response(msg-mem_ctx, + ldap_decode_BindResponse(msg-mem_ctx, data, LDAP_TAG_BindResponse, -r-response); +r); break; } @@ -1866,6 +1886,10 @@ response = ldap_transaction(conn, msg); destroy_ldap_message(msg); + if (!response) { + goto done; + } + result = response-r.BindResponse.response.resultcode; if (result != LDAP_SUCCESS result != LDAP_SASL_BIND_IN_PROGRESS) { @@ -1873,7 +1897,7 @@ } status = gensec_update(conn-gensec, mem_ctx, - response-r.BindResponse.SASL.creds, + response-r.BindResponse.SASL.secblob, output); destroy_ldap_message(response); Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.h === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.h2004-08-13 05:26:38 UTC (rev 1802) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.h2004-08-13 06:27:02 UTC (rev 1803) @@ -85,7 +85,7 @@ struct ldap_BindResponse { struct ldap_Result response; union { - DATA_BLOB creds; + DATA_BLOB secblob; } SASL; };
svn commit: samba r1804 - branches/SAMBA_4_0/source/libcli/ldap
Author: metze Date: 2004-08-13 07:04:45 + (Fri, 13 Aug 2004) New Revision: 1804 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1804nolog=1 Log: get a bit closer to a sasl bind metze Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2004-08-13 06:27:02 UTC (rev 1803) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2004-08-13 07:04:45 UTC (rev 1804) @@ -1066,6 +1066,23 @@ asn1_end_tag(data); } +/* read a octet string blob */ +static BOOL asn1_read_ContextSimple(ASN1_DATA *data, uint8_t num, DATA_BLOB *blob) +{ + int len; + ZERO_STRUCTP(blob); + if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(num))) return False; + len = asn1_tag_remaining(data); + if (len 0) { + data-has_error = True; + return False; + } + *blob = data_blob(NULL, len); + asn1_read(data, blob-data, len); + asn1_end_tag(data); + return !data-has_error; +} + static void ldap_decode_BindResponse(TALLOC_CTX *mem_ctx, ASN1_DATA *data, enum ldap_request_tag tag, @@ -1075,9 +1092,9 @@ asn1_read_enumerated(data, BindResp-response.resultcode); asn1_read_OctetString_talloc(mem_ctx, data, BindResp-response.dn); asn1_read_OctetString_talloc(mem_ctx, data, BindResp-response.errormessage); - if (asn1_peek_tag(data, ASN1_OCTET_STRING)) { + if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(7))) { DATA_BLOB tmp_blob = data_blob(NULL, 0); - asn1_read_OctetString(data, tmp_blob); + asn1_read_ContextSimple(data, 7, tmp_blob); BindResp-SASL.secblob = data_blob_talloc(mem_ctx, tmp_blob.data, tmp_blob.length); data_blob_free(tmp_blob); } else {
svn commit: samba r1805 - in branches/SAMBA_4_0/source: libcli/ldap torture/ldap
Author: metze Date: 2004-08-13 07:10:46 + (Fri, 13 Aug 2004) New Revision: 1805 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=1805nolog=1 Log: ...I just forgot to say that the sasl bind actually works now:-) metze Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c branches/SAMBA_4_0/source/torture/ldap/basic.c branches/SAMBA_4_0/source/torture/ldap/common.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2004-08-13 07:04:45 UTC (rev 1804) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2004-08-13 07:10:46 UTC (rev 1805) @@ -4,6 +4,8 @@ Copyright (C) Andrew Tridgell 2004 Copyright (C) Volker Lendecke 2004 + Copyright (C) Stefan Metzmacher 2004 + Copyright (C) Simo Sorce 2004 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by Modified: branches/SAMBA_4_0/source/torture/ldap/basic.c === --- branches/SAMBA_4_0/source/torture/ldap/basic.c 2004-08-13 07:04:45 UTC (rev 1804) +++ branches/SAMBA_4_0/source/torture/ldap/basic.c 2004-08-13 07:10:46 UTC (rev 1805) @@ -1,3 +1,25 @@ +/* + Unix SMB/CIFS mplementation. + LDAP protocol helper functions for SAMBA + + Copyright (C) Stefan Metzmacher 2004 + Copyright (C) Simo Sorce 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ #include includes.h Modified: branches/SAMBA_4_0/source/torture/ldap/common.c === --- branches/SAMBA_4_0/source/torture/ldap/common.c 2004-08-13 07:04:45 UTC (rev 1804) +++ branches/SAMBA_4_0/source/torture/ldap/common.c 2004-08-13 07:10:46 UTC (rev 1805) @@ -1,3 +1,26 @@ +/* + Unix SMB/CIFS mplementation. + LDAP protocol helper functions for SAMBA + + Copyright (C) Stefan Metzmacher 2004 + Copyright (C) Simo Sorce 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + #include includes.h NTSTATUS torture_ldap_bind(struct ldap_connection *conn, const char *userdn, const char *password)
svn commit: samba-web r252 - trunk/news/style
Author: deryck Date: 2004-08-13 11:56:49 + (Fri, 13 Aug 2004) New Revision: 252 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=252nolog=1 Log: Fix overlap problem in right-hand column. --deryck Modified: trunk/news/style/news.css Changeset: Modified: trunk/news/style/news.css === --- trunk/news/style/news.css 2004-08-13 03:35:45 UTC (rev 251) +++ trunk/news/style/news.css 2004-08-13 11:56:49 UTC (rev 252) @@ -44,14 +44,15 @@ } #links { float:right; - margin:15px 25px 10px 0; + margin:15px 0 10px 0; } #links ul { list-style-type:none; + display:block; } .about { - text-align:center; - margin-right:10px; + text-align:right; + padding-right:15px; } .recent, .stories { font-size:small; @@ -104,4 +105,4 @@ width:60%; padding-top:15px; margin-left:17%; -} \ No newline at end of file +}
svn commit: samba r1806 - trunk/source/libsmb
Author: mimir Date: 2004-08-13 17:36:24 + (Fri, 13 Aug 2004) New Revision: 1806 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1806nolog=1 Log: Begin of trust passwords migration code. Not tested yet, but it doesn't seem to break the build at least. rafal Modified: trunk/source/libsmb/trusts_util.c Changeset: Modified: trunk/source/libsmb/trusts_util.c === --- trunk/source/libsmb/trusts_util.c 2004-08-13 07:10:46 UTC (rev 1805) +++ trunk/source/libsmb/trusts_util.c 2004-08-13 17:36:24 UTC (rev 1806) @@ -188,3 +188,69 @@ return NT_STATUS_IS_OK(result); } + +/** + * Migrates trust passwords from previous location (secrets.tdb) to current pdb backend + * and puts a marker in secrets.tdb to avoid doing this again. This function should be + * called only once. + * + * @return number of passwords migrated + */ + +int migrate_trust_passwords(void) +{ + int migrated = 0; + SAM_TRUST_PASSWD trust; + const size_t max_name_len = sizeof(trust.private.uni_name)/2; + /* nt workstation trust */ + const char* dom_name = lp_workgroup(); + uint8 wks_pass[16]; + time_t lct; + uint32 chan = 0; + DOM_SID dom_sid; + + /* Checking whether passwords have already been migrated */ + if (secrets_passwords_migrated(False)) return migrated; + + /* NT Workstation trust passwords */ + if (secrets_fetch_trust_account_password(dom_name, wks_pass, lct, chan)) { + /* flags */ + trust.private.flags = PASS_TRUST_NT; + switch (chan) { + case SEC_CHAN_WKSTA: + trust.private.flags |= PASS_TRUST_MACHINE; + break; + case SEC_CHAN_BDC: + trust.private.flags |= PASS_TRUST_SERVER; + break; + default: + return 0; + } + + /* unicode name length */ + trust.private.uni_name_len = strlen(dom_name); + /* unicode name */ + push_ucs2(NULL, trust.private.uni_name, dom_name, max_name_len, STR_UPPER); + /* password */ + strncpy(trust.private.pass, wks_pass, sizeof(trust.private.pass)); + /* last change time */ + trust.private.mod_time = lct; + + /* domain sid */ + if (secrets_fetch_domain_sid(dom_name, dom_sid)) + sid_copy(trust.private.domain_sid, dom_sid); + else + return 0; + + migrated++; + } + + /* NT Domain trust passwords */ + + /* ADS Workstation trust passwords */ + + /* We're done with migration */ + secrets_passwords_migrated(True); + + return migrated; +}
svn commit: samba r1807 - in trunk/source: include passdb
Author: mimir Date: 2004-08-13 17:38:03 + (Fri, 13 Aug 2004) New Revision: 1807 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/sourcerev=1807nolog=1 Log: Part of trust passwords migration code. Function checking whether it's already been done and at once can mark it has. rafal Modified: trunk/source/include/secrets.h trunk/source/passdb/secrets.c Changeset: Modified: trunk/source/include/secrets.h === --- trunk/source/include/secrets.h 2004-08-13 17:36:24 UTC (rev 1806) +++ trunk/source/include/secrets.h 2004-08-13 17:38:03 UTC (rev 1807) @@ -63,6 +63,8 @@ #define PASS_MACHINE_TRUST_ADS (PASS_TRUST_ADS | PASS_TRUST_MACHINE) #define PASS_DOMAIN_TRUST_ADS (PASS_TRUST_ADS | PASS_TRUST_DOMAIN) +#define SECRETS_PASSWORDS_MIGRATED SECRETS/PASS_MIGRATED + /* structure for storing machine account password (ie. when samba server is member of a domain */ struct machine_acct_pass { Modified: trunk/source/passdb/secrets.c === --- trunk/source/passdb/secrets.c 2004-08-13 17:36:24 UTC (rev 1806) +++ trunk/source/passdb/secrets.c 2004-08-13 17:38:03 UTC (rev 1807) @@ -842,3 +842,32 @@ } } + +/** + * Simple function to check whether or not trust passwords have already + * been migrated to a passdb backend and, on request, sets the sign + * that says it's been done. + * + * @param set_migrated force to store the sign in secrets.tdb + * @return true, if migration has been done + */ + +BOOL secrets_passwords_migrated(BOOL set_migrated) +{ + BOOL migrated, *mig, stored; + const char *key = SECRETS_PASSWORDS_MIGRATED; + size_t keylen; + + /* tdb key to fetch (and maybe store) */ + keylen = strlen(key); + mig = secrets_fetch(key, keylen); + migrated = *mig; + + if (set_migrated) { + /* set migrated sign in secrets.tdb */ + stored = secrets_store(key, (void*)set_migrated, sizeof(set_migrated)); + return stored; + } + + return migrated; +}
svn commit: samba r1808 - trunk/examples/LDAP
Author: jra Date: 2004-08-13 17:58:23 + (Fri, 13 Aug 2004) New Revision: 1808 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1808nolog=1 Log: Patch from Richard Renard [EMAIL PROTECTED] to store logon hours attributes in an LDAP database. Jeremy. Modified: trunk/examples/LDAP/samba.schema Changeset: Modified: trunk/examples/LDAP/samba.schema === --- trunk/examples/LDAP/samba.schema2004-08-13 17:38:03 UTC (rev 1807) +++ trunk/examples/LDAP/samba.schema2004-08-13 17:58:23 UTC (rev 1808) @@ -212,6 +212,10 @@ EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaLogonHours' + DESC 'Logon Hours' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) ## ## string settings @@ -379,7 +383,8 @@ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ - sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory)) + sambaBadPasswordCount $ sambaBadPasswordTime $ + sambaPasswordHistory $ sambaLogonHours)) ## ## Group mapping info
svn commit: samba r1809 - branches/SAMBA_3_0/examples/LDAP
Author: jra Date: 2004-08-13 17:58:27 + (Fri, 13 Aug 2004) New Revision: 1809 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1809nolog=1 Log: Patch from Richard Renard [EMAIL PROTECTED] to store logon hours attributes in an LDAP database. Jeremy. Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema Changeset: Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema === --- branches/SAMBA_3_0/examples/LDAP/samba.schema 2004-08-13 17:58:23 UTC (rev 1808) +++ branches/SAMBA_3_0/examples/LDAP/samba.schema 2004-08-13 17:58:27 UTC (rev 1809) @@ -212,6 +212,10 @@ EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaLogonHours' + DESC 'Logon Hours' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) ## ## string settings @@ -334,7 +338,8 @@ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ - sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory)) + sambaBadPasswordCount $ sambaBadPasswordTime $ + sambaPasswordHistory $ sambaLogonHours)) ## ## Group mapping info
svn commit: samba r1811 - in trunk/source: include lib passdb
Author: jra Date: 2004-08-13 18:03:04 + (Fri, 13 Aug 2004) New Revision: 1811 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/sourcerev=1811nolog=1 Log: Patch from Richard Renard [EMAIL PROTECTED] to store logon hours attributes in an LDAP database. Jeremy. Modified: trunk/source/include/smbldap.h trunk/source/lib/smbldap.c trunk/source/passdb/passdb.c trunk/source/passdb/pdb_ldap.c Changeset: Sorry the patch is to large, please use WebSVN to see it!
svn commit: samba r1812 - branches/SAMBA_3_0/source/utils
Author: jra Date: 2004-08-13 19:56:19 + (Fri, 13 Aug 2004) New Revision: 1812 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1812nolog=1 Log: Fix from Richard Renard [EMAIL PROTECTED] to be able to reset a users logon hours restrictions. Jeremy. Modified: branches/SAMBA_3_0/source/utils/pdbedit.c Changeset: Sorry the patch is to large, please use WebSVN to see it!
svn commit: samba r1813 - trunk/source/libsmb
Author: mimir Date: 2004-08-13 22:01:38 + (Fri, 13 Aug 2004) New Revision: 1813 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1813nolog=1 Log: Forgot to put pdb_context and actually call proper function to add the password to the pdb backend. rafal Modified: trunk/source/libsmb/trusts_util.c Changeset: Modified: trunk/source/libsmb/trusts_util.c === --- trunk/source/libsmb/trusts_util.c 2004-08-13 19:56:19 UTC (rev 1812) +++ trunk/source/libsmb/trusts_util.c 2004-08-13 22:01:38 UTC (rev 1813) @@ -197,9 +197,10 @@ * @return number of passwords migrated */ -int migrate_trust_passwords(void) +int migrate_trust_passwords(struct pdb_context *pdb_ctx) { int migrated = 0; + NTSTATUS nt_status; SAM_TRUST_PASSWD trust; const size_t max_name_len = sizeof(trust.private.uni_name)/2; /* nt workstation trust */ @@ -209,6 +210,9 @@ uint32 chan = 0; DOM_SID dom_sid; + /* sanity-check */ + if (!pdb_ctx) return 0; + /* Checking whether passwords have already been migrated */ if (secrets_passwords_migrated(False)) return migrated; @@ -242,6 +246,7 @@ else return 0; + nt_status = pdb_ctx-pdb_add_trust_passwd(pdb_ctx, trust); migrated++; }
svn commit: samba-web r253 - trunk/history
Author: jerry Date: 2004-08-14 01:02:27 + (Sat, 14 Aug 2004) New Revision: 253 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=253nolog=1 Log: adding 2.2.11 release notes Added: trunk/history/samba-2.2.11.html Changeset: Sorry the patch is to large, please use WebSVN to see it!
svn commit: samba r1814 - in branches/SAMBA_4_0/source/rpc_server: epmapper lsa
Author: vlendec Date: 2004-08-14 01:11:34 + (Sat, 14 Aug 2004) New Revision: 1814 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/rpc_serverrev=1814nolog=1 Log: Fix the build. Tridge, in rpc_epmapper.c there's a whole bunch of return NT_STATUS_NOT_IMPLEMENTED. You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker Modified: branches/SAMBA_4_0/source/rpc_server/epmapper/rpc_epmapper.c branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c Changeset: Sorry the patch is to large, please use WebSVN to see it!
svn commit: samba r1815 - branches/SAMBA_4_0/source/build/pidl
Author: tpot Date: 2004-08-14 01:26:11 + (Sat, 14 Aug 2004) New Revision: 1815 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1815nolog=1 Log: Update parser for recent changes to perl parser. Modified: branches/SAMBA_4_0/source/build/pidl/eparser.pm Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/eparser.pm === --- branches/SAMBA_4_0/source/build/pidl/eparser.pm 2004-08-14 01:11:34 UTC (rev 1814) +++ branches/SAMBA_4_0/source/build/pidl/eparser.pm 2004-08-14 01:26:11 UTC (rev 1815) @@ -986,9 +986,8 @@ foreach my $x (@{$idl}) { - ($x-{TYPE} eq MODULEHEADER) ModuleHeader($x); - if ($x-{TYPE} eq INTERFACE) { + ModuleHeader($x); $module = $x-{NAME}; BuildNeeded($x); }
svn commit: samba r1816 - in branches/SAMBA_4_0/source: . libnet
Author: metze Date: 2004-08-14 03:32:42 + (Sat, 14 Aug 2004) New Revision: 1816 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=1816nolog=1 Log: here's the initial idea of libnet metze Added: branches/SAMBA_4_0/source/libnet/ branches/SAMBA_4_0/source/libnet/config.m4 branches/SAMBA_4_0/source/libnet/config.mk branches/SAMBA_4_0/source/libnet/libnet.h branches/SAMBA_4_0/source/libnet/libnet_passwd.c Changeset: Sorry the patch is to large, please use WebSVN to see it!
svn commit: samba-web r254 - in trunk: . news news/releases news/style
Author: deryck Date: 2004-08-14 05:14:41 + (Sat, 14 Aug 2004) New Revision: 254 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/trunkrev=254nolog=1 Log: Add 2.2.11 release announcement to /samba/ and to /news/. Update current stable 2.2.x release link in right-column links. --deryck Added: trunk/news/releases/2.2.11.html Modified: trunk/header2.html trunk/index.html trunk/news/index.html trunk/news/releases/index.html trunk/news/style/news.css Changeset: Sorry the patch is to large, please use WebSVN to see it!
svn commit: samba r1818 - in branches/SAMBA_4_0/source: librpc/idl rpc_server/epmapper torture/rpc
Author: tridge Date: 2004-08-14 05:53:53 + (Sat, 14 Aug 2004) New Revision: 1818 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=1818nolog=1 Log: _really_ fixed epmapper this time, it was using more than one old rpc interface method. Modified: branches/SAMBA_4_0/source/librpc/idl/epmapper.idl branches/SAMBA_4_0/source/rpc_server/epmapper/rpc_epmapper.c branches/SAMBA_4_0/source/torture/rpc/epmapper.c Changeset: Sorry the patch is to large, please use WebSVN to see it!
svn commit: samba r1819 - in branches/SAMBA_4_0/source: libcli/raw param smb_server
Author: tridge Date: 2004-08-14 05:56:12 + (Sat, 14 Aug 2004) New Revision: 1819 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=1819nolog=1 Log: changed smb ports to be a LIST parameter type in loadparm (its a classic case for a list) Modified: branches/SAMBA_4_0/source/libcli/raw/clisocket.c branches/SAMBA_4_0/source/param/loadparm.c branches/SAMBA_4_0/source/smb_server/smb_server.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/raw/clisocket.c === --- branches/SAMBA_4_0/source/libcli/raw/clisocket.c2004-08-14 05:53:53 UTC (rev 1818) +++ branches/SAMBA_4_0/source/libcli/raw/clisocket.c2004-08-14 05:56:12 UTC (rev 1819) @@ -62,8 +62,15 @@ } if (port == 0) { - return smbcli_sock_connect(sock, ip, 445) || - smbcli_sock_connect(sock, ip, 139); + int i; + const char **ports = lp_smb_ports(); + for (i=0;ports[i];i++) { + int port = atoi(ports[i]); + if (port != 0 smbcli_sock_connect(sock, ip, port)) { + return True; + } + } + return False; } sock-dest_ip = *ip; Modified: branches/SAMBA_4_0/source/param/loadparm.c === --- branches/SAMBA_4_0/source/param/loadparm.c 2004-08-14 05:53:53 UTC (rev 1818) +++ branches/SAMBA_4_0/source/param/loadparm.c 2004-08-14 05:56:12 UTC (rev 1819) @@ -89,7 +89,7 @@ */ typedef struct { - char *smb_ports; + char **smb_ports; char *dos_charset; char *unix_charset; char *display_charset; @@ -633,7 +633,7 @@ {Protocol Options, P_SEP, P_SEPARATOR}, - {smb ports, P_STRING, P_GLOBAL, Globals.smb_ports, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, + {smb ports, P_LIST, P_GLOBAL, Globals.smb_ports, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {large readwrite, P_BOOL, P_GLOBAL, Globals.bLargeReadwrite, NULL, NULL, FLAG_DEVELOPER}, {max protocol, P_ENUM, P_GLOBAL, Globals.maxprotocol, NULL, enum_protocol, FLAG_DEVELOPER}, {min protocol, P_ENUM, P_GLOBAL, Globals.minprotocol, NULL, enum_protocol, FLAG_DEVELOPER}, @@ -1112,7 +1112,7 @@ Globals.client_signing = SMB_SIGNING_SUPPORTED; Globals.server_signing = SMB_SIGNING_SUPPORTED; - string_set(Globals.smb_ports, SMB_PORTS); + Globals.smb_ports = str_list_make(SMB_PORTS, NULL); } static TALLOC_CTX *lp_talloc; @@ -1207,7 +1207,7 @@ #define FN_LOCAL_INTEGER(fn_name,val) \ int fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]-val : sDefault.val);} -FN_GLOBAL_STRING(lp_smb_ports, Globals.smb_ports) +FN_GLOBAL_LIST(lp_smb_ports, Globals.smb_ports) FN_GLOBAL_STRING(lp_dos_charset, Globals.dos_charset) FN_GLOBAL_STRING(lp_unix_charset, Globals.unix_charset) FN_GLOBAL_STRING(lp_display_charset, Globals.display_charset) Modified: branches/SAMBA_4_0/source/smb_server/smb_server.c === --- branches/SAMBA_4_0/source/smb_server/smb_server.c 2004-08-14 05:53:53 UTC (rev 1818) +++ branches/SAMBA_4_0/source/smb_server/smb_server.c 2004-08-14 05:56:12 UTC (rev 1819) @@ -681,12 +681,11 @@ struct in_addr *ifip) { char *ptr, *tok; - const char *delim = , ; + char **ports = lp_smb_ports(); + int i; - for (tok=strtok_r(lp_smb_ports(), delim, ptr); -tok; -tok=strtok_r(NULL, delim, ptr)) { - uint16_t port = atoi(tok); + for (i=0;ports[i];i++) { + uint16_t port = atoi(ports[i]); if (port == 0) continue; service_setup_socket(service, model_ops, socket_ctx, ifip, port); }
svn commit: samba r1820 - in branches/SAMBA_4_0/source: lib torture/raw
Author: tridge Date: 2004-08-14 05:57:43 + (Sat, 14 Aug 2004) New Revision: 1820 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=1820nolog=1 Log: added a strcmp_safe() that handles NULL pointers. Needed for the search torture test, as some servers return really bad entries. Modified: branches/SAMBA_4_0/source/lib/util_str.c branches/SAMBA_4_0/source/torture/raw/search.c Changeset: Modified: branches/SAMBA_4_0/source/lib/util_str.c === --- branches/SAMBA_4_0/source/lib/util_str.c2004-08-14 05:56:12 UTC (rev 1819) +++ branches/SAMBA_4_0/source/lib/util_str.c2004-08-14 05:57:43 UTC (rev 1820) @@ -1464,3 +1464,18 @@ return True; } + + +/* + varient of strcmp() that handles NULL ptrs +*/ +int strcmp_safe(const char *s1, const char *s2) +{ + if (s1 == s2) { + return 0; + } + if (s1 == NULL || s2 == NULL) { + return s1?-1:1; + } + return strcmp(s1, s2); +} Modified: branches/SAMBA_4_0/source/torture/raw/search.c === --- branches/SAMBA_4_0/source/torture/raw/search.c 2004-08-14 05:56:12 UTC (rev 1819) +++ branches/SAMBA_4_0/source/torture/raw/search.c 2004-08-14 05:57:43 UTC (rev 1820) @@ -512,27 +512,27 @@ static int search_both_compare(union smb_search_data *d1, union smb_search_data *d2) { - return strcmp(d1-both_directory_info.name.s, d2-both_directory_info.name.s); + return strcmp_safe(d1-both_directory_info.name.s, d2-both_directory_info.name.s); } static int search_standard_compare(union smb_search_data *d1, union smb_search_data *d2) { - return strcmp(d1-standard.name.s, d2-standard.name.s); + return strcmp_safe(d1-standard.name.s, d2-standard.name.s); } static int search_ea_size_compare(union smb_search_data *d1, union smb_search_data *d2) { - return strcmp(d1-ea_size.name.s, d2-ea_size.name.s); + return strcmp_safe(d1-ea_size.name.s, d2-ea_size.name.s); } static int search_directory_info_compare(union smb_search_data *d1, union smb_search_data *d2) { - return strcmp(d1-directory_info.name.s, d2-directory_info.name.s); + return strcmp_safe(d1-directory_info.name.s, d2-directory_info.name.s); } static int search_old_compare(union smb_search_data *d1, union smb_search_data *d2) { - return strcmp(d1-search.name, d2-search.name); + return strcmp_safe(d1-search.name, d2-search.name); }