[Samba] Newbie question
I'm trying to set up shares to a Windows 2003 server. I have the shares visible and can do some things on them but I can't run the executables on them. The executables are issuing an access() call from within the Cygwin environment and it returns an ENOENT error. A look at the security for the share shows that Everyone can read and execute in the share directory but can only read and not execute in the subfolders. I can't change this from the Windows machine so how do I change my linux host to allow this kind of access? Thanks. Mike Plate' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] After upgrade to 3.0.7 no Mac-Client (Dave) can access files on server...
Hi all, since a samba upgrade i cannot store files from old macintosh clients... Here the details: The samba server runs on a Sun Sparc Server, samba version 2.2.8a. The Mac-Client is unfortunately a MacOS 9 client. To access the samba shares on the server i use the commercial product Dave in Version 4.0. Now i upgraded samba to version 3.0.7, didn't changed the configuration files. But i cannot store / read files from the Mac-Client (Dave) any longer... I always get on client side the error message (i try to translate, there is no english language package) The object FILENAME cannot be written. Error Code -50 some configuration changins with oplocks didn't helped. This error code is nowhere listet at google in junction with Dave and samba and i couldn't find a similar failure in the samba mailing list archive... thanx for any help, michael -- Michael Alzheimer Bahnhofstrasse 16 a 97794 Rieneck E-Mail : [EMAIL PROTECTED] Web : http://www.macomm.de Web : http://www.rsmotorsport.de Web : http://www.thw-lohr.de Tel : +49 (0) 911 / 30838716 VoIP / SIP : [EMAIL PROTECTED] Tel : +49 (0) 9354 / 902283 --- and it scares the hell out of me and the end is all I can see --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.7 OpenLDAP performance problem
hi, sorry if this topic already exists, but i haven't found a solution yet. I am using a Samba PDC with OpenLDAP. After updating my Samba 2.2.7 to version 3.0.7, I encountered the following problem : All my Windows-clients are able to logon to the Domain but it takes several minutes until the Client finally is logged on. If I try to open a directory that is stored on the server, it takes several minutes, too. The profiles I am using are not stored on the server except their home-directories. I testet the Samba update several times on a VMware machine with virtual server and clients and it worked perfectly every try. thanks for help, greetings, c.triebstein Hi! I got same kind of effect after upgrading 3.0.5 - 3.0.7. OpenLDAP + perbuilt Samba on SuSE 8.2 (downgraded back to 3.0.5 and everything is ok again) ht -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samb3-ldap PDC and BDC
hi, until now (about 1 year ago) i was working only with samba3+ldap PDC, but in near future my company enlarge his network with 6 new branchs spreaded all oever the country and i must build a scalable network with Samba-3 PDCs and BDCs, implement LDAP replication and multiple LDAP backends, all this over some VPNs(ipsec) . so, can tell me anyone how work the relationship beetwen a samba3-ldap PDC and a samba3-ldap BDC and how openldap server must replicate ? thanks, Mihai __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] getting aache to auth against the samba tdb
hi all I'm new to all the multitude of authentication schemes in *nix systems, and therefore have a question. My users will be using Samba tdb authentication for their normal login process. On the same server we will be hosting various web content that should not really be freely accessible. Apache 2 is installed. Can I setup Apache to authenticate against the Samba tdb database? if so, how? (one day when I know enough about all this, I want to migrate to a single LDAP backend for all access controls - should I move to LDAP now? (just been reading a bit about it and there appears to be a lot to learn to just get LDAP working -: )) thanks -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions
hello, I created a share test I would that mydomain+gp1 write in this folder and mydomain+gp2 read only in this folder. I don't know to do that. Could you help me please ?? arnaud Debian 3.1 / Samba 3.0.7 / winbind 3.0.7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Performance problems using ls -al together with winbind
Hi friends of SAMBA, I'm using SAMBA 3.0.0 on a Linux and SAMBA 3.0.6 on a Solaris server (my problems are independent from the SAMBA version, I guess). Following entries are existing in /etc/nsswitch.conf: passwd: files winbind group: files winbind ... getent group produces following output: ... domain1\group1:x:1:here is a list of 125.000 users domain1\group2:x:10001:here is a list of 12.500 users ... When a user of group1 has created only one file in a samba share on /test: ls -al /test needs 2 minutes and 10 seconds !! [EMAIL PROTECTED]:/test : ls -al /test total 16 drwxrwxrwx4 root root 4096 Oct 19 14:19 . drwxr-xr-x 29 root root 4096 Oct 18 17:59 .. drwxr-xr-x2 domain1\user1 domain1\group1 4096 Oct 19 13:59 testdir When a user of group2 has created only one file in a samba share on /test: ls -al /test needs 1.3 seconds [EMAIL PROTECTED]:/test : ls -al /test total 16 drwxrwxrwx4 root root 4096 Oct 19 14:19 . drwxr-xr-x 29 root root 4096 Oct 18 17:59 .. drwxr-xr-x2 domain1\user2 domain1\group2 4096 Oct 19 14:01 testdir2 But following actions for both groups need only a few milliseconds: [EMAIL PROTECTED]:/test : wbinfo -G 1 S-1-5-21-1482476501-1450960922-725345543-513 [EMAIL PROTECTED]:/test : wbinfo -s S-1-5-21-1482476501-1450960922-725345543-513 domain1\group1 [EMAIL PROTECTED]:/test : wbinfo -G 10001 S-1-5-21-1482476501-1450960922-725345543-149078 [EMAIL PROTECTED]:/test : wbinfo -s S-1-5-21-1482476501-1450960922-725345543-149078 domain1\group2 I expected also a millisecond-response for both ls-commands, because I thought, winbindd uses the same procedures like the wbinfo. Why took it 100 times longer for 10 times more domain users in the domain group? [EMAIL PROTECTED]:/test : testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [test] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = domain1 netbios name = server1 server string = Samba Server security = DOMAIN password server = pdc1 passdb backend = tdbsam log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = pdc1 idmap uid = 1-2 idmap gid = 1-2 template primary group = Domain Users template shell = /bin/bash [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [test] comment = test path = /test valid users = domain1\user1 domain1\user2 read only = No Thanks a lot! -- GMX ProMail mit bestem Virenschutz http://www.gmx.net/de/go/mail +++ Empfehlung der Redaktion +++ Internet Professionell 10/04 +++-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Experience on using Samba with XP SP2
I sent a private Mail to Gerald. I hope it's ok, because the log is also as gz file 4 MB! Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Bork wrote: | Hallo, | | |We have problems with printing after installing XP SP2. |In nearly every software it takes about 10 seconds to 30 seconds, if you |click on Print-Button and wait for the print dialogue window. |Extremly slow are programs like MS Word (30 seconds, when you open a |document the first time). | | | same problem here. This a known but _unresolved_ problem for | Samba 3.0.7 and 2.2.12 - you can read about in the mailing | list archive (read the complete threads): | | http://marc.theaimsgroup.com/?l=sambam=109410258903823w=2 | http://marc.theaimsgroup.com/?l=sambam=108006188614178w=2 Unresolved may be a little too strong. I'm pretty sure the problem is the XP firewall. Can you send me a level 10 debug log with timestamps so I can verify? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdQ8jIR7qMdg1EfYRAh2bAJ9mXBapu88qrwMby6ZWzt+L1QwPkwCeLpz8 f62CD2PuxRhoMbfYNkJAVqA= =Oto/ -END PGP SIGNATURE- -- Mit freundlichen Grüßen, Dr. Walter Willmertinger CONSYS Gesellschaft für Softwaretechnologie und Systementwicklung mbH Dr. Walter Willmertinger Landsberger Strasse 402 EMail: [EMAIL PROTECTED] 81241 MuenchenPhone: 089-589 789 0 Germany Fax: 089-589 789 99 WWW-Homepage: http://www.consys.de So finden Sie zu uns: http://mail.map24.com/consys-muenchen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] member server and kerberos
hello
i have finally set up the following configuration:
debian testing / samba-3.07 member of a w2k Active Directory, security
=ads
now i am able to:
- list users and group with wbinfo -u | -g
- authenticate domain users via pam_winbind
- list and connect to share on AD server with kerberos ( smbclient -k )
- list and connect to share on SAMBA server _from_samba_server_ (
smbclient -k //SAMBA_SERVER/
_BUT_ trying to connect to samba share from AD server (net use *
\\SAMBA_SERVER\share ) prompt me for a password and log gives me the
famous failed to verify incoming ticket :
[2004/10/20 09:24:42, 3] smbd/server.c:exit_server(614)
Server exit (process_smb: send_smb failed.)
[2004/10/20 09:24:42, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2004/10/20 09:24:42, 3] libads/kerberos_verify.c:ads_verify_ticket(307)
ads_verify_ticket: krb5_rd_req with auth failed (Success)
[2004/10/20 09:24:42, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/10/20 09:24:42, 3] smbd/error.c:error_packet(129)
error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
i have try to play with enc-type in krb5.conf to no avail.
here is my krb5.conf:
[libdefaults]
default_realm = OPENDOOR.NET
[realms]
OPENDOOR.NET = {
kdc = nicotine.opendoor.net:88
}
output of klist -5e :
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
10/20/04 11:40:14 10/20/04 21:40:14 krbtgt/[EMAIL PROTECTED]
Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
10/20/04 11:40:33 10/20/04 21:40:14 [EMAIL PROTECTED] (
samba server )
Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
10/20/04 11:40:49 10/20/04 21:40:14 [EMAIL PROTECTED]
( AD server )
Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
installed package:
debian testing
samba 3.0.7-1
samba-common3.0.7-1
libkrb531.3.4-4
krb5-user 1.3.4-4
any idea ?
--
-- Thomas Constans --
http://www.opendoor.fr
[EMAIL PROTECTED]
04 78 68 17 34
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating PPTP users against Samba/LDAP
Andrew Bartlett wrote: On Wed, 2004-10-20 at 00:44, Mike Brodbelt wrote: The pppd patch (one for 2.4.2, one for current CVS) is here: http://download.samba.org/ftp/unpacked/lorikeet/trunk/pppd The documentation is: http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf Note that the patch changed a little since the report was written, use the instructions in the README for configuration. That's exactly what I was looking for - thanks very much indeed. Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Experience on using Samba with XP SP2
I have tried repeatedly to get off this list, but nothing happens. Can someone please help me? Bill Mann The Benefits Office CONFIDENTIALITY NOTICE: This e-mail (including attachments), is covered by the Electronic Communications Privacy Act, §§ 2510-2521 and is confidential. The information contained in this message and the accompanying documents is confidential information that is legally privileged and intended only for the use of the above-named recipient. If the reader of this message is not the named recipient or an employee or agent responsible for delivering the telecopy to the named recipient, please notify us immediately to arrange for the return of the original documents to us. You are hereby notified that any review, disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Walter Willmertinger Sent: Wednesday, October 20, 2004 4:44 AM To: Gerald (Jerry) Carter Cc: [EMAIL PROTECTED]; Thomas Bork Subject: Re: [Samba] Experience on using Samba with XP SP2 I sent a private Mail to Gerald. I hope it's ok, because the log is also as gz file 4 MB! Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Bork wrote: | Hallo, | | |We have problems with printing after installing XP SP2. |In nearly every software it takes about 10 seconds to 30 seconds, if you |click on Print-Button and wait for the print dialogue window. |Extremly slow are programs like MS Word (30 seconds, when you open a |document the first time). | | | same problem here. This a known but _unresolved_ problem for | Samba 3.0.7 and 2.2.12 - you can read about in the mailing | list archive (read the complete threads): | | http://marc.theaimsgroup.com/?l=sambam=109410258903823w=2 | http://marc.theaimsgroup.com/?l=sambam=108006188614178w=2 Unresolved may be a little too strong. I'm pretty sure the problem is the XP firewall. Can you send me a level 10 debug log with timestamps so I can verify? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdQ8jIR7qMdg1EfYRAh2bAJ9mXBapu88qrwMby6ZWzt+L1QwPkwCeLpz8 f62CD2PuxRhoMbfYNkJAVqA= =Oto/ -END PGP SIGNATURE- -- Mit freundlichen Grüßen, Dr. Walter Willmertinger CONSYS Gesellschaft für Softwaretechnologie und Systementwicklung mbH Dr. Walter Willmertinger Landsberger Strasse 402 EMail: [EMAIL PROTECTED] 81241 MuenchenPhone: 089-589 789 0 Germany Fax: 089-589 789 99 WWW-Homepage: http://www.consys.de So finden Sie zu uns: http://mail.map24.com/consys-muenchen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Fwd: Re: [Samba] Intermittent Network name cannot be found error
Hi guys, Unfortunately I've still made no progress on this. Is disabling the roaming profile permission checking in XP the only way to fix this ? Will any future versions of Samba have something that we can do in Samba on the server side to work around this ? Have you tried the setting called:- profile acls Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Win XP unable to print to Linux Server
Hello, I'm running SuSE 9.1 Linux, with Samba 3.04. All of the computers are able to print to this one printer, except for this one computer. I can't seem to resolve the problem, and I'm pretty sure it's not Win XP SP2, because another computer at my workplace has the same exact setup, and is able to print. Any help is really appreciated, thank you. Aizat Faiz Oct 20 12:37:09 concorde smbd[3687]: [2004/10/20 12:37:09, 0] lib/util_sock.c:get_peer_addr(978) Oct 20 12:37:09 concorde smbd[3687]: getpeername failed. Error was Transport endpoint is not connected Oct 20 12:37:09 concorde smbd[3687]: [2004/10/20 12:37:09, 0] lib/util_sock.c:get_peer_addr(978) Oct 20 12:37:09 concorde smbd[3687]: getpeername failed. Error was Transport endpoint is not connected Oct 20 12:37:09 concorde smbd[3687]: [2004/10/20 12:37:09, 0] lib/access.c:check_access(328) Oct 20 12:37:09 concorde smbd[3687]: [2004/10/20 12:37:09, 0] lib/util_sock.c:get_peer_addr(978) Oct 20 12:37:09 concorde smbd[3687]: getpeername failed. Error was Transport endpoint is not connected Oct 20 12:37:09 concorde smbd[3687]: Denied connection from (0.0.0.0) Oct 20 12:37:09 concorde smbd[3687]: [2004/10/20 12:37:09, 0] lib/util_sock.c:get_peer_addr(978) Oct 20 12:37:09 concorde smbd[3687]: getpeername failed. Error was Transport endpoint is not connected Oct 20 12:37:09 concorde smbd[3687]: Connection denied from 0.0.0.0 Oct 20 12:37:09 concorde smbd[3687]: [2004/10/20 12:37:09, 0] lib/util_sock.c:write_socket_data(413) Oct 20 12:37:09 concorde smbd[3687]: write_socket_data: write failure. Error = Connection reset by peer Oct 20 12:37:09 concorde smbd[3687]: [2004/10/20 12:37:09, 0] lib/util_sock.c:write_socket(438) Oct 20 12:37:09 concorde smbd[3687]: write_socket: Error writing 5 bytes to socket 26: ERRNO = Connection reset by peer Oct 20 12:37:09 concorde smbd[3687]: [2004/10/20 12:37:09, 0] lib/util_sock.c:send_smb(630) Oct 20 12:37:09 concorde smbd[3687]: Error writing 5 bytes to client. -1. (Connection reset by peer) Oct 20 12:37:16 concorde smbd[3686]: [2004/10/20 12:37:16, 0] lib/fault.c:fault_report(36) Oct 20 12:37:16 concorde smbd[3686]: === Oct 20 12:37:16 concorde smbd[3686]: [2004/10/20 12:37:16, 0] lib/fault.c:fault_report(37) Oct 20 12:37:16 concorde smbd[3686]: INTERNAL ERROR: Signal 11 in pid 3686 (3.0.4-SUSE) Oct 20 12:37:16 concorde smbd[3686]: Please read the appendix Bugs of the Samba HOWTO collection Oct 20 12:37:16 concorde smbd[3686]: [2004/10/20 12:37:16, 0] lib/fault.c:fault_report(39) Oct 20 12:37:16 concorde smbd[3686]: === Oct 20 12:37:16 concorde smbd[3686]: [2004/10/20 12:37:16, 0] lib/util.c:smb_panic2(1398) Oct 20 12:37:16 concorde smbd[3686]: PANIC: internal error Oct 20 12:37:16 concorde smbd[3686]: [2004/10/20 12:37:16, 0] lib/util.c:smb_panic2(1406) Oct 20 12:37:16 concorde smbd[3686]: BACKTRACE: 17 stack frames: Oct 20 12:37:16 concorde smbd[3686]:#0 /usr/sbin/smbd(smb_panic2+0x120) [0x82028a0] Oct 20 12:37:16 concorde smbd[3686]:#1 /usr/sbin/smbd(smb_panic+0x26) [0x8202a66] Oct 20 12:37:16 concorde smbd[3686]:#2 /usr/sbin/smbd [0x81ee020] Oct 20 12:37:16 concorde smbd[3686]:#3 [0xe420] Oct 20 12:37:16 concorde smbd[3686]:#4 /usr/sbin/smbd [0x813f3b2] Oct 20 12:37:16 concorde smbd[3686]:#5 /usr/sbin/smbd(api_rpcTNP+0x29e) [0x817333e] Oct 20 12:37:16 concorde smbd[3686]:#6 /usr/sbin/smbd(api_pipe_request+0xe0) [0x81737a0] Oct 20 12:37:16 concorde smbd[3686]:#7 /usr/sbin/smbd [0x816d80c] Oct 20 12:37:16 concorde smbd[3686]:#8 /usr/sbin/smbd(write_to_pipe+0x127) [0x816bf57] Oct 20 12:37:16 concorde smbd[3686]:#9 /usr/sbin/smbd [0x808ef2c] Oct 20 12:37:16 concorde smbd[3686]:#10 /usr/sbin/smbd(reply_trans+0xb9b) [0x808fc3b] Oct 20 12:37:16 concorde smbd[3686]:#11 /usr/sbin/smbd [0x80e2347] Oct 20 12:37:16 concorde smbd[3686]:#12 /usr/sbin/smbd(process_smb+0x1aa) [0x80e28ea] Oct 20 12:37:16 concorde smbd[3686]:#13 /usr/sbin/smbd(smbd_process+0x16b) [0x80e2d5b] Oct 20 12:37:16 concorde smbd[3686]:#14 /usr/sbin/smbd(main+0x526) [0x827d0f6] Oct 20 12:37:16 concorde smbd[3686]:#15 /lib/tls/libc.so.6(__libc_start_main+0xe0) [0x402b7500] Oct 20 12:37:16 concorde smbd[3686]:#16 /usr/sbin/smbd [0x8078bb1] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.7 OpenLDAP performance problem
I am using a Samba PDC with OpenLDAP. After updating my Samba 2.2.7 to version 3.0.7, I encountered the following problem : All my Windows-clients are able to logon to the Domain but it takes several minutes until the Client finally is logged on. If I try to open a directory that is stored on the server, it takes several minutes, too. The profiles I am using are not stored on the server except their home-directories. I testet the Samba update several times on a VMware machine with virtual server and clients and it worked perfectly every try. I got same kind of effect after upgrading 3.0.5 - 3.0.7. OpenLDAP + perbuilt Samba on SuSE 8.2 (downgraded back to 3.0.5 and everything is ok again) Just as a balancing point-of-view; we have 3.0.7 + OL 2.2.17 and performance is very good (~200 XP/2000 clients). Are you sure things like name resolution are working properly? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Applications that need admin privileges
Hi guys, I have a working samba and openldap pdc which is actively being tested. I have a group of users that have specifics tools to use such as oracle client tools (sqlplus etc). I tried to logon as a test user and run the sqlplus but nothing happened, I tried adding this user to the local poweruser group but it produced the same result. Can this be achieved? It works fine if this user is a member of local admin group which I dont want to do because I want to limit what they can do to their workstations. Anyone out here who had a similar experience? Thanks for any help Oh yes, it is called $([EMAIL PROTECTED]@R%** crappy PC software. If the software is broken and needs Admin privileges you don't have much of a choice, but you can still apply policies to an account with Admin privileges. And don't forget to write a very nasty letter to the software shop telling them to fix their software their non-compatble software! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as domain member server cannot authenticate users
Hi all, I use Samba 3.0.9 on Debian Woody. I use it as domain member server: workgroup = testdomen security = domain When I join it to domain, it seems it is ok: newhas1:~# net rpc join -U dj.dule%pass Joined domain TESTDOMEN. wbinfo -u lists users, getent passwd also works fine. But when I try to access server from XP comp logged onto a domain, i cannot. I found this in logs: [2004/10/20 11:48:53, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: TESTDOMEN+100 [2004/10/20 11:48:53, 0] auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User TESTDOMEN+100! [2004/10/20 11:48:53, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: TESTDOMEN+100 [2004/10/20 11:48:53, 0] auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User TESTDOMEN+100! User 100 is valid user on domain controler. Any idea ? -- Eng. Dusan Djordjevic (RHCE) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change password AS_ROOT=FALSE
rick talbot wrote: | passwd program = passwd %u | passwd chat = *old*password*%o\n *new*password*%n\n *new*password*%n\n * | passwd chat debug = true | unix password sync = yes | | | Doing it this way forces samba to change it as root, and | this is giving me another problem. The old password is not available (i don't know why we even have the %o variable there). So root pw change sis really the only viaable option I can think of. %o works fine when you're not using encrypted passwords. Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind AD group non primary group permissions
Hello, In our company we need to setup a samba-server for store the pst files in a dedicated share on our samba server. A very important goal is zero administration Samba Server is a sun running solaris 9 , samba-3.0.7 is installed with winbind , all is running as expected , users can connect to the share , if the share isnt already created , it is created by preexec script --- sniplet of smb.conf [pst] root preexec = /bin/ksh -c mkdir /export/home/pst/%u path = /export/home/pst/%u read only = no create mask = 0700 directory mask = 0700 available = yes public = no and now th problem As all is running so well , customers become hungry on advanced features ... One of the features is , they want acces to the share be restricted to a special group(AD) which is not the user's primary group. I searched google etc etc all faqs and so on , but nothing. I tried around with preexec scripts , using getent group|grep $usr ; without success, maybe the failure is in my scripts , so my question ; is there anybody out , who had success in that case described All help is much apreciated , kind regardsmartin schreiber Siemens Business Services CCN-ITS Betrieb Wien GUD Gudrunstrasse 11 A-1101 Wien Martin Schreiber Phone +43 5 1707 47565 Server-Administration Fax +43 5 1707 57560 mailto:[EMAIL PROTECTED] http://www.sbs.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Not able to upload printer drivers for WinXP/2k
Hi all, I've just realized that using Windows APW (Wizard)it would be possible to upload/install my usb-printer drivers shared on my linux samba server (2.2.1a). Tried doing so ,but came across lot of failure messages like 'Windows could not install driver ' in the final step of the wizard where it asks for drivers. afore is my smb.conf [global] security=user netbios name=PRINT-SERVER workgroup=WORKGROUP load printers=yes printer admin=user printcap name=/etc/printcap printing=cups [print$] path=/usr/local/samba/print read only=yes browseable=no guest ok=yes write list=user [Lexmark] path=/var/disk1/print/spool read only=no max connections=50 printer=prn disabled=no printable=yes browseable=yes comment=Lexmark Z700-P700 Series Can some one send me how I should go about uploading from a WinXP host and is there some thing incorrect in what I'm doing? rgds Shailesh Shirali Teneoris Networks Bangalore India. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba as PDC - Can't get user profiles to save properly
Hi Felix, have you checked if your users have the writing permission to /samba/profile in native linux? Regards Felix Knoblach schrieb: Hi, I'm still sitting fighting with this problem here I mentioned a little while ago. Say, it can't be that you need to add PDC users on every workstation if you want to have them working with admin-accounts (which they seem to need in order to be able to save their profiles on the PDC), can it? Any ideas? Felix Greetings, I'm running desperate on a problem with my windows user profiles here, searched the net and read the docus alot but still no luck. I've got an running Samba domain, an existing windows 2000 machine can log into the domain properly. Furthermore, a test account is made aswell, and the 2k machine is able to log in with that account. Now, my problem is: When I try to change windows settings (like switch active desktop to on) or delete/rename icons from my desktop, log out and in again, all changes are undone like they've been not saved on the server. But if I create new icons on the desktop and relog, those are still there. Additionally, when I right-click in some folder and choose New- there's only Folder and Link to choose where you would expect things like new text file etc. Now, when I log in locally on the client as admin and add an domain-user with the same name as my test user on the server, log out and back in on the domain again, then it's possible to delete/rename icons on the desktop, settings like active desktop can't be changed at all still though. Access permissions on the home-folder of the user seem fine, I've even tried mask 0777 just to see if it would work. Sorry for the long story, but maybe somebody is able to recognize the problem. I'm really running out of ideas what to try next... Thanks alot Felix -- Append: My original smb.conf # Global parameters [global] # Base Options workgroup = SAMBA netbios name = PDC server string = Samba %v (PDC) @ biomax.de interfaces = eth0 # Security Options security = user #encypted passwords = yes update encrypted = Yes passdb backend = smbpasswd unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* allow trusted domains = yes # password server = ALBERICH password server = PDC # Logging Options log level = 2 log file = /var/log.%m # Tuning Options deadtime = 15 # Logon Options add machine script = /usr/sbin/useradd -d /dev/null -g ntclient -s /bin/false -M %u logon script = logon.bat logon path = \\%L\profile\%u logon home = \\%N\%U logon drive = Z: domain logons = Yes # Browse Options os level = 65 preferred master = Yes domain master = Yes # Ldap Options ldap ssl = no # Misc panic action = /usr/share/samba/panic-action %d admin users = root printing = cups browseable = No [homes] comment = Benutzer-Verzeichnisse path = /samba/profile/%u read only = No browseable = Yes [netlogon] comment = NetLogON path = /samba/netlogon [profile] comment = Benutzerprofile path = /samba/profile read only = No [public] comment = Oeffentlicher Ordner path = /samba/public read only = No guest ok = Yes browseable = Yes -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Experience on using Samba with XP SP2
Hi Walter, relate to your answers i would say your win drivers arent very compatibel to win xp sp2, have you tried to get the printer directly connected to a win xp serv pack2 machine using with the same drivers? if the buggy behavior stay with lokal conected drivers and printer you know that you have to wait for better drivers or trying another setup maybe using ghostscript drivers wih cups and/or raw printing. Best Regards Walter Willmertinger schrieb: rruegner schrieb: Hi Walter, i have the same setup samba 3.07 , cups win xp serv pack 2 german. I have noticed that something changed in behavior after the upgrade to win xp serv pack 2 , but non of your described failures are comming up in my setups for hp laser printers , and canon bjc 2000 as well as my pdf printer. I only noticed after upgrade to serv pack 2 that ich have to refresh the pinter icon in the taskbar now after printing is done to disapear. also my standart paper size is now switching to letter and not staying to default dina 4. But i have not upgraded my cups or/and win drivers ( which is allways recomended ), i wanted to cotroll this stuff these days but as this bugs are not really heavy for me , i will wait until there is time. I dont think this is really a problem with samba. Are you using cups? YES, I think it is cups 1.1.20 How is your smb.conf very simple: Here the relevant parts: # Global parameters [global] workgroup = CSINTERN server string = col Samba Server on RedHat log file = /usr/local/samba/var/log.%m max log size = 10 deadtime = 60 preferred master = No domain master = No ldap ssl = no printer admin = root, walterw, fritzw, gerhardj hosts allow = 192.168.1. [homes] comment = Home Directories read only = No create mask = 0750 [printers] comment = All Printers path = /var/spool/samba printer admin = root, walterw create mask = 0700 guest ok = Yes printable = Yes use client driver = Yes browseable = No [print$] comment = Share fuer Printer Treiber path = /usr/local/samba/lib/printers write list = root, walterw, fritzw, gerhardj [kyocera-ps] comment = Kopierdrucker mit Duplexfunktion path = /var/spool/samba printer admin = root, walterw read only = No create mask = 0700 guest ok = Yes printable = Yes printer name = KYOCERA use client driver = Yes oplocks = No share modes = No ** , have you checked cups logs, nothing special! do you have the latest printers? Yes, actual drivers What are this Printers ( Manufacter ) Kyocera, HP ... Have disabled the xp firewall Tried with and without firewall as well as the webclient services on xp, tried with enabled and disabled what are the event logs talking at the win xp? only on XP startup I get an error message: you can see in the appended temp.jpg If you don't see it: It is a message in sytem part. Source is MRxSmb Type is warning Event number is 3019 Text is: ( if I try to translate): Redirector Service cannot recognize the type of connection Is file sharing running corect with your samba machine? Yes, no problem, even with MS Access Is it a stand alone spooler , ??? do you do accounting, nothing setup are you printing via a printserver device yes, network print server, done over CUPS or direct over lpd/usb no! Do you use postscript/ghostscript filters, or direct win drivers? direct win drivers All this stuff must be tested and controlled to give you the right answer/help...there is no naturally reason why printing with samba should fail with win xp as far i know It does not fail, the startup of the print dialogue is just very slow !! When removing SP2, the problem has gone! Best Regards Walter Willmertinger schrieb: We have problems with printing after installing XP SP2. In nearly every software it takes about 10 seconds to 30 seconds, if you click on Print-Button and wait for the print dialogue window. Extremly slow are programs like MS Word (30 seconds, when you open a document the first time). Another problem, (but I am sure it's not a samba related problem): In some word documents you have problems viewing embedded graphics. Sometimes you see the graphics, sometimes not. It is not a problem with wrong settings (View - Use placeholders for Graphics). In preview there is no graphics, maybe after some scrolling the graphics appear, on the printout graphics are contained. Samba installed is 3.0.7 (compiled on RH 9.0 with standard options)! Regards, Walter rruegner schrieb: CHAN YICK WAI schrieb: Just would like to ask if anyone has experience with Samba with XP SP2, can you share with us? Thanks, Yw Hi, for sure we share : it works read the samba faqs for more info, and/or give us more detailed questions Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating PPTP users against Samba/LDAP
Mike Brodbelt schrieb: Hi, I have a few remote user who use a PPTP based VPN. The server is running PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC for (some) added security. Currently, users authentication information is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to put users into LDAP, and have ppp authenticate either directly against LDAP, or against Samba (with an LDAP backend). Any ideas on how I might go about this? Most of the docs I've seen suggest that you can't use PAM for authentication with CHAP, so it seems not to be as simple as I might have hoped. Disclaimer - I haven't actually tried any of this yet, I'm just trying to get it clear in my head before I start... Mike. Hi Mike, there is a ldap patch for poptop ( try google )as well as a patch for windbind http://download.samba.org/ftp/unpacked/lorikeet/trunk/pppd/ i didnt try it but it should work with ldap Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samb3-ldap PDC and BDC
On Wed, 2004-10-20 at 18:16, Mihai Costache wrote: hi, until now (about 1 year ago) i was working only with samba3+ldap PDC, but in near future my company enlarge his network with 6 new branchs spreaded all oever the country and i must build a scalable network with Samba-3 PDCs and BDCs, implement LDAP replication and multiple LDAP backends, all this over some VPNs(ipsec) . so, can tell me anyone how work the relationship beetwen a samba3-ldap PDC and a samba3-ldap BDC and how openldap server must replicate ? If the WAN is not a single netbios scope, then just set up each remote DC as a PDC, otherwise configure as a BDC per the documentation. In any case, the replication stuff happens only at the OpenLDAP layer, and the procedure for setting this up is all described in the docs - the main site is the OpenLDAP master, and the remote sites are OpenLDAP slaves. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba as PDC - Can't get user profiles to save properly
Date: Tue, 19 Oct 2004 08:21:36 +0200
From: Felix Knoblach [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Samba] Re: Samba as PDC - Can't get user profiles to save properly
Hi,
I'm still sitting fighting with this problem here I mentioned a little
while ago.
I'm running desperate on a problem with my windows user profiles here,
searched the net and read the docus alot but still no luck.
I've got an running Samba domain, an existing windows 2000 machine can
log into the domain properly. Furthermore, a test account is made
aswell, and the 2k machine is able to log in with that account. Now, my
problem is: When I try to change windows settings (like switch active
desktop to on) or delete/rename icons from my desktop, log out and in
again, all changes are undone like they've been not saved on the server.
But if I create new icons on the desktop and relog, those are still there.
This doesn't sound quite like the problem I had, but it's work checking.
This all starts here:-
http://lists.samba.org/archive/samba/2004-April/084023.html
and ends here:-
http://lists.samba.org/archive/samba/2004-September/092379.html
and basically it's to do with a bug in the Nvidia Display Driver
Service. You can either disable the service ('startup - Manual') or
upgrade the drivers to a version with the fix in them.
If this issue doesn't affect you, then I'm sorry.
Mac
Assistant Systems Adminstrator @nibsc.ac.uk
[EMAIL PROTECTED]
Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime)
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] member server and kerberos
Sorry for bothering you afet upgrading the AD server to SP4, i am finally able to browse and connect to samba-member shares sorry for wasting your time Le sam 16/10/2004 à 14:05, thomas constans a écrit : hello well i compiled kerberos 1.3.5 from sources, and i got the same results as before. what procedure did you follow ? i understand that you also compiled samba from sources. can you give me a quick porcedure : in what order have you compiled samba kerberos ? with what options passed to configure ? thanx for answering -- thomas constans [EMAIL PROTECTED] openDoor.fr -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Groups not displayed
Hi I got a little problem with group mapping I've used a longer string, ITG, Klassenlehrer: Alfred Hein as displayName attribute in ldap. When I run net groupmap list everthing is fine but when I try to list all groups on a windows client only groups above this string are displayed. All other groups are missing. Is this a bug? I use samba 3.0.7 Cheers, Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] krb5_cc_get_principal failed
I'm trying to set up our test box here. Identical versions and setup to our devel box. It is part of the domain (has already been joined). And there was a problem with the secrets.tdb file (corrupted or whatever). winbindd.log: --- [2004/10/20 08:33:46, 1] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain X S-1-5-21-1645522239-1202660629-725345543 [2004/10/20 08:33:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2004/10/20 08:33:46, 1] nsswitch/winbindd_ads.c:ads_cached_connection(65) ads_connect for domain failed: Cannot read password [2004/10/20 08:33:46, 1] nsswitch/winbindd_util.c:init_domain_list(300) Could not fetch sid for our domain [2004/10/20 08:33:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2004/10/20 08:33:46, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516) spnego_gen_negTokenTarg failed: No credentials cache found [2004/10/20 08:33:49, 1] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain X S-1-5-21-2139973840-784154809-1042822891 [2004/10/20 08:33:51, 1] . [2004/10/20 08:46:29, 0] nsswitch/winbindd_util.c:get_trust_pw(951) get_trust_pw: could not fetch trust account password for my domain wbinfo -u Error looking up domain users klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: XXX Valid starting ExpiresService principal 10/20/04 08:33:07 10/20/04 18:33:10 krbtgt/ renew until 10/21/04 08:33:07, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 10/20/04 08:33:43 10/20/04 18:33:10 renew until 10/21/04 08:33:07, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 10/20/04 08:39:04 10/20/04 18:33:10 XX renew until 10/21/04 08:33:07, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 looks right to me ? smbclient -L -U someotherhost works ... but localhost doesnt, smbclient -d6 -L localhost -U stdenisro INFO: Current debug levels: all: True/6 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb.conf Processing section [global] doing parameter workgroup = XX doing parameter realm = XX doing parameter server string = XXX doing parameter security = ADS doing parameter auth methods = winbind doing parameter password server = X doing parameter log level = debug doing parameter log file = /var/log/samba/%m.log doing parameter max log size = 0 doing parameter load printers = No doing parameter printcap name = lpstat doing parameter show add printer wizard = No doing parameter preferred master = No doing parameter local master = No doing parameter domain master = No doing parameter enhanced browsing = No doing parameter passdb backend = ldapsam:ldap:// doing parameter dns proxy = No doing parameter ldap ssl = no doing parameter idmap uid = 1-4 doing parameter idmap gid = 1-4 doing parameter template shell = /home/%D/%U/.sh.lnk doing parameter winbind separator = + doing parameter winbind use default domain = Yes doing parameter create mask = 0774 doing parameter directory mask = 0775 doing parameter printing = cups doing parameter print command = /usr/bin/lp -d '%p' %s; rm %s doing parameter lpq command = /usr/bin/lpstat -o '%p' doing parameter lprm command = /usr/bin/cancel '%p-%j' doing parameter lppause command = lp -i '%p-%j' -H hold doing parameter lpresume command = lp -i '%p-%j' -H resume doing parameter queuepause command = /usr/bin/disable '%p' doing parameter queueresume command = /usr/bin/enable '%p' pm_process() returned Yes Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset
Re: [Samba] change password AS_ROOT=FALSE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mac wrote: |rick talbot wrote: | || passwd program = passwd %u || passwd chat = *old*password*%o\n *new*password*%n\n *new*password*%n\n * || passwd chat debug = true || unix password sync = yes || || || Doing it this way forces samba to change it as root, and || this is giving me another problem. | | The old password is not available (i don't know why we | even have the %o variable there). So root pw change | is really the only viaable option I can think of. | | %o works fine when you're not using encrypted passwords. And = Wndows NT. I know its available but the circumstances seem so limited that IMO its just not useful. Most people don't like clear text pw changes on the wire :-) jerry steps down off the soap box now cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdmXJIR7qMdg1EfYRAsAIAJ9h1XkQYLWzqu57XZGSgepWPTrOXACdGncw p8V3K4zhtbTgcchVEsr7q8E= =0aVm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] Issues/Questions about Samba 3.x.x versus it's Worki ng Status
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | 1. The question 1 was about not using winbindd when | in ADS security mode. Is the answer still Yes? I know that | it is true when in DOMAIN security mode. Yes. But see my posting yesterday about username mapping semnatics in the current code. | 2. About Question 6, from your answer, my understanding is | that the Samba server must be in the same domain as | the Win2K/Win2K3 server. In other words the full name of | these machines would be sambaserver.domaineA.com and | win2kserver.domaineA.com. Is this true whether it is | with the DOMAIN or ADS security mode? The short answer anser to your question is that you should just join the Samba box and Windows box to the same domain. But Samba does have as close ties with the DNS domain as Windows does. But what you asking is more of a general question about Windows domain security and not necessarily Samba. I really think you should spend some more time reading docs on Windows domains. You need to understand the concept of domain users and groups and what it means to be a member of a Windows domain. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdmp5IR7qMdg1EfYRAkk2AJ9mdSOpbtUX8nHWoSkUbhvm/z04/wCgmOdG yBkiNEoQmeXTzjCCCbJ8mv4= =H/VI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP weirdness
Dear Sirs, I installed OpenLDAP and smbldap-tools by IDEALX. samba is 3.0.7, smbldap is 0.8.5 what else did I do: 1) smbldap-populate 2) pdbedit -i smbpasswd:/usr/local/private/smbpasswd -e ldapsam:ldap://127.0.0.1 3) smbpasswd -w clear text password what is not very clear, should I use the same Manager account or not. however, account information was exported to LDAP successfully. samba is running well over that data. users can log in. but, when I do net groupmap ... I'm getting errors: sol# net groupmap list [2004/10/20 19:40:25, 0] lib/smbldap.c:smbldap_search_domain_info(1338) Adding domain info for SOLAR failed with NT_STATUS_UNSUCCESSFUL Domain Admins (S-1-5-21-1906877464-905504629-2230954338-512) - 512 Domain Users (S-1-5-21-1906877464-905504629-2230954338-513) - school Domain Guests (S-1-5-21-1906877464-905504629-2230954338-514) - 514 Print Operators (S-1-5-32-550) - 550 Backup Operators (S-1-5-32-551) - 551 Replicators (S-1-5-32-552) - 552 sol# why pdbedit successfully migrated data, but net groupmap doesn't want to work with that ? Cheers, Ilia Chipitsine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind AD group non primary group permissions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Schreiber Martin wrote: | One of the features is , they want acces to the share | be restricted to a special group(AD) which is not the user's | primary group. I searched google etc etc all faqs and so on , | but nothing. I tried around with preexec scripts , using getent | group|grep $usr ; without success, maybe the failure is | in my scripts , so my question ; is there anybody out , | who had success in that case described If you know the group then just pass it into the root preexec and chgrp/chmod the target directory. Or you can just use a valid users = DOMAIN\group in smb.conf cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdm6pIR7qMdg1EfYRAqmgAKDaGJLM6B/bQwItt5KbdEnmmUu4GACfZrs2 r8UO77JRkZLegU5p7B3maO0= =2oVM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Access Denied to shares in Lotus Notes and Outlook
Hi All, I don't know if this is a samba problem or not, but if users want to add files as an attachment in Lotus Notes and MS Outlook, and these files reside on samba shares, they get an access denied message. This access denied message refers to the whole share not only a file. Samba Server version is 3.0.4 on Sparc Solaris 8 acting as AD Member Server (W2K DC). Everything else is working fine and access from other programs like Excel, Access etc. is granted. I know there have been improvements in the 'open_directory()' function in 3.0.6 and intended to upgrade to 3.0.7. But since I am stuck there (make check fails in function strstr_m, I posted it already...) I wanted to be sure that this upgrade would do the trick at all. Has anybody experienced similar problems, or better yet encountered an easy solution ? Any tips and hints are welcome... Excerpt from the log: [2004/10/20 12:41:07, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 00 00.\... [2004/10/20 12:41:07, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 5297) [2004/10/20 12:41:07, 4] smbd/uid.c:change_to_user(186) change_to_user: Skipping user change - already user [2004/10/20 12:41:07, 10] smbd/nttrans.c:reply_ntcreate_and_X(609) reply_ntcreateX: flags = 0x10, desired_access = 0x11 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x4001 root_dir_fid = 0x0 [2004/10/20 12:41:07, 10] smbd/nttrans.c:map_create_disposition(343) map_create_disposition: Mapped create_disposition 0x1 to 0x1 [2004/10/20 12:41:07, 10] smbd/nttrans.c:map_share_mode(482) map_share_mode: Mapped desired access 0x11, share access 0x3, file attributes 0x0 to open_mode 0x40 [2004/10/20 12:41:07, 5] smbd/filename.c:unix_convert(114) unix_convert called on file [2004/10/20 12:41:07, 5] smbd/files.c:file_new(122) allocated file structure 2603, fnum = 6699 (1 used) [2004/10/20 12:41:07, 3] smbd/open.c:open_directory(1356) open_directory: unable to stat name = .. Error was Error 0 [2004/10/20 12:41:07, 5] smbd/files.c:file_free(385) freed files structure 6699 (0 used) [2004/10/20 12:41:07, 10] smbd/trans2.c:set_bad_path_error(2213) set_bad_path_error: err = 0 bad_path = 0 [2004/10/20 12:41:07, 3] smbd/error.c:error_packet(118) error packet at smbd/trans2.c() cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED Regards, Sönke -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Connect via IP vs. Netbios name
I am having a issue with connecting to samba shares (OSX). I am able to connect to all share however depending on what method that I use to connect to the shares I get very different performance results. For example if I connect to \\server\share it takes 2-3 seconds for each directory to either appear or to viewable. On the other side if I connect using \\x.x.x.x\share directory access is instantaneous. After doing some research I have discovered that I am getting a NT Status : Status_Logon_Failure message. I do not get this message using the IP address to connect to the share. Does any one have an Idea what might be causing this? Thanks Brian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: LDAP weirdness
Ilia Chipitsine wrote: Dear Sirs, I installed OpenLDAP and smbldap-tools by IDEALX. samba is 3.0.7, smbldap is 0.8.5 what else did I do: 1) smbldap-populate 2) pdbedit -i smbpasswd:/usr/local/private/smbpasswd -e ldapsam:ldap://127.0.0.1 3) smbpasswd -w clear text password what is not very clear, should I use the same Manager account or not. It should be the password of the 'ldap admin dn' listed in your smb.conf file. however, account information was exported to LDAP successfully. samba is running well over that data. users can log in. but, when I do net groupmap ... I'm getting errors: sol# net groupmap list [2004/10/20 19:40:25, 0] lib/smbldap.c:smbldap_search_domain_info(1338) Adding domain info for SOLAR failed with NT_STATUS_UNSUCCESSFUL This means that 'ldap admin dn' does not have write access to the tree listed as 'ldap suffix' in your smb.conf file. You can fix it either in slapd.conf file by adding correct 'access' statement or change 'ldap admin dn' to the one which already have the right access. Domain Admins (S-1-5-21-1906877464-905504629-2230954338-512) - 512 Domain Users (S-1-5-21-1906877464-905504629-2230954338-513) - school Domain Guests (S-1-5-21-1906877464-905504629-2230954338-514) - 514 Print Operators (S-1-5-32-550) - 550 Backup Operators (S-1-5-32-551) - 551 Replicators (S-1-5-32-552) - 552 Those numbers mean that smbldap-populate expects that builtin Domain Group SIDs should be mapped into UNIX groups with gid the same as RID part of SID. Since you already have one of the gid's reserved for a group named 'school' it's not a good assumption for your site. You may want to create your own UNIX groups for 'Domain Admins' and so on and then use 'net groupmap modify' to update the mapping. sol# why pdbedit successfully migrated data, but net groupmap doesn't want to work with that ? Cheers, Ilia Chipitsine Hope it helps, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] patches for upcoming 3.0.8 [was polling for options on printing commands]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FOllow up from a few days ago. I think that 3.0.7 + printername_and_queue_update.patch (http://samba.org/~jerry/patches/post-3.0.7) should be working now. Can people test and let me know. The variable expansion is the lpq command should be working again. And the queue update daemon should be working correctly this time. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdn1oIR7qMdg1EfYRAvaMAJ9Oz7X+r+Tsgmx+HIRYb3RJVNBDSACeMAEH UhgzBWmEtYUCdzsq7LopXkg= =9+Ve -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Weird breakage with Roaming Profiles and Quotas
Been playing around with Samba as a domain controller a lot lately, with a rather nice setup. Latest samba and openldap backend, running on hardware SATA raid 5, with for the moment the only shares on XFS /home partition ontop of LVM running XFS quotas. It's all nice and spangley, expect for one thing.. It completely breaks when saving the roaming profile at logoff, and the quota is reached. I don't understand how this is happening, it may not the fault of samba at all, but here's what happens.. If the hard quota is reached, windows (XP Pro) cries about unable to save the .tmp file for each file in turn that it's trying to save. As you click OK to each one, it appears samba renames the random.tmp file to the proper name. The oddness is that, all the files it creates and names this way, *appear* to be their full size. They aren't, of course, the quota according to du and repquota is being honored, but the reported size of the files saved in the profile way exceeds this. I presume, they aren't actually the size they are at all, but I don't know how this is happening. Worse, when the quota limit is removed, the files are not updated at the next logoff. It seems windows must think the messed up files match the local ones and not bother. You end up in a situation where there's no telling which files actually have content and which are lying about their size. -- Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] Re: ADS valid users can't map share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Hi Jerry, | | Yes, I do use the username map file with Samba 3.0.2a | and the DOMAIN security mode. | | The Samba share is accessed by many workstations | exporting data files (via a background application) to | it on a regular basis. There is no need to log on | the Samba box therefore all workstations are using | the same Windows account and this account is associated | to a Unix one via the username map file. | | I am trying to do the same with Samba 3.0.7 and the ADS | security mode. | | Note: Although it is up to the Samba team to | determine the specifications of the product, I do | hope that the backward compatibility is kept as much as | possible. My gut feeling is that the username map should behave the same whether in security = domain or security = ads. However, to do this would mean that everyone in security = domain would have to update their username maps to user the fully qualified username instead of just the login portion. Do people think this would be a good change (for consistency)? Are people willing to read the release notes and make any necessary changces to their username map? :-) cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdn/MIR7qMdg1EfYRAq0/AKCIRSDCLOZU86sR8U43TaE105Lb1ACfY32V nk3Swb+MDchmfHo/fUMld+A= =CXEo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | How do you choose to authenticate using kerberos instead | of NTLM? Is that when you map as [EMAIL PROTECTED] | instead of DOMAIN\userid? It depends on whether you are using 'security = ads' and have a working kerberos installation or if you are using 'security = domain'. | Is there another way for me to do user mapping than | using the username map? I've seen some OpenLDAP method | of doing it, but since my goal is to map a handful of | ADS domain groups to individual unix id's, I | figured it was easier to just use username map instead | of setting up an LDAP schema. You are talking about group mapping. This does not require LDAP, but can be stored in and LDAP directory. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdoBKIR7qMdg1EfYRAjQ9AKC5fMb6pQGPPUj9MElWnFhP+fXCQwCgm9Dw bUYflDdIf8LOjflh3JWcYV8= =3HkH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba as PDC - Can't get user profiles to save properly
Hi Felix,
your problem sounds familiar to me. Please check the permission in your
profile directory.
Each active domain user needs a seperate directory with 750 as permission
and the owner has to be
the domain user, e.g. drwxr-x--- test users test. You also need the acl
support to save the
extended file attributes of Win2k like security permissions. The acl's are
not necessary to solve
your profiles problem.
If you use acls please make sure that your filesystem also support acl's.
That's take me a while :-)
bye Erik
--On Wednesday, October 20, 2004 01:12:33 PM +0100 Mac [EMAIL PROTECTED]
wrote:
Date: Tue, 19 Oct 2004 08:21:36 +0200
From: Felix Knoblach [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Samba] Re: Samba as PDC - Can't get user profiles to save
properly
Hi,
I'm still sitting fighting with this problem here I mentioned a little
while ago.
I'm running desperate on a problem with my windows user profiles here,
searched the net and read the docus alot but still no luck.
I've got an running Samba domain, an existing windows 2000 machine can
log into the domain properly. Furthermore, a test account is made
aswell, and the 2k machine is able to log in with that account. Now, my
problem is: When I try to change windows settings (like switch active
desktop to on) or delete/rename icons from my desktop, log out and in
again, all changes are undone like they've been not saved on the
server. But if I create new icons on the desktop and relog, those are
still there.
This doesn't sound quite like the problem I had, but it's work checking.
This all starts here:-
http://lists.samba.org/archive/samba/2004-April/084023.html
and ends here:-
http://lists.samba.org/archive/samba/2004-September/092379.html
and basically it's to do with a bug in the Nvidia Display Driver
Service. You can either disable the service ('startup - Manual') or
upgrade the drivers to a version with the fix in them.
If this issue doesn't affect you, then I'm sorry.
Mac
Assistant Systems Adminstrator @nibsc.ac.uk
[EMAIL PROTECTED]
Work: +44 1707 641565 Everything else: +44 7956 237670
(anytime) --
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
---
Erik Pagel, Systemadministration
ZBH Zentrum fuer Bioinformatik Hamburg
Universitaet Hamburg
Bundesstrasse 43
20146 Hamburg, Germany
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] print que not updating
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Spike Burkhardt wrote: | All, | | There was a similar thread in August but I'm not sure if | this is the same problem. Basically what's happening is that | I'm printing a desktop file(Word/Excel/IE) to a printer served | up on my samba server. The job prints, the file get | deleted on the server but in my system tray, it | seems like the job never gets removed from the que | or it's extremely slow. Sometimes the job does get deleted | from the que. It seems like once the job doesn't get | removed from the que it won't unless I specifically cancel | the job or I restart the samba server. I'm running | 3.0.6 on Solaris 8. The desktop is NT 4 SP6. Can | anyone help me out? Thanks! Should be fixed for 3.0.8. See the links to curtent 3.0.7 printing patches in several previous mails I sent out yesterday. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdoCTIR7qMdg1EfYRAsj3AJ4l65J6SWWluf5lc41ZqPsZ9LioNQCghVOx drL2GzViEmzQIPstFcO9/f0= =8rsm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Advanced Printer Features in Samba 3.0.7 / Cups 1.1.20 ...
Hello, I recently figured out, that it is impossible to activate the Advanced Printer Features of any printer attached to a samba server. The idea was simple: set up a cups print server, create raw printers, publish them via Samba and distribute corresponding driver files. Everything works fine, except of the general setting for the Advanced Printer Features. Root is able to change the value, but it is not saved. Searching the web made me come to the conclusion, that other users already got in trouble with it too. As far as I can assess it, there is no solution for this kind of problem. Does anyone know if it is agonizing any samba developer? Is there any samba developer planning to implement these features in near future? If not, I unfortunately have to go back to a Windows Print Server. That would be a pity! Best regards A. Duckert Landkreis Teltow-Fläming Kreisverwaltung / Hauptamt Automatisierte Datenverarbeitung Am Nuthefließ 2 14943 Luckenwalde Tel: 03371 608-1131 Fax: 03371 608-9110 E-Mail: [EMAIL PROTECTED] __ Die genannte E-Mail Adresse dient nur zum Empfang einfacher Mitteilungen ohne Signatur und/oder Verschlüsselung. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] samb3-ldap PDC and BDC
thanks, Mihai --- Andrew Bartlett [EMAIL PROTECTED] wrote: On Wed, 2004-10-20 at 18:16, Mihai Costache wrote: hi, until now (about 1 year ago) i was working only with samba3+ldap PDC, but in near future my company enlarge his network with 6 new branchs spreaded all oever the country and i must build a scalable network with Samba-3 PDCs and BDCs, implement LDAP replication and multiple LDAP backends, all this over some VPNs(ipsec) . so, can tell me anyone how work the relationship beetwen a samba3-ldap PDC and a samba3-ldap BDC and how openldap server must replicate ? If the WAN is not a single netbios scope, then just set up each remote DC as a PDC, otherwise configure as a BDC per the documentation. In any case, the replication stuff happens only at the OpenLDAP layer, and the procedure for setting this up is all described in the docs - the main site is the OpenLDAP master, and the remote sites are OpenLDAP slaves. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] ATTACHMENT part 2 application/pgp-signature name=signature.asc ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Hi Jerry, thanks a lot for your replay , but ... I think its my mistake , my problem description wasnt the best i fear, so let me try again; situation is as following : AD users can connect to a given share without any problem , the users are pure (AD)NT-USERS , without any unix-pendant . Now the problem; I am not able to restrict connections to a given AD group , getent group $group|grep $usr shows me the user is in the requested AD group, but valid users = domain\group fails in every combination Additionally i have to make clear , that this groups only exist in AD , not on unix host , maybe thats the problem I also tried to expand the valid users directive like valid users = `getent groups $groupname` think i have overlooked an important point..., but may be theres a workaround thanks in advance for your efforts kind regardsmartin schreiber Siemens Business Services CCN-ITS Betrieb Wien GUD Gudrunstrasse 11 A-1101 Wien Martin Schreiber Phone +43 5 1707 47565 Server-Administration Fax +43 5 1707 57560 mailto:[EMAIL PROTECTED] http://www.sbs.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
I'm sorry, I still don't quite follow you. I have security = ads, and, as far as I can tell, a working kerberos installation, so that means I'm using kerberos authentication, right? From the messages above, that means samba should be honoring the domain portion of entries in the username map, which it is not doing. Or am I using NTLM authentication for some weird reason? Greg On Wed, 20 Oct 2004 10:12:10 -0500, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | How do you choose to authenticate using kerberos instead | of NTLM? Is that when you map as [EMAIL PROTECTED] | instead of DOMAIN\userid? It depends on whether you are using 'security = ads' and have a working kerberos installation or if you are using 'security = domain'. | Is there another way for me to do user mapping than | using the username map? I've seen some OpenLDAP method | of doing it, but since my goal is to map a handful of | ADS domain groups to individual unix id's, I | figured it was easier to just use username map instead | of setting up an LDAP schema. You are talking about group mapping. This does not require LDAP, but can be stored in and LDAP directory. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdoBKIR7qMdg1EfYRAjQ9AKC5fMb6pQGPPUj9MElWnFhP+fXCQwCgm9Dw bUYflDdIf8LOjflh3JWcYV8= =3HkH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Experience on using Samba with XP SP2
rruegner schrieb: Hi Walter, relate to your answers i would say your win drivers arent very compatibel to win xp sp2, have you tried to get the printer directly connected to a win xp serv pack2 machine using with the same drivers? the driver I use is the newest driver of kyocera. But anyway, maybe there is the problem. If I change the default printer to another printer, as an HP Laserjet 6L with MS windows driver, the dialogue comes much more quickly (5 seconds). With the Kyocera-Mitas KM-2030 as standard printer, it takes 17 seconds to get the dialogue. if the buggy behavior stay with lokal conected drivers and printer you know that you have to wait for better drivers or trying another setup maybe using ghostscript drivers wih cups and/or raw printing. Best Regards Walter Willmertinger schrieb: rruegner schrieb: Hi Walter, i have the same setup samba 3.07 , cups win xp serv pack 2 german. I have noticed that something changed in behavior after the upgrade to win xp serv pack 2 , but non of your described failures are comming up in my setups for hp laser printers , and canon bjc 2000 as well as my pdf printer. I only noticed after upgrade to serv pack 2 that ich have to refresh the pinter icon in the taskbar now after printing is done to disapear. also my standart paper size is now switching to letter and not staying to default dina 4. But i have not upgraded my cups or/and win drivers ( which is allways recomended ), i wanted to cotroll this stuff these days but as this bugs are not really heavy for me , i will wait until there is time. I dont think this is really a problem with samba. Are you using cups? YES, I think it is cups 1.1.20 How is your smb.conf very simple: Here the relevant parts: # Global parameters [global] workgroup = CSINTERN server string = col Samba Server on RedHat log file = /usr/local/samba/var/log.%m max log size = 10 deadtime = 60 preferred master = No domain master = No ldap ssl = no printer admin = root, walterw, fritzw, gerhardj hosts allow = 192.168.1. [homes] comment = Home Directories read only = No create mask = 0750 [printers] comment = All Printers path = /var/spool/samba printer admin = root, walterw create mask = 0700 guest ok = Yes printable = Yes use client driver = Yes browseable = No [print$] comment = Share fuer Printer Treiber path = /usr/local/samba/lib/printers write list = root, walterw, fritzw, gerhardj [kyocera-ps] comment = Kopierdrucker mit Duplexfunktion path = /var/spool/samba printer admin = root, walterw read only = No create mask = 0700 guest ok = Yes printable = Yes printer name = KYOCERA use client driver = Yes oplocks = No share modes = No ** , have you checked cups logs, nothing special! do you have the latest printers? Yes, actual drivers What are this Printers ( Manufacter ) Kyocera, HP ... Have disabled the xp firewall Tried with and without firewall as well as the webclient services on xp, tried with enabled and disabled what are the event logs talking at the win xp? only on XP startup I get an error message: you can see in the appended temp.jpg If you don't see it: It is a message in sytem part. Source is MRxSmb Type is warning Event number is 3019 Text is: ( if I try to translate): Redirector Service cannot recognize the type of connection Is file sharing running corect with your samba machine? Yes, no problem, even with MS Access Is it a stand alone spooler , ??? do you do accounting, nothing setup are you printing via a printserver device yes, network print server, done over CUPS or direct over lpd/usb no! Do you use postscript/ghostscript filters, or direct win drivers? direct win drivers All this stuff must be tested and controlled to give you the right answer/help...there is no naturally reason why printing with samba should fail with win xp as far i know It does not fail, the startup of the print dialogue is just very slow !! When removing SP2, the problem has gone! Best Regards Walter Willmertinger schrieb: We have problems with printing after installing XP SP2. In nearly every software it takes about 10 seconds to 30 seconds, if you click on Print-Button and wait for the print dialogue window. Extremly slow are programs like MS Word (30 seconds, when you open a document the first time). Another problem, (but I am sure it's not a samba related problem): In some word documents you have problems viewing embedded graphics. Sometimes you see the graphics, sometimes not. It is not a problem with wrong settings (View - Use placeholders for Graphics). In preview there is no graphics, maybe after some scrolling the graphics appear, on the printout graphics are contained. Samba installed is 3.0.7 (compiled on RH 9.0 with standard options)! Regards, Walter rruegner schrieb: CHAN YICK WAI schrieb: Just would like to ask
[Samba] Home drives not being mounted. Samba 3.0.7 vs W2k TS
At a number of sites we are using Windows 2000 Server SP4 (APPSERVER) as a Terminal Server and a PDC. All user areas are stored on a NetBSD 1.6.2 server with Samba 3.0.7 using security = domain and a named password server. We've joined the domain from the Samba box (domain DOMAINNAME). In general everything works fine, but when a number of clients log on at around the same time (say 25 users at once), a fair proportion do not map their home drive. Doing a net use U: /home at a later time generally, but not always, maps it. It happens occasionally with 2.2.8, but we are getting feedback that 3.0.7 is much worse. An extract of a log at the time of failure: [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:make_auth_context_subsystem(467) Making default auth method list for security=domain [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match guest [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:load_auth_module(409) load_auth_module: auth method guest has a valid init [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match sam [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:load_auth_module(409) load_auth_module: auth method sam has a valid init [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match winbind:ntdomain [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match ntdomain [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:load_auth_module(409) load_auth_module: auth method ntdomain has a valid init [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:load_auth_module(409) load_auth_module: auth method winbind has a valid init [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module guest did not want to specify a challenge [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module sam did not want to specify a challenge [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module winbind did not want to specify a challenge [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:get_ntlm_challenge(135) auth_context challenge created by random [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth.c:get_ntlm_challenge(136) challenge is: [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/lib/util.c:dump_data(1835) [000] 69 C6 F2 30 FD DD 53 29 i..0..S) [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth_util.c:make_user_info_for_reply(403) make_user_info_for_reply: User passwords not in encrypted format. [2004/10/14 09:28:21, 4] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/lib/username.c:map_username(132) Scanning username map /usr/pkg/etc/samba/smbusers [2004/10/14 09:28:21, 10] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/lib/username.c:user_in_list(529) user_in_list: checking user 00bblues in list [2004/10/14 09:28:21, 10] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/lib/username.c:user_in_list(533) user_in_list: checking user |00bblues| against |administrator| [2004/10/14 09:28:21, 5] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/auth/auth_util.c:make_user_info_map(225) make_user_info_map: Mapping user []\[00bblues] from workstation [nc91] [2004/10/14 09:28:21, 10] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/lib/gencache.c:gencache_get(264) Returning valid cache entry: key = TDOMCACHE/TIMESTAMP, value = 0, timeout = Thu Oct 14 09:37:47 2004 [2004/10/14 09:28:21, 10] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/lib/gencache.c:gencache_set(127) Adding cache entry with key = TDOMCACHE/TIMESTAMP; value = 0 and timeout = Thu Oct 14 09:38:21 2004 (600 seconds ahead) [2004/10/14 09:28:21, 4] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/passdb/secrets.c:secrets_fetch_trust_account_password(290) Using cleartext machine password [2004/10/14 09:28:21, 8] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/libsmb/namequery.c:get_sorted_dc_list(1416) get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] [2004/10/14 09:28:21, 10] /usr/pkgsrc/net/samba/work/samba-3.0.7/source/libsmb/namequery.c:internal_resolve_name(1010) internal_resolve_name: looking up APPSERVER#20
Re: [Samba] Re: ADS valid users can't map share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | I'm sorry, I still don't quite follow you. | | I have security = ads, and, as far as I can tell, | a working kerberos installation, so that means I'm | using kerberos authentication, right? Correct. | From the messages above, that means samba should | be honoring the domain portion of entries in the | username map, which it is not doing. Or am I | using NTLM authentication for some weird reason? smbd should be honoring entries like jerry = AD\gcarter You can check a level 10 smbd debug log to verify that the krb5 SNPEGO login is working. I'll work on getting the NTLM/username map functionality fixed. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdodUIR7qMdg1EfYRAsoNAKDfDj12mHbQtIByveM8h5GMhYJK2QCfeo9g HmSadb1FMvxE59cwtY+BcjA= =V897 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Advanced Printer Features in Samba 3.0.7 / Cups 1.1.20 ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Duckert, 10, Kreis TF wrote: | Hello, | | I recently figured out, that it is impossible to | activate the Advanced Printer Features of any printer | ttached to a samba server. The idea was simple: set up a | cups print server, create raw printers, publish them via | Samba and distribute corresponding driver files. | Everything works fine, except of the general setting for | the Advanced Printer Features. Root is able to change | the value, but it is not saved. | | Searching the web made me come to the conclusion, that | other users already got in trouble with it too. As far as I | can assess it, there is no solution for this kind of problem. | Does anyone know if it is agonizing any samba developer? Is | there any samba developer planning to implement these features | in near future? If not, I unfortunately have to go back to a | Windows Print Server. That would be a pity! You should search the mailing list archives more often. :-) We went through this same thread 2 weeks ago. The trhead starts here: http://marc.theaimsgroup.com/?l=sambam=109636296125094w=2 and my final reply is: http://marc.theaimsgroup.com/?l=sambam=109759835403371w=2 So the real question is what are using missing by using RAW printing over EMF printing? Are clients using UNIDRIVER print drivers ? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdoleIR7qMdg1EfYRAg/pAKCXz44NcD22TJocYlmfiOvLAI3J8gCZAf0D z42EDUkHVVUlAopZleO41NY= =myaI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | I'm sorry, I still don't quite follow you. | | I have security = ads, and, as far as I can tell, | a working kerberos installation, so that means I'm | using kerberos authentication, right? Correct. | From the messages above, that means samba should | be honoring the domain portion of entries in the | username map, which it is not doing. Or am I | using NTLM authentication for some weird reason? smbd should be honoring entries like jerry = AD\gcarter You can check a level 10 smbd debug log to verify that the krb5 SNPEGO login is working. I'll work on getting the NTLM/username map functionality fixed. Jerry, Are you saying that username will be sent differently depending on the protocol Samba and ADS agree to? And that if it's Kerberos, the name will be Domain name\username even if 'winbind separator = +' in smb.conf? Thanks, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Igor Belyi wrote: | Are you saying that username will be sent differently | depending on the protocol Samba and ADS agree to? And | that if it's Kerberos, the name will be Domain name\username | even if 'winbind separator = +' in smb.conf? No. It's not a protocol issue. It's a bug in smbd. We call map_username() on the fully qualified username (using whatever winbind separator you have set in smb.conf) when handling a kerberos SMBsessetupX and only pass the login name when doing the NTLM authentication. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdowIIR7qMdg1EfYRAupBAJ9GCAC7922CG88/rDdiW+tvfcKYRwCggYQu Ib/k8G2apezHXrbLftemmdE= =1O0o -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
I tried to send a level 10 log from the moment of connection to the user that should be mapped touching a file, but the attachment was too large and the messages bounced, awaiting moderator approval. So instead, I'll try to post the sections I think are relevant here: searching for spnego and username.map led me to this section: * [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 1 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2004/10/18 08:19:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[imguser] domain=[EDSADDDM] workstation=[MULE] len1=24 len2=24 [2004/10/18 08:19:25, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66) auth_context challenge set by NTLMSSP callback (NTLM2) [2004/10/18 08:19:25, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67) challenge is: [2004/10/18 08:19:25, 5] lib/util.c:dump_data(1835) [000] C7 63 4B 45 C2 48 96 F8 .cKE.H.. [2004/10/18 08:19:25, 6] param/loadparm.c:lp_file_list_changed(2681) lp_file_list_changed() file /opt/samba/lib/smb.conf - /opt/samba/lib/smb.conf last mod_time: Mon Oct 18 07:57:06 2 004 [2004/10/18 08:19:25, 4] lib/username.c:map_username(132) Scanning username map /opt/samba/lib/username.map [2004/10/18 08:19:25, 10] lib/username.c:user_in_list(529) user_in_list: checking user imguser in list [2004/10/18 08:19:25, 10] lib/username.c:user_in_list(533) user_in_list: checking user |imguser| against |EDSADDDM+imguser| [2004/10/18 08:19:25, 10] lib/username.c:user_in_list(610) user_in_list: checking if user |imguser| is in winbind group |EDSADDDM+imguser| [2004/10/18 08:19:26, 5] auth/auth_util.c:make_user_info_map(225) make_user_info_map: Mapping user [EDSADDDM]\[imguser] from workstation [MULE] [2004/10/18 08:19:26, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = TDOM/EDSADDDM, value = S-1-5-21-764805150-3330113275-14862 79211, timeout = Mon Oct 18 08:24:08 2004 * From checking user |imguser| against |EDSADDDM+imguser|, when EDSADDDM+imguser is in my username.map, it would appear that the domain (EDSADDDM) is not being passed. How can I tell from the level 10 log if I'm using NTLM or Kerberos authentication? Specifically, what can I search through the log for in order to find a section to post? Thanks for all your help. Greg On Wed, 20 Oct 2004 10:42:12 -0500, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | I'm sorry, I still don't quite follow you. | | I have security = ads, and, as far as I can tell, | a working kerberos installation, so that means I'm | using kerberos authentication, right? Correct. | From the messages above, that means samba should | be honoring the domain portion of entries in the | username map, which it is not doing. Or am I | using NTLM authentication for some weird reason? smbd should be honoring entries like jerry = AD\gcarter You can check a level 10 smbd debug log to verify that the krb5 SNPEGO login is working. I'll work on getting the NTLM/username map functionality fixed. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdodUIR7qMdg1EfYRAsoNAKDfDj12mHbQtIByveM8h5GMhYJK2QCfeo9g HmSadb1FMvxE59cwtY+BcjA= =V897 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | I tried to send a level 10 log from the moment of connection to the | user that should be mapped touching a file, but the attachment was too | large and the messages bounced, awaiting moderator approval. So | instead, I'll try to post the sections I think are relevant here: | | searching for spnego and username.map led me to this section: | * | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) | Doing spnego session setup | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) | NativeOS=[Windows 2002 Service Pack 1 2600] NativeLanMan=[Windows | 2002 5.1] PrimaryDomain=[] | [2004/10/18 08:19:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) | Got user=[imguser] domain=[EDSADDDM] workstation=[MULE] len1=24 | len2=24 NTLMSSP authentication here. Not kerberos. :-) So maybe you have 2 problems going on ? username map and kerberos | Scanning username map /opt/samba/lib/username.map | user_in_list: checking user imguser in list | user_in_list: checking user |imguser| against |EDSADDDM+imguser| | make_user_info_map: Mapping user [EDSADDDM]\[imguser] from | workstation [MULE] cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdo31IR7qMdg1EfYRAsQxAKDPJvHy9xEcDFj2vs206GRyQ3nkdgCffYBy zU0nasCPyhoO9pfobcZDpIo= =YogI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Experience on using Samba with XP SP2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Walter Willmertinger wrote: | | | rruegner schrieb: | | Hi Walter, | relate to your answers i would say your win drivers arent very | compatibel to win xp sp2, | have you tried to get the printer directly connected to a win xp serv | pack2 machine using with the same drivers? | | | the driver I use is the newest driver of kyocera. But anyway, maybe | there is the problem. | If I change the default printer to another printer, as an HP Laserjet 6L | with MS windows driver, the dialogue comes much more quickly (5 | seconds). With the Kyocera-Mitas KM-2030 as standard printer, it takes | 17 seconds to get the dialogue. Could not be a bug just a chatty driver then. The HP Laserjet 8150 PCL 6 driver is a lot like this as well. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdo5nIR7qMdg1EfYRAok6AKCVKRYQsXbsVHF25/uzyNV9Qcv2vwCgvP2m VPyLErkc0Q4CBqhbtHRLxpc= =M3wB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | I tried to send a level 10 log from the moment of connection to the | user that should be mapped touching a file, but the attachment was too | large and the messages bounced, awaiting moderator approval. So | instead, I'll try to post the sections I think are relevant here: | | searching for spnego and username.map led me to this section: | * | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) | Doing spnego session setup | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) | NativeOS=[Windows 2002 Service Pack 1 2600] NativeLanMan=[Windows | 2002 5.1] PrimaryDomain=[] | [2004/10/18 08:19:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) | Got user=[imguser] domain=[EDSADDDM] workstation=[MULE] len1=24 | len2=24 NTLMSSP authentication here. Not kerberos. :-) So maybe you have 2 problems going on ? username map and kerberos | Scanning username map /opt/samba/lib/username.map | user_in_list: checking user imguser in list | user_in_list: checking user |imguser| against |EDSADDDM+imguser| | make_user_info_map: Mapping user [EDSADDDM]\[imguser] from | workstation [MULE] I've got the log when it was sent originally and I think the following is more relevant part. I just don't know which one of the autentication methods is used for Kerberos. It looks like the NTLM is the one which got selected. [2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match guest [2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method guest has a valid init [2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match sam [2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method sam has a valid init [2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match winbind:ntdomain [2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match ntdomain [2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method ntdomain has a valid init [2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method winbind has a valid init [2004/10/18 08:08:04, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe008b297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/10/18 08:08:04, 5] auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module guest did not want to specify a challenge [2004/10/18 08:08:04, 5] auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module sam did not want to specify a challenge [2004/10/18 08:08:04, 5] auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module winbind did not want to specify a challenge [2004/10/18 08:08:04, 5] auth/auth.c:get_ntlm_challenge(135) auth_context challenge created by random Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
That completely sucks! kinit and klist seem to work: * # kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/20/04 09:20:13 10/20/04 19:20:14 krbtgt/[EMAIL PROTECTED] renew until 10/21/04 09:20:13 * I don't have a krb5.conf to screw things up, on the recommendation of either the Official Samba Howto or the By Example document. * Here's my smb.conf: # cat smb.conf [global] workgroup = EDSADDDM realm = EDSADDDM.DDM.APM.BPM.EDS.COM server string = Maul Test Server log level = 2 max log size = 100 security = ADS local master = no os level = 0 domain master = no preferred master = no wins server = 199.42.192.103 dns proxy = no encrypt passwords = yes idmap uid = 6-7 idmap gid = 8-9 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = no [space] comment = Space Partition Share path = /space writable = yes browsable = yes valid users = EDSADDDM+imguser * So can anyone tell me what's causing Samba to use NTLM authentication instead of Kerberos? And how do I fix it? Greg On Wed, 20 Oct 2004 11:10:29 -0500, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | I tried to send a level 10 log from the moment of connection to the | user that should be mapped touching a file, but the attachment was too | large and the messages bounced, awaiting moderator approval. So | instead, I'll try to post the sections I think are relevant here: | | searching for spnego and username.map led me to this section: | * | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) | Doing spnego session setup | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) | NativeOS=[Windows 2002 Service Pack 1 2600] NativeLanMan=[Windows | 2002 5.1] PrimaryDomain=[] | [2004/10/18 08:19:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) | Got user=[imguser] domain=[EDSADDDM] workstation=[MULE] len1=24 | len2=24 NTLMSSP authentication here. Not kerberos. :-) So maybe you have 2 problems going on ? username map and kerberos | Scanning username map /opt/samba/lib/username.map | user_in_list: checking user imguser in list | user_in_list: checking user |imguser| against |EDSADDDM+imguser| | make_user_info_map: Mapping user [EDSADDDM]\[imguser] from | workstation [MULE] cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdo31IR7qMdg1EfYRAsQxAKDPJvHy9xEcDFj2vs206GRyQ3nkdgCffYBy zU0nasCPyhoO9pfobcZDpIo= =YogI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
Here's maybe even more relevant part of the log: [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 2 840 48018 1 2 2 [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 2 840 113554 1 2 2 [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 48 [2004/10/18 08:08:04, 5] auth/auth.c:make_auth_context_subsystem(498) Making default auth method list for security=ADS If I interpret it correctly, then either KRB5 is not compiled in for this smbd or OID return by ADS does not require Kerberos authentication... Igor Greg Adams wrote: That completely sucks! kinit and klist seem to work: * # kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/20/04 09:20:13 10/20/04 19:20:14 krbtgt/[EMAIL PROTECTED] renew until 10/21/04 09:20:13 * I don't have a krb5.conf to screw things up, on the recommendation of either the Official Samba Howto or the By Example document. * Here's my smb.conf: # cat smb.conf [global] workgroup = EDSADDDM realm = EDSADDDM.DDM.APM.BPM.EDS.COM server string = Maul Test Server log level = 2 max log size = 100 security = ADS local master = no os level = 0 domain master = no preferred master = no wins server = 199.42.192.103 dns proxy = no encrypt passwords = yes idmap uid = 6-7 idmap gid = 8-9 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = no [space] comment = Space Partition Share path = /space writable = yes browsable = yes valid users = EDSADDDM+imguser * So can anyone tell me what's causing Samba to use NTLM authentication instead of Kerberos? And how do I fix it? Greg On Wed, 20 Oct 2004 11:10:29 -0500, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | I tried to send a level 10 log from the moment of connection to the | user that should be mapped touching a file, but the attachment was too | large and the messages bounced, awaiting moderator approval. So | instead, I'll try to post the sections I think are relevant here: | | searching for spnego and username.map led me to this section: | * | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) | Doing spnego session setup | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) | NativeOS=[Windows 2002 Service Pack 1 2600] NativeLanMan=[Windows | 2002 5.1] PrimaryDomain=[] | [2004/10/18 08:19:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) | Got user=[imguser] domain=[EDSADDDM] workstation=[MULE] len1=24 | len2=24 NTLMSSP authentication here. Not kerberos. :-) So maybe you have 2 problems going on ? username map and kerberos | Scanning username map /opt/samba/lib/username.map | user_in_list: checking user imguser in list | user_in_list: checking user |imguser| against |EDSADDDM+imguser| | make_user_info_map: Mapping user [EDSADDDM]\[imguser] from | workstation [MULE] cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdo31IR7qMdg1EfYRAsQxAKDPJvHy9xEcDFj2vs206GRyQ3nkdgCffYBy zU0nasCPyhoO9pfobcZDpIo= =YogI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
Igor Belyi wrote: Here's maybe even more relevant part of the log: [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 2 840 48018 1 2 2 [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 2 840 113554 1 2 2 This OID corresponds to Kerberos authentication... So, it could be the case that Samba is not compiled with Kerberos?.. Igor [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 48 [2004/10/18 08:08:04, 5] auth/auth.c:make_auth_context_subsystem(498) Making default auth method list for security=ADS If I interpret it correctly, then either KRB5 is not compiled in for this smbd or OID return by ADS does not require Kerberos authentication... Igor Greg Adams wrote: That completely sucks! kinit and klist seem to work: * # kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/20/04 09:20:13 10/20/04 19:20:14 krbtgt/[EMAIL PROTECTED] renew until 10/21/04 09:20:13 * I don't have a krb5.conf to screw things up, on the recommendation of either the Official Samba Howto or the By Example document. * Here's my smb.conf: # cat smb.conf [global] workgroup = EDSADDDM realm = EDSADDDM.DDM.APM.BPM.EDS.COM server string = Maul Test Server log level = 2 max log size = 100 security = ADS local master = no os level = 0 domain master = no preferred master = no wins server = 199.42.192.103 dns proxy = no encrypt passwords = yes idmap uid = 6-7 idmap gid = 8-9 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = no [space] comment = Space Partition Share path = /space writable = yes browsable = yes valid users = EDSADDDM+imguser * So can anyone tell me what's causing Samba to use NTLM authentication instead of Kerberos? And how do I fix it? Greg On Wed, 20 Oct 2004 11:10:29 -0500, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | I tried to send a level 10 log from the moment of connection to the | user that should be mapped touching a file, but the attachment was too | large and the messages bounced, awaiting moderator approval. So | instead, I'll try to post the sections I think are relevant here: | | searching for spnego and username.map led me to this section: | * | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) | Doing spnego session setup | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) | NativeOS=[Windows 2002 Service Pack 1 2600] NativeLanMan=[Windows | 2002 5.1] PrimaryDomain=[] | [2004/10/18 08:19:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) | Got user=[imguser] domain=[EDSADDDM] workstation=[MULE] len1=24 | len2=24 NTLMSSP authentication here. Not kerberos. :-) So maybe you have 2 problems going on ? username map and kerberos | Scanning username map /opt/samba/lib/username.map | user_in_list: checking user imguser in list | user_in_list: checking user |imguser| against |EDSADDDM+imguser| | make_user_info_map: Mapping user [EDSADDDM]\[imguser] from | workstation [MULE] cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdo31IR7qMdg1EfYRAsQxAKDPJvHy9xEcDFj2vs206GRyQ3nkdgCffYBy zU0nasCPyhoO9pfobcZDpIo= =YogI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
Igor Belyi wrote: Igor Belyi wrote: Here's maybe even more relevant part of the log: [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 2 840 48018 1 2 2 [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 2 840 113554 1 2 2 This OID corresponds to Kerberos authentication... So, it could be the case that Samba is not compiled with Kerberos?.. No, wait! Samba checks only the first OID! And this is the reason for NTLM! Here's the comment from source/smbd/sesssetup.c: /* only look at the first OID for determining the mechToken -- accoirding to RFC2478, we should choose the one we want and renegotiate, but i smell a client bug here.. Problem observed when connecting to a member (samba box) of an AD domain as a user in a Samba domain. Samba member server sent back krb5/mskrb5/ntlmssp as mechtypes, but the client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an NTLMSSP mechtoken. --jerry */ Jerry, that's your comment, right? :) Igor [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 48 [2004/10/18 08:08:04, 5] auth/auth.c:make_auth_context_subsystem(498) Making default auth method list for security=ADS If I interpret it correctly, then either KRB5 is not compiled in for this smbd or OID return by ADS does not require Kerberos authentication... Igor Greg Adams wrote: That completely sucks! kinit and klist seem to work: * # kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/20/04 09:20:13 10/20/04 19:20:14 krbtgt/[EMAIL PROTECTED] renew until 10/21/04 09:20:13 * I don't have a krb5.conf to screw things up, on the recommendation of either the Official Samba Howto or the By Example document. * Here's my smb.conf: # cat smb.conf [global] workgroup = EDSADDDM realm = EDSADDDM.DDM.APM.BPM.EDS.COM server string = Maul Test Server log level = 2 max log size = 100 security = ADS local master = no os level = 0 domain master = no preferred master = no wins server = 199.42.192.103 dns proxy = no encrypt passwords = yes idmap uid = 6-7 idmap gid = 8-9 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = no [space] comment = Space Partition Share path = /space writable = yes browsable = yes valid users = EDSADDDM+imguser * So can anyone tell me what's causing Samba to use NTLM authentication instead of Kerberos? And how do I fix it? Greg On Wed, 20 Oct 2004 11:10:29 -0500, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Adams wrote: | I tried to send a level 10 log from the moment of connection to the | user that should be mapped touching a file, but the attachment was too | large and the messages bounced, awaiting moderator approval. So | instead, I'll try to post the sections I think are relevant here: | | searching for spnego and username.map led me to this section: | * | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) | Doing spnego session setup | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) | NativeOS=[Windows 2002 Service Pack 1 2600] NativeLanMan=[Windows | 2002 5.1] PrimaryDomain=[] | [2004/10/18 08:19:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) | Got user=[imguser] domain=[EDSADDDM] workstation=[MULE] len1=24 | len2=24 NTLMSSP authentication here. Not kerberos. :-) So maybe you have 2 problems going on ? username map and kerberos | Scanning username map /opt/samba/lib/username.map | user_in_list: checking user imguser in list | user_in_list: checking user |imguser| against |EDSADDDM+imguser| | make_user_info_map: Mapping user [EDSADDDM]\[imguser] from | workstation [MULE] cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdo31IR7qMdg1EfYRAsQxAKDPJvHy9xEcDFj2vs206GRyQ3nkdgCffYBy
[Samba] Problems using admin users option on share
Hello, I have set the admin users option on my share in the following manner: clip [augusta_vol1] comment = L: Drive path = /home/augusta_vol1 create mask = 0770 directory mask = 0770 admin users = stuttle hide unreadable = no writable = Yes vfs objects = recycle recycle:repository = .recycle/%U recycle:keeptree = yes recycle:versions = yes recycle:touch = yes clip. I am trying to access the following files and get access denied in windows: [EMAIL PROTECTED] augusta_vol1]# ll total 584 drwx---r-x 36 root root 4096 Oct 11 2003 APPS drwx-- 18 root root 4096 Oct 13 2003 CLIP52 drwx---r-x 92 root root 8192 Feb 24 2004 COMMON drwx--2 root root 4096 Oct 11 2003 GROUPS drwx--9 lwilson hr 24576 Jun 4 10:56 HRPR drwx--5 root root 4096 Oct 13 2003 PROGRAM drwxrwx--- 34 lbateman it 4096 Jun 23 13:32 SBA Image Files -rwxr-1 root root 210704 Sep 22 14:12 SRVMGR.EXE drwx---r-x 91 root root 8192 Oct 13 10:29 USERS -rwxr-1 root root 305936 Sep 22 14:12 USRMGR.EXE drwxr-xr-x 21 root root 4096 Jan 1 1980 WINAPPS [EMAIL PROTECTED] augusta_vol1]# I cannot access CLIP52 GROUPS HRPR PROGRAM SRVMGR.EXE USERMGR.EXE The other folder I can get into because of the r-x on the world portion but I was hoping admin users would let me go everywhere.. Any ideas... Thanks Spencer Tuttle American Investment Bank -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Igor Belyi wrote: | No, wait! Samba checks only the first OID! And this is the | reason for NTLM! Here's the comment from source/smbd/sesssetup.c: | |/* only look at the first OID for determining the mechToken -- | accoirding to RFC2478, we should choose the one we want | and renegotiate, but i smell a client bug here.. | | Problem observed when connecting to a member (samba box) | of an AD domain as a user in a Samba domain. Samba member | server sent back krb5/mskrb5/ntlmssp as mechtypes, but the | client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an | NTLMSSP mechtoken. --jerry */ | | Jerry, that's your comment, right? :) Yup. That's my change. But since the NTLM authentication is succeeding, then I'll assume that the token sent back was an NTLMSSP tocken as well. So for some reason the client either can't or won't obtain a ticket for the Samba server. DNS reverse mapping glitch perhaps? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdpiyIR7qMdg1EfYRAhkSAKCz5jArueaNlNEVTlQwUfSn6/9rJwCgsgIU LrjSz0PkLk5F7KOGkBTWZn0= =13vU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Igor Belyi wrote: | No, wait! Samba checks only the first OID! And this is the | reason for NTLM! Here's the comment from source/smbd/sesssetup.c: | |/* only look at the first OID for determining the mechToken -- | accoirding to RFC2478, we should choose the one we want | and renegotiate, but i smell a client bug here.. | | Problem observed when connecting to a member (samba box) | of an AD domain as a user in a Samba domain. Samba member | server sent back krb5/mskrb5/ntlmssp as mechtypes, but the | client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an | NTLMSSP mechtoken. --jerry */ | | Jerry, that's your comment, right? :) Yup. That's my change. But since the NTLM authentication is succeeding, then I'll assume that the token sent back was an NTLMSSP tocken as well. So for some reason the client either can't or won't obtain a ticket for the Samba server. Do you mean NTLM got negotiated earlier than that code? Or that client obtains Kerberos tickets directly from security server and then just passes them to Samba server? Where those OIDs corresponding to Kerberos come from then? I don't have ADS and I never saw one. I apologize if my questions are naive. Thanks, Igor DNS reverse mapping glitch perhaps? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ADS valid users can't map share
Igor Belyi wrote: Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Igor Belyi wrote: | No, wait! Samba checks only the first OID! And this is the | reason for NTLM! Here's the comment from source/smbd/sesssetup.c: | |/* only look at the first OID for determining the mechToken -- | accoirding to RFC2478, we should choose the one we want | and renegotiate, but i smell a client bug here.. | | Problem observed when connecting to a member (samba box) | of an AD domain as a user in a Samba domain. Samba member | server sent back krb5/mskrb5/ntlmssp as mechtypes, but the | client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an | NTLMSSP mechtoken. --jerry */ | | Jerry, that's your comment, right? :) Yup. That's my change. But since the NTLM authentication is succeeding, then I'll assume that the token sent back was an NTLMSSP tocken as well. So for some reason the client either can't or won't obtain a ticket for the Samba server. Do you mean NTLM got negotiated earlier than that code? Or that client obtains Kerberos tickets directly from security server and then just passes them to Samba server? Where those OIDs corresponding to Kerberos come from then? I don't have ADS and I never saw one. I apologize if my questions are naive. Thanks, Igor DNS reverse mapping glitch perhaps? Do you mean it can be related to the machine's domain not being the same as Realm? The corresponding bug: https://bugzilla.samba.org/show_bug.cgi?id=1651 I just don't know what symptoms may result in this mismatch. Will Samba fall back to NTLM if Kerberos authentication is unsuccesful? What else Greg should check to find the reason of failure? Thanks, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + (LDAP + Kerberos V)
So like at least a handful of people before me I have begun the valiant stugle to unify logins at my place of business. I have setup a test LDAP + Kerberos V cluster. And I have Setup a test Samba 3 PDC. What I would like to do is get Samba to handle kerberos ticket granting and authentication to the (LDAP + Kerberos V) Directory. Such that Windows is completely unaware of the existence of Kerberos. And, also such that I don't have to keep samba domain passwords in ldap and sync them to kerberos in some sort of bizarre otherworldly failure in authentication unification. (Pardon my attempts at prose I am working on 3 hours of sleep) The question is really one of what you might suggest in terms of a design, particularly if you have tried and/or done this in the past. I have heard at least with samba 2 what I am trying is impossible. Not sure with Samba 3. I am wondering if the Active Directory support can be employed to my benefit in this manner. Now, assuming the worst and samba is incapable of handling kerberos tickets, and assuming i manage to handle tickets in ldap itself I can authenticate LDAP Sambe users of Kerberos without having to keep a synced password db correct? -Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Fwd: Re: [Samba] Intermittent Network name cannot be found error
Hi Mac, Thanks for your reply. I did try profile acls = yes on the Profiles share. This does seem to have helped but has not totally resolved the problem. Users still seem to pick up the same error now and again when logging on. Most of the time it works perfectly, though perhaps 2 out of 10 times the error will pop up. David. Mac wrote: Hi guys, Unfortunately I've still made no progress on this. Is disabling the roaming profile permission checking in XP the only way to fix this ? Will any future versions of Samba have something that we can do in Samba on the server side to work around this ? Have you tried the setting called:- profile acls Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Browsing between linux boxes
My problem appears to be too simple to be addressed in the documentation, being a linux-to-linux problem. This is a mixed home lan, but the majority of file sharing is done between three linux boxes. All three have a public directory, but the one on box1 is mainly used for file sharing. All of this worked well with our old Samba 2 setup, but has now gone to pieces. Two of the boxes are using Samba 3.0.6 and one 3.0.7. Taking box1, then, as the most important one, other than /homes there are two shares declared: [home91] comment = home91 path = /mnt/home91 valid users = anne david writable = yes browseable = yes [public] browseable = yes comment = Anne-Linux Public writable = yes path = /Public force group = 100 The first one appears to work well. The second one, though, is problematic. It is possible to mount the share and write to the directory, but I cannot umount. I get the error that the device or resource is busy. The share disappears from the mount point, but it still shows in either smb4k or LinNeighborhood as being mounted, and any further attempt to mount it reports that it is already mounted. The 'force group' line has been added because the logs showed that david, for instance was accessing as david:david, and I wondered if the group was part of the problem. /Public was initiall anne:users, though I have now changed it to root:users. Any suggestions for troubleshooting would be gratefully received. Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP weirdness
On Wednesday 20 October 2004 09:27, Igor Belyi wrote: Ilia Chipitsine wrote: but, when I do net groupmap ... I'm getting errors: You need to remove those groups and add them properly with the smbldap-tools: smbldap-groupadd -a mygroup That will add the UNIX group and the Samba group mapping in one step. Yes I was pulling my hair out about this just this week! Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + (LDAP + Kerberos V)
Matt Joyce írta: So like at least a handful of people before me I have begun the valiant stugle to unify logins at my place of business. I have setup a test LDAP + Kerberos V cluster. And I have Setup a test Samba 3 PDC. What I would like to do is get Samba to handle kerberos ticket granting and authentication to the (LDAP + Kerberos V) Directory. Such that Windows is completely unaware of the existence of Kerberos. And, also such that I don't have to keep samba domain passwords in ldap and sync them to kerberos in some sort of bizarre otherworldly failure in authentication unification. (Pardon my attempts at prose I am working on 3 hours of sleep) The question is really one of what you might suggest in terms of a design, particularly if you have tried and/or done this in the past. I have heard at least with samba 2 what I am trying is impossible. Not sure with Samba 3. I am wondering if the Active Directory support can be employed to my benefit in this manner. You can read more about it at: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Now, assuming the worst and samba is incapable of handling kerberos tickets, and assuming i manage to handle tickets in ldap itself I can authenticate LDAP Sambe users of Kerberos without having to keep a synced password db correct? -Matt Cheers Geza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PointPrint adding NT/2K drivers issue
Hi all, Samba 3.0.7 and using CUPS printing. I am logged in as root to an XP Pro system, I have used the APW to install the XP drivers to all of my printers. I went to Shared and clicked Additional Drivers and checkmarked both 9x and NT/2K boxes. Using drivers straight from the HP website, the 9x driver installs fine, but it seems like I can't get any NT/2K drivers to install. I just get Windows can't find a valid driver even though I am using the W2K drivers straight from the HP website. This happens on a Laserjet 5N, a Color Laserjet 8500, and a Laserjet 4050. Have I not set up print$ correctly? Here is its directory listing: oink:/data/samba/drivers # ls -R .: . .. W32X86 WIN40 ./W32X86: . .. 2 3 ./W32X86/2: . HPBFDF1.HLP HPCLJ85D.DLL HPRASDUI.HLP PSCRPTUI.DLL hpblff3.dll ..HPBFDF2.DLL HPCLJ85N.DLL HP_CLJ85.PPD TRBLHELP.HLP hpblff41.pmd HDIHELP.HLP HPBFDF3.DLL HPCLJ85U.DLL MTL70UM.DLL hpblff0.dll hpblff7.dll HP4050_6.PPD HPBFDF5.DLL HPDCMON.DLL PJLMON.DLLhpblff1.dll hpblff9e.hlp HPBAFD32.DLL HPBFDF5.PMD HPLJ5M_4.PPD PSCRIPT.DLL hpblff2.dll hpbxlk1.DLL HPBFDF0.DLL HPBFDF6.DLL HPPSHELP.HLP PSCRIPT.HLP hpblff21.dll hpbxlk2.DLL HPBFDF1.DLL HPBFTM32.DLL HPRASDUI.DLL PSCRIPT.SEP hpblff22.dll hpbxlk3.DLL ./W32X86/3: . HPCJRUI.DLL PS5UI.DLL UNIDRV.HLPhpbf002i.pmd hpcstr02.dll ..HPCLJX.HLPPSCRIPT.HLP UNIDRVUI.DLL hpbftm32.dll hpcui02.dll AGACCST1.PPD HPLJ4PS.GPD PSCRIPT.NTF UNIRES.DLLhpcabout.dll hpdcmon.dll APLWBGR1.PPD HPLJ5M_4.PPD PSCRIPT5.DLL hpbafd32.dll hpcljx02.hlp hpljps1.ini APLWGRI2.PPD HPLJ5N.GPDSTDNAMES.GPD hpbf002e.dll hpcprd02.dll HP4PLUS6.PPD HP_CLJ85.PPD TTFSUB.GPDhpbf002e.hlp hpcps02.ini HPCJRRPS.DLL PCL5ERES.DLL UNIDRV.DLLhpbf002g.dll hpcstr.dll ./WIN40: . .. 0 ./WIN40/0: . HPBPCLA1.DLL HPBXLA1.dll ICONLIB.DLL ctl3dv2.dll hpcps02.ini ..HPBPCLA2.DLL HPBXLA2.dll PS5UI.DLL hpbafd32.dll hpcstr02.dll ADFONTS.MFM HPBPCLA3.DLL HPBXLA3.dll PSCRIPT.DLL hpbf002e.dll hpcui02.dll HDIHELP.HLP HPBPCLA4.DLL HPLJ5M_4.PPD PSCRIPT.HLP hpbf002e.hlp hpdcmon.dll HP4050_6.PPD HPBPCLA5.DLL HPPSHELP.HLP PSCRIPT.NTF hpbf002g.dll hpprn02.dll HP4PLUS6.PPD HPBPCLA6.DLL HPTABS16.DLL PSCRIPT.SEP hpbf002i.pmd HP8500R.ICM HPBPCLA6.HLP HP_CLJ85.DLL PSCRIPT5.DLL hpbftm32.dll HPBPCLA.DRV HPBXLA.DRVHP_CLJ85.DRV PSCRPTUI.DLL hpcljx02.hlp HPBPCLA.HLP HPBXLA.HLPHP_CLJ85.PPD TRBLHELP.HLP hpcprd02.dll -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + (LDAP + Kerberos V)
Matt Joyce írta: Gémes Géza wrote: Matt Joyce írta: So like at least a handful of people before me I have begun the valiant stugle to unify logins at my place of business. I have setup a test LDAP + Kerberos V cluster. And I have Setup a test Samba 3 PDC. What I would like to do is get Samba to handle kerberos ticket granting and authentication to the (LDAP + Kerberos V) Directory. Such that Windows is completely unaware of the existence of Kerberos. And, also such that I don't have to keep samba domain passwords in ldap and sync them to kerberos in some sort of bizarre otherworldly failure in authentication unification. (Pardon my attempts at prose I am working on 3 hours of sleep) The question is really one of what you might suggest in terms of a design, particularly if you have tried and/or done this in the past. I have heard at least with samba 2 what I am trying is impossible. Not sure with Samba 3. I am wondering if the Active Directory support can be employed to my benefit in this manner. You can read more about it at: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Now, assuming the worst and samba is incapable of handling kerberos tickets, and assuming i manage to handle tickets in ldap itself I can authenticate LDAP Sambe users of Kerberos without having to keep a synced password db correct? -Matt Cheers Geza yeah thats almost decent documentation for ldap + kerberos but says absolutley nothing about samba 3. That's very easy to explain, because if you follow it you will have your kerberos using the Samba' MD4 password hash, and so all of your *nix and windows machine will use the same password. However as Samba3 is able to emulte an NT4 DC, Windows clients don't try, nor are succesfull in using kerberos against it. So you can have something like in the following ASCII graphic: ___ ___ __ | | | | | | | || LDAP |--|Samba | | | |___| |__| | *nix| ^ ^ | client | ___|___ __ |___ | | | | | | | ||Heimdal | | Windows | |__| |__| | client | |__| Hope this helps to clarify the situation in a pre-Samba4 world. Cheers, Geza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Browsing between linux boxes
On Wednesday 20 Oct 2004 20:59, you wrote: Are you using Debian? If so, try setting use sendfile = no in global section No, box1 and box2 are Mandrake 10.0 and box3 is Mandrake 10.1. Here is my global section: [global] workgroup = lydgate.net server string = Samba Server %v netbios name = anne-linux name resolve order = hosts bcast # wins support = yes printcap name = cups printing = cups log file = /var/log/samba/log.%m smb passwd file = /etc/samba/smbpasswd username level = 8 encrypt passwords = yes max log size = 50 #hosts allow = 192.168.0.0/24 127.0.0.1 # unix password sync = yes socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 security = user preferred master = yes domain master = yes local master = yes os level = 65 server signing = disabled map to guest = bad user Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Advanced Printer Features in Samba 3.0.7 / Cups 1.1.20 ...
Ok, jumping back into this wagon: My problem is that with some HP drivers (Color Laserjet 5500 to be precise) you loose printing options when EMF is disabled, while on others (Laserjet 4000) everything works just fine. I'm talking specifically about N-up printing here, though I'm not sure if there are some other options missing. I was able to get around this by using the cups PS driver, but I couldn't make the Windows-Samba transition as transparent to our users as I wanted. And in this particular case it's getting troublesome to explain them why those nice dropdown options have disapeared and why they now have to go to 3 windows to achieve the same effect... Still, I'm loving Samba+cups+our_custom_accounting_system and with the queue update problem solved it will be even better! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Archive bit not changed if not owner?
We have a public share which is backed up from another machine, and use the archive bits to detect if files have been modified. If I create a file in the public share, the archive bit is set. If I clear the archive bit, and then modify the file the archive bit is set. On the other hand, if I modify a file that is owned by someone else, the archive bit doesn't get set - any ideas on why this is? Here's a snippet from smb.conf: [shared] comment = Shared stuff path = /data/shared public = yes create mask = 0774 force create mode = 0777 directory mask = 0700 force directory mode = 0775 #allow anyone to change the archive bit dos filemode = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Stuck on passwords
No one has ever had this or a similar problem? On Sat, 2004-10-16 at 08:58, lovswr1 wrote: Hello, I am using SAMBA 3.0.7-2.FC2 on my FC2 box. About a week ago I could not longer get pass the password prompt on my WinXP Pro or Win98SE boxes. I did make a change to my firewall to allow bittorrent. I did not notice that sambas was not working for about 2 days. I changed everything back still no-go. Below is my config any help would be greatly appreciated. # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2004/10/16 08:57:02 # Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = CONCERT_ATL realm = netbios name = MATRIX1 netbios aliases = netbios scope = server string = Samba 3.0.7-2.FC2 interfaces = 192.168.1.1/24, 192.168.2.1/24 bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = smbpasswd algorithmic rid base = 1000 root directory = guest account = nobody pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = use kerberos keytab = No log level = 5 syslog = 1 syslog only = No log file = /var/log/samba/matrix1.log max log size = 5000 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes disable netbios = No acl compatibility = defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 kernel change notify = Yes lpq cache time = 10 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 1 socket options = TCP_NODELAY use mmap = Yes hostname lookups = No name cache timeout = 660 load printers = Yes printcap cache time = 0 printcap name = cups cups server = disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 stat cache = Yes machine password timeout = 604800 add user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = shutdown script = abort shutdown script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = No domain master = Yes browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = Yes wins hook = wins partners = kernel oplocks = Yes lock spin count = 3 lock spin time = 10
[Samba] Re: samb3-ldap PDC and BDC
Mihai Costache [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] hi, until now (about 1 year ago) i was working only with samba3+ldap PDC, but in near future my company enlarge his network with 6 new branchs spreaded all oever the country and i must build a scalable network with Samba-3 PDCs and BDCs, implement LDAP replication and multiple LDAP backends, all this over some VPNs(ipsec) . so, can tell me anyone how work the relationship beetwen a samba3-ldap PDC and a samba3-ldap BDC and how openldap server must replicate ? thanks, Mihai Here are a few things to keep in mind... Any user logging onto Samba has to pass the Samba authentication as well as the Linux authentication. Ater all, the samba service is running on the Linux box. I know of two ways to achieve this with LDAP. One way is to keep the Samba authentication info. in LDAP and to keep the Linux authentication info (POSIX) in the /etc/passwd and /etc/group files. The other way is to keep both the Samba and POSIX authentication info. in LDAP. This approach requires the use of the nss_ldap software from www.padl.com. The /etc/nsswitch.conf file is used to tell Linux to search for the user's authentication info. in the LDAP directory. If you use the second approach, you will have all the user's information in a single location. Configure LDAP to replicate the directory to another Samba machine, make the appropriate entries in the smb.conf files of both machines and you have a PDC and BDC. Documentation on the Samba website will show you how to configure the smb.conf files. Along the way you will have to get familiar with the scripts from Idealx which add the user's POSIX info. to LDAP. Configuring LDAP for replication is off topic for this list but is a well documented process. Try and get hold of a good LDAP book. Verify that the machine is authenticating POSIX info. against LDAP before attempting the replication. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
map_username() inconsistencies [was Re: [Samba] Re: ADS valid users can't map share]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've done some more digging and the username map stuff is a little worse than I initially thought. (a) when 'security = user', the username map is applied before the password is checked is checked. (b) when 'security = ads', the username map is applied to fully qualified names (domain\user) after the krb5 ticket is checked. (see the next comment for NTLM). (c) when 'security = domain' (or NTLM auth for ADS security), the username map is applied to the login name only. The original domain\user is still authenticated but the UNIX identify is looked up in the username map. So I guess that the cleanest way to fix this is to apply the username map before checking authentication when validating user locally and apply it after authentication for domain users (krb5 ntlm). How do people feel about this? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFBdx0ZIR7qMdg1EfYRAvNvAKCxwDAkbYn3LAUqMXUDEMFgvWm3QgCg3sT3 6L6v7duY1aFnrOOXUJtXzc0= =2cXg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problems with Samba on Mandrake
Does your local network have DNS? Post the output of the testparm command. It will tell us much about your setup and will warn of syntax errors. Linux 9.2 installed via FTp from a Mandrake Mirror using inbuilt version of samba that came with it. the problem i have got is this i cannot get the PC to showup on my windows network it`s configured and if i use the internal IP address i acn access all the shares as normal i have changed the Samba name a few times and as a result somehow have three names on my workgroup display Lulu1, Lulus and Linux none of these are accessable and none of them show any file shares not to mention this i still have another workgroup MDKgroup which is not accessable and i assume has no PC`s in it, my question is howdo i setup the PC to show on my workgroup and give me access to it from \\lulu\ NOT \\10.0.0.163\ which is the only way i can currently access the machine i`m also a Linux newbie so if you want to know anything techincal you`ll have to let me know what i need todo to get it. thanks Kris p.s. this is very urgent as my present fileserver is`nt working and i`m trying to get this setup to replace it Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Can't ssh with administrator user
This user is not supposed to log in but if you insist: Ensure that the user has both a valid login directory and a valid login shell. Login shell is often set to something that cannot be used to prevent users from using the Administrator account in just such a manner. There is no reason to log in as this user as facilities are provided on Windows 2K/XP/(NT?) to run programs as the Administrator without logging in. I'll be glad to give you some tips on how to do this off list if you wish, rather than see you go down this road. why i can't ssh from other host with Administrator user : [EMAIL PROTECTED] root]# ssh [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Last login: Wed Oct 20 07:23:04 2004 from dadang Connection to 192.168.150.1 closed. but i am success join domain with this user. sorry my bad languange. regard, dadang Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Applications that need admin privileges
What 'doze OS? Can your users use the runas facility? Alternatively, you could add access privledges for the local Power Users group to the binary executeable, or shortcut, which ever is best. Software installs often botch the security settings on shortcuts makeing them only accessible by an Administrator. Hi guys, I have a working samba and openldap pdc which is actively being tested. I have a group of users that have specifics tools to use such as oracle client tools (sqlplus etc). I tried to logon as a test user and run the sqlplus but nothing happened, I tried adding this user to the local poweruser group but it produced the same result. Can this be achieved? It works fine if this user is a member of local admin group which I dont want to do because I want to limit what they can do to their workstations. Anyone out here who had a similar experience? Thanks for any help Jan - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
svn commit: samba-docs r254 - in trunk/Samba-Guide: .
Author: jht Date: 2004-10-20 06:16:43 + (Wed, 20 Oct 2004) New Revision: 254 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunk/Samba-Guiderev=254nolog=1 Log: Updates and fixes. Modified: trunk/Samba-Guide/Chap05-500UserNetwork.xml trunk/Samba-Guide/Chap06-MakingHappyUsers.xml trunk/Samba-Guide/Chap07-2000UserNetwork.xml Changeset: Modified: trunk/Samba-Guide/Chap05-500UserNetwork.xml === --- trunk/Samba-Guide/Chap05-500UserNetwork.xml 2004-10-20 05:58:37 UTC (rev 253) +++ trunk/Samba-Guide/Chap05-500UserNetwork.xml 2004-10-20 06:16:43 UTC (rev 254) @@ -952,12 +952,12 @@ smbconfoptionnameinterfaces/namevalueeth1, lo/value/smbconfoption smbconfoptionnamebind interfaces only/namevalueYes/value/smbconfoption smbconfoptionnamepassdb backend/namevaluetdbsam/value/smbconfoption -smbconfoptionnameadd user script/namevalue/usr/sbin/useradd -m %u/value/smbconfoption -smbconfoptionnamedelete user script/namevalue/usr/sbin/userdel -r %u/value/smbconfoption -smbconfoptionnameadd group script/namevalue/usr/sbin/groupadd %g/value/smbconfoption -smbconfoptionnamedelete group script/namevalue/usr/sbin/groupdel %g/value/smbconfoption -smbconfoptionnameadd user to group script/namevalue/usr/sbin/usermod -G %g %u/value/smbconfoption -smbconfoptionnameadd machine script/namevalue/usr/sbin/useradd -s /bin/false -d /dev/null %u/value/smbconfoption +smbconfoptionnameadd user script/namevalue/usr/sbin/useradd -m '%u'/value/smbconfoption +smbconfoptionnamedelete user script/namevalue/usr/sbin/userdel -r '%u'/value/smbconfoption +smbconfoptionnameadd group script/namevalue/usr/sbin/groupadd '%g'/value/smbconfoption +smbconfoptionnamedelete group script/namevalue/usr/sbin/groupdel '%g'/value/smbconfoption +smbconfoptionnameadd user to group script/namevalue/usr/sbin/usermod -G '%g' '%u'/value/smbconfoption +smbconfoptionnameadd machine script/namevalue/usr/sbin/useradd -s /bin/false -d /dev/null '%u'/value/smbconfoption smbconfoptionnamepreferred master/namevalueYes/value/smbconfoption smbconfoptionnamewins support/namevalueYes/value/smbconfoption smbconfoptionnameinclude/namevalue/etc/samba/dc-common.conf/value/smbconfoption Modified: trunk/Samba-Guide/Chap06-MakingHappyUsers.xml === --- trunk/Samba-Guide/Chap06-MakingHappyUsers.xml 2004-10-20 05:58:37 UTC (rev 253) +++ trunk/Samba-Guide/Chap06-MakingHappyUsers.xml 2004-10-20 06:16:43 UTC (rev 254) @@ -1479,7 +1479,7 @@ smbconfoptionnameprintcap name/namevalueCUPS/value/smbconfoption smbconfoptionnameshow add printer wizard/namevalueNo/value/smbconfoption smbconfoptionnameadd user script/namevalue/var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'/value/smbconfoption - smbconfoptionnamedelete user script/namevalue/var/lib/samba/sbin/smbldap-userdel.pl %u/value/smbconfoption + smbconfoptionnamedelete user script/namevalue/var/lib/samba/sbin/smbldap-userdel.pl '%u'/value/smbconfoption smbconfoptionnameadd group script/namevalue/var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'/value/smbconfoption smbconfoptionnamedelete group script/namevalue/var/lib/samba/sbin/smbldap-groupdel.pl '%g'/value/smbconfoption smbconfoptionnameadd user to group script/namevalue/var/lib/samba/sbin//value/smbconfoption @@ -3145,35 +3145,35 @@ tbody row entryCache/entry - entry\\%LOGONSERVER%\profdata\%USERNAME%\InternetFiles/entry + entry%LOGONSERVER%\profdata\%USERNAME%\InternetFiles/entry /row row entryCookies/entry - entry\\%LOGONSERVER%\profdata\%USERNAME%\Cookies/entry + entry%LOGONSERVER%\profdata\%USERNAME%\Cookies/entry /row row entryHistory/entry - entry\\%LOGONSERVER%\profdata\%USERNAME%\History/entry + entry%LOGONSERVER%\profdata\%USERNAME%\History/entry /row row entryLocal AppData/entry - entry\\%LOGONSERVER%\profdata\%USERNAME%\AppData/entry + entry%LOGONSERVER%\profdata\%USERNAME%\AppData/entry /row row entryLocal Settings/entry - entry\\%LOGONSERVER%\profdata\%USERNAME%\LocalSettings/entry + entry%LOGONSERVER%\profdata\%USERNAME%\LocalSettings/entry /row row
svn commit: lorikeet r95 - in trunk/samba4-ad-thesis: .
Author: abartlet Date: 2004-10-20 06:25:33 + (Wed, 20 Oct 2004) New Revision: 95 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/samba4-ad-thesisrev=95nolog=1 Log: Add details on kerberos, fill in the results of the 'experiment'. Spellcheck. Only the crypto-challenges to go. Andrew Bartlett Modified: trunk/samba4-ad-thesis/chapters.lyx trunk/samba4-ad-thesis/rfc.bib trunk/samba4-ad-thesis/thesis.bib Changeset: Sorry, the patch is too large (448 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/samba4-ad-thesisrev=95nolog=1
svn commit: samba r3081 - in branches/SAMBA_4_0/source: include libcli/raw ntvfs ntvfs/cifs ntvfs/ipc ntvfs/nbench ntvfs/posix smb_server
Author: tridge Date: 2004-10-20 08:28:31 + (Wed, 20 Oct 2004) New Revision: 3081 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=3081nolog=1 Log: several updates to ntvfs and server side async request handling in preparation for the full share modes and ntcreatex code that I am working on. highlights include: - changed the way a backend determines if it is allowed to process a request asynchronously. The previous method of looking at the send_fn caused problems when an intermediate ntvfs module disabled it, and the caller then wanted to finished processing using this function. The new method is a REQ_CONTROL_MAY_ASYNC flag in req-control_flags, which is also a bit easier to read - fixed 2 bugs in the readbraw server code. One related to trying to answer a readbraw with smb signing (which can't work, and crashed our signing code), the second related to error handling, which attempted to send a normal SMB error packet, when readbraw must send a 0 read reply (as it has no header) - added several more ntvfs_generic.c generic mapping functions. This means that backends no longer need to implement such esoteric functions as SMBwriteunlock() if they don't want to. The backend can just request the mapping layer turn it into a write followed by an unlock. This makes the backends considerably simpler as they only need to implement one style of each function for lock, read, write, open etc, rather than the full host of functions that SMB provides. A backend can still choose to implement them individually, of course, and the CIFS backend does that. - simplified the generic structures to make them identical to the principal call for several common SMB calls (such as RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX). - started rewriting the pvfs_open() code in preparation for the full ntcreatex semantics. - in pvfs_open and ipc_open, initially allocate the open file structure as a child of the request, so on error we don't need to clean up. Then when we are going to succeed the open steal the pointer into the long term backend context. This makes for much simpler error handling (and fixes some bugs) - use a destructor in the ipc backend to make sure that everthing is cleaned up on receive error conditions. - switched the ipc backend to using idtree for fnum allocation - in the ntvfs_generic mapping routines, use a allocated secondary structure not a stack structure to ensure the request pointer remains valid even if the backend replies async. Modified: branches/SAMBA_4_0/source/include/smb.h branches/SAMBA_4_0/source/include/smb_interfaces.h branches/SAMBA_4_0/source/libcli/raw/rawfile.c branches/SAMBA_4_0/source/libcli/raw/rawreadwrite.c branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c branches/SAMBA_4_0/source/ntvfs/ipc/vfs_ipc.c branches/SAMBA_4_0/source/ntvfs/nbench/vfs_nbench.c branches/SAMBA_4_0/source/ntvfs/ntvfs_generic.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_lock.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_write.c branches/SAMBA_4_0/source/smb_server/reply.c branches/SAMBA_4_0/source/smb_server/search.c branches/SAMBA_4_0/source/smb_server/smb_server.h Changeset: Sorry, the patch is too large (2383 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=3081nolog=1
svn commit: lorikeet r96 - in trunk/heimdal: . kdc kuser lib/asn1 lib/hdb lib/kadm5 lib/krb5 lib/roken
Author: abartlet Date: 2004-10-20 10:39:55 + (Wed, 20 Oct 2004) New Revision: 96 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/heimdalrev=96nolog=1 Log: Merge Heimdal up to snapshot 20041020. This includes Heimdal upstreams's move of string2key code into hdb (thanks lha!) Andrew Bartlett Modified: trunk/heimdal/ChangeLog trunk/heimdal/kdc/pkinit.c trunk/heimdal/kuser/kinit.c trunk/heimdal/kuser/klist.c trunk/heimdal/lib/asn1/k5.asn1 trunk/heimdal/lib/asn1/lex.l trunk/heimdal/lib/asn1/parse.y trunk/heimdal/lib/hdb/keys.c trunk/heimdal/lib/kadm5/ChangeLog trunk/heimdal/lib/kadm5/default_keys.c trunk/heimdal/lib/kadm5/keys.c trunk/heimdal/lib/kadm5/set_keys.c trunk/heimdal/lib/krb5/crypto.c trunk/heimdal/lib/krb5/keytab.c trunk/heimdal/lib/krb5/krb5-private.h trunk/heimdal/lib/krb5/krb5-protos.h trunk/heimdal/lib/krb5/krb5.conf.5 trunk/heimdal/lib/krb5/krb5.conf.cat5 trunk/heimdal/lib/krb5/krb5_err.et trunk/heimdal/lib/krb5/pkinit.c trunk/heimdal/lib/krb5/time.c trunk/heimdal/lib/roken/ChangeLog trunk/heimdal/lib/roken/getprogname.c trunk/heimdal/lib/roken/ndbm_wrap.c trunk/heimdal/lib/roken/resolve.c trunk/heimdal/lib/roken/resolve.h trunk/heimdal/lib/roken/roken.h.in trunk/heimdal/lib/roken/setprogname.c Changeset: Sorry, the patch is too large (2206 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/heimdalrev=96nolog=1
svn commit: samba r3082 - in branches/SAMBA_4_0/source: include ntvfs/cifs
Author: tridge
Date: 2004-10-20 11:08:58 + (Wed, 20 Oct 2004)
New Revision: 3082
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=3082nolog=1
Log:
added a cifs:mapgeneric option, which tells the cifs backend to use
the ntvfs_generic mapping functions rather than sending the exact
function asked for. This allows the generic mapping functions to be
tested by comparing the behaviour of smbtorture against two cifs
backend shares, one using cifs:mapgeneric = true and the other
cifs:mapgeneric = False
Modified:
branches/SAMBA_4_0/source/include/smb_interfaces.h
branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c
Changeset:
Modified: branches/SAMBA_4_0/source/include/smb_interfaces.h
===
--- branches/SAMBA_4_0/source/include/smb_interfaces.h 2004-10-20 08:28:31 UTC (rev
3081)
+++ branches/SAMBA_4_0/source/include/smb_interfaces.h 2004-10-20 11:08:58 UTC (rev
3082)
@@ -1327,7 +1327,8 @@
enum smb_write_level {RAW_WRITE_WRITEUNLOCK, RAW_WRITE_WRITE,
- RAW_WRITE_WRITEX, RAW_WRITE_WRITECLOSE, RAW_WRITE_SPLWRITE};
+ RAW_WRITE_WRITEX, RAW_WRITE_WRITECLOSE,
+ RAW_WRITE_SPLWRITE};
#define RAW_WRITE_GENERIC RAW_WRITE_WRITEX
Modified: branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c
===
--- branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c 2004-10-20 08:28:31 UTC (rev
3081)
+++ branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c 2004-10-20 11:08:58 UTC (rev
3082)
@@ -32,7 +32,7 @@
struct smbcli_tree *tree;
struct smbcli_transport *transport;
struct smbsrv_tcon *tcon;
- /*const struct ntvfs_ops *ops;*/
+ BOOL map_generic;
};
@@ -152,6 +152,8 @@
private-transport-event.ctx =
event_context_merge(tcon-smb_conn-connection-event.ctx,
private-transport-event.ctx);
talloc_reference(private, private-transport-event.ctx);
+ private-map_generic = lp_parm_bool(req-tcon-service,
+ cifs, mapgeneric, False);
return NT_STATUS_OK;
}
@@ -370,6 +372,11 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ if (io-generic.level != RAW_OPEN_GENERIC
+ private-map_generic) {
+ return ntvfs_map_open(req, io, ntvfs);
+ }
+
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
return smb_raw_open(private-tree, req, io);
}
@@ -461,6 +468,11 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ if (rd-generic.level != RAW_READ_GENERIC
+ private-map_generic) {
+ return ntvfs_map_read(req, rd, ntvfs);
+ }
+
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
return smb_raw_read(private-tree, rd);
}
@@ -490,6 +502,11 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ if (wr-generic.level != RAW_WRITE_GENERIC
+ private-map_generic) {
+ return ntvfs_map_write(req, wr, ntvfs);
+ }
+
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
return smb_raw_write(private-tree, wr);
}
@@ -503,18 +520,36 @@
seek in a file
*/
static NTSTATUS cvfs_seek(struct ntvfs_module_context *ntvfs,
- struct smbsrv_request *req, struct smb_seek *io)
+ struct smbsrv_request *req, struct smb_seek *io)
{
- return NT_STATUS_NOT_SUPPORTED;
+ struct cvfs_private *private = ntvfs-private_data;
+ struct smbcli_request *c_req;
+
+ if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
+ return smb_raw_seek(private-tree, io);
+ }
+
+ c_req = smb_raw_seek_send(private-tree, io);
+
+ SIMPLE_ASYNC_TAIL;
}
/*
flush a file
*/
static NTSTATUS cvfs_flush(struct ntvfs_module_context *ntvfs,
- struct smbsrv_request *req, struct smb_flush *io)
+ struct smbsrv_request *req, struct smb_flush *io)
{
- return NT_STATUS_OK;
+ struct cvfs_private *private = ntvfs-private_data;
+ struct smbcli_request *c_req;
+
+ if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
+ return smb_raw_flush(private-tree, io);
+ }
+
+ c_req = smb_raw_flush_send(private-tree, io);
+
+ SIMPLE_ASYNC_TAIL;
}
/*
@@ -526,6 +561,11 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ if (io-generic.level != RAW_CLOSE_GENERIC
+ private-map_generic) {
+ return ntvfs_map_close(req, io, ntvfs);
+ }
+
if (!(req-control_flags
svn commit: samba r3083 - in branches/SAMBA_4_0/source/ntvfs: .
Author: tridge
Date: 2004-10-20 11:10:51 + (Wed, 20 Oct 2004)
New Revision: 3083
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/ntvfsrev=3083nolog=1
Log:
fixed a couple of generic mapping errors found with RAW-* and cifs:mapgeneric
Modified:
branches/SAMBA_4_0/source/ntvfs/ntvfs_generic.c
Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/ntvfs_generic.c
===
--- branches/SAMBA_4_0/source/ntvfs/ntvfs_generic.c 2004-10-20 11:08:58 UTC (rev
3082)
+++ branches/SAMBA_4_0/source/ntvfs/ntvfs_generic.c 2004-10-20 11:10:51 UTC (rev
3083)
@@ -773,7 +773,8 @@
wr-writeunlock.out.nwritten = wr2-generic.out.nwritten;
- if (NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_IS_OK(status)
+ lck-unlock.in.count != 0) {
status = ntvfs-ops-lock(ntvfs, req, lck);
}
break;
@@ -798,7 +799,8 @@
status = ntvfs-ops-write(ntvfs, req, wr2);
wr-writeclose.out.nwritten= wr2-generic.out.nwritten;
- if (NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_IS_OK(status)
+ wr2-generic.in.count != 0) {
status = ntvfs-ops-close(ntvfs, req, cl);
}
break;
svn commit: samba r3084 - in branches/SAMBA_4_0/source/smb_server: .
Author: tridge Date: 2004-10-20 11:11:55 + (Wed, 20 Oct 2004) New Revision: 3084 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/smb_serverrev=3084nolog=1 Log: mincnt and maxcnt were the wrong way around in readbraw server code Modified: branches/SAMBA_4_0/source/smb_server/reply.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/reply.c === --- branches/SAMBA_4_0/source/smb_server/reply.c2004-10-20 11:10:51 UTC (rev 3083) +++ branches/SAMBA_4_0/source/smb_server/reply.c2004-10-20 11:11:55 UTC (rev 3084) @@ -675,8 +675,8 @@ io.readbraw.in.fnum= req_fnum(req, req-in.vwv, VWV(0)); io.readbraw.in.offset = IVAL(req-in.vwv, VWV(1)); - io.readbraw.in.mincnt = SVAL(req-in.vwv, VWV(3)); - io.readbraw.in.maxcnt = SVAL(req-in.vwv, VWV(4)); + io.readbraw.in.maxcnt = SVAL(req-in.vwv, VWV(3)); + io.readbraw.in.mincnt = SVAL(req-in.vwv, VWV(4)); io.readbraw.in.timeout = IVAL(req-in.vwv, VWV(5)); /* the 64 bit variant */
svn commit: samba r3085 - in branches/SAMBA_4_0/source/torture/raw: .
Author: tridge
Date: 2004-10-20 11:13:54 + (Wed, 20 Oct 2004)
New Revision: 3085
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/torture/rawrev=3085nolog=1
Log:
make the RAW-WRITE tests more robust to errors in previous parts of the test
Modified:
branches/SAMBA_4_0/source/torture/raw/write.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/raw/write.c
===
--- branches/SAMBA_4_0/source/torture/raw/write.c 2004-10-20 11:11:55 UTC (rev
3084)
+++ branches/SAMBA_4_0/source/torture/raw/write.c 2004-10-20 11:13:54 UTC (rev
3085)
@@ -58,6 +58,18 @@
#define BASEDIR \\testwrite
+static BOOL setup_dir(struct smbcli_state *cli, const char *dname)
+{
+ smb_raw_exit(cli-session);
+ if (smbcli_deltree(cli-tree, dname) == -1 ||
+ NT_STATUS_IS_ERR(smbcli_mkdir(cli-tree, dname))) {
+ printf(Unable to setup %s - %s\n, dname, smbcli_errstr(cli-tree));
+ return False;
+ }
+ return True;
+}
+
+
/*
setup a random buffer based on a seed
*/
@@ -103,9 +115,7 @@
buf = talloc_zero(mem_ctx, maxsize);
- if (smbcli_deltree(cli-tree, BASEDIR) == -1 ||
- NT_STATUS_IS_ERR(smbcli_mkdir(cli-tree, BASEDIR))) {
- printf(Unable to setup %s - %s\n, BASEDIR, smbcli_errstr(cli-tree));
+ if (!setup_dir(cli, BASEDIR)) {
return False;
}
@@ -222,9 +232,7 @@
buf = talloc_zero(mem_ctx, maxsize);
- if (smbcli_deltree(cli-tree, BASEDIR) == -1 ||
- NT_STATUS_IS_ERR(smbcli_mkdir(cli-tree, BASEDIR))) {
- printf(Unable to setup %s - %s\n, BASEDIR, smbcli_errstr(cli-tree));
+ if (!setup_dir(cli, BASEDIR)) {
return False;
}
@@ -396,9 +404,7 @@
buf = talloc_zero(mem_ctx, maxsize);
- if (smbcli_deltree(cli-tree, BASEDIR) == -1 ||
- NT_STATUS_IS_ERR(smbcli_mkdir(cli-tree, BASEDIR))) {
- printf(Unable to setup %s - %s\n, BASEDIR, smbcli_errstr(cli-tree));
+ if (!setup_dir(cli, BASEDIR)) {
return False;
}
@@ -535,9 +541,7 @@
buf = talloc_zero(mem_ctx, maxsize);
- if (smbcli_deltree(cli-tree, BASEDIR) == -1 ||
- NT_STATUS_IS_ERR(smbcli_mkdir(cli-tree, BASEDIR))) {
- printf(Unable to setup %s - %s\n, BASEDIR, smbcli_errstr(cli-tree));
+ if (!setup_dir(cli, BASEDIR)) {
return False;
}
@@ -682,9 +686,7 @@
printf(Testing delayed update of write time\n);
- if (smbcli_deltree(cli-tree, BASEDIR) == -1 ||
- NT_STATUS_IS_ERR(smbcli_mkdir(cli-tree, BASEDIR))) {
- printf(Unable to setup %s - %s\n, BASEDIR, smbcli_errstr(cli-tree));
+ if (!setup_dir(cli, BASEDIR)) {
return False;
}
@@ -715,7 +717,7 @@
written = smbcli_write(cli-tree, fnum1, 0, x, 0, 1);
if (written != 1) {
- printf(write failed - wrote %d bytes\n, written);
+ printf(write failed - wrote %d bytes (%s)\n, written, __location__);
return False;
}
@@ -776,9 +778,7 @@
printf(Testing finfo update on close\n);
- if (smbcli_deltree(cli-tree, BASEDIR) == -1 ||
- NT_STATUS_IS_ERR(smbcli_mkdir(cli-tree, BASEDIR))) {
- printf(Unable to setup %s - %s\n, BASEDIR, smbcli_errstr(cli-tree));
+ if (!setup_dir(cli, BASEDIR)) {
return False;
}
svn commit: samba r3086 - in branches/SAMBA_4_0/source/ntvfs/cifs: .
Author: tridge
Date: 2004-10-20 12:08:40 + (Wed, 20 Oct 2004)
New Revision: 3086
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/ntvfs/cifsrev=3086nolog=1
Log:
fixed smbpid handling in the cifs backend
Modified:
branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c
Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c
===
--- branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c 2004-10-20 11:13:54 UTC (rev
3085)
+++ branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c 2004-10-20 12:08:40 UTC (rev
3086)
@@ -42,6 +42,8 @@
void *parms;
};
+#define SETUP_PID private-tree-session-pid = SVAL(req-in.hdr, HDR_PID)
+
/*
an idle function to cope with messages from the smbd client while
waiting for a reply from the server
@@ -136,7 +138,7 @@
}
private-transport = private-tree-session-transport;
- private-tree-session-pid = SVAL(req-in.hdr, HDR_PID);
+ SETUP_PID;
private-tcon = req-tcon;
tcon-fs_type = talloc_strdup(tcon, NTFS);
@@ -209,11 +211,13 @@
The name can contain CIFS wildcards, but rarely does (except with OS/2 clients)
*/
static NTSTATUS cvfs_unlink(struct ntvfs_module_context *ntvfs,
- struct smbsrv_request *req, struct smb_unlink *unl)
+ struct smbsrv_request *req, struct smb_unlink *unl)
{
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
/* see if the front end will allow us to perform this
function asynchronously. */
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
@@ -245,6 +249,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
/* see if the front end will allow us to perform this
function asynchronously. */
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
@@ -265,6 +271,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
return smb_raw_chkpath(private-tree, cp);
}
@@ -294,6 +302,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
return smb_raw_pathinfo(private-tree, req, info);
}
@@ -323,6 +333,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
return smb_raw_fileinfo(private-tree, req, info);
}
@@ -342,6 +354,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
return smb_raw_setpathinfo(private-tree, st);
}
@@ -372,6 +386,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
if (io-generic.level != RAW_OPEN_GENERIC
private-map_generic) {
return ntvfs_map_open(req, io, ntvfs);
@@ -395,6 +411,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
return smb_raw_mkdir(private-tree, md);
}
@@ -413,6 +431,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
return smb_raw_rmdir(private-tree, rd);
}
@@ -430,6 +450,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
return smb_raw_rename(private-tree, ren);
}
@@ -468,6 +490,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
if (rd-generic.level != RAW_READ_GENERIC
private-map_generic) {
return ntvfs_map_read(req, rd, ntvfs);
@@ -502,6 +526,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
if (wr-generic.level != RAW_WRITE_GENERIC
private-map_generic) {
return ntvfs_map_write(req, wr, ntvfs);
@@ -525,6 +551,8 @@
struct cvfs_private *private = ntvfs-private_data;
struct smbcli_request *c_req;
+ SETUP_PID;
+
if (!(req-control_flags REQ_CONTROL_MAY_ASYNC)) {
svn commit: samba r3087 - in branches/SAMBA_4_0/source/ntvfs: .
Author: tridge
Date: 2004-10-20 12:24:31 + (Wed, 20 Oct 2004)
New Revision: 3087
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/ntvfsrev=3087nolog=1
Log:
fixed a typo
Modified:
branches/SAMBA_4_0/source/ntvfs/ntvfs_generic.c
Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/ntvfs_generic.c
===
--- branches/SAMBA_4_0/source/ntvfs/ntvfs_generic.c 2004-10-20 12:08:40 UTC (rev
3086)
+++ branches/SAMBA_4_0/source/ntvfs/ntvfs_generic.c 2004-10-20 12:24:31 UTC (rev
3087)
@@ -913,7 +913,7 @@
return NT_STATUS_NO_MEMORY;
}
- switch (cl2-generic.level) {
+ switch (cl-generic.level) {
case RAW_CLOSE_CLOSE:
return NT_STATUS_INVALID_LEVEL;
svn commit: samba r3088 - in branches/SAMBA_3_0/examples/LDAP: .
Author: jerry Date: 2004-10-20 15:37:47 + (Wed, 20 Oct 2004) New Revision: 3088 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/examples/LDAPrev=3088nolog=1 Log: update nds schema file from Uli Iske [EMAIL PROTECTED] Modified: branches/SAMBA_3_0/examples/LDAP/samba-nds.schema Changeset: Sorry, the patch is too large (345 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/examples/LDAPrev=3088nolog=1
svn commit: samba r3089 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: metze
Date: 2004-10-20 17:42:17 + (Wed, 20 Oct 2004)
New Revision: 3089
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/ldb/ldb_tdbrev=3089nolog=1
Log:
fix memleak
metze
Modified:
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c
===
--- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2004-10-20 15:37:47
UTC (rev 3088)
+++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2004-10-20 17:42:17
UTC (rev 3089)
@@ -266,6 +266,7 @@
void ltdb_search_dn1_free(struct ldb_context *ldb, struct ldb_message *msg)
{
unsigned int i;
+ ldb_free(ldb, msg-dn);
ldb_free(ldb, msg-private_data);
for (i=0;imsg-num_elements;i++) {
ldb_free(ldb, msg-elements[i].values);
svn commit: samba r3090 - in branches/SAMBA_4_0/source/lib/ldb/tests: .
Author: metze Date: 2004-10-20 17:43:38 + (Wed, 20 Oct 2004) New Revision: 3090 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/ldb/testsrev=3090nolog=1 Log: make this execultable metze Modified: branches/SAMBA_4_0/source/lib/ldb/tests/init_slapd.sh Changeset: Property changes on: branches/SAMBA_4_0/source/lib/ldb/tests/init_slapd.sh ___ Name: svn:executable + *
svn commit: samba r3091 - in branches/SAMBA_4_0/source/lib/tdb: .
Author: metze Date: 2004-10-20 19:19:03 + (Wed, 20 Oct 2004) New Revision: 3091 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/tdbrev=3091nolog=1 Log: link only the needed stuff metze Modified: branches/SAMBA_4_0/source/lib/tdb/config.mk Changeset: Modified: branches/SAMBA_4_0/source/lib/tdb/config.mk === --- branches/SAMBA_4_0/source/lib/tdb/config.mk 2004-10-20 17:43:38 UTC (rev 3090) +++ branches/SAMBA_4_0/source/lib/tdb/config.mk 2004-10-20 19:19:03 UTC (rev 3091) @@ -39,7 +39,7 @@ OBJ_FILES= \ lib/tdb/tools/tdbtool.o REQUIRED_SUBSYSTEMS = \ - LIBBASIC CONFIG LIBCMDLINE LIBTDB + LIBTDB # End BINARY tdbtool @@ -69,6 +69,6 @@ OBJ_FILES= \ lib/tdb/tools/tdbbackup.o REQUIRED_SUBSYSTEMS = \ - LIBBASIC CONFIG LIBCMDLINE LIBTDB + LIBTDB # End BINARY tdbbackup
svn commit: samba r3092 - in branches/SAMBA_4_0/source/lib/ldb/tools: .
Author: metze
Date: 2004-10-20 19:21:10 + (Wed, 20 Oct 2004)
New Revision: 3092
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/ldb/toolsrev=3092nolog=1
Log:
prepare for build inside samba
metze
Modified:
branches/SAMBA_4_0/source/lib/ldb/tools/ldbtest.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/tools/ldbtest.c
===
--- branches/SAMBA_4_0/source/lib/ldb/tools/ldbtest.c 2004-10-20 19:19:03 UTC (rev
3091)
+++ branches/SAMBA_4_0/source/lib/ldb/tools/ldbtest.c 2004-10-20 19:21:10 UTC (rev
3092)
@@ -39,12 +39,12 @@
static struct timeval tp1,tp2;
-static void start_timer(void)
+static void _start_timer(void)
{
gettimeofday(tp1,NULL);
}
-static double end_timer(void)
+static double _end_timer(void)
{
gettimeofday(tp2,NULL);
return((tp2.tv_sec - tp1.tv_sec) +
@@ -259,9 +259,9 @@
add_records(ldb, base_dn, nrecords);
printf(Starting search on uid\n);
- start_timer();
+ _start_timer();
search_uid(ldb, nrecords, nsearches);
- printf(uid search took %.2f seconds\n, end_timer());
+ printf(uid search took %.2f seconds\n, _end_timer());
printf(Modifying records\n);
modify_records(ldb, base_dn, nrecords);
svn commit: samba r3093 - in branches/SAMBA_4_0/source/lib/ldb: . common include ldb_ldap ldb_tdb tests tools
Author: metze Date: 2004-10-20 19:28:02 + (Wed, 20 Oct 2004) New Revision: 3093 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/ldbrev=3093nolog=1 Log: - implment ldb_rename() and ldbrename - add tests for ldbrename - disable all tests which regenerate the index (this is broken for me...the process hangs, tridge we need to discuss that) - link only the needed stuff to the ldb tools - build ldbtest inside samba metze Added: branches/SAMBA_4_0/source/lib/ldb/tools/ldbrename.c Modified: branches/SAMBA_4_0/source/lib/ldb/Makefile.ldb branches/SAMBA_4_0/source/lib/ldb/common/ldb.c branches/SAMBA_4_0/source/lib/ldb/config.m4 branches/SAMBA_4_0/source/lib/ldb/config.mk branches/SAMBA_4_0/source/lib/ldb/include/ldb.h branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c branches/SAMBA_4_0/source/lib/ldb/tests/test-generic.sh Changeset: Sorry, the patch is too large (486 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/ldbrev=3093nolog=1
svn commit: samba r3094 - in branches/SAMBA_4_0/source/libcli/ldap: .
Author: metze
Date: 2004-10-20 20:34:32 + (Wed, 20 Oct 2004)
New Revision: 3094
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/libcli/ldaprev=3094nolog=1
Log:
import all LDAP error codes from the RFC 2251
metze
Modified:
branches/SAMBA_4_0/source/libcli/ldap/ldap.h
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.h
===
--- branches/SAMBA_4_0/source/libcli/ldap/ldap.h2004-10-20 19:28:02 UTC (rev
3093)
+++ branches/SAMBA_4_0/source/libcli/ldap/ldap.h2004-10-20 20:34:32 UTC (rev
3094)
@@ -51,11 +51,45 @@
};
enum ldap_result_code {
- LDAP_SUCCESS = 0,
- LDAP_SASL_BIND_IN_PROGRESS = 0x0e,
- LDAP_NO_SUCH_OBJECT = 0x20,
- LDAP_INVALID_CREDENTIALS = 0x31,
- LDAP_OTHER = 0x50
+ LDAP_SUCCESS= 0,
+ LDAP_OPERATIONS_ERROR = 1,
+ LDAP_PROTOCOL_ERROR = 2,
+ LDAP_TIME_LIMIT_EXCEEDED= 3,
+ LDAP_SIZE_LIMIT_EXCEEDED= 4,
+ LDAP_COMPARE_FALSE = 5,
+ LDAP_COMPARE_TRUe = 6,
+ LDAP_AUTH_METHOD_NOT_SUPPORTED = 7,
+ LDAP_STRONG_AUTH_REQUIRED = 8,
+ LDAP_REFERRAL = 10,
+ LDAP_ADMIN_LIMIT_EXCEEDED = 11,
+ LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12,
+ LDAP_CONFIDENTIALITY_REQUIRED = 13,
+ LDAP_SASL_BIND_IN_PROGRESS = 14,
+ LDAP_NO_SUCH_ATTRIBUTE = 16,
+ LDAP_UNDEFINED_ATTRIBUTE_TYPE = 17,
+ LDAP_INAPPROPRIATE_MATCHING = 18,
+ LDAP_CONSTRAINT_VIOLATION = 19,
+ LDAP_ATTRIBUTE_OR_VALUE_EXISTS = 20,
+ LDAP_INVALID_ATTRIBUTE_SYNTAX = 21,
+ LDAP_NO_SUCH_OBJECT = 32,
+ LDAP_ALIAS_PROBLEM = 33,
+ LDAP_INVALID_DN_SYNTAX = 34,
+ LDAP_ALIAS_DEREFERENCING_PROBLEM= 36,
+ LDAP_INAPPROPRIATE_AUTHENTICATION = 48,
+ LDAP_INVALID_CREDENTIALS= 49,
+ LDAP_INSUFFICIENT_ACCESS_RIGHTs = 50,
+ LDAP_BUSY = 51,
+ LDAP_UNAVAILABLE= 52,
+ LDAP_UNWILLING_TO_PERFORM = 53,
+ LDAP_LOOP_DETECT= 54,
+ LDAP_NAMING_VIOLATION = 64,
+ LDAP_OBJECT_CLASS_VIOLATION = 65,
+ LDAP_NOT_ALLOWED_ON_NON_LEAF= 66,
+ LDAP_NOT_ALLOWED_ON_RDN = 67,
+ LDAP_ENTRY_ALREADY_EXISTS = 68,
+ LDAP_OBJECT_CLASS_MODS_PROHIBITED = 69,
+ LDAP_AFFECTS_MULTIPLE_DSAS = 71,
+ LDAP_OTHER = 80
};
struct ldap_Result {
svn commit: samba r3095 - in branches/SAMBA_4_0/source/lib/ldb: ldb_tdb tests
Author: metze
Date: 2004-10-20 20:48:31 + (Wed, 20 Oct 2004)
New Revision: 3095
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/ldbrev=3095nolog=1
Log:
- fix a free'ing of msg.dn
- reenable index tests
metze
Modified:
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c
branches/SAMBA_4_0/source/lib/ldb/tests/test-generic.sh
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c
===
--- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2004-10-20 20:34:32
UTC (rev 3094)
+++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2004-10-20 20:48:31
UTC (rev 3095)
@@ -266,7 +266,6 @@
void ltdb_search_dn1_free(struct ldb_context *ldb, struct ldb_message *msg)
{
unsigned int i;
- ldb_free(ldb, msg-dn);
ldb_free(ldb, msg-private_data);
for (i=0;imsg-num_elements;i++) {
ldb_free(ldb, msg-elements[i].values);
Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c
===
--- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2004-10-20 20:34:32 UTC (rev
3094)
+++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2004-10-20 20:48:31 UTC (rev
3095)
@@ -608,7 +608,6 @@
goto failed;
}
- ldb_free(ldb, msg.dn);
msg.dn = ldb_strdup(ldb,newdn);
if (!msg.dn) {
ltdb_search_dn1_free(ldb, msg);
@@ -617,9 +616,11 @@
ret = ltdb_add(ldb, msg);
if (ret == -1) {
+ ldb_free(ldb, msg.dn);
ltdb_search_dn1_free(ldb, msg);
goto failed;
}
+ ldb_free(ldb, msg.dn);
ltdb_search_dn1_free(ldb, msg);
ret = ltdb_delete(ldb, olddn);
Modified: branches/SAMBA_4_0/source/lib/ldb/tests/test-generic.sh
===
--- branches/SAMBA_4_0/source/lib/ldb/tests/test-generic.sh 2004-10-20 20:34:32
UTC (rev 3094)
+++ branches/SAMBA_4_0/source/lib/ldb/tests/test-generic.sh 2004-10-20 20:48:31
UTC (rev 3095)
@@ -17,14 +17,14 @@
echo Showing renamed record
$VALGRIND bin/ldbsearch '(uid=uham)' || exit 1
-#echo Starting ldbtest
-#time $VALGRIND bin/ldbtest -r 1000 -s 10 || exit 1
+echo Starting ldbtest
+time $VALGRIND bin/ldbtest -r 1000 -s 10 || exit 1
-#echo Adding index
-#$VALGRIND bin/ldbadd tests/test-index.ldif || exit 1
+echo Adding index
+$VALGRIND bin/ldbadd tests/test-index.ldif || exit 1
-#echo Starting ldbtest indexed
-#time $VALGRIND bin/ldbtest -r 1000 -s 5000 || exit 1
+echo Starting ldbtest indexed
+time $VALGRIND bin/ldbtest -r 1000 -s 5000 || exit 1
echo Testing one level search
count=`$VALGRIND bin/ldbsearch -b 'ou=Groups,o=University of Michigan,c=US' -s one
'objectclass=*' none |grep ^dn | wc -l`
svn commit: samba r3096 - in branches/SAMBA_4_0/source/libcli/ldap: .
Author: metze Date: 2004-10-20 22:44:08 + (Wed, 20 Oct 2004) New Revision: 3096 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/libcli/ldaprev=3096nolog=1 Log: typo metze Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.h Changeset: Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.h === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.h2004-10-20 20:48:31 UTC (rev 3095) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.h2004-10-20 22:44:08 UTC (rev 3096) @@ -57,7 +57,7 @@ LDAP_TIME_LIMIT_EXCEEDED= 3, LDAP_SIZE_LIMIT_EXCEEDED= 4, LDAP_COMPARE_FALSE = 5, - LDAP_COMPARE_TRUe = 6, + LDAP_COMPARE_TRUE = 6, LDAP_AUTH_METHOD_NOT_SUPPORTED = 7, LDAP_STRONG_AUTH_REQUIRED = 8, LDAP_REFERRAL = 10,
svn commit: samba r3097 - in branches/SAMBA_4_0/source/ldap_server: .
Author: metze Date: 2004-10-20 23:12:30 + (Wed, 20 Oct 2004) New Revision: 3097 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/ldap_serverrev=3097nolog=1 Log: - an empty string is a valid DN - detect in valid DN's - some error handling fixes metze Modified: branches/SAMBA_4_0/source/ldap_server/ldap_parse.c branches/SAMBA_4_0/source/ldap_server/ldap_rootdse.c branches/SAMBA_4_0/source/ldap_server/ldap_simple_ldb.c Changeset: Sorry, the patch is too large (528 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/ldap_serverrev=3097nolog=1
svn commit: samba-web r377 - in trunk: .
Author: sfrench Date: 2004-10-20 23:22:47 + (Wed, 20 Oct 2004) New Revision: 377 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/trunkrev=377nolog=1 Log: Initial checkin of crypt fs filesystem web page Added: trunk/ecryptfs.html Changeset: Added: trunk/ecryptfs.html === --- trunk/ecryptfs.html 2004-10-19 16:54:31 UTC (rev 376) +++ trunk/ecryptfs.html 2004-10-20 23:22:47 UTC (rev 377) @@ -0,0 +1,63 @@ +!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN +HTMLHEAD +TITLELinux CIFS Client/TITLE +META http-equiv=Content-Type content=text/html; charset=iso-8859-1 +META content=IBM WebSphere Studio Homepage Builder V6.0.2 for Windows name=GENERATOR +META http-equiv=Content-Style-Type content=text/css +/HEAD +BODYBR +BR +nbsp; +PLATEST UPDATES - initial posting/P +TABLE cellSpacing=2 cellPadding=2 width=100% border=0 + CAPTION + /CAPTION + TBODY +TR + TD bgColor=#ee colSpan=2!-- Title Bar -- + CENTER + H1eCryptFS -nbsp;/H1 + /CENTER + CENTER + H1Enterprise Cryptographic Virtual File System for Linuxnbsp;/H1 + /CENTER + /TD +/TR +TR + TD vAlign=top width=20% bgColor=#ee!-- Menu (Left Column) --!-- Menu -- + CENTERIMG alt=http://us1.samba.org/samba/images/penguin.gif; src=samba/images/penguin.gif/CENTER + A href=mailto:[EMAIL PROTECTED]Questions to developers/A + PDocumentationUL +LIA href=http://broken;Installation/Anbsp; +LIA href=http://broken;Todo/Bug +list/Anbsp; +LIA href=http://broken;Authors/Thanks/Anbsp; +LIA href=http://www.finux.org/Reprints/Reprint-Halcrow-OLS2004.pdf;Linux Cryptographic Filesystems Paper/A/LI + /UL + Downloads + UL +LIA href=http://broken;Latest 2.6 Release (gz)/A +LIA href=http://ecrypts.bkbits.net/;Most current 2.6 source at ecryptfs.bkbits.net (requires installation of +BitKeeper)/A/LI + /UL + /TD + TD vAlign=top bgColor=#ff!-- Main Contents -- + PThe eCrypt file system module for Linux allows eCrypt fs has been + tested with Linux version ... The eCrypt fs is designed for Linux version + 2.6 or later and is not supported on Linux 2.4 kernels.BR + nbsp; + PThe current 2.6 version of the eCrypt VFS is ??? which was released in + November , ??? 2004.PeCrypts VFS is licensed under the A + href=http://www.gnu.org/copyleft/gpl.html;GNU General Public License/A + version 2 or later.nbsp;/P + /TD +/TR +TR + TD vAlign=top/TD + TD vAlign=topThanks to the IBM Linux Technology Center (and to Erez Zadok and the FiST + team for helpful infrastructure and ideas)BR + /TD +/TR + /TBODY +/TABLE +/BODY/HTML Property changes on: trunk/ecryptfs.html ___ Name: svn:executable + *
svn commit: samba r3098 - in branches/SAMBA_4_0/source/ldap_server: .
Author: metze
Date: 2004-10-20 23:25:39 + (Wed, 20 Oct 2004)
New Revision: 3098
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/ldap_serverrev=3098nolog=1
Log:
- fix segfault in sldb_Compare()
- be more verbose on the INVALID_DN errstr
metze
Modified:
branches/SAMBA_4_0/source/ldap_server/ldap_simple_ldb.c
Changeset:
Modified: branches/SAMBA_4_0/source/ldap_server/ldap_simple_ldb.c
===
--- branches/SAMBA_4_0/source/ldap_server/ldap_simple_ldb.c 2004-10-20 23:12:30
UTC (rev 3097)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_simple_ldb.c 2004-10-20 23:25:39
UTC (rev 3098)
@@ -40,7 +40,7 @@
return NT_STATUS_NO_MEMORY;\
} else if ((dn)-comp_num (i)) {\
result = LDAP_INVALID_DN_SYNTAX;\
- errstr = Invalid DN;\
+ errstr = Invalid DN ( #i components needed for ' #dn ');\
goto reply;\
}\
} while(0)
@@ -176,7 +176,7 @@
struct ldap_AddRequest *r)
{
void *local_ctx;
- struct ldap_dn *ldn;
+ struct ldap_dn *dn;
struct ldap_Result *add_result;
struct ldapsrv_reply *add_reply;
int ldb_ret;
@@ -192,15 +192,15 @@
samdb = samdb_connect(local_ctx);
ALLOC_CHECK(samdb);
- ldn = ldap_parse_dn(local_ctx, r-dn);
- VALID_DN_SYNTAX(ldn,1);
+ dn = ldap_parse_dn(local_ctx, r-dn);
+ VALID_DN_SYNTAX(dn,1);
- DEBUG(10, (sldb_add: dn: [%s]\n, ldn-dn));
+ DEBUG(10, (sldb_add: dn: [%s]\n, dn-dn));
msg = talloc_p(local_ctx, struct ldb_message);
ALLOC_CHECK(msg);
- msg-dn = ldn-dn;
+ msg-dn = dn-dn;
msg-private_data = NULL;
msg-num_elements = 0;
msg-elements = NULL;
@@ -276,7 +276,7 @@
struct ldap_DelRequest *r)
{
void *local_ctx;
- struct ldap_dn *ldn;
+ struct ldap_dn *dn;
struct ldap_Result *del_result;
struct ldapsrv_reply *del_reply;
int ldb_ret;
@@ -290,10 +290,10 @@
samdb = samdb_connect(local_ctx);
ALLOC_CHECK(samdb);
- ldn = ldap_parse_dn(local_ctx, r-dn);
- VALID_DN_SYNTAX(ldn,1);
+ dn = ldap_parse_dn(local_ctx, r-dn);
+ VALID_DN_SYNTAX(dn,1);
- DEBUG(10, (sldb_Del: dn: [%s]\n, ldn-dn));
+ DEBUG(10, (sldb_Del: dn: [%s]\n, dn-dn));
reply:
del_reply = ldapsrv_init_reply(call, LDAP_TAG_DelResponse);
@@ -301,7 +301,7 @@
if (result == LDAP_SUCCESS) {
ldb_set_alloc(samdb-ldb, talloc_realloc_fn, samdb);
- ldb_ret = ldb_delete(samdb-ldb, ldn-dn);
+ ldb_ret = ldb_delete(samdb-ldb, dn-dn);
if (ldb_ret == 0) {
result = LDAP_SUCCESS;
errstr = NULL;
@@ -329,7 +329,7 @@
struct ldap_ModifyRequest *r)
{
void *local_ctx;
- struct ldap_dn *ldn;
+ struct ldap_dn *dn;
struct ldap_Result *modify_result;
struct ldapsrv_reply *modify_reply;
int ldb_ret;
@@ -345,15 +345,15 @@
samdb = samdb_connect(local_ctx);
ALLOC_CHECK(samdb);
- ldn = ldap_parse_dn(local_ctx, r-dn);
- VALID_DN_SYNTAX(ldn,1);
+ dn = ldap_parse_dn(local_ctx, r-dn);
+ VALID_DN_SYNTAX(dn,1);
- DEBUG(10, (sldb_modify: dn: [%s]\n, ldn-dn));
+ DEBUG(10, (sldb_modify: dn: [%s]\n, dn-dn));
msg = talloc_p(local_ctx, struct ldb_message);
ALLOC_CHECK(msg);
- msg-dn = ldn-dn;
+ msg-dn = dn-dn;
msg-private_data = NULL;
msg-num_elements = 0;
msg-elements = NULL;
@@ -445,7 +445,7 @@
struct ldap_CompareRequest *r)
{
void *local_ctx;
- struct ldap_dn *ldn;
+ struct ldap_dn *dn;
struct ldap_Result *compare;
struct ldapsrv_reply *compare_r;
int result = LDAP_SUCCESS;
@@ -453,7 +453,6 @@
struct ldb_message **res;
const char *attrs[1];
const char *errstr = NULL;
- const char *dn;
const char *filter;
int count;
@@ -463,10 +462,10 @@
samdb = samdb_connect(local_ctx);
ALLOC_CHECK(samdb);
- ldn = ldap_parse_dn(local_ctx, r-dn);
- VALID_DN_SYNTAX(ldn,1);
+ dn = ldap_parse_dn(local_ctx, r-dn);
+ VALID_DN_SYNTAX(dn,1);
- DEBUG(10, (sldb_Compare: dn: [%s]\n, ldn-dn));
+ DEBUG(10, (sldb_Compare: dn: [%s]\n, dn-dn));
filter = talloc_asprintf(local_ctx, (%s=%*s), r-attribute, r-value.length,
r-value.data);
ALLOC_CHECK(filter);
@@ -480,7 +479,7 @@
if (result == LDAP_SUCCESS) {
ldb_set_alloc(samdb-ldb, talloc_realloc_fn, samdb);
- count = ldb_search(samdb-ldb, dn, LDB_SCOPE_BASE, filter, attrs,
res);
+
