Re: [Samba] Re: LDAP unable to add Idmap
I used the schema from the samba source, and for the rest of it I just
followed the samba by example chapter 6, anyway here's my smb.conf :
[global]
unix charset = LOCALE
workgroup = VALHALLA
netbios name = VALKYRIE
interfaces = eth0, lo
passdb backend = ldapsam:ldap://192.168.88.2
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = lpstat
show add printer wizard = No
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
add user to group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
delete user from group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g
'%g' '%u'
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
logon path =
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=test,dc=co,dc=id
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=People
ldap suffix = dc=test,dc=co,dc=id
ldap user suffix = ou=People
idmap backend = ldap:ldap://192.168.88.2
idmap uid = 1-2
idmap gid = 1-2
printer admin = Administrator, adi
map acl inherit = Yes
printing = cups
print command = /usr/bin/lp -d '%p' %s; rm %s
lpq command = /usr/bin/lpstat -o '%p'
lprm command = /usr/bin/cancel '%p-%j'
lppause command = lp -i '%p-%j' -H hold
lpresume command = lp -i '%p-%j' -H resume
queuepause command = /usr/bin/disable '%p'
queueresume command = /usr/bin/enable '%p'
and here's the slapd.conf
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
include /etc/openldap/schema/local.schema
pidfile /var/run/ldap/slapd.pid
argsfile/var/run/ldap/slapd.args
modulepath /usr/lib/openldap
TLSCertificateFile /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
TLSCACertificateFile/etc/ssl/openldap/ldap.pem
loglevel 256
###
# database definitions
###
databasebdb
suffix dc=test,dc=co,dc=id
#suffix o=My Organization Name,c=US
rootdn cn=Manager,dc=test,dc=co,dc=id
#rootdn cn=Manager,o=My Organization Name,c=US
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw{crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
#index objectClass eq
#index objectClass,uid,uidNumber,gidNumber eq
#index cn,mail,surname,givenname eq,subinitial
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
anything wrong with this ??? and this is the output from smbclient :
Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
- Original Message -
From: Jim C. [EMAIL PROTECTED]
To: samba@lists.samba.org
Sent: Wednesday, January 12, 2005 1:18 PM
Subject: [Samba] Re: LDAP unable to add Idmap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think either you are getting your objectClasses messed up somehow or
you have a messed up schema somewhere. Post the information you are
trying to add.
Re: [Samba] smbldap-useradd error looking for next uid
wooops, in INSTALL readme for smbldap-tools .8.5 I
forgot to import an add.ldif that says
dn: cn=NextFreeUnixId,dc=INTRANET
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
uidNumber: 500
gidNumber: 100
cn: NextFreeUnixId
sn: NextFreeUnixId
works now:)
--- John H. [EMAIL PROTECTED] wrote:
/usr/local/sbin/smbldap-useradd -w computername
Error looking for next uid at
/usr/local/sbin///smbldap_tools.pm line 879, DATA
line 283.
I cannot add machines to the samba pdc because of
this...
everything else with samba/ldap seems to work, I
have
the feeling it is related to this
# Where are stored Idmap entries (used if samba is a
domain member server)
# Ex groupsdn=ou=Idmap,dc=IDEALX,dc=ORG
idmapdn=ou=Idmap,${suffix}
# Where to store next uidNumber and gidNumber
available
sambaUnixIdPooldn=cn=NextFreeUnixId,${suffix}
I don't think either that ou or cn exist in my ldap
database, how do i get them in there?
If I comment out the sambaunixidpooldn, i get
/usr/local/sbin/smbldap-useradd -w foo
Could not find base dn, to get next uidNumber at
/usr/local/sbin///smbldap_tools.pm line 881, DATA
line 283.
any help is appreciated.
__
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
--
To unsubscribe from this list go to the following
URL and read the
instructions:
https://lists.samba.org/mailman/listinfo/samba
__
Do you Yahoo!?
All your favorites on one personal page Try My Yahoo!
http://my.yahoo.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP unable to add Idmap
I Just noticed that the smbldap-tools didn't fill in the groups accounts in
the linux group file, any idea why this is ??
- Original Message -
From: Adi Nugraha [EMAIL PROTECTED]
To: samba@lists.samba.org; Jim C. [EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 3:06 PM
Subject: Re: [Samba] Re: LDAP unable to add Idmap
I used the schema from the samba source, and for the rest of it I just
followed the samba by example chapter 6, anyway here's my smb.conf :
[global]
unix charset = LOCALE
workgroup = VALHALLA
netbios name = VALKYRIE
interfaces = eth0, lo
passdb backend = ldapsam:ldap://192.168.88.2
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = lpstat
show add printer wizard = No
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m
'%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
add user to group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
delete user from group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
set primary group script =
/var/lib/samba/sbin/smbldap-usermod.pl -g
'%g' '%u'
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w
'%u'
logon path =
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=test,dc=co,dc=id
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=People
ldap suffix = dc=test,dc=co,dc=id
ldap user suffix = ou=People
idmap backend = ldap:ldap://192.168.88.2
idmap uid = 1-2
idmap gid = 1-2
printer admin = Administrator, adi
map acl inherit = Yes
printing = cups
print command = /usr/bin/lp -d '%p' %s; rm %s
lpq command = /usr/bin/lpstat -o '%p'
lprm command = /usr/bin/cancel '%p-%j'
lppause command = lp -i '%p-%j' -H hold
lpresume command = lp -i '%p-%j' -H resume
queuepause command = /usr/bin/disable '%p'
queueresume command = /usr/bin/enable '%p'
and here's the slapd.conf
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
include /etc/openldap/schema/local.schema
pidfile /var/run/ldap/slapd.pid
argsfile/var/run/ldap/slapd.args
modulepath /usr/lib/openldap
TLSCertificateFile /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
TLSCACertificateFile/etc/ssl/openldap/ldap.pem
loglevel 256
###
# database definitions
###
databasebdb
suffix dc=test,dc=co,dc=id
#suffix o=My Organization Name,c=US
rootdn cn=Manager,dc=test,dc=co,dc=id
#rootdn cn=Manager,o=My Organization Name,c=US
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw{crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
#index objectClass eq
#index objectClass,uid,uidNumber,gidNumber eq
#index cn,mail,surname,givenname eq,subinitial
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
anything wrong with this ??? and this is the output from smbclient :
Domain=[VALHALLA] OS=[Unix] Server=[Samba
Re: [Samba] Joining a samba domain on WinXP without a root login?
I have tried applied this patch and it doesnt seem to work! i used bash# patch -p1 /tmp/domain_admin-join.patch then ./configure --prefix=/usr/local/ --with-ldapsam then make then make install I already have a machine account in LDAP my user is a member of domain admins bash# id ws0dwi uid=186712(ws0dwi) gid=901(uni-staff-itacs) groups=901(uni-staff-itacs),512(Domain Admins),513(Domain Users),902(uni-staff-itacs-systems),921(uni-staff-srvs),922(uni-staff-srvs-devtrust) On windows 2000 pro i get a msg box saying Logon failure: unkown username or bad password Error logs on samba say: [2005/01/12 10:38:07, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/01/12 10:38:07, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: ws0dwi [2005/01/12 10:38:07, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [ws0dwi] - [ws0dwi] - [ws0dwi] succeeded [2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain UNI-STAFF - S-1-5-21-82148923-2461359520-1342846908 [2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain UNI-STAFF - S-1-5-21-82148923-2461359520-1342846908 [2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2005/01/12 10:38:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: ws0dwi [2005/01/12 10:38:09, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [ws0dwi] - [ws0dwi] - [ws0dwi] succeeded any ideas? We really need this feature Cheers, Dan Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hunter Rognstad wrote: | I've been able to succesfully join XP boxes to the samba domain on samba | 2.2.3a (yes, I know it's old), registering the machine name and so | forth, as many guides and so forth have shown online. However, it | requires entering root's smbpasswd when joining the domain -- and I'd | rather not have a Windows machine with any sort of remotely related root | access to our servers, especially having the capability of a root login. | | I'm curious, since SAMBA is its own project and should be able to work | around it, if it's possible to join the domain without allowing the user | root to log into it. I've tried having invalid users = root, and | experimented with the domain admin group and admin users settings to | work around it, but to no avail. I've googled for a solution, and found | no suggestions. I posted an experimental patch last week that allows domains admins (defined by the group mapping) to join machines to the domain. It's at http://samba.org/~jerry/patches/post-3.0.10/ I'm reworking things now to use a privliege based model (based on code by Simo Sorce) so it will change before 3.0.11 I'm sure. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5D0zIR7qMdg1EfYRAnaGAKCOeASLx1d2T2N+h8pKoLU/TB15WwCgtlQY VF0M7tX7v0P5eXu33p022ao= =Esrd -END PGP SIGNATURE- -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: University's using samba and ldap
[EMAIL PROTECTED] wrote: Is there anyone out there from other university's that would be willing to talk to me about you samba layout. We already have it in place but we other colleges within the university that want to start using our setup but want there own domains. I'm kind of confused how this would all work. We do use SAMBA in the Dialog computer class in the Urals State University. The setup is a more or less by-the-book (minus typos) single LDAP-based domain controller. A patched version of LAM is used for administration (but we should definitely use something different, LAM is just too slow with 1000 users). The patch, all configuration files and sample LDAP content will be sent upon request privately. However, I cannot call this a success story. The reason is that operators require re-teaching, and I (as a person responsible for the domain) just receive no additional salary for that additional task. Since even after explanation operators continue to create new users with inconsistent capitalization of names and home directories, I consider migration back to Windows 2000 Server. It's more forgiving. The problem is just how to migrate all the users into Active Directory while preserving organizational units :( Any ideas? -- Alexander E. Patrakov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind stops authenticating until a restart.
Me too, me too! Seriously now, I've seen this also: in 3.0.6 and 3.0.7 it was definitely there, I remember seeing it on 3.0.8 or 3.0.9 but since I've upgraded to 3.0.10 winbind has never crashed again. I could tell when winbind had gone away because all authentication to that machine would immediately be denied (followed by screams and ramblings from the users). Our setup consists of a dual opteron box running Debian amd64 unstable. This machine uses our network's AD server for all authentication. My suggestion is that you try to upgrade to 3.0.10 if you can (Bruce: you can find suse rpm's in the samba.org ftp, if I'm not mistaken). Cheers, Manuel On Tue, 11 Jan 2005 12:52:59 -1200, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello, Ity seems I'm running into the same exact problem that Adrian is having. Jesse Regarding: winbind stops authenticating until a restart I also have this problem on two installs (SuSE 9.1 + Samba 3.0.2, and SLES 9 + Samba 3.0.4). Over the past 3-4 months I have noted this problem posted on this list only a few times. Thus, I suspect the problem is due to something other than Samba. If you find the cause or a solution please post it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Kerberos V
On Tue, 2005-01-11 at 18:10 +0100, Jukka Salmi wrote: Gmes Gza -- samba (2005-01-10 21:29:44 +0100): I don't know anything about how Win clients authenticate, but I managed to configure a Win2k client to obtain a TGT from a Heimdal kdc during login. This is quite well documented somewhere on Microsoft's website. Would be great if this ticket allowed the client to access samba shares... I've posted a patch here a number of times that should allow that, however if you set 'security=ads' and 'kerberos use keytab=yes', it should work... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Kerberos V
Andrew Bartlett -- samba (2005-01-12 21:52:48 +1100): On Tue, 2005-01-11 at 18:10 +0100, Jukka Salmi wrote: Gémes Géza -- samba (2005-01-10 21:29:44 +0100): I don't know anything about how Win clients authenticate, but I managed to configure a Win2k client to obtain a TGT from a Heimdal kdc during login. This is quite well documented somewhere on Microsoft's website. Would be great if this ticket allowed the client to access samba shares... I've posted a patch here a number of times that should allow that, however if you set 'security=ads' and 'kerberos use keytab=yes', it should work... Hmm, does this mean that with 'security=ads' and 'kerberos use keytab=yes' it should work _without_ the patch? Regards, Jukka -- bashian roulette: $ ((RANDOM%6)) || rm -rf ~ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Protection Fault error (Win XP, FC3, Samba 3.0.10)
Hello, I recently installed FC3 with Samba 3.0.10 on an old Pentium PC on my corporate LAN. The reason (besides testing Linux Interoperability with Windows Network) was to share a printer (HP DeskJet) among the Windows clients and use the ps2pdf command in order to give the ability to network users create PDF documents, without using Adobe Acrobat (I created a PDF Printer). I installed Samba and I followed everything mentioned on Samba HOWTO in order to share Printers and Folder in my Linux machine. At the end, my smb.conf looked like this: [global] workgroup = MYDOMAIN server string = Linux (FC3) interfaces = eth* security = DOMAIN auth methods = winbind password server = 192.168.0.100 admin users = nikolas, root, MYDOMAIN\administrator, MYDOMAIN\nikolas printer admin = nikolas, root, MYDOMAIN\administrator, MYDOMAIN\nikolas hosts allow = 192.168.0.0/24, 127.0.0.1 hosts deny = 0.0.0.0/0 cups options = raw guest account = nobody printing = cups printcap name = cups [print$] comment = Printer drivers for Windows Terminals path = /etc/samba/printerdrivers write list = nikolas, root, MYDOMAIN\administrator, MYDOMAIN\nikolas browseable = No [IPC$] path = /tmp browseable = No [DeskJet-3820] comment = HP DeskJet 3820 path = /var/spool/samba printable = Yes printer name = DeskJet-3820 [shared] comment = Shared Files in SMB path = /shared read only = No [PDF] comment = PDFs created by PDF_Printer path = /PDF read only = no [PDF_Printer] comment = PDF Printer path = /tmp printable = Yes guest ok = yes printer name = PDF print command = /usr/bin/printpdf %s %m The /usr/bin/printpdf is the following script with a+rwx permissions. #!/bin/sh DATE=`date +%b%d` OUTDIR=/PDF /usr/bin/ps2pdf $1 $OUTDIR/$2.$DATE.temp mv $OUTDIR/$2.$DATE.temp $OUTDIR/$2.$DATE.pdf rm $1 My problems are with the Printer shares. When I try to view properties of HP Deskjet 3820 from Win XP Client I get the following error: Function address 0x60630d26 caused a protection fault. (exception code 0x005) Some or all property page(s) may not be displayed. Even if i ignore this error and try to print on this printer, then the same error appears and the application i used to print (e.g. notepad), crashes. This error does not happen when trying to view properties of the PDF_Printer, but the PDF_Printer does not creates any PDF as it should. Also, this error does not happens from Win 98 clients! I googled a lot, I read Samba HOWTO and any HOWTO on linuxprinting.org and instead of clearing out, I messed everything up. Somewhere I read about CUPS and PPDs, but I cannot understand What I should do, since even the CUPS drivers for Win XP does not exist on CUPS.org (or I cannot understand where to find them). In my mind there are things, like RAW, CUPS, PPD, PostScript, Postscript drivers for non-PS printers, mixed up. I am really confused and I really need some guidance! :-) I would appreciate if someone could tell me what I should do (what is the essential steps) in order to make a printer share that would actually print from a Windows client and what I should check in order to find out why the PDF Printer is not creating any PDF documents. Thank you Nikolas Demiridis http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ. http://www.freemail.gr - free email service for the Greek-speaking. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] help needed to move from Samba 2 to 3
Hi I know that these kind of postings are sometimes frowned upon, so i will apologise in advance. What we have had in place for over 5 years is a Redhat 5.2 machine running Samba 2.06, and Win 95, 98 and ME clients, with but Home and Public shares on Samba. I am happy configuring this version of Samba to do what I want it to do and it has worked well. Needing to have Win 2000 XP Clients We now have a replacement box, Running Fedora, and Samba 3. I have been doing my very best to hook these up and have been spending some time on this and seem to have hit a brick wall, I can establish a share for WinME, but WinXP just doesn't want to connect to a share, thought it will log on to a the domain. I have configured both machines 'by the book' I get the feeling that is maybe my lack of experience with XP that is the problem more than at the server end? Can any one out there offer some professional help? We are in South East England. I am not a Unix Guru, but I am no Unix idiot either. I just feel I need a bit of 'hand holding' to get me running with samba 3 and win XP. Mark -- __ A.R.E. Limited T: 01252 711777 East Street F: 01252 723918 Farnham E: mailto:[EMAIL PROTECTED] SurreyGU9 7XU W: http://www.are.ltd.uk Distributors of Quality Automotive Parts and Accessories The views expressed herein are those of the author of this document and do not necessarily represent the views of this company. This transmission may be confidential, if you are not the intended recipient you should notify us. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a samba domain on WinXP without a root login?
Sorry please ignore this, forgot to kill all smbd proccesses before i make make install, so an old process was running (which didnt have patch)! Thanks so much for this patch it work brilliantly! :) Regards Dan Daniel Wilson wrote: I have tried applied this patch and it doesnt seem to work! i used bash# patch -p1 /tmp/domain_admin-join.patch then ./configure --prefix=/usr/local/ --with-ldapsam then make then make install I already have a machine account in LDAP my user is a member of domain admins bash# id ws0dwi uid=186712(ws0dwi) gid=901(uni-staff-itacs) groups=901(uni-staff-itacs),512(Domain Admins),513(Domain Users),902(uni-staff-itacs-systems),921(uni-staff-srvs),922(uni-staff-srvs-devtrust) On windows 2000 pro i get a msg box saying Logon failure: unkown username or bad password Error logs on samba say: [2005/01/12 10:38:07, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/01/12 10:38:07, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: ws0dwi [2005/01/12 10:38:07, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [ws0dwi] - [ws0dwi] - [ws0dwi] succeeded [2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain UNI-STAFF - S-1-5-21-82148923-2461359520-1342846908 [2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain UNI-STAFF - S-1-5-21-82148923-2461359520-1342846908 [2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2005/01/12 10:38:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: ws0dwi [2005/01/12 10:38:09, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [ws0dwi] - [ws0dwi] - [ws0dwi] succeeded any ideas? We really need this feature Cheers, Dan Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hunter Rognstad wrote: | I've been able to succesfully join XP boxes to the samba domain on samba | 2.2.3a (yes, I know it's old), registering the machine name and so | forth, as many guides and so forth have shown online. However, it | requires entering root's smbpasswd when joining the domain -- and I'd | rather not have a Windows machine with any sort of remotely related root | access to our servers, especially having the capability of a root login. | | I'm curious, since SAMBA is its own project and should be able to work | around it, if it's possible to join the domain without allowing the user | root to log into it. I've tried having invalid users = root, and | experimented with the domain admin group and admin users settings to | work around it, but to no avail. I've googled for a solution, and found | no suggestions. I posted an experimental patch last week that allows domains admins (defined by the group mapping) to join machines to the domain. It's at http://samba.org/~jerry/patches/post-3.0.10/ I'm reworking things now to use a privliege based model (based on code by Simo Sorce) so it will change before 3.0.11 I'm sure. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5D0zIR7qMdg1EfYRAnaGAKCOeASLx1d2T2N+h8pKoLU/TB15WwCgtlQY VF0M7tX7v0P5eXu33p022ao= =Esrd -END PGP SIGNATURE- -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 25, Issue 14
Your email has been received and will be replied to as soon as possible. If this is a repair item or request please summit a ticket at the following web address. http://ts.sd57.bc.ca Thanks Benny.nerd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: University's using samba and ldap
[EMAIL PROTECTED] wrote: Is there anyone out there from other university's that would be willing to talk to me about you samba layout. We already have it in place but we other colleges within the university that want to start using our setup but want there own domains. I'm kind of confused how this would all work. I'd like to offer our success story from Hudson Valley Community College in New York, USA. We are using Samba as DC for authentication with file and print services. Our setup is a bit different from most, I would gather. Setup: 3 - AIX 5.2 boxes with Samba 3.0.10 each with different domain names, but the same SID. This was done to have all three servers share the same identical LDAP backend. Eventually we'll be one domain, but for now this works better than we could have hoped for. The LDAP server is a fourth AIX box with OpenLDAP 2.2.20 using BerkeleyDB 4.2. I spent much time reading Gerald Carter's LDAP System Administration book. We used to be an smbpasswd type setup. This didn't scale well as we have 19000+ accounts in the database (yes I said 19,000). Also we used to NFS mount the smbpasswd file from one server to the other two so they shared the password info. This was simply to offer a single sign on feature and allowed machines to be in one domain and then have a technician move it to another at will. We didn't use the PADL scripts. They are good scripts, but didn't offer the flexibility we needed to have complete control of the database (this was truly a control issue :-) ) and there were additional attributes we needed to add for sanity checks and reconciliation of users against SCT Banner. So we wrote our own library of functions and scripts in ksh (sorry all you perl fans). Essentially we build user accounts outside of AIX and Samba by creating the entries ourselves. We built a C program to search for the next free unix uid in the LDAP database (which is range tunable to assist in rapid scripting of user generation) We also wrote a piece of C code to migrate the user databases from flat files to ldif format to preserve all values and add a few more for in-house maintenance. We used the algorithmic methods of computing the user and group rid's which is what Samba was doing internally using the smbpasswd file for authentication info. So why did we set the SID's the same? We knew that eventually we'd be a single domain installation and we knew that moving to LDAP was only months away, so we set up all the domains that way and rejoined everything in preparation. With assistance from John Terpstra who commented on my plans (posted here several months ago) who said in theory it looked good, we set forth on this mission. (Many hours were spent reading his Samba 3 by Example book as well) We were lucky to also have a four server development area at the time, so we built everything just like production. We joined the machines using flat files, migrated to LDAP and pointed the server to the LDAP master andamazinglyit all still worked - roaming profiles and all. One thing to note is we also do not use winbindd. AIX uses LDAP internally for the users and we create the IDMAP entries at the time we create the users and we have scripts to add the sambagroupmappings when we create a unix group. So everything is integrated at the point of LDAP. No pam or nss is involved at all. We use secldapclntd which is part of AIX that allows us to tell AIX to listen to whatever LDAP we want. As I said earlier we are running OpenLDAP with BerkeleyDB. We could have chosen IBM's solution with db2, but honestly, OpenLDAP was just easier. I know much of this sounds like reinventing the wheel, but like I said earlier, we are control freaks. :-) This past Sunday we migrated our entire campus to LDAP along with our three Samba DC's. Although we do not savor the potential benefits of AD integration or interdomain trusts or winbindd caching or anything like that, there is somehting I have to say to the Samba developers: It works and we are very happy! Institutionally we have been using Samba since version 1.9.x which replaced our 5 server Novell environment with a single AIX box in 1998. My hat is off to all of you. This is truly a wonderful product. Great job everyone! Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] is it possible question
Hi ! Is it possible to set up samba like this: when user wants to print something, it gets prompt/dialog box/window with confirmation. greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind - New DOMAIN but old DOMAIN not CHANGING .URGENT
Hi,
We just imported (moved) all our staff from the old w2k domain to the
new w2k3 domain. Say their accounts and passwords
From STAFF domain to say NEW. Seems winbind is keeping the old domain
users.
I'm using winbind for squid auth on Mandrake linux 10.0
samba-client-3.0.10-0.1.100mdk
samba-winbind-3.0.10-0.1.100mdk
samba-doc-3.0.10-0.1.100mdk
samba-common-3.0.10-0.1.100mdk
samba-server-3.0.10-0.1.100mdk
When I do a wbinfo -u
I still get STAFF/chris
.
etc
I should get ADMIN/chris
I have changed the win 2003 server admin passwd and joined the say
ADMIN domain and ADMIN.SJC realm. /etc/kerberos/* settings have been
changed also in the samba config.
then rebooted,
did kinit [EMAIL PROTECTED]
did klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
01/13/05 00:00:27 01/13/05 10:01:16 krbtgt/[EMAIL PROTECTED]
renew until 01/14/05 00:00:27
01/13/05 00:01:59 01/13/05 10:01:16 [EMAIL PROTECTED]
renew until 01/14/05 00:00:27
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Did net ads join -U [EMAIL PROTECTED]
kadm5.acl
*/[EMAIL PROTECTED] *
Does this ticket look ok? the krbtgt record looks a little odd to me.
I figure I should get ADMIN/chris, and I cannot see any entries for
STAFF realm left over.
I kdestroyed the ticket and recreated it, but no luck
kdc.conf
[kdcdefaults]
kdc_ports = 88
acl_file = /etc/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /etc/kerberos/krb5kdc/kadm5.keytab
[realms]
ADMIN.SJC = {
master_key_type = des3-cbc-sha1
supported_enctypes = des3-cbc-sha1:normal des-cbc-crc:normal
des-cbc-crc:v4 des-cbc-crc:afs3
profile = /etc/krb5.conf
database_name = /etc/kerberos/krb5kdc/principal
admin_database_name = /etc/kerberos/krb5kdc/kadm5_adb
admin_database_lockfile = /etc/kerberos/krb5kdc/kadm5_adb.lock
admin_keytab = FILE:/etc/kerberos/krb5kdc/kadm5.keytab
acl_file = /etc/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
key_stash_file = /etc/kerberos/krb5kdc/.k5stash
kdc_ports = 88
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
}
krb5.conf
[libdefaults]
ticket_lifetime = 24000
default_realm = ADMIN.SJC
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
ADMIN.SJC = {
kdc = sun.admin.sjc:88
admin_server = sun.admin.sjc:749
kpasswd_server = sun.admin.sjc
default_domain = admin.sjc
}
[domain_realm]
.admin.sjc = ADMIN.SJC
[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[login]
krb4_convert = false
krb4_get_tickets = false
Anyway the users cannot auth through out proxy because of this.
Can anyone help. I have to get this fixed by the morning before staff
arrive.
Thanks
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions to share right's
Hi all, I have here following, RHEL clone, Samba 3.09x + Winbind, 2 NT4 domains (trustet) Questions in addition: It concerns the Share [Install]. Why can a user, who does not a member in write list is, nevertheless files and Directorys create?? What do I understand here wrongly? Thx Stefan With the following configuration: [global] unix charset = ISO8859-15 display charset = ISO8859-15 workgroup = FELTEN1 server string = Linux-Fileserver-SFE002 interfaces = 192.168.1.35/24 security = DOMAIN password server = 192.168.1.51 log level = 1 log file = /var/log/samba/%m.log max log size = 50 name resolve order = wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 32 local master = No dns proxy = No wins server = 192.168.1.51 kernel oplocks = No ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /daten/Home privat/%D/%U template shell = /bin/bash winbind separator = + winbind cache time = 15 winbind enable local accounts = Yes winbind use default domain = Yes admin users = administrator, backup cups options = raw #vscan-clamav:config-file = /etc/samba/vscan-clamav.conf #vfs objects = vscan-clamav [homes] comment = ~~~ privates Homeverzeichnis~~~ path = %H read only = No create mask = 0700 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [Install] comment = Install valid users = @DACSYS1+Domänen-Benutzer,@Domänen-Benutzer writeable = yes create mode = 0664 write list = @DACSYS1+Install_Serrig,@Install_Serrig path = /daten/Install directory mode = 0775 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba on Snap
Hi, We have a snap server 4400 which is running Samba and which we have successfully added to our Samba domain which is running on a Sun. However, when we save a file on the Snap server, the unix owner/group are set incorrectly to the values 20111 and 20002. A file saved on the Sun server has the correct unix owner/group. Consequently, the file save on the snap server cannot be edited at the unix level by the same user who created it on the PC! Does anyone know why this is and how we might correct it? We are not running winbindd on the Sun server, but we are on the Snap (the default). Could this be the cause? Thanks in advance for any answers. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Joining a samba domain on WinXP without a root login?
Gerald (Jerry) Carter wrote: I posted an experimental patch last week that allows domains admins (defined by the group mapping) to join machines to the domain. Hi Jerry- Um, OK I'll be the security bigot since you are spending time in this code right now. I see a utility ID being created by the Samba admin person which is able to have 1) some read only access to the server to pull down files for setting up computers and 2) join computers to the domain. Thus 'domain admin' is a bit more horse power than I care to leave running around on a generic ID that goes is scripts. For example, there is no need for this account to create users in the domain, ja? Both NT4 and AD have special ways to create a basic domain user, then add the specific permission to join workstations to the domain. Can your creativity provide that type of an implementation for Samba? Thanks! -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Win2K. Raw CUPS printing, driver download
Using Debian Sarge, samba, CUPS, and an HP G85 mutifunction with HPOJ to use the G85 USB connection, I've been able to get raw printing to work, and Point 'n' Print driver download to work, but not at the same time. The driver download was a chore, because of HP's proprietary install program. Had to install the driver locally to get the needed files and copy them manually to the Linux box. Raw printing didn't work unless I did a local install of the driver and created a new port named //server/printer, which pretty much defeats the driver download feature. Incidentally, the documentation on doing this refers to the Details tab, but it's really the Ports tab in the Win2K printer driver Properties sheet. The docs should probably be updated for this. If I use the driver download, the output from a WordPad document with just the word test spits out multiple pages, each being either blank or just one line of garbage. The first page has a line which begins with @ and character like a capital C with a tail, then the printer URL in the form \\server\printer, cut off near the end by a smiley face and various other odd characters. The URL appears to repeat near the end of the line but is cut off when the printer runs out of room on the right. My thinking is that the printer URL must be an artifact of sending the data over the network, and that samba should be removing it, because CUPS wouldn't know what to do with it. Not sure why this happens with the downloaded driver but not the locally installed one. I would prefer to use the driver download feature, since it doesn't require a manual install of the driver on each workstation. Can anyone suggest how to get this to work? -- Don Stauffer, Office Manager Indiana Epilepsy and Child Neurology, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Joining a samba domain on WinXP without a root login?
Both NT4 and AD have special ways to create a basic domain user, then add the specific permission to join workstations to the domain. Can your creativity provide that type of an implementation for Samba? Isn't this privilages? You can muck about with them a bit with rpcclient but they don't seem to do anything. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] compiling samba 3.0
Hi, I had the same issue as you and some others. I found your post [http://lists.samba.org/archive/samba/2003-October/000762.html] but no replays, so I figured that the issue is still unresolved. However, I found the solution by having a look at the files causing the problem. As I understood, if nss.h file is present on your system, it will be used. However, nss.h does not always have the nessessary definitions. For example, I had mozilla nss installed and the nss.h file it had did not have any NSS_STATUS definitions. So I just removed the case on having nss.h file on your computer by modifying source/nsswitch/winbind_nss.h file by removing (commenting out) following lines: #elif HAVE_NSS_H /* * Linux (glibc) */ #include nss.h typedef enum nss_status NSS_STATUS; Now I could compile samba and install it. I used Samba-3.0.10 sources. If anyone knows how to make patch/diff file for that, then please make it, I am too new to Linux fur that :(. Siim Karus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: help needed to move from Samba 2 to 3
You should post your smb.conf and exactly what Windows error message you are receiving. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Questions to share right's
The write list directive is used to override the 'read only' or 'writeable' directive. The best way to achieve what you want to do is put all the users that need write access to this share in one group. Remove the write list directive, and change the group owner ship of /daten/Install to that group and the mode to 660. This will allow access to that group and the owner, but not anyone else. See if this works for you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cifs extensions
hi! are the cifs extensions included by default on actual samba packages? how can i check if my samba server supports it? thx abo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Please remove my post
Please remove my post [Samba] HELP Access denied. Source file may be in use Goldston, Lloyd (SAIC) lloyd.goldston mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20HELP%21%21%21%21%20Acc ess%20denied.%20Source%20file%20may%20be%20in%20useIn-Reply-To= at us.army.mil Wed Jul 23 19:33:08 GMT 2003 I listed too much detail in my contact field and would appreciate it if you deleted my post. Please let me know if this is possible. Thanks, Lloyd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Log on problems since update from 2.2.12 to 3.0.10
Hi,
I want to move from Samba 2.2.12 to 3.0.10. I downloade the 3.0.10
sources and compiled them (Solaris 8). Everything went fine. After the
install, I tested the new 3.0.10 Samba with the old smb.conf from 2.2.12
(the docs say this should work). I could not log in anymore.
I switched back to 2.2.12 and tried the 3.0.10 install on a Suse Linux
8.0 - with the same results. I used most parts from the solaris
smb.conf.
This is the Samba config of the Linux sytem. It acts as samba server,
and later for testing as client too.
[global]
workgroup = ERS
netbios name = sambaserver
os level = 0
name resolve order = host lmhost wins
encrypt passwords = Yes
guest account = Nobody
map to guest = Bad User
hide dot files = yes
unix extensions = yes
username map = /etc/samba/smbusers
log file = /var/log/samba/%m
log level = 3
security = server
password server = passwordserver
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
local master = No
wins support = No
wins server = winsserver
character set = ISO8859-15
client code page = 850
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
...
The server is not member in our company domain EMEA. At the moment it is
not possible to use 'security = domain', so we use 'security = server'.
The server is in the workgroup ERS (no DC!), witch is the name of our
department.
Authentication happens against the EMEA password server with the
UID/PASS users have in the EMEA domain. Mapping between the unix UIDs
and domain UIDs is done with the option 'username map'. This worked fine
with 2.2.12.
I did the tests on the linux system (both client and server!).
ralfgro is my EMEA domain account, rg the local unix account.
smbclient //sambaserver/ralfgro -U ralfgro -W emea
[2005/01/11 09:14:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X(789)
Domain=[EMEA] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2005/01/11 09:14:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X(804)
sesssetupX:[EMAIL PROTECTED]
[2005/01/11 09:14:57, 3] lib/username.c:map_username(173)
Mapped user RALFGRO to rg
[2005/01/11 09:14:57, 3] libsmb/trusts_util.c:enumerate_domain_trusts(149)
enumerate_domain_trusts: can't locate a DC for domain ERS
[2005/01/11 09:14:57, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2005/01/11 09:14:57, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [EMAIL PROTECTED]
[2005/01/11 09:15:03, 1] auth/auth_server.c:check_smbserver_security(363)
password server passwordserver rejected the password
[2005/01/11 09:15:03, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [RALFGRO]
- [rg] FAILED with error NT_STATUS_LOGON_FAILURE
[2005/01/11 09:15:03, 3] smbd/error.c:error_packet(129)
error packet at smbd/sesssetup.c(887) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2005/01/11 09:15:03, 3] smbd/process.c:timeout_processing(1336)
timeout_processing: End of file from client (client has disconnected).
Some more debug output from smbd, this time from remote client contacting
the 3.0.10 sambaserver:
$ sbin/smbd -i -d 3 -s /etc/samba/smb.conf
get_current_groups: user is in 10 groups: 0, 1, 14, 15, 16, 17, 65533,
65534, 65533, 65534smbd version 3.0.10 started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
uid=0 gid=0 euid=0 egid=0
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file /etc/samba/smb.conf
Processing section [global]
Unknown parameter encountered: character set
Ignoring unknown parameter character set
Unknown parameter encountered: client code page
Ignoring unknown parameter client code page
Processing section [homes]
adding IPC service
adding IPC service
added interface ip=$myip bcast=$mybroadcast nmask=255.255.0.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
loaded services
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
start_background_queue: Starting background LPQ thread
waiting for a connection
open_oplock_ipc: opening loopback UDP socket.
Linux kernel oplocks enabled
open_oplock ipc: pid = 22539, global_oplock_port = 39739
Transaction 0 of length 72
netbios connect: name1=sambaservername2=client
netbios connect: local=sambaserver remote=client, name type = 0
Transaction 1 of length 168
switch message SMBnegprot (pid 22539) conn 0x0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Requested protocol [PC NETWORK PROGRAM 1.0]
Requested protocol [MICROSOFT NETWORKS 1.03]
Requested protocol [MICROSOFT NETWORKS 3.0]
Requested protocol [LANMAN1.0]
Requested protocol [LM1.2X002]
Requested protocol [Samba]
Connecting to passwordserverIP at port 445
error connecting to passwordserverIP:445 (Verbindungsaufbau abgelehnt)
Connecting to passwordserverIP at port 139
connected to password server passwordserver
got session
password server OK
using password server
[Samba] samba from srpms for fedora core 1 with mysql
hi there
here is part of SPECS file:
--
CFLAGS=$RPM_OPT_FLAGS ./configure \
--prefix=%{_prefix} \
--localstatedir=/var \
--sysconfdir=/etc \
--with-privatedir=%{_sysconfdir}/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=%{_datadir}/swat/using_samba \
--with-swatdir=%{_datadir}/swat \
--with-libsmbclient \
--with-expsam=mysql \
--with-acl-support
make showlayout
make proto
make %{?_smp_mflags} all nsswitch/libnss_wins.so debug2html
--
this is result of rpmbuild -bb samba.spec
--
l.so.2(GLIBC_2.1) libgssapi_krb5.so.2 libk5crypto.so.3 libkrb5.so.3
liblber.so.2 libldap.so.2 libnsl.so.1 libnsl.so.1(GLIBC_2.0) libpam.so.0
libpopt.so.0 libresolv.so.2 samba = 3.0.10 xinetd
Processing files: samba-debuginfo-3.0.10-2
Provides: CP437.so.debug CP850.so.debug audit.so.debug cap.so.debug
default_quota.so.debug expand_msdfs.so.debug extd_audit.so.debug
fake_perms.so.debug full_audit.so.debug libnss_winbind.so.debug
libnss_wins.so.debug libsmbclient.so.debug mysql.so.debug
netatalk.so.debug pam_smbpass.so.debug pam_winbind.so.debug
readonly.so.debug recycle.so.debug shadow_copy.so.debug
Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1
rpmlib(PayloadFilesHavePrefix) = 4.0-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files
/var/tmp/samba-3.0.10-root
error: Installed (but unpackaged) file(s) found:
/usr/lib/samba/pdb/mysql.so
--
what can I do ?
thanks
Gianni
--
--
-
ing. Gianni Bassini (MNE Cefriel 2001)
System Administrator - Webmaster Provincia di Cremona
C.so Vittorio Emanuele II, 17 - 26100 Cremona (CR)
tel 0372-406246 - [EMAIL PROTECTED]
-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] user manager and set primary group script questions
Hi to all, i succesfully migrated an nt4 domain (with windows xp, 2kpro and nt4 workstation client). Now we are running samba with ldap backend on two Gentoo-Linux boxes configured as pdc and bdc. All went smoothly, but i have a couple of unresolved minor issues. The first is with user manager. When i try to set user cannot change password flag in the user properties i get an error. The error is the function is not correct (i'm not sure if it's exact becase i translate it from italian). The second issue is with the set primary group script. If i leave it in smb.conf i have two problem: - NT4 workstation cannot succesfully join the domain. xppro client and 2000pro can join successfully the domain - the function set primary group in user manager doesn't work (this is not a big issue for me) If i comment set primary group script in smb.conf i'm able to join domain and to set primary group with user manager. It is safe to comment out this directive? It's required in some way? Regards, Samuele -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP SP2 offline files sync delay (again)
I'm running Samba 3.0.7 on Mandrakelinux 9.2 as a PDC, with a few shares from the PDC and more on a separate Mandrakelinux 10.0 member file server, also running Samba 3.0.7. The passdb backend is LDAP and clients are all Windows XP Professional SP1. Except for the below, everything works great! We make heavy use of offline files, and with Windows XP SP1, all is well. However, when I install SP2, something breaks with the offline files sync operation - there is a ~60 sec. delay and I'm not sure the syncs even happen. Domain logins, mapping drives, browsing, etc. all seem OK with SP2. I am planning to update to Samba 3.0.11 when it is released, and have held at 3.0.7 not seeing any fixes since then apparently relevant. FYI, below are two tcpdump -vv outputs, each syncing a single folder from the share \\pdc\software. The client is 'dblack-pc'. The dumps were taken in exactly the same way, differing only in which SP is installed. I can uninstall XP SP2 and things go back to normal. The Windows firewall is disabled in both cases. http://jamsoft.com/~dave/samba/sync-sp1.txt http://jamsoft.com/~dave/samba/sync-sp2.txt Of note are many MAILSLOT operations on the sp2 dump, but none on the sp1 dump. In both cases I just started the dump on the server, then on the client clicked synchronize on the offline folder. Also, to explain - 192.168.10.230 is a floating IP address of 'pdc' and 192.168.10.193 is the machine's primary address 'aptos'. I have communications occur on the .230 address so it may be migrated between physical machines using heartbeat/DRBD, which so far works fine for all other functions. Hope that's not a factor in this problem. Last, here's my smb.conf file: http://jamsoft.com/~dave/samba/smb.conf Any help/advice would be greatly appreciated. I've scoured the net and this list for clues, finding nothing substantive. This issue is so far is a show stopper for me to roll out XP SP2 at work. Dave -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can not connect
I was using Samba till this morning. The samba seems running on the Unix box but I can not connect form the NT server. Can you help? The person hat supported this application left and we need help. Thanks, Doris Nagola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS
Hi all, I have a samba server that authenticates users against a AD Domain controler on a different machine and everything works fine. However, i would find ever so often this machine would stop authenticating people for now apparent reason. Usually i would restart winbind, and samba and everything would start working but even that seems not to work anymore. Are there any other processess i should be stopping/starting/restarting to have my samba server talk to the DC again? Regards, R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ADS
MORE INFO: I just noticed that in my samba logs when i get a user that is denied access to my share i get and error message similar to: smbd/service.c:reply_spnego_kerberos(250) Username Domain+Machinename is invalid on this system Why is this happeneing? Why is it specifying the machine name and not the username? My understanding is that my machine should contact the DC and pass the authentication info to the DC for access. Why isnt this happening? - Original Message - From: Rashaad S. Hyndman [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Wednesday, January 12, 2005 1:35 PM Subject: [Samba] Samba ADS Hi all, I have a samba server that authenticates users against a AD Domain controler on a different machine and everything works fine. However, i would find ever so often this machine would stop authenticating people for now apparent reason. Usually i would restart winbind, and samba and everything would start working but even that seems not to work anymore. Are there any other processess i should be stopping/starting/restarting to have my samba server talk to the DC again? Regards, R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba log analyzer
Dear all, I would like to know if there is/are any program to analyze the SAMBA log, and if possible create some reports with statistics (logon, files access, etc). Best brazilian regards, Rodrigo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbfs pc-netlink problem
I posted basically this problem yesterday with no response, but I have some new information so here's a rego. I mount a solaris box which is sharing files with pc-netlink I use the following line in my fstab //machinename/Share /mnt/machinename/share smbfs credentials=/etc/fstabpwds/username,ro,user 0 0 And it mounts fine, I can access all the directories, and most of the files. Some of the files however are problematic. Namely, I can't copy them or open them or use them in anyway. If I try to cp them, the process never ends and the resulting file grows until it takes up all the space on the destination drive. If it's a text file, and I try to cat it, the process hangs. An ls -l of the file does show the proper file size. I have smbfs 3.0.10-1 installed. I'm running Linux version 2.6.8-1-386 ([EMAIL PROTECTED]) (gcc version 3.3.5 (Debian 1:3.3.5-2)) #1 Connecting to the same share via a Smbclient //machinename/Share Allows me to navigate to, and get the files just fine. Accessing these shares from Windows boxes works just fine. I'm completely stumped, and this is a show stopper for rolling out a new server, so if anyone has any ideas, please let me know. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba(-3.0.10) + Excel(2003), file locking issue?
Using samba-3.0.10(*) on RedHat Enterprise 3, and client WinXP boxes with Office 2003. All servers and clients have synchronized clocks (ntp). I open an excel file from a samba share, modify it, the *first* (and only first) time I save, Excel says: The file 'foo.xls' may have been changed by another user since you last saved it. In that case, what do you want: O Save a copy O Overwrite changes Any ideas what's going on here? -- Rex (*) It happened with older version(s) too, but I thought I'd verify against the latest release -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba(-3.0.10) + Excel(2003), file locking issue?
On Wed, Jan 12, 2005 at 01:18:37PM -0600, Rex Dieter wrote: Using samba-3.0.10(*) on RedHat Enterprise 3, and client WinXP boxes with Office 2003. All servers and clients have synchronized clocks (ntp). I open an excel file from a samba share, modify it, the *first* (and only first) time I save, Excel says: The file 'foo.xls' may have been changed by another user since you last saved it. In that case, what do you want: O Save a copy O Overwrite changes Any ideas what's going on here? It's a known bug we've fixed in the Samba 3.0.11 pre-release. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbfs pc-netlink problem
Hi Rob, On Wed, Jan 12, 2005 at 01:12:15PM -0600, Rob Brenart (TT) wrote: I posted basically this problem yesterday with no response, but I have some new information so here's a rego. I mount a solaris box which is sharing files with pc-netlink I use the following line in my fstab //machinename/Share /mnt/machinename/share smbfs credentials=/etc/fstabpwds/username,ro,user 0 0 And it mounts fine, I can access all the directories, and most of the files. Some of the files however are problematic. Namely, I can't copy them or open them or use them in anyway. If I try to cp them, the process never ends and the resulting file grows until it takes up all the space on the destination drive. This is a known issue. You can workaround it by using with the (undocumented) oldattr option. Please give use feedback if it that helps for you. Guenther -- Guenther Deschner Samba Team SerNet GmbH - Goettingen [EMAIL PROTECTED],org [EMAIL PROTECTED] pgpJL7EiQOyoH.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba(-3.0.10) + Excel(2003), file locking issue?
On Wed, 12 Jan 2005, Jeremy Allison wrote: On Wed, Jan 12, 2005 at 01:18:37PM -0600, Rex Dieter wrote: Using samba-3.0.10(*) on RedHat Enterprise 3, and client WinXP boxes with Office 2003. All servers and clients have synchronized clocks (ntp). I open an excel file from a samba share, modify it, the *first* (and only first) time I save, Excel says: The file 'foo.xls' may have been changed by another user since you last saved it. In that case, what do you want: O Save a copy O Overwrite changes Any ideas what's going on here? It's a known bug we've fixed in the Samba 3.0.11 pre-release. Thanks a bunch. Now I can stop worrying that it was something I caused... *and* be comforted that a fix is on the way. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba printing does not work
Hi, I'm running samba 3 and printing does not work. Please review the part of my smb.conf below and let me know if there is anything that seems to be causing this issue. I appreciate anyone who spends their valuable time helping me. Thanks, Bill --- [global] debug level = 0 syslog = 0 workgroup = PHS_WRKSTN comment = SMB Server printing = bsd printcap name = /etc/printcap.smb load printers = yes log file = /var/samba/log/log.%m max log size = 50 preserve case = yes ip addresses removed,127.0.0.1 short preserve case = yes lock directory = /var/samba/locks locking = yes share modes = yes wins server = ip address removed username map = /ilocal/etc/samba/smb.map hosts allow = ALL dead time = 0 wide links = no follow symlinks = no #smb passwd file = /var/samba/private/smbpasswd smb passwd file = /usr/local/smb/smbpasswd #update encrypted = yes #for this to work 'encrypt passwords = no' encrypt passwords = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 time server = yes #null passwords = yes mangling method = hash2 [udd_sasda] path = /udd/sasda browseable = yes printable = no writable = yes guest ok = no create mask = 0755 follow symlinks = no wide links = no [ipc$] hosts allow =ip addresses removed hosts deny = ALL path = /tmp [printers] comment = Printers path = /var/samba/spool browseable = no printable = yes guest ok = no writable = no create mask = 0700 [tmp] path = /pc/tmp browseable = yes printable = no writable = yes guest ok = no create mask = 0755 follow symlinks = no wide links = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] need some assistance - Samba 3.09 on FreeBSD 4.5
Well I did think of that. My biggest concern about upgrading though is that this system has about 1.5 Tb stored on it and I don't have the time to copy it all off and then restore it later, because of how it used within our company. I've never done a upgrade with freebsd so I'm not sure how reliable the entire process would be unless I completely wiped the system. When you say NSS support isn't good, wouldn't that also affect the machine joining the ADS domain? And shouldn't it also affect the winbind data getting returned correctly? Thanks, Jon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbfs pc-netlink problem
(Sorry Guenther, I accidentally replied to you personally early, my mistake) Adding the oldattr option did not work, adding the oldattr option and removing user from my fstab did do the trick. Thank you so much! -Original Message- From: Guenther Deschner [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 12, 2005 1:46 PM To: Rob Brenart (TT) Cc: 'samba@lists.samba.org' Subject: Re: [Samba] smbfs pc-netlink problem Hi Rob, On Wed, Jan 12, 2005 at 01:12:15PM -0600, Rob Brenart (TT) wrote: I posted basically this problem yesterday with no response, but I have some new information so here's a rego. I mount a solaris box which is sharing files with pc-netlink I use the following line in my fstab //machinename/Share /mnt/machinename/share smbfs credentials=/etc/fstabpwds/username,ro,user 0 0 And it mounts fine, I can access all the directories, and most of the files. Some of the files however are problematic. Namely, I can't copy them or open them or use them in anyway. If I try to cp them, the process never ends and the resulting file grows until it takes up all the space on the destination drive. This is a known issue. You can workaround it by using with the (undocumented) oldattr option. Please give use feedback if it that helps for you. Guenther -- Guenther Deschner Samba Team SerNet GmbH - Goettingen [EMAIL PROTECTED],org [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba share for ADS users
Hi all, As per suggested i added a windbind seperator comment in my samba.conf file and followed that up with adminin user=Domain+Some AD user. I expected this to give that AD user full control over the share (read , write , execute) however, if that user tries to create a file in that direcotry he still gets accessed is denied. Right now i have the share owned by a unix user (because i dont know of any why to have it owned by an AD user) non root with 755 as the permissions on all the folders. How do i go about giving and ADS user the ability to create files and folders in that directory without changing the rights to 777 for all files and folders? Thanks, R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sign-on to Linux Workstation to AD Network
Has any one setup a Linux Workstation to auth to a AD Windows 2003 Domain on sign-in and have all the share automatically mount from the server? The key thing is to be able to login on a Linux PC as any AD user and have all the share auto mount for the user. samba version 3.0.9 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows passwords change (again)
i will like my pass words -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2 to 3.0.9 DC upgrade problems
Hi all, I just replaced a client's SUSE 8.0/Samba 2.2 DC with a SUSE 9.2/Samba 3.0.9 DC. Drives were giving trouble, and since that box was a first attempt at a linux DC there was a lot of room for improvement. I copied the profiles and home directories over to the new machine, chowned them to the new users. I also did extracted the securid from the old DC and set it to the new one (using the net command). I expected the clients not to notice. Oh dear... First off, the Windows 98 clients, stupid as they are on a network, didn't notice at all. But the Windows 2000 and Windows XP Pro ones had trouble. They all logged in fine, but they all had all sorts of weird problems. For example, upon starting outlook, it did the whole install-the-user-specific-stuff routine you get when you run it for the first time. I ended up having to rename the profile and have it create a new one. Lot's of unhappy users Can anyone tell me what I did wrong? My suspicion, in hindsight, is that the local copy of the profile on each client, belongs to the domain user, as identified by it's userid (I'm sure I've seen windows refering to a Unix user 514 or something similar before), and that the user id has changed (which it has - SUSE 8.0 maps users from 500 up, 9.2 from 1000 up). Can anyone shed some light? Thanks -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2 to 3.0.9 DC upgrade problems
On Wednesday 12 January 2005 12:09, Hans du Plooy wrote: Hi all, I just replaced a client's SUSE 8.0/Samba 2.2 DC with a SUSE 9.2/Samba 3.0.9 DC. Drives were giving trouble, and since that box was a first attempt at a linux DC there was a lot of room for improvement. I copied the profiles and home directories over to the new machine, chowned them to the new users. I also did extracted the securid from the old DC and set it to the new one (using the net command). I expected the clients not to notice. Oh dear... First off, the Windows 98 clients, stupid as they are on a network, didn't notice at all. But the Windows 2000 and Windows XP Pro ones had trouble. They all logged in fine, but they all had all sorts of weird problems. For example, upon starting outlook, it did the whole install-the-user-specific-stuff routine you get when you run it for the first time. I ended up having to rename the profile and have it create a new one. Lot's of unhappy users Can anyone tell me what I did wrong? My suspicion, in hindsight, is that the local copy of the profile on each client, belongs to the domain user, as identified by it's userid (I'm sure I've seen windows refering to a Unix user 514 or something similar before), and that the user id has changed (which it has - SUSE 8.0 maps users from 500 up, 9.2 from 1000 up). Can anyone shed some light? Windows NT/2KX stores the Windows SID as an access control identifier inside the profile file NTUser.DAT. If you do not replace the SID inside this file with the new SID on from the new server then your users will not be able to access their profiles - i.e.: It just will not work as you have seen. You can recover the SID from the old system by running (for Samba-3): net getlocalsid You can set the SID on the new server by running: net setlocalsid S-1-5-21-X-X-XX Note: The SID must be the one you obtained from the old server. Additionally, you must ensure that each user has the same UID and GID as they were on old server. - John T. Thanks -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] STOP PAYING FEDERAL TAXES - LEGALLY!
is your report still available ? Joe Arnold/Program Mgr. Glass Mountain Optics 9517 Old McNeil Rd. Austin,TX 78758 (p) 512-339-7442 (f ) 512-339-0589 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Permissions within a share for the same userid
Simply what I would like to create is the following Default, the share is read only The share has a write list, for admins allowed to update the share Now for the twist... Read Only Users have ability to write to one dir within the share Any simple way to configure this, or is two shares easier? Here is the share as it stands today... [blablabla] comment = Bla Bla Bla browseable = no path = /shares/blablabla guest ok = no read only = yes write list = mradmin And lets say I would like to allow /shares/blablabla/app/logs to be a user writable directory tree. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Permissions within a share for the same userid
Michael Lueck wrote: Simply what I would like to create is the following Default, the share is read only The share has a write list, for admins allowed to update the share Now for the twist... Read Only Users have ability to write to one dir within the share Any simple way to configure this, or is two shares easier? Two shares are the easiest way to do this, IMHO. TMS III Here is the share as it stands today... [blablabla] comment = Bla Bla Bla browseable = no path = /shares/blablabla guest ok = no read only = yes write list = mradmin And lets say I would like to allow /shares/blablabla/app/logs to be a user writable directory tree. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba across internett
First you need a VPN configured between the sites, then configure your Samba environment treating the VPN as if it were internal routers connecting a couple of subnets together. I dare say you do not want to configure broadcasts to go over the VPN, thus my analogy of internal routers and a couple of subnets. I have multiple Samba servers and a Win2K server all chatting over VPN links. Hire a consultant that has done it successfully and securely if you are in such time constraints... else you can plan on looking for a job when you are hacked, or the entire thing pukes on you when users want to get their work done. This task is by no means a mere Hello, World! experience. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2 to 3.0.9 DC upgrade problems
On Wednesday 12 January 2005 23:06, John H Terpstra wrote: You can recover the SID from the old system by running (for Samba-3): net getlocalsid You can set the SID on the new server by running: net setlocalsid S-1-5-21-X-X-XX This I did - in fact, I was quite paranoid about it and checked it over and over just to be absolutely sure. Note: The SID must be the one you obtained from the old server. Additionally, you must ensure that each user has the same UID and GID as they were on old server. I think this must have been the problem. Do you refer to UID and GID withing samba, or the unix UID and GID? Thanks -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2 to 3.0.9 DC upgrade problems
On Wednesday 12 January 2005 14:51, Hans du Plooy wrote: On Wednesday 12 January 2005 23:06, John H Terpstra wrote: You can recover the SID from the old system by running (for Samba-3): net getlocalsid You can set the SID on the new server by running: net setlocalsid S-1-5-21-X-X-XX This I did - in fact, I was quite paranoid about it and checked it over and over just to be absolutely sure. Note: The SID must be the one you obtained from the old server. Additionally, you must ensure that each user has the same UID and GID as they were on old server. I think this must have been the problem. Do you refer to UID and GID withing samba, or the unix UID and GID? Samba maps the UID to the user SID. The user SID is made up of the Domain SID plus a RID. The RID = 2xUID + 1000. If the UID = 1234 the RID = 2468. If the SID = S-1-5-21-12345678-12345678-12345678 the user SID = S-1-5-21-12345678-12345678-12345678-2468 - John T. Thanks -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Shares disconnect on XP when Offline Files enabled after migration from v2.x to v3.0.7
Issue: Three WinXP Pro boxes using Offline Files disconnect from all Samba shares when a user either performs a synch or accesses a file on the share with offline files enabled. About half the time, being able to reconnect for any length of time requires a reboot of the WinXP machines. Disabling the Offline Files in Windows alleviates the problem. Background and Network Environment: I recently completed a migration from an old Linux box running Samba 2.x to a new one running RH ES3 and Samba 3.0.7-1.3E.1. User PCs are about 10 Win98SE PCs and about 12 WinXP (with SP2) PCs. There were no problems using the Offline Files using the old Samba 2.x server. Migrating the shares was done in 2 stages. The first stage was migrating a single share on 8 WinXP and 2 Win98 machines. Additionally, for my own PC, I also migrated my home directory, which has Offline Files enabled. All went well and there were no problems for 2 weeks. Two of the XP PCs I'm currently having trouble with were in this group, but they had no problems until the next stage of the migration. Stage 2 was migrating the rest of the shares, which included the users home directories. The XP My Documents folder is redirected to a folder in the users Linux home directory, and Offline Files enabled. Specifically: Linux home directory = /SambaSharesB/%username% Mapped Drive on XP = H: = \\F2\homes XP My Documents icon redirected to H:\documents Offline Files enabled for My Documents Of the 12 XP PCs migrated, 9 work flawlessly but 3 will disconnect all shares from F2. A user log file snippet and the contents of my smb.conf file follow. The following log snippet (log level = 2) shows an Excel file being opened and closed several times in very rapid succession then his home share (service: dray) being authenticated and closed a few times, then all shares. New PIDs were even generated. I found the following entry interesting: [2005/01/10 17:31:21, 2] smbd/service.c:make_connection(752) [homes] share not available for this user because it was not found or created at session setup time Anyway, here are the contents: SNIP [2005/01/10 17:31:00, 2] smbd/open.c:open_file(245) dray opened file documents/Sold Loan Report Dec 04.xls read=No write=Yes (numopen=1) [2005/01/10 17:31:00, 2] smbd/close.c:close_normal_file(262) dray closed file documents/Sold Loan Report Dec 04.xls (numopen=0) [2005/01/10 17:31:00, 2] smbd/dosmode.c:unix_mode(60) unix_mode(documents/Sold Loan Report Dec 04.xls) inheriting from documents [2005/01/10 17:31:00, 2] smbd/dosmode.c:unix_mode(68) unix_mode(documents/Sold Loan Report Dec 04.xls) inherit mode 40775 [2005/01/10 17:31:00, 2] smbd/open.c:open_file(245) dray opened file documents/Sold Loan Report Dec 04.xls read=Yes write=No (numopen=1) [2005/01/10 17:31:00, 2] smbd/dosmode.c:unix_mode(60) unix_mode(documents/Sold Loan Report Dec 04.xls) inheriting from documents [2005/01/10 17:31:00, 2] smbd/dosmode.c:unix_mode(68) unix_mode(documents/Sold Loan Report Dec 04.xls) inherit mode 40775 [2005/01/10 17:31:00, 2] smbd/close.c:close_normal_file(262) dray closed file documents/Sold Loan Report Dec 04.xls (numopen=0) [2005/01/10 17:31:00, 1] smbd/service.c:close_cnum(837) dh3pcm21 (192.168.6.55) closed connection to service dray [2005/01/10 17:31:08, 2] smbd/server.c:exit_server(571) Closing connections [2005/01/10 17:31:08, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [dray] - [dray] - [dray] succeeded [2005/01/10 17:31:08, 2] lib/access.c:check_access(324) Allowed connection from (192.168.6.55) [2005/01/10 17:31:08, 1] smbd/service.c:make_connection_snum(648) dh3pcm21 (192.168.6.55) connect to service dray initially as user dray (uid=502, gid=502) (pid 15053) [2005/01/10 17:31:08, 1] smbd/service.c:close_cnum(837) dh3pcm21 (192.168.6.55) closed connection to service dray [2005/01/10 17:31:16, 2] smbd/server.c:exit_server(571) Closing connections [2005/01/10 17:31:16, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [dray] - [dray] - [dray] succeeded [2005/01/10 17:31:16, 2] lib/access.c:check_access(324) Allowed connection from (192.168.6.55) [2005/01/10 17:31:16, 1] smbd/service.c:make_connection_snum(648) dh3pcm21 (192.168.6.55) connect to service dray initially as user dray (uid=502, gid=502) (pid 15054) [2005/01/10 17:31:16, 2] smbd/server.c:exit_server(571) Closing connections [2005/01/10 17:31:16, 1] smbd/service.c:close_cnum(837) dh3pcm21 (192.168.6.55) closed connection to service dray [2005/01/10 17:31:16, 2] lib/access.c:check_access(324) Allowed connection from (192.168.6.55) [2005/01/10 17:31:16, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [dray] - [dray] - [dray] succeeded [2005/01/10 17:31:16, 2]
Re: [Samba] samba across internett
Hi, connecting smb ports trough the net can only be recommended with vpn, i.e. tunnel, take a look to openvpn Regards eivind schrieb: I am quite novise to samba and networking but I have a litle timepressure as I need two branchoffice to be connected to my server at the mainoffice Does anyone know if it is possible to do this with samba alone or do I need somthing extra. Eivind -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] URGENT winbind - New DOMAIN but old DOMAIN not CHANGING - Resent
Hi,
We just imported (moved) all our staff from the old w2k domain to the
new w2k3 domain. Say their accounts and passwords
From STAFF domain to say NEW. Seems winbind is keeping the old domain
users. This server was serving the STAFF domain w/o problems before
users were migrated.
Domain is in 2000 native mode.
I'm using winbind for squid auth on Mandrake linux 10.0
samba-client-3.0.10-0.1.100mdk
samba-winbind-3.0.10-0.1.100mdk
samba-doc-3.0.10-0.1.100mdk
samba-common-3.0.10-0.1.100mdk
samba-server-3.0.10-0.1.100mdk
When I do a wbinfo -u
I still get STAFF/chris
.
etc
I should get ADMIN/chris
I have changed the win 2003 server admin passwd and joined the say
ADMIN domain and ADMIN.SJC realm. /etc/kerberos/* settings have been
changed also in the samba config.
then rebooted,
did kinit [EMAIL PROTECTED]
did klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
01/13/05 00:00:27 01/13/05 10:01:16 krbtgt/[EMAIL PROTECTED]
renew until 01/14/05 00:00:27
01/13/05 00:01:59 01/13/05 10:01:16 [EMAIL PROTECTED]
renew until 01/14/05 00:00:27
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Did net ads join -U [EMAIL PROTECTED]
kadm5.acl
*/[EMAIL PROTECTED] *
Does this ticket look ok? the krbtgt record looks a little odd to me.
I figure I should get ADMIN/chris, and I cannot see any entries for
STAFF realm left over.
I kdestroyed the ticket and recreated it, but no luck
kdc.conf
[kdcdefaults]
kdc_ports = 88
acl_file = /etc/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /etc/kerberos/krb5kdc/kadm5.keytab
[realms]
ADMIN.SJC = {
master_key_type = des3-cbc-sha1
supported_enctypes = des3-cbc-sha1:normal des-cbc-crc:normal
des-cbc-crc:v4 des-cbc-crc:afs3
profile = /etc/krb5.conf
database_name = /etc/kerberos/krb5kdc/principal
admin_database_name = /etc/kerberos/krb5kdc/kadm5_adb
admin_database_lockfile = /etc/kerberos/krb5kdc/kadm5_adb.lock
admin_keytab = FILE:/etc/kerberos/krb5kdc/kadm5.keytab
acl_file = /etc/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
key_stash_file = /etc/kerberos/krb5kdc/.k5stash
kdc_ports = 88
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
}
krb5.conf
[libdefaults]
ticket_lifetime = 24000
default_realm = ADMIN.SJC
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
ADMIN.SJC = {
kdc = sun.admin.sjc:88
admin_server = sun.admin.sjc:749
kpasswd_server = sun.admin.sjc
default_domain = admin.sjc
}
[domain_realm]
.admin.sjc = ADMIN.SJC
[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[login]
krb4_convert = false
krb4_get_tickets = false
Anyway the users cannot auth through out proxy because of this.
Can anyone help. I have to get this fixed by the morning before staff
arrive.
Thanks
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD group member troubles
Hidiho! Check to see if the # of Windows group sto which each user belongs = NGROUPS_MAX (normally 32). Both are members in more than 32 groups (and because of the strict security policy I can't take them out of any group) :( Whats next? Compile every software installed on the servers with NGROUPS_MAX = 128 (wherever this value is defined...)? Greetings Franz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD group member troubles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Ferdinand wrote: | Hidiho! | | Check to see if the # of Windows group sto which each user | belongs = NGROUPS_MAX (normally 32). | | Both are members in more than 32 groups (and because of the strict | security policy I can't take them out of any group) :( | Whats next? Compile every software installed on the servers with | NGROUPS_MAX = 128 (wherever this value is defined...)? Depending on your server OS, there may be several options. I'd search the samba-technical mailing list archives for details. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5allIR7qMdg1EfYRAkU9AJ4gQ5GeJDRc9n/qpywEtoazU/LJpQCeI4w5 q1CKCoXo71gCRYZKqzPSG3g= =sUsT -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP unable to add Idmap
thanks, just noticed it, my ldap.conf and smbldap_conf confgig didn't match, one was group and the other was groups, any way my problem now is I can't login to the domain after succesfully joining the domain from a W2K workstation, Domain not available, should I user another subject for this problem, - Original Message - From: Jim C. [EMAIL PROTECTED] To: Adi Nugraha [EMAIL PROTECTED] Sent: Thursday, January 13, 2005 12:33 AM Subject: Re: [Samba] Re: LDAP unable to add Idmap -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | I Just noticed that the smbldap-tools didn't fill in the groups accounts in | the linux group file, any idea why this is ?? You mean the smbldap-populate script? My guess is that either the LDAP acls prevented it or the setting in smbldap_conf.pm for groups was wrong. I had a lot of trouble with this because I kept using ou=oup or ou=oup rather than ou=oups. The setting must be exactly the same everywhere our there will be trouble. Jim C. P.S. Just out of curiosity why are you using SCO Unix if you don't mind my asking? - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz | - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5V9P57L0B7uXm9oRAhkmAJ9Pk0WnhJAeIjfuySxj37yExBTw/wCePbEC Mlb80tpMBqtBoP5D4wQDtaoÝq2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP unable to add Idmap
the workstation is there, I don't think it's from the user / machine accounts though, when I tried smbclint -L localhost -U% it returns : Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9] tree connect failed: NT_STATUS_BAD_NETWORK_NAME I don't really understand why, before when I setup a PDC with tdbsam backend this never happened to me Everything worked great, now - Original Message - From: Fiordilino, Rudy [EMAIL PROTECTED] To: Adi Nugraha [EMAIL PROTECTED] Sent: Thursday, January 13, 2005 10:17 AM Subject: RE: [Samba] Re: LDAP unable to add Idmap Adi, I would check to see that there is an entry for the w2k workstation in /etc/password. I had a similar issue during a migration. Cheers, Rudy -Original Message- From: Adi Nugraha [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 12, 2005 9:57 PM To: Jim C. Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Re: LDAP unable to add Idmap thanks, just noticed it, my ldap.conf and smbldap_conf confgig didn't match, one was group and the other was groups, any way my problem now is I can't login to the domain after succesfully joining the domain from a W2K workstation, Domain not available, should I user another subject for this problem, - Original Message - From: Jim C. [EMAIL PROTECTED] To: Adi Nugraha [EMAIL PROTECTED] Sent: Thursday, January 13, 2005 12:33 AM Subject: Re: [Samba] Re: LDAP unable to add Idmap -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | I Just noticed that the smbldap-tools didn't fill in the groups accounts in | the linux group file, any idea why this is ?? You mean the smbldap-populate script? My guess is that either the LDAP acls prevented it or the setting in smbldap_conf.pm for groups was wrong. I had a lot of trouble with this because I kept using ou=oup or ou=oup rather than ou=oups. The setting must be exactly the same everywhere our there will be trouble. Jim C. P.S. Just out of curiosity why are you using SCO Unix if you don't mind my asking? - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz | - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5V9P57L0B7uXm9oRAhkmAJ9Pk0WnhJAeIjfuySxj37yExBTw/wCePbEC Mlb80tpMBqtBoP5D4wQDtaoÝq2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: University's using samba and ldap
You almost said what I wanted to hear :) The problem here is that we have 50k accounts in ldap and almost everything authenticates off of it. We started out w/ Samba and one DC in 2 small test labs. Now were looking at putting into a mega lab for 700 machines and hopefully control a bunch of stuff using samba. The problem is that now all the other small colleges (departments) want to have their own control and possibly own domain. Plus I dont want to administer their systems. My first thought was the SID issue but it seems that it worked for you. I've decided to get a consultant in here for like 10 hours to just help may lay out the basic architecture just make sure were doing everything right from the get go before samba gets to big on campus. Oh yeh.. We also have a Tru 64 box that everyone has an account on. It has samba running on it and I joined it o the domain so evryone now gets their files mapped when they log in. We also created a web gui so users can get their files when their off campus. I hope all of this work doesnt go to waste because we looking at syncing up our AD w/ ldap so then all of these labs would just use AD. I would like to say screw AD but I dont see us kicking it to the curb. Original message Date: Wed, 12 Jan 2005 07:03:20 -0500 (EST) From: William Jojo [EMAIL PROTECTED] Subject: Re: [Samba] Re: University's using samba and ldap To: Alexander E. Patrakov [EMAIL PROTECTED] Cc: samba@lists.samba.org [EMAIL PROTECTED] wrote: Is there anyone out there from other university's that would be willing to talk to me about you samba layout. We already have it in place but we other colleges within the university that want to start using our setup but want there own domains. I'm kind of confused how this would all work. I'd like to offer our success story from Hudson Valley Community College in New York, USA. We are using Samba as DC for authentication with file and print services. Our setup is a bit different from most, I would gather. Setup: 3 - AIX 5.2 boxes with Samba 3.0.10 each with different domain names, but the same SID. This was done to have all three servers share the same identical LDAP backend. Eventually we'll be one domain, but for now this works better than we could have hoped for. The LDAP server is a fourth AIX box with OpenLDAP 2.2.20 using BerkeleyDB 4.2. I spent much time reading Gerald Carter's LDAP System Administration book. We used to be an smbpasswd type setup. This didn't scale well as we have 19000+ accounts in the database (yes I said 19,000). Also we used to NFS mount the smbpasswd file from one server to the other two so they shared the password info. This was simply to offer a single sign on feature and allowed machines to be in one domain and then have a technician move it to another at will. We didn't use the PADL scripts. They are good scripts, but didn't offer the flexibility we needed to have complete control of the database (this was truly a control issue :-) ) and there were additional attributes we needed to add for sanity checks and reconciliation of users against SCT Banner. So we wrote our own library of functions and scripts in ksh (sorry all you perl fans). Essentially we build user accounts outside of AIX and Samba by creating the entries ourselves. We built a C program to search for the next free unix uid in the LDAP database (which is range tunable to assist in rapid scripting of user generation) We also wrote a piece of C code to migrate the user databases from flat files to ldif format to preserve all values and add a few more for in-house maintenance. We used the algorithmic methods of computing the user and group rid's which is what Samba was doing internally using the smbpasswd file for authentication info. So why did we set the SID's the same? We knew that eventually we'd be a single domain installation and we knew that moving to LDAP was only months away, so we set up all the domains that way and rejoined everything in preparation. With assistance from John Terpstra who commented on my plans (posted here several months ago) who said in theory it looked good, we set forth on this mission. (Many hours were spent reading his Samba 3 by Example book as well) We were lucky to also have a four server development area at the time, so we built everything just like production. We joined the machines using flat files, migrated to LDAP and pointed the server to the LDAP master andamazinglyit all still worked - roaming profiles and all. One thing to note is we also do not use winbindd. AIX uses LDAP internally for the users and we create the IDMAP entries at the time we create the users and we have scripts to add the sambagroupmappings when we create a unix group. So everything is integrated at the point of LDAP. No pam or nss is involved at all. We use secldapclntd which is part of AIX that allows us to tell AIX to listen
[Samba] power failures loss of krb TGT
I'm experiencing some irritating behavior resulting in Unable to verify incoming ticket! messages are produced as a result. They occur as a result of a client that had been disconnected but has reconnected browsing shares on the samba server. (This usually occurs for e.g. by the samba server suffering a power failure and then returning to service without the client having noticed). I'm affraid my krb5 knowledge is limited but I gather this occurs because the windows client is holding a stale ticket? Is there anyway I can configure the samba server to identify and force renegotiation? Then again I could have no clue at all. Explanations and solutions welcome. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba log analyzer
Hi All, We use LogWatch for our Samba server. The reports looks like the following: ### LogWatch 4.3.2 (02/18/03) Processing Initiated: Thu Jan 13 04:02:13 2005 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles for Host: samba3 - Named Begin Zone update refused: 172.17.6.3 (intra.nlcom.nl/IN): 43 Time(s) -- Named End - - samba Begin **Unmatched Entries** auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [COMMERS2]\[Commers [EMAIL PROTECTED] with the new password interface : 1 Time(s) auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface : 6 Time(s) auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface : 7 Time(s) auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface : 1 Time(s) auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface : 1 Time(s) auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [NLCOM-NL]\[Commers [EMAIL PROTECTED] : 1 Time(s) auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] : 6 Time(s) auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] : 7 Time(s) auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] : 1 Time(s) auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] : 1 Time(s) auth/auth.c:check_ntlm_password(268) check_ntlm_password: guest authentication for user [] succeeded : 15 Time(s) auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [Commers Health] - [Commers Health] FAILED with error NT_STATUS_NO_SUCH_USER : 1 Time(s) auth/auth_sam.c:check_sam_security(244) check_sam_security: Couldn't find user 'Commers Health' in passdb file. : 1 Time(s) auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [NLCOM-NL] was for this SAM. : 1 Time(s) lib/interface.c:add_interface(79) added interface ip=172.16.20.1 bcast=172.16.20.255 nmask=255.255.255.0 : 2 Time(s) lib/interface.c:add_interface(79) added interface ip=172.17.6.3 bcast=172.17.255.255 nmask=255.255.0.0 : 2 Time(s) lib/interface.c:add_interface(79) added interface ip=192.168.184.1 bcast=192.168.184.255 nmask=255.255.255.0 : 2 Time(s) lib/smbldap.c:smbldap_connect_system(804) ldap_connect_system: succesful connection to the LDAP server : 125 Time(s) lib/smbldap.c:smbldap_connect_system(804) ldap_connect_system: succesful connection to the LDAP server smbldap_open_connection: connection opened : 1 Time(s) lib/smbldap.c:smbldap_open_connection(638) : 1 Time(s) lib/smbldap.c:smbldap_open_connection(638) smbldap_open_connection: connection opened : 125 Time(s) lib/smbldap.c:smbldap_search_domain_info(1319) Searching for:[((objectClass=sambaDomain)(sambaDomainName=NLCOM-NL))] : 126 Time(s) lib/sysquotas.c:sys_get_quota(413) sys_get_vfs_quota() failed for mntpath[/work] bdev[/dev/sda1] qtype[2] id[1007]: Invalid argument : 1 Time(s) lib/sysquotas.c:sys_get_quota(413) sys_get_vfs_quota() failed for mntpath[/work] bdev[/dev/sda1] qtype[4] id[513]: Invalid argument : 1 Time(s) lib/util_seaccess.c:se_access_check(251) : 38 Time(s) lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1415303871-1163983296-3890754924-3014 se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-2027 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-512 se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-513 se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-2089 se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-3001 : 6 Time(s) lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1415303871-1163983296-3890754924-501 se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-1199 : 32 Time(s) lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected : 23 Time(s) lib/util_sock.c:send_smb(647) : 1 Time(s)
Re: [Samba] Multiple Permissions within a share for the same userid
Hi Tom. The most easiest way is to create two shares, but you can also set with setfacl the rights. Then you don't have to use the readlist and writelist in samba.conf. With this tool you can set rights for every share / folder in this share, or one folder in a share. If you want to learn more about setfacl: google is one of your best friends. Greetz Bart - Original Message - From: Tom Skeren [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Wednesday, January 12, 2005 10:50 PM Subject: Re: [Samba] Multiple Permissions within a share for the same userid Michael Lueck wrote: Simply what I would like to create is the following Default, the share is read only The share has a write list, for admins allowed to update the share Now for the twist... Read Only Users have ability to write to one dir within the share Any simple way to configure this, or is two shares easier? Two shares are the easiest way to do this, IMHO. TMS III Here is the share as it stands today... [blablabla] comment = Bla Bla Bla browseable = no path = /shares/blablabla guest ok = no read only = yes write list = mradmin And lets say I would like to allow /shares/blablabla/app/logs to be a user writable directory tree. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba log analyzer
You can try Sarg. It is in the distro. Chris - Original Message - From: Rodrigo Noroaldo de Castro Fernandes [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Wednesday, January 12, 2005 9:03 PM Subject: [Samba] Samba log analyzer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r4705 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: metze
Date: 2005-01-12 09:57:32 + (Wed, 12 Jan 2005)
New Revision: 4705
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4705
Log:
use an enum for reject_reason
metze
Modified:
branches/SAMBA_4_0/source/librpc/idl/samr.idl
Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/samr.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/samr.idl 2005-01-12 09:54:50 UTC
(rev 4704)
+++ branches/SAMBA_4_0/source/librpc/idl/samr.idl 2005-01-12 09:57:32 UTC
(rev 4705)
@@ -1151,12 +1151,14 @@
//
/* Function0x3f */
- const int SAMR_REJECT_OTHER = 0;
- const int SAMR_REJECT_TOO_SHORT = 1;
- const int SAMR_REJECT_COMPLEXITY = 2;
+ typedef [v1_enum] enum {
+ SAMR_REJECT_OTHER = 0,
+ SAMR_REJECT_TOO_SHORT = 1,
+ SAMR_REJECT_COMPLEXITY = 2
+ } samr_RejectReason;
typedef struct {
- uint32 reason;
+ samr_RejectReason reason;
uint32 unknown1;
uint32 unknown2;
} samr_ChangeReject;
svn commit: samba r4706 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2005-01-12 10:25:44 + (Wed, 12 Jan 2005) New Revision: 4706 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4706 Log: Fix the build, after I renamed these elements in the IDL. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/netlogon.c branches/SAMBA_4_0/source/torture/rpc/xplogin.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/netlogon.c === --- branches/SAMBA_4_0/source/torture/rpc/netlogon.c2005-01-12 09:57:32 UTC (rev 4705) +++ branches/SAMBA_4_0/source/torture/rpc/netlogon.c2005-01-12 10:25:44 UTC (rev 4706) @@ -1216,7 +1216,7 @@ t.in.handle = lsa_handle; t.in.resume_handle = resume_handle; - t.in.num_entries = 1000; + t.in.max_size = 1000; t.out.domains = domains; t.out.resume_handle = resume_handle; Modified: branches/SAMBA_4_0/source/torture/rpc/xplogin.c === --- branches/SAMBA_4_0/source/torture/rpc/xplogin.c 2005-01-12 09:57:32 UTC (rev 4705) +++ branches/SAMBA_4_0/source/torture/rpc/xplogin.c 2005-01-12 10:25:44 UTC (rev 4706) @@ -322,7 +322,7 @@ r2.in.handle = handle; r2.in.resume_handle = resume_handle; - r2.in.num_entries = 1000; + r2.in.max_size = 1000; r2.out.domains = domains; r2.out.resume_handle = resume_handle;
svn commit: samba r4707 - in branches/SAMBA_4_0/source: rpc_server/netlogon rpc_server/samr torture/rpc
Author: metze
Date: 2005-01-12 10:49:52 + (Wed, 12 Jan 2005)
New Revision: 4707
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4707
Log:
w2k3 don't restict passwords on
netr_ServerPasswordSet and netr_ServerPasswordSet2
so we do now
I also add a torture test for this
metze
Modified:
branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c
branches/SAMBA_4_0/source/torture/rpc/netlogon.c
Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
===
--- branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
2005-01-12 10:25:44 UTC (rev 4706)
+++ branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
2005-01-12 10:49:52 UTC (rev 4707)
@@ -389,7 +389,8 @@
mod,
NULL, /* Don't have plaintext */
NULL, r-in.new_password,
- False /* This is not considered a
password change */,
+ False, /* This is not considered a
password change */
+ False, /* don't restrict this password
change (match w2k3) */
NULL);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -1097,7 +1098,8 @@
msgs_domain[0]-dn,
mod, new_pass, /* we have plaintext */
NULL, NULL,
- False /* This is not considered a
password change */,
+ False, /* This is not considered a
password change */
+ False, /* don't restrict this password
change (match w2k3) */
NULL);
ZERO_ARRAY(new_pass);
NT_STATUS_NOT_OK_RETURN(nt_status);
Modified: branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c
===
--- branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c 2005-01-12
10:25:44 UTC (rev 4706)
+++ branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c 2005-01-12
10:49:52 UTC (rev 4707)
@@ -115,7 +115,9 @@
status = samdb_set_password(a_state-sam_ctx, mem_ctx,
a_state-account_dn,
a_state-domain_state-domain_dn,
msg, NULL, new_lmPwdHash, new_ntPwdHash,
- True, NULL);
+ True, /* this is a user password change */
+ True, /* run restriction tests */
+ NULL);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -229,7 +231,9 @@
user_dn, domain_dn,
mod, new_pass,
NULL, NULL,
- True, NULL);
+ True, /* this is a user password change */
+ True, /* run restriction tests */
+ NULL);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -378,7 +382,9 @@
user_dn, domain_dn,
mod, new_pass,
NULL, NULL,
- True, reason);
+ True, /* this is a user password change */
+ True, /* run restriction tests */
+ reason);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
@@ -481,6 +487,7 @@
struct samr_Password *lmNewHash,
struct samr_Password *ntNewHash,
BOOL user_change,
+ BOOL restrict,
uint32_t *reject_reason)
{
const char * const user_attrs[] = { userAccountControl,
lmPwdHistory,
@@ -536,7 +543,7 @@
if (new_pass) {
/* check the various password restrictions */
- if (minPwdLength strlen_m(new_pass)) {
+ if (restrict minPwdLength strlen_m(new_pass)) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_TOO_SHORT;
}
@@ -544,7 +551,7 @@
}
/* possibly check password complexity */
- if (pwdProperties DOMAIN_PASSWORD_COMPLEX
+ if (restrict pwdProperties DOMAIN_PASSWORD_COMPLEX
svn commit: samba r4708 - in branches/SAMBA_4_0/source: librpc/idl torture/rpc
Author: abartlet
Date: 2005-01-12 11:16:04 + (Wed, 12 Jan 2005)
New Revision: 4708
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4708
Log:
Comparing with LDAP, it is clear that these 'flags' are in fact the
POSIX offset for the trusted domain.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/librpc/idl/lsa.idl
branches/SAMBA_4_0/source/librpc/idl/netlogon.idl
branches/SAMBA_4_0/source/torture/rpc/samsync.c
Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/lsa.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/lsa.idl2005-01-12 10:49:52 UTC
(rev 4707)
+++ branches/SAMBA_4_0/source/librpc/idl/lsa.idl2005-01-12 11:16:04 UTC
(rev 4708)
@@ -445,7 +445,7 @@
typedef enum {
LSA_TRUSTED_DOMAIN_INFO_NAME=1,
LSA_TRUSTED_DOMAIN_INFO_2=2,
- LSA_TRUSTED_DOMAIN_INFO_FLAGS=3,
+ LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET=3,
LSA_TRUSTED_DOMAIN_INFO_PASSWORD=4,
LSA_TRUSTED_DOMAIN_INFO_5=5,
LSA_TRUSTED_DOMAIN_INFO_INFO_EX=6,
@@ -459,8 +459,8 @@
} lsa_TrustDomainInfoName;
typedef struct {
- uint32flags;
- } lsa_TrustDomainInfoFlags;
+ uint32posix_offset;
+ } lsa_TrustDomainInfoPosixOffset;
typedef struct {
lsa_DATA_BUF *password;
@@ -498,7 +498,7 @@
typedef struct {
lsa_TrustDomainInfoInfoEx info_ex;
- lsa_TrustDomainInfoFlags flags;
+ lsa_TrustDomainInfoPosixOffset posix_offset;
lsa_TrustDomainInfoAuthInfo auth_info;
} lsa_TrustDomainInfoFullInfo;
@@ -510,20 +510,20 @@
typedef struct {
lsa_TrustDomainInfoInfoEx info_ex;
lsa_DATA_BUF2data1;
- lsa_TrustDomainInfoFlags flags;
+ lsa_TrustDomainInfoPosixOffset posix_offset;
lsa_TrustDomainInfoAuthInfo auth_info;
} lsa_TrustDomainInfoInfoAll;
typedef union {
- [case(LSA_TRUSTED_DOMAIN_INFO_NAME)]
lsa_TrustDomainInfoName name;
- [case(LSA_TRUSTED_DOMAIN_INFO_FLAGS)]
lsa_TrustDomainInfoFlags flags;
- [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]
lsa_TrustDomainInfoPassword password;
- [case(LSA_TRUSTED_DOMAIN_INFO_5)] lsa_TrustDomainInfo5
info5;
- [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]
lsa_TrustDomainInfoInfoExinfo_ex;
- [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]
lsa_TrustDomainInfoAuthInfo auth_info;
- [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]
lsa_TrustDomainInfoFullInfo full_info;
+ [case(LSA_TRUSTED_DOMAIN_INFO_NAME)]
lsa_TrustDomainInfoNamename;
+ [case(LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET)]
lsa_TrustDomainInfoPosixOffset posix_offset;
+ [case(LSA_TRUSTED_DOMAIN_INFO_PASSWORD)]
lsa_TrustDomainInfoPasswordpassword;
+ [case(LSA_TRUSTED_DOMAIN_INFO_5)]
lsa_TrustDomainInfo5 info5;
+ [case(LSA_TRUSTED_DOMAIN_INFO_INFO_EX)]
lsa_TrustDomainInfoInfoEx info_ex;
+ [case(LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO)]
lsa_TrustDomainInfoAuthInfoauth_info;
+ [case(LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)]
lsa_TrustDomainInfoFullInfofull_info;
[case(11)]lsa_TrustDomainInfo11 info11;
- [case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL)]
lsa_TrustDomainInfoInfoAll info_all;
+ [case(LSA_TRUSTED_DOMAIN_INFO_INFO_ALL)]
lsa_TrustDomainInfoInfoAll info_all;
} lsa_TrustedDomainInfo;
/* Function: 0x1a */
Modified: branches/SAMBA_4_0/source/librpc/idl/netlogon.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/netlogon.idl 2005-01-12 10:49:52 UTC
(rev 4707)
+++ branches/SAMBA_4_0/source/librpc/idl/netlogon.idl 2005-01-12 11:16:04 UTC
(rev 4708)
@@ -517,7 +517,7 @@
netr_String unknown2;
netr_String unknown3;
netr_String unknown4;
- uint32 flags;
+ uint32 posix_offset;
uint32 unknown6;
uint32 unknown7;
uint32 unknown8;
Modified: branches/SAMBA_4_0/source/torture/rpc/samsync.c
===
--- branches/SAMBA_4_0/source/torture/rpc/samsync.c 2005-01-12 10:49:52 UTC
(rev 4707)
+++ branches/SAMBA_4_0/source/torture/rpc/samsync.c 2005-01-12 11:16:04 UTC
(rev 4708)
@@ -903,7 +903,7 @@
TEST_STRING_EQUAL(info[8]-full_info.info_ex.netbios_name,
trusted_domain-domain_name);
}
TEST_STRING_EQUAL(info[1]-name.netbios_name,
svn commit: samba r4709 - in branches/SAMBA_4_0/source/ldap_server: .
Author: metze
Date: 2005-01-12 11:30:26 + (Wed, 12 Jan 2005)
New Revision: 4709
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4709
Log:
fix compiler warnings
metze
Modified:
branches/SAMBA_4_0/source/ldap_server/ldap_simple_ldb.c
Changeset:
Modified: branches/SAMBA_4_0/source/ldap_server/ldap_simple_ldb.c
===
--- branches/SAMBA_4_0/source/ldap_server/ldap_simple_ldb.c 2005-01-12
11:16:04 UTC (rev 4708)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_simple_ldb.c 2005-01-12
11:30:26 UTC (rev 4709)
@@ -24,12 +24,6 @@
#include ldap_parse.h
#include lib/ldb/include/ldb.h
-/* TODO: samdb_context is not a pulblic struct */
-struct samdb_context {
- struct ldb_context *ldb;
- struct samdb_context **static_ptr;
-};
-
#define VALID_DN_SYNTAX(dn,i) do {\
if (!(dn)) {\
return NT_STATUS_NO_MEMORY;\
@@ -50,7 +44,7 @@
struct ldap_SearchResEntry *ent;
struct ldapsrv_reply *ent_r, *done_r;
int result = LDAP_SUCCESS;
- struct samdb_context *samdb;
+ struct ldb_wrap *samdb;
struct ldb_message **res = NULL;
int i, j, y, count = 0;
enum ldb_scope scope = LDB_SCOPE_DEFAULT;
@@ -175,7 +169,7 @@
struct ldap_Result *add_result;
struct ldapsrv_reply *add_reply;
int ldb_ret;
- struct samdb_context *samdb;
+ struct ldb_wrap *samdb;
struct ldb_message *msg = NULL;
int result = LDAP_SUCCESS;
const char *errstr = NULL;
@@ -274,7 +268,7 @@
struct ldap_Result *del_result;
struct ldapsrv_reply *del_reply;
int ldb_ret;
- struct samdb_context *samdb;
+ struct ldb_wrap *samdb;
const char *errstr = NULL;
int result = LDAP_SUCCESS;
@@ -326,7 +320,7 @@
struct ldap_Result *modify_result;
struct ldapsrv_reply *modify_reply;
int ldb_ret;
- struct samdb_context *samdb;
+ struct ldb_wrap *samdb;
struct ldb_message *msg = NULL;
int result = LDAP_SUCCESS;
const char *errstr = NULL;
@@ -436,7 +430,7 @@
struct ldap_Result *compare;
struct ldapsrv_reply *compare_r;
int result = LDAP_SUCCESS;
- struct samdb_context *samdb;
+ struct ldb_wrap *samdb;
struct ldb_message **res = NULL;
const char *attrs[1];
const char *errstr = NULL;
@@ -504,7 +498,7 @@
struct ldap_Result *modifydn;
struct ldapsrv_reply *modifydn_r;
int ldb_ret;
- struct samdb_context *samdb;
+ struct ldb_wrap *samdb;
const char *errstr = NULL;
int result = LDAP_SUCCESS;
const char *newdn = NULL;
svn commit: samba r4710 - in branches/SAMBA_4_0/source: include libcli libcli/composite torture/raw
Author: tridge Date: 2005-01-12 11:43:18 + (Wed, 12 Jan 2005) New Revision: 4710 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4710 Log: added a smb_composite_savefile() function, and expanded the test suite a little Added: branches/SAMBA_4_0/source/libcli/composite/composite.c branches/SAMBA_4_0/source/libcli/composite/savefile.c Modified: branches/SAMBA_4_0/source/include/structs.h branches/SAMBA_4_0/source/libcli/composite/composite.h branches/SAMBA_4_0/source/libcli/composite/loadfile.c branches/SAMBA_4_0/source/libcli/config.mk branches/SAMBA_4_0/source/torture/raw/composite.c Changeset: Sorry, the patch is too large (509 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4710
svn commit: samba r4711 - in branches/SAMBA_4_0/source/lib/talloc: .
Author: tridge
Date: 2005-01-12 11:45:43 + (Wed, 12 Jan 2005)
New Revision: 4711
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4711
Log:
- deprecate talloc_destroy()
- expanded the talloc_realloc() test a little (I was concerned about a
possible bug, which turned out to be an illusion)
- don't enable gcov by default in Makefile.talloc
Modified:
branches/SAMBA_4_0/source/lib/talloc/Makefile.talloc
branches/SAMBA_4_0/source/lib/talloc/talloc.h
branches/SAMBA_4_0/source/lib/talloc/testsuite.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/talloc/Makefile.talloc
===
--- branches/SAMBA_4_0/source/lib/talloc/Makefile.talloc2005-01-12
11:43:18 UTC (rev 4710)
+++ branches/SAMBA_4_0/source/lib/talloc/Makefile.talloc2005-01-12
11:45:43 UTC (rev 4711)
@@ -1,6 +1,6 @@
-OPT = -g -ftest-coverage -fprofile-arcs
-LIBS = -lgcov
-#OPT = -g
+#OPT = -g -ftest-coverage -fprofile-arcs
+#LIBS = -lgcov
+OPT = -O
CFLAGS = $(OPT) -Wall
Modified: branches/SAMBA_4_0/source/lib/talloc/talloc.h
===
--- branches/SAMBA_4_0/source/lib/talloc/talloc.h 2005-01-12 11:43:18 UTC
(rev 4710)
+++ branches/SAMBA_4_0/source/lib/talloc/talloc.h 2005-01-12 11:45:43 UTC
(rev 4711)
@@ -4,7 +4,7 @@
Unix SMB/CIFS implementation.
Samba temporary memory allocation functions
- Copyright (C) Andrew Tridgell 2004
+ Copyright (C) Andrew Tridgell 2004-2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -54,8 +54,6 @@
#define talloc_memdup(t, p, size) _talloc_memdup(t, p, size, __location__)
-#define talloc_destroy(ctx) talloc_free(ctx)
-
#define malloc_p(type) (type *)malloc(sizeof(type))
#define malloc_array_p(type, count) (type *)realloc_array(NULL, sizeof(type),
count)
#define realloc_p(p, type, count) (type *)realloc_array(p, sizeof(type), count)
@@ -70,6 +68,7 @@
#define talloc_p(ctx, type) talloc(ctx, type)
#define talloc_array_p(ctx, type, count) talloc_array(ctx, type, count)
#define talloc_realloc_p(ctx, p, type, count) talloc_realloc(ctx, p, type,
count)
+#define talloc_destroy(ctx) talloc_free(ctx)
#endif
#ifndef PRINTF_ATTRIBUTE
Modified: branches/SAMBA_4_0/source/lib/talloc/testsuite.c
===
--- branches/SAMBA_4_0/source/lib/talloc/testsuite.c2005-01-12 11:43:18 UTC
(rev 4710)
+++ branches/SAMBA_4_0/source/lib/talloc/testsuite.c2005-01-12 11:45:43 UTC
(rev 4711)
@@ -575,7 +575,7 @@
int count;
struct el2 {
const char *name;
- } **list;
+ } **list, **list2, **list3;
} *el1;
struct el2 *el2;
@@ -587,11 +587,22 @@
el1-list = talloc(el1, struct el2 *);
el1-list[0] = talloc(el1-list, struct el2);
el1-list[0]-name = talloc_strdup(el1-list[0], testing);
+
+ el1-list2 = talloc(el1, struct el2 *);
+ el1-list2[0] = talloc(el1-list2, struct el2);
+ el1-list2[0]-name = talloc_strdup(el1-list2[0], testing2);
+
+ el1-list3 = talloc(el1, struct el2 *);
+ el1-list3[0] = talloc(el1-list3, struct el2);
+ el1-list3[0]-name = talloc_strdup(el1-list3[0], testing2);
el2 = talloc(el1-list, struct el2);
+ el2 = talloc(el1-list2, struct el2);
+ el2 = talloc(el1-list3, struct el2);
- el1-list = talloc_realloc(el1, el1-list, struct el2 *, 2);
- el1-list[1] = el2;
+ el1-list = talloc_realloc(el1, el1-list, struct el2 *, 100);
+ el1-list2 = talloc_realloc(el1, el1-list2, struct el2 *, 200);
+ el1-list3 = talloc_realloc(el1, el1-list3, struct el2 *, 300);
talloc_free(root);
svn commit: samba r4712 - in branches/SAMBA_4_0/source/rpc_server: .
Author: tridge
Date: 2005-01-12 11:46:43 + (Wed, 12 Jan 2005)
New Revision: 4712
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4712
Log:
slight tidy up in alter_context server
Modified:
branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c
Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c
===
--- branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c2005-01-12
11:45:43 UTC (rev 4711)
+++ branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c2005-01-12
11:46:43 UTC (rev 4712)
@@ -693,9 +693,8 @@
pkt.u.alter_resp.max_xmit_frag = 0x2000;
pkt.u.alter_resp.max_recv_frag = 0x2000;
pkt.u.alter_resp.assoc_group_id = call-pkt.u.alter.assoc_group_id;
- pkt.u.alter_resp.secondary_address = NULL;
pkt.u.alter_resp.num_results = 1;
- pkt.u.alter_resp.ctx_list = talloc_p(call, struct dcerpc_ack_ctx);
+ pkt.u.alter_resp.ctx_list = talloc_array(call, struct dcerpc_ack_ctx,
1);
if (!pkt.u.alter_resp.ctx_list) {
return NT_STATUS_NO_MEMORY;
}
svn commit: samba r4713 - in branches/SAMBA_4_0/source/rpc_server/lsa: .
Author: abartlet
Date: 2005-01-12 11:54:11 + (Wed, 12 Jan 2005)
New Revision: 4713
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4713
Log:
Add initial support for QueryTrustedDomainInfo on LSA.
(more info levels to come)
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
===
--- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2005-01-12
11:46:43 UTC (rev 4712)
+++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2005-01-12
11:54:11 UTC (rev 4713)
@@ -829,9 +829,54 @@
lsa_QueryTrustedDomainInfo
*/
static NTSTATUS lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
- struct lsa_QueryTrustedDomainInfo *r)
+ struct lsa_QueryTrustedDomainInfo *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct dcesrv_handle *h;
+ struct lsa_trusted_domain_state *trusted_domain_state;
+ struct ldb_message *msg;
+ int ret;
+ struct ldb_message **res;
+ const char *attrs[] = {
+ cn,
+ flatname,
+ posixOffset,
+ securityIdentifier,
+ NULL
+ };
+
+ DCESRV_PULL_HANDLE(h, r-in.trustdom_handle, LSA_HANDLE_TRUSTED_DOMAIN);
+
+ trusted_domain_state = h-data;
+
+ /* pull all the user attributes */
+ ret = samdb_search(trusted_domain_state-policy-sam_ctx, mem_ctx,
NULL, res, attrs,
+ dn=%s, trusted_domain_state-trusted_domain_dn);
+ if (ret != 1) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ msg = res[0];
+
+ r-out.info = talloc(mem_ctx, union lsa_TrustedDomainInfo);
+ if (!r-out.info) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ switch (r-in.level) {
+ case LSA_TRUSTED_DOMAIN_INFO_NAME:
+ r-out.info-name.netbios_name.string
+ = samdb_result_string(msg, flatname, NULL);
+ break;
+ case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET:
+ r-out.info-posix_offset.posix_offset
+ = samdb_result_uint(msg, posixOffset, 0);
+ break;
+ default:
+ /* oops, we don't want to return the info after all */
+ talloc_free(r-out.info);
+ r-out.info = NULL;
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ return NT_STATUS_OK;
}
@@ -2070,10 +2115,6 @@
NTSTATUS nt_status;
- time_t now = time(NULL);
- NTTIME now_nt;
- unix_to_nt_time(now_nt, now);
-
DCESRV_PULL_HANDLE(h, r-in.sec_handle, LSA_HANDLE_SECRET);
secret_state = h-data;
svn commit: samba r4714 - in branches/SAMBA_4_0/source/lib/ldb: common ldb_ldap ldb_tdb modules tools
Author: idra Date: 2005-01-12 16:00:01 + (Wed, 12 Jan 2005) New Revision: 4714 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4714 Log: move the ldb code to the new talloc interface (eg remove _p suffix) this helps standalone building of ldb renew the schema module split code into functions to improve readability and code reuse add and modify works correctly but we need a proper testsuite Simo Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_ldif.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_parse.c branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_pack.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c branches/SAMBA_4_0/source/lib/ldb/modules/schema.c branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbedit.c Changeset: Sorry, the patch is too large (1847 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4714
svn commit: samba r4715 - in branches/SAMBA_4_0/source: . rpc_server/samr
Author: metze Date: 2005-01-12 16:22:32 + (Wed, 12 Jan 2005) New Revision: 4715 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4715 Log: alwys add the distinguishedName attribute the w2k3 dc join needs that metze Modified: branches/SAMBA_4_0/source/provision.ldif branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c Changeset: Sorry, the patch is too large (321 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4715
svn commit: samba r4716 - in branches/SAMBA_4_0/source/ldap_server: .
Author: metze Date: 2005-01-12 16:30:36 + (Wed, 12 Jan 2005) New Revision: 4716 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4716 Log: add a real ugly hack to get all ldap queries of an w2k3 dc join working I just commit that to not lose it if my home box would crash... you need a hacked.ldb with some stuff in it, I'll explain later and you need --option=ldapsrv:hacked=yes so what is left now is KRB5 support for DCERPC in the server as the EVENT LOG of w2k3 says... metze Added: branches/SAMBA_4_0/source/ldap_server/ldap_hacked_ldb.c Modified: branches/SAMBA_4_0/source/ldap_server/config.mk branches/SAMBA_4_0/source/ldap_server/ldap_server.c Changeset: Sorry, the patch is too large (1122 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4716
Re: svn commit: samba r4716 - in branches/SAMBA_4_0/source/ldap_server: .
On Wed, 2005-01-12 at 16:30 +, [EMAIL PROTECTED] wrote: Author: metze Date: 2005-01-12 16:30:36 + (Wed, 12 Jan 2005) New Revision: 4716 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4716 Log: add a real ugly hack to get all ldap queries of an w2k3 dc join working Am I correct in saying that we should be able to revert -r 4716 and make this yet another special case in the hacked module? I just commit that to not lose it if my home box would crash... you need a hacked.ldb with some stuff in it, I'll explain later and you need --option=ldapsrv:hacked=yes so what is left now is KRB5 support for DCERPC in the server as the EVENT LOG of w2k3 says... Impressive! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
svn commit: samba r4717 - in branches/SAMBA_4_0/source: build/m4 include
Author: tridge Date: 2005-01-12 22:06:52 + (Wed, 12 Jan 2005) New Revision: 4717 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4717 Log: fixed our usage of VA_COPY to be more standards compliant Modified: branches/SAMBA_4_0/source/build/m4/rewrite.m4 branches/SAMBA_4_0/source/include/includes.h Changeset: Modified: branches/SAMBA_4_0/source/build/m4/rewrite.m4 === --- branches/SAMBA_4_0/source/build/m4/rewrite.m4 2005-01-12 16:30:36 UTC (rev 4716) +++ branches/SAMBA_4_0/source/build/m4/rewrite.m4 2005-01-12 22:06:52 UTC (rev 4717) @@ -820,14 +820,24 @@ AC_DEFINE(HAVE_GETTIMEOFDAY_TZ,1,[Whether gettimeofday() is available]) fi -AC_CACHE_CHECK([for __va_copy],samba_cv_HAVE_VA_COPY,[ +AC_CACHE_CHECK([for va_copy],samba_cv_HAVE_VA_COPY,[ AC_TRY_LINK([#include stdarg.h -va_list ap1,ap2;], [__va_copy(ap1,ap2);], +va_list ap1,ap2;], [va_copy(ap1,ap2);], samba_cv_HAVE_VA_COPY=yes,samba_cv_HAVE_VA_COPY=no)]) if test x$samba_cv_HAVE_VA_COPY = xyes; then -AC_DEFINE(HAVE_VA_COPY,1,[Whether __va_copy() is available]) +AC_DEFINE(HAVE_VA_COPY,1,[Whether va_copy() is available]) fi +if test x$samba_cv_HAVE_VA_COPY != xyes; then +AC_CACHE_CHECK([for __va_copy],samba_cv_HAVE___VA_COPY,[ +AC_TRY_LINK([#include stdarg.h +va_list ap1,ap2;], [__va_copy(ap1,ap2);], +samba_cv_HAVE___VA_COPY=yes,samba_cv_HAVE___VA_COPY=no)]) +if test x$samba_cv_HAVE___VA_COPY = xyes; then +AC_DEFINE(HAVE___VA_COPY,1,[Whether __va_copy() is available]) +fi +fi + AC_CACHE_CHECK([for C99 vsnprintf],samba_cv_HAVE_C99_VSNPRINTF,[ AC_TRY_RUN([ #include sys/types.h Modified: branches/SAMBA_4_0/source/include/includes.h === --- branches/SAMBA_4_0/source/include/includes.h2005-01-12 16:30:36 UTC (rev 4716) +++ branches/SAMBA_4_0/source/include/includes.h2005-01-12 22:06:52 UTC (rev 4717) @@ -281,8 +281,9 @@ #define slprintf snprintf -/* we need to use __va_copy() on some platforms */ #ifdef HAVE_VA_COPY +#define VA_COPY(dest, src) va_copy(dest, src) +#elif defined(HAVE___VA_COPY) #define VA_COPY(dest, src) __va_copy(dest, src) #else #define VA_COPY(dest, src) (dest) = (src)
svn commit: samba r4718 - in branches/SAMBA_4_0/source/lib: . talloc
Author: tridge Date: 2005-01-12 22:30:54 + (Wed, 12 Jan 2005) New Revision: 4718 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4718 Log: don't use the deprecated __va_copy() unless va_copy() is unavailable Modified: branches/SAMBA_4_0/source/lib/snprintf.c branches/SAMBA_4_0/source/lib/talloc/talloc.c Changeset: Modified: branches/SAMBA_4_0/source/lib/snprintf.c === --- branches/SAMBA_4_0/source/lib/snprintf.c2005-01-12 22:06:52 UTC (rev 4717) +++ branches/SAMBA_4_0/source/lib/snprintf.c2005-01-12 22:30:54 UTC (rev 4718) @@ -83,6 +83,8 @@ #ifndef VA_COPY #ifdef HAVE_VA_COPY +#define VA_COPY(dest, src) va_copy(dest, src) +#elif defined(HAVE___VA_COPY) #define VA_COPY(dest, src) __va_copy(dest, src) #else #define VA_COPY(dest, src) (dest) = (src) Modified: branches/SAMBA_4_0/source/lib/talloc/talloc.c === --- branches/SAMBA_4_0/source/lib/talloc/talloc.c 2005-01-12 22:06:52 UTC (rev 4717) +++ branches/SAMBA_4_0/source/lib/talloc/talloc.c 2005-01-12 22:30:54 UTC (rev 4718) @@ -873,6 +873,8 @@ #ifndef VA_COPY #ifdef HAVE_VA_COPY +#define VA_COPY(dest, src) va_copy(dest, src) +#elif defined(HAVE___VA_COPY) #define VA_COPY(dest, src) __va_copy(dest, src) #else #define VA_COPY(dest, src) (dest) = (src)
svn commit: samba r4719 - in branches/SAMBA_4_0/source/lib: .
Author: tridge
Date: 2005-01-12 22:33:28 + (Wed, 12 Jan 2005)
New Revision: 4719
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4719
Log:
snprintf.c is used outside of samba, so don't use our special types
Modified:
branches/SAMBA_4_0/source/lib/snprintf.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/snprintf.c
===
--- branches/SAMBA_4_0/source/lib/snprintf.c2005-01-12 22:30:54 UTC (rev
4718)
+++ branches/SAMBA_4_0/source/lib/snprintf.c2005-01-12 22:33:28 UTC (rev
4719)
@@ -221,7 +221,7 @@
}
break;
case DP_S_MIN:
- if (isdigit((uint8_t)ch)) {
+ if (isdigit((unsigned char)ch)) {
min = 10*min + char_to_int (ch);
ch = *format++;
} else if (ch == '*') {
@@ -241,7 +241,7 @@
}
break;
case DP_S_MAX:
- if (isdigit((uint8_t)ch)) {
+ if (isdigit((unsigned char)ch)) {
if (max 0)
max = 0;
max = 10*max + char_to_int (ch);
svn commit: samba r4720 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: abartlet
Date: 2005-01-12 22:57:40 + (Wed, 12 Jan 2005)
New Revision: 4720
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4720
Log:
Reformat, rename, and convert to enums parts of the LSA IDL specification.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/librpc/idl/lsa.idl
Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/lsa.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/lsa.idl2005-01-12 22:33:28 UTC
(rev 4719)
+++ branches/SAMBA_4_0/source/librpc/idl/lsa.idl2005-01-12 22:57:40 UTC
(rev 4720)
@@ -295,14 +295,14 @@
/* Function: 0x0e */
typedef enum {
SID_NAME_USE_NONE = 0,/* NOTUSED */
- SID_NAME_USER= 1, /* user */
- SID_NAME_DOM_GRP = 2, /* domain group */
- SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
- SID_NAME_ALIAS = 4, /* local group */
- SID_NAME_WKN_GRP = 5, /* well-known group */
- SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating
*/
- SID_NAME_INVALID = 7, /* invalid account */
- SID_NAME_UNKNOWN = 8 /* oops. */
+ SID_NAME_USER = 1, /* user */
+ SID_NAME_DOM_GRP = 2, /* domain group */
+ SID_NAME_DOMAIN = 3, /* domain: don't know what this is */
+ SID_NAME_ALIAS= 4, /* local group */
+ SID_NAME_WKN_GRP = 5, /* well-known group */
+ SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating
*/
+ SID_NAME_INVALID = 7, /* invalid account */
+ SID_NAME_UNKNOWN = 8 /* oops. */
} lsa_SidType;
typedef struct {
@@ -438,20 +438,21 @@
} lsa_DATA_BUF;
typedef [flag(NDR_PAHEX)] struct {
- uint32 size;
+ [range(0,65536)] uint32 size;
[size_is(size)] uint8 *data;
} lsa_DATA_BUF2;
typedef enum {
- LSA_TRUSTED_DOMAIN_INFO_NAME=1,
- LSA_TRUSTED_DOMAIN_INFO_2=2,
- LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET=3,
- LSA_TRUSTED_DOMAIN_INFO_PASSWORD=4,
- LSA_TRUSTED_DOMAIN_INFO_5=5,
- LSA_TRUSTED_DOMAIN_INFO_INFO_EX=6,
- LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO=7,
- LSA_TRUSTED_DOMAIN_INFO_FULL_INFO=8,
- LSA_TRUSTED_DOMAIN_INFO_INFO_ALL=12
+ LSA_TRUSTED_DOMAIN_INFO_NAME = 1,
+ LSA_TRUSTED_DOMAIN_INFO_2= 2,
+ LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET = 3,
+ LSA_TRUSTED_DOMAIN_INFO_PASSWORD = 4,
+ LSA_TRUSTED_DOMAIN_INFO_5= 5,
+ LSA_TRUSTED_DOMAIN_INFO_INFO_EX = 6,
+ LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO= 7,
+ LSA_TRUSTED_DOMAIN_INFO_FULL_INFO= 8,
+ LSA_TRUSTED_DOMAIN_INFO_11 = 11,
+ LSA_TRUSTED_DOMAIN_INFO_INFO_ALL = 12
} lsa_TrustDomInfoEnum;
typedef struct {
@@ -459,59 +460,59 @@
} lsa_TrustDomainInfoName;
typedef struct {
- uint32posix_offset;
+ uint32 posix_offset;
} lsa_TrustDomainInfoPosixOffset;
typedef struct {
- lsa_DATA_BUF *password;
- lsa_DATA_BUF *old_password;
+ lsa_DATA_BUF *password;
+ lsa_DATA_BUF *old_password;
} lsa_TrustDomainInfoPassword;
typedef struct {
lsa_String netbios_name;
- dom_sid2*sid;
+ dom_sid2 *sid;
} lsa_TrustDomainInfo5;
typedef struct {
lsa_String domain_name;
lsa_String netbios_name;
- dom_sid2*sid;
- uint32 unknown1;
- uint32 unknown2;
- uint32 unknown3;
+ dom_sid2 *sid;
+ uint32 trust_direction;
+ uint32 trust_type;
+ uint32 trust_attributes;
} lsa_TrustDomainInfoInfoEx;
typedef struct {
- HYPER_T unknown1;
- uint32 unknown2;
- lsa_DATA_BUF2 data;
+ NTTIME_hyper last_update_time;
+ uint32 secret_type;
+ lsa_DATA_BUF2 data;
} lsa_TrustDomainInfoBuffer;
typedef struct {
- uint32 unknown1;
- lsa_TrustDomainInfoBuffer *buff1;
- lsa_TrustDomainInfoBuffer *buff2;
- uint32 unknown2;
- lsa_TrustDomainInfoBuffer *buff3;
- lsa_TrustDomainInfoBuffer *buff4;
+ uint32 incoming_count;
+ [size_is(incoming_count)] lsa_TrustDomainInfoBuffer
Build status as of Thu Jan 13 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-01-12 00:00:24.0 + +++ /home/build/master/cache/broken_results.txt 2005-01-13 00:00:38.0 + @@ -1,4 +1,4 @@ -Build status as of Wed Jan 12 00:00:01 2005 +Build status as of Thu Jan 13 00:00:01 2005 Build counts: Tree Total Broken Panic @@ -19,7 +19,7 @@ rhonwynsamba_3_0gcc-4.0ok/ 2/?/? superego samba4 gccok/ 2/?/? gc8samba4 gccok/ 1/?/? -aretnapsamba_3_0iccok/ 2/?/? +aretnapsamba_3_0icc 127/?/?/? smartserv1 samba_3_0gcc-4.0ok/ok/ok/ 2 gwen distcc cc ok/ 1/?/? gwen samba4 cc ok/ 1/?/?
svn commit: samba-web r502 - in trunk/team: .
Author: abartlet Date: 2005-01-13 00:39:37 + (Thu, 13 Jan 2005) New Revision: 502 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=502 Log: I've knocked up a home page, so now link to it. Andrew Bartlett Modified: trunk/team/index.html Changeset: Modified: trunk/team/index.html === --- trunk/team/index.html 2005-01-11 21:21:42 UTC (rev 501) +++ trunk/team/index.html 2005-01-13 00:39:37 UTC (rev 502) @@ -41,7 +41,7 @@ lia href=mailto:[EMAIL PROTECTED]Brian Roberson/a/li lia href=mailto:[EMAIL PROTECTED]Jean Francois Micouleau/a/li lia href=mailto:[EMAIL PROTECTED]Simo Sorce/a/li -lia href=mailto:[EMAIL PROTECTED]Andrew Bartlett/a/li +lia href=http://samba.org/~abartlet/;Andrew Bartlett/a/li lia href=mailto:[EMAIL PROTECTED]Motonobu Takahashi/a/li lia href=mailto:[EMAIL PROTECTED]Jelmer Vernooij/a/li lia href=http://www.richardsharpe.com;Richard Sharpe/a/li
svn commit: lorikeet r182 - in trunk/white-papers: .
Author: abartlet
Date: 2005-01-13 01:04:33 + (Thu, 13 Jan 2005)
New Revision: 182
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=182
Log:
Finish glossary, add copyright and GPL release.
Andrew Bartlett
Modified:
trunk/white-papers/samba3-samba4.lyx
Changeset:
Modified: trunk/white-papers/samba3-samba4.lyx
===
--- trunk/white-papers/samba3-samba4.lyx2005-01-09 23:25:23 UTC (rev
181)
+++ trunk/white-papers/samba3-samba4.lyx2005-01-13 01:04:33 UTC (rev
182)
@@ -7,7 +7,7 @@
\graphics default
\paperfontsize default
\spacing single
-\papersize Default
+\papersize a4paper
\paperpackage a4
\use_geometry 0
\use_amsmath 0
@@ -683,15 +683,26 @@
\layout List
\labelwidthstring 00.00.
-NTVFS NTVFS is the 'NT like' VFS interface in Samba4, designed to expose
- the full richness of the CIFS protocol, as backed by NTFS on windows.
+NTVFS NTVFS is the VFS interface in Samba4, designed to expose the full
+ richness of the CIFS protocol, as backed by NTFS on Microsoft Windows NT.
\layout List
\labelwidthstring 00.00.
POSIX\SpecialChar ~
VFS In Samba 3.0, the VFS interface is defined in terms of the basic
- operations found on POSIX systems, such as read(), write(), and open(),
- rather than the richer NTVFS interfaces.
+ operations found on POSIX systems, such as
+\family typewriter
+read()
+\family default
+,
+\family typewriter
+write()
+\family default
+, and
+\family typewriter
+open()
+\family default
+, rather than the richer NTVFS interfaces.
\layout List
\labelwidthstring 00.00.
@@ -707,5 +718,43 @@
UID User ID, in this case as reflected by the locally unique numeric identifier
of users on a Unix-like system.
-
+\layout List
+\labelwidthstring 00.00.
+
+VFS Virtual File System, an interface that abstracts file system operation
+ details from the application programmer, providing a common interface across
+ multiple possible implementations.
+\layout Section*
+
+Credits
+\layout Standard
+
+Thanks to St Bernard Software for funding the production of this white paper,
+ and to the Samba Team, and Vance Lankhaar in particular for providing feedback
+ and corrections.
+\layout Standard
+
+The source and history for this document are available from
+\begin_inset LatexCommand \htmlurl[Lorikeet
SVN]{http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/white-papers/?root=lorikeet}
+
+\end_inset
+
+.
+\layout Standard
+
+
+\emph on
+
+\begin_inset ERT
+status Collapsed
+
+\layout Standard
+
+\backslash
+copyright{}
+\end_inset
+
+Andrew Bartlett 2005.
+ This document is released under the GNU General Public Licence, version
+ 2.0 or later.
\the_end
svn commit: samba-web r503 - in trunk/news/users: .
Author: deryck Date: 2005-01-13 04:34:49 + (Thu, 13 Jan 2005) New Revision: 503 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=503 Log: Trying something a little lighter and fun with the testimonials I've been doing on news.samba.org-- Adding a story about Samba's use in music servers, gaming, web design, etc. deryck Added: trunk/news/users/everyday_samba.html Changeset: Added: trunk/news/users/everyday_samba.html === --- trunk/news/users/everyday_samba.html2005-01-13 00:39:37 UTC (rev 502) +++ trunk/news/users/everyday_samba.html2005-01-13 04:34:49 UTC (rev 503) @@ -0,0 +1,39 @@ +h3a name=everyday_sambaTestimonials: Samba for Everyday Use/a/h3 + +div class=article +pSamba, being the network tool that it is, is most often spoken of in the +context of an enterprise environment. However, lots of people find Samba handy +in everyday use, like sharing files or printers +a href=http://www.linuxjournal.com/article/5837;with a spouse/a on a home +network, or using Samba to power a +a href=http://www.oreilly.com/catalog/ipodtuneshks/chapter/hack31.pdf;Linux music server/a. +Several people have written us here at news.samba.org to share similar stories +of the usefulness of Samba in all sorts of work./p + +pVinicius Kamakura writes about how Samba helps him overcome being tied +to a Windows application in his line of web development:/p + +blockquote +I've samba-shared Apache's document root on my Linux box so I can access it +directly from my code editor in Windows; it speeds up my work so much, since +I'm able to edit the live source files! Can't imagine my life without it. +/blockquote + +pPatrick Blake told us of the role his Samba server plays while he's gaming:/p + +blockquote +Over the past 3 years, I learned how during lan parties I could quickly +swap, configure, and setup an impressive amount of quick serving shares +over a number of network devices. +/blockquote + +pSamba not only enables better game play, but Patrick concludes, now Samba +helps protect my network. Certainly, Samba offers lots of safe and reliable +possibilities, even when dealing with gaming, music, websites, and home networks./p + +p class=creditIf you have a testimonial about your experience with +Samba, please go to our a href=http://news.samba.org/submit.html;story +submission form/a and let us hear from you./p +/div + +
svn commit: samba r4721 - in branches/SAMBA_4_0/source/libnet: .
Author: abartlet Date: 2005-01-13 04:46:53 + (Thu, 13 Jan 2005) New Revision: 4721 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4721 Log: Changes to libnet_passwd to take advantage of the new easier to call RPC client libs, and to make the fallback between the various SAMR levels easier to manage. I'm starting to enjoy the structure that libnet has actually, and I'm about to build 'net join' on that basis (and I didn't want to have to duplicate the password set code). Andrew Bartlett Modified: branches/SAMBA_4_0/source/libnet/libnet_passwd.c branches/SAMBA_4_0/source/libnet/libnet_passwd.h Changeset: Sorry, the patch is too large (520 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4721
Re: svn commit: samba r4716 - in branches/SAMBA_4_0/source/ldap_server: .
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Bartlett schrieb: | On Wed, 2005-01-12 at 16:30 +, [EMAIL PROTECTED] wrote: | |Author: metze |Date: 2005-01-12 16:30:36 + (Wed, 12 Jan 2005) |New Revision: 4716 | |WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4716 | |Log: |add a real ugly hack to get all ldap queries of an |w2k3 dc join working | | | Am I correct in saying that we should be able to revert -r 4716 and make | this yet another special case in the hacked module? yep, I'll... |I just commit that to not lose it if my home box would crash... | |you need a hacked.ldb with some stuff in it, I'll explain later | |and you need --option=ldapsrv:hacked=yes | |so what is left now is KRB5 support for DCERPC in the server |as the EVENT LOG of w2k3 says... | | | Impressive! | | Andrew Bartlett | - -- metze Stefan Metzmacher metze at samba.org www.samba.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3-nr1 (Windows XP) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5hXHm70gjA5TCD8RAsOUAKCOqzGLKyw56JMNsBa2kOPTWDC0RACfd2l4 POBLjVwA9pB8WxADMH0VwYw= =4056 -END PGP SIGNATURE-
svn commit: samba r4722 - in branches/SAMBA_4_0/source: libnet utils/net
Author: abartlet Date: 2005-01-13 07:50:09 + (Thu, 13 Jan 2005) New Revision: 4722 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4722 Log: Start to add 'net join' to Samba4. Andrew Bartlett Added: branches/SAMBA_4_0/source/libnet/libnet_join.c branches/SAMBA_4_0/source/libnet/libnet_join.h branches/SAMBA_4_0/source/utils/net/net_join.c Modified: branches/SAMBA_4_0/source/libnet/config.mk branches/SAMBA_4_0/source/libnet/libnet.h branches/SAMBA_4_0/source/libnet/libnet_passwd.c branches/SAMBA_4_0/source/utils/net/config.mk branches/SAMBA_4_0/source/utils/net/net.c Changeset: Sorry, the patch is too large (602 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4722
