Re: [Samba] Testing LDAP: ssh connection refused
--- Paul Gienger [EMAIL PROTECTED] a écrit : If this is your case, not what you posted earlier about connection refused, I'd suggest you check your password hash. You have to jump through some hoops to get CRYPT in there over the standard SMD5, which apparently most distro versions of sshd can't handle. This problem could also creep up after a password change if that's your true issue. Thank you for your response. I have SSHA as password encryption type. And I set up this encryption type into different configuration files (smbldap.conf, smldap_bind.conf and so on). However, the problem still exists. I have also another problem. i found in the documentation that I may test my LDAP using ssh (ssh [EMAIL PROTECTED]), however, my samba PDC name couldn't be resolved (I get ssh: PDC_name: Name or service not known). Thanks a lot for your consideration. Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Warning in logs: gid of user does not exist
Ilia Chipitsine wrote: Hello. I've setup a FreeBSD 4.x machine with Samba 2.x and and OpenLDAP backend. I recently upgraded to Samba 3.0.10 and put passdb backend=ldapsam_compat in smb.conf. Now, everythings seems to work all right, but I see a lot of this entries in the logs: Feb 17 19:42:27 x smbd[44170]: get_alias_user_groups: gid of user yyy doesn't exist. Check your /etc/passwd and /etc/group files This happens always with yy ever changing and being either an user or machine account. I can't get to understand the reasons of this: /etc/passwd and /etc/group are correct. In OpenLDAP I only have user/machine accounts, not groups. ^^ it is suspected that samba ldap code has an assumption that user/group information should be in LDAP, I also saw something very strange with similar situation, but (LDAP but no ldap_nss at all), unfortunately I didn't have enough time to make investigations. Ok, thanks and sorry if it took me so long to try this. I added all the relevant groups to LDAP (as PosixGroup), but nothing changed. Any other hint? How do I debug this? bye Thanks av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] duplicated name
Hi, in my network I had two samba server, one playing with authentication and one as guest-like disk share. In the pdc, I defined a few alias thus the machine was responding with different names. For an error, I didn't notice that a few alias matches a few group names used by the clients. Now, the guest-like machine has been dismissed, thus the other one has been assigned to its IP. Since that, clients are protesting saying that there's a duplicated name on the network, and I found this is a problem due to the fact that the samba server is responding with the same netbios name of a group. My question is, since the machine is running from a while, why I didn't discovered this before? Luca -- Luca Ferrari, [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Srvtools causes smbldap_open: cannot access LDAP when not root
I am using Samba 3.0.10-1 on Fedora Core 3. Most everything seems to be working as I expect it to except when I try to use the srvtools package to administrate the users and groups in the domain. I want to check and see whether maybe I am just misunderstanding usage as opposed to their being a configuration problem. If I log into my workstation as Administrator, either the local account or into the domain. I can administrate the server using the srvtools. But if I login as a user who is in the Administrators group, Domain Admins group and I even added the user to the root group and I try to run srvtools. I can view all the settings but when I try to submit changes I get the following error showing up in the smbd.log file: smbldap_open: cannot access LDAP when not root... Is this normal? I would think that Samba would check and see that I am a part of the Domain Admins group and allow the changes I have submitted but it doesn't want to allow anyone but root to access LDAP. Appreciate any insight on this. Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to deliver your message
We are unable to deliver the message from samba@lists.samba.org to [EMAIL PROTECTED]. The email address used to send your message is not subscribed to this group. If you are a member of this group, please be aware that you may only send messages to this group using the email address(es) you have registered with Yahoo! Groups. Yahoo! Groups allows you to send messages using the email address you originally used to register, or an alternate email address you specify in your personal settings. If you would like to subscribe to this group: 1. visit http://in.groups.yahoo.com/group/actiondating/join -OR- 2. send email to [EMAIL PROTECTED] If you would like to specify an alternate email address: 1. visit http://in.groups.yahoo.com/myprefs?edit=2 2. type your alternate email address in the area labeled Alternate posting addresses. 3. click the Save Changes button 4. wait approximately 10 minutes for the change to take effect After you follow these steps, you will be able to send messages to all your groups using this alternate email address. For further assistance, please visit http://help.yahoo.com/help/in/groups/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [homes] no accessible
Bruce Hohl wrote: On a server linuxbox using ADS security in a Windows 2003 Active directory, part of smb.conf is ... [srvbackup] force user = sambaa writeable = yes valid users = ADS-Name+Administrator,ADS-Name+dave path = /var/spool/samba/sambashares/srvbackup [homes] browseable = no writeable = yes from an XP professional client, srvbackup is usable but i cannot access my home. error dialog shows \\linuxbox\dave is not accessible On my system FileTest joined to a Win2K domain connections to home work with following setup: 1 - check path for home in getent: FileTest:~ # getent passwd | grep testuser testuser:x:11053:10513:testuser:/home/TEST_WIN_DOMAIN/testuser:/bin/false 2 - note valid user parameter: [homes] comment = Home Directories valid users = TEST_WIN_DOMAIN/%S browseable = No read only = No 3 - note location of home directory: /home/TEST_WIN_DOMAIN/testuser Hope this helps. Bruce getent passwd | grep 'dave' shows ADS-Name+dave:*:16777216:16777217:David Rigler:/home/dave:/bin/false ADS_Name+davez$:*:16777217:16777219:DAVEZ:/home/davez_:/bin/false that second line, davez is the name of the XP box i tried adding valid user to the [homes] section but nothing worked valid users = %S - same as original error valid users = ADS-Name+%S or valid users = ADS-Name/%S , brings up a login box, nothing i enter will pass dave -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Network errors when coping files to a samba share
You'll can find the solution there : http://support.microsoft.com/kb/324491/en-us -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] {Bounce} Unsolicited Commercial Email Rejected
The recipient has requested to have their mails scanned for Spam. Our UCE (Spam) detectors have been triggered by a message you sent: To: [EMAIL PROTECTED] Subject: Nwm, #288;#279;#355; ready for Romá#328;#263;#279; in 15 míns - #288;#279;#355; #266;#297;à#314;#297;#349; softatábs at upto 80#8453;Ð#297;#349;#263;õù#329;#355; Date: Fri Feb 25 05:54:20 2005 This message has been rejected. If the message is not Spam, please resend it with a modified subject line and message body. If a spammer is spoofing your email address and you did not send this message, please disregard. All of our bounce-back messages are tagged with the word {Bounce} in the subject. This can be used as the basis of a message rule in your email reader so as to automatically discard such emails. If you have any questions, or you believe you have received this message in error, please contact us or your network administrator. -- Postmaster at Green Apple, Inc. [EMAIL PROTECTED] 740-653-9890 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication issues causing smbd processes to stop
I'm running samba 3.0.11 on SuSE Linux Pro 9.2. RPM's: samba-doc-3.0.11-0.1 samba-client-3.0.11-0.1 samba-3.0.11-0.1 samba-winbind-3.0.11-0.1 libsmbclient-3.0.11-0.1 Kernel : Linux printserver 2.6.8-24-smp #1 SMP Wed Oct 6 09:16:23 UTC 2004 i686 i686 i386 GNU/Linux The server is currently serving up only printing to a network of 170ish users. Printing was originally being handled by CUPS, however we saw very heavy load on the CUPSD process (15%+) constantly, and decided to switch to LPRNG to see if this lighter protocol would alleviate the problems. All symptons detailed in this email are evident with both CUPS and LPRNG. Authentication is handled by winbind which is configured to authenticate to an NT4 PDC and NT4 BDC. After a few hours, the following errors start appearing in my log files : [2005/02/24 16:45:38, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429) winbindd_pam_auth_crap: non-privileged access denied. ! winbindd_pam_auth_crap: Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly. [2005/02/24 16:45:38, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642) NTLM CRAP authentication for user [(null)]\[(null)] returned NT_STATUS_ACCESS_DENIED (PAM: 4) Users cannot print, nor can they open Settings Printers. When I try to restart SAMBA with rcsmb stop rcsmb start It doesn't stop all the smbd processes first time, I have to perform two rcsmb stop commands. In normal running, we see the following output in top. 28189 root 16 0 8188 3528 7020 S 2.9 0.7 1:50.85 winbindd 28195 MPLC+mcf 15 0 18232 12m 8692 S 1.4 2.4 0:10.50 smbd 28161 MPLC+sme 15 0 20312 14m 8644 S 0.7 2.9 0:22.83 smbd 28159 root 25 0 9448 3336 8440 S 0.5 0.6 0:07.46 smbd 28191 MPLC+mac 15 0 21532 15m 8644 S 0.3 3.1 0:24.89 smbd When the error messages occur, winbindd, and one or more smbd processes will rise to 20+% of CPU. I suspect that the authentication through winbind is causing the problem, and in fact the very reason I have a separate print server box is that previously printing and file sharing was on the same box and the smbd hanging was causing havoc with user's file access. I split the two functions onto separate servers to see where the problem moved, and the file server is now sitting idle most of the time. It would seem that it's the printing that causes most of the winbindd activity. I don't know if it's related, but we are also seeing loads of failed authentication messages for local i.e. linux user accounts, such as nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642) NTLM CRAP authentication for user [MPLC]\[root] returned NT_STATUS_WRONG_PASSWORD (PAM: 7) nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642) NTLM CRAP authentication for user [MPLC]\[root] returned NT_STATUS_WRONG_PASSWORD (PAM: 7) I'm hoping that someone has come across similar problems, although I've tried looking through the archives and googling without any success. Cheers Gordon Mortgages plc is authorised and regulated by the Financial Services Authority. Your home may be repossessed if you do not keep up repayments on your mortgage. Please note that not all types of mortgages are regulated by the Financial Services Authority. This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [homes] no accessible
David Rigler wrote: Bruce Hohl wrote: On a server linuxbox using ADS security in a Windows 2003 Active directory, part of smb.conf is ... [srvbackup] force user = sambaa writeable = yes valid users = ADS-Name+Administrator,ADS-Name+dave path = /var/spool/samba/sambashares/srvbackup [homes] browseable = no writeable = yes from an XP professional client, srvbackup is usable but i cannot access my home. error dialog shows \\linuxbox\dave is not accessible On my system FileTest joined to a Win2K domain connections to home work with following setup: 1 - check path for home in getent: FileTest:~ # getent passwd | grep testuser testuser:x:11053:10513:testuser:/home/TEST_WIN_DOMAIN/testuser:/bin/false 2 - note valid user parameter: [homes] comment = Home Directories valid users = TEST_WIN_DOMAIN/%S browseable = No read only = No 3 - note location of home directory: /home/TEST_WIN_DOMAIN/testuser Hope this helps. Bruce getent passwd | grep 'dave' shows ADS-Name+dave:*:16777216:16777217:David Rigler:/home/dave:/bin/false ADS_Name+davez$:*:16777217:16777219:DAVEZ:/home/davez_:/bin/false that second line, davez is the name of the XP box i tried adding valid user to the [homes] section but nothing worked valid users = %S - same as original error valid users = ADS-Name+%S or valid users = ADS-Name/%S , brings up a login box, nothing i enter will pass dave after further investigation ive discovered that i dont understand winbind. i stopped the winbindd daemon, which gives me access to my home then changed smb.conf to take out references to ADS-Name in the [srvbackup] and i can also access srvbackup. but now only people with accounts on linuxbox can access any share, sheesh thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba write permission problem
Hi I've setup Samba successfuly. I can access my select Linux directories from my Windows PC. I can copy file from those directories to my Windows PC. However, I want to be able to copy files back to the Linux directories as well. I've created a directory named Shared and I want to be able to copy my files from Windows to that directory but I cannot do that. My samba conf file is attached. Best Regards, -- Behrang Saeedzadeh http://www.jroller.com/page/behrangsa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba users spreading spam (or automated replies)
Hi Some of the samba users are spreading spam or automated replies. Is there any possible way to stop them? I've got the following two messages after my first post which are either spam or automated nonsense replies: Message 1: From: Jim Crippen [EMAIL PROTECTED] To: Behrang Saeedzadeh [EMAIL PROTECTED] Date: Fri, 25 Feb 2005 06:21:37 -0600 Subject: Out of Office AutoReply: [Samba] Samba write permission problem I will be out of the office Thursday and Friday, February 24 and 25. I will be returning to the office on Monday, February 28. If you need immediate assistance please contact one of the following: Molly McDonald - [EMAIL PROTECTED] - 281-775-2264 Mike Carroll - [EMAIL PROTECTED] - 281-775-2129 Jay Coulbourne - [EMAIL PROTECTED] - 281-775-2139 Message 2: From: Bruno Guerreiro [EMAIL PROTECTED] To: Behrang Saeedzadeh [EMAIL PROTECTED] Date: Fri, 25 Feb 2005 12:19:43 - Subject: Resposta 'Fora do escritório' autom.: [Samba] Samba write permission problem Encontro-me de férias até ao dia 7 de Março de 2005 Qualquer assunto profissional deverá ser reencaminhado para Julio Mendes ou Vitor Moreira no caso de NT, ou Jose Carlos Martins ,Joaquim Machado ou João Franco Silva no caso de Linux. Cumprimentos. Bruno Guerreiro Best Regards, -- Behrang Saeedzadeh http://www.jroller.com/page/behrangsa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Bringing a laptop to a Samba Network
Steve Cohen wrote: Craig White wrote: Steve Cohen wrote: OK, let me ask this question another way, short and simple: In a security=SHARE samba network, is there any way for a computer outside the workgroup to connect to and use (not talking about see) a printer shared by samba on that network? snip In the end, I'm not convinced that security = share is all that different from security = user for your purposes. There should be logs in /var/log/samba/log.MACHINE_NAME or /var/log/samba/log.IP_ADDRESS_OF_LAPTOP that might show the problem with credentials. Craig Thanks. I tried the printer admin thing and that made the access denied go away, but nothing comes out of the printer. Worse yet, I've managed to disable printing also from my local boxes, which were previously working, somewhere in all the other changes I made, which is even more annoying. And did I keep a backup of smb.conf? N! That would have been TOO EASY! It's time for bed. I'm an idiot. ... Good night, and thanks for your help. Tomorrow is another day. Well, this list hasn't succeeded (yet) in helping me print from my laptop but it's had at least one large benefit! I may not have made a backup of my original smb.conf, but I did POST it to this list earlier in the thread and was thus able to get back to square one. Printing now works as it did before for the local machines and lesson has been learned. Now, Craig, to your point about security=USER being as good a choice for me: I'm ready to try this. Can you explain how it would work for my family users who don't at present log on with passwords? (they are using XP). Do they fall under the guest user as they do with security=SHARE? I don't remember, I set this up over a year ago, but I have a feeling I tried that and it didn't work. Is there some other setting I would need to change in order to get that working? Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2003 Active Directory - Cannot access Samba shares
Hello, I've spent the last couple of days following the HOW-TO's on how to make a Linux server running Samba part of a Windows 2003 Active Directory, and a lot of supplemental research from these groups and elsewhere, but now I'm totally stuck and I can't seem to find the answer anywhere. Basically, most of the configuration seems to be working: - The Linux box is showing up in Active Directory Users and Computers. - getent group and getent passwd also show the Active Directory groups and users. - kinit appears to run OK, it asks for the password of the specified user and then finishes with no further messages or errors displayed. - klist shows the following: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: username removed@OFFICE.GROOVYTRAIN.COM Valid starting ExpiresService principal 02/22/05 20:21:42 02/23/05 06:21:27 kbtgt/[EMAIL PROTECTED] - net ads join runs successfully: [2005/02/23 11:43:54, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for eastlondon already exists - modifying old account Using short domain name -- OFFICE Joined 'EASTLONDON' to realm 'OFFICE.GROOVYTRAIN.COM' - wbinfo -g returns the list of Active Directory groups. - wbinfo -u returns the list of Active Directory users. - I can use smbclient -k to connect to shares on the Windows machines without requiring a username and password. However, I can't access the Samba shares from the Windows machines (both Windows 2000 and Windows 2003). Using c:\net use W: \\eastlondon\www produces the following output: The password or user name is invalid for \\eastlondon\www. Enter the user name for 'eastlondon': [EMAIL PROTECTED] Enter the password for eastlondon: System error 1326 has occurred. Logon failure: unknown user name or bad password. And creates the following entries in log.smbd: [2005/02/23 11:50:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username OFFICE+username removed is invalid on this system And in log.winbindd: [2005/02/23 12:00:32, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'username removed' does not exist Using c:\net use W: \\ip address removed\www produces the following output: Enter the user name for 'ip address removed': jamesg Enter the password for ip address removed: System error 1311 has occurred. There are currently no logon servers available to service the logon request. It creates nothing in log.smbd, but creates the following entries in log.winbindd: [2005/02/23 12:12:00, 0] libsmb/smb_signing.c:signing_good(240) signing_good: BAD SIG: seq 1 [2005/02/23 12:12:00, 0] libsmb/clientgen.c:cli_receive_smb(121) SMB Signature verification failed on incoming packet! The following error is generated in the System Log on the Active Directory controller: While processing a TGS request for the target server host/eastlondon.groovytrain.com, the account [EMAIL PROTECTED] did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 16. The accounts available etypes were 3 1. I'm using Samba 3.0.11 and MIT Kerberos 1.2.7 on Redhat 9. My krb5.conf is as follows: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = OFFICE.GROOVYTRAIN.COM dns_lookup_realm = false dns_lookup_kdc = false default_tkt_enctypes = DES-CBC-MD5 default_tgs_enctypes = DES-CBC-MD5 [realms] OFFICE.GROOVYTRAIN.COM = { kdc = circle.office.groovytrain.com admin_server = circle.office.groovytrain.com default_domain = office.groovytrain.com } [domain_realm] .office.groovytrain.com = OFFICE.GROOVYTRAIN.COM office.groovytrain.com = OFFICE.GROOVYTRAIN.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } My smb.conf is as follows: [global] workgroup = OFFICE netbios name = EASTLONDON realm = OFFICE.GROOVYTRAIN.COM security = ADS password server = circle winbind separator = + winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U idmap uid = 1-2 idmap gid = 1-2 client use spnego = yes [www] path = /usr/local/www comment = Web content valid users = OFFICE\Domain Users If anyone can shed any light on what might be the problem, I'd be most grateful. If you'd require any further information about my setup, please let me know. Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cannot log in to domain on samba3
Could someone advise me what to do with a such problem: I have a domain on samba-3.0.9-1 on linux redhat 7.3. And it worked properly, but recently several users (pc with Win XP) became not able to log in to domain (error message looks like : Controller of domain is down or Account of your computer isn't found), but at the same time the rest of users is able to log in. next day other users became not able to connect ... (though here are several ones which connect without problems). in a logfile i see the such suspicious strings: Got user=[] domain=[] workstation=[wrkst001] len1=1 len2=0 secrets_fetch failed! no entry for trusted domain MYDOMAIN found I have checked everything as I know. But couldn't solve the problem . Sasha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Bringing a laptop to a Samba Network
Steve Cohen wrote: Now, Craig, to your point about security=USER being as good a choice for me: I'm ready to try this. Can you explain how it would work for my family users who don't at present log on with passwords? (they are using XP). Do they fall under the guest user as they do with security=SHARE? I don't remember, I set this up over a year ago, but I have a feeling I tried that and it didn't work. Is there some other setting I would need to change in order to get that working? Steve security=USER map to guest=Bad User That turns out to be all I needed to get printing from all computers. Thanks for all your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Yahoo! Auto Response
Thanks For Contacting The World Council Priests Of God http://www.angelfire.com/ca/wtw Atlanta . Los Angeles . The Hague Original Message: X-YahooFilteredBulk: 211.191.58.230 Authentication-Results: mta104.mail.scd.yahoo.com from=hotmail.com; domainkeys=neutral (no sig) X-Originating-IP: [211.191.58.230] Return-Path: [EMAIL PROTECTED] Received: from 211.191.58.230 (HELO compuserve.com) (211.191.58.230) by mta104.mail.scd.yahoo.com with SMTP; Fri, 25 Feb 2005 05:06:48 -0800 Date: Sat, 19 Feb 2005 20:36:38 + From: Postmaster [EMAIL PROTECTED] Subject: Ugr97, our company offer Bran ded software at upto 80% disc To: Ugr97 [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Reply-To: Samba samba@lists.samba.org Sender: Aihbaihhg [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit HTMLHEADTITLE _ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] \\server\share%user Not Working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Walter Argüello Cortés wrote: | I am running samba-3.0.9-2.3. | | With Windows XP Pro, I use: | | Start - execute- \\main\compartido%walter | | And that is not working. I had another report of this. On xp, just run 'net use \\server\share /user:username' cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCHysnIR7qMdg1EfYRAv1bAJ4o47sJNED1vZhSRpunhlIQu9v1dQCfacPQ 26NH1x6fdbfZYN11ZunAVDQ= =TsWD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbumount hangs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael H. Warfield wrote: | Although this is SMB related this is the | wrong list for this problem. This is a | SAMBA list not an SMBMOUNT list. | | Oh? Being one of the former maintainers of | smbmount/smbumount and smbfs in the kernel, last | I looked smbmount and smbumount were part of the | Samba package and have been since before I was | managing it (and I handed off to someone else | on the team years ago). Is there some other | place where people are discussing smbmount, | smbumount, and smbfs now? Mike, no one of the team is maintaining smbfs these days. Steve's work on the cifs fs is considered (by us at least) to be the alternative. smbfs problems really need to go to the linux-kernel mailing list anyways. Unless you are interested in handling the bug reports again ? I can assign all the smbmount category in bugzilla to you if you like. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCHyxQIR7qMdg1EfYRAoEDAJ9cZMY03XP9DjW5KHDDSXkFKhijgQCfVwrX sYYQCRd9mLNHpRyroC08P+I= =4qtH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba users spreading spam (or automated replies)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Behrang Saeedzadeh wrote: | Hi | | Some of the samba users are spreading | spam or automated replies. Is | there any possible way to stop them? | | I've got the following two messages after | my first post which are either spam or | automated nonsense replies: Please read the mailing list archives. This topic has been discussed many times before. Let's not waste bandwidth covering old territory. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCHy0cIR7qMdg1EfYRAiQoAJwICFtfy6AI5WKdt/nYgXEB2GWmVQCeIUbu 7ioKTT9ORmtohKJh+Zr/6BQ= =9SIg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3 nt4 pagemaker 6.5
Hi, I have a few 6 Pagemaker users that are experiencing pauses with Samba 3. Based on Googling the net setting Dos Filetimes = yes should help but I can't reproduce the problem easily. Has anyone else experienced this type problem and do you have any suggestions of how to trouble shoot if setting dos filetimes to yes doesn't help? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printer Connection - Time Sync
Hi, mailing list, I'm running Samba 3.0.7 on a SuSE 9.2 with W2K and WXP clients. Establishing a connection to a network printer works fine when I use the windows explorer (right click on the printer share - connect). The connected printer can be used with all windows applications. But now I want an automatic connection. So I have written a logon script using the 'net use \\server\printer' command. But in this case the printer is not browsed in the printer dialogue of any application. On the other hand the printer is listed when I type 'net use' at the command prompt, but is does not work with applications. Any ideas regarding this problem? Furthermore I try to synchronise the client time with the server time by running 'net time \\server /set /yes' during the logon process. But since the ordinary user can't change the system time this doesn't work. Is there any possibility to change this user right or to run the logon script with administrator rights without changing the local client configuration? I've been searching for a group policy that controls the rights for changing the system time, but all I have found was a local policy that can only be changed when sitting in front of the client. Thank you and best regards Marcus -- Dr. Marcus A. HubertE-Mail: mailto:[EMAIL PROTECTED] Pharmazeutisches Institut mailto:[EMAIL PROTECTED] der Universitaet Bonn WWW:http://www.pharma.uni-bonn.de Kreuzbergweg 26 Tel:+49-228-732845 53115 Bonn Fax:+49-228-732567 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: 3.0.11 - print driver with extensions (for ex Xerox-Phaser7700)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Hi Jerry et al, | | I upgraded a while ago and everything looks | fine at the first glance ;-) | | Though I discovered a huge problem with | drivers that have some extended features/cards | like the Xerox-Phaser7700. The driver installs | just fine on the server but the extensions | are not visible afterwards. Far more | annoying: Clients can not install the | driver, they get the 'no driver on server | for queue XY, want to install local driver...' | message. I attached a level 10 debug (sorry | for the size). These drivers where running fine in | older versions of samba (for ex 3.0.5) so | it's probably a n older well-known problem (?) Can you send me a copy of the drivers off list ? Or a download URL? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCHzzUIR7qMdg1EfYRAkvrAJoCOSgSAJLmoIdvJ+9Jl/qpEK+gpACgof74 fn9Kq1PgDf3B7ooDPaqe/yg= =z2WQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Printing only works sometimes
Tks Guys, I shall do some digging. I already have the chaps at SCO scratching themselves bald. So hopefully I shall get things going some day Meanwhile I shall try out all your suggestions and see what happens. Rgds Joe Carri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust Accounts W2K - Samba/LDAP
Le Thu, 24 Feb 2005 09:37:03 -0800, Tom Skeren [EMAIL PROTECTED] écrivait : Used the how to, but keep getting trust cannot be verified from W2K server. Anyone got a good walk through on setting up the trust between a W2k and ldap-samba domain? Don't have tried with W2000, but with W2003, here's what I do : - Add a new user with the name of the W2003 domain plus a $ (eg : domain$) with a password. - modify the ACCOUNT FLAG in the LDAP entrie for this user : set it to I (instead of U). - then I add the trust relationship on the W2003 -- Didier ALBENQUE DAG/DSI/BME Si Dieu existe, j'espère qu'il a une bonne excuse. -+- Woody Allen -+- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to give more rights to users ?
Hello Everybody, I've just finished to install a SAMBA domain with LDAP authentication. All works fine :). The clients runs Windows 2000 Pro or Windows XP. The problem is that a simple user can't install or modify some system parameters and in my office it's needed by some users. So I would like to know how to give these rights to users logged in the domain on their local system ? Thank you for your answers Best Regards, Olivier BONHOMME -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACLs and Samba
Hallo can someone help me with the following problem? I have set a default ACL to the /home directory: # file: home # owner: root # group: root user::rwx group::rwx other::r-x default:user::rwx default:user:root:rwx default:group::rwx default:group:root:rwx default:group:users:rwx default:mask::rwx default:other::r-x When Windows clients access a subdirectory the following happens: An Excel file is created showing the following permissions. -rwxrwxr-x+ 1 owner users 13824 2005-02-25 10:20 Test-110.xls OK so far. when I reopen the file and try to save the changes I get an error message from Excel and the permissions of the file changes to: -r-xrwxr-x+ 1 owner users 13824 2005-02-25 10:20 Test-110.xls the smb.conf entry for the share is [db] comment = Datenbank path = /home/db read only = No create mask = 0777 directory mask = 0777 inherit permissions = Yes oplocks = No inherit acls = Yes strict locking = no Also access shows the same behaviour. Word and other programs like notepad work well as expected. I´m working with SuSE 9.2 (Samba3.0.9) What´s wrong? Harry -- Dr. Harry Knitter Hans-Herold-Str. 20 D-95326 Kulmbach Tel. 09221-97663 Fax. 09221-97664 [EMAIL PROTECTED] gpg key-ID 8A0657DB Fingerprint AE7B 61F1 ACC2 5944 A29A 8C31 2D12 2190 8A06 57DB pgpFHlM73kvDn.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba 3 performance
Yes, I get more than 30MB/s performance. The benchmark I use (NetBench) is essentially CPU bound, such that a faster processor = faster performance. With a very fast hardware config (dual 3.2GHz processors), I've been able to hit around 100MB/s. Changing the RAM or other attributes does not buy me much, it seems that processor power is the bottleneck (at least in my case). When doing your speed test, monitor the CPU utilization for smbd, and see if it's at 100% of your linux server. -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Alexander Lazarevich Sent: Thursday, February 24, 2005 11:36 AM To: samba@lists.samba.org Subject: [Samba] samba 3 performance Does anyone succesfully get more than 60MB/sec sequential throughput, WITHOUT jumbo frames, with the following configuration: samba 3 on RedHat linux server windows XP Pro workstations GigE NIC's and GigE switches Assuming all the disks/buses on the server and client ends are capable of those speeds. We have that exact setup, and we only get 30MB/sec maximum sequential throughput. In fact our servers and clients disk benchmark at more than 100MB/sec seq. throughput, and our netperf is 100MB/sec as well, but we still only get 30MB/sec when going through samba. Also, we actually do not manage our network switches, and we are told the switches do not support jumbo frames, so changing the MTU on the client NIC's and samba get's us nowhere because the switches won't do it anyway. Mostly I'm just trying to find out if anyone get's decent GigE network throughput through samba 3. I want to rule out that samba is the bottleneck. Thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [MUK-87814]: Vgmx, our company offer Bran ded software at upto 80% disc
== Please reply above this line == Samba, Ihre Anfrage zum Thema Global ist eingelangt, ein Mitglied des Support-Teams wird sich Ihre Anfrage durchsehen und sobald als möglich beantworten. Dies ist eine automatisierte Antwortmail die keine Bestätigung für eine Bearbeitung oder Kündigung darstellt sondern nur eine Bestätigung das Ihre Anfrage eingelangt ist und eine Ticketnummer erhalten hat! Unten finden Sie nochmals alle Details Ihres Support-Tickets (Anfrage), Sie benötigen den Ticket-Key der unten angeführt ist um den Ticketstatus über das Web zu verändern. Ticket ID: MUK-87814 Ticket Key: 528da4 Subject: Vgmx, our company offer Bran ded software at upto 80% disc Abteilung: Global Sie können den Status oder auf dieses Ticket Online antworten unter http://www.customersupport.de/support/index.php?_a=tickets_m=viewmain[EMAIL PROTECTED]ticketkeyre=528da4_i=MUK-87814 Möglicherweise finden Sie passende Antworten auf Ihre Fragen in unserer Wissensdatenbank: Ich kann keine Videos/Bilder oder Livecams sehen http://www.customersupport.de/support/index.php?_a=knowledgebase_j=questiondetails_i=12ticketid2=MUK-87814ticketkey2=528da4doclose=1 Wie kann ich kündigen? http://www.customersupport.de/support/index.php?_a=knowledgebase_j=questiondetails_i=14ticketid2=MUK-87814ticketkey2=528da4doclose=1 Please let us know if we can assist you any further, Customersupport.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Simple PDC/BDC with LDAP config
I want to be able to use Samba to manage a Windows cluster account for failing over two Windows clusters. This is a small system, 8 web servers with two DB clusters along with a couple of other servers handling backup and management functions. I run DNS services on the firewall for the internal machines. The AD DNS is only for the clusters. All the machines are Domain members for single Sign on but this is a nice to have. The developers don't even use it to access the web pages. I have an Windows 2003 AD set up but the issue is that the implementation didn't go right so replication isn't working. Its also massive overkill for what I need. I want to simplify the whole mess. The PDC/BDC configuration is to ensure that the cluster always has the ability to access the domain account for failover along with a minimum of 4 DB servers configured in two clusters. All of the docs go into configurations that support many users, logon profiles, shared drives off the server, etc. I plan on using LDAP to provide replication of machine accounts and the Cluster Account between the two DCs. Can I bypass using DNS and just use /etc/hosts with all other requests going to the firewall DNS? My question is what is the minimum that I need to have to support the Domain Cluster login account? Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [homes] share problems
I am experiencing the following problems with the [homes] shares. Using Samba 3.0.9 and winbind on SLES9 with NT PDC. Running wbinfo -a authenticates users ok but I cannot connect using smbclient. If I comment out 'valid users = %S' from [homes] in smb.conf then it is possible to connect using valid user/password combinations but otherwise I get tree connect failed: NT_STATUS_ACCESS_DENIED Could anyone please throw some light on this while I still have some hair left. Thanks Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems using ADS to validate Windows Network users on a Samba3 Member Server
Dear All: I made a change to my Samba configuration to enable Solaris ACLs in my Installation of Samba 3.0.11. After then, I lost the ability to permit domain users to browse the shares. The server is running Solaris 8 2/04, and Samba is bound against MIT Kerberos 1.4 and OpenLDAP 2.2.23. It authenticates to two Windows 2000 DCs. I had obtained a Kerberos ticket from the Domain Controllers, and apparently had successfully joined the Domain and the Kerberos Realm. When a user not registered on Unix attempts to browse Samba, I see this sort of information appeating in the log (it is currently running at a log level of 4). ##--8-8 [2005/02/25 12:58:40, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username BRITISH-MUSEUM\Administrator is invalid on this system [2005/02/25 12:58:40, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username BRITISH-MUSEUM\Administrator is invalid on this system [2005/02/25 12:58:41, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username BRITISH-MUSEUM\Administrator is invalid on this system [2005/02/25 12:58:41, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username BRITISH-MUSEUM\Administrator is invalid on this system [2005/02/25 13:04:43, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username BRITISH-MUSEUM\BLMTESTDC1$ is invalid on this system [2005/02/25 13:04:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username BRITISH-MUSEUM\BLMTESTDC1$ is invalid on this system [2005/02/25 13:04:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) When I add the user to Unix, I no longer get problems browsing the share, but I still see log lines related to failure to validate machine accounts (as may be seen above below the failure to validate the Win2k Administrator Account). For example, with my own Unix account:- pc003533 (172.23.10.17) connect to service WebPages initially as user jtullett (uid=1002, gid=107) (pid 10800) [2005/02/25 14:54:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username BRITISH-MUSEUM\PC003533$ is invalid on this system [2005/02/25 14:54:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username BRITISH-MUSEUM\PC003533$ is invalid on this system I shall spare you the rest of the spnego_kerberos... Messages, there appears to be one per item in the WebPages root directory, which is large. Below are the global settings on my smb.conf. Could somebody please tell me what I got wrong. ###- smb.conf [global only] -- # Settings applicable to the entire service from this server. [global] # workgroup=LOCAL workgroup=BRITISH-MUSEUM idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes # # Set up template home directories and shells. # Windows users don't get a real shell (yet) # template homedir = /home_area/%D/%U template shell = /bin/true wins server = 172.23.10.1 server string = Samba Server %v on %h security=ADS realm=LOCAL encrypt passwords = yes password server=BLMTESTDC1,BLMBMTESTDC2 ### - Many Thanks in advance, -- James Tullett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Debugging Privilege and Samba 3.0.11
Hello, I am striving to give out globally to our developers a way to debug their C++ applications, but I do not want to give them Admin rights on the individual workstations. I thought I found the light when reading on MSDN that to debug users need to be members of the Debugger Users group (according to VS.Net). This group seems to be created with a random SID when installing VS.Net on the computer. I created the group on the Samba domain , even removed the Local group on the computer where VS was installed, but any attempt to debug with a Domain User account is moot : ends up with permission refused when I want to attach to a process. Now I think that maybe the real right to debug a process is bound to the SeDebugPrivilege privilege on the Domain. Unfortunately attempts to perform net rpc rights grant 'LAB\Debugger Users' SeDebugPrivilege ends up with NT_STATUS_NO_SUCH_PRIVILEGE . I even tried to manually add the Debugger Users group to the Local Security Policy of the computer to the Debug rights , but it doesn't work either. Can anybody shed some light on the way I can reach my simple goal : give developers a way to debug, without giving away Domain Admin rights to them? (Yes, I know, this security is not perfect, but hey, I did not invent the Windows security model either...) Thank you for any help! Cheers Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Debugging Privilege and Samba 3.0.11
On Fri, 25 Feb 2005, Thierry wrote: Date: Fri, 25 Feb 2005 19:25:14 +0100 From: Thierry [EMAIL PROTECTED] To: samba@lists.samba.org Subject: [Samba] Debugging Privilege and Samba 3.0.11 Hello, I am striving to give out globally to our developers a way to debug their C++ applications, but I do not want to give them Admin rights on the individual workstations. You're foolish if you think anyone with local access to a workstation can't get into the Admin account on their local machine. Here is a boot disk suitable for changing or blanking the Administrator password on any NT box: http://home.eunet.no/~pnordahl/ntpasswd/ Here is a boot disk suitable for mounting Linux partitions and editing /etc/passwd and/or /etc/shadow: http://www.toms.net/rb/ Here is a tool that lets you remove or alter BIOS passwords: http://www.cgsecurity.org/index.html?cmospwd.html Here is a provider of screwdrivers. Screwdrivers let you physically reset BIOSes, remove or replace drives, install logging devices, etc.: http://www.homedepot.com/ I thought I found the light when reading on MSDN that to debug users need to be members of the Debugger Users group (according to VS.Net). This group seems to be created with a random SID when installing VS.Net on the computer. I created the group on the Samba domain , even removed the Local group on the computer where VS was installed, but any attempt to debug with a Domain User account is moot : ends up with permission refused when I want to attach to a process. Now I think that maybe the real right to debug a process is bound to the SeDebugPrivilege privilege on the Domain. Unfortunately attempts to perform net rpc rights grant 'LAB\Debugger Users' SeDebugPrivilege ends up with NT_STATUS_NO_SUCH_PRIVILEGE . I even tried to manually add the Debugger Users group to the Local Security Policy of the computer to the Debug rights , but it doesn't work either. Can anybody shed some light on the way I can reach my simple goal : give developers a way to debug, without giving away Domain Admin rights to them? (Yes, I know, this security is not perfect, but hey, I did not invent the Windows security model either...) Thank you for any help! Cheers Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Debugging Privilege and Samba 3.0.11
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 JLB wrote: | On Fri, 25 Feb 2005, Thierry wrote: | |Date: Fri, 25 Feb 2005 19:25:14 +0100 |From: Thierry [EMAIL PROTECTED] |To: samba@lists.samba.org |Subject: [Samba] Debugging Privilege and Samba 3.0.11 | |Hello, | |I am striving to give out globally to our developers a way to debug |their C++ applications, but I do not want to give them Admin rights on |the individual workstations. | | You're foolish if you think anyone with local | access to a workstation can't get into the | Admin account on their local machine. WoW! That was a really helpful response! And while correct, doesn't do anything to help the original poster. If I have an employee and I'll them I'm not going to give you admin access. And then the hack the box using local physical access, i'll just fire them. Problem solved. No more physical access. The answer is that you create a domain group on the Samba server; add the users to that group, the assign that SID the SeDebugPrivilege right on the individual machines (not of the Samba DC). user rights are local to the machine on which they are assigned. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCH3SRIR7qMdg1EfYRAisqAJsGDuFLYHhOUy0V745eTtqAhs/qKACg2J0F tZoLyWOlvj9P3RiiqIJcUNg= =M3kc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Debugging Privilege and Samba 3.0.11
On Fri, 2005-02-25 at 13:48 -0500, JLB wrote: On Fri, 25 Feb 2005, Thierry wrote: Date: Fri, 25 Feb 2005 19:25:14 +0100 From: Thierry [EMAIL PROTECTED] To: samba@lists.samba.org Subject: [Samba] Debugging Privilege and Samba 3.0.11 Hello, I am striving to give out globally to our developers a way to debug their C++ applications, but I do not want to give them Admin rights on the individual workstations. You're foolish if you think anyone with local access to a workstation can't get into the Admin account on their local machine. Here is a boot disk suitable for changing or blanking the Administrator password on any NT box: http://home.eunet.no/~pnordahl/ntpasswd/ Here is a boot disk suitable for mounting Linux partitions and editing /etc/passwd and/or /etc/shadow: http://www.toms.net/rb/ Here is a tool that lets you remove or alter BIOS passwords: http://www.cgsecurity.org/index.html?cmospwd.html Here is a provider of screwdrivers. Screwdrivers let you physically reset BIOSes, remove or replace drives, install logging devices, etc.: http://www.homedepot.com/ enjoyed the post but I don't think that is what op meant. Generally, I would think that if they were 'Power Users' members on local machines, they could do C++ debugging. There's all sorts of reasons (spyware/viruses) not to give more privileges than necessary and not just to lock them out of their boxes. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Debugging Privilege and Samba 3.0.11
JLB wrote: On Fri, 25 Feb 2005, Thierry wrote: Date: Fri, 25 Feb 2005 19:25:14 +0100 From: Thierry [EMAIL PROTECTED] To: samba@lists.samba.org Subject: [Samba] Debugging Privilege and Samba 3.0.11 Hello, I am striving to give out globally to our developers a way to debug their C++ applications, but I do not want to give them Admin rights on the individual workstations. You're foolish if you think anyone with local access to a workstation can't get into the Admin account on their local machine. I don't think so. I know a good security policy does not end at the bounds of the software. Nevertheless, this has never been an excuse for not implementing a little bit of security IMHO... Here is a boot disk suitable for changing or blanking the Administrator password on any NT box: http://home.eunet.no/~pnordahl/ntpasswd/ Oh, you still have floppy disk readers in your computers? Or CDROM readers that happen to be not on your server as a share, with server's room access only to the admin? Ah, maybe your PCs boot from a non-fixed hard drive , or your bootloader is not protected by a MD5 password? Here is a boot disk suitable for mounting Linux partitions and editing /etc/passwd and/or /etc/shadow: http://www.toms.net/rb/ Here is a tool that lets you remove or alter BIOS passwords: http://www.cgsecurity.org/index.html?cmospwd.html How are you going to run that on my Windows 2000 system without Administrative rights? Here is a provider of screwdrivers. Screwdrivers let you physically reset BIOSes, remove or replace drives, install logging devices, etc.: http://www.homedepot.com/ The nicest thing about screwdriver is that they even allow you to kill the officer sitting in the room or the guard at the entrance ;-) I _know_ that giving out these silly debug rights is pretty much giving out the ability to hack the box. Still, hacking requires a will , while breaking the installation out of ignorance because an ignorant sysadmin gave the user too many rights does not. Now, if you have an answer to my specific request I'd be glad to hear it , no kidding :-) Cheers Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Debugging Privilege and Samba 3.0.11
I apologize for being so flippant and unhelpful (although in my defense, I posted the links to the various password tools in order to -be- helpful. They got me some major brownie points the other day when a client's network administrator (a Windows-only user) was unaware of the existence of either Snadboy's Revelation -or- the NT password-resetting boot disk thingee (both of which she found highly useful and time-saving). Tools like this are so handy!) On Fri, 25 Feb 2005, Gerald (Jerry) Carter wrote: Date: Fri, 25 Feb 2005 12:55:13 -0600 From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: JLB [EMAIL PROTECTED] Cc: Thierry [EMAIL PROTECTED], samba@lists.samba.org Subject: Re: [Samba] Debugging Privilege and Samba 3.0.11 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 JLB wrote: | On Fri, 25 Feb 2005, Thierry wrote: | |Date: Fri, 25 Feb 2005 19:25:14 +0100 |From: Thierry [EMAIL PROTECTED] |To: samba@lists.samba.org |Subject: [Samba] Debugging Privilege and Samba 3.0.11 | |Hello, | |I am striving to give out globally to our developers a way to debug |their C++ applications, but I do not want to give them Admin rights on |the individual workstations. | | You're foolish if you think anyone with local | access to a workstation can't get into the | Admin account on their local machine. WoW! That was a really helpful response! And while correct, doesn't do anything to help the original poster. If I have an employee and I'll them I'm not going to give you admin access. And then the hack the box using local physical access, i'll just fire them. Problem solved. No more physical access. The answer is that you create a domain group on the Samba server; add the users to that group, the assign that SID the SeDebugPrivilege right on the individual machines (not of the Samba DC). user rights are local to the machine on which they are assigned. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCH3SRIR7qMdg1EfYRAisqAJsGDuFLYHhOUy0V745eTtqAhs/qKACg2J0F tZoLyWOlvj9P3RiiqIJcUNg= =M3kc -END PGP SIGNATURE- -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Debugging Privilege and Samba 3.0.11
JLB wrote: I apologize for being so flippant and unhelpful (although in my defense, I posted the links to the various password tools in order to -be- helpful. They got me some major brownie points the other day when a client's network administrator (a Windows-only user) was unaware of the existence of either Snadboy's Revelation -or- the NT password-resetting boot disk thingee (both of which she found highly useful and time-saving). Tools like this are so handy!) And they are , indeed! :-) Thank you anyway - I could indeed have been one of those who believe security is adding an anti-virus to their server... ;-) and you had no way to know I guess :-) Cheers Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + PAM + OpenAFS + Redhat Linux 3 EL
Hi We are in the process of designing new OpenAFS cell and need your suggestions. I got stuck with providing Windows 95 , ME and OS/2 users access to OpenAFS cell. We decided to use Samba as gateway. Compiled samba with --with-afs option and installed. Testing failed with errors. Then we decided to appraoch with PAM, like Compile Samba with PAM enable and Install OpenAFS client on samba with PAM integrated enabled. Theoritically it sounds good but don't have any procedure to implement. I am novice to Samba. Anybody using Samba in OpenAFS environment? Please shed some light on this Please copy /etc/pam.d files and samba.conf files.Any suggestion will be greatly appreciated Thanks Raghu Distibuted Filesystems Admin Data Systems Inc San Jose CA __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.11 client/clitar.c Fails to Compile on RedHat and AIX
I'm having the same exact problem on Debian. I found the patches on your site, but unfortunately being barely an intermediate linux user i'm not sure what to do with the patch. So, what should i do? Thanks in advance, --Lucas Machado -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Audit Trail/Logging For Network Logons and Logoffs
Hi Folks, I have searched the archives and the web for this issue, but I haven't found an answer. I need to be able to log or audit the network access of our network users. This information needs to be used in conjuction with a time and attendance punch clock. I have seen much discussion of using preexec and postexec for obtaining a network access log. However, my testing has shown this as unreliable. It seems Windows logs in and logs out at (nearly) random and the collected information seems useless as I haven't discovered a useful way to collect or parse the collected information. I have tested on various shares as well. Surely this has been an issue for many? If so, how have you resolved this problem? Is the solution dependent on a particular version of Samba? Thanks to all contributors for a truly fine and useful software. Thanks in advance for all responses. G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.11 client/clitar.c Fails to Compile on RedHat and AIX
Unpack Samba: $ tar -xvzf samba-3.0.11.tar.gz Change into the directory: $ cd samba-3.0.11/source Run this to add the patch: $ patch -p1 ../../clitar.patch (assuming you put the patch file in the same directory as the tarball.) In general, to apply patches cd into the source tree, then run patch -pN patchfile where N is a small positive integer, usually 0, 1, or 2. If you aren't familiar with patching, you can just try the command with different values for N until it works. Once you are more familiar with patching, you can examine the patch file contents to figure out what the proper value is without the messing around. On Friday 25 February 2005 01:50 pm, Lucas Machado wrote: I'm having the same exact problem on Debian. I found the patches on your site, but unfortunately being barely an intermediate linux user i'm not sure what to do with the patch. So, what should i do? Thanks in advance, --Lucas Machado -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Dan Ramaley Digital Media Library Specialist (515) 271-1934 Cowles Library 140, Drake University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Debugging Privilege and Samba 3.0.11
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 JLB wrote: | I apologize for being so flippant and unhelpful | (although in my defense, I posted the links to | the various password tools in order to -be- helpful. True. It was the most informative flippant response I've seen in a while :-) cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCH4Q5IR7qMdg1EfYRAv7MAJ0bOFoRdaLY5SFEd/8fcdXeXF586ACg2bfb Yj5jfvRVal0mOwMvFyHVewU= =SAR5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Resource deadlock avoided
Hello: I also have the same problem on files that, according to smbstatus, have: DenyMode: DENY_NONE Oplocks:NONE Strangely enough this is only happening for one Mac user. And even then this only happens for two of the 20+ files he's got open, and the only apparent difference between them is in the Access column: the offending files have Access: 0x3. If I use 'smbstatus -L', it lists files open on this user's computer, yet reports *no* locks when I use 'smbstatus -u username -L'. An smbstatus bug, perhaps? Also, the '[Errno 35] Resource Deadlock Avoided' messages only started showing up after I upgraded the fileserver to: OS: Fedora Core 3 Kernel: 2.6.9-1.667 Samba: 3.0.11-1 What could be causing this problem? Any help would be greatly appreciated. Thanks! Regards, Adnan. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Wilson Sent: Monday, February 21, 2005 9:41 AM To: samba@lists.samba.org Subject: [Samba] Resource deadlock avoided Hi guys, How are you keeping ? I use 'smbmount' and a custom script to mount remote shares from Windows desktops and back them up to a Linux server. Everything works great except that I get Resource deadlock avoided when trying to copy 'Outlook.pst'. This of course is due to users' having their Outlook open when my backup script runs. Is anyone aware of a way to avoid the 'Resource deadlock avoided error and still copy 'Outlook.pst' file ? I've had a look around but can't find too much info on this. Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind - how to map ADS group to Unix group
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Miles, Noal wrote: | I am running 3.0.10-1.4E on RHEL4. The machine is | a ADS member server. I would like to statically | map the ADS group Domain Admins to the built in | wheel group so all members of Domain Admins | are in the wheel group. Look at the 'winbind nested group' options in smb.conf. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCH4C6IR7qMdg1EfYRAsduAJwNIagA8CUtJysSgb/AS5cDS3eqJQCg3WV/ ugLJWhgpTukzAzuAKNIfja4= =CZvc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba 3 performance
Marc, Thanks for the feedback. I've got a dual 64-bit opteron system (246), going to run FC3, and I'll try to get 75+MB/sec from samba 3 - windows xp client. I'll let you know the results. Alex On Fri, 25 Feb 2005, Kaplan, Marc wrote: Yes, I get more than 30MB/s performance. The benchmark I use (NetBench) is essentially CPU bound, such that a faster processor = faster performance. With a very fast hardware config (dual 3.2GHz processors), I've been able to hit around 100MB/s. Changing the RAM or other attributes does not buy me much, it seems that processor power is the bottleneck (at least in my case). When doing your speed test, monitor the CPU utilization for smbd, and see if it's at 100% of your linux server. -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Alexander Lazarevich Sent: Thursday, February 24, 2005 11:36 AM To: samba@lists.samba.org Subject: [Samba] samba 3 performance Does anyone succesfully get more than 60MB/sec sequential throughput, WITHOUT jumbo frames, with the following configuration: samba 3 on RedHat linux server windows XP Pro workstations GigE NIC's and GigE switches Assuming all the disks/buses on the server and client ends are capable of those speeds. We have that exact setup, and we only get 30MB/sec maximum sequential throughput. In fact our servers and clients disk benchmark at more than 100MB/sec seq. throughput, and our netperf is 100MB/sec as well, but we still only get 30MB/sec when going through samba. Also, we actually do not manage our network switches, and we are told the switches do not support jumbo frames, so changing the MTU on the client NIC's and samba get's us nowhere because the switches won't do it anyway. Mostly I'm just trying to find out if anyone get's decent GigE network throughput through samba 3. I want to rule out that samba is the bottleneck. Thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Debugging Privilege and Samba 3.0.11
Gerald (Jerry) Carter wrote: access. The answer is that you create a domain group on the Samba server; add the users to that group, the assign that SID the SeDebugPrivilege right on the individual machines (not of the Samba DC). user rights are local to the machine on which they are assigned. Isn't that pretty much : -open MMC -Add the Group Policy snap-in -Browse to Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment -Open Debug programs entry -Add LAB\Debugger Users Which I've done. Unfortunately there is that annoying little box on the right saying Effective Policy Setting which remains NON-checked :-( (While Local Policy Setting is checked) What am I missing that would actually grant these rights locally ? Thanks for your help again! Cheers Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with
Asky, This has to do with the interpretation of the double quote. I advice to type Domain\ Admins is stead of Domain Admins Arne -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Virus Alert
The mail message (file: document_full.pif) you sent to [EMAIL PROTECTED] contains a virus. (on the network) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind - how to map ADS group to Unix group
OK I set winbind nested group = yes option in smb.conf. Still can't quite get it to work. The only doc I can find says net rpc group add wheel -L (why would I add this group, it is built in *nix group?) net rpc group addmem wheel DOM\Domain Admins I don't even have smbd running, only winbind. The wheel group is a built in Unix group. When I issue this command as the root account on the box the winbind log says user 'root' does not exist. When I issue the command as an ADS account the command returns could not connect to server 127.0.0.1 Am I missing something? Thanks, Noal -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Friday, February 25, 2005 1:47 PM To: Miles, Noal Cc: 'samba@lists.samba.org' Subject: Re: [Samba] Winbind - how to map ADS group to Unix group -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Miles, Noal wrote: | I am running 3.0.10-1.4E on RHEL4. The machine is | a ADS member server. I would like to statically | map the ADS group Domain Admins to the built in | wheel group so all members of Domain Admins | are in the wheel group. Look at the 'winbind nested group' options in smb.conf. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCH4C6IR7qMdg1EfYRAsduAJwNIagA8CUtJysSgb/AS5cDS3eqJQCg3WV/ ugLJWhgpTukzAzuAKNIfja4= =CZvc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACL problems
OK so I've got samba-3.0.11 compiled with ACL support. I've running 2.4.25 with the ACL/ATTR patch applied. I can read and set ACLS's using the getfacl/setfacl programs. ldd /usr/sbin/smbd shows it's linked to libattr.so.1 and libacl.so.1. I can read ACL with the smbcacls program, but when I try to set them I get: ERROR: Unable to open credentials file! Also from the windows side, in the properties of a file in it show the users and groups for that file but it lists the perms is all blank, and when I try to change the perms I get a window labeled 'Security' with the message: Unable to save premission changes on . Access is denied. -- David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane 15th Floor New York, NY 10038 Tel 212.981.6527 Fax 917.495.4918 This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No right to confidential or privileged treatment of this message is waived or lost by any error in transmission. If you have received this message in error, please immediately notify the sender by e-mail or by telephone at 212.981.6540, delete the message and all copies from your system and destroy any hard copies. You must not, directly or indirectly, use, disclose, distribute, print or copy any part of this message if you are not the intended recipient. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] \\server\share%user Not Working
On Fri, 2005-02-25 at 07:41 -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Walter Argello Corts wrote: | I am running samba-3.0.9-2.3. | | With Windows XP Pro, I use: | | Start - execute- \\main\compartido%walter | | And that is not working. I had another report of this. On xp, just run 'net use \\server\share /user:username' I think it's one of those security=share things. It certainly makes no sense in security=user. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Debugging Privilege and Samba 3.0.11
On Fri, 25 Feb 2005 21:57:03 +0100 Thierry [EMAIL PROTECTED] wrote: T Isn't that pretty much : T -open MMC T -Add the Group Policy snap-in T -Browse to Local Computer Policy\Computer Configuration\Windows T Settings\Security Settings\Local Policies\User Rights Assignment T -Open Debug programs entry T -Add LAB\Debugger Users T Which I've done. T Unfortunately there is that annoying little box on the right saying T Effective Policy Setting which remains NON-checked :-( T (While Local Policy Setting is checked) T T What am I missing that would actually grant these rights locally ? You probably need to reboot for the rights to be effective. Anyway, you could (as we do) add the domain group LAB\Debugger Users to the local group Debugger Users using: Computer management --- Local Users and groups --- groups --- Debugger Users --- Add The change is effective immediatly. Our way to deal with the tools mentioned by JLB [EMAIL PROTECTED] is to automatically reinstall the computer at every boot. (the machines boot only from network). for the screwdriver we have an alarm on the cabinet :-) -- Jean-Jacques Moulis Tel: (013) 281684 ISYFax: (013) 139282 Linköping UniversityE-mail: [EMAIL PROTECTED] 581 83 Linköping -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] \\server\share%user Not Working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Bartlett wrote: | On Fri, 2005-02-25 at 07:41 -0600, Gerald (Jerry) Carter wrote: |-BEGIN PGP SIGNED MESSAGE- |Hash: SHA1 | |Walter Argello Corts wrote: | || I am running samba-3.0.9-2.3. || || With Windows XP Pro, I use: || || Start - execute- \\main\compartido%walter || || And that is not working. | |I had another report of this. On xp, just run |'net use \\server\share /user:username' | | I think it's one of those security=share things. | It certainly makes no sense in security=user. Hmmm...I thought it was originally for win9x clients that couldn't specify an alternate username. But then I never used it either. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCH64fIR7qMdg1EfYRAtfWAKCF5s/ZKpSlY3iKdGpjIjZUoY6sgQCgwtKN klm5C2fPb4QRw6vTsL/mPjU= =wjHO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Problem
Hi this is really a last resort as I'm literally pulling my hair out over AIX and Samba and cannot find any threads on this particular issue. Basically we have 3 systems running AIX 5.1 and Samba 2.2.7 We upgraded one system to Aix 5.2 and everything works no problem. Upgraded the next two and both will not join the domain using the smbpasswd -j domain-name -r ny000 -U myaccount. After the password is entered they just hang even although I can query the domain using smbclient -L ny000 -U myaccount. Tried re-installing etc and to no avail so now we're out of ideas and really need to get 5.2 working with Samba. Note also tried newer versions of Samba too. Any suggestions you may have would be great Regards Gerry This message and any attachments (the message) is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. The internet can not guarantee the integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) not therefore be liable for the message if modified. - Ce message et toutes les pieces jointes (ci-apres le message) sont etablis a l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le detruire et d'en avertir immediatement l'expediteur. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. L'internet ne permettant pas d'assurer l'integrite de ce message, BNP PARIBAS (et ses filiales) decline(nt) toute responsabilite au titre de ce message, dans l'hypothese ou il aurait ete modifie. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] profile not loading properly
Hello, I installed samba3.0 on my debian machine to act as a PDC. Everything seems to be working. The only problem is that I get errors reading and writing back to the profile. When I log in or log out, it gives me an error saying some file cannot be written. When I check the profiles folder on the server it's always empty. I changed the permissions on the folder and I still get the same error. Would anyone happen to know what is going on? cheers abs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient's tar to /dev/null behaves unexpectedly
If I use smbclient to create a tar file at /dev/null, it skips most of the steps. This behavior If I type something like this: smbclient '\\puffin\c$' -U 'amanda%password' -E -d1 -Tca /dev/null '/Kathy/DATA/2120 WNmod/*' I receive the following message: Output is /dev/null, assuming dry_run source/client/clitar.c: if (tar_type=='c' (dry_run || strcmp(argv[Optind], /dev/null)==0)) { if (!dry_run) { DEBUG(0,(Output is /dev/null, assuming dry_run\n)); dry_run = True; } This is unexpected behavior. If a person wants to use a dry run, the -n option is available. The OS will decide what to do when /dev/null is encountered; smbclient shouldn't know or care whether its bits are thrown away or kept. By performing a dry_run, smbclient is skipping the list of the files in the tar file and the actual transfer of data, something which setting the output device to /dev/null should not do. If the user wants to throw away the data, that is the user's business. To quote from the GNU standards document, which is generally a worthy document even if the project is not GNU: Likewise, please don't make the behavior of the program depend on the type of output device it is used with. Device independence is an important principle of the system's design Please change these lines: if (tar_type=='c' (dry_run || strcmp(argv[Optind], /dev/null)==0)) { if (!dry_run) { DEBUG(0,(Output is /dev/null, assuming dry_run\n)); dry_run = True; } to: if (tar_type=='c' dry_run) { -- Kevin Dalley [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printing to raw cups queue from Windows XP
I have a little home network that uses an Epson C82 served out via Samba from an RH9 Linux box. When I set this up a year ago, the only way I could get printing to work was through a raw Cups queue. (Well, actually, I never tried anything but CUPS). It all worked well enough, except for an annoyingly long delay between the issuing of the print command and the start of output to the printer, probably around a minute for even the smallest document. All the windows boxes accessing the printer were WinXP. I'd more or less gotten used to this, until I brought a Win2K laptop home from work and tried to print to my network through it. After a long struggle, I finally found (with the help of this list) the set of Samba options needed to avoid access denied errors. But here's the rub. When I print from the laptop (through the same raw queue the other boxes use) there is no delay at all in the printer output! Can anyone explain why raw queue printing would be slow on my XP boxes (connected via a wired network) and fast on my Win2K box (connected through wireless router)? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.12pre1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is a preview release of the Samba 3.0.12 code base and is provided for testing only. This release is *not* intended for production servers. However, there have been several bug fixes and new features added since 3.0.11 that we feel are important to make available to the Samba community for wider testing. Common bugs fixed in 3.0.12pre1 include: ~ o Winbind failures when using 'disable netbios = yes' ~ o Failure to establish a trust relationship via 'net rpc ~trust establish' ~ o Various portability compiler issues. ~ o Read only file deletion failure caused by new delete ~semantics in Windows XP SP2 and the MS 04-044 security ~hotfix. Additional features introduced in Samba 3.0.12pre1: ~ o Performance enhancements when serving directories ~containing large number of files. ~ o MS-DFS support added to smbclient. ~ o More performance improvements when using Samba/OpenLDAP ~based DC's via the 'ldapsam:trusted=yes' option. Large Directory Support - --- Samba 3.0.12pre1 introduces a specific mechanism for dealing with file services that frequently contain a large number of files per directory. Historically Samba's performance has suffered in such environments due to the translation from case insensitive lookups by Windows client to the case sensitive storage mechanisms used by UNIX filesystems. Configuration details along with a short HOWTO can be found at: http://www.samba.org/samba/ftp/HOWTO/Samba-LargeDirectory-HOWTO Download Details - The uncompressed tarball and patch file have been signed using GnuPG (ID F17F9772). The source code and release notes can be downloaded from: http://download.samba.org/samba/ftp/pre/ Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCH2spIR7qMdg1EfYRAtDgAJ9s5yDrpuOsmKQlvUy6/bkZnpbT0ACghIVE TOLnNA4OAz8H1oU+L4oObyQ= =E/1L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Problem
Hi Gerry, [EMAIL PROTECTED] wrote: Hi this is really a last resort as I'm literally pulling my hair out over AIX and Samba and cannot find any threads on this particular issue. Basically we have 3 systems running AIX 5.1 and Samba 2.2.7 We upgraded one system to Aix 5.2 and everything works no problem. Upgraded the next two and both will not join the domain using the smbpasswd -j domain-name -r ny000 -U myaccount. After the password is entered they just hang even although I can query the domain using smbclient -L ny000 -U myaccount. Tried re-installing etc and to no avail so now we're out of ideas and really need to get 5.2 working with Samba. Note also tried newer versions of Samba too. Any suggestions you may have would be great I originally migrated to AIX 5.2 by recompiling samba 2.2.8a and just running it without changing any of the samba config or data files. There was no need to rejoin. I don't know if it's too late for that, but potentially you could restore a backup of the samba install/private directory from before you tried to join and it should just work unless the machine password has already been changed. Other than that, once or twice my AIX samba got out of sync with the domain controller. I found I had to delete the old account on the PDC before attempting to create a new one from the command line. But don't do that until the backup fails to work. myaccount would need to be a domain admin. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PrintUIEntry for NT4?
For Win2K, I've been using RunDLL32 printui.dll,printuientry to do a bunch of different printer related stuff (most notably, mapping printers and setting the default). Looks like NT4 doesn't have the same stuff. Is there anything classier I can use than NET USE under NT4 (without downloading something like Kixstart)? Thanks for your help. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] auto response
TO WHOM IT MAY CONCERN:- thanx for ur mail i will immediately reply, when i will be on line. bye till then. with best wishes. Rakesh Mohanty( Off Line) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Debugging Privilege and Samba 3.0.11
| | You're foolish if you think anyone with local | access to a workstation can't get into the | Admin account on their local machine. WoW! That was a really helpful response! And while correct, doesn't do anything to help the original poster. If I have an employee and I'll them I'm not going to give you admin access. And then the hack the box using local physical access, i'll just fire them. Problem solved. No more physical access. It's almost impossible to fire people for that. Due to statistics about one of hundred employee has psychological deviations which cause him/here to investigate something. In out company such an investigator pretty regularly stays over the night in order to reinstall Windows just because it's getting unusable after his actions once in a week. People do not change and it's better to take them as they are than to fire them. The answer is that you create a domain group on the Samba server; add the users to that group, the assign that SID the SeDebugPrivilege right on the individual machines (not of the Samba DC). user rights are local to the machine on which they are assigned. another helpful information is to use SECEDIT for unattended installation to automate such an operation. Samba domain doesn't support GPO theese days, and assigning rights can be done either manually or by SECEDIT tool. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCH3SRIR7qMdg1EfYRAisqAJsGDuFLYHhOUy0V745eTtqAhs/qKACg2J0F tZoLyWOlvj9P3RiiqIJcUNg= =M3kc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: lorikeet r228 - in trunk/white-papers/dcom: .
Author: jelmer Date: 2005-02-25 08:56:13 + (Fri, 25 Feb 2005) New Revision: 228 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=228 Log: Add notes about DCOM and Mono Modified: trunk/white-papers/dcom/dcom.bib trunk/white-papers/dcom/dcom.tex Changeset: Modified: trunk/white-papers/dcom/dcom.bib === --- trunk/white-papers/dcom/dcom.bib2005-02-24 15:57:37 UTC (rev 227) +++ trunk/white-papers/dcom/dcom.bib2005-02-25 08:56:13 UTC (rev 228) @@ -69,3 +69,29 @@ URL = {http://msdn.microsoft.com/library/default.asp?url=/library/en-us/midl/midl/differences_between_midl_and_mktyplib.asp}, title = {Differences between MIDL and MkTypLib} } + [EMAIL PROTECTED], + URL = {http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/introremoting.asp}, + title = {Introduction to Microsoft .NET remoting framework} +} + [EMAIL PROTECTED], + URL = {http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/dotnetremotearch.asp} +} + [EMAIL PROTECTED], + URL = {http://msdn.microsoft.com/msdnmag/issues/02/10/NETRemoting/default.aspx} +} + [EMAIL PROTECTED], + URL = {http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vccore/html/_core_remote_automation.3a_.history_of_dcom.asp}, + title = {The history of DCOM} +} + [EMAIL PROTECTED], + URL = {http://msdn.microsoft.com/library/default.asp?url=/library/en-us/f_and_m/html/vxconnetremoting.asp} +} + [EMAIL PROTECTED], + URL = {http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/cominterop.asp} +} Modified: trunk/white-papers/dcom/dcom.tex === --- trunk/white-papers/dcom/dcom.tex2005-02-24 15:57:37 UTC (rev 227) +++ trunk/white-papers/dcom/dcom.tex2005-02-25 08:56:13 UTC (rev 228) @@ -447,12 +447,19 @@ \section{Future integration} \subsection{Mono} -(Ideas) -\begin{itemize} -\item support incoming DCOM calls from Windows clients -\item support outgoing DCOM calls to Windows hosts -\end{itemize} +DCOM is currently mostly a legacy technology, with Microsoft +focussing on the .NET framework. The .NET framework in +the Windows world has compatibility for COM built in. Rather then +a hard-coded standard for remoting, the .NET framework supports +various backends, DCOM being one of them.\cite{DotNETRemotingIntro} + +Mono\footnote{http://www.mono-project.com/} is an open source project +that aims to implement Microsoft's .NET framework. + +It should be relatively easy to add support for DCOM, perhaps somewhat +similar to Remoting.Corba\footnote{http://remoting-corba.sourceforge.net/}. + \subsection{Wine} (Ideas) \begin{itemize}
svn commit: samba r5555 - in branches/SAMBA_3_0_RELEASE: examples/auth examples/pdb packaging/Debian/debian-stable packaging/Debian/debian-stable/patches packaging/Fedora packaging/RedHat packaging/SuSE source source/auth source/client source/groupdb source/include source/lib source/libads source/libsmb source/nmbd source/nsswitch source/param source/passdb source/printing source/python source/registry source/rpc_client source/rpc_parse source/rpc_server source/rpcclient source/sam source/smbd source/tdb source/torture source/utils
Author: jerry Date: 2005-02-25 14:08:30 + (Fri, 25 Feb 2005) New Revision: WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev= Log: current with 3.0 tree as of r5548; getting ready for 3.0.12pre1 Added: branches/SAMBA_3_0_RELEASE/packaging/Debian/debian-stable/mount.cifs.files branches/SAMBA_3_0_RELEASE/source/libsmb/clidfs.c Modified: branches/SAMBA_3_0_RELEASE/examples/auth/Makefile branches/SAMBA_3_0_RELEASE/examples/pdb/Makefile branches/SAMBA_3_0_RELEASE/packaging/Debian/debian-stable/changelog branches/SAMBA_3_0_RELEASE/packaging/Debian/debian-stable/control branches/SAMBA_3_0_RELEASE/packaging/Debian/debian-stable/patches/fhs.patch branches/SAMBA_3_0_RELEASE/packaging/Debian/debian-stable/rules branches/SAMBA_3_0_RELEASE/packaging/Debian/debian-stable/samba.files branches/SAMBA_3_0_RELEASE/packaging/Fedora/samba.spec.tmpl branches/SAMBA_3_0_RELEASE/packaging/RedHat/samba.spec.tmpl branches/SAMBA_3_0_RELEASE/packaging/SuSE/README branches/SAMBA_3_0_RELEASE/source/Makefile.in branches/SAMBA_3_0_RELEASE/source/VERSION branches/SAMBA_3_0_RELEASE/source/auth/auth_sam.c branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c branches/SAMBA_3_0_RELEASE/source/autogen.sh branches/SAMBA_3_0_RELEASE/source/client/client.c branches/SAMBA_3_0_RELEASE/source/client/clitar.c branches/SAMBA_3_0_RELEASE/source/client/mount.cifs.c branches/SAMBA_3_0_RELEASE/source/client/smbmnt.c branches/SAMBA_3_0_RELEASE/source/client/smbspool.c branches/SAMBA_3_0_RELEASE/source/groupdb/mapping.c branches/SAMBA_3_0_RELEASE/source/include/adt_tree.h branches/SAMBA_3_0_RELEASE/source/include/client.h branches/SAMBA_3_0_RELEASE/source/include/includes.h branches/SAMBA_3_0_RELEASE/source/include/local.h branches/SAMBA_3_0_RELEASE/source/include/msdfs.h branches/SAMBA_3_0_RELEASE/source/include/passdb.h branches/SAMBA_3_0_RELEASE/source/include/rpc_lsa.h branches/SAMBA_3_0_RELEASE/source/include/rpc_samr.h branches/SAMBA_3_0_RELEASE/source/include/smb.h branches/SAMBA_3_0_RELEASE/source/include/smb_macros.h branches/SAMBA_3_0_RELEASE/source/include/smbldap.h branches/SAMBA_3_0_RELEASE/source/lib/account_pol.c branches/SAMBA_3_0_RELEASE/source/lib/adt_tree.c branches/SAMBA_3_0_RELEASE/source/lib/afs.c branches/SAMBA_3_0_RELEASE/source/lib/interface.c branches/SAMBA_3_0_RELEASE/source/lib/privileges.c branches/SAMBA_3_0_RELEASE/source/lib/smbldap.c branches/SAMBA_3_0_RELEASE/source/lib/time.c branches/SAMBA_3_0_RELEASE/source/lib/util.c branches/SAMBA_3_0_RELEASE/source/lib/util_seaccess.c branches/SAMBA_3_0_RELEASE/source/lib/util_str.c branches/SAMBA_3_0_RELEASE/source/lib/util_unistr.c branches/SAMBA_3_0_RELEASE/source/libads/ldap.c branches/SAMBA_3_0_RELEASE/source/libsmb/cliconnect.c branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c branches/SAMBA_3_0_RELEASE/source/libsmb/clilist.c branches/SAMBA_3_0_RELEASE/source/libsmb/cliprint.c branches/SAMBA_3_0_RELEASE/source/libsmb/clirap.c branches/SAMBA_3_0_RELEASE/source/libsmb/clisecdesc.c branches/SAMBA_3_0_RELEASE/source/libsmb/ntlmssp.c branches/SAMBA_3_0_RELEASE/source/libsmb/ntlmssp_sign.c branches/SAMBA_3_0_RELEASE/source/nmbd/nmbd_packets.c branches/SAMBA_3_0_RELEASE/source/nsswitch/winbind_nss_linux.c branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_rpc.c branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_util.c branches/SAMBA_3_0_RELEASE/source/param/loadparm.c branches/SAMBA_3_0_RELEASE/source/param/params.c branches/SAMBA_3_0_RELEASE/source/passdb/passdb.c branches/SAMBA_3_0_RELEASE/source/passdb/pdb_interface.c branches/SAMBA_3_0_RELEASE/source/passdb/pdb_ldap.c branches/SAMBA_3_0_RELEASE/source/printing/print_cups.c branches/SAMBA_3_0_RELEASE/source/python/py_smb.c branches/SAMBA_3_0_RELEASE/source/python/py_spoolss.h branches/SAMBA_3_0_RELEASE/source/python/py_spoolss_drivers.c branches/SAMBA_3_0_RELEASE/source/python/py_spoolss_drivers_conv.c branches/SAMBA_3_0_RELEASE/source/registry/reg_cachehook.c branches/SAMBA_3_0_RELEASE/source/registry/reg_objects.c branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_dfs.c branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_samr.c branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_wkssvc.c branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_net.c branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_samr.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_lsa_hnd.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_lsa_nt.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0_RELEASE/source/rpcclient/cmd_samr.c branches/SAMBA_3_0_RELEASE/source/sam/idmap_ldap.c
svn commit: samba r5556 - in branches/SAMBA_3_0/source/lib: .
Author: gd Date: 2005-02-25 14:12:05 + (Fri, 25 Feb 2005) New Revision: 5556 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5556 Log: Fix the build on AIX. use AF_UNIX instead of AF_LOCAL (thanks to Doug VanLeuven roamdad-at-sonic.net) and make smbldap_open() a bit more readable. Guenther Modified: branches/SAMBA_3_0/source/lib/smbldap.c Changeset: Modified: branches/SAMBA_3_0/source/lib/smbldap.c === --- branches/SAMBA_3_0/source/lib/smbldap.c 2005-02-25 14:08:30 UTC (rev ) +++ branches/SAMBA_3_0/source/lib/smbldap.c 2005-02-25 14:12:05 UTC (rev 5556) @@ -873,8 +873,9 @@ */ static int smbldap_open(struct smbldap_state *ldap_state) { - int rc; + int rc, opt_rc; SMB_ASSERT(ldap_state); + BOOL reopen = False; #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { @@ -883,12 +884,21 @@ } #endif - if ((ldap_state-ldap_struct != NULL) ((ldap_state-last_ping + SMBLDAP_DONT_PING_TIME) time(NULL))) { + if ((ldap_state-ldap_struct != NULL) ((ldap_state-last_ping + SMBLDAP_DONT_PING_TIME) time(NULL))) { + struct sockaddr_un addr; socklen_t len = sizeof(addr); int sd; - if (ldap_get_option(ldap_state-ldap_struct, LDAP_OPT_DESC, sd) == 0 - ((getpeername(sd, (struct sockaddr *) addr, len) 0) || addr.sun_family == AF_LOCAL)) { + + opt_rc = ldap_get_option(ldap_state-ldap_struct, LDAP_OPT_DESC, sd); + if (opt_rc == 0 (getpeername(sd, (struct sockaddr *) addr, len)) 0 ) + reopen = True; + +#ifdef HAVE_UNIXSOCKET + if (opt_rc == 0 addr.sun_family == AF_UNIX) + reopen = True; +#endif + if (reopen) { /* the other end has died. reopen. */ ldap_unbind_ext(ldap_state-ldap_struct, NULL, NULL); ldap_state-ldap_struct = NULL;
svn commit: samba r5557 - in trunk/source/lib: .
Author: gd Date: 2005-02-25 14:13:58 + (Fri, 25 Feb 2005) New Revision: 5557 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5557 Log: Merge from 3_0. Guenther Modified: trunk/source/lib/smbldap.c Changeset: Modified: trunk/source/lib/smbldap.c === --- trunk/source/lib/smbldap.c 2005-02-25 14:12:05 UTC (rev 5556) +++ trunk/source/lib/smbldap.c 2005-02-25 14:13:58 UTC (rev 5557) @@ -882,8 +882,9 @@ */ static int smbldap_open(struct smbldap_state *ldap_state) { - int rc; + int rc, opt_rc; SMB_ASSERT(ldap_state); + BOOL reopen = False; #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { @@ -892,12 +893,21 @@ } #endif - if ((ldap_state-ldap_struct != NULL) ((ldap_state-last_ping + SMBLDAP_DONT_PING_TIME) time(NULL))) { + if ((ldap_state-ldap_struct != NULL) ((ldap_state-last_ping + SMBLDAP_DONT_PING_TIME) time(NULL))) { + struct sockaddr_un addr; socklen_t len = sizeof(addr); int sd; - if (ldap_get_option(ldap_state-ldap_struct, LDAP_OPT_DESC, sd) == 0 - ((getpeername(sd, (struct sockaddr *) addr, len) 0) || addr.sun_family == AF_LOCAL)) { + + opt_rc = ldap_get_option(ldap_state-ldap_struct, LDAP_OPT_DESC, sd); + if (opt_rc == 0 (getpeername(sd, (struct sockaddr *) addr, len)) 0 ) + reopen = True; + +#ifdef HAVE_UNIXSOCKET + if (opt_rc == 0 addr.sun_family == AF_UNIX) + reopen = True; +#endif + if (reopen) { /* the other end has died. reopen. */ ldap_unbind_ext(ldap_state-ldap_struct, NULL, NULL); ldap_state-ldap_struct = NULL;
svn commit: samba r5558 - in trunk: packaging/Debian/debian-stable packaging/Debian/debian-stable/patches source source/client source/include source/lib source/libsmb source/registry source/smbd source/utils
Author: jerry Date: 2005-02-25 14:51:17 + (Fri, 25 Feb 2005) New Revision: 5558 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5558 Log: syncing some misc changes form 3_0 primarily bringing smbclient up to date Added: trunk/packaging/Debian/debian-stable/mount.cifs.files trunk/source/libsmb/clidfs.c Modified: trunk/packaging/Debian/debian-stable/changelog trunk/packaging/Debian/debian-stable/control trunk/packaging/Debian/debian-stable/patches/fhs.patch trunk/packaging/Debian/debian-stable/rules trunk/packaging/Debian/debian-stable/samba.files trunk/source/Makefile.in trunk/source/VERSION trunk/source/client/client.c trunk/source/client/smbspool.c trunk/source/configure.in trunk/source/include/adt_tree.h trunk/source/include/client.h trunk/source/include/includes.h trunk/source/include/msdfs.h trunk/source/lib/adt_tree.c trunk/source/libsmb/cliconnect.c trunk/source/libsmb/clientgen.c trunk/source/libsmb/clilist.c trunk/source/libsmb/cliprint.c trunk/source/libsmb/clirap.c trunk/source/registry/reg_cachehook.c trunk/source/smbd/nttrans.c trunk/source/utils/status.c Changeset: Sorry, the patch is too large (2633 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5558
svn commit: samba r5559 - in branches/SAMBA_3_0_RELEASE: examples/misc source/lib
Author: jerry Date: 2005-02-25 14:52:50 + (Fri, 25 Feb 2005) New Revision: 5559 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5559 Log: adding missing changes from 3.0 Added: branches/SAMBA_3_0_RELEASE/examples/misc/adssearch.pl Modified: branches/SAMBA_3_0_RELEASE/source/lib/smbldap.c Changeset: Sorry, the patch is too large (1544 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5559
svn commit: samba r5560 - in branches/SAMBA_3_0/source/libsmb: .
Author: jerry Date: 2005-02-25 15:22:49 + (Fri, 25 Feb 2005) New Revision: 5560 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5560 Log: make sure session setup message is displayed after changes to client.c Modified: branches/SAMBA_3_0/source/libsmb/clidfs.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clidfs.c === --- branches/SAMBA_3_0/source/libsmb/clidfs.c 2005-02-25 14:52:50 UTC (rev 5559) +++ branches/SAMBA_3_0/source/libsmb/clidfs.c 2005-02-25 15:22:49 UTC (rev 5560) @@ -145,10 +145,10 @@ if ( show_sessetup ) { if (*c-server_domain) { - DEBUG(1,(Domain=[%s] OS=[%s] Server=[%s]\n, + DEBUG(0,(Domain=[%s] OS=[%s] Server=[%s]\n, c-server_domain,c-server_os,c-server_type)); } else if (*c-server_os || *c-server_type){ - DEBUG(1,(OS=[%s] Server=[%s]\n, + DEBUG(0,(OS=[%s] Server=[%s]\n, c-server_os,c-server_type)); } }
svn commit: samba r5561 - in branches/SAMBA_3_0_RELEASE/source/libsmb: .
Author: jerry Date: 2005-02-25 15:23:33 + (Fri, 25 Feb 2005) New Revision: 5561 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5561 Log: make sure session setup message is displayed after changes to client.c Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/clidfs.c Changeset: Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/clidfs.c === --- branches/SAMBA_3_0_RELEASE/source/libsmb/clidfs.c 2005-02-25 15:22:49 UTC (rev 5560) +++ branches/SAMBA_3_0_RELEASE/source/libsmb/clidfs.c 2005-02-25 15:23:33 UTC (rev 5561) @@ -145,10 +145,10 @@ if ( show_sessetup ) { if (*c-server_domain) { - DEBUG(1,(Domain=[%s] OS=[%s] Server=[%s]\n, + DEBUG(0,(Domain=[%s] OS=[%s] Server=[%s]\n, c-server_domain,c-server_os,c-server_type)); } else if (*c-server_os || *c-server_type){ - DEBUG(1,(OS=[%s] Server=[%s]\n, + DEBUG(0,(OS=[%s] Server=[%s]\n, c-server_os,c-server_type)); } }
svn commit: samba r5562 - in branches/SAMBA_3_0/source: . auth
Author: jerry Date: 2005-02-25 15:56:13 + (Fri, 25 Feb 2005) New Revision: 5562 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5562 Log: * bump version to 3.0.12pre2 * change special character in gd's valid workstation check to a '+' to be more in line with the characters used by valid users Modified: branches/SAMBA_3_0/source/VERSION branches/SAMBA_3_0/source/auth/auth_sam.c Changeset: Modified: branches/SAMBA_3_0/source/VERSION === --- branches/SAMBA_3_0/source/VERSION 2005-02-25 15:23:33 UTC (rev 5561) +++ branches/SAMBA_3_0/source/VERSION 2005-02-25 15:56:13 UTC (rev 5562) @@ -29,7 +29,7 @@ # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # - 2.2.9pre1 # -SAMBA_VERSION_PRE_RELEASE=1 +SAMBA_VERSION_PRE_RELEASE=2 # For 'rc' releases the version will be# Modified: branches/SAMBA_3_0/source/auth/auth_sam.c === --- branches/SAMBA_3_0/source/auth/auth_sam.c 2005-02-25 15:23:33 UTC (rev 5561) +++ branches/SAMBA_3_0/source/auth/auth_sam.c 2005-02-25 15:56:13 UTC (rev 5562) @@ -185,7 +185,7 @@ invalid_ws = False; break; } - if (tok[0] == '@') { + if (tok[0] == '+') { DEBUG(10,(sam_account_ok: checking for workstation %s in group: %s\n, machine_name, tok + 1)); if (user_in_group_list(machine_name, tok + 1, NULL, 0)) {
svn commit: samba r5563 - in trunk/source/auth: .
Author: jerry Date: 2005-02-25 15:58:23 + (Fri, 25 Feb 2005) New Revision: 5563 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5563 Log: merge valid workstation change from 3.0 Modified: trunk/source/auth/auth_sam.c Changeset: Modified: trunk/source/auth/auth_sam.c === --- trunk/source/auth/auth_sam.c2005-02-25 15:56:13 UTC (rev 5562) +++ trunk/source/auth/auth_sam.c2005-02-25 15:58:23 UTC (rev 5563) @@ -185,7 +185,7 @@ invalid_ws = False; break; } - if (tok[0] == '@') { + if (tok[0] == '+') { DEBUG(10,(sam_account_ok: checking for workstation %s in group: %s\n, machine_name, tok + 1)); if (user_in_group_list(machine_name, tok + 1, NULL, 0)) {
svn commit: samba r5564 - in branches/SAMBA_3_0_RELEASE: . source/auth
Author: jerry Date: 2005-02-25 17:49:49 + (Fri, 25 Feb 2005) New Revision: 5564 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5564 Log: getting ready for 3.0.12pre1; final sync from 3.0 and updated release notes; tarballs to follow Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt branches/SAMBA_3_0_RELEASE/source/auth/auth_sam.c Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2005-02-25 15:58:23 UTC (rev 5563) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2005-02-25 17:49:49 UTC (rev 5564) @@ -1,3 +1,219 @@ + == + Release Notes for Samba 3.0.12pre1 + Feb 25, 2005 + === + +This is a preview release of the Samba 3.0.12 code base and +is provided for testing only. This release is *not* intended +for production servers. However, there have been several bug +fixes and new features added since 3.0.11 that we feel are +important to make available to the Samba community for wider +testing. + +Common bugs fixed in 3.0.12pre1 include: + + o Winbind failures when using 'disable netbios = yes' + o Failure to establish a trust relationship via 'net rpc +trust establish' + o Various portability compiler issues. + o Read only file deletion failure caused by new delete +semantics in Windows XP SP2 and the MS 04-044 security +hotfix. + +Additional features introduced in Samba 3.0.12pre1: + + o Performance enhancements when serving directories +containing large number of files. + o MS-DFS support added to smbclient. + o More performance improvements when using Samba/OpenLDAP +based DC's via the 'ldapsam:trusted=yes' option. + + +Large Directory Support +--- + +Samba 3.0.12pre1 introduces a specific mechanism for dealing +with file services that frequently contain a large number of files +per directory. Historically Samba's performance has suffered +in such environments due to the translation from case +insensitive lookups by Windows client to the case sensitive +storage mechanisms used by UNIX filesystems. + +Configuration details along with a short HOWTO can be found at: + +http://www.samba.org/samba/ftp/HOWTO/Samba-LargeDirectory-HOWTO + + + +## +Changes +### + +Changes since 3.0.11 + +smb.conf changes + + +Parameter Name Action +-- -- +log nt token command New + + +commits +--- +o Jeremy Allison [EMAIL PROTECTED] +* BUG 2146: Return correct allocation sizes so as not to crash + the VC++ compiler. +* BUG 962: Ensure that parsing of service names in smb.conf is + multibyte safe. +* BUG 2201, 2227: Support new delete semantics used by MS04-044 + and XP SP2. +* BUG 1525: Correctly timestamps interpreted on 64-bit time_t + values (patch submitted by Jay Fenlason [EMAIL PROTECTED]). +* Add special hooks when serving directories containing large + numbers of files. +* Ensure that WINS negative name query responses and WACK + packets use the correct RR type of 0xA instead of reflecting + back what the query RR type was (0x20). +* BUG 2310: Only do 16-bit normalization on small dfree request. +* BUG 2323: Correct authentication failure when using plaintext + passwords from Windows XP clients. + + +o Andrew Bartlett [EMAIL PROTECTED] +* Avoid length-limited intermediate copy of NT and LM responses + in NETLOGON client. +* Debug message cleanups in the NTLMSSP implementation. + + +o Manuel Baena [EMAIL PROTECTED] +* Print actual error message in smbmnt.c:fullpath(). + + +o Gerald (Jerry) Carter [EMAIL PROTECTED] +* Add trans2 client call for checking dfs referrals +* Convert smbclient to use TRANS_QPATHINFO(SMB_QUERY_FILE_BASIC_INFO) + when checking directories on modern CIFS servers. +* Add MS-DFS support to smbclient. +* Code cleanup of adt_tree.[ch]. +* Add missing checks to allow root to manage user rights. +* Allow domain admins to manage rights assignments on domain members + servers. +* BUG 2333: Use the lpq command to pass in the correct printer name + for cups_queue_get(). CUPS backend now sets 'lpq command= %p' as + the default. +* BUG 1439: make sure to initialize pointer to prevent invalid + free()'s on exit. +* BUG 2329: fix to re-enable winbindd to locate DC's when 'disable + netbios = yes'. +* Add cups-devel to BuidlRequires directive in Fedora spec file. +* BUG 858: Fix order of popt args evaluation so we don't crash + when given no command line
svn commit: samba r5565 - in branches/SAMBA_3_0/source/lib: .
Author: jerry Date: 2005-02-25 18:38:19 + (Fri, 25 Feb 2005) New Revision: 5565 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5565 Log: fix breakage on gcc 2.96 Modified: branches/SAMBA_3_0/source/lib/smbldap.c Changeset: Modified: branches/SAMBA_3_0/source/lib/smbldap.c === --- branches/SAMBA_3_0/source/lib/smbldap.c 2005-02-25 17:49:49 UTC (rev 5564) +++ branches/SAMBA_3_0/source/lib/smbldap.c 2005-02-25 18:38:19 UTC (rev 5565) @@ -874,9 +874,9 @@ static int smbldap_open(struct smbldap_state *ldap_state) { int rc, opt_rc; - SMB_ASSERT(ldap_state); BOOL reopen = False; + SMB_ASSERT(ldap_state); #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { DEBUG(0, (smbldap_open: cannot access LDAP when not root..\n));
svn commit: samba r5566 - in branches/SAMBA_3_0_RELEASE/source/lib: .
Author: jerry Date: 2005-02-25 18:39:25 + (Fri, 25 Feb 2005) New Revision: 5566 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5566 Log: fix breakage on gcc 2.96 (current with 3.0 as of r5565) Modified: branches/SAMBA_3_0_RELEASE/source/lib/smbldap.c Changeset: Modified: branches/SAMBA_3_0_RELEASE/source/lib/smbldap.c === --- branches/SAMBA_3_0_RELEASE/source/lib/smbldap.c 2005-02-25 18:38:19 UTC (rev 5565) +++ branches/SAMBA_3_0_RELEASE/source/lib/smbldap.c 2005-02-25 18:39:25 UTC (rev 5566) @@ -874,9 +874,9 @@ static int smbldap_open(struct smbldap_state *ldap_state) { int rc, opt_rc; - SMB_ASSERT(ldap_state); BOOL reopen = False; + SMB_ASSERT(ldap_state); #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { DEBUG(0, (smbldap_open: cannot access LDAP when not root..\n));
svn commit: samba r5567 - in tags: .
Author: jerry Date: 2005-02-25 18:40:32 + (Fri, 25 Feb 2005) New Revision: 5567 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5567 Log: tagging 3.0.12pre1 Added: tags/release-3-0-12pre1/ Changeset: Copied: tags/release-3-0-12pre1 (from rev 5566, branches/SAMBA_3_0_RELEASE)
svn commit: samba-docs r365 - in tags: .
Author: jerry Date: 2005-02-25 18:40:43 + (Fri, 25 Feb 2005) New Revision: 365 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=365 Log: tagging 3.0.12pre1 Added: tags/release-3-0-12pre1/ Changeset: Copied: tags/release-3-0-12pre1 (from rev 364, trunk)
svn commit: samba r5568 - in branches/SAMBA_3_0/source/sam: .
Author: jerry Date: 2005-02-25 18:49:42 + (Fri, 25 Feb 2005) New Revision: 5568 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5568 Log: fix more breakage on gcc 2.96 Modified: branches/SAMBA_3_0/source/sam/idmap_rid.c Changeset: Modified: branches/SAMBA_3_0/source/sam/idmap_rid.c === --- branches/SAMBA_3_0/source/sam/idmap_rid.c 2005-02-25 18:40:32 UTC (rev 5567) +++ branches/SAMBA_3_0/source/sam/idmap_rid.c 2005-02-25 18:49:42 UTC (rev 5568) @@ -51,9 +51,9 @@ int i; fstring sid_str; BOOL known_domain = False; - p = init_param; fstring tok; + p = init_param; trust.number = 0; /* falling back to automatic mapping when there were no options given */
svn commit: samba r5569 - in branches/SAMBA_3_0_RELEASE/source/sam: .
Author: jerry Date: 2005-02-25 18:50:15 + (Fri, 25 Feb 2005) New Revision: 5569 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5569 Log: fix more breakage on gcc 2.96 Modified: branches/SAMBA_3_0_RELEASE/source/sam/idmap_rid.c Changeset: Modified: branches/SAMBA_3_0_RELEASE/source/sam/idmap_rid.c === --- branches/SAMBA_3_0_RELEASE/source/sam/idmap_rid.c 2005-02-25 18:49:42 UTC (rev 5568) +++ branches/SAMBA_3_0_RELEASE/source/sam/idmap_rid.c 2005-02-25 18:50:15 UTC (rev 5569) @@ -51,9 +51,9 @@ int i; fstring sid_str; BOOL known_domain = False; - p = init_param; fstring tok; + p = init_param; trust.number = 0; /* falling back to automatic mapping when there were no options given */
svn commit: samba r5570 - in tags: .
Author: jerry Date: 2005-02-25 19:25:44 + (Fri, 25 Feb 2005) New Revision: 5570 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5570 Log: bad tag Removed: tags/release-3-0-12pre1/ Changeset:
svn commit: samba r5571 - in branches/SAMBA_3_0/source/sam: .
Author: jerry Date: 2005-02-25 19:26:07 + (Fri, 25 Feb 2005) New Revision: 5571 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5571 Log: fix another breakage on gcc 2.96 Modified: branches/SAMBA_3_0/source/sam/idmap_rid.c Changeset: Modified: branches/SAMBA_3_0/source/sam/idmap_rid.c === --- branches/SAMBA_3_0/source/sam/idmap_rid.c 2005-02-25 19:25:44 UTC (rev 5570) +++ branches/SAMBA_3_0/source/sam/idmap_rid.c 2005-02-25 19:26:07 UTC (rev 5571) @@ -159,6 +159,7 @@ DOM_SID *trusted_domain_sids; uint32 enum_ctx = 0; DOM_SID builtin_sid; + int own_domains = 2; /* put the results together */ *num_domains = 1; @@ -270,7 +271,6 @@ i, trusted_domain_names[i], sid_str)); } - int own_domains = 2; if (!sid_equal(domain_sid, get_global_sam_sid())) ++own_domains;
svn commit: samba r5572 - in branches/SAMBA_3_0_RELEASE/source/sam: .
Author: jerry Date: 2005-02-25 19:26:40 + (Fri, 25 Feb 2005) New Revision: 5572 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5572 Log: fix another breakage on gcc 2.96 Modified: branches/SAMBA_3_0_RELEASE/source/sam/idmap_rid.c Changeset: Modified: branches/SAMBA_3_0_RELEASE/source/sam/idmap_rid.c === --- branches/SAMBA_3_0_RELEASE/source/sam/idmap_rid.c 2005-02-25 19:26:07 UTC (rev 5571) +++ branches/SAMBA_3_0_RELEASE/source/sam/idmap_rid.c 2005-02-25 19:26:40 UTC (rev 5572) @@ -159,6 +159,7 @@ DOM_SID *trusted_domain_sids; uint32 enum_ctx = 0; DOM_SID builtin_sid; + int own_domains = 2; /* put the results together */ *num_domains = 1; @@ -270,7 +271,6 @@ i, trusted_domain_names[i], sid_str)); } - int own_domains = 2; if (!sid_equal(domain_sid, get_global_sam_sid())) ++own_domains;
svn commit: samba-web r560 - in trunk: .
Author: jerry Date: 2005-02-25 23:02:11 + (Fri, 25 Feb 2005) New Revision: 560 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=560 Log: announcing 3.0.12pre1 Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2005-02-24 21:06:23 UTC (rev 559) +++ trunk/index.html2005-02-25 23:02:11 UTC (rev 560) @@ -6,14 +6,38 @@ a href=http://nosoftwarepatents.com/;img src=/samba/images/noswp_banner.jpg alt=No Software Patents! //a /div -pSamba is an a href=http://www.opensource.org/;Open Source/a/a href=http://www.gnu.org/philosophy/free-sw.html;Free Software/a suite that provides seamless file and print services to SMB/CIFS clients. Samba is freely available under the a href=/samba/docs/GPL.htmlGNU General Public License/a./p +pSamba is an a href=http://www.opensource.org/;Open Source/a/a + href=http://www.gnu.org/philosophy/free-sw.html;Free Software/a suite + that provides seamless file and print services to SMB/CIFS clients. + Samba is freely available under the a href=/samba/docs/GPL.htmlGNU General + Public License/a./p h2Latest News/h2 !--#include virtual=/samba/news/headlines.html -- h2Current Release/h2 -h4a name=latest5 February 2005/a/h4 +h4a name=latest25 February 2005/a/h4 +p class=headlineSamba 3.0.12pre1 Available for Download/p + +pThis is a preview release of the Samba 3.0.12 code base and + is provided for testing only. This release is emnot/em + intended for production servers. However, there have been + several bug fixes and new features added since 3.0.11 that + we feel are important to make available to the Samba community + for wider testing. Full details are available in the + a href=/samba/ftp/pre/WHATSNEW-3-0-12pre1.txtRelease Notes/a. + /p + +pThe a href=/samba/ftp/pre/samba-3.0.12pre1.tar.gzSamba 3.0.12pre1 + source code/a can be downloaded now. The a + href=/samba/ftp/pre/samba-3.0.12pre1.tar.ascGnuPG + signature for the emun/emcompressed tarball/a is also available. + Precompiled packages for various platforms are available in the + a href=/samba/ftp/Binary_Packages/Binary_Packages + download area/a./p + +h4a name=5 February 2005/a/h4 p class=headlineSamba 3.0.11 Available for Download/p pThis is the latest stable release of Samba. This is
Build status as of Sat Feb 26 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-02-25 00:00:39.0 + +++ /home/build/master/cache/broken_results.txt 2005-02-26 00:00:11.0 + @@ -1,20 +1,18 @@ -Build status as of Fri Feb 25 00:00:01 2005 +Build status as of Sat Feb 26 00:00:02 2005 Build counts: Tree Total Broken Panic -ccache 41 5 0 -distcc 41 2 0 -ppp 24 5 0 +ccache 40 5 0 +distcc 40 2 0 +ppp 25 5 0 rsync40 2 0 samba2 2 2 samba-docs 0 0 0 -samba4 45 14 0 -samba_3_041 11 0 +samba4 44 13 0 +samba_3_041 10 0 Currently broken builds: Host Tree Compiler Status -cyberone samba4 gccok/ 2/?/? -cyberone samba_3_0gcc 1/?/?/? fusberta samba4 gccok/ 2/?/? yurok samba_3_0cc ok/ok/ok/ 2 yurok samba_3_0gcc 127/?/?/? @@ -31,7 +29,7 @@ gwen samba4 cc ok/ 1/?/? gwen samba_3_0cc ok/ 1/?/? us4samba_3_0cc ok/ 1/?/? -us4samba_3_0gcc 127/?/?/? +us4samba_3_0gccok/ 1/?/? flock samba4 gccok/ 1/?/? opisol10 ccache gccok/ok/ok/ 1 opisol10 ppp gccok/ 1/?/?
Re: svn commit: samba r5575 - in trunk/source: rpc_client rpcclient
On Fri, 2005-02-25 at 23:57 +, [EMAIL PROTECTED] wrote: Author: vlendec Date: 2005-02-25 23:57:02 + (Fri, 25 Feb 2005) New Revision: 5575 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5575 Log: Fix the 'schannel' command of rpcclient. This will simplify our handling of schannel pipes a bit: We always assumed that the netlogon pipe over which the auth2 was done had to be kept open. This is not true, at least not against w2k3 and nt4 as a server. The schannel rpcclient command computes the schannel key and further on always does the schannel bind for all commands. Try using commands samr and lsa commands interchanged, and fresh binds succeed. Nice work! However, connecting to spoolss won't bind with schannel. Hmm. Does this work with samba4? This is expected - each pipe has a declaration somehwere that sets what authentication methods to accept. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part