Re: [Samba] pdbedit ldap Object class violation still
yes it support it for example if i create all the samba attribute directly in my ldap it work for example dn: cn=dsivkoberwin$,ou=Systems,dc=domain,dc=int objectClass: top objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: dsivkoberwin$ domainMachinedate: 2006-01-03 domainMachineOS: windows XP domainMachinetype: Portable CompaqHP nc6120 gecos: dsivkoberwin$ gidNumber: 604 homeDirectory: /dev/null sambaAcctFlags: [W ] sambaNTPassword: A6FC2E4F8A30E1969A37E60B71CB5603 sambaPrimaryGroupSID: S-1-x-21-241-3271816-xxx-515 sambaPwdCanChange: 1136309455 sambaPwdLastSet: 1136309455 sambaPwdMustChange: 2147483647 sambaSID: S-1-x-21-241xx-3271816-xxx-15592 uid: dsivkoberwin$ uidNumber: 7296 then i'm able to join the machine to the domain Gerald (Jerry) Carter a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 zorg wrote: for example pdbedit -a -m -u zigo give me this error cn=zigo$,ou=Systems,dc=domain,dc=int with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' in the ldap log i can see that the attribute sambaSid is not send but I really don't know what goes wrong This should be fine. Does you server support the current schema? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDvVJ/IR7qMdg1EfYRAoOkAJ9I5aajfX5I1kLeQTeOErEwy347yQCfTqgL TePk5USzxoOqm2bL+ie4qnk= =N457 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdbedit ldap Object class violation still (correction)
hello here is my real ldif sorry for the noise yes it support it for example if i create all the samba attribute directly in my ldap it work for example dn: cn=dsiwin$,ou=Systems,dc=domain,dc=int objectClass: top objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: dsivkoberwin$ gecos: dsivkoberwin$ gidNumber: 604 homeDirectory: /dev/null sambaAcctFlags: [W ] sambaNTPassword: A6FC2E4F8A30E1969A37E60B71CB5603 sambaPrimaryGroupSID: S-1-x-21-241-3271816-xxx-515 sambaPwdCanChange: 1136309455 sambaPwdLastSet: 1136309455 sambaPwdMustChange: 2147483647 sambaSID: S-1-x-21-241xx-3271816-xxx-15592 uid: dsiwin$ uidNumber: 7296 then i'm able to join the machine to the domain Gerald (Jerry) Carter a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 zorg wrote: for example pdbedit -a -m -u zigo give me this error cn=zigo$,ou=Systems,dc=domain,dc=int with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' in the ldap log i can see that the attribute sambaSid is not send but I really don't know what goes wrong This should be fine. Does you server support the current schema? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDvVJ/IR7qMdg1EfYRAoOkAJ9I5aajfX5I1kLeQTeOErEwy347yQCfTqgL TePk5USzxoOqm2bL+ie4qnk= =N457 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 2003 and Samba
Hi all, I would like to open a session with a Windows 2003 server to a PDC Samba. I can do it with any login on any workstations, but not with 2003. Is there something to do in particulary ? Thanks Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: my serwer hngs :(
Yes I can't login even from keybord. This machine was working with redhat 8.0 for 2 years. It could be something with disk because i have to change one of system disk lately:( Mayby you know how to test hard disk or scsi controler ? I have maxtor 36 GB and Adaptec 7.9 Controler Thx for your answer Morty Edward Luck wrote: When you say it hangs up, do you mean you can't even login at the keyboard? If so, this is highly unlikely to be a Samba problem, and much more likely to be some wierd hardware issue, like a busted NIC or stuffed memory. On 1/5/06, lukas [EMAIL PROTECTED] wrote: Heloo My server hangs up :((machine not only samba) I've upgrated my system. Now it is Gentoo 2005.1 - K 2.6.14 - Samba 3.0.20b Everything works exelent and much more faster now but sometimes it hangs up. The last hang up was when I have loged one user on w98 :( to domain. Only strange thing that I've found in logs are : : [2006/01/05 07:59:13, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(981) Jan 5 07:59:13 localhost smbd[7048]: Attempt to bind using schannel without successful serverauth2 Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/util_sock.c:get_peer_addr(1222) Jan 5 08:01:06 localhost smbd[7061]: getpeername failed. Error was Transport endpoint is not connected Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/access.c:check_access(328) Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/util_sock.c:get_peer_addr(1222) Jan 5 08:01:06 localhost smbd[7061]: getpeername failed. Error was Transport endpoint is not connected Jan 5 08:01:06 localhost smbd[7061]: Denied connection from (0.0.0.0) Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/util_sock.c:get_peer_addr(1222) Jan 5 08:01:06 localhost smbd[7061]: getpeername failed. Error was Transport endpoint is not connected Jan 5 08:01:06 localhost smbd[7061]: Connection denied from 0.0.0.0 Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/util_sock.c:write_data(554) Jan 5 08:01:06 localhost smbd[7061]: write_data: write failure in writing to client 172.17.70.36. Error Connection reset by peer Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/util_sock.c:send_smb(762) Jan 5 08:01:06 localhost smbd[7061]: Error writing 5 bytes to client. -1. (Connection reset by peer) Jan 5 08:01:06 localhost smbd[7062]: [2006/01/05 08:01:06, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(981) Jan 5 08:01:06 localhost smbd[7062]: Attempt to bind using schannel without successful serverauth2 Jan 5 08:06:07 localhost smbd[7070]: [2006/01/05 08:06:07, 0] lib/util_sock.c:get_peer_addr(1222) Jan 5 08:06:07 localhost smbd[7070]: getpeername failed. Error was Transport endpoint is not connected Jan 5 08:06:07 localhost smbd[7070]: [2006/01/05 08:06:07, 0] lib/access.c:check_access(328) Jan 5 08:06:07 localhost smbd[7070]: [2006/01/05 08:06:07, 0] lib/util_sock.c:get_peer_addr(1222) Jan 5 08:06:07 localhost smbd[7070]: getpeername failed. Error was Transport endpoint is not connected Jan 5 08:06:07 localhost smbd[7070]: Denied connection from (0.0.0.0) I don't know what to do :( my smb conf [global] log file = /var/log/samba/%m.log load printers = no smb passwd file = /etc/samba/smbpasswd passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = yes bind interfaces only = Yes hosts deny = ALL hosts allow = 172.17.70.0/24 127. interfaces = eth0 lo hosts allow = 172.17.70. encrypt passwords = yes passwd program = /usr/bin/passwd %u max disk size = 51200 dns proxy = no server string = zefirek netbios name = zefirek printing = cups logon script = %U.bat message command = winpopup unix password sync = Yes local master = yes workgroup = ztisze os level = 90 printcap name = cups security = user max log size = 5000 pam password change = yes domain logons = yes restrict anonymous = true dos charset = CP852 unix charset = ISO8859-2 preserve case = yes read raw = yes write raw = yes getwd cache = yes #write cache size = 65536 debug level = 1 debug timestamp = no timestamp logs = true dos file times = yes passdb backend = smbpasswd #ldap server = localhost #ldap port = 0 #Czas time server = yes and so on Thx for all answers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Keep flying, and stay shiny. -- To unsubscribe from this list go to
Re: [Samba] Account Unknown for users with Samba 3.0.11/14
Quoting [EMAIL PROTECTED]:
Hi,
I've got a problem with a samba server I inherited which I can't solve.
I think it's the configuration rather than the version because I have
the same problem with a 3.0.14 and a 3.0.11 Samba server with almost
identical configurations. Both authenticate against LDAP, one has an
old smbpasswd file which should no longer be in use.
The issue is that when I click Properties... Security in Windows on
something shared on the samba server, all the groups come up OK but
users are displayed as (for example) Account Unknown
{S-1-5-21-4012146134-3166284455-2856603714-3038).
I've checked, and that account SID is correct. However, I'd expect it
to eventually resolve to a username - it doesn't.
Further investigation has shown that the LDAP server is queried for
Group SIDs, but not for User SIDs.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: my serwer hngs :(
my first guess, check your mainboard, check the transistors, maybe they are leaking. second test ram last check processor. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens lukas Verzonden: vrijdag 6 januari 2006 10:25 Aan: samba@lists.samba.org Onderwerp: [Samba] Re: my serwer hngs :( Yes I can't login even from keybord. This machine was working with redhat 8.0 for 2 years. It could be something with disk because i have to change one of system disk lately:( Mayby you know how to test hard disk or scsi controler ? I have maxtor 36 GB and Adaptec 7.9 Controler Thx for your answer Morty Edward Luck wrote: When you say it hangs up, do you mean you can't even login at the keyboard? If so, this is highly unlikely to be a Samba problem, and much more likely to be some wierd hardware issue, like a busted NIC or stuffed memory. On 1/5/06, lukas [EMAIL PROTECTED] wrote: Heloo My server hangs up :((machine not only samba) I've upgrated my system. Now it is Gentoo 2005.1 - K 2.6.14 - Samba 3.0.20b Everything works exelent and much more faster now but sometimes it hangs up. The last hang up was when I have loged one user on w98 :( to domain. Only strange thing that I've found in logs are : : [2006/01/05 07:59:13, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(981) Jan 5 07:59:13 localhost smbd[7048]: Attempt to bind using schannel without successful serverauth2 Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/util_sock.c:get_peer_addr(1222) Jan 5 08:01:06 localhost smbd[7061]: getpeername failed. Error was Transport endpoint is not connected Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/access.c:check_access(328) Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/util_sock.c:get_peer_addr(1222) Jan 5 08:01:06 localhost smbd[7061]: getpeername failed. Error was Transport endpoint is not connected Jan 5 08:01:06 localhost smbd[7061]: Denied connection from (0.0.0.0) Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/util_sock.c:get_peer_addr(1222) Jan 5 08:01:06 localhost smbd[7061]: getpeername failed. Error was Transport endpoint is not connected Jan 5 08:01:06 localhost smbd[7061]: Connection denied from 0.0.0.0 Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/util_sock.c:write_data(554) Jan 5 08:01:06 localhost smbd[7061]: write_data: write failure in writing to client 172.17.70.36. Error Connection reset by peer Jan 5 08:01:06 localhost smbd[7061]: [2006/01/05 08:01:06, 0] lib/util_sock.c:send_smb(762) Jan 5 08:01:06 localhost smbd[7061]: Error writing 5 bytes to client. -1. (Connection reset by peer) Jan 5 08:01:06 localhost smbd[7062]: [2006/01/05 08:01:06, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(981) Jan 5 08:01:06 localhost smbd[7062]: Attempt to bind using schannel without successful serverauth2 Jan 5 08:06:07 localhost smbd[7070]: [2006/01/05 08:06:07, 0] lib/util_sock.c:get_peer_addr(1222) Jan 5 08:06:07 localhost smbd[7070]: getpeername failed. Error was Transport endpoint is not connected Jan 5 08:06:07 localhost smbd[7070]: [2006/01/05 08:06:07, 0] lib/access.c:check_access(328) Jan 5 08:06:07 localhost smbd[7070]: [2006/01/05 08:06:07, 0] lib/util_sock.c:get_peer_addr(1222) Jan 5 08:06:07 localhost smbd[7070]: getpeername failed. Error was Transport endpoint is not connected Jan 5 08:06:07 localhost smbd[7070]: Denied connection from (0.0.0.0) I don't know what to do :( my smb conf [global] log file = /var/log/samba/%m.log load printers = no smb passwd file = /etc/samba/smbpasswd passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = yes bind interfaces only = Yes hosts deny = ALL hosts allow = 172.17.70.0/24 127. interfaces = eth0 lo hosts allow = 172.17.70. encrypt passwords = yes passwd program = /usr/bin/passwd %u max disk size = 51200 dns proxy = no server string = zefirek netbios name = zefirek printing = cups logon script = %U.bat message command = winpopup unix password sync = Yes local master = yes workgroup = ztisze os level = 90 printcap name = cups security = user max log size = 5000 pam password change = yes domain logons = yes restrict anonymous = true dos charset = CP852 unix charset = ISO8859-2 preserve case = yes read raw = yes write raw = yes getwd cache = yes #write cache size = 65536 debug level = 1 debug timestamp = no timestamp logs = true
[Samba] Linus Trustees support?
Hi, I searched in the archiv of the samba list and found some mails to this topic. I just wanted to know, if there is now Linux Trustees support for ACL mappings from Windows to Linux or if it is planed in the future or not on the to do list? I will change in the near future from Netware to Samba and while I do not like Netware, I really like the Trustees, because they are so easy to use. Thanks Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Access is denied after connection is apparently successful
We have a small home network with Samba running on a Slackware Linux 10.1 system, it's been running happily for several months or even maybe a year or so. It's running Samba version 3.0.4 Recently one of the Win2k clients is getting errors when trying to access Samba shares. The other clients are all still working OK and the same user can access shares from other client machines. Running the command:- net use e: \\server\tmp works, i.e. one gets command completed successfully, however if you try and go to drive E: or access any files there it gives an Access is denied message. Similarly with the GUI an icon appears for drive E: with no red cross but the moment you try and access drive E: a pop-up message says E: Access is Denied. We can't think of anything that has changed on the client machine where the error occurs, can anyone suggest what the problem might be? -- Chris Green ([EMAIL PROTECTED]) Never ascribe to malice that which can be explained by incompetence. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bugs in 3.0.21a
Gerald (Jerry) Carter wrote: Farkas Levente wrote: This was part of the 'winbind enable local accounts' which has long been removed. but nowhere documented what's more it's included in the changelog and the how to upgrade docs. and was it replaced with something or ...? 'winbind enable local accounts' was listed as deprecated for several releases before it was removed. The 'template primary group' was only used in that code path so there is no need to replace it with anything. Were you actually using 'winbind enable local accounts'? No one ever spoke up. we never use 'winbind enable local accounts', but we've got (and read) the 'samba 3 by example' book page 240 and 242 and that's contain it. or just see: http://www.samba.org/samba/docs/man/Samba3-ByExample/unixclients.html example 7.5 and 7.7. yours. -- Levente Si vis pacem para bellum! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Another newbie searching for help.....
If it is just the policies you want to store somewhere else it shouldn't be a problem. cheers henrik 5 jan 2006 kl. 22:09 skrev Rodrigo López Negrete de la Fuente: Hello I'm wondering if anybody has ever done anything like what I'm trying to do, and if so please help!!! This is the situation. I'm working at a university that has a classroom full of WinXP PC's. These machines conncect to a Win Server 2003 box, where they get the user policies and active direcory stuff. Now, we want to put a switch and a Linux Server between the the classroom and the university's network. This new linux server will have two NICs one for the new private network, and the other to connect to the university's network. The question is: is it possilbe to redirect the WinXP boxes to the Windows Server using the Linux box so they can get their policies, etc? I've been thinking of doing this with Samba, is this possible? Thanks!! Any help will be very much appreciated! Rodrigo -- Rodrigo López Negrete http://muon.blogdns.org/~rush/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Debug peer
Is it possible to debug selected client only? because enabling debug globaly on production machine will fill up log directory within minutes. posibly something like: debug peer = ip_address_of_client -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows ACL adjustments, permission denied
Snippet from http://searchopensource.techtarget.com/tip/ 0,289483,sid39_gci1080966,00.html cheers henrik Windows NT/200X ACLs The following table provides a summary of the 14 key ACE flags that are supported in Windows 2000 and later products (for example, Windows XP Professional): Windows ACE File Attribute Flag Full Control # Traverse Folder/Execute File x List Folder/Read Data r Read Attributes r Read Extended Attributes r Create Files/Write Data w Create Folders/Append Data w Write Attributes w Write Extended Attributes w Delete Subfolders and Files w Delete # Read Permissions all Change Permissions # Take Ownership # In this table, the # character means this flag is selected only when the Full Control flag is set. The File Attribute Flag shown in the right column shows how the Windows ACE flags are mapped to UNIX POSIX ACL permissions of rwx for users/groups/others (ugo) and for the extended POSIX ACLs described earlier. The reference to all means that read permission can not be denied for the owner and group owner of a UNIX file or directory. As can be seen from the table, many Windows ACE flags have no equivalent in the UNIX operating system space. The Samba Team was thus compelled to map the flags in a sensible manner so as to achieve the net desired capability to copy files and directories with preservation of Windows ACL controls. The net result, however, is that files copied from a Windows 200X server to a Samba server will lose some ACL information. This is inconsequential so long as the files are then not copied back to the Windows 200X server. Windows ACLS are familiar to Windows network administrators because they are the sole tool available for access control to files, directories and shares. Windows NT/200X systems have no concept of an inherent scheme of ownership by a user/group/other triplet. Windows files do have a concept of an owner, but not a group owner. Access control is entirely implemented by way of ACLs. In fact, it is entirely possible under Windows to remove all ACEs from the ACL. In earlier versions of Windows (3.10) it was possible for the Windows administrator to do so, with the result that even the administrator then could not access the affected files. The recovery of dis-accessed files on such systems required giving the administrator appropriate rights and privileges to permit the dis- accessed files to be reclaimed. Such problem is not possible within the UNIX operating system environment. Fortunately, since Windows NT4 the administrator by default has the ability to recover dis-accessed files. Windows ACLs are horribly complicated compared with the simplicity of UNIX file and directory permissions and POSIX extended ACLs. Windows ACLs were designed from a computing science perspective to provide such complex capabilities that most Windows administrators fail to correctly understand how best to use them. Furthermore, few Windows programmers understand how to correctly use the ACL API, resulting in most Windows applications not making use of ACLs as they could. Windows ACLs are highly specific with complex orders of precedence. One common mistake that is made by new users is to implement the following specification (as a manager might prescibe it): Everyone should be denied access to XYZ folder and files Engineers should have read access Managers should have write access Faulty implementation: Everyone (No Access) Engineers (read only) Managers (Full Control) The problem with this specification is that all Engineers and Managers are members of the Everyone group and will be denied access because the global denial ACE has higher precedence than the permission ACEs. It was necessary only to specify the ACEs for Engineers and for Managers. The complexity of such an ACL is readily avoided with POSIX ACLs under UNIX and therefore also with Samba since it transparently passes all access controls through to the host operating system. Guidelines for the use of Windows ACLs with a Samba File Server It is useful to consider what will happen when a Windows file is copied to a Samba server that has ACL support. Let us assume that a file that has the following ACL is copied by the user root from a Windows server to a Samba server. It is necessary that the domain user root must have a relative identifier (RID) of 500 so that this account is acknowledged under Windows as the domain administrator. The ACL on this hypothetical file has the following ACEs: Owner: jht jht has Full Control Domain users have read control Accountants have read and write control Technicians have Full Control When appropriately copied to the Samba server (using a tool such as robocopy) the file attributes on the UNIX host server will be: owner:jht:rwx owner group:Domain Admins:rw- group:Domain Users:r-- group:Accountants:rw- group:Technicians:rwx If
[Samba] Windows 2003 and DC Samba
Hi, Here is my log, does someone know what it means ? Jan 6 11:20:38 SAMBA1 smbd[3053]: write_socket: Error writing 4 bytes to s ocket 22: ERRNO = Connexion ré-initialisée par le correspondant Jan 6 11:20:38 SAMBA1 smbd[3053]: [2006/01/06 11:20:38, 0] lib/util_sock.c:s end_smb(647) Jan 6 11:20:38 SAMBA1 smbd[3053]: Error writing 4 bytes to client. -1. (Co nnexion ré-initialisée par le correspondant) Jan 6 11:20:38 SAMBA1 smbd[3050]: [2006/01/06 11:20:38, 0] rpc_server/srv_pi pe.c:api_pipe_bind_req(993) Jan 6 11:20:38 SAMBA1 smbd[3050]: api_pipe_bind_req: unknown auth type 1 r equested. Jan 6 11:20:38 SAMBA1 smbd[3150]: [2006/01/06 11:20:38, 0] lib/util_sock.c:g et_peer_addr(1000) Jan 6 11:20:38 SAMBA1 smbd[3150]: getpeername failed. Error was Noeud fina l de transport n'est pas connecté Jan 6 11:20:38 SAMBA1 smbd[3150]: [2006/01/06 11:20:38, 0] lib/util_sock.c:g et_peer_addr(1000) Jan 6 11:20:38 SAMBA1 smbd[3150]: getpeername failed. Error was Noeud fina l de transport n'est pas connecté Jan 6 11:20:38 SAMBA1 smbd[3150]: [2006/01/06 11:20:38, 0] lib/util_sock.c:w rite_socket_data(430) Jan 6 11:20:38 SAMBA1 smbd[3150]: write_socket_data: write failure. Error = Connexion ré-initialisée par le correspondant Jan 6 11:20:38 SAMBA1 smbd[3150]: [2006/01/06 11:20:38, 0] lib/util_sock.c:w rite_socket(455) Jan 6 11:20:38 SAMBA1 smbd[3150]: write_socket: Error writing 4 bytes to s ocket 22: ERRNO = Connexion ré-initialisée par le correspondant Jan 6 11:20:38 SAMBA1 smbd[3150]: [2006/01/06 11:20:38, 0] lib/util_sock.c:s end_smb(647) Jan 6 11:20:38 SAMBA1 smbd[3150]: Error writing 4 bytes to client. -1. (Co nnexion ré-initialisée par le correspondant) Help would be really appreciated ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Debug peer
On Fri, Jan 06, 2006 at 05:21:39PM +0700, Beast wrote: Is it possible to debug selected client only? because enabling debug globaly on production machine will fill up log directory within minutes. Use smbcontrol to send an increse debug level request to the smbd connected to that client. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
printing = bsd broke smbd? [was Re: [Samba] samba 3.0.21a without printig
Gerald (Jerry) Carter wrote: - how can i disable it totaly? Set 'printing = bsd' When setting printing=bsd on my samba, client wont able to resolve the server. In windows client, it says The specified network name is no longer available. Using smbclient: [samba]# smbclient -L svr4 -Uuser Password: Anonymous login successful Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.20b] Sharename Type Comment - --- netlogonDisk Network Logon Service Pub Disk Public Share session setup failed: Call returned zero bytes (EOF) NetBIOS over TCP disabled -- no workgroup available [samba]# smbclient -L svr4 -Uuser Password: session setup failed: Call returned zero bytes (EOF) I can attach debug3 if you wish, but I found no clue in there ;-p -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Debug peer
Jeremy Allison wrote: On Fri, Jan 06, 2006 at 05:21:39PM +0700, Beast wrote: Is it possible to debug selected client only? because enabling debug globaly on production machine will fill up log directory within minutes. Use smbcontrol to send an increse debug level request to the smbd connected to that client. But how do I know which smbd process connected to which client? Tks. --beast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Debug peer
On Fri, Jan 06, 2006 at 05:52:53PM +0700, Beast wrote: Jeremy Allison wrote: On Fri, Jan 06, 2006 at 05:21:39PM +0700, Beast wrote: Is it possible to debug selected client only? because enabling debug globaly on production machine will fill up log directory within minutes. Use smbcontrol to send an increse debug level request to the smbd connected to that client. But how do I know which smbd process connected to which client? Tks. smbstatus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] OK .. Just one question
Does Windows 2003 can be a BDC server with a Linux Samba PDC ? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Repost: Help - compilation of winbind_nss_solaris.c/3.0.21a/Solaris 7 and older fails
I would really appreciate help !
I did not have any reply to my two posts and I don't know what to do.
I can't build 3.0.21a and I have to migrate 54 Solaris 2.5.1 servers
from 2.2.8a to 3.0.x. I'm afraid we could not move to newer solaris
versions before 12 or 18 months.
Under is the problem description.
Thank you for your help.
Pierre
-
SOLARIS 7
-
On Solaris 7 problem comes from winbind_nss_solaris.c on solaris 7 witch
evolved a lot in 3.0.21
Several references are done to struct in6_addr witch are not defined on
solaris 7 and older. I didn't have any trouble with SAMBA 3.0.21rc1
Platform Solaris 7 + GCC and Solaris 2.5.1 + SUN CC.
---
Configure
./configure --with-acl-support --with-ldap=no --disable-cups
--enable-static=yes --with-included-popt
$ gcc -v
Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.7/3.0.3/specs
Configured with: ../configure --with-as=/usr/local/bin/as
--with-ld=/usr/local/bin/ld
Thread model: posix
gcc version 3.0.3
-
...
Compiling utils/eventlogadm.c
Linking bin/eventlogadm
Compiling nsswitch/wbinfo.c
Linking bin/wbinfo
Compiling nsswitch/wb_common.c with -fPIC
Compiling lib/replace1.c with -fPIC
Compiling nsswitch/winbind_nss_solaris.c with -fPIC
nsswitch/winbind_nss_solaris.c: In function `parse_response':
nsswitch/winbind_nss_solaris.c:394: sizeof applied to an incomplete type
nsswitch/winbind_nss_solaris.c:395: sizeof applied to an incomplete type
nsswitch/winbind_nss_solaris.c:397: arithmetic on pointer to an
incomplete type
nsswitch/winbind_nss_solaris.c:421: arithmetic on pointer to an
incomplete type
nsswitch/winbind_nss_solaris.c:421: dereferencing pointer to incomplete type
nsswitch/winbind_nss_solaris.c:423: `AF_INET6' undeclared (first use in
this function)
nsswitch/winbind_nss_solaris.c:423: (Each undeclared identifier is
reported only once
nsswitch/winbind_nss_solaris.c:423: for each function it appears in.)
nsswitch/winbind_nss_solaris.c:423: arithmetic on pointer to an
incomplete type
nsswitch/winbind_nss_solaris.c:423: dereferencing pointer to incomplete type
nsswitch/winbind_nss_solaris.c:433: arithmetic on pointer to an
incomplete type
nsswitch/winbind_nss_solaris.c:433: dereferencing pointer to incomplete type
nsswitch/winbind_nss_solaris.c: In function
`_nss_winbind_ipnodes_getbyname':
nsswitch/winbind_nss_solaris.c:491: `AF_INET6' undeclared (first use in
this function)
nsswitch/winbind_nss_solaris.c: In function `_nss_winbind_hosts_getbyaddr':
nsswitch/winbind_nss_solaris.c:540: `AF_INET6' undeclared (first use in
this function)
nsswitch/winbind_nss_solaris.c:546: `INET6_ADDRSTRLEN' undeclared (first
use in this function)
nsswitch/winbind_nss_solaris.c:546: warning: assignment makes pointer
from integer without a cast
make: *** [nsswitch/winbind_nss_solaris.po] Error 1
-
SOLARIS 2.5.1
-
On Solaris 2.5.1 problem comes from nsswitch/wb_common.c where socklen_t
type is not defined
artexp$ diff /smb/tmp/samba-3.0.20b/source/nsswitch/wb_common.c
/smb/tmp/samba-3.0.21a/source/nsswitch/wb_common.c
237c237,238
int connect_errno = 0, errnosize;
---
int connect_errno = 0;
socklen_t errnosize;
545a547,551
if ((request-extra_len != 0)
(write_sock(request-extra_data, request-extra_len,
request-flags WBFLAG_RECURSE) == -1)) {
return NSS_STATUS_UNAVAIL;
}
--
Configure
./configure --with-acl-support --with-ldap=no --disable-cups
--enable-static=yes --with-included-popt
$ cc -V
cc: WorkShop Compilers 5.0 98/12/15 C 5.0
...
Compiling lib/hmacmd5.c
Compiling lib/arc4.c
Compiling lib/iconv.c
lib/iconv.c, line 139: warning: argument #2 is incompatible with
prototype:
prototype: pointer to pointer to const char :
/usr/local/include/iconv.h, line 82
argument : pointer to pointer to char
Compiling nsswitch/wb_client.c
Compiling nsswitch/wb_common.c
/usr/include/netdb.h, line 195: warning: dubious tag declaration:
struct sockaddr_in
nsswitch/wb_common.c, line 238: undefined symbol: socklen_t
nsswitch/wb_common.c, line 238: syntax error before or at: errnosize
nsswitch/wb_common.c, line 253: undefined symbol: errnosize
nsswitch/wb_common.c, line 256: warning: argument #4 is incompatible
with prototype:
prototype: pointer to char : /usr/include/sys/socket.h, line 299
argument : pointer to int
nsswitch/wb_common.c, line 284: cannot recover from previous errors
cc: acomp failed for nsswitch/wb_common.c
*** Error code 2
make: Fatal error: Command failed for target `nsswitch/wb_common.o'
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Account Unknown for users with Samba 3.0.11/14
- Original Message -
From: [EMAIL PROTECTED]
To: samba@lists.samba.org
Sent: Friday, January 06, 2006 4:48 AM
Subject: Re: [Samba] Account Unknown for users with Samba 3.0.11/14
Quoting [EMAIL PROTECTED]:
Hi,
I've got a problem with a samba server I inherited which I can't solve.
I think it's the configuration rather than the version because I have
the same problem with a 3.0.14 and a 3.0.11 Samba server with almost
identical configurations. Both authenticate against LDAP, one has an
old smbpasswd file which should no longer be in use.
The issue is that when I click Properties... Security in Windows on
something shared on the samba server, all the groups come up OK but
users are displayed as (for example) Account Unknown
{S-1-5-21-4012146134-3166284455-2856603714-3038).
I've checked, and that account SID is correct. However, I'd expect it
to eventually resolve to a username - it doesn't.
Well, I'll bet you don't have a group mapping on the groups in question. Any
group that has no group mapping will show up as a local group in the
security tab. If there were a group maping it should show up as a group in a
trusted domain, unless there are no trusts, then it shows a SID value.
Further investigation has shown that the LDAP server is queried for
Group SIDs, but not for User SIDs.
Yep, that's correct for the Group SID, it's gathering information on the
group value of the filesystem object is my guess.
The user SID should have already been retrieved and stored in the security
context if that is the owner of the fs object. I'm assuming here that
extended ACL's are not involved.
If the SID for the user is not the SID for the DC, you will get unknown user
since LDAP holds the sambaSID and sambaPrimaryGroupSID for each user. In the
smbpasswd world, a users SID value is the servers since that info is not
stored in smbpasswd and the RID is algorithmically calculated (uid * 2 +
1000, by default).
The problem may not be the SID. It could be the RID. Is it possible the
owner of the file is a *number*? This would indicate a uid for a
non-existent user. This would fall to algorithmic calculation and possible
no entry in the LDAP database yielding your situation.
Another area that may not be so obvious - is the user in /etc/passwd and
LDAP? This would be horrible especially if the user has two different uid
values.
And the obvious...do you have config and system information? How are uid
values gathered by the system? Same LDAP database? That's important to find
out...
smb.conf, OS version...
Cheers,
Bill
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] OK .. Just one question
No. Only a domain member server. and vice versa. A samba server can only be a domain member server (or lower) in an ADS domain -Original Message- From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Fri 6/01/2006 10:42 PM To: samba@lists.samba.org Subject: [Samba] OK .. Just one question Does Windows 2003 can be a BDC server with a Linux Samba PDC ? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] OK .. Just one question
Thanks for your answer, but in fact I have no ADS, no LDAP too. My 2003 will be used to be a citrix one, so I need to log on it with a profil hosted on my samba PDC. I just want that ... Regards Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Account Unknown for users with Samba 3.0.11/14
Quoting William Jojo [EMAIL PROTECTED]:
- Original Message -
From: [EMAIL PROTECTED]
To: samba@lists.samba.org
Sent: Friday, January 06, 2006 4:48 AM
Subject: Re: [Samba] Account Unknown for users with Samba 3.0.11/14
Quoting [EMAIL PROTECTED]:
The issue is that when I click Properties... Security in Windows on
something shared on the samba server, all the groups come up OK but
users are displayed as (for example) Account Unknown
{S-1-5-21-4012146134-3166284455-2856603714-3038).
I've checked, and that account SID is correct. However, I'd expect it
to eventually resolve to a username - it doesn't.
Well, I'll bet you don't have a group mapping on the groups in question. Any
group that has no group mapping will show up as a local group in the
security tab. If there were a group maping it should show up as a group in a
trusted domain, unless there are no trusts, then it shows a SID value.
Not sure I follow you. Perhaps I didn't explain things clearly enough.
The server is a fileserver - there is no domain involved. Full ACL
support is compiled in and actively used.
The groups show up OK in the security tab - they resolve to local
groups on the fileserver itself, and are displayed in Windows as:
backups (CRONUS\backups)
u4ea-us (CRONUS\u4ea-us)
There's no Windows - Unix group mapping, insofar as the samba server
is let to work out the groups itself from the SID without the aid of
entries in the LDAP database, which it seems to do OK. I imagine it's
working out the group algorithmically from the SID it's presented.
Further investigation has shown that the LDAP server is queried for
Group SIDs, but not for User SIDs.
Yep, that's correct for the Group SID, it's gathering information on the
group value of the filesystem object is my guess.
The user SID should have already been retrieved and stored in the security
context if that is the owner of the fs object. I'm assuming here that
extended ACL's are not involved.
If the SID for the user is not the SID for the DC, you will get unknown user
since LDAP holds the sambaSID and sambaPrimaryGroupSID for each user. In the
I could understand this if Windows was logging on to a domain - AIUI
essentially the scenario you describe would have the same username on
domain controller and fileserver, but SIDs wouldn't be synchronised.
However, the Windows box isn't logging onto a domain.
smbpasswd world, a users SID value is the servers since that info is not
stored in smbpasswd and the RID is algorithmically calculated (uid * 2 +
1000, by default).
The SID Windows displays is:
S-1-5-21-4012146134-3166284455-2856603714-3038
$ ldapsearch -Dcn=manager,dc=u4eatech,dc=com -b dc=u4eatech,dc=com
-h localhost -W -v -x
# jamesc, People, u4eatech.com
dn: uid=jamesc,ou=People,dc=u4eatech,dc=com
uid: jamesc
sambaSID: S-1-5-21-4012146134-3166284455-2856603714-3038
sambaPrimaryGroupSID: S-1-5-21-4012146134-3166284455-2856603714-3001
displayName: James Cort,,,
sambaPwdMustChange: 2147483647
sambaPasswordHistory:
sambaAcctFlags: [U ]
uidNumber: 1019
loginShell: /bin/bash
gidNumber: 1000
homeDirectory: /home/jamesc
gecos: James Cort
cn: James Cort
objectClass: account
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: top
objectClass: u4eaPerson
mail: [EMAIL PROTECTED]
sambaPwdCanChange: 1134664550
sambaLMPassword: XXX
sambaNTPassword: XXX
sambaPwdLastSet: 1134664550
userPassword:: XXX
The problem may not be the SID. It could be the RID. Is it possible the
owner of the file is a *number*? This would indicate a uid for a
non-existent user. This would fall to algorithmic calculation and possible
no entry in the LDAP database yielding your situation.
No, the owner of the file is jamesc, with unix uid 1019.
Another area that may not be so obvious - is the user in /etc/passwd and
LDAP? This would be horrible especially if the user has two different uid
values.
Yes, though with the same UID values in each. How is that a problem, though?
And the obvious...do you have config and system information? How are uid
values gathered by the system? Same LDAP database? That's important to find
out..
Gentoo Linux, the config is:
- Users authenticate via LDAP on both Linux and Samba.
- LDAP server runs locally, slaved from a master elsewhere.
- There's only 1 LDAP database, everything lives in there.
There's similar breakage on another Samba server, which is getting its
authentication from the master LDAP server used mentioned above. I'm
pretty sure it *used* to work; the only possible thing I can think of
which may have broken things is that there was an upgrade to OpenLDAP
some time ago from 2.1.x to 2.2.28.
I've got everything to hand, I'm just not quite sure what is needed.
smb.conf:
[global]
workgroup = u4eatech
netbios name = cronus
server string = Cronus Samba
RE: [Samba] OK .. Just one question
I know Samba can act as a PDC. you asked if win2k3 can be a BDC in a NT style Samba domain. - no is this answer. Then I thought you might also ask if a samba server can be an ADS DC and again no is the answer So if citrix on w2k3 can cope with only being an NT style Samba domain member server then this may be worth investigating -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Sat 7/01/2006 12:06 AM To: Geoffrey Scott Cc: samba@lists.samba.org Subject: RE: [Samba] OK .. Just one question Thanks for your answer, but in fact I have no ADS, no LDAP too. My 2003 will be used to be a citrix one, so I need to log on it with a profil hosted on my samba PDC. I just want that ... Regards Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] DHCP and browsing problem
Hi all, I have got some problem with samba and the browsing. I've got a small network with 4-5 computers wich are using windows xp home and pro. There isn't domain, just a workgroup. The samba serves the master browser and wins functions. The problem came forward when the clinents get ip address via dhcp. The situation is the following: the clients are dissapearing slowly from the browse list. I've debugged this: When the windows clients get static ip, they are broadcasting in the network like this: [2006/01/01 00:05:45, 3] nmbd/nmbd_incomingdgrams.c:process_host_announce(116) process_host_announce: from BYTER00 IP 192.168.1.2 to MAGEX1d for server BYTER. When the clinets get the ip addresses via dhcp, then the announce cancelled and about a half hour later the clinets are dissapearing from the brows list. In the log: [2006/01/01 00:01:31, 3] nmbd/nmbd_serverlistdb.c:expire_servers(212) expire_old_servers: Removing timed out server BYTER If somebody know anything about this problem, I'm looking forward to the solution. Thank You. samba verison: 3.0.14a-3sarge -- Hohl Laszlo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linus Trustees support?
Ups, I wanted to write Linux Trustees support. Linus cannot write every programm... Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows Server 2003 + samba + Solaris 8
Hi, I hope you guys can help... We've currently go an AD domain with its Domain Functional Level set to Windows Server 2003. I've configured samba using the following software versions... samba-3.0.21 openldap-2.3.11 db-4.4.16 cyrus-sasl-2.1.21 flex-2.5.31 autoconf-2.59 openssl-0.9.7 glibiconv-1.9.1 gcc-3.4.2 krb5-1.4.3 m4-1.4.4 bison-2.1 automake-1.9 libtool-1.5.22 However when I try to run the net ads join -U command I get [2006/01/06 14:01:38, 0] utils/net_ads.c:ads_startup(191) ads_connect: Strong(er) authentication required My configuration works fine on different Windows 2000 AD domain we have here, I've tried changing the Security Policy: Domain Controller: LDAP server signing requirements to None as recommended on a couple of websites and it still doesn't work. Any ideas? Thanks Rich. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] iptables rules for samba
Hello to all. There are plenty of posts with iptables rules for samba out there. Unfortunately, they're all different. For a straightforward setup (access by LAN only), is there a definitive set of iptables rules for samba to be found anywhere? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 2.2.8 PDC + LDAP * on different servers?
All: I'm running Samba 2.2.8 as a PDC, using Netscape Directory Server (don't ask :) for an LDAP backend. Is there any technical reason why Samba and LDAP services have to reside on the same server? My predecessors had a lot of trouble getting the two to play nicely when the services were split between two servers, to the point that don't split samba and LDAP is now the stuff of legends. A second question: do settings in /etc/ldap.conf affect Samba's ability to talk to LDAP? As far as I can tell, the only purpose for /etc/ldap.conf is to provide a default (baseDN, bindDN, bindpw, host) for ldapsearch and related tools, and every single LDAP operation I can find relating to samba specifically names the new (baseDN and server IP) for all ldap-related commands; however, Samba still won't play nicely with the new LDAP server. For example: Our old LDAP server runs on the same hardware as the PDC. The replacement LDAP server runs on different hardware. On the PDC [/etc/ldap.conf] host 127.0.0.1 base o=mydomain binddn uid=nosuchuser,ou=container,ou=container2,o=mydomain bindpw password scope sub /opt/samba/sbin/smbldap-* explicitly set the host, baseDN, bindDN, and bindpw for the new LDAP server, but Samba won't talk to LDAP. /On the PDC Do I need to reconfigure /etc/ldap.conf to make Samba talk to the new LDAP server? Thanks, Ryan - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 2.2 member server in samba 3 domain
Would the list expect any problems joining a machine running samba 2.2 to a domain in which the PDC is running samba 3? Thanks, Ryan - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bugs in 3.0.21a
On Friday 06 January 2006 03:12, Farkas Levente wrote: Gerald (Jerry) Carter wrote: Farkas Levente wrote: This was part of the 'winbind enable local accounts' which has long been removed. but nowhere documented what's more it's included in the changelog and the how to upgrade docs. and was it replaced with something or ...? 'winbind enable local accounts' was listed as deprecated for several releases before it was removed. The 'template primary group' was only used in that code path so there is no need to replace it with anything. Were you actually using 'winbind enable local accounts'? No one ever spoke up. we never use 'winbind enable local accounts', but we've got (and read) the 'samba 3 by example' book page 240 and 242 and that's contain it. or just see: http://www.samba.org/samba/docs/man/Samba3-ByExample/unixclients.html example 7.5 and 7.7. yours. I have removed the use of this parameter from the smb.conf and from the FAQ section of this chapter. Thanks for pointing me to it. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OK .. Just one question
On Friday 06 January 2006 04:42, [EMAIL PROTECTED] wrote: Does Windows 2003 can be a BDC server with a Linux Samba PDC ? Just one answer: No. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] only see a partial list of shares using smbclient -L
I've got a Win2K server that shares out several dozen printers and a number of disk shares. If I run net view \\MY-PRINTSRV from a windows box, I see a full list of all the disk and print shares. If I run smbclient -L MY-PRINTSRV from a linux box, I see only few of the those shares. Randomly selected from the full list, and just ones with shorter names with no spaces in them. (Many of the printer names are long, and have spaces in their name.) What's causing that, and is there anything I can do about it? -- Mark Atwood When you do things right, people won't be sure [EMAIL PROTECTED] you've done anything at all. http://mark.atwood.name/ http://www.livejournal.com/users/fallenpegasus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Forced group inherit with object move
Hello, This matter seems to be asked every now and then, but I couldn't find if there is a solution today: I had a need (due to compatibily reasons with old Netware server) provide a way to get access rights and _group_ownership_ for a file / directory / whole directory tree, based on the group ownership of the parent directory where the object is *moved* to. By default, the group ownership doesn't change during move to another directory, it does happen if the object is copied. Same problem which is described here: http://tinyurl.com/cpqf5 http://groups.google.com/group/linux.samba/browse_frm/thread/42f455b30df62243 Is there any way to overcome this? Kind of forced group inherit = yes setting? Regards, Timo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Permission set up
Hi all, what i have to write to samba.conf if i wanna to have permission read, writte, delete just for user vlado and for all others just read ? help pliz Thanx, Vlad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] share 'browseable' only to 'valid users'
Hi, Is it possible for a share to be 'browseable' to only people defined in the 'valid users' directive, and make it invisible to everyone else? thanks, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.2 and XP clients
Hi all, I have successfully used Samba 2.2.2 on SCO for a couple of years now.I have found that it works well. This is because 2.2.2 allows us certain freedoms which we like: We can run it on the inside of a firewall, making everyone the guest user ( security = share ), and I don't have to use an extra server to serve up our Micro$ Access application. We have installed the App at 3 other clients. At client #1, all of the PC's run XP at service pack 1. At the older clients, there is no XP at all. We had an issue with oplocks at client #1, until I set oplocks = False. Then everything cleared up. Now, I get a client with all XP at service pack 2, and nothing we do helps. We have changed the registries on the clients ( using a utility from micro$ - I might have to do it manually ),The Windows consultant working with us says it's good on his side. We still see the oplock entries in the client log files. We have other issues, but this one is killing me. I have also had the network connections tested for integrity issues ( have any cables been injured, or broken somehow ).In order to rule out the smb.conf, I copied the one from client #1. Could SP2 somehow be playing a role?We are experiencing DAILY database corruptions - not good for credibility.Two users in particular experience this corruption more often, especially when both are on. If anyone has any ideas to help me further isolate the problem or wants to see logs ( or parts of logs ), let me know.I am trying to build 3.0.21, but will post my problems with that in a separate post. I can facilitate some of this via Chat - I might get on this weekend. My handle is glbny. Thanks very much in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] entering multiple user accounts
I'm setting up Samba for a client and would like to get some info on the following issues: 1) They login in normally to NetWare SBS6, can I just map a drive to the Samba server through the login script or 2) Do I need to put eDirectory on the Linux (SLESv9) server to allow it be logged on via Novell Client32? 3) Is there a tool that can read in accounts from NetWare (Identity Manager type) or does this have to be done manually setting up user and machine accounts (the desktops are W2kXPP). Thanks Jon !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=Content-Type content=text/html; charset=us-ascii META content=MSHTML 6.00.2900.2802 name=GENERATOR/HEAD BODY style=MARGIN-TOP: 2px; FONT: 10pt Arial; MARGIN-LEFT: 2px DIVI'm setting up Samba for a client and would like to get some info on the following issues:/DIV DIV1) They login in normally to NetWare SBS6,nbsp;can I just map a drive to the Samba server through the login scriptnbsp;or/DIV DIV2) Do I need to put eDirectory on the Linux (SLESv9) server to allow it be logged on via Novell Client32?/DIV DIV3) Is there a tool that can read in accounts from NetWare (Identity Manager type) or does this have to be done manually setting up user and machine accounts (the desktops are W2kXPP)./DIV DIVnbsp;/DIV DIVnbsp;/DIV DIVThanks/DIV DIVnbsp;/DIV DIVJon/DIV/BODY/HTML -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [Updateed] net ads join Core Dumps.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christopher Peter Welsh wrote: It seems to be happening with other net command variations (ie. net group, net user). Net time works ok. Looks like a either a problem with the LDAP libs or how we are calling them on 64-bit platforms. Could you test 3.0.21a just to see if the problem is still present and if so file at bug for us? Thanks. === [2006/01/06 16:43:05, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 5369 (3.0.20) Please read the appendix Bugs of the Samba HOWTO collection [2006/01/06 16:43:05, 0] lib/fault.c:fault_report(39) === [2006/01/06 16:43:05, 0] lib/util.c:smb_panic2(1548) PANIC: internal error [2006/01/06 16:43:05, 0] lib/util.c:smb_panic2(1556) BACKTRACE: 15 stack frames: #0 smbd(smb_panic2+0x189) [0x55734383] #1 smbd(smb_panic+0xe) [0x557341f8] #2 smbd [0x5571dbbc] #3 smbd [0x5571dc14] #4 /lib64/tls/libc.so.6 [0x2c1a1b60] #5 /usr/lib64/libldap-2.3.so.0(ldap_set_option+0x48) [0x2abe5978] #6 smbd(ads_do_search+0x1ce) [0x5579c9cc] #7 smbd(ads_server_info+0xb4) [0x557a0865] #8 smbd(ads_connect+0xea) [0x5579bc30] #9 smbd(check_published_printers+0xf1) [0x5575fa05] #10 smbd(nt_printing_init+0x46c) [0x55758a5c] #11 smbd(print_backend_init+0x186) [0x557528b1] #12 smbd(main+0x4c9) [0x557bc841] #13 /lib64/tls/libc.so.6(__libc_start_main+0xda) [0x2c18f4fa] #14 smbd [0x555a92ca] cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDvwODIR7qMdg1EfYRAr+XAJwJAmg5/tuwCnyyZpe/n6NUUUb2CACgkjIM DfgudvKpVExDtViyJkX3U7o= =PXnc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CIFS + NFS'ing a single filesystem w/ locking
Hi, I have a Solaris 10 server exporting UFS directories using built-in NFS. I've built Samba 3.0.20b from OpenPKG (www.openpkg.org). I have a Solaris 10 (x86) client mounting the NFS share and opening OpenDocument files using StarOffice 8 (SO8, aka OO2.0). I also have a Windows 2003 Terminal Server mounting the Samba share and opening documents with SO8. This is a temporary development environment, so I can screw around with it. I have a similar, production environment using RHEL3 (clients) and Solaris 9 (server), with no Samba. Ie: I would like to export NFS shares as CIFS shares using Samba. But: I want file locking. StarOffice 8/OO2.0 support file locking, whereby the first user to open a file will place a lock* on the file, and the other users will get a read-only file. This works fine with NFS nlockmgr (cross platform, linux/solaris). However, when I add Samba to the mix, it doesn't seem to see the locks. I am under the impression this is because Solaris does not support kernel oplocks. Here is my smb.conf: ---smb.conf--- [global] workgroup = test security = share [shared] path = /export/home/shared read only = No guest ok = yes locking = yes [I've tried leaving this out] kernel oplocks = yes [I've tried this as yes and left it out] oplocks = yes [I've tried not setting this, and diff combinations with locking] level2 oplocks = no [I've tried not setting this] ---smb.conf I also attempted to NFS mount the share from a RHEL3 box (which should support kernel oplocks) and then share it back out with Samba. Locks do not work here either (yes, I had anon and root properally set). I would think that the kernel oplock code in RHEL3's kernel would allow the locks to propegate down from Samba, and back out to the NFS server using lockd. It could also be that my understanding of what a lock is is not exactly correct. Ie: NFS lock != Samba lock. I have some indication of this based on the locking directory that exists for Samba, and the fact that lock on Windows is not implemented the same way as on UNIX. The specific symptoms of the lock not working are the following: - a file first opened on the solaris client will yield a file type selection box on the windows box (a sign that windows can't read the file, and a sign it is seeing some kind of lock) - a file first opened on the windows side, and then opened on the solaris client side will show read/write status on both clients - if the windows client then tries to save, it will get an I/O error (so it must be seeing some kind of lock...) - if the solaris client tries to save, it can save fine, not being informed that another user has the file open This is obviously somewhat problmatic! Am I totally missing something here, or does NFS/CIFS file locking simply not work? I seem to remember reading somewhere that NFS/CIFS from a Linux host works fine, and that NFS/CIFS on other systems won't work (save IRIX) because they don't have kernel oplock support for Samba. So: have I done something wrong, or is this the way things are? OR: Is it that the type of lock placed on the file when *nix OO2.0 opens a file is incompatible with the type of lock Samba thinks is ok wrt oplocks in the Samba code? *: It looks like lock type is a F_WRLCK on *nix, and a dwAccess |= GENERIC_WRITE for win32, based on my cursory, vastly under-knowledged reading of the OpenOffice 2.0 source code (sal/osl/unx/file.cxx and sal/osl/w32/file.cxx). Line 2450 in w32/file.cxx, line 548 in unx/file.cxx. Thanks a bunch! -- adam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
NMBD Problem on Samba2.2.8+Multinet and OpenVMS 7.3-1
Hi all, I installed Samba 2.2.8 for OpenVMS on my Alpha running OVMS 7.3-1 and Multinet 5.1. SMBD runs fine over Multinet. The problem is that NMBD does not start at all. I have tried even entering the commands from NMBD_STARTUP.COM one by one but no luck to have NMBD running. SAMBA_STARTUP.COM shows: $ run/detached - /input=samba_exe:nmbd_startup.com - /output=samba_root:[var]nmbd_startup.log - /uic=system - /process_name=NMBD - sys$system:loginout.exe I noticed that SOCKETSHR has not been definied from NMBD_STARTUP.COM as well, so it seems that NMBD_STARTUP.COM is not getting started. What is wrong with the command above ? I can not see any process NMBD running and the system has not been broadcast on the network. I appreciate any help on this matter. Thanks, Luiz Emediato PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: NMBD Problem on Samba2.2.8+Multinet and OpenVMS 7.3-1
More about this problem: 1-) With -d1 only option, NMBD stops with no error at all: $ Set NoOn $ VERIFY = F$VERIFY(F$TRNLNM(SYLOGIN_VERIFY)) $ arch = f$getsyi(ARCH_NAME) $ nmbd :== $samba_root:[bin]nmbd $ opt = f$trnlnm(SAMBA_NMBD_OPTIONS) $ nmbd -d1 SYSTEM job terminated at JANUARY 7, 2006 02:16 AM Accounting information: Buffered I/O count:191 Peak working set size: 5728 Direct I/O count: 234 Peak virtual size: 175328 Page faults: 421 Mounted volumes: 0 Charged CPU time:0 00:00:00.22 Elapsed time: 0 00:00:03.00 2-) Including -i option to NMBD I got another error: ERROR: Failed when creating subnet lists. Exiting. $ Set NoOn $ VERIFY = F$VERIFY(F$TRNLNM(SYLOGIN_VERIFY)) $ arch = f$getsyi(ARCH_NAME) $ nmbd :== $samba_root:[bin]nmbd $ opt = f$trnlnm(SAMBA_NMBD_OPTIONS) $!! nmbd -d1 'opt' $ nmbd -d1 -i Netbios nameserver version 2.2.8 started. Copyright Andrew Tridgell and the Samba Team 1994-2002 stm_open: open /samba_root/lib/smb.conf, flags , fd = 3 stm_close: fd = 3 stm_open: open /samba_root/lib/codepages/codepage.850, flags , fd = 3 stm_close: fd = 3 standard input is not a socket, assuming -D option stm_open: open /samba_root/var/locks, flags , fd = -1 stm_open: open /samba_root/var/locks/nmbd.pid, flags 8000, fd = -1 stm_open: open /samba_root/var/locks/nmbd.pid, flags 8a01, fd = 3 stm_close: fd = 3 stm_open: open /samba_root/var/locks, flags , fd = -1 No 'live' WINS servers found. Check 'wins server' parameter. ERROR: Failed when creating subnet lists. Exiting. SYSTEM job terminated at JANUARY 7, 2006 02:23 AM Accounting information: Buffered I/O count:185 Peak working set size: 5360 Direct I/O count: 83 Peak virtual size: 175200 Page faults: 430 Mounted volumes: 0 Charged CPU time:0 00:00:00.14 Elapsed time: 0 00:00:01.58 All comments are well appreciated. Luiz On Fri, 6 Jan 2006, Luiz Guilherme Regis Emediato wrote: Hi all, I installed Samba 2.2.8 for OpenVMS on my Alpha running OVMS 7.3-1 and Multinet 5.1. SMBD runs fine over Multinet. The problem is that NMBD does not start at all. I have tried even entering the commands from NMBD_STARTUP.COM one by one but no luck to have NMBD running. SAMBA_STARTUP.COM shows: $ run/detached - /input=samba_exe:nmbd_startup.com - /output=samba_root:[var]nmbd_startup.log - /uic=system - /process_name=NMBD - sys$system:loginout.exe I noticed that SOCKETSHR has not been definied from NMBD_STARTUP.COM as well, so it seems that NMBD_STARTUP.COM is not getting started. What is wrong with the command above ? I can not see any process NMBD running and the system has not been broadcast on the network. I appreciate any help on this matter. Thanks, Luiz Emediato PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r12735 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/param branches/SAMBA_3_0/source/smbd trunk/source trunk/source/param trunk/source/smbd
Author: vlendec Date: 2006-01-06 10:27:12 + (Fri, 06 Jan 2006) New Revision: 12735 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12735 Log: After talking to Tridge and Jeremy... This needs to be made more generic before it goes in. Volker Removed: branches/SAMBA_3_0/source/smbd/gpfs.c trunk/source/smbd/gpfs.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/smbd/open.c branches/SAMBA_3_0/source/smbd/oplock_linux.c branches/SAMBA_3_0/source/smbd/server.c trunk/source/Makefile.in trunk/source/configure.in trunk/source/param/loadparm.c trunk/source/smbd/open.c trunk/source/smbd/oplock_linux.c trunk/source/smbd/server.c Changeset: Sorry, the patch is too large (675 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12735
svn commit: samba r12736 - in trunk/source: include nsswitch
Author: gd
Date: 2006-01-06 10:27:20 + (Fri, 06 Jan 2006)
New Revision: 12736
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12736
Log:
Move SAMR reject reasons where they belong to.
Guenther
Modified:
trunk/source/include/rpc_samr.h
trunk/source/nsswitch/pam_winbind.h
Changeset:
Modified: trunk/source/include/rpc_samr.h
===
--- trunk/source/include/rpc_samr.h 2006-01-06 10:27:12 UTC (rev 12735)
+++ trunk/source/include/rpc_samr.h 2006-01-06 10:27:20 UTC (rev 12736)
@@ -1834,6 +1834,9 @@
} SAMR_Q_CHGPASSWD3;
+#define REJECT_REASON_TOO_SHORT0x0001
+#define REJECT_REASON_IN_HISTORY 0x0002
+
/* SAMR_CHANGE_REJECT */
typedef struct samr_change_reject
{
Modified: trunk/source/nsswitch/pam_winbind.h
===
--- trunk/source/nsswitch/pam_winbind.h 2006-01-06 10:27:12 UTC (rev 12735)
+++ trunk/source/nsswitch/pam_winbind.h 2006-01-06 10:27:20 UTC (rev 12736)
@@ -106,9 +106,6 @@
#define DAYS_TO_WARN_BEFORE_PWD_EXPIRES 5
-#define REJECT_REASON_TOO_SHORT0x0001
-#define REJECT_REASON_IN_HISTORY 0x0002
-
#include winbind_client.h
#define PAM_WB_REMARK_DIRECT(h,x)\
svn commit: samba r12737 - in trunk/source/nsswitch: .
Author: gd
Date: 2006-01-06 10:30:02 + (Fri, 06 Jan 2006)
New Revision: 12737
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12737
Log:
Remove the chauthtok path using kerberos. XP doesn't use kerberos for
changing password in the Change Password dialogue anyway.
Guenther
Modified:
trunk/source/nsswitch/winbindd_pam.c
Changeset:
Modified: trunk/source/nsswitch/winbindd_pam.c
===
--- trunk/source/nsswitch/winbindd_pam.c2006-01-06 10:27:20 UTC (rev
12736)
+++ trunk/source/nsswitch/winbindd_pam.c2006-01-06 10:30:02 UTC (rev
12737)
@@ -1572,36 +1572,6 @@
oldpass = state-request.data.chauthtok.oldpass;
newpass = state-request.data.chauthtok.newpass;
-
- if (contact_domain-active_directory
- (state-request.flags WBFLAG_PAM_KRB5)) {
-
- /* the error mapping is just too hard to get correct (at least
at the moment) - Guenther */
- DEBUG(3,(winbindd_pam_chauthtok: password change over Kerberos
is currently disabled;
- falling back to msrpc method\n));
-
- goto chauthtok_rpc;
-#if 0
- ADS_STATUS status;
-
- status = kerberos_set_password(contact_domain-dcname, user,
- oldpass, user, newpass,
- 0);
-
- /* derive the resulting NT_STATUS code from the ADS_ERROR */
- result = krb5_to_nt_status(status.err.rc);
-
- if (!ADS_ERR_OK(status)) {
- DEBUG(0,(failed to set password using Kerberos: %s\n,
- nt_errstr(result)));
- }
-
- goto done;
-#endif
- }
-
-chauthtok_rpc:
-
/* Get sam handle */
result = cm_connect_sam(contact_domain, state-mem_ctx, cli,
svn commit: samba r12738 - in branches/SAMBA_4_0/source/scripting/ejs: .
Author: abartlet
Date: 2006-01-06 12:24:49 + (Fri, 06 Jan 2006)
New Revision: 12738
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12738
Log:
Use a talloc_reference to ensure this doesn't get free()'ed too early.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/ejs/smbcalls_creds.c
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_creds.c
===
--- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_creds.c2006-01-06
10:30:02 UTC (rev 12737)
+++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_creds.c2006-01-06
12:24:49 UTC (rev 12738)
@@ -237,6 +237,9 @@
int ejs_credentials_cmdline(int eid, int argc, struct MprVar **argv)
{
struct MprVar *obj = mprInitObject(eid, credentials, argc, argv);
+ if (talloc_reference(mprMemCtx(), cmdline_credentials) == NULL) {
+ return -1;
+ }
return ejs_credentials_obj(obj, cmdline_credentials);
}
svn commit: samba r12739 - in branches/SAMBA_4_0: source/scripting/libjs source/setup swat/install
Author: abartlet
Date: 2006-01-06 12:29:06 + (Fri, 06 Jan 2006)
New Revision: 12739
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12739
Log:
Add support for using credentials in the provision process.
This should allow us to provision to a 'normal' LDAP server.
Also add in 'session info' hooks (unused). Both of these need to be
hooked in on the webserver.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/libjs/provision.js
branches/SAMBA_4_0/source/setup/provision
branches/SAMBA_4_0/swat/install/provision.esp
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-06
12:24:49 UTC (rev 12738)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-06
12:29:06 UTC (rev 12739)
@@ -16,6 +16,7 @@
{
var lp = loadparm_init();
var ldb = ldb_init();
+ ldb.credentials = credentials_cmdline();
if (lp.get(realm) == ) {
return false;
}
@@ -174,19 +175,21 @@
/*
setup a ldb in the private dir
*/
-function setup_ldb(ldif, dbname, subobj)
+function setup_ldb(ldif, session_info, credentials, dbname, subobj)
{
var erase = true;
var extra = ;
var ldb = ldb_init();
var lp = loadparm_init();
+ ldb.session_info = session_info;
+ ldb.credentials = credentials;
- if (arguments.length = 4) {
- extra = arguments[3];
+ if (arguments.length = 6) {
+ extra = arguments[5];
}
- if (arguments.length == 5) {
- erase = arguments[4];
+ if (arguments.length == 7) {
+ erase = arguments[6];
}
var src = lp.get(setup directory) + / + ldif;
@@ -257,12 +260,12 @@
/*
provision samba4 - caution, this wipes all existing data!
*/
-function provision(subobj, message, blank, paths)
+function provision(subobj, message, blank, paths, session_info, credentials)
{
var data = ;
var lp = loadparm_init();
var sys = sys_init();
-
+
/*
some options need to be upper/lower case
*/
@@ -291,7 +294,7 @@
lp.reload();
}
message(Setting up secrets.ldb\n);
- setup_ldb(secrets.ldif, paths.secrets, subobj);
+ setup_ldb(secrets.ldif, session_info, credentials, paths.secrets,
subobj);
message(Setting up DNS zone file\n);
setup_file(provision.zone,
paths.dns,
@@ -300,20 +303,20 @@
var keytab_ok = credentials_update_all_keytabs();
assert(keytab_ok);
message(Setting up hklm.ldb\n);
- setup_ldb(hklm.ldif, paths.hklm, subobj);
+ setup_ldb(hklm.ldif, session_info, credentials, paths.hklm, subobj);
message(Setting up sam.ldb attributes\n);
- setup_ldb(provision_init.ldif, paths.samdb, subobj);
+ setup_ldb(provision_init.ldif, session_info, credentials,
paths.samdb, subobj);
message(Setting up sam.ldb schema\n);
- setup_ldb(schema.ldif, paths.samdb, subobj, NULL, false);
+ setup_ldb(schema.ldif, session_info, credentials, paths.samdb,
subobj, NULL, false);
message(Setting up display specifiers\n);
- setup_ldb(display_specifiers.ldif, paths.samdb, subobj, NULL, false);
+ setup_ldb(display_specifiers.ldif, session_info, credentials,
paths.samdb, subobj, NULL, false);
message(Setting up sam.ldb templates\n);
- setup_ldb(provision_templates.ldif, paths.samdb, subobj, NULL, false);
+ setup_ldb(provision_templates.ldif, session_info, credentials,
paths.samdb, subobj, NULL, false);
message(Setting up sam.ldb data\n);
- setup_ldb(provision.ldif, paths.samdb, subobj, NULL, false);
+ setup_ldb(provision.ldif, session_info, credentials, paths.samdb,
subobj, NULL, false);
if (blank == false) {
message(Setting up sam.ldb users and groups\n);
- setup_ldb(provision_users.ldif, paths.samdb, subobj, data,
false);
+ setup_ldb(provision_users.ldif, session_info, credentials,
paths.samdb, subobj, data, false);
}
}
@@ -403,12 +406,14 @@
/*
add a new user record
*/
-function newuser(username, unixname, password, message)
+function newuser(username, unixname, password, message, subobj, session_info,
credentials)
{
var lp = loadparm_init();
var samdb = lp.get(sam database);
var ldb = ldb_init();
random_init(local);
+ ldb.session_info = session_info;
+ ldb.credentials = credentials;
/* connect to the sam */
var ok = ldb.connect(samdb);
Modified: branches/SAMBA_4_0/source/setup/provision
===
--- branches/SAMBA_4_0/source/setup/provision 2006-01-06 12:24:49 UTC (rev
12738)
+++
svn commit: samba r12740 - in trunk/source/nsswitch: .
Author: gd
Date: 2006-01-06 13:41:56 + (Fri, 06 Jan 2006)
New Revision: 12740
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12740
Log:
Add account_lockout_policy_handler to the winbind child.
This makes sure we query the domain lockout policies on startup and then
again each hour so that offline authentication can correctly lockout
accounts to prevent offline password attacks.
Guenther
Modified:
trunk/source/nsswitch/winbindd.h
trunk/source/nsswitch/winbindd_dual.c
Changeset:
Modified: trunk/source/nsswitch/winbindd.h
===
--- trunk/source/nsswitch/winbindd.h2006-01-06 12:29:06 UTC (rev 12739)
+++ trunk/source/nsswitch/winbindd.h2006-01-06 13:41:56 UTC (rev 12740)
@@ -143,7 +143,9 @@
struct winbindd_domain *domain;
pstring logfilename;
+ TALLOC_CTX *mem_ctx;
struct fd_event event;
+ struct timed_event *timed_event;
struct winbindd_async_request *requests;
};
Modified: trunk/source/nsswitch/winbindd_dual.c
===
--- trunk/source/nsswitch/winbindd_dual.c 2006-01-06 12:29:06 UTC (rev
12739)
+++ trunk/source/nsswitch/winbindd_dual.c 2006-01-06 13:41:56 UTC (rev
12740)
@@ -235,6 +235,8 @@
setup_async_write(child-event, request-request,
sizeof(*request-request),
async_main_request_sent, request);
+
+ talloc_destroy(child-mem_ctx);
return;
}
@@ -447,6 +449,37 @@
schedule_async_request(child);
}
+static void account_lockout_policy_handler(struct timed_event *te,
+ const struct timeval *now,
+ void *private_data)
+{
+ struct winbindd_child *child = private_data;
+
+ struct winbindd_methods *methods;
+ SAM_UNK_INFO_12 lockout_policy;
+ NTSTATUS result;
+
+ DEBUG(10,(account_lockout_policy_handler called\n));
+
+ if (child-timed_event) {
+ talloc_free(child-timed_event);
+ }
+
+ methods = child-domain-methods;
+
+ result = methods-lockout_policy(child-domain, child-mem_ctx,
lockout_policy);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(10,(account_lockout_policy_handler: failed to call
lockout_policy\n));
+ return;
+ }
+
+ child-timed_event = add_timed_event(child-mem_ctx,
+timeval_current_ofs(3600, 0),
+account_lockout_policy_handler,
+account_lockout_policy_handler,
+child);
+}
+
static BOOL fork_domain_child(struct winbindd_child *child)
{
int fdpair[2];
@@ -498,7 +531,18 @@
lp_set_logfile(child-logfilename);
reopen_logs();
}
-
+
+ child-mem_ctx = talloc_init(child_mem_ctx);
+ if (child-mem_ctx == NULL) {
+ return False;
+ }
+
+ child-timed_event = add_timed_event(child-mem_ctx,
+timeval_zero(),
+account_lockout_policy_handler,
+account_lockout_policy_handler,
+child);
+
while (1) {
int ret;
svn commit: samba r12741 - in trunk/source/nsswitch: .
Author: gd
Date: 2006-01-06 14:15:59 + (Fri, 06 Jan 2006)
New Revision: 12741
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12741
Log:
Fix order of checks in winbindd_dual_pam_auth_cached().
According to Jeremy we may never leak account property information
before having successfully checked the user's password.
Guenther
Modified:
trunk/source/nsswitch/winbindd_pam.c
Changeset:
Modified: trunk/source/nsswitch/winbindd_pam.c
===
--- trunk/source/nsswitch/winbindd_pam.c2006-01-06 13:41:56 UTC (rev
12740)
+++ trunk/source/nsswitch/winbindd_pam.c2006-01-06 14:15:59 UTC (rev
12741)
@@ -714,46 +714,6 @@
*info3 = my_info3;
- my_info3-user_flgs |= LOGON_CACHED_ACCOUNT;
-
- if (my_info3-acct_flags ACB_AUTOLOCK) {
- return NT_STATUS_ACCOUNT_LOCKED_OUT;
- }
-
- if (my_info3-acct_flags ACB_DISABLED) {
- return NT_STATUS_ACCOUNT_DISABLED;
- }
-
- if (my_info3-acct_flags ACB_WSTRUST) {
- return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
- }
-
- if (my_info3-acct_flags ACB_SVRTRUST) {
- return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
- }
-
- if (my_info3-acct_flags ACB_DOMTRUST) {
- return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
- }
-
- if (!(my_info3-acct_flags ACB_NORMAL)) {
- DEBUG(10,(winbindd_dual_pam_auth_cached: whats wrong with that
one?: 0x%08x\n, my_info3-acct_flags));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- kickoff_time = nt_time_to_unix(my_info3-kickoff_time);
- if (kickoff_time != 0 time(NULL) kickoff_time) {
- return NT_STATUS_ACCOUNT_EXPIRED;
- }
-
- must_change_time = nt_time_to_unix(my_info3-pass_must_change_time);
- if (must_change_time != 0 must_change_time time(NULL)) {
- return NT_STATUS_PASSWORD_EXPIRED;
- }
-
- /* FIXME: we possibly should handle logon hours as well (does xp when
-* offline?) see auth/auth_sam.c:sam_account_ok for details */
-
E_md4hash(state-request.data.auth.pass, new_nt_pass);
dump_data(100, (const char *)new_nt_pass, NT_HASH_LEN);
@@ -764,6 +724,47 @@
/* User *DOES* know the password, update logon_time and reset
* bad_pw_count */
+ my_info3-user_flgs |= LOGON_CACHED_ACCOUNT;
+
+ if (my_info3-acct_flags ACB_AUTOLOCK) {
+ return NT_STATUS_ACCOUNT_LOCKED_OUT;
+ }
+
+ if (my_info3-acct_flags ACB_DISABLED) {
+ return NT_STATUS_ACCOUNT_DISABLED;
+ }
+
+ if (my_info3-acct_flags ACB_WSTRUST) {
+ return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
+ }
+
+ if (my_info3-acct_flags ACB_SVRTRUST) {
+ return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
+ }
+
+ if (my_info3-acct_flags ACB_DOMTRUST) {
+ return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
+ }
+
+ if (!(my_info3-acct_flags ACB_NORMAL)) {
+ DEBUG(10,(winbindd_dual_pam_auth_cached: whats wrong
with that one?: 0x%08x\n,
+ my_info3-acct_flags));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ kickoff_time = nt_time_to_unix(my_info3-kickoff_time);
+ if (kickoff_time != 0 time(NULL) kickoff_time) {
+ return NT_STATUS_ACCOUNT_EXPIRED;
+ }
+
+ must_change_time =
nt_time_to_unix(my_info3-pass_must_change_time);
+ if (must_change_time != 0 must_change_time time(NULL)) {
+ return NT_STATUS_PASSWORD_EXPIRED;
+ }
+
+ /* FIXME: we possibly should handle logon hours as well (does
xp when
+* offline?) see auth/auth_sam.c:sam_account_ok for details */
+
unix_to_nt_time(my_info3-logon_time, time(NULL));
my_info3-bad_pw_count = 0;
svn commit: samba r12742 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd
Date: 2006-01-06 14:55:26 + (Fri, 06 Jan 2006)
New Revision: 12742
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12742
Log:
Don't write null sid mappings into the winbindd_cache.tdb.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c
trunk/source/nsswitch/winbindd_cache.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-01-06 14:15:59 UTC
(rev 12741)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-01-06 14:55:26 UTC
(rev 12742)
@@ -989,7 +989,9 @@
status = domain-backend-name_to_sid(domain, mem_ctx, domain_name,
name, sid, type);
/* and save it */
- wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
+ if (NT_STATUS_IS_OK(status)) {
+ wcache_save_name_to_sid(domain, status, domain_name, name, sid,
*type);
+ }
/* We can't save the sid to name mapping as we don't know the
correct case of the name without looking it up */
Modified: trunk/source/nsswitch/winbindd_cache.c
===
--- trunk/source/nsswitch/winbindd_cache.c 2006-01-06 14:15:59 UTC (rev
12741)
+++ trunk/source/nsswitch/winbindd_cache.c 2006-01-06 14:55:26 UTC (rev
12742)
@@ -1204,7 +1204,9 @@
status = domain-backend-name_to_sid(domain, mem_ctx, domain_name,
name, sid, type);
/* and save it */
- wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
+ if (NT_STATUS_IS_OK(status)) {
+ wcache_save_name_to_sid(domain, status, domain_name, name, sid,
*type);
+ }
/* We can't save the sid to name mapping as we don't know the
correct case of the name without looking it up */
svn commit: samba r12743 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules lib/ldb/common lib/ldb/include lib/ldb/ldb_ildap lib/ldb/ldb_ldap lib/ldb/ldb_sqlite3 lib/ldb/ldb_tdb lib/ldb/modules
Author: idra Date: 2006-01-06 16:12:45 + (Fri, 06 Jan 2006) New Revision: 12743 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12743 Log: Remove the ugly way we had to make a second stage init and introduce a second_stage_init private function for modules that need a second stage init. Simo. Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/extended_dn.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectguid.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/proxy.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samba3sam.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c branches/SAMBA_4_0/source/lib/ldb/common/ldb.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c branches/SAMBA_4_0/source/lib/ldb/modules/operational.c branches/SAMBA_4_0/source/lib/ldb/modules/paged_results.c branches/SAMBA_4_0/source/lib/ldb/modules/rdn_name.c branches/SAMBA_4_0/source/lib/ldb/modules/schema.c branches/SAMBA_4_0/source/lib/ldb/modules/skel.c branches/SAMBA_4_0/source/lib/ldb/modules/sort.c Changeset: Sorry, the patch is too large (644 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12743
svn commit: samba-docs r905 - in trunk/Samba3-ByExample: .
Author: jht Date: 2006-01-06 18:32:33 + (Fri, 06 Jan 2006) New Revision: 905 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=905 Log: Removing mention of the winbind enable local accounts parameter. Modified: trunk/Samba3-ByExample/SBE-AddingUNIXClients.xml trunk/Samba3-ByExample/SBE-SecureOfficeServer.xml trunk/Samba3-ByExample/SBE-SimpleOfficeServer.xml Changeset: Modified: trunk/Samba3-ByExample/SBE-AddingUNIXClients.xml === --- trunk/Samba3-ByExample/SBE-AddingUNIXClients.xml2005-12-30 17:23:20 UTC (rev 904) +++ trunk/Samba3-ByExample/SBE-AddingUNIXClients.xml2006-01-06 18:32:33 UTC (rev 905) @@ -1035,7 +1035,6 @@ smbconfoption name=add user script/usr/sbin/useradd -m '%u'/smbconfoption smbconfoption name=add machine script/usr/sbin/useradd -M '%u'/smbconfoption smbconfoption name=add group script/usr/sbin/groupadd '%g'/smbconfoption -smbconfoption name=winbind enable local accountsYes/smbconfoption smbconfoption name=log file/var/log/samba/%m/smbconfoption smbconfoption name=max log size0/smbconfoption smbconfoption name=smb ports139/smbconfoption @@ -2631,79 +2630,6 @@ question paraindexterm - primarywinbind enable local accounts/primary - /indextermindexterm - primary/etc/passwd/primary - /indextermindexterm - primaryoptions list/primary - /indextermindexterm - primaryACL/primary - /indextermindexterm - primaryshare/primary - /indexterm - In my smb.conf; file, I enabled the parameter parameterwinbind enable local accounts - /parameter on all domain member servers, but it does not work. The accounts I put in - filename/etc/passwd/filename do not show up in the options list when I try to set an - ACL on a share. What have I done wrong? - /para - - /question - answer - - paraindexterm - primarylocal users/primary - /indextermindexterm - primarylocal groups/primary - /indextermindexterm - primaryUNIX account/primary - /indextermindexterm - primarygetpwnam()/primary - /indextermindexterm - primarygetgrgid()/primary - /indextermindexterm - primaryIdentity resolution/primary - /indextermindexterm - primaryfailure/primary - /indextermindexterm - primaryDomain/primary - /indexterm - The manual page for this smb.conf; file parameter clearly says, quoteThis parameter - controls whether or not winbindd will act as a stand-in replacement for the various - account management hooks in smb.conf (for example, add user script). If enabled, winbindd - will support the creation of local users and groups as another source of UNIX account - information available via getpwnam() or getgrgid(), etc/quote By default this - parameter is already enabled; therefore, the action you are seeing is a result of a failure - of identity resolution in the domain. - /para - - paraindexterm - primaryDomain logons/primary - /indextermindexterm - primaryIdentity resolution/primary - /indextermindexterm - primaryDomain/primary - secondaryuser/secondary - /indextermindexterm - primaryDomain/primary - secondarygroup/secondary - /indextermindexterm - primaryUID/primary - /indextermindexterm - primaryGID/primary - /indexterm - These are the accounts that are available for Windows network domain logons. Providing - identity resolution has been correctly configured on the domain controllers as well as - on domain member servers. The domain user and group identities automatically map - to a valid local UID and GID pair. - /para - - /answer - /qandaentry - - qandaentry - question - - paraindexterm primarytrusted domains/primary /indextermindexterm primarydomain/primary Modified: trunk/Samba3-ByExample/SBE-SecureOfficeServer.xml === --- trunk/Samba3-ByExample/SBE-SecureOfficeServer.xml 2005-12-30 17:23:20 UTC (rev 904) +++ trunk/Samba3-ByExample/SBE-SecureOfficeServer.xml 2006-01-06 18:32:33 UTC (rev 905) @@ -1077,12 +1077,12 @@ indextermprimaryfile system/primarysecondarypermissions/secondary/indexterm
svn commit: samba r12744 - in branches/SAMBA_4_0/source/scripting/ejs: .
Author: abartlet
Date: 2006-01-06 19:37:13 + (Fri, 06 Jan 2006)
New Revision: 12744
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12744
Log:
For correctly written scripts, we don't need this anymore. Only use
the cmdline credentials if we ask for it.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c
===
--- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c 2006-01-06
16:12:45 UTC (rev 12743)
+++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c 2006-01-06
19:37:13 UTC (rev 12744)
@@ -386,7 +386,7 @@
{
struct ldb_context *ldb;
struct auth_session_info *session_info;
- struct cli_credentials *creds;
+ struct cli_credentials *creds = NULL;
struct MprVar *credentials;
struct MprVar *this = mprGetProperty(ejsGetLocalObject(eid), this, 0);
@@ -402,8 +402,6 @@
credentials = mprGetProperty(this, credentials, NULL);
if (credentials) {
creds = mprGetPtr(credentials, creds);
- } else {
- creds = cmdline_credentials;
}
dbfile = argv[0];
svn commit: samba r12745 - in branches/SAMBA_4_0/source: lib/ldb/tools setup
Author: idra
Date: 2006-01-06 19:42:08 + (Fri, 06 Jan 2006)
New Revision: 12745
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12745
Log:
Initial work to support a syntax to pass over controls via
command line to ldbsearch. Very rough work, no checks are
done on the input yet (will segfault if you make it wrong).
Controls are passed via the --controls switch an are comma
separated (no escaping yet).
General syntax is ctrl_name:criticality
ctrl_name is a string
criticality is 1 or 0
Current semi-parsed controls are:
server_sort
syntax: server_sort:1:0:attributename
1st parm: criticality
2nd parm: reversed
3rd parm: attribute name to be used for sorting
todo: still missing suport for multiple sorting
attributes and ordering rule
no check on result code
paged_results
syntax: paged_results:1:100
1st parm: criticality
2nd parm: number of results to be returned
todo: ldbsearch will return only the first batch
(missing code to cycle over conditionally)
no check on result code
extended_dn
syntax: extended_dn:1:0
1st parm: criticality
2nd parm: type, see MS docs on meaning
Simo.
Modified:
branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.c
branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.h
branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c
branches/SAMBA_4_0/source/setup/provision_init.ldif
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.c
===
--- branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.c 2006-01-06 19:37:13 UTC
(rev 12744)
+++ branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.c 2006-01-06 19:42:08 UTC
(rev 12745)
@@ -62,6 +62,7 @@
{ input, 'I', POPT_ARG_STRING, options.input, 0, Input
File, Input },
{ output, 'O', POPT_ARG_STRING, options.output, 0, Output
File, Output },
{ NULL,'o', POPT_ARG_STRING, NULL, 'o', ldb_connect
option, OPTION },
+ { controls, 0, POPT_ARG_STRING, NULL, 'c', controls, NULL },
#ifdef _SAMBA_BUILD_
POPT_COMMON_SAMBA
POPT_COMMON_CREDENTIALS
@@ -137,7 +138,35 @@
options.options[num_options+1] = NULL;
num_options++;
break;
-
+
+ case 'c': {
+ const char *cs = poptGetOptArg(pc);
+ const char *p;
+ int cc;
+
+ for (p = cs, cc = 1; p = strchr(p, ','); cc++) ;
+
+ options.controls = talloc_array(ret, char *, cc + 1);
+ if (options.controls == NULL) {
+ ldb_oom(ldb);
+ goto failed;
+ }
+ for (p = cs, cc = 0; p != NULL; cc++) {
+ const char *t;
+
+ t = strchr(p, ',');
+ if (t == NULL) {
+ options.controls[cc] =
talloc_strdup(options.controls, p);
+ p = NULL;
+ } else {
+ options.controls[cc] =
talloc_strndup(options.controls, p, t-p);
+ p = t + 1;
+ }
+ }
+ options.controls[cc + 1] = NULL;
+
+ break;
+ }
default:
fprintf(stderr, Invalid option %s: %s\n,
poptBadOption(pc, 0), poptStrerror(opt));
Modified: branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.h
===
--- branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.h 2006-01-06 19:37:13 UTC
(rev 12744)
+++ branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.h 2006-01-06 19:42:08 UTC
(rev 12745)
@@ -43,6 +43,7 @@
const char *sasl_mechanism;
const char *input;
const char *output;
+ char **controls;
};
struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, int argc,
const char **argv,
Modified: branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c
===
--- branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c 2006-01-06 19:37:13 UTC
(rev 12744)
+++ branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c 2006-01-06 19:42:08 UTC
(rev 12745)
@@ -64,25 +64,93 @@
return ldb_dn_compare(ldb, (*el1)-dn, (*el2)-dn);
}
+static struct ldb_control **parse_controls(void *mem_ctx, char
**control_strings)
+{
+ int i;
+ struct ldb_control **ctrl;
+
+ if (control_strings == NULL || control_strings[0] == NULL)
+ return NULL;
+
svn commit: samba r12746 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules lib/ldb/common scripting/ejs setup
Author: abartlet Date: 2006-01-06 21:04:32 + (Fri, 06 Jan 2006) New Revision: 12746 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12746 Log: An initial version of the kludge_acls module. This should be replaced with real ACLs, which tridge is working on. In the meantime, the rules are very simple: - SYSTEM and Administrators can read all. - Users and anonymous cannot read passwords, can read everything else - list of 'password' attributes is hard-coded Most of the difficult work in this was fighting with the C/js interface to add a system_session() all, as it still doesn't get on with me :-) Andrew Bartlett Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c branches/SAMBA_4_0/source/scripting/ejs/smbcalls_auth.c branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c branches/SAMBA_4_0/source/setup/provision branches/SAMBA_4_0/source/setup/provision_init.ldif Changeset: Sorry, the patch is too large (374 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12746
svn commit: samba r12747 - in branches/SAMBA_4_0/source/libcli/security: .
Author: abartlet
Date: 2006-01-06 21:20:09 + (Fri, 06 Jan 2006)
New Revision: 12747
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12747
Log:
Add a couple more token tests, used by the kludge ACL module.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/libcli/security/security_token.c
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/security/security_token.c
===
--- branches/SAMBA_4_0/source/libcli/security/security_token.c 2006-01-06
21:04:32 UTC (rev 12746)
+++ branches/SAMBA_4_0/source/libcli/security/security_token.c 2006-01-06
21:20:09 UTC (rev 12747)
@@ -190,3 +190,33 @@
return False;
}
+BOOL is_authenticated_token(struct security_token *token)
+{
+ TALLOC_CTX *mem_ctx = talloc_new(token);
+ int i;
+ struct dom_sid *authenticated = dom_sid_parse_talloc(mem_ctx,
SID_NT_ANONYMOUS);
+ for (i = 0; i token-num_sids; i++) {
+ if (dom_sid_equal(token-sids[i], authenticated)) {
+ talloc_free(mem_ctx);
+ return True;
+ }
+ }
+ talloc_free(mem_ctx);
+ return False;
+}
+
+BOOL is_administrator_token(struct security_token *token)
+{
+ TALLOC_CTX *mem_ctx = talloc_new(token);
+ int i;
+ struct dom_sid *administrators = dom_sid_parse_talloc(mem_ctx,
SID_BUILTIN_ADMINISTRATORS);
+ for (i = 0; i token-num_sids; i++) {
+ if (dom_sid_equal(token-sids[i], administrators)) {
+ talloc_free(mem_ctx);
+ return True;
+ }
+ }
+ talloc_free(mem_ctx);
+ return False;
+}
+
svn commit: samba r12748 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: idra
Date: 2006-01-06 21:39:37 + (Fri, 06 Jan 2006)
New Revision: 12748
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12748
Log:
Fix wrong handling of separation characters for RDNs
allow escaped separation chars as part of the attr value
of an RDN
Modified:
branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c
===
--- branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2006-01-06 21:20:09 UTC
(rev 12747)
+++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2006-01-06 21:39:37 UTC
(rev 12748)
@@ -214,8 +214,8 @@
static char *seek_to_separator(char *string, const char *separators)
{
- char *p;
- int ret, qs, qe;
+ char *p, *q;
+ int ret, qs, qe, escaped;
if (string == NULL || separators == NULL) return NULL;
@@ -242,11 +242,21 @@
}
/* no quotes found seek to separators */
- ret = strcspn(p, separators);
- if (ret == 0) /* no separators ?! bail out */
+ q = p;
+ do {
+ escaped = 0;
+ ret = strcspn(q, separators);
+
+ if (q[ret - 1] == '\\') {
+ escaped = 1;
+ q = q + ret + 1;
+ }
+ } while (escaped);
+
+ if (ret == 0 p == q) /* no separators ?! bail out */
return NULL;
- return p + ret;
+ return q + ret;
failed:
return NULL;
svn commit: samba r12749 - in branches/SAMBA_4_0/source: scripting/libjs setup
Author: abartlet
Date: 2006-01-06 21:45:36 + (Fri, 06 Jan 2006)
New Revision: 12749
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12749
Log:
Fix the newuser script.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/libjs/provision.js
branches/SAMBA_4_0/source/setup/newuser
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-06
21:39:37 UTC (rev 12748)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-06
21:45:36 UTC (rev 12749)
@@ -406,7 +406,7 @@
/*
add a new user record
*/
-function newuser(username, unixname, password, message, subobj, session_info,
credentials)
+function newuser(username, unixname, password, message, session_info,
credentials)
{
var lp = loadparm_init();
var samdb = lp.get(sam database);
@@ -437,15 +437,13 @@
var ldif = sprintf(
dn: %s
sAMAccountName: %s
-name: %s
memberOf: %s
unixName: %s
-objectGUID: %s
-unicodePwd: %s
+sambaPassword: %s
objectClass: user
,
- user_dn, username, username, dom_users,
- unixname, randguid(), password);
+ user_dn, username, dom_users,
+ unixname, password);
/*
add the user to the users group as well
*/
Modified: branches/SAMBA_4_0/source/setup/newuser
===
--- branches/SAMBA_4_0/source/setup/newuser 2006-01-06 21:39:37 UTC (rev
12748)
+++ branches/SAMBA_4_0/source/setup/newuser 2006-01-06 21:45:36 UTC (rev
12749)
@@ -10,6 +10,7 @@
POPT_AUTOHELP,
POPT_COMMON_SAMBA,
POPT_COMMON_VERSION,
+ POPT_COMMON_CREDENTIALS,
'username=s',
'unixname=s',
'password=s',
@@ -70,6 +71,10 @@
exit(1);
}
-newuser(options.username, options.unixname, options.password, message);
+var creds = options.get_credentials();
+var system_session = system_session();
+
+newuser(options.username, options.unixname, options.password, message,
system_session, creds);
+
return 0;
svn commit: samba r12750 - in branches/SAMBA_4_0/source/heimdal_build: .
Author: abartlet
Date: 2006-01-06 22:55:03 + (Fri, 06 Jan 2006)
New Revision: 12750
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12750
Log:
Clean up more asn1 generated files (pointed out by HotaruT).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/heimdal_build/asn1_deps.pl
branches/SAMBA_4_0/source/heimdal_build/config.mk
Changeset:
Modified: branches/SAMBA_4_0/source/heimdal_build/asn1_deps.pl
===
--- branches/SAMBA_4_0/source/heimdal_build/asn1_deps.pl2006-01-06
21:45:36 UTC (rev 12749)
+++ branches/SAMBA_4_0/source/heimdal_build/asn1_deps.pl2006-01-06
22:55:03 UTC (rev 12750)
@@ -50,4 +50,6 @@
foreach $x_file (@x_files) {
print [EMAIL PROTECTED] -f $x_file;
}
+print [EMAIL PROTECTED] -f $dirname/$prefix\_files;
+print [EMAIL PROTECTED] -f $dirname/$prefix\.h;
print \n\n;
Modified: branches/SAMBA_4_0/source/heimdal_build/config.mk
===
--- branches/SAMBA_4_0/source/heimdal_build/config.mk 2006-01-06 21:45:36 UTC
(rev 12749)
+++ branches/SAMBA_4_0/source/heimdal_build/config.mk 2006-01-06 22:55:03 UTC
(rev 12750)
@@ -437,9 +437,6 @@
heimdal_clean: hdb_asn1_clean spnego_asn1_clean krb5_asn1_clean
@-rm -f heimdal/lib/roken/vis.h heimdal/lib/roken/err.h
- @-rm -f heimdal/lib/hdb/hdb_asn1.h
- @-rm -f heimdal/lib/gssapi/spnego_asn1.h
- @-rm -f heimdal/lib/asn1/krb5_asn1.h
@-rm -f heimdal/lib/asn1/asn1_err.{c,h}
@-rm -f heimdal/lib/hdb/hdb_err.{c,h}
@-rm -f heimdal/lib/krb5/heim_err.{c,h}
svn commit: samba r12751 - in branches/SAMBA_4_0/source: .
Author: abartlet Date: 2006-01-06 23:12:12 + (Fri, 06 Jan 2006) New Revision: 12751 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12751 Log: Another make clean fix. Andrew Bartlett Modified: branches/SAMBA_4_0/source/main.mk Changeset: Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2006-01-06 22:55:03 UTC (rev 12750) +++ branches/SAMBA_4_0/source/main.mk 2006-01-06 23:12:12 UTC (rev 12751) @@ -237,7 +237,7 @@ idl \ heimdal_basics -clean: heimdal_clean +clean: heimdal_clean clean_pch @echo Removing headers @-rm -f include/proto.h @echo Removing objects
svn commit: samba r12752 - in branches/SAMBA_4_0/source/heimdal_build: .
Author: abartlet
Date: 2006-01-06 23:15:06 + (Fri, 06 Jan 2006)
New Revision: 12752
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12752
Log:
Clean up compile_et and asn1_compile as well.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/heimdal_build/config.mk
Changeset:
Modified: branches/SAMBA_4_0/source/heimdal_build/config.mk
===
--- branches/SAMBA_4_0/source/heimdal_build/config.mk 2006-01-06 23:12:12 UTC
(rev 12751)
+++ branches/SAMBA_4_0/source/heimdal_build/config.mk 2006-01-06 23:15:06 UTC
(rev 12752)
@@ -442,6 +442,7 @@
@-rm -f heimdal/lib/krb5/heim_err.{c,h}
@-rm -f heimdal/lib/krb5/k524_err.{c,h}
@-rm -f heimdal/lib/krb5/krb5_err.{c,h}
+ @-rm -f bin/compile_et bin/asn1_compile
###
# Start SUBSYSTEM HEIMDAL
Build status as of Sat Jan 7 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-01-06 00:00:05.0 + +++ /home/build/master/cache/broken_results.txt 2006-01-07 00:00:34.0 + @@ -1,17 +1,17 @@ -Build status as of Fri Jan 6 00:00:02 2006 +Build status as of Sat Jan 7 00:00:02 2006 Build counts: Tree Total Broken Panic -ccache 7 2 0 -distcc 8 2 0 -lorikeet-heimdal 15 11 0 +ccache 6 2 0 +distcc 7 2 0 +lorikeet-heimdal 15 9 0 ppp 15 0 0 rsync29 6 0 samba1 0 0 samba-docs 0 0 0 -samba4 32 18 3 +samba4 32 18 1 samba_3_030 5 0 -smb-build23 3 0 -talloc 11 5 0 -tdb 7 1 0 +smb-build22 3 0 +talloc 10 4 0 +tdb 6 1 0
svn commit: samba r12753 - in branches/SAMBA_4_0/source: build/smb_build librpc
Author: abartlet Date: 2006-01-07 00:06:58 + (Sat, 07 Jan 2006) New Revision: 12753 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12753 Log: Try to fix the build after a 'make clean'. (the wildcards will not expand because they don't exist yet). Thanks again to HotaruT. Andrew Bartlett Modified: branches/SAMBA_4_0/source/build/smb_build/makefile.pm branches/SAMBA_4_0/source/librpc/config.mk Changeset: Modified: branches/SAMBA_4_0/source/build/smb_build/makefile.pm === --- branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2006-01-06 23:15:06 UTC (rev 12752) +++ branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2006-01-07 00:06:58 UTC (rev 12753) @@ -509,6 +509,7 @@ IDL_FILES = \$(wildcard librpc/idl/*.idl) \$(patsubst librpc/idl/%.idl,librpc/gen_ndr/ndr_%.c,\$(IDL_FILES)) \\ \$(patsubst librpc/idl/%.idl,librpc/gen_ndr/ndr_\%_c.c,\$(IDL_FILES)) \\ +\$(patsubst librpc/idl/%.idl,librpc/gen_ndr/ndr_\%_ejs.c,\$(IDL_FILES)) \\ \$(patsubst librpc/idl/%.idl,librpc/gen_ndr/ndr_%.h,\$(IDL_FILES)): idl __EOD__ ); Modified: branches/SAMBA_4_0/source/librpc/config.mk === --- branches/SAMBA_4_0/source/librpc/config.mk 2006-01-06 23:15:06 UTC (rev 12752) +++ branches/SAMBA_4_0/source/librpc/config.mk 2006-01-07 00:06:58 UTC (rev 12753) @@ -296,10 +296,10 @@ NOPROTO = YES REQUIRED_SUBSYSTEMS = LIBNDR NDR_NBT -librpc/gen_ndr/tables.c: librpc/gen_ndr/ndr_*.h - @$(PERL) librpc/tables.pl --output=librpc/gen_ndr/tables.c \ - librpc/gen_ndr/ndr_*.h +librpc/gen_ndr/tables.c: $(patsubst librpc/idl/%.idl,librpc/gen_ndr/ndr_%.h,$(IDL_FILES)) + @$(PERL) librpc/tables.pl --output=librpc/gen_ndr/tables.c $^ + [SUBSYSTEM::NDR_IFACE_TABLE] OBJ_FILES = gen_ndr/tables.o NOPROTO = YES
