[Samba] Re: Corrupt sam database in Samba, cant add users or change pass
Carlos Lijoi a écrit : Hello, this is my first post Hi, I'm having a problem here... After (stupidly) trying to change an username I'm having problems reported by smbpasswd and pdbedit: build_sam_account: smbpasswd database is corrupt! I would really appreciate any help with this, as I have users not bein able to login into the domain anymore, nor the new users that I try to add!! Please let me know which information could be useful Regards from Buenos Aires, Argentina Carlos The first thing you have to check is the relation between smbpasswd (username,uid) and /etc/passwd(username,uid). If an account from smbpasswd is missing in /etc/passwd you cannot manage users any more. Hope this will help. Pierre -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA+LDAP in a Workgroup
HiHo Tom! Tom Haerens wrote: Hi, This may be a dumb question (I'm new with this), but is it possible to use SAMBA in combination with LDAP in a Workgroup? All the manuals and examples I can find, are talking about Domains and PDCs. I've such a setup running here and I'm quite satisfied. We once migrated from NIS to LDAP and later added the Samba scheme to our LDAP server. We are just using simple file- and print services with Samba. We don't use the PDC functionality as, up to now, I don't see an advantage for us - just more administration effort. Roughly said, the LDAP is just used for user accounts and groups, i.e. passwords and userid/group matching. There are enough websites that describe such a setup, by the way. Start with these here: http://www.ofb.net/~jheiss/samba/ldap.shtml http://www.coe.tamu.edu/cs/Manuals/Samba/Samba-LDAP-HOWTO.html Markus -- Senior Executive - Systemadministration Direct Phone: + 49 / 234 9787-57 Direct Fax: +49 / 234 9787-77 Viisage Technology AG Universitaetsstrasse 160 44801 Bochum Germany http://www.viisage.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] domain users appear as local to samba
Hello, I have a samba server (3.0.21c) that gets its UNIX user info from nss_ldap. It acts as an ADS member server (the UNIX usernames match the ones in the Windows domain). Simple usage works fine: if I log in on a Win client as DOMAIN\user then I can map a drive on \\samba\user and read/write and so on. However if I look up the security properties of a file in \\samba\user, the owner shows up as local to the samba server, i.e. \\samba\user as opposed to DOMAIN\user. My hunch is that when a Win client is asking about ownership (or security) details, it does so in terms of SIDs, not usernames. And that Samba returns an SID which is arbitrary w.r.t the domain SIDs. How can I fix that? Or have I missed something obvious? Thanks Nikos This email has been independently scanned for viruses and any virus software has been removed using McAfee anti-virus software -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba and mac clients
Hi John, I know from experience that OS X and Samba work just fine together, I even had Kerberos auth to AD working (works pretty much by default actually). Two suggestions, have u tried connecting from the GUI rather than command line (maybe something in the command syntax u are trying isnt right)? And also have u tried using the full command line syntax including //[workgroup;[EMAIL PROTECTED] server[/share] path ?? cheers Andy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA+LDAP in a Workgroup
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ]On Behalf Of Markus Korth Sent: 17 March 2006 08:28 To: samba@lists.samba.org Subject: Re: [Samba] SAMBA+LDAP in a Workgroup HiHo Tom! Tom Haerens wrote: Hi, This may be a dumb question (I'm new with this), but is it possible to use SAMBA in combination with LDAP in a Workgroup? All the manuals and examples I can find, are talking about Domains and PDCs. LDAP is a heavyweight store for massive amounts of passwords and extended data needed to run 100s or 1000s of PCs. In a workgroup there is no central password store. In a workgroup each windows client has local users and would never consult a central authentication database so the LDAP would only hold accounts for the local Linux machine/samba users. This is a Sledgehammer + nut situation Look at the normal samba database Regards Rob I've such a setup running here and I'm quite satisfied. We once migrated from NIS to LDAP and later added the Samba scheme to our LDAP server. We are just using simple file- and print services with Samba. We don't use the PDC functionality as, up to now, I don't see an advantage for us - just more administration effort. Roughly said, the LDAP is just used for user accounts and groups, i.e. passwords and userid/group matching. There are enough websites that describe such a setup, by the way. Start with these here: http://www.ofb.net/~jheiss/samba/ldap.shtml http://www.coe.tamu.edu/cs/Manuals/Samba/Samba-LDAP-HOWTO.html Markus -- Senior Executive - Systemadministration Direct Phone: + 49 / 234 9787-57 Direct Fax: +49 / 234 9787-77 Viisage Technology AG Universitaetsstrasse 160 44801 Bochum Germany http://www.viisage.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Foxpro for Unix
Carlos Prieto wrote: On the machine, is running MS Foxpro 2.6 for UNIX (it's running pretty well for several years) but due to new demands (like Crystal Reports, Visual view; etc) the directories with DBF files were shared using Samba. At the beginning, when everything was only about reading, there were no problems. But now, it's necessary to write to the DBF files from the Visual Application (Visual Basic) and now there are some problems. While a user may be reading data from the Visual application, and someone else writes to the DBF file from the FoxPro for UNIX, the changes are not being seeing in the Visual application. And if the user from Visual writes data to the DBF, there's a data corruption then; because of the concurrent connections from the FoxPro from Unix. I think it's a matter of oplock issue between Fox and Samba. Samba opens the DBF file, without concerns if FoxPro has the file open, and viceversa. When everyone is running only the Visual application, there's no problem. If the users are running only FoxPro for Unix, there's no problems. If the users run FoxPro for Unix for read/write and Visual for read only, there's no problem. The problems araise when the users are running FoxPro and Visual for read and write files simultaneosly. Any idea to run this configuration smoothly? Thanks in advance for the help. Kind regards. Have a look at: http://drouillard.ca/TipsTricks/Samba/Oplocks.htm Regards Gerald Drouillard http://www.drouillard.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem at include a machine in domain
Hello guys! My name its Stephan and i'm from Brazil , so sorry for my bad english. I'm configuring a Samba how a PDC in my network... working with OpenLdap. I'm using Slackware 10.2 (Default Kernel, 2.4) Samba 3.0.21c slapd 2.3.19. smbdap-tools. When i include a machine in my domain for smbldap-tools , its all right. But when i try to include tha machine for windows (for the clients) , show the message Logon fail: Wrong username or incorrect password., in the smba log show this. [EMAIL PROTECTED]:/var/log/samba# cat ajax.log [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:26, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:26, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:26, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w ajax$' gave 9 Anybody can help me? Thanks! Stephan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Share Visible To Particular Users Only
Yes I have done that, but I also want that the share can be seen only by specific people Regards On 3/16/06, Guillermo Gutierrez [EMAIL PROTECTED] wrote: Try using valid users = @somegroup (replacing somegroup with an actual users group) or valid users = userone usertwo etc... for individual users. These should be added under the specific share entries in the smb.conffile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Guillermo Dalla Vecchia Sent: Thursday, March 16, 2006 6:20 PM To: samba@lists.samba.org Subject: [Samba] Making Share Visible To Particular Users Only Dear Friends, Is It Possible to Make a *Share* Visible to a List of Users *Only* ? e.g. If have shares Likes Account, Sales, Support Then I would Like make respective *share* visible *only* to persons in respective dept. Thanks and Best Regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] challenge that the password server supplied us is not the one we gave our client
Hi, I've some problems with one of our samba fileserver (debian stable 3.0.14a-3sarge1). Every few weeks, I get the following error messages for all users that want to access/mount a share: [2006/03/16 08:52:53, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [PID51C9] - [PID51C9] FAILED with error NT_STATUS_LOGON_FAILURE [2006/03/16 08:52:57, 1] auth/auth_server.c:check_smbserver_security(263) the challenge that the password server ($passwordserver) supplied us is not the one we gave our client. This just can't work :-( [2006/03/16 08:52:57, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [PID51C9] - [PID51C9] FAILED with error NT_STATUS_LOGON_FAILURE [2006/03/16 08:53:02, 1] auth/auth_server.c:check_smbserver_security(263) the challenge that the password server ($passwordserver) supplied us is not the one we gave our client. This just can't work :-( I've no idea what this should mean. After restarting samba with /etc/init.d/samba restart, it's working again. [2006/03/16 08:54:09, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [PID51C9] - [PID51C9] - [pid51c9] succeeded The server is not member of a doamin, but the password/domain server is used for authentification (I have no access to this server). Most user are member of that domain, for a few user we created local smbpasswd entries. security = SERVER auth methods = guest sam_ignoredomain smbserver password server = $passwordserver passdb backend = tdbsam, guest This is working fine, except for the error message above, which we see every x weeks. No (domain) user is then able to login anymore. This config is working for some other machines which never had this problem. Any ideas? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Share Visible To Particular Users Only
Sorry, I didn't check the reply address. How about Linux Clients?? could it be done something similar for them? (logon scripts only work with Windows Clients). On 3/17/06, Craig White [EMAIL PROTECTED] wrote: Let's keep this on list please. A logon script is a script so yes, it could be done that way. A share that isn't browseable is still there, it just doesn't show up in a network browser. You can still connect to it, access privileges permitting. Similar to ADMIN$ or C$ from a Windows 'server' Craig On Fri, 2006-03-17 at 02:42 -0300, Guillermo Dalla Vecchia wrote: Could it be done with the logon scripts option?? I think this works with windows clients. For Linux clients could it be done setting up correctly fstab (to mount the share at boot time)?? the shares require username and password though... Regards On 3/16/06, Craig White [EMAIL PROTECTED] wrote: On Thu, 2006-03-16 at 23:19 -0300, Guillermo Dalla Vecchia wrote: Dear Friends, Is It Possible to Make a *Share* Visible to a List of Users *Only* ? e.g. If have shares Likes Account, Sales, Support Then I would Like make respective *share* visible *only* to persons in respective dept. Thanks and Best Regards. not that I know of but you can set browsable to off (less visibility) and have those users mount the share by a script or individually set by 'reconnect at logon' and of course you can control read and write access within each share. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 4 winbind feature set
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Lehmann wrote: On Thu, 2006-03-16 at 20:35 -0500, Danilo Almeida wrote: On Thu, 2006-03-16 at 14:09 +1000, Greg Lehmann wrote: Hi All, Now that Microsoft have included the schema extensions (RFC 2307) for Unix in Active Directory with SP2 for Windows Server 2003, there is some potential for both the samba 4 server side and client side (winbind) to use these extra features to store and access a UID, GID, shell, Home directory etc. I have not managed to find any information on any plans to do this but would like to know if some of you have. Greg, you probably mean Windows Server 2003 R2, which is not SP2. R2 is effectively an add-on to Windows Server 2003 SP1. - Danilo You could well be right there, not that the syntax of it means much to me. I am more interested in winbind using these extra features. It may well save having to do a separate LDAP server. Andrew Bartlett seems to think winbind 3.0 can do this already and it did occur to me it could be made to. I can't see it from the doco or examples so I might have to look at the code. Samba 3.0 supports the SFU schema and we have a patch in the queue to support the RFC2307 attributes. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGszAIR7qMdg1EfYRAoxSAKDbJqqcsw4wSXaiNpaTzSpPzaFUHwCZASgu Qks2eyuh6MuZohX3I+7wCNo= =U8Oe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Daily changetrustpw breaks authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Moser wrote: Anyone have any thoughts on this? Is changetrustpw even required? Are other people using it with success? If you have multiple DC's you might be seeing a issue with replication. Changing the password on one DC and connecting to another. This has been fixed in the current SAMBA_3_0 code. For clarification, Samba does change the password regularly when 'security = domain' but not when 'security = ads'. I'd have to check back why. (or maybe Andrew remembers). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGs6UIR7qMdg1EfYRAmMdAKDnqnisuIWDpBV33GeetMZ3tVUqiwCfSzBZ jOlLw2gn4NIwVvPoKe5tVlY= =RwxH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba3 and heimdal: both using ldap as backends
samba-3.0.21c, heimdal-0.7.2 The heimdal documentation[1] talks about a samba integration when both samba and heimdal are using ldap as their backends. I quote: Now you can proceed as in See Using LDAP to store the database. Heimdal will pick up the Samba LDAP entries if they are in the same search space as the Kerberos entries. There is absolutely no further documentation. I tried with this tree: dc=mycnc,dc=com ou=People,dc=mycnc,dc=com heimdal is configured to use ou=people (I also tried with ou=KerberosPrincipals), where I already have some entries. My goal is to use only one password to avoid the sambaNTPassword/userPassword/kerberos mess (three passwords). I was under the impression that this setup should get me that. If I add a principal with a name that is already in ou=people as a posix and samba account, I get this: (...) [EMAIL PROTECTED]'s Password: Verifying - [EMAIL PROTECTED]'s Password: kadmin: kadm5_create_principal: ldap_search_s: No such object kadmin: adding joao: Principal or policy already exists The ldap logs show these queries (first collumn is the number of entries returned): 1 SRCH base=ou=People,dc=mycnc,dc=com scope=2 deref=0 filter=((objectClass=krb5Principal)([EMAIL PROTECTED])) 0 SRCH base=uid=heimdal,dc=services,dc=mycnc,dc=com scope=2 deref=0 filter=(objectClass=krb5Principal) 1 SRCH base=ou=People,dc=mycnc,dc=com scope=2 deref=0 filter=((objectClass=krb5Principal)([EMAIL PROTECTED])) 0 SRCH base=uid=heimdal,dc=services,dc=mycnc,dc=com scope=2 deref=0 filter=(objectClass=krb5Principal) 0 SRCH base=ou=People,dc=mycnc,dc=com scope=2 deref=0 filter=((objectClass=krb5Principal)([EMAIL PROTECTED])) 1 SRCH base=ou=People,dc=mycnc,dc=com scope=2 deref=0 filter=((|(objectClass=sambaSamAccount)(objectClass=account))(uid=joao)) A few questions: a) Why is it searching at base uid=heimdal,dc=services,dc=mycnc,dc=com? That's the binddn after authz-regexp; b) It found my user's entry (last search), why doesn't it add the kerberos attributes to it? Or, better yet, what is supposed to be happening? If I run kadmin to add an user that doesn't exist with posixAccount/sambaSamAccount, then a krb5PrincipalEntry dn is created, which samba doesn't see. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: security=share, who needs it ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom, I've got to step up for Carsten here. Tom Schaefer wrote: Carsten Schaub [EMAIL PROTECTED] wrote: the security=shre setting does not behave as many admins expect. Access It behaves exactly as this admin expects and I would absolutely hate to see it to go. No. it really doesn't. For the record, Carsten brought this issue up on the samba-technical ml. Every developer agrees that our security = share code is fundamentally broken because it tries to shoe horn a userless security model onto a user/password authentication system. People try to do all sorts of silly things with security = share like using a 'write list' option. What is that supposed to mean? You want a userless authentication but a user based authorization system? That's just wrong. If the only think people need is a guest server, we can do that very easily with 'security = user'. We can even mix guest and non-guest servers using virtual servers. to all shares are mapped to the guest account and if the underlying unix permissions don't permit that access you get errors and the access doesn't work as expected. Thats wrong. You connect to a Samba server using security=share as the guest account or as any user you want. The method used for determining whom you connect to a particular share as is spelled out in the section NOTE ABOUT USERNAME/PASSWORD VALIDATION of the smb.conf man page. Tom, I think it is a little more complicated that you realize. The problem is not getting 'security = share' to work with the current code base, but rather how easy it is to misconfigure the server. And I'll add that if we implemented share mode security as it should be, your configuration would probably not work any more. Also is security=share a global parameter. This given, there is no distinction between guest and authenticated access per share possible yet. No, no. Here are a few shares from the smb.conf file of a single security=share server I have. Homes only works for a given user if they give their correct password , the second share anyone who knows what the password is can access, and the guest share is a guest share so it works for everybody with no authentication. [Homes] comment = Home Directories username = %S valid users = %S writeable = Yes map archive = No browseable = No See? This this exactly what I'm talking about. Why are you serving user home directories from a share mode based server? The two model do not mix. I will not support this type of configuration if something doesn't work as you expect because you are mixing userless authentication with user-based authorization. And I go to a lot of lengths to support strange things. One nice thing about security=share is that in an environment I'm in where there is little to no correlation between MS Windows usernames and UNIX account usernames I don't have to worry about trying to keep it all sorted out in some behometh username map file thanks to username = %S. Another nice thing about it is I don't have to worry about the way MS Windows clients will only let you connect to a single server as a single user at a time. With share level security I can have people authenticate to a single UNIX system as several different UNIX usernames from a single Windows box. This is a buggy by product of the current code. It make the code mind-numbingly hard to follow and really should work at all. In true share mode security you only have a readonly password and a write password. Most like, we will either (a) implement a correct userless authentication/authorization model, or (b) mark 'security = share' as deprecated (along with 'security = server'). I'm still waiting for someone to give me a valid need to keep share security and I'm afraid this one doesn't qualify if only because it relies upon the obtuse behavior we want to get rid of. It does not really make user of share mode security at all. No offense :-) cheers, jerry = I live in a Reply-to-All world. --- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGtH0IR7qMdg1EfYRAkgrAKCxCsZTZXfL1PupBd+TJGgGoYQUJgCg8AQz 51NMmDiFzrgc7fvKQ8qCXQw= =OtcM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Share Visible To Particular Users Only
Also, logon scripts only work with a domain configuration whereas I have a workgroup. Is there some way to this in a workgroup?? Regards On 3/17/06, Guillermo Dalla Vecchia [EMAIL PROTECTED] wrote: Sorry, I didn't check the reply address. How about Linux Clients?? could it be done something similar for them? (logon scripts only work with Windows Clients). On 3/17/06, Craig White [EMAIL PROTECTED] wrote: Let's keep this on list please. A logon script is a script so yes, it could be done that way. A share that isn't browseable is still there, it just doesn't show up in a network browser. You can still connect to it, access privileges permitting. Similar to ADMIN$ or C$ from a Windows 'server' Craig On Fri, 2006-03-17 at 02:42 -0300, Guillermo Dalla Vecchia wrote: Could it be done with the logon scripts option?? I think this works with windows clients. For Linux clients could it be done setting up correctly fstab (to mount the share at boot time)?? the shares require username and password though... Regards On 3/16/06, Craig White [EMAIL PROTECTED] wrote: On Thu, 2006-03-16 at 23:19 -0300, Guillermo Dalla Vecchia wrote: Dear Friends, Is It Possible to Make a *Share* Visible to a List of Users *Only* ? e.g. If have shares Likes Account, Sales, Support Then I would Like make respective *share* visible *only* to persons in respective dept. Thanks and Best Regards. not that I know of but you can set browsable to off (less visibility) and have those users mount the share by a script or individually set by 'reconnect at logon' and of course you can control read and write access within each share. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Share Visible To Particular Users Only
This is probably not going to be possible since many times windows will do browsing as an anonymous (guest) user even when you are logged in as a particular user. Guillermo Dalla Vecchia wrote: Yes I have done that, but I also want that the share can be seen only by specific people Regards On 3/16/06, Guillermo Gutierrez [EMAIL PROTECTED] wrote: Try using valid users = @somegroup (replacing somegroup with an actual users group) or valid users = userone usertwo etc... for individual users. These should be added under the specific share entries in the smb.conffile. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Guillermo Dalla Vecchia Sent: Thursday, March 16, 2006 6:20 PM To: samba@lists.samba.org Subject: [Samba] Making Share Visible To Particular Users Only Dear Friends, Is It Possible to Make a *Share* Visible to a List of Users *Only* ? e.g. If have shares Likes Account, Sales, Support Then I would Like make respective *share* visible *only* to persons in respective dept. Thanks and Best Regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain users appear as local to samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nikos Gkorogiannis wrote: Simple usage works fine: if I log in on a Win client as DOMAIN\user then I can map a drive on \\samba\user and read/write and so on. However if I look up the security properties of a file in \\samba\user, the owner shows up as local to the samba server, i.e. \\samba\user as opposed to DOMAIN\user. Thanks for your response. I am already running winbindd without idmaps or an ldap backend. Or is the ldap backend compulsory? HmmmCan you send me (off list) level 10 debug logs from smbd and winbindd that illustrate the failure? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGtoHIR7qMdg1EfYRAhGrAKDAzL/Ow+hhaFdOS1wQUQDDtOQheQCg51s6 SAbVdb/dcOjGJAfSf2l/tJI= =OyTR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain users appear as local to samba
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nikos Gkorogiannis wrote:
Hello,
I have a samba server (3.0.21c) that gets its UNIX user
info from nss_ldap. It acts as an ADS member server (the
UNIX usernames match the ones in the Windows domain).
Simple usage works fine: if I log in on a Win client as
DOMAIN\user then I can map a drive on \\samba\user and read/write
and so on. However if I look up the security properties of a
file in \\samba\user, the owner shows up as local to the samba
server, i.e. \\samba\user as opposed to DOMAIN\user.
My hunch is that when a Win client is asking about
ownership (or security) details, it does so in terms of
SIDs, not usernames. And that Samba returns an SID which is
arbitrary w.r.t the domain SIDs. How can I fix that? Or
have I missed something obvious?
Your hunch is correct. Run winbindd but do not set the
'idmap {uid,gid}' parameters and you should be fine.
cheers, jerry
=
I live in a Reply-to-All world. ---
Samba--- http://www.samba.org
Centeris --- http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEGtTRIR7qMdg1EfYRAlc3AKCU0tIuMq+uf7fxhCqFZz37wwaUDgCgx8S0
I/9yWMTGpWJZaZp/XNSRV6s=
=Go2v
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: security=share, who needs it ?
On Fri, 2006-03-17 at 09:12 -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom, I've got to step up for Carsten here. Tom Schaefer wrote: Carsten Schaub [EMAIL PROTECTED] wrote: the security=shre setting does not behave as many admins expect. Access It behaves exactly as this admin expects and I would absolutely hate to see it to go. No. it really doesn't. For the record, Carsten brought this issue up on the samba-technical ml. Every developer agrees that our security = share code is fundamentally broken because it tries to shoe horn a userless security model onto a user/password authentication system. People try to do all sorts of silly things with security = share like using a 'write list' option. What is that supposed to mean? You want a userless authentication but a user based authorization system? That's just wrong. If the only think people need is a guest server, we can do that very easily with 'security = user'. We can even mix guest and non-guest servers using virtual servers. to all shares are mapped to the guest account and if the underlying unix permissions don't permit that access you get errors and the access doesn't work as expected. Thats wrong. You connect to a Samba server using security=share as the guest account or as any user you want. The method used for determining whom you connect to a particular share as is spelled out in the section NOTE ABOUT USERNAME/PASSWORD VALIDATION of the smb.conf man page. Tom, I think it is a little more complicated that you realize. The problem is not getting 'security = share' to work with the current code base, but rather how easy it is to misconfigure the server. And I'll add that if we implemented share mode security as it should be, your configuration would probably not work any more. Also is security=share a global parameter. This given, there is no distinction between guest and authenticated access per share possible yet. No, no. Here are a few shares from the smb.conf file of a single security=share server I have. Homes only works for a given user if they give their correct password , the second share anyone who knows what the password is can access, and the guest share is a guest share so it works for everybody with no authentication. [Homes] comment = Home Directories username = %S valid users = %S writeable = Yes map archive = No browseable = No See? This this exactly what I'm talking about. Why are you serving user home directories from a share mode based server? The two model do not mix. I will not support this type of configuration if something doesn't work as you expect because you are mixing userless authentication with user-based authorization. And I go to a lot of lengths to support strange things. One nice thing about security=share is that in an environment I'm in where there is little to no correlation between MS Windows usernames and UNIX account usernames I don't have to worry about trying to keep it all sorted out in some behometh username map file thanks to username = %S. Another nice thing about it is I don't have to worry about the way MS Windows clients will only let you connect to a single server as a single user at a time. With share level security I can have people authenticate to a single UNIX system as several different UNIX usernames from a single Windows box. This is a buggy by product of the current code. It make the code mind-numbingly hard to follow and really should work at all. In true share mode security you only have a readonly password and a write password. Most like, we will either (a) implement a correct userless authentication/authorization model, or (b) mark 'security = share' as deprecated (along with 'security = server'). I'm still waiting for someone to give me a valid need to keep share security and I'm afraid this one doesn't qualify if only because it relies upon the obtuse behavior we want to get rid of. It does not really make user of share mode security at all. No offense :-) I can only think of one reason...I ran into that last night on [EMAIL PROTECTED] User was connecting an old DOS client system to samba and had to use 'security = share' of course, he was confused why the users homes directory didn't work ;-) So I agree with you that the issue of 'security = share' isn't the problem itself, it's the lack of understanding what the real nature of the configuration represents and how it essentially obviates large amounts of the other samba configuration details. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Share Visible To Particular Users Only
Linux clients 'mount' as root which complicates things a bit. If you put the mount in fstab as 'user', and set the users 'credentials' to be a file in their home directory (which contains their username and password), then those that have that file could actually 'mount it' and those without wouldn't know the difference. In this case, the users who could 'mount' the samba share would have to know where on the filesystem the mount is made. Craig On Fri, 2006-03-17 at 11:48 -0300, Guillermo Dalla Vecchia wrote: Sorry, I didn't check the reply address. How about Linux Clients?? could it be done something similar for them? (logon scripts only work with Windows Clients). On 3/17/06, Craig White [EMAIL PROTECTED] wrote: Let's keep this on list please. A logon script is a script so yes, it could be done that way. A share that isn't browseable is still there, it just doesn't show up in a network browser. You can still connect to it, access privileges permitting. Similar to ADMIN$ or C$ from a Windows 'server' Craig On Fri, 2006-03-17 at 02:42 -0300, Guillermo Dalla Vecchia wrote: Could it be done with the logon scripts option?? I think this works with windows clients. For Linux clients could it be done setting up correctly fstab (to mount the share at boot time)?? the shares require username and password though... Regards On 3/16/06, Craig White [EMAIL PROTECTED] wrote: On Thu, 2006-03-16 at 23:19 -0300, Guillermo Dalla Vecchia wrote: Dear Friends, Is It Possible to Make a *Share* Visible to a List of Users *Only* ? e.g. If have shares Likes Account, Sales, Support Then I would Like make respective *share* visible *only* to persons in respective dept. Thanks and Best Regards. not that I know of but you can set browsable to off (less visibility) and have those users mount the share by a script or individually set by 'reconnect at logon' and of course you can control read and write access within each share. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Share Visible To Particular Users Only
Workgroup, you would probably have to distribute specific scripts to specific users on specific machines. Are you trying to make an argument for why setting Samba up as a domain controller is a good thing? If so, you are succeeding. Craig On Fri, 2006-03-17 at 12:19 -0300, Guillermo Dalla Vecchia wrote: Also, logon scripts only work with a domain configuration whereas I have a workgroup. Is there some way to this in a workgroup?? Regards On 3/17/06, Guillermo Dalla Vecchia [EMAIL PROTECTED] wrote: Sorry, I didn't check the reply address. How about Linux Clients?? could it be done something similar for them? (logon scripts only work with Windows Clients). On 3/17/06, Craig White [EMAIL PROTECTED] wrote: Let's keep this on list please. A logon script is a script so yes, it could be done that way. A share that isn't browseable is still there, it just doesn't show up in a network browser. You can still connect to it, access privileges permitting. Similar to ADMIN$ or C$ from a Windows 'server' Craig On Fri, 2006-03-17 at 02:42 -0300, Guillermo Dalla Vecchia wrote: Could it be done with the logon scripts option?? I think this works with windows clients. For Linux clients could it be done setting up correctly fstab (to mount the share at boot time)?? the shares require username and password though... Regards On 3/16/06, Craig White [EMAIL PROTECTED] wrote: On Thu, 2006-03-16 at 23:19 -0300, Guillermo Dalla Vecchia wrote: Dear Friends, Is It Possible to Make a *Share* Visible to a List of Users *Only* ? e.g. If have shares Likes Account, Sales, Support Then I would Like make respective *share* visible *only* to persons in respective dept. Thanks and Best Regards. not that I know of but you can set browsable to off (less visibility) and have those users mount the share by a script or individually set by 'reconnect at logon' and of course you can control read and write access within each share. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Share Visible To Particular Users Only
I think this could work, I'll give it a try. I'll also try the suggestion from Gx to use the include directive in the share definition. I think both are possible solutions. Thanks Guillermo. On 3/17/06, Craig White [EMAIL PROTECTED] wrote: Linux clients 'mount' as root which complicates things a bit. If you put the mount in fstab as 'user', and set the users 'credentials' to be a file in their home directory (which contains their username and password), then those that have that file could actually 'mount it' and those without wouldn't know the difference. In this case, the users who could 'mount' the samba share would have to know where on the filesystem the mount is made. Craig On Fri, 2006-03-17 at 11:48 -0300, Guillermo Dalla Vecchia wrote: Sorry, I didn't check the reply address. How about Linux Clients?? could it be done something similar for them? (logon scripts only work with Windows Clients). On 3/17/06, Craig White [EMAIL PROTECTED] wrote: Let's keep this on list please. A logon script is a script so yes, it could be done that way. A share that isn't browseable is still there, it just doesn't show up in a network browser. You can still connect to it, access privileges permitting. Similar to ADMIN$ or C$ from a Windows 'server' Craig On Fri, 2006-03-17 at 02:42 -0300, Guillermo Dalla Vecchia wrote: Could it be done with the logon scripts option?? I think this works with windows clients. For Linux clients could it be done setting up correctly fstab (to mount the share at boot time)?? the shares require username and password though... Regards On 3/16/06, Craig White [EMAIL PROTECTED] wrote: On Thu, 2006-03-16 at 23:19 -0300, Guillermo Dalla Vecchia wrote: Dear Friends, Is It Possible to Make a *Share* Visible to a List of Users *Only* ? e.g. If have shares Likes Account, Sales, Support Then I would Like make respective *share* visible *only* to persons in respective dept. Thanks and Best Regards. not that I know of but you can set browsable to off (less visibility) and have those users mount the share by a script or individually set by 'reconnect at logon' and of course you can control read and write access within each share. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Share Visible To Particular Users Only
The thing is that I need this for only one user, and I don't want to use a domain. Regards Guillermo. On 3/17/06, Craig White [EMAIL PROTECTED] wrote: Workgroup, you would probably have to distribute specific scripts to specific users on specific machines. Are you trying to make an argument for why setting Samba up as a domain controller is a good thing? If so, you are succeeding. Craig On Fri, 2006-03-17 at 12:19 -0300, Guillermo Dalla Vecchia wrote: Also, logon scripts only work with a domain configuration whereas I have a workgroup. Is there some way to this in a workgroup?? Regards On 3/17/06, Guillermo Dalla Vecchia [EMAIL PROTECTED] wrote: Sorry, I didn't check the reply address. How about Linux Clients?? could it be done something similar for them? (logon scripts only work with Windows Clients). On 3/17/06, Craig White [EMAIL PROTECTED] wrote: Let's keep this on list please. A logon script is a script so yes, it could be done that way. A share that isn't browseable is still there, it just doesn't show up in a network browser. You can still connect to it, access privileges permitting. Similar to ADMIN$ or C$ from a Windows 'server' Craig On Fri, 2006-03-17 at 02:42 -0300, Guillermo Dalla Vecchia wrote: Could it be done with the logon scripts option?? I think this works with windows clients. For Linux clients could it be done setting up correctly fstab (to mount the share at boot time)?? the shares require username and password though... Regards On 3/16/06, Craig White [EMAIL PROTECTED] wrote: On Thu, 2006-03-16 at 23:19 -0300, Guillermo Dalla Vecchia wrote: Dear Friends, Is It Possible to Make a *Share* Visible to a List of Users *Only* ? e.g. If have shares Likes Account, Sales, Support Then I would Like make respective *share* visible *only* to persons in respective dept. Thanks and Best Regards. not that I know of but you can set browsable to off (less visibility) and have those users mount the share by a script or individually set by 'reconnect at logon' and of course you can control read and write access within each share. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] getpwnam() fails for LDAP Users on AIX 5.3
Hello List, below our smb.conf and loglevel 5 output of a failed authentication. We want to get the Unix User details from MS-SFU using the new idmap_ad Backend. If the Windows User is mapped to local name it's all fine. But if we want to use our SFU Users it fails. We believe getpwnam() on AIX is faulty. id username and login works for all users local and AD! Any ideas how to handle, get around this,or solve it differently ? Best Dan smb.conf: [global] workgroup = WG realm = WG.OURREALM.COM server string = host_name (Samba Server) security = ADS idmap backend = idmap_ad username map = /etc/samba/smbusers winbind use default domain = Yes winbind trusted domains only = yes log level = 5 log.smbd: [2006/03/17 14:10:09, 4] lib/username.c:map_username(143) Scanning username map /etc/samba/smbusers [2006/03/17 14:10:09, 3] lib/username.c:map_username(184) Mapped user WG\pawisda to pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_alloc(290) Finding user pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(234) Trying _Get_Pwnam(), username as lowercase is pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(252) Trying _Get_Pwnam(), username as uppercase is PAWISDA [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(261) Checking combinations of 0 uppercase letters in pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(267) Get_Pwnam_internals didn't find user [pawisda]! [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_alloc(290) Finding user pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(234) Trying _Get_Pwnam(), username as lowercase is pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(252) Trying _Get_Pwnam(), username as uppercase is PAWISDA [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(261) Checking combinations of 0 uppercase letters in pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(267) Get_Pwnam_internals didn't find user [pawisda]! [2006/03/17 14:10:09, 1] smbd/sesssetup.c:reply_spnego_kerberos(303) Username pawisda is invalid on this system -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Windows Performance difference browsing dir
Hi, Iam using Samba samba-3.0.21c. I have an share with 2500 files, each file 500 Mbyte on an Win2003 SP1 Server. Access from another Win2003 Server tells me 2500 Calls for Trans2 and QueryPathInfo if I browse the dir. Access from Linux to the Win Share gives me 4900 calls. Performance is OK because of 100 MBit Lan. If I access from Linux through an VPN-tunnel I have much larger response time and it need more then an minute to show the dir with an simple la command. Reason seemed to be that Samba needs much more calls compared to Windows2003. Any explanation for this or to decrease the time need to show the dir? best regards Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] get quota command
In the get quota command option of smb.conf I point to a script which outputs this line: 1 156484 10 20 6748 0 0 when called passing the uid of the user whose quota is to be checked as third parameter. Also the script has read and execution permission for any user. I have this problems: - The clients don't get this information right (it shows instead the total disk space of the partition and the samba logs say that the output of the command is invalid) - Samba always calls this script with . as first parameter. I thought I could use this parameter to know for which of the shared folders is it asking the quota limits, but it always passes that parameter so I can't. Could this be a bug? - (To developers) Wouldn't it be better to report to the clients the hard quota limit instead of the soft limit? This can cause that Windows doesn't upload the profile at logoff when the used space is over the soft limit, when actually it could be uploaded because the hard limit hasn't been exceeded. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain authentification problem with LDAP
We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Share Visible To Particular Users Only
You might try to have the home share be attached to the directory of interest or have the directory(ies) of interest as sub directories of the home directory. This would not technically control the visability of the shares but would give access to the set of files based on user identity. Should give same results in Windows/Unix. Hope This Helps, Fred On Fri, March 17, 2006 9:19 am, Guillermo Dalla Vecchia wrote: Also, logon scripts only work with a domain configuration whereas I have a workgroup. Is there some way to this in a workgroup?? Regards On 3/17/06, Guillermo Dalla Vecchia [EMAIL PROTECTED] wrote: Sorry, I didn't check the reply address. How about Linux Clients?? could it be done something similar for them? (logon scripts only work with Windows Clients). On 3/17/06, Craig White [EMAIL PROTECTED] wrote: Let's keep this on list please. A logon script is a script so yes, it could be done that way. A share that isn't browseable is still there, it just doesn't show up in a network browser. You can still connect to it, access privileges permitting. Similar to ADMIN$ or C$ from a Windows 'server' Craig On Fri, 2006-03-17 at 02:42 -0300, Guillermo Dalla Vecchia wrote: Could it be done with the logon scripts option?? I think this works with windows clients. For Linux clients could it be done setting up correctly fstab (to mount the share at boot time)?? the shares require username and password though... Regards On 3/16/06, Craig White [EMAIL PROTECTED] wrote: On Thu, 2006-03-16 at 23:19 -0300, Guillermo Dalla Vecchia wrote: Dear Friends, Is It Possible to Make a *Share* Visible to a List of Users *Only* ? e.g. If have shares Likes Account, Sales, Support Then I would Like make respective *share* visible *only* to persons in respective dept. Thanks and Best Regards. not that I know of but you can set browsable to off (less visibility) and have those users mount the share by a script or individually set by 'reconnect at logon' and of course you can control read and write access within each share. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdb_fetch failed, getpeername failed, INTERNAL ERROR: Signal 11
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Manfred Oster wrote: hi folks, i´m using samba 3.0.2a. in my system messages.log are some entrys like this ... What does it mean? I´v googled some hours without finding useful informations. I would recommend an upgrade. These issues have long been fixed. cheers, jerry = I live in a Reply-to-All world. --- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGvfIIR7qMdg1EfYRAj53AJ9v/7CzQoxNOflbqi0CCGYeeT1WNACgtUC6 Za8mL0nq2VcBezzgu06DJL8= =NY+J -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem at include a machine in domain
Is the sambaSAMAcount information included in the Machine Account being created or joined to the domain? James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephan Higuti Sent: Friday, March 17, 2006 6:03 AM To: samba@lists.samba.org Subject: [Samba] Problem at include a machine in domain Hello guys! My name its Stephan and i'm from Brazil , so sorry for my bad english. I'm configuring a Samba how a PDC in my network... working with OpenLdap. I'm using Slackware 10.2 (Default Kernel, 2.4) Samba 3.0.21c slapd 2.3.19. smbdap-tools. When i include a machine in my domain for smbldap-tools , its all right. But when i try to include tha machine for windows (for the clients) , show the message Logon fail: Wrong username or incorrect password., in the smba log show this. [EMAIL PROTECTED]:/var/log/samba# cat ajax.log [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:26, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:26, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:26, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w ajax$' gave 9 Anybody can help me? Thanks! Stephan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: security=share, who needs it ?
On Fri, 2006-03-17 at 11:53 -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: I can only think of one reason...I ran into that last night on [EMAIL PROTECTED] User was connecting an old DOS client system to samba and had to use 'security = share' Hey Craig, I'd have to see some evidence here. My experience is that the DOS Network client (even the basic redirector) works with user mode security. I'm not aware of a modern (still in use) client that doesn't support user mode security at all. not from me - I am not using it. The questioner on fedora list got what he wanted working once he switched to share mode and I was willing to let it go as that made him happy and I have little to no recollection of the DOS Network client at all. Your anticipation that the DOS client can be happy in user mode is probably correct...it was difficult to guide him on a client that I can't possibly see. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
James - this is the second time you have made that reference to the smbldap-useradd script. There have been a lot and lot of versions of the smbldap-tools and perhaps the version that you are looking at is missing something like that but I assure you that most versions aren't. Craig On Fri, 2006-03-17 at 10:03 -0800, James Taylor wrote: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain authentification problem with LDAP
James Taylor wrote: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James james, i've been paging through this thread, and i would like to see your change to the idealx scripts as i have had the same issue: smbldap-useradd does not properly add a machine account to ldap. i am using smbldap-tools-0.9.1-1.2.fc4.rf.rpm from the rpmforge.net repo. thank you. -- My Website: http://messinet.com My Online Gallery: http://messinet.com/modules.php?name=Web_Linksl_op=visitlid=3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
I know that the last 2 versions of the script I am working with are missing this function when using the -w switch (as documented) it will NOT add the sambaSAMAccount information. I have had several users also request a copy of this script from me solving their problems with a similar issue. It seems very odd that there are so many similar issues lately on the posts concerning the (I can't connect to the Domain). Had it not been for the fact I decided to look at the script itself I would not have found this problem. Going to the IDEALX site I would love to send them comments but as my French is very minimal not too sure where to go. Thanks James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:09 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP James - this is the second time you have made that reference to the smbldap-useradd script. There have been a lot and lot of versions of the smbldap-tools and perhaps the version that you are looking at is missing something like that but I assure you that most versions aren't. Craig On Fri, 2006-03-17 at 10:03 -0800, James Taylor wrote: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smb.conf location?
Real stupid questions, compiled samba 3.0.21c onto RHEL4-AS x64, with the --prefix=/usr/local/encap/samba-3.0.21c, yet I can't find the smb.conf in there? What gives? Where is the smb.conf supposed to be on a compiled install with the aobve prefix, I would assume it would put it into where I told it to put it. Thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] print server performance issues
I'm migrating a 1.000 queues windows print server with AD very critical enviroment to linux/cups/samba solution. Initially, everything working fine, but when reached paroximately 400 queues created the server is getting degradated. The browsing of printers shares is very low. Many times during the day smbd and winbindd need to be restarted to stop the degradation. I didn't found any bottleneck, memory, processor, disk i/o are fine. I have read a lot of tuning docs but nothing solved my problem. Some body knows where can I find more information? Or if there's any study case with 1000 queues in a enviroment with 10.000 workstations and aproximately 20.000 users registered in MS-AD. Is samba prepared to this kind of enviroment? Thanks in advance, Bruno Gomes Pessanha Using: Red Hat Enterprise Linux 4 2.6.9-34.ELsmp samba-3.0.10-1.4E.6 cups-1.1.22-0.rc1.9.10 [EMAIL PROTECTED] samba]# cat /etc/samba/smb.conf # Global parameters [global] workgroup = BC server string = TAMBAQUI Server security = domain password server = dc01, dc02, dc03, dc04, dc05 log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap dns proxy = No wins server = 10.163.200.101, 10.163.200.102 remote announce = dc01, dc02, dc03, dc04, dc05 remote browse sync = dc01, dc02, dc03, dc04, dc05 idmap uid = 1-100 idmap gid = 1-100 winbind separator = + winbind cache time = 3600 cups options = raw load printers = yes show add printer wizard = no printer admin = @BC+GG_BC_TESTE_PRINTER,BC+jgb9,BC+rsao,BC+cm9x,BC+ascm9x printcap cache time = 60 client schannel = no lprm command = /usr/bin/cancel %p-%j lppause command = /usr/bin/lp -i %p-%j -H hold lpresume command = /usr/bin/lp -i %p-%j -H resume queuepause command = /usr/bin/disable %p queueresume command = /usr/bin/enable %p deadtime = 5 write cache size = 262144 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes [print$] path = /etc/samba/drivers public = yes writable = no browseable = yes write list = @BC+GG_BC_TESTE_PRINTER -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making Share Visible To Particular Users Only
I did it with the following configuration of the share: [johndoe] path = /tmp valid users = johndoe public = no browseable = no writeable = yes include = /etc/samba/smb.conf.%U create mask = 0600 directory mask = 0700 /etc/samba/smb.conf.%U The following lines are in the file smb.conf.johndoe [johndoe] browseable = yes Thanks to Gx and to all for your kind help Regards Guillermo. On 3/17/06, Frederick C. Damen [EMAIL PROTECTED] wrote: You might try to have the home share be attached to the directory of interest or have the directory(ies) of interest as sub directories of the home directory. This would not technically control the visability of the shares but would give access to the set of files based on user identity. Should give same results in Windows/Unix. Hope This Helps, Fred On Fri, March 17, 2006 9:19 am, Guillermo Dalla Vecchia wrote: Also, logon scripts only work with a domain configuration whereas I have a workgroup. Is there some way to this in a workgroup?? Regards On 3/17/06, Guillermo Dalla Vecchia [EMAIL PROTECTED] wrote: Sorry, I didn't check the reply address. How about Linux Clients?? could it be done something similar for them? (logon scripts only work with Windows Clients). On 3/17/06, Craig White [EMAIL PROTECTED] wrote: Let's keep this on list please. A logon script is a script so yes, it could be done that way. A share that isn't browseable is still there, it just doesn't show up in a network browser. You can still connect to it, access privileges permitting. Similar to ADMIN$ or C$ from a Windows 'server' Craig On Fri, 2006-03-17 at 02:42 -0300, Guillermo Dalla Vecchia wrote: Could it be done with the logon scripts option?? I think this works with windows clients. For Linux clients could it be done setting up correctly fstab (to mount the share at boot time)?? the shares require username and password though... Regards On 3/16/06, Craig White [EMAIL PROTECTED] wrote: On Thu, 2006-03-16 at 23:19 -0300, Guillermo Dalla Vecchia wrote: Dear Friends, Is It Possible to Make a *Share* Visible to a List of Users *Only* ? e.g. If have shares Likes Account, Sales, Support Then I would Like make respective *share* visible *only* to persons in respective dept. Thanks and Best Regards. not that I know of but you can set browsable to off (less visibility) and have those users mount the share by a script or individually set by 'reconnect at logon' and of course you can control read and write access within each share. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
#1 - click on the 'English flag' button - et voila, English #2 - you should at least state which smbldap-tools you are speaking of that you have fixed so others have a chance to compare and where you got it from, idealx.com or from your distribution, and report the issue to the place where it came from. #3 - people are likely to ask you for if they are struggling and they don't know why and you authoritatively suggest that your solution will fix things for them. I think we had a very recent issue where that wasn't the problem but the problem lied in his pam/ldap.conf. #4 - suggesting that people do a complete replace the file that came packaged with their system by one that you have modified doesn't seem like the best solution at all...you could offer a 'patch' which should throw up an alert if the file looks different or just the suggestions about where you have modified the code and why...in fact, we have a wiki for that kind of stuff now... http://wiki.samba.org Craig On Fri, 2006-03-17 at 10:22 -0800, James Taylor wrote: I know that the last 2 versions of the script I am working with are missing this function when using the -w switch (as documented) it will NOT add the sambaSAMAccount information. I have had several users also request a copy of this script from me solving their problems with a similar issue. It seems very odd that there are so many similar issues lately on the posts concerning the (I can't connect to the Domain). Had it not been for the fact I decided to look at the script itself I would not have found this problem. Going to the IDEALX site I would love to send them comments but as my French is very minimal not too sure where to go. Thanks James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:09 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP James - this is the second time you have made that reference to the smbldap-useradd script. There have been a lot and lot of versions of the smbldap-tools and perhaps the version that you are looking at is missing something like that but I assure you that most versions aren't. Craig On Fri, 2006-03-17 at 10:03 -0800, James Taylor wrote: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
Cool, will post on your wiki... -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:58 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP #1 - click on the 'English flag' button - et voila, English #2 - you should at least state which smbldap-tools you are speaking of that you have fixed so others have a chance to compare and where you got it from, idealx.com or from your distribution, and report the issue to the place where it came from. #3 - people are likely to ask you for if they are struggling and they don't know why and you authoritatively suggest that your solution will fix things for them. I think we had a very recent issue where that wasn't the problem but the problem lied in his pam/ldap.conf. #4 - suggesting that people do a complete replace the file that came packaged with their system by one that you have modified doesn't seem like the best solution at all...you could offer a 'patch' which should throw up an alert if the file looks different or just the suggestions about where you have modified the code and why...in fact, we have a wiki for that kind of stuff now... http://wiki.samba.org Craig On Fri, 2006-03-17 at 10:22 -0800, James Taylor wrote: I know that the last 2 versions of the script I am working with are missing this function when using the -w switch (as documented) it will NOT add the sambaSAMAccount information. I have had several users also request a copy of this script from me solving their problems with a similar issue. It seems very odd that there are so many similar issues lately on the posts concerning the (I can't connect to the Domain). Had it not been for the fact I decided to look at the script itself I would not have found this problem. Going to the IDEALX site I would love to send them comments but as my French is very minimal not too sure where to go. Thanks James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:09 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP James - this is the second time you have made that reference to the smbldap-useradd script. There have been a lot and lot of versions of the smbldap-tools and perhaps the version that you are looking at is missing something like that but I assure you that most versions aren't. Craig On Fri, 2006-03-17 at 10:03 -0800, James Taylor wrote: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
You still should report the problem and your 'fix' to wherever you got the smbldap-tools package from, be it your distribution or idealx.com FWIW, I have never seen this issue myself and while I generally use tools other than idealx to manage users/groups, I do add machines on the fly which does use the idealx script to accomplish and is the discussion item...adding machine accounts and getting the proper attributes. This of course does require a properly configured smbldap-tools configuration for both 'binding' to LDAP and for attributes, the configuration of which has been split into 2 files for some time now. Idealx.com - as I said, the 'English flag' button at the top right takes you to their English language site. As for the wiki - that belongs to you - the users - we just try to maintain some semblance of order. Craig On Fri, 2006-03-17 at 11:03 -0800, James Taylor wrote: Cool, will post on your wiki... -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:58 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP #1 - click on the 'English flag' button - et voila, English #2 - you should at least state which smbldap-tools you are speaking of that you have fixed so others have a chance to compare and where you got it from, idealx.com or from your distribution, and report the issue to the place where it came from. #3 - people are likely to ask you for if they are struggling and they don't know why and you authoritatively suggest that your solution will fix things for them. I think we had a very recent issue where that wasn't the problem but the problem lied in his pam/ldap.conf. #4 - suggesting that people do a complete replace the file that came packaged with their system by one that you have modified doesn't seem like the best solution at all...you could offer a 'patch' which should throw up an alert if the file looks different or just the suggestions about where you have modified the code and why...in fact, we have a wiki for that kind of stuff now... http://wiki.samba.org Craig On Fri, 2006-03-17 at 10:22 -0800, James Taylor wrote: I know that the last 2 versions of the script I am working with are missing this function when using the -w switch (as documented) it will NOT add the sambaSAMAccount information. I have had several users also request a copy of this script from me solving their problems with a similar issue. It seems very odd that there are so many similar issues lately on the posts concerning the (I can't connect to the Domain). Had it not been for the fact I decided to look at the script itself I would not have found this problem. Going to the IDEALX site I would love to send them comments but as my French is very minimal not too sure where to go. Thanks James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:09 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP James - this is the second time you have made that reference to the smbldap-useradd script. There have been a lot and lot of versions of the smbldap-tools and perhaps the version that you are looking at is missing something like that but I assure you that most versions aren't. Craig On Fri, 2006-03-17 at 10:03 -0800, James Taylor wrote: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions:
[Samba] Mounting Samba share from Windows Mobile 5.0 platform
Hi there, I've just started fiddling with a new Windows Mobile 5 device (HTC Universal / XDA Exec / Qtek 9000) and am trying to get it to mount a samba share. I first tried this to my OS X machine, then tried to an Ubuntu server. I don't know the protocol but when I tell it mount \\80.68.83.61\mattbee (should be my home directory on my laptop) the device (80.68.83.60) does this, broadcasting something to the whole LAN: 18:56:54.530486 IP 80.68.83.60.netbios-ns 80.68.83.63.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 18:56:54.531968 IP 80.68.83.60.netbios-ns 80.68.83.63.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 18:56:54.781702 IP 80.68.83.60.netbios-ns 80.68.83.63.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 18:56:54.782974 IP 80.68.83.60.netbios-ns 80.68.83.63.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 18:56:55.036890 IP 80.68.83.60.netbios-ns 80.68.83.63.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 18:56:55.038320 IP 80.68.83.60.netbios-ns 80.68.83.63.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST then reports The network path was not found. As far as I know there's no options for me to tweak at the client end. My samba version reports itself as 3.0.14a-Ubuntu. I've attached the exact tcpdump output (very short) and my smb.conf (also short, with comments taken out). In my ignorance I've tried adding a few lines to the top of the otherwise-default Ubuntu configuration that I thought might affect nmbd's response to these broadcasts, but nothing seems to have got Samba to respond. There's also nothing appearing in either the smbd or nmbd logs in response to these requests. I'm not really sure what the client might be asking for; does anyone know how to proceed from here? Sorry I've not got a Windows machine against which to demonstrate a working mount attempt (but could have a go with qemu at the weekend if necessary!) Thanks in advance for any advice. -- Matthew Bloch [global] log level = 99 domain master = yes preferred master = yes remote announce = 80.68.83.63/MATT wins proxy = yes workgroup = MSHOME server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = yes invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . socket options = TCP_NODELAY [homes] comment = Home Directories browseable = no writable = no create mask = 0700 directory mask = 0700 [printers] comment = All Printers browseable = no path = /tmp printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
Just reported it to IDEALX. My IE Client did not show the convert to English function but when you made the comment I swiped my mouse over the screen and it showed me the link. I should load Mozilla on this box. Thanks James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 11:27 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP You still should report the problem and your 'fix' to wherever you got the smbldap-tools package from, be it your distribution or idealx.com FWIW, I have never seen this issue myself and while I generally use tools other than idealx to manage users/groups, I do add machines on the fly which does use the idealx script to accomplish and is the discussion item...adding machine accounts and getting the proper attributes. This of course does require a properly configured smbldap-tools configuration for both 'binding' to LDAP and for attributes, the configuration of which has been split into 2 files for some time now. Idealx.com - as I said, the 'English flag' button at the top right takes you to their English language site. As for the wiki - that belongs to you - the users - we just try to maintain some semblance of order. Craig On Fri, 2006-03-17 at 11:03 -0800, James Taylor wrote: Cool, will post on your wiki... -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:58 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP #1 - click on the 'English flag' button - et voila, English #2 - you should at least state which smbldap-tools you are speaking of that you have fixed so others have a chance to compare and where you got it from, idealx.com or from your distribution, and report the issue to the place where it came from. #3 - people are likely to ask you for if they are struggling and they don't know why and you authoritatively suggest that your solution will fix things for them. I think we had a very recent issue where that wasn't the problem but the problem lied in his pam/ldap.conf. #4 - suggesting that people do a complete replace the file that came packaged with their system by one that you have modified doesn't seem like the best solution at all...you could offer a 'patch' which should throw up an alert if the file looks different or just the suggestions about where you have modified the code and why...in fact, we have a wiki for that kind of stuff now... http://wiki.samba.org Craig On Fri, 2006-03-17 at 10:22 -0800, James Taylor wrote: I know that the last 2 versions of the script I am working with are missing this function when using the -w switch (as documented) it will NOT add the sambaSAMAccount information. I have had several users also request a copy of this script from me solving their problems with a similar issue. It seems very odd that there are so many similar issues lately on the posts concerning the (I can't connect to the Domain). Had it not been for the fact I decided to look at the script itself I would not have found this problem. Going to the IDEALX site I would love to send them comments but as my French is very minimal not too sure where to go. Thanks James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:09 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP James - this is the second time you have made that reference to the smbldap-useradd script. There have been a lot and lot of versions of the smbldap-tools and perhaps the version that you are looking at is missing something like that but I assure you that most versions aren't. Craig On Fri, 2006-03-17 at 10:03 -0800, James Taylor wrote: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to
Re: [Samba] Re: security=share, who needs it ?
On Fri, 17 Mar 2006 09:12:52 -0600 Gerald \(Jerry\) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom, I've got to step up for Carsten here. Tom Schaefer wrote: Carsten Schaub [EMAIL PROTECTED] wrote: the security=shre setting does not behave as many admins expect. Access It behaves exactly as this admin expects and I would absolutely hate to see it to go. No. it really doesn't. For the record, Carsten brought this issue up on the samba-technical ml. Every developer agrees that our security = share code is fundamentally broken because it tries to shoe horn a userless security model onto a user/password authentication system. I don't know if it behaves as other admins expect but it is does behave as I expect. I've tinkered with it, read the man pages, and learned how it behaves. I know Carsten brought the issue up on samba-technical because as soon as I saw his post here I kind of phreaked out fearing the conversation might be occurring elsewhere as well. Its a conversation I don't want to see anywhere, so I Googled it and to my dismay I found the big discussion you all are having over on Samba technical. I've read pretty much all of it. People try to do all sorts of silly things with security = share like using a 'write list' option. What is that supposed to mean? You want a userless authentication but a user based authorization system? That's just wrong. Well I've never attempted to do that and a quick review of the man page tells me I can't do it under Samba 3 even if I want to. So, I'm not going to address it other than to say what you trying to bang over my head as well - share level security is not a userless authentication in Samba and its presumptuous to assume thats what the admin wants. Perhaps the admin understands that even under share level security Samba always makes the connection as somebody, understands whom that somebody is can easily be controlled, and finds it advantageous to do so. If the only think people need is a guest server, we can do that very easily with 'security = user'. We can even mix guest and non-guest servers using virtual servers. With security=user you've still got to successfully connect as some user in the first place before you can even request a guest share. This leads to all sorts of fun. You'll still have situations where Joe User is going to find it difficult at best to actually connect to a guest share because he doesn't know his password, why should he need to know his password to access the guest share? (Its a rhetorical question I understand the technical reason why) Enter map to guest, more fun, he'll make a typo on his username or password and get connected to the guest share as the guest account and subsequently not be able to connect to his non guest shares. With security=share a guest share is always a guest share is always a guest share, no issues, no hassles, no muss, no fuss, it just works, always. As far as virtual servers, they confuse people. Also, they don't work unless you disable port 445.. %L the NetBIOS name of the server. This allows you to change your config based on what the client calls you. Your server can have a ``dual personality''. This parameter is not available when Samba listens on port 445, as clients no longer send this information. I can go on about virtual servers Jerry, just ask me. to all shares are mapped to the guest account and if the underlying unix permissions don't permit that access you get errors and the access doesn't work as expected. Thats wrong. You connect to a Samba server using security=share as the guest account or as any user you want. The method used for determining whom you connect to a particular share as is spelled out in the section NOTE ABOUT USERNAME/PASSWORD VALIDATION of the smb.conf man page. Tom, I think it is a little more complicated that you realize. The problem is not getting 'security = share' to work with the current code base, but rather how easy it is to misconfigure the server. And I'll add that if we implemented share mode security as it should be, your configuration would probably not work any more. So, you're going to yank it out to protect me from myself. It wasn't THAT long ago it was the DEFAULT. I think making security=user the default as you've already done is sufficient to protect admins from themselves. Might I remind you Samba runs on UNIX and UNIX like OSes where as root I can type type rm -rf / or a jillion other as disruptive commands with nary a single word of warning put before my eyes. Also is security=share a global parameter. This given, there is no distinction between guest and authenticated access per share possible yet. No, no. Here are a few shares from the smb.conf file of a single security=share server I have. Homes only
Re: [Samba] Domain authentification problem with LDAP
The objectclass sambaSAMAccount and subsequent fields have been created. We are using the standard perl script tools that are installed with the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6). What I really do not understand is that if I put a user in the standard ldap group Domain Admins (gid=512), the user is able to logon to the domain, but not when it is in the Domain Users group (gid=513). What is the big difference for Samba between the two's ? Can it be an ACL problems ? James Taylor [EMAIL PROTECTED] a écrit: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Daniel Tousignant Support informatique Intair Transit Courriel : [EMAIL PROTECTED] Telephone : (514) 286-8515 poste 3326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
It could be ACL's but I am wondering how your /etc/ldap.conf file looks. Also, does the Domain Users group have the sambaGroupMapping objectClass? Also is it associated with the right samba Domain under the sambaSID? Otherwise the domain won't refer to that group. James -Original Message- From: Daniel Tousignant [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 12:08 PM To: James Taylor Cc: samba@lists.samba.org Subject: Re: [Samba] Domain authentification problem with LDAP The objectclass sambaSAMAccount and subsequent fields have been created. We are using the standard perl script tools that are installed with the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6). What I really do not understand is that if I put a user in the standard ldap group Domain Admins (gid=512), the user is able to logon to the domain, but not when it is in the Domain Users group (gid=513). What is the big difference for Samba between the two's ? Can it be an ACL problems ? James Taylor [EMAIL PROTECTED] a écrit: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Daniel Tousignant Support informatique Intair Transit Courriel : [EMAIL PROTECTED] Telephone : (514) 286-8515 poste 3326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ldapsam:trusted=yes
Hi, I am implementing a series of automated regressions tests for samba3. I wish to incorporate the ldapsam:trusted=yes parameter into the testing, and initially had some problems getting smbd to start up and play well with clients. I have discovered that the problem (I am using smbldap tools, smbldap-populate in particular) is the existence of root and nobody users in both /etc/passwd and the ldap database. In /etc/password there is a root user in group root (0), and a nobody user in group nobody (65533); in the ldap database there is also a root user in group Domain Admins (512) and a nobody user in group Domain Guests (514). Samba appears to find the /etc/passwd users first, but wants to find their groups in ldap, where of course they don't exist. My solution to this has been to remove the ldap root and nobody users, then assign the ldap group numbers to the /etc/passwd root and nobody users. After testing I reassign the /etc/passwd root and nobody users to their original groups. I am interested to know if anyone has found a more elegant solution to using ldapsam:trusted=yes. Sincerely,Don Watson Linux Technology and Solutions; Beaverton, OR 503-578-4861/TL: 775-4861; [EMAIL PROTECTED] To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Simple Question About samba/ldap
Does samba not store the ldap admin password between boots? Whenever I reboot my BDC I have to reissue the smbpasswd -w x command before it can successfully validate anything. Is this normal? TIA. Larry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Simple Question About samba/ldap
On Fri, 2006-03-17 at 14:46 -0600, Larry McElderry wrote: Does samba not store the ldap admin password between boots? Whenever I reboot my BDC I have to reissue the smbpasswd -w x command before it can successfully validate anything. Is this normal? no try running... tdbdump /etc/samba/secrets.tdb after you set the value and then after you reboot Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain authentification problem with LDAP
On Fri, 2006-03-17 at 15:08 -0500, Daniel Tousignant wrote: The objectclass sambaSAMAccount and subsequent fields have been created. We are using the standard perl script tools that are installed with the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6). What I really do not understand is that if I put a user in the standard ldap group Domain Admins (gid=512), the user is able to logon to the domain, but not when it is in the Domain Users group (gid=513). What is the big difference for Samba between the two's ? Can it be an ACL problems ? not very likely to be an ACL problem. net groupmap list|grep Domain net getlocalsid why don't you post up what comes from those commands... Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Storing passwords in LDAP, but not a PDC
Hello, Is it possible to store samba passwords in ldap without configuring samba as a PDC? All the documents/references I've come across are related to using LDAP as a samba PDC backend, not as just a db file replacement. Thanks, David Filion -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain authentification problem with LDAP
The only thing that is configured in the ldap.conf file is the Base(dc=INTAIR, dc=transit) and Host (localhost) (with no SSL support). And yes, the objectclass is there with the right sambaSID. By the way the tools are the IDEALX 0.9.1 James Taylor [EMAIL PROTECTED] a écrit: It could be ACL's but I am wondering how your /etc/ldap.conf file looks. Also, does the Domain Users group have the sambaGroupMapping objectClass? Also is it associated with the right samba Domain under the sambaSID? Otherwise the domain won't refer to that group. James -Original Message- From: Daniel Tousignant [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 12:08 PM To: James Taylor Cc: samba@lists.samba.org Subject: Re: [Samba] Domain authentification problem with LDAP The objectclass sambaSAMAccount and subsequent fields have been created. We are using the standard perl script tools that are installed with the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6). What I really do not understand is that if I put a user in the standard ldap group Domain Admins (gid=512), the user is able to logon to the domain, but not when it is in the Domain Users group (gid=513). What is the big difference for Samba between the two's ? Can it be an ACL problems ? James Taylor [EMAIL PROTECTED] a écrit: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Daniel Tousignant Support informatique Intair Transit Courriel : [EMAIL PROTECTED] Telephone : (514) 286-8515 poste 3326 Daniel Tousignant Support informatique Intair Transit Courriel : [EMAIL PROTECTED] Telephone : (514) 286-8515 poste 3326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain authentification problem with LDAP
Craig White [EMAIL PROTECTED] a écrit: On Fri, 2006-03-17 at 15:08 -0500, Daniel Tousignant wrote: The objectclass sambaSAMAccount and subsequent fields have been created. We are using the standard perl script tools that are installed with the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6). What I really do not understand is that if I put a user in the standard ldap group Domain Admins (gid=512), the user is able to logon to the domain, but not when it is in the Domain Users group (gid=513). What is the big difference for Samba between the two's ? Can it be an ACL problems ? not very likely to be an ACL problem. net groupmap list|grep Domain Domain Users (S-1-5-21-3194588850-3670737847-3710085093-513) - Domain Users Domain Guests (S-1-5-21-3194588850-3670737847-3710085093-514) - Domain Guests Domain Admins (S-1-5-21-3194588850-3670737847-3710085093-512) - Domain Admins Domain Machines (S-1-5-21-3194588850-3670737847-3710085093-515) - Domain Machines net getlocalsid [2006/03/17 16:09:20, 0] utils/net.c:net_getlocalsid(494) Can't fetch domain SID for name: HIPPOLYTE why don't you post up what comes from those commands... Craig Daniel Tousignant Support informatique Intair Transit Courriel : [EMAIL PROTECTED] Telephone : (514) 286-8515 poste 3326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Simple Question About samba/ldap
Interesting! It's there before I reboot, but gone after. Any ideas as to why? Larry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Craig White Sent: Friday, March 17, 2006 3:01 PM To: samba@lists.samba.org Subject: Re: [Samba] Simple Question About samba/ldap On Fri, 2006-03-17 at 14:46 -0600, Larry McElderry wrote: Does samba not store the ldap admin password between boots? Whenever I reboot my BDC I have to reissue the smbpasswd -w x command before it can successfully validate anything. Is this normal? no try running... tdbdump /etc/samba/secrets.tdb after you set the value and then after you reboot Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain authentification problem with LDAP
On Fri, 2006-03-17 at 16:14 -0500, Daniel Tousignant wrote: Craig White [EMAIL PROTECTED] a écrit: On Fri, 2006-03-17 at 15:08 -0500, Daniel Tousignant wrote: The objectclass sambaSAMAccount and subsequent fields have been created. We are using the standard perl script tools that are installed with the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6). What I really do not understand is that if I put a user in the standard ldap group Domain Admins (gid=512), the user is able to logon to the domain, but not when it is in the Domain Users group (gid=513). What is the big difference for Samba between the two's ? Can it be an ACL problems ? not very likely to be an ACL problem. net groupmap list|grep Domain Domain Users (S-1-5-21-3194588850-3670737847-3710085093-513) - Domain Users Domain Guests (S-1-5-21-3194588850-3670737847-3710085093-514) - Domain Guests Domain Admins (S-1-5-21-3194588850-3670737847-3710085093-512) - Domain Admins Domain Machines (S-1-5-21-3194588850-3670737847-3710085093-515) - Domain Machines net getlocalsid [2006/03/17 16:09:20, 0] utils/net.c:net_getlocalsid(494) Can't fetch domain SID for name: HIPPOLYTE this is a MAJOR problem...it should look like dn: sambaDomainName=EXAMPLE,dc=example,dc=net sambaAlgorithmicRidBase: 1000 structuralObjectClass: sambaDomain objectClass: sambaDomain objectClass: sambaUnixIdPool sambaSID: S-1-5-21-89274850-471284788-6498272 sambaDomainName: EXAMPLE gidNumber: 1021 uidNumber: 1095 and should have been created either by hand or by idealx 'populate' script if you followed someones directions somewhere. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Simple Question About samba/ldap
none whatsoever but at least you know where the problem lies...you might want to talk this over with whomever packaged the version of samba that you are using and if you compiled it yourself...then that would be an interesting discussion. Craig On Fri, 2006-03-17 at 15:21 -0600, Larry McElderry wrote: Interesting! It's there before I reboot, but gone after. Any ideas as to why? Larry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Craig White Sent: Friday, March 17, 2006 3:01 PM To: samba@lists.samba.org Subject: Re: [Samba] Simple Question About samba/ldap On Fri, 2006-03-17 at 14:46 -0600, Larry McElderry wrote: Does samba not store the ldap admin password between boots? Whenever I reboot my BDC I have to reissue the smbpasswd -w x command before it can successfully validate anything. Is this normal? no try running... tdbdump /etc/samba/secrets.tdb after you set the value and then after you reboot Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Storing passwords in LDAP, but not a PDC
On Fri, 2006-03-17 at 15:43 -0500, David Filion wrote: Hello, Is it possible to store samba passwords in ldap without configuring samba as a PDC? All the documents/references I've come across are related to using LDAP as a samba PDC backend, not as just a db file replacement. yes and you don't even need samba to create the passwords providing you have other means to create the proper Windows password hashes. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Simple Question About samba/ldap
Yes, that does help, thanks. I didn't even think about it disappearing from secrets. At least I can create a workaround til I get to the bottom of it. Larry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Craig White Sent: Friday, March 17, 2006 3:27 PM To: samba@lists.samba.org Subject: RE: [Samba] Simple Question About samba/ldap none whatsoever but at least you know where the problem lies...you might want to talk this over with whomever packaged the version of samba that you are using and if you compiled it yourself...then that would be an interesting discussion. Craig On Fri, 2006-03-17 at 15:21 -0600, Larry McElderry wrote: Interesting! It's there before I reboot, but gone after. Any ideas as to why? Larry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Craig White Sent: Friday, March 17, 2006 3:01 PM To: samba@lists.samba.org Subject: Re: [Samba] Simple Question About samba/ldap On Fri, 2006-03-17 at 14:46 -0600, Larry McElderry wrote: Does samba not store the ldap admin password between boots? Whenever I reboot my BDC I have to reissue the smbpasswd -w x command before it can successfully validate anything. Is this normal? no try running... tdbdump /etc/samba/secrets.tdb after you set the value and then after you reboot Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 4 Clustering
Hi List, From what I've read in many mailing lists, Samba 3 is not truly clusterable. From what I understand, people have been able to cluster Samba with varying levels of success. Transparent failover and active-active file serving ( 2 or more smbs serving the same files (through a cluster filesystem like GFS) from multiple cluster nodes simultaneously ) are two things that are not possible with the current Samba. Or are there more issues as well? There were discussions however, that mentioned clustering being scoped into Samba 4. Can somebody elaborate on clustering support in Samba 4? Many thanks, --Abhi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 4 Clustering
On Fri, Mar 17, 2006 at 05:14:44PM -0600, Abhijith Das wrote: Hi List, From what I've read in many mailing lists, Samba 3 is not truly clusterable. From what I understand, people have been able to cluster Samba with varying levels of success. Transparent failover and active-active file serving ( 2 or more smbs serving the same files (through a cluster filesystem like GFS) from multiple cluster nodes simultaneously ) are two things that are not possible with the current Samba. Or are there more issues as well? There were discussions however, that mentioned clustering being scoped into Samba 4. Can somebody elaborate on clustering support in Samba 4? Samba3 has been made cluster aware by SGI via the work of James Peach (on the Samba Team). James has posted his changes and we're in the process of evaluating them for future integration. Volker is particularly active in this area at the moment. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba (3.0.21) PDC works from remote network, but not from local network...
Hello, We're running Samba 3.0.21a compiled from source as our PDC. We have two separate networks with a router in between. The samba server is running as the only WINS server on the two networks. The machines on the remote network are set up through DHCP to look to the samba machine as their WINS server, they also use it as a PDC. Our problem is this. Windows-XP machines on the SAME network as the PDC are having a strange problem every time they are rebooted. The first time a user tries to log in, they get a no logon servers available message and are denied access. If the machine is then left sitting for a few minutes and any user tries to log in again, it works fine. The logins also seem to take longer than I would expect. The really strange part is that the Windows-XP boxes on the REMOTE network do NOT have this problem at all. We have tested every variable we can think of by moving identical machines from one network to the other and the results are always that after a reboot, the machines on the local network cannot find the domain server, but machines on the remote network can. Has anyone ever seen this before and have some possible solutions? Thanks in advance for any help! -- Brian Powell - Senior Systems Manager, The Ohio Supercomputer Center Phone: 614-292-6017 GPG(pgp) key at, http://www.osc.edu/~bpowell/ Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin, 1755 signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] clients open/close files thousands of times
According to the samba logs, every type of file opened gets opened and closed dozens of times a second. Filling up the with open and closes everyday, one user with 60,000 pairs of open/close statements in less than one day. It seems to happen in different degrees of severity to different users... Samba 3.0.20c kernel: 2.6.9-22.0.2 Here is an example: [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=Yes write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=No write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=Yes write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=Yes write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=No write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=Yes write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=Yes write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=No write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=Yes write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=Yes write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=Yes write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=No write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=Yes write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=Yes write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13) [2006/03/17 11:55:29, 2] smbd/open.c:open_file(350) rylie opened file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg read=No write=No (numopen=14) [2006/03/17 11:55:29, 2] smbd/close.c:close_normal_file(308) rylie closed file USER/USTA50/MATERIAL/PATTERN/BACKGRND/Sky2.jpg (numopen=13)
[Samba] problems adding machines after upgrade - sambaSID attribute incomplete!
Some days ago we were able to add machines to our Samba+OpenLDAP domain, but after we decided to update samba from 3.0.5a to 3.0.21c now we can't do that anymore!. In adding a machine, the wellcome to domain XXX message appears, but after rebooting the machine it doesn't works!. Looking the openldap entries, now we are having these kind of entries: sambaSID: S-1-5-21-2502698289-3639879065-4582 sambaPrimaryGroupSID: S-1-5-21-2502698289-3639879065-7544774837-515 note that one part of the Samba SID is missing, the correct should be: sambaSID: S-1-5-21-2502698289-3639879065-7544774837-4582 so, I tried to fix the sambaSID attribute by hand on the openldap server using phpldapadmin but no luck. Also, I tried with the last smbldap-tools-0.9.2-1 without success. Windows shows please check your password. How can this be fixed? Our openldap samba.schema was taken from samba 3.0.14a and our PDC is red hat 9. Thanks, Pablo p.d. this is an example of one ldif machine record: dn: uid=sistemas-47$,ou=Computers,o=company objectClass: top,person,organizationalPerson,inetOrgPerson,posixAccount,sambaSamAccount cn: sistemas-47$ sn: sistemas-47$ uid: sistemas-47$ uidNumber: 1791 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer sambaSID: S-1-5-21-2502698289-3639879065-4582 sambaPrimaryGroupSID: S-1-5-21-2502698289-3639879065-7544774837-515 displayName: SISTEMAS-47$ sambaPwdCanChange: 1142646485 sambaPwdMustChange: 2147483647 sambaNTPassword: 16686156AAC4D85D1BD046C3320FEE9C sambaPwdLastSet: 1142646485 sambaAcctFlags: [W ] -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems adding machines after upgrade - sambaSID attribute incomplete!
On Fri, 2006-03-17 at 21:22 -0500, Pablo Chamorro C. wrote: Some days ago we were able to add machines to our Samba+OpenLDAP domain, but after we decided to update samba from 3.0.5a to 3.0.21c now we can't do that anymore!. In adding a machine, the wellcome to domain XXX message appears, but after rebooting the machine it doesn't works!. Looking the openldap entries, now we are having these kind of entries: sambaSID: S-1-5-21-2502698289-3639879065-4582 sambaPrimaryGroupSID: S-1-5-21-2502698289-3639879065-7544774837-515 note that one part of the Samba SID is missing, the correct should be: sambaSID: S-1-5-21-2502698289-3639879065-7544774837-4582 so, I tried to fix the sambaSID attribute by hand on the openldap server using phpldapadmin but no luck. Also, I tried with the last smbldap-tools-0.9.2-1 without success. Windows shows please check your password. How can this be fixed? Our openldap samba.schema was taken from samba 3.0.14a and our PDC is red hat 9. Thanks, Pablo p.d. this is an example of one ldif machine record: dn: uid=sistemas-47$,ou=Computers,o=company objectClass: top,person,organizationalPerson,inetOrgPerson,posixAccount,sambaSamAccount cn: sistemas-47$ sn: sistemas-47$ uid: sistemas-47$ uidNumber: 1791 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer sambaSID: S-1-5-21-2502698289-3639879065-4582 sambaPrimaryGroupSID: S-1-5-21-2502698289-3639879065-7544774837-515 displayName: SISTEMAS-47$ sambaPwdCanChange: 1142646485 sambaPwdMustChange: 2147483647 sambaNTPassword: 16686156AAC4D85D1BD046C3320FEE9C sambaPwdLastSet: 1142646485 sambaAcctFlags: [W ] #1 - samba.schema should always be the one supplied with your samba so using one from samba-3.0.14a doesn't make any sense at all. #2 - what do you get from command... 'net getlocalsid' ? #3 - do other commands work such as... pdbedit -Lv ? #4 - from the process you described, it sounds like you are using the Windows Network Wizard to join the computer to the domain which pretty much relies on you properly configuring smbldap-tools and from your description, it would seem that your smbldap-tools was updated but not the configuration or if your smbldap-tools configuration was updated, that you made some errors. You need to inspect the configuration there. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Curious Question
Thanks for the help on this mailing list, I now have my personal home server allowing access without having to actually enter any login information. All I had to do was set it to anonymous server and use the 'hosts allow' parameter so that only my home machines can access it. However, now I'm curious. This will probably sound like the same question I just asked on here but, would it be possible to assign an ip address to a specific user account? For example, at home I have a desktop computer and a laptop computer. As well as the server running samba. Let's say I had two file shares on the server /var/desktop and /var/laptop. Would I be able to configure samba so that it looks at the ip address of the computer requesting access and only showed the appropriate share? So when I access my server from my laptop I would only see the /var/laptop share, and vice versa with the desktop? Again, without having to enter any username or password? This is mere curiosity on my part. Hypothetical question for future reference. -- Cheers, Matt mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon Script Not Working
Hi all I have a samba pdc with openldap (samba 3.0.21c with Openldap 2.3.19). i have some file servers(samba domain member server) . using logon script, i map drives to my clients. so that they can access domain member server share declared through samba, but when users login, some times, the logon script doesn't run at all, if the system is rebooted, it runs, but all the drives are not mapped. why is it so, please guide me. the following is the logon script @ echo off net time \\mypdc /set /yes net use p: /delete /yes net use p: \\prjsrv01\projects file://prjsrv01/projects net use o: /delete /yes net use o: \\dbsvr01\newprjs file://dbsvr01/newprjs net use v: /delete /yes net use v: \\dbsvr01\signals file://dbsvr01/signals net use q: /delete /yes net use q: \\dbsvr01\quality file://dbsvr01/quality net use h: /delete /yes net use h: \\dbsvr01\intrmdls file://dbsvr01/intrmdls net use i: /delete /yes net use i: \\prjsrv01\datalib file://prjsrv01/datalib net use t: /delete /yes net use t: \\dbsvr01\training file://dbsvr01/training The above logon script is called dcdrvs.bat which is in netlogon share ie netlogon share declared in smb.conf of my PDC. the dcdrvs.bat file is in dcdrvs.bat: ASCII text, with CRLF line terminators i have more than 50 users, whose logon script is dcdrvs.bat, ie for all 50 users i have one logon script. Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Curious Question
Nevermind, I withdraw the question. I thought 'hosts allow' and 'hosts deny' were global variables only. I found out by experimentation that they can be applied to directories as well, so that answers that. Sorry to sound like such a newbie but, I've only been playing around with linux for about a week now. Thanks for all your help. Thanks for the help on this mailing list, I now have my personal home server allowing access without having to actually enter any login information. All I had to do was set it to anonymous server and use the 'hosts allow' parameter so that only my home machines can access it. However, now I'm curious. This will probably sound like the same question I just asked on here but, would it be possible to assign an ip address to a specific user account? For example, at home I have a desktop computer and a laptop computer. As well as the server running samba. Let's say I had two file shares on the server /var/desktop and /var/laptop. Would I be able to configure samba so that it looks at the ip address of the computer requesting access and only showed the appropriate share? So when I access my server from my laptop I would only see the /var/laptop share, and vice versa with the desktop? Again, without having to enter any username or password? This is mere curiosity on my part. Hypothetical question for future reference. -- Cheers, Mattmailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r14503 - branches/SAMBA_3_0/source/libads trunk/source/libads
Author: gd
Date: 2006-03-17 09:25:26 + (Fri, 17 Mar 2006)
New Revision: 14503
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14503
Log:
Fix principal in debug statement.
Guenther
Modified:
branches/SAMBA_3_0/source/libads/kerberos.c
trunk/source/libads/kerberos.c
Changeset:
Modified: branches/SAMBA_3_0/source/libads/kerberos.c
===
--- branches/SAMBA_3_0/source/libads/kerberos.c 2006-03-17 03:12:35 UTC (rev
14502)
+++ branches/SAMBA_3_0/source/libads/kerberos.c 2006-03-17 09:25:26 UTC (rev
14503)
@@ -372,9 +372,8 @@
}
if ((err = kerberos_kinit_password(machine_account, password, 0, NULL,
NULL,
LIBADS_CCACHE_NAME, False, 0)) != 0)
{
- DEBUG(0,(get_service_ticket: kerberos_kinit_password [EMAIL
PROTECTED] failed: %s\n,
+ DEBUG(0,(get_service_ticket: kerberos_kinit_password %s
failed: %s\n,
machine_account,
- lp_realm(),
error_message(err)));
goto out;
}
Modified: trunk/source/libads/kerberos.c
===
--- trunk/source/libads/kerberos.c 2006-03-17 03:12:35 UTC (rev 14502)
+++ trunk/source/libads/kerberos.c 2006-03-17 09:25:26 UTC (rev 14503)
@@ -372,9 +372,8 @@
}
if ((err = kerberos_kinit_password(machine_account, password, 0, NULL,
NULL,
LIBADS_CCACHE_NAME, False, 0)) != 0)
{
- DEBUG(0,(get_service_ticket: kerberos_kinit_password [EMAIL
PROTECTED] failed: %s\n,
+ DEBUG(0,(get_service_ticket: kerberos_kinit_password %s
failed: %s\n,
machine_account,
- lp_realm(),
error_message(err)));
goto out;
}
svn commit: samba r14504 - in branches/SAMBA_4_0/source/smb_server/smb: .
Author: metze Date: 2006-03-17 09:42:04 + (Fri, 17 Mar 2006) New Revision: 14504 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14504 Log: make trans and trans2 able to use async ntvfs backends tridge: can you review this please metze Modified: branches/SAMBA_4_0/source/smb_server/smb/trans2.c Changeset: Sorry, the patch is too large (1663 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14504
Re: svn commit: samba r14502 - inbranches/SAMBA_4_0/source/smb_server/smb: .
Author: abartlet Date: 2006-03-17 03:12:35 + (Fri, 17 Mar 2006) New Revision: 14502 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14502 Log: Supply both needed arguments for the backend logoff processing. This should fix the segfaults on the build farm. Metze: please check thanks! I wonder why make test worked in my local tree... -- metze Stefan Metzmacher metze at samba dot org
svn commit: samba r14505 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd
Date: 2006-03-17 10:14:33 + (Fri, 17 Mar 2006)
New Revision: 14505
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14505
Log:
Rename the timed_event to lockout_policy_event.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd.h
branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c
trunk/source/nsswitch/winbindd.h
trunk/source/nsswitch/winbindd_dual.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.h
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd.h 2006-03-17 09:42:04 UTC
(rev 14504)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd.h 2006-03-17 10:14:33 UTC
(rev 14505)
@@ -149,7 +149,7 @@
TALLOC_CTX *mem_ctx;
struct fd_event event;
- struct timed_event *timed_event;
+ struct timed_event *lockout_policy_event;
struct winbindd_async_request *requests;
};
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-03-17 09:42:04 UTC
(rev 14504)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-03-17 10:14:33 UTC
(rev 14505)
@@ -508,8 +508,8 @@
DEBUG(10,(account_lockout_policy_handler called\n));
- if (child-timed_event) {
- TALLOC_FREE(child-timed_event);
+ if (child-lockout_policy_event) {
+ TALLOC_FREE(child-lockout_policy_event);
}
methods = child-domain-methods;
@@ -520,11 +520,11 @@
return;
}
- child-timed_event = add_timed_event(child-mem_ctx,
-timeval_current_ofs(3600, 0),
-account_lockout_policy_handler,
-account_lockout_policy_handler,
-child);
+ child-lockout_policy_event = add_timed_event(child-mem_ctx,
+ timeval_current_ofs(3600,
0),
+
account_lockout_policy_handler,
+
account_lockout_policy_handler,
+ child);
}
/* Deal with a request to go offline. */
@@ -657,7 +657,7 @@
if (child-domain != NULL) {
/* We might be in the idmap child...*/
- child-timed_event = add_timed_event(
+ child-lockout_policy_event = add_timed_event(
child-mem_ctx, timeval_zero(),
account_lockout_policy_handler,
account_lockout_policy_handler,
Modified: trunk/source/nsswitch/winbindd.h
===
--- trunk/source/nsswitch/winbindd.h2006-03-17 09:42:04 UTC (rev 14504)
+++ trunk/source/nsswitch/winbindd.h2006-03-17 10:14:33 UTC (rev 14505)
@@ -149,7 +149,7 @@
TALLOC_CTX *mem_ctx;
struct fd_event event;
- struct timed_event *timed_event;
+ struct timed_event *lockout_policy_event;
struct winbindd_async_request *requests;
};
Modified: trunk/source/nsswitch/winbindd_dual.c
===
--- trunk/source/nsswitch/winbindd_dual.c 2006-03-17 09:42:04 UTC (rev
14504)
+++ trunk/source/nsswitch/winbindd_dual.c 2006-03-17 10:14:33 UTC (rev
14505)
@@ -508,8 +508,8 @@
DEBUG(10,(account_lockout_policy_handler called\n));
- if (child-timed_event) {
- TALLOC_FREE(child-timed_event);
+ if (child-lockout_policy_event) {
+ TALLOC_FREE(child-lockout_policy_event);
}
methods = child-domain-methods;
@@ -520,11 +520,11 @@
return;
}
- child-timed_event = add_timed_event(child-mem_ctx,
-timeval_current_ofs(3600, 0),
-account_lockout_policy_handler,
-account_lockout_policy_handler,
-child);
+ child-lockout_policy_event = add_timed_event(child-mem_ctx,
+ timeval_current_ofs(3600,
0),
+
account_lockout_policy_handler,
+
account_lockout_policy_handler,
+ child);
}
/* Deal with a request to go offline. */
@@ -657,7 +657,7 @@
if (child-domain != NULL) {
/* We might be in the idmap child...*/
- child-timed_event = add_timed_event(
+ child-lockout_policy_event = add_timed_event(
svn commit: samba r14506 - branches/SAMBA_3_0/source/libsmb branches/SAMBA_3_0/source/printing trunk/source/libsmb trunk/source/printing
Author: gd
Date: 2006-03-17 10:22:13 + (Fri, 17 Mar 2006)
New Revision: 14506
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14506
Log:
Remove remaining references to a KCM credential cache type.
Guenther
Modified:
branches/SAMBA_3_0/source/libsmb/clikrb5.c
branches/SAMBA_3_0/source/printing/nt_printing.c
trunk/source/libsmb/clikrb5.c
trunk/source/printing/nt_printing.c
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/clikrb5.c
===
--- branches/SAMBA_3_0/source/libsmb/clikrb5.c 2006-03-17 10:14:33 UTC (rev
14505)
+++ branches/SAMBA_3_0/source/libsmb/clikrb5.c 2006-03-17 10:22:13 UTC (rev
14506)
@@ -426,7 +426,7 @@
use memory ccaches, and a FILE one probably means that
we're using creds obtained outside of our exectuable
*/
- if (strequal(cc_type, KCM) || strequal(cc_type, FILE)) {
+ if (strequal(cc_type, FILE)) {
DEBUG(5, (ads_cleanup_expired_creds: We do not remove creds
from a %s ccache\n, cc_type));
return False;
}
Modified: branches/SAMBA_3_0/source/printing/nt_printing.c
===
--- branches/SAMBA_3_0/source/printing/nt_printing.c2006-03-17 10:14:33 UTC
(rev 14505)
+++ branches/SAMBA_3_0/source/printing/nt_printing.c2006-03-17 10:22:13 UTC
(rev 14506)
@@ -3125,11 +3125,7 @@
win_rc = WERR_SERVER_UNAVAILABLE;
goto done;
}
-#ifdef HAVE_KCM
- setenv(KRB5_ENV_CCNAME, KCM:SYSTEM, 1);
-#else
setenv(KRB5_ENV_CCNAME, MEMORY:prtpub_cache, 1);
-#endif
SAFE_FREE(ads-auth.password);
ads-auth.password = secrets_fetch_machine_password(lp_workgroup(),
NULL, NULL);
Modified: trunk/source/libsmb/clikrb5.c
===
--- trunk/source/libsmb/clikrb5.c 2006-03-17 10:14:33 UTC (rev 14505)
+++ trunk/source/libsmb/clikrb5.c 2006-03-17 10:22:13 UTC (rev 14506)
@@ -426,7 +426,7 @@
use memory ccaches, and a FILE one probably means that
we're using creds obtained outside of our exectuable
*/
- if (strequal(cc_type, KCM) || strequal(cc_type, FILE)) {
+ if (strequal(cc_type, FILE)) {
DEBUG(5, (ads_cleanup_expired_creds: We do not remove creds
from a %s ccache\n, cc_type));
return False;
}
Modified: trunk/source/printing/nt_printing.c
===
--- trunk/source/printing/nt_printing.c 2006-03-17 10:14:33 UTC (rev 14505)
+++ trunk/source/printing/nt_printing.c 2006-03-17 10:22:13 UTC (rev 14506)
@@ -3125,11 +3125,7 @@
win_rc = WERR_SERVER_UNAVAILABLE;
goto done;
}
-#ifdef HAVE_KCM
- setenv(KRB5_ENV_CCNAME, KCM:SYSTEM, 1);
-#else
setenv(KRB5_ENV_CCNAME, MEMORY:prtpub_cache, 1);
-#endif
SAFE_FREE(ads-auth.password);
ads-auth.password = secrets_fetch_machine_password(lp_workgroup(),
NULL, NULL);
svn commit: samba r14507 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd
Date: 2006-03-17 10:36:07 + (Fri, 17 Mar 2006)
New Revision: 14507
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14507
Log:
Re-disable accidentially re-enabled paranoia check. This should make
offline logons work again with NT4 and older Samba3 DCs.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
trunk/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-03-17 10:22:13 UTC
(rev 14506)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-03-17 10:36:07 UTC
(rev 14507)
@@ -746,12 +746,15 @@
return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
}
+ /* The info3 acct_flags in NT4's samlogon reply don't have
+* ACB_NORMAL set. */
+#if 0
if (!(my_info3-acct_flags ACB_NORMAL)) {
DEBUG(10,(winbindd_dual_pam_auth_cached: whats wrong
with that one?: 0x%08x\n,
my_info3-acct_flags));
return NT_STATUS_LOGON_FAILURE;
}
-
+#endif
kickoff_time = nt_time_to_unix(my_info3-kickoff_time);
if (kickoff_time != 0 time(NULL) kickoff_time) {
return NT_STATUS_ACCOUNT_EXPIRED;
Modified: trunk/source/nsswitch/winbindd_pam.c
===
--- trunk/source/nsswitch/winbindd_pam.c2006-03-17 10:22:13 UTC (rev
14506)
+++ trunk/source/nsswitch/winbindd_pam.c2006-03-17 10:36:07 UTC (rev
14507)
@@ -746,12 +746,15 @@
return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
}
+ /* The info3 acct_flags in NT4's samlogon reply don't have
+* ACB_NORMAL set. */
+#if 0
if (!(my_info3-acct_flags ACB_NORMAL)) {
DEBUG(10,(winbindd_dual_pam_auth_cached: whats wrong
with that one?: 0x%08x\n,
my_info3-acct_flags));
return NT_STATUS_LOGON_FAILURE;
}
-
+#endif
kickoff_time = nt_time_to_unix(my_info3-kickoff_time);
if (kickoff_time != 0 time(NULL) kickoff_time) {
return NT_STATUS_ACCOUNT_EXPIRED;
svn commit: samba r14508 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd
Date: 2006-03-17 10:43:33 + (Fri, 17 Mar 2006)
New Revision: 14508
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14508
Log:
Return PAM_SUCCESS in pam_sm_close_session when there is no KRB5CCNAME
environment.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
trunk/source/nsswitch/pam_winbind.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
===
--- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-03-17 10:36:07 UTC
(rev 14507)
+++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-03-17 10:43:33 UTC
(rev 14508)
@@ -1086,7 +1086,7 @@
ccname = pam_getenv(pamh, KRB5CCNAME);
if (ccname == NULL) {
_pam_log_debug(ctrl, LOG_DEBUG, user has no KRB5CCNAME
environment);
- return PAM_BUF_ERR;
+ return PAM_SUCCESS;
}
fstrcpy(request.data.logoff.user, user);
Modified: trunk/source/nsswitch/pam_winbind.c
===
--- trunk/source/nsswitch/pam_winbind.c 2006-03-17 10:36:07 UTC (rev 14507)
+++ trunk/source/nsswitch/pam_winbind.c 2006-03-17 10:43:33 UTC (rev 14508)
@@ -1086,7 +1086,7 @@
ccname = pam_getenv(pamh, KRB5CCNAME);
if (ccname == NULL) {
_pam_log_debug(ctrl, LOG_DEBUG, user has no KRB5CCNAME
environment);
- return PAM_BUF_ERR;
+ return PAM_SUCCESS;
}
fstrcpy(request.data.logoff.user, user);
svn commit: samba r14509 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: vlendec
Date: 2006-03-17 11:53:33 + (Fri, 17 Mar 2006)
New Revision: 14509
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14509
Log:
Attempt to fix the build on sun1
Modified:
branches/SAMBA_3_0/source/nsswitch/wbinfo.c
trunk/source/nsswitch/wbinfo.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/wbinfo.c
===
--- branches/SAMBA_3_0/source/nsswitch/wbinfo.c 2006-03-17 10:43:33 UTC (rev
14508)
+++ branches/SAMBA_3_0/source/nsswitch/wbinfo.c 2006-03-17 11:53:33 UTC (rev
14509)
@@ -1293,7 +1293,7 @@
WBFLAG_PAM_INFO3_TEXT;
fstring tok;
int i;
- const char *arg[] = { string_arg, NULL };
+ const char *arg[] = { NULL, NULL };
const char *cctypes[] = { FILE,
KCM,
KCM:0,
@@ -1301,6 +1301,8 @@
NULL,
0};
+ arg[0] = string_arg;
+
while (next_token(arg, tok, LIST_SEP,
sizeof(tok))) {
for (i=0; i ARRAY_SIZE(cctypes); i++)
{
Modified: trunk/source/nsswitch/wbinfo.c
===
--- trunk/source/nsswitch/wbinfo.c 2006-03-17 10:43:33 UTC (rev 14508)
+++ trunk/source/nsswitch/wbinfo.c 2006-03-17 11:53:33 UTC (rev 14509)
@@ -1293,7 +1293,7 @@
WBFLAG_PAM_INFO3_TEXT;
fstring tok;
int i;
- const char *arg[] = { string_arg, NULL };
+ const char *arg[] = { NULL, NULL };
const char *cctypes[] = { FILE,
KCM,
KCM:0,
@@ -1301,6 +1301,8 @@
NULL,
0};
+ arg[0] = string_arg;
+
while (next_token(arg, tok, LIST_SEP,
sizeof(tok))) {
for (i=0; i ARRAY_SIZE(cctypes); i++)
{
svn commit: samba r14510 - in branches/tmp/vl-posixacls/source: . auth client groupdb include lib libads libmsrpc libsmb locking modules nsswitch passdb printing rpc_client rpc_parse rpc_server rpccli
Author: vlendec Date: 2006-03-17 13:17:25 + (Fri, 17 Mar 2006) New Revision: 14510 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14510 Log: Merge -r14315:14509 Added: branches/tmp/vl-posixacls/source/script/tests/dlopen.sh Modified: branches/tmp/vl-posixacls/source/Makefile.in branches/tmp/vl-posixacls/source/auth/auth_util.c branches/tmp/vl-posixacls/source/client/client.c branches/tmp/vl-posixacls/source/configure.in branches/tmp/vl-posixacls/source/groupdb/mapping.c branches/tmp/vl-posixacls/source/include/passdb.h branches/tmp/vl-posixacls/source/include/rpc_dce.h branches/tmp/vl-posixacls/source/include/rpc_spoolss.h branches/tmp/vl-posixacls/source/lib/account_pol.c branches/tmp/vl-posixacls/source/lib/debug.c branches/tmp/vl-posixacls/source/lib/hmacmd5.c branches/tmp/vl-posixacls/source/lib/privileges.c branches/tmp/vl-posixacls/source/lib/sendfile.c branches/tmp/vl-posixacls/source/lib/smbldap.c branches/tmp/vl-posixacls/source/lib/sysquotas.c branches/tmp/vl-posixacls/source/lib/util_unistr.c branches/tmp/vl-posixacls/source/libads/kerberos.c branches/tmp/vl-posixacls/source/libmsrpc/cac_lsarpc.c branches/tmp/vl-posixacls/source/libmsrpc/cac_winreg.c branches/tmp/vl-posixacls/source/libmsrpc/libmsrpc_internal.c branches/tmp/vl-posixacls/source/libsmb/clikrb5.c branches/tmp/vl-posixacls/source/libsmb/libsmbclient.c branches/tmp/vl-posixacls/source/libsmb/smb_signing.c branches/tmp/vl-posixacls/source/locking/locking.c branches/tmp/vl-posixacls/source/modules/vfs_full_audit.c branches/tmp/vl-posixacls/source/nsswitch/pam_winbind.c branches/tmp/vl-posixacls/source/nsswitch/wbinfo.c branches/tmp/vl-posixacls/source/nsswitch/winbind_nss_solaris.c branches/tmp/vl-posixacls/source/nsswitch/winbindd.c branches/tmp/vl-posixacls/source/nsswitch/winbindd.h branches/tmp/vl-posixacls/source/nsswitch/winbindd_async.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_cache.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_dual.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_group.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_nss.h branches/tmp/vl-posixacls/source/nsswitch/winbindd_pam.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_passdb.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_user.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_util.c branches/tmp/vl-posixacls/source/passdb/passdb.c branches/tmp/vl-posixacls/source/passdb/pdb_interface.c branches/tmp/vl-posixacls/source/passdb/pdb_ldap.c branches/tmp/vl-posixacls/source/printing/nt_printing.c branches/tmp/vl-posixacls/source/rpc_client/cli_pipe.c branches/tmp/vl-posixacls/source/rpc_parse/parse_misc.c branches/tmp/vl-posixacls/source/rpc_server/srv_lsa_nt.c branches/tmp/vl-posixacls/source/rpc_server/srv_netlog_nt.c branches/tmp/vl-posixacls/source/rpc_server/srv_samr_nt.c branches/tmp/vl-posixacls/source/rpc_server/srv_spoolss_nt.c branches/tmp/vl-posixacls/source/rpc_server/srv_svcctl_nt.c branches/tmp/vl-posixacls/source/rpcclient/cmd_netlogon.c branches/tmp/vl-posixacls/source/rpcclient/rpcclient.c branches/tmp/vl-posixacls/source/smbd/files.c branches/tmp/vl-posixacls/source/smbd/msdfs.c branches/tmp/vl-posixacls/source/smbd/posix_acls.c branches/tmp/vl-posixacls/source/smbd/reply.c branches/tmp/vl-posixacls/source/smbd/trans2.c branches/tmp/vl-posixacls/source/utils/net_groupmap.c branches/tmp/vl-posixacls/source/utils/net_rpc_printer.c Changeset: Sorry, the patch is too large (3132 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14510
svn commit: samba r14511 - in branches/SAMBA_4_0/source: . build/smb_build lib/charset lib/cmdline lib/util libcli libcli/ldap libcli/raw libcli/smb2 librpc smb_server torture
Author: jelmer
Date: 2006-03-17 13:55:10 + (Fri, 17 Mar 2006)
New Revision: 14511
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14511
Log:
Install more headers
Modified:
branches/SAMBA_4_0/source/build/smb_build/config_mk.pm
branches/SAMBA_4_0/source/build/smb_build/input.pm
branches/SAMBA_4_0/source/headermap.txt
branches/SAMBA_4_0/source/lib/charset/charset.h
branches/SAMBA_4_0/source/lib/cmdline/config.mk
branches/SAMBA_4_0/source/lib/cmdline/popt_common.h
branches/SAMBA_4_0/source/lib/util/util.h
branches/SAMBA_4_0/source/libcli/config.mk
branches/SAMBA_4_0/source/libcli/ldap/config.mk
branches/SAMBA_4_0/source/libcli/libcli.h
branches/SAMBA_4_0/source/libcli/raw/interfaces.h
branches/SAMBA_4_0/source/libcli/raw/libcliraw.h
branches/SAMBA_4_0/source/libcli/smb2/smb2.h
branches/SAMBA_4_0/source/libcli/smb2/smb2_calls.h
branches/SAMBA_4_0/source/librpc/config.mk
branches/SAMBA_4_0/source/smb_server/smb_server.h
branches/SAMBA_4_0/source/torture/config.mk
Changeset:
Modified: branches/SAMBA_4_0/source/build/smb_build/config_mk.pm
===
--- branches/SAMBA_4_0/source/build/smb_build/config_mk.pm 2006-03-17
13:17:25 UTC (rev 14510)
+++ branches/SAMBA_4_0/source/build/smb_build/config_mk.pm 2006-03-17
13:55:10 UTC (rev 14511)
@@ -63,7 +63,8 @@
MANPAGE = string,
INSTALLDIR= string,
PRIVATE_PROTO_HEADER = string,
- PUBLIC_HEADERS= string,
+ PUBLIC_PROTO_HEADER = string,
+ PUBLIC_HEADERS= list,
EXTRA_CFLAGS = string
},
Modified: branches/SAMBA_4_0/source/build/smb_build/input.pm
===
--- branches/SAMBA_4_0/source/build/smb_build/input.pm 2006-03-17 13:17:25 UTC
(rev 14510)
+++ branches/SAMBA_4_0/source/build/smb_build/input.pm 2006-03-17 13:55:10 UTC
(rev 14511)
@@ -147,18 +147,6 @@
my ($INPUT, $enabled, $subsys_ot, $lib_ot, $module_ot) = @_;
foreach my $part (values %$INPUT) {
- unless(defined($part-{NOPROTO})) {
- if ($part-{TYPE} eq MODULE or $part-{TYPE} eq
BINARY) {
- $part-{NOPROTO} = YES;
- } else {
- $part-{NOPROTO} = NO;
- }
- }
-
- if (defined($part-{PRIVATE_PROTO_HEADER})) {
- $part-{NOPROTO} = YES;
- }
-
unless (defined($part-{STANDARD_VISIBILITY})) {
if ($part-{TYPE} eq MODULE or $part-{TYPE} eq
BINARY) {
$part-{STANDARD_VISIBILITY} = hidden;
@@ -170,9 +158,12 @@
unless (defined($part-{EXTRA_CFLAGS})) {
$part-{EXTRA_CFLAGS} = ;
}
+
+ unless (defined($part-{PUBLIC_HEADERS})) {
+ $part-{PUBLIC_HEADERS} = [];
+ }
if (defined($part-{PUBLIC_PROTO_HEADER})) {
- $part-{NOPROTO} = YES;
push (@{$part-{PUBLIC_HEADERS}},
$part-{PUBLIC_PROTO_HEADER});
}
Modified: branches/SAMBA_4_0/source/headermap.txt
===
--- branches/SAMBA_4_0/source/headermap.txt 2006-03-17 13:17:25 UTC (rev
14510)
+++ branches/SAMBA_4_0/source/headermap.txt 2006-03-17 13:55:10 UTC (rev
14511)
@@ -60,3 +60,12 @@
libcli/auth/credentials.h: domain_credentials.h
lib/charset/charset.h: charset.h
lib/charset/charset_proto.h: charset/proto.h
+libcli/ldap/ldap.h: ldap.h
+libcli/ldap/ldap_proto.h: ldap_proto.h
+torture/torture.h: torture.h
+torture/proto.h: torture/proto.h
+libcli/libcli.h: client.h
+libcli/libcli_proto.h: client/proto.h
+librpc/gen_ndr/nbt.h: gen_ndr/nbt.h
+librpc/gen_ndr/svcctl.h: gen_ndr/nbt.h
+lib/cmdline/popt_common.h: samba/popt.h
Modified: branches/SAMBA_4_0/source/lib/charset/charset.h
===
--- branches/SAMBA_4_0/source/lib/charset/charset.h 2006-03-17 13:17:25 UTC
(rev 14510)
+++ branches/SAMBA_4_0/source/lib/charset/charset.h 2006-03-17 13:55:10 UTC
(rev 14511)
@@ -22,6 +22,8 @@
#ifndef __CHARSET_H__
#define __CHARSET_H__
+#include lib/talloc/talloc.h
+
/* this defines the charset types used in samba */
typedef enum {CH_UTF16=0, CH_UNIX=1, CH_DISPLAY=2, CH_DOS=3, CH_UTF8=4,
CH_UTF16BE=5} charset_t;
Modified: branches/SAMBA_4_0/source/lib/cmdline/config.mk
===
--- branches/SAMBA_4_0/source/lib/cmdline/config.mk 2006-03-17 13:17:25 UTC
(rev 14510)
+++ branches/SAMBA_4_0/source/lib/cmdline/config.mk
svn commit: samba r14512 - branches/SAMBA_3_0/source/libads trunk/source/libads
Author: jerry
Date: 2006-03-17 13:57:00 + (Fri, 17 Mar 2006)
New Revision: 14512
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14512
Log:
Guenther, This code breaks winbind with MIT krb1.3.
I'm disabling it for now until we have en effective
means of dealing with the ticket request flags for users
and computers.
Modified:
branches/SAMBA_3_0/source/libads/kerberos.c
trunk/source/libads/kerberos.c
Changeset:
Modified: branches/SAMBA_3_0/source/libads/kerberos.c
===
--- branches/SAMBA_3_0/source/libads/kerberos.c 2006-03-17 13:55:10 UTC (rev
14511)
+++ branches/SAMBA_3_0/source/libads/kerberos.c 2006-03-17 13:57:00 UTC (rev
14512)
@@ -72,7 +72,9 @@
krb5_ccache cc = NULL;
krb5_principal me;
krb5_creds my_creds;
+#if 0
krb5_get_init_creds_opt opt;
+#endif
initialize_krb5_error_table();
if ((code = krb5_init_context(ctx)))
@@ -95,9 +97,12 @@
return code;
}
+#if 0 /* This code causes problems with MIT krb5 1.3 when asking for a
+ TGT for the machine account */
krb5_get_init_creds_opt_init(opt);
krb5_get_init_creds_opt_set_renew_life(opt, renewable_time);
krb5_get_init_creds_opt_set_forwardable(opt, 1);
+#endif
if (request_pac) {
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST
@@ -105,9 +110,14 @@
#endif
}
+#if 0
if ((code = krb5_get_init_creds_password(ctx, my_creds, me,
CONST_DISCARD(char *,password),
-kerb_prompter,
-NULL, 0, NULL, opt))) {
+kerb_prompter, NULL, 0, NULL,
opt)))
+#else
+ if ((code = krb5_get_init_creds_password(ctx, my_creds, me,
CONST_DISCARD(char *,password),
+kerb_prompter, NULL, 0, NULL,
NULL)))
+#endif
+ {
krb5_free_principal(ctx, me);
krb5_free_context(ctx);
return code;
Modified: trunk/source/libads/kerberos.c
===
--- trunk/source/libads/kerberos.c 2006-03-17 13:55:10 UTC (rev 14511)
+++ trunk/source/libads/kerberos.c 2006-03-17 13:57:00 UTC (rev 14512)
@@ -72,7 +72,9 @@
krb5_ccache cc = NULL;
krb5_principal me;
krb5_creds my_creds;
+#if 0
krb5_get_init_creds_opt opt;
+#endif
initialize_krb5_error_table();
if ((code = krb5_init_context(ctx)))
@@ -95,9 +97,12 @@
return code;
}
+#if 0 /* This code causes problems with MIT krb5 1.3 when asking for a
+ TGT for the machine account */
krb5_get_init_creds_opt_init(opt);
krb5_get_init_creds_opt_set_renew_life(opt, renewable_time);
krb5_get_init_creds_opt_set_forwardable(opt, 1);
+#endif
if (request_pac) {
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST
@@ -105,9 +110,14 @@
#endif
}
+#if 0
if ((code = krb5_get_init_creds_password(ctx, my_creds, me,
CONST_DISCARD(char *,password),
-kerb_prompter,
-NULL, 0, NULL, opt))) {
+kerb_prompter, NULL, 0, NULL,
opt)))
+#else
+ if ((code = krb5_get_init_creds_password(ctx, my_creds, me,
CONST_DISCARD(char *,password),
+kerb_prompter, NULL, 0, NULL,
NULL)))
+#endif
+ {
krb5_free_principal(ctx, me);
krb5_free_context(ctx);
return code;
svn commit: samba r14513 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd
Date: 2006-03-17 14:18:05 + (Fri, 17 Mar 2006)
New Revision: 14513
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14513
Log:
Fix winbindd_chauthtok: only fallback when the chgpasswd3 call is not
supported.
Is there a better way to check for the 0x1c010002 status code?
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
trunk/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-03-17 13:57:00 UTC
(rev 14512)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-03-17 14:18:05 UTC
(rev 14513)
@@ -1655,9 +1655,12 @@
reject.reject_reason;
got_info = True;
-
- } else if (!NT_STATUS_IS_OK(result)) {
+ /* only fallback when the chgpasswd3 call is not supported */
+ } else if ((result.v == 0x1c010002) ||
+ (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) ||
+ (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED))) {
+
DEBUG(10,(Password change with chgpasswd3 failed with: %s,
retrying chgpasswd_user\n,
nt_errstr(result)));
Modified: trunk/source/nsswitch/winbindd_pam.c
===
--- trunk/source/nsswitch/winbindd_pam.c2006-03-17 13:57:00 UTC (rev
14512)
+++ trunk/source/nsswitch/winbindd_pam.c2006-03-17 14:18:05 UTC (rev
14513)
@@ -1655,9 +1655,12 @@
reject.reject_reason;
got_info = True;
-
- } else if (!NT_STATUS_IS_OK(result)) {
+ /* only fallback when the chgpasswd3 call is not supported */
+ } else if ((result.v == 0x1c010002) ||
+ (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) ||
+ (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED))) {
+
DEBUG(10,(Password change with chgpasswd3 failed with: %s,
retrying chgpasswd_user\n,
nt_errstr(result)));
svn commit: samba r14514 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd
Date: 2006-03-17 14:31:05 + (Fri, 17 Mar 2006)
New Revision: 14514
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14514
Log:
Fixing last commit. Thanks Volker.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
trunk/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-03-17 14:18:05 UTC
(rev 14513)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-03-17 14:31:05 UTC
(rev 14514)
@@ -1657,7 +1657,7 @@
got_info = True;
/* only fallback when the chgpasswd3 call is not supported */
- } else if ((result.v == 0x1c010002) ||
+ } else if ((NT_STATUS_EQUAL(result, NT_STATUS(0x1c010002))) ||
(NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) ||
(NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED))) {
Modified: trunk/source/nsswitch/winbindd_pam.c
===
--- trunk/source/nsswitch/winbindd_pam.c2006-03-17 14:18:05 UTC (rev
14513)
+++ trunk/source/nsswitch/winbindd_pam.c2006-03-17 14:31:05 UTC (rev
14514)
@@ -1657,7 +1657,7 @@
got_info = True;
/* only fallback when the chgpasswd3 call is not supported */
- } else if ((result.v == 0x1c010002) ||
+ } else if ((NT_STATUS_EQUAL(result, NT_STATUS(0x1c010002))) ||
(NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) ||
(NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED))) {
svn commit: samba r14515 - in branches/SAMBA_3_0/source: .
Author: jerry Date: 2006-03-17 14:44:15 + (Fri, 17 Mar 2006) New Revision: 14515 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14515 Log: fix soname breakage caused by mad merge from trunk (missed replacing a AC variable) Modified: branches/SAMBA_3_0/source/Makefile.in Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in === --- branches/SAMBA_3_0/source/Makefile.in 2006-03-17 14:31:05 UTC (rev 14514) +++ branches/SAMBA_3_0/source/Makefile.in 2006-03-17 14:44:15 UTC (rev 14515) @@ -1203,13 +1203,13 @@ @WINBIND_NSS@: $(WINBIND_NSS_PICOBJS) @echo Linking $@ @$(SHLD) $(WINBIND_NSS_LDSHFLAGS) -o $@ $(WINBIND_NSS_PICOBJS) \ - @WINBIND_NSS_EXTRA_LIBS@ @[EMAIL PROTECTED] [EMAIL PROTECTED]@SONAMEVERSIONSUFFIX@ + @WINBIND_NSS_EXTRA_LIBS@ @[EMAIL PROTECTED] [EMAIL PROTECTED]@NSSSONAMEVERSIONSUFFIX@ @WINBIND_WINS_NSS@: $(WINBIND_WINS_NSS_PICOBJS) @echo Linking $@ @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_WINS_NSS_PICOBJS) \ $(LDAP_LIBS) $(KRB5LIBS) \ - @[EMAIL PROTECTED] [EMAIL PROTECTED]@SONAMEVERSIONSUFFIX@ + @[EMAIL PROTECTED] [EMAIL PROTECTED]@NSSSONAMEVERSIONSUFFIX@ bin/[EMAIL PROTECTED]@: $(PAM_WINBIND_PICOBJ) bin/.dummy @echo Linking $@
svn commit: samba r14516 - in branches/SAMBA_4_0/source/build/smb_build: .
Author: jelmer
Date: 2006-03-17 15:36:03 + (Fri, 17 Mar 2006)
New Revision: 14516
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14516
Log:
dynconfig fixes
Modified:
branches/SAMBA_4_0/source/build/smb_build/makefile.pm
Changeset:
Modified: branches/SAMBA_4_0/source/build/smb_build/makefile.pm
===
--- branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2006-03-17
14:44:15 UTC (rev 14515)
+++ branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2006-03-17
15:36:03 UTC (rev 14516)
@@ -452,7 +452,8 @@
-l$link_name,
,
$ctx-{VERSION},
- $ctx-{DESCRIPTION}
+ $ctx-{DESCRIPTION},
+ 1
);
}
@@ -511,6 +512,7 @@
# nasty hack to allow running locally
if ($self-{duplicate_build}) {
+ $self-output(bin/libdynconfig.\$(SHLIBEXT):
dynconfig-devel.o\n);
$self-output(bin/libdynconfig.\$(SHLIBEXT):
LIBRARY_DYNCONFIG_OBJ_LIST=dynconfig-devel.o\n);
}
svn commit: samba r14517 - in branches/SAMBA_4_0/source/build/smb_build: .
Author: jelmer
Date: 2006-03-17 15:36:43 + (Fri, 17 Mar 2006)
New Revision: 14517
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14517
Log:
Put Modulesdir: line in .pc files, so 3rd parties know where to install
their modules.
Modified:
branches/SAMBA_4_0/source/build/smb_build/env.pm
Changeset:
Modified: branches/SAMBA_4_0/source/build/smb_build/env.pm
===
--- branches/SAMBA_4_0/source/build/smb_build/env.pm2006-03-17 15:36:03 UTC
(rev 14516)
+++ branches/SAMBA_4_0/source/build/smb_build/env.pm2006-03-17 15:36:43 UTC
(rev 14517)
@@ -54,9 +54,9 @@
}
}
-sub PkgConfig($$$)
+sub PkgConfig()
{
- my ($self,$path,$name,$libs,$cflags,$version,$desc) = @_;
+ my ($self,$path,$name,$libs,$cflags,$version,$desc,$hasmodules) = @_;
print __FILE__.: creating $path\n;
@@ -67,9 +67,14 @@
exec_prefix=$self-{config}-{exec_prefix}
libdir=$self-{config}-{libdir}
includedir=$self-{config}-{includedir}
-
__EOF__
+ if ($hasmodules) {
+ print OUT modulesdir=$self-{config}-{modulesdir}\n ;
+ }
+
+ print OUT \n;
+
print OUT Name: $name\n;
if (defined($desc)) {
print OUT Description: $desc\n;
@@ -77,6 +82,9 @@
print OUT Version: $version\n;
print OUT Libs: -L\${libdir} $libs\n;
print OUT Cflags: -I\${includedir} $cflags\n;
+ if ($hasmodules) {
+ print OUT Modulesdir: \${modulesdir}\n;
+ }
close(OUT);
}
svn commit: samba r14518 - in branches/SAMBA_4_0/source: build/smb_build torture/rpc
Author: jelmer
Date: 2006-03-17 15:38:22 + (Fri, 17 Mar 2006)
New Revision: 14518
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14518
Log:
Support STANDARD_VISIBILITY property on binaries
Modified:
branches/SAMBA_4_0/source/build/smb_build/TODO
branches/SAMBA_4_0/source/build/smb_build/config_mk.pm
branches/SAMBA_4_0/source/torture/rpc/rpc.c
Changeset:
Modified: branches/SAMBA_4_0/source/build/smb_build/TODO
===
--- branches/SAMBA_4_0/source/build/smb_build/TODO 2006-03-17 15:36:43 UTC
(rev 14517)
+++ branches/SAMBA_4_0/source/build/smb_build/TODO 2006-03-17 15:38:22 UTC
(rev 14518)
@@ -5,7 +5,6 @@
- include line in Makefile
- rule in Makefile
- generate headermap.txt
-- fix handling of dynconfig.o (causes too much recompiles for asn1_compile)
set of test scripts that check the code:
- configure_check_unused.pl
Modified: branches/SAMBA_4_0/source/build/smb_build/config_mk.pm
===
--- branches/SAMBA_4_0/source/build/smb_build/config_mk.pm 2006-03-17
15:36:43 UTC (rev 14517)
+++ branches/SAMBA_4_0/source/build/smb_build/config_mk.pm 2006-03-17
15:38:22 UTC (rev 14518)
@@ -66,7 +66,8 @@
PUBLIC_PROTO_HEADER = string,
PUBLIC_HEADERS= list,
- EXTRA_CFLAGS = string
+ EXTRA_CFLAGS = string,
+ STANDARD_VISIBILITY = string
},
LIBRARY = {
VERSION = string,
Modified: branches/SAMBA_4_0/source/torture/rpc/rpc.c
===
--- branches/SAMBA_4_0/source/torture/rpc/rpc.c 2006-03-17 15:36:43 UTC (rev
14517)
+++ branches/SAMBA_4_0/source/torture/rpc/rpc.c 2006-03-17 15:38:22 UTC (rev
14518)
@@ -27,7 +27,7 @@
#include librpc/rpc/dcerpc_table.h
/* open a rpc connection to the chosen binding string */
-NTSTATUS torture_rpc_connection(TALLOC_CTX *parent_ctx,
+_PUBLIC_ NTSTATUS torture_rpc_connection(TALLOC_CTX *parent_ctx,
struct dcerpc_pipe **p,
const struct dcerpc_interface_table *table)
{
svn commit: samba r14519 - in branches/SAMBA_4_0/source/torture: . basic
Author: jelmer Date: 2006-03-17 16:11:02 + (Fri, 17 Mar 2006) New Revision: 14519 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14519 Log: Put base registration in a seperate file, as well as some of the base tests that were currently in torture.c Added: branches/SAMBA_4_0/source/torture/basic/base.c Modified: branches/SAMBA_4_0/source/torture/config.mk branches/SAMBA_4_0/source/torture/torture.c branches/SAMBA_4_0/source/torture/torture.h branches/SAMBA_4_0/source/torture/torture_util.c Changeset: Sorry, the patch is too large (3444 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14519
svn commit: samba r14520 - in branches/SAMBA_4_0/source/torture: .
Author: jelmer Date: 2006-03-17 16:27:22 + (Fri, 17 Mar 2006) New Revision: 14520 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14520 Log: Split up smbtorture binary into a core (torture.c) and UI frontend (smbtorture.c) Added: branches/SAMBA_4_0/source/torture/smbtorture.c Modified: branches/SAMBA_4_0/source/torture/config.mk branches/SAMBA_4_0/source/torture/torture.c branches/SAMBA_4_0/source/torture/torture.h Changeset: Sorry, the patch is too large (868 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14520
svn commit: samba r14521 - in trunk/source/lib: .
Author: metze Date: 2006-03-17 16:29:37 + (Fri, 17 Mar 2006) New Revision: 14521 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14521 Log: sync socket_wrapper code with samba4 metze Modified: trunk/source/lib/socket_wrapper.c Changeset: Sorry, the patch is too large (612 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14521
svn commit: samba r14522 - in branches/SAMBA_3_0/source/lib: .
Author: metze Date: 2006-03-17 16:30:00 + (Fri, 17 Mar 2006) New Revision: 14522 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14522 Log: sync socket_wrapper code with samba4 metze Modified: branches/SAMBA_3_0/source/lib/socket_wrapper.c Changeset: Sorry, the patch is too large (612 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14522
svn commit: samba r14523 - in branches/SAMBA_4_0/source/smb_server/smb: .
Author: metze
Date: 2006-03-17 16:42:39 + (Fri, 17 Mar 2006)
New Revision: 14523
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14523
Log:
make async search request possible
metze
Modified:
branches/SAMBA_4_0/source/smb_server/smb/search.c
Changeset:
Modified: branches/SAMBA_4_0/source/smb_server/smb/search.c
===
--- branches/SAMBA_4_0/source/smb_server/smb/search.c 2006-03-17 16:30:00 UTC
(rev 14522)
+++ branches/SAMBA_4_0/source/smb_server/smb/search.c 2006-03-17 16:42:39 UTC
(rev 14523)
@@ -45,13 +45,13 @@
}} while (0)
/* useful wrapper for talloc with NO_MEMORY reply */
-#define REQ_TALLOC(ptr) do { \
- ptr = talloc_size(req, sizeof(*(ptr))); \
+#define REQ_TALLOC(ptr, type) do { \
+ ptr = talloc(req, type); \
if (!ptr) { \
smbsrv_send_error(req, NT_STATUS_NO_MEMORY); \
return; \
}} while (0)
-
+
#define CHECK_MIN_BLOB_SIZE(blob, size) do { \
if ((blob)-length (size)) { \
return NT_STATUS_INFO_LENGTH_MISMATCH; \
@@ -104,16 +104,46 @@
}
/
+ Reply to a search first (async reply)
+/
+static void reply_search_first_send(struct smbsrv_request *req)
+{
+ union smb_search_first *sf;
+
+ CHECK_ASYNC_STATUS;
+
+ sf = talloc_get_type(req-async_states-private_data, union
smb_search_first);
+
+ SSVAL(req-out.vwv, VWV(0), sf-search_first.out.count);
+
+ smbsrv_send_reply(req);
+}
+
+/
+ Reply to a search next (async reply)
+/
+static void reply_search_next_send(struct smbsrv_request *req)
+{
+ union smb_search_next *sn;
+
+ CHECK_ASYNC_STATUS;
+
+ sn = talloc_get_type(req-async_states-private_data, union
smb_search_next);
+
+ SSVAL(req-out.vwv, VWV(0), sn-search_next.out.count);
+
+ smbsrv_send_reply(req);
+}
+
+/
Reply to a search.
/
void smbsrv_reply_search(struct smbsrv_request *req)
{
union smb_search_first *sf;
- union smb_search_next *sn;
uint16_t resume_key_length;
- struct search_state state;
+ struct search_state *state;
uint8_t *p;
- NTSTATUS status;
enum smb_search_level level = RAW_SEARCH_SEARCH;
uint8_t op = CVAL(req-in.hdr,HDR_COM);
@@ -123,13 +153,13 @@
level = RAW_SEARCH_FUNIQUE;
}
- REQ_TALLOC(sf);
-
/* parse request */
if (req-in.wct != 2) {
smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
return;
}
+
+ REQ_TALLOC(sf, union smb_search_first);
p = req-in.data;
p += req_pull_ascii4(req, sf-search_first.in.pattern,
@@ -151,15 +181,19 @@
p += 3;
/* setup state for callback */
- state.req = req;
- state.file = NULL;
- state.last_entry_offset = 0;
-
+ REQ_TALLOC(state, struct search_state);
+ state-req = req;
+ state-file = NULL;
+ state-last_entry_offset = 0;
+
/* construct reply */
smbsrv_setup_reply(req, 1, 0);
+ SSVAL(req-out.vwv, VWV(0), 0);
req_append_var_block(req, NULL, 0);
if (resume_key_length != 0) {
+ union smb_search_next *sn;
+
if (resume_key_length != 21 ||
req_data_oob(req, p, 21) ||
level == RAW_SEARCH_FUNIQUE) {
@@ -168,7 +202,7 @@
}
/* do a search next operation */
- REQ_TALLOC(sn);
+ REQ_TALLOC(sn, union smb_search_next);
sn-search_next.in.id.reserved = CVAL(p, 0);
memcpy(sn-search_next.in.id.name,p+1, 11);
@@ -179,27 +213,27 @@
sn-search_next.level = level;
sn-search_next.in.max_count = SVAL(req-in.vwv, VWV(0));
sn-search_next.in.search_attrib = SVAL(req-in.vwv, VWV(1));
-
+
+ req-async_states-state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
+ req-async_states-send_fn = reply_search_next_send;
+ req-async_states-private_data = sn;
+
/* call backend */
- status = ntvfs_search_next(req, sn, state, find_callback);
- SSVAL(req-out.vwv, VWV(0), sn-search_next.out.count);
+ req-async_states-status = ntvfs_search_next(req, sn, state,
find_callback);
} else {
/* do a search first
svn commit: samba r14524 - in branches/SAMBA_4_0/source/torture: . libnet
Author: jelmer
Date: 2006-03-17 16:45:24 + (Fri, 17 Mar 2006)
New Revision: 14524
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14524
Log:
Make TORTURE_NET a separate module
Add new header for torture utility functions, so torture.h doesn't
need to depend on the SMB libraries
Added:
branches/SAMBA_4_0/source/torture/libnet/libnet.c
Modified:
branches/SAMBA_4_0/source/torture/
branches/SAMBA_4_0/source/torture/config.mk
branches/SAMBA_4_0/source/torture/torture.c
branches/SAMBA_4_0/source/torture/torture.h
branches/SAMBA_4_0/source/torture/torture_util.c
Changeset:
Property changes on: branches/SAMBA_4_0/source/torture
___
Name: svn:ignore
- proto.h
torturebad.c
*.d
+ util.h
proto.h
torturebad.c
*.d
Modified: branches/SAMBA_4_0/source/torture/config.mk
===
--- branches/SAMBA_4_0/source/torture/config.mk 2006-03-17 16:42:39 UTC (rev
14523)
+++ branches/SAMBA_4_0/source/torture/config.mk 2006-03-17 16:45:24 UTC (rev
14524)
@@ -3,9 +3,9 @@
PUBLIC_HEADERS = torture.h
PUBLIC_PROTO_HEADER = proto.h
OBJ_FILES = \
- torture.o \
- torture_util.o
+ torture.o
REQUIRED_SUBSYSTEMS = \
+ TORTURE_UTIL \
TORTURE_RAW \
TORTURE_SMB2 \
TORTURE_RAP \
@@ -14,10 +14,13 @@
TORTURE_NBENCH \
TORTURE_LDAP \
TORTURE_NBT \
- TORTURE_NET \
CONFIG \
LIBBASIC
+[SUBSYSTEM::TORTURE_UTIL]
+OBJ_FILES = torture_util.o
+PUBLIC_PROTO_HEADER = util.h
+
#
# Start SUBSYSTEM TORTURE_BASIC
[MODULE::TORTURE_BASIC]
@@ -146,7 +149,7 @@
RPC_NDR_MGMT RPC_NDR_NETLOGON RPC_NDR_ATSVC RPC_NDR_DRSUAPI \
RPC_NDR_LSA RPC_NDR_EPMAPPER RPC_NDR_DFS RPC_NDR_SPOOLSS \
RPC_NDR_SRVSVC RPC_NDR_WKSSVC RPC_NDR_ROT RPC_NDR_DSSETUP \
- RPC_NDR_REMACT RPC_NDR_OXIDRESOLVER WB_HELPER
+ RPC_NDR_REMACT RPC_NDR_OXIDRESOLVER WB_HELPER LIBNET
#
# Start SUBSYSTEM TORTURE_RAP
@@ -221,10 +224,13 @@
#
# Start SUBSYSTEM TORTURE_NET
-[SUBSYSTEM::TORTURE_NET]
+[MODULE::TORTURE_NET]
+SUBSYSTEM = torture
+INIT_FUNCTION = torture_net_init
PRIVATE_PROTO_HEADER = \
libnet/proto.h
OBJ_FILES = \
+ libnet/libnet.o \
libnet/userinfo.o \
libnet/userman.o \
libnet/domain.o \
Added: branches/SAMBA_4_0/source/torture/libnet/libnet.c
===
--- branches/SAMBA_4_0/source/torture/libnet/libnet.c 2006-03-17 16:42:39 UTC
(rev 14523)
+++ branches/SAMBA_4_0/source/torture/libnet/libnet.c 2006-03-17 16:45:24 UTC
(rev 14524)
@@ -0,0 +1,41 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB torture tester
+ Copyright (C) Jelmer Vernooij 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include includes.h
+#include torture/torture.h
+#include torture/libnet/proto.h
+
+NTSTATUS torture_net_init(void)
+{
+ register_torture_op(NET-USERINFO, torture_userinfo, 0);
+ register_torture_op(NET-USERADD, torture_useradd, 0);
+ register_torture_op(NET-USERDEL, torture_userdel, 0);
+ register_torture_op(NET-USERMOD, torture_usermod, 0);
+ register_torture_op(NET-DOMOPEN, torture_domainopen, 0);
+ register_torture_op(NET-API-LOOKUP, torture_lookup, 0);
+ register_torture_op(NET-API-LOOKUPHOST, torture_lookup_host, 0);
+ register_torture_op(NET-API-LOOKUPPDC, torture_lookup_pdc, 0);
+ register_torture_op(NET-API-CREATEUSER, torture_createuser, 0);
+ register_torture_op(NET-API-RPCCONNECT, torture_rpc_connect, 0);
+ register_torture_op(NET-API-LISTSHARES, torture_listshares, 0);
+ register_torture_op(NET-API-DELSHARE, torture_delshare, 0);
+
+ return NT_STATUS_OK;
+}
Property changes on: branches/SAMBA_4_0/source/torture/libnet/libnet.c
___
Name: svn:eol-style
+ native
Modified:
svn commit: samba r14525 - in branches/SAMBA_4_0/source/torture: .
Author: jelmer
Date: 2006-03-17 17:20:24 + (Fri, 17 Mar 2006)
New Revision: 14525
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14525
Log:
Sort list of torture tests alphabetically
Modified:
branches/SAMBA_4_0/source/torture/torture.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/torture.c
===
--- branches/SAMBA_4_0/source/torture/torture.c 2006-03-17 16:45:24 UTC (rev
14524)
+++ branches/SAMBA_4_0/source/torture/torture.c 2006-03-17 17:20:24 UTC (rev
14525)
@@ -747,36 +747,33 @@
}
}
-
struct torture_op *torture_ops = NULL;
-static struct torture_op *find_torture_op(const char *name)
-{
- struct torture_op *o;
- for (o = torture_ops; o; o = o-next) {
- if (strcmp(name, o-name) == 0)
- return o;
- }
-
- return NULL;
-}
-
_PUBLIC_ NTSTATUS register_torture_op(const char *name, BOOL (*fn)(void), BOOL
(*multi_fn)(struct smbcli_state *, int ))
{
- struct torture_op *op;
+ struct torture_op *op, *p;
- /* Check for duplicates */
- if (find_torture_op(name) != NULL) {
- DEBUG(0,(There already is a torture op registered with the
name %s!\n, name));
- return NT_STATUS_OBJECT_NAME_COLLISION;
- }
-
op = talloc(talloc_autofree_context(), struct torture_op);
op-name = talloc_strdup(op, name);
op-fn = fn;
op-multi_fn = multi_fn;
+ for (p = torture_ops; p; p = p-next) {
+ if (strcmp(p-name, op-name) == 0) {
+ /* Check for duplicates */
+ DEBUG(0,(There already is a torture op registered with
the name %s!\n, name));
+ talloc_free(op);
+ return NT_STATUS_OBJECT_NAME_COLLISION;
+ }
+
+ if (strcmp(p-name, op-name) 0
+ (!p-next || strcmp(p-next-name, op-name) 0)) {
+ DLIST_ADD_AFTER(torture_ops, op, p);
+ return NT_STATUS_OK;
+ }
+ }
+
DLIST_ADD(torture_ops, op);
return NT_STATUS_OK;
svn commit: samba r14526 - in branches/SAMBA_4_0/source/smb_server/smb: .
Author: metze Date: 2006-03-17 17:20:54 + (Fri, 17 Mar 2006) New Revision: 14526 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14526 Log: fix the size of the output buffer, we need 1 byte for the Word count now smbsrv_setup_reply() and req_setup_chain_reply() do the same thing tridge: can you please check if this is correct, I wonder why we don't got valgrind errors... as the over allocation is disabled currently metze Modified: branches/SAMBA_4_0/source/smb_server/smb/request.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/smb/request.c === --- branches/SAMBA_4_0/source/smb_server/smb/request.c 2006-03-17 17:20:24 UTC (rev 14525) +++ branches/SAMBA_4_0/source/smb_server/smb/request.c 2006-03-17 17:20:54 UTC (rev 14526) @@ -105,7 +105,7 @@ return; } - req-out.size = NBT_HDR_SIZE + MIN_SMB_SIZE + wct*2 + buflen; + req-out.size = NBT_HDR_SIZE + MIN_SMB_SIZE + 1 + VWV(wct) + 2 + buflen; /* over allocate by a small amount */ req-out.allocated = req-out.size + REQ_OVER_ALLOCATION;
svn commit: samba r14527 - in branches/SAMBA_4_0/source/torture: . basic local nbench rap raw
Author: jelmer Date: 2006-03-17 17:59:58 + (Fri, 17 Mar 2006) New Revision: 14527 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14527 Log: Fix build problems. Modified: branches/SAMBA_4_0/source/torture/basic/aliases.c branches/SAMBA_4_0/source/torture/basic/attr.c branches/SAMBA_4_0/source/torture/basic/base.c branches/SAMBA_4_0/source/torture/basic/charset.c branches/SAMBA_4_0/source/torture/basic/delaywrite.c branches/SAMBA_4_0/source/torture/basic/delete.c branches/SAMBA_4_0/source/torture/basic/denytest.c branches/SAMBA_4_0/source/torture/basic/dir.c branches/SAMBA_4_0/source/torture/basic/disconnect.c branches/SAMBA_4_0/source/torture/basic/locking.c branches/SAMBA_4_0/source/torture/basic/mangle_test.c branches/SAMBA_4_0/source/torture/basic/properties.c branches/SAMBA_4_0/source/torture/basic/rename.c branches/SAMBA_4_0/source/torture/basic/scanner.c branches/SAMBA_4_0/source/torture/basic/secleak.c branches/SAMBA_4_0/source/torture/basic/unlink.c branches/SAMBA_4_0/source/torture/basic/utable.c branches/SAMBA_4_0/source/torture/config.mk branches/SAMBA_4_0/source/torture/gentest.c branches/SAMBA_4_0/source/torture/local/iconv.c branches/SAMBA_4_0/source/torture/nbench/nbench.c branches/SAMBA_4_0/source/torture/nbench/nbio.c branches/SAMBA_4_0/source/torture/rap/rap.c branches/SAMBA_4_0/source/torture/raw/acls.c branches/SAMBA_4_0/source/torture/raw/chkpath.c branches/SAMBA_4_0/source/torture/raw/close.c branches/SAMBA_4_0/source/torture/raw/composite.c branches/SAMBA_4_0/source/torture/raw/context.c branches/SAMBA_4_0/source/torture/raw/eas.c branches/SAMBA_4_0/source/torture/raw/ioctl.c branches/SAMBA_4_0/source/torture/raw/lock.c branches/SAMBA_4_0/source/torture/raw/mkdir.c branches/SAMBA_4_0/source/torture/raw/mux.c branches/SAMBA_4_0/source/torture/raw/notify.c branches/SAMBA_4_0/source/torture/raw/open.c branches/SAMBA_4_0/source/torture/raw/oplock.c branches/SAMBA_4_0/source/torture/raw/qfileinfo.c branches/SAMBA_4_0/source/torture/raw/qfsinfo.c branches/SAMBA_4_0/source/torture/raw/read.c branches/SAMBA_4_0/source/torture/raw/rename.c branches/SAMBA_4_0/source/torture/raw/search.c branches/SAMBA_4_0/source/torture/raw/seek.c branches/SAMBA_4_0/source/torture/raw/setfileinfo.c branches/SAMBA_4_0/source/torture/raw/streams.c branches/SAMBA_4_0/source/torture/raw/unlink.c branches/SAMBA_4_0/source/torture/raw/write.c branches/SAMBA_4_0/source/torture/torture.c branches/SAMBA_4_0/source/torture/torture.h branches/SAMBA_4_0/source/torture/torture_util.c Changeset: Sorry, the patch is too large (865 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14527
svn commit: samba r14528 - in branches/SAMBA_4_0/source: . build/smb_build
Author: jelmer Date: 2006-03-17 18:37:51 + (Fri, 17 Mar 2006) New Revision: 14528 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14528 Log: Fix installation of manpages Modified: branches/SAMBA_4_0/source/build/smb_build/TODO branches/SAMBA_4_0/source/main.mk Changeset: Modified: branches/SAMBA_4_0/source/build/smb_build/TODO === --- branches/SAMBA_4_0/source/build/smb_build/TODO 2006-03-17 17:59:58 UTC (rev 14527) +++ branches/SAMBA_4_0/source/build/smb_build/TODO 2006-03-17 18:37:51 UTC (rev 14528) @@ -15,3 +15,4 @@ - minimal_includes.pl - check dependencies based on #include lines ? - check whether private headers are not used outside their own subsystem +- undocumented (no manpage) installed binaries Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2006-03-17 17:59:58 UTC (rev 14527) +++ branches/SAMBA_4_0/source/main.mk 2006-03-17 18:37:51 UTC (rev 14528) @@ -97,6 +97,7 @@ $(DESTDIR)$(SBINDIR) \ $(DESTDIR)$(LIBDIR) \ $(DESTDIR)$(MODULESDIR) \ + $(DESTDIR)$(MANDIR) \ $(DESTDIR)$(VARDIR) \ $(DESTDIR)$(PRIVATEDIR) \ $(DESTDIR)$(DATADIR) \ @@ -137,7 +138,7 @@ installswat: installdirs @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir) -installman: installdirs +installman: manpages installdirs @$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(MANDIR) $(MANPAGES) installmisc: installdirs
svn commit: samba r14529 - in branches/SAMBA_4_0/source/build/smb_build: .
Author: jelmer
Date: 2006-03-17 19:41:33 + (Fri, 17 Mar 2006)
New Revision: 14529
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14529
Log:
Include $(builddir) where necesary
Modified:
branches/SAMBA_4_0/source/build/smb_build/TODO
branches/SAMBA_4_0/source/build/smb_build/makefile.pm
branches/SAMBA_4_0/source/build/smb_build/output.pm
Changeset:
Modified: branches/SAMBA_4_0/source/build/smb_build/TODO
===
--- branches/SAMBA_4_0/source/build/smb_build/TODO 2006-03-17 18:37:51 UTC
(rev 14528)
+++ branches/SAMBA_4_0/source/build/smb_build/TODO 2006-03-17 19:41:33 UTC
(rev 14529)
@@ -5,6 +5,7 @@
- include line in Makefile
- rule in Makefile
- generate headermap.txt
+- fixed shared library install
set of test scripts that check the code:
- configure_check_unused.pl
Modified: branches/SAMBA_4_0/source/build/smb_build/makefile.pm
===
--- branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2006-03-17
18:37:51 UTC (rev 14528)
+++ branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2006-03-17
19:41:33 UTC (rev 14529)
@@ -191,12 +191,12 @@
{
my ($self,$ctx) = @_;
- $self-output(bin/deps/$ctx-{TYPE}_$ctx-{NAME}:
\$($ctx-{TYPE}_$ctx-{NAME}_OBJ_LIST:.o=.c));
+ $self-output(\$(builddir)/bin/deps/$ctx-{TYPE}_$ctx-{NAME}:
\$($ctx-{TYPE}_$ctx-{NAME}_OBJ_LIST:.o=.c));
$self-output(\n);
$self-output([EMAIL PROTECTED] \Generating dependency info for
$ctx-{NAME}\\n);
$self-output([EMAIL PROTECTED]/script/cdeps.pl \$^ [EMAIL
PROTECTED]);
$self-output(\n);
- $self-output(-include bin/deps/$ctx-{TYPE}_$ctx-{NAME}\n\n);
+ $self-output(-include
\$(builddir)/bin/deps/$ctx-{TYPE}_$ctx-{NAME}\n\n);
}
sub SharedLibrary($$)
@@ -245,14 +245,14 @@
$proto_fn =~ s/\(\*\)/$ctx-{INIT_FUNCTION}/;
$self-output( __EOD__
-bin/$ctx-{NAME}_init_module.c:
+\$(builddir)/bin/$ctx-{NAME}_init_module.c:
[EMAIL PROTECTED] Creating \$\@
[EMAIL PROTECTED] \#include \\\includes.h \$\@
[EMAIL PROTECTED] \$proto_fn;\ \$\@
[EMAIL PROTECTED] -e \_PUBLIC_ $init_fn \\n{\\n\\treturn
$ctx-{INIT_FUNCTION}();\\n}\\n\ \$\@
__EOD__
);
- $init_obj = bin/$ctx-{NAME}_init_module.o;
+ $init_obj = \$(builddir)/bin/$ctx-{NAME}_init_module.o;
}
my $soarg = ;
@@ -371,9 +371,9 @@
my $installdir;
if ($self-{duplicate_build}) {
- $installdir = bin/install;
+ $installdir = \$(builddir)/bin/install;
} else {
- $installdir = bin;
+ $installdir = \$(builddir)/bin;
}
push(@{$self-{all_objs}}, \$($ctx-{TYPE}_$ctx-{NAME}_OBJ_LIST));
@@ -385,7 +385,7 @@
push (@{$self-{bin_progs}}, $installdir/$ctx-{BINARY});
}
- push (@{$self-{binaries}}, bin/$ctx-{BINARY});
+ push (@{$self-{binaries}}, \$(builddir)/bin/$ctx-{BINARY});
$self-_prepare_list($ctx, OBJ_LIST);
$self-_prepare_list($ctx, CFLAGS);
@@ -396,7 +396,7 @@
if ($self-{duplicate_build}) {
$self-output( __EOD__
#
-bin/$ctx-{BINARY}: \$($ctx-{TYPE}_$ctx-{NAME}_DEPEND_LIST)
\$($ctx-{TYPE}_$ctx-{NAME}_OBJ_LIST)
+\$(builddir)/bin/$ctx-{BINARY}: \$($ctx-{TYPE}_$ctx-{NAME}_DEPEND_LIST)
\$($ctx-{TYPE}_$ctx-{NAME}_OBJ_LIST)
[EMAIL PROTECTED] Linking \$\@
[EMAIL PROTECTED](CC) \$(LDFLAGS) -o \$\@ \$(LOCAL_LINK_FLAGS)
\$(INSTALL_LINK_FLAGS) \\
\$\($ctx-{TYPE}_$ctx-{NAME}_LINK_LIST) \\
@@ -512,8 +512,8 @@
# nasty hack to allow running locally
if ($self-{duplicate_build}) {
- $self-output(bin/libdynconfig.\$(SHLIBEXT):
dynconfig-devel.o\n);
- $self-output(bin/libdynconfig.\$(SHLIBEXT):
LIBRARY_DYNCONFIG_OBJ_LIST=dynconfig-devel.o\n);
+ $self-output(\$(builddir)/bin/libdynconfig.\$(SHLIBEXT):
dynconfig-devel.o\n);
+ $self-output(\$(builddir)/bin/libdynconfig.\$(SHLIBEXT):
LIBRARY_DYNCONFIG_OBJ_LIST=dynconfig-devel.o\n);
}
$self-_prepare_mk_files();
Modified: branches/SAMBA_4_0/source/build/smb_build/output.pm
===
--- branches/SAMBA_4_0/source/build/smb_build/output.pm 2006-03-17 18:37:51 UTC
(rev 14528)
+++ branches/SAMBA_4_0/source/build/smb_build/output.pm 2006-03-17 19:41:33 UTC
(rev 14529)
@@ -28,14 +28,14 @@
{
my $subsys = shift;
- $subsys-{OUTPUT} = $subsys-{TARGET} =
bin/subsystems/$subsys-{TYPE}_$subsys-{NAME}.o;
+ $subsys-{OUTPUT} = $subsys-{TARGET} =
\$(builddir)/bin/subsystems/$subsys-{TYPE}_$subsys-{NAME}.o;
}
sub generate_objlist($)
{
my $subsys = shift;
- $subsys-{TARGET} = bin/.$subsys-{TYPE}_$subsys-{NAME};
+
svn commit: samba-web r931 - in trunk/news: articles/low_point team
Author: deryck Date: 2006-03-17 20:06:18 + (Fri, 17 Mar 2006) New Revision: 931 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=931 Log: Add 2 columns to Jeremy's Low Point archives. Run a news story announecing the new material. deryck Added: trunk/news/articles/low_point/column10.html trunk/news/articles/low_point/column11.html trunk/news/team/low_point_update_17Mar06.html Modified: trunk/news/articles/low_point/index.html Changeset: Added: trunk/news/articles/low_point/column10.html === --- trunk/news/articles/low_point/column10.html 2006-03-15 22:22:58 UTC (rev 930) +++ trunk/news/articles/low_point/column10.html 2006-03-17 20:06:18 UTC (rev 931) @@ -0,0 +1,121 @@ +!--#include virtual=/samba/news/header.html -- + titleThe Low Point -- Jeremy Allison Column Archive -- Column 10/title +!--#include virtual=jra_header2.html -- + +h3Jeremy Allison Column Archives/h3 + +h2The Low Point mdash; a View from the Valley mdash; Column 10/h2 + +h3Macho Geek Madness/h3 + +pMy father worked for thirty years in a wire making factory in Sheffield. +He worked on the shop floor doing the most brutal and demanding physical +work. After he'd retired I visited the factory on a tour and was horrified +at how noisy, dirty and downright dangerous it was. Yes, it got a +lot better towards the end was his comment when I told him what it +was like now./p + +pI work sitting at home in my office in Silicon Valley, typing this +on one of the many computers scattered about. There's no physically +demanding tasks in my job other than carrying my daily cups of coffee +around the house. In almost every way they can be our jobs are different, +except one important way in which they are identical. There were no +women working with my father in his workplace, and there are no women +working with me on the Open Source/Free Software I create. +/p + +pWhy is this ? In the Sheffield wire making factory it was considered +a job not suitable for a woman. The amazing thing in the twenty-first +century is that some people seem to have the same feeling about writing +software. It's true that there are few women in software in general, +but if you compare the presence of women in Open Source/Free Software +with the number of women working in proprietary software I think you'll +find that there were fewer working in the Open Source/Free Software +community on coding tasks than in the proprietary world. I've worked +with some amazingly talented women programmers when I was working in +proprietary software (my mis-spent youth), but with none in the Open +Source/Free Software world./p + +pI have a theory as to why this is so, I call it my men are animals +theory. Quite simply, we as a programming community are emincredibly/em unfriendly +to any women that might want to contribute their valuable time and effort +in writing code for an Open Source/Free Software project. Women are +much more represented in the artistic (for a GUI-based system), documentation +and testing parts of a project than in the coding./p + +pMy observation is that alpha male geeks working on the code +of a software project are extremely arrogant (or we can be polite and +call it emassertive/em), unpleasant and confrontational with each other. +Most women find this kind of childishness so unpleasant that they leave +us in our playpen rather than have to deal with it as part of their +daily work. It doesn't help that most Open Source/Free Software code +discussions are done over email. Unfortunately email is a medium that +lends itself to anonymous hostility (after all you don't have to see +the face of the person you're attempting to humiliate) and the male-dominated +programmer community takes ample advantage of this. Just look at the +way some of the primary Linux kernel maintainers address people on the +Linux kernel mailing list to see examples of this behavior. Such people +are emadmired/em in our community. This behavior is not merely tolerated, +it's almost encouraged as a badge of showing you're bsomebody/b, that you +can get away with it./p + +pSo why is this more endemic to the Open Source/Free Software communities +than proprietary software projects ? I have an answer to that too, it's +fairly simple. Human Resources departments (at least here in the USA, +in the UK they used to be called Personnel Departments which to +my mind sounds much better, less like a Soylent-Green style warehouse). +To be brutally honest, if people behaved in proprietary software environments +to others the way they behave in Open Source/Free Software mailing lists +they would be bfired/b, terminated (to use the Americanism) with extreme +prejudice by the HR department of the company. People tell jokes about +political correctness and how sensitive such rules are, +but they bwork/b. I think the USA is ahead of the UK in this
svn commit: samba r14530 - branches/SAMBA_3_0/source/param trunk/source/param
Author: jerry
Date: 2006-03-17 20:35:44 + (Fri, 17 Mar 2006)
New Revision: 14530
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14530
Log:
removing unused 'winbind max idle children' parameter
Modified:
branches/SAMBA_3_0/source/param/loadparm.c
trunk/source/param/loadparm.c
Changeset:
Modified: branches/SAMBA_3_0/source/param/loadparm.c
===
--- branches/SAMBA_3_0/source/param/loadparm.c 2006-03-17 19:41:33 UTC (rev
14529)
+++ branches/SAMBA_3_0/source/param/loadparm.c 2006-03-17 20:35:44 UTC (rev
14530)
@@ -1283,7 +1283,6 @@
{winbind use default domain, P_BOOL, P_GLOBAL,
Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED},
{winbind trusted domains only, P_BOOL, P_GLOBAL,
Globals.bWinbindTrustedDomainsOnly, NULL, NULL, FLAG_ADVANCED},
{winbind nested groups, P_BOOL, P_GLOBAL,
Globals.bWinbindNestedGroups, NULL, NULL, FLAG_ADVANCED},
- {winbind max idle children, P_INTEGER, P_GLOBAL,
Globals.winbind_max_idle_children, NULL, NULL, FLAG_ADVANCED},
{winbind nss info, P_LIST, P_GLOBAL, Globals.szWinbindNssInfo, NULL,
NULL, FLAG_ADVANCED},
{winbind refresh tickets, P_BOOL, P_GLOBAL,
Globals.bWinbindRefreshTickets, NULL, NULL, FLAG_ADVANCED},
{winbind offline logon, P_BOOL, P_GLOBAL,
Globals.bWinbindOfflineLogon, NULL, NULL, FLAG_ADVANCED},
@@ -1636,7 +1635,6 @@
Globals.bWinbindUseDefaultDomain = False;
Globals.bWinbindTrustedDomainsOnly = False;
Globals.bWinbindNestedGroups = True;
- Globals.winbind_max_idle_children = 3;
Globals.szWinbindNssInfo = str_list_make(template, NULL);
Globals.bWinbindRefreshTickets = False;
Globals.bWinbindOfflineLogon = False;
@@ -2088,7 +2086,6 @@
FN_LOCAL_INTEGER(lp_map_readonly, iMap_readonly)
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, Globals.winbind_cache_time)
-FN_GLOBAL_INTEGER(lp_winbind_max_idle_children,
Globals.winbind_max_idle_children)
FN_GLOBAL_LIST(lp_winbind_nss_info, Globals.szWinbindNssInfo)
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, Globals.name_cache_timeout)
Modified: trunk/source/param/loadparm.c
===
--- trunk/source/param/loadparm.c 2006-03-17 19:41:33 UTC (rev 14529)
+++ trunk/source/param/loadparm.c 2006-03-17 20:35:44 UTC (rev 14530)
@@ -1283,7 +1283,6 @@
{winbind use default domain, P_BOOL, P_GLOBAL,
Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED},
{winbind trusted domains only, P_BOOL, P_GLOBAL,
Globals.bWinbindTrustedDomainsOnly, NULL, NULL, FLAG_ADVANCED},
{winbind nested groups, P_BOOL, P_GLOBAL,
Globals.bWinbindNestedGroups, NULL, NULL, FLAG_ADVANCED},
- {winbind max idle children, P_INTEGER, P_GLOBAL,
Globals.winbind_max_idle_children, NULL, NULL, FLAG_ADVANCED},
{winbind nss info, P_LIST, P_GLOBAL, Globals.szWinbindNssInfo, NULL,
NULL, FLAG_ADVANCED},
{winbind refresh tickets, P_BOOL, P_GLOBAL,
Globals.bWinbindRefreshTickets, NULL, NULL, FLAG_ADVANCED},
{winbind offline logon, P_BOOL, P_GLOBAL,
Globals.bWinbindOfflineLogon, NULL, NULL, FLAG_ADVANCED},
@@ -1636,7 +1635,6 @@
Globals.bWinbindUseDefaultDomain = False;
Globals.bWinbindTrustedDomainsOnly = False;
Globals.bWinbindNestedGroups = True;
- Globals.winbind_max_idle_children = 3;
Globals.szWinbindNssInfo = str_list_make(template, NULL);
Globals.bWinbindRefreshTickets = False;
Globals.bWinbindOfflineLogon = False;
@@ -2088,7 +2086,6 @@
FN_LOCAL_INTEGER(lp_map_readonly, iMap_readonly)
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, Globals.winbind_cache_time)
-FN_GLOBAL_INTEGER(lp_winbind_max_idle_children,
Globals.winbind_max_idle_children)
FN_GLOBAL_LIST(lp_winbind_nss_info, Globals.szWinbindNssInfo)
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, Globals.name_cache_timeout)
svn commit: samba r14531 - in branches/SAMBA_4_0/source: .
Author: jelmer Date: 2006-03-17 20:48:12 + (Fri, 17 Mar 2006) New Revision: 14531 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14531 Log: Install two extra header files Modified: branches/SAMBA_4_0/source/headermap.txt branches/SAMBA_4_0/source/main.mk Changeset: Modified: branches/SAMBA_4_0/source/headermap.txt === --- branches/SAMBA_4_0/source/headermap.txt 2006-03-17 20:35:44 UTC (rev 14530) +++ branches/SAMBA_4_0/source/headermap.txt 2006-03-17 20:48:12 UTC (rev 14531) @@ -69,3 +69,5 @@ librpc/gen_ndr/nbt.h: gen_ndr/nbt.h librpc/gen_ndr/svcctl.h: gen_ndr/nbt.h lib/cmdline/popt_common.h: samba/popt.h +include/dlinklist.h: dlinklist.h +include/version.h: samba/version.h Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2006-03-17 20:35:44 UTC (rev 14530) +++ branches/SAMBA_4_0/source/main.mk 2006-03-17 20:48:12 UTC (rev 14531) @@ -32,7 +32,9 @@ include kdc/config.mk include passdb/config.mk -DEFAULT_HEADERS = $(srcdir)/include/core.h +DEFAULT_HEADERS = $(srcdir)/include/core.h \ + $(srcdir)/include/dlinklist.h \ + $(srcdir)/include/version.h binaries: $(BINARIES) libraries: $(STATIC_LIBS) $(SHARED_LIBS)
svn commit: samba r14532 - in branches/SAMBA_4_0/source: auth/credentials heimdal/lib/vers lib/charset lib/gencache lib/stream lib/tdr lib/util libcli/smb2 libcli/smb_composite smb_server smb_server/s
Author: jelmer Date: 2006-03-17 20:50:26 + (Fri, 17 Mar 2006) New Revision: 14532 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14532 Log: Ignore some more *.d files and autogenerated manpages. Modified: branches/SAMBA_4_0/source/auth/credentials/ branches/SAMBA_4_0/source/heimdal/lib/vers/ branches/SAMBA_4_0/source/lib/charset/ branches/SAMBA_4_0/source/lib/gencache/ branches/SAMBA_4_0/source/lib/stream/ branches/SAMBA_4_0/source/lib/tdr/ branches/SAMBA_4_0/source/lib/util/ branches/SAMBA_4_0/source/libcli/smb2/ branches/SAMBA_4_0/source/libcli/smb_composite/ branches/SAMBA_4_0/source/smb_server/ branches/SAMBA_4_0/source/smb_server/smb/ branches/SAMBA_4_0/source/smb_server/smb2/ branches/SAMBA_4_0/source/smbd/ branches/SAMBA_4_0/source/wrepl_server/ Changeset: Property changes on: branches/SAMBA_4_0/source/auth/credentials ___ Name: svn:ignore - credentials_proto.h + *.d credentials_proto.h Property changes on: branches/SAMBA_4_0/source/heimdal/lib/vers ___ Name: svn:ignore - .sconsign *.ho + *.d .sconsign *.ho Property changes on: branches/SAMBA_4_0/source/lib/charset ___ Name: svn:ignore - charset_proto.h + *.d charset_proto.h Property changes on: branches/SAMBA_4_0/source/lib/gencache ___ Name: svn:ignore - gencache.h + *.d gencache.h Property changes on: branches/SAMBA_4_0/source/lib/stream ___ Name: svn:ignore + *.d Property changes on: branches/SAMBA_4_0/source/lib/tdr ___ Name: svn:ignore - tdr_proto.h *.pc + *.d tdr_proto.h *.pc Property changes on: branches/SAMBA_4_0/source/lib/util ___ Name: svn:ignore - pidfile.h unix_privs.h apidocs util_proto.h *.pc + *.d pidfile.h unix_privs.h apidocs util_proto.h *.pc Property changes on: branches/SAMBA_4_0/source/libcli/smb2 ___ Name: svn:ignore - smb2_proto.h + *.d smb2_proto.h Property changes on: branches/SAMBA_4_0/source/libcli/smb_composite ___ Name: svn:ignore - proto.h + *.d proto.h Property changes on: branches/SAMBA_4_0/source/smb_server ___ Name: svn:ignore - smb_server_proto.h *.d + *.d smb_server_proto.h *.d Property changes on: branches/SAMBA_4_0/source/smb_server/smb ___ Name: svn:ignore - smb_proto.h + *.d smb_proto.h Property changes on: branches/SAMBA_4_0/source/smb_server/smb2 ___ Name: svn:ignore - smb2_proto.h + *.d smb2_proto.h Property changes on: branches/SAMBA_4_0/source/smbd ___ Name: svn:ignore - service_proto.h process_model_proto.h *.d *.po *.po32 + service_proto.h process_model_proto.h *.8 *.d *.po *.po32 Property changes on: branches/SAMBA_4_0/source/wrepl_server ___ Name: svn:ignore - wrepl_server_proto.h + *.d wrepl_server_proto.h
svn commit: samba r14533 - in branches/SAMBA_4_0/source: .
Author: jelmer Date: 2006-03-17 21:16:44 + (Fri, 17 Mar 2006) New Revision: 14533 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14533 Log: Install pidl, remove some useless header dependencies Modified: branches/SAMBA_4_0/source/main.mk Changeset: Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2006-03-17 20:50:26 UTC (rev 14532) +++ branches/SAMBA_4_0/source/main.mk 2006-03-17 21:16:44 UTC (rev 14533) @@ -82,7 +82,7 @@ LMHOSTSFILE = $(CONFIGDIR)/lmhosts install: showlayout installbin installdat installswat installmisc installlib \ - installheader installpc installplugins + installheader installpc installplugins installpidl # DESTDIR is used here to prevent packagers wasting their time # duplicating the Makefile. Remove it and you will have the privilege @@ -150,7 +150,7 @@ @$(SHELL) $(srcdir)/script/installpc.sh $(srcdir) $(DESTDIR)$(PKGCONFIGDIR) $(PC_FILES) uninstall: uninstallbin uninstallman uninstallmisc uninstalllib uninstallheader \ - uninstallplugins + uninstallplugins uninstallpidl uninstallmisc: #FIXME @@ -182,8 +182,11 @@ cd pidl $(PERL) Makefile.PL installpidl: pidl/Makefile - cd pidl $(MAKE) install + $(MAKE) -C pidl install +uninstallpidl: pidl/Makefile + $(MAKE) -C pidl uninstall + IDL_FILES = $(wildcard librpc/idl/*.idl) IDL_HEADER_FILES = $(patsubst librpc/idl/%.idl,librpc/gen_ndr/%.h,$(IDL_FILES)) IDL_NDR_HEADER_FILES = $(patsubst librpc/idl/%.idl,librpc/gen_ndr/ndr_%.h,$(IDL_FILES)) @@ -238,9 +241,7 @@ lib/util/util_proto.h \ lib/charset/charset.h \ param/proto.h \ - libcli/util/proto.h \ - librpc/ndr/ndr_orpc.h \ - librpc/ndr/ndr_compression.h + libcli/util/proto.h clean_pch: -rm -f include/includes.h.gch
