Re: [Samba] adding samba3 to Active Directory Domain
Have you configured kerberos and windbind correctly? Does your net ads join work? Have you linked the libnss_winbind.so correctly? Have you followed this one = http://us3.samba.org/samba/docs/man/ Samba-HOWTO-Collection/winbind.html. Confirm this so can we more easily help. Its kinda hard when you don't say exactly what is wrong, =) A short version of the smb.conf would help also... Cheers, Henrik 16 aug 2006 kl. 05:57 skrev Kevin Gowan: To Whom It May Concern: I really admire the dedication and effort your group has. I am glad more and more people aren't buying into the Microsoft licensing schemes. Keep up the good work! I would like to add the server I have installed to our Active Directory Domain. We have one Win2003 PDC no subnets very basic stuff. I have read many chapters in the official how to guide and would like to zero in on the appropriate section/s that will allow me to configure this appropriately. All my supervisor would like me to do is create a fileserver where no one has to type in their user name and password again when they click on any of the shares. I have tried (on the test bed) configurations from different chapters and I still get user name and password when I click on the server or share. The Server I have installed is Suse 10.0 enterprise. I would appreciate any help that you can provide. Thank you for your time and I look forward to hearing from you soon! Best regards, Kevin G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pam_winbind says I need new password
known bug, they work on setting password expiry to none but a date far in the future should circumvent this problem micha Matt Sellers wrote: Hello all, I have a pretty large DC and am using winbind for our linux workstations and im having a preculiar issue. Not all accounts but some...including mine are recieving the pam error to change password. example... ... WARNING: Your password has expired. You must change your password now and login again! Changing password for user msellers. Changing password for msellers (current) NT password: Changing my password works, but reconnecting results in the same prompt, thus going over and over again. Aug 15 16:02:38 ctilinux2 pam_winbind[1081]: user 'msellers' granted access Aug 15 16:02:38 ctilinux2 pam_winbind[1081]: user 'msellers' OK Aug 15 16:02:38 ctilinux2 pam_winbind[1081]: pam_sm_acct_mgmt success but PAM_WINBIND_NEW_AUTHTOK_REQD is set Aug 15 16:02:38 ctilinux2 pam_winbind[1081]: user 'msellers' needs new password Im never able to login with this account. Ive looked at debug 10 of winbind and cant see anything exciting. Ive seen a few posts in the past but no resolutions any ideas? Thanks Much! Matt Sellers -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-tools and disabling a user
files they might leave on a filesystem somewhere). I'm using an LDAP backend for Samba, and I'm using smbldap-tools to manage accounts. so your posix account information is also stored in ldap. do your users really need /bin/bash or why do you want to disable the posix account, too? why don´t you use winbindd on the DC to authenticate your (posix)users against the samba DC (pam_winbind instead of pam_ldap)? this will reflect all policies and you don´t have to worry about unexpired posix accounts micha Logan Shaw wrote: Hey everyone, When someone leaves the company, I prefer to disable their account rather than remove it (so that you can see who owns any files they might leave on a filesystem somewhere). I'm using an LDAP backend for Samba, and I'm using smbldap-tools to manage accounts. So, today I was going to disable an account for the first time since switching over from plain /etc/passwd and /etc/samba/smbpasswd, and it doesn't seem like there is any tool that can handle both Unix and Samba accounts. Specifically, smbldap-usermod has a -I option, which is described as disable user. It sets the D flag on the Samba account info, but it doesn't have any effect on the RFC 2307 userPassword. I noticed smbldap_tools.pm has a disable_user() sub in it, which is even exported from the module, but nothing calls it, and when I tried calling it myself from a little Perl code, it didn't seem to work. Oh, and I can't really use the straightforward passwd -l command, because I'm using Slackware, which doesn't grok LDAP. I ended up writing a little bash script which uses ldapmodify, which does the job, but I'm wondering if there's a better way that I'm missing. It seems odd that smbldap-useradd supports adding both Unix and Samba accounts, and smbldap-userdel supports deleting both, but smbldap-usermod only supports disabling the Samba half of things... - Logan -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adding samba3 to Active Directory Domain
Dear, Did you read the section Samba ADS domain membership within the Official HOWTO? You may want to have a read there. ( http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member ) Besides, it is also good for you to read the Idmap and Winbind section. Hope this help. Best Rgds, Jacky Hui Chun Kit On 8/16/06, Kevin Gowan [EMAIL PROTECTED] wrote: To Whom It May Concern: I really admire the dedication and effort your group has. I am glad more and more people aren't buying into the Microsoft licensing schemes. Keep up the good work! I would like to add the server I have installed to our Active Directory Domain. We have one Win2003 PDC no subnets very basic stuff. I have read many chapters in the official how to guide and would like to zero in on the appropriate section/s that will allow me to configure this appropriately. All my supervisor would like me to do is create a fileserver where no one has to type in their user name and password again when they click on any of the shares. I have tried (on the test bed) configurations from different chapters and I still get user name and password when I click on the server or share. The Server I have installed is Suse 10.0enterprise. I would appreciate any help that you can provide. Thank you for your time and I look forward to hearing from you soon! Best regards, Kevin G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 ACL problem with Windows XP
Hello! A good day to you all. i seem to be experiencing a quirk with my test setup, as i am unable to delete files/folders even with the proper ACL entries. i am using the stock samba 3 package on FC4(samba-3.0.14a-2), and have set up winbind authentication against a Windows NT 4 PDC. i've created two users, user1 and user2, which have their primary group set to group1(gid=16777221) as shown: [EMAIL PROTECTED] id user1 uid=16777450(user1) gid=16777221 groups=16777221 [EMAIL PROTECTED] id user2 uid=16777451(user2) gid=16777221 groups=16777221 i've created the data share, made the admin_stuff directory and have set the access/default ACLS as follows: [EMAIL PROTECTED] getfacl /data/admin_stuff getfacl: Removing leading '/' from absolute path names # file: /data/admin_stuff # owner: root # group: root user::rwx group::rwx group:16777221:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:16777221:rwx default:mask::rwx default:other::--- i then logged on as user1 using a windows 2000 pc, and logged on as user2 on a windows xp pc. i used the user1 account to create the file user1.txt , and used user2.txt to create user2.txt on the said directory. the getfacl entries are as follows: [EMAIL PROTECTED] ADMIN]# getfacl user1.txt # file: user1.txt # owner: new # group: 16777221 user::rwx group::--- group:16777221:rwx mask::rwx other::--- [EMAIL PROTECTED] ADMIN]# getfacl user2.txt # file: user2.txt # owner: new2 # group: 16777221 user::rwx group::--- group:16777221:rwx mask::rwx other::--- i have no problems editing either files using either accounts. But i can't seem to delete user1.txt when logged on as user2 on the WinXP machine. i got this error: Cannot delete user1.txt: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use. However, i have no problems deleting user2.txt when logged on as user1 on the Windows 2000 machine. My smb.conf is as follows: ## #=== Global Settings = [global] workgroup = TESTDOMAIN netbios name = ENTERPRISE server string = Test Server hosts allow = 192.168.0. 192.168.1. ; load printers = yes ; printing = cups ; cups options = raw log file = /var/log/samba/%m.log max log size = 1048576 security = server password server = * password level = 30 username level = 30 smb passwd file = /etc/samba/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only #the encrypted SMB passwords. They allow the Unix password #to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 remote announce = 192.168.0.255 192.168.1.255 local master = no os level = 33 name resolve order = wins lmhosts bcast wins server = 192.168.0.44 preserve case = yes case sensitive = no # Share Definitions == idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind separator = + winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes nt acl support = yes inherit acls = no ea support = yes # auth methods = winbind follow symlinks = yes wide links = yes log level = 20 [data] create mask = 0700 #force create mode = 0777 path = /data browsable = yes writable = yes ## Any ideas? Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] pam_winbind says I need new password
Dear Matt, I have a pretty large DC and am using winbind for our linux workstations and im having a preculiar issue. Not all accounts but some...including mine are recieving the pam error to change password. This seems to be another instance of https://bugzilla.samba.org/show_bug.cgi?id=3969 With best regards, P. Trifonov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] read error when accessing a file on mounted samba share (Linux)
Hi all, This is my first experience with network file sharing on Linux so I'm looking for debugging advice. Server and client are both running FC5. I've set up my home directory as a share on the server using system-config-samba, everything seems fine. On the client side, as root: # smbclient -L server.domain Password: Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.23a-1.fc4.1] Sharename Type Comment - --- myhome Disk IPC$IPC IPC Service (Samba Server) Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.23a-1.fc4.1] Server Comment ---- WorkgroupMaster ---- MYGROUP ALEXANDER all looks good. This works fine: client# mount -t cifs //server.domain/myname /mnt/test -o username=myname and ls gives a directory listing. client# ll /mnt/test/test.txt -rw-rw-r-- 1 myname myname 1669 Jun 15 16:08 /mnt/test/test.txt but: # cat /mnt/test/test.txt cat: /mnt/test/test.txt: Permission denied I'm running as root, and the permissions seem fine as reported by ll. Any ideas how I could start to work out what's going wrong? It seems I can mount the share and list the contents, but not read the files, although the permissions indicate I should be able to. Please let me know if any more information would be helpful. Thanks, Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] read error when accessing a file on mounted samba share (Linux)
Am 16.08.2006, 12:40 Uhr, schrieb martin [EMAIL PROTECTED]: Hi all, This is my first experience with network file sharing on Linux so I'm looking for debugging advice. Server and client are both running FC5. I've set up my home directory as a share on the server using system-config-samba, everything seems fine. On the client side, as root: # smbclient -L server.domain Password: Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.23a-1.fc4.1] smbclient from package Samba 3.0.23a do have a bug. https://bugzilla.samba.org/show_bug.cgi?id=3967 Try 3.0.23b or 3.0.22 -- Thorsten Hamester -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Reset Workstation Trust (Was: Domain migration from 2.2.x to 3.0.x)
Hi, Here's a weird one for y'all... 14 machines are in the domain DOM. for 4 workstation an entry exists in both passwd and smbpasswd. The other 10 do NOT have any account (linux or samba) but can logon without a problem on the 2.2.x domain. Now the domain is migrated from 2.2.x to 3.0.21c on SuSE 9.3 I have copied the smbpasswd back, and also the tdb files. The 4 workstations mentioned can now login on the samba 3 domain without a problem. The other 10 claim that their computer account could not be located or has a wrong password. I now created the linux and samba accounts by hand. I now want to 'reset' the trust relationship between those ten and samba 3 WITHOUT re-adding the workstations (It's going to wreak havok on the stored user profiles) I have been looking at NETDOM.EXE that *might* do something for me... But it isn't working for me att all... As I'm working on it NOW, I hope someone has an answer quickly :) Cheers, -- Rory Vieira rory dot vieira at gmail dot com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Possible Samba 2.2.8a Issue?
I am (unfortunately) still employing an NT 4.0 single domain for my company's network. There is a single Samba 2.2.8a FreeBSD host I have on the network. It's been active for the past year or so. Everything runs smoothly, but I run into issues every so often that seem kind of odd. And the root cause appears to involve the Samba host. Here's a quick rundown: o The Samba box isn't configured to act as a master browser. o The Samba box uses 'security = server' in its config. o The 'password server = ' portion of the config is pointing to the NT 4.0PDC. o Every month or so all of the BDC's will shut down their Computer Browser services after being unable to pull backup browse lists from the PDC. o The PDC has network connectivity and is accessible from the various BDC's and other hosts. o I remedy things by stopping and restarting the Samba services on the FreeBSD box. After I do so all of the BDC's are once again able to pull backup browse lists from the PDC. This is the only measure that corrects the situation, other than restarting the PDC (last resort). Checking the logs pertaining to contacting the PDC from the Samba box I see messages such as: [2006/08/16 07:44:56, 0] smbd/password.c:server_cryptkey(1055) password server not available Any ideas if this is a known quirk. The password server is definitely available. And if I just restart Samba on the FreeBSD host then everything corrects itself. I googled around a bit and didn't see anything off the bat that looked similar to what I am experiencing... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 ACL problem with Windows XP
On 8/16/06, plug bert [EMAIL PROTECTED] wrote: i am using the stock samba 3 package on FC4(samba-3.0.14a-2), and have set up winbind For starters, is there any reason you wouldn't update to 3.0.23a, since that's the current version on FC4? I also notice these two lines: # file: /data/admin_stuff and [EMAIL PROTECTED] ADMIN]# getfacl user1.txt which suggest that your getfacl on the directory you show us is not the same where these files are...unless you have a symlink. In any case, I'd suggest first updating your packages, and if it still occurs, turn on some debugging and look for the access denied error. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to unlock the locked file.
Hi, I just upgrade from SUSE9.3 to SUSE10.0 and running samba-3.0.22-11. I have a workstation which store outlook.pst on Samba share. Yesterday, this workstation get hang and after a cold boot. It can't access the outlook.pst anymore, the system reported the pst file is using by someone and outlook can't open it…. Could anyone tell me is this pst file locked by Samba and how to unlock it ? Thanks, Jacky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbmount problem - Input/output error
Hello, I am trying to mount a samba partition using a CGI program (C language) and a get the following error when i do $ df: df: `/mnt/b': Input/output error The samba log bring the following message: smbd/service.c:close_cnum(646) srv (192.168.1.2) closed connection to service b I am using the command smbmount //192.168.1.2/b /mnt/b -o username=user,password=pass,ip=192.168.1.2 Can anyone help? -- Rodrigo J. Florenciano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] read error when accessing a file on mounted samba share (Linux)
Thanks for the quick response. I tried downgrading to 3.0.22 on the client machine, I'm afraid it didn't help. Thanks for the suggestion though. Any other ideas? Martin Thorsten Hamester wrote: Am 16.08.2006, 12:40 Uhr, schrieb martin [EMAIL PROTECTED]: Hi all, This is my first experience with network file sharing on Linux so I'm looking for debugging advice. Server and client are both running FC5. I've set up my home directory as a share on the server using system-config-samba, everything seems fine. On the client side, as root: # smbclient -L server.domain Password: Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.23a-1.fc4.1] smbclient from package Samba 3.0.23a do have a bug. https://bugzilla.samba.org/show_bug.cgi?id=3967 Try 3.0.23b or 3.0.22 --Thorsten Hamester -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How to unlock the locked file.
Jacky Chan wrote: Yesterday, this workstation get hang and after a cold boot. It can't access the outlook.pst anymore, the system reported the pst file is using by someone and outlook can't open it…. ... Could anyone tell me is this pst file locked by Samba and how to unlock it quick-n-dirty: cd ${dir_where_outlook.pst_lives} mv outlook.pst outlook.pst.BAK cp -a outlook.pst.BAK outlook.pst -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to unlock the locked file.
On Wed, 16 Aug 2006, Jacky Chan wrote: I just upgrade from SUSE9.3 to SUSE10.0 and running samba-3.0.22-11. I have a workstation which store outlook.pst on Samba share. Yesterday, this workstation get hang and after a cold boot. It can't access the outlook.pst anymore, the system reported the pst file is using by someone and outlook can't open it?. Sometimes this works: 1. Login to the samba server. 2. Run a smbstatus. 3. Find the pid of the process that has the lock on the file in the third section of the output. 4. Verify that it matches the expected user and hostname in the first and second sections of the smbstatus output. 5. Run ps -ef and see how long the smbd with that pid has been running. 6. If it has been running since before the computer was last rebooted, it's a left over smbd. Kill JUST THAT ONE smbd. (And make sure you get the right one -- it should be one that has a parent pid not equal to 1.) - Logan-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAGE PRODUCTS
I may be using a samba server soon for Line50 I was just wondering how well it works on the samba 3 x versions ? Such as file locking issues etc. Do i need to implement any tweaks regarding that. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net groupmap list show no results
Hi Guys I am running FreeBSD 5.4, with version Samba-3-0-23b, and when i run 'net groupmap list', the output is blank. Seems like it's not matching or looking at the local groups that are created by default on the system. i have deleted the group_mapping.tdb in the /var/db/samba directory which gets recreated either when samba is reloaded or when the 'net groupmap list' command is run. I have the domain controller version of samba running at another client with samba version samba-3.0.14a and the same config. Can anybody assist me with this problem. Below is my config: [global] workgroup = SACCAWU server string = Saccawu Directory Server security = user load printers = yes log file = /var/log/samba/log.%m max log size = 50 passdb backend = tdbsam unix password sync = Yes passwd program = /usr/local/sbin/passwdwrap.sh %u passwd chat = *new*password* %n\n *new*password* %n\n *Changed* passwd chat debug = Yes socket options = TCP_NODELAY local master = yes os level = 255 domain master = yes preferred master = yes domain logons = yes dns proxy = no add user script = /usr/sbin/pw useradd %u -g users add group script = /usr/sbin/pw groupadd %g add machine script = /usr/sbin/pw adduser %u -g machines -c Machine -d /dev/null -s /dev/null delete user script = /usr/sbin/pw userdel %u delete group script = /usr/sbin/pw groupdel %g username map = /usr/local/etc/smbusers logon script = logon.bat logon path = logon drive = H: logon home = \\%L\%U -- Regards Pyuesh Daya Beginning 2 End Technologies (Pty) Ltd Tel : +27 861 223 223 Fax : +27 11 447 9927 Cell: +27 82 777 9983 E-Mail: [EMAIL PROTECTED] WebSite: http://www.b2e.co.za -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind allowing entire domain
Hello. I'm using winbind 3.0.10-1.4E.6 for logins on a RHEL4 box. It's working perfectly, but I'd like to restrict logins to only a few select people in the windows domain. By default winbind allows the entire domain to login. How can I restrict things? I've tried adding valid users = user1 invalid users = user2 to my smb.conf but it doesn't seem to do anything (I suspect those only works for the shares). Has anyone found a way to do this? I've tried searching far and wide with no workable results. Thanks for your help, -Jeff G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SOLVED]Re: [Samba] Problems printing lanscape on SAMBA advertized printers
The solution was derived by accident. Fort historical/legacy reasons, the PC drivers installed were all PCL. Apparently at one time Windows machines handled PostScript very badly and even a simple job would take an absurdly long time to print. While I was using an earlier version of Samba (2.2.7a-security-rollup-fix) and lprng, this all worked fine. The problem came about when I replaced that older server with a newer one running version 3.0.14a-2 with CUPS. I say the problem was resolved by accident because I unintentionally installed a PostScript driver for the 5Ms. It worked perfectly, and the legacy slowness did not occur. So, I've started replacing all the various drivers with the PostScript version. In my case, the issue is now academic, but are there problems with Samba-3 and PCL print drivers? Thanks, Rob Rob Tanner said the following on 08/14/2006 03:37 PM: Hi, I'm having a problem with some model of HP printers (specifically 5Ms and 8100s) not printing landscape when accessed via SAMBA (version 3.0.14a-2). The problem is actually visible in print preview on the windows box. But have the same computer print to the printer directly and there's no problem. I'm presuming this has something to do with the way SAMBA interfaces with the windows drivers. Drivers are installed the easy way by unzipping them on a PC, and letting windows actually upload the driver to the server. I'm truly baffled and so I hope someone else has seen this problem and gotten through it. Thanks, Rob -- Rob Tanner UNIX Services Manager Linfield College, McMinnville OR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sharing a Win-XP(pro) USB printer :(
Hello Family, I'm having a hell of a time just trying to see the shared printer on a Win-XP(pro) box here at home. All my other Windows boxes can not only see it but print to it, my Unix family (all of the relatives) of machines are having no luck. I apologize if this is something simple for Samba has evolved so much that one barely needs to do anything to get stuff working for It just works! TIA -- Bill Schoolcraft * http://wiliweld.com ~ Failure is not falling down, but refusing to get up! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble with Winbind and domain group membership
Summary of problem: members of Active Directory groups cannot access Samba shares that their group membership should allow. I recently joined our Linux servers to our Windows 2003 domain using Samba/Winbind. The research and implementation were time-consuming, but the results made it all worthwhile. Unfortunately I am running into a problem relating to group membership on the domain as it relates to share access. I'll give a pared-down example of a share definition from smb.conf: [graphics] comment = Graphic design files path = /srv/samba/graphics valid users = @%D+Graphics public = no force group = %D+Graphics (The winbind separator is +) The idea is to allow only members of the domain group Graphics access to the share and to force group ownership on files that are created through the share to be Graphics. Here is some command output (The domain name is MWO): wbinfo -g | grep Graphics MWO+Graphics getent group | grep Graphics MWO+Graphics:x:10029:MWO+mdavidson wbinfo -G 10029 S-1-5-21-1830939736-2914305965-1243072980-1232 The first command tells me that Winbind know the group is there. The second tells me that I'm a member of the group. The third tells me that the Unix GID translates to an NT ID properly. The problem happens when I attempt to connect to the share. It says Access is Denied. If I comment out the valid users parameter in smb.conf, I get The specified group does not exist when connecting to the share. If I comment out both the valid users and force group parameters, I can connect, however this does not make good security. To complicate matters, testparm says 'winbind separator = +' might cause problems with group membership. In your experience, is this truly the problem? I am hesitant to make a change to the [global] section unless I am confident it will solve my problem. Thank you, Michael Davidson Mount Washington Observatory www.mountwashington.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: adding samba3 to Active Directory Domain
On 8/16/06, Kevin Gowan [EMAIL PROTECTED] wrote: To Whom It May Concern: I really admire the dedication and effort your group has. I am glad more and more people aren't buying into the Microsoft licensing schemes. Keep up the good work! I would like to add the server I have installed to our Active Directory Domain. We have one Win2003 PDC no subnets very basic stuff. I have read many chapters in the official how to guide and would like to zero in on the appropriate section/s that will allow me to configure this appropriately. All my supervisor would like me to do is create a fileserver where no one has to type in their user name and password again when they click on any of the shares. I have tried (on the test bed) configurations from different chapters and I still get user name and password when I click on the server or share. The Server I have installed is Suse 10.0enterprise. I would appreciate any help that you can provide. Thank you for your time and I look forward to hearing from you soon! Best regards, Kevin G Hey Kevin, We are using our Samba server in the same way - File/Print in a W2K3 AD single forest/domain. Definitely look at the AD section. I found the Samba-3 By Example book to be very helpful, too - Section 9.3.3 covers a file server in an AD domain. Here's our config that is working just fine: [global] unix charset = LOCALE workgroup = MYDOMAIN realm = MYDOMAIN.INT server string = Production File Server security = ADS allow trusted domains = No enable privileges = Yes username map = /etc/samba/smbusers log level = 1 log file = /var/log/samba/%m max log size = 50 deadtime = 15 printcap name = cups wins server = 10.0.0.2 ldap ssl = no idmap backend = idmap_rid:MYDOMAIN=1-5 idmap uid = 1-5 idmap gid = 1-5 template shell = /bin/bash winbind separator = + cups options = raw The only thing to be aware of is, for our config, I chose to use the idmap_rid since I will end up having multuple servers and wanted to ensure that the uids remain consistent. For this I needed to rebuild the Suse 10.0RPM to enable this. Make sure the server is correctly listed in DNS (A record in the AD domain) prior to adding it to the domain with the net ads join command. Also ensure that ntp is running and keeping time in sync. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] adding samba3 to Active Directory Domain
I found this page to be extremely helpful when I joined several FC Linux boxes to a Win 2k3 domain: http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 Also, if you're using the [homes] share and want to have shared home directories created on the fly for first time users, put obey pam restrictions = yes in your smb.conf and session required /lib/security/pam_mkhomedir.so skel=your/skeleton/directory umask=your_umask in the appropriate file in /etc/pam.d It took me a looong time to find that out. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven Cardinal Sent: Wednesday, August 16, 2006 2:26 PM To: samba@lists.samba.org; [EMAIL PROTECTED] Subject: [Samba] Re: adding samba3 to Active Directory Domain On 8/16/06, Kevin Gowan [EMAIL PROTECTED] wrote: To Whom It May Concern: I really admire the dedication and effort your group has. I am glad more and more people aren't buying into the Microsoft licensing schemes. Keep up the good work! I would like to add the server I have installed to our Active Directory Domain. We have one Win2003 PDC no subnets very basic stuff. I have read many chapters in the official how to guide and would like to zero in on the appropriate section/s that will allow me to configure this appropriately. All my supervisor would like me to do is create a fileserver where no one has to type in their user name and password again when they click on any of the shares. I have tried (on the test bed) configurations from different chapters and I still get user name and password when I click on the server or share. The Server I have installed is Suse 10.0enterprise. I would appreciate any help that you can provide. Thank you for your time and I look forward to hearing from you soon! Best regards, Kevin G Hey Kevin, We are using our Samba server in the same way - File/Print in a W2K3 AD single forest/domain. Definitely look at the AD section. I found the Samba-3 By Example book to be very helpful, too - Section 9.3.3 covers a file server in an AD domain. Here's our config that is working just fine: [global] unix charset = LOCALE workgroup = MYDOMAIN realm = MYDOMAIN.INT server string = Production File Server security = ADS allow trusted domains = No enable privileges = Yes username map = /etc/samba/smbusers log level = 1 log file = /var/log/samba/%m max log size = 50 deadtime = 15 printcap name = cups wins server = 10.0.0.2 ldap ssl = no idmap backend = idmap_rid:MYDOMAIN=1-5 idmap uid = 1-5 idmap gid = 1-5 template shell = /bin/bash winbind separator = + cups options = raw The only thing to be aware of is, for our config, I chose to use the idmap_rid since I will end up having multuple servers and wanted to ensure that the uids remain consistent. For this I needed to rebuild the Suse 10.0RPM to enable this. Make sure the server is correctly listed in DNS (A record in the AD domain) prior to adding it to the domain with the net ads join command. Also ensure that ntp is running and keeping time in sync. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.23b PDC vs NetApp
Hello, I've been using the workaround described at http://www.x-tend.be/~fred/howtos/samba3.html#13 to allow a NetApp filer to join my Samba domain. Apparently the ability to chain multiple passdb backend entries goes away with version 3.0.23. Said workaround seems to rely on this functionality. For now I've reverted to 3.0.22, but I wonder if anyone knows of any alternative ways to join a NetApp to a Samba domain controller? Thank you, -- Roy McMorran Systems Administrator MDI Biological Laboratory -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.23b PDC vs NetApp
On Wed, 2006-08-16 at 16:23 -0400, Roy McMorran wrote: Hello, I've been using the workaround described at http://www.x-tend.be/~fred/howtos/samba3.html#13 to allow a NetApp filer to join my Samba domain. Apparently the ability to chain multiple passdb backend entries goes away with version 3.0.23. Said workaround seems to rely on this functionality. For now I've reverted to 3.0.22, but I wonder if anyone knows of any alternative ways to join a NetApp to a Samba domain controller? smbpasswd and ldapsam should behave in the same way, can you describe what problem do you see with passdb backend = ldap and NetApp? Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing a Win-XP(pro) USB printer :(
At Wed, 16 Aug 2006 it looks like Gary Dale composed: Bill Schoolcraft wrote: Hello Family, I'm having a hell of a time just trying to see the shared printer on a Win-XP(pro) box here at home. All my other Windows boxes can not only see it but print to it, my Unix family (all of the relatives) of machines are having no luck. I apologize if this is something simple for Samba has evolved so much that one barely needs to do anything to get stuff working for It just works! TIA If you are running KDE, simply go into Settings | printers, fire up Administrator mode and add the printer. Gary, The printer is not a visable share to my Unix/Linux boxes (which all use KDE) even on the same machine it is plugged into where I can see all the stuff I have enabled for sharing. For some reason the XP-Pro box will reveal all the other directories, drives etc but the printer will not show. Of course the exact same printer is visable to all the Windows boxes on the network. Thanks for taking the time to reply to my email. :) -- Bill Schoolcraft * http://wiliweld.com ~ Failure is not falling down, but refusing to get up! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing a Win-XP(pro) USB printer :(
Bill Schoolcraft wrote: Hello Family, I'm having a hell of a time just trying to see the shared printer on a Win-XP(pro) box here at home. All my other Windows boxes can not only see it but print to it, my Unix family (all of the relatives) of machines are having no luck. I apologize if this is something simple for Samba has evolved so much that one barely needs to do anything to get stuff working for It just works! TIA If you are running KDE, simply go into Settings | printers, fire up Administrator mode and add the printer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to access an automounted home and read/write with AD user
hello, I have samba 3.0.21c on an aix 5.2.0.7 server configured to use active directory authentication. However, I need to do something a little funky: The server with samba I will call: sambaserver A server with a user's home directory that is automounted on a few other servers: homeserver The user has on homeserver his files that he works on that he conveniently has automounted on development, test, qa servers. He is used to checking out code from a code repository into a samba share that maps to his home directory on homeserver. This way he can move code around between development, test, qa. This worked fine when he had old non-active-directory samba on the homeserver. Now, we need to remove samba from homeserver and put it on a dedicated samba server. It uses active directory. I set up automount on the sambaserver to allow the user to automount his home directory on the samba server. I then tried to use samba to share the automounted home directory. The problem is that the home directory is owned by the unix user on the box, but the user is connecting to the share with their active directory account. The home directory mounts with mode 077, which makes it so I cannot even read in the directory even when I use force user option (it must be connecting as root and then trying after the fact use the force user option I guess). If I change the directory mode to 022, I can read in the directory, but I still cannot write/read in the directory. I am at a loss as to what user it really is connecting as and why I can read but not write. I tried a map.user file to map the domain user to the unix user. That did not help either. David David Shapiro Distributed Systems Unix Team Lead office: 919-765-2011 cellphone: 730-0538 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbprint to Win XP
My server is running Centos 4. The printer is attached to a Win XP machine. Print service is CUPS. Samba version is 3.0.10. I can use smbclient to connect to the printer and successfully print. I have set the printer up with exactly the same settings as I am using with smbclient. When I use lpr to print nothing prints and when I do an lpstat I get the message: Connection failed with error NT_STATUS_UNSUCCESSFUL. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] connect_to_domain_password_server: unable to open the domain client session to machine SJMEMDC40. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Good afternoon. I cannot seem to get my test samba (domain member) server to use a windows 2003 PDC, SJMEMDC40. Are there any outstanding issues with a win2003 PDC and a samba domain member server? Her are my errors: [2006/08/16 16:40:46, 0] rpc_client/cli_pipe.c:get_schannel_session_key(2443) get_schannel_session_key: could not fetch trust account password for domain 'CBT' [2006/08/16 16:40:46, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2673) cli_rpc_pipe_open_schannel: failed to get schannel session key from server SJMEMDC40 for domain CBT. [2006/08/16 16:40:46, 0] auth/auth_domain.c:connect_to_domain_password_server(112) connect_to_domain_password_server: unable to open the domain client session to machine SJMEMDC40. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2006/08/16 16:40:46, 0] auth/auth_domain.c:domain_client_validate(206) domain_client_validate: Domain password server not available. I'm running 3.0.23a [EMAIL PROTECTED] var]# more ../lib/smb.conf # Global parameters [global] workgroup = CBT printing = none #bind interfaces only = Yes security = DOMAIN #Interfaces = 199.76.2.108/24 127.0.0.1/24 encrypt passwords = Yes obey pam restrictions = Yes password server = 10.4.17.19 cups server = none #smb passwd file = /usr/local/samba/private/smbpasswd syslog = 2 log file = /usr/local/samba/var/log.%m max log size = 50 preferred master = No wins server = 10.1.1.203,10.1.1.202,10.1.1.240 #local master = No domain master = no dns proxy = No create mask = 0700 force create mode = 0700 security mask = 0700 directory mask = 0700 directory security mask = 0700 oplock break wait time = 2 wins support = no netbios name = vfscstage netbios aliases = interfaces = 199.76.2.116/255.255.255.0 [workspace_1] path = /test/workspace writable = yes valid users = bpappas Thanks, Bill Pappas - System Integration Engineer - SAN St. Jude Children's Research Hospital 332 North Lauderdale Memphis, TN 38105 Danny Thomas Tower - Room D1010 Mail Stop 312 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net user add disables remote account automatically?
I notice when issuing the command net rpc user testuser -S ip_address -U administrator%password that the testuser gets added to the remote machine (Win 2k3) sucessfully, however the account is disabled. After adding the user remotely it requires that the administrator log into the remote machine ip_address to enable the newly created account. Is there a way to add a user to a remote windows machine through samba without the account being automatically disabled? I noticed it is possible to add the account through an at command using cmdat from Samba-TNG, but I need SMB siging so it looks like it rules out Samba-TNG. Thanks in advance for any help or ideas offered. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbprint to Win XP
i have a script called /usr/bin/printfilexp that contains: #!/bin/sh # Print from Unix on a printer on SMB network. An assumption is that # 'printer' was posted as a passwordless share # client=$USER # client name here... pshare=printer# and here printer share name printfile=/tmp/smbspool.$$ cat $1 $printfile if [ -s $printfile ] ; then ( echo translate ; echo print $printfile ; echo quit ) \ | smbclient //$client/$pshare -U $USER fi rm -f $printfile exit 0 and to print something you just do /usr/bin/printfilexp whatever.txt but your unix shell name has to be the same name as your windows xp computer name under my computer and your printer has to be shared as printer on the printer sharing tab. Terry Orgill wrote: My server is running Centos 4. The printer is attached to a Win XP machine. Print service is CUPS. Samba version is 3.0.10. I can use smbclient to connect to the printer and successfully print. I have set the printer up with exactly the same settings as I am using with smbclient. When I use lpr to print nothing prints and when I do an lpstat I get the message: Connection failed with error NT_STATUS_UNSUCCESSFUL. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbprint to Win XP
Why not just use cups? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Williams Sent: Wednesday, August 16, 2006 7:06 PM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] smbprint to Win XP i have a script called /usr/bin/printfilexp that contains: #!/bin/sh # Print from Unix on a printer on SMB network. An assumption is that # 'printer' was posted as a passwordless share # client=$USER # client name here... pshare=printer# and here printer share name printfile=/tmp/smbspool.$$ cat $1 $printfile if [ -s $printfile ] ; then ( echo translate ; echo print $printfile ; echo quit ) \ | smbclient //$client/$pshare -U $USER fi rm -f $printfile exit 0 and to print something you just do /usr/bin/printfilexp whatever.txt but your unix shell name has to be the same name as your windows xp computer name under my computer and your printer has to be shared as printer on the printer sharing tab. Terry Orgill wrote: My server is running Centos 4. The printer is attached to a Win XP machine. Print service is CUPS. Samba version is 3.0.10. I can use smbclient to connect to the printer and successfully print. I have set the printer up with exactly the same settings as I am using with smbclient. When I use lpr to print nothing prints and when I do an lpstat I get the message: Connection failed with error NT_STATUS_UNSUCCESSFUL. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] MAC to Windows 2003
Where do I find a version of Samba that will work on Windows 2003? I would be happy to test a bata version of one was available. I need to connect new MAC G5's to a Windows 2003 server for file sharing and storage. Thank you for your help. Danny Martin Instructional Designer 912-353-5277 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] MAC to Windows 2003
On Wed, 2006-08-16 at 22:01 -0400, martind wrote: Where do I find a version of Samba that will work on Windows 2003? I would be happy to test a bata version of one was available. I need to connect new MAC G5's to a Windows 2003 server for file sharing and storage. On the client side, this is Apple's CIFS client, not Samba. You could use our tools such as smbclient, but that won't show up as a mounted filesystem. What is the problem you are having? If it is SMB Signing, then I would keep an eye out for newer versions of Apple's OS, or turn of the requirement for SMB signing on the server. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r17564 - in branches/SAMBA_4_0/source/build/m4: .
Author: metze Date: 2006-08-16 05:59:24 + (Wed, 16 Aug 2006) New Revision: 17564 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17564 Log: we don't need a AC_TRY_RUN to test the compiler warning options metze Modified: branches/SAMBA_4_0/source/build/m4/check_cc.m4 Changeset: Modified: branches/SAMBA_4_0/source/build/m4/check_cc.m4 === --- branches/SAMBA_4_0/source/build/m4/check_cc.m4 2006-08-15 23:18:20 UTC (rev 17563) +++ branches/SAMBA_4_0/source/build/m4/check_cc.m4 2006-08-16 05:59:24 UTC (rev 17564) @@ -167,7 +167,7 @@ OLD_CFLAGS=${CFLAGS} CFLAGS=${CFLAGS} ${DEVELOPER_CFLAGS} AC_MSG_CHECKING([that the C compiler can use the DEVELOPER_CFLAGS]) - AC_TRY_RUN([#include ${srcdir-.}/build/tests/trivial.c], + AC_TRY_COMPILE([],[], AC_MSG_RESULT(yes), DEVELOPER_CFLAGS=; AC_MSG_RESULT(no)) CFLAGS=${OLD_CFLAGS}
svn commit: samba r17565 - in branches/SAMBA_4_0/source/build/m4: .
Author: metze Date: 2006-08-16 06:04:36 + (Wed, 16 Aug 2006) New Revision: 17565 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17565 Log: expand the test for negative enum values, systems like Tru64 truncate the value to INT_MAX... So a AC_TRY_RUN test is needed here metze Modified: branches/SAMBA_4_0/source/build/m4/check_cc.m4 Changeset: Modified: branches/SAMBA_4_0/source/build/m4/check_cc.m4 === --- branches/SAMBA_4_0/source/build/m4/check_cc.m4 2006-08-16 05:59:24 UTC (rev 17564) +++ branches/SAMBA_4_0/source/build/m4/check_cc.m4 2006-08-16 06:04:36 UTC (rev 17565) @@ -86,11 +86,28 @@ # check if the compiler can handle negative enum values +# and don't truncate the values to INT_MAX +# a runtime test is needed here AC_CACHE_CHECK([that the C compiler understands negative enum values],SMB_BUILD_CC_NEGATIVE_ENUM_VALUES, [ -AC_TRY_COMPILE([ -#include stdio.h], +AC_TRY_RUN( [ + #include stdio.h enum negative_values { NEGATIVE_VALUE = 0x }; + int main(void) { + enum negative_values v1 = NEGATIVE_VALUE; + unsigned v2 = NEGATIVE_VALUE; + + if (v1 != 0x) { + printf(%u != 0x\n, v1); + return 1; + } + if (v2 != 0x) { + printf(%u != 0x\n, v2); + return 1; + } + + return 0; + } ], SMB_BUILD_CC_NEGATIVE_ENUM_VALUES=yes,SMB_BUILD_CC_NEGATIVE_ENUM_VALUES=no)]) if test x$SMB_BUILD_CC_NEGATIVE_ENUM_VALUES != xyes; then
svn commit: samba r17566 - in branches/SAMBA_4_0/source/build/m4: .
Author: metze Date: 2006-08-16 06:11:22 + (Wed, 16 Aug 2006) New Revision: 17566 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17566 Log: test if the compiler support inline, this results in #define inline if the compiler doesn't support it This hopefully fix the build on some hosts, however we should not start to use inline in our code this is more to not need to touch imported files from heimdal or popt. metze Modified: branches/SAMBA_4_0/source/build/m4/check_cc.m4 Changeset: Modified: branches/SAMBA_4_0/source/build/m4/check_cc.m4 === --- branches/SAMBA_4_0/source/build/m4/check_cc.m4 2006-08-16 06:04:36 UTC (rev 17565) +++ branches/SAMBA_4_0/source/build/m4/check_cc.m4 2006-08-16 06:11:22 UTC (rev 17566) @@ -26,6 +26,8 @@ dnl needed before AC_TRY_COMPILE AC_ISC_POSIX +AC_C_INLINE + AC_CACHE_CHECK([that the C compiler can precompile header files],samba_cv_precompiled_headers, [ dnl Check whether the compiler can generate precompiled headers touch conftest.h
svn commit: samba r17567 - in branches/SAMBA_4_0/source/libcli/util: .
Author: metze Date: 2006-08-16 08:53:25 + (Wed, 16 Aug 2006) New Revision: 17567 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17567 Log: add error code I got from DsGetNCChanges when I don't use the DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION flag on DsBind metze Modified: branches/SAMBA_4_0/source/libcli/util/doserr.c branches/SAMBA_4_0/source/libcli/util/doserr.h Changeset: Modified: branches/SAMBA_4_0/source/libcli/util/doserr.c === --- branches/SAMBA_4_0/source/libcli/util/doserr.c 2006-08-16 06:11:22 UTC (rev 17566) +++ branches/SAMBA_4_0/source/libcli/util/doserr.c 2006-08-16 08:53:25 UTC (rev 17567) @@ -101,6 +101,7 @@ { WERR_CLASS_NOT_REGISTERED, WERR_CLASS_NOT_REGISTERED }, { WERR_NO_SHUTDOWN_IN_PROGRESS, WERR_NO_SHUTDOWN_IN_PROGRESS }, { WERR_SHUTDOWN_ALREADY_IN_PROGRESS, WERR_SHUTDOWN_ALREADY_IN_PROGRESS }, + { WERR_SEC_E_ALGORITHM_MISMATCH, WERR_SEC_E_ALGORITHM_MISMATCH }, { NULL, W_ERROR(0) } }; Modified: branches/SAMBA_4_0/source/libcli/util/doserr.h === --- branches/SAMBA_4_0/source/libcli/util/doserr.h 2006-08-16 06:11:22 UTC (rev 17566) +++ branches/SAMBA_4_0/source/libcli/util/doserr.h 2006-08-16 08:53:25 UTC (rev 17567) @@ -265,6 +265,9 @@ #define WERR_DS_DNS_LOOKUP_FAILURE W_ERROR(0x214c) #define WERR_DS_WRONG_LINKED_ATTRIBUTE_SYNTAX W_ERROR(0x2150) +/* SEC errors */ +#define WERR_SEC_E_ALGORITHM_MISMATCH W_ERROR(0x80090331) + #define WERR_FOOBAR WERR_GENERAL_FAILURE #endif /* _DOSERR_H */
svn commit: samba r17568 - in branches/SAMBA_3_0/source/smbd: .
Author: vlendec Date: 2006-08-16 09:10:54 + (Wed, 16 Aug 2006) New Revision: 17568 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17568 Log: Reformatting -- more than 100 cols is too much :-) Modified: branches/SAMBA_3_0/source/smbd/server.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/server.c === --- branches/SAMBA_3_0/source/smbd/server.c 2006-08-16 08:53:25 UTC (rev 17567) +++ branches/SAMBA_3_0/source/smbd/server.c 2006-08-16 09:10:54 UTC (rev 17568) @@ -450,7 +450,8 @@ if (smbd_server_fd() != -1 interactive) return True; - if (allowable_number_of_smbd_processes() smbd_server_fd() != -1 sys_fork()==0) { + if (allowable_number_of_smbd_processes() + smbd_server_fd() != -1 sys_fork()==0) { /* Child code ... */ /* close the listening socket(s) */ @@ -467,7 +468,8 @@ /* this is needed so that we get decent entries in smbstatus for port 445 connects */ - set_remote_machine_name(get_peer_addr(smbd_server_fd()), False); + set_remote_machine_name(get_peer_addr(smbd_server_fd()), + False); /* Reset the state of the random * number generation system, so @@ -475,7 +477,8 @@ * numbers as each other */ set_need_random_reseed(); - /* tdb needs special fork handling - remove CLEAR_IF_FIRST flags */ + /* tdb needs special fork handling - remove +* CLEAR_IF_FIRST flags */ if (tdb_reopen_all(1) == -1) { DEBUG(0,(tdb_reopen_all failed.\n)); smb_panic(tdb_reopen_all failed.);
svn commit: samba r17569 - in branches/SAMBA_3_0/source: lib smbd
Author: vlendec Date: 2006-08-16 10:36:19 + (Wed, 16 Aug 2006) New Revision: 17569 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17569 Log: Make 'max smbd processes' more robust. Counting on the child to decrement a tdb entry is not the most reliable way to count children correctly. This increments the number of children after a fork and decrements it upon SIGCLD. I'm keeping a list of children just for consistency checks, so that we at least get a debug level 0 message if something goes wrong. Volker Modified: branches/SAMBA_3_0/source/lib/dummysmbd.c branches/SAMBA_3_0/source/lib/util.c branches/SAMBA_3_0/source/smbd/process.c branches/SAMBA_3_0/source/smbd/server.c Changeset: Modified: branches/SAMBA_3_0/source/lib/dummysmbd.c === --- branches/SAMBA_3_0/source/lib/dummysmbd.c 2006-08-16 09:10:54 UTC (rev 17568) +++ branches/SAMBA_3_0/source/lib/dummysmbd.c 2006-08-16 10:36:19 UTC (rev 17569) @@ -24,11 +24,6 @@ #include includes.h -void decrement_smbd_process_count( void ) -{ - return; -} - int find_service(fstring service) { return -1; Modified: branches/SAMBA_3_0/source/lib/util.c === --- branches/SAMBA_3_0/source/lib/util.c2006-08-16 09:10:54 UTC (rev 17568) +++ branches/SAMBA_3_0/source/lib/util.c2006-08-16 10:36:19 UTC (rev 17569) @@ -1594,9 +1594,6 @@ (unsigned long long)sys_getpid(), why)); log_stack_trace(); - /* only smbd needs to decrement the smbd counter in connections.tdb */ - decrement_smbd_process_count(); - cmd = lp_panic_action(); if (cmd *cmd) { DEBUG(0, (smb_panic(): calling panic action [%s]\n, cmd)); Modified: branches/SAMBA_3_0/source/smbd/process.c === --- branches/SAMBA_3_0/source/smbd/process.c2006-08-16 09:10:54 UTC (rev 17568) +++ branches/SAMBA_3_0/source/smbd/process.c2006-08-16 10:36:19 UTC (rev 17569) @@ -1032,60 +1032,6 @@ } / - Keep track of the number of running smbd's. This functionality is used to - 'hard' limit Samba overhead on resource constrained systems. -/ - -static BOOL process_count_update_successful = False; - -static int32 increment_smbd_process_count(void) -{ - int32 total_smbds; - - if (lp_max_smbd_processes()) { - total_smbds = 0; - if (tdb_change_int32_atomic(conn_tdb_ctx(), INFO/total_smbds, total_smbds, 1) == -1) - return 1; - process_count_update_successful = True; - return total_smbds + 1; - } - return 1; -} - -void decrement_smbd_process_count(void) -{ - int32 total_smbds; - - if (lp_max_smbd_processes() process_count_update_successful) { - total_smbds = 1; - tdb_change_int32_atomic(conn_tdb_ctx(), INFO/total_smbds, total_smbds, -1); - } -} - -static BOOL smbd_process_limit(void) -{ - int32 total_smbds; - - if (lp_max_smbd_processes()) { - - /* Always add one to the smbd process count, as exit_server() always -* subtracts one. -*/ - - if (!conn_tdb_ctx()) { - DEBUG(0,(smbd_process_limit: max smbd processes parameter set with status parameter not \ -set. Ignoring max smbd restriction.\n)); - return False; - } - - total_smbds = increment_smbd_process_count(); - return total_smbds lp_max_smbd_processes(); - } - else - return False; -} - -/ Process an smb from the client / @@ -1103,8 +1049,8 @@ deny parameters before doing any parsing of the packet passed to us by the client. This prevents attacks on our parsing code from hosts not in the hosts allow list */ - if (smbd_process_limit() || - !check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1))) { + if (!check_access(smbd_server_fd(), lp_hostsallow(-1), + lp_hostsdeny(-1))) { /* send a negative session response not listening on calling name */ static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; DEBUG( 1, ( Connection denied from %s\n, client_addr() ) ); Modified: branches/SAMBA_3_0/source/smbd/server.c
svn commit: samba r17570 - in branches/SAMBA_4_0/source/librpc: . idl
Author: metze Date: 2006-08-16 14:49:22 + (Wed, 16 Aug 2006) New Revision: 17570 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17570 Log: add dummy functions for the frsrpc and frsapi interfaces based on the wireshark information metze Added: branches/SAMBA_4_0/source/librpc/idl/frsapi.idl branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl Modified: branches/SAMBA_4_0/source/librpc/config.mk Changeset: Modified: branches/SAMBA_4_0/source/librpc/config.mk === --- branches/SAMBA_4_0/source/librpc/config.mk 2006-08-16 10:36:19 UTC (rev 17569) +++ branches/SAMBA_4_0/source/librpc/config.mk 2006-08-16 14:49:22 UTC (rev 17570) @@ -97,6 +97,18 @@ OBJ_FILES = gen_ndr/ndr_dfs.o PUBLIC_DEPENDENCIES = LIBNDR +[LIBRARY::NDR_FRSRPC] +VERSION = 0.0.1 +SO_VERSION = 0 +OBJ_FILES = gen_ndr/ndr_frsrpc.o +PUBLIC_DEPENDENCIES = LIBNDR + +[LIBRARY::NDR_FRSAPI] +VERSION = 0.0.1 +SO_VERSION = 0 +OBJ_FILES = gen_ndr/ndr_frsapi.o +PUBLIC_DEPENDENCIES = LIBNDR + [LIBRARY::NDR_DRSUAPI] VERSION = 0.0.1 SO_VERSION = 0 @@ -358,7 +370,7 @@ NDR_NETLOGON NDR_TRKWKS NDR_KEYSVC NDR_KRB5PAC NDR_XATTR NDR_SCHANNEL \ NDR_ROT NDR_DRSBLOBS NDR_SVCCTL NDR_NBT NDR_WINSREPL NDR_SECURITY \ NDR_INITSHUTDOWN NDR_DNSSERVER NDR_WINSTATION NDR_IRPC NDR_DCOM NDR_OPENDB \ - NDR_SASL_HELPERS NDR_NOTIFY NDR_WINBIND + NDR_SASL_HELPERS NDR_NOTIFY NDR_WINBIND NDR_FRSRPC NDR_FRSAPI [LIBRARY::RPC_NDR_ROT] VERSION = 0.0.1 Added: branches/SAMBA_4_0/source/librpc/idl/frsapi.idl === --- branches/SAMBA_4_0/source/librpc/idl/frsapi.idl 2006-08-16 10:36:19 UTC (rev 17569) +++ branches/SAMBA_4_0/source/librpc/idl/frsapi.idl 2006-08-16 14:49:22 UTC (rev 17570) @@ -0,0 +1,50 @@ +[ + uuid(d049b186-814f-11d1-9a3c-00c04fc9b232), + version(1.1), + endpoint(ncacn_ip_tcp:, ncalrpc:), + helpstring(File Replication API), + pointer_default(unique), + keepref +] +interface frsapi +{ + // + /* Function 0x00 */ + void FRSAPI_VERIFY_PROMOTION(); + + // + /* Function 0x01 */ + void FRSAPI_PROMOTION_STATUS(); + + // + /* Function 0x02 */ + void FRSAPI_START_DEMOTION(); + + // + /* Function 0x03 */ + void FRSAPI_COMMIT_DEMOTION(); + + // + /* Function 0x04 */ + void FRSAPI_SET_DS_POLLING_INTERVAL_W(); + + // + /* Function 0x05 */ + void FRSAPI_GET_DS_POLLING_INTERVAL_W(); + + // + /* Function 0x06 */ + void FRSAPI_VERIFY_PROMOTION_W(); + + // + /* Function 0x07 */ + void FRSAPI_INFO_W(); + + // + /* Function 0x08 */ + void FRSAPI_IS_PATH_REPLICATED(); + + // + /* Function 0x09 */ + void FRSAPI_WRITER_COMMAND(); +} Added: branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl === --- branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl 2006-08-16 10:36:19 UTC (rev 17569) +++ branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl 2006-08-16 14:49:22 UTC (rev 17570) @@ -0,0 +1,54 @@ +[ + uuid(f5cc59b4-4264-101a-8c59-08002b2f8426), + version(1.1), + endpoint(ncacn_ip_tcp:, ncalrpc:), + helpstring(File Replication Service), + pointer_default(unique), + keepref +] +interface frsrpc +{ + /*/ + /* Function 0x00 */ + void FRSRPC_SEND_COMM_PKT(); + + /*/ + /* Function 0x01 */ + void FRSRPC_VERIFY_PROMOTION_PARENT(); + + /*/ + /* Function 0x02 */ + void FRSRPC_START_PROMOTION_PARENT(); + + /*/ + /* Function 0x03 */ + void FRSRPC_NOP(); + + /*/ + /* Function 0x04 */ + void FRSRPC_BACKUP_COMPLETE(); + + /*/ + /* Function 0x05 */ + void FRSRPC_BACKUP_COMPLETE_5(); + + /*/ + /* Function 0x06 */ + void FRSRPC_BACKUP_COMPLETE_6(); + + /*/ + /* Function 0x07 */ + void FRSRPC_BACKUP_COMPLETE_7(); + + /*/ + /* Function 0x08 */ + void FRSRPC_BACKUP_COMPLETE_8(); + + /*/ + /* Function 0x09 */ + void FRSRPC_BACKUP_COMPLETE_9(); + + /*/ + /* Function 0x0a */ + void FRSRPC_VERIFY_PROMOTION_PARENT_EX(); +}
svn commit: linux-cifs-client r70 - in branches/linux-converged-for-old-kernels/fs/cifs: .
Author: sfrench Date: 2006-08-16 16:39:11 + (Wed, 16 Aug 2006) New Revision: 70 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=70 Log: Allow cifsd to suspend if connection is lost Make cifsd allow us to suspend if it has lost the connection with a server Ref: http://bugzilla.kernel.org/show_bug.cgi?id=6811 Signed-off-by: Rafael J. Wysocki [EMAIL PROTECTED] Acked-by: Pavel Machek [EMAIL PROTECTED] Signed-off-by: Steve French [EMAIL PROTECTED] Also remove dead file and cleanup (line past 80th column) Removed: branches/linux-converged-for-old-kernels/fs/cifs/ntlmssp.c Modified: branches/linux-converged-for-old-kernels/fs/cifs/cifsproto.h branches/linux-converged-for-old-kernels/fs/cifs/connect.c Changeset: Modified: branches/linux-converged-for-old-kernels/fs/cifs/cifsproto.h === --- branches/linux-converged-for-old-kernels/fs/cifs/cifsproto.h 2006-08-14 22:30:06 UTC (rev 69) +++ branches/linux-converged-for-old-kernels/fs/cifs/cifsproto.h 2006-08-16 16:39:11 UTC (rev 70) @@ -75,8 +75,8 @@ extern int cifs_inet_pton(int, char * source, void *dst); extern int map_smb_to_linux_error(struct smb_hdr *smb); extern void header_assemble(struct smb_hdr *, char /* command */ , - const struct cifsTconInfo *, - int /* length of fixed section (word count) in two byte units */); + const struct cifsTconInfo *, int /* length of + fixed section (word count) in two byte units */); extern int small_smb_init_no_tc(const int smb_cmd, const int wct, struct cifsSesInfo *ses, void ** request_buf); Modified: branches/linux-converged-for-old-kernels/fs/cifs/connect.c === --- branches/linux-converged-for-old-kernels/fs/cifs/connect.c 2006-08-14 22:30:06 UTC (rev 69) +++ branches/linux-converged-for-old-kernels/fs/cifs/connect.c 2006-08-16 16:39:11 UTC (rev 70) @@ -194,6 +194,9 @@ while ((server-tcpStatus != CifsExiting) (server-tcpStatus != CifsGood)) { +#if LINUX_VERSION_CODE KERNEL_VERSION(2, 6, 12) + try_to_freeze(); +#endif if(server-protocolType == IPV6) { rc = ipv6_connect(server-addr.sockAddr6,server-ssocket); } else { Deleted: branches/linux-converged-for-old-kernels/fs/cifs/ntlmssp.c === --- branches/linux-converged-for-old-kernels/fs/cifs/ntlmssp.c 2006-08-14 22:30:06 UTC (rev 69) +++ branches/linux-converged-for-old-kernels/fs/cifs/ntlmssp.c 2006-08-16 16:39:11 UTC (rev 70) @@ -1,143 +0,0 @@ -/* - * fs/cifs/ntlmssp.h - * - * Copyright (c) International Business Machines Corp., 2006 - * Author(s): Steve French ([EMAIL PROTECTED]) - * - * This library is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published - * by the Free Software Foundation; either version 2.1 of the License, or - * (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See - * the GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include cifspdu.h -#include cifsglob.h -#include cifsproto.h -#include cifs_unicode.h -#include cifs_debug.h -#include ntlmssp.h -#include nterr.h - -#ifdef CONFIG_CIFS_EXPERIMENTAL -static __u32 cifs_ssetup_hdr(struct cifsSesInfo *ses, SESSION_SETUP_ANDX *pSMB) -{ - __u32 capabilities = 0; - - /* init fields common to all four types of SessSetup */ - /* note that header is initialized to zero in header_assemble */ - pSMB-req.AndXCommand = 0xFF; - pSMB-req.MaxBufferSize = cpu_to_le16(ses-server-maxBuf); - pSMB-req.MaxMpxCount = cpu_to_le16(ses-server-maxReq); - - /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */ - - /* BB verify whether signing required on neg or just on auth frame - (and NTLM case) */ - - capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS | - CAP_LARGE_WRITE_X | CAP_LARGE_READ_X; - - if(ses-server-secMode (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) - pSMB-req.hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE; - - if (ses-capabilities CAP_UNICODE) { - pSMB-req.hdr.Flags2 |= SMBFLG2_UNICODE; -
svn commit: samba r17571 - in branches/SAMBA_3_0/source: auth client libsmb nmbd nsswitch torture
Author: vlendec Date: 2006-08-16 17:14:16 + (Wed, 16 Aug 2006) New Revision: 17571 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17571 Log: Change the return code of cli_session_setup from BOOL to NTSTATUS Volker Modified: branches/SAMBA_3_0/source/auth/auth_server.c branches/SAMBA_3_0/source/client/client.c branches/SAMBA_3_0/source/client/smbspool.c branches/SAMBA_3_0/source/libsmb/cliconnect.c branches/SAMBA_3_0/source/libsmb/clidfs.c branches/SAMBA_3_0/source/libsmb/libsmbclient.c branches/SAMBA_3_0/source/libsmb/passchange.c branches/SAMBA_3_0/source/nmbd/nmbd_synclists.c branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0/source/torture/locktest.c branches/SAMBA_3_0/source/torture/masktest.c branches/SAMBA_3_0/source/torture/torture.c Changeset: Sorry, the patch is too large (606 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17571
svn commit: linux-cifs-client r71 - in branches/linux-converged-for-old-kernels/fs/cifs: .
Author: sfrench Date: 2006-08-16 17:29:32 + (Wed, 16 Aug 2006) New Revision: 71 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=71 Log: merge with cifs git tree Modified: branches/linux-converged-for-old-kernels/fs/cifs/CHANGES branches/linux-converged-for-old-kernels/fs/cifs/cifsencrypt.c branches/linux-converged-for-old-kernels/fs/cifs/connect.c branches/linux-converged-for-old-kernels/fs/cifs/dir.c Changeset: Modified: branches/linux-converged-for-old-kernels/fs/cifs/CHANGES === --- branches/linux-converged-for-old-kernels/fs/cifs/CHANGES2006-08-16 16:39:11 UTC (rev 70) +++ branches/linux-converged-for-old-kernels/fs/cifs/CHANGES2006-08-16 17:29:32 UTC (rev 71) @@ -2,7 +2,10 @@ Do not time out lockw calls when using posix extensions. Do not time out requests if server still responding reasonably fast -on requests on other threads +on requests on other threads. Improve POSIX locking emulation, +(lock cancel now works, and unlock of merged range works even +to Windows servers now). Fix oops on mount to lanman servers +(win9x, os/2 etc.) when null password. Version 1.44 Modified: branches/linux-converged-for-old-kernels/fs/cifs/cifsencrypt.c === --- branches/linux-converged-for-old-kernels/fs/cifs/cifsencrypt.c 2006-08-16 16:39:11 UTC (rev 70) +++ branches/linux-converged-for-old-kernels/fs/cifs/cifsencrypt.c 2006-08-16 17:29:32 UTC (rev 71) @@ -277,7 +277,8 @@ return; memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); - strncpy(password_with_pad, ses-password, CIFS_ENCPWD_SIZE); + if(ses-password) + strncpy(password_with_pad, ses-password, CIFS_ENCPWD_SIZE); if((ses-server-secMode SECMODE_PW_ENCRYPT) == 0) if(extended_security CIFSSEC_MAY_PLNTXT) { Modified: branches/linux-converged-for-old-kernels/fs/cifs/connect.c === --- branches/linux-converged-for-old-kernels/fs/cifs/connect.c 2006-08-16 16:39:11 UTC (rev 70) +++ branches/linux-converged-for-old-kernels/fs/cifs/connect.c 2006-08-16 17:29:32 UTC (rev 71) @@ -1322,33 +1322,35 @@ read_lock(GlobalSMBSeslock); list_for_each(tmp, GlobalTreeConnectionList) { - cFYI(1, (Next tcon - )); + cFYI(1, (Next tcon)); tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); if (tcon-ses) { if (tcon-ses-server) { cFYI(1, -( old ip addr: %x == new ip %x ?, +(old ip addr: %x == new ip %x ?, tcon-ses-server-addr.sockAddr.sin_addr. s_addr, new_target_ip_addr)); if (tcon-ses-server-addr.sockAddr.sin_addr. s_addr == new_target_ip_addr) { - /* BB lock tcon and server and tcp session and increment use count here? */ + /* BB lock tcon, server and tcp session and increment use count here? */ /* found a match on the TCP session */ /* BB check if reconnection needed */ - cFYI(1,(Matched ip, old UNC: %s == new: %s ?, + cFYI(1,(IP match, old UNC: %s new: %s, tcon-treeName, uncName)); if (strncmp (tcon-treeName, uncName, MAX_TREE_SIZE) == 0) { cFYI(1, -(Matched UNC, old user: %s == new: %s ?, +(and old usr: %s new: %s, tcon-treeName, uncName)); if (strncmp (tcon-ses-userName, userName, MAX_USERNAME_SIZE) == 0) { read_unlock(GlobalSMBSeslock); - return tcon;/* also matched user (smb session)*/ + /* matched smb session + (user name */ + return tcon; }
svn commit: samba r17572 - in branches/SAMBA_3_0/source/client: .
Author: vlendec Date: 2006-08-16 17:33:47 + (Wed, 16 Aug 2006) New Revision: 17572 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17572 Log: Fix the build Modified: branches/SAMBA_3_0/source/client/smbmount.c Changeset: Modified: branches/SAMBA_3_0/source/client/smbmount.c === --- branches/SAMBA_3_0/source/client/smbmount.c 2006-08-16 17:14:16 UTC (rev 17571) +++ branches/SAMBA_3_0/source/client/smbmount.c 2006-08-16 17:33:47 UTC (rev 17572) @@ -211,14 +211,14 @@ c-force_dos_errors = True; } - if (!cli_session_setup(c, username, - password, strlen(password), - password, strlen(password), - workgroup)) { + if (!NT_STATUS_IS_OK(cli_session_setup(c, username, + password, strlen(password), + password, strlen(password), + workgroup))) { /* if a password was not supplied then try again with a null username */ if (password[0] || !username[0] || - !cli_session_setup(c, , , 0, , 0, workgroup)) { + !NT_STATUS_IS_OK(cli_session_setup(c, , , 0, , 0, workgroup))) { DEBUG(0,(%d: session setup failed: %s\n, sys_getpid(), cli_errstr(c))); cli_shutdown(c);
svn commit: samba r17573 - in branches/SAMBA_3_0/source/auth: .
Author: vlendec Date: 2006-08-16 17:43:13 + (Wed, 16 Aug 2006) New Revision: 17573 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17573 Log: Fix typo Modified: branches/SAMBA_3_0/source/auth/pampass.c Changeset: Modified: branches/SAMBA_3_0/source/auth/pampass.c === --- branches/SAMBA_3_0/source/auth/pampass.c2006-08-16 17:33:47 UTC (rev 17572) +++ branches/SAMBA_3_0/source/auth/pampass.c2006-08-16 17:43:13 UTC (rev 17573) @@ -511,7 +511,7 @@ pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK); switch( pam_error ){ case PAM_AUTH_ERR: - DEBUG(2, (smb_pam_auth: PAM: Athentication Error for user %s\n, user)); + DEBUG(2, (smb_pam_auth: PAM: Authentication Error for user %s\n, user)); break; case PAM_CRED_INSUFFICIENT: DEBUG(2, (smb_pam_auth: PAM: Insufficient Credentials for user %s\n, user));
svn commit: samba r17574 - in branches/SOC/bnh/perl: .
Author: brad Date: 2006-08-16 18:45:41 + (Wed, 16 Aug 2006) New Revision: 17574 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17574 Log: Modified the function copy_to_guest(), so that it creates the destination directory on the guest filesystem before it tries to copy files there. Modified: branches/SOC/bnh/perl/VMHost.pm Changeset: Modified: branches/SOC/bnh/perl/VMHost.pm === --- branches/SOC/bnh/perl/VMHost.pm 2006-08-16 17:43:13 UTC (rev 17573) +++ branches/SOC/bnh/perl/VMHost.pm 2006-08-16 18:45:41 UTC (rev 17574) @@ -260,6 +260,17 @@ return ($err_code); } + # Create the directory $dest_path on the guest VM filesystem. + my $cmd = cmd.exe ; + my $cmd_args = /C MKDIR . $dest_dir; + $err_code = run_on_guest(NULL, $cmd, $cmd_args); + if ( $err_code != 0) { + my $old_err_str = $err_str; + $err_str = Creating directory $dest_dir on host: . + . $old_err_str; + return ($err_code); + } + # If $src_filepath specifies a file, create it in $dest_path # and keep the same name. # If $src_path is a directory, create the files it contains in
svn commit: samba r17575 - in branches/SOC/bnh/perl: .
Author: brad Date: 2006-08-16 18:52:29 + (Wed, 16 Aug 2006) New Revision: 17575 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17575 Log: Small bugfix, remove an extra concat operator. Modified: branches/SOC/bnh/perl/VMHost.pm Changeset: Modified: branches/SOC/bnh/perl/VMHost.pm === --- branches/SOC/bnh/perl/VMHost.pm 2006-08-16 18:45:41 UTC (rev 17574) +++ branches/SOC/bnh/perl/VMHost.pm 2006-08-16 18:52:29 UTC (rev 17575) @@ -267,7 +267,7 @@ if ( $err_code != 0) { my $old_err_str = $err_str; $err_str = Creating directory $dest_dir on host: . - . $old_err_str; + $old_err_str; return ($err_code); }
svn commit: linux-cifs-client r72 - in branches/linux-2.6-cifs-git-devel/fs/cifs: .
Author: sfrench Date: 2006-08-16 19:51:48 + (Wed, 16 Aug 2006) New Revision: 72 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=72 Log: Merge with mainline cifs git tree - picking up Bjoern Jacke's suggestion re:allowing disabling listxattr Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/CHANGES branches/linux-2.6-cifs-git-devel/fs/cifs/README branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c branches/linux-2.6-cifs-git-devel/fs/cifs/dir.c branches/linux-2.6-cifs-git-devel/fs/cifs/readdir.c branches/linux-2.6-cifs-git-devel/fs/cifs/xattr.c Changeset: Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/CHANGES === --- branches/linux-2.6-cifs-git-devel/fs/cifs/CHANGES 2006-08-16 17:29:32 UTC (rev 71) +++ branches/linux-2.6-cifs-git-devel/fs/cifs/CHANGES 2006-08-16 19:51:48 UTC (rev 72) @@ -2,7 +2,11 @@ Do not time out lockw calls when using posix extensions. Do not time out requests if server still responding reasonably fast -on requests on other threads +on requests on other threads. Improve POSIX locking emulation, +(lock cancel now works, and unlock of merged range works even +to Windows servers now). Fix oops on mount to lanman servers +(win9x, os/2 etc.) when null password. Do not send listxattr +(SMB to query all EAs) if nouser_xattr specified. Version 1.44 Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/README === --- branches/linux-2.6-cifs-git-devel/fs/cifs/README2006-08-16 17:29:32 UTC (rev 71) +++ branches/linux-2.6-cifs-git-devel/fs/cifs/README2006-08-16 19:51:48 UTC (rev 72) @@ -408,7 +408,7 @@ user_xattrAllow getting and setting user xattrs as OS/2 EAs (extended attributes) to the server (default) e.g. via setfattr and getfattr utilities. - nouser_xattr Do not allow getfattr/setfattr to get/set xattrs + nouser_xattr Do not allow getfattr/setfattr to get/set/list xattrs mapchars Translate six of the seven reserved characters (not backslash) *?|: to the remap range (above 0xF000), which also Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c === --- branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c 2006-08-16 17:29:32 UTC (rev 71) +++ branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c 2006-08-16 19:51:48 UTC (rev 72) @@ -477,7 +477,7 @@ /* BB get server time for time conversions and add code to use it and timezone since this is not UTC */ - if (rsp-EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) { + if (rsp-EncryptionKeyLength == cpu_to_le16(CIFS_CRYPTO_KEY_SIZE)) { memcpy(server-cryptKey, rsp-EncryptionKey, CIFS_CRYPTO_KEY_SIZE); } else if (server-secMode SECMODE_PW_ENCRYPT) { Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c === --- branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c 2006-08-16 17:29:32 UTC (rev 71) +++ branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c 2006-08-16 19:51:48 UTC (rev 72) @@ -1271,33 +1271,35 @@ read_lock(GlobalSMBSeslock); list_for_each(tmp, GlobalTreeConnectionList) { - cFYI(1, (Next tcon - )); + cFYI(1, (Next tcon)); tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); if (tcon-ses) { if (tcon-ses-server) { cFYI(1, -( old ip addr: %x == new ip %x ?, +(old ip addr: %x == new ip %x ?, tcon-ses-server-addr.sockAddr.sin_addr. s_addr, new_target_ip_addr)); if (tcon-ses-server-addr.sockAddr.sin_addr. s_addr == new_target_ip_addr) { - /* BB lock tcon and server and tcp session and increment use count here? */ + /* BB lock tcon, server and tcp session and increment use count here? */ /* found a match on the TCP session */ /* BB check if reconnection needed */ - cFYI(1,(Matched ip, old UNC: %s == new: %s ?, + cFYI(1,(IP match, old UNC: %s new: %s, tcon-treeName, uncName)); if (strncmp (tcon-treeName, uncName,
svn commit: samba r17576 - in branches/SOC/bnh: .
Author: brad Date: 2006-08-16 22:38:55 + (Wed, 16 Aug 2006) New Revision: 17576 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17576 Log: Modified the initial setup tarball to match the changes i've recently made in my branch. The main differences are: - A snapshot of the VM is taken once the initial setup has completed successfully - When the windows scripts are copied to the guest vm, the destination directory does not need to be manually created. The file copy routine now creates the base directory path. - win_setup.wsf starts the guest telnet server as an automatic service, rather than manual. - The LOCAL_SCRIPT_PATH variable in initial_setup.conf points to the directory created by extracting the tarball (typo). - Due to problems with my original revert_snapshot() code, the initial setup now requires that the VM configuration setting 'When Powering Off' is set to 'Revert to snapshot' (snapshot.action=autoRevert in the guest's .vmx file). This should not be a permanent change, but I'm not sure why the old revert_snapshot() code no longer works for me. Modified: branches/SOC/bnh/vm_setup.tar.gz Changeset: Modified: branches/SOC/bnh/vm_setup.tar.gz === (Binary files differ)
Build status as of Thu Aug 17 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-08-16 00:00:05.0 + +++ /home/build/master/cache/broken_results.txt 2006-08-17 00:00:09.0 + @@ -1,4 +1,4 @@ -Build status as of Wed Aug 16 00:00:02 2006 +Build status as of Thu Aug 17 00:00:02 2006 Build counts: Tree Total Broken Panic @@ -7,12 +7,12 @@ distcc 23 2 0 lorikeet-heimdal 0 0 0 ppp 12 0 0 -rsync27 2 0 +rsync24 1 0 samba0 0 0 samba-docs 0 0 0 -samba4 35 20 4 +samba4 35 18 4 samba_3_031 6 0 smb-build19 19 0 -talloc 15 4 0 +talloc 14 4 0 tdb 23 8 0
svn commit: samba r17577 - in branches/SAMBA_4_0/source/utils: .
Author: abartlet Date: 2006-08-17 00:44:29 + (Thu, 17 Aug 2006) New Revision: 17577 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17577 Log: Patch from Kai Blin [EMAIL PROTECTED]: This is the Samba4 version of the ntlm_auth patch that was committed to Samba3 in revision 17216. The purpose of this patch is to return session key information, as well as NTLMSSP negotiated flags to ntlm_auth's caller. This allows the bulk data signing and sealing to be handled in a library, supplied by the caller. This also allows the caller to ask for features, so that the right flags get negotiated. Modified: branches/SAMBA_4_0/source/utils/ntlm_auth.c Changeset: Modified: branches/SAMBA_4_0/source/utils/ntlm_auth.c === --- branches/SAMBA_4_0/source/utils/ntlm_auth.c 2006-08-16 22:38:55 UTC (rev 17576) +++ branches/SAMBA_4_0/source/utils/ntlm_auth.c 2006-08-17 00:44:29 UTC (rev 17577) @@ -34,6 +34,7 @@ #include lib/events/events.h #include lib/messaging/messaging.h #include lib/messaging/irpc.h +#include auth/ntlmssp/ntlmssp.h #define SQUID_BUFFER_SIZE 2010 @@ -319,6 +320,22 @@ return password; } +static void gensec_want_feature_list(struct gensec_security *state, char* feature_list) +{ + if (in_list(NTLMSSP_FEATURE_SESSION_KEY, feature_list, True)) { + DEBUG(10, (want GENSEC_FEATURE_SESSION_KEY\n)); + gensec_want_feature(state, GENSEC_FEATURE_SESSION_KEY); + } + if (in_list(NTLMSSP_FEATURE_SIGN, feature_list, True)) { + DEBUG(10, (want GENSEC_FEATURE_SIGN\n)); + gensec_want_feature(state, GENSEC_FEATURE_SIGN); + } + if (in_list(NTLMSSP_FEATURE_SEAL, feature_list, True)) { + DEBUG(10, (want GENSEC_FEATURE_SEAL\n)); + gensec_want_feature(state, GENSEC_FEATURE_SEAL); + } +} + static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, char *buf, int length, void **private, unsigned int mux_id, void **private2) @@ -340,6 +357,9 @@ const char *reply_code; struct cli_credentials *creds; + static char *want_feature_list = NULL; + static DATA_BLOB session_key; + TALLOC_CTX *mem_ctx; if (*private) { @@ -363,6 +383,13 @@ } if (strlen(buf) 3) { + if(strncmp(buf, SF , 3) == 0) { + DEBUG(10, (Setting flags to negotiate\n)); + talloc_free(want_feature_list); + want_feature_list = talloc_strndup(state, buf+3, strlen(buf)-3); + mux_printf(mux_id, OK\n); + return; + } in = base64_decode_data_blob(NULL, buf + 3); } else { in = data_blob(NULL, 0); @@ -382,7 +409,9 @@ (strncmp(buf, AF , 3) != 0) (strncmp(buf, NA , 3) != 0) (strncmp(buf, UG, 2) != 0) - (strncmp(buf, PW , 3) != 0)) { + (strncmp(buf, PW , 3) != 0) + (strncmp(buf, GK, 2) != 0) + (strncmp(buf, GF, 2) != 0)) { DEBUG(1, (SPNEGO request [%s] invalid\n, buf)); mux_printf(mux_id, BH\n); data_blob_free(in); @@ -448,6 +477,7 @@ } gensec_set_credentials(state-gensec_state, creds); + gensec_want_feature_list(state-gensec_state, want_feature_list); switch (stdio_helper_mode) { case GSS_SPNEGO_CLIENT: @@ -525,6 +555,37 @@ return; } + if (strncmp(buf, GK, 2) == 0) { + char *base64_key; + DEBUG(10, (Requested session key\n)); + nt_status = gensec_session_key(state-gensec_state, session_key); + if(!NT_STATUS_IS_OK(nt_status)) { + DEBUG(1, (gensec_session_key failed: %s\n, nt_errstr(nt_status))); + mux_printf(mux_id, BH No session key\n); + talloc_free(mem_ctx); + return; + } else { + base64_key = base64_encode_data_blob(state, session_key); + mux_printf(mux_id, GK %s\n, base64_key); + talloc_free(base64_key); + } + talloc_free(mem_ctx); + return; + } + + if (strncmp(buf, GF, 2) == 0) { + struct gensec_ntlmssp_state *gensec_ntlmssp_state; + uint32_t neg_flags; + + gensec_ntlmssp_state = talloc_get_type(state-gensec_state-private_data, + struct gensec_ntlmssp_state); + neg_flags = gensec_ntlmssp_state-neg_flags; + + DEBUG(10, (Requested negotiated
svn commit: samba r17578 - in branches/SAMBA_4_0/source/lib/talloc: .
Author: tridge Date: 2006-08-17 01:49:42 + (Thu, 17 Aug 2006) New Revision: 17578 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17578 Log: in standalone talloc build ensure we get intptr_t if available (which makes the discard_const stuff nicer) Modified: branches/SAMBA_4_0/source/lib/talloc/talloc.c Changeset: Modified: branches/SAMBA_4_0/source/lib/talloc/talloc.c === --- branches/SAMBA_4_0/source/lib/talloc/talloc.c 2006-08-17 00:44:29 UTC (rev 17577) +++ branches/SAMBA_4_0/source/lib/talloc/talloc.c 2006-08-17 01:49:42 UTC (rev 17578) @@ -36,6 +36,9 @@ #include stdlib.h #include string.h #include errno.h +#ifdef HAVE_STDINT_H +#include stdint.h +#endif #if defined(HAVE_STDARG_H) #include stdarg.h
svn commit: samba r17579 - in branches/SAMBA_4_0/source/lib/ldb: common include modules
Author: tridge Date: 2006-08-17 01:52:24 + (Thu, 17 Aug 2006) New Revision: 17579 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17579 Log: make ldb build g++ friendly Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h branches/SAMBA_4_0/source/lib/ldb/modules/paged_results.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c 2006-08-17 01:49:42 UTC (rev 17578) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c 2006-08-17 01:52:24 UTC (rev 17579) @@ -185,11 +185,11 @@ /* return the list of subclasses for a class */ -const char **ldb_subclass_list(struct ldb_context *ldb, const char *class) +const char **ldb_subclass_list(struct ldb_context *ldb, const char *classname) { int i; for (i=0;ildb-schema.num_classes;i++) { - if (ldb_attr_cmp(class, ldb-schema.classes[i].name) == 0) { + if (ldb_attr_cmp(classname, ldb-schema.classes[i].name) == 0) { return (const char **)ldb-schema.classes[i].subclasses; } } @@ -200,7 +200,7 @@ /* add a new subclass */ -static int ldb_subclass_new(struct ldb_context *ldb, const char *class, const char *subclass) +static int ldb_subclass_new(struct ldb_context *ldb, const char *classname, const char *subclass) { struct ldb_subclass *s, *c; s = talloc_realloc(ldb, ldb-schema.classes, struct ldb_subclass, ldb-schema.num_classes+1); @@ -208,7 +208,7 @@ ldb-schema.classes = s; c = s[ldb-schema.num_classes]; - c-name = talloc_strdup(s, class); + c-name = talloc_strdup(s, classname); if (c-name == NULL) goto failed; c-subclasses = talloc_array(s, char *, 2); @@ -229,19 +229,19 @@ /* add a subclass */ -int ldb_subclass_add(struct ldb_context *ldb, const char *class, const char *subclass) +int ldb_subclass_add(struct ldb_context *ldb, const char *classname, const char *subclass) { int i, n; struct ldb_subclass *c; char **s; for (i=0;ildb-schema.num_classes;i++) { - if (ldb_attr_cmp(class, ldb-schema.classes[i].name) == 0) { + if (ldb_attr_cmp(classname, ldb-schema.classes[i].name) == 0) { break; } } if (i == ldb-schema.num_classes) { - return ldb_subclass_new(ldb, class, subclass); + return ldb_subclass_new(ldb, classname, subclass); } c = ldb-schema.classes[i]; @@ -267,13 +267,13 @@ /* remove a set of subclasses for a class */ -void ldb_subclass_remove(struct ldb_context *ldb, const char *class) +void ldb_subclass_remove(struct ldb_context *ldb, const char *classname) { int i; struct ldb_subclass *c; for (i=0;ildb-schema.num_classes;i++) { - if (ldb_attr_cmp(class, ldb-schema.classes[i].name) == 0) { + if (ldb_attr_cmp(classname, ldb-schema.classes[i].name) == 0) { break; } } Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2006-08-17 01:49:42 UTC (rev 17578) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2006-08-17 01:52:24 UTC (rev 17579) @@ -681,34 +681,34 @@ */ struct ldb_dn *ldb_dn_copy_partial(void *mem_ctx, const struct ldb_dn *dn, int num_el) { - struct ldb_dn *new; + struct ldb_dn *newdn; int i, n, e; if (dn == NULL) return NULL; if (num_el = 0) return NULL; - new = ldb_dn_new(mem_ctx); - LDB_DN_NULL_FAILED(new); + newdn = ldb_dn_new(mem_ctx); + LDB_DN_NULL_FAILED(newdn); - new-comp_num = num_el; - n = new-comp_num - 1; - new-components = talloc_array(new, struct ldb_dn_component, new-comp_num); + newdn-comp_num = num_el; + n = newdn-comp_num - 1; + newdn-components = talloc_array(newdn, struct ldb_dn_component, newdn-comp_num); - if (dn-comp_num == 0) return new; + if (dn-comp_num == 0) return newdn; e = dn-comp_num - 1; - for (i = 0; i new-comp_num; i++) { - new-components[n - i] = ldb_dn_copy_component(new-components, + for (i = 0; i newdn-comp_num; i++) { + newdn-components[n - i] = ldb_dn_copy_component(newdn-components, (dn-components[e - i])); if ((e - i) == 0) { - return new; + return newdn; } } - return new; +