Re: [Samba] Trouble with restricting access and ads
On 1/30/08, simo [EMAIL PROTECTED] wrote: On Tue, 2008-01-29 at 23:00 -0400, D G Teed wrote: We are migrating old FreeBSD machines to Redhat EL 5. On FreeBSD, we have previously used valid users = with sucess. valid users was never a group, but always a list of user names like: valid users = david joe henry Moving to Redhat Enterprise 5, [...] Please shed some light on this if anyone can. Why people never read release notes ? :-D Since a few samba versions the usernames must be fully qualified In domain FOO with user Bar you set: valid users = FOO\Bar setting just valid users = Bar won't do it. In what I saw from running winbindd with debug tracing, it looked like the domain was being prepended. I imagined the default domain line in smb.conf was helping with that. I did read that, and a bunch of other tips that people were certain helped this situation, and none of the things I tried helped. However, perhaps I don't know how to test with smbclient. How would I set up the user name from -U ? I would think it would need double backslashes on the shell? Or would it be quotes? Or is the domain not needed with the smbclient if we have default domain? I thought I had tried this, but I might have messed up the client end of the test. --Donald -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba Administrator account for XP
satish patel wrote: i have created root account and map root account with Administrator /etc/samba/smbuser file I have never heard of such a file... i have created root account I have specifically avoided creating an account named root. Since Ubuntu which we are now using uses a sudo environment, seems a wise decision way back when. Still, I do not think that alone is your source of trouble. and root UID=0 and memeber of Domain Admin group. but still when i am login in XP client machine with root user in samba Domain i dont have much privielges on XP machine even i can not change my XP client machine System Time Did you get a copy of ifmember.exe and run it with the /list option to see which local and domain groups you are a member of? What did it return? Are you a member of the local Administrators group or not? (Sounds like not.) satish patel wrote: dear your URL PDF is damage so that could not open properly Works fine for us with both Linux and Windows and the Acrobat / Firefox for those platforms. -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Member Server creates sambaDomainName LDAP entry
Brian High [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Short version: Why does my domain member server create a sambaDomainName entry in LDAP? Long Version: I have created a Domain Member Server for a NT4 style Samba domain with an LDAP backend. It is a print server, running Winbind (because it solved a group SID mapping problem and an 'invalid SID' error in syslog), and it works fine in all other respects, but this: After joining the domain, the member server creates a sambaDomainName entry in LDAP that I don't think should be there. It is of the form: sambaDomainName=HOSTNAME,dc=example,dc=com ... where HOSTNAME is the hostname of the domain member server. I have Googled this and have come up with some posts to this list: To which LDAP server is your smb.conf file pointing? The one on the member server or the one on the domain controller? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A good read
From what I understand of roaming profiles is the only purpose to allow users to log into any computer not just their own? I assume this capability will download all of their profile settings no matter where they login? - Original Message - From: Adam Williams [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Tuesday, January 29, 2008 5:10 PM Subject: Re: [Samba] A good read have you read Samba 3 by Example? it covers some real world examples, ads joins, etc. i think you'd want to use a PDC w/ roaming profiles. that way you can locate all of your user's data on your server and backup your server instead of a lot of clients. and you'll definitely want a PDC/BDC setup when you have branch offices. for host name lookup use dynamic dns dhcp. there's plenty of howtos on how to set that up too, but I can send you my configs too. Robert Pollard wrote: Hi, I have been reading the older O'Reilly book on Samba. This book explains in general the concept of NetBIOS and some other related areas. Do you have any recommendations as to what is available to read that will take me through the world of Windows networking? I am sitting here reading these messages and see things like requires a flat namespace to function or dfs stub server or I then bind Samba domain members using 'net ads join -U domain_admin_login' and I'm am at a loss as to what they are talking about. I have read up on how to setup Samba as a PDC but I don't know why I would ever want to. Even if I had enough users in our network I still don't believe there would be any purpose for it. I am leaning more towards using using LDAP for authentication. I would also like to use for host name lookup and some other odds and ends. Is there something out there that would take me by the hand and lead me through the decision making process of what to use and when to use it, how to set it up and trouble-shoot it and maybe some other relevant information that would be needed? I want to know more about Windows networking but also how to use the best tools available for what makes sense now and in the future. Thanks, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble with restricting access and ads
Hi, Thanks for this tip. I did get valid users = DOMAIN\user working today. I have also verified someone authenticated in AD, but not in the parameter valid users = can not get in. Great - this is what I expect... I've now learned that testing I can access it is only half the test. I should also test that I can't access it if the user is not listed. I wonder how many sites are out there with only users = and no valid keyword in front of it, running with a share open to anyone on ADS, as we were initially? I read this help tip in many forums - and it seems correct because when they half test it, they can get in. I consider it a serious bug that with nothing for a write list, read list, nor valid user parameter, samba defaults to write access merely by having AD authentication succeed. This is with 3.0.25 in Redhat Enterprise 5. Or would you say this is linked to a pam misconfiguration? We've got guest ok = no and public = no everywhere in smb.conf I have this in my pam.d/samba : auth required pam_nologin.so auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so passwordsufficientpam_winbind.so use_authtok passwordrequired pam_deny.so session required pam_limits.so --Donald -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Get number of current logged on users
Hi, I'm looking for a simple way to get the number of current logged on users (with established sessions) to measure the use frequency of our student labs. I don't need to identify the users. I haven't found anything useful yet. So I'm asking here for some advice before getting myself hacking my own scripts :). Thanks in advance, Ari Constancio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba still asking password
Marcelo Bossoni [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All, I need some help. I installed Samba 3.0.26a from Ubuntu Gutsy repository under kubuntu, and make a share with share permissions (LAN), but he always asks for a password Can you guys have any idea about what is wrong. I am going crazy with this. Share control does not mean that a password is not required. I have used user security and share security with Samba in a Windows workgroup. With user security, the prompt appears for the username and password when someone tries to access the Samba server in network neighborhood. With share security, the prompt appears for the username and password when someone tries to access a share on the Samba server in network neighborhood. In the first case, security is set on the machine. In the second case, security is set on the share. In general, a user cannot access a Linux machine unless he has an account on it. He has access to specific folders when the administrator of the machine gives him access to those folders. Samba runs as a service on the Linux machine. Each user must have a Samba account to access the Linux machine through Samba. Each Samba account is mapped to a Linux user account. Security on the Samba account is set by setting security on the Linux account to which it has been mapped. To access a share on the Linux/Samba box, do the following: Create a Linux user account on the machine. Set a password for it. Create a Samba account on the machine with the same username. Give the Linux user security access to the folder to which the Samba share is mapped. The only way to avoid the prompt for the username and password is to create a username and password on the Samba machine that is the same as the username and password on the Windows machine from which you accessing the Samba machine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba still asking password
Thank you man, but I found the error. Nothing with samba, but with Kubuntu fstab approach, that mount the drives with umask 007 instead 002 (to permit others to see the content of mount point). Changing the umask to 002 everything works fine. 2008/1/30, Jamrock [EMAIL PROTECTED]: Marcelo Bossoni [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All, I need some help. I installed Samba 3.0.26a from Ubuntu Gutsy repository under kubuntu, and make a share with share permissions (LAN), but he always asks for a password Can you guys have any idea about what is wrong. I am going crazy with this. Share control does not mean that a password is not required. I have used user security and share security with Samba in a Windows workgroup. With user security, the prompt appears for the username and password when someone tries to access the Samba server in network neighborhood. With share security, the prompt appears for the username and password when someone tries to access a share on the Samba server in network neighborhood. In the first case, security is set on the machine. In the second case, security is set on the share. In general, a user cannot access a Linux machine unless he has an account on it. He has access to specific folders when the administrator of the machine gives him access to those folders. Samba runs as a service on the Linux machine. Each user must have a Samba account to access the Linux machine through Samba. Each Samba account is mapped to a Linux user account. Security on the Samba account is set by setting security on the Linux account to which it has been mapped. To access a share on the Linux/Samba box, do the following: Create a Linux user account on the machine. Set a password for it. Create a Samba account on the machine with the same username. Give the Linux user security access to the folder to which the Samba share is mapped. The only way to avoid the prompt for the username and password is to create a username and password on the Samba machine that is the same as the username and password on the Windows machine from which you accessing the Samba machine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Marcelo Marzola Bossoni IC - UNICAMP *** EC 04 *** Engenharia de Computação Tel.: (14) 3474 1160 Tel.: (19) 3342 4752 Cel.: (19) 9765 1919 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join : ads_connect: No logon servers
I've been able to use security = ads in smb.conf, and connect OK, but it must be falling back to domain. When I run net ads join I get the error (debug trace below): ads_connect: No logon servers Here is my krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = BEER [realms] BEER = { kdc = ADC1.AD.BEERU.CA } [domain_realm] beer.ca = BEER .beer.ca = BEER Here is my rpc join status: # net rpc testjoin Join to 'BEER' is OK Here is my attempt to graduate this to ADS levels, with debug: # net ads join -Ubeeruser%beeruserpw -d3 [2008/01/30 11:06:08, 3] param/loadparm.c:lp_load(5033) lp_load: refreshing parameters [2008/01/30 11:06:08, 3] param/loadparm.c:init_globals(1424) Initialising global parameters [2008/01/30 11:06:08, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2008/01/30 11:06:08, 3] param/loadparm.c:do_section(3772) Processing section [global] [2008/01/30 11:06:08, 2] lib/interface.c:add_interface(81) added interface ip=111.111.200.8 bcast=111.111.207.255 nmask=255.255.248.0 [2008/01/30 11:06:08, 2] lib/interface.c:add_interface(81) added interface ip=111.111.202.39 bcast=111.111.207.255 nmask=255.255.248.0 [2008/01/30 11:06:08, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ADC2, 111.111.200.67 [2008/01/30 11:06:08, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply [2008/01/30 11:06:08, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 111.111.200.66 failed. [2008/01/30 11:06:08, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply [2008/01/30 11:06:08, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 111.111.200.67 failed. [2008/01/30 11:06:08, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ADC2, 111.111.200.67 [2008/01/30 11:06:08, 3] libsmb/namequery_dc.c:rpc_dc_name(154) Could not look up dc's for domain BEER [2008/01/30 11:06:08, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ADC2, 111.111.200.67 [2008/01/30 11:06:08, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ADC2, 111.111.200.67 [2008/01/30 11:06:08, 0] utils/net_ads.c:ads_startup_int(286) ads_connect: No logon servers [2008/01/30 11:06:08, 1] utils/net_ads.c:net_ads_join(1470) error on ads_startup: No logon servers Failed to join domain: No logon servers [2008/01/30 11:06:08, 2] utils/net.c:main(1032) return code = -1 Can this user achieve such a goal? Here is beeruser's rights via rpc: net rpc rights list -Ubeeruser Password: SeMachineAccountPrivilege Add machines to domain SeTakeOwnershipPrivilege Take ownership of files or other objects SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeRemoteShutdownPrivilege Force shutdown from a remote system SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeDiskOperatorPrivilege Manage disk shares I've had various toggles done to my smb.conf, but here is what the global section of smb.conf looks like at the moment, following the hints of someone else who solved this on the list... [global] netbios name = www2 workgroup = BEER unix charset = LOCALE realm = BEER server string = Web Server security = ADS password server = 111.111.200.67 idmap backend = rid:BEER=5000-1 idmap uid = 1-1000 idmap gid = 1-1000 template shell = /bin/bash winbind use default domain = Yes winbind enum users = Yes winbind enum groups = Yes allow trusted domains = No log level = 3 log file = /var/log/samba/%m.log max log size = 50 dns proxy = No winbind use default domain = Yes hosts allow = 111.111. encrypt passwords = yes I had great results with the last question I put on the list. I hope someone can help us graduate to ads with kerberos level authentication. It feels like there is something missing on the AD end, but I know nothing about this other than that it is Windows Server 2003 and it has been in production for awhile with good performance. --Donald -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Get number of current logged on users
I'm looking for a simple way to get the number of current logged on users (with established sessions) to measure the use frequency of our student labs. I don't need to identify the users. sardine:~ # expr `smbstatus -b | cut -c35-45 | sort | uniq | wc -l` - 3 151 -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba hanging from time to time
I am having some trouble with Samba. It was working fine on an old server with 3.0.21. Now I have updated to 3.0.28 (via 3.0.25) and a bigger fatter faster server. There are two problems. Firstly the new server seems slower than the old one, and some users are experiencing intermittent data loss via MS apps such as Word or Excell crashing. The system runs on Arch Linux, with a slightly modified package to include winbind. The smb.conf file reads as follows: # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2006/12/18 17:27:22 [global] workgroup = somegroup interfaces = eth0, lo bind interfaces only = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed* username map = /etc/samba/smbusers unix password sync = Yes log level = 2 syslog = 0 log file = /var/log/samba/%M max log size = 50 smb ports = 139 name resolve order = wins bcast hosts lmhosts time server = Yes printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u' shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = P: logon home = \\%L\%U domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap ssl = no utmp = Yes idmap uid = 2-3 idmap gid = 2-3 template homedir = /home/winnt/%D/%U template shell = /bin/bash winbind enum users = No winbind enum groups = No winbind use default domain = Yes map acl inherit = Yes cups options = Raw socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8576 SO_SNDBUF=8576 veto files = /*.eml/*.nws/*.{*}/ veto oplock files = /*.doc/*.xls/*.mdb/ [homes] comment = Home Directories valid users = %S read only = No browseable = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes use client driver = Yes default devmode = Yes browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes locking = No [profiles] comment = Profile Share path = /home/samba/profiles read only = No profile acls = Yes [Accounts] comment = Accounting Files path = /home/data/accounts force group = accounts read only = No create mask = 0770 directory mask = 0770 force directory mode = 0770 [general] comment = General file area path = /home/data/general read only = No create mask = 0774 force create mode = 0770 directory mask = 0775 force directory mode = 0770 [hr] comment = Human Resource path = /home/data/hr valid users = @hr force group = hr read only = No create mask = 0774 force directory mode = 0770 ##Ends Now I managed to get a report of an error which left a trace in a log file showing some errors which are here: Sorry about the length of the extracts, but there seem to be two types of different errors including: sys_acl_set_file type file failed smb_set_file_dosmode: file_set_dosmode ... (Operation not permitted) [2008/01/30 13:00:44, 2] smbd/open.c:open_file(391) user1 opened file somedata/ADMIN/some directory/2008/~WRD3964.tmp read=Yes write=Yes (numopen=5) [2008/01/30 13:00:44, 2] smbd/open.c:open_file(391) user1 opened file somedata/ADMIN/some directory/2008/A file name 33 chars long 080130.doc read=No write=No (numopen=6) [2008/01/30 13:00:44, 2] smbd/close.c:close_normal_file(406) user1 closed file somedata/ADMIN/some directory/2008/A file name 33 chars long 080130.doc (numopen=5) NT_STATUS_OK [2008/01/30 13:00:44, 2] smbd/open.c:open_file(391) user1 opened file somedata/ADMIN/some directory/2008/~WRD3964.tmp read=No write=No (numopen=6) [2008/01/30 13:00:44, 2] smbd/posix_acls.c:set_canon_ace_list(2496) set_canon_ace_list: sys_acl_set_file type file failed for file somedata/ADMIN/some directory/2008/~WRD3964.tmp (Operation not supported). [2008/01/30 13:00:44, 2] smbd/close.c:close_normal_file(406) user1 closed file somedata/ADMIN/some
Re: [Samba] smaba + ldap + privilages
Hi. If I understand well, you mean a user logged to a windows wortstation, be able to do some stuff than a basic users, ifthat's your question the answer is yes, you can achieve that by , when adding a user, specify which group he/she will belong. I do not know which sitro you are using, but samba has nice command line tools to do so that come with the samba-doc, or samba-tools package, do not know which distro or tools youl'll be using to admin your PDC, but you can do that, I user webmin or phpldapadmin. Then you mention to do that with the normal user permissions, I guess you are referring to the common chmod+chown commands, thst's not possible as far as I know, BUT, you can set up and refine permissions using the file system ACL to allow/disallow acces to some folders for example, but most of it can be done from the samba configuration file, wher you can play how a group or a user can access a share. Hope this helps. CU 2008/1/29, satish patel [EMAIL PROTECTED]: Dear all I have smb+ ldap setup not everything is fine but i want to assign some right to perticuler Group so they can change TCP/IP properties and change system time and do some other right Is it possible to give some privilages to normal users ??? $ cat ~/satish/url.txt http://www.linuxbug.org _ - Why delete messages? Unlimited storage is just a click away. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] joining an AD - SOLVED
The problem is that Kerberos can only deal with flatname space to function so you cannot have subdomain.domain.com as the Linux server name in DNS. Changing that solved this for me. -Original Message- From: Calderon, Willy (NIH/NINDS) [C] Sent: Monday, January 28, 2008 7:58 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Thanks. I keep getting this error every time I log in now with the options you've given below [2008/01/28 19:49:22, 4] libads/sasl.c:ads_sasl_bind(521) Found SASL mechanism GSS-SPNEGO [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/01/28 19:49:22, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 63 seconds to cope with clock skew [2008/01/28 19:49:22, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 29 Jan 2008 05:50:25 EST Bad option: SEVERN Failed to join domain: Invalid parameter [2008/01/28 19:49:22, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor - LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -Original Message- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Mon 1/28/2008 4:57 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD Whoops, The trailing () should be at the end of the OU path, in your case after the 'AD'. The computername is a separate value that you are feeding it. net ads join createcomputer=Servers/Windows/Computers/AD computername -Original Message- From: Calderon, Willy (NIH/NINDS) [C] [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 1:59 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Is there a trailing quote () after computer name ? * * * * Willy Calderon Contractor - LCG Systems Tel: 301 435 1913 -Original Message- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 4:45 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD You have to use the createcomputer parameter if you want to specify the OUs. Ex: net ads join createcomputer=Servers/Windows/Computers/AD computername -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calderon, Willy (NIH/NINDS) [C] Sent: Monday, January 28, 2008 1:17 PM To: samba@lists.samba.org Subject: [Samba] joining an AD Hi there - I am trying to join the domain using the net ads join command but keep getting a Bad option: Servers/Windows/Computers/AD Failed to join domain: Invalid parameter when I try to add the computer into the correct OU like so: net ads join Servers/Windows/Computers/AD Is there a correct way to get this to work? I'm on a Red Hat Enterprise 4 system with samba-3.0.25b-1.el4_6.4 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Is my kerberos ok with AD?
Hi all, I can get a kerberos ticket sucessfully from my AD server, and i can check it with klist. ( with # kinit [EMAIL PROTECTED] ) But when i try to login to AD with # net ads join -U administrator system ask for administrator password again. I think this isn't normal behavior. Is my kerberos system ok ? Or asking password again points a problem in configuration. Best Regards Serbulent UNSAL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads join : ads_connect: No logon servers
D G Teed wrote: I've been able to use security = ads in smb.conf, and connect OK, but it must be falling back to domain. When I run net ads join I get the error (debug trace below): ads_connect: No logon servers Here is my krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = BEER [realms] BEER = { kdc = ADC1.AD.BEERU.CA } [domain_realm] beer.ca = BEER .beer.ca = BEER This should be a mapping from DNS domain to Kerberos REALM. Going by the kdc name, what you probably want is: beer.ca = AD.BEERU.CA .beer.ca = AD.BEERU.CA www2.beer.ca = AD.BEERU.CA Here is my rpc join status: # net rpc testjoin Join to 'BEER' is OK Here is my attempt to graduate this to ADS levels, with debug: # net ads join -Ubeeruser%beeruserpw -d3 [2008/01/30 11:06:08, 3] param/loadparm.c:lp_load(5033) lp_load: refreshing parameters [2008/01/30 11:06:08, 3] param/loadparm.c:init_globals(1424) Initialising global parameters [2008/01/30 11:06:08, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2008/01/30 11:06:08, 3] param/loadparm.c:do_section(3772) Processing section [global] [2008/01/30 11:06:08, 2] lib/interface.c:add_interface(81) added interface ip=111.111.200.8 bcast=111.111.207.255 nmask=255.255.248.0 [2008/01/30 11:06:08, 2] lib/interface.c:add_interface(81) added interface ip=111.111.202.39 bcast=111.111.207.255 nmask=255.255.248.0 [2008/01/30 11:06:08, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ADC2, 111.111.200.67 [2008/01/30 11:06:08, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply [2008/01/30 11:06:08, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 111.111.200.66 failed. [2008/01/30 11:06:08, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply [2008/01/30 11:06:08, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 111.111.200.67 failed. [2008/01/30 11:06:08, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ADC2, 111.111.200.67 [2008/01/30 11:06:08, 3] libsmb/namequery_dc.c:rpc_dc_name(154) Could not look up dc's for domain BEER [2008/01/30 11:06:08, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ADC2, 111.111.200.67 [2008/01/30 11:06:08, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ADC2, 111.111.200.67 [2008/01/30 11:06:08, 0] utils/net_ads.c:ads_startup_int(286) ads_connect: No logon servers [2008/01/30 11:06:08, 1] utils/net_ads.c:net_ads_join(1470) error on ads_startup: No logon servers Failed to join domain: No logon servers [2008/01/30 11:06:08, 2] utils/net.c:main(1032) return code = -1 Can this user achieve such a goal? Here is beeruser's rights via rpc: net rpc rights list -Ubeeruser Password: SeMachineAccountPrivilege Add machines to domain SeTakeOwnershipPrivilege Take ownership of files or other objects SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeRemoteShutdownPrivilege Force shutdown from a remote system SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeDiskOperatorPrivilege Manage disk shares I've had various toggles done to my smb.conf, but here is what the global section of smb.conf looks like at the moment, following the hints of someone else who solved this on the list... [global] netbios name = www2 workgroup = BEER unix charset = LOCALE realm = BEER Same here. realm = AD.BEERU.CA server string = Web Server security = ADS password server = 111.111.200.67 idmap backend = rid:BEER=5000-1 idmap uid = 1-1000 idmap gid = 1-1000 template shell = /bin/bash winbind use default domain = Yes winbind enum users = Yes winbind enum groups = Yes allow trusted domains = No log level = 3 log file = /var/log/samba/%m.log max log size = 50 dns proxy = No winbind use default domain = Yes hosts allow = 111.111. encrypt passwords = yes I had great results with the last question I put on the list. I hope someone can help us graduate to ads with kerberos level authentication. It feels like there is something missing on the AD end, but I know nothing about this other than that it is Windows Server 2003 and it has been in production for awhile with good performance. There may be something else, but the REALM is what jumped out at me. Regards, Doug -- To unsubscribe from this list go to the following URL and read
Re: [Samba] net ads join : ads_connect: No logon servers
Thanks very much, Douglas. That did the trick. I had not understood what realm represented in a dns style domain. It is also confusing that one lists a realm section, defining it... BEER = { kdc = ADC1.AD.BEERU.CA } But then when providing the realm name in smb.conf, the handle isn't BEER, but rather the subdomain in which the AD controller lives. Regards, --Donald On Jan 30, 2008 3:37 PM, Douglas VanLeuven [EMAIL PROTECTED] wrote: Douglas VanLeuven wrote: D G Teed wrote: I've been able to use security = ads in smb.conf, and connect OK, but it must be falling back to domain. When I run net ads join I get the error (debug trace below): ads_connect: No logon servers Here is my krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = BEER [realms] BEER = { kdc = ADC1.AD.BEERU.CA } Missed this on the last post. default realm = AD.BEERU.CA Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads join : ads_connect: No logon servers
Douglas VanLeuven wrote: D G Teed wrote: I've been able to use security = ads in smb.conf, and connect OK, but it must be falling back to domain. When I run net ads join I get the error (debug trace below): ads_connect: No logon servers Here is my krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = BEER [realms] BEER = { kdc = ADC1.AD.BEERU.CA } Missed this on the last post. default realm = AD.BEERU.CA Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba cluster on multi tiered storage / hierarchial storage management
Hi all, we're looking at future storage technologies and possibilities to use open source software. One thing that looks very promising already is samba clustering with ctdb. However, if we replace all file servers with a single samba cluster, that cluster needs a lot of storage space. A large SAN would do, but using fast disks for all of the storage is quite expensive. Using a mix of cheap (slow) storage and fast (expensive) storage would satisfy the needs much better. Some of the data is used frequently, and some of the data is not used frequently. A policy driven hierarchial storage management solution for the samba ctdb cluster would be great. Keeping often-used blocks on a SAN with fast storage, and using cheaper storage for data that hasn't been used recently. What are good solutions in combination with samba, or should we look at something completely different ? regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads join : ads_connect: No logon servers
D G Teed wrote: Thanks very much, Douglas. That did the trick. I had not understood what realm represented in a dns style domain. It is also confusing that one lists a realm section, defining it... BEER = { kdc = ADC1.AD.BEERU.CA } Sorry, missed that one too. Should be AD.BEERU.CA = { kdc = ADC1.AD.BEERU.CA } It's just that Kerberos doesn't know anything about workgroups in windows and so there shouldn't be any workgroup names in krb5.conf, only DNS names and REALM names. It worked because samba picked up the Kerberos kdc from SRV records in DNS. BEER defines the .BEER realm which doesn't exist. But then when providing the realm name in smb.conf, the handle isn't BEER, but rather the subdomain in which the AD controller lives. Regards, --Donald On Jan 30, 2008 3:37 PM, Douglas VanLeuven [EMAIL PROTECTED] wrote: Douglas VanLeuven wrote: D G Teed wrote: I've been able to use security = ads in smb.conf, and connect OK, but it must be falling back to domain. When I run net ads join I get the error (debug trace below): ads_connect: No logon servers Here is my krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = BEER [realms] BEER = { kdc = ADC1.AD.BEERU.CA } Missed this on the last post. default realm = AD.BEERU.CA Doug Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Trusted domain user login
Hi. El Miércoles, 30 de Enero de 2008, Jay Santillan escribió: Hello Mr. Carlos, getent returns the ldap users, groups and paswwords, should getent also return the NT domain users when they are the same? I think,This will depend on your smb.conf. if you set 'winbind enum users' and 'winbind enum groups' to yes, getent should also display the users. by default, these are set to 'no'. I already have the enum options to yes Thanks -- Un saludo. Carlos Lorenzo Matés. clmates AT mundo-r DOT com signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Terminal Server and samba anyone?
Hi. Have anyone in the list users form a samba domain login in to a Windows terminal server with the samba domain account? can you put here the results of the set command in the cmd.exe? have you the HOMEPATH defined? Thanks -- Un saludo. Carlos Lorenzo Matés. clmates AT mundo-r DOT com signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Slow to start coping .exe files
Has anyone ever had an issue coping .exe files from a samba share? If I rename the .exe to .ex1 it works great. Seems odd. I've disabled all virus scanning software on the local machine and things like that. Jason -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Member Server creates sambaDomainName LDAP entry
On Wed, 30 Jan 2008, Jamrock wrote: Brian High [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Short version: Why does my domain member server create a sambaDomainName entry in LDAP? To which LDAP server is your smb.conf file pointing? The one on the member server or the one on the domain controller? There is only one LDAP primary (on PDC) and one LDAP secondary (on BDC). The member server has no LDAP server, and only uses LDAP as a client. -- Brian High Systems Administrator Department of Environmental and Occupational Health Sciences -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Trusted domain user login
Carlos Lorenzo Matés clmates at mundo-r.com writes: Maybe you should try: wbinfo -a NTDOMAIN\\clorenzo%myrealpassword This was my first try and it says exactly the same. Well, that should work. We have the very same users groups and passwords in the NT Domain and in the samba Domain, our samba domain uses ldap for storage. It doesn't make sense to have same users in both domains. From samba's point of view users in different domains are not the same even though they have same username and password. They will still have different SIDs. Here is our nsswitch.conf (...) passwd: files ldap group: files ldap (...) passwd_compat: ldap winbind group_compat: ldap winbind (...) Why do you put winbind at 'passwd_compat' instead of 'passwd'? getent returns the ldap users, groups and paswwords, should getent also return the NT domain users when they are the same? If you use 'DOMAIN\user' it should, eg. getent passwd NTDOMAIN\\clorenzo I don't think however that nsswitch is used by wbinfo -a so this may not be your real problem. I had a similar problem that i solved by changing to kerberos, but with NT this is not possible. I don't think I can help with this. -- Thorkil Olesen, Denmark. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Trusted domain user login
Hi. El Miércoles, 30 de Enero de 2008, Thorkil Olesen escribió: Carlos Lorenzo Matés clmates at mundo-r.com writes: Maybe you should try: wbinfo -a NTDOMAIN\\clorenzo%myrealpassword This was my first try and it says exactly the same. Well, that should work. We have the very same users groups and passwords in the NT Domain and in the samba Domain, our samba domain uses ldap for storage. It doesn't make sense to have same users in both domains. We make this because we are migrating the NT domain to a samba domain and this was the best option to make this transparent for users From samba's point of view users in different domains are not the same even though they have same username and password. They will still have different SIDs. Here is our nsswitch.conf (...) passwd: files ldap group: files ldap (...) passwd_compat: ldap winbind group_compat: ldap winbind (...) Why do you put winbind at 'passwd_compat' instead of 'passwd'? I don't know I'm going to revise this, thanks getent returns the ldap users, groups and paswwords, should getent also return the NT domain users when they are the same? If you use 'DOMAIN\user' it should, eg. getent passwd NTDOMAIN\\clorenzo I don't think however that nsswitch is used by wbinfo -a so this may not be your real problem. I had a similar problem that i solved by changing to kerberos, but with NT this is not possible. I don't think I can help with this. Ok, im going to play with nsswitch to see if this changes something, also will make another try with getent with the NTDOMAIN as you said. Thanks again -- Un saludo. Carlos Lorenzo Matés. clmates AT mundo-r DOT com signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba share setup witn nt acl permissions
Hi all, I am trying to setup a file server using nt acl -like permissioning(like the ones with windows server 2003) but dunno where to start. I am switching to Samba because of speed,less maintenance and most of all FREE! Can anyone post me the step by step solution(guide) or point me in the right direction specifically on installing samba with nt-acl like permissioning? Thanks. Joel - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PANIC on 6 of my client servers .Please Help
Hi everybody I have six samba servers working in various client locations all of which exhibit the same problem. + Jan 31 09:37:58 sos02sp smbd[1454]: [2008/01/31 09:37:58, 0] lib/util_sec.c:assert_uid(101) Jan 31 09:37:58 sos02sp smbd[1454]: Failed to set uid privileges to (-1,533) now set to (0,0) Jan 31 09:37:58 sos02sp smbd[1454]: [2008/01/31 09:37:58, 0] lib/util.c:smb_panic(1621) Jan 31 09:37:58 sos02sp smbd[1454]: PANIC (pid 1454): failed to set uid + Followed by a backtrace dump. Some of these servers have been running for several years without any major issues and this problem seems to have after a version upgrade to 3.0.24. Having six servers with the same problem tends to indicate to myself that I have a common configuration issue. I have tried everything including complete fresh installs and don't seem to be able to resolve the issue. Having done significant research on the Web, this panic issue does not appear to be endemic nor common. To save space I has included all my logs and configurations at the following Web address. All logs and config information can be found at:- http://www.secureoffice.com.au/samba/ Any help (or constructive criticism) would be greatly appreciated Regards Brad Horrocks -- Secure Office Services ABN 75 196 364 531 19 Burrendong Road COOMBABAH QLD 4216 Ph. +61 7 5537 4955 Fx. +61 7 5537 4966 Mob.+61 (0)404142690 web: http://www.secureoffice.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Get number of current logged on users
Adam Tauno Williams ha scritto: I'm looking for a simple way to get the number of current logged on users (with established sessions) to measure the use frequency of our student labs. I don't need to identify the users. sardine:~ # expr `smbstatus -b | cut -c35-45 | sort | uniq | wc -l` - 3 151 I've tried it and it seems the columns are slightly wrong... serverlinux backup # smbd --version Version 3.0.24 The cut parameters should be: cut -c36-49 :-) -- Marcello Romani Responsabile IT Ottotecnica s.r.l. http://www.ottotecnica.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1713-g6bbe0fd
The branch, v3-2-test has been updated via 6bbe0fde6ebb5c1ea00ea24d3bdbffbf6f246bd6 (commit) from e9b3115c85e3d04eeaa04bfa71972d393272afca (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 6bbe0fde6ebb5c1ea00ea24d3bdbffbf6f246bd6 Author: Günther Deschner [EMAIL PROTECTED] Date: Wed Jan 30 02:08:23 2008 +0100 Add netrenumtrusteddomains() and netrenumtrusteddomainsex() cmds to rpcclient. Guenther --- Summary of changes: source/rpcclient/cmd_netlogon.c | 71 +++ 1 files changed, 71 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpcclient/cmd_netlogon.c b/source/rpcclient/cmd_netlogon.c index 38df7c1..aad538a 100644 --- a/source/rpcclient/cmd_netlogon.c +++ b/source/rpcclient/cmd_netlogon.c @@ -739,6 +739,75 @@ static WERROR cmd_netlogon_dsr_getforesttrustinfo(struct rpc_pipe_client *cli, return werr; } +static WERROR cmd_netlogon_enumtrusteddomains(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + WERROR werr = WERR_GENERAL_FAILURE; + const char *server_name = cli-cli-desthost; + struct netr_Blob blob; + + + if (argc 1 || argc 3) { + fprintf(stderr, Usage: %s server_name\n, argv[0]); + return WERR_OK; + } + + if (argc = 2) { + server_name = argv[1]; + } + + status = rpccli_netr_NetrEnumerateTrustedDomains(cli, mem_ctx, +server_name, +blob, +werr); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + if (W_ERROR_IS_OK(werr)) { + printf(success\n); + dump_data(1, blob.data, blob.length); + } + done: + return werr; +} + +static WERROR cmd_netlogon_enumtrusteddomainsex(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + WERROR werr = WERR_GENERAL_FAILURE; + const char *server_name = cli-cli-desthost; + struct netr_DomainTrustList list; + + if (argc 1 || argc 3) { + fprintf(stderr, Usage: %s server_name\n, argv[0]); + return WERR_OK; + } + + if (argc = 2) { + server_name = argv[1]; + } + + status = rpccli_netr_NetrEnumerateTrustedDomainsEx(cli, mem_ctx, + server_name, + list, + werr); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + if (W_ERROR_IS_OK(werr)) { + printf(success\n); + } + done: + return werr; +} + + /* List of commands exported by this module */ @@ -763,6 +832,8 @@ struct cmd_set netlogon_commands[] = { { dsr_enumtrustdom, RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, PI_NETLOGON, NULL, Enumerate trusted domains, }, { dsenumdomtrusts, RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, PI_NETLOGON, NULL, Enumerate all trusted domains in an AD forest, }, { deregisterdnsrecords, RPC_RTYPE_WERROR, NULL, cmd_netlogon_deregisterdnsrecords, PI_NETLOGON, NULL, Deregister DNS records, }, + { netrenumtrusteddomains, RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomains, PI_NETLOGON, NULL, Enumerate trusted domains, }, + { netrenumtrusteddomainsex, RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomainsex, PI_NETLOGON, NULL, Enumerate trusted domains, }, { NULL } }; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1714-g46882ad
The branch, v3-2-test has been updated via 46882ad9927c95caadeb7fb03c1d7491bbe1fb22 (commit) from 6bbe0fde6ebb5c1ea00ea24d3bdbffbf6f246bd6 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 46882ad9927c95caadeb7fb03c1d7491bbe1fb22 Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Jan 30 11:11:27 2008 +0100 Re-enable async I/O for non-TSM systems The logic was wrong: A SMB_VFS_AIO_FORCE()==False disabled async I/O, whereas a SMB_VFS_AIO_FORCE()==True should enforce it regardless of other settings. Alexander, please check! --- Summary of changes: source/smbd/aio.c |6 -- source/smbd/reply.c | 11 ++- 2 files changed, 6 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/aio.c b/source/smbd/aio.c index 9c25f69..86fdfe3 100644 --- a/source/smbd/aio.c +++ b/source/smbd/aio.c @@ -202,7 +202,8 @@ bool schedule_aio_read_and_X(connection_struct *conn, size_t bufsize; size_t min_aio_read_size = lp_aio_read_size(SNUM(conn)); - if (!min_aio_read_size || (smb_maxcnt min_aio_read_size)) { + if ((!min_aio_read_size || (smb_maxcnt min_aio_read_size)) +!SMB_VFS_AIO_FORCE(fsp)) { /* Too small a read for aio request. */ DEBUG(10,(schedule_aio_read_and_X: read size (%u) too small for minimum aio_read of %u\n, @@ -284,7 +285,8 @@ bool schedule_aio_write_and_X(connection_struct *conn, bool write_through = BITSETW(req-inbuf+smb_vwv7,0); size_t min_aio_write_size = lp_aio_write_size(SNUM(conn)); - if (!min_aio_write_size || (numtowrite min_aio_write_size)) { + if ((!min_aio_write_size || (numtowrite min_aio_write_size)) +!SMB_VFS_AIO_FORCE(fsp)) { /* Too small a write for aio request. */ DEBUG(10,(schedule_aio_write_and_X: write size (%u) too small for minimum aio_write of %u\n, diff --git a/source/smbd/reply.c b/source/smbd/reply.c index 4ea81a3..1837603 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -3338,11 +3338,7 @@ void reply_read_and_X(struct smb_request *req) return; } - /* It is possible for VFS modules to selectively decide whether Async I/O should be used - for the file or not. -*/ - if ((SMB_VFS_AIO_FORCE(fsp)) - !big_readX + if (!big_readX schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) { END_PROFILE(SMBreadX); return; @@ -4012,10 +4008,7 @@ void reply_write_and_X(struct smb_request *req) nwritten = 0; } else { - /* It is possible for VFS modules to selectively decide whether Async I/O - should be used for the file or not. - */ - if ((SMB_VFS_AIO_FORCE(fsp)) (req-unread_bytes == 0) + if ((req-unread_bytes == 0) schedule_aio_write_and_X(conn, req, fsp, data, startpos, numtowrite)) { END_PROFILE(SMBwriteX); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1715-ga3417be
The branch, v3-2-test has been updated via a3417be934e34af2525ddb731af288034d51432b (commit) from 46882ad9927c95caadeb7fb03c1d7491bbe1fb22 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit a3417be934e34af2525ddb731af288034d51432b Author: Günther Deschner [EMAIL PROTECTED] Date: Wed Jan 30 12:48:20 2008 +0100 Fix build warning. Guenther --- Summary of changes: source/nsswitch/libwbclient/wbclient.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/nsswitch/libwbclient/wbclient.c b/source/nsswitch/libwbclient/wbclient.c index 304e49c..2f76f76 100644 --- a/source/nsswitch/libwbclient/wbclient.c +++ b/source/nsswitch/libwbclient/wbclient.c @@ -78,7 +78,6 @@ wbcErr wbcRequestResponse(int cmd, break; } -done: return wbc_status; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1716-gf02b74f
The branch, v3-2-test has been updated via f02b74fc067074d8e48e186a7b7255a244592f7d (commit) from a3417be934e34af2525ddb731af288034d51432b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit f02b74fc067074d8e48e186a7b7255a244592f7d Author: Kai Blin [EMAIL PROTECTED] Date: Mon Jan 28 11:28:38 2008 +0100 ntlm_auth: Add a blackbox test. --- Summary of changes: source/script/tests/test_ntlm_auth_s3.sh | 21 +++ source/script/tests/tests_all.sh |1 + source/torture/test_ntlm_auth.py | 212 ++ 3 files changed, 234 insertions(+), 0 deletions(-) create mode 100755 source/script/tests/test_ntlm_auth_s3.sh create mode 100755 source/torture/test_ntlm_auth.py Changeset truncated at 500 lines: diff --git a/source/script/tests/test_ntlm_auth_s3.sh b/source/script/tests/test_ntlm_auth_s3.sh new file mode 100755 index 000..8568da9 --- /dev/null +++ b/source/script/tests/test_ntlm_auth_s3.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +incdir=`dirname $0` +. $incdir/test_functions.sh + +failed=0 + +(/usr/bin/env python --version /dev/null 21) + +if $? -ne 0: +then + echo Python binary not found in path. Skipping ntlm_auth tests. + exit 0 +fi + +testit ntlm_auth $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth || failed=`expr $failed + 1` +# This should work even with NTLMv2 +testit ntlm_auth $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --client-domain=fOo --server-domain=fOo || failed=`expr $failed + 1` + + +testok $0 $failed diff --git a/source/script/tests/tests_all.sh b/source/script/tests/tests_all.sh index 259e28e..369cf3e 100755 --- a/source/script/tests/tests_all.sh +++ b/source/script/tests/tests_all.sh @@ -6,6 +6,7 @@ $SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP || failed=`expr $failed + $?` echo Testing encrypted $SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP -e || failed=`expr $failed + $?` $SCRIPTDIR/test_wbinfo_s3.sh $WORKGROUP $SERVER $USERNAME $PASSWORD || failed=`expr $failed + $?` +$SCRIPTDIR/test_ntlm_auth_s3.sh || failed=`expr $failed + $?` eval $LIB_PATH_VAR=\$SAMBA4SHAREDDIR:\$$LIB_PATH_VAR; export $LIB_PATH_VAR eval echo $LIB_PATH_VAR=\$$LIB_PATH_VAR diff --git a/source/torture/test_ntlm_auth.py b/source/torture/test_ntlm_auth.py new file mode 100755 index 000..3e7cc05 --- /dev/null +++ b/source/torture/test_ntlm_auth.py @@ -0,0 +1,212 @@ +#!/usr/bin/env python + +# Unix SMB/CIFS implementation. +# A test for the ntlm_auth tool +# Copyright (C) Kai Blin [EMAIL PROTECTED] 2008 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +Test ntlm_auth +This test program will start ntlm_auth with the given command line switches and +see if it will get the expected results. + + +import os +import sys +from optparse import OptionParser + +class ReadChildError(Exception): + pass + +class WriteChildError(Exception): + pass + +def readLine(pipe): + readLine(pipe) - str + Read a line from the child's pipe, returns the string read. + Throws ReadChildError if the read fails. + + buf = os.read(pipe, 2047) + newline = buf.find('\n') + if newline == -1: + raise ReadChildError() + return buf[:newline] + +def writeLine(pipe, buf): + writeLine(pipe, buf) - nul + Write a line to the child's pipe. + Raises WriteChildError if the write fails. + + written = os.write(pipe, buf) + if written != len(buf): + raise WriteChildError() + os.write(pipe, \n) + +def parseCommandLine(): + parseCommandLine() - (opts, ntlm_auth_path) + Parse the command line. + Return a tuple consisting of the options and the path to ntlm_auth. + + usage = usage: %prog [options] path/to/ntlm_auth + parser = OptionParser(usage) + + parser.set_defaults(client_username=foo) + parser.set_defaults(client_password=secret) + parser.set_defaults(client_domain=FOO) + parser.set_defaults(client_helper=ntlmssp-client-1) + + parser.set_defaults(server_username=foo) + parser.set_defaults(server_password=secret) + parser.set_defaults(server_domain=FOO) +
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1717-gbfa919c
The branch, v3-2-test has been updated via bfa919cde57a26cd2ae7397281923792b7afe83a (commit) from f02b74fc067074d8e48e186a7b7255a244592f7d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit bfa919cde57a26cd2ae7397281923792b7afe83a Author: Kai Blin [EMAIL PROTECTED] Date: Wed Jan 30 16:59:40 2008 +0100 ntlm_auth: Fix typos in the torture test script. This should fix the build farm. Sorry, wonder why it worked on my box before. --- Summary of changes: source/script/tests/test_ntlm_auth_s3.sh |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/script/tests/test_ntlm_auth_s3.sh b/source/script/tests/test_ntlm_auth_s3.sh index 8568da9..6a52e59 100755 --- a/source/script/tests/test_ntlm_auth_s3.sh +++ b/source/script/tests/test_ntlm_auth_s3.sh @@ -5,9 +5,9 @@ incdir=`dirname $0` failed=0 -(/usr/bin/env python --version /dev/null 21) +(/usr/bin/env python --version /dev/null 21) -if $? -ne 0: +if test $? -ne 0; then echo Python binary not found in path. Skipping ntlm_auth tests. exit 0 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1718-g11c9c15
The branch, v3-2-test has been updated via 11c9c1536b153047ba387b9804f34a6555a5ae26 (commit) from bfa919cde57a26cd2ae7397281923792b7afe83a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 11c9c1536b153047ba387b9804f34a6555a5ae26 Author: Kai Blin [EMAIL PROTECTED] Date: Wed Jan 30 17:57:32 2008 +0100 ntlm_auth: test should honour configfile option to run on build farm. --- Summary of changes: source/script/tests/test_ntlm_auth_s3.sh |4 ++-- source/torture/test_ntlm_auth.py |6 ++ 2 files changed, 8 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/script/tests/test_ntlm_auth_s3.sh b/source/script/tests/test_ntlm_auth_s3.sh index 6a52e59..6bcb3e2 100755 --- a/source/script/tests/test_ntlm_auth_s3.sh +++ b/source/script/tests/test_ntlm_auth_s3.sh @@ -13,9 +13,9 @@ then exit 0 fi -testit ntlm_auth $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth || failed=`expr $failed + 1` +testit ntlm_auth $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --configfile $CONFFILE || failed=`expr $failed + 1` # This should work even with NTLMv2 -testit ntlm_auth $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --client-domain=fOo --server-domain=fOo || failed=`expr $failed + 1` +testit ntlm_auth $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --configfile $CONFFILE --client-domain=fOo --server-domain=fOo || failed=`expr $failed + 1` testok $0 $failed diff --git a/source/torture/test_ntlm_auth.py b/source/torture/test_ntlm_auth.py index 3e7cc05..12a4dae 100755 --- a/source/torture/test_ntlm_auth.py +++ b/source/torture/test_ntlm_auth.py @@ -70,6 +70,7 @@ def parseCommandLine(): parser.set_defaults(server_password=secret) parser.set_defaults(server_domain=FOO) parser.set_defaults(server_helper=squid-2.5-ntlmssp) + parser.set_defaults(config_file=/etc/samba/smb.conf) parser.add_option(--client-username, dest=client_username,\ help=User name for the client. [default: foo]) @@ -89,6 +90,9 @@ def parseCommandLine(): parser.add_option(--server-helper, dest=server_helper,\ help=Helper mode for the ntlm_auth server. [default: squid-2.5-server]) + parser.add_option(-s, --configfile, dest=config_file,\ + help=Path to smb.conf file. [default:/etc/samba/smb.conf) + (opts, args) = parser.parse_args() if len(args) != 1: parser.error(Invalid number of arguments.) @@ -129,6 +133,7 @@ def main(): client_args.append(--username=%s % opts.client_username) client_args.append(--password=%s % opts.client_password) client_args.append(--domain=%s % opts.client_domain) + client_args.append(--configfile=%s % opts.config_file) os.execv(ntlm_auth_path, client_args) @@ -161,6 +166,7 @@ def main(): server_args.append(--username=%s % opts.server_username) server_args.append(--password=%s % opts.server_password) server_args.append(--domain=%s % opts.server_domain) + server_args.append(--configfile=%s % opts.config_file) os.execv(ntlm_auth_path, server_args) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1719-gd12c49e
The branch, v3-2-test has been updated via d12c49e60f4390707c924b9e9f12fa9333b006e2 (commit) from 11c9c1536b153047ba387b9804f34a6555a5ae26 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit d12c49e60f4390707c924b9e9f12fa9333b006e2 Author: Kai Blin [EMAIL PROTECTED] Date: Wed Jan 30 18:34:24 2008 +0100 ntlm_auth: Fix another typo in the test. This _should_ be the last one. --- Summary of changes: source/script/tests/test_ntlm_auth_s3.sh |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/script/tests/test_ntlm_auth_s3.sh b/source/script/tests/test_ntlm_auth_s3.sh index 6bcb3e2..6c97f2e 100755 --- a/source/script/tests/test_ntlm_auth_s3.sh +++ b/source/script/tests/test_ntlm_auth_s3.sh @@ -13,9 +13,9 @@ then exit 0 fi -testit ntlm_auth $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --configfile $CONFFILE || failed=`expr $failed + 1` +testit ntlm_auth $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --configfile=$CONFFILE || failed=`expr $failed + 1` # This should work even with NTLMv2 -testit ntlm_auth $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --configfile $CONFFILE --client-domain=fOo --server-domain=fOo || failed=`expr $failed + 1` +testit ntlm_auth $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --configfile=$CONFFILE --client-domain=fOo --server-domain=fOo || failed=`expr $failed + 1` testok $0 $failed -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1720-g0341b0b
The branch, v3-2-test has been updated via 0341b0be49fef5e6003a170100388b5c47a41e67 (commit) from d12c49e60f4390707c924b9e9f12fa9333b006e2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 0341b0be49fef5e6003a170100388b5c47a41e67 Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Jan 30 19:56:05 2008 +0100 Fix some IBM checker warnings --- Summary of changes: source/torture/cmd_vfs.c |8 1 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source/torture/cmd_vfs.c b/source/torture/cmd_vfs.c index f3b9886..82a28bd 100644 --- a/source/torture/cmd_vfs.c +++ b/source/torture/cmd_vfs.c @@ -575,7 +575,7 @@ static NTSTATUS cmd_fstat(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, } fd = atoi(argv[1]); - if (fd 0 || fd 1024) { + if (fd 0 || fd = 1024) { printf(fstat: error=%d (file descriptor out of range)\n, EBADF); return NT_STATUS_OK; } @@ -710,7 +710,7 @@ static NTSTATUS cmd_fchmod(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, fd = atoi(argv[1]); mode = atoi(argv[2]); - if (fd 0 || fd 1024) { + if (fd 0 || fd = 1024) { printf(fchmod: error=%d (file descriptor out of range)\n, EBADF); return NT_STATUS_OK; } @@ -763,7 +763,7 @@ static NTSTATUS cmd_fchown(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, uid = atoi(argv[2]); gid = atoi(argv[3]); fd = atoi(argv[1]); - if (fd 0 || fd 1024) { + if (fd 0 || fd = 1024) { printf(fchown: faliure=%d (file descriptor out of range)\n, EBADF); return NT_STATUS_OK; } @@ -822,7 +822,7 @@ static NTSTATUS cmd_ftruncate(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar fd = atoi(argv[1]); off = atoi(argv[2]); - if (fd 0 || fd 1024) { + if (fd 0 || fd = 1024) { printf(ftruncate: error=%d (file descriptor out of range)\n, EBADF); return NT_STATUS_OK; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-591-gfc69e3f
The branch, v4-0-test has been updated via fc69e3f829a83aae311b4849d91509fcfa47816b (commit) via ab2e1394d0a66ca13750e1b6f4ced07f4a0f3453 (commit) from 421bdd203eab09e560f4919715fa4cc4497e406f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit fc69e3f829a83aae311b4849d91509fcfa47816b Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jan 30 20:30:27 2008 +0100 libndr: depend on samba-config, so that callers doesn't need to know about it metze commit ab2e1394d0a66ca13750e1b6f4ced07f4a0f3453 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jan 30 20:25:40 2008 +0100 pidl: be consistent and always ask pkg-config only for 'ndr' metze --- Summary of changes: source/librpc/ndr.pc.in |2 +- source/pidl/tests/Util.pm |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/librpc/ndr.pc.in b/source/librpc/ndr.pc.in index 4317397..ed4c459 100644 --- a/source/librpc/ndr.pc.in +++ b/source/librpc/ndr.pc.in @@ -5,7 +5,7 @@ [EMAIL PROTECTED]@ Name: ndr Description: Network Data Representation Core Library -Requires: talloc +Requires: samba-config talloc Version: 0.0.1 Libs: -L${libdir} -lndr Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1 diff --git a/source/pidl/tests/Util.pm b/source/pidl/tests/Util.pm index 82ab130..4ad216a 100644 --- a/source/pidl/tests/Util.pm +++ b/source/pidl/tests/Util.pm @@ -134,7 +134,7 @@ $c $cc = cc; } - my $flags = `pkg-config --libs --cflags ndr samba-config`; + my $flags = `pkg-config --libs --cflags ndr`; my $cmd = $cc $cflags -x c - -o $outfile $flags $ldflags; $cmd =~ s/\n//g; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1721-g1a1c795
The branch, v3-2-test has been updated via 1a1c7954368a7f168a57f86f4f857cf70258e37a (commit) from 0341b0be49fef5e6003a170100388b5c47a41e67 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 1a1c7954368a7f168a57f86f4f857cf70258e37a Author: Andrew Tridgell [EMAIL PROTECTED] Date: Thu Jan 31 09:48:20 2008 +1100 merged tdb transaction fix --- Summary of changes: source/lib/tdb/common/transaction.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/tdb/common/transaction.c b/source/lib/tdb/common/transaction.c index c3e7a4e..4e2127b 100644 --- a/source/lib/tdb/common/transaction.c +++ b/source/lib/tdb/common/transaction.c @@ -321,6 +321,9 @@ static int transaction_write_existing(struct tdb_context *tdb, tdb_off_t off, if (blk == tdb-transaction-num_blocks-1 off + len tdb-transaction-last_block_size) { + if (off = tdb-transaction-last_block_size) { + return 0; + } len = tdb-transaction-last_block_size - off; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-593-gf6a5848
The branch, v4-0-test has been updated via f6a5848e5e211d4d4d66b7eca46b4b0ad4c9daab (commit) via eb3af24926977208a8099c848a510704d2ae3524 (commit) from fc69e3f829a83aae311b4849d91509fcfa47816b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit f6a5848e5e211d4d4d66b7eca46b4b0ad4c9daab Merge: eb3af24926977208a8099c848a510704d2ae3524 fc69e3f829a83aae311b4849d91509fcfa47816b Author: Andrew Tridgell [EMAIL PROTECTED] Date: Thu Jan 31 09:49:15 2008 +1100 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test commit eb3af24926977208a8099c848a510704d2ae3524 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Thu Jan 31 09:48:46 2008 +1100 merged tdb transaction fix --- Summary of changes: source/lib/tdb/common/transaction.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/tdb/common/transaction.c b/source/lib/tdb/common/transaction.c index c3e7a4e..4e2127b 100644 --- a/source/lib/tdb/common/transaction.c +++ b/source/lib/tdb/common/transaction.c @@ -321,6 +321,9 @@ static int transaction_write_existing(struct tdb_context *tdb, tdb_off_t off, if (blk == tdb-transaction-num_blocks-1 off + len tdb-transaction-last_block_size) { + if (off = tdb-transaction-last_block_size) { + return 0; + } len = tdb-transaction-last_block_size - off; } -- Samba Shared Repository
Build status as of Thu Jan 31 00:00:01 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-01-30 00:00:27.0 + +++ /home/build/master/cache/broken_results.txt 2008-01-31 00:00:51.0 + @@ -1,4 +1,4 @@ -Build status as of Wed Jan 30 00:00:02 2008 +Build status as of Thu Jan 31 00:00:01 2008 Build counts: Tree Total Broken Panic @@ -6,17 +6,17 @@ ccache 30 10 0 ctdb 0 0 0 distcc 1 0 0 -ldb 30 23 0 +ldb 30 22 0 libreplace 29 19 0 lorikeet-heimdal 25 15 0 pidl 17 6 0 -ppp 8 6 0 +ppp 8 0 0 rsync30 14 0 samba-docs 0 0 0 samba-gtk4 4 0 -samba_3_2_test 31 19 0 +samba_3_2_test 31 26 0 samba_4_0_test 28 25 2 smb-build28 3 0 talloc 30 9 0 -tdb 30 18 0 +tdb 30 19 0