[Samba] 3.5.9: logon scripts are not working under non root user
I have issues running logon script on samba 3.5.9 (freebsd 8.2p1) under non root user. When i login to the XP box under root all is OK. logon script is working, but it's totally not working under all other users. turning on debugging reveals that under non root it's incorrectly parsing the logon script name from config (adding full network path to filename) unix_convert called on file ancor-srv/netlogon/logon.bat unix_convert begin: name = ancor-srv/netlogon/logon.bat, dirpath = , start = ancor-srv/netlogon/logon.bat Intermediate not found ancor-srv but it's parsing correctly when login under root user unix_convert called on file logon.bat unix_convert begin: name = logon.bat, dirpath = , start = logon.bat stat_cache_add: Added entry (21f694e0:size 9) LOGON.BAT - logon.bat conversion of base_name finished logon.bat - logon.bat check_reduced_name [logon.bat] [/mnt/750g/netlogon] check_reduced_name: logon.bat reduced to /mnt/750g/netlogon/logon.bat call_trans2qfilepathinfo logon.bat (fnum = -1) level=1004 call=5 total_data=0 Please help! parts from config and debug logs are below [global] workgroup = ATLANTA netbios name = ANCOR-SRV realm = ATLANTA.LOCAL server string = ANCOR-SRV security = user log file = /var/log/samba/log.%m max log size = 1000 logon path = logon drive = logon home = template homedir = admin users = @ATLANTA\Domain Admins logon script = logon.bat [IPC$] path = /tmp [netlogon] path = /mnt/750g/netlogon # admin users = @ATLANTA\Domain Users read only = no browseable = yes guest ok=yes root@ancor-srv /usr/local/etc]# ls -la /mnt/750g/ total 14 drwxr-xr-x 7 root wheel 512 Aug 3 15:37 . drwxr-xr-x 3 root wheel 512 Aug 3 09:58 .. drwxrwxrwx 2 root ntusers 512 Aug 4 13:40 netlogon [root@ancor-srv /usr/local/etc]# ls -la /mnt/750g/netlogon/ total 282 drwxrwxrwx 2 root ntusers 512 Aug 4 13:40 . drwxr-xr-x 7 root wheel 512 Aug 3 15:37 .. -rwxrwxrwx 1 root ntusers 733 Aug 4 10:35 defprinter.vbs -rwxrwxrwx 1 root ntusers 289 Aug 4 13:40 logon.bat -rwxrwxrwx 1 root ntusers 262144 Aug 4 13:53 ntconfig.pol *login under NON ROOT user: * [2011/08/06 11:04:02.138601, 3] smbd/vfs.c:881(check_reduced_name) check_reduced_name [.] [/mnt/750g/netlogon] [2011/08/06 11:04:02.139054, 3] smbd/vfs.c:1038(check_reduced_name) check_reduced_name: . reduced to /mnt/750g/netlogon [2011/08/06 11:04:02.139788, 3] smbd/trans2.c:5226(call_trans2qfilepathinfo) -- [2011/08/06 11:04:02.268182, 5] smbd/filename.c:169(unix_convert) unix_convert called on file ancor-srv/netlogon/logon.bat [2011/08/06 11:04:02.268632, 5] smbd/filename.c:328(unix_convert) unix_convert begin: name = ancor-srv/netlogon/logon.bat, dirpath = , start = ancor-srv/netlogon/logon.bat [2011/08/06 11:04:02.269712, 5] smbd/filename.c:547(unix_convert) Intermediate not found ancor-srv [2011/08/06 11:04:02.270271, 3] smbd/error.c:80(error_packet_set) error packet at smbd/trans2.c(5129) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_PATH_NOT_FOUND -- *LOGIN under ROOT USER:* [2011/08/06 11:30:54.449610, 3] smbd/vfs.c:881(check_reduced_name) check_reduced_name [.] [/mnt/750g/netlogon] [2011/08/06 11:30:54.450091, 3] smbd/vfs.c:1038(check_reduced_name) check_reduced_name: . reduced to /mnt/750g/netlogon [2011/08/06 11:30:54.450866, 3] smbd/trans2.c:5226(call_trans2qfilepathinfo) -- [2011/08/06 11:30:54.497519, 3] smbd/vfs.c:881(check_reduced_name) check_reduced_name [.] [/mnt/750g/netlogon] [2011/08/06 11:30:54.498003, 3] smbd/vfs.c:1038(check_reduced_name) check_reduced_name: . reduced to /mnt/750g/netlogon [2011/08/06 11:30:54.498775, 3] smbd/trans2.c:5226(call_trans2qfilepathinfo) -- [2011/08/06 11:30:54.622072, 5] smbd/filename.c:169(unix_convert) unix_convert called on file logon.bat [2011/08/06 11:30:54.622532, 5] smbd/filename.c:328(unix_convert) unix_convert begin: name = logon.bat, dirpath = , start = logon.bat [2011/08/06 11:30:54.623341, 5] smbd/statcache.c:138(stat_cache_add) stat_cache_add: Added entry (21f694e0:size 9) LOGON.BAT - logon.bat [2011/08/06 11:30:54.624078, 5] smbd/filename.c:351(unix_convert) conversion of base_name finished logon.bat - logon.bat [2011/08/06 11:30:54.624846, 3] smbd/vfs.c:881(check_reduced_name) check_reduced_name [logon.bat] [/mnt/750g/netlogon] [2011/08/06 11:30:54.625669, 3] smbd/vfs.c:1038(check_reduced_name) check_reduced_name: logon.bat reduced to /mnt/750g/netlogon/logon.bat [2011/08/06 11:30:54.626443, 3] smbd/trans2.c:5226(call_trans2qfilepathinfo) call_trans2qfilepathinfo logon.bat (fnum = -1) level=1004
Re: [Samba] 3.5.9: logon scripts are not working under non root user
From: MarvinFS marvi...@gmail.com Date: Sat, 6 Aug 2011 12:03:32 +0600 I have issues running logon script on samba 3.5.9 (freebsd 8.2p1) under non root user. When i login to the XP box under root all is OK. logon script is working, but it's totally not working under all other users. Show both pdbedit -v root and pdbedit -v non-root, especialy Logon Script: line. logon.bat is set at both? --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.5.9: logon scripts are not working under non root user
Thanx for a prompt answer, Actually it's working when i manually specify logon.bat as a logon script for each user's properties through GUI user manager. but still if it's empty i thought samba have to use global config script but it's not, it's OK when i have 10 users, but if i have 100 it's becoming annoying. [root@ancor-srv /usr/local/etc/samba]# pdbedit -Lv root Unix username:root NT username: Account Flags:[UX ] User SID: S-1-5-21-3492977515-3232339064-1064139939-1000 Primary Group SID:S-1-5-21-3492977515-3232339064-1064139939-513 Full Name:MarvinFS Home Directory: HomeDir Drive: Logon Script: logon.bat Profile Path: Domain: ATLANTA Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: 0 Password last set:Wed, 03 Aug 2011 10:33:16 YEKST Password can change: Wed, 03 Aug 2011 10:33:16 YEKST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF [root@ancor-srv /usr/local/etc/samba]# pdbedit -Lv test Unix username:test NT username: Account Flags:[UX ] User SID: S-1-5-21-3492977515-3232339064-1064139939-1005 Primary Group SID:S-1-5-21-3492977515-3232339064-1064139939-513 Full Name:мХЙХТНПНБ бКЮДХЛХП Home Directory: HomeDir Drive: Logon Script: Profile Path: Domain: ATLANTA Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: 0 Password last set:Thu, 04 Aug 2011 14:29:28 YEKST Password can change: Thu, 04 Aug 2011 14:29:28 YEKST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF --- Best regards, MarvinFS MARVIN THE PARANOID ANDROID (C) Douglas Adams On Sat, Aug 6, 2011 at 1:45 PM, TAKAHASHI Motonobu mo...@monyo.com wrote: From: MarvinFS marvi...@gmail.com Date: Sat, 6 Aug 2011 12:03:32 +0600 I have issues running logon script on samba 3.5.9 (freebsd 8.2p1) under non root user. When i login to the XP box under root all is OK. logon script is working, but it's totally not working under all other users. Show both pdbedit -v root and pdbedit -v non-root, especialy Logon Script: line. logon.bat is set at both? --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.5.9: logon scripts are not working under non root user
From: MarvinFS marvi...@gmail.com Date: Sat, 6 Aug 2011 14:04:34 +0600 Thanx for a prompt answer, Actually it's working when i manually specify logon.bat as a logon script for each user's properties through GUI user manager. but still if it's empty i thought samba have to use global config script but it's not, Hmmm, it's OK when i have 10 users, but if i have 100 it's becoming annoying. You can set logon script for example, # pdbedit -S logon.bat test Also you can list users for example, # net sam users # pdbedit -L | awk 'FS=: {print $1}' So you can make a script... --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.5.9: logon scripts are not working under non root user
From: MarvinFS marvi...@gmail.com Date: Sat, 6 Aug 2011 14:04:34 +0600 Thanx for a prompt answer, Actually it's working when i manually specify logon.bat as a logon script for each user's properties through GUI user manager. but still if it's empty i thought samba have to use global config script but it's not, As far as I examined againt Samba 3.5.10, using passdb backend = tdbsam, logon script does not affected, using passdb backend = ldapsam / ldapsam:editposix = yes, it affects. In both environment, if you create an user with pdbedit -a, logon script affects. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.5.9: logon scripts are not working under non root user
so what does this mean? is it a bug? --- Best regards, MarvinFS MARVIN THE PARANOID ANDROID (C) Douglas Adams On Sat, Aug 6, 2011 at 6:50 PM, TAKAHASHI Motonobu mo...@monyo.com wrote: From: MarvinFS marvi...@gmail.com Date: Sat, 6 Aug 2011 14:04:34 +0600 Thanx for a prompt answer, Actually it's working when i manually specify logon.bat as a logon script for each user's properties through GUI user manager. but still if it's empty i thought samba have to use global config script but it's not, As far as I examined againt Samba 3.5.10, using passdb backend = tdbsam, logon script does not affected, using passdb backend = ldapsam / ldapsam:editposix = yes, it affects. In both environment, if you create an user with pdbedit -a, logon script affects. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] tattooing of tdbsam backend with logon script value
All users whose logon script values have not been explicitly defined automagically inherit the value that logon script is set to in smb.conf. And one can change the logon script for all such users simply by changing said value in smb.conf. However, once a logon script value value has been explicitly defined for a user this inheritance ability (as the explicit definition should not be overwritten) seems forever lost. I have not found a method to undo this tattooed state to allow for the automagic inheritance of the smb.conf logon script value. Therefore said users, who have once had an explicitly defined logon script value can (seemingly) no longer returned to the state where they use whatever logon script is defined in smb.conf. Is there a way to reset said users, removing the tattooing effect? Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot see linux machines from XP
On 8/6/2011 9:15 AM, Al Schapira wrote: Stan, Please reply-all as your message didn't go to the list. There are folks far more knowledgeable than me who are watching this thread, waiting to hop in after all the grunt work is out of the way. Thank you for your reply. Searching for computers on DRS2 (XP) for ADS1 or ADS2 'seems' to find them, but clicking on either results in a message that the server does not permit the operation. It does NOT display the shares on either. Ok, that's a good sign. ADS1, ADS2 do NOT show up in my network places, or in workgroup computers, or in entire network'. The 'entire network' does show the workgroup (GAMMA5), but this only contains DRS2 (itself). But, as I said, ADS1 and ADS2 can see AND ACCESS files on all three computers including DRS2. Then the problem is apparently with XP. Or, you don't have Samba properly configured to play nicely with XP, or specifically the way you want it to (purely guest access). Disable the XP firewall if it isn't already. What is the result when you map a Samba share from the Windows command line? -- Stan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fail to access eventlog in windows2008 R2 by rpcclient
On Tue, Aug 02, 2011 at 02:43:09PM -0700, Shangwei Duan wrote: Hi Guys, I fail to access eventlog in windows2008 R2 by rpcclient(version 3.4.7) . The command is flows: rpcclient -U administrator xxx.xxx.xxx.xxx rpcclient $ eventlog_readlog security ndr_pull_error(17): not all bytes consumed ofs[560] size[572] result was NT_STATUS_PORT_MESSAGE_TOO_LONG I also found the same question at the link http://lists.samba.org/archive/samba/2010-July/157387.html; But I can not find any suggestions or answers. Does anybody know this or give me some hints? Just tried with master, worked fine. Can you try with 3.5.11? The RPC infrastructure has been changed significantly. Thanks, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a6be082 s3:web/swat: use strtoll() instead of atoi/atol/atoll via 10752c5 s4:netcmd/gpo.py: we don't need to set autogenerated attributes from 593c932 idl: We don't need a context for FRSRPC_COMM_PKT_CHUNK_CO_EXTENTION_2 and avoid colision on bop attribute http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a6be0820d09b3f3eabfbb5f4356add303aa8a494 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 5 19:48:38 2011 +0200 s3:web/swat: use strtoll() instead of atoi/atol/atoll This is more portable, as we have a strtoll replacement in lib/replace. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104 commit 10752c5b5b039f4645412d81a751dbb926361c9e Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 3 09:15:11 2011 +0200 s4:netcmd/gpo.py: we don't need to set autogenerated attributes metze --- Summary of changes: source3/web/swat.c | 25 +++- source4/scripting/python/samba/netcmd/gpo.py | 32 +- 2 files changed, 30 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/web/swat.c b/source3/web/swat.c index 69d9fec..1ecaa57 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -199,16 +199,29 @@ bool verify_xsrf_token(const char *formname) const char *pass = cgi_user_pass(); const char *token = cgi_variable_nonull(XSRF_TOKEN); const char *time_str = cgi_variable_nonull(XSRF_TIME); + char *p = NULL; + long long xsrf_time_ll = 0; time_t xsrf_time = 0; time_t now = time(NULL); - if (sizeof(time_t) == sizeof(int)) { - xsrf_time = atoi(time_str); - } else if (sizeof(time_t) == sizeof(long)) { - xsrf_time = atol(time_str); - } else if (sizeof(time_t) == sizeof(long long)) { - xsrf_time = atoll(time_str); + errno = 0; + xsrf_time_ll = strtoll(time_str, p, 10); + if (errno != 0) { + return false; + } + if (p == NULL) { + return false; + } + if (PTR_DIFF(p, time_str) strlen(time_str)) { + return false; + } + if (xsrf_time_ll _TYPE_MAXIMUM(time_t)) { + return false; + } + if (xsrf_time_ll _TYPE_MINIMUM(time_t)) { + return false; } + xsrf_time = xsrf_time_ll; if (abs(now - xsrf_time) XSRF_TIMEOUT) { return false; diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py index 94b1c61..07842c2 100644 --- a/source4/scripting/python/samba/netcmd/gpo.py +++ b/source4/scripting/python/samba/netcmd/gpo.py @@ -857,17 +857,13 @@ class cmd_create(Command): m = ldb.Message() m.dn = ldb.Dn(self.samdb, gpo_dn.get_linearized()) -m['a01'] = ldb.MessageElement(top, ldb.FLAG_MOD_ADD, objectClass) -m['a02'] = ldb.MessageElement(container, ldb.FLAG_MOD_ADD, objectClass) -m['a03'] = ldb.MessageElement(groupPolicyContainer, ldb.FLAG_MOD_ADD, objectClass) -m['a04'] = ldb.MessageElement(displayname, ldb.FLAG_MOD_ADD, displayName) -m['a05'] = ldb.MessageElement(gpo, ldb.FLAG_MOD_ADD, name) -m['a06'] = ldb.MessageElement(gpo, ldb.FLAG_MOD_ADD, CN) -m['a07'] = ldb.MessageElement(unc_path, ldb.FLAG_MOD_ADD, gPCFileSysPath) -m['a08'] = ldb.MessageElement(0, ldb.FLAG_MOD_ADD, flags) -m['a09'] = ldb.MessageElement(0, ldb.FLAG_MOD_ADD, versionNumber) -m['a10'] = ldb.MessageElement(TRUE, ldb.FLAG_MOD_ADD, showInAdvancedViewOnly) -m['a11'] = ldb.MessageElement(2, ldb.FLAG_MOD_ADD, gpcFunctionalityVersion) +m['a01'] = ldb.MessageElement(groupPolicyContainer, ldb.FLAG_MOD_ADD, objectClass) +m['a02'] = ldb.MessageElement(displayname, ldb.FLAG_MOD_ADD, displayName) +m['a03'] = ldb.MessageElement(unc_path, ldb.FLAG_MOD_ADD, gPCFileSysPath) +m['a04'] = ldb.MessageElement(0, ldb.FLAG_MOD_ADD, flags) +m['a05'] = ldb.MessageElement(0, ldb.FLAG_MOD_ADD, versionNumber) +m['a06'] = ldb.MessageElement(TRUE, ldb.FLAG_MOD_ADD, showInAdvancedViewOnly) +m['a07'] = ldb.MessageElement(2, ldb.FLAG_MOD_ADD, gpcFunctionalityVersion) try: self.samdb.add(m) except Exception, e: @@ -879,11 +875,8 @@ class cmd_create(Command): m = ldb.Message() m.dn = ldb.Dn(self.samdb, child_dn.get_linearized()) -m['a01'] = ldb.MessageElement(top, ldb.FLAG_MOD_ADD, objectClass) -m['a02'] = ldb.MessageElement(container, ldb.FLAG_MOD_ADD, objectClass) -