Re: [Samba] Integrate windows ADS Connection
I got samba with winbind and pam to integrate with windows 2008 ADS. I am able to net ads join and also see the users and groups via wbinfo. But my samba connection is not working and not showing when I try to mount in windows. No errors pop up under smbstatus. Below is the smb.conf [GLOBAL] workgroup = ARCH realm = ARCH.LOCAL netbios name = ARCHPROJFC password server = 192.168.1.40 preferred master = no server string = %h server (Samba %v, Ubuntu) encrypt passwords = yes enable privileges = Yes # dns proxy = no log level = 3 log file = /var/log/samba/%m max log size = 50 security = ADS printcap name = cups printing = cups winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind separator = + idmap uid = 600-2 idmap gid = 600-2 ;template primary group = Domain Users template homedir = /home/%D/%U template shell = /bin/bash [WORKSPACE] comment = Home Direcotries path = /home/%D/%U/Workspace valid users = ARCH+Administrator read only = No browseable = yes writable = yes [PRINTERS] comment = All Printers path = /var/spool/cups browseable = no printable = yes guest ok = yes public = yes On Wed, Jan 4, 2012 at 9:31 AM, Jessica Guynn jessgu...@gmail.com wrote: Used likewise-open because was following a tutorial on that same site. So better change to winbind? On Wed, Jan 4, 2012 at 7:40 AM, Volker Lendecke volker.lende...@sernet.de wrote: On Wed, Jan 04, 2012 at 07:29:11AM -0800, Jessica Guynn wrote: Forgot to add, using likewise-open to add the ubuntu machine to the windows ads. On Wed, Jan 4, 2012 at 7:20 AM, Jessica Guynn jessgu...@gmail.com wrote: Creating a samba connection through windows 2008 ADS. I was able to add my ubuntu machine as a member of the windows 2008 domain but after following this tutorial to create the samba connection http://www.ubuntugeek.com/how-to-integrate-windows-active-directory-and-samba-in-ubuntu.htmlI can no longer login with domain users. My nsswitch.conf, krb5.conf, and smb.conf files are pasted in: http://pastebin.com/VKphVVwg Can you try to take likewise-open out of the picture? Samba with winbind has excellent domain membership features. What are the specific likewise open features that you require that winbind can not provide to you? With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Member Server and authenticating trusted domain users
Hello, I have a samba 3.6.1 (Debian testing) member server in a Windows 2K8 Domain with the name DomaA. The DomA PDC trusts a second Win2K3 domain controller responsible for DomB. All users from DomA can access the samba server without problems. Now I want to allow users from the trusted domain DomB to access the samba server. When a user tries to authenticate the smb/cifs login to the share fails, I get the following winbind log in log.wb-DOMB [2012/01/06 10:51:17.018523, 3] libsmb/cliconnect.c:1840(cli_session_setup_spnego) got principal=pdc$@DOMB [2012/01/06 10:51:17.018673, 10] libads/kerberos.c:191(kerberos_kinit_password_ext) kerberos_kinit_password: as SAMBA-1$@NETTETAL.PIERBURG.LOCAL using [MEMORY:cliconnect] as ccache and config [(null)] [2012/01/06 10:51:18.553682, 3] libsmb/cliconnect.c:1883(cli_session_setup_spnego) cli_session_setup_spnego: using target hostname not SPNEGO principal [2012/01/06 10:51:18.553770, 3] libsmb/cliconnect.c:1927(cli_session_setup_spnego) cli_session_setup_spnego: guessed server principal=cifs/pdc.DOMB@DOMB [2012/01/06 10:51:18.553805, 2] libsmb/cliconnect.c:1433(cli_session_setup_kerberos_send) Doing kerberos session setup [2012/01/06 10:51:19.058406, 1] libsmb/clikrb5.c:799(ads_krb5_mk_req) ads_krb5_mk_req: smb_krb5_get_credentials failed for cifs/pdc.DOMB@DOMB (Server not found in Kerberos database) In my smb.conf I enabled: allow trusted domains = yes In my krb5.conf I configured: DOMB = { kdc = PDC@DOMB:88 admin_server = PDC@DOMB default_domain = DOMB } Testing kinit works: kinit username@DOMB is successfull. So my question ist: am I missing something? Thanks in advance for any help-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] issues with printing
On 01/05/2012 9:23 AM, Tom Ryan wrote: On 1/5/12 9:31 AM, Tom Ryantomr...@camlaw.rutgers.edu wrote: [2012/01/05 09:18:54.928729, 3] auth/auth_util.c:1028(check_account) Failed to find authenticated user DOMAIN\machinename$ via getpwnam(), denying access. [2012/01/05 09:18:54.929709, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [machinename$] - [machinename$] FAILED with error NT_STATUS_NO_SUCH_USER [2012/01/05 09:18:54.929807, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE You might recall that we don't use winbind so I'm at a loss as to why this happens sporadically and what I can do (short of editing the code) to work around it. Thoughts? Ok, so I have found out if I put DOMAIN\machinename$ And machinename$ In /etc/passwd Then everything works.. However, that really isn't acceptable. Does anyone have a solution?? Tom, As you've probably noticed, printing problems don't get a lot of responses. I'm uncertain as to why. I don't know what you've already checked, so I'll give a few generalities. Samba 3.6 had a rewrite of the printing code. If you haven't already, you can read about it here: http://www.samba.org/samba/history/samba-3.6.0.html There is at least 1 known printing bug, and I've experienced it. It is found here: https://bugzilla.samba.org/show_bug.cgi?id=8384 Would guest access to the printing shares fix your problem? guest ok = Yes If these suggestions are all strikeouts, perhaps post the global and printing sections of your smb.conf. Someone else may see something there. Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] issues with printing
On Fri, Jan 6, 2012 at 3:06 PM, Dale Schroeder d...@briannassaladdressing.com wrote: Samba 3.6 had a rewrite of the printing code. If you haven't already, you can read about it here: http://www.samba.org/samba/history/samba-3.6.0.html With the winbind and printing issues I've seen with 3.6 my take is that it isn't quite ready for prime time. I dropped back to the 3.5 series and will look at it again when 3.6.2 is released. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] issues with printing
On Fri, Jan 06, 2012 at 02:06:26PM -0600, Dale Schroeder wrote: On 01/05/2012 9:23 AM, Tom Ryan wrote: On 1/5/12 9:31 AM, Tom Ryantomr...@camlaw.rutgers.edu wrote: [2012/01/05 09:18:54.928729, 3] auth/auth_util.c:1028(check_account) Failed to find authenticated user DOMAIN\machinename$ via getpwnam(), denying access. [2012/01/05 09:18:54.929709, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [machinename$] - [machinename$] FAILED with error NT_STATUS_NO_SUCH_USER [2012/01/05 09:18:54.929807, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE You might recall that we don't use winbind so I'm at a loss as to why this happens sporadically and what I can do (short of editing the code) to work around it. Thoughts? Ok, so I have found out if I put DOMAIN\machinename$ And machinename$ In /etc/passwd Then everything works.. However, that really isn't acceptable. Does anyone have a solution?? Tom, As you've probably noticed, printing problems don't get a lot of responses. I'm uncertain as to why. I don't know what you've already checked, so I'll give a few generalities. Samba 3.6 had a rewrite of the printing code. If you haven't already, you can read about it here: http://www.samba.org/samba/history/samba-3.6.0.html There is at least 1 known printing bug, and I've experienced it. It is found here: https://bugzilla.samba.org/show_bug.cgi?id=8384 Yeah, that one got fixed for the next release. Would guest access to the printing shares fix your problem? guest ok = Yes If these suggestions are all strikeouts, perhaps post the global and printing sections of your smb.conf. Someone else may see something there. The problem I can see from the pastebin is an authentication issue. The client is trying to connect via a machine account. If you don't allow the machine account access to the print share then it'll get access denied. The error above is the machine account not being present on the box, so we can't allow such a user to connect. You could set map to guest = bad user, and allow guest access to the print shares, or use a username map to map the incoming machine account to another (known) user, but the underlying problem here isn't in the print subsystem. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] issues with printing
On 1/6/12 3:31 PM, Jeremy Allison j...@samba.org wrote: The problem I can see from the pastebin is an authentication issue. The client is trying to connect via a machine account. If you don't allow the machine account access to the print share then it'll get access denied. The error above is the machine account not being present on the box, so we can't allow such a user to connect. You could set map to guest = bad user, and allow guest access to the print shares, or use a username map to map the incoming machine account to another (known) user, but the underlying problem here isn't in the print subsystem. Jeremy. Jeremy, This is true. I would not have the issue (I suspect) if I used winbind. I read somewhere prior to Samba 3, machine account auths were dropped (I forget the exact wording). In my case (I want 3.6.x for the print notice setting due to client firewalls), I think the fix would be an option to ignore (or silently map to guest account?) machine account auth requests? I don't know the best fix.. I just fixed it by manually adding the accounts.. Ugh.. But now at least it works. Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can access shares by IP, not by hostname from Windows clients (AD, W2K8 R2, Linux, Samba 3.6.1, KRB)
Hello, I am running a Samba version 3.6.1 and since several months we can no longer access shares on that server by hostname. This only occurs for Windows clients (Windows 2008 R2, Windows 7). For Apple MacOS 10.5 and Linux clients, we can access the shares by \\ws86file:///\\ws86 using Active Directory registered passwords. For Windows, we must use \\192.168.172.26file:///\\192.168.172.26. Neither \\ws86file:///\\ws86 nor \\WS86file:///\\WS86 works. The only IP address of ws86 is 192.168.172.26. Netbios is also enabled, but of course there is an Active Directory environment. Active Directory is also used for security (see smb.conf). Winbind not running, smb and nmb are. Successfully kinit-ed and joined domain. Logging contains: [2012/01/06 21:16:11.824330, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! With debugging on level 15, typical errors include (samba log with level 15 is too large to post here): libads/kerberos_verify.c:248: krb5_rd_req_return_keyblock_from_keytab(host/ws86.invantive.local@INVANTIVE.LOCAL) failed: Wrong principal in request and libads/kerberos_verify.c:429: enc type [23] failed to decrypt with error Bad encryption type [2012/01/06 21:16:50.593758, 10] libads/kerberos_verify.c:429(ads_secrets_verify_ticket) libads/kerberos_verify.c:429: enc type [1] failed to decrypt with error Bad encryption type [2012/01/06 21:16:50.593846, 10] libads/kerberos_verify.c:429(ads_secrets_verify_ticket) libads/kerberos_verify.c:429: enc type [3] failed to decrypt with error Bad encryption type [2012/01/06 21:16:50.593929, 10] libads/kerberos_verify.c:429(ads_secrets_verify_ticket) libads/kerberos_verify.c:429: enc type [23] failed to decrypt with error Bad encryption type [2012/01/06 21:16:50.594012, 10] libads/kerberos_verify.c:429(ads_secrets_verify_ticket) libads/kerberos_verify.c:429: enc type [1] failed to decrypt with error Bad encryption type [2012/01/06 21:16:50.594094, 10] libads/kerberos_verify.c:429(ads_secrets_verify_ticket) libads/kerberos_verify.c:429: enc type [3] failed to decrypt with error Bad encryption type I have tried various enctypes. Made changes to allowed enctypes on 2008 R2 active directory server. No success. Even with experience back to Samba 2.0, this is too hard for me. Can someone provide me with a hint or pointer? Regards, Guido -- [global] workgroup = INVANTIVE realm = INVANTIVE.LOCAL security = ads kerberos method=secrets and keytab template shell = /bin/ksh winbind use default domain = true winbind offline logon = false debuglevel=1 password server = ws54 winbind enum groups = yes winbind enum users = yes winbind nested groups = yes winbind separator = + server string = Samba %v interfaces = lo eth0 192.168.172.26/24 passdb backend = tdbsam dns proxy = yes cups options = raw username map = /etc/samba/smbusers [homes] comment = Home Directories browseable = no writable = yes inherit acls = yes delete readonly = yes create mask = 0600 directory mask = 0700 oplocks = yes force create mode = 0600 force directory mode = 0700 valid users = %S,INVANTIVE\Administrator,root,INVANTIVE\!gle3 force user = %S hide files = /desktop.ini/$RECYCLE.BIN/ include=/etc/samba/smb.conf.invantive -- root@ws86:/etc/samba# klist -ke Keytab name: FILE:/etc/krb5.keytab KVNO Principal -- 22 host/ws86.invantive.local@INVANTIVE.LOCAL (DES cbc mode with CRC-32) 22 host/ws86.invantive.local@INVANTIVE.LOCAL (DES cbc mode with RSA-MD5) 22 host/ws86.invantive.local@INVANTIVE.LOCAL (ArcFour with HMAC/md5) 22 host/ws86@INVANTIVE.LOCAL (DES cbc mode with CRC-32) 22 host/ws86@INVANTIVE.LOCAL (DES cbc mode with RSA-MD5) 22 host/ws86@INVANTIVE.LOCAL (ArcFour with HMAC/md5) 22 WS86$@INVANTIVE.LOCAL (DES cbc mode with CRC-32) 22 WS86$@INVANTIVE.LOCAL (DES cbc mode with RSA-MD5) 22 WS86$@INVANTIVE.LOCAL (ArcFour with HMAC/md5) 13 ws86/Administrator@INVANTIVE.LOCAL (DES cbc mode with CRC-32) 13 ws86/Administrator@INVANTIVE.LOCAL (DES cbc mode with RSA-MD5) 13 ws86/Administrator@INVANTIVE.LOCAL (ArcFour with HMAC/md5) 3 host/WS86@INVANTIVE.LOCAL (DES cbc mode with CRC-32) 3 host/WS86@INVANTIVE.LOCAL (DES cbc mode with RSA-MD5) 3 host/WS86@INVANTIVE.LOCAL (ArcFour with HMAC/md5) 22 ws86/ws86@INVANTIVE.LOCAL (DES cbc mode with CRC-32) 22 ws86/ws86@INVANTIVE.LOCAL (DES cbc mode with RSA-MD5) 22 ws86/ws86@INVANTIVE.LOCAL (ArcFour with HMAC/md5) 21 WS86$@INVANTIVE.LOCAL (DES cbc mode with CRC-32) 21 WS86$@INVANTIVE.LOCAL (DES cbc mode with RSA-MD5) 3 ws86/WS86@INVANTIVE.LOCAL (DES cbc mode with CRC-32) 14 ws86/Administrator@INVANTIVE.LOCAL (DES cbc mode with CRC-32) 14 ws86/Administrator@INVANTIVE.LOCAL (DES cbc mode with RSA-MD5) 14 ws86/Administrator@INVANTIVE.LOCAL (ArcFour with HMAC/md5) 22 ws86/ws86.invantive.local@INVANTIVE.LOCAL (DES cbc mode with CRC-32)
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 662c557 s3-torture convert smb2 test to use auth_generic/gensec for NTLMSSP via 893d792 s3:SMB2-SESSION-RECONNECT: also expect NETWORK_NAME_DELETED is signing isn't used via 27af0ff s3-libads Use NTLMSSP via auth_generic/gensec via a00032a s3-libsmb Make auth_ntlmssp client more generic via 2141556 s3-libsmb Use gensec_settings to set s3 ntlmssp client backend via 09928fb s3-auth Rename make_auth_ntlmssp() - make_auth_gensec() from 7b42ceb Fix compile when TDB_TRACE is enabled. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 662c557b368ce5e959faf100145a0b1a4f4b1f75 Author: Andrew Bartlett abart...@samba.org Date: Tue Dec 27 13:27:45 2011 +1100 s3-torture convert smb2 test to use auth_generic/gensec for NTLMSSP Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Jan 6 12:09:12 CET 2012 on sn-devel-104 commit 893d7921a1ce403fd87501def59c6b53a88b5468 Author: Stefan Metzmacher me...@samba.org Date: Fri Jan 6 08:31:16 2012 +0100 s3:SMB2-SESSION-RECONNECT: also expect NETWORK_NAME_DELETED is signing isn't used metze commit 27af0ffdf224a71c7532a22039f455bff6adfb41 Author: Andrew Bartlett abart...@samba.org Date: Tue Dec 27 12:27:11 2011 +1100 s3-libads Use NTLMSSP via auth_generic/gensec This allows us to use the shared gensec_wrap() implementation already used by the smb sealing code, as well as making this code more generic. Andrew Bartlett Signed-off-by: Stefan Metzmacher me...@samba.org commit a00032a92d9c0fcd4fa3f551abb901e5240f780f Author: Andrew Bartlett abart...@samba.org Date: Tue Dec 27 10:25:55 2011 +1100 s3-libsmb Make auth_ntlmssp client more generic As well as renaming, this allows us to start the mech by DCE/RPC auth type or OID. Andrew Bartlett Signed-off-by: Stefan Metzmacher me...@samba.org commit 21415568fe335d513545ef5788462551e2f1f1ae Author: Andrew Bartlett abart...@samba.org Date: Tue Dec 27 10:33:36 2011 +1100 s3-libsmb Use gensec_settings to set s3 ntlmssp client backend This prepares us for making the code generic to multiple mechansims Signed-off-by: Stefan Metzmacher me...@samba.org commit 09928fbcf6bef89b7b7a4d4b48301d1377906622 Author: Andrew Bartlett abart...@samba.org Date: Mon Dec 26 15:58:11 2011 +1100 s3-auth Rename make_auth_ntlmssp() - make_auth_gensec() Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/include/{ntlmssp_wrap.h = auth_generic.h} | 22 ++- source3/libads/sasl.c | 169 +-- source3/librpc/crypto/cli_spnego.c | 25 ++-- source3/libsmb/clifsinfo.c | 27 ++-- source3/libsmb/ntlmssp_wrap.c | 53 +-- source3/rpc_client/cli_pipe.c | 19 +-- source3/smbd/seal.c| 10 +- source3/torture/test_smb2.c| 171 8 files changed, 277 insertions(+), 219 deletions(-) rename source3/include/{ntlmssp_wrap.h = auth_generic.h} (63%) Changeset truncated at 500 lines: diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/auth_generic.h similarity index 63% rename from source3/include/ntlmssp_wrap.h rename to source3/include/auth_generic.h index ac2c77d..faea610 100644 --- a/source3/include/ntlmssp_wrap.h +++ b/source3/include/auth_generic.h @@ -2,7 +2,7 @@ NLTMSSP wrappers Copyright (C) Andrew Tridgell 2001 - Copyright (C) Andrew Bartlett 2001-2003 + Copyright (C) Andrew Bartlett 2001-2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,8 +18,8 @@ along with this program. If not, see http://www.gnu.org/licenses/. */ -#ifndef _NTLMSSP_WRAP_ -#define _NTLMSSP_WRAP_ +#ifndef _AUTH_GENERIC_ +#define _AUTH_GENERIC_ struct gensec_security; @@ -31,14 +31,18 @@ struct auth_generic_state { struct gensec_security *gensec_security; }; -NTSTATUS auth_ntlmssp_set_username(struct auth_generic_state *ans, +NTSTATUS auth_generic_set_username(struct auth_generic_state *ans, const char *user); -NTSTATUS auth_ntlmssp_set_domain(struct auth_generic_state *ans, +NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans, const char *domain); -NTSTATUS auth_ntlmssp_set_password(struct auth_generic_state *ans, +NTSTATUS auth_generic_set_password(struct auth_generic_state *ans, const char *password); -NTSTATUS
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fd69ebd s3-ntlmssp Remove unused ntlmssp_set_hashes() and do not set an invalid LM hash via 60c6611 ntlmssp: merge initial packet implementations via af19532 s3-winbindd: convert cached credentials to use auth_generic/gensec for NTLMSSP from 662c557 s3-torture convert smb2 test to use auth_generic/gensec for NTLMSSP http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fd69ebda26ab62333202de51d3e392af1978c544 Author: Andrew Bartlett abart...@samba.org Date: Tue Dec 27 19:39:32 2011 +1100 s3-ntlmssp Remove unused ntlmssp_set_hashes() and do not set an invalid LM hash When E_deshash() returns false, it indicates that the password is either 14 chars in length, or could not be represented as an LM hash value for some other reason. In this case, we should not regard the LM hash being missing as an error or a no-password situation. Andrew Bartlett Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Jan 6 14:59:13 CET 2012 on sn-devel-104 commit 60c66118b3a076aee59e581a263c045a205e5ed5 Author: Andrew Bartlett abart...@samba.org Date: Tue Dec 27 19:16:14 2011 +1100 ntlmssp: merge initial packet implementations Signed-off-by: Stefan Metzmacher me...@samba.org commit af19532d4dbbf4cd0cf7142b9469d04bd5c722a8 Author: Andrew Bartlett abart...@samba.org Date: Tue Dec 27 14:59:17 2011 +1100 s3-winbindd: convert cached credentials to use auth_generic/gensec for NTLMSSP Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/include/proto.h |3 - source3/libsmb/ntlmssp.c | 77 +++- source3/winbindd/winbindd_ccache_access.c | 79 + source4/auth/ntlmssp/ntlmssp_client.c | 31 +-- 4 files changed, 113 insertions(+), 77 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 7a7f60a..9dcd334 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1079,9 +1079,6 @@ bool get_dc_name(const char *domain, /* The following definitions come from libsmb/ntlmssp.c */ struct ntlmssp_state; NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user) ; -NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state, - const uint8_t lm_hash[16], - const uint8_t nt_hash[16]) ; NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password) ; NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ; void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list); diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 01cc1cc..989f26b 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -33,7 +33,7 @@ #include ../nsswitch/libwbclient/wbclient.h static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, - TALLOC_CTX *out_mem_ctx, /* Unused at this time */ + TALLOC_CTX *out_mem_ctx, DATA_BLOB reply, DATA_BLOB *next_request); static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *out_mem_ctx, /* Unused at this time */ @@ -109,41 +109,35 @@ NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *u } /** - * Store NT and LM hashes on an NTLMSSP context - ensures they are talloc()ed - * - */ -NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state, - const uint8_t lm_hash[16], - const uint8_t nt_hash[16]) -{ - ntlmssp_state-lm_hash = (uint8_t *) - talloc_memdup(ntlmssp_state, lm_hash, 16); - ntlmssp_state-nt_hash = (uint8_t *) - talloc_memdup(ntlmssp_state, nt_hash, 16); - if (!ntlmssp_state-lm_hash || !ntlmssp_state-nt_hash) { - TALLOC_FREE(ntlmssp_state-lm_hash); - TALLOC_FREE(ntlmssp_state-nt_hash); - return NT_STATUS_NO_MEMORY; - } - return NT_STATUS_OK; -} - -/** * Converts a password to the hashes on an NTLMSSP context. * */ NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password) { + TALLOC_FREE(ntlmssp_state-lm_hash); + TALLOC_FREE(ntlmssp_state-nt_hash); if (!password) { - ntlmssp_state-lm_hash = NULL; - ntlmssp_state-nt_hash = NULL; + return
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 487c9d3 s3: No value change, just use the correct enum value from fd69ebd s3-ntlmssp Remove unused ntlmssp_set_hashes() and do not set an invalid LM hash http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 487c9d3b83ba41e0418ca67490adf9dbb2bcd09d Author: Volker Lendecke v...@samba.org Date: Fri Jan 6 14:21:37 2012 +0100 s3: No value change, just use the correct enum value Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Fri Jan 6 16:33:42 CET 2012 on sn-devel-104 --- Summary of changes: nsswitch/pam_winbind.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index 0497726..831fa84 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -1946,7 +1946,7 @@ static int winbind_chauthtok_request(struct pwb_context *ctx, } params.account_name = user; - params.level= WBC_AUTH_USER_LEVEL_PLAIN; + params.level= WBC_CHANGE_PASSWORD_LEVEL_PLAIN; params.old_password.plaintext = oldpass; params.new_password.plaintext = newpass; params.flags= flags; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 76ca46e s3: Avoid a potential alignment requirement issue via 421aab2 s3: Avoid a potential alignment requirement issue via 6529e52 s3: Use DELETE_ON_CLOSE instead of unlink from 487c9d3 s3: No value change, just use the correct enum value http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 76ca46ecfe469e11ccc4d20647ebc88ec4b10973 Author: Volker Lendecke v...@samba.org Date: Fri Jan 6 16:42:08 2012 +0100 s3: Avoid a potential alignment requirement issue Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Fri Jan 6 18:58:11 CET 2012 on sn-devel-104 commit 421aab2e12d3890fe16924ce0a7ad16008a2ec79 Author: Volker Lendecke v...@samba.org Date: Fri Jan 6 16:38:44 2012 +0100 s3: Avoid a potential alignment requirement issue commit 6529e520ee777e279f8211e24fc7575326298d0c Author: Volker Lendecke v...@samba.org Date: Fri Jan 6 14:28:55 2012 +0100 s3: Use DELETE_ON_CLOSE instead of unlink --- Summary of changes: source3/param/loadparm.c |5 ++--- source3/torture/test_cleanup.c | 13 ++--- source3/torture/torture.c | 11 +-- 3 files changed, 13 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 1310353..2ab32f8 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -8504,9 +8504,8 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i if (NT_STATUS_IS_OK(status) (data.dptr != NULL) - (data.dsize == sizeof(iService))) - { - iService = *(int *)data.dptr; + (data.dsize == sizeof(iService))) { + memcpy(iService, data.dptr, sizeof(iService)); } } diff --git a/source3/torture/test_cleanup.c b/source3/torture/test_cleanup.c index 2b4989e..39f579a 100644 --- a/source3/torture/test_cleanup.c +++ b/source3/torture/test_cleanup.c @@ -52,7 +52,12 @@ bool run_cleanup1(int dummy) if (!torture_open_connection(cli, 1)) { return false; } - status = cli_openx(cli, fname, O_RDWR|O_CREAT, DENY_ALL, fnum); + status = cli_ntcreate( + cli, fname, 0, + FILE_GENERIC_READ|FILE_GENERIC_WRITE|DELETE_ACCESS, + FILE_ATTRIBUTE_NORMAL, + FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, + FILE_OPEN, FILE_DELETE_ON_CLOSE, 0, fnum); if (!NT_STATUS_IS_OK(status)) { printf(2nd open of %s failed (%s)\n, fname, nt_errstr(status)); @@ -60,12 +65,6 @@ bool run_cleanup1(int dummy) } cli_close(cli, fnum); - status = cli_unlink(cli, fname, 0); - if (!NT_STATUS_IS_OK(status)) { - printf(cli_unlink failed: %s\n, nt_errstr(status)); - goto done; - } -done: torture_close_connection(cli); return NT_STATUS_IS_OK(status); } diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 8bc9cef..3b023e7 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -8515,7 +8515,7 @@ fail: static bool dbtrans_inc(struct db_context *db) { struct db_record *rec; - uint32_t *val; + uint32_t val; bool ret = false; NTSTATUS status; TDB_DATA value; @@ -8534,12 +8534,11 @@ static bool dbtrans_inc(struct db_context *db) goto fail; } - val = (uint32_t *)value.dptr; - *val += 1; + memcpy(val, value.dptr, sizeof(val)); + val += 1; - status = dbwrap_record_store(rec, make_tdb_data((uint8_t *)val, - sizeof(uint32_t)), - 0); + status = dbwrap_record_store( + rec, make_tdb_data((uint8_t *)val, sizeof(val)), 0); if (!NT_STATUS_IS_OK(status)) { printf(__location__ store failed: %s\n, nt_errstr(status)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via eff69aa Add repack command to tdbtool. via b8b98b8 Remove the commented out code. via d6950d4 Comment out sys_get_number_of_cores() as we're no longer using this. via 12bef84 Add aio num threads parameter to allow manual configuration of threads via smb.conf if required. Ignore the number of cores. See comments inline. via 5cddd22 Fix format warning message. from 76ca46e s3: Avoid a potential alignment requirement issue http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit eff69aa0f908f5cb44b3cb846c8a4ada874240fa Author: Ira Cooper i...@wakeful.net Date: Fri Jan 6 15:45:06 2012 -0800 Add repack command to tdbtool. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Sat Jan 7 02:18:41 CET 2012 on sn-devel-104 commit b8b98b8908d52a09a5a6ecc36423dc484813a2d5 Author: Jeremy Allison j...@samba.org Date: Fri Jan 6 14:56:36 2012 -0800 Remove the commented out code. commit d6950d4ec9615b8c177da1ca28c5eefb7bca490d Author: Jeremy Allison j...@samba.org Date: Fri Jan 6 14:55:30 2012 -0800 Comment out sys_get_number_of_cores() as we're no longer using this. commit 12bef8460791903b5f3a195973d0d5e8de895608 Author: Jeremy Allison j...@samba.org Date: Fri Jan 6 14:33:56 2012 -0800 Add aio num threads parameter to allow manual configuration of threads via smb.conf if required. Ignore the number of cores. See comments inline. commit 5cddd22cd8d933cbd4e83edfd518556acaf732f9 Author: Jeremy Allison j...@samba.org Date: Fri Jan 6 14:25:06 2012 -0800 Fix format warning message. --- Summary of changes: docs-xml/manpages-3/tdbtool.8.xml | 10 - lib/tdb/tools/tdbtool.c |7 +++ source3/include/proto.h |2 + source3/lib/system.c |2 + source3/locking/locking.c |2 +- source3/modules/vfs_aio_pthread.c | 84 +++-- 6 files changed, 37 insertions(+), 70 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/tdbtool.8.xml b/docs-xml/manpages-3/tdbtool.8.xml index 9f96db2..51fc540 100644 --- a/docs-xml/manpages-3/tdbtool.8.xml +++ b/docs-xml/manpages-3/tdbtool.8.xml @@ -201,6 +201,14 @@ varlistentry term + optionrepack/option + /term + listitemparaRepack a database using a temporary file to remove fragmentation. + /para/listitem + /varlistentry + + varlistentry + term optionquit/option /term listitemparaExit commandtdbtool/command. @@ -220,7 +228,7 @@ refsect1 titleVERSION/title - paraThis man page is correct for version 3.0.25 of the Samba suite./para + paraThis man page is correct for version 3.6 of the Samba suite./para /refsect1 refsect1 diff --git a/lib/tdb/tools/tdbtool.c b/lib/tdb/tools/tdbtool.c index d93f742..dc5747f 100644 --- a/lib/tdb/tools/tdbtool.c +++ b/lib/tdb/tools/tdbtool.c @@ -61,6 +61,7 @@ enum commands { CMD_NEXT, CMD_SYSTEM, CMD_CHECK, + CMD_REPACK, CMD_QUIT, CMD_HELP }; @@ -98,6 +99,7 @@ COMMAND_TABLE cmd_table[] = { {quit,CMD_QUIT}, {q, CMD_QUIT}, {!, CMD_SYSTEM}, + {repack, CMD_REPACK}, {NULL, CMD_HELP} }; @@ -203,6 +205,7 @@ static void help(void) list : print the database hash table and freelist\n free : print the database freelist\n check: check the integrity of an opened database\n + repack : repack the database\n speed: perform speed tests on the database\n ! command: execute system command\n 1 | first: print the first record\n @@ -608,6 +611,10 @@ static int do_command(void) bIterate = 0; tdb_transaction_commit(tdb); return 0; + case CMD_REPACK: + bIterate = 0; + tdb_repack(tdb); + return 0; case CMD_TRANSACTION_CANCEL: bIterate = 0; tdb_transaction_cancel(tdb); diff --git a/source3/include/proto.h b/source3/include/proto.h index 9dcd334..2bccaa6 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -390,7 +390,9 @@ int sys_lsetxattr (const char *path, const char *name, const void *value, size_t int sys_fsetxattr (int filedes, const char *name, const void *value, size_t size, int flags); uint32 unix_dev_major(SMB_DEV_T dev); uint32 unix_dev_minor(SMB_DEV_T dev); +#if 0 int