Re: [Samba] Samba PDC and Local Group Policies on XP
What did you use kixtart,poledit...? It seems that you did not set the rights on your netlogon the right way!? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von benedikt.wies...@bw-systems.net Gesendet: Montag, 30. Juli 2012 18:39 An: samba@lists.samba.org Betreff: [Samba] Samba PDC and Local Group Policies on XP Hi *, I have reinstalled a server with the newest version of samba and configured it as PDC based on this tutorial (http://www.nicht-blau.de/2010/12/28/howto-samba-3-5-6-pdc-primary-domain-co ntroller-und-windows-7-2/). I then copied the old profiles folder onto the new server and set the permissions. But however before the reinstallation every Domainuser in the Domain accepted the Group Policies I set up at every Win XP computer (i.e. Setting a specific Wallpaper, Setting a specific design, deny access to system controls) and now they are consequently ignored. Example: I log on as Administrator (locally): - I have no access to system controls - I have my Wallpaper - I have my Design (Group policies are working) I log on as Domainuser: - I have full rights, I can do everything - I have a blue Wallpaper - Nothing happened to the design What the hell is going wrong? Why does a Domainuser has more rights than the administrator and why does the group policies do nothing? I hope somebody can help me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: net ads join fails: Host is not configured as a member server.
Hi everyone I'm trying to join an Ubuntu 12.04 client to a 12.04 Samba4 DC. xp and win7 clients can join fine. Here is my minmal smb.conf realm = POLOP.SITE workgroup = POLOP security = ADS Kerberos is working: kinit Administrator Password for administra...@polop.site: But then it tell me that the DC is _not_ a DC: net ads join -UAdministrator Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: This operation is only allowed for the PDC of the domain. and: net ads testjoin Failed to open /usr/local/samba/private/secrets.tdb Join to domain is not valid: Access denied Can anyone help me tell the Ubuntu client that it really _is_ a DC? Or WHY. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/Windows you do not have permission to access this
If there is a group accessing and writing the files set the sticky bit for groups on the shell Ex.: drwxrws--- 82 root Direktionv 4096 16. Jul 15:08 verwaltung In your smb.conf: read only=no directory mask=2770 force directory mode=2770 create mask = 2770 force create mode=2770 force security mode=2770 force directory security mode=2770 force group = Direktionv This will guarantee all users who own the group can manage the files --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Craig Cameron [mailto:craig.came...@iongeo.com] Gesendet: Mittwoch, 1. August 2012 18:45 An: muel...@tropenklinik.de; samba@lists.samba.org Betreff: RE: [Samba] Samba/Windows you do not have permission to access this Yes it's down as writeable = yes in smb.conf If I change the file's ownership to myself it works - or if I then restart winbind and samba it then becomes accessible too. There's only an issue if the file owner is different from the person accessing it. Regards Craig -Original Message- From: Daniel Müller [mailto:muel...@tropenklinik.de] Sent: 01 August 2012 12:24 To: Craig Cameron; samba@lists.samba.org Subject: AW: [Samba] Samba/Windows you do not have permission to access this Did you configure the share as writeable=yes? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Craig Cameron Gesendet: Mittwoch, 1. August 2012 13:07 An: samba@lists.samba.org Betreff: [Samba] Samba/Windows you do not have permission to access this I'm constantly running into the above error message when accessing files on a samba share under Win7. Files are fully accessible under Linux ie the group permissions are being honoured but Windows just locks me out if I'm not the owner. file: testfile owner: anotheruser group: mygroup user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:other::--- Has anyone else experienced this? And if so can anyone suggest a fix? Thanks Craig This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 'x' bit always set?
Il 01/08/2012 16:23, Helmut Hullen ha scritto: Hallo, Jonathan, Du meintest am 01.08.12: Seems I can't find the root cause of $subj. When I store a file on my home, it gets chmodded ugo+x ... [...] mount your file system with extended attributes enabled and then add the following to your smb.conf # store DOS attributes in extended attributes ea support = yes Added this. store dos attributes = yes This was already there. map readonly = no map archive = no map system = no map hidden = no According to the man page, when store dos attributes is set, those should be ignored. But I added 'em anyway. This is the result when I put a file via Dolphin's smb:// handler: root@str00160-samba:/srv/shared/PERSONALE# getfacl diego.zuccato # file: diego.zuccato # owner: diego.zuccato # group: domain_users # flags: s-- user::rwx user:str00160-backup:rw-#effective:--- group::rwx #effective:--x mask::--x other::--x default:user::rwx default:user:diego.zuccato:rwx default:group::--x default:group:domain_users:--x default:mask::rwx default:other::--- root@str00160-samba:/srv/shared/PERSONALE# getfacl diego.zuccato/* # file: diego.zuccato/index.html # owner: diego.zuccato # group: domain_users user::rwx user:diego.zuccato:rwx group::--x group:domain_users:--x mask::rwx other::--- root@str00160-samba:/srv/shared/PERSONALE# getfattr -d diego.zuccato/* # file: diego.zuccato/index.html user.DOSATTRIB=0sMHgyMwADEQAAACAAADcWNMuJcM0BAAA= The folder 'diego.zuccato' is created by those commands run as root: mkdir -p $home $log 21 chown $domain\\$user:$domusers $home $log 21 chmod 4711 $home $log 21 setfacl --set=d:u::rwX,d:g::--X,d:o::---,d:u:$domain\\$user:rwX,d:g:$domusers:--X $home $log 21 where $home is, obviously, /srv/shared/PERSONALE/diego.zuccato ... IIUC, uppercase 'X' should set 'x' bit only on dirs and on files where it's explicitly set, so I think it's Samba adding it... but why? That's why I'm getting mad at it... :( Another problem I just noticed: effective permissions for str00160-backup is --x instead of rwx and it's not set on the file ??? ARGH! I start hating ACLs ! BYtE, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: net ads join fails: Host is not configured as a member server.
2012-08-02 09:01 keltezéssel, steve írta: Hi everyone I'm trying to join an Ubuntu 12.04 client to a 12.04 Samba4 DC. xp and win7 clients can join fine. Here is my minmal smb.conf realm = POLOP.SITE workgroup = POLOP security = ADS Kerberos is working: kinit Administrator Password for administra...@polop.site: But then it tell me that the DC is _not_ a DC: net ads join -UAdministrator Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: This operation is only allowed for the PDC of the domain. and: net ads testjoin Failed to open /usr/local/samba/private/secrets.tdb Join to domain is not valid: Access denied Can anyone help me tell the Ubuntu client that it really _is_ a DC? Or WHY. Cheers, Steve Hi, The most probable reason is having different versions of samba binaries installed. Using net ads ... suggests the use of samba3 client tools installed from packages, the path /usr/local/samba/private/secrets.tdb suggest a Samba built from source via ./configure make make install (which corresponds to a Samba4 install) Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 'x' bit always set?
Il 02/08/2012 10:49, NdK ha scritto: map readonly = no map archive = no map system = no map hidden = no According to the man page, when store dos attributes is set, those should be ignored. But I added 'em anyway. Uhm... Seems the man page is contraddictory... In map * says they get ignored, in store dos addtibutes it says they should be set to 'no' to avoid fallback... Mah! This is the result when I put a file via Dolphin's smb:// handler: Just to be sure, I now used smbclient: $ smbclient -U diego.zuccato //str00160-samba/diego.zuccato/ Enter diego.zuccato's password: Domain=[PERSONALE] OS=[Unix] Server=[Samba 3.5.6] smb: \ put index.html putting file index.html as \index.html (79,6 kb/s) (average 79,6 kb/s) smb: \ ls . D0 Thu Aug 2 11:03:44 2012 .. D0 Thu Aug 2 11:03:35 2012 index.html A 163 Thu Aug 2 11:03:44 2012 65535 blocks of size 33553920. 65535 blocks available But the result is always the same: root@str00160-samba:/srv/shared/PERSONALE/diego.zuccato# ls -l totale 8 -rwxrwx---+ 1 diego.zuccato domain_users 163 2 ago 11.03 index.html Sigh! BYtE, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot create new GPO
Hello! I'm experiencing a problem with creating New GPOs, whenever I try to create a new GPO I get the error File not found, I can Edit old GPOs just fine. The problem I'm experiencing is similiar to this bug report: https://bugzilla.samba.org/show_bug.cgi?id=7544 The last time I was able to create new GPOs was when we were running Alpha 17, we are now running Beta 4. Any help pointing us in the right direction would be highly appreciated ! //Niklas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: net ads join fails: Host is not configured as a member server. [SOLVED]
On 02/08/12 11:03, Gémes Géza wrote: 2012-08-02 09:01 keltezéssel, steve írta: Hi everyone I'm trying to join an Ubuntu 12.04 client to a 12.04 Samba4 DC. xp and win7 clients can join fine. Here is my minmal smb.conf realm = POLOP.SITE workgroup = POLOP security = ADS Kerberos is working: kinit Administrator Password for administra...@polop.site: But then it tell me that the DC is _not_ a DC: net ads join -UAdministrator Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: This operation is only allowed for the PDC of the domain. and: net ads testjoin Failed to open /usr/local/samba/private/secrets.tdb Join to domain is not valid: Access denied Can anyone help me tell the Ubuntu client that it really _is_ a DC? Or WHY. Cheers, Steve Hi, The most probable reason is having different versions of samba binaries installed. Using net ads ... suggests the use of samba3 client tools installed from packages, the path /usr/local/samba/private/secrets.tdb suggest a Samba built from source via ./configure make make install (which corresponds to a Samba4 install) Regards Geza Gemes Hi Geza Thanks so much. Yes, we had both the Ubuntu 3.6 and the 4.0 beta on the same test box. Our m$ guy had had a go with S4 and obviously succeeded without telling me. To be fair, I should add that it was upon my encouragement. Conclusion. Samba4 is so easy to install that even a windoze admin can do it;-) Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] idmap ignores the range set in smb.conf
Hi server: Ubuntu 12.04 samba4 DC running winbindd client: Ubuntu 12.04 samba 3.6.6 client smb.conf: realm = polop.site workgroup = POLOP security = ADS wide links = Yes unix extensions = No template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes idmap uid = 30-40 idmap gid = 2-3 The client is joined to AD and users can login. But, for example, a user does not correspond to the 30-4 range set: POLOP\joseph-p:*:20003:2:joseph-p:/home/POLOP/joseph-p:/bin/bash I've cleared winbindd_idmap.tdb from winbindd_idmap.tdb on the client and restarted winbind and nscd is stopped. What am I doing wrong? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind is it possible to have the same uid and gid numbers everywhere?
Hi Is it possible simply to have the uid/gid pair I set on the server on the clients too? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 'x' bit always set?
On 02/08/12 10:09, NdK wrote: Il 02/08/2012 10:49, NdK ha scritto: map readonly = no map archive = no map system = no map hidden = no According to the man page, when store dos attributes is set, those should be ignored. But I added 'em anyway. Uhm... Seems the man page is contraddictory... In map * says they get ignored, in store dos addtibutes it says they should be set to 'no' to avoid fallback... Mah! This is the result when I put a file via Dolphin's smb:// handler: Just to be sure, I now used smbclient: $ smbclient -U diego.zuccato //str00160-samba/diego.zuccato/ Enter diego.zuccato's password: Domain=[PERSONALE] OS=[Unix] Server=[Samba 3.5.6] smb: \ put index.html putting file index.html as \index.html (79,6 kb/s) (average 79,6 kb/s) smb: \ ls . D0 Thu Aug 2 11:03:44 2012 .. D0 Thu Aug 2 11:03:35 2012 index.html A 163 Thu Aug 2 11:03:44 2012 65535 blocks of size 33553920. 65535 blocks available But the result is always the same: root@str00160-samba:/srv/shared/PERSONALE/diego.zuccato# ls -l totale 8 -rwxrwx---+ 1 diego.zuccato domain_users 163 2 ago 11.03 index.html That may well be something to do with the way the share is setup or the way smbclient is operating. I was just noting that you can use extended attributes to store the DOS attributes and not bother doing any mapping. Have you verified that you are storing DOS attributes in extended attributes, something like this on the server [root@nabak Pictures]# getfattr -d Thumbs.db # file: Thumbs.db user.DOSATTRIB=0sMHgyNgAAAwADEQAAACYAAIASVa5FHs0BAAA= Note the lack of map hidden = no in my original reply was down to cut and paste error out of my smb.conf JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 'x' bit always set?
Il 02/08/2012 13:50, Jonathan Buzzard ha scritto: Have you verified that you are storing DOS attributes in extended attributes, something like this on the server [root@nabak Pictures]# getfattr -d Thumbs.db # file: Thumbs.db user.DOSATTRIB=0sMHgyNgAAAwADEQAAACYAAIASVa5FHs0BAAA= Yup. As written in the message before the quoted one: root@str00160-samba:/srv/shared/PERSONALE# getfattr -d diego.zuccato/* # file: diego.zuccato/index.html user.DOSATTRIB=0sMHgyMwADEQAAACAAADcWNMuJcM0BAAA= Note the lack of map hidden = no in my original reply was down to cut and paste error out of my smb.conf I added it. My smb.conf (stripped to the homes definition) is: -8-- [global] workgroup = PERSONALE realm = PERSONALE.DIR.UNIBO.IT server string = Shares for Astronomy Dept. netbios name = STR00160-SAMBA security = ADS encrypt passwords = true password server = personale.dir.unibo.it log file = /var/log/samba/log.%m log level = 0 max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768 local master = No dns proxy = No wins server = 137.204.25.77 # Should fix instability of name resolution (gid-to-name) client schannel = no # Unix extensions give troubles with permissions from Mac clients unix extensions = no wide links = no # We need a local user for str00160-web auth methods = guest sam winbind:ntdomain #winbind separator = - winbind enum users = No winbind enum groups = No winbind offline logon = Yes winbind nested groups = Yes winbind normalize names = Yes winbind refresh tickets = Yes winbind use default domain = yes idmap backend = tdb idmap uid = 1-9 idmap gid = 1-9 idmap config PERSONALE : backend = rid idmap config PERSONALE : base_rid = 500 idmap config PERSONALE : range = 10 - 4999 idmap config STUDENTI : backend = rid idmap config STUDENTI : base_rid = 500 idmap config STUDENTI : range = 5000 - template homedir = /srv/shared/%D/%U template shell = /bin/bash # Don't show a printers icon when browsing the server show add printer wizard = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes [homes] comment = Home Directories # Standard options for homes browseable = no read only = no create mask = 0600 directory mask = 0711 # Fix reported capacity block size = 4096 # Use ACL to store attributes acl group control = Yes inherit acls = Yes ea support = Yes store dos attributes = yes dos filemode = yes map hidden = no map system = no map archive = no map readonly = no # I want users to be able to sare their data... #valid users = %D\%S path = /srv/shared/%D/%S # Equivalent of pam_mkhomedir, but more versatile root preexec = /opt/checklogon '%S' '%H' '%u' '%P' '%D' '%U' -8-- Didn't yet try to tune it too much... Is there something evidently wrong? Could create mask be connected to the wrong permissions I see (not the main x bit set issue, the other)? Is there a tutorial eplaining how does ACLs and EAs interact with Samba? BYtE, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba solaris 8 package with Windows 2008 support?
Hi- I am running Samba 2.2.8 on Solaris 8. Our Windows team has upgraded Windows 2003 servers Active Directory to Windows 2008. Samba is not working now. Can someone suggest the best Samba version for Solaris 8 that I can upgrade to that will support the new Windows 2008 authentication mechanism. Thanks -Steve Stephen P. Michaels ITSD Server Systems Group The Johns Hopkins University Applied Physics Laboratory 11100 Johns Hopkins Rd. Laurel, MD. 20723-6099 (443) 778-7527 Office (443) 324-2686 Mobile -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind is it possible to have the same uid and gid numbers everywhere?
On 02/08/12 13:54, NdK wrote: Il 02/08/2012 13:21, steve ha scritto: Is it possible simply to have the uid/gid pair I set on the server on the clients too? Yes and no. Actually, it depends on your setup. If you have a domain, you can. If not, I doubt... BYtE, Diego Hi Diego Yes, I have a Samba4 domain with Samba3.6 Linux clients attached. It works OK but the idmap is really confusing. I'd like to be able to use getent passwd and see the same uid:gid pair of numbers on both DC and client. At the moment, the client side ignores the idmap uid range and bases everything in the idmap gid range instead. Maybe that is a bug in Samba3? Client smb.conf: [global] realm = polop.site workgroup = POLOP security = ADS wide links = Yes unix extensions = No template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes idmap uid = 30-40 idmap gid = 2-3 Ubuntu 12.04 Samba4 DC and Ubuntu 12.04 Samba3 clients. Is what I want a possibility? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba solaris 8 package with Windows 2008 support?
You can check for a precompiled version on blastwave.org. It looks like sunfreeware.com doesn't have the Solaris 8 binaries online anymore. I suspect you will have to compile from source which can be a major PITA on solaris. (if you look for other posts from me on this list you will see this.) You may be better off moving to Solaris 10, which includes Samba 3.5.x - depending on how old your hardware is. I have a 5 year old Sun V210 ( 1 GB RAM?) running Solaris 10 comfortably On 08/02/12 08:00, Michaels, Stephen P. wrote: Hi- I am running Samba 2.2.8 on Solaris 8. Our Windows team has upgraded Windows 2003 servers Active Directory to Windows 2008. Samba is not working now. Can someone suggest the best Samba version for Solaris 8 that I can upgrade to that will support the new Windows 2008 authentication mechanism. Thanks -Steve Stephen P. Michaels ITSD Server Systems Group The Johns Hopkins University Applied Physics Laboratory 11100 Johns Hopkins Rd. Laurel, MD. 20723-6099 (443) 778-7527 Office (443) 324-2686 Mobile -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind: uid range is ignored
Hi everone. Ubuntu 12.04 v3.6 clients with winbind joined to 12.04 Samba4 DC Clients: smb.conf [global] realm = polop.site workgroup = POLOP security = ADS wide links = Yes unix extensions = No template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes idmap uid = 30-40 idmap gid = 2-3 /etc/nsswitch.conf passwd: compat winbind group: compat winbind Problem: The uid range is ignored. Both uid and gid come from the gid range. e.g.: getent passwd steve2 POLOP\steve2:*:20007:2:steve2:/home/POLOP/steve2:/bin/bash Why is the uid range of 30-40 ignored? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
On 02/08/12 16:01, steve wrote: Hi everone. Ubuntu 12.04 v3.6 clients with winbind joined to 12.04 Samba4 DC Clients: smb.conf [global] realm = polop.site workgroup = POLOP security = ADS wide links = Yes unix extensions = No template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes idmap uid = 30-40 idmap gid = 2-3 /etc/nsswitch.conf passwd: compat winbind group: compat winbind Problem: The uid range is ignored. Both uid and gid come from the gid range. e.g.: getent passwd steve2 POLOP\steve2:*:20007:2:steve2:/home/POLOP/steve2:/bin/bash Why is the uid range of 30-40 ignored? I have a feeling that there is no separate uid and gid range in 3.6. Check the man page. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
Hi Steve, please use idmap config * : range = ... instead of idmap uid/gid. Best regards Björn On 08/02/2012 05:01 PM, steve wrote: Hi everone. Ubuntu 12.04 v3.6 clients with winbind joined to 12.04 Samba4 DC Clients: smb.conf [global] realm = polop.site workgroup = POLOP security = ADS wide links = Yes unix extensions = No template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes idmap uid = 30-40 idmap gid = 2-3 /etc/nsswitch.conf passwd: compat winbind group: compat winbind Problem: The uid range is ignored. Both uid and gid come from the gid range. e.g.: getent passwd steve2 POLOP\steve2:*:20007:2:steve2:/home/POLOP/steve2:/bin/bash Why is the uid range of 30-40 ignored? Cheers, Steve -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
On 02/08/12 17:14, Bjoern Baumbach wrote: Hi Steve, please use idmap config * : range = ... instead of idmap uid/gid. Thanks Jonathan and Bjoern I have that now. I chose: idmap config * : range = 3-4 I have deleted the winbind files from /var/lib/samba and /var/cache/samba and restarted smbd and winbind but the idmap ranges are still at the old values. In fact they are the same numerical values as on the DC e.g. -rw-r--r-- 1 337 20513 0 Aug 2 17:34 file1 Back on the DC/fileserver that is correctly mapped as: -rw-r--r-- 1 POLOP\steve2 Domain Users 0 Aug 2 17:34 file1 Is there a cache somewhere else? I have even totally purged the whole of samba and reinstalled from nothing but still the old values reappear. How do I lose the old values so it accepts my new range and maps the files correctly as humanly readable uid:gid pairs rather than numbers? nscd is not active. cheers Steve /etc/samba/smb.conf [global] realm = polop.site workgroup = POLOP security = ADS wide links = Yes unix extensions = No template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes idmap config * : backend = tdb idmap config * : range = 3-4 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Best samba4 network deployment
I've been playing around with Samba4 as an AD for a domain. I like it a lot and it's been very stable for me. I've been using Samba 3.5 for a while with OpenLDAP and connecting win7 computers fine, sharing files fine and even sharing printers and printer drivers fine. I'd like to move to Samba4 as by backend LDAP and Authentication server and, like many, want to also keep all the Samba3 file sharing capabilities that I've gotten accustomed to. I thought the best option was to install samba4 on all the servers, making one the DC and the others as member servers. Basically distributing the authentication and the directory. On my current file server just keep running samba3 and just joining it to the samba4 domain. Does this sound like the best solution for business network? Is there anything I should be aware of by setting this up? If I do setup a network with this configuration, can I just use ntvfs on all the samba4 computers? Would that be more stable? I know the s3fs is going to be the default file sharing mechanism in Samba4 but since I'll be using samba3 for filesharing I can just use the ntvfs, right? On the file server itself, I can run samba3 and samba4 side by side just fine, right? They won't but heads, so long as smbd nmbd listen on their ports and samba4 listens on the Kerberson and DNS ports, right? I was just hoping to probe the minds of others who've maybe done this exact network config. Also, hopefully help my understanding on best practices with the current status of the samba project. Thanks, any answers are greatly appreciated. Caleb O'Connell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
2012-08-02 17:45 keltezéssel, steve írta: On 02/08/12 17:14, Bjoern Baumbach wrote: Hi Steve, please use idmap config * : range = ... instead of idmap uid/gid. Thanks Jonathan and Bjoern I have that now. I chose: idmap config * : range = 3-4 I have deleted the winbind files from /var/lib/samba and /var/cache/samba and restarted smbd and winbind but the idmap ranges are still at the old values. In fact they are the same numerical values as on the DC e.g. -rw-r--r-- 1 337 20513 0 Aug 2 17:34 file1 Back on the DC/fileserver that is correctly mapped as: -rw-r--r-- 1 POLOP\steve2 Domain Users 0 Aug 2 17:34 file1 Is there a cache somewhere else? I have even totally purged the whole of samba and reinstalled from nothing but still the old values reappear. How do I lose the old values so it accepts my new range and maps the files correctly as humanly readable uid:gid pairs rather than numbers? nscd is not active. cheers Steve /etc/samba/smb.conf [global] realm = polop.site workgroup = POLOP security = ADS wide links = Yes unix extensions = No template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes idmap config * : backend = tdb idmap config * : range = 3-4 I would suggest using idmap_ad: http://www.samba.org/samba/docs/man/manpages-3/idmap_ad.8.html Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
On 02/08/12 18:16, Gémes Géza wrote: 2012-08-02 17:45 keltezéssel, steve írta: On 02/08/12 17:14, Bjoern Baumbach wrote: Hi Steve, please use idmap config * : range = ... instead of idmap uid/gid. Thanks Jonathan and Bjoern I have that now. I chose: idmap config * : range = 3-4 I have deleted the winbind files from /var/lib/samba and /var/cache/samba and restarted smbd and winbind but the idmap ranges are still at the old values. In fact they are the same numerical values as on the DC e.g. -rw-r--r-- 1 337 20513 0 Aug 2 17:34 file1 Back on the DC/fileserver that is correctly mapped as: -rw-r--r-- 1 POLOP\steve2 Domain Users 0 Aug 2 17:34 file1 Is there a cache somewhere else? I have even totally purged the whole of samba and reinstalled from nothing but still the old values reappear. How do I lose the old values so it accepts my new range and maps the files correctly as humanly readable uid:gid pairs rather than numbers? nscd is not active. cheers Steve /etc/samba/smb.conf [global] realm = polop.site workgroup = POLOP security = ADS wide links = Yes unix extensions = No template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes idmap config * : backend = tdb idmap config * : range = 3-4 I would suggest using idmap_ad: http://www.samba.org/samba/docs/man/manpages-3/idmap_ad.8.html Regards Geza Gemes Hi Geza No. In this case it is a pure-by-the-book winbind test lan. The problem is this: Here is my id: POLOP\steve2@ubuntu1:~$ id uid=30007(POLOP\steve2) gid=30014(POLOP\domain users) groups=30014(POLOP\domain users),30016(POLOP\staff),30018(BUILTIN\users) When I create a file, I want to see a uid:gid of POLOP\steve2 POLOP\domain users (as indeed I do back on the fileserver/DC) But on the client, I see only the uid:gid _numbers_ which are stored in idmap.ldb on the server: POLOP\steve2@ubuntu1:~$ touch afile POLOP\steve2@ubuntu1:~$ ls -l afile -rw-r--r-- 1 337 20513 0 Aug 2 18:34 afile How do I convert 337 to POLOP\steve2 and 20513 to POLOP\domain users on the client? The shares are mounted via kerberized nfs on the client and _did_ map correctly before this thread started. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind is it possible to have the same uid and gid numbers everywhere?
Il 02/08/2012 16:19, steve ha scritto: At the moment, the client side ignores the idmap uid range and bases everything in the idmap gid range instead. Maybe that is a bug in Samba3? Don't know... I always kept 'em in the same range. [global] realm = polop.site workgroup = POLOP security = ADS wide links = Yes unix extensions = No template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes idmap config POLOP : backend = rid idmap config POLOP : base_rid = 500 idmap config POLOP : range = 30-40 Is what I want a possibility? For sure if you keep the same range for UIDs and GIDs. That's what I'm doing since 3 years from PCs joined to an AD (win 2k3) domain that needed access to NFS home (hence consistent UID/GID mapping is a must). And across 2 domains (well, really more, but I was not interested in the others). Another (better) fix would be to store uid and gid in Samba schema, but I can't help you with that sine I can't alter our schema. BYtE, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
Il 02/08/2012 18:42, steve ha scritto: The shares are mounted via kerberized nfs on the client and _did_ map correctly before this thread started. Are you sure you updated /etc/nnsswitch.conf to use winbind after purging the old Samba install? BYtE, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] documentation for configuring folder redirection
I believe that once you have roaming profiles configured, all you need to do to configure folder redirection is set some registry keys. I'd like to turn that job over to our Windows sys admin. Can someone provide me with their favorite documentation for configuring folder redirection? Keep in mind I am passing this link along to a Windows sys admin. Our backend is samba 3.6.3 if it matters. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba-3.5.14 (and less) corrupting AD-UID mappings
Hi there We've had three incidents this year where users connected to Samba shares (on CentOS systems) and appeared as the incorrect Windows account. e.g dom\user1 would connect, but any files they created would be owned by Unix user dom\user2 This is of course pretty nasty. We normally delete all the cache and winbind TDB files and restart and that fixes it - but that isn't really a fix. There is a hint this may be associated with sites with RODCs - but last night we just had it happen on a site that has both true AD 2008-R2 DCs and RODCs - so maybe winbind was talking to the RODC there - maybe not - dunno Is this a known issue, and if not, what can I do to track down the cause, as it sort of diminishes the usefulness of Samba if you can't trust the file ownership anymore Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-3.5.14 (and less) corrupting AD-UID mappings
On Thu, Aug 2, 2012 at 5:07 PM, Jason Haar jason_h...@trimble.com wrote: Hi there We've had three incidents this year where users connected to Samba shares (on CentOS systems) and appeared as the incorrect Windows account. e.g dom\user1 would connect, but any files they created would be owned by Unix user dom\user2 And you're using Samba 3.5.14 why? The built in Samba is samba-3.5.10, as published by the upstream vendor, Red Hat. And the current 3.x release is 3.6.6. By playing with an intermediate and vendor unsupported version, you expose yourself to all the bugs fixed in more recent releases, without the vendor support to address any bugs known to exist in the old version. If you need 3.6.6, which is the current 3.6 release, check out my SRPM tools at https://github.com/nkadel/samba-3.6.6-srpm for something that builds very cleanly and compatibly with RHEL 6 and CentOS 6. This is of course pretty nasty. We normally delete all the cache and winbind TDB files and restart and that fixes it - but that isn't really a fix. There is a hint this may be associated with sites with RODCs - but last night we just had it happen on a site that has both true AD 2008-R2 DCs and RODCs - so maybe winbind was talking to the RODC there - maybe not - dunno Is this a known issue, and if not, what can I do to track down the cause, as it sort of diminishes the usefulness of Samba if you can't trust the file ownership anymore Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-3.5.14 (and less) corrupting AD-UID mappings
On 03/08/12 13:09, Nico Kadel-Garcia wrote: And you're using Samba 3.5.14 why? The built in Samba is samba-3.5.10, as published by the upstream vendor, Red Hat. Historic. We are still running CentOS-4 servers - so we jumped off the supported-but-dead track onto the 3.5 line. We had serious issues with 3.6 which I've blamed on old system libraries and have given up on 3.6 until we upgrade to CentOS-6 later this year. At that point the intention is to keep to the vendor release -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can create files from share but only delete as root
I solved this problem with the help of RedHat Linux support. With the newer versions of CUPS, it is necessary to specify the uid and gid as a local user and group respectively in order to delete from the share. Thanks, David J. Rericha Project Manager Open Software Solutions, LLC (W) 563-884-4010 (C) 563-650-5446 On 06/26/2012 05:53 PM, David Rericha wrote: Fellow List Members: After upgrading our server to RHEL 6 from RHEL 5, I discovered that our linux clients could create files on the share but not delete them unless they first switch to root (su -). This is very odd to me since the share in question is mounted with the non-root user's credentials. The fstab entry is as follows: //192.168.1.2/officefiles /mnt/officefiles cifs username=joe,password=fakepwd 0 0 Now, the version of samba on the server is 3.5.10 and on the client is 3.5.4. I can't upgrade the client w/o difficulty since it is an expired distribution (OpenSuSE 11.3). The smb conf forces full permissions on files and directories. Here is the share: [officefiles] force create mode = 777 create mode = 777 path = /cool/officefiles force directory mode = 777 directory mode = 777 And, the mount owner also belongs to the cool_users group on the server: drwxrwxr-x 25 jimcool_users 4096 Jun 26 14:26 officefiles Notice, there is no sticky bit on the directory. Now, if I add the user option after installing setuid on /bin/mount and /sbin/mount.cifs, I can mount the share as joe and delete files to my heart's content. So, I am wondering if this is by design so that if I want the user to be able to delete from the share, they need to not only have linux and samba permissions but also be the user that mounts the share. If this is not the design, PLEASE tell me what I am missing. Here is the global section of the smb.conf for good measure: [global] log file = /var/log/samba/%m.log load printers = yes idmap gid = 16777216-33554431 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 username map = /etc/samba/smbusers winbind use default domain = no template shell = /bin/false dns proxy = no oplocks = no cups options = raw netbios name = cool-server delete readonly = yes writeable = yes server string = Samba Server password server = None idmap uid = 16777216-33554431 workgroup = COOL os level = 20 printcap name = /etc/printcap create mode = 775 short preserve case = no max log size = 50 directory mode = 775 Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 02dcf05 heimdal: fixed -Werror=format error in com_err from b93e6ef s3:smbd: add a optional_support helper variable to reply_tcon_and_X() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 02dcf059149174beab3528d201fd36e313ba5ee5 Author: Andrew Tridgell tri...@samba.org Date: Thu Aug 2 14:59:37 2012 +1000 heimdal: fixed -Werror=format error in com_err This needs to be merged upstream Autobuild-User(master): Andrew Tridgell tri...@samba.org Autobuild-Date(master): Thu Aug 2 08:59:24 CEST 2012 on sn-devel-104 --- Summary of changes: source4/heimdal/lib/com_err/error.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal/lib/com_err/error.c b/source4/heimdal/lib/com_err/error.c index 6864e87..bf046da 100644 --- a/source4/heimdal/lib/com_err/error.c +++ b/source4/heimdal/lib/com_err/error.c @@ -65,7 +65,7 @@ com_right_r(struct et_list *list, long code, char *str, size_t len) const char *msg = p-table-msgs[code - p-table-base]; #ifdef LIBINTL char domain[12 + 20]; - snprintf(domain, sizeof(domain), heim_com_err%d, p-table-base); + snprintf(domain, sizeof(domain), heim_com_err%ld, p-table-base); #endif strlcpy(str, dgettext(domain, msg), len); return str; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e956253 s4:torture: send the TCONX_FLAG_EXTENDED_RESPONSE flag via 95b64f0 s4:libcli: send the TCONX_FLAG_EXTENDED_RESPONSE flag from 02dcf05 heimdal: fixed -Werror=format error in com_err http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e9562530d91ba66f9e60886ce0125eb146a15ce5 Author: Stefan Metzmacher me...@samba.org Date: Thu Aug 2 08:48:11 2012 +0200 s4:torture: send the TCONX_FLAG_EXTENDED_RESPONSE flag metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Aug 2 10:54:18 CEST 2012 on sn-devel-104 commit 95b64f08a331aec2b520d43c2c4dda49ccc44e84 Author: Stefan Metzmacher me...@samba.org Date: Thu Aug 2 08:48:11 2012 +0200 s4:libcli: send the TCONX_FLAG_EXTENDED_RESPONSE flag metze --- Summary of changes: source4/libcli/cliconnect.c|2 +- source4/libcli/smb_composite/connect.c |4 ++-- source4/libcli/util/clilsa.c |2 +- source4/torture/raw/context.c |6 +++--- source4/torture/raw/lock.c |2 +- source4/torture/raw/notify.c |2 +- source4/torture/rpc/samba3rpc.c|2 +- source4/torture/util_smb.c |2 +- 8 files changed, 11 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c index 45d8d2a..d680a7e 100644 --- a/source4/libcli/cliconnect.c +++ b/source4/libcli/cliconnect.c @@ -124,7 +124,7 @@ NTSTATUS smbcli_tconX(struct smbcli_state *cli, const char *sharename, /* setup a tree connect */ tcon.generic.level = RAW_TCON_TCONX; - tcon.tconx.in.flags = 0; + tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE; if (cli-transport-negotiate.sec_mode NEGOTIATE_SECURITY_USER_LEVEL) { tcon.tconx.in.password = data_blob(NULL, 0); } else if (cli-transport-negotiate.sec_mode NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index 80ce556..3453ec9 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -110,7 +110,7 @@ static NTSTATUS connect_session_setup_anon(struct composite_context *c, /* connect to a share using a tree connect */ state-io_tcon-generic.level = RAW_TCON_TCONX; - state-io_tcon-tconx.in.flags = 0; + state-io_tcon-tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE; state-io_tcon-tconx.in.password = data_blob(NULL, 0); state-io_tcon-tconx.in.path = talloc_asprintf(state-io_tcon, @@ -195,7 +195,7 @@ static NTSTATUS connect_session_setup(struct composite_context *c, /* connect to a share using a tree connect */ state-io_tcon-generic.level = RAW_TCON_TCONX; - state-io_tcon-tconx.in.flags = 0; + state-io_tcon-tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE; state-io_tcon-tconx.in.password = data_blob(NULL, 0); state-io_tcon-tconx.in.path = talloc_asprintf(state-io_tcon, diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c index 4a81457..2720a50 100644 --- a/source4/libcli/util/clilsa.c +++ b/source4/libcli/util/clilsa.c @@ -68,7 +68,7 @@ static NTSTATUS smblsa_connect(struct smbcli_state *cli) /* connect to IPC$ */ tcon.generic.level = RAW_TCON_TCONX; - tcon.tconx.in.flags = 0; + tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE; tcon.tconx.in.password = data_blob(NULL, 0); tcon.tconx.in.path = ipc$; tcon.tconx.in.device = IPC; diff --git a/source4/torture/raw/context.c b/source4/torture/raw/context.c index d9d7820..e10e775 100644 --- a/source4/torture/raw/context.c +++ b/source4/torture/raw/context.c @@ -292,7 +292,7 @@ static bool test_tree(struct torture_context *tctx, struct smbcli_state *cli) tree = smbcli_tree_init(cli-session, tctx, false); tcon.generic.level = RAW_TCON_TCONX; - tcon.tconx.in.flags = 0; + tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE; tcon.tconx.in.password = data_blob(NULL, 0); tcon.tconx.in.path = talloc_asprintf(tctx, %s\\%s, host, share); tcon.tconx.in.device = A:; @@ -412,7 +412,7 @@ static bool test_tree_ulogoff(struct torture_context *tctx, struct smbcli_state torture_comment(tctx, create a tree context on the with vuid1\n); tree = smbcli_tree_init(session1, tctx, false); tcon.generic.level = RAW_TCON_TCONX; - tcon.tconx.in.flags = 0; + tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE; tcon.tconx.in.password = data_blob(NULL, 0); tcon.tconx.in.path = talloc_asprintf(tctx, %s\\%s, host,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1e5098d s3-pysmbd: Add hook for get_nt_acl() via 64f494d s3-pysmbd: fix DEBUG via e5686a4 s3-pysmbd: Add my copyright via 55a0d66 s3-pysmbd: Add set_nt_acl() function based on parts of vfstest via b041d29 s3-pypassdb: Fix wrapper for pdb_domain_info to return correct dns_{domain,forest} from e956253 s4:torture: send the TCONX_FLAG_EXTENDED_RESPONSE flag http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1e5098d5e1bb4dd2df6af690ade1b4b52a8d Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 2 15:16:13 2012 +1000 s3-pysmbd: Add hook for get_nt_acl() Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 2 13:27:55 CEST 2012 on sn-devel-104 commit 64f494de5e8e468a3adde62b02843d734d6cc483 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 2 13:36:55 2012 +1000 s3-pysmbd: fix DEBUG commit e5686a4cf0931d8a89ed8f5922fd00d93b7893ea Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 2 13:36:43 2012 +1000 s3-pysmbd: Add my copyright commit 55a0d6606c76463296188582c52821a7607ade7b Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 2 13:35:24 2012 +1000 s3-pysmbd: Add set_nt_acl() function based on parts of vfstest This will allow us to set the full NT ACL on a file, using the VFS layer, during provision of the AD DC. Andrew Bartlett commit b041d29c116a5d93b70a2cea5f808e81b9e12556 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 2 18:05:03 2012 +1000 s3-pypassdb: Fix wrapper for pdb_domain_info to return correct dns_{domain,forest} --- Summary of changes: source3/passdb/py_passdb.c |4 +- source3/smbd/pysmbd.c | 143 +++- source3/wscript_build |2 +- 3 files changed, 144 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c index 7043ce6..bd332e1 100644 --- a/source3/passdb/py_passdb.c +++ b/source3/passdb/py_passdb.c @@ -1368,8 +1368,8 @@ static PyObject *py_pdb_domain_info(pytalloc_Object *self, PyObject *args) } PyDict_SetItemString(py_domain_info, name, PyString_FromString(domain_info-name)); - PyDict_SetItemString(py_domain_info, dns_domain, PyString_FromString(domain_info-name)); - PyDict_SetItemString(py_domain_info, dns_forest, PyString_FromString(domain_info-name)); + PyDict_SetItemString(py_domain_info, dns_domain, PyString_FromString(domain_info-dns_domain)); + PyDict_SetItemString(py_domain_info, dns_forest, PyString_FromString(domain_info-dns_forest)); PyDict_SetItemString(py_domain_info, dom_sid, pytalloc_steal(dom_sid_Type, sid)); PyDict_SetItemString(py_domain_info, guid, pytalloc_steal(guid_Type, guid)); diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 5badb3a..9a44d25 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -1,9 +1,13 @@ /* Unix SMB/CIFS implementation. - SMB NT Security Descriptor / Unix permission conversion. + Set NT and POSIX ACLs and other VFS operations from Python + + Copyrigyt (C) Andrew Bartlett 2012 Copyright (C) Jeremy Allison 1994-2009. Copyright (C) Andreas Gruenbacher 2002. Copyright (C) Simo Sorce i...@samba.org 2009. + Copyright (C) Simo Sorce 2002 + Copyright (C) Eric Lorimer 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,6 +27,9 @@ #include smbd/smbd.h #include Python.h #include libcli/util/pyerrors.h +#include librpc/rpc/pyrpc_util.h +#include pytalloc.h +#include system/filesys.h extern const struct generic_mapping file_generic_mapping; @@ -58,7 +65,7 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, ret = SMB_VFS_SYS_ACL_SET_FILE( conn, fname, acltype, theacl); if (ret != 0) { status = map_nt_error_from_unix_common(ret); - DEBUG(0,(get_nt_acl_no_snum: fset_nt_acl returned zero.\n)); + DEBUG(0,(set_nt_acl_no_snum: fset_nt_acl returned zero.\n)); } conn_free(conn); @@ -66,6 +73,83 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, return status; } +static NTSTATUS set_nt_acl_no_snum(const char *fname, + uint32 security_info_sent, const struct security_descriptor *sd) +{ + TALLOC_CTX *frame = talloc_stackframe(); + connection_struct *conn; + NTSTATUS status = NT_STATUS_OK; + files_struct *fsp; + struct smb_filename *smb_fname = NULL; + int flags; + + conn = talloc_zero(frame, connection_struct); + if (conn == NULL)
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 6f5cfa2 WHATSNEW: Remove Major enhancements section. from a7e0d4a WHATSNEW: Add changes since 3.5.16. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 6f5cfa259dfb5501db21163982ad4397c254a9c9 Author: Karolin Seeger ksee...@samba.org Date: Thu Aug 2 19:26:06 2012 +0200 WHATSNEW: Remove Major enhancements section. Karolin --- Summary of changes: WHATSNEW.txt |4 1 files changed, 0 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 06c1f77..e95acf1 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -6,10 +6,6 @@ This is the latest stable release of Samba 3.5. -Major enhancements in Samba 3.5.17 include: - -o - Changes since 3.5.16: - -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8dde55c build: fix typo from 1e5098d s3-pysmbd: Add hook for get_nt_acl() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8dde55c7fb55f3a03c222609d7340db8056c3365 Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 3 10:00:56 2012 +1000 build: fix typo Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 3 03:56:38 CEST 2012 on sn-devel-104 --- Summary of changes: dynconfig/wscript |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/dynconfig/wscript b/dynconfig/wscript index 2a60a2a..44e8f19 100755 --- a/dynconfig/wscript +++ b/dynconfig/wscript @@ -269,7 +269,7 @@ def set_options(opt): fhs_help = Use FHS-compliant paths (default no)\n fhs_help += You should consider using this together with:\n -fhs_help += --prefix=/usr --sysconfdir=/etc --locatestatedir=/var +fhs_help += --prefix=/usr --sysconfdir=/etc --localstatedir=/var opt_group.add_option('--enable-fhs', help=fhs_help, action=store_true, dest='ENABLE_FHS', default=False) -- Samba Shared Repository