Re: [Samba] unable to configure NTP server in samba4
On Mon, 2012-08-06 at 11:35 -0400, Nico Kadel-Garcia wrote: On Sun, Aug 5, 2012 at 11:45 PM, deepak prasad deep2...@yahoo.com wrote: Yes I believe so because I think there should be only 5 min of changes between the server time and client machine and if the time gap is more my clients do not get internet connection, it seems my named server doesnot work for them and when I fix the date once again the nameserver starts working so I thought building a NTP server would be a good idea NTP is great. I agree with your implicit assumption that using a good NTP service is helpful for Samba: The Kerberos authentication necessary Active Directory style authentication is a vital component of modern Samba. and it most definitely relies on a good time service to keep remote hosts in sync. But it's the requirement for a *signed* NTP service that I'm doubting. But your remote site, and yours should be able to use publicly available NTP services. unless you really have some compelling need to keep your NTP service completely private. The advantage of having signed NTP working is that it then just works - client machines in AD trust the AD server to provide the time, and need no further configuration. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] dbcheck
On Tue, 2012-07-31 at 09:41 -0400, sandy.napo...@eccmg.cupet.cu wrote: Helo list, I have samba 4 betta5 as BDC, when I run ./samba-tool dbcheck: Failed to correct missing instanceType on DC=81db8c7b-70f3-4bb0-941f-a9b3abb69b04._msdcs\0ADEL:6334f796-af60-4238-8e5a-1610056ca9b6,CN=LostAndFound,DC=eccmg,DC=cupet,DC=cu by setting instanceType=4 : (65, objectclass_attrs: at least one mandatory attribute ('objectCategory') on entry 'DC=81db8c7b-70f3-4bb0-941f-a9b3abb69b04._msdcs\\0ADEL:6334f796-af60-4238-8e5a-1610056ca9b6,CN=LostAndFound,DC=eccmg,DC=cupet,DC=cu' wasn't specified!) I can see in active directory users and computers the folder lost and found, how I can delete all record in this place... I run too ./samba-tool dbcheck --fix and nothing happened. Please file a bug with information about the history of your installation and I'll try and allow dbcheck to handle this situation. Thanks! Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to configure NTP server in samba4
On Sat, 2012-08-04 at 18:25 +0800, deepak prasad wrote: Hello everyone, I was trying to configure NTP server in my samba4 server but it's not working. I am using CentOS 6.3 (32 bit) for my samba4 server. I installed ntp using yum and the ntp version is 4.2.4 added this line in /etc/ntp.conf restrict mynet mssntp signdsocketdir /data/samba/samba4/prefix/var/run/ntp_signd/ Is this really your Samba4 prefix? It looks suspiciously like mine, but did you really install Samba4 there? Find where the ntp_signd folder is on your system, and point it at that. If you run ntpd as group 'ntp' ensure that the folder also is GROUP owned by 'ntp'. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Packet Size 'Tuning'
On Wed, 2012-08-01 at 13:36 -0400, Andrew Mark wrote: Hi all, I'm hoping someone has gone through the pain I'm going through in trying to 'tune' the packet size Samba uses such that we don't get packet overflow errors. I'm getting these error when I perform: # tcpdump -i ppp0 -n -n Isn't this a matter of your MTU on your PPP link if anything? Is this a real error you are seeing, or just an artifact of tcpdump? Do you see any real issues with a more modern sniffer, such as wireshark (such as fragmentation at the other end)? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] High Memory utilization - Samba
On Thu, 2012-07-26 at 09:01 +0530, Mahesh Tambe wrote: Hello, One of our box running domain controller (Samba4) and DNS/DHCP (Bind 9.8 and default dhcpd) keeps getting high memory used by Samba. As a workaround we do following steps. 1) Restart of Samba = Mem utilization goes back down but quickly returns to high levels (a couple hours) 2) Restart of named = mem utilization goes down and slowly rises again to high levels (days) The samba logs do show constantly some errors on updating the ipv6 addresses to DNS, however we don't have ipv6 enabled. This has only occurred after we added in all the PCs in our office to the server. Request you to please let me know the root cause for the same. We have not yet investigated this, but it is a known issue that is vexing a number of our production installations. https://bugzilla.samba.org/show_bug.cgi?id=8827 It needs someone to (probably) set aside a day to look over where we are leaking (if at all) and sort it out. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Performance problem using clustered samba via ctdb
Hello, I recently set up a samba cluster with 4 nodes using ctdb. The systems are virtual Citrix xen machines running SuSE SLES11Sp2 with samba 3.6.3. The shared filesystem needed for ctdb is on a ocfs2 share stored on a ISCSI target. The cluster is running fine and ip takeover etc is working fine as well. To find out how the cluster would performe in real life with many clients accessing samba shares I compiled smbtorture (from samba4) to run the nbenchmark test using the loadfile client.txt from the dbench4.0 distribution. What I found out is really strange: I first tried to simulate 50 clients on one of the cluster nodes: $ bin/smbtorture //host1/smbtest1 -UUNIKO/smbtest1%password bench.nbench --loadfile=dbench-4.0/client.txt --num-progs=100 -t 30 The result is an average throughput rate of 50MByte/sec. Ok do far. Now I distributed the 100 clients on all four nodes by starting an smnbtoture with 25 clients on each of the cluster members: $ bin/smbtorture //host[1,2,3,4]/smbtest[1,2,3,4] --num-progs=25 -t 30 The throughput results for the four hosts are now: 4.4 MBytes/sec, 4.6 MBytes/sec, 5.2 MBytes/sec and 2.8 MBytes/sec If I add more clients by increasing the --num-progs-parameter rates drop further down. On one node probably the master I see that all three (virtual) CPU core have a system load of 60% (from top). The other three nodes do not show any high CPU load. I also ran the ping_pong test (ping_pong /shared/cluster/test.dat 5) on the shared filesystem. On one node I get a value of about 36000. If I run the very same ping_pong-command on all four nodes I get a value of 1000 on each node. On our old samba servers we have a total of about 400 connects distributed on two servers. However if I try to put such a load (4x100) on the four new samba cluster nodes via smbtorture the test won't even start. If i put 400 clients on one of the servers it works just fine. Now I ask myself two questions: 1. Is the nbenchmark kind of realistic test? 2. Why do throughput rates drop as much as I found out and is this a known behavior of ctdb or is my configuration somehow bad? Any ideas? Thanks Rainer -- Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1 56070 Koblenz, http://userpages.uni-koblenz.de/~krienke, Tel: +49261287 1312 PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html,Fax: +49261287 1001312 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Domain member server - using domain part within authentication
The advantage to work with BDCs you will see when your PDC is down. EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: Michal [mailto:timeo...@gmail.com] Gesendet: Dienstag, 7. August 2012 10:59 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba Domain member server - using domain part within authentication Hello Daniel, I understand the role of domain member server. But I have not understood why I have needed to type also domain name prefix during authentication - and this was changed in some of previous relases of samba - currently this needs to be explicitly defined that you want to map any domain name provided from computer to right domain name used in samba domain. On other way - I dont thnik that the better way is using BDC with direct connection to LDAP server... thanks michal On Mon, Jul 30, 2012 at 8:39 AM, Daniel Müller muel...@tropenklinik.de wrote: Hello, Memberserver: With security=domain, your auth request will be send to your dc and to its success it needs domain\user password. If your logon fails the memberserver tries to authenticate the user local. The better way: work with BDCs/LDAP Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michal Bruncko Gesendet: Freitag, 27. Juli 2012 14:40 An: samba@lists.samba.org Betreff: [Samba] Samba Domain member server - using domain part within authentication Hello list, We are using several file servers in our enviroment in following way: - 1st fileserver is PDC - 2nd ... Xth are domain memeber server (with security = domain, and joined in domain via net rpc join command) When user is logging into 1st fileserver, he can be successfully authenticated with typing only username (without domain part) and his password from client computer which is NOT part of this domain. But when user is trying to log in to some domain member server, the authentication willl not be successful until hi use login in form DOMAIN\username and his password. I need to note here, that winbind is not running on member servers, just pure smbd and nmbd daemons. Is there any way how to authenticate to member servers without using domain part in authentication name? I am using: - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 - on Client: windows 7 many thanks michal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Domain member server - using domain part within authentication
Yes, of course, this is the main reason of BDC role. But there is not any reason to have so much BDC how much (non-PDC) Samba servers are within network. Or other way - there is no such reason using always BDC role instead of classic domain member server role within network. And I understood that you have try to tell me this... thanks michal On Tue, Aug 7, 2012 at 12:43 PM, Daniel Müller muel...@tropenklinik.dewrote: The advantage to work with BDCs you will see when your PDC is down. EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: Michal [mailto:timeo...@gmail.com] Gesendet: Dienstag, 7. August 2012 10:59 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba Domain member server - using domain part within authentication Hello Daniel, I understand the role of domain member server. But I have not understood why I have needed to type also domain name prefix during authentication - and this was changed in some of previous relases of samba - currently this needs to be explicitly defined that you want to map any domain name provided from computer to right domain name used in samba domain. On other way - I dont thnik that the better way is using BDC with direct connection to LDAP server... thanks michal On Mon, Jul 30, 2012 at 8:39 AM, Daniel Müller muel...@tropenklinik.de wrote: Hello, Memberserver: With security=domain, your auth request will be send to your dc and to its success it needs domain\user password. If your logon fails the memberserver tries to authenticate the user local. The better way: work with BDCs/LDAP Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michal Bruncko Gesendet: Freitag, 27. Juli 2012 14:40 An: samba@lists.samba.org Betreff: [Samba] Samba Domain member server - using domain part within authentication Hello list, We are using several file servers in our enviroment in following way: - 1st fileserver is PDC - 2nd ... Xth are domain memeber server (with security = domain, and joined in domain via net rpc join command) When user is logging into 1st fileserver, he can be successfully authenticated with typing only username (without domain part) and his password from client computer which is NOT part of this domain. But when user is trying to log in to some domain member server, the authentication willl not be successful until hi use login in form DOMAIN\username and his password. I need to note here, that winbind is not running on member servers, just pure smbd and nmbd daemons. Is there any way how to authenticate to member servers without using domain part in authentication name? I am using: - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 - on Client: windows 7 many thanks michal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 - getting rid of some logfile errors
From: J. Echter [mailto:j.ech...@echter-kuechen-elektro.de] Sent: 05 August 2012 20:30 Am 01.08.2012 09:17, schrieb Jürgen Echter: Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? thanks juergen Hi, i resolved this ones by setting smb ports = 139 in smb.conf but i still have this ones: Aug 5 20:55:18 bacula smbd[20419]: [2012/08/05 20:55:18, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) Aug 5 20:55:18 bacula smbd[20419]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client SERVER machine account SERVER$ these are only from successfully joined windows 7 machines. the ldap entry, exported as ldif, looks like this for this account: uid=server$,ou=computers,dc=workgroup,dc=local dn: uid=server$,ou=computers,dc=workgroup,dc=local cn: server$ description: Computer gecos: Computer gidnumber: 515 homedirectory: /dev/null loginshell: /bin/false objectclass: posixAccount objectclass: account objectclass: sambaSamAccount sambaacctflags: [W ] sambakickofftime: 2147483647 sambalogofftime: 2147483647 sambalogontime: 0 sambantpassword: 951640BFE27F4C16E7670E096C8121FA sambaprimarygroupsid: S-1-5-21-3842863818-2180709222-141296495-515 sambapwdcanchange: 0 sambapwdlastset: 1344165203 sambapwdmustchange: 2147483647 sambasid: S-1-5-21-3842863818-2180709222-141296495-3458 uid: server$ uidnumber: 1229 anyone with some hints? :) thanks juergen We use tdbsam rather than ldapsam, but get similar errors when the machine name is in lower case in the Linux password database and upper case in the Samba password database. In our case changing the machine's Linux account name to upper case cleared several log file errors including netlogon_creds_server_check. Moray. “To err is human; to purr, feline.” -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samber server in openvz container - venet oder veth0?
I'm new to the list. hopefully my question is correctly placed here... I'd installed my samba server 3.5.6 on debian squeeze in a openvz container that uses venet. I'd love to keep it that way but I'm not sure if that is ok. Do you use samba server with venet or do I have to change to veth? I already read http://wiki.openvz.org/Differences_between_venet_and_veth and I don't want to intall shorewall in every container (VE). Also venet seems easier to administrate and is faster. I read http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html and nmblookup (chapters 4,5,6 and 10) doesn't work. This is because of venet, I suppose. Because with venet broadcasting doesn't work. But do I really need it for the Samba server or can I just use DNS (on other servers than the samba server) and WINS server (on the samba server)? Can I stick to venet or should I use veth? What are your suggestions? kind regards, Birgit Berger EDV-Administratorin an der ÖH Uni Wien http://www.oeh.univie.ac.at/arbeitsbereiche/edv.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samber server in openvz container - venet oder veth0?
Hi Birgit, On Tue, Aug 07, 2012 at 01:38:32PM +0200, Birgit Berger (UV Wien) wrote: I'm new to the list. hopefully my question is correctly placed here... I'd installed my samba server 3.5.6 on debian squeeze in a openvz container that uses venet. I'd love to keep it that way but I'm not sure if that is ok. Do you use samba server with venet or do I have to change to veth? I already read http://wiki.openvz.org/Differences_between_venet_and_veth and I don't want to intall shorewall in every container (VE). Also venet seems easier to administrate and is faster. I read http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html and nmblookup (chapters 4,5,6 and 10) doesn't work. This is because of venet, I suppose. Because with venet broadcasting doesn't work. But do I really need it for the Samba server or can I just use DNS (on other servers than the samba server) and WINS server (on the samba server)? Can I stick to venet or should I use veth? Do you have clients on the network that you know absolutely require WINS for resolving names? (I'd actually have a hard time believing that, but who knows...) Other than that, not having WINS but DNS as its modern and sensible replacement in working condition should be perfectly sufficient for your day to day Samba (and other networking) needs. I've been running Samba without nmbd enabled for a few years now (with Windows XP, Windows 7 and GNU/Linux as clients) and did not run into any problems becasue of that. Grüße aus und nach Wien ;) -- with best regards: - Johannes Truschnigg ( johan...@truschnigg.info ) www: http://johannes.truschnigg.info/ phone: +43 650 2 17 xmpp: johan...@truschnigg.info Please do not bother me with HTML-email or attachments. Thank you. signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 winbind getent and login
Hi With Samba4 winbind, getent passwd gives users as: WORKGROUP\user and you can login as either WORKGROUP\user or user. getent group lists only the group without the WORKGROUP\group and in a listing of files the group is only listed as group (without the WORKGROUP\ part) Is this the expected behaviour? On Samba3 winbind, both users and groups display the WORKGROUP\ prefix and you have to login with the prefix attached. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samber server in openvz container - venet oder veth0?
thank you Johannes. no, I don't really need WINS but it was the only way I could join clients to the domain so far. so I activated it. DNS should be available and working too. /etc/nsswitch.conf looks like this: hosts: files dns Can I use venet with samba or should I change to veth? regards, birgit Johannes Truschnigg johan...@truschnigg.info schreibt: Hi Birgit, On Tue, Aug 07, 2012 at 01:38:32PM +0200, Birgit Berger (UV Wien) wrote: I'm new to the list. hopefully my question is correctly placed here... I'd installed my samba server 3.5.6 on debian squeeze in a openvz container that uses venet. I'd love to keep it that way but I'm not sure if that is ok. Do you use samba server with venet or do I have to change to veth? I already read http://wiki.openvz.org/Differences_between_venet_and_veth and I don't want to intall shorewall in every container (VE). Also venet seems easier to administrate and is faster. I read http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html and nmblookup (chapters 4,5,6 and 10) doesn't work. This is because of venet, I suppose. Because with venet broadcasting doesn't work. But do I really need it for the Samba server or can I just use DNS (on other servers than the samba server) and WINS server (on the samba server)? Can I stick to venet or should I use veth? Do you have clients on the network that you know absolutely require WINS for resolving names? (I'd actually have a hard time believing that, but who knows...) Other than that, not having WINS but DNS as its modern and sensible replacement in working condition should be perfectly sufficient for your day to day Samba (and other networking) needs. I've been running Samba without nmbd enabled for a few years now (with Windows XP, Windows 7 and GNU/Linux as clients) and did not run into any problems becasue of that. Grüße aus und nach Wien ;) -- with best regards: - Johannes Truschnigg ( johan...@truschnigg.info ) www: http://johannes.truschnigg.info/ phone: +43 650 2 17 xmpp: johan...@truschnigg.info Please do not bother me with HTML-email or attachments. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Best way to add samba4 to existing domain
I have Samba4 running, and it had a win2k3 server joined to it. This is working great. I'd like to add another Ubuntu 12.04 server with samba4 beta5. What's the best join method? Do I provision the server as a member, then join using samba-tools domain join domain When I do it looks like it doesn't replicate the directory, just forwards? Should I provision as a DC with the same settings and then do the join? This fails with a IO_TIMEOUT sort of error. Is there another method that I just haven't discovered yet? Thanks in advance for all the great help. Caleb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
On 04/08/12 22:06, NdK wrote: Il 04/08/2012 21:13, steve ha scritto: Uh? wide links seems a bad idea to me... At least from a security perspective. Why a single home directory? We have a single NFS share containing folders for the two domains and inside those a folder for each home. We are trying to migrate away from that, preferring a '[homes]' share where users will place the data they want to have available on every PC. This way even Firefox should work... Hi Diego We have home directories like: home2/staff home2/students/7a home2/students/7b Winbind allows only one template homedir and all user home folders must reside there (or tell me otherwise). The only way we can have what we want is: 1. use nss-ldapd and store the true uinixHomeDirectory in AD 2. winbind. We have a symlink in template homedir to the real data. For that we need wide links. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
On 07/08/12 15:10, steve wrote: On 04/08/12 22:06, NdK wrote: Il 04/08/2012 21:13, steve ha scritto: Uh? wide links seems a bad idea to me... At least from a security perspective. Why a single home directory? We have a single NFS share containing folders for the two domains and inside those a folder for each home. We are trying to migrate away from that, preferring a '[homes]' share where users will place the data they want to have available on every PC. This way even Firefox should work... Hi Diego We have home directories like: home2/staff home2/students/7a home2/students/7b Winbind allows only one template homedir and all user home folders must reside there (or tell me otherwise). The only way we can have what we want is: 1. use nss-ldapd and store the true uinixHomeDirectory in AD 2. winbind. We have a symlink in template homedir to the real data. For that we need wide links. 3. Use winbind to store the true unixHomeDirectory in AD. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Best way to add samba4 to existing domain
I followed this link http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC which was very helpful. I was leaving a few things out that might be helpful to others. My steps were: -build Samba4 but don't provision. -I added the fully qualified domain names of all the other server to the machine I looking to have join the domain. This allowed kinit to work. -run command: samba-tool domain join domain DC -Uadministrator --realm-realm name This worked like a charm. Much easier that I was making in my head. I have Samba4 running, and it had a win2k3 server joined to it. This is working great. I'd like to add another Ubuntu 12.04 server with samba4 beta5. What's the best join method? Do I provision the server as a member, then join using samba-tools domain join domain When I do it looks like it doesn't replicate the directory, just forwards? Should I provision as a DC with the same settings and then do the join? This fails with a IO_TIMEOUT sort of error. Is there another method that I just haven't discovered yet? Thanks in advance for all the great help. Caleb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
On 07/08/12 16:15, Jonathan Buzzard wrote: On 07/08/12 15:10, steve wrote: On 04/08/12 22:06, NdK wrote: Il 04/08/2012 21:13, steve ha scritto: Uh? wide links seems a bad idea to me... At least from a security perspective. Why a single home directory? We have a single NFS share containing folders for the two domains and inside those a folder for each home. We are trying to migrate away from that, preferring a '[homes]' share where users will place the data they want to have available on every PC. This way even Firefox should work... Hi Diego We have home directories like: home2/staff home2/students/7a home2/students/7b Winbind allows only one template homedir and all user home folders must reside there (or tell me otherwise). The only way we can have what we want is: 1. use nss-ldapd and store the true uinixHomeDirectory in AD 2. winbind. We have a symlink in template homedir to the real data. For that we need wide links. 3. Use winbind to store the true unixHomeDirectory in AD. Hi If I store unixHomeDirectory in AD, winbind seems to ignore it. As far as it's concerned, all home directories have to be in template homedir. How would I use winbind to store it? This is why we tend toward 1. nss-ldapd pulls all of rfc2307 from AD. winbind seems to recognise only uidNumber and gidNumber. It doesn't sem to give you any control over login shell and unixHomeDirectory. Everyone has the same shell and homedir. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba User authentication from external LDAP server
I need to authenticate samba users from external LDAP server, tried a few options but when I change LDAP password, the samba password does not change. Is it possible to do away with Samba password and only use LDAP password Rakesh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba User authentication from external LDAP server
You need to configure smb.conf with either unix password sync (along with passwd chat and passwd program) or with pam password change I use the unix password sync option- it passes the new password value to a shell script which then calls an ldap server command to change the password.The script includes the user ID and pw of an account in the LDAP server with appropriate permissions to set the password. I don't know if pam password change would work in LDAP. The root account (under which samba runs) has the ability to change local or NIS passwords with the passwd command without knowing the old password. But the unix root account is not by default an LDAP admin. If you truly want to use only the LDAP password for Samba authentication then you need to configure plain-text password storage for everything. Which is probably a bad idea. On 08/07/12 11:35, RAKESH PRITMANI wrote: I need to authenticate samba users from external LDAP server, tried a few options but when I change LDAP password, the samba password does not change. Is it possible to do away with Samba password and only use LDAP password Rakesh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbldap-tools 0.9.9 released
Hi, I've released smbldap-tools 0.9.9: http://download.gna.org/smbldap-tools/ChangeLog http://download.gna.org/smbldap-tools/sources/?C=MO=D http://download.gna.org/smbldap-tools/packages/?C=MO=D Changes: 2012-08-07 fumiyas at OSS Technology Corp., Japan * smbldap_tools.pm: $config{masterLDAP} and $config{slaveLDAP} can take a LDAP URI * smbldap_tools.pm: Non-root user cannot run smbldap-passwd, smbldap-userinfo, smbldap-userlist and smbldap-grouplist with SSL-enabled LDAP server http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647860 * new tag 0.9.9 2012-07-17 fumiyas at OSS Technology Corp., Japan * smbldap-useradd: Fix smbldap-passwd name http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679935 2012-07-16 fumiyas at OSS Technology Corp., Japan * smbldap-userlist, smbldap-grouplist: Specify Net::LDAP search attributes as an array ref, not a string http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681350 Regards, -- -- Name: SATOH Fumiyasu (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- Personal Home: http://www.SFO.jp/blog/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samber server in openvz container - venet oder veth0?
Hello again, On Tue, Aug 07, 2012 at 02:28:24PM +0200, Birgit Berger (UV Wien) wrote: thank you Johannes. no, I don't really need WINS but it was the only way I could join clients to the domain so far. so I activated it. DNS should be available and working too. /etc/nsswitch.conf looks like this: hosts: files dns That's fine - you don't want anything reagrding winbind or WINS in there, since you don't have proper name resolution set up over that kind of protocol/service. Can I use venet with samba or should I change to veth? Just stick with what you got - vnet will be fine. Have a nice day! -- with best regards: - Johannes Truschnigg ( johan...@truschnigg.info ) www: http://johannes.truschnigg.info/ phone: +43 650 2 17 xmpp: johan...@truschnigg.info Please do not bother me with HTML-email or attachments. Thank you. signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Packet Size 'Tuning'
Thanks for your suggestion of WireShark. I'm hesitant to adjust the MTU of PPP0 too much as I'll have to ifdown/ifup the ppp0 interface and this is a live environment. Also, data packets travelling not on port 137-139 or 445 do not emit the displayed error. I will implement WireShark and post my findings Cheers, Andrew Mark | Development Analyst | www.aimsystems.ca local: 519-837-1072 | fax: 519-837-4063 | int'l 800-465-2961 12-350 Speedvale Ave. W. | Guelph, ON | N1H 7M7 | Canada On 12-08-07 04:20 AM, Andrew Bartlett wrote: On Wed, 2012-08-01 at 13:36 -0400, Andrew Mark wrote: Hi all, I'm hoping someone has gone through the pain I'm going through in trying to 'tune' the packet size Samba uses such that we don't get packet overflow errors. I'm getting these error when I perform: # tcpdump -i ppp0 -n -n Isn't this a matter of your MTU on your PPP link if anything? Is this a real error you are seeing, or just an artifact of tcpdump? Do you see any real issues with a more modern sniffer, such as wireshark (such as fragmentation at the other end)? Andrew Bartlett -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SMB+LDAP
Hi Folks, A couple of questions about making SMB (3 or 4) authenticate to an external (anonymous) LDAP server: 1) A typical LDAP user record is below. Is there anything lacking in this record that would prevent Samba from authenticating against our LDAP server? Note the sambaSID is as is, gobblygook info: dsAttrTypeNative:eduPersonAffiliation: Employee Member dsAttrTypeNative:givenName: David dsAttrTypeNative:homeDirectory: /afs/cats.csux.edu/users/t/dsixpack dsAttrTypeNative:mail: dsixp...@csux.edu dsAttrTypeNative:objectClass: posixAccount organizationalPerson csuxPerson top sambaSamAccount person inetOrgPerson csuxMain eduPerson dsAttrTypeNative:sambaSID: S-1-5-21-XX-XX-XX dsAttrTypeNative:sn: Sixpack dsAttrTypeNative:csuxPersonGuID: G000242316 AppleMetaNodeLocation: /LDAPv3/ldap-99.soe.csux.edu AppleMetaRecordName: uid=dsixpack,ou=People,dc=crm,dc=csux,dc=edu NFSHomeDirectory: /Users/dsixpack Password: PrimaryGroupID: 12 RealName: David Sixpack RecordName: dsixpack RecordType: dsRecTypeStandard:Users UniqueID: 9239 UserShell: /bin/bash 2) Regarding the sudo smbpasswd -w secret step, does this smb user need to exist in our LDAP or that local to the machine running the SMB daemon? I wasn't clear on how this step in the process is supposed to work. 3) Is the ldap admin dn = also required? Note we have read-only access to our LDAP server, though a record could be created for us if absolutely needed. Any help or ideas MUCH appreciated! Thanks! David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Making Happy Users ... I need to understand...
Hello, I'm posting here because I'm in a need to understand. Sorry for my bad english. I know that I could figure out how to make it work with a trial and error method but I do want to know how it works and not to do a là Windows... I work in a high school. Debian GNU/Linux 5.0 Samba 3.2.5 + LDAP (I know I have to update ...) Browsing user profiles are useful but they are really slowing down our network and login times... so I disabled this option setting in smb.conf from: logon home = \\%N\profile logon path = \\%N\profile to: logon home = logon path = disabling browsing profiles at all. All works well creating the profiles on the fly from the Defaul User profile. But since the browsing profiles are useful, I followed this guide to use the profile data from the lan: http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#id2581407 and I understand all but this: Now follow the procedure given in “The Local Group Policy”. Make sure that each folder you have redirected is in the exclusion list. Why I have to do this? If I have disabled browing profiles (am I right in disabling this option?) why I should exclude some dirs from the browsing profiles if they do not actually have any chance to be replicated? Many thanks to whom will be so kind to enlight me about this (obscure?) Samba feature... -- Marco Ciampa ++ | Linux User #78271 | | FSFE fellow #364 | ++ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind: uid range is ignored
steve wrote: On 07/08/12 16:15, Jonathan Buzzard wrote: On 07/08/12 15:10, steve wrote: On 04/08/12 22:06, NdK wrote: Il 04/08/2012 21:13, steve ha scritto: Uh? wide links seems a bad idea to me... At least from a security perspective. Why a single home directory? We have a single NFS share containing folders for the two domains and inside those a folder for each home. We are trying to migrate away from that, preferring a '[homes]' share where users will place the data they want to have available on every PC. This way even Firefox should work... Hi Diego We have home directories like: home2/staff home2/students/7a home2/students/7b Winbind allows only one template homedir and all user home folders must reside there (or tell me otherwise). The only way we can have what we want is: 1. use nss-ldapd and store the true uinixHomeDirectory in AD 2. winbind. We have a symlink in template homedir to the real data. For that we need wide links. 3. Use winbind to store the true unixHomeDirectory in AD. Hi If I store unixHomeDirectory in AD, winbind seems to ignore it. As far as it's concerned, all home directories have to be in template homedir. How would I use winbind to store it? This is why we tend toward 1. nss-ldapd pulls all of rfc2307 from AD. winbind seems to recognise only uidNumber and gidNumber. It doesn't sem to give you any control over login shell and unixHomeDirectory. Everyone has the same shell and homedir. Well it's read only, winbind pulls the information from the AD, but take out your template homedir/shell lines from smb.conf and do something like winbind nss info = rfc2307 winbind expand groups = 2 winbind nested groups = yes winbind enum users = yes winbind enum groups = yes Note you can get nested groups this way, something I don't think nss-ldapd provides. It does work I have it in production for over 1500 users right now with some 900 active SMB sessions. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB+LDAP
I have a Sun (Oracle) Directory Server directory server backend. I also use it for unix level authentication. Are you configuring samba as a domain controller or standalone server? I have uid and uidNumber attributes- you want to make sure that the samba account maps to a unix account somehow. pdbedit -Lv username will verify this. I think with an LDAP backend it will expect ldap admin dn entry. This is not usually a regular user in your company LDAP branch but is instead an administrator.Samba will need to write to LDAP if you add or remove a samba user using smbpasswd or pdbedit, or if you change a user's samba password with samba command line tools or from windows, or if you join or remove a Windows PC the domain, and if you join the samba server to the domain. (this will create domain object.s) You can of course use LDAP tools to create the user's samba attributes. I don't know how you would easily set the user's samba password. You could probably have a dummy samba machine with a local backend, set a password, then use smbpasswd -e to extract the hashed value.Maybe there are additional tools for creating an NT password hash. Machines will also have accounts with passwords. the passwords may automatically change. On 08/07/12 17:37, Frans Lanting - IT Admin wrote: Hi Folks, A couple of questions about making SMB (3 or 4) authenticate to an external (anonymous) LDAP server: 1) A typical LDAP user record is below. Is there anything lacking in this record that would prevent Samba from authenticating against our LDAP server? Note the sambaSID is as is, gobblygook info: dsAttrTypeNative:eduPersonAffiliation: Employee Member dsAttrTypeNative:givenName: David dsAttrTypeNative:homeDirectory: /afs/cats.csux.edu/users/t/dsixpack dsAttrTypeNative:mail: dsixp...@csux.edu dsAttrTypeNative:objectClass: posixAccount organizationalPerson csuxPerson top sambaSamAccount person inetOrgPerson csuxMain eduPerson dsAttrTypeNative:sambaSID: S-1-5-21-XX-XX-XX dsAttrTypeNative:sn: Sixpack dsAttrTypeNative:csuxPersonGuID: G000242316 AppleMetaNodeLocation: /LDAPv3/ldap-99.soe.csux.edu AppleMetaRecordName: uid=dsixpack,ou=People,dc=crm,dc=csux,dc=edu NFSHomeDirectory: /Users/dsixpack Password: PrimaryGroupID: 12 RealName: David Sixpack RecordName: dsixpack RecordType: dsRecTypeStandard:Users UniqueID: 9239 UserShell: /bin/bash 2) Regarding the sudo smbpasswd -w secret step, does this smb user need to exist in our LDAP or that local to the machine running the SMB daemon? I wasn't clear on how this step in the process is supposed to work. 3) Is the ldap admin dn = also required? Note we have read-only access to our LDAP server, though a record could be created for us if absolutely needed. Any help or ideas MUCH appreciated! Thanks! David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB+LDAP
You also need sambaAccountFlags: [UX] for user account and sambaAccountFlags: [W] for machine accounts. On 08/07/12 17:37, Frans Lanting - IT Admin wrote: Hi Folks, A couple of questions about making SMB (3 or 4) authenticate to an external (anonymous) LDAP server: 1) A typical LDAP user record is below. Is there anything lacking in this record that would prevent Samba from authenticating against our LDAP server? Note the sambaSID is as is, gobblygook info: dsAttrTypeNative:eduPersonAffiliation: Employee Member dsAttrTypeNative:givenName: David dsAttrTypeNative:homeDirectory: /afs/cats.csux.edu/users/t/dsixpack dsAttrTypeNative:mail: dsixp...@csux.edu dsAttrTypeNative:objectClass: posixAccount organizationalPerson csuxPerson top sambaSamAccount person inetOrgPerson csuxMain eduPerson dsAttrTypeNative:sambaSID: S-1-5-21-XX-XX-XX dsAttrTypeNative:sn: Sixpack dsAttrTypeNative:csuxPersonGuID: G000242316 AppleMetaNodeLocation: /LDAPv3/ldap-99.soe.csux.edu AppleMetaRecordName: uid=dsixpack,ou=People,dc=crm,dc=csux,dc=edu NFSHomeDirectory: /Users/dsixpack Password: PrimaryGroupID: 12 RealName: David Sixpack RecordName: dsixpack RecordType: dsRecTypeStandard:Users UniqueID: 9239 UserShell: /bin/bash 2) Regarding the sudo smbpasswd -w secret step, does this smb user need to exist in our LDAP or that local to the machine running the SMB daemon? I wasn't clear on how this step in the process is supposed to work. 3) Is the ldap admin dn = also required? Note we have read-only access to our LDAP server, though a record could be created for us if absolutely needed. Any help or ideas MUCH appreciated! Thanks! David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB+LDAP
On Tue, 2012-08-07 at 14:37 -0700, Frans Lanting - IT Admin wrote: Hi Folks, A couple of questions about making SMB (3 or 4) authenticate to an external (anonymous) LDAP server: Note we have read-only access to our LDAP server, though a record could be created for us if absolutely needed. If you are only able to get anonoymous read only access, then you won't be able to read any password hash values that you did somehow manage to get stored into the directory. In short, it isn't possible to make Samba use this LDAP server directly. Is there some Windows domain that is synchronised against this directory that your (presumably) windows clients already use? This would be what you would join Samba to. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] with streams_xattr enabled, ads are written correctly but not retrieved
Hello, I'm running Samba 3.6.6-1 on my x64 Arch Linux installation. I recently decided to have my samba share support NTFS's Alternate Data Streams by using streams_xattr or streams_depot. With streams_xattr I discovered that if I copy a file having an ADS from a win7 box, on the linux console, I can see the ADS as an xattr attached to the file. However when I copy the file back to my win7 box using windows explorer, there are no ADS entries on it. This is not true if I use streams_depot. To this email, I've appended logs (log level=3) generated when I copy the file back using windows explorer. I haven't been able to make much sense of them or spot anything that's causing streams_xattr to not function correctly. On a side not, when I first enabled streams_xattr (true about streams_depot too), I was getting an NT_STATUS_NETWORK_BUSY from smbd which was also causing windows to report an 'unexpected error'. Upon some research I found this: https://bugzilla.samba.org/show_bug.cgi?id=7537 . Upon disbaleing kernel oplocks, this error was gone. I'm wondering if I could still have the kernel oplocks on and there's another way to solve it, since that bug is 2 years old. thanks, Puneet -- [2012/08/06 00:53:26.317876, 3] smbd/process.c:1662(process_smb) Transaction 303 of length 112 (0 toread) [2012/08/06 00:53:26.318270, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12102) conn 0x7f02fcec2aa0 [2012/08/06 00:53:26.318527, 3] smbd/trans2.c:5117(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2012/08/06 00:53:26.318716, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [bar.jpg] [/media/test1] [2012/08/06 00:53:26.319162, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: bar.jpg reduced to /media/test1/bar.jpg [2012/08/06 00:53:26.319530, 3] smbd/trans2.c:5261(call_trans2qfilepathinfo) call_trans2qfilepathinfo bar.jpg (fnum = -1) level=1004 call=5 total_data=0 [2012/08/06 00:53:26.320235, 3] smbd/process.c:1662(process_smb) Transaction 304 of length 112 (0 toread) [2012/08/06 00:53:26.320635, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12102) conn 0x7f02fcec2aa0 [2012/08/06 00:53:26.321164, 3] smbd/trans2.c:5117(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2012/08/06 00:53:26.321555, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [bar.jpg] [/media/test1] [2012/08/06 00:53:26.321748, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: bar.jpg reduced to /media/test1/bar.jpg [2012/08/06 00:53:26.321966, 3] smbd/trans2.c:5261(call_trans2qfilepathinfo) call_trans2qfilepathinfo bar.jpg (fnum = -1) level=1005 call=5 total_data=0 [2012/08/06 00:53:26.322980, 3] smbd/process.c:1662(process_smb) Transaction 305 of length 112 (0 toread) [2012/08/06 00:53:26.323299, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12102) conn 0x7f02fcec2aa0 [2012/08/06 00:53:26.323474, 3] smbd/trans2.c:5117(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2012/08/06 00:53:26.323664, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [bar.jpg] [/media/test1] [2012/08/06 00:53:26.323897, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: bar.jpg reduced to /media/test1/bar.jpg [2012/08/06 00:53:26.324212, 3] smbd/trans2.c:5261(call_trans2qfilepathinfo) call_trans2qfilepathinfo bar.jpg (fnum = -1) level=1004 call=5 total_data=0 [2012/08/06 00:53:26.349891, 3] smbd/process.c:1662(process_smb) Transaction 306 of length 90 (0 toread) [2012/08/06 00:53:26.350056, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12102) conn 0x7f02fcec2aa0 [2012/08/06 00:53:26.350222, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [.] [/media/test1] [2012/08/06 00:53:26.350382, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: . reduced to /media/test1 [2012/08/06 00:53:26.350558, 3] smbd/dosmode.c:159(unix_mode) unix_mode(.) returning 0744 [2012/08/06 00:53:26.351819, 3] smbd/process.c:1662(process_smb) Transaction 307 of length 76 (0 toread) [2012/08/06 00:53:26.352145, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12102) conn 0x7f02fcec2aa0 [2012/08/06 00:53:26.352319, 3] smbd/trans2.c:5032(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/08/06 00:53:26.352529, 3] smbd/trans2.c:5261(call_trans2qfilepathinfo) call_trans2qfilepathinfo . (fnum = 10395) level=1005 call=7 total_data=0 [2012/08/06 00:53:26.353184, 3] smbd/process.c:1662(process_smb) Transaction 308 of length 45 (0 toread) [2012/08/06 00:53:26.353491, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12102) conn 0x7f02fcec2aa0 [2012/08/06 00:53:26.353658, 3] smbd/reply.c:4838(reply_close) close directory fnum=10395 [2012/08/06 00:53:26.356075, 3]
Re: [Samba] Samba Domain member server - using domain part within authentication
Hello Daniel, I understand the role of domain member server. But I have not understood why I have needed to type also domain name prefix during authentication - and this was changed in some of previous relases of samba - currently this needs to be explicitly defined that you want to map any domain name provided from computer to right domain name used in samba domain. On other way - I dont thnik that the better way is using BDC with direct connection to LDAP server... thanks michal On Mon, Jul 30, 2012 at 8:39 AM, Daniel Müller muel...@tropenklinik.dewrote: Hello, Memberserver: With security=domain, your auth request will be send to your dc and to its success it needs domain\user password. If your logon fails the memberserver tries to authenticate the user local. The better way: work with BDCs/LDAP Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michal Bruncko Gesendet: Freitag, 27. Juli 2012 14:40 An: samba@lists.samba.org Betreff: [Samba] Samba Domain member server - using domain part within authentication Hello list, We are using several file servers in our enviroment in following way: - 1st fileserver is PDC - 2nd ... Xth are domain memeber server (with security = domain, and joined in domain via net rpc join command) When user is logging into 1st fileserver, he can be successfully authenticated with typing only username (without domain part) and his password from client computer which is NOT part of this domain. But when user is trying to log in to some domain member server, the authentication willl not be successful until hi use login in form DOMAIN\username and his password. I need to note here, that winbind is not running on member servers, just pure smbd and nmbd daemons. Is there any way how to authenticate to member servers without using domain part in authentication name? I am using: - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 - on Client: windows 7 many thanks michal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f06c216 s3-pysmbd: Try opening as a file, then as a directory via e571d5c s3-pysmbd: Use talloc_zero() via e658421 s3-passdb: Simplify idmap wrapper in pdb_samba4 via 227d490 s3-pysmbd: Add talloc_stackframe() to smbd_set_simple_acl wrapper from 721096b s3:smb2_server: make use of smbd_smb2_inbuf_parse_compound() in smbd_smb2_request_read*() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f06c216d0b3ffd036ac10f9abe9b2fe3ff319f09 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 14:19:06 2012 +1000 s3-pysmbd: Try opening as a file, then as a directory Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 7 08:59:21 CEST 2012 on sn-devel-104 commit e571d5c03ef416bc7f6a1eb66567ec2715da9d21 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 14:18:41 2012 +1000 s3-pysmbd: Use talloc_zero() This avoids operating on uninitialised data Andrew Bartlett commit e658421fe1f724da0e627c0ae407804993c2521e Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 14:17:09 2012 +1000 s3-passdb: Simplify idmap wrapper in pdb_samba4 The source3 consumers of this API are now quite happy to be given an answer of ID_TYPE_BOTH, so we do not need this extra code to try and force the answer to UID or GID. Andrew Bartlett commit 227d490477230cfdd6b912b6f6a63314fa64ca88 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 10:45:14 2012 +1000 s3-pysmbd: Add talloc_stackframe() to smbd_set_simple_acl wrapper --- Summary of changes: source3/passdb/pdb_samba4.c | 59 ++ source3/smbd/pysmbd.c | 12 ++-- 2 files changed, 18 insertions(+), 53 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c index 40827df..01eb4ba 100644 --- a/source3/passdb/pdb_samba4.c +++ b/source3/passdb/pdb_samba4.c @@ -2058,67 +2058,26 @@ static bool pdb_samba4_sid_to_id(struct pdb_methods *m, const struct dom_sid *si m-private_data, struct pdb_samba4_state); struct id_map id_map; struct id_map *id_maps[2]; - const char *attrs[] = { objectClass, NULL }; - struct ldb_message *msg; - struct ldb_dn *dn; NTSTATUS status; - int rc; TALLOC_CTX *tmp_ctx = talloc_stackframe(); if (!tmp_ctx) { return false; } ZERO_STRUCT(id_map); + id_map.sid = sid; + id_maps[0] = id_map; + id_maps[1] = NULL; - dn = ldb_dn_new_fmt(tmp_ctx, state-ldb, SID=%s, dom_sid_string(tmp_ctx, sid)); - if (!dn || !ldb_dn_validate(dn)) { - talloc_free(tmp_ctx); + status = idmap_sids_to_xids(state-idmap_ctx, tmp_ctx, id_maps); + talloc_free(tmp_ctx); + if (!NT_STATUS_IS_OK(status)) { return false; } - rc = dsdb_search_one(state-ldb, tmp_ctx, msg, dn, LDB_SCOPE_BASE, attrs, 0, NULL); - if (rc == LDB_ERR_NO_SUCH_OBJECT) { - DEBUG(5, (__location__ SID to Unix ID lookup failed because SID %s could not be found in the samdb\n, dom_sid_string(tmp_ctx, sid))); - talloc_free(tmp_ctx); - return false; + if (id_map.xid.type != ID_TYPE_NOT_SPECIFIED) { + *id = id_map.xid; + return true; } - if (samdb_find_attribute(state-ldb, msg, objectClass, group)) { - id-type = ID_TYPE_GID; - - ZERO_STRUCT(id_map); - id_map.sid = sid; - id_maps[0] = id_map; - id_maps[1] = NULL; - - status = idmap_sids_to_xids(state-idmap_ctx, tmp_ctx, id_maps); - talloc_free(tmp_ctx); - if (!NT_STATUS_IS_OK(status)) { - return false; - } - if (id_map.xid.type == ID_TYPE_GID || id_map.xid.type == ID_TYPE_BOTH) { - id-id = id_map.xid.id; - return true; - } - return false; - } else if (samdb_find_attribute(state-ldb, msg, objectClass, user)) { - id-type = ID_TYPE_UID; - ZERO_STRUCT(id_map); - id_map.sid = sid; - id_maps[0] = id_map; - id_maps[1] = NULL; - - status = idmap_sids_to_xids(state-idmap_ctx, tmp_ctx, id_maps); - talloc_free(tmp_ctx); - if (!NT_STATUS_IS_OK(status)) { - return false; - } - if (id_map.xid.type == ID_TYPE_UID || id_map.xid.type == ID_TYPE_BOTH) { - id-id =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 33705f4 s4-scripting: Remove unused variables from ntacl tests via 4aca56c s4-smbd: Check for failure of irpc_add_name from f06c216 s3-pysmbd: Try opening as a file, then as a directory http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 33705f4cc1773ff4fc37a6e6927af7a327aeb31d Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 16:55:58 2012 +1000 s4-scripting: Remove unused variables from ntacl tests Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 7 11:15:41 CEST 2012 on sn-devel-104 commit 4aca56cd848df11d79a8a0333d3e9944f176bcd9 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 15:50:46 2012 +1000 s4-smbd: Check for failure of irpc_add_name --- Summary of changes: source4/scripting/python/samba/tests/ntacls.py | 10 -- source4/smbd/server.c |5 - 2 files changed, 4 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/tests/ntacls.py b/source4/scripting/python/samba/tests/ntacls.py index c7e4101..c867c95 100644 --- a/source4/scripting/python/samba/tests/ntacls.py +++ b/source4/scripting/python/samba/tests/ntacls.py @@ -32,8 +32,6 @@ class NtaclsTests(TestCase): path = os.environ['SELFTEST_PREFIX'] acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) tempf = os.path.join(path,pytests+str(int(10*random.random( -ntacl = xattr.NTACL() -ntacl.version = 1 open(tempf, 'w').write(empty) lp.set(posix:eadb,os.path.join(path,eadbtest.tdb)) setntacl(lp, tempf, acl, S-1-5-21-2212615479-2695158682-2101375467) @@ -46,8 +44,6 @@ class NtaclsTests(TestCase): path = os.environ['SELFTEST_PREFIX'] acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) tempf = os.path.join(path,pytests+str(int(10*random.random( -ntacl = xattr.NTACL() -ntacl.version = 1 open(tempf, 'w').write(empty) lp.set(posix:eadb,os.path.join(path,eadbtest.tdb)) setntacl(lp,tempf,acl,S-1-5-21-2212615479-2695158682-2101375467) @@ -62,8 +58,6 @@ class NtaclsTests(TestCase): acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) path = os.environ['SELFTEST_PREFIX'] tempf = os.path.join(path,pytests+str(int(10*random.random( -ntacl = xattr.NTACL() -ntacl.version = 1 open(tempf, 'w').write(empty) setntacl(lp,tempf,acl,S-1-5-21-2212615479-2695158682-2101375467,tdb,os.path.join(path,eadbtest.tdb)) facl=getntacl(lp,tempf,tdb,os.path.join(path,eadbtest.tdb)) @@ -77,8 +71,6 @@ class NtaclsTests(TestCase): acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) path = os.environ['SELFTEST_PREFIX'] tempf = os.path.join(path,pytests+str(int(10*random.random( -ntacl = xattr.NTACL() -ntacl.version = 1 open(tempf, 'w').write(empty) self.assertRaises(XattrBackendError, setntacl, lp, tempf, acl, S-1-5-21-2212615479-2695158682-2101375467,ttdb, os.path.join(path,eadbtest.tdb)) @@ -90,8 +82,6 @@ class NtaclsTests(TestCase): acl = O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512) path = os.environ['SELFTEST_PREFIX'] tempf = os.path.join(path,pytests+str(int(10*random.random( -ntacl = xattr.NTACL() -ntacl.version = 1 open(tempf, 'w').write(empty) lp.set(posix:eadb, os.path.join(path,eadbtest.tdb)) self.assertRaises(Exception, setntacl, lp, tempf ,acl, diff --git a/source4/smbd/server.c b/source4/smbd/server.c index a6ebcd6..f3405a7 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -225,7 +225,10 @@ static NTSTATUS setup_parent_messaging(struct tevent_context *event_ctx, cluster_id(0, SAMBA_PARENT_TASKID), event_ctx, false); NT_STATUS_HAVE_NO_MEMORY(msg); - irpc_add_name(msg, samba); + status = irpc_add_name(msg, samba); + if (!NT_STATUS_IS_OK(status)) { + return status; + } status = IRPC_REGISTER(msg, irpc,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e7bf8e7 s3:smb2_server: do one central as_root check if the operation requires it via eec941e s3:smb2_server: do one central tcon check if the operation requires it via 59b9dfa s3:smb2_server: do one central session check if the operation requires it via aba6df9 s3:smb2_server: add and use smbd_smb2_call() via e013332 s3:smb2_server: add .as_root to smbd_smb2_dispatch_table via f69ed57 s3:smb2_server: add .need_tcon to smbd_smb2_dispatch_table via 46f7a60 s3:smb2_server: add .need_session to smbd_smb2_dispatch_table via 357110c s3:smb2_server: introduce a smbd_smb2_dispatch_table (for now just with names) via 5ac4d3d s3:smb2_server: move 'conn' to main block of smbd_smb2_request_dispatch() via 83a746d libcli/util: add NT_STATUS_FILE_NOT_AVAILABLE via 1453358 libcli/smb: use forward declaration instead of includes from 33705f4 s4-scripting: Remove unused variables from ntacl tests http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e7bf8e7e23855c9f03983200d52a93cdd49c4948 Author: Stefan Metzmacher me...@samba.org Date: Mon Aug 6 12:32:50 2012 +0200 s3:smb2_server: do one central as_root check if the operation requires it metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Aug 7 13:14:38 CEST 2012 on sn-devel-104 commit eec941e411676b72ac40107efcc0e19710db725e Author: Stefan Metzmacher me...@samba.org Date: Mon Aug 6 12:32:50 2012 +0200 s3:smb2_server: do one central tcon check if the operation requires it metze commit 59b9dfa0cbb5e9f165f9fc0bcbd90fe7ec32 Author: Stefan Metzmacher me...@samba.org Date: Mon Aug 6 12:32:50 2012 +0200 s3:smb2_server: do one central session check if the operation requires it metze commit aba6df9f5502fcb3fb8b86ae14890554065155f8 Author: Stefan Metzmacher me...@samba.org Date: Mon Aug 6 10:42:30 2012 +0200 s3:smb2_server: add and use smbd_smb2_call() metze commit e01333242f149fcbdd9db3b2195c1543c3f0647f Author: Stefan Metzmacher me...@samba.org Date: Mon Aug 6 10:04:48 2012 +0200 s3:smb2_server: add .as_root to smbd_smb2_dispatch_table metze commit f69ed57d0faff446f2c66591cef941dfc1675881 Author: Stefan Metzmacher me...@samba.org Date: Mon Aug 6 10:04:48 2012 +0200 s3:smb2_server: add .need_tcon to smbd_smb2_dispatch_table metze commit 46f7a60e787396af1a061f39ddca699e296b0560 Author: Stefan Metzmacher me...@samba.org Date: Mon Aug 6 10:02:54 2012 +0200 s3:smb2_server: add .need_session to smbd_smb2_dispatch_table metze commit 357110c10be1e4d2e295e3362bbd484463c8af78 Author: Stefan Metzmacher me...@samba.org Date: Mon Aug 6 09:29:40 2012 +0200 s3:smb2_server: introduce a smbd_smb2_dispatch_table (for now just with names) metze commit 5ac4d3d27448c7ccc7e0ae0b7ee3c83409821d43 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 09:48:22 2012 +0200 s3:smb2_server: move 'conn' to main block of smbd_smb2_request_dispatch() metze commit 83a746d7f54f7a99ee6b3e26100f8e2c19e3c3bd Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 09:22:53 2012 +0200 libcli/util: add NT_STATUS_FILE_NOT_AVAILABLE metze commit 145335878b08712236282bb6155ad3f62c1e54a4 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 07:24:22 2012 +0200 libcli/smb: use forward declaration instead of includes metze --- Summary of changes: libcli/smb/smbXcli_base.h |5 +- libcli/util/nterr.c|1 + libcli/util/ntstatus.h |1 + source3/smbd/smb2_server.c | 422 +++- 4 files changed, 145 insertions(+), 284 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h index 2c0410b..5ef201e 100644 --- a/libcli/smb/smbXcli_base.h +++ b/libcli/smb/smbXcli_base.h @@ -21,14 +21,13 @@ #ifndef _SMBXCLI_BASE_H_ #define _SMBXCLI_BASE_H_ -#include sys/uio.h -#include libcli/smb/smb2_create_blob.h - struct smbXcli_conn; struct smbXcli_session; struct smbXcli_tcon; struct smb_trans_enc_state; struct GUID; +struct iovec; +struct smb2_create_blobs; struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx, int fd, diff --git a/libcli/util/nterr.c b/libcli/util/nterr.c index 4513e5c..793790d 100644 --- a/libcli/util/nterr.c +++ b/libcli/util/nterr.c @@ -551,6 +551,7 @@ const nt_err_code_struct nt_errs[] = NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED }, { NT_STATUS_NOT_A_REPARSE_POINT, NT_STATUS_NOT_A_REPARSE_POINT }, { NT_STATUS_NO_MORE_ENTRIES, NT_STATUS_NO_MORE_ENTRIES }, + {
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9b7b736 media_harmony VFS module: Add and build by default. from e7bf8e7 s3:smb2_server: do one central as_root check if the operation requires it http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9b7b736e5b99c525d251942476ac94570aafb8e3 Author: Andrew Klaassen claws...@yahoo.com Date: Thu May 3 13:39:53 2012 -0400 media_harmony VFS module: Add and build by default. - Supersedes previous patch. - Added various fixes for fake mtime functionality. - Now requires lp_cache_locked_write_times patch (bug 8912). - Removed various xattr functions to comply with recent VFS changes. - Changed SMB_STRUCT_DIR to DIR and SMB_STRUCT_DIRENT to struct dirent to comply with recent VFS changes. - Added manpage. - Added sample trigger_avid_update.py script. Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Tue Aug 7 15:16:39 CEST 2012 on sn-devel-104 --- Summary of changes: docs-xml/manpages-3/vfs_media_harmony.8.xml| 142 ++ .../vfs/media_harmony/trigger_avid_update.py | 103 + source3/Makefile.in|5 + source3/configure.in |2 + source3/modules/vfs_media_harmony.c| 2438 source3/wscript|1 + 6 files changed, 2691 insertions(+), 0 deletions(-) create mode 100644 docs-xml/manpages-3/vfs_media_harmony.8.xml create mode 100755 examples/scripts/vfs/media_harmony/trigger_avid_update.py create mode 100644 source3/modules/vfs_media_harmony.c Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/vfs_media_harmony.8.xml b/docs-xml/manpages-3/vfs_media_harmony.8.xml new file mode 100644 index 000..f24e700 --- /dev/null +++ b/docs-xml/manpages-3/vfs_media_harmony.8.xml @@ -0,0 +1,142 @@ +?xml version=1.0 encoding=iso-8859-1? +!DOCTYPE refentry PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN http://www.samba.org/samba/DTD/samba-doc; +refentry id=vfs_media_harmony.8 + +refmeta + refentrytitlevfs_media_harmony/refentrytitle + manvolnum8/manvolnum + refmiscinfo class=sourceSamba/refmiscinfo + refmiscinfo class=manualSystem Administration tools/refmiscinfo + refmiscinfo class=version3.6/refmiscinfo +/refmeta + + +refnamediv + refnamevfs_media_harmony/refname + refpurposeAllow multiple Avid clients to share a network drive./refpurpose +/refnamediv + +refsynopsisdiv + cmdsynopsis + commandvfs objects = media_harmony/command + /cmdsynopsis +/refsynopsisdiv + +refsect1 + titleDESCRIPTION/title + + paraThis VFS module is part of the + citerefentryrefentrytitlesamba/refentrytitle + manvolnum7/manvolnum/citerefentry suite./para + + paraThe commandvfs_media_harmony/command VFS module allows + Avid editorial workstations to share a network drive. It does + this by:/para + orderedlist continuation=restarts inheritnum=ignore numeration=arabic + listitemparaGiving each client their own copy of the Avid + msmMMOB.mdb and msmFMID.pmr files and Creating directories./para/listitem + listitemparaAllowing each client to explicitly control the + write time the Avid application sees on Avid media directories./para/listitem + /orderedlist + + paraThis module is stackable./para + +/refsect1 + +refsect1 + titleCONFIGURATION/title + + paracommandvfs_media_harmony/command automatically redirects + requests from clients for Avid database files or an Avid Creating + directory to a client-specific version of the file. No + configuration beyond enabling the module is needed to get this + portion of its functionality working./para + + paraIf Mac and Windows Avid clients will be accessing the same + folder, they should be given separate share definitions, with + hidden Mac files vetoed on the Windows share. See EXAMPLES./para + + paraTo allow each client to control when the Avid application + refreshes their Avid databases, create files for each client + and each Avid media directory with the name + [avid_dir_name]_[client_ip_address]_[client_username]. + To trigger Avid database refreshes, update the write time on + those files. See EXAMPLES./para + + paraIt is also necessary for the commandcache locked write times = no/command + option to be set for clients to be able to control their Avid + media folder write times./para + +/refsect1 + +refsect1 + titleEXAMPLES/title + + paraEnable media_harmony for Mac and Windows clients:/para +programlisting +smbconfsection name=[avid_mac]/ +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d825adf s3-param: Remove never-reached condition for popts == NULL via 31d1fde s3-param: Remove never-reached condition for opt_list == NULL via d65bded source3/loadparm.c: Move string_set/string_free inside. via 3bb65aa source3/smbd/conn.c: wean off string_set/string_free via a14c02d source3/loadparm: make struct loadparm_service a talloc object. via 592e3f4 loadparm: Add ctx member to struct loadparm_global. from 9b7b736 media_harmony VFS module: Add and build by default. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d825adf86a91aa08588ef5fa95ce3f91abb9fd40 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 21:29:53 2012 +1000 s3-param: Remove never-reached condition for popts == NULL All the callers provide a parametric options pointer to fill in. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 7 17:16:38 CEST 2012 on sn-devel-104 commit 31d1fde037d78e2c2becdedb9016a859e5e38437 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 21:20:47 2012 +1000 s3-param: Remove never-reached condition for opt_list == NULL All the callers provide a parametric options pointer to fill in. Andrew Bartlett commit d65bded0c2435a62bf0fe33828d6dc5b9a74f936 Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jul 23 14:51:39 2012 +0930 source3/loadparm.c: Move string_set/string_free inside. The only user, so make them static inside loadparm.c Signed-off-by: Rusty Russell ru...@rustcorp.com.au Signed-off-by: Andrew Bartlett abart...@samba.org commit 3bb65aa159cae310b2a5d4998c258d72ace2fa3f Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jul 23 14:51:34 2012 +0930 source3/smbd/conn.c: wean off string_set/string_free Use straight talloc strings. This is the only user outside loadparm.c. Signed-off-by: Rusty Russell ru...@rustcorp.com.au Signed-off-by: Andrew Bartlett abart...@samba.org commit a14c02d2a7b9d070a6338a360103a34e7673454c Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jul 23 12:20:26 2012 +0930 source3/loadparm: make struct loadparm_service a talloc object. This gives us a place to allocate members from. Signed-off-by: Rusty Russell ru...@rustcorp.com.au Signed-off-by: Andrew Bartlett abart...@samba.org commit 592e3f4b236b3b5c056faca6ca6f060560a3204d Author: Rusty Russell ru...@rustcorp.com.au Date: Mon Jul 23 12:19:46 2012 +0930 loadparm: Add ctx member to struct loadparm_global. Rather than tallocing global parameters off NULL, keep it neat by having a Global.ctx member. Signed-off-by: Rusty Russell ru...@rustcorp.com.au Signed-off-by: Andrew Bartlett abart...@samba.org --- Summary of changes: script/mkparamdefs.pl |4 ++- source3/Makefile.in |2 +- source3/include/proto.h |2 - source3/lib/string_init.c | 77 - source3/param/loadparm.c | 66 +- source3/smbd/conn.c | 10 ++ source3/smbd/service.c|9 +++-- source3/wscript_build |2 +- 8 files changed, 70 insertions(+), 102 deletions(-) delete mode 100644 source3/lib/string_init.c Changeset truncated at 500 lines: diff --git a/script/mkparamdefs.pl b/script/mkparamdefs.pl index b489cc9..6b59230 100644 --- a/script/mkparamdefs.pl +++ b/script/mkparamdefs.pl @@ -91,12 +91,14 @@ $file-(/* This file was automatically generated by mkparamdefs.pl. DO NOT EDIT $file-( * This structure describes global (ie., server-wide) parameters.\n); $file-( */\n); $file-(struct loadparm_global \n); + $file-({\n); + $file-(\tTALLOC_CTX *ctx; /* Context for talloced members */\n); } elsif ($generate_scope eq LOCAL) { $file-( * This structure describes a single service.\n); $file-( */\n); $file-(struct loadparm_service \n); + $file-({\n); } -$file-({\n); } sub print_footer($$$) diff --git a/source3/Makefile.in b/source3/Makefile.in index ff0f1f4..e42c1b5 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -466,7 +466,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) $(LIBTSOCKET_OBJ) \ ../libds/common/flag_mapping.o \ lib/access.o lib/smbrun.o \ ../lib/util/bitmap.o ../lib/util/dprintf.o $(UTIL_REG_OBJ) \ - lib/wins_srv.o lib/string_init.o \ + lib/wins_srv.o \ lib/util_str.o ../lib/util/util_str_common.o \ ../lib/util/util_str.o \ ../lib/util/base64.o lib/util_sid.o \ diff --git a/source3/include/proto.h
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c301691 s3:smb2_server: fix SMB2 signing of compound responses via 40f771e s3:smb2_server: there's no need to copy req-out.vector when we just keep the last request via 8d63efe s3:smb2_server: use memmove instead of copying single vector elements via 9b8973d s3:smb2_server: make use of SMBD_SMB2_OUT_HDR_PTR() smbd_smb2_request_pending_queue() via bfc87a4 s3:smb2_server: check for compound based on SMBD_SMB2_NUM_IOV_PER_REQ via 5730272 s3:smb2_server: make use of SMBD_SMB2_OUT_*_IOV smbd_smb2_request_reply() via 727b1d1 s3:smb2_server: check for compound based on SMBD_SMB2_NUM_IOV_PER_REQ via 2da6217 s3:smb2_server: make use of SMBD_SMB2_*_IOV_OFS via d609bb9 s3:smb2_server: make use of helper macros in smb2_calculate_credits() via efaea8e s3:smb2_server: make use of helper macros in smbd_smb2_request_validate() via 4e6e1ec s3:smb2_server: make use of SMBD_SMB2_NUM_IOV_PER_REQ via 337604a s3:smb2_server: add some more SMBD_SMB2_* defines/macros from d825adf s3-param: Remove never-reached condition for popts == NULL http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c3016915a1ea381976b747c4e185d4046e7995ca Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 14:24:28 2012 +0200 s3:smb2_server: fix SMB2 signing of compound responses We need to defer the signing until we know the response doesn't change anymore before it goes over the wire. metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Aug 7 20:29:30 CEST 2012 on sn-devel-104 commit 40f771e0105a0d13d83d66d99d9412acf6b73978 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 13:02:14 2012 +0200 s3:smb2_server: there's no need to copy req-out.vector when we just keep the last request metze commit 8d63efe27397f0f45b774e04e6146f87a84ba799 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 13:00:50 2012 +0200 s3:smb2_server: use memmove instead of copying single vector elements metze commit 9b8973d3b528169bf70a57f3cc17f35e51dfc81e Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 12:57:14 2012 +0200 s3:smb2_server: make use of SMBD_SMB2_OUT_HDR_PTR() smbd_smb2_request_pending_queue() metze commit bfc87a4a76294b26f6031547e18228afd4d535e5 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 12:56:23 2012 +0200 s3:smb2_server: check for compound based on SMBD_SMB2_NUM_IOV_PER_REQ metze commit 5730272690b5f4d854a4c7e8b0d68040b159d6aa Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 12:55:28 2012 +0200 s3:smb2_server: make use of SMBD_SMB2_OUT_*_IOV smbd_smb2_request_reply() metze commit 727b1d1fa867e1421cc01f4eee95f8001d315a12 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 12:47:44 2012 +0200 s3:smb2_server: check for compound based on SMBD_SMB2_NUM_IOV_PER_REQ metze commit 2da62179de7d2547703ff6ae78f80518abed91b8 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 12:41:07 2012 +0200 s3:smb2_server: make use of SMBD_SMB2_*_IOV_OFS metze commit d609bb9b4201f50322278e949fe036fe70c1e77f Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 12:31:36 2012 +0200 s3:smb2_server: make use of helper macros in smb2_calculate_credits() metze commit efaea8e0e1ca389ac7bd82f2d9a3401f92094fe4 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 12:30:54 2012 +0200 s3:smb2_server: make use of helper macros in smbd_smb2_request_validate() metze commit 4e6e1ecb6eb948c9651c6a1e17319c75191a1bac Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 12:26:38 2012 +0200 s3:smb2_server: make use of SMBD_SMB2_NUM_IOV_PER_REQ metze commit 337604a0cff2c4a09b4e29b88650149db897b8b2 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 12:22:06 2012 +0200 s3:smb2_server: add some more SMBD_SMB2_* defines/macros metze --- Summary of changes: source3/smbd/globals.h | 34 ++- source3/smbd/smb2_server.c | 228 +++- 2 files changed, 169 insertions(+), 93 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 967fe85..7b2d31d 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -460,6 +460,12 @@ struct smbd_smb2_request { bool cancelled; bool compound_related; + /* +* the signing/encryption key for the last +* request/response of a compound chain +*/ + DATA_BLOB last_key; + struct timeval request_time; /* fake smb1 request. */ @@ -474,21 +480,37 @@ struct
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via da4057f vfs_media_harmony: fix return of void from c301691 s3:smb2_server: fix SMB2 signing of compound responses http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit da4057fdca67571492b2cfc6329686e19696e4a0 Author: Björn Jacke b...@sernet.de Date: Tue Aug 7 19:16:40 2012 +0200 vfs_media_harmony: fix return of void caught by the Studio Compiler Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Tue Aug 7 22:22:48 CEST 2012 on sn-devel-104 --- Summary of changes: source3/modules/vfs_media_harmony.c |9 ++--- 1 files changed, 6 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_media_harmony.c b/source3/modules/vfs_media_harmony.c index 82beccc..0bc14d9 100644 --- a/source3/modules/vfs_media_harmony.c +++ b/source3/modules/vfs_media_harmony.c @@ -997,8 +997,9 @@ static void mh_seekdir(vfs_handle_struct *handle, long offset) { DEBUG(MH_INFO_DEBUG, (Entering and leaving mh_seekdir\n)); - return SMB_VFS_NEXT_SEEKDIR(handle, + SMB_VFS_NEXT_SEEKDIR(handle, ((mh_dirinfo_struct*)dirp)-dirstream, offset); + return; } /* @@ -1021,8 +1022,9 @@ static void mh_rewinddir(vfs_handle_struct *handle, DIR *dirp) { DEBUG(MH_INFO_DEBUG, (Entering and leaving mh_rewinddir\n)); - return SMB_VFS_NEXT_REWINDDIR(handle, + SMB_VFS_NEXT_REWINDDIR(handle, ((mh_dirinfo_struct*)dirp)-dirstream); + return; } /* @@ -1120,8 +1122,9 @@ static void mh_init_search_op(vfs_handle_struct *handle, DIR *dirp) { DEBUG(MH_INFO_DEBUG, (Entering and leaving mh_init_search_op\n)); - return SMB_VFS_NEXT_INIT_SEARCH_OP(handle, + SMB_VFS_NEXT_INIT_SEARCH_OP(handle, ((mh_dirinfo_struct*)dirp)-dirstream); + return; } /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c2dee12 vfs_dirsort: Remove unnecessary return; statement via 375ba1b vfs_afsacl.c: Remove some unnecessary return; statements via ebc92d0 vfs_full_audit: Remove some unnecessary return; statements via dab8fe5 vfs_time_audit: Remove unnecessary return; statement via 3f9b2cc vfs_time_audit: Remove some unnecessary return; statements via 9adf6a0 vfs-mediaharmony: Remove some unnecessary return; statements from da4057f vfs_media_harmony: fix return of void http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c2dee12d678234126648d150f6f03165a2b7c95b Author: Björn Jacke b...@sernet.de Date: Wed Aug 8 00:19:00 2012 +0200 vfs_dirsort: Remove unnecessary return; statement Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Wed Aug 8 02:17:13 CEST 2012 on sn-devel-104 commit 375ba1b483c5a1861df7a897020397f87575a8f9 Author: Björn Jacke b...@sernet.de Date: Wed Aug 8 00:15:29 2012 +0200 vfs_afsacl.c: Remove some unnecessary return; statements commit ebc92d071567b7e7ca8b06372aeccaf26a986b3c Author: Björn Jacke b...@sernet.de Date: Wed Aug 8 00:14:46 2012 +0200 vfs_full_audit: Remove some unnecessary return; statements commit dab8fe5deabd3feec7451163e8569ee665567f18 Author: Björn Jacke b...@sernet.de Date: Wed Aug 8 00:13:10 2012 +0200 vfs_time_audit: Remove unnecessary return; statement commit 3f9b2cc6828e431d2340ee3d7b4411c363ca11b1 Author: Björn Jacke b...@sernet.de Date: Wed Aug 8 00:12:00 2012 +0200 vfs_time_audit: Remove some unnecessary return; statements commit 9adf6a061a3d47ea2b7cadb6508dd5acffdbb8bd Author: Volker Lendecke v...@samba.org Date: Tue Aug 7 22:42:02 2012 +0200 vfs-mediaharmony: Remove some unnecessary return; statements --- Summary of changes: source3/modules/vfs_afsacl.c|5 - source3/modules/vfs_dirsort.c |2 -- source3/modules/vfs_full_audit.c|9 - source3/modules/vfs_media_harmony.c |3 --- source3/modules/vfs_shadow_copy2.c |2 -- source3/modules/vfs_time_audit.c|7 --- 6 files changed, 0 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index 61a3145..ab7ef30 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -217,8 +217,6 @@ static void add_afs_ace(struct afs_acl *acl, DEBUG(10, (add_afs_ace: Added %s entry for %s with rights %d\n, ace-positive?positive:negative, ace-name, ace-rights)); - - return; } /* AFS ACLs in string form are a long string of fields delimited with \n. @@ -395,8 +393,6 @@ static void afs_to_nt_dir_rights(uint32 afs_rights, uint32 *nt_rights, /* Only lookup right */ *flag = SEC_ACE_FLAG_CONTAINER_INHERIT; } - - return; } #define AFS_FILE_RIGHTS (PRSFS_READ|PRSFS_WRITE|PRSFS_LOCK) @@ -422,7 +418,6 @@ static void split_afs_acl(struct afs_acl *acl, ace-rights AFS_DIR_RIGHTS); } } - return; } static bool same_principal(struct afs_ace *x, struct afs_ace *y) diff --git a/source3/modules/vfs_dirsort.c b/source3/modules/vfs_dirsort.c index f04f52d..98472f8 100644 --- a/source3/modules/vfs_dirsort.c +++ b/source3/modules/vfs_dirsort.c @@ -41,8 +41,6 @@ static void free_dirsort_privates(void **datap) { SAFE_FREE(data-directory_list); SAFE_FREE(data); *datap = NULL; - - return; } static bool open_and_sort_dir (vfs_handle_struct *handle) diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 1e5679d..3199503 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -558,8 +558,6 @@ static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle, TALLOC_FREE(audit_pre); TALLOC_FREE(op_msg); TALLOC_FREE(tmp_do_log_ctx); - - return; } /** @@ -638,8 +636,6 @@ static void smb_full_audit_disconnect(vfs_handle_struct *handle) /* The bitmaps will be disconnected when the private data is deleted. */ - - return; } static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle, @@ -770,7 +766,6 @@ static void smb_full_audit_seekdir(vfs_handle_struct *handle, SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset); do_log(SMB_VFS_OP_SEEKDIR, True, handle, ); - return; } static long smb_full_audit_telldir(vfs_handle_struct *handle, @@ -791,7 +786,6 @@ static void smb_full_audit_rewinddir(vfs_handle_struct *handle, SMB_VFS_NEXT_REWINDDIR(handle, dirp); do_log(SMB_VFS_OP_REWINDDIR, True, handle, ); -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 64c0367 s3: Fix a crash in reply_lockingX_error from c2dee12 vfs_dirsort: Remove unnecessary return; statement http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 64c0367335fab0137e65f8cfa35af77ff854f654 Author: Volker Lendecke v...@samba.org Date: Tue Aug 7 22:25:53 2012 +0200 s3: Fix a crash in reply_lockingX_error A timed brlock with 2 locks comes in and the second one blocks, file is closed. smbd_cancel_pending_lock_requests_by_fid sets blr-fsp to NULL. reply_lockingX_error (called via MSG_SMB_BLOCKING_LOCK_CANCEL) deferences blr-fsp because blr-lock_num==1 (the second one blocked). This patch fixes the bug by only undoing the locks if fsp!=NULL. fsp==NULL is the close case where everything is undone anyway. Thanks to Peter Somogyi, somo...@hu.ibm.com for this bug report. Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Aug 8 04:12:04 CEST 2012 on sn-devel-104 --- Summary of changes: source3/smbd/blocking.c | 15 +++ 1 files changed, 11 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index 3a45a27..95d6c33 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -336,7 +336,7 @@ static void generic_blocking_lock_error(struct blocking_lock_record *blr, NTSTAT obtained first. */ -static void reply_lockingX_error(struct blocking_lock_record *blr, NTSTATUS status) +static void undo_locks_obtained(struct blocking_lock_record *blr) { files_struct *fsp = blr-fsp; uint16 num_ulocks = SVAL(blr-req-vwv+6, 0); @@ -380,8 +380,6 @@ static void reply_lockingX_error(struct blocking_lock_record *blr, NTSTATUS stat offset, WINDOWS_LOCK); } - - generic_blocking_lock_error(blr, status); } / @@ -394,7 +392,16 @@ static void blocking_lock_reply_error(struct blocking_lock_record *blr, NTSTATUS switch(blr-req-cmd) { case SMBlockingX: - reply_lockingX_error(blr, status); + /* +* This code can be called during the rundown of a +* file after it was already closed. In that case, +* blr-fsp==NULL and we do not need to undo any +* locks, they are already gone. +*/ + if (blr-fsp != NULL) { + undo_locks_obtained(blr); + } + generic_blocking_lock_error(blr, status); break; case SMBtrans2: case SMBtranss2: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 528d3fe libcli/smb: do not set SMB2_TF_MSG_SIZE in the caller via 143fb84 libcli/smb: smb2_signing_[en|de]crypt_pdu() check and set SMB2_TF_MSG_SIZE via 6bfdca4 s3:smb2_sesssetup: remove unused code in smbd_smb2_reauth_generic_return() via 5f7d786 s3:smb2_sesssetup: remove TALLOC_FREE(session) from smbd_smb2_[re]auth_generic_return via c9ecfd6 s3:smb2_server: sign the last request at the start of smbd_smb2_request_reply() from 64c0367 s3: Fix a crash in reply_lockingX_error http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 528d3fe2ae9691bc1c0b322bb3007524987f8b28 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 05:04:07 2012 +0200 libcli/smb: do not set SMB2_TF_MSG_SIZE in the caller metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Aug 8 07:32:55 CEST 2012 on sn-devel-104 commit 143fb8403a5b763224b078e67aa9e4ef005ec9ca Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 05:03:19 2012 +0200 libcli/smb: smb2_signing_[en|de]crypt_pdu() check and set SMB2_TF_MSG_SIZE metze commit 6bfdca4786cd6293650ecde784e316d2f0258a56 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 05:35:37 2012 +0200 s3:smb2_sesssetup: remove unused code in smbd_smb2_reauth_generic_return() A reauth exchange is already signed, with the channel signing key. metze commit 5f7d786b08f2d67d200fb473b12781174a69e776 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 05:33:50 2012 +0200 s3:smb2_sesssetup: remove TALLOC_FREE(session) from smbd_smb2_[re]auth_generic_return The caller does this via the smbd_smb2_session_setup_state_destructor() metze commit c9ecfd6f3df2714bfaabb77ceb987ce65c62e38a Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 04:35:15 2012 +0200 s3:smb2_server: sign the last request at the start of smbd_smb2_request_reply() This means we correctly sign all responses in a compound chain. metze --- Summary of changes: libcli/smb/smb2_signing.c | 22 -- libcli/smb/smbXcli_base.c |3 --- source3/smbd/smb2_server.c| 38 -- source3/smbd/smb2_sesssetup.c | 18 -- 4 files changed, 32 insertions(+), 49 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index bb621fd..97143f7 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -238,13 +238,15 @@ NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key, return NT_STATUS_ACCESS_DENIED; } - alg = SMB2_ENCRYPTION_AES128_CCM; - SSVAL(tf, SMB2_TF_ALGORITHM, alg); - a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE; for (i=1; i count; i++) { m_total += vector[i].iov_len; } + + alg = SMB2_ENCRYPTION_AES128_CCM; + SSVAL(tf, SMB2_TF_ALGORITHM, alg); + SIVAL(tf, SMB2_TF_MSG_SIZE, m_total); + ZERO_STRUCT(key); memcpy(key, encryption_key.data, MIN(encryption_key.length, AES_BLOCK_SIZE)); @@ -283,6 +285,7 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, int i; size_t a_total; size_t m_total = 0; + uint32_t msg_size = 0; struct aes_ccm_128_context ctx; uint8_t key[AES_BLOCK_SIZE]; @@ -302,15 +305,22 @@ NTSTATUS smb2_signing_decrypt_pdu(DATA_BLOB decryption_key, return NT_STATUS_ACCESS_DENIED; } + a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE; + for (i=1; i count; i++) { + m_total += vector[i].iov_len; + } + alg = SVAL(tf, SMB2_TF_ALGORITHM); + msg_size = IVAL(tf, SMB2_TF_MSG_SIZE); + if (alg != SMB2_ENCRYPTION_AES128_CCM) { return NT_STATUS_ACCESS_DENIED; } - a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE; - for (i=1; i count; i++) { - m_total += vector[i].iov_len; + if (msg_size != m_total) { + return NT_STATUS_INTERNAL_ERROR; } + ZERO_STRUCT(key); memcpy(key, decryption_key.data, MIN(decryption_key.length, AES_BLOCK_SIZE)); diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index c6e3b2a..dad869c 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -2764,9 +2764,6 @@ skip_credits: state-session-smb2-nonce_low += 1; } - SBVAL(state-smb2.transform, SMB2_TF_MSG_SIZE, - reqlen); - buf = talloc_array(iov, uint8_t, reqlen);