Re: [Samba] %localappdata%\google\drive get lost
Hi Alex, a local user and a domain user with the same name are two different users. Different SIDs! Jochen Am 09.08.2012 15:25, schrieb Alexander Busam: Hello! I use samba 3.6.7 as PDC for Windows 7. For Google Drive the config files are stored in %localappdata%\google\drive. These files are needed for logon and syncronisation. As a local user all works fine. When I logout and logon to Windows as domain user the %localappdata%\google folder disappeared. Is this a Windows, Google or samba problem ? Any ideas? Thx! Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] make install fails, can't link libreplace.inst.so [SOLVED]
For the record: Stupid, really, but I simply didn't have enough memory. I had a small virtual test box, with merely 256 MiB of RAM. When I increased that to 512, make install ran without a fuzz. It took me several days to solve. Only, when I finally in my desperation (after testing all possible library combinations) attempted to run make test, I got an error that clearly informed me that no more memory could be allocated. Pekka On 30.7.2012 20:32, Pekka L.J. Jalkanen wrote: I can compile Samba4 beta 4, but can't install it: root@samba4dc:/usr/src/samba-4.0.0beta4# ./configure.developer snip 'configure' finished successfully (49.871s) root@samba4dc:/usr/src/samba-4.0.0beta4# make WAF_MAKE=1 ./buildtools/bin/waf build snip Waf: Leaving directory `/usr/src/samba-4.0.0beta4/bin' 'build' finished successfully (13m25.444s) root@samba4dc:/usr/src/samba-4.0.0beta4# make install WAF_MAKE=1 ./buildtools/bin/waf install Waf: Entering directory `/usr/src/samba-4.0.0beta4/bin' * creating /usr/local/samba/etc * creating /usr/local/samba/private * creating /usr/local/samba/var * creating /usr/local/samba/private * creating /usr/local/samba/var/lib * creating /usr/local/samba/var/locks * creating /usr/local/samba/var/cache * creating /usr/local/samba/var/lock * creating /usr/local/samba/var/run * creating /usr/local/samba/var/run Selected embedded Heimdal build Checking project rules ... Project rules pass [ 129/4246] Linking default/lib/replace/libreplace.inst.so Waf: Leaving directory `/usr/src/samba-4.0.0beta4/bin' Build failed: - task failed (err #-1): {task: cc_link replace_2.o,getpass_2.o - libreplace.inst.so} make: *** [install] Error 1 Could anybody help me to figure out how to diagnose this problem? The example above is from a tarball source, but the same first happened with git source (git checkout samba-4.0.0beta4). Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 install fails, no matter what I do [SOLVED]
This was a simple memory allocation problem, and entirely my own fallacy. For details, see https://lists.samba.org/archive/samba/2012-August/168709.html Pekka On 31.7.2012 15:32, Pekka L.J. Jalkanen wrote: I can't install Samba 4 in practically any fashion. I've tried Debian packages without much success (see https://lists.samba.org/archive/samba-technical/2012-July/085301.html) I later on figured out that it is not possible to use those packages without using ntvfs (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679678). I've attempted to compile it from source under Debian Squeeze, but while it indeed compiles, make install doesn't succeed (see the message I posted on this list yesterday: https://lists.samba.org/archive/samba/2012-July/168490.html) I've now installed a new VM from scratch running Debian Wheezy to test S4 under that, but make install didn't succeed that way either. I've now attached to this message a complete log of everything that I've done in hope that somebody could help me understand why on earth it doesn't work. Surely Samba 4 should be at least installable under Debian; it's not, after all, an alpha release any more... Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
The Domain Users group should have automatically been added to the local users group when you joined the domain. When I upgraded from Samba 3.0.x to 3.5.x I had a error in the group mappings on one of the DC's that cause problems for a while. I also had to explicitly add a mapping for the nobody user and group. I think I may have explicitly granted the domain administrator the privileged to add machines to the domain http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html#rp-privs But I think I only had to do that because the administrator was not recognized as being a domain admin (or local admin) because the group mapping was broken. If you add a network user to the local admin group, and login works, then there is definitely a local security issue.My guess is that the OS creates the new user local profile directory but then has problems assigning file permissions/ownership for the network user. On XP , if you right click My Computer and look at profiles, you could see if the profile for a user was local, roaming or temporary. Win 7 should have the same option. On 08/09/12 18:03, Brandon wrote: Are your group mappings correct? I ask because it may be that the Domain Users is not properly recognized as a member of the Users group on the PC. Can you login as the domain (or local) admins and explicitly add domain users and domain groups to a local group? An update to this: I was able to add domain users after a reboot. So I've added MYWORKGROUP\myadmin to my Users group on the local machine. I was also able to search my domain for users, and came up with a list of my users, a nobody user, and a Domain Admins group. I've added MYWORKGROUP\myadmin (user) and MYWORKGROUP\Domain Admins (group) to the User group on the local machine. I am still getting the same errors when logging on though. It seems to me like it's trying to pull a roaming profile when I have roaming profiles disabled (or I thought I did), and/or windows doesn't actually know the netbios name, based on the series of these events: Windows cannot copy file \\?\C:\Users\Default\Documents to location \\?\C:\Users\TEMP.MYWORKGROUP\Documents. This error may be caused by network problems or insufficient security rights. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP - Samba password synchronization
On Thu, Aug 9, 2012 at 10:17 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: The best approach is to configure samba to change the ldap password when a samba password changes. See the smb.conf man page and password sync and password chat options. LDAP doesn't usually actually have the password information. In most modern setups, *Kerberos* has the passwords and provides the authentication, and LDAP provides other account information, integrated with Kerberos. It turns out to be easy to switch from using local passwords to Kerberos authentication on Linux and many UNIX systems. The exact commands very, but on RHEL 6 with DNS properly configured to use Samba or AD Kerberos authentication: sudo authconfig --enablekrb5 --krb5realm=[name of realm] --enablekrb5kdcdns --test sudo authconfig --enablekrb5 --krb5realm=[name of realm] --enablekrb5kdcdns --update Configure the local UNIX passwords to have locked passwords which do not expire, and you can rely on the Kerberos for account expiration, instead. sudo -s -H # do this first in case you're locking your own account usermod -p '!!' username # lock local password thoroughly chage -l username # check settings chage -M -1 -E -1 username # disable password obsolescence and non-Kerberos expiration chage -l username # verify settings Do the 'sudo -s -H' becuase chage gets a bit weird when run as a non-root user through sudo. The end result is to enable the kerberized authentication, and disable local passwords entirely. Passwords should then be updateable with the kpasswd command, and tools like recent versions of SSH and Apache can manage Kerberos tickets for genuine single-sign-on, as well as relying on the Kerberos authentication instead of local passwords. Samba and Unix use different password hash mechanisms so you have to have separate password fields. The only other secure way may be to configure Windows clients to use kerberos authentication- but that is a much bigger project. See above. If you're using various Samba configurations that rely on Kerberos for authentication, such as ads, then this can save a lot of password management trouble. On 08/09/12 09:55, RAKESH PRITMANI wrote: Is there a way to syncronize SambaLmPassword NTLMpassword from LDAP password. ldap passwd sync allows to sync ldap passwd from samba, I need the other way. I already have external LDAP server with CRYPT passwords and need to set SambaLMPasswd with these LDAP passwords. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS proxy with samba4
Nobody ? No idea? Ced T Le 08/08/2012 11:40, Ced T a écrit : Hi. Yesterday i compiled samba4 (beta6) to try the CIFS proxy functionnality. Here is my smb.conf: # Global parameters [global] workgroup = myworkgroup realm = mysociety.fr netbios name = LINBUNTU ;server role = active directory domain controller server role = member server passdb backend = samba4 [netlogon] path = /usr/local/samba/var/locks/sysvol/inist.fr/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [homes] comment = Home Directories browseable = no read only = no create mask = 0744 create mode = 0744 directory mask = 0755 directory mode = 0755 [seeida] ntvfs handler = cifs cifs:server = ida cifs:share = see cifs:domain = mydomain cifs:user = user cifs:password = password But when i start samba (/usr/local/samba/sbin/samba) it does not work In my logs file (log.smbd) I can see this warning: [2012/08/08 10:05:37.546915, 0] ../source3/param/loadparm.c:2340(service_ok) WARNING: No path in service seeida - making it unavailable! Same kind of messages when I run testparm: WARNING: No path in service seeida - making it unavailable! NOTE: Service seeida is flagged unavailable. Any ideas? Thanks in advance for your help. Ced T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Remove non-existing DC from Samba4 Domain
I've tried to use the ntdsutil on windows vista and I can't get it to list the domains. Is there a way, using samba-tool or other that I can remove an old DC from the domain and all it's metadata? Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samber server in openvz container - venet oder veth0?
sorry, to bother you again. I cannot join win7 or winXP clients to my samba domain sever located on a debian server in a VE (openvz) unless I set up the server and clients to use WINS. But the recommendation is not to use WINS. openvz natively uses venet. venet makes broadcasting impossible. I guess DNS is sufficient for name-IP resolution but not for NetBios name-IP resolution (it doesn' know name types and maybe that's why it cannot find DMB and logon server?) and that's why my win7 and winXP clients cannot join the domain. So given my virtual server setup with openvz, do you rather suggest to use WINS or to set up veth so I can use normal broadcasting? Or are there other ways to do name resolution with a samba server installed in a VE container which I oversaw. I'm a newbie and netbios name resolution is hard to understand. so I would be very happy to get any suggestions from people already using samba server in an open vz container do you guys use venet or veth or do you just activate WINS? birgit === thank you Johannes. no, I don't really need WINS but it was the only way I could join clients to the domain so far. so I activated it. DNS should be available and working too. /etc/nsswitch.conf looks like this: hosts: files dns Can I use venet with samba or should I change to veth? regards, birgit Johannes Truschnigg johan...@truschnigg.info schreibt: Hi Birgit, On Tue, Aug 07, 2012 at 01:38:32PM +0200, Birgit Berger (UV Wien) wrote: I'm new to the list. hopefully my question is correctly placed here... I'd installed my samba server 3.5.6 on debian squeeze in a openvz container that uses venet. I'd love to keep it that way but I'm not sure if that is ok. Do you use samba server with venet or do I have to change to veth? I already read http://wiki.openvz.org/Differences_between_venet_and_veth and I don't want to intall shorewall in every container (VE). Also venet seems easier to administrate and is faster. I read http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html and nmblookup (chapters 4,5,6 and 10) doesn't work. This is because of venet, I suppose. Because with venet broadcasting doesn't work. But do I really need it for the Samba server or can I just use DNS (on other servers than the samba server) and WINS server (on the samba server)? Can I stick to venet or should I use veth? Do you have clients on the network that you know absolutely require WINS for resolving names? (I'd actually have a hard time believing that, but who knows...) Other than that, not having WINS but DNS as its modern and sensible replacement in working condition should be perfectly sufficient for your day to day Samba (and other networking) needs. I've been running Samba without nmbd enabled for a few years now (with Windows XP, Windows 7 and GNU/Linux as clients) and did not run into any problems becasue of that. Grüße aus und nach Wien ;) -- with best regards: - Johannes Truschnigg ( johan...@truschnigg.info ) www: http://johannes.truschnigg.info/ phone: +43 650 2 17 xmpp: johan...@truschnigg.info Please do not bother me with HTML-email or attachments. Thank you. Johannes Truschnigg johan...@truschnigg.info schreibt: Hello again, On Tue, Aug 07, 2012 at 02:28:24PM +0200, Birgit Berger (UV Wien) wrote: thank you Johannes. no, I don't really need WINS but it was the only way I could join clients to the domain so far. so I activated it. DNS should be available and working too. /etc/nsswitch.conf looks like this: hosts: files dns That's fine - you don't want anything reagrding winbind or WINS in there, since you don't have proper name resolution set up over that kind of protocol/service. Can I use venet with samba or should I change to veth? Just stick with what you got - vnet will be fine. Have a nice day! -- with best regards: - Johannes Truschnigg ( johan...@truschnigg.info ) www: http://johannes.truschnigg.info/ phone: +43 650 2 17 xmpp: johan...@truschnigg.info Please do not bother me with HTML-email or attachments. Thank you. Birgit Berger EDV-Administratorin an der ÖH Uni Wien http://www.oeh.univie.ac.at/arbeitsbereiche/edv.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Add machines for join a domain
Hello ! I configured samba and ldap, when I join the domain, come this error: not possible locate the name of user. Search about this error, I search in Google, and the solution is create the name machines in Linux System. But I have 50 machines, and create all machine users is very bad. Have Another solution ? Thanks Rodrigo Faria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Add machines for join a domain
Do you mean when you join a Linux machine to the domain? Or do you mean when you join a Windows machine to the domain. You do need a unix account for all machines that will be in the domain. You can configure samba to automatically create the LDAP accounts for machines when they are added. I haven't done this. The procedure is somewhere in the documentation.I just created machine accounts as need as I added the machines. On 08/10/12 14:56, rodrigo tavares wrote: Hello ! I configured samba and ldap, when I join the domain, come this error: not possible locate the name of user. Search about this error, I search in Google, and the solution is create the name machines in Linux System. But I have 50 machines, and create all machine users is very bad. Have Another solution ? Thanks Rodrigo Faria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samber server in openvz container - venet oder veth0?
If you don't use WINS, and you are trying to log into the domain, the client will broadcast for a DC server. This normally works OK if everything is on the same LAN. If broadcast doesn't work, the using WINS helps find the DC's- since the WINS database on the WINS server includes name-to-ip entries for DC's as well as hosts. For simpler things like connecting to network shares , Windows clients can use dns to find machine names. So if you want to map a user drive (e.g. net use R: \\someserver\someshare) this should work fine with out wins. Afterall, the client is doing all the name resolution. This is supposing of course that the servers IP name and netbios name are the same. however, in practice there does seem to be a server side issue.I have several samba servers and I ran into the following problem: from a VPN client, I could use net use \\server1_hostname and net use \\server2_hostname to connect to shared resources. I could NOT use net use \\server3_hostname. VPN clients did not use WINS, and NETBIOS broadcasts were blocked for VPN clients, even tho the VPN client appeared to be on the same subnet.VPN clients could resolve host names via DNS. They could even connect with net use \\server3_IP_address. Packet captures showed that the clients were in fact reaching server3_hostname but that server3 would not respond. The server should NOT be attempting to resolve the client names but, for some reason, it was. On 08/10/12 14:44, Birgit Berger (UV Wien) wrote: sorry, to bother you again. I cannot join win7 or winXP clients to my samba domain sever located on a debian server in a VE (openvz) unless I set up the server and clients to use WINS. But the recommendation is not to use WINS. openvz natively uses venet. venet makes broadcasting impossible. I guess DNS is sufficient for name-IP resolution but not for NetBios name-IP resolution (it doesn' know name types and maybe that's why it cannot find DMB and logon server?) and that's why my win7 and winXP clients cannot join the domain. So given my virtual server setup with openvz, do you rather suggest to use WINS or to set up veth so I can use normal broadcasting? Or are there other ways to do name resolution with a samba server installed in a VE container which I oversaw. I'm a newbie and netbios name resolution is hard to understand. so I would be very happy to get any suggestions from people already using samba server in an open vz container do you guys use venet or veth or do you just activate WINS? birgit === thank you Johannes. no, I don't really need WINS but it was the only way I could join clients to the domain so far. so I activated it. DNS should be available and working too. /etc/nsswitch.conf looks like this: hosts: files dns Can I use venet with samba or should I change to veth? regards, birgit Johannes Truschnigg johan...@truschnigg.info schreibt: Hi Birgit, On Tue, Aug 07, 2012 at 01:38:32PM +0200, Birgit Berger (UV Wien) wrote: I'm new to the list. hopefully my question is correctly placed here... I'd installed my samba server 3.5.6 on debian squeeze in a openvz container that uses venet. I'd love to keep it that way but I'm not sure if that is ok. Do you use samba server with venet or do I have to change to veth? I already read http://wiki.openvz.org/Differences_between_venet_and_veth and I don't want to intall shorewall in every container (VE). Also venet seems easier to administrate and is faster. I read http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html and nmblookup (chapters 4,5,6 and 10) doesn't work. This is because of venet, I suppose. Because with venet broadcasting doesn't work. But do I really need it for the Samba server or can I just use DNS (on other servers than the samba server) and WINS server (on the samba server)? Can I stick to venet or should I use veth? Do you have clients on the network that you know absolutely require WINS for resolving names? (I'd actually have a hard time believing that, but who knows...) Other than that, not having WINS but DNS as its modern and sensible replacement in working condition should be perfectly sufficient for your day to day Samba (and other networking) needs. I've been running Samba without nmbd enabled for a few years now (with Windows XP, Windows 7 and GNU/Linux as clients) and did not run into any problems becasue of that. Grüße aus und nach Wien ;) -- with best regards: - Johannes Truschnigg ( johan...@truschnigg.info ) www: http://johannes.truschnigg.info/ phone: +43 650 2 17 xmpp: johan...@truschnigg.info Please do not bother me with HTML-email or attachments. Thank you. Johannes Truschnigg johan...@truschnigg.info schreibt: Hello again, On Tue, Aug 07, 2012 at 02:28:24PM +0200, Birgit Berger (UV Wien) wrote: thank you Johannes. no, I don't really need WINS but it was the only
Re: [Samba] samber server in openvz container - venet oder veth0?
thank you for your responses! gaiseric.van...@gmail.com schreibt: If you don't use WINS, and you are trying to log into the domain, the client will broadcast for a DC server. This normally works OK if everything is on the same LAN. If broadcast doesn't work, the using WINS helps find the DC's- since the WINS database on the WINS server includes name-to-ip entries for DC's as well as hosts. everything is on the same subnet. with WINS everything works fine as I already wrote. I just got the recommendation to not use WINS in the former answers to this thread. I'd love to hear from a guy or woman who has the same setup as I have what they do. My setup, that is samba 3.5.6 server in an openvz container (virtual machine) on a debian squeeze host system. the openvz container uses venet which means broadcasting doesn't work in venet. Do you guys use WINS too (indicate it in very windows client in TCP/IP settings?) or do you use veth instead of venet (so not to use WINS) or what do you guys and girls do? For simpler things like connecting to network shares , Windows clients can use dns to find machine names. So if you want to map a user drive (e.g. net use R: \\someserver\someshare) this should work fine with out wins. Afterall, the client is doing all the name resolution. This is supposing of course that the servers IP name and netbios name are the same. exactly. it does. however, in practice there does seem to be a server side issue.I have several samba servers and I ran into the following problem: from a VPN client, I could use net use \\server1_hostname and net use \\server2_hostname to connect to shared resources. I could NOT use net use \\server3_hostname. VPN clients did not use WINS, and NETBIOS broadcasts were blocked for VPN clients, even tho the VPN client appeared to be on the same subnet.VPN clients could resolve host names via DNS. They could even connect with net use \\server3_IP_address. Packet captures showed that the clients were in fact reaching server3_hostname but that server3 would not respond. The server should NOT be attempting to resolve the client names but, for some reason, it was. I don't use VPN, so this doesn't concern my setup. On 08/10/12 14:44, Birgit Berger (UV Wien) wrote: sorry, to bother you again. I cannot join win7 or winXP clients to my samba domain sever located on a debian server in a VE (openvz) unless I set up the server and clients to use WINS. But the recommendation is not to use WINS. openvz natively uses venet. venet makes broadcasting impossible. I guess DNS is sufficient for name-IP resolution but not for NetBios name-IP resolution (it doesn' know name types and maybe that's why it cannot find DMB and logon server?) and that's why my win7 and winXP clients cannot join the domain. So given my virtual server setup with openvz, do you rather suggest to use WINS or to set up veth so I can use normal broadcasting? Or are there other ways to do name resolution with a samba server installed in a VE container which I oversaw. I'm a newbie and netbios name resolution is hard to understand. so I would be very happy to get any suggestions from people already using samba server in an open vz container do you guys use venet or veth or do you just activate WINS? birgit === thank you Johannes. no, I don't really need WINS but it was the only way I could join clients to the domain so far. so I activated it. DNS should be available and working too. /etc/nsswitch.conf looks like this: hosts: files dns Can I use venet with samba or should I change to veth? regards, birgit Johannes Truschnigg johan...@truschnigg.info schreibt: Hi Birgit, On Tue, Aug 07, 2012 at 01:38:32PM +0200, Birgit Berger (UV Wien) wrote: I'm new to the list. hopefully my question is correctly placed here... I'd installed my samba server 3.5.6 on debian squeeze in a openvz container that uses venet. I'd love to keep it that way but I'm not sure if that is ok. Do you use samba server with venet or do I have to change to veth? I already read http://wiki.openvz.org/Differences_between_venet_and_veth and I don't want to intall shorewall in every container (VE). Also venet seems easier to administrate and is faster. I read http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html and nmblookup (chapters 4,5,6 and 10) doesn't work. This is because of venet, I suppose. Because with venet broadcasting doesn't work. But do I really need it for the Samba server or can I just use DNS (on other servers than the samba server) and WINS server (on the samba server)? Can I stick to venet or should I use veth? Do you have clients on the network that you know absolutely require WINS for resolving names? (I'd actually have a hard time believing that, but who knows...) Other than that, not having WINS but DNS as its modern and sensible replacement in working
[Samba] samba4+sssd+centos6
In need of some help here. I hope I haven't trimmed this too much. As I mentioned before, I have a CentOS 6.3 system using SSSD (only) bound to the samba4 DC as an LDAP server using the following in sssd.conf: [domain/SAMBA] ldap_default_bind_dn = CN=Administrator,CN=Users,DC=... ldap_default_authtok = supersecret ldap_default_authtok_type = password ... and everything works as expected (dns, kinit, passwd, etc are all good). Samba is not in use on the client. There are no Windows servers. To avoid the need to embded the admin password, I have proceeded as follows: * Joined the client to the domain, creating an appropriate UPN (client is using Samba 3.5.10): # kinit Administrator # net ads join domain createupn=host/client@REALM -k where client is the (short) client hostname, and REALM is of course the uppercase kerberos realm name. This succeeds. I can see the appropriate CN=client,CN=Computers,... entry appear in the DC database, and the userPrincipalName entry therein is correct. * On the DC, extract the keytab: # samba-tool domain exportkeytab client.keytab --princ=host/client@REALM and this also works. The client.keytab is transferred to the client and installed as /etc/krb5.keytab with the proper ownership and permissions. * On the client, verify the keytab: # klist -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal -- 1 host/client@REALM 1 host/client@REALM 1 host/client@REALM * On the client, change the three ldap_default_ lines to: ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/client@REALM and restart sssd. The result: nothing. I can no longer (getent passwd user) see any users or groups; basically nothing works. I get this in /var/log/messages: Aug 10 15:58:47 client sssd_be: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) and I really do not know what this is trying to tell me, as so far as I know the kerberos database is fine. Please, someone give me a clue! TIA, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NAS howto using Samba, CTDB, NFS, VSFTP on CentOS
Any thoughts or comments? http://www.ha-guru.com/ultimate-nas-howto/ Thanks, -Errol -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 13f8674 build: rename security → samba-security from 51a7154 nsswitch: add ABI checking and symbol versions to libwbclient http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 13f8674a15a30816ea7d00eed333f18bcf59e4d4 Author: Björn Jacke b...@sernet.de Date: Fri Aug 10 11:37:28 2012 +0200 build: rename security → samba-security there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023. Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104 --- Summary of changes: auth/credentials/wscript_build |2 +- auth/wscript_build |2 +- lib/ldb-samba/wscript_build|2 +- libcli/security/wscript_build |4 ++-- librpc/wscript_build |2 +- source3/wscript_build |4 ++-- source4/auth/ntlm/wscript_build|2 +- source4/auth/wscript_build |2 +- source4/dsdb/samdb/ldb_modules/wscript_build |2 +- .../dsdb/samdb/ldb_modules/wscript_build_server| 16 source4/libcli/wscript_build |6 +++--- source4/rpc_server/wscript_build |4 ++-- 12 files changed, 24 insertions(+), 24 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/wscript_build b/auth/credentials/wscript_build index 0b2aec2..06d58a7 100755 --- a/auth/credentials/wscript_build +++ b/auth/credentials/wscript_build @@ -5,7 +5,7 @@ bld.SAMBA_LIBRARY('samba-credentials', autoproto='credentials_proto.h', public_headers='credentials.h', pc_files='samba-credentials.pc', - deps='LIBCRYPTO errors events LIBCLI_AUTH security CREDENTIALS_SECRETS CREDENTIALS_KRB5', + deps='LIBCRYPTO errors events LIBCLI_AUTH samba-security CREDENTIALS_SECRETS CREDENTIALS_KRB5', vnum='0.0.1' ) diff --git a/auth/wscript_build b/auth/wscript_build index 0194815..57f1270 100644 --- a/auth/wscript_build +++ b/auth/wscript_build @@ -2,7 +2,7 @@ bld.SAMBA_LIBRARY('auth_sam_reply', source='auth_sam_reply.c', - deps='talloc security samba-util', + deps='talloc samba-security samba-util', autoproto='auth_sam_reply.h', private_library=True ) diff --git a/lib/ldb-samba/wscript_build b/lib/ldb-samba/wscript_build index b0d2dca..63ff5b1 100644 --- a/lib/ldb-samba/wscript_build +++ b/lib/ldb-samba/wscript_build @@ -8,7 +8,7 @@ bld.SAMBA_LIBRARY('ldbsamba', source='ldif_handlers.c', autoproto='ldif_handlers_proto.h', public_deps='ldb', - deps='security ndr NDR_DRSBLOBS NDR_DNSP ldbwrap samdb-common SAMDB_SCHEMA tdb pyldb-util errors', + deps='samba-security ndr NDR_DRSBLOBS NDR_DNSP ldbwrap samdb-common SAMDB_SCHEMA tdb pyldb-util errors', private_library=True ) diff --git a/libcli/security/wscript_build b/libcli/security/wscript_build index f3b654e..b529ec8 100644 --- a/libcli/security/wscript_build +++ b/libcli/security/wscript_build @@ -1,7 +1,7 @@ #!/usr/bin/env python -bld.SAMBA_LIBRARY('security', +bld.SAMBA_LIBRARY('samba-security', source='dom_sid.c display_sec.c secace.c secacl.c security_descriptor.c sddl.c privileges.c security_token.c access_check.c object_tree.c create_descriptor.c util_sid.c session.c secdesc.c', private_library=True, deps='talloc ndr NDR_SECURITY' @@ -9,6 +9,6 @@ bld.SAMBA_LIBRARY('security', bld.SAMBA_PYTHON('pysecurity', source='pysecurity.c', - deps='security pytalloc-util', + deps='samba-security pytalloc-util', realname='samba/security.so' ) diff --git a/librpc/wscript_build b/librpc/wscript_build index fbe0223..1dd755e 100644 --- a/librpc/wscript_build +++ b/librpc/wscript_build @@ -234,7 +234,7 @@ bld.SAMBA_SUBSYSTEM('NDR_LSA', bld.SAMBA_SUBSYSTEM('NDR_SECURITY', source='gen_ndr/ndr_security.c ndr/ndr_sec_helper.c', -deps='ndr security', +deps='ndr samba-security', public_headers='gen_ndr/security.h', header_path='gen_ndr' ) diff --git a/source3/wscript_build b/source3/wscript_build index 2b00a16..9c6c5aa 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -749,7 +749,7 @@ bld.SAMBA3_SUBSYSTEM('REG_API_REGF', bld.SAMBA3_LIBRARY('smbregistry',
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8defcb8 Revert s3:smbd: include smbXsrv.h before smbd/proto.h to have the smbXsrv_ structs available via 0e76bbc Revert s3:smbd: Include smbXsrv.h before vfs.h (in smbd.h) so that the smbXsrv structures are available via 2cbfdd4 Revert s3:smb: include smbXsrv.h before vfs.h via 205185e s3:smbXsrv.idl: remove smbXsrv_*0 defines via 2b41f37 s3:param: fix compiler warnings with FN_GLOBAL_CONST_STRING() from 13f8674 build: rename security → samba-security http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8defcb8bd1292376c2c00f1d432fe751c207f872 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 10 11:58:39 2012 +0200 Revert s3:smbd: include smbXsrv.h before smbd/proto.h to have the smbXsrv_ structs available This reverts commit 98ccca8dca70b87d04a93c8ef5232a071ab7c2af. Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Aug 10 17:35:38 CEST 2012 on sn-devel-104 commit 0e76bbc520b0052f1fed6bbd17fe8737249e8e68 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 10 11:56:21 2012 +0200 Revert s3:smbd: Include smbXsrv.h before vfs.h (in smbd.h) so that the smbXsrv structures are available This reverts commit e332bfaff51e54638bd37cd1fe08e57608e16e86. commit 2cbfdd433e208a53bc8d8b959fbe23303fc60492 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 10 11:58:28 2012 +0200 Revert s3:smb: include smbXsrv.h before vfs.h This reverts commit db0c233624e633b3cc1a6e0e44dccc09aaa121f2. commit 205185e88c8724e672675f893b386a57f2b8547d Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 10 11:55:13 2012 +0200 s3:smbXsrv.idl: remove smbXsrv_*0 defines This makes ctags more usable. metze commit 2b41f3702fd7f46696bf6eaf96ad1a58b797ec07 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 10 12:05:15 2012 +0200 s3:param: fix compiler warnings with FN_GLOBAL_CONST_STRING() metze --- Summary of changes: source3/include/smb.h |6 --- source3/librpc/idl/smbXsrv.idl | 84 source3/param/loadparm.c |2 +- source3/smbd/smbd.h|1 - 4 files changed, 43 insertions(+), 50 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/smb.h b/source3/include/smb.h index c6e6fb3..2aa2ab3 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -154,12 +154,6 @@ struct sys_notify_context { /* Include VFS stuff */ #include smb_acls.h -/* - * smbXsrv.h: currently needed for vfs.h, as long as - * the smbXsrv structures are still referenced as a - * backling from files_struct and connection_struct. - */ -#include librpc/gen_ndr/smbXsrv.h #include vfs.h struct current_user { diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl index 9111b3d..b3f2250 100644 --- a/source3/librpc/idl/smbXsrv.idl +++ b/source3/librpc/idl/smbXsrv.idl @@ -4,42 +4,6 @@ import server_id.idl; import security.idl; import auth.idl; -/* - * The main server code should just work with - * 'struct smbXsrv_session' and never use - * smbXsrv_session0, smbXsrv_sessionU - * and smbXsrv_sessionB directly. - * - * If we need to change the smbXsrv_session, - * we can just point it to smbXsrv_session1 - * and could implement transparent mapping. - */ -cpp_quote(#define smbXsrv_session smbXsrv_session0) - -/* - * The main server code should just work with - * 'struct smbXsrv_tcon' and never use - * smbXsrv_tcon0, smbXsrv_tconU - * and smbXsrv_tconB directly. - * - * If we need to change the smbXsrv_tcon, - * we can just point it to smbXsrv_tcon1 - * and could implement transparent mapping. - */ -cpp_quote(#define smbXsrv_tcon smbXsrv_tcon0) - -/* - * The main server code should just work with - * 'struct smbXsrv_open' and never use - * smbXsrv_open0, smbXsrv_openU - * and smbXsrv_openB directly. - * - * If we need to change the smbXsrv_open, - * we can just point it to smbXsrv_open1 - * and could implement transparent mapping. - */ -cpp_quote(#define smbXsrv_open smbXsrv_open0) - [ uuid(07408340-ae31-11e1-97dc-539f7fddc06f), version(0.0), @@ -161,6 +125,18 @@ interface smbXsrv [in] smbXsrv_session_globalB blob ); + /* +* The main server code should just work with +* 'struct smbXsrv_session' and never use +* smbXsrv_session0, smbXsrv_sessionU +* and smbXsrv_sessionB directly. +* +* If we need to change the smbXsrv_session, +* we can just rename smbXsrv_session +* to smbXsrv_session0 and add a new +* smbXsrv_session for version 1 +* and could implement transparent mapping. +*/ typedef struct {
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1f50b6c tdb/test: fix build on OSF/1 from 8defcb8 Revert s3:smbd: include smbXsrv.h before smbd/proto.h to have the smbXsrv_ structs available http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1f50b6c3aefe9a7ac64641b1e9c23e014459647f Author: Björn Jacke b...@sernet.de Date: Fri Aug 10 21:50:22 2012 +0200 tdb/test: fix build on OSF/1 Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Fri Aug 10 23:33:20 CEST 2012 on sn-devel-104 --- Summary of changes: lib/tdb/test/lock-tracking.c | 30 +++--- 1 files changed, 15 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tdb/test/lock-tracking.c b/lib/tdb/test/lock-tracking.c index b6f1cc2..90a07f8 100644 --- a/lib/tdb/test/lock-tracking.c +++ b/lib/tdb/test/lock-tracking.c @@ -7,13 +7,13 @@ #include tap-interface.h #include lock-tracking.h -struct lock { - struct lock *next; +struct testlock { + struct testlock *next; unsigned int off; unsigned int len; int type; }; -static struct lock *locks; +static struct testlock *testlocks; int locking_errors = 0; bool suppress_lockcheck = false; bool nonblocking_locks; @@ -52,10 +52,10 @@ int fcntl_with_lockcheck(int fd, int cmd, ... /* arg */ ) } if (fl-l_type == F_UNLCK) { - struct lock **l; - struct lock *old = NULL; + struct testlock **l; + struct testlock *old = NULL; - for (l = locks; *l; l = (*l)-next) { + for (l = testlocks; *l; l = (*l)-next) { if ((*l)-off == fl-l_start (*l)-len == fl-l_len) { if (ret == 0) { @@ -72,13 +72,13 @@ int fcntl_with_lockcheck(int fd, int cmd, ... /* arg */ ) locking_errors++; } } else { - struct lock *new, *i; + struct testlock *new, *i; unsigned int fl_end = fl-l_start + fl-l_len; if (fl-l_len == 0) fl_end = (unsigned int)-1; /* Check for overlaps: we shouldn't do this. */ - for (i = locks; i; i = i-next) { + for (i = testlocks; i; i = i-next) { unsigned int i_end = i-off + i-len; if (i-len == 0) i_end = (unsigned int)-1; @@ -110,7 +110,7 @@ int fcntl_with_lockcheck(int fd, int cmd, ... /* arg */ ) goto done; } if (!suppress_lockcheck) { - diag(%s lock %u@%u overlaps %u@%u, + diag(%s testlock %u@%u overlaps %u@%u, fl-l_type == F_WRLCK ? write : read, (int)fl-l_len, (int)fl-l_start, i-len, (int)i-off); @@ -123,8 +123,8 @@ int fcntl_with_lockcheck(int fd, int cmd, ... /* arg */ ) new-off = fl-l_start; new-len = fl-l_len; new-type = fl-l_type; - new-next = locks; - locks = new; + new-next = testlocks; + testlocks = new; } } done: @@ -136,10 +136,10 @@ done: unsigned int forget_locking(void) { unsigned int num = 0; - while (locks) { - struct lock *next = locks-next; - free(locks); - locks = next; + while (testlocks) { + struct testlock *next = testlocks-next; + free(testlocks); + testlocks = next; num++; } return num; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f36e28d s3-nfs4acls: Remove lookup_sid and sidmap from NFSv4 ACL mapping and check gid first via c991ac0 s3-smbd: Merge ACE entries based on mapped UID/GID not SID via d3188a0 s3-smbd: Convert posix_acls.c to use struct unixid internally via 1c3c5e2 s3-smbd: Create a shortcut for building the token of a user by SID for posix_acls via d7515b6 torture: Reproducer for 64c0367 from 1f50b6c tdb/test: fix build on OSF/1 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f36e28d1316bc0bd210933bbdb77241376fe3500 Author: Andrew Bartlett abart...@samba.org Date: Mon May 7 08:48:24 2012 +1000 s3-nfs4acls: Remove lookup_sid and sidmap from NFSv4 ACL mapping and check gid first By checking just the IDMAP, and by removing the sidmap and lookup_sid calls, we support IDMAP_BOTH. This is because by checking for a mapping to a GID first, we can rely on the fact that IDMAP_BOTH will resolve to a GID. If the sidmap idea is valued - it allows multiple SIDs to map to a single unix ID, this should be done in the IDMAP layer. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Sat Aug 11 01:17:36 CEST 2012 on sn-devel-104 commit c991ac0ebf13bf7832b33dffca388f6f14755fbb Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 12:11:50 2012 +1000 s3-smbd: Merge ACE entries based on mapped UID/GID not SID As the test for a valid posix ACL is based on the unix uid/gid only appearing once in the ACL the merge process also needs to be UID/GID based. This is a problem when we have multiple builtin groups mapped to the same POSIX group as happens in a Samba4 provision. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org commit d3188a0480e067ecd8c7ac65ebd9dfc5f2132b41 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 7 12:02:49 2012 +1000 s3-smbd: Convert posix_acls.c to use struct unixid internally This is consistent with the rest of Samba which uses this structure to represent a unix uid or gid. World values remain represented by the owner_type being WORLD_ACE in the containing structure. A -1 value is filled in to the unixid.id in the same way the .world value was initialised in the union. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org commit 1c3c5e2156d9096f60bd53a96b88c2f1001d898a Author: Andrew Bartlett abart...@samba.org Date: Thu May 10 09:19:46 2012 +1000 s3-smbd: Create a shortcut for building the token of a user by SID for posix_acls When a user owns a file, but does not have specific permissions on that file, we need to make up the user permissions. This change ensures that the first thing that we do is to look up the SID, and confirm it is a user. Then, we avoid the getpwnam() and directly create the token via the SID. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org commit d7515b6a8886b282995a2ed433db92835783c393 Author: Volker Lendecke v...@samba.org Date: Tue Aug 7 17:12:19 2012 +0200 torture: Reproducer for 64c0367 Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/auth/proto.h|1 + source3/auth/token_util.c | 189 --- source3/modules/nfs4_acls.c | 128 +++-- source3/smbd/posix_acls.c | 149 ++ source4/torture/raw/lock.c | 20 + 5 files changed, 254 insertions(+), 233 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/proto.h b/source3/auth/proto.h index e2f5a57..5b229f9 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -204,6 +204,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, char **found_username, struct security_token **token); bool user_in_group_sid(const char *username, const struct dom_sid *group_sid); +bool user_sid_in_group_sid(const struct dom_sid *sid, const struct dom_sid *group_sid); bool user_in_group(const char *username, const char *groupname); struct passwd; NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 59295fd..aad34cb 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -536,11 +536,7 @@ void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid, } /* - * Create an artificial NT token given just a username. (Initially intended - * for