Hello,
today few people of our IT staff are admin users in smb.conf. This is a
dangerous situation, on the other side, they must be able to do things normal
users can not. Because we use win98 on the clients it is not possible to switch
user at runtime like its possible to do with Xp.
What
On Tue, 1 Oct 2002, Eric Lorimer wrote:
I don't have a problem if someone wants to include this in
examples/VFS. I'll try to keep the web site updated as often
as possible, though.
Eric,
I would rather keep it at your site for the simple reason of
maintaince. I did however place a copy
On Tue, 1 Oct 2002, Eddie Lania wrote:
Does somebody knows what is causing this problem?
[2002/10/01 09:32:28, 1, effective(500, 500), real(0, 0)]
smbd/ipc.c:api_fd_reply(284)
api_fd_reply: INVALID PIPE HANDLE: 76e3
[2002/10/01 09:32:30, 1, effective(500, 500), real(0, 0)]
Gerald Carter wrote:
On Tue, 1 Oct 2002, Eddie Lania wrote:
Like I've said, I'm not a developer, but maybe the multiple domain
support parameter could be extended with the backend method? Like this:
multiple domain support = DOMA:backendA, DOMB:backendB, etc
Can someone please
On Wed, Oct 02, 2002 at 09:19:47AM -0500, Gerald Carter wrote about 'Re: [PATCH] sam
backend parameter':
On Tue, 1 Oct 2002, Eddie Lania wrote:
Like I've said, I'm not a developer, but maybe the multiple domain
support parameter could be extended with the backend method? Like this:
I can't get smbd to bind with the LDAP server to authenticate.
Configured using the following:
./configure --prefix=/usr --localstatedir=/var
--with-configdir=/etc/samba --with-fhs --with-swatdir=/usr/share/swat
--enable-cups --with-pam --with-pam_smbpass --with-ldapsam --with-syslog
On Thu, Oct 03, 2002 at 12:30:30AM +1000, Andrew Bartlett wrote:
Gerald Carter wrote:
On Tue, 1 Oct 2002, Eddie Lania wrote:
Like I've said, I'm not a developer, but maybe the multiple domain
support parameter could be extended with the backend method? Like this:
multiple
Gerald Carter wrote:
On Wed, 2 Oct 2002, Andrew Bartlett wrote:
This seems like a lot of duplication of code and can lead to
There's a bug in SAM1 but not SAM2. If the access checks
will always be the same, why push them into the SAM module and
force each write to cut-n-paste
Greetings!
We just recently upgraded from Samba 2.2.3a to 2.999+3.0cvs20 and are
having a few problems. The domain admin group that used to work in
the previous version no longer does. According to the docs
smb.conf.5.html the command is still there and still active. Obviously
I have missed
I think I've found a bug in the smbclient program in 2.2.5. Smbclient
hard-codes the name_type to 0x20 (File Server) for all netbios queries,
but calling 'smbclient -M machine' should use a name_type of 0x03
(Messenger) instead.
When sending a message to a machine, it is not necessary for the
- what is all the context thing needed for?
Sometimes we need multiple contexts. For example, when doing sam2sam.
Please notice that passdb has this as well...
Jelmer
--
Jelmer Vernooij [EMAIL PROTECTED] - http://nl.linux.org/~jelmer/
Development And Underdevelopment:
Maybe this one is set improperly?
SE_DACL_AUTO_INHERITED
Well, the 2k client tries to set it, but we don't honor it, and when he
queries, it's not set. He tries to set it to an NT server, also...but
somehow he realizes that it doesn't get set and changes all the acls to
match, rather than
Yep. Exactly what I've observed and exactly as documented by MS.
He tries to set it to an NT server, also...but
somehow he realizes that it doesn't get set and changes all the acls to
match, rather than relying on inheritance.
Because the client knows that NT4 servers don't do acl inheritence
On Wed, 2 Oct 2002, Eric Lee Steadle wrote:
Yep. Exactly what I've observed and exactly as documented by MS.
He tries to set it to an NT server, also...but
somehow he realizes that it doesn't get set and changes all the acls to
match, rather than relying on inheritance.
Because the
On Wed, Oct 02, 2002 at 03:05:52PM -0400, Eric Lee Steadle wrote:
Yep. Exactly what I've observed and exactly as documented by MS.
He tries to set it to an NT server, also...but
somehow he realizes that it doesn't get set and changes all the acls to
match, rather than relying on
Because the client knows that NT4 servers don't do acl inheritence
propogation
for him, but 2k servers do. This behavior is documented pretty well in
Keith
Yeah, I figured as much...but how do we make him realize WE don't do acl
inheritance propogation?
Jim
Ok - so how does the W2K client know it's talking to a W2K or NT
server ? Any idea what criteria a W2K client uses to check ?
Well, I'm pretty sure it (the client) checks for one or more w2k specific
flags: SE_DACL_AUTO_INHERITED, or perhaps SE_DACL_PROTECTED. Jim said that the
client sets the
On Wed, Oct 02, 2002 at 04:05:45PM -0400, Eric Lee Steadle wrote:
Ok - so how does the W2K client know it's talking to a W2K or NT
server ? Any idea what criteria a W2K client uses to check ?
Well, I'm pretty sure it (the client) checks for one or more w2k specific
flags:
On Wed, Oct 02, 2002 at 09:26:08AM -0700, Andrew Morgan wrote:
I think I've found a bug in the smbclient program in 2.2.5. Smbclient
hard-codes the name_type to 0x20 (File Server) for all netbios queries,
but calling 'smbclient -M machine' should use a name_type of 0x03
(Messenger)
On Wed, 2 Oct 2002, Andrew Bartlett wrote:
Gerald Carter wrote:
On Wed, 2 Oct 2002, Andrew Bartlett wrote:
This seems like a lot of duplication of code and can lead to
There's a bug in SAM1 but not SAM2. If the access checks
will always be the same, why push them into the
Works here. Thanks for the quick response!
Will this make it into the 2.2.6 release?
Andy
On Wed, 2 Oct 2002 [EMAIL PROTECTED] wrote:
On Wed, Oct 02, 2002 at 09:26:08AM -0700, Andrew Morgan wrote:
I think I've found a bug in the smbclient program in 2.2.5. Smbclient
On Wed, Oct 02, 2002 at 02:23:04PM -0700, Andrew Morgan wrote:
Works here. Thanks for the quick response!
Will this make it into the 2.2.6 release?
Already did :-).
Thanks,
Jeremy.
I think he would win the quarter :-) Never setting those bits is exactly
what tells the client that we're using NT4 style inheritance. See my NT
security semantics patch which set these bits when appropriate.
--Matt
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Gerald Carter wrote:
On Wed, 2 Oct 2002 [EMAIL PROTECTED] wrote:
The other cases for 'multiple domain' support involve the way these
users are reflected back into unix by winbindd, which might be running
on a system that has multiple, independent smbd instances on separate
IPs.
On Tue, Oct 01, 2002 at 04:36:18PM -0400, Jim McDonough wrote:
Setting ACLs from an NT4 client, checking the box that says reset
permission on child objects, everything seems to work fine. I'm using
current SAMBA_2_2.
Using a 2k client, that same checkbox is named reset permissions on all
Simo Sorce wrote:
Plus I have some questions about the current sam interface:
- what is all the context thing needed for?
I don't like global variables, and this allows us to construct seperate
contexts for operations like sam2sam, and testing, without fiddiling
with global variables.
-
Using a 2k client, that same checkbox is named reset permissions on all
child objects and enable propagation of inheritable permissions, and it
causes the following behavior: for each file/dir in a tree, it
propagates
the current permissions from parent to the child (so far so good), but
it
Perhaps I should clear up the access pattern. On 2k-samba acl sets, If
the tree looks like this:
/a/b/c/d/e (where e is a file, the rest are dirs)
a set on /a which says reset child permissions... generates set_secdescs
like this:
/a/b/c/d/e
/a/b/c/d/e
/a/b/c/d
/a/b/c/d/e
/a/b/c/d
/a/b/c
Jean Francois Micouleau wrote:
It's getting clear that you are reinventing something we already have.
All your SAM api is simply the SAMR server pipe code. Why do you want to
implement a new api as we already have one ?
I have a history of doing this - and I intend to continue...
It could
On Thu, Oct 03, 2002 at 12:16:53AM +0200, Simo Sorce wrote about 'Re: [PATCH] sam
backend parameter':
yes a thing I'm not sure has ever been a good idea.
to be able to have sam2sam that is really read a backend + store all
info into another backend we may take several ways.
We never need
Simo Sorce wrote:
Multi domain DC is never going to happen in samba, it just doesn't make
sense, as the protocols used (eg. SMB) will not be able to support such
thing, so please let's stop to talk about multi-DC samba.
I'm not so sure on this one.
Some parts of the protocol might need to
31 matches
Mail list logo
