Re: [Samba] samba 3.2 breaks ppp winbind plugin
On Thu, Jul 31, 2008 at 10:47:03PM +0200, Pim Zandbergen wrote:
I will apply it and let you know.
It does not solve the problem.
Günther Deschner fixed the same bug for winbind with
fef58091408. Maybe you just try the current git code? Or
also apply the attached patch?
Thanks for testing,
Volker
From fef58091408cce0d7870c86f28f78cf9400cf2b6 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?G=C3=BCnther=20Deschner?= [EMAIL PROTECTED]
Date: Wed, 30 Jul 2008 19:03:13 +0200
Subject: [PATCH] rpc_client: Bug 5616 - fix session keys also in rpccli_netr_LogonSamLogonEx wrapper.
Guenther
---
source/rpc_client/cli_netlogon.c | 15 ++-
1 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c
index e96d724..df87ed1 100644
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -453,8 +453,6 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
union netr_Validation validation;
struct netr_ChallengeResponse lm;
struct netr_ChallengeResponse nt;
- struct netr_UserSessionKey user_session_key;
- struct netr_LMSessionKey lmsesskey;
uint32_t flags = 0;
*info3 = NULL;
@@ -526,15 +524,14 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
return result;
}
- user_session_key = validation.sam3-base.key;
- lmsesskey = validation.sam3-base.LMSessKey;
-
- if (memcmp(zeros, user_session_key.key, 16) != 0) {
- SamOEMhash(user_session_key.key, cli-dc-sess_key, 16);
+ if (memcmp(zeros, validation.sam3-base.key.key, 16) != 0) {
+ SamOEMhash(validation.sam3-base.key.key,
+ cli-dc-sess_key, 16);
}
- if (memcmp(zeros, lmsesskey.key, 8) != 0) {
- SamOEMhash(lmsesskey.key, cli-dc-sess_key, 8);
+ if (memcmp(zeros, validation.sam3-base.LMSessKey.key, 8) != 0) {
+ SamOEMhash(validation.sam3-base.LMSessKey.key,
+ cli-dc-sess_key, 8);
}
*info3 = validation.sam3;
--
1.5.5
pgpIn8otqKUA1.pgp
Description: PGP signature
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.0: Unable make document Help
John, On Thu, Jul 31, 2008 at 10:18:45AM -0500, John H Terpstra wrote: ! LaTeX Error: File `ragged2e.sty' not found. That is another problem. Did you run 'mktexlsr' after installing dblatex? Karolin -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE pgpBfxxPpntm9.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Connection reset by peer
hi all i'm getting reports from our users that copying files to/from location on our samba server results in a error... * **read_data: read failure for 4 bytes to client 192.168.0.5 Error = Connection reset by peer* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connection reset by peer
What error message do your users get? The error message you mentioned can be ignored. Sometimes I get the same message, but I have no problems with copying files or logging in to my domain. Please attach your smb.conf file, so that we can see where the problem is and not just guess, what the problem can be. Regards Gergely Kiss -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA Login and Unrelated Failures
I'm having trouble with the access: net -S localhost -U% rpc rights list accounts BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege So, there's several features available to the build in Administrators group. Are you saying this line in the smb.conf adds that status to a given user: admin users = myuser as in: admin users = bobtheadminguy tail -f /var/log/samba/log.wb-BUILTIN [2008/08/01 01:43:00, 1] nsswitch/winbindd_util.c:trustdom_recv(230) Could not receive trustdoms [2008/08/01 01:54:39, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(181) async_request_timeout_handler: child pid 4520 is not responding. Closing connection to it. [2008/08/01 01:54:39, 1] nsswitch/winbindd_util.c:trustdom_recv(230) Could not receive trustdoms [2008/08/01 02:16:31, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(181) async_request_timeout_handler: child pid 4766 is not responding. Closing connection to it. [2008/08/01 02:16:31, 1] nsswitch/winbindd_util.c:trustdom_recv(230) Could not receive trustdoms Upon deeper investigation, I'm seeing other errors. Here's it appears I've got a failure in winbind. I don't know what it's complaining about specifically, but obviously something isn't configured correctly. Here's my config: [global] workgroup = MYGROUP server string = Samba Server netbios name = THEBOX security = user hosts allow = 192.168.1. 192.168.2. 127. 10.10.10. log file = /var/log/samba/log.%m max log size = 50 passdb backend = tdbsam local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes wins support = yes hide unreadable = yes hide dot files = yes ; dns proxy = no nt acl support = yes inherit acls = yes ;map acl inherit = yes ; enable privileges = yes admin users = adminuser Opinions welcome. Right now, I can't seem to add a system as a trusted machine, and it gives me the error that it can't find the name. I assume this meant the user name I added on the line [admin users = adminuser]. Windows XP Pro just waits a bit and says it can't find the user -- like the user I've logged in with doesn't exist. BTW, as long as I'm not trying to add the machine to the domain, I can view the share through Network Neiborhood. It even asks for a u/p and logs me in. I've not yet been able to test adding/removing files. -- Jason A. Nunnelley JasonN.com is my website - all opinions expressed were mine at some point. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Using LDAP, no PDC/BDC, for multiple samba servers
Hi Is it possible to use single LDAP server and multiple samba servers? The problem I'm having now is Each server thinks their host name is their LDAP domain name, or sambaDomainName, and complain the user's SID is different so can't authenticate. How do I make samba servers use one domain name and SID? LDAP domain name is DOMSMB dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com sambaSID: S-1-5-21-2479917030-3150298425-213194246 And samba server created a new domain after its hostname. dn: sambaDomainName=SRV6,dc=my-domain,dc=com sambaSID: S-1-5-21-4202146032-850913369-3381557932 And complain user's SID is different from its SID. Thanks, Soohoon. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Vista
Hallo, Steve, Du (zephod) meintest am 31.07.08: I'm trying to use smbclient to look at a Vista box but I keep getting: # smbclient -L user-pc -U Kellie Password: Kellie's password session setup failed: NT_STATUS_LOGON_FAILURE http://arktur.de/FAQ/28_120_de.html may help. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connection reset by peer
Hallo, Sam, Du (persip) meintest am 01.08.08: i'm getting reports from our users that copying files to/from location on our samba server results in a error... * **read_data: read failure for 4 bytes to client 192.168.0.5 Error = Connection reset by peer* When does this happen? Most times (or ever) I find this message when the user shuts down his (Windows) machine. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using LDAP, no PDC/BDC, for multiple samba servers
are you using security = user or security = domain on your multiple servers? Soohoon Lee wrote: Hi Is it possible to use single LDAP server and multiple samba servers? The problem I'm having now is Each server thinks their host name is their LDAP domain name, or sambaDomainName, and complain the user's SID is different so can't authenticate. How do I make samba servers use one domain name and SID? LDAP domain name is DOMSMB dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com sambaSID: S-1-5-21-2479917030-3150298425-213194246 And samba server created a new domain after its hostname. dn: sambaDomainName=SRV6,dc=my-domain,dc=com sambaSID: S-1-5-21-4202146032-850913369-3381557932 And complain user's SID is different from its SID. Thanks, Soohoon. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMB share and .mdb files?
Hi. With samba 3.0.25b as part of Mac OS X 10.5.4 Server, I'm encountering issues with .mdb files: Some Windows apps use client software on local machines and one Microsoft Access database on the SMB share. Everything works fine, as long as there's only one client using the .mdb file. As soon as a second client tries to access (and write!) to the .mdb file, the clients on the Windows machines report broken network connections and crash. In Server-Admin/File-Sharing, the shares are open for SMB only, oplock and strict locking both off. No ACL, Posix permission admin r/w, group r/w, other r. (Mac-specific: Could Spotlight do harm to this? It could be disabled for this share...) smb.conf (/etc) [global] debug pid = yes log level = 1 server string = Mac OS X printcap name = cups printing = cups encrypt passwords = yes use spnego = yes passdb backend = odsam idmap domains = default idmap config default: default = yes idmap config default: backend = odsam idmap alloc backend = odsam idmap negative cache time = 5 map to guest = Bad User guest account = nobody unix charset = UTF-8-MAC display charset = UTF-8-MAC dos charset = 437 vfs objects = darwinacl,darwin_streams ; Don't become a master browser unless absolutely necessary. os level = 2 domain master = no ; For performance reasons, set the transmit buffer size ; to the maximum and enable sendfile support. max xmit = 131072 use sendfile = yes ; The darwin_streams module gives us named streams support. stream support = yes ea support = yes ; Enable locking coherency with AFP. darwin_streams:brlm = yes ; Core files are invariably disabled system-wide, but attempting to ; dump core will trigger a crash report, so we still want to try. enable core files = yes ; Configure usershares for use by the synchronize-shares tool. usershare max shares = 1000 usershare path = /var/samba/shares usershare owner only = no usershare allow guests = yes usershare allow full config = yes ; Filter inaccessible shares from the browse list. com.apple:filter shares by access = yes ; Check in with PAM to enforce SACL access policy. obey pam restrictions = yes ; Don't be trying to enforce ACLs in userspace. acl check permissions = no ; Make sure that we resolve unqualified names as NetBIOS before DNS. name resolve order = lmhosts wins bcast host ; Pull in system-wide preference settings. These are managed by ; synchronize-preferences tool. include = /var/db/smb.conf [printers] comment = All Printers path = /tmp printable = yes guest ok = no create mode = 0700 writeable = no browseable = no smb.conf (/var/db) [global] security = USER auth methods = odsam netbios name = serverg4 workgroup = ARBEITSGRUPPE realm = SERVERG4.x.INTERN dos charset = CP437 server string = serverg4 ntlm auth = yes lanman auth = yes max smbd processes = 100 log level = 1 use kerberos keytab = yes realm = SERVERG4.x.INTERN map to guest = Never domain master = no preferred master = no enable disk services = yes enable print services = yes wins support = no [homes] comment = User Home Directories browseable = no read only = no create mode = 0750 guest ok = no com.apple: show admin all volumes = no Any ideas? Thanks in advance! Best, Beste Gruesse, Hannes Gnad [EMAIL PROTECTED] Apple Distinguished Professionalhttp://www.apfelwerk.de/ * Mac OS X 10.5 Leopard - seit 26. Oktober 2007 - http://www.apple.de/ * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] can I remove all printer functions by simply add some build option?
Hi, I'm trying to transplant samba 3.2 to my mips board. I did it but smbd is too big, about 8MB, I decided to reduce the code size. I just want the file share/display funcs between my box and windows PC. The first function I want to drop is network printer. So is there a specific option to drop all printer code? It seems to take quite a lot of time to let me comment out things I don't need. BTW, any suggestions to lose the code size according to my feature reqirement is welcome. I tried -Os and strip things, it seems the smallest binary size is 6.4MB, I still can't afford it... Thanks, Zhan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB share and .mdb files?
Hi, Some apps locks only parts of the files, blocking access to all users if you haven't activated oportunistic lockings (allow locking only part of a file, not the whole file) You can find more info about it in http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/locking.html#id2609918 I hope it works for you Greets, David Hi. With samba 3.0.25b as part of Mac OS X 10.5.4 Server, I'm encountering issues with .mdb files: Some Windows apps use client software on local machines and one Microsoft Access database on the SMB share. Everything works fine, as long as there's only one client using the .mdb file. As soon as a second client tries to access (and write!) to the .mdb file, the clients on the Windows machines report broken network connections and crash. In Server-Admin/File-Sharing, the shares are open for SMB only, oplock and strict locking both off. No ACL, Posix permission admin r/w, group r/w, other r. (Mac-specific: Could Spotlight do harm to this? It could be disabled for this share...) smb.conf (/etc) [global] debug pid = yes log level = 1 server string = Mac OS X printcap name = cups printing = cups encrypt passwords = yes use spnego = yes passdb backend = odsam idmap domains = default idmap config default: default = yes idmap config default: backend = odsam idmap alloc backend = odsam idmap negative cache time = 5 map to guest = Bad User guest account = nobody unix charset = UTF-8-MAC display charset = UTF-8-MAC dos charset = 437 vfs objects = darwinacl,darwin_streams ; Don't become a master browser unless absolutely necessary. os level = 2 domain master = no ; For performance reasons, set the transmit buffer size ; to the maximum and enable sendfile support. max xmit = 131072 use sendfile = yes ; The darwin_streams module gives us named streams support. stream support = yes ea support = yes ; Enable locking coherency with AFP. darwin_streams:brlm = yes ; Core files are invariably disabled system-wide, but attempting to ; dump core will trigger a crash report, so we still want to try. enable core files = yes ; Configure usershares for use by the synchronize-shares tool. usershare max shares = 1000 usershare path = /var/samba/shares usershare owner only = no usershare allow guests = yes usershare allow full config = yes ; Filter inaccessible shares from the browse list. com.apple:filter shares by access = yes ; Check in with PAM to enforce SACL access policy. obey pam restrictions = yes ; Don't be trying to enforce ACLs in userspace. acl check permissions = no ; Make sure that we resolve unqualified names as NetBIOS before DNS. name resolve order = lmhosts wins bcast host ; Pull in system-wide preference settings. These are managed by ; synchronize-preferences tool. include = /var/db/smb.conf [printers] comment = All Printers path = /tmp printable = yes guest ok = no create mode = 0700 writeable = no browseable = no smb.conf (/var/db) [global] security = USER auth methods = odsam netbios name = serverg4 workgroup = ARBEITSGRUPPE realm = SERVERG4.x.INTERN dos charset = CP437 server string = serverg4 ntlm auth = yes lanman auth = yes max smbd processes = 100 log level = 1 use kerberos keytab = yes realm = SERVERG4.x.INTERN map to guest = Never domain master = no preferred master = no enable disk services = yes enable print services = yes wins support = no [homes] comment = User Home Directories browseable = no read only = no create mode = 0750 guest ok = no com.apple: show admin all volumes = no Any ideas? Thanks in advance! Best, Beste Gruesse, Hannes Gnad [EMAIL PROTECTED] Apple Distinguished Professionalhttp://www.apfelwerk.de/ * Mac OS X 10.5 Leopard - seit 26. Oktober 2007 - http://www.apple.de/ * -- David Ferreira Dpto. de sistemas - I Z A N E T - GLOBAL SERVICES S.L. web: _http://www.izanet.com_ 3D%22http://www.izanet.com/%22 Direcciónes: Argualas nº 3 (Planta calle) - 50.012 Zaragoza Teléfono: 902 999 065 y 976 306 752 - Fax 976 306 753 -- *DISCLAIMER: *Este mensaje se dirige exclusivamente a su destinatario y puede contener informacion privilegiada o confidencial. Si no es vd. el destinatario indicado, queda notificado de que la utilizacion, divulgacion y/o copia sin autorizacion esta prohibida en virtud de la legislacion vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma via y proceda a su
Re: [Samba] Using LDAP, no PDC/BDC, for multiple samba servers
Adam Williams wrote: are you using security = user or security = domain on your multiple servers? Soohoon Lee wrote: Hi Is it possible to use single LDAP server and multiple samba servers? The problem I'm having now is Each server thinks their host name is their LDAP domain name, or sambaDomainName, and complain the user's SID is different so can't authenticate. How do I make samba servers use one domain name and SID? LDAP domain name is DOMSMB dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com sambaSID: S-1-5-21-2479917030-3150298425-213194246 And samba server created a new domain after its hostname. dn: sambaDomainName=SRV6,dc=my-domain,dc=com sambaSID: S-1-5-21-4202146032-850913369-3381557932 And complain user's SID is different from its SID. Thanks, Soohoon. We have student domain and staff domain and one LDAP server. We wanted staff members to log onto student domain. So we considered two options: 1. Interdomain trust relationship (http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html) However this option was not good for us as we didn't want to open up the firewall and we wanted staff members to get the proper student experience (i.e. home dirs and profiles on the student server). So that brought us to the second option: 2. ldap translucent proxy overlay (http://linux.die.net/man/5/slapo-translucent) In this setting we override sids (i.e. domain sid part of the staff domain is substituted with student domain portion of the sid) for users and groups and point samba to the overlay. Bear in mind that all of the changes make by samba like machine passwords, user passwords, idmap mappings etc will go no further than the proxy so great care must be taken in LDAP setups that use referrals. Now the most important question is what do you use you two domains for? HTH Lukasz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using LDAP, no PDC/BDC, for multiple samba servers
Lukasz Zalewski wrote: Adam Williams wrote: are you using security = user or security = domain on your multiple servers? Soohoon Lee wrote: Hi Is it possible to use single LDAP server and multiple samba servers? The problem I'm having now is Each server thinks their host name is their LDAP domain name, or sambaDomainName, and complain the user's SID is different so can't authenticate. How do I make samba servers use one domain name and SID? LDAP domain name is DOMSMB dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com sambaSID: S-1-5-21-2479917030-3150298425-213194246 And samba server created a new domain after its hostname. dn: sambaDomainName=SRV6,dc=my-domain,dc=com sambaSID: S-1-5-21-4202146032-850913369-3381557932 And complain user's SID is different from its SID. Thanks, Soohoon. We have student domain and staff domain and one LDAP server. We wanted staff members to log onto student domain. So we considered two options: 1. Interdomain trust relationship (http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html) However this option was not good for us as we didn't want to open up the firewall and we wanted staff members to get the proper student experience (i.e. home dirs and profiles on the student server). So that brought us to the second option: 2. ldap translucent proxy overlay (http://linux.die.net/man/5/slapo-translucent) In this setting we override sids (i.e. domain sid part of the staff domain is substituted with student domain portion of the sid) for users and groups and point samba to the overlay. Bear in mind that all of the changes make by samba like machine passwords, user passwords, idmap mappings etc will go no further than the proxy so great care must be taken in LDAP setups that use referrals. Now the most important question is what do you use you two domains for? HTH Lukasz Ah sorry I didn't read the Subject line properly you do not want PDC. As Andy pointed out maybe you should have one of the servers as a domain member of the other domain Lukasz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.0: Unable make document Help
On Friday 01 August 2008 01:32:19 Karolin Seeger wrote: John, On Thu, Jul 31, 2008 at 10:18:45AM -0500, John H Terpstra wrote: ! LaTeX Error: File `ragged2e.sty' not found. That is another problem. Did you run 'mktexlsr' after installing dblatex? Yes. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Vista
Helmut Hullen [EMAIL PROTECTED] wrote: Hallo, Steve, Du (zephod) meintest am 31.07.08: I'm trying to use smbclient to look at a Vista box but I keep getting: # smbclient -L user-pc -U Kellie Password: Kellie's password session setup failed: NT_STATUS_LOGON_FAILURE http://arktur.de/FAQ/28_120_de.html may help. Thanks Helmut. Google doesn't do a great job of translating the German but I think it's good enough for me to try a couple of things tonight. I'm suprised there isn't more information on the web about this. Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Vista
The change I made in my vista boxes is: Start-Run-secpol.mscENTER Local Policies-Security Options set to: Network Security: LAN Manager authentication level-Send LM NTLM - use NTLMv2 session security if negotiated OK File-Exit Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using LDAP, no PDC/BDC, for multiple samba servers
Thanks all This is my smb.conf [global] dos charset = UTF-8 workgroup = DOMSMB security = user allow trusted domains = No password server = NULL passdb backend = ldapsam:ldap://10.17.124.190/ max log size = 50 load printers = No stat cache = No os level = 10 dns proxy = No ldap suffix = dc=my-domain,dc=com ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap ssl = no And I like to make multiple samba servers to share single LDAP server without using domain controller feature. I'm getting feeling that pure LDAP server is for single samba server or the LDAP server should have samba DC to serve multiple samba servers? Thanks, Soohoon. On Fri, Aug 1, 2008 at 7:02 AM, Lukasz Zalewski [EMAIL PROTECTED]wrote: Lukasz Zalewski wrote: Adam Williams wrote: are you using security = user or security = domain on your multiple servers? Soohoon Lee wrote: Hi Is it possible to use single LDAP server and multiple samba servers? The problem I'm having now is Each server thinks their host name is their LDAP domain name, or sambaDomainName, and complain the user's SID is different so can't authenticate. How do I make samba servers use one domain name and SID? LDAP domain name is DOMSMB dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com sambaSID: S-1-5-21-2479917030-3150298425-213194246 And samba server created a new domain after its hostname. dn: sambaDomainName=SRV6,dc=my-domain,dc=com sambaSID: S-1-5-21-4202146032-850913369-3381557932 And complain user's SID is different from its SID. Thanks, Soohoon. We have student domain and staff domain and one LDAP server. We wanted staff members to log onto student domain. So we considered two options: 1. Interdomain trust relationship ( http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html) However this option was not good for us as we didn't want to open up the firewall and we wanted staff members to get the proper student experience (i.e. home dirs and profiles on the student server). So that brought us to the second option: 2. ldap translucent proxy overlay ( http://linux.die.net/man/5/slapo-translucent) In this setting we override sids (i.e. domain sid part of the staff domain is substituted with student domain portion of the sid) for users and groups and point samba to the overlay. Bear in mind that all of the changes make by samba like machine passwords, user passwords, idmap mappings etc will go no further than the proxy so great care must be taken in LDAP setups that use referrals. Now the most important question is what do you use you two domains for? HTH Lukasz Ah sorry I didn't read the Subject line properly you do not want PDC. As Andy pointed out maybe you should have one of the servers as a domain member of the other domain Lukasz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Vista
Mike Eggleston wrote: The change I made in my vista boxes is: Start-Run-secpol.mscENTER Local Policies-Security Options set to: Network Security: LAN Manager authentication level-Send LM NTLM - use NTLMv2 session security if negotiated OK File-Exit Mike If the problem is related to user authentication and the protocol used in client-server negotiation, maybe could be of some help use max protocol = LANMAN2 or max protocol = NTLM. And also try to use plain text passwords. Greetings. -- Miguel Da Silva Administrador Junior de Sistemas Unix Centro de Matemática - http://www.cmat.edu.uy Facultad de Ciencias - http://www.fcien.edu.uy Universidad de la República - http://www.rau.edu.uy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using LDAP, no PDC/BDC, for multiple samba servers
sure you can have multiple domains with all the account info in LDAP. if you really want it to work together well you'll have a PDC and BDC's though. you may be able to try samba intertrust relationships, but i've never used that Soohoon Lee wrote: Thanks all This is my smb.conf [global] dos charset = UTF-8 workgroup = DOMSMB security = user allow trusted domains = No password server = NULL passdb backend = ldapsam:ldap://10.17.124.190/ http://10.17.124.190/ max log size = 50 load printers = No stat cache = No os level = 10 dns proxy = No ldap suffix = dc=my-domain,dc=com ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap ssl = no And I like to make multiple samba servers to share single LDAP server without using domain controller feature. I'm getting feeling that pure LDAP server is for single samba server or the LDAP server should have samba DC to serve multiple samba servers? Thanks, Soohoon. On Fri, Aug 1, 2008 at 7:02 AM, Lukasz Zalewski [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Lukasz Zalewski wrote: Adam Williams wrote: are you using security = user or security = domain on your multiple servers? Soohoon Lee wrote: Hi Is it possible to use single LDAP server and multiple samba servers? The problem I'm having now is Each server thinks their host name is their LDAP domain name, or sambaDomainName, and complain the user's SID is different so can't authenticate. How do I make samba servers use one domain name and SID? LDAP domain name is DOMSMB dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com sambaSID: S-1-5-21-2479917030-3150298425-213194246 And samba server created a new domain after its hostname. dn: sambaDomainName=SRV6,dc=my-domain,dc=com sambaSID: S-1-5-21-4202146032-850913369-3381557932 And complain user's SID is different from its SID. Thanks, Soohoon. We have student domain and staff domain and one LDAP server. We wanted staff members to log onto student domain. So we considered two options: 1. Interdomain trust relationship (http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html) However this option was not good for us as we didn't want to open up the firewall and we wanted staff members to get the proper student experience (i.e. home dirs and profiles on the student server). So that brought us to the second option: 2. ldap translucent proxy overlay (http://linux.die.net/man/5/slapo-translucent) In this setting we override sids (i.e. domain sid part of the staff domain is substituted with student domain portion of the sid) for users and groups and point samba to the overlay. Bear in mind that all of the changes make by samba like machine passwords, user passwords, idmap mappings etc will go no further than the proxy so great care must be taken in LDAP setups that use referrals. Now the most important question is what do you use you two domains for? HTH Lukasz Ah sorry I didn't read the Subject line properly you do not want PDC. As Andy pointed out maybe you should have one of the servers as a domain member of the other domain Lukasz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using LDAP, no PDC/BDC, for multiple samba servers
Thanks, 'sharing LDAP server' is to share the same set of users/groups in the LDAP DB, not separate sets of users/groups for each samba servers. It looks like PDC ??? maybe what I want is more like NIS. So IIUC, to share a single set of users/groups in the LDAP server from multiple samba servers, I need LDAP and samba DC? And samba servers have to join the samba DC by net rpc join? Thanks a lot. Soohoon. On Fri, Aug 1, 2008 at 11:22 AM, Adam Williams [EMAIL PROTECTED]wrote: sure you can have multiple domains with all the account info in LDAP. if you really want it to work together well you'll have a PDC and BDC's though. you may be able to try samba intertrust relationships, but i've never used that Soohoon Lee wrote: Thanks all This is my smb.conf [global] dos charset = UTF-8 workgroup = DOMSMB security = user allow trusted domains = No password server = NULL passdb backend = ldapsam:ldap://10.17.124.190/ max log size = 50 load printers = No stat cache = No os level = 10 dns proxy = No ldap suffix = dc=my-domain,dc=com ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap ssl = no And I like to make multiple samba servers to share single LDAP server without using domain controller feature. I'm getting feeling that pure LDAP server is for single samba server or the LDAP server should have samba DC to serve multiple samba servers? Thanks, Soohoon. On Fri, Aug 1, 2008 at 7:02 AM, Lukasz Zalewski [EMAIL PROTECTED]wrote: Lukasz Zalewski wrote: Adam Williams wrote: are you using security = user or security = domain on your multiple servers? Soohoon Lee wrote: Hi Is it possible to use single LDAP server and multiple samba servers? The problem I'm having now is Each server thinks their host name is their LDAP domain name, or sambaDomainName, and complain the user's SID is different so can't authenticate. How do I make samba servers use one domain name and SID? LDAP domain name is DOMSMB dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com sambaSID: S-1-5-21-2479917030-3150298425-213194246 And samba server created a new domain after its hostname. dn: sambaDomainName=SRV6,dc=my-domain,dc=com sambaSID: S-1-5-21-4202146032-850913369-3381557932 And complain user's SID is different from its SID. Thanks, Soohoon. We have student domain and staff domain and one LDAP server. We wanted staff members to log onto student domain. So we considered two options: 1. Interdomain trust relationship ( http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html) However this option was not good for us as we didn't want to open up the firewall and we wanted staff members to get the proper student experience (i.e. home dirs and profiles on the student server). So that brought us to the second option: 2. ldap translucent proxy overlay ( http://linux.die.net/man/5/slapo-translucent) In this setting we override sids (i.e. domain sid part of the staff domain is substituted with student domain portion of the sid) for users and groups and point samba to the overlay. Bear in mind that all of the changes make by samba like machine passwords, user passwords, idmap mappings etc will go no further than the proxy so great care must be taken in LDAP setups that use referrals. Now the most important question is what do you use you two domains for? HTH Lukasz Ah sorry I didn't read the Subject line properly you do not want PDC. As Andy pointed out maybe you should have one of the servers as a domain member of the other domain Lukasz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.31 stills fails to read and write to socket.
Hi,
I recently upgraded my servers from 3.0.28 to 3.0.31 trying to solve the
winbind issue previously reported (Bug# 5551) but the issue is still
happening in my servers.
I have an ftp server (vsftpd), configured to use pam_winbind with krb5_auth
and I see some random disconnects and my users cant login. My samba servers
are member of a Windows 2003 domain.
The relevant lines on my log.wb-OTHERDOMAIN are saying that the write to the
socket failed because the connection was reset by peer, this happened also
on 3.0.28, i was hoping that 3.0.31 fix this issue.
Im including my configuration and my log files. This happens only when
pam_winbind authenticates users of other domains, sometimes it gets fixed
itself because in my krb5.conf i have configured several domain controllers
for the other domains and it changes the connections to the next server, but
sometimes it gets stuck with one failed server and all my users cant login
for a while.
Regards,
Jose Santiago Oyervides.
This is my setup:
[global]
workgroup = MYDOMAIN
netbios name = MYSERVER
security = ADS
password server = 10.X.X.1 10.X.X.2 10.X.X.3
encrypt passwords = Yes
wins server = 10.X.Y.1 10.X.Y.2
local master = no
domain master = no
preferred master = no
log level =10 passdb:10 auth:10 winbind:10 idmap:10 smb:10 acls:10
log file = /var/log/samba/%m.log
max log size = 1000
idmap uid = 1-6
idmap gid = 1-6
winbind enum users = no
winbind enum groups = no
winbind refresh tickets = true
realm = MYDOMAIN.FORREST.COM
winbind use default domain = Yes
interfaces = 127.0.0.1/255.0.0.0 10.X.X.30/255.255.240.0
template shell = /bin/bash
username map = /etc/samba/smbusers
template homedir = /home/users/%D/%U
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
name resolve order = lmhosts wins bcast
bind interfaces only = yes
load printers = No
dns proxy = No
hosts allow = 10. 127.
hosts deny = 0.0.0.0/0
smb ports = 139
My /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = SYSLOG:INFO:DAEMON
default = SYSLOG:INFO:DAEMON
admin_server = SYSLOG:INFO:DAEMON
[libdefaults]
default_realm = MYDOMAIN.FORREST.COM
dns_lookup_realm = none
dns_lookup_kdc = none
ticket_lifetime = 24h
forwardable = yes
[realms]
FORREST.COM = {
kdc=SERVER1.FORREST.COM
kdc=SERVER2.FORREST.COM
}
MYDOMAIN.FORREST.COM= {
kdc=SERVER1.MYDOMAIN.FORREST.COM
kdc=SERVER2.MYDOMAIN.FORREST.COM
)
OTHERDOMAIN.FORREST.COM= = {
kdc=SERVER1.OTHERDOMAIN.FORREST.COM
kdc=SERVER1.OTHERDOMAIN.FORREST.COM
}
[domain_realm]
.mydomain.forrest.com = MYDOMAIN.FORREST.COM
.otherdomain.forrest.com = OTHERDOMAIN.FORREST.COM
/etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
hosts: files wins dns winbind
These are the lines that I see in log.wb-ANOTERDOMAIN:
[2008/07/31 10:03:35, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache]
expiration Thu, 31 Jul 2008 20:03:28 CDT
[2008/07/31 10:03:35, 10] libsmb/clikrb5.c:ads_krb5_mk_req(624)
ads_krb5_mk_req: Ticket ([EMAIL PROTECTED]) in ccache
(MEMORY:winbind_ccache) is valid until: (Thu, 31 Jul 2008 20:03:28 CDT -
1217552608)
[2008/07/31 10:03:35, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(735)
Got KRB5 session key of length 16
[2008/07/31 10:03:35, 5]
libads/ldap_utils.c:ads_do_search_retry_internal(64)
Search for (objectclass=*) in gave 1 replies
[2008/07/31 10:03:35, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(440)
store_cache_seqnum: success [OTHERDOMAIN][646535412 @ 1217516615]
[2008/07/31 10:03:35, 10]
nsswitch/winbindd_cache.c:refresh_sequence_number(504)
refresh_sequence_number: OTHERDOMAIN seq number is now 646535412
[2008/07/31 10:03:35, 10] nsswitch/winbindd_cache.c:centry_expired(549)
centry_expired: Key U/S-1-5-21-2031228914-1097686851-784825492-55515 for
domain OTHERDOMAIN expired
[2008/07/31 10:03:35, 10] nsswitch/winbindd_cache.c:wcache_fetch(621)
wcache_fetch: entry U/S-1-5-21-2031228914-1097686851-784825492-55515
expired for domain OTHERDOMAIN
[2008/07/31 10:03:35, 10] nsswitch/winbindd_cache.c:query_user(1652)
query_user: [Cached] - doing backend query for info for domain OTHERDOMAIN
[2008/07/31 10:03:35, 3] nsswitch/winbindd_ads.c:query_user(453)
ads: query_user
[2008/07/31 10:03:35, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
ads_cached_connection
[2008/07/31 10:03:35, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
Current tickets expire in 35993 seconds (at 1217552608, time is now
1217516615)
[2008/07/31 10:03:35, 5]
libads/ldap_utils.c:ads_do_search_retry_internal(64)
Search for
(objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\F2\17\12\79\43\5F\6D\41\94\7C\C7\2E\DB\D8\00\00)
in
Re: [Samba] New samba feature or new FF feature?
On Thu, Jul 31, 2008 at 06:01:39PM -0700, Linda W wrote: Jeremy Allison wrote: This is a bug in default 3.2 which I fixed recently. These are Windows alternate data streams, and Samba 3.0.x refuses to create them entirely. Samba 3.2 has a VFS module which will store them in xattr's streams_xattr, and one that will store them in a db in the filesystem (streams_depot) so you can either enable them for the share, or wait for 3.2.1 (due August) which will filter them out if you don't explicitly enable them. Sorry for the problem. Ah...no biggie-- just was upgrading samba and didn't know if I'd misconfigured something else... :-) I have the patch (it's very simple) if you would like it. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using LDAP, no PDC/BDC, for multiple samba servers
yes to share a single set of users/groups in LDAP to multiple samba servers you will need LDAP and a PDC and the other servers will be BDCs. yes you will join BDC's with net rpc join -D domain -S pdc_server_name -U root%password read chapter 5.3 of samba 3 by example.pdf Soohoon Lee wrote: Thanks, 'sharing LDAP server' is to share the same set of users/groups in the LDAP DB, not separate sets of users/groups for each samba servers. It looks like PDC ??? maybe what I want is more like NIS. So IIUC, to share a single set of users/groups in the LDAP server from multiple samba servers, I need LDAP and samba DC? And samba servers have to join the samba DC by net rpc join? Thanks a lot. Soohoon. On Fri, Aug 1, 2008 at 11:22 AM, Adam Williams [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: sure you can have multiple domains with all the account info in LDAP. if you really want it to work together well you'll have a PDC and BDC's though. you may be able to try samba intertrust relationships, but i've never used that Soohoon Lee wrote: Thanks all This is my smb.conf [global] dos charset = UTF-8 workgroup = DOMSMB security = user allow trusted domains = No password server = NULL passdb backend = ldapsam:ldap://10.17.124.190/ http://10.17.124.190/ max log size = 50 load printers = No stat cache = No os level = 10 dns proxy = No ldap suffix = dc=my-domain,dc=com ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap ssl = no And I like to make multiple samba servers to share single LDAP server without using domain controller feature. I'm getting feeling that pure LDAP server is for single samba server or the LDAP server should have samba DC to serve multiple samba servers? Thanks, Soohoon. On Fri, Aug 1, 2008 at 7:02 AM, Lukasz Zalewski [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Lukasz Zalewski wrote: Adam Williams wrote: are you using security = user or security = domain on your multiple servers? Soohoon Lee wrote: Hi Is it possible to use single LDAP server and multiple samba servers? The problem I'm having now is Each server thinks their host name is their LDAP domain name, or sambaDomainName, and complain the user's SID is different so can't authenticate. How do I make samba servers use one domain name and SID? LDAP domain name is DOMSMB dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com sambaSID: S-1-5-21-2479917030-3150298425-213194246 And samba server created a new domain after its hostname. dn: sambaDomainName=SRV6,dc=my-domain,dc=com sambaSID: S-1-5-21-4202146032-850913369-3381557932 And complain user's SID is different from its SID. Thanks, Soohoon. We have student domain and staff domain and one LDAP server. We wanted staff members to log onto student domain. So we considered two options: 1. Interdomain trust relationship (http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html) However this option was not good for us as we didn't want to open up the firewall and we wanted staff members to get the proper student experience (i.e. home dirs and profiles on the student server). So that brought us to the second option: 2. ldap translucent proxy overlay (http://linux.die.net/man/5/slapo-translucent) In this setting we override sids (i.e. domain sid part of the staff domain is substituted with student domain portion of the sid) for users and groups and point samba to the overlay. Bear in mind that all of the changes make by samba like machine passwords, user passwords, idmap mappings etc will go no further than the proxy so great care must be taken in LDAP setups that use referrals. Now the most important question is what do you use you two domains for? HTH Lukasz Ah sorry I didn't read the Subject line properly you do not want PDC. As Andy pointed out maybe you should have one of the servers as a domain
[Samba] INFO Request: Samba PDC, Windows NT4 Style, Failure to Add Trusted Machine
Here's my document reference point: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#machine-trust-accounts I've had some moderate success setting up this Samba network. But, it's failing at adding a Windows XP Pro machine to the trusted machine list, or it's disallowing it to log in. This explanation is as complete as I can make it, so it will be long. My config is at the bottom of the message Using: FreeBSD 7 Stable Samba 3.0.31_1,1 Windows XP Professional, SP3 Logging in as Administrator local Trying to add to domain by adding it through System = Computer Name, etc. Presently, I'm using (in smb.conf): security = user The goals are to set up a PDC Samba machine, acting as the PDC, with local accounts for Samba, allowing a hand full of Windows XP Professional machines to log in via the domain and a domain user. I'm not using LDAP, am running Samba 3 (which is apparently syntactically different than 2.X in configs). 1) Added trusted machine according to documents. 2) Added user accounts, which log in fine remotely via the windows network browser to view, upload, change files -- I can even map a device. But, I can't log in as a member of the domain from the Windows XP Pro machine. 3) Trying to add the trusted machine to the domain. That doesn't work from the Windows box. It first tells me that the machine is not in the list of machines on the domain, and then says the user cannot be found when I key in the user/pass/domain details in the login box. I've added the machine account to the pw file in BSD. vipw reveals: winbox$:*:101:100::0:0:Windows winbox:/dev/null:/sbin/nologin I've added the group machines to the groups file. /etc/groups reveals: machines:*:100: I've added the machine via command line to the Samba user db. root# smbpasswd -a -m winbox So, I figured I can just log into the Windows machine as local Administrator, go to Control Panel, System, Computer Name, Network ID and walk through the wizard to add the computer to the domain. I get this error: Windows can not find an account for your computer on the MYDOMAIN domain. My config: [global] workgroup = WORKGROUP server string = Samba Server netbios name = SMBSERVER security = user hosts allow = 192.168.1. 192.168.2. 127. 10.10.10. log file = /var/log/samba/log.%m max log size = 50 passdb backend = tdbsam local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes wins support = yes hide unreadable = yes hide dot files = yes nt acl support = yes inherit acls = yes ;map acl inherit = yes [homes] comment = Home Directories browseable = no writable = yes [data] comment = Data Drive path = /home/sambashare ; force user = [some-username] force group = sambadata read only = No guest ok = No -- Jason A. Nunnelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using LDAP, no PDC/BDC, for multiple samba servers
Thanks, now it's crystal clear. One thing I like to ask more is why other servers will be BDC? Not just a workstation or a DC client? Where do they backup or cache account info? Will smb.conf look different from using NT4 PDC? Thanks, Soohoon. On Fri, Aug 1, 2008 at 11:58 AM, Adam Williams [EMAIL PROTECTED]wrote: yes to share a single set of users/groups in LDAP to multiple samba servers you will need LDAP and a PDC and the other servers will be BDCs. yes you will join BDC's with net rpc join -D domain -S pdc_server_name -U root%password read chapter 5.3 of samba 3 by example.pdf Soohoon Lee wrote: Thanks, 'sharing LDAP server' is to share the same set of users/groups in the LDAP DB, not separate sets of users/groups for each samba servers. It looks like PDC ??? maybe what I want is more like NIS. So IIUC, to share a single set of users/groups in the LDAP server from multiple samba servers, I need LDAP and samba DC? And samba servers have to join the samba DC by net rpc join? Thanks a lot. Soohoon. On Fri, Aug 1, 2008 at 11:22 AM, Adam Williams [EMAIL PROTECTED]wrote: sure you can have multiple domains with all the account info in LDAP. if you really want it to work together well you'll have a PDC and BDC's though. you may be able to try samba intertrust relationships, but i've never used that Soohoon Lee wrote: Thanks all This is my smb.conf [global] dos charset = UTF-8 workgroup = DOMSMB security = user allow trusted domains = No password server = NULL passdb backend = ldapsam:ldap://10.17.124.190/ max log size = 50 load printers = No stat cache = No os level = 10 dns proxy = No ldap suffix = dc=my-domain,dc=com ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap ssl = no And I like to make multiple samba servers to share single LDAP server without using domain controller feature. I'm getting feeling that pure LDAP server is for single samba server or the LDAP server should have samba DC to serve multiple samba servers? Thanks, Soohoon. On Fri, Aug 1, 2008 at 7:02 AM, Lukasz Zalewski [EMAIL PROTECTED]wrote: Lukasz Zalewski wrote: Adam Williams wrote: are you using security = user or security = domain on your multiple servers? Soohoon Lee wrote: Hi Is it possible to use single LDAP server and multiple samba servers? The problem I'm having now is Each server thinks their host name is their LDAP domain name, or sambaDomainName, and complain the user's SID is different so can't authenticate. How do I make samba servers use one domain name and SID? LDAP domain name is DOMSMB dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com sambaSID: S-1-5-21-2479917030-3150298425-213194246 And samba server created a new domain after its hostname. dn: sambaDomainName=SRV6,dc=my-domain,dc=com sambaSID: S-1-5-21-4202146032-850913369-3381557932 And complain user's SID is different from its SID. Thanks, Soohoon. We have student domain and staff domain and one LDAP server. We wanted staff members to log onto student domain. So we considered two options: 1. Interdomain trust relationship ( http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html) However this option was not good for us as we didn't want to open up the firewall and we wanted staff members to get the proper student experience (i.e. home dirs and profiles on the student server). So that brought us to the second option: 2. ldap translucent proxy overlay ( http://linux.die.net/man/5/slapo-translucent) In this setting we override sids (i.e. domain sid part of the staff domain is substituted with student domain portion of the sid) for users and groups and point samba to the overlay. Bear in mind that all of the changes make by samba like machine passwords, user passwords, idmap mappings etc will go no further than the proxy so great care must be taken in LDAP setups that use referrals. Now the most important question is what do you use you two domains for? HTH Lukasz Ah sorry I didn't read the Subject line properly you do not want PDC. As Andy pointed out maybe you should have one of the servers as a domain member of the other domain Lukasz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using LDAP, no PDC/BDC, for multiple samba servers
Those samba servers only serve files, so no login is allowed and I only modifed /etc/nsswitch.conf. Thanks, On Fri, Aug 1, 2008 at 12:17 PM, Soohoon Lee [EMAIL PROTECTED] wrote: Thanks, now it's crystal clear. One thing I like to ask more is why other servers will be BDC? Not just a workstation or a DC client? Where do they backup or cache account info? Will smb.conf look different from using NT4 PDC? Thanks, Soohoon. On Fri, Aug 1, 2008 at 11:58 AM, Adam Williams [EMAIL PROTECTED] wrote: yes to share a single set of users/groups in LDAP to multiple samba servers you will need LDAP and a PDC and the other servers will be BDCs. yes you will join BDC's with net rpc join -D domain -S pdc_server_name -U root%password read chapter 5.3 of samba 3 by example.pdf Soohoon Lee wrote: Thanks, 'sharing LDAP server' is to share the same set of users/groups in the LDAP DB, not separate sets of users/groups for each samba servers. It looks like PDC ??? maybe what I want is more like NIS. So IIUC, to share a single set of users/groups in the LDAP server from multiple samba servers, I need LDAP and samba DC? And samba servers have to join the samba DC by net rpc join? Thanks a lot. Soohoon. On Fri, Aug 1, 2008 at 11:22 AM, Adam Williams [EMAIL PROTECTED] wrote: sure you can have multiple domains with all the account info in LDAP. if you really want it to work together well you'll have a PDC and BDC's though. you may be able to try samba intertrust relationships, but i've never used that Soohoon Lee wrote: Thanks all This is my smb.conf [global] dos charset = UTF-8 workgroup = DOMSMB security = user allow trusted domains = No password server = NULL passdb backend = ldapsam:ldap://10.17.124.190/ max log size = 50 load printers = No stat cache = No os level = 10 dns proxy = No ldap suffix = dc=my-domain,dc=com ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap ssl = no And I like to make multiple samba servers to share single LDAP server without using domain controller feature. I'm getting feeling that pure LDAP server is for single samba server or the LDAP server should have samba DC to serve multiple samba servers? Thanks, Soohoon. On Fri, Aug 1, 2008 at 7:02 AM, Lukasz Zalewski [EMAIL PROTECTED]wrote: Lukasz Zalewski wrote: Adam Williams wrote: are you using security = user or security = domain on your multiple servers? Soohoon Lee wrote: Hi Is it possible to use single LDAP server and multiple samba servers? The problem I'm having now is Each server thinks their host name is their LDAP domain name, or sambaDomainName, and complain the user's SID is different so can't authenticate. How do I make samba servers use one domain name and SID? LDAP domain name is DOMSMB dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com sambaSID: S-1-5-21-2479917030-3150298425-213194246 And samba server created a new domain after its hostname. dn: sambaDomainName=SRV6,dc=my-domain,dc=com sambaSID: S-1-5-21-4202146032-850913369-3381557932 And complain user's SID is different from its SID. Thanks, Soohoon. We have student domain and staff domain and one LDAP server. We wanted staff members to log onto student domain. So we considered two options: 1. Interdomain trust relationship ( http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html) However this option was not good for us as we didn't want to open up the firewall and we wanted staff members to get the proper student experience (i.e. home dirs and profiles on the student server). So that brought us to the second option: 2. ldap translucent proxy overlay ( http://linux.die.net/man/5/slapo-translucent) In this setting we override sids (i.e. domain sid part of the staff domain is substituted with student domain portion of the sid) for users and groups and point samba to the overlay. Bear in mind that all of the changes make by samba like machine passwords, user passwords, idmap mappings etc will go no further than the proxy so great care must be taken in LDAP setups that use referrals. Now the most important question is what do you use you two domains for? HTH Lukasz Ah sorry I didn't read the Subject line properly you do not want PDC. As Andy pointed out maybe you should have one of the servers as a domain member of the other domain Lukasz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] INFO Request: Samba PDC, Windows NT4 Style, Failure to Add Trusted Machine
My self-reply is meant to clarify: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ClientConfig.html#id2570436 When I'm adding my computer to the domain, I end up with an error directly after Step 6. I never get to the place where it asks for a username and password. -- Jason A. Nunnelley JasonN.com is my website - all opinions expressed were mine at some point. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.31 stills fails to read and write to socket.
On Fri, Aug 01, 2008 at 10:46:54AM -0500, Jose Santiago Oyervides wrote: Hi, I recently upgraded my servers from 3.0.28 to 3.0.31 trying to solve the winbind issue previously reported (Bug# 5551) but the issue is still happening in my servers. I have an ftp server (vsftpd), configured to use pam_winbind with krb5_auth and I see some random disconnects and my users cant login. My samba servers are member of a Windows 2003 domain. The relevant lines on my log.wb-OTHERDOMAIN are saying that the write to the socket failed because the connection was reset by peer, this happened also on 3.0.28, i was hoping that 3.0.31 fix this issue. Im including my configuration and my log files. This happens only when pam_winbind authenticates users of other domains, sometimes it gets fixed itself because in my krb5.conf i have configured several domain controllers for the other domains and it changes the connections to the next server, but sometimes it gets stuck with one failed server and all my users cant login for a while. This is your problem : config [/var/lib/samba/smb_krb5/krb5.conf.MYDOMAIN] [2008/07/31 10:03:55, 10] nsswitch/winbindd_pam.c:winbindd_raw_kerberos_login(580) got TGT for [EMAIL PROTECTED] in MEMORY:winbindd_pam_ccache (valid until: Thu, 31 Jul 2008 20:03:57 CDT (1217552637), renewable till: Thu, 31 Jul 2008 20:03:57 CDT (1217552617)) [2008/07/31 10:04:05, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 2 seconds to cope with clock skew Note the 30 second gap in timestamps. Looks like the call : krb5_ret = cli_krb5_get_ticket(local_service, time_offset, tkt, session_key_krb5, 0, cc, NULL); at line 604: in nsswitch/winbindd_pam.c is taking ages to contact a KDC. Do you have DNS resolution issues ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can I remove all printer functions by simply add some build option?
On Fri, Aug 01, 2008 at 06:04:59PM +0800, wrote: Hi, I'm trying to transplant samba 3.2 to my mips board. I did it but smbd is too big, about 8MB, I decided to reduce the code size. I just want the file share/display funcs between my box and windows PC. The first function I want to drop is network printer. So is there a specific option to drop all printer code? It seems to take quite a lot of time to let me comment out things I don't need. BTW, any suggestions to lose the code size according to my feature reqirement is welcome. I tried -Os and strip things, it seems the smallest binary size is 6.4MB, I still can't afford it... There's no easy way to do this I'm afraid. You'll need to hack Samba quite a bit to remove this. You could try removing PIPE_SPOOLSS from the handled pipes table then hack out all the connecting RPC functions. That might do it. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Vista
Mike Eggleston [EMAIL PROTECTED] wrote: The change I made in my vista boxes is: Start-Run-secpol.mscENTER Local Policies-Security Options set to: Network Security: LAN Manager authentication level-Send LM NTLM - use NTLMv2 session security if negotiated OK File-Exit Thanks Mike. I'll try that tonight. Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Troubles with PDC move
Adam Williams wrote: have to load the user's NTUSER.DAT as administrator in redegit, click on HKEY_LOCAL_MACHONE, then under file, click load hive, load their NTUSER.DAT, name it something, right click, permissions, amke sure it has DOMAIN\USER for the person that should own it. if not, you can add permissions for that user. then unload hive, put their NTUSER.DAT back, and try logging in as that user again and see what happens. one way to see if you have a registry permission problem is to right click on their my documetns and change the target to z:\my documents or whatever drive letter you have available. if it works, you don't have a registry permissions problem, if it says unable to change target, then you do and will have to do the hive proceedure to fix it. I attempted this test and I get back The location you requested is not allowed as a target. Please choose a new location. I was attempting to change from the default C:\... to the H:\ (network user Home drive) Is this the error message you are referring to? Also I did then try the hive fix and that did not help, I appeart to have this issue with ALL of the accounts I am trying to move, any advice on why they all would have crashed? Aaron Aaron Johnson wrote: Adam Williams wrote: check the permissions on the registry hive? Where is this and how would I check it? does the new server have the same SID as the old one? Yes double checked the domain SID also already. Aaron Aaron Johnson wrote: Versions: Old Server: Ubuntu 6.06 Samba 3.0.25a New Server Centos 5.2 Samba 3.0.25b I have moved all the *.tdb, samba configs, login scripts, files, unix user UIDs and groups have also been moved over, all appear to be working without any trouble. I can login to a computer that is part of the domain and my roaming desktop loads. The Issue: While the roaming desktop, and settings such as Firefox and Thunderbird load correctly, the Windows setting that control things such as Recent Programs list in the start menu, ordering of Icons on the desktop, and theme are not loaded. Or is this a bug I should file with samba team? Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB share and .mdb files?
On Fri, Aug 01, 2008 at 10:21:54AM +0200, Hannes Gnad wrote: Hi. With samba 3.0.25b as part of Mac OS X 10.5.4 Server, I'm encountering issues with .mdb files: Some Windows apps use client software on local machines and one Microsoft Access database on the SMB share. Everything works fine, as long as there's only one client using the .mdb file. As soon as a second client tries to access (and write!) to the .mdb file, the clients on the Windows machines report broken network connections and crash. In Server-Admin/File-Sharing, the shares are open for SMB only, oplock and strict locking both off. No ACL, Posix permission admin r/w, group r/w, other r. Turn strict locking back on, or at least to Auto. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.31 stills fails to read and write to socket.
Hi Jeremy, I think i could be DNS resolution like you say, since this problem only happens with accounts from other domains. I have had troubles in the past in order to get DNS resolution to work, because this server also has a public postfix server, so If I configured the internal DNS the external resolution didn't work and viceversa, in order to cope with this issue I configured and internal DNS server with both internal and external resolution and that seemed to work. If I ping the domain controllers from any another domain it responds very fast, since I have all DC's in /etc/hosts and /etc/samba/lmhosts and in my nsswitch.conf I have configured this: hosts: files wins dns winbind and in /etc/samba/smb.conf I have name resolve order=lmhosts wins bcast. Would it help if I configured the Ip address in my krb5.conf for all domains instead of their name? Why in /var/lib/samba/smb_krb5 is only created krb5.conf.MYDOMAIN and not the file for the others domains? May be this has somethng to do... Regards, Jose Santiago Oyervides. On Fri, Aug 1, 2008 at 12:19 PM, Jeremy Allison [EMAIL PROTECTED] wrote: On Fri, Aug 01, 2008 at 10:46:54AM -0500, Jose Santiago Oyervides wrote: Hi, I recently upgraded my servers from 3.0.28 to 3.0.31 trying to solve the winbind issue previously reported (Bug# 5551) but the issue is still happening in my servers. I have an ftp server (vsftpd), configured to use pam_winbind with krb5_auth and I see some random disconnects and my users cant login. My samba servers are member of a Windows 2003 domain. The relevant lines on my log.wb-OTHERDOMAIN are saying that the write to the socket failed because the connection was reset by peer, this happened also on 3.0.28, i was hoping that 3.0.31 fix this issue. Im including my configuration and my log files. This happens only when pam_winbind authenticates users of other domains, sometimes it gets fixed itself because in my krb5.conf i have configured several domain controllers for the other domains and it changes the connections to the next server, but sometimes it gets stuck with one failed server and all my users cant login for a while. This is your problem : config [/var/lib/samba/smb_krb5/krb5.conf.MYDOMAIN] [2008/07/31 10:03:55, 10] nsswitch/winbindd_pam.c:winbindd_raw_kerberos_login(580) got TGT for [EMAIL PROTECTED] in MEMORY:winbindd_pam_ccache (valid until: Thu, 31 Jul 2008 20:03:57 CDT (1217552637), renewable till: Thu, 31 Jul 2008 20:03:57 CDT (1217552617)) [2008/07/31 10:04:05, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 2 seconds to cope with clock skew Note the 30 second gap in timestamps. Looks like the call : krb5_ret = cli_krb5_get_ticket(local_service, time_offset, tkt, session_key_krb5, 0, cc, NULL); at line 604: in nsswitch/winbindd_pam.c is taking ages to contact a KDC. Do you have DNS resolution issues ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.31 stills fails to read and write to socket.
On Fri, Aug 01, 2008 at 12:50:48PM -0500, Jose Santiago Oyervides wrote: Hi Jeremy, I think i could be DNS resolution like you say, since this problem only happens with accounts from other domains. I have had troubles in the past in order to get DNS resolution to work, because this server also has a public postfix server, so If I configured the internal DNS the external resolution didn't work and viceversa, in order to cope with this issue I configured and internal DNS server with both internal and external resolution and that seemed to work. If I ping the domain controllers from any another domain it responds very fast, since I have all DC's in /etc/hosts and /etc/samba/lmhosts and in my nsswitch.conf I have configured this: hosts: files wins dns winbind and in /etc/samba/smb.conf I have name resolve order=lmhosts wins bcast. Try taking wins out of the /etc/nsswitch.conf hosts line. It may be recursing into winbindd. Alternatively ensure that dns is second after files. Would it help if I configured the Ip address in my krb5.conf for all domains instead of their name? Why in /var/lib/samba/smb_krb5 is only created krb5.conf.MYDOMAIN and not the file for the others domains? May be this has somethng to do... Yes, an explicit IP address would help, but if DNS is working correctly you shouldn't need that. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.31 stills fails to read and write to socket.
Thanks Jeremy, I wil follow your recommendations and let you know what happens. Regards Jose Santiago Oyervides. On Fri, Aug 1, 2008 at 12:59 PM, Jeremy Allison [EMAIL PROTECTED] wrote: On Fri, Aug 01, 2008 at 12:50:48PM -0500, Jose Santiago Oyervides wrote: Hi Jeremy, I think i could be DNS resolution like you say, since this problem only happens with accounts from other domains. I have had troubles in the past in order to get DNS resolution to work, because this server also has a public postfix server, so If I configured the internal DNS the external resolution didn't work and viceversa, in order to cope with this issue I configured and internal DNS server with both internal and external resolution and that seemed to work. If I ping the domain controllers from any another domain it responds very fast, since I have all DC's in /etc/hosts and /etc/samba/lmhosts and in my nsswitch.conf I have configured this: hosts: files wins dns winbind and in /etc/samba/smb.conf I have name resolve order=lmhosts wins bcast. Try taking wins out of the /etc/nsswitch.conf hosts line. It may be recursing into winbindd. Alternatively ensure that dns is second after files. Would it help if I configured the Ip address in my krb5.conf for all domains instead of their name? Why in /var/lib/samba/smb_krb5 is only created krb5.conf.MYDOMAIN and not the file for the others domains? May be this has somethng to do... Yes, an explicit IP address would help, but if DNS is working correctly you shouldn't need that. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error creating administrators
[2008/08/01 10:02:23, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client 10.10.10.190. Error = Connection reset by peer [2008/08/01 10:07:58, 0] auth/auth_util.c:create_builtin_administrators(844) create_builtin_administrators: Failed to create Administrators [2008/08/01 10:07:58, 0] auth/auth_util.c:create_builtin_administrators(844) create_builtin_administrators: Failed to create Administrators [2008/08/01 10:07:58, 0] auth/auth_util.c:create_builtin_administrators(844) create_builtin_administrators: Failed to create Administrators [2008/08/01 10:07:58, 0] auth/auth_util.c:create_builtin_users(810) create_builtin_users: Failed to create Users [2008/08/01 10:07:58, 0] auth/auth_util.c:create_builtin_users(810) create_builtin_users: Failed to create Users [2008/08/01 10:07:58, 0] auth/auth_util.c:create_builtin_users(810) create_builtin_users: Failed to create Users [2008/08/01 10:07:58, 0] lib/util_sock.c:read_data(534) Anyone ever seen/fixed this? -- Jason A. Nunnelley JasonN.com is my website - all opinions expressed were mine at some point. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error creating administrators
Hallo, Jason, Du (jason) meintest am 01.08.08: [2008/08/01 10:07:58, 0] auth/auth_util.c:create_builtin_administrato rs(844)create_builtin_administrators: Failed to create Administrators [2008/08/01 10:07:58, 0] auth/auth_util.c:create_builtin_administrators(844) create_builtin_administrators: Failed to create Administrators [2008/08/01 10:07:58, 0] auth/auth_util.c:create_builtin_administrato rs(844)create_builtin_administrators: Failed to create Administrators [2008/08/01 10:07:58, 0] auth/auth_util.c:create_builtin_users(810)create_builtin_users: Failed to create Users [2008/08/01 10:07:58, 0] Stop winbindd, don't run winbindd. Do you really need winbindd? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to modify TDB passwd ERROR
I'm trying to track down why I can't seem to add a computer to the domain. I've looked high and low to no avail. Right now, when I try to add the computer as a trusted machine, I've added it to the Unix passwd dB with the appropriate machinename$ and the added the machine to the dmbpasswd via: smbpasswd -a -m machinename But, when I go to add the machine to the domain, I get the error that this computer has no account on the domain. It then gives me the screen to key in an administrator username and password (and the domain), and then I get a cant' find user or bad password, error from Windows. I assume that means I've not created a proper automated script, haven't properly elevated the user to the ADMINS GROUP or perhaps it can't talk to the SMB server properly. Here's what it shows in the log created by that machine's attempt to log onto the network: less /var/log/samba/log.app160 [2008/08/01 14:12:09, 0] passdb/pdb_tdb.c:tdb_update_ridrec_only(1308) Unable to modify TDB passwd ! Error: Record does not exist occured while storing the RID index (RID_01f4) [2008/08/01 14:12:09, 1] auth/auth_sam.c:check_sam_security(316) Failed to modify entry. Opinions welcome. -- Jason N -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] INFO Request: Samba PDC, Windows NT4 Style, Failure to Add Trusted Machine
is the windows xp comptuer named winbox in my computer properties, computer name? is the WINS SERVER ip address set to the IP of your samba server? Jason A. Nunnelley wrote: Here's my document reference point: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#machine-trust-accounts I've had some moderate success setting up this Samba network. But, it's failing at adding a Windows XP Pro machine to the trusted machine list, or it's disallowing it to log in. This explanation is as complete as I can make it, so it will be long. My config is at the bottom of the message Using: FreeBSD 7 Stable Samba 3.0.31_1,1 Windows XP Professional, SP3 Logging in as Administrator local Trying to add to domain by adding it through System = Computer Name, etc. Presently, I'm using (in smb.conf): security = user The goals are to set up a PDC Samba machine, acting as the PDC, with local accounts for Samba, allowing a hand full of Windows XP Professional machines to log in via the domain and a domain user. I'm not using LDAP, am running Samba 3 (which is apparently syntactically different than 2.X in configs). 1) Added trusted machine according to documents. 2) Added user accounts, which log in fine remotely via the windows network browser to view, upload, change files -- I can even map a device. But, I can't log in as a member of the domain from the Windows XP Pro machine. 3) Trying to add the trusted machine to the domain. That doesn't work from the Windows box. It first tells me that the machine is not in the list of machines on the domain, and then says the user cannot be found when I key in the user/pass/domain details in the login box. I've added the machine account to the pw file in BSD. vipw reveals: winbox$:*:101:100::0:0:Windows winbox:/dev/null:/sbin/nologin I've added the group machines to the groups file. /etc/groups reveals: machines:*:100: I've added the machine via command line to the Samba user db. root# smbpasswd -a -m winbox So, I figured I can just log into the Windows machine as local Administrator, go to Control Panel, System, Computer Name, Network ID and walk through the wizard to add the computer to the domain. I get this error: Windows can not find an account for your computer on the MYDOMAIN domain. My config: [global] workgroup = WORKGROUP server string = Samba Server netbios name = SMBSERVER security = user hosts allow = 192.168.1. 192.168.2. 127. 10.10.10. log file = /var/log/samba/log.%m max log size = 50 passdb backend = tdbsam local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes wins support = yes hide unreadable = yes hide dot files = yes nt acl support = yes inherit acls = yes ;map acl inherit = yes [homes] comment = Home Directories browseable = no writable = yes [data] comment = Data Drive path = /home/sambashare ; force user = [some-username] force group = sambadata read only = No guest ok = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with winbind's NSS module losing name mappings
I'm having an odd problem with the winbind NSS module losing name to ID number mappings after time, and I'm not sure where to look from here. The setup is an Windows 2000 (SBS) setup as an AD domain server, and an Ubuntu 7.10 joined to the AD using winbind as a member server. Authentication and name-to-ID mappings work great, and I never have any problems with authentication at all, but after anywhere from 20 minutes to 2 hours of being logged in UIDs and GIDs are no longer mapped. It used to be that if I logged out and back in, everything would be okay, but now it will resolve the name-to-ID mapping for the UID, but some of the GID mappings don't come up. I've enabled RID, and all the ID mappings are consistent, so it never gives me a different one. I've tried it both with and without nscd, just to see if the caching daemon would help. I've enabled detailed logging in the past, but haven't been able to find anything that would even seem like it'd be this problem. Any help or direction in this problem would be greatly appreciated. smb.conf: http://pastebin.com/m3e7122a3 nsswitch.conf: http://pastebin.com/d108e369a -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using LDAP, no PDC/BDC, for multiple samba servers
because you can only have one PDC. BDCs will authenticate connections against LDAP on the PDC, but you can have the BDCs use a replicated copy of LDAP on the BDC to authenticate with if you have slow WAN links, etc. the difference in smb.con is that the BDC's will have domain master = no, and wins server = ip of PDC and wins support = no, and if on a different subnet, local master = yes, if on same subnet, local master = no Soohoon Lee wrote: Thanks, now it's crystal clear. One thing I like to ask more is why other servers will be BDC? Not just a workstation or a DC client? Where do they backup or cache account info? Will smb.conf look different from using NT4 PDC? Thanks, Soohoon. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] INFO Request: Samba PDC, Windows NT4 Style, Failure to Add Trusted Machine
Adam Williams wrote: is the windows xp comptuer named winbox in my computer properties, I tried doing that. But, you get a chance to set it when it first fails. I've changed the computer name to the same machine name I've got on the Unix system (and in the smbpass db). That didn't solve the problem. is the WINS SERVER ip address set to the IP of your samba server? I've tried that also. It's not having a hard time finding the Samba box, I can see it and even browse the shares (once I log in with a user u/p) via Entire Network = Microsoft Windows Network. I did find some errors in the logs that may relate to that though. Here's the machine's log: note the PC's username is app160, same user in Unix and SMB tail -f /var/log/samba/log.app160 [2008/08/01 14:12:09, 0] passdb/pdb_tdb.c:tdb_update_ridrec_only(1308) Unable to modify TDB passwd ! Error: Record does not exist occured while storing the RID index (RID_01f4) [2008/08/01 14:12:09, 1] auth/auth_sam.c:check_sam_security(316) Failed to modify entry. Here was a similar error before I changed its name. tail -f /var/log/samba/log.app604-test [2008/08/01 04:03:56, 0] auth/auth_util.c:create_builtin_users(810) create_builtin_users: Failed to create Users [2008/08/01 09:53:36, 0] auth/auth_util.c:create_builtin_administrators(844) create_builtin_administrators: Failed to create Administrators [2008/08/01 09:53:36, 0] auth/auth_util.c:create_builtin_users(810) create_builtin_users: Failed to create Users [2008/08/01 12:46:12, 0] auth/auth_util.c:create_builtin_administrators(844) create_builtin_administrators: Failed to create Administrators [2008/08/01 12:46:12, 0] auth/auth_util.c:create_builtin_users(810) create_builtin_users: Failed to create Users Not sure of its relationship to this particular problem. -- Jason A. Nunnelley JasonN.com is my website - all opinions expressed were mine at some point. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB share and .mdb files?
On the topic of Access databases: All the Access databases we have are set to compact on close. I've noticed that since I moved the databases to a Samba server from a w2k server, I get db1.mdb, db2.mdb, etc. every day instead of only occasionally. mdb's are set in veto oplock files. Permissions are 2770 for administrator/Domain Admins, and acl's are used to r/w to these files. Inherit owner, permissions, and acls are all set to Yes. strict locking is the default auto. As someone earlier suggested, I tried force security mode as the fix for MS Office files. It didn't seem to have an effect on the mdb problem, and it stripped the acl's from excel spreadsheets. It seemed to override the inherit acls parameter. Is the mdb problem something I'll have to live with, or can it be remedied? Dale Jeremy Allison wrote: On Fri, Aug 01, 2008 at 10:21:54AM +0200, Hannes Gnad wrote: Hi. With samba 3.0.25b as part of Mac OS X 10.5.4 Server, I'm encountering issues with .mdb files: Some Windows apps use client software on local machines and one Microsoft Access database on the SMB share. Everything works fine, as long as there's only one client using the .mdb file. As soon as a second client tries to access (and write!) to the .mdb file, the clients on the Windows machines report broken network connections and crash. In Server-Admin/File-Sharing, the shares are open for SMB only, oplock and strict locking both off. No ACL, Posix permission admin r/w, group r/w, other r. Turn strict locking back on, or at least to Auto. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] INFO Request: Samba PDC, Windows NT4 Style, Failure to Add Trusted Machine
is the DOMAIN on your windows xp computer set to WORKGROUP or MYDOMAIN? because in smb.conf you have WORKGROUP, but in your previous email you said the error was giving MYDOMAIN. In my computer properties, computer name, the DOMAIN must equal whatever the workgroup = line is set to in smb.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to modify TDB passwd ERROR
Hallo, jason, Du meintest am 01.08.08 zum Thema [Samba] Unable to modify TDB passwd ERROR: I'm trying to track down why I can't seem to add a computer to the domain. I've looked high and low to no avail. Right now, when I try to add the computer as a trusted machine, I've added it to the Unix passwd dB with the appropriate machinename$ and the added the machine to the dmbpasswd via: smbpasswd -a -m machinename But, when I go to add the machine to the domain, I get the error that this computer has no account on the domain. http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/ClientConfig.html#id2570436 Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using LDAP, no PDC/BDC, for multiple samba servers
it communicates with the PDC for the SID string. it gets the account info/password/etc from LDAP. Soohoon Lee wrote: Then does BDC communicate with PDC or LDAP to get user accounts? It must be LDAP because I put in LDAP options? Or those options are used to store replicated copy and get original from PDC via non-LDAP procotols? Hew~, sorry for continuous questions but It really helps. On Fri, Aug 1, 2008 at 3:32 PM, Adam Williams [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: because you can only have one PDC. BDCs will authenticate connections against LDAP on the PDC, but you can have the BDCs use a replicated copy of LDAP on the BDC to authenticate with if you have slow WAN links, etc. the difference in smb.con is that the BDC's will have domain master = no, and wins server = ip of PDC and wins support = no, and if on a different subnet, local master = yes, if on same subnet, local master = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Vista
Mike Eggleston [EMAIL PROTECTED] wrote: The change I made in my vista boxes is: Start-Run-secpol.mscENTER Local Policies-Security Options set to: Network Security: LAN Manager authentication level-Send LM NTLM - use NTLMv2 session security if negotiated OK File-Exit I found that I don't have secpol.msc on my Vista box. I googled around and discovered that it is not supplied with the home edition of Vista but that the same thing can be accomplished but editing the registry. So I changed the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA from 3 to 2 (also tried all the other options) but I still get the same error message: session setup failed: NT_STATUS_LOGON_FAILURE Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Vista
Miguel Da Silva - Centro de Matemática [EMAIL PROTECTED] wrote: The change I made in my vista boxes is: Start-Run-secpol.mscENTER Local Policies-Security Options set to: Network Security: LAN Manager authentication level-Send LM NTLM - use NTLMv2 session security if negotiated OK File-Exit Mike If the problem is related to user authentication and the protocol used in client-server negotiation, maybe could be of some help use max protocol = LANMAN2 or max protocol = NTLM. And also try to use plain text passwords. Tried all that too but it didn't help. The way I understand it (which can be sum1med up as very poorly), if the registry key on the Vista box HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA\LMCompatibilityLevel is set to 3 and the smb.conf file has client ntlmv2 auth = yes then everything should be OK. I found this article: http://technet.microsoft.com/en-us/magazine/cc160954.aspx that helped a little. Are there any tests I can run that might help narrow it down to a problem with the user, the password, the Vista box or the Linux box? Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Vista
On Fri, 01 Aug 2008, Steve Blackwell might have said: Miguel Da Silva - Centro de Matemática [EMAIL PROTECTED] wrote: The change I made in my vista boxes is: Start-Run-secpol.mscENTER Local Policies-Security Options set to: Network Security: LAN Manager authentication level-Send LM NTLM - use NTLMv2 session security if negotiated OK File-Exit Mike If the problem is related to user authentication and the protocol used in client-server negotiation, maybe could be of some help use max protocol = LANMAN2 or max protocol = NTLM. And also try to use plain text passwords. Tried all that too but it didn't help. The way I understand it (which can be sum1med up as very poorly), if the registry key on the Vista box HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA\LMCompatibilityLevel is set to 3 and the smb.conf file has client ntlmv2 auth = yes then everything should be OK. I found this article: http://technet.microsoft.com/en-us/magazine/cc160954.aspx that helped a little. Are there any tests I can run that might help narrow it down to a problem with the user, the password, the Vista box or the Linux box? Steve Obvious and silly question did you boot the box after the registry change? Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo -u and -g work, getent passwd works, getent group DOES NOT WORK
Hi, I'm trying to get some Ubuntu8.04 clients to authenticate to an Ubuntu8.04 Samba domain controller. Everyone is running Samba 3.0.28a. Side question: should I upgrade to 3.2? Keep in mind that means finding binaries for ubuntu or compiling from source for a server and 20 clients. Basically wbinfo -u and -g work, getent passwd works, getent group DOES NOT WORK. My domain is called ORA and I've set up some test users,etc. See the output of wbinfo and getent below. Following the output of wbinfo is my smb.conf's for the server and client. When my domain users login everything works except that there's no group name, only a gid. in the log.winbind I get this: [2008/08/01 22:11:26, 1] nsswitch/winbindd_group.c:fill_grent_mem(365) could not lookup membership for group sid S-1-5-21-2023487214-2483299788-1506694197-1009 in domain ORA (error: NT_STATUS_NO_SUCH_GROUP) [2008/08/01 22:11:26, 0] nsswitch/winbindd_group.c:winbindd_getgrent(1110) could not lookup domain group ORA\bob3 output of getent and wbinfo -- [EMAIL PROTECTED]:~$ wbinfo -u ORA\bob3 ORA\smbadmin ORA\bob4 ORA\bob ORA\bob2 [EMAIL PROTECTED]:~$ wbinfo -g BUILTIN\administrators BUILTIN\users ORA\bob ORA\domain admins ORA\bob3 ORA\bob4 ORA\bob2 ORA\server admins ORA\hosts [EMAIL PROTECTED]:~$ getent passwd | egrep ORA ORA\bob3:*:31006:10513::/home/ORA/bob3:/bin/bash ORA\smbadmin:*:13016:10513::/home/ORA/smbadmin:/bin/bash ORA\bob4:*:31008:10513::/home/ORA/bob4:/bin/bash ORA\bob:*:13012:10513::/home/ORA/bob:/bin/bash ORA\bob2:*:31000:10513::/home/ORA/bob2:/bin/bash [EMAIL PROTECTED]:~$ getent group | egrep ORA [EMAIL PROTECTED]:~$ getent group | tail -5 sambashare:x:125:ubuntu01 winbindd_priv:x:126: dirmngr:x:127: BUILTIN\administrators:x:1: BUILTIN\users:x:10001: [EMAIL PROTECTED]:~$ smbd -V Version 3.0.28a [EMAIL PROTECTED]:~$ smb.conf for server: [global] log level = 2 workgroup = ORA netbios name = SAMBA1 server string = %h server (Samba, Ubuntu) passdb backend = tdbsam security = user encrypt passwords = yes domain logons = yes preferred master = yes logon path = logon home = logon drive = P: enable privileges = yes domain master = yes os level = 33 local master = yes add machine script = /usr/sbin/useradd -g hosts -s /bin/false '%u' add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel '%u' rename user script = /usr/sbin/usermod -l '%unew' '%uold' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -a -G '%g' '%u' delete user from group script = deluser '%u' '%g' set primary group script = /usr/sbin/usermod -g '%g' '%u' [public] path = /export/tmp read only = No [netlogon] comment = Net Logon service path = /data/netlogon read only = yes write list = +ntadmin [profiles] comment = User roaming profiles path = /data/profiles valid users = %U create mask = 0600 directory mask = 0700 read only = no guest ok = no [homes] comment = Home directory for %U read only = no valid users = %S smb.conf for client - [global] workgroup = ORA server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = Domain encrypt passwords = true password server = samba1 passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user socket options = TCP_NODELAY allow trusted domains = no idmap backend = rid:ORA=1-200 idmap uid = 1-200 idmap gid = 1-200 template shell = /bin/bash template homedir = /home/%D/%U winbind cache time = 0 winbind enum users = yes winbind enum groups = yes usershare allow guests = yes [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Connecting to OSX machines with user name/passwd different than login name/passwd
Sorry for the long post - but this is a unique situation as the clients (iMacs) are controlled by our central school district IT dept. As the local tech guy at a high school I'm allowed some control - creativity, but not much. End goal: Setup a linux file server using samba to connect to tightly controlled macs in a school setting. I said tightly controlled because the district IT folks control the OSX image that is loaded on all macs at our school. The issue is the space provided to students (on the district servers) is very limited. For specific classes I want to have a local linux server for students to save large files. OSX environment: Students will login under a generic login asStudent --- no password. Every student has a unique 8 digit ID (and currently they use their ID and password to access the districts own servers). I will not be able to alter network settings etc. on the iMac clients - loading special SW is possible but not desired. Linux environment: Ideally I would create a an account for each student ( their ID and an assigned passwd) so each student would have their own file space to store project files. If this is not possible I could go with a single shared space --- but you know someone will eventually delete someone else's files. Current Progress: I have an Ubuntu file server running samba. Samba is setup using tdbsam (thats just the way I set it up) and I am able to connect to both a XP machine and a mac (this is at my home so this is a standard OSX load). However, I can only attach to samba if I use accounts with identical user names and passwords that also exist on the linux server - XP machine - mac. So all 3 machines have a user called Bert and all have the same password for the Bert account. If I have an account named Sam on the linux server and try to get to it from the Bert account (on the mac) I get an error The alias my server name could not be opened, because the original item cannot be found. I am attempting to connect on the mac using the Go - Connect to Server -then browse finding the server under the workgroup name its broadcasting. How can I get around this need to have identical accounts/passwds on both the clients and the server ? Thanks for any help - tips in advance Henry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3474-gf67b6fd
The branch, v3-3-test has been updated via f67b6fd97e177a527e896861f337c2e70541f697 (commit) from d46f648d2e25ad712138f02e5060288278f4c1b1 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit f67b6fd97e177a527e896861f337c2e70541f697 Author: Karolin Seeger [EMAIL PROTECTED] Date: Fri Aug 1 14:10:28 2008 +0200 Samba3 HowTo: Fix duplicate chapter id. Karolin --- Summary of changes: docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml b/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml index cc8b105..2a4bfb9 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml @@ -1,6 +1,6 @@ ?xml version=1.0 encoding=iso-8859-1? !DOCTYPE chapter PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN http://www.samba.org/samba/DTD/samba-doc; -chapter id=msdfs +chapter id=tdb chapterinfo author.jht; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2780-g7359f89
The branch, v3-2-test has been updated via 7359f89ded09a0916a42d696a217d3100aab25d2 (commit) from b562b97872f51abe1bd2fb4d61d91c464d1d0840 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 7359f89ded09a0916a42d696a217d3100aab25d2 Author: Karolin Seeger [EMAIL PROTECTED] Date: Fri Aug 1 14:10:28 2008 +0200 Samba3 HowTo: Fix duplicate chapter id. Karolin (cherry picked from commit f67b6fd97e177a527e896861f337c2e70541f697) --- Summary of changes: docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml b/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml index cc8b105..2a4bfb9 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml @@ -1,6 +1,6 @@ ?xml version=1.0 encoding=iso-8859-1? !DOCTYPE chapter PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN http://www.samba.org/samba/DTD/samba-doc; -chapter id=msdfs +chapter id=tdb chapterinfo author.jht; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0-108-g5d5e171
The branch, v3-2-stable has been updated via 5d5e171ecc1e7f61f5d5ce2449fb5abd6d3b8f44 (commit) from 90ac4f202c5413dbe1353306f3b6a2e555c1b407 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 5d5e171ecc1e7f61f5d5ce2449fb5abd6d3b8f44 Author: Karolin Seeger [EMAIL PROTECTED] Date: Fri Aug 1 14:10:28 2008 +0200 Samba3 HowTo: Fix duplicate chapter id. Karolin (cherry picked from commit f67b6fd97e177a527e896861f337c2e70541f697) (cherry picked from commit 7359f89ded09a0916a42d696a217d3100aab25d2) --- Summary of changes: docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml b/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml index cc8b105..2a4bfb9 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml @@ -1,6 +1,6 @@ ?xml version=1.0 encoding=iso-8859-1? !DOCTYPE chapter PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN http://www.samba.org/samba/DTD/samba-doc; -chapter id=msdfs +chapter id=tdb chapterinfo author.jht; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-198-gc01fee8
The branch, v4-0-test has been updated
via c01fee80a79cd9e0f7bb295333bb03bd37328d05 (commit)
via 699e3cdb52acdf2524347d8c053730306c579dd9 (commit)
via c2cc8ef943e8c2e02edb1eb20214de245cc6914c (commit)
via afd07073b9caa4b5f7d2ad747e79afaec4203506 (commit)
from 816bb64a56a75d1eb5e879b4abf211af27243686 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit c01fee80a79cd9e0f7bb295333bb03bd37328d05
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 16:10:06 2008 +0200
auth/ntlmssp: don't crash when the backend give no challenge
metze
commit 699e3cdb52acdf2524347d8c053730306c579dd9
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 15:53:01 2008 +0200
auth_server: fix the logic of server_get_challenge()
metze
commit c2cc8ef943e8c2e02edb1eb20214de245cc6914c
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 15:19:27 2008 +0200
auth_server: fix segfault reported by Julien Kerihuel [EMAIL PROTECTED]
metze
commit afd07073b9caa4b5f7d2ad747e79afaec4203506
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 09:20:46 2008 +0200
Revert Start implementind domain trusts in our KDC.
This reverts commit 736ce50afd9da9b5fbc3db777fd5341dfa4b721a.
This breaks the build...
metze
---
Summary of changes:
source/auth/ntlm/auth_server.c | 10
source/auth/ntlmssp/ntlmssp_server.c |6 +
source/kdc/hdb-ldb.c | 40 ++
3 files changed, 18 insertions(+), 38 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/auth/ntlm/auth_server.c b/source/auth/ntlm/auth_server.c
index f154cf0..42606c1 100644
--- a/source/auth/ntlm/auth_server.c
+++ b/source/auth/ntlm/auth_server.c
@@ -70,7 +70,7 @@ static NTSTATUS server_get_challenge(struct
auth_method_context *ctx, TALLOC_CTX
io.in.called_name = strupper_talloc(mem_ctx, io.in.dest_host);
/* We don't want to get as far as the session setup */
- io.in.credentials = NULL;
+ io.in.credentials = cli_credentials_init_anon(mem_ctx);
io.in.service = NULL;
io.in.workgroup = ; /* only used with SPNEGO, disabled above */
@@ -79,10 +79,10 @@ static NTSTATUS server_get_challenge(struct
auth_method_context *ctx, TALLOC_CTX
status = smb_composite_connect(io, mem_ctx,
lp_resolve_context(ctx-auth_ctx-lp_ctx),
ctx-auth_ctx-event_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- *_blob = io.out.tree-session-transport-negotiate.secblob;
- ctx-private_data = talloc_steal(ctx, io.out.tree-session);
- }
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ *_blob = io.out.tree-session-transport-negotiate.secblob;
+ ctx-private_data = talloc_steal(ctx, io.out.tree-session);
return NT_STATUS_OK;
}
diff --git a/source/auth/ntlmssp/ntlmssp_server.c
b/source/auth/ntlmssp/ntlmssp_server.c
index dfc5940..838596e 100644
--- a/source/auth/ntlmssp/ntlmssp_server.c
+++ b/source/auth/ntlmssp/ntlmssp_server.c
@@ -157,6 +157,10 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security
*gensec_security,
/* Ask our caller what challenge they would like in the packet */
cryptkey = gensec_ntlmssp_state-get_challenge(gensec_ntlmssp_state);
+ if (!cryptkey) {
+ DEBUG(1, (ntlmssp_server_negotiate: backend doesn't give a
challenge\n));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
/* Check if we may set the challenge */
if (!gensec_ntlmssp_state-may_set_challenge(gensec_ntlmssp_state)) {
@@ -614,6 +618,8 @@ static const uint8_t *auth_ntlmssp_get_challenge(const
struct gensec_ntlmssp_sta
status = auth_get_challenge(gensec_ntlmssp_state-auth_context, chal);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, (auth_ntlmssp_get_challenge: failed to get challenge:
%s\n,
+ nt_errstr(status)));
return NULL;
}
diff --git a/source/kdc/hdb-ldb.c b/source/kdc/hdb-ldb.c
index a997eb0..8f8ce30 100644
--- a/source/kdc/hdb-ldb.c
+++ b/source/kdc/hdb-ldb.c
@@ -853,8 +853,7 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context
context, HDB *db,
{
krb5_error_code ret;
struct ldb_message **msg = NULL;
- struct ldb_message **realm_ref_msg_1 = NULL;
- struct ldb_message **realm_ref_msg_2 = NULL;
+ struct ldb_message **realm_ref_msg = NULL;
struct ldb_dn *realm_dn;
krb5_principal alloc_principal = NULL;
@@ -865,18 +864,14 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context
context, HDB *db,
}
/* krbtgt case. Either us or a trusted realm */
-
if ((LDB_lookup_realm(context, (struct
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-201-g3817d65
The branch, v4-0-test has been updated via 3817d653faecb70bfafb850fe7d6e83aaed7e6d1 (commit) via d6c54a66fb23c784ef221a3c1cf766b72bdb5a0b (commit) via 8bd30a7b4392642ef5184f959d801716d2db20b2 (commit) from c01fee80a79cd9e0f7bb295333bb03bd37328d05 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 3817d653faecb70bfafb850fe7d6e83aaed7e6d1 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Fri Aug 1 11:17:48 2008 +0200 build with the new heimdal version commit d6c54a66fb23c784ef221a3c1cf766b72bdb5a0b Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Fri Aug 1 07:08:51 2008 +0200 heimdal: update to lorikeet-heimdal rev 801 metze commit 8bd30a7b4392642ef5184f959d801716d2db20b2 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Fri Aug 1 11:16:14 2008 +0200 build: allow flex-2.34 together with bison-2.3 metze --- Summary of changes: source/auth/kerberos/krb5_init_context.c |3 +- source/auth/kerberos/krb5_init_context.h |1 + source/build/make/lex_compile.sh | 13 +- source/build/make/yacc_compile.sh |4 +- source/heimdal/README | 23 +- source/heimdal/cf/check-var.m4 |3 +- source/heimdal/cf/find-func-no-libs.m4 |2 +- source/heimdal/cf/find-func-no-libs2.m4|2 +- source/heimdal/cf/find-func.m4 |2 +- source/heimdal/cf/resolv.m4|2 +- source/heimdal/kdc/default_config.c|4 +- source/heimdal/kdc/digest.c| 200 ++- source/heimdal/kdc/kaserver.c |8 +- source/heimdal/kdc/kerberos5.c | 14 +- source/heimdal/kdc/krb5tgs.c | 639 --- source/heimdal/kdc/kx509.c | 36 +- source/heimdal/kdc/misc.c | 11 +- source/heimdal/kdc/pkinit.c| 146 +- source/heimdal/kdc/process.c |9 +- source/heimdal/kdc/windc.c |6 +- source/heimdal/kdc/windc_plugin.h |4 +- source/heimdal/kuser/kinit.c | 61 +- source/heimdal/lib/asn1/der.h |2 +- source/heimdal/lib/asn1/der_free.c |2 +- source/heimdal/lib/asn1/gen.c | 17 +- source/heimdal/lib/asn1/k5.asn1| 24 +- source/heimdal/lib/asn1/lex.c | 73 +- source/heimdal/lib/asn1/lex.l |2 +- source/heimdal/lib/asn1/pkinit.asn1| 13 + source/heimdal/lib/asn1/test.gen |2 +- source/heimdal/lib/com_err/lex.c | 73 +- source/heimdal/lib/com_err/lex.l |2 +- source/heimdal/lib/gssapi/gssapi/gssapi.h | 137 +- source/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 95 +- source/heimdal/lib/gssapi/gssapi/gssapi_spnego.h |4 +- .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 75 +- .../heimdal/lib/gssapi/krb5/delete_sec_context.c |4 +- source/heimdal/lib/gssapi/krb5/display_status.c|4 +- source/heimdal/lib/gssapi/krb5/external.c | 177 ++- source/heimdal/lib/gssapi/krb5/get_mic.c |6 +- source/heimdal/lib/gssapi/krb5/gsskrb5_locl.h | 11 +- .../heimdal/lib/gssapi/krb5/import_sec_context.c |8 +- source/heimdal/lib/gssapi/krb5/init_sec_context.c | 272 ++- source/heimdal/lib/gssapi/krb5/set_cred_option.c |2 +- .../lib/gssapi/krb5/set_sec_context_option.c | 61 +- source/heimdal/lib/gssapi/krb5/unwrap.c|8 +- source/heimdal/lib/gssapi/krb5/verify_mic.c|6 +- source/heimdal/lib/gssapi/krb5/wrap.c | 14 +- source/heimdal/lib/gssapi/mech/gss_acquire_cred.c |4 +- source/heimdal/lib/gssapi/mech/gss_add_cred.c |4 +- .../lib/gssapi/mech/gss_add_oid_set_member.c |4 +- source/heimdal/lib/gssapi/mech/gss_buffer_set.c|8 +- .../lib/gssapi/mech/gss_canonicalize_name.c|4 +- source/heimdal/lib/gssapi/mech/gss_compare_name.c |4 +- source/heimdal/lib/gssapi/mech/gss_context_time.c |4 +- .../lib/gssapi/mech/gss_create_empty_oid_set.c |4 +- .../lib/gssapi/mech/gss_decapsulate_token.c|4 +- .../lib/gssapi/mech/gss_delete_sec_context.c |4 +- source/heimdal/lib/gssapi/mech/gss_display_name.c |4 +- .../heimdal/lib/gssapi/mech/gss_display_status.c |4 +- .../lib/gssapi/mech/gss_encapsulate_token.c|4 +- source/heimdal/lib/gssapi/mech/gss_export_name.c |4 +- .../lib/gssapi/mech/gss_export_sec_context.c |4 +-
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3528-g2d98ad5
The branch, v3-3-test has been updated via 2d98ad57f56ddd4318bc721929a3ca9ede189a25 (commit) via 635baf6b7d2a1822ceb48aa4bc47569ef19d51cc (commit) via 1072bd9f96ff3853e5ff58239123fc8c76a99063 (commit) via 9391aec8d4600c685b14d3cd1624f8758f2cc80d (commit) via 21385e1c635ea67215eb1da90e7dca97ae2f5d56 (commit) via 12e884f227e240860e49f9e41d8c1f45e10ad3be (commit) via a5f4e3ad95c26064881918f3866efa7556055a8f (commit) via 6047f7b68548b33a2c132fc455a2c6abb19a (commit) via f40eb8cc20a297c57f6db22e0c2457ce7425d00c (commit) via d0bd9195f04ae0f45c2e571d31625b31347f13e9 (commit) via 0f8ea8c049eb60f98d4939e520a5a562d2e6 (commit) via a013f926ae5aadf64e02ef9254306e32aea79e80 (commit) via 50b1673289f5c147bdb4953f3511a7afe783758c (commit) via 2360f0a19f0fb89798b814a02cfca335a4a35b6d (commit) via 0ddde9aae88e6244276e1c143056a4bfc7c7fcca (commit) via ec959b4609c3f4927a9f2811c46d738f9c78a914 (commit) via 6e53dc2db882d88470be5dfa1155b420fac8e6c5 (commit) via 012b33f1c52df086e4f20e7494248d98fbced76a (commit) via 93cda1aa0a627e81eff46547b247801aec2880a3 (commit) via 04fb9322d5f52d5cb3d9fe2a95dbfb2481ab7f9d (commit) via 47c8b3391cb1bb9656f93b55f9ea39c78b74ed36 (commit) via d745c1af405058ec23d7d0c139505576a99f9057 (commit) via d4b36e447bce8692416e132ab9f53a6282f54cac (commit) via 54e2dc1f4e0e2c7a6dcb171e51a608d831c8946e (commit) via 3c463745445f6b64017918f442bf1021be219e83 (commit) via d3354c3516b56f254583f3dd065302b27d02af2b (commit) via 9fbc3d49035123ec11cc2248f0b14661dd1e9b2d (commit) via 85c7e3ae29a6f25ed0b6917ff73baea9c6c905c6 (commit) via c83e54f1eb3021d13fb0a3c3f6b556a338d2a8c3 (commit) via 6913919e3a36ebff87a882ba589d36bcd0781ee6 (commit) via 717bd6f6c3ec94e3b8b5845c43717a5fbd41c38f (commit) via a6f61c05b270c82f4bfce8a6850f81a09ad29087 (commit) via 344428d96c9be87eae1d715a8b8fcd6ad02142f8 (commit) via 484b35f319178f360e406a1bc725dca2e9d95ee3 (commit) via 7a1d526cba4c93bb858a60d04b6486507fc25398 (commit) via d21ea83f9392c8fa002d5b924dddca4190e82d09 (commit) via f3c110097f2f6c5dd329f2ca595644c6a368a552 (commit) via cb91d07413430e0e0a16846d2c44aae8c165400e (commit) via 447b8b1122a35d4bc0ec0f88fb46d18cddcf6eb9 (commit) via 2b000a2acde8a09dabb538bdf89d7b885ce361d2 (commit) via f4a01178a3d8d71f416a3b67ce6b872420f211c0 (commit) via a2a88808df16d153f45337b740391d419d87e87a (commit) via d75b7a2052f1e447f2b3b63fdb054abef4403edf (commit) via 3a2a69137e69c4bd0faa6af22d17e11dac022049 (commit) via 61b41aa615d5d46305653845584df7b1803f07ec (commit) via bf17d6af6104d20019a43e5486257085b9786793 (commit) via 7fabe2567d0bd12fe3ade1d00b94b6c403fe79b5 (commit) via 01318fb27a1aa9e5fed0d4dd882a123ab568ac37 (commit) via a51a60066b6703fc4e5db3536903abf1cdaca885 (commit) via 61f071de92a7011c70f72dc31fef4430ffb1515a (commit) via 7dd32b56a65574db95f4a0e136f54bd73862c59f (commit) via e6f6e61da46f02bb2676c705974adc26bdfa2623 (commit) via 79151db6eae234a1f9e5131b7776689a4f03a0ef (commit) via c51c3339f35e3bd921080d2e226e2422fc23e1e6 (commit) from f67b6fd97e177a527e896861f337c2e70541f697 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 2d98ad57f56ddd4318bc721929a3ca9ede189a25 Author: Michael Adam [EMAIL PROTECTED] Date: Fri Aug 1 17:13:42 2008 +0200 libnet dssync: start memory allocation cleanup: use tmp ctx in libnet_dssync(). Don't leak temporary data to callers but use a temporary context that is freed at the end. Michael commit 635baf6b7d2a1822ceb48aa4bc47569ef19d51cc Author: Michael Adam [EMAIL PROTECTED] Date: Fri Aug 1 17:10:59 2008 +0200 libnet dssync: fix memory allocation for error/result messages. Use the libnet_dssync_context as a talloc context for the result_message and error_message string members. Using the passed in mem_ctx makes the implicit assumption that mem_ctx is at least as long-lived as the libnet_dssync_context, which is wrong. Michael commit 1072bd9f96ff3853e5ff58239123fc8c76a99063 Author: Michael Adam [EMAIL PROTECTED] Date: Fri Aug 1 17:09:08 2008 +0200 dssync keytab: add comment header explaining add_to_keytab_entries(). Michael commit 9391aec8d4600c685b14d3cd1624f8758f2cc80d Author: Michael Adam [EMAIL PROTECTED] Date: Fri Aug 1 14:26:46 2008 +0200 libnet dssync: add my C after dssync keytab changes. Michael commit 21385e1c635ea67215eb1da90e7dca97ae2f5d56 Author: Michael Adam [EMAIL PROTECTED] Date: Fri Aug 1 00:12:18 2008 +0200 vampire keytab: add command line switch
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-203-g6d640ee
The branch, v4-0-test has been updated
via 6d640ee4b84c72f6c2da0ee047c9bac916bf3e57 (commit)
via 3bd7e68a5cfe80733782367e327b570d04b21586 (commit)
from 3817d653faecb70bfafb850fe7d6e83aaed7e6d1 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit 6d640ee4b84c72f6c2da0ee047c9bac916bf3e57
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 17:22:54 2008 +0200
auth_server: set the workstation name
metze
commit 3bd7e68a5cfe80733782367e327b570d04b21586
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 17:21:57 2008 +0200
heimdal: add missing file heimdal/lib/gssapi/mech/gss_pseudo_random.c
metze
---
Summary of changes:
source/auth/ntlm/auth_server.c |4 ++
...ss_add_oid_set_member.c = gss_pseudo_random.c} | 52 ++-
2 files changed, 31 insertions(+), 25 deletions(-)
copy source/heimdal/lib/gssapi/mech/{gss_add_oid_set_member.c =
gss_pseudo_random.c} (66%)
Changeset truncated at 500 lines:
diff --git a/source/auth/ntlm/auth_server.c b/source/auth/ntlm/auth_server.c
index 42606c1..bb8773e 100644
--- a/source/auth/ntlm/auth_server.c
+++ b/source/auth/ntlm/auth_server.c
@@ -71,6 +71,10 @@ static NTSTATUS server_get_challenge(struct
auth_method_context *ctx, TALLOC_CTX
/* We don't want to get as far as the session setup */
io.in.credentials = cli_credentials_init_anon(mem_ctx);
+ cli_credentials_set_workstation(io.in.credentials,
+ lp_netbios_name(ctx-auth_ctx-lp_ctx),
+ CRED_SPECIFIED);
+
io.in.service = NULL;
io.in.workgroup = ; /* only used with SPNEGO, disabled above */
diff --git a/source/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
b/source/heimdal/lib/gssapi/mech/gss_pseudo_random.c
similarity index 66%
copy from source/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
copy to source/heimdal/lib/gssapi/mech/gss_pseudo_random.c
index d89adbf..ba027cb 100644
--- a/source/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
+++ b/source/heimdal/lib/gssapi/mech/gss_pseudo_random.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -31,37 +31,39 @@
* SUCH DAMAGE.
*/
+/* $Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $ */
+
#include mech_locl.h
-RCSID($Id: gss_add_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $);
+RCSID($Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $);
OM_uint32 GSSAPI_LIB_FUNCTION
-gss_add_oid_set_member (OM_uint32 * minor_status,
- const gss_OID member_oid,
- gss_OID_set * oid_set)
+gss_pseudo_random(OM_uint32 *minor_status,
+ gss_ctx_id_t context,
+ int prf_key,
+ const gss_buffer_t prf_in,
+ ssize_t desired_output_len,
+ gss_buffer_t prf_out)
{
-gss_OID tmp;
-size_t n;
-OM_uint32 res;
-int present;
+struct _gss_context *ctx = (struct _gss_context *) context;
+gssapi_mech_interface m = ctx-gc_mech;
+OM_uint32 major_status;
-res = gss_test_oid_set_member(minor_status, member_oid, *oid_set,
present);
-if (res != GSS_S_COMPLETE)
- return res;
+_mg_buffer_zero(prf_out);
+*minor_status = 0;
-if (present) {
+if (ctx == NULL) {
*minor_status = 0;
- return GSS_S_COMPLETE;
+ return GSS_S_NO_CONTEXT;
}
-n = (*oid_set)-count + 1;
-tmp = realloc ((*oid_set)-elements, n * sizeof(gss_OID_desc));
-if (tmp == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
-}
-(*oid_set)-elements = tmp;
-(*oid_set)-count = n;
-(*oid_set)-elements[n-1] = *member_oid;
-*minor_status = 0;
-return GSS_S_COMPLETE;
+if (m-gm_pseudo_random == NULL)
+ return GSS_S_UNAVAILABLE;
+
+major_status = (*m-gm_pseudo_random)(minor_status, ctx-gc_ctx,
+ prf_key, prf_in, desired_output_len,
+ prf_out);
+if (major_status != GSS_S_COMPLETE)
+ _gss_mg_error(m, major_status, *minor_status);
+
+return major_status;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-204-gb395cd7
The branch, v4-0-test has been updated
via b395cd7acdb3ca5b25368fbbad0606efe4699d04 (commit)
from 6d640ee4b84c72f6c2da0ee047c9bac916bf3e57 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit b395cd7acdb3ca5b25368fbbad0606efe4699d04
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 17:49:07 2008 +0200
heimdal: add missing files
metze
---
Summary of changes:
.../lib/roken/{freeaddrinfo.c = cloexec.c}| 33 +++-
source/heimdal/lib/roken/{h_errno.c = xfree.c}| 16 ++---
2 files changed, 29 insertions(+), 20 deletions(-)
copy source/heimdal/lib/roken/{freeaddrinfo.c = cloexec.c} (82%)
copy source/heimdal/lib/roken/{h_errno.c = xfree.c} (90%)
Changeset truncated at 500 lines:
diff --git a/source/heimdal/lib/roken/freeaddrinfo.c
b/source/heimdal/lib/roken/cloexec.c
similarity index 82%
copy from source/heimdal/lib/roken/freeaddrinfo.c
copy to source/heimdal/lib/roken/cloexec.c
index 71b5abb..6308daa 100644
--- a/source/heimdal/lib/roken/freeaddrinfo.c
+++ b/source/heimdal/lib/roken/cloexec.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,25 +33,28 @@
#ifdef HAVE_CONFIG_H
#include config.h
-RCSID($Id: freeaddrinfo.c 14773 2005-04-12 11:29:18Z lha $);
+RCSID($Id$);
#endif
-#include roken.h
+#include unistd.h
+#include fcntl.h
-/*
- * free the list of `struct addrinfo' starting at `ai'
- */
+#include roken.h
void ROKEN_LIB_FUNCTION
-freeaddrinfo(struct addrinfo *ai)
+rk_cloexec(int fd)
{
-struct addrinfo *tofree;
+int ret;
-while(ai != NULL) {
- free (ai-ai_canonname);
- free (ai-ai_addr);
- tofree = ai;
- ai = ai-ai_next;
- free (tofree);
-}
+ret = fcntl(fd, F_GETFD);
+if (ret == -1)
+ return;
+if (fcntl(fd, F_SETFD, ret | FD_CLOEXEC) == -1)
+return;
+}
+
+void ROKEN_LIB_FUNCTION
+rk_cloexec_file(FILE *f)
+{
+rk_cloexec(fileno(f));
}
diff --git a/source/heimdal/lib/roken/h_errno.c
b/source/heimdal/lib/roken/xfree.c
similarity index 90%
copy from source/heimdal/lib/roken/h_errno.c
copy to source/heimdal/lib/roken/xfree.c
index 11dcb08..7bc21af 100644
--- a/source/heimdal/lib/roken/h_errno.c
+++ b/source/heimdal/lib/roken/xfree.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,9 +33,15 @@
#ifdef HAVE_CONFIG_H
#include config.h
-RCSID($Id: h_errno.c 10442 2001-08-08 03:47:23Z assar $);
+RCSID($Id$);
#endif
-#ifndef HAVE_H_ERRNO
-int h_errno = -17; /* Some magic number */
-#endif
+#include unistd.h
+
+#include roken.h
+
+void ROKEN_LIB_FUNCTION
+rk_xfree (void *buf)
+{
+free(buf);
+}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-210-g10db07c
The branch, v4-0-test has been updated
via 10db07c69addce6e90851fb55738d5f9e142946b (commit)
via 6ec3887aee9bbb9c182ab966d37212edeaa16b5a (commit)
via 49e01d00bded74190c8e3049ac5883fe211e86fd (commit)
via 694f5124a523538117bf5d35be1a2d4f275ad0c2 (commit)
via f19d2182b802a49449cbb9e4e6334f223ceb284d (commit)
via 16147753adcdbdc0ee9faa16fafb1c74240a6858 (commit)
from b395cd7acdb3ca5b25368fbbad0606efe4699d04 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit 10db07c69addce6e90851fb55738d5f9e142946b
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 17:24:24 2008 +0200
kdc: use mostly only public kerberos headers
We shoule avoid using the private heimdal function
_krb5_principalname2krb5_principal()
metze
commit 6ec3887aee9bbb9c182ab966d37212edeaa16b5a
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 16:59:40 2008 +0200
auth/kerberos: we don't need to include heimdal private headers
metze
commit 49e01d00bded74190c8e3049ac5883fe211e86fd
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 16:58:01 2008 +0200
gensec_gssapi: include gssapi/gssapi.h
metze
commit 694f5124a523538117bf5d35be1a2d4f275ad0c2
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 16:57:00 2008 +0200
heimdal_build: we should only use PRIVATE_DEPENDENCIES
metze
commit f19d2182b802a49449cbb9e4e6334f223ceb284d
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 16:53:52 2008 +0200
build: autogenerate heimdal basics
metze
commit 16147753adcdbdc0ee9faa16fafb1c74240a6858
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 16:52:12 2008 +0200
build: autogenarate VPATH by configure
metze
---
Summary of changes:
source/Makefile |4 +--
source/auth/gensec/gensec_gssapi.c |2 +-
source/auth/kerberos/krb5_init_context.c |2 -
source/build/m4/env.m4 |3 ++
source/heimdal_build/asn1_deps.pl|1 +
source/heimdal_build/et_deps.pl |1 +
source/heimdal_build/internal.m4 |4 +++
source/heimdal_build/internal.mk | 31 -
source/heimdal_build/krb5/windc_plugin.h |1 +
source/kdc/config.mk |6 ++--
source/kdc/kdc.h |6 ++--
source/kdc/kpasswdd.c|6 +++-
source/main.mk |1 -
source/static_deps.mk| 27 +-
14 files changed, 32 insertions(+), 63 deletions(-)
create mode 100644 source/heimdal_build/krb5/windc_plugin.h
Changeset truncated at 500 lines:
diff --git a/source/Makefile b/source/Makefile
index fba06cc..b0aa009 100644
--- a/source/Makefile
+++ b/source/Makefile
@@ -10,8 +10,6 @@ include mkconfig.mk
pidldir := $(srcdir)/pidl
-VPATH =
$(builddir):$(srcdir):$(srcdir)/heimdal_build:$(heimdalsrcdir)/lib/asn1:$(heimdalsrcdir)/lib/krb5:$(heimdalsrcdir)/lib/gssapi:$(heimdalsrcdir)/lib/hdb:$(heimdalsrcdir)/lib/roken:$(heimdalsrcdir)/lib/des
-
BASEDIR = $(prefix)
TORTUREDIR = $(libdir)/torture
SWATDIR = $(datadir)/swat
@@ -138,7 +136,7 @@ libraries:: $(STATIC_LIBS) $(SHARED_LIBS)
modules:: $(PLUGINS)
headers:: $(PUBLIC_HEADERS) $(DEFAULT_HEADERS)
manpages:: $(MANPAGES)
-all:: showflags $(ALL_PREDEP) bin/asn1_compile bin/compile_et binaries modules
pythonmods libraries headers
+all:: showflags $(ALL_PREDEP) binaries modules pythonmods libraries headers
everything:: all
LD_LIBPATH_OVERRIDE = $(LIB_PATH_VAR)=$(builddir)/bin/shared
diff --git a/source/auth/gensec/gensec_gssapi.c
b/source/auth/gensec/gensec_gssapi.c
index 205d8a0..bb44c75 100644
--- a/source/auth/gensec/gensec_gssapi.c
+++ b/source/auth/gensec/gensec_gssapi.c
@@ -24,7 +24,6 @@
#include includes.h
#include lib/events/events.h
#include system/kerberos.h
-#include heimdal/lib/gssapi/gssapi/gssapi.h
#include auth/kerberos/kerberos.h
#include librpc/gen_ndr/krb5pac.h
#include auth/auth.h
@@ -37,6 +36,7 @@
#include auth/gensec/gensec_proto.h
#include param/param.h
#include auth/session_proto.h
+#include gssapi/gssapi.h
enum gensec_gssapi_sasl_state
{
diff --git a/source/auth/kerberos/krb5_init_context.c
b/source/auth/kerberos/krb5_init_context.c
index 02d8cd0..82e42a4 100644
--- a/source/auth/kerberos/krb5_init_context.c
+++ b/source/auth/kerberos/krb5_init_context.c
@@ -22,13 +22,11 @@
#include includes.h
#include system/kerberos.h
-#include heimdal/lib/krb5/krb5_locl.h
#include auth/kerberos/kerberos.h
#include lib/socket/socket.h
#include lib/stream/packet.h
#include system/network.h
#include lib/events/events.h
-#include roken.h
#include param/param.h
#include libcli/resolve/resolve.h
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-213-gc87a8ba
The branch, v4-0-test has been updated
via c87a8ba1fef1ba508ad6527d0bae4bcdd5b3cb69 (commit)
via a461118f3b668779f907c4d77cebe1e76fa4e39f (commit)
via 20d40e31942f96ca9d077e57c6dd4c1d38f79b4b (commit)
from 10db07c69addce6e90851fb55738d5f9e142946b (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit c87a8ba1fef1ba508ad6527d0bae4bcdd5b3cb69
Merge: a461118f3b668779f907c4d77cebe1e76fa4e39f
10db07c69addce6e90851fb55738d5f9e142946b
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Fri Aug 1 20:17:56 2008 +0200
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
commit a461118f3b668779f907c4d77cebe1e76fa4e39f
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Fri Aug 1 20:17:29 2008 +0200
Fix some forgotten substitute variables in provision, add check to prevent
this sort of regression in the future.
commit 20d40e31942f96ca9d077e57c6dd4c1d38f79b4b
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Wed Jul 30 13:29:29 2008 +0200
Be more pythonic.
---
Summary of changes:
source/scripting/bin/mymachinepw | 12 +---
source/scripting/python/samba/provision.py |2 ++
2 files changed, 7 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/scripting/bin/mymachinepw b/source/scripting/bin/mymachinepw
index 49a4245..3a843b5 100755
--- a/source/scripting/bin/mymachinepw
+++ b/source/scripting/bin/mymachinepw
@@ -40,8 +40,7 @@ if not loaded:
path=conf.get(private dir) + /secrets.ldb
netbios=conf.get(netbios name)
-secrets = ldb.Ldb()
-secrets.connect(path)
+secrets = ldb.Ldb(path)
search = ((objectclass=primaryDomain)(samaccountname= + \
netbios + $))
@@ -49,13 +48,12 @@ search = ((objectclass=primaryDomain)(samaccountname= + \
msg = secrets.search(expression=search, attrs=['secret'])
if not msg:
-error = Error:\n
-error += Password for host[ + netbios + ] not found in path[ + path +
].\n
-error += You may want to pass the smb.conf location via the -s option.
-print error
+print Error:
+print Password for host[%s] not found in path[%s]. % (netbios, path)
+print You may want to pass the smb.conf location via the -s option.
exit(1)
-password=msg[0]['secret'][0];
+password=msg[0]['secret'][0]
print(password)
exit(0)
diff --git a/source/scripting/python/samba/provision.py
b/source/scripting/python/samba/provision.py
index 441d662..6b1fd33 100644
--- a/source/scripting/python/samba/provision.py
+++ b/source/scripting/python/samba/provision.py
@@ -1435,6 +1435,7 @@ def load_schema(setup_path, samdb, schemadn, netbiosname,
configdn, sitename):
schema_data = open(setup_path(schema.ldif), 'r').read()
schema_data += open(setup_path(schema_samba4.ldif), 'r').read()
schema_data = substitute_var(schema_data, {SCHEMADN: schemadn})
+check_all_substituted(schema_data)
prefixmap = open(setup_path(prefixMap.txt), 'r').read()
prefixmap = b64encode(prefixmap)
@@ -1446,5 +1447,6 @@ def load_schema(setup_path, samdb, schemadn, netbiosname,
configdn, sitename):
DEFAULTSITE:sitename,
PREFIXMAP_B64:prefixmap
})
+check_all_substituted(head_data)
samdb.attach_schema_from_ldif(head_data, schema_data)
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-215-gcbac27e
The branch, v4-0-test has been updated via cbac27e6faa99ebaa3e6d653017c968db836560a (commit) via 783412ecb27d646b171993da0ac2f11a821901d3 (commit) from c87a8ba1fef1ba508ad6527d0bae4bcdd5b3cb69 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit cbac27e6faa99ebaa3e6d653017c968db836560a Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Fri Aug 1 20:47:22 2008 +0200 Move domain DN determination out of newuser function. commit 783412ecb27d646b171993da0ac2f11a821901d3 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Fri Aug 1 20:47:03 2008 +0200 Actually fix missing substitution variables. --- Summary of changes: source/scripting/python/samba/provision.py | 14 ++ source/scripting/python/samba/samdb.py | 15 +-- 2 files changed, 19 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source/scripting/python/samba/provision.py b/source/scripting/python/samba/provision.py index 6b1fd33..6dd9f3b 100644 --- a/source/scripting/python/samba/provision.py +++ b/source/scripting/python/samba/provision.py @@ -739,7 +739,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, samdb.set_invocation_id(invocationid) load_schema(setup_path, samdb, names.schemadn, names.netbiosname, -names.configdn, names.sitename) +names.configdn, names.sitename, names.serverdn, +names.hostname) samdb.transaction_start() @@ -1423,7 +1424,8 @@ def create_krb5_conf(path, setup_path, dnsdomain, hostname, realm): }) -def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename): +def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename, +serverdn, servername): Load schema for the SamDB. :param samdb: Load a schema into a SamDB. @@ -1431,6 +1433,8 @@ def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename): :param schemadn: DN of the schema :param netbiosname: NetBIOS name of the host. :param configdn: DN of the configuration +:param serverdn: DN of the server +:param servername: Host name of the server schema_data = open(setup_path(schema.ldif), 'r').read() schema_data += open(setup_path(schema_samba4.ldif), 'r').read() @@ -1444,8 +1448,10 @@ def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename): SCHEMADN: schemadn, NETBIOSNAME: netbiosname, CONFIGDN: configdn, -DEFAULTSITE:sitename, -PREFIXMAP_B64:prefixmap +DEFAULTSITE: sitename, +PREFIXMAP_B64: prefixmap, +SERVERDN: serverdn, +SERVERNAME: servername, }) check_all_substituted(head_data) samdb.attach_schema_from_ldif(head_data, schema_data) diff --git a/source/scripting/python/samba/samdb.py b/source/scripting/python/samba/samdb.py index c47cf4a..c7d93d6 100644 --- a/source/scripting/python/samba/samdb.py +++ b/source/scripting/python/samba/samdb.py @@ -86,6 +86,14 @@ userAccountControl: %u % (user_dn, userAccountControl) self.modify_ldif(mod) +def domain_dn(self): +# find the DNs for the domain and the domain users group +res = self.search(, scope=ldb.SCOPE_BASE, + expression=(defaultNamingContext=*), + attrs=[defaultNamingContext]) +assert(len(res) == 1 and res[0][defaultNamingContext] is not None) +return res[0][defaultNamingContext][0] + def newuser(self, username, unixname, password): add a new user record. @@ -96,12 +104,7 @@ userAccountControl: %u # connect to the sam self.transaction_start() -# find the DNs for the domain and the domain users group -res = self.search(, scope=ldb.SCOPE_BASE, - expression=(defaultNamingContext=*), - attrs=[defaultNamingContext]) -assert(len(res) == 1 and res[0][defaultNamingContext] is not None) -domain_dn = res[0][defaultNamingContext][0] +domain_dn = self.domain_dn() assert(domain_dn is not None) user_dn = CN=%s,CN=Users,%s % (username, domain_dn) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-222-g66b76b0
The branch, v4-0-test has been updated
via 66b76b018d6048cec63a75b24ec4c099f6a2eb8c (commit)
via cffed8e19e22a1fa7b7a322b153df5d54e4c3be2 (commit)
via ed0fc19ac6a1194e6fd9a6534cbf7453fa870066 (commit)
via b9727d612bd2e9cf67ca2d4a9c60dc13d4bed5be (commit)
via 9e8b95dc8d577ea33504f0fb463d4648393e045b (commit)
via 9138fc6639fae7a5567c395254277199c89b0dcb (commit)
via 495d068df55a94d48f2a4d2e7f2060fb42f66dbd (commit)
from cbac27e6faa99ebaa3e6d653017c968db836560a (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit 66b76b018d6048cec63a75b24ec4c099f6a2eb8c
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 18:15:11 2008 +0200
heimdal: add experimental --enable-external-heimdal
This should only be used for testing and when you're
absolutly sure the installed heimdal libraries
support the features we need.
(E.g. heimdal-1.2 or lower should NOT work)
metze
commit cffed8e19e22a1fa7b7a322b153df5d54e4c3be2
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 19:30:16 2008 +0200
libreplace: include krb5.h and com_err.h and no heimdal specific headers
metze
commit ed0fc19ac6a1194e6fd9a6534cbf7453fa870066
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 19:29:08 2008 +0200
auth/kerberos: remove dependencies to internal heimdal
metze
commit b9727d612bd2e9cf67ca2d4a9c60dc13d4bed5be
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 19:24:09 2008 +0200
heimdal_build/internal: add some useful defines
metze
commit 9e8b95dc8d577ea33504f0fb463d4648393e045b
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 20:27:38 2008 +0200
heimdal: fix dependency
metze
commit 9138fc6639fae7a5567c395254277199c89b0dcb
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 19:23:29 2008 +0200
lib/crypto: remove dependency to internal heimdal
metze
commit 495d068df55a94d48f2a4d2e7f2060fb42f66dbd
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Fri Aug 1 20:15:52 2008 +0200
build: remove warning about missing generated include file
metze
---
Summary of changes:
source/auth/kerberos/kerberos.c |1 -
source/auth/kerberos/krb5_init_context.h |2 +-
source/configure.ac |2 +-
source/heimdal_build/config.m4 | 23 +
source/heimdal_build/external.m4 | 54 ++
source/heimdal_build/internal.m4 |6 +++
source/heimdal_build/internal.mk |1 +
source/kdc/kpasswdd.c| 13 ++-
source/lib/crypto/sha256.c | 23 +++-
source/lib/replace/system/kerberos.h |5 ++-
source/librpc/config.mk |2 +-
11 files changed, 122 insertions(+), 10 deletions(-)
create mode 100644 source/heimdal_build/config.m4
create mode 100644 source/heimdal_build/external.m4
Changeset truncated at 500 lines:
diff --git a/source/auth/kerberos/kerberos.c b/source/auth/kerberos/kerberos.c
index b3b0b20..2579ab2 100644
--- a/source/auth/kerberos/kerberos.c
+++ b/source/auth/kerberos/kerberos.c
@@ -23,7 +23,6 @@
#include includes.h
#include system/kerberos.h
-#include roken.h
#ifdef HAVE_KRB5
diff --git a/source/auth/kerberos/krb5_init_context.h
b/source/auth/kerberos/krb5_init_context.h
index 815e9a6..162a19a 100644
--- a/source/auth/kerberos/krb5_init_context.h
+++ b/source/auth/kerberos/krb5_init_context.h
@@ -18,7 +18,7 @@
*/
struct smb_krb5_context {
- struct krb5_context_data *krb5_context;
+ krb5_context krb5_context;
krb5_log_facility *logf;
};
diff --git a/source/configure.ac b/source/configure.ac
index 7f4b4d0..29db34e 100644
--- a/source/configure.ac
+++ b/source/configure.ac
@@ -13,7 +13,7 @@ AC_DEFINE(CONFIG_H_IS_FROM_SAMBA,1,[Marker for samba's
config.h])
m4_include(build/m4/env.m4)
m4_include(lib/replace/samba.m4)
m4_include(lib/smbreadline/readline.m4)
-m4_include(heimdal_build/internal.m4)
+m4_include(heimdal_build/config.m4)
m4_include(lib/util/fault.m4)
m4_include(lib/util/signal.m4)
m4_include(lib/util/util.m4)
diff --git a/source/heimdal_build/config.m4 b/source/heimdal_build/config.m4
new file mode 100644
index 000..99aed8c
--- /dev/null
+++ b/source/heimdal_build/config.m4
@@ -0,0 +1,23 @@
+
+external_heimdal=no
+AC_MSG_CHECKING([Whether to use external heimdal libraries])
+AC_ARG_ENABLE(external-heimdal,
+[ --enable-external-heimdal Enable external heimdal libraries
(experimental,default=no)],
+[ external_heimdal=$enableval ],
+[ external_heimdal=no ])
+AC_MSG_RESULT($external_heimdal)
+
+if test x$external_heimdal = xyes; then
+
+# external_heimdal_start
+m4_include(heimdal_build/external.m4)
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3530-g08e97bd
The branch, v3-3-test has been updated
via 08e97bd369ebe3ab1fd92433b168585faea92c68 (commit)
via 37bd2815c70176046bbe023b9f59dfa159c4 (commit)
from 2d98ad57f56ddd4318bc721929a3ca9ede189a25 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -
commit 08e97bd369ebe3ab1fd92433b168585faea92c68
Author: Volker Lendecke [EMAIL PROTECTED]
Date: Fri Aug 1 16:05:49 2008 +0200
cli_request_new() already gave use the req, remove a pointless function call
commit 37bd2815c70176046bbe023b9f59dfa159c4
Author: Volker Lendecke [EMAIL PROTECTED]
Date: Fri Aug 1 15:29:06 2008 +0200
Fix a typo
---
Summary of changes:
source/libsmb/clifile.c | 10 +-
source/libsmb/clireadwrite.c |2 --
2 files changed, 5 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/libsmb/clifile.c b/source/libsmb/clifile.c
index 12c427a..12b10ba 100644
--- a/source/libsmb/clifile.c
+++ b/source/libsmb/clifile.c
@@ -715,10 +715,10 @@ int cli_nt_delete_on_close(struct cli_state *cli, int
fnum, bool flag)
/
int cli_nt_create_full(struct cli_state *cli, const char *fname,
-uint32 CreatFlags, uint32 DesiredAccess,
-uint32 FileAttributes, uint32 ShareAccess,
-uint32 CreateDisposition, uint32 CreateOptions,
-uint8 SecuityFlags)
+ uint32 CreatFlags, uint32 DesiredAccess,
+ uint32 FileAttributes, uint32 ShareAccess,
+ uint32 CreateDisposition, uint32 CreateOptions,
+ uint8 SecurityFlags)
{
char *p;
int len;
@@ -744,7 +744,7 @@ int cli_nt_create_full(struct cli_state *cli, const char
*fname,
SIVAL(cli-outbuf,smb_ntcreate_CreateDisposition, CreateDisposition);
SIVAL(cli-outbuf,smb_ntcreate_CreateOptions, CreateOptions);
SIVAL(cli-outbuf,smb_ntcreate_ImpersonationLevel, 0x02);
- SCVAL(cli-outbuf,smb_ntcreate_SecurityFlags, SecuityFlags);
+ SCVAL(cli-outbuf,smb_ntcreate_SecurityFlags, SecurityFlags);
p = smb_buf(cli-outbuf);
/* this alignment and termination is critical for netapp filers. Don't
change */
diff --git a/source/libsmb/clireadwrite.c b/source/libsmb/clireadwrite.c
index 057e647..a57f1e0 100644
--- a/source/libsmb/clireadwrite.c
+++ b/source/libsmb/clireadwrite.c
@@ -62,8 +62,6 @@ struct async_req *cli_read_andx_send(TALLOC_CTX *mem_ctx,
return NULL;
}
- req = cli_request_get(result);
-
req-data.read.ofs = offset;
req-data.read.size = size;
req-data.read.received = 0;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-225-g8e201ec
The branch, v4-0-test has been updated
via 8e201ecf3e86c3c8865c7276fad8dad07106efaf (commit)
via be75b2a36ee49f66ada3ec3ababa82d74085d559 (commit)
via 2a39aae0cef310a79427feb1b85f6794ea36849a (commit)
from 66b76b018d6048cec63a75b24ec4c099f6a2eb8c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit 8e201ecf3e86c3c8865c7276fad8dad07106efaf
Merge: be75b2a36ee49f66ada3ec3ababa82d74085d559
66b76b018d6048cec63a75b24ec4c099f6a2eb8c
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Fri Aug 1 21:36:49 2008 +0200
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
commit be75b2a36ee49f66ada3ec3ababa82d74085d559
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Fri Aug 1 21:12:37 2008 +0200
Add helper object Hostconfig to make it easier to get to e.g. the
SAM database.
commit 2a39aae0cef310a79427feb1b85f6794ea36849a
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Fri Aug 1 21:00:09 2008 +0200
Use new style python classes.
---
Summary of changes:
source/scripting/python/samba/getopt.py|4
.../{examples/netbios.py = samba/hostconfig.py} | 19 ---
source/scripting/python/samba/provision.py |8 +---
source/scripting/python/samba/samba3.py| 14 --
source/scripting/python/samba/samr.py |8 +++-
source/scripting/python/samba/tests/dcerpc/bare.py |1 +
.../python/samba/tests/dcerpc/registry.py |1 +
.../scripting/python/samba/tests/dcerpc/rpcecho.py |2 ++
source/scripting/python/samba/tests/provision.py |2 +-
source/scripting/python/samba/tests/samba3.py |1 +
source/scripting/python/subunit/__init__.py|2 +-
source/setup/newuser |5 ++---
12 files changed, 45 insertions(+), 22 deletions(-)
copy source/scripting/python/{examples/netbios.py = samba/hostconfig.py} (64%)
Changeset truncated at 500 lines:
diff --git a/source/scripting/python/samba/getopt.py
b/source/scripting/python/samba/getopt.py
index 9ecb66e..c12245f 100644
--- a/source/scripting/python/samba/getopt.py
+++ b/source/scripting/python/samba/getopt.py
@@ -21,6 +21,7 @@
import optparse
from credentials import Credentials, AUTO_USE_KERBEROS, DONT_USE_KERBEROS,
MUST_USE_KERBEROS
+from hostconfig import Hostconfig
__docformat__ = restructuredText
@@ -52,6 +53,9 @@ class SambaOptions(optparse.OptionGroup):
lp.load_default()
return lp
+def get_hostconfig(self):
+return Hostconfig(self.get_loadparm())
+
class VersionOptions(optparse.OptionGroup):
Command line option for printing Samba version.
diff --git a/source/scripting/python/examples/netbios.py
b/source/scripting/python/samba/hostconfig.py
similarity index 64%
copy from source/scripting/python/examples/netbios.py
copy to source/scripting/python/samba/hostconfig.py
index 3671076..313e342 100644
--- a/source/scripting/python/examples/netbios.py
+++ b/source/scripting/python/samba/hostconfig.py
@@ -17,12 +17,17 @@
# along with this program. If not, see http://www.gnu.org/licenses/.
#
-from samba.netbios import Node
+from samdb import SamDB
-n = Node()
-(reply_from, names, addresses) = n.query_name(GANIEDA, 192.168.4.0,
- timeout=4)
+class Hostconfig(object):
+Aggregate object that contains all information about the configuration
+of a Samba host.
+
+def __init__(self, lp):
+self.lp = lp
+
+def get_samdb(self, session_info, credentials):
+return SamDB(url=self.lp.get(sam database),
+ session_info=session_info, credentials=credentials,
+ lp=self.lp)
-print Received reply from %s: % (reply_from, )
-print Names: %r % (names, )
-print Addresses: %r % (addresses, )
diff --git a/source/scripting/python/samba/provision.py
b/source/scripting/python/samba/provision.py
index 6dd9f3b..4f7fbfc 100644
--- a/source/scripting/python/samba/provision.py
+++ b/source/scripting/python/samba/provision.py
@@ -53,7 +53,7 @@ class InvalidNetbiosName(Exception):
super(InvalidNetbiosName, self).__init__(The name '%r' is not a valid
NetBIOS name % name)
-class ProvisionPaths:
+class ProvisionPaths(object):
def __init__(self):
self.shareconf = None
self.hklm = None
@@ -77,7 +77,8 @@ class ProvisionPaths:
self.fedoradsinf = None
self.fedoradspartitions = None
-class ProvisionNames:
+
+class ProvisionNames(object):
def __init__(self):
self.rootdn = None
self.domaindn = None
@@ -92,7 +93,8 @@ class ProvisionNames:
self.sitename = None
self.smbconf = None
-class ProvisionResult:
+
+class ProvisionResult(object):
def
Build status as of Sat Aug 2 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-08-01 00:00:25.0 + +++ /home/build/master/cache/broken_results.txt 2008-08-02 00:00:28.0 + @@ -1,4 +1,4 @@ -Build status as of Fri Aug 1 00:00:02 2008 +Build status as of Sat Aug 2 00:00:02 2008 Build counts: Tree Total Broken Panic @@ -7,16 +7,16 @@ ctdb 0 0 0 distcc 1 0 0 ldb 35 34 0 -libreplace 33 12 0 -lorikeet-heimdal 26 21 0 +libreplace 34 11 0 +lorikeet-heimdal 27 21 0 pidl 19 19 0 ppp 12 0 0 rsync35 11 0 samba-docs 0 0 0 samba-gtk6 6 0 -samba_3_2_test 35 22 0 -samba_4_0_test 32 33 0 +samba_3_2_test 35 23 0 +samba_4_0_test 32 29 0 smb-build32 5 0 -talloc 35 7 0 -tdb 35 14 0 +talloc 35 6 0 +tdb 35 13 0
