[Samba] Ldapscripts v1.4 is out
Hello all, And now a small advert ;-) I'm pleased to announce the v 1.4 of the ldapscripts. The ldapscripts are shell scripts provided under the terms of the GPL license. They allow to manage POSIX accounts (users, groups, machines) in an LDAP directory. They can be used on GNU/Linux and FreeBSD (and any other Unix-like ?). They are similar to the smbldap-tools but are written in sh, not in PERL. They only require OpenLDAP client commands (ldapadd, ldapdelete, ldapsearch, ldapmodify, ldapmodrdn, ldappasswd) and make the administrator's work a lot easier avoiding him to configure PERL and each library dependencies (e.g. Net::LDAP). They only manage POSIX accounts ; Samba accounts information is to be added afterwards by Samba commands. The scripts may be used independently - in command lines - or automatically by Samba, to handle POSIX information within accounts before adding Samba information (e.g. during a net vampire). Here is a small example showing how to use the scripts in the smb.conf file : #[...] add machine script = /usr/local/bin/ldapaddmachine '%u' sambamachines add user script = /usr/local/bin/ldapadduser '%u' sambausers add group script = /usr/local/bin/ldapaddgroup '%g' add user to group script = /usr/local/bin/ldapaddusertogroup '%u' '%g' delete user script = /usr/local/bin/ldapdeleteuser '%u' delete group script = /usr/local/bin/ldapdeletegroup '%g' delete user from group script = /usr/local/bin/ldapdeleteuserfromgroup '%u' '%g' set primary group script = /usr/local/bin/ldapsetprimarygroup '%u' '%g' rename user script = /usr/local/bin/ldaprenameuser '%uold' '%unew' #[...] Here is the changelog : 2006/01/05 : ldapscripts 1.4 - More code cleaning !!! Code now clean... (and bug-free ???) - thanks to Madcoder for the help he provided ! - Removed dependency to slappasswd !!! Using ldappasswd instead (included in the standard ldap-client commands) - Added new ldaprenameuser command (uses ldapmodrdn included in the standard ldap-client commands) Add this to Samba 3.0.21's configuration file : rename user script = ldaprenameuser '%uold' '%unew' Warning : renaming an entry (user/group/machine) only involves renaming its RDN ! This means may have to change manually the account's homedir (user) and modify each group to include the new rdn (user/machine) as a memberuid. - Also added useful _ldaprenamegroup and _ldaprenamemachine scripts (not used by Samba) - A user/machine is now searched using its uid (no more use of its cn) - Full command now shown in logs - Modified README - New TODO file - Man pages (section 1 for each script, section 5 for a global ldapscripts manual) You can download them on http://contribs.martymac.com or http://www.sourceforge.net/projects/ldapscripts They are available as .tgz (all platform), .rpm (Mandriva), .deb (1.3 only at the moment), and as a port on FreeBSD (1.3 only at the moment, see /usr/ports/net/ldapscripts and http://www.freshports.org/net/ldapscripts). Any feedback welcome :) Ganaël LAPLANCHE [EMAIL PROTECTED] http://www.martymac.com Tel : (+33)6.84.03.57.24. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Access is denied after connection is apparently successful
On Fri, Jan 06, 2006 at 10:07:41AM +, Chris Green wrote: We have a small home network with Samba running on a Slackware Linux 10.1 system, it's been running happily for several months or even maybe a year or so. It's running Samba version 3.0.4 Recently one of the Win2k clients is getting errors when trying to access Samba shares. The other clients are all still working OK and the same user can access shares from other client machines. Running the command:- net use e: \\server\tmp works, i.e. one gets command completed successfully, however if you try and go to drive E: or access any files there it gives an Access is denied message. Similarly with the GUI an icon appears for drive E: with no red cross but the moment you try and access drive E: a pop-up message says E: Access is Denied. We can't think of anything that has changed on the client machine where the error occurs, can anyone suggest what the problem might be? Was this just a silly question or does no one have any suggestions? -- Chris Green ([EMAIL PROTECTED]) Never ascribe to malice that which can be explained by incompetence. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Saving files with wrong permission
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerard wrote: I am attempting to save files from MS Word into a directory located on a FreeBSD 5.4 machine running Samba. For some reason, the files are always saved with permission 766 rather than 666, which is what I want them saved as. set 'map archive = no'. I expect the 'x' owner bit is set to store the archive DOS attribute bit. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDwBWyIR7qMdg1EfYRAlwbAKCjCYu5KuTlLcfxtjnIseefEu4glwCfWssP oHxbOKA1xnHDMuupSkzOWUM= =Lv6/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Guest username when using security = share
Hi all,
I would like to setup samba to :
allow resource X to all users.
allow homes on auth. only.
When I set security = user, I get from my winXP boxes a login dialog
which enables username password entry.
When I set security = share, browse from winXP the shared directory, and
then try to go to the home directory, the username in the XP dialog is
disabled allowing only Guest to login - how can I change that, so the
user name will be also enabled?
Thanx,
Cheers,
Ron
the global configuration:
[global]
workgroup = WG2
netbios name = ANGELA
server string = angela
security = SHARE
log level = 2
syslog = 0
time server = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = cups
add machine script = /usr/sbin/useradd -c Machine -d
/var/lib/nobody -s /bin/false %m$
domain master = No
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] DHCP and browsing problem
Hi all, I have got some problem with samba and the browsing. I've got a small network with 4-5 computers wich are using windows xp home and pro. There isn't domain, just a workgroup. The samba serves the master browser and wins functions. The problem came forward when the clinents get ip address via dhcp. The situation is the following: the clients are dissapearing slowly from the browse list. I've debugged this: When the windows clients get static ip, they are broadcasting in the network like this: [2006/01/01 00:05:45, 3] nmbd/nmbd_incomingdgrams.c:process_host_announce(116) process_host_announce: from BYTER00 IP 192.168.1.2 to MAGEX1d for server BYTER. When the clinets get the ip addresses via dhcp, then the announce cancelled and about a half hour later the clinets are dissapearing from the brows list. In the log: [2006/01/01 00:01:31, 3] nmbd/nmbd_serverlistdb.c:expire_servers(212) expire_old_servers: Removing timed out server BYTER If somebody know anything about this problem, I'm looking forward to the solution. Thank You. samba verison: 3.0.14a-3sarge -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Usermap from Windows domain to UNIX
Hello! I try to map users from Domain to a unix system with user map. I have joined the Domain with net join. i have a user map file: user (unix) = (user windows) Samba is not local master and wins servers are configured in smb.conf password is encrypted when try to connect getting a error: [2006/01/03 10:47:50, 2, effective(0, 0), real(0, 0)] auth/auth.c:check_ntlm_password(317) check_ntlm_password: Authentication for user [WINUSER] - [UNIX_SAMBAUSER] FAILED with error NT_STATUS_NO_SUCH_USER using samba 3.0.21.0 compiled on AIX 5.3 ML03 With best Regards Mit freundlichen Grüßen Jahan Ketabchy-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Profile trouble
Hi everyone, I'm relatively new to Samba and struggling with the folowing: The system is a W2003 domain with W2K clients and Samba 3.0.14a-3sa on Debian (Debian package) I've made two shares: [homes] comment = Home directory read only = No valid users = %S create mask = 0755 directory mask = 0775 browseable = No [profiles] path = /mnt/sdb1/data/profiles/ browseable = No writeable = yes create mask = 0777 directory mask = 0777 /mnt/sdb1/data/profiles/ is set with all permissions for user 'user' and group 'domusers'. domusers is mapped #net groupmap list|grep Domain Users Domain Users (S-1-5-21-2334634195-46418153-2501264360-513) - -1 Domain Users (S-1-5-21-1657160631-611637488-1835888628-3005) - domusers Domain Users (S-1-5-21-1657160631-611637488-1835888628-513) - -1 In the domain the the account is set to map the homedir to \\linux\user and \\linux\profiles\user As my W2K client logs on it complains about not being able to retrieve the roaming profile stored on the server. It does get it's homeshare though. While logging on it does create a directory 'user' in profiles but it does not fill it. After logging on the \\linux\profiles\user share is mappable and writeable. I'm quite sure I'm missing some basic configuration but I can't figure it out. Many thanks in advance. Tjaco -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] credentials check failed - Samba 3.0.21
I'm getting some strange entries in my logs after upgrading to samba version 3.0.21-1. Also in 3.0.21a-1. The machines connection to my samba pdc are WinXP SP2 and also a 2003 server. For example: [2006/01/03 21:57:28, 0] libsmb/credentials.c:creds_server_check(159) creds_server_check: credentials check failed. [2006/01/03 21:57:28, 0] rpc_server/srv_netlog_nt.c:_net_sam_logon(667) _net_sam_logon: creds_server_step failed. Rejecting auth request from client TERMINATOR machine account TERMINATOR$ But the logon succeeds [2006/01/03 21:57:28, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/terminator.log: Permission denied But the terminator.log file is created ok I use the smbpasswd backend. I have client and server channel set to auto. Does anyone know if this behavior is a problem or a feature. Everything seems to work ok, except for these strange log-entries Hans Otto Lunde Egmont Højskolen Denmark See first part of my smb.conf [global] workgroup = EGMONT server string = Samba %v interfaces = eth0, 192.168.194.0/255.255.255.0 passwd program = /usr/bin/passwd log file = /var/log/samba/%m.log max log size = 0 max mux = 100 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = %G.bat logon path = \\%N\%U\profileXP logon drive = h: domain logons = Yes os level = 65 lm announce = No preferred master = Yes domain master = Yes dns proxy = No wins support = Yes invalid users = bin, daemon, adm, sync, shutdown, halt, mail, news, uucp, operator hosts allow = 192.168.194. printing = bsd print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j [netlogon] comment = Login Scripts path = /home/netlogon browseable = No [homes] comment = Home Directories read only = No create mask = 0600 directory mask = 0700 browseable = No . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind idmap_rid working but still no access to shares
Hi all. My ADS samba member server passes all the tests in SBE chapter 7.3, but users still get asked for their password when they access their home share from a windows box. Please can someone take a look at the attached config and log files (if they get through) and tell me what's wrong? The only thing that seems different in the testing is that the domain part doesn't get returned when I do wbinfo -u and so on. The rest of the testing gets passed with flying colours... Oh, there's a slab of VB in it for any resident in Australia that can solve the problem ;-) Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with ADS on Sun Solaris System
Hi, We are facing problems while configuring SAMBA ADS on Sun Solaris system. After installation and configuration we found that there is no ADS support on the version samba-3.0.21a-1-noads-sunos5.9-sparc.pkg.gz. Do you have any ADS support package for Sun Solaris 9. Kind Regards Venu Gopal Sr. Systems Engineer SSA Global Technologies India (Pvt) Ltd Hyderabad,India Tel : +91 40 23100525 (Extn 1513) mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cant Join Win 2003 AD in Native Mode
We are having trouble configuring Samba 3.021on Solaris 8 to join a Win 2003 ADS in native mode. The error we are getting is : [2006/01/04 10:06:26, 0] utils/net_ads.c:ads_startup(191) ads_connect: Strong(er) authentication required I have read in some older postings this could be due to the fact that Samba did not support signing for LDAP certificates (our Win 2003 server is set up with LDAP Server Siginig = Requires Signing). Is this still the case and if so is there a workaround other than changing the setting. Conversely, if this is no longer the case what else could be causing this error ? E mail Disclaimer You agree that you have read and understood this disclaimer and you agree to be bound by its terms. The information contained in this e-mail and any files transmitted with it (if any) are confidential and intended for the addressee only. If you have received this e-mail in error please notify the originator. This e-mail and any attachments have been scanned for certain viruses prior to sending but CE Electric UK Funding Company nor any of its associated companies from whom this e-mail originates shall be liable for any losses as a result of any viruses being passed on. No warranty of any kind is given in respect of any information contained in this e-mail and you should be aware that it might be incomplete, out of date or incorrect. It is therefore essential that you verify all such information with us before placing any reliance upon it. CE Electric UK Funding Company Lloyds Court 78 Grey Street Newcastle upon Tyne NE1 6AF Registered in England and Wales: Number 3476201 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with MySQL backend.
Hello everyone, again: I have not received any single message from you regarding the changes in 3.0.21 - maybe that's why no one responed? Maybe the message simply did not get through? I asked again in Bugzilla to re-send that message, but I still received no message (but thanks to Volker the code works again). So, what changes are you proposing for 3.0.22 that will render the pdb_mysql module unusable? And why are you introducing such changes into the stable tree, so that every now and then a fix for the modules is important? Please shed a light, I really don't know what's going on at the moment... :-) Can the MySQL bug (#3369) have something to do with the changes you introduced or is this something different that exists longer? Thanks Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SSID subgroups question??
I have Samba as a PDC w/ openLDAP backend. Everything works great. I have a question on how sub-groups work. For instance, my Domain Users group will have a SID of S-1-5-21-2213288279-2770996180-1086272762-513 What if I create a group under that one. Should it be ...-513-something I am wondering how samba will know it is a sub group without a different ID. I am using phpLDAPadmin right now to try and create the tree and it gives me an extra box past the 513 but I am unsure what should go in it. Thank you for your time, Ryan Taylor [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.0.20 usermap script execution
Thanks for your reply Jerry. After reviewing the code, it seems like samba is sending both the unqualified name as well as the fully qualified name to address backwards compatibility. Looking at the release notes from 3.0.8, I see that development decided to only support reading the fully qualified username for consistency with Kerberos. Therefore, user.maps should contain unix login to fully qualified user name mappings only. I believe if the code was changed to only pass the fully qualified username to the username map script, it should not affect any functionality since the user.map is already being forced to be in the fully qualified domain format. Michael Montenegro P.S. canonicalize sounds made up. :^) lib/username.c /*** Map a username from a dos name to a unix name by looking in the username map. Note that this modifies the name in place. This is the main function that should be called *once* on any incoming or new username - in order to canonicalize the name. This is being done to de-couple the case conversions from the user mapping function. Previously, the map_username was being called every time Get_Pwnam was called. Returns True if username was changed, false otherwise. / Samba 3.0.8 release notes: == Change in Username Map == Previous Samba releases would only support reading the fully qualified username (e.g. DOMAIN\user) from the username map when performing a kerberos login from a client. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent behavior sometimes even on the same server. Samba 3.0.8 obeys the following rules when applying the username map functionality: * When performing local authentication, the username map is applied to the login name before attempting to authenticate the connection. * When relying upon a external domain controller for validating authentication requests, smbd will apply the username map to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 04, 2006 3:13 PM To: Montenegro, Michael H (Michael) Cc: 'samba@lists.samba.org' Subject:Re: [Samba] 3.0.20 usermap script execution -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Montenegro, Michael H (Michael) wrote: I have created a mapusers.bash script (listed below) for mapping Active Directory handles to unix logins. This script is currently working as documented. I would like some insight into how and when this script gets called. I assumed that upon establishing each samba connection, after the active directory handle gets authenticated with the domain controller it passes the domain\handle to this script to determine the unix login to use. However, it seems to execute this script multiple times to establish a connection. I have tested this out by clearing the cache using nbtstat -R on the client and running smbstatus -u username and killing the procids then reconnecting. Samba consistently will pass just the active directory handle without the domain first which succeeds because my script will find the correct unix login to map to without the domain. Immediately after, Samba will pass the script the domain\handle which will also succeed. Why is this? grep for map_username() in the samba source tree. Everytime that function get's called, you script will be called assuming smbd is trying to map a new name. Samba has to jump through a lot of hoops when is comes to usernames which is why it frequently tries to lookup the unqualified name as well as the fully qualified version. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDvDpuIR7qMdg1EfYRAsorAJ9jbdCKsGpMvd4XUPIsVtCBy5OYwACgjLlY fuXBc+g9F2UquvQMsHtGz34= =CQZ8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with MySQL backend.
On 1/5/06, Jeremy Allison [EMAIL PROTECTED] wrote: On Wed, Jan 04, 2006 at 07:41:44PM +0100, Florian Effenberger wrote: I use the pdb_mysql module in an environment with about 100 clients and 1.500 users. We have a self-written web interface, and Samba and the web interface are based on the pdb_mysql module. However, I am no programmer, so I need your help. I can test, debug and act as a contact person, however, I need someone supporting me as a developer, as I can't code a single line. :-) Do you see any chance in this? Ok, then you can be the tester for this but we still need a maintainer. I don't have the free time to do the code on this. Is there anyone who depends on this who can maintain the code. Jeremy. Ok, I think it's time to someone say I will maintain this. So I'm saying it :-) I can maintain pdb_*sql code - I depends on pdb_pgsql, but I think it is effective to maintain both mysql and pgsql together. Jeremy, do you think if it will be useful to create samba-sql mail list for these who take interest on samba pdb_*sql modules? Filip Jirsák -- Filip Jirsák [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cant Join Win 2003 AD in Native Mode
We are having trouble configuring Samba 3.021on Solaris 8 ( with MIT KRB5 1.3.6 and Open LDAP 2.2.23) to join a Win 2003 ADS in native mode. The error we are getting is : [2006/01/04 10:06:26, 0] utils/net_ads.c:ads_startup(191) ads_connect: Strong(er) authentication required I have read in some older postings this could be due to the fact that Samba did not support signing for LDAP certificates (our Win 2003 server is set up with LDAP Server Siginig = Requires Signing). Is this still the case and if so is there a workaround other than changing the setting. Conversely, if this is no longer the case what else could be causing this error ? E mail Disclaimer You agree that you have read and understood this disclaimer and you agree to be bound by its terms. The information contained in this e-mail and any files transmitted with it (if any) are confidential and intended for the addressee only. If you have received this e-mail in error please notify the originator. This e-mail and any attachments have been scanned for certain viruses prior to sending but CE Electric UK Funding Company nor any of its associated companies from whom this e-mail originates shall be liable for any losses as a result of any viruses being passed on. No warranty of any kind is given in respect of any information contained in this e-mail and you should be aware that it might be incomplete, out of date or incorrect. It is therefore essential that you verify all such information with us before placing any reliance upon it. CE Electric UK Funding Company Lloyds Court 78 Grey Street Newcastle upon Tyne NE1 6AF Registered in England and Wales: Number 3476201 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with MySQL backend.
On 1/5/06, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: This really boils down to a communication problem. Developers are expected to subscribe to both the samba-cvs and the samba-technical lists. The samba-pdbsql alias is really only intended for use in bugzilla (default owner of pdb_sql component). OK, bugzilla is probably the best place for discussion about several pdb*sql modules problems - it is public, so everyone can find if someone else works on some problem or tested it and so on. In a perfect world, everyone would know what's going on in every aspect of the code tree. But that's doesn't scale very well. It's a big code base. The only realy way to deal with this is to eat our own dogfood. A simple small test server running the SAMBA_3_0 tree (updated every few days or so). That way, when something in the pdb*sql modules break, whether intentionally or not, you will know immediately. At this moment I ca't have two small test servers - one for mysql and another for pgsql. So I can test code for mysql it it can compile and start, but I'm not able to test it for longer time. For pgsql I can do this. It will be great if for example Florian can test pdb_mysql more. Filip, you and I should stay in closer contact. I'll try to remember to ping you when there is any relevant developments that I think you should be aware of. OK, thanks a lot. I will look tomorrow and within weekend on current CVS code and I will try to tidy pdb_sql issues in bugzilla so we will know what is critical, what is already done etc. Cheers, Filip -- Filip Jirsák [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Dual Mode Security
Hi there, Simple question. I currently have security = server mode working for my samba installation on a freebsd unix box where I work. I am wondering if I can use a dual mode of security. For example, I want to be able to authenticate certain samba user shares against the samba password file rather than the Active Directory server that I authenticate against sometimes. Better would be to have samba check the passwords file first, if NO authentication, then proceed onto the Active Directory auth. Can this be done with Samba? Thanks, Rogie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC and windows 2003 server
Hi all, I think that my question has been asked several times but I don't find for the moment any way to resolve my problem. I have a samba server on a redhat EL 3 which is the PDC of my domain, it's my wins server too. In this one, I have 4 Windows 2003 servers, and one of them is my DNS. The others servers are used for Citrix connections. I have several workstations too. All of my machine are in the same domain. I don't use Active Directory nor LDAP. I don't want to use AD because in this case I won't use samba. I can open a session from any workstation, and I can get my scripts profiles from the Samba. My problem is that I can't connect from any Windows 2003 servers, and that with any login I created on the samba. I tried to change some security in the 2003 servers. I created my servers as my workstations in the PDC. Thanks in advance for any help. Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over PVFS: Corrupted Data
On Tue, Dec 20, 2005 at 08:08:24AM -0800, Jeremy Allison wrote: Ok, what you need is to create files locally on the windows client of 512 bytes, 1024 bytes etc. and then just copy them onto the Samba drive. Check what the smallest size is that the first file becomes corrupted. That will show the simplest problem that reproduces the issue. At *that* point then send in logs etc. Without an *exact* method of reproducing this with detailed information on what is going wrong (ie. the last 20 bytes of a 512 byte file get corrupted, but a 256 byte file is fine - here is the comparitive copy) it will be a massive investment of time to track this down, that we currently don't have. You're going to have to do more work on this I'm afraid. OK, I made a bunch of files consisting of the string 123456789abcdef\n where \n is the UNIX newline (ASCII 0xA) and performed the binary search. Files 64KB (=65536 bytes) and higher are corrupted and files under 64KB are fine. In the attached tarball area the results of my tests for two files, one 64KB in length and one 65535B (64K-1B) in length. In more detail: pvfs-detailed-test/log.andy-ibm.64k pvfs-detailed-test/log.andy-ibm.65535 - samba logs with the log level = 10 pvfs-detailed-test/64k-orig.txt pvfs-detailed-test/65535-orig.txt - original files pvfs-detailed-test/64k-share.txt pvfs-detailed-test/65535-share.txt - files as put on the share by our Windows client. The 64k file from the share starts to differ from the original file at offset 0xF000. The file from the share is filled with 0 bytes. pvfs-detailed-test/ethereal-64k pvfs-detailed-test/ethereal-65535 - whole-packet ethereal traces. pvfs-detailed-test/smb.conf - the Samba configuration for this test. The client was accessing the Cluster share. I did these tests with just-released Samba 3.0.21a on a Mandrake 2005LE (10.2) system. Sorry for the delay in getting this extra information -- holidays and such. If there is any more information you need, please let me know! --Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Dual Mode Security
Hi there, Simple question. I currently have security = server mode working for my samba installation on a freebsd unix box where I work. I am wondering if I can use a dual mode of security. For example, I want to be able to authenticate certain samba user shares against the samba password file rather than the Active Directory server that I authenticate against sometimes. Better would be to have samba check the passwords file first, if NO authentication, then proceed onto the Active Directory auth. Can this be done with Samba? Thanks, Rogie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linus Trustees support?
Ups, I wanted to write Linux Trustees support. Linus cannot write every programm... Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SSID subgroups question??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Taylor wrote: I have Samba as a PDC w/ openLDAP backend. Everything works great. I have a question on how sub-groups work. For instance, my Domain Users group will have a SID of S-1-5-21-2213288279-2770996180-1086272762-513 What if I create a group under that one. Should it be ...-513-something I am wondering how samba will know it is a sub group without a different ID. I am using phpLDAPadmin right now to try and create the tree and it gives me an extra box past the 513 but I am unsure what should go in it. Groups don't work like that. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDwHBwIR7qMdg1EfYRApP1AKDkWEDwgxeV/jYVM0qQ1681IXhyggCfSh77 X6RuJ7IrY8FEw4N94HBPhsY= =tQQm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Dual Mode Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
King, Rogie wrote:
Hi there,
Simple question. I currently have security = server mode
working for my samba installation on a freebsd unix box where
I work. I am wondering if I can use a dual mode
of security. For example, I want to be able to authenticate
certain samba user shares against the samba password file
rather than the Active Directory server that I
authenticate against sometimes. Better would be to have
samba check the passwords file first, if NO
authentication, then proceed onto the Active Directory
auth. Can this be done with Samba?
Technically you should be able to set
'auth methods = guest sam_ignoredomain ntdomain'
but you didn't hear that from me. There's a good reason
why we don't generally recommend tweaking the 'auth methods'
option.
Note that I will recommend 'security = {domain,ads}'
over 'security = server' anyday though.
cheers, jerry
=
Alleviating the pain of Windows(tm) --- http://www.samba.org
Centeris --- http://www.centeris.com
There's an anonymous coward in all of us. --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDwHFZIR7qMdg1EfYRAjMLAJ45J7+pInBFETvmc3p6Rch8x9ddhQCcCENp
ym6cH4Nsv05N38TrTAqDVNY=
=ORoX
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with ADS on Sun Solaris System
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Venu Siddamshetty wrote: Hi, We are facing problems while configuring SAMBA ADS on Sun Solaris system. After installation and configuration we found that there is no ADS support on the version samba-3.0.21a-1-noads-sunos5.9-sparc.pkg.gz. Do you have any ADS support package for Sun Solaris 9. Not yet. I keep trying to find time, but have been too busy. Maybe this is the week though :-) cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDwHGbIR7qMdg1EfYRAgGWAKDuu2RAjd0dp9z2vYQX12xbqU2qyACg74xI tfciijFmwEFIMzjwBjnW7ys= =SO/E -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to compile on FreeBSD 5.4 Samba 3.0.20b?
Hi people. I run freebsd 5.4-p8 and want to start working with samba. I normally use the porst to install programs on freebsd. But i read the Makefile and see that we have a lot of arguments to chose and some are default, i want to know wich options i will use on 2 situations i want to test. A) windows 2k AC enviroment -Workgroup. B) Windows 2003 AD -Windows XP clients -DNS -AD On both situations i want to: -I want to share 1 folder on FreeBSD -I want that freebsd machine appear on Microsoft Windows Network Link -I want to access windows share folders from Freebsd machine, is posible...? This are the options i have on freebsd to compile samba: LDAPWith LDAP support on \ ADS With Active Directory support off \ CUPSWith CUPS printing support on \ WINBIND With WinBIND support on \ ACL_SUPPORT With ACL support off \ AIO_SUPPORT With experimental AIO support off \ SYSLOG With Syslog support off \ QUOTAS With Quota support off \ UTMPWith UTMP support on \ MSDFS With MSDFS support off \ SAM_XML With XML smbpasswd backend off \ SAM_MYSQL With MYSQL smbpasswd backend off \ SAM_PGSQL With PostgreSQL smbpasswd backend off \ SAM_OLD_LDAPWith Samba2.x LDAP smbpasswd backend off \ PAM_SMBPASS With SMB PAM module off \ EXP_MODULES With experimental module(s) off \ POPTWith installed POPT library on Here wich options i use for one of each situations i have? Is all my doubt, hope someone could help me with this qustions, thanks. NOTE: I already have cups and mysql!!! Thanks all for your time!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can HOST say HOST-AFS?
Hi, I'm having trouble connecting a Mac (10.4.3) to Windows XP. I can't connect to the PC. The problem apparently is that the PC returns HOSTNAME-AFS as its server name when it should be just HOSTNAME Let's assume that the PC's FQDN is host.foo.bar. When I issue smbutil status host.foo.bar on Mac, it says Server: HOST-AFS I have another PC in my office, say, host2.foo.bat. I can connect to this machine from Mac. This machine returns HOST2 as its server name when I use smbutil on Mac. Now, is returning HOSTNAME-AFS really the cause of the trouble? If so, any way to fix it? Thanks in advance!! Noboru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba]3.0.20b Keep windows local sid when xcopy files to samba server
Hi all, I came into a problem with the following situation. One Windows 2k3 server which joined into a AD, and when I tried to copy some files the owner ship of which contails both domain user/group sid and local user/group sid information, to samba server, only domain sid information could be kept, and the windows local user/group sid info was dropped. I verifyed this by using xcopy /O /K. When I traced the samba log, it complained unknown sid, which was the local sid. And since I configured samba to lookup user and group by the order of passwd and winbind, AD could not retrieve the non-domain sid info which is only available in the member client.This seems to be reasonable. However, I still wish there is some hacks that could help to keep the local sid info when files are copied to samba server. Any clue is welcome. Best Regards Nelson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: samba-vms Digest, Vol 37, Issue 4
[EMAIL PROTECTED] wrote: Message: 4 Date: Sat, 7 Jan 2006 04:12:33 -0200 (EDT) From: Luiz Guilherme Regis Emediato [EMAIL PROTECTED] Subject: Re: NMBD Problem on Samba2.2.8+Multinet and OpenVMS 7.3-1 To: samba-vms@lists.samba.org Message-ID: [EMAIL PROTECTED] Content-Type: TEXT/PLAIN; charset=US-ASCII Okay, I figured that I had to remove the option WINS SERVER, but curiously I have the following error now: $ Set NoOn $ VERIFY = F$VERIFY(F$TRNLNM(SYLOGIN_VERIFY)) $ arch = f$getsyi(ARCH_NAME) $ nmbd :== $samba_root:[bin]nmbd $ opt = f$trnlnm(SAMBA_NMBD_OPTIONS) $!! nmbd -d1 'opt' $ nmbd -d1 -i Netbios nameserver version 2.2.8 started. Copyright Andrew Tridgell and the Samba Team 1994-2002 stm_open: open /samba_root/lib/smb.conf, flags , fd = 3 stm_close: fd = 3 stm_open: open /samba_root/lib/codepages/codepage.850, flags , fd = 3 stm_close: fd = 3 standard input is not a socket, assuming -D option stm_open: open /samba_root/var/locks, flags , fd = -1 stm_open: open /samba_root/var/locks/nmbd.pid, flags 8000, fd = 3 stm_close: fd = 3 ERROR: nmbd is already running. File /samba_root/var/locks/nmbd.pid exists and process id 530 is running. SYSTEM job terminated at JANUARY 7, 2006 03:05 AM What program has started NMBD ? Any ideas ? It's probably left over from before. Just shut down Samba and delete the nmbd.pid file if it remains. -- -- Stephen Eickhoff www.operagost.com Woe to those who call evil good and good evil, who put darkness for light and light for darkness, who put bitter for sweet and sweet for bitter. Isaiah 5:20 -- PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: samba-vms Digest, Vol 37, Issue 4
Hi Stephen, Bingo! I removed the nmbd.pid file, rebooted the system and NMBD is working fine now. Thanks for advising. cheers, Luiz On Sat, 7 Jan 2006, Stephen Eickhoff wrote: [EMAIL PROTECTED] wrote: Message: 4 Date: Sat, 7 Jan 2006 04:12:33 -0200 (EDT) From: Luiz Guilherme Regis Emediato [EMAIL PROTECTED] Subject: Re: NMBD Problem on Samba2.2.8+Multinet and OpenVMS 7.3-1 To: samba-vms@lists.samba.org Message-ID: [EMAIL PROTECTED] Content-Type: TEXT/PLAIN; charset=US-ASCII Okay, I figured that I had to remove the option WINS SERVER, but curiously I have the following error now: $ Set NoOn $ VERIFY = F$VERIFY(F$TRNLNM(SYLOGIN_VERIFY)) $ arch = f$getsyi(ARCH_NAME) $ nmbd :== $samba_root:[bin]nmbd $ opt = f$trnlnm(SAMBA_NMBD_OPTIONS) $!! nmbd -d1 'opt' $ nmbd -d1 -i Netbios nameserver version 2.2.8 started. Copyright Andrew Tridgell and the Samba Team 1994-2002 stm_open: open /samba_root/lib/smb.conf, flags , fd = 3 stm_close: fd = 3 stm_open: open /samba_root/lib/codepages/codepage.850, flags , fd = 3 stm_close: fd = 3 standard input is not a socket, assuming -D option stm_open: open /samba_root/var/locks, flags , fd = -1 stm_open: open /samba_root/var/locks/nmbd.pid, flags 8000, fd = 3 stm_close: fd = 3 ERROR: nmbd is already running. File /samba_root/var/locks/nmbd.pid exists and process id 530 is running. SYSTEM job terminated at JANUARY 7, 2006 03:05 AM What program has started NMBD ? Any ideas ? It's probably left over from before. Just shut down Samba and delete the nmbd.pid file if it remains. -- -- Stephen Eickhoff www.operagost.com Woe to those who call evil good and good evil, who put darkness for light and light for darkness, who put bitter for sweet and sweet for bitter. Isaiah 5:20 -- PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r12754 - in branches/SAMBA_4_0/source/lib: .
Author: metze Date: 2006-01-07 10:28:48 + (Sat, 07 Jan 2006) New Revision: 12754 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12754 Log: - sync TIME_T_MAX calculation from samba3 - but limit TIME_T_MAX to INT32_MAX, otherwise 64 platfroms are broken because gmtime() will fail with INT64_MAX passed in! I'm not sure if that's the best fix for this problem, but it works... Should we port the INT32_MAX limitation to samba3? Comments, please? metze Modified: branches/SAMBA_4_0/source/lib/time.c Changeset: Modified: branches/SAMBA_4_0/source/lib/time.c === --- branches/SAMBA_4_0/source/lib/time.c2006-01-07 00:06:58 UTC (rev 12753) +++ branches/SAMBA_4_0/source/lib/time.c2006-01-07 10:28:48 UTC (rev 12754) @@ -24,25 +24,17 @@ #include system/time.h #ifndef CHAR_BIT -# define CHAR_BIT 8 +#define CHAR_BIT 8 #endif -/* The extra casts work around common compiler bugs. */ -#define _TYPE_SIGNED(t) (! ((t) 0 (t) -1)) -/* The outer cast is needed to work around a bug in Cray C 5.0.3.0. - It is necessary at least when t == time_t. */ -#define _TYPE_MINIMUM(t) ((t) (_TYPE_SIGNED (t) \ - ? ~ (t) 0 (sizeof (t) * CHAR_BIT - 1) : (t) 0)) -#define _TYPE_MAXIMUM(t) ((t) (~ (t) 0 - _TYPE_MINIMUM (t))) - #ifndef TIME_T_MIN -#define TIME_T_MIN 0 +#define TIME_T_MIN ((time_t)0 (time_t) -1 ? (time_t) 0 \ + : ~ (time_t) 0 (sizeof (time_t) * CHAR_BIT - 1)) #endif #ifndef TIME_T_MAX -#define TIME_T_MAX _TYPE_MAXIMUM (time_t) +#define TIME_T_MAX MIN(INT32_MAX,(~ (time_t) 0 - TIME_T_MIN)) #endif - /*** External access to time_t_min and time_t_max. /
svn commit: samba r12755 - in branches/SAMBA_4_0/source/nbt_server/wins: .
Author: metze
Date: 2006-01-07 10:56:55 + (Sat, 07 Jan 2006)
New Revision: 12755
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12755
Log:
check the return value of ldb_timestring(), as this fails,
when gmtime() fails...
metze
Modified:
branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c
Changeset:
Modified: branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c
===
--- branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c 2006-01-07 10:28:48 UTC
(rev 12754)
+++ branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c 2006-01-07 10:56:55 UTC
(rev 12755)
@@ -318,10 +318,14 @@
{
struct ldb_val val;
const char *str;
+ char *expire_time;
+ expire_time = ldb_timestring(msg, addr-expire_time);
+ if (!expire_time) return -1;
str = talloc_asprintf(msg, %s;winsOwner:%s;expireTime:%s;,
addr-address, addr-wins_owner,
- ldb_timestring(msg, addr-expire_time));
+ expire_time);
+ talloc_free(expire_time);
if (!str) return -1;
val.data = discard_const_p(uint8_t, str);
@@ -588,8 +592,9 @@
{
int i, ret=0;
size_t addr_count;
+ const char *expire_time;
struct ldb_message *msg = ldb_msg_new(mem_ctx);
- if (msg == NULL) goto failed;
+ if (msg == NULL) goto failed;
if (rec-is_static) {
rec-state = WREPL_STATE_ACTIVE;
@@ -608,6 +613,11 @@
rec-type = WREPL_TYPE_MHOMED;
}
+ expire_time = ldb_timestring(msg, rec-expire_time);
+ if (!expire_time) {
+ goto failed;
+ }
+
msg-dn = winsdb_dn(msg, rec-name);
if (msg-dn == NULL) goto failed;
ret |= ldb_msg_add_fmt(msg, type, 0x%02X, rec-name-type);
@@ -622,8 +632,7 @@
ret |= ldb_msg_add_fmt(msg, recordState, %u, rec-state);
ret |= ldb_msg_add_fmt(msg, nodeType, %u, rec-node);
ret |= ldb_msg_add_fmt(msg, isStatic, %u, rec-is_static);
- ret |= ldb_msg_add_string(msg, expireTime,
- ldb_timestring(msg, rec-expire_time));
+ ret |= ldb_msg_add_string(msg, expireTime, expire_time);
ret |= ldb_msg_add_fmt(msg, versionID, %llu, (long
long)rec-version);
ret |= ldb_msg_add_string(msg, winsOwner, rec-wins_owner);
ret |= ldb_msg_add_empty(msg, address, 0);
svn commit: samba r12756 - in trunk/source: lib param rpc_server smbd utils
Author: jra Date: 2006-01-07 20:41:45 + (Sat, 07 Jan 2006) New Revision: 12756 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12756 Log: From Volker's comments. Ensure we don't enumerate usershares Create them when a client requests an enumeration or on attach. Jeremy. Modified: trunk/source/lib/dummysmbd.c trunk/source/param/loadparm.c trunk/source/rpc_server/srv_srvsvc_nt.c trunk/source/smbd/lanman.c trunk/source/smbd/msdfs.c trunk/source/smbd/service.c trunk/source/utils/net_usershare.c Changeset: Sorry, the patch is too large (805 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12756
svn commit: samba r12757 - in branches/SAMBA_3_0: . examples/libsmbclient
Author: derrell
Date: 2006-01-07 20:43:28 + (Sat, 07 Jan 2006)
New Revision: 12757
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12757
Log:
[EMAIL PROTECTED]: derrell | 2006-01-03 15:21:36 -0500
added flag to not request authentication information
Modified:
branches/SAMBA_3_0/
branches/SAMBA_3_0/examples/libsmbclient/testbrowse.c
Changeset:
Property changes on: branches/SAMBA_3_0
___
Name: svk:merge
- 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:12122
+ 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:12126
Modified: branches/SAMBA_3_0/examples/libsmbclient/testbrowse.c
===
--- branches/SAMBA_3_0/examples/libsmbclient/testbrowse.c 2006-01-07
20:41:45 UTC (rev 12756)
+++ branches/SAMBA_3_0/examples/libsmbclient/testbrowse.c 2006-01-07
20:43:28 UTC (rev 12757)
@@ -30,6 +30,7 @@
{
int debug = 0;
int debug_stderr = 0;
+int no_auth = 0;
int scan = 0;
int iterations = -1;
int again;
@@ -59,6 +60,10 @@
0, Iterations, integer
},
{
+noauth, 'A', POPT_ARG_NONE, no_auth,
+0, Do not request authentication data, integer
+},
+{
NULL
}
};
@@ -82,9 +87,14 @@
return 1;
}
+/* If we're scanning, do no requests for authentication data */
+if (scan) {
+no_auth = 1;
+}
+
/* Set mandatory options (is that a contradiction in terms?) */
context-debug = debug;
-context-callbacks.auth_fn = (scan ? no_auth_data_fn : get_auth_data_fn);
+context-callbacks.auth_fn = (no_auth ? no_auth_data_fn :
get_auth_data_fn);
/* If we've been asked to log to stderr instead of stdout... */
if (debug_stderr) {
@@ -102,7 +112,6 @@
/* Tell the compatibility layer to use this context */
smbc_set_context(context);
-
if (scan)
{
for (;
svn commit: samba r12758 - in branches/SAMBA_3_0: . source/libsmb
Author: derrell
Date: 2006-01-07 20:43:31 + (Sat, 07 Jan 2006)
New Revision: 12758
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12758
Log:
[EMAIL PROTECTED]: derrell | 2006-01-03 15:22:18 -0500
remove old superfluous comment and ifdef
Modified:
branches/SAMBA_3_0/
branches/SAMBA_3_0/source/libsmb/clilist.c
Changeset:
Property changes on: branches/SAMBA_3_0
___
Name: svk:merge
- 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:12126
+ 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:12127
Modified: branches/SAMBA_3_0/source/libsmb/clilist.c
===
--- branches/SAMBA_3_0/source/libsmb/clilist.c 2006-01-07 20:43:28 UTC (rev
12757)
+++ branches/SAMBA_3_0/source/libsmb/clilist.c 2006-01-07 20:43:31 UTC (rev
12758)
@@ -169,11 +169,7 @@
int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
void (*fn)(const char *, file_info *, const char *, void *),
void *state)
{
-#if 1
- int max_matches = 1366; /* Match W2k - was 512. */
-#else
- int max_matches = 512;
-#endif
+int max_matches = 1366;
int info_level;
char *p, *p2;
pstring mask;
svn commit: samba r12759 - in branches/SAMBA_3_0: . examples/libsmbclient/smbwrapper
Author: derrell Date: 2006-01-07 20:43:36 + (Sat, 07 Jan 2006) New Revision: 12759 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12759 Log: [EMAIL PROTECTED]: derrell | 2006-01-07 15:34:01 -0500 Incorporate a number of changes suggested by David Collier-Brown Thanks, David! Added: branches/SAMBA_3_0/examples/libsmbclient/smbwrapper/bsd-strlcat.c branches/SAMBA_3_0/examples/libsmbclient/smbwrapper/bsd-strlcpy.c branches/SAMBA_3_0/examples/libsmbclient/smbwrapper/bsd-strlfunc.h Modified: branches/SAMBA_3_0/ branches/SAMBA_3_0/examples/libsmbclient/smbwrapper/Makefile branches/SAMBA_3_0/examples/libsmbclient/smbwrapper/smbsh.c branches/SAMBA_3_0/examples/libsmbclient/smbwrapper/smbw.c branches/SAMBA_3_0/examples/libsmbclient/smbwrapper/smbw.h branches/SAMBA_3_0/examples/libsmbclient/smbwrapper/smbw_dir.c branches/SAMBA_3_0/examples/libsmbclient/smbwrapper/wrapper.c branches/SAMBA_3_0/examples/libsmbclient/smbwrapper/wrapper.h Changeset: Sorry, the patch is too large (1855 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12759
svn commit: samba r12760 - branches/SAMBA_3_0/source/tdb trunk/source/tdb
Author: vlendec
Date: 2006-01-07 22:11:30 + (Sat, 07 Jan 2006)
New Revision: 12760
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12760
Log:
Fix bug 3384
Modified:
branches/SAMBA_3_0/source/tdb/tdbtool.c
trunk/source/tdb/tdbtool.c
Changeset:
Modified: branches/SAMBA_3_0/source/tdb/tdbtool.c
===
--- branches/SAMBA_3_0/source/tdb/tdbtool.c 2006-01-07 20:43:36 UTC (rev
12759)
+++ branches/SAMBA_3_0/source/tdb/tdbtool.c 2006-01-07 22:11:30 UTC (rev
12760)
@@ -232,6 +232,11 @@
{
TDB_DATA key, dbuf;
+ if ((keyname == NULL) || (keylen == 0)) {
+ terror(need key);
+ return;
+ }
+
key.dptr = keyname;
key.dsize = keylen;
dbuf.dptr = data;
@@ -246,6 +251,16 @@
{
TDB_DATA key, dbuf;
+ if ((keyname == NULL) || (keylen == 0)) {
+ terror(need key);
+ return;
+ }
+
+ if ((data == NULL) || (datalen == 0)) {
+ terror(need data);
+ return;
+ }
+
key.dptr = keyname;
key.dsize = keylen;
dbuf.dptr = data;
@@ -263,6 +278,11 @@
{
TDB_DATA key, dbuf;
+ if ((keyname == NULL) || (keylen == 0)) {
+ terror(need key);
+ return;
+ }
+
key.dptr = keyname;
key.dsize = keylen;
@@ -283,6 +303,11 @@
{
TDB_DATA key;
+ if ((keyname == NULL) || (keylen == 0)) {
+ terror(need key);
+ return;
+ }
+
key.dptr = keyname;
key.dsize = keylen;
@@ -296,6 +321,11 @@
TDB_DATA key, dbuf;
TDB_CONTEXT *dst_tdb;
+ if ((keyname == NULL) || (keylen == 0)) {
+ terror(need key);
+ return;
+ }
+
if ( !tdbname ) {
terror(need destination tdb name);
return;
Modified: trunk/source/tdb/tdbtool.c
===
--- trunk/source/tdb/tdbtool.c 2006-01-07 20:43:36 UTC (rev 12759)
+++ trunk/source/tdb/tdbtool.c 2006-01-07 22:11:30 UTC (rev 12760)
@@ -232,6 +232,11 @@
{
TDB_DATA key, dbuf;
+ if ((keyname == NULL) || (keylen == 0)) {
+ terror(need key);
+ return;
+ }
+
key.dptr = keyname;
key.dsize = keylen;
dbuf.dptr = data;
@@ -246,6 +251,16 @@
{
TDB_DATA key, dbuf;
+ if ((keyname == NULL) || (keylen == 0)) {
+ terror(need key);
+ return;
+ }
+
+ if ((data == NULL) || (datalen == 0)) {
+ terror(need data);
+ return;
+ }
+
key.dptr = keyname;
key.dsize = keylen;
dbuf.dptr = data;
@@ -263,6 +278,11 @@
{
TDB_DATA key, dbuf;
+ if ((keyname == NULL) || (keylen == 0)) {
+ terror(need key);
+ return;
+ }
+
key.dptr = keyname;
key.dsize = keylen;
@@ -283,6 +303,11 @@
{
TDB_DATA key;
+ if ((keyname == NULL) || (keylen == 0)) {
+ terror(need key);
+ return;
+ }
+
key.dptr = keyname;
key.dsize = keylen;
@@ -296,6 +321,11 @@
TDB_DATA key, dbuf;
TDB_CONTEXT *dst_tdb;
+ if ((keyname == NULL) || (keylen == 0)) {
+ terror(need key);
+ return;
+ }
+
if ( !tdbname ) {
terror(need destination tdb name);
return;
Build status as of Sun Jan 8 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-01-07 00:00:34.0 + +++ /home/build/master/cache/broken_results.txt 2006-01-08 00:00:36.0 + @@ -1,17 +1,17 @@ -Build status as of Sat Jan 7 00:00:02 2006 +Build status as of Sun Jan 8 00:00:02 2006 Build counts: Tree Total Broken Panic -ccache 6 2 0 +ccache 8 2 0 distcc 7 2 0 lorikeet-heimdal 15 9 0 ppp 15 0 0 -rsync29 6 0 -samba1 0 0 +rsync30 6 0 +samba2 0 0 samba-docs 0 0 0 -samba4 32 18 1 -samba_3_030 5 0 -smb-build22 3 0 -talloc 10 4 0 -tdb 6 1 0 +samba4 33 32 0 +samba_3_031 6 0 +smb-build23 3 0 +talloc 9 4 0 +tdb 5 1 0
svn commit: samba r12761 - in branches/SAMBA_4_0/source/lib: .
Author: metze Date: 2006-01-08 00:09:49 + (Sun, 08 Jan 2006) New Revision: 12761 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12761 Log: get the TIME_T_MIN and TIME_T_MAX right again, merging from samba3 was a bad idea... as in samba4 we use TIME_T_MIN = 0 (maybe we should do this in samba3 too) because negativ values mean error. but still restrict TIME_T_MAX to INT32_MAX, to not overflow gmtime() on 64 bit systems, is this behavior documented somewhere? metze Modified: branches/SAMBA_4_0/source/lib/time.c Changeset: Modified: branches/SAMBA_4_0/source/lib/time.c === --- branches/SAMBA_4_0/source/lib/time.c2006-01-07 22:11:30 UTC (rev 12760) +++ branches/SAMBA_4_0/source/lib/time.c2006-01-08 00:09:49 UTC (rev 12761) @@ -27,14 +27,26 @@ #define CHAR_BIT 8 #endif +/* The extra casts work around common compiler bugs. */ +#define _TYPE_SIGNED(t) (! ((t) 0 (t) -1)) +/* The outer cast is needed to work around a bug in Cray C 5.0.3.0. + It is necessary at least when t == time_t. */ +#define _TYPE_MINIMUM(t) ((t) (_TYPE_SIGNED (t) \ + ? ~ (t) 0 (sizeof (t) * CHAR_BIT - 1) : (t) 0)) +#define _TYPE_MAXIMUM(t) ((t) (~ (t) 0 - _TYPE_MINIMUM (t))) + #ifndef TIME_T_MIN -#define TIME_T_MIN ((time_t)0 (time_t) -1 ? (time_t) 0 \ - : ~ (time_t) 0 (sizeof (time_t) * CHAR_BIT - 1)) +/* we use 0 here, because (time_t)-1 means error */ +#define TIME_T_MIN 0 #endif #ifndef TIME_T_MAX -#define TIME_T_MAX MIN(INT32_MAX,(~ (time_t) 0 - TIME_T_MIN)) +/* + * we use the INT32_MAX here as on 64 bit systems, + * gmtime() fails with INT64_MAX + */ +#define TIME_T_MAX MIN(INT32_MAX,_TYPE_MAXIMUM(time_t)) #endif - + /*** External access to time_t_min and time_t_max. /
svn commit: samba r12762 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules setup
Author: abartlet
Date: 2006-01-08 01:46:30 + (Sun, 08 Jan 2006)
New Revision: 12762
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12762
Log:
Simo correctly asked that the policy logic (which attributes contain
passwords) be moved into the database, and not be hard-coded in the
module source.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
branches/SAMBA_4_0/source/setup/provision_init.ldif
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
2006-01-08 00:09:49 UTC (rev 12761)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
2006-01-08 01:46:30 UTC (rev 12762)
@@ -45,12 +45,6 @@
*/
const char *password_attribs[] = {
- sambaPassword,
- ntPwdHash,
- sambaNTPwdHistory,
- lmPwdHash,
- sambaLMPwdHistory,
- krb5key
};
enum user_is {
@@ -60,9 +54,8 @@
SYSTEM
};
-struct private_data {
-
- char *some_private_data;
+struct kludge_private_data {
+ const char **password_attrs;
};
static enum user_is what_is_user(struct ldb_module *module)
@@ -78,7 +71,7 @@
}
if (is_administrator_token(session_info-security_token)) {
- return SYSTEM;
+ return ADMINISTRATOR;
}
if (is_authenticated_token(session_info-security_token)) {
return USER;
@@ -95,6 +88,7 @@
enum user_is user_type;
int ret = ldb_next_request(module, req);
struct ldb_message *msg;
+ struct kludge_private_data *data =
talloc_get_type(module-private_data, struct kludge_private_data);
int i, j;
if (ret != LDB_SUCCESS) {
@@ -110,8 +104,8 @@
/* For every message, remove password attributes */
for (i=0; i req-op.search.res-count; i++) {
msg = req-op.search.res-msgs[i];
- for (j=0; j ARRAY_SIZE(password_attribs); j++) {
- ldb_msg_remove_attr(msg, password_attribs[j]);
+ for (j=0; data-password_attrs[j]; j++) {
+ ldb_msg_remove_attr(msg,
data-password_attrs[j]);
}
}
}
@@ -151,15 +145,6 @@
return ldb_next_del_trans(module);
}
-static int kludge_acl_destructor(void *module_ctx)
-{
- struct ldb_module *ctx = talloc_get_type(module_ctx, struct ldb_module);
- struct private_data *data = talloc_get_type(ctx-private_data, struct
private_data);
- /* put your clean-up functions here */
- if (data-some_private_data) talloc_free(data-some_private_data);
- return 0;
-}
-
static int kludge_acl_request(struct ldb_module *module, struct ldb_request
*req)
{
switch (req-operation) {
@@ -174,37 +159,88 @@
}
}
+static int kludge_acl_init_2(struct ldb_module *module)
+{
+ int ret, i;
+ TALLOC_CTX *mem_ctx = talloc_new(module);
+ const char *attrs[] = { attribute, NULL };
+ struct ldb_result *res;
+ struct ldb_message *msg;
+ struct ldb_message_element *password_attributes;
+
+ struct kludge_private_data *data =
talloc_get_type(module-private_data, struct kludge_private_data);
+ data-password_attrs = NULL;
+
+ if (!mem_ctx) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = ldb_search(module-ldb, ldb_dn_explode(mem_ctx, @KLUDGEACL),
+LDB_SCOPE_BASE,
+NULL, attrs,
+res);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(mem_ctx);
+ return ret;
+ }
+ if (res-count == 0) {
+ talloc_free(mem_ctx);
+ data-password_attrs = NULL;
+ return LDB_SUCCESS;
+ }
+
+ if (res-count 1) {
+ return LDB_ERR_CONSTRAINT_VIOLAION;
+ }
+
+ msg = res-msgs[0];
+
+ password_attributes = ldb_msg_find_element(msg, passwordAttribute);
+ if (!password_attributes) {
+ return LDB_SUCCESS;
+ }
+ data-password_attrs = talloc_array(data, const char *,
password_attributes-num_values + 1);
+ if (!data-password_attrs) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ for (i=0; i password_attributes-num_values; i++) {
+ data-password_attrs[i] = (const char
*)password_attributes-values[i].data;
+ talloc_steal(data-password_attrs,
password_attributes-values[i].data);
+ }
+ data-password_attrs[i] = NULL;
+ return LDB_SUCCESS;
+}
+
static const struct ldb_module_ops kludge_acl_ops = {
.name = kludge_acl,
.request = kludge_acl_request,
.start_transaction =
svn commit: samba r12763 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet
Date: 2006-01-08 02:05:20 + (Sun, 08 Jan 2006)
New Revision: 12763
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12763
Log:
Oops. If you call ldb_search from within an ldb module's search
request handler, you really have to watch the recursion issues...
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
2006-01-08 01:46:30 UTC (rev 12762)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
2006-01-08 02:05:20 UTC (rev 12763)
@@ -91,7 +91,9 @@
struct kludge_private_data *data =
talloc_get_type(module-private_data, struct kludge_private_data);
int i, j;
- if (ret != LDB_SUCCESS) {
+ /* We may not be fully initialised yet, or we might have just
+* got an error */
+ if (ret != LDB_SUCCESS || !data-password_attrs) {
return ret;
}
