Re: [Samba] Re: Domain Admin Group privaleges
I had this problem was well trying to join XP machines to the domain. One admin user was able to add machines and another was not. I discovered that I had a left over from Samba 2.x in my smb.conf admin users = mac Yup, you guessed it, mac was the only user that could add machines to the domain. Commenting out this line and mac could not longer add machines to the domain. This is really puzzling to me because I am using an ldap backend with the following mappings: FS Web (S-1-5-21-2177951985-844638623-828914669-2259) - fs-web FS Users (S-1-5-21-2177951985-844638623-828914669-513) - fs-users FS Admin (S-1-5-21-2177951985-844638623-828914669-2260) - fs-admin Domain Admins (S-1-5-21-2177951985-844638623-828914669-512) - DomainAdmins Domain Guests (S-1-5-21-2177951985-844638623-828914669-514) - nobody FS Teachers (S-1-5-21-2177951985-844638623-828914669-2258) - fs-teachers But, just making sure that mac was in the DomainAdmins group was not enought to get admin privileges in the Windows environment. This is a recent 3.02 installation. I really would prefer that this was in LDAP, so it anyone can point me at what I am doing wrong that would be great. Bill +-- | Bill MacAllister, System Manager | Nevada City School District | 530-265-1857 --On Monday, April 26, 2004 02:30:49 PM -0400 Greg Kuchyt [EMAIL PROTECTED] wrote: I thought this was the problem also, but adding the user to the root group did not yield any change. I'm kind of baffled on this one. It sounds as it has to do with the Linux privileges. Try this: When you create a Samba user, the equivalent account is created in the /etc/passwd file. Add the Linux user account to the Linux root group. This will give the user root previliges. Here is some info. from the Samba How To: There is no safe way to provide access on a UNIX/Linux system without providing root level privilege. Provision of root privileges can be done wither by logging onto the Domain as the user root, or by permitting particular users to use a UNIX account that is a member of the UNIX group that has a GID=0 as the primary group in the /etc/passwd database. Users of such accounts can use tools like the NT4 Domain User Manager, and the NT4 Domain Server Manager to manage user and group accounts as well as Domain Member server and client accounts. This level of privilege is also needed to manage share level ACLs. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Verified bug in Woody Samba
Jeremy Allison wrote: On Sat, Apr 24, 2004 at 03:41:18PM -0500, blfs wrote: OK, so I go to this page: https://bugzilla.samba.org/enter_bug.cgi Now what? Samba 2.2 is not listed. We are not accepting bugs against Samba 2.2 unless they are security problems. Samba2.x is no longer actively developed and is in security maintanence mode only. I suggest you file a bug with the Debian project and ask them to update to a maintained version of Samba. Although Samba 3 isn't in the Debian stable tree, the forthcoming release of Debian 3.1 includes Samba 3.0.2a. Although this release has been a long time in development, there isn't a confirmed release date yet as the last few bugs are still being squished. However, if you can't wait for that release, www.backports.org provides a Samba 3.0.2a package for Debian stable which I have tested and found to be OK at work. The website provides instructions on how to get packages via apt. The only thing that the backports.org packages were missing that I needed was quota reporting support, but I was able to recompile the packages quite easily to enable this option. Cheers, Tony -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to open TDB rid database!
Hi all, I use tdbsam backend. When I create a box for win2k machine: # pdbedit -a -m -u machine$ tdb_update_sam: SAM_ACCOUNT (machine$) with no RID! Unable to add machine! (does it already exist?) What is wrong? Other failer message: Unable to open TDB rid database! Regards, Roland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Login Script
How to configure login script on Samba. Regards, Teguh Lycos Email has 10 MB of FREE storage space. http://mail.lycos.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login Script
Teguh Kurniawan schrieb: How to configure login script on Samba. Regards, Teguh Lycos Email has 10 MB of FREE storage space. http://mail.lycos.co.uk ftp://de.samba.org/samba.org/docs/htmldocs/Samba-PDC-HOWTO.html [global] ; specify a generic logon script for all users ; this is a relative **DOS** path to the [netlogon] share logon script ftp://de.samba.org/samba.org/docs/htmldocs/smb.conf.5.html#LOGONSCRIPT = logon.cmd ; necessary share for domain controller [netlogon] path ftp://de.samba.org/samba.org/docs/htmldocs/smb.conf.5.html#PATH = /usr/local/samba/lib/netlogon read only ftp://de.samba.org/samba.org/docs/htmldocs/smb.conf.5.html#READONLY = yes write list ftp://de.samba.org/samba.org/docs/htmldocs/smb.conf.5.html#WRITELIST = /ntadmin/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
# # THIS IS AN AUTOMATED RESPONSE # PLEASE DO NOT REPLY TO THIS EMAIL # Thank you for contacting Melbourne IT's webmaster email. If your query does not relate to site errors, please redirect your query to our helpdesk at [EMAIL PROTECTED] Site issues will be addressed as soon as possible by our Web Development team. Thank you Webmaster -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbmnt as user
Hello all, I read in the smbmnt man page that: A setuid smbmnt will only allow mounts on directories owned by the user, and that the user has write permission on. I am trying to set up a mount on /mnt/laptop. I have given my users 777 permissions on the directory, but it is owned by root. Is there any way that I can work around this. It appears from the man page that smbmnt will only work where the users have write permissions and own the directory. Has anyone come up with a way around this -- or does it offer some security benefit that makes it worthwhile. Thanks! Lance Dial -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: 5O% 0ff on -- XX3NICAL__ CI@_LiS__ ULTR@M__ F!0RIC3T__ V1AGR0__ FI0R!CET
The abilities of man must fall short on one side or the other, like too scanty a blanket when you are abed. If you pull it upon your shoulders, your feet are left bare; if you thrust it down to your feet, your shoulders are uncovered. http://bestdrugshere.com/ All endeavor calls for the ability to tramp the last mile, shape the last plan, endure the last hours toil. The fight to the finish spirit is the one... characteristic we must posses if we are to face the future as finishers. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Your command, Important, was invalid
OpenPGP Public Key Server For questions or comments regarding this key server site, contact PGP Key Server Administrator [EMAIL PROTECTED] Current version: 0.9.6 NOTE! This service is provided to facilitate public-key cryptography for demonstration and educational purposes. It is the responsibility of users of public-key cryptography to ensure that their activities conform to legal requirements.[ Czech: Pro ziskani ceske verze tohoto textu poslete prosim e-mail se Subject radkou HELP CZ na adresu [EMAIL PROTECTED], nebo pristupte na URL http://www.pgp.net/pgpnet/email-help-cz.html Danish:For at faa en dansk version af denne text skal du sende en e-mail med en subject-tekst: HELP DK til [EMAIL PROTECTED] eller slaa op paa URL http://www.pgp.net/pgpnet/email-help-dk.html German:Für eine deutschsprachige Fassung dieses Textes senden Sie eine Mail mit dem Subject HELP DE an die folgende Adresse [EMAIL PROTECTED] oder URL: http://www.pgp.net/pgp/email-help-de.html English: For an English version of this message, send an e-mail with a subject line of HELP to [EMAIL PROTECTED], or access the URL http://www.pgp.net/pgpnet/email-help-en.html Spanish: Para obtener una versión en castellano de este texto, envíe un mail a [EMAIL PROTECTED] con el Subject HELP ES Finnish: Saadaksesi taman tekstin suomeksi, laheta osoitteeseen [EMAIL PROTECTED] tyhja viesti, jonka Subject-kentta on HELP FI. French:Pour une version française de çe texte, envoyez un message au sujet de HELP FR à [EMAIL PROTECTED] Croatian: Za hrvatsku verziju ovoga teksta posaljite poruku koja ce u Subject imati HELP HR na adresu [EMAIL PROTECTED] Japanese: Nihongo no setumei ga hosii baai wa Subject: ni HELP JA to kaite, [EMAIL PROTECTED] ni e-mail. Korean:¾Æ·¡ÀÇ ³»¿ëÀ» Çѱ۷Πº¸½Ã·Á¸é Á¦¸ñ(Subject)ÀÌ HELP KR ÀÎ ÀüÀÚ¿ìÆíÀ» [EMAIL PROTECTED] À¸·Î º¸³»ÁֽʽÿÀ. Polish:Zeby uzyskac polska wersje tej strony, wyslij list z linia HELP PL w polu Subject na adres [EMAIL PROTECTED] lub zajrzyj pod URL http://www.pgp.net/pgpnet/email-help-pl.html Portuguese:Para obter uma versão em português deste texto, deve enviar um mail para [EMAIL PROTECTED] com o Subject HELP PT Norwegian: For aa faa dette dokumentet paa norsk, send HELP NO til [EMAIL PROTECTED] Swedish: For a Swedish version of this message, send an e-mail with a subject line of HELP SE to [EMAIL PROTECTED], or access the URL http://www.pgp.net/pgpnet/email-help-se.html Chinese: [EMAIL PROTECTED] PGP ¦øªA¾¹´£¨Ñ½u¤W»²§U»¡©ú, ½Ð E-mail µ¹ [EMAIL PROTECTED], ©ó Subject: µù©ú HELP TW §Y¥i. ] OpenPGP Public Email Keyservers --- There are OpenPGP public email key servers which allow one to exchange public keys running using the Internet and UUCP mail systems. Those capable of accessing the WWW might prefer to use the WWW interface available via http://www.pgp.net/pgpnet/www-key.html and managers of sites which may want to make frequent lookups may care to copy the full keyring from the FTP server at ftp://ftp.pgp.net/pub/pgp/keys/ This service exists only to help transfer keys between PGP users. It does NOT attempt to guarantee that a key is a valid key; use the signatures on a key for that kind of security. Each keyserver processes requests in the form of mail messages. The commands for the server are entered on the Subject: line. -- - Note that they should NOT be included in the body of the message. - === --- To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Subject: help Sending your key to ONE server is enough. After it processes your key, it will forward your add request to other servers automagically. For example, to add your key to the keyserver, or to update your key if it is already there, send a message similar to the following to any server: To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Subject: add -BEGIN PGP PUBLIC KEY BLOCK- Version: 2.6 blah blah blah -END PGP PUBLIC KEY BLOCK- COMPROMISED KEYS: Create a Key Revocation Certificate (read the PGP docs on how to do that) and mail your key to the server once again, with the ADD command. Valid commands are: CommandResult -- - HELP Returns this message HELP language Localized help text (DE, EN, ES, FI, FR, HR, NO) ADDAdd PGP public key from the body of your message INDEX userid List all
Re: [Samba] Administering a Linux domain member in a NT domain, as a Domain Admin
Now, I've come to the issue of expecting that a Domain Admin should be able to administer the Linux workstation much like a Domain Admin administers a Windows workstation on a domain. I've seen several examples where the domain admin users are added to the root group for the Linux workstation; the problem is, that most files/commands on the (Fedora) Linux workstation are, by default, usable only by the root user and not by the root group; i.e. One thing I thought of was to run a script that updates the system so that all files owned by root are changed so that the root group has the same permissions as the root user for that file...but I don't think that's a good solution because I'll probably have to run that script every time I install something new. No. Has anyone got suggestions/ideas/comments? Well, this depends on what you want, but I suggest you look into sudo. It should be simple to set up and you get full loging of your actions as a nice bonus :-) Tarjei Kevin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to open TDB rid database!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 2 May 2004, LanRol wrote: Hi all, I use tdbsam backend. When I create a box for win2k machine: # pdbedit -a -m -u machine$ tdb_update_sam: SAM_ACCOUNT (machine$) with no RID! Unable to add machine! (does it already exist?) What is wrong? Other failer message: Unable to open TDB rid database! I thought we fixed this. What version are you running ? cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFAlWWfIR7qMdg1EfYRApZMAKC/ybwoFEzpcR1W93aegbRAa7+Y2ACfRHbP AzBAz7yXUOoyelcCznGD8ac= =g4hd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: specified network name no more available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 7 Apr 2004, Dragan Krnic wrote: I was stung by this bug yesterday myself and although there are numerous references to this error message I haven't seen any qualified resolution of the problem. Not that the following rant hopes to be such, but it's a good story. My setup is a stable 2.2.8a production domain and an experimental 3.0.2a-SuSE domain. The passwd backend is still smbpasswd. I wish there were a better openLDAP primer for Sambatistas but in view of the relative stability of the users landscape a simple copy from time to time was replication enough to keep things working smoothly even though not spectacularly pretty, until I added a Windows 2003 Server Enterprise Edition as a member client in the 2.2.8a domain. Since then no operation requiring any writing, attribute setting or directory modifications in the 3.0.2a domain could be executed. Usually a long stall would precede the famous last words ...no more available. I still don't know exactly why it turned out that way but after removing (actually completely obliterating the said W2K3 for good measure) I deleted all those volatile TDB's on both servers and got a new lease on life after a reboot. Luckily I joined the W2K3 to the domain after-hours so nobody even noticed there was any problem. So why am I telling you this? Because I think someone from the Samba team should shed some light on the topic and explain under what circumstances this pathological behavious can be expected. I think Volker fixed this post 3.0.3 (see the latest SVN SAMBA_3_0 tree). cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFAlXCbIR7qMdg1EfYRAgWfAJ9ZTWYap0//6x7qHT+geSgaW4CwBwCcDmnC 6kT4gIz6Tux7aXGSaTSFni8= =X3Ep -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] IPv6 support in Samba 3.0.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 8 Apr 2004, Randy Turner wrote: Hi, Not having performed a source code build for Samba 3.0.2, is there an option in the build to include support for IPv6 ? Or is there something in smbd.conf possibly? Nope. Not currently. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFAlXEYIR7qMdg1EfYRAtWxAJ9zNoq2eHjUflG4yWr8xv3Y86PHSACfe39C k8eV4TyV3L0FRuHL/turXB4= =HtRz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA DEVELOPERS PLEASE READ WAS: RE: password change, domain not available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 22 Apr 2004, Jason Balicki wrote: [summary: quite a few people who have installed recent MS patches and use Samba as a NT style PDC (and, it appears, are using 2.2.8a) have an issue where they cannot change their passwords from the client side. Cannot change is in quotes because even though the client reports failure, the password has in fact been changed successfully. However, you can't expect an end user to know that, nor expect them to accept a negative response for a positive.] The problem seems to be related to Windows Hotfix KB828741. Removing the hotfix through the control panel solved it for us. While this is a workaround, it is not an acceptable one. 828741 fixes vulnerabilities that affect RPC/DCOM and can allow a remote attacker to gain control of a machine. It's only a matter of time before someone writes a worm that takes advantage of this. Could some Samba developer PLEASE take time out of their very busy schedule and look into this issue? It's affecting quite a few people (if they know it or not) and needs to be addressed quickly. We're working towards a fix regarding 3.0.x. We'll have to decide what to do about 2.2.8a once we resolve the issue in 3.0. Thanks for being patient. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFAlXjbIR7qMdg1EfYRAm4vAKCuBt9lfIx+Pv449Rn5A0XBfReQCACfQ9Rx gJpLBDIqBD1ujlRuOK1WhDI= =Ycf9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] --mandir ignored in 3.0.3 configure/make
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 29 Apr 2004, Hall, Ken (IDS ECCS) wrote: In 3.0.2a, running configure using --mandir=/usr/share/man installed the man pages under that directory, but on 3.0.3, building with exactly the same options seems to put them in /usr/man. Changed to --with-mandir in 3.0.3 (resulting of having to fix another bug). I though this was mentioned in the release notes. If not, I apoligize. Should have been. Same thing for --with-libdir. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFAlXnAIR7qMdg1EfYRAkP4AJsF/TXD87u+BtFEutwb6Um1VVfbYgCfQEgO hKnYZT1NBYYSo2uAId5nZGo= =S1DC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.3 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 30 Apr 2004, ww m-pubsyssamba wrote: is there any information on Support for Windows aliases (i.e. nested groups). available? I've taken a look at the PDF documentation included in the source for Samba 3.0.3 and all I found was references to nested groups not being supported, I assume this is simply because the documentation has not been updated?? not quite yet. Mostly word of mouth at the moment. Ask volker on samba-technical for his latest mini-howto or draft. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFAlXskIR7qMdg1EfYRAs0hAJ9d2QnEXEvcqg8Uwvn0sBK+e/k+RACgvAHG 4f0V0aVGcEi0yb+vVdGbGRY= =dXRe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Status on fixes for MS04-11/MS04-12/KB828741 issues
I realise that a large number of sites have been bitten by the bad interaction between this hotfix, and Samba. I have finally managed to spend some time looking into this, and have reproduced it in my test environment. There appears to be an issue with the NTLMSSP layer used by windows clients to wrap password change requests. Fortunately, I have also shown that it is possible to construct a shim involving Samba4's RPC proxy server, to correctly change passwords from these Windows clients. While certainly not a solution for a production environment, it shows us a means forward for fixing this issue, using existing code, and known algorithms. As you are all aware, with the Sasser worm out and about, applying this fix is no longer optional, and we are working hard on finding a solution. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] bindpw in ldap.conf
Sorry if this question is more for the LDAP community, but since I ran into this via the Samba3 by Example book, I'm asking here. :) As described in Chapter 6, PAM and NSS Client Configuration, in the ldap.conf file, is it necessary to have the bindpw line? From what I have seen, ldap.conf needs to be world readable and having that entry would seem to me to be a security risk. Am I right? If so, is there a way round the security issue? Thanks all. ~Dan -- -- Dan Hill [EMAIL PROTECTED] -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Your product
-=- All messages from [EMAIL PROTECTED] -=- Please Forward it to [EMAIL PROTECTED] -=- @mailcity.com will not be used. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bindpw in ldap.conf
Sorry if this question is more for the LDAP community, but since I ran into this via the Samba3 by Example book, I'm asking here. :) As described in Chapter 6, PAM and NSS Client Configuration, in the This is really more of a question for the nssldap list at PADL. ldap.conf file, is it necessary to have the bindpw line? From what I You need the bindpw if you DSA doesn't permit anonymous binding or has access controls that forbid anonymous from percieving the required attributes. have seen, ldap.conf needs to be world readable and having that entry would seem to me to be a security risk. Am I right? If so, is there a way round the security issue? The bind dn and pw used by NSS should not be privileged to make modifications and should only be able to perceive attributes relevant to the NSS service, so there is no security issue. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bindpw in ldap.conf
Adam Williams wrote: Sorry if this question is more for the LDAP community, but since I ran into this via the Samba3 by Example book, I'm asking here. :) As described in Chapter 6, PAM and NSS Client Configuration, in the This is really more of a question for the nssldap list at PADL. I had a feeling. ldap.conf file, is it necessary to have the bindpw line? From what I You need the bindpw if you DSA doesn't permit anonymous binding or has access controls that forbid anonymous from percieving the required attributes. have seen, ldap.conf needs to be world readable and having that entry would seem to me to be a security risk. Am I right? If so, is there a way round the security issue? The bind dn and pw used by NSS should not be privileged to make modifications and should only be able to perceive attributes relevant to the NSS service, so there is no security issue. That was my thought as well, but the example shown in the book used cn=Manager, which to me implied write access, so I just wanted to verify that write access was not necessary. Thanks, ~Dan -- -- Dan Hill [EMAIL PROTECTED] -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Status on fixes for MS04-11/MS04-12/KB828741 issues
Andrew Bartlett wrote: I realise that a large number of sites have been bitten by the bad interaction between this hotfix, and Samba. I have finally managed to spend some time looking into this, and have reproduced it in my test environment. There appears to be an issue with the NTLMSSP layer used by windows clients to wrap password change requests. Fortunately, I have also shown that it is possible to construct a shim involving Samba4's RPC proxy server, to correctly change passwords from these Windows clients. While certainly not a solution for a production environment, it shows us a means forward for fixing this issue, using existing code, and known algorithms. As you are all aware, with the Sasser worm out and about, applying this fix is no longer optional, and we are working hard on finding a solution. Andrew Bartlett Thanks to you and the entire Samba team for all the hard work put into the Samba project! ~Dan -- -- Dan Hill [EMAIL PROTECTED] -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bindpw in ldap.conf
have seen, ldap.conf needs to be world readable and having that entry would seem to me to be a security risk. Am I right? If so, is there a way round the security issue? The bind dn and pw used by NSS should not be privileged to make modifications and should only be able to perceive attributes relevant to the NSS service, so there is no security issue. That was my thought as well, but the example shown in the book used cn=Manager, which to me implied write access, so I just wanted to verify that write access was not necessary. A default ldap.conf file looks like - # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. #binddn cn=proxyuser,dc=example,dc=com # The credentials to bind with. # Optional: default is no credential. #bindpw secret - this is just used for searching/reading the directory. This user should not have write access. Write access is define by rootbinddn - # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) #rootbinddn cn=manager,dc=example,dc=com And the writable binding password lives in /etc/ldap.secret and should only be readably by root. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bindpw in ldap.conf
Adam Williams wrote: have seen, ldap.conf needs to be world readable and having that entry would seem to me to be a security risk. Am I right? If so, is there a way round the security issue? The bind dn and pw used by NSS should not be privileged to make modifications and should only be able to perceive attributes relevant to the NSS service, so there is no security issue. That was my thought as well, but the example shown in the book used cn=Manager, which to me implied write access, so I just wanted to verify that write access was not necessary. A default ldap.conf file looks like - # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. #binddn cn=proxyuser,dc=example,dc=com # The credentials to bind with. # Optional: default is no credential. #bindpw secret - this is just used for searching/reading the directory. This user should not have write access. Write access is define by rootbinddn - # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) #rootbinddn cn=manager,dc=example,dc=com And the writable binding password lives in /etc/ldap.secret and should only be readably by root. Thanks Adam. ~Dan -- -- Dan Hill [EMAIL PROTECTED] -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2003 domain logon
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 2 Apr 2004, werner maes wrote: Hello Is it possible to do a domain logon in Samba with a Windows 2003 Server? I don't think so but perhaps someone has a solution. Yes. Worked with 3.0.2a at least since I tested that version. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFAlbJnIR7qMdg1EfYRAtkMAJwIR2s27MHhDvBkMfyU9iDWZ55RcgCZAaFr U5jZNB5rmgd1K7CWcUx0Y/w= =av3u -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP client - intermittent 'network name cannot be found' loading profile
I have seen a number of postings which seem similar to the problem I am having, but am yet to find a fix for my situation. Problem is as follows: - Samba 3.0.2 rpm installed on Red Hat Enterprise ES 3.0, configured as PDC with ldapsam backend - Windows XP Professional client joined to the Samba domain. The XP client successfully joins the domain and can browse and access shares (including the user's profile). The first login (as a domain user) always succeeds, following logins randomly fail with the message: Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The network name cannot be found. The problem seems to be as described in the Microsoft knowledge base article number 831651, however I have obtained the hotfix from them and still have the issue. I have tried a base install of XP (SP 1a) and also downloading and installing all critical Windows Updates. A Windows 2000 Professional (SP 2) client joined to the same domain works consistently in this situation with no problem. Any advice would be appreciated as this is the final issue I need to resolve to migrate our Active Directory domain to Samba/OpenLDAP. This seems to be an issue specifically with XP logging into Samba, since W2K works consistently, therefore I believe my config is mostly correct, however I can post the details if necessary. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't the very basic stuff to work
Fedora Core 1:Samba 3.0.0-15 trying to connect with Windows XP Pro and Home Hello All, I am really hoping for some help on this one. I am going through the very basic process of trying to learn Samba and get my home network up -- followed the HowTo verbatim. I have several problems that are show-stoppers. (1) I canft print. I have a hp Photosmart 7150 installed locally on the linux box and it works perfectly when printing from linux. I can see the printer from the samba share in windows and can install and esuccessfullyf print (the job reads gremote downlevel documenth Status: spooling User:nobody) but nothing prints. Lpq says: Photosmart7150 is ready No entries Zero activity on the printers part. (2) I canft access my share. If I try to go to start¨run and type \\agamemnon\data the only option for a username is AGAMEMNON\Guest and its disabled. I could really use some help on this. Thanks for any pointers. I know this is not secure -- just want to prove the concept first. Tim #My smb.conf [global] workgroup = archenland netbios name = agamemnon security = share printcap name = cups disable spoolss = Yes show add printer wizard = No printing = cups [homes] comment = Tim and Chrissy's Home Directories # we set the valid users = to the current share's name valid users = %S read only = No # we might want to set this to No after troubleshooting browseable = Yes [data] # this is the main share we run all our files from comment=Tim and Chrissy's data store path = /home/data guest ok = No valid users = tim chrissy read only = No writeable = Yes [printers] path = /var/spool/samba guest ok = Yes printable = Yes use client driver = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows XP client - intermittent 'network name cannot befound' loading profile
But did you try a base install pre service pack 1a? Try this fix -- it appears to have sloved my problems http://support.microsoft.com/default.aspx?scid=kb;en-us;327462 Regards John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael Vermaes Sent: Monday, 3 May 2004 12:23 PM To: [EMAIL PROTECTED] Subject: [Samba] Windows XP client - intermittent 'network name cannot befound' loading profile I have seen a number of postings which seem similar to the problem I am having, but am yet to find a fix for my situation. Problem is as follows: - Samba 3.0.2 rpm installed on Red Hat Enterprise ES 3.0, configured as PDC with ldapsam backend - Windows XP Professional client joined to the Samba domain. The XP client successfully joins the domain and can browse and access shares (including the user's profile). The first login (as a domain user) always succeeds, following logins randomly fail with the message: Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The network name cannot be found. The problem seems to be as described in the Microsoft knowledge base article number 831651, however I have obtained the hotfix from them and still have the issue. I have tried a base install of XP (SP 1a) and also downloading and installing all critical Windows Updates. A Windows 2000 Professional (SP 2) client joined to the same domain works consistently in this situation with no problem. Any advice would be appreciated as this is the final issue I need to resolve to migrate our Active Directory domain to Samba/OpenLDAP. This seems to be an issue specifically with XP logging into Samba, since W2K works consistently, therefore I believe my config is mostly correct, however I can post the details if necessary. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows XP client - intermittent 'network name cannot befound' loading profile
Thanks for the quick reply John. I tried setting the local GPO option as described in the article, but the problem still occurs. The issue described in the article is not exactly what I am experiencing - the event id is 1521. The permissions of the profile on the server are correct after it is created: [EMAIL PROTECTED] profiles]# ls -la total 6352 drwxrwxr-x7 root dusers 4096 May 3 10:05 . drwxr-xr-x4 root root 4096 Mar 30 15:14 .. drwx-- 13 michaelv dusers 4096 May 3 11:45 michaelv=== where dusers is mapped to the Domain Users Windows group with net groupmap. The ownership of the profile on the Windows XP client also appears to be correct. I would expect the problem described in the article to be a more consistently occurring error - my problem is seemingly random, and usually works after leaving the client for a long period of time, or restarting it. I have tried experimenting with some of the other GPO settings on the client, and also setting the profile acls = yes option in the [Profiles] section of smb.conf, but the problem remains. Thanks for any additional help. On Mon, 2004-05-03 at 11:23, John Arthur wrote: But did you try a base install pre service pack 1a? Try this fix -- it appears to have sloved my problems http://support.microsoft.com/default.aspx?scid=kb;en-us;327462 Regards John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael Vermaes Sent: Monday, 3 May 2004 12:23 PM To: [EMAIL PROTECTED] Subject: [Samba] Windows XP client - intermittent 'network name cannot befound' loading profile I have seen a number of postings which seem similar to the problem I am having, but am yet to find a fix for my situation. Problem is as follows: - Samba 3.0.2 rpm installed on Red Hat Enterprise ES 3.0, configured as PDC with ldapsam backend - Windows XP Professional client joined to the Samba domain. The XP client successfully joins the domain and can browse and access shares (including the user's profile). The first login (as a domain user) always succeeds, following logins randomly fail with the message: Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The network name cannot be found. The problem seems to be as described in the Microsoft knowledge base article number 831651, however I have obtained the hotfix from them and still have the issue. I have tried a base install of XP (SP 1a) and also downloading and installing all critical Windows Updates. A Windows 2000 Professional (SP 2) client joined to the same domain works consistently in this situation with no problem. Any advice would be appreciated as this is the final issue I need to resolve to migrate our Active Directory domain to Samba/OpenLDAP. This seems to be an issue specifically with XP logging into Samba, since W2K works consistently, therefore I believe my config is mostly correct, however I can post the details if necessary. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Invitation to Italy (and Sweden) vip/ba
Dear Potential Speaker of the IPSI-2004 Pescara: I am happy to invite you to be a speaker at the VIP Scientific Forum of the International IPSI-2004 PESCARA Conference in Italy (IPSI = Internet, Processing, Systems for e-education/e-business, and Interdisciplinaries), to be held in the hotel Castello Chiola from July 28 till August 2, 2004. Detailed program and all relevant information are given at the web: www.internetconferences.net. Castello Chiola is a century IX castle on the top of a hill, with a sea view; best Italian beaches around Pescara are only about 10km away. This is our former L'Aquila conference relocated to a place which is much more attractive and convenient. Opening keynote: Professor Michael Flynn, from Stanford University. Deadlines: Abstract (100 words) = April 30, 2004 Full Papers = May 10, 2004 Paper Acceptance Notification = May 20, 2004 Hotel Payment = May 30, 2004 Fee Payment = June 10, 2004 If you are not able to accept this invitation, our next meeting is in Sweden (Stockholm Grand Hotel) and your are invited (for details see www.internetconferences.net, and let us know if you are interested, by sending email to [EMAIL PROTECTED]). The IPSI-2004 PESCARA conference is limited to about 100 attendees (physical capacity of hotel Castello Chiola congress center), and only plenary sessions will be organized. So far, many more researchers expressed an interest to come, which means that a number of submissions will have to be rejected. Still, new submissions are more than welcome. In addition to other programs, a special VIP Scientific Forum is also organized. Talks of the VIP Scientific Forum are open to all participants (other fori include the High Tech Forum and Talented Students Forum). Please submit your title/abstract (which means that you have committed to participate if your paper is accepted), as soon as convenient for you,because we will be accepting papers until the limit is reached. The major goal of this forum is to establish a podium for a fruitful exchange of the newest scientific ideas, and that is why your participation is extremely important to all of us. Only elite researchers and professionals are invited. If you like to accept this invitation, please send email (with title, 100-word abstract, and affiliation) to [EMAIL PROTECTED] Conditions of this invitation are as follows: 1. Duration of your slot is 30 minutes (20 to 25 minutes for your talk, and the rest for discussions). 2. You are financially responsible: (a) For the air ticket to arrive to Italy, and for the local transportation to arrive to the conference site (Hotel Castello Chiola). (b) For the hotel/breakfast cost. If you like to stay in the Castello Chiola hotel, the minimum stay is 5 days, from July 28 noon till August 2 noon, and the prepayment for all 5 days has to be done, as indicated above, before May 30, 2004 (only 30 rooms are available for sale, so you have to hurry up). The prices are as follows: one person in a single room = e600, two persons in a double room = e800, three persons in a triple room, E15 extra per day. four persons in a quad room, E30 extra per day. If you like to stay in an outside hotel (in which case you can save considerably on your budget), you are entitled to a E100 insurance (both by participants and their accompanying persons), payable directly to the hotel Chiola. Please, remember that hotel Chiola has only 30 rooms for sale, and most attendees will have to stay in Pescara (25km or 30min by public busses) or better in the nearby Silvi Marina (15km or 15min by public busses, operating from 6am till 11pm). Busses are to be taken to the center of Loreto Aprutino, and the hotel is five minutes walking uphill (to the top of the hill). Of course, rent-a-car is the most convenient solution (there is a parking on the top of the hill). (c) For the conference fee (e400). 3. The conference fee covers a professional reviewing process, the conference program, a book of abstracts, a CD with full papers, a welcome dinner on the arrival day, coffee/tea breaks, and access to all professional and social activities of the IPSI-2004 PESCARA. The fee is e300 for past participants of IPSI conferences who agree to review 12 papers per year. 4. For paper layout format, you are free to select any format that meets your needs and esthetical criteria. Your paper will be reviewed, with the major intention to provide you with a feedback that can help improve the quality. 5. Full papers are limited to maximum 1MB and minimum 4 pages. 6. The scope of the conference is relatively wide: Informatics, Internet, Computer Science and Engineering, Interdisciplinary Research, MBA, Internet aspects of Medicine, Education, Management, Law, etc. Of course, traditional Electrical and Computer Engineering, and Engineering Physics, or BioEngineering and Environment Protection, too. 7. Late payments, both for the hotel
svn commit: samba r441 - branches/SAMBA_4_0/source/rpc_server/remote
Author: tridge Date: 2004-05-02 05:10:40 + (Sun, 02 May 2004) New Revision: 441 Added: branches/SAMBA_4_0/source/rpc_server/remote/README Log: added an example of how to use the remote rpc interface WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=441nolog=1
svn commit: samba r442 - in branches/SAMBA_4_0/source/lib/ldb: common ldb_tdb tools
Author: tridge Date: 2004-05-02 05:16:15 + (Sun, 02 May 2004) New Revision: 442 Modified: branches/SAMBA_4_0/source/lib/ldb/common/util.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbmodify.c Log: fixed some uninitialised variables pointed out by gcc -O3 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/ldbrev=442nolog=1
svn commit: samba r443 - in branches/SAMBA_4_0/source: auth include libcli libcli/auth libcli/util smb_server
Author: abartlet Date: 2004-05-02 08:45:00 + (Sun, 02 May 2004) New Revision: 443 Added: branches/SAMBA_4_0/source/libcli/auth/ntlm_check.c Modified: branches/SAMBA_4_0/source/auth/auth.c branches/SAMBA_4_0/source/auth/auth.h branches/SAMBA_4_0/source/auth/auth_builtin.c branches/SAMBA_4_0/source/auth/auth_compat.c branches/SAMBA_4_0/source/auth/auth_ntlmssp.c branches/SAMBA_4_0/source/auth/auth_sam.c branches/SAMBA_4_0/source/auth/auth_util.c branches/SAMBA_4_0/source/include/smb.h branches/SAMBA_4_0/source/libcli/auth/ntlmssp.c branches/SAMBA_4_0/source/libcli/auth/ntlmssp.h branches/SAMBA_4_0/source/libcli/auth/ntlmssp_parse.c branches/SAMBA_4_0/source/libcli/auth/ntlmssp_sign.c branches/SAMBA_4_0/source/libcli/config.m4 branches/SAMBA_4_0/source/libcli/util/smbencrypt.c branches/SAMBA_4_0/source/smb_server/password.c branches/SAMBA_4_0/source/smb_server/sesssetup.c Log: Update Samba4 to the auth and NTLMSSP code from Samba3. Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=443nolog=1
svn commit: samba r444 - in branches/SAMBA_4_0/source/lib/ldb: . include tests tools
Author: tridge Date: 2004-05-02 10:06:45 + (Sun, 02 May 2004) New Revision: 444 Added: branches/SAMBA_4_0/source/lib/ldb/tools/ldbtest.c Modified: branches/SAMBA_4_0/source/lib/ldb/Makefile.ldb branches/SAMBA_4_0/source/lib/ldb/include/includes.h branches/SAMBA_4_0/source/lib/ldb/tests/init_slapd.sh branches/SAMBA_4_0/source/lib/ldb/tests/slapd.conf branches/SAMBA_4_0/source/lib/ldb/tests/start_slapd.sh branches/SAMBA_4_0/source/lib/ldb/tests/test-index.ldif branches/SAMBA_4_0/source/lib/ldb/tests/test.ldif Log: - added the beginnings of a ldb test suite and benchmark - updated the test slapd config to use bdb and indexing WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/ldbrev=444nolog=1
svn commit: samba r445 - branches/SAMBA_4_0/source/rpc_server
Author: tridge Date: 2004-05-02 10:07:25 + (Sun, 02 May 2004) New Revision: 445 Modified: branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c Log: fixed the bind_nak code WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=445nolog=1
svn commit: samba r446 - branches/SAMBA_3_0/source/libsmb
Author: vlendec Date: 2004-05-02 10:42:08 + (Sun, 02 May 2004) New Revision: 446 Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c Log: Close the open NT pipes before the tdis. Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=446nolog=1
svn commit: samba r447 - trunk/source/libsmb
Author: vlendec Date: 2004-05-02 10:42:35 + (Sun, 02 May 2004) New Revision: 447 Modified: trunk/source/libsmb/clientgen.c Log: Close the open NT pipes before the tdis. Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=447nolog=1
svn commit: samba r448 - in branches/SAMBA_4_0/source: auth param
Author: abartlet Date: 2004-05-02 11:45:01 + (Sun, 02 May 2004) New Revision: 448 Modified: branches/SAMBA_4_0/source/auth/auth.c branches/SAMBA_4_0/source/param/loadparm.c Log: Fix 'auth' in Samba4, by making 'auth methods' a normal smb.conf paramter, without special links to other variables. When we get 'server role' ideas back into Samba4, we can fix this properly. The default is: guest, sam_ignoredomain which is the expected behaviour for a stand-alone server. Andrew Bartlett WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=448nolog=1
svn commit: samba r449 - in branches/SAMBA_3_0/source: . lib modules
Author: vlendec Date: 2004-05-02 12:13:16 + (Sun, 02 May 2004) New Revision: 449 Added: branches/SAMBA_3_0/source/lib/afs_settoken.c branches/SAMBA_3_0/source/modules/vfs_afsacl.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/lib/afs.c Log: Two AFS-related things: Split off the non-crypto related parts of lib/afs.c into lib/afs_settoken.c. This makes wbinfo link without -lcrypto. Commit vfs_afsacl.c, display set AFS acls via the NT security editor. Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/sourcerev=449nolog=1
svn commit: samba r451 - in branches/SAMBA_4_0/source/libcli: auth util
Author: abartlet Date: 2004-05-02 12:42:01 + (Sun, 02 May 2004) New Revision: 451 Modified: branches/SAMBA_4_0/source/libcli/auth/ntlmssp.c branches/SAMBA_4_0/source/libcli/auth/ntlmssp.h branches/SAMBA_4_0/source/libcli/util/smbencrypt.c Log: More NTLMSSP work. The work here is trying to get the LM_KEY option for NLTMSSP operating, however until that functions properly, it is now controlled by some new smb.conf options, defaulting off. Andrew Bartlett WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/libclirev=451nolog=1
svn commit: samba r452 - branches/SAMBA_4_0/source/lib/tdb
Author: tridge Date: 2004-05-03 04:24:30 + (Mon, 03 May 2004) New Revision: 452 Modified: branches/SAMBA_4_0/source/lib/tdb/tdb.c Log: move from first-fit to best-fit in tdb record allocation. For a situation where we are continually increasing the size of a record (such as ldb index records) this reduces the resulting tdb size by a factor of over 100x, due to reductions in fragmentation. It appears to have no noticable effect on the speed in other cases. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=452nolog=1
svn commit: samba r453 - branches/SAMBA_4_0/source/lib/ldb/tests
Author: tridge Date: 2004-05-03 04:25:48 + (Mon, 03 May 2004) New Revision: 453 Modified: branches/SAMBA_4_0/source/lib/ldb/tests/test-index.ldif Log: added a comment about indexing on objectclass (its usually a bad idea) WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=453nolog=1
