Re: [Samba] Acl problems with 3.07 on solaris 9
Hi Well it works but not the way I want... ; ) I would like to have the SID for user0 to map to the UID for user0, otherwise if winbindd maps user0 SID to UID 15000 when the user has UID 512 all permissions that are set from windows are worthless when accessing the filestructure from unix with NIS permissions. If the files are moved to another fileserver same thing the mapping would also break. My NT users and groups are for legacy reasons empty and only for windows login, all permissions are managed by NIS users and groups and are set by standar file permission or acl:s. Standard user/group and rwx can be set from windows but the acls can´t. Your winnbindd instructions solves that but not in a usable way, can I solve this with some kind of static UID-SID mapping list or am I forced to use ldap or AD ? /Henrik www.sgu.se John H Terpstra [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 2004-10-01 19:19 Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject Re: [Samba] Acl problems with 3.07 on solaris 9 On Friday 01 October 2004 02:41, Henrik Beckman wrote: Hi all I get the following errors when trying to set acls, client os is NT4 and XP, server is 3.0.7 on solaris9 [2004/10/01 09:33:22, 0] smbd/posix_acls.c:create_canon_ace_lists(1385) create_canon_ace_lists: unable to map SID sid number removed by me to uid or gid. Samba is a member in a NT4 domain, all permissions is managed by unix uid/gid which are in NIS, each unix user exists in NT but no groups. (passwords are syncronized.) There is a user.map fil for those 5 user who doesn´t have the same username in unix as in the domain but those are admin accounts only. Do I have to use winbind to get the mapping to work ? [global] workgroup = DOMAIN NAME netbios name =netbios NAME server string = server name security = DOMAIN encrypt passwords = Yes This is already default behavior - no need to set it. min passwd length = 6 password server = pdc bdc This is worked out automatically - only need to specify it if you absolutely need to force samba to authenticate to a particular PDC or BDC server. username map = /usr/local/samba/lib/users.map #loglevel = 2 log file = /var/opt/samba/log/%m name resolve order = host wins bcast Suggest: name resolve order = wins bcast host time server = Yes deadtime = 10 wins server = wins1 wins2 Specifiy only one WINS server. kernel oplocks = No host msdfs = Yes invalid users = smsclitoknacct smsclisvcacct create mask = 0644 inherit acls = Yes Add: idmap uid = 15000-2 idmap gid = 15000-2 Also, you must run winbindd. I hope you have added to your /etc/nsswitch.conf file: hosts: files dns wins passwd: files winbind shadow: files winbind group: files winbind Make sure that the following work: wbinfo -u wbinfo -g getent passwd getent group Samba is compiled with acl support. ACL are used in the ufs filesystem and works. This is slowly driving me insane. http://www.samba.org/samba/docs/Samba-Guide.pdf See chapter 9. It's all explained there. If it is not clear and I have failed to cover your needs please let me know so I can update the documentation. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: 3.0.8pre1, encoding problem?
Dmitry Melekhov wrote: Hello! I just wanted to migrate one of our 3.0.2a servers to 3.0.8pre1 and found that all is OK win WinXP, but there is problem with WinMe. OK. I found that I created wrong spec, so my rpm doesn't contain *.dat (lowcase.dat , etc). All is OK now. Thank you! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Pointprint problem: printer names show the ip, not the server name.
I had the same issues after upgrading and recieved messages that it is a bug with samba versions 3.0.6 and 3.0.7 [EMAIL PROTECTED] wrote: Hello, i have this strange problem with printing and server naming after upgrading a server from RH9 (running Samba 3.0.3 ) to Fedora Core 1 (3.0.7-2.FC1). Everything was working before the upgrade, but i immediately started noticing some peculiarities after restoring the samba files (/etc/samba, /var/cache/samba) and starting samba. The problem manifests by the following: - when i double click on a workstation printer created using pointprint, the header of the window shows the ip number of the server instead of the server name. The printer description on the local printersfaxes folder is right, though: ex: laser on jimmy. - creating a new printer using pointprint, the new printer gets a description as laser on 192.168.2.19 (using the ip number, not the server name). - If i am not validated on the domain, but just login to the server, accessing the shared printers directly asks me again for the username and password, and if i use the net use command, i notice that i am mapped to both \\server\ipc$ and \\192.168.2.19\ipc$ In all cases, pointprint seems to be messed up to the point it can't install new printer drivers unless the drivers are already installed locally. Since i changed the dns domain name of the server, i first looked at the possibility of a dns configuration problem, but after looking everywhere i am stumped. Any ideas? A portion of my smb.conf: [global] workgroup = WORKGROUP server string = JIMMY File Server passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = netlogon.bat logon path = \\%L\%U\profile logon drive = u: domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No wins support = Yes printer admin = @ntadmin hosts allow = 192.168.2., 1.0.0., 127. cups options = raw [printers] comment = All Printers path = /var/spool/samba create mask = 0600 guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /etc/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 guest ok = Yes Thanks in advance, Pedro -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba v3 and mount -t smbfs ignores UID/GID
hi all, i try to mount a samba v3 share from a client with mount -t smbfs //server/share /mnt -ousername=user,uid=0 but the mounted directory doesn´t set the uid of /mnt/* to 0 and leaves it to the uid of user Have you tried to disable unix extensions in smb.conf (https://bugzilla.samba.org/show_bug.cgi?id=999)? this problem ,occurs with libsmbclient-3.0.4-1.27 and samba 3.0.x (from SuSE 9.1) it doesn´t occur with libsmbclient3-2.99_3.0.0rc3-18 (from SuSE 9.0) and samba 3.0.x Have you testet this under SuSE 9.0 or 9.1? I have the same or a similar problem and did not have any success with older smb clients and SuSE 9.1 (http://lists.samba.org/archive/samba/2004-October/093862.html) - seems to be a problem with kernel 2.6. so i think the prob is on side of the client Best regards, Manuel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cant fetch on Window network due to special characters in filename.
Hi All, I am new to this group :) . Please accept my warm regards! While I am trying to access files on Windows share that contains special names the smbclient fails up as shown below: Lets say the filename is Bryan Adams - Let's Make a Night to Remember.mp3 I get following error: Domain=[MYDOMAIN] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] NT_STATUS_OBJECT_NAME_NOT_FOUND opening remote file \\bryan adams\Bryan Adams - Lets How do I take care of this problem? Thanks -RK -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Pointprint problem: printer names show the ip, not the server name.
Ok, if that is the case can anyone confirm if we can downgrade to 3.0.5 without worring with tdb database format changes? Regards, Pedro On 7 Oct 2004 at 4:36, Ryan Suarez wrote: I had the same issues after upgrading and recieved messages that it is a bug with samba versions 3.0.6 and 3.0.7 [EMAIL PROTECTED] wrote: Hello, i have this strange problem with printing and server naming after upgrading a server from RH9 (running Samba 3.0.3 ) to Fedora Core 1 (3.0.7-2.FC1). Everything was working before the upgrade, but i immediately started noticing some peculiarities after restoring the samba files (/etc/samba, /var/cache/samba) and starting samba. The problem manifests by the following: - when i double click on a workstation printer created using pointprint, the header of the window shows the ip number of the server instead of the server name. The printer description on the local printersfaxes folder is right, though: ex: laser on jimmy. - creating a new printer using pointprint, the new printer gets a description as laser on 192.168.2.19 (using the ip number, not the server name). - If i am not validated on the domain, but just login to the server, accessing the shared printers directly asks me again for the username and password, and if i use the net use command, i notice that i am mapped to both \\server\ipc$ and \\192.168.2.19\ipc$ In all cases, pointprint seems to be messed up to the point it can't install new printer drivers unless the drivers are already installed locally. Since i changed the dns domain name of the server, i first looked at the possibility of a dns configuration problem, but after looking everywhere i am stumped. Any ideas? A portion of my smb.conf: [global] workgroup = WORKGROUP server string = JIMMY File Server passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = netlogon.bat logon path = \\%L\%U\profile logon drive = u: domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No wins support = Yes printer admin = @ntadmin hosts allow = 192.168.2., 1.0.0., 127. cups options = raw [printers] comment = All Printers path = /var/spool/samba create mask = 0600 guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /etc/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 guest ok = Yes Thanks in advance, Pedro -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Cant fetch on Window network due to special characters infilename.
Subject: [Samba] Cant fetch on Window network due to special characters infilename. Hi All, I am new to this group :) . Please accept my warm regards! While I am trying to access files on Windows share that contains special names the smbclient fails up as shown below: Lets say the filename is Bryan Adams - Let's Make a Night to Remember.mp3 I get following error: Domain=[MYDOMAIN] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] NT_STATUS_OBJECT_NAME_NOT_FOUND opening remote file \\bryan adams\Bryan Adams - Lets How do I take care of this problem? Mount the fileshare using mount -t cifs etc... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant fetch on Window network due to special characters infilename.
Russell Packer wrote: Subject: [Samba] Cant fetch on Window network due to special adams\Bryan Adams - Lets How do I take care of this problem? Mount the fileshare using mount -t cifs etc... Thanks for the reply, but I was wondering if its outright possible in smbclient. I am using it in some scripts and hence I have dependency on smbclient. If possible please tell me the substitute for smbclient or any other alternative. JFYI, mount with cifs is not a possible alternative for me. Thanks -RK -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Find who deleted a folder
Hello We are using samba. Somebody in our company deleted two days ago a folder called 995 Is it possible with samba to check who did this? Thank you very mucn, Bart Hendrix -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb_proc_readdir_long error
Hi guys, Sorry to bug you with this. Does anyone have any idea what this error below means ? Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za - Original Message - From: David Wilson To: [EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 1:15 PM Subject: smb_proc_readdir_long error Hi guys/girls, How are you ? I'm running Linux 2.4.22 SMP with Samba-3.0.4 and pick up the following message in my syslog when accessing a mounted NT4 share: kernel: smb_proc_readdir_long: name=\OLAP Services\Data\GreatPlains\*, result=-13, rcls=1, err=5 Any ideas what this is ? Your assistance is greatly appreciated. Many thanks. Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] account is not autorized to connect from this station.
Hi all, (i'am beginner) i have samba 3.0.7 and ldap 2.1.30-3 installed on linux debian sarge My users account are stored in ldap (ou=people,dc=alsace,dc=iufm,dc=fr) I used idealx smbldaptools .0.8.5 to : - populate LDAP (account administrator is created, id administrator gives uid=0(Administrator) gid=512(Domain Admins) groupes=512(Domain Admins) - add my machine accoun (named i-dp-test) by : smbldap-useradd -w i-dp-test - created some user accounts by : smbldap-useradd -a -m -c Pat DUBAU pat For tests i did : - pdbvedit -Vl : lists all my users/computers with samba attributes. So OK - smbclient -L FS1 : prompts me a password, i give the *root's* password then i get : Domain=[DOMI] OS=[Unix] Server=[Samba 3.0.7-Debian] Sharename Type Comment - --- commun Disk commun aux profs et _tudiants compta Disk fichiers du service comptable prothee Disk acc__ prothee netlogonDisk Network Logon Service IPC$IPC IPC Service (Samba 3.0.7-Debian) ADMIN$ IPC IPC Service (Samba 3.0.7-Debian) Domain=[DOMI] OS=[Unix] Server=[Samba 3.0.7-Debian] Server Comment ---- FS1 Samba 3.0.7-Debian WorkgroupMaster ---- DOMI FS1 INFORMATIQUE I_AM MSHOME I_NN WORKGROUPI-ADMRESEAU My problem : when i change the workgroup to domain DOMI on workstation i-dp-test, i'm prompted for user and password, i give *administrator *and his password, but i get the errror message : The following error occured while attempting to join domain IDOM The account is not autorized to connect from this station. Note : The machine is windows XP Sp1 I'm looking for a few days now about that problem, but i can't find out what's wrong. Thank you for any help *Here my smn.conf file : *[global] netbios name = FS1 workgroup = DOMI security = user encrypt passwords = no admin users= @Domain Admins interfaces=192.168.251.8 domain logons = Yes os level = 35 preferred master = Yes domain master = Yes log file = /var/log/samba/%m.log log level = 3 max log size = 5000 add machine script = /usr/local/sbin/smbldap-useradd -w %u add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u #add user script = /usr/local/sbin/smbldap-useradd -m %u #add machine script = /usr/local/sbin/smbldap-useradd -w %u #add group script = /usr/local/sbin/smbldap-groupadd -p %g #add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g #delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g #set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u #delete user script = /usr/local/sbin/smbldap-userdel %u #delete group script = /usr/local/sbin/smbldap-groupdel %g obey pam restrictions = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ldap suffix = dc=alsace,dc=iufm,dc=fr ldap admin dn = cn=admin,dc=alsace,dc=iufm,dc=fr ldap ssl=no ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups #ldap idmap suffix = ou=Users ldap passwd sync = Yes #*** ldap passwd sync = Yes [commun] comment = commun aux profs et étudiants volume = commun path = /home/samba/commun guest ok=yes read only = no writeable = yes [compta] comment = fichiers du service comptable path = /home/samba/fichiers/compta public = yes writeable = yes read only = no create mask = 0750 valid users = @compta [prothee] comment = accès à prothee path=/home/samba/prothee public = yes writeable = yes read only = no create mask = 0750 valid users = prothee [netlogon] path = /home/samba/netlogon browseable = no read only = yes *Here's me slapd.conf file : * # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile/var/run/slapd.args # Read slapd.conf(5) for possible values loglevel256 # Create a replication log in /var/lib/ldap for use by slurpd. replogfile /var/log/ldap.log # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_ldbm ### # Specific Backend Directives for ldbm: # Backend specific directives apply to this
[Samba] smb.conf not in sysconfdir? [samba-3.0.1pre1]
Hie Vincent Did you finally get assistance with the peoblem with samba. I am also getting this error Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/10/07 11:53:39, 0] param/params.c:OpenConfFile(532) params.c:OpenConfFile() - Unable to open configuration file /usr/lib/smb.conf: No such file or directory [2004/10/07 11:56:09, 0] smbd/server.c:main(757) smbd version 3.0.5 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/10/07 11:56:09, 0] param/params.c:OpenConfFile(532) params.c:OpenConfFile() - Unable to open configuration file /usr/lib/smb.conf: No such file or directory please help if you have found the answer to this problem.. regards Gibson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust between two samba
Hi, it is my project in the school, I need to create this trust between two domains. My smb.conf are follow: In servera: [global] workgroup = DOMAINA netbios name = SERVERA security = DOMAIN encrypt passwords = yes local master = yes domain logons = yes os level = 33 domain master = yes preferred master = yes dns proxy = no log level = 3 allow trusted domains = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes serverb [global] workgroup = DOMAINB netbios name = SERVERB security = DOMAIN encrypt passwords = yes local master = yes domain logons = yes os level = 33 domain master = yes preferred master = yes dns proxy = no log level = 3 allow trusted domains = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes IPaddresses are: servera 192.168.100.10 serverb 192.168.100.11 If can someone help my, I will be very happy. Thank you. Best regards Citace z emailu od rruegner [EMAIL PROTECTED]: opk Bronislav schrieb: I have a problem with Samba: I want to make trust between two Samba domains. I have setup the trust on the DOMAINB server then on the Samba DOMAINA server net rpc trustdom establish DOMAINB I then get the following: Password: [entered password] Could not connect to server SERVERB[this is the PDC for the DOMAINB domain] Trust to domain DOMAINB established When I then try to logon to the DOMAINB domain from XP computers in DOMAINA domain, I always get a fail with bad password. Please can someone help me. Sopik Brona hi, this normally is a network problem for establish the trust a good connection and wins browsing must work but there may be also some other issues which bug your trust, what are the log talking of? Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Licensed Office Application. Licensed Operating System. Other Licensed Application. 374 (samba@lists.samba.org)
http://vOvhBM.jlfbkmne.info/?VEXuXGpz.twOHpVTIldkv -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Automated reply from nchauveteau@www.coteimmobilier.fr
Merci de votre message, nous vous répondrons dans les meilleurs délais COTE IMMOBILIER, ANGERS Thank you for your email. I will reply to you as soon as possible. COTE IMMOBILIER, ANGERS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
AW: [Samba] Find who deleted a folder
Hi, the possibility to do that, depends on the log-level in the smb.conf -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Bart Hendrix Gesendet: Donnerstag, 7. Oktober 2004 11:21 An: [EMAIL PROTECTED] Betreff: [Samba] Find who deleted a folder Hello We are using samba. Somebody in our company deleted two days ago a folder called 995 Is it possible with samba to check who did this? Thank you very mucn, Bart Hendrix -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba - smbfs - problème d'accent
Bonjour, Je réalise un montage samba entre un serveur linux et un client Windows 2000. Je constate des problèmes d'accents. Un fichier est créé sur windows avec ds accents, linux perd les accents et vice versa. ex1 fichier bé.txt créé sous linux, devient bU.txt le U majuscule comportant un accent aigu. ex2 fichiers jà.txt et bè.txt créés sous windows deviennent j?.txt et b?.txt. La comande de montage est la suivante : mount -t smbfs -o username=tomcat,password=tomcat,rw,uid=tomcat,gid=tomcat,codepage=cp850,iocharset=iso8859-15,nls=cp850 //10.202.54.65/partage /export/home/cerit/exploit/ronce/partage J'ai ajouté les options iocharset, codepage et nls, après recherche sur internet sur des problèmes similaires. Mais ça ne marche pas. Ma version de samba est la Version 3.0.0-14.3E. (smbd -V) Ma version de linux 2.4.21-4.EL (uname -a) Pourriez-vous m'aider ? Merci d'avance. -- Christelle Ronce Administrateur des systèmes Département Exploitation mèl : [EMAIL PROTECTED] Tél.: 05 61 28 94 24 mèl du pôle système : SYSTEME EXPLOIT CERIT [EMAIL PROTECTED] Ministère de l'Agriculture, de l'Alimentation, de la Pêche et des Affaires Rurales D.G.A./S.D.S.I./C.E.R.I.T. BP 68 31326 Castanet-Tolosan CEDEX Tél.: 05 61 28 92 00 Fax : 05 61 28 92 82 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb.conf not in sysconfdir? [samba-3.0.1pre1]
Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/10/07 11:53:39, 0] param/params.c:OpenConfFile(532) params.c:OpenConfFile() - Unable to open configuration file /usr/lib/smb.conf: This sounds like a bad ./configure option. When we configure it with --prefix=/opt/samba smb.conf shows up in /opt/samba/lib/smb.conf. Would you post your configure line? -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] account is not autorized to connect from this station.
obey pam restrictions = Yes I don't know how samba deals with this line, since it has it's own parameter for workstation in the LDAP schema, but with straight UNIX you can't log in on any machine that isn't listed under the 'host' attribute. Try removing this line. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows small buisness server and SMB
now im pretty sure ive been told that windows small buisness server 2003 cannot be a member of a domain without needing to be the PDC is this true. i cannot find where i read this so i was hoping one of you may be able to confirm this either way. thanks for your help snip so should be able to add it to the smb domain but you cant use all funktions SBS is designed to be *THE* server, I think it includes SQL server as well for the full trifecta. You can't add a DC to a SBS controlled domain and you can't have it as the member of another domain. Maybe you can add a trust to your smb domain, but that seems doubtful as well since the box is supposed to be your one stop shop for Windows service setup. That of course makes it kind of hard to do a backup machine, but I guess if you've got the money for two machines you've got the money for two full Win Server licenses and CALs I guess. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + ldap pdc and SUS
Has anyone of you guys ever tried a setup like this? Yes. Use NT policy editor. I have attached the policy file I use for SUS updates. Which was unfortunately stripped. Was this just the one that I posted to the list a while back? I really should put my collection of these up somewhere... Please do :-D -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + ldap pdc and SUS
And on the subject of SUS, am I right in thinking it doesn't need CALs for the host server for each client ? Ie, a base server with 5 cals would be enough to run it on. Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Fw: Re: [Samba] Cant fetch on Window network due to special characters in filename.
.[ R K wrote ] | | | Hi All, | | I am new to this group :) . Please accept my warm regards! | | While I am trying to access files on Windows share that contains special | names the smbclient fails up as shown below: | | Lets say the filename is Bryan Adams - Let's Make a Night to | Remember.mp3 | | I get following error: | | Domain=[MYDOMAIN] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] | | NT_STATUS_OBJECT_NAME_NOT_FOUND opening remote file \\bryan adams\Bryan | Adams - Lets | | How do I take care of this problem? Put quotes around the file name. That should take care of it. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Fw: Re: [Samba] windows small buisness server and SMB
.[ Shaun Feeley wrote ] | | | hi guys, | SNIP | | now im pretty sure ive been told that windows small buisness server 2003 | cannot be a member of a domain without needing to be the PDC is this | true. i cannot find where i read this so i was hoping one of you may be | able to confirm this either way. | | thanks for your help | | That is true. We ran into the same problem. However, you can turn off that functionality. And then join it to a Samba domain without a problem. I don't know what effect that would have on Exchange running on the Small Business server as we are only using it for a MSSQL/application server. Unfortunalely it was one of my windows admins that turned off that feature that requires it to be a PDC and he's since left the company and I don't know how to do it. But it definately can be done. I think it was had to be done through a commandline command and not through a gui of any kind. -- Paul Espinosa [EMAIL PROTECTED] IT Supervisor The World Company 785/312-6912 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] account is not autorized to connect from this station.
In the mean time i found by myself. The error is in the smb.conf file. I changed encrypt passwords = no to encrypt passwords = yes. and now it works!! :-) Hope that could help someone else. Hi all, (i'am beginner) i have samba 3.0.7 and ldap 2.1.30-3 installed on linux debian sarge My users account are stored in ldap (ou=people,dc=alsace,dc=iufm,dc=fr) I used idealx smbldaptools .0.8.5 to : - populate LDAP (account administrator is created, id administrator gives uid=0(Administrator) gid=512(Domain Admins) groupes=512(Domain Admins) - add my machine accoun (named i-dp-test) by : smbldap-useradd -w i-dp-test - created some user accounts by : smbldap-useradd -a -m -c Pat DUBAU pat For tests i did : - pdbvedit -Vl : lists all my users/computers with samba attributes. So OK - smbclient -L FS1 : prompts me a password, i give the *root's* password then i get : Domain=[DOMI] OS=[Unix] Server=[Samba 3.0.7-Debian] Sharename Type Comment - --- commun Disk commun aux profs et _tudiants compta Disk fichiers du service comptable prothee Disk acc__ prothee netlogonDisk Network Logon Service IPC$IPC IPC Service (Samba 3.0.7-Debian) ADMIN$ IPC IPC Service (Samba 3.0.7-Debian) Domain=[DOMI] OS=[Unix] Server=[Samba 3.0.7-Debian] Server Comment ---- FS1 Samba 3.0.7-Debian WorkgroupMaster ---- DOMI FS1 INFORMATIQUE I_AM MSHOME I_NN WORKGROUPI-ADMRESEAU My problem : when i change the workgroup to domain DOMI on workstation i-dp-test, i'm prompted for user and password, i give *administrator *and his password, but i get the errror message :The following error occured while attempting to join domain IDOM The account is not autorized to connect from this station. Note : The machine is windows XP Sp1 I'm looking for a few days now about that problem, but i can't find out what's wrong. Thank you for any help *Here my smn.conf file : *[global] netbios name = FS1 workgroup = DOMI security = user encrypt passwords = no admin users= @Domain Admins interfaces=192.168.251.8 domain logons = Yes os level = 35 preferred master = Yes domain master = Yes log file = /var/log/samba/%m.log log level = 3 max log size = 5000 add machine script = /usr/local/sbin/smbldap-useradd -w %u add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u #add user script = /usr/local/sbin/smbldap-useradd -m %u #add machine script = /usr/local/sbin/smbldap-useradd -w %u #add group script = /usr/local/sbin/smbldap-groupadd -p %g #add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g #delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g #set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u #delete user script = /usr/local/sbin/smbldap-userdel %u #delete group script = /usr/local/sbin/smbldap-groupdel %g obey pam restrictions = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ldap suffix = dc=alsace,dc=iufm,dc=fr ldap admin dn = cn=admin,dc=alsace,dc=iufm,dc=fr ldap ssl=no ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups #ldap idmap suffix = ou=Users ldap passwd sync = Yes #*** ldap passwd sync = Yes [commun] comment = commun aux profs et étudiants volume = commun path = /home/samba/commun guest ok=yes read only = no writeable = yes [compta] comment = fichiers du service comptable path = /home/samba/fichiers/compta public = yes writeable = yes read only = no create mask = 0750 valid users = @compta [prothee] comment = accès à prothee path=/home/samba/prothee public = yes writeable = yes read only = no create mask = 0750 valid users = prothee [netlogon] path = /home/samba/netlogon browseable = no read only = yes *Here's me slapd.conf file : * # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile/var/run/slapd.args # Read slapd.conf(5) for possible values loglevel256 # Create a replication log in /var/lib/ldap for use by slurpd. replogfile /var/log/ldap.log # Where the dynamically loaded modules are stored modulepath
Re: [Samba] Trust between two samba
Are you using the same WINS server on both Samba configurations? Regards, Gustavo - Original Message - From: Doug Curtis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 12:43 PM Subject: Re: [Samba] Trust between two samba opk Bronislav wrote: I have a problem with Samba: I want to make trust between two Samba domains. I have setup the trust on the DOMAINB server then on the Samba DOMAINA server net rpc trustdom establish DOMAINB I then get the following: Password: [entered password] Could not connect to server SERVERB[this is the PDC for the DOMAINB domain] Trust to domain DOMAINB established When I then try to logon to the DOMAINB domain from XP computers in DOMAINA domain, I always get a fail with bad password. Please can someone help me. Sopik Brona I wish I could offer something to try but I am obviously doing something wrong too because I have the same exact problem. I've checked faqs and mailings lists and even had other people email directly to see if I ever fixed it. So, just in case no one else replies, I just wanted to let you know you're not the only one with this problem. Thanks, Doug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Switch profile from local to roaming?
On Wednesday 29 September 2004 13:08, Paul Gienger wrote: doesn't do the smart thing and copy the user's local profile to roaming -- it That would actually be a very *dumb* thing to do. Actually I verified that this does in fact happen. When I first tried doing this, I had not created the directory on the server where the profile would be stored (I had created /data/profiles but not /data/profiles/mytestuser). Windows XP freaked out and said it couldn't make a roaming profile and proceeded to make a local profile based on Default User. Now here is where I got really confused and didn't understand what the problem was. I jumped through all kinds of hoops getting it to copy the local profile onto the server, etc. It never worked, even with the File and Settings Wizard. Finally, I got frustrated. I deleted both the user's profile on the server, and the user's local profile that had been created based on Default User. I left the user's original non-domain profile. Then I logged in as the user to the domain, and damn if it didn't copy the user's profile straight to the server just like I had expected it to do in the first place. The moral of the story is that Windows seems to assume you are the same user if you are logging into the local system only, or to the domain. I have no idea what the behavior would be if you had _only_ a domain account and not a local machine account. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] filename mapping
Using samba.2.2.5 I have a problem with Windows-Unix filename mapping. On Unix the file is named: ?,???.HTM On Windows it is displayed as ~N#.HTM However, when I try to delete the file I get a file not found failure. It appears that the mapping may not be symetric. I will be moving the service to 3.0.7 in a couple of months so I am not too worried if this problem is not also in 3.0.7. Phil. --- Phil Chambers ([EMAIL PROTECTED]) University of Exeter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [ANNOUNCE] New Samba Console Project
Hi list(s), Just to let you know, we've started a new project for developping a complete web Samba Console. First release is focused on managing user accounts and having a solid, extensible, console platform (IMC), making it possible to reuse existing webmin modules. The project is hosted at http://www.idealx.org/prj/imc where you can get a tarball or access my arch/tla archive. Hackers wanted ! -- David Barth| Le 19 octobre dès 9h00 au Bristol, Responsable du Département | présentation des enjeux de l'indus Infrastructure Réseau| trialisation Open Source, par IDC Tél +33 (0) 1 44 42 00 00 | IDEALX et Novell. Inscription: http://www.idealx.com/resources/seminars.fr.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust between two samba
Gustavo Lima wrote: Are you using the same WINS server on both Samba configurations? Regards, Gustavo In my case, I am. The domain server for the trusted domain is the WINS server. Thanks, Doug - Original Message - From: Doug Curtis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 12:43 PM Subject: Re: [Samba] Trust between two samba opk Bronislav wrote: I have a problem with Samba: I want to make trust between two Samba domains. I have setup the trust on the DOMAINB server then on the Samba DOMAINA server net rpc trustdom establish DOMAINB I then get the following: Password: [entered password] Could not connect to server SERVERB[this is the PDC for the DOMAINB domain] Trust to domain DOMAINB established When I then try to logon to the DOMAINB domain from XP computers in DOMAINA domain, I always get a fail with bad password. Please can someone help me. Sopik Brona I wish I could offer something to try but I am obviously doing something wrong too because I have the same exact problem. I've checked faqs and mailings lists and even had other people email directly to see if I ever fixed it. So, just in case no one else replies, I just wanted to let you know you're not the only one with this problem. Thanks, Doug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Find who deleted a folder
I have a system where all files deleted go to a trash bin. Files in the trash bins are deleted daily, based on age, by a cron script. http://mandrake.vmlinuz.ca/bin/view/Main/SambaThreeDomainController#Recycle_Bins_for_Your_Shares You could always do something like make the recycle bin a hidden share etc. We are using samba. Somebody in our company deleted two days ago a folder called 995 Is it possible with samba to check who did this? Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] filename mapping
Subject: [Samba] filename mapping Using samba.2.2.5 I have a problem with Windows-Unix filename mapping. On Unix the file is named: ?,???.HTM On Windows it is displayed as ~N#.HTM However, when I try to delete the file I get a file not found failure. It appears that the mapping may not be symetric. I will be moving the service to 3.0.7 in a couple of months so I am not too worried if this problem is not also in 3.0.7. Phil. I sorted my filename issues out by mounting shares with mount -t cifs... instead of smbmount. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] tdb_mmap problem with Samba 3.07 on Solaris 5.9
I just compiled Samba 3.07 on a Solaris 5.9 machine. Samba is configured to be a PDC (with a smb.conf running well on another System) And now when starting the smbd I'm getting many failure notices like the following: tdb(/usr/local/samba/var/locks/sessionid.tdb): tdb_mmap failed for size 696 (Resource temporarily unavailable) tdb(/usr/local/samba/var/locks/connections.tdb): tdb_mmap failed for size 696 (Resource temporarily unavailable) tdb(/usr/local/samba/var/locks/brlock.tdb): tdb_mmap failed for size 696 (Resource temporarily unavailable) and after trying to connect with a machine to the domain Samba crashes with the following message: yield_connection: tdb_delete for name failed with error Record does not exist. Server exit (Caught TERM signal) Has anybody an idea? Tried to delete the *tdb files but that didn't help. Greets, Christoph. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Shared printer stops printing after first page
Hello, I have an HP 5650 printer attached to a Debian (testing) Linux box over USB in a small office. Three Windows XP machines share the printer on the Linux box which is controlled by CUPS and exported via a Samba share. Recently, the DeskJet began to only print out one page of multi-page documents. This seems to have occured around the time I upgraded to Samba 3.0.7. I encountered the sendfile hangs Windows client problem, and have use sendfile = no in my smb.conf, so I do not believe that is the problem. Please CC as I am not subscribed. Thank you, -Lucas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-to-Samba connection problems
Hey list, I'm still having some issues getting 2 Fedora machines running Samba 3.0.7 to stay connected for any length of time. My setup looks like this: 1 of the systems is set up as a Samba Server as the main fileserver. I have some Windows XP machines connecting to it just fine, nice and fast. However, I also have some FC2 systems that connect to it using the smbfs filesystem, and while they work initially after booting up, any amount of browsing through Nautilus or trying to run some programs off of the network will cause the system to hang. Not lock up, as I can force close windows, but the system will not respond to anything else. It definitely appears to be an issue with Samba however, and primarily when connecting from another FC2 system. Also, if the client system does hang while browsing the share, if I open a terminal window and try to do anything, I will sometimes get an error like this: error: failed to stat: /mnt: Input/output error Now, I'm thinking that this is only happening on the new version of Samba, 3.0.7-2.FC2 or 3.0.7-2.FC1. I noticed this started to happen around Sep 15th, after a system auto-updated to the newest version. Shortly after, other FC and FC2 boxes started having connection troubles. So, to test this, I set up a new system and didn't update samba on it. Sure enough, works perfectly, no hang ups. Ok, so I'll try the newest version directly from samba.org, 3.0.7-1 on the server. Hangs up within a minute of browsing on that one, same as the 3.0.7-2.FC2 release. Unfortunately, these are production boxes and I can't really wipe them out and reinstall to get the older version back. So, this really seems to be a bug in the most recent release of Samba. I've tried multiple, freshly installed servers and clients now, and can always reproduce this error. It's making things very difficult for us as well, as we have multiple servers that communicate via Samba that suddenly aren't working after they update. Luckily, Windows boxes are not affected by this and are connecting to Samba machines just fine. So, has anyone else experienced this, or know of any potential workarounds? I can post smb.conf files if need be, although I'm using pretty much all defaults and am just setting up simple shares. This setup has been working now for over a year without a hitch. Just to get things working on some critical boxes, I've had to set up NFS shares just to keep the connection alive, as using Samba it freeze up and lose the connection within a matter of hours. Any ideas? Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba + ldap pdc and SUS
On Wed, 2004-10-06 at 21:05, Andrew Bartlett wrote: On Wed, 2004-10-06 at 21:28, Kristyan Osborne wrote: Has anyone of you guys ever tried a setup like this? Yes. Use NT policy editor. I have attached the policy file I use for SUS updates. Which was unfortunately stripped. Was this just the one that I posted to the list a while back? I really should put my collection of these up somewhere... --- I would love to see them Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Question regarding Address resolution
Guys, I am having trouble with my samba logs registering IP address instead of the hostname from where the clients connect from. So any ideas to fix this would be helpful. Sheikji Nazirudeen IT Analyst Syracuse University 315-443-1207 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Net Use disconnect failure
I'm having the same problem disconnecting from a share. Did you find a resolution? If so, could you please let me know? Thanks, Armando -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Compiling Samba 3.0.7 on AIX
I am getting the following errors, when I attempt to compile Samba 3.0.7 on AIX 5.1: Compiling nsswitch/winbind_nss_aix.c with -O2 nsswitch/winbind_nss_aix.c: In function `wb_aix_init': nsswitch/winbind_nss_aix.c:980: structure has no member named `method_version' nsswitch/winbind_nss_aix.c:980: `SECMETHOD_VERSION_520' undeclared (first use in this function) nsswitch/winbind_nss_aix.c:980: (Each undeclared identifier is reported only once nsswitch/winbind_nss_aix.c:980: for each function it appears in.) make: 1254-004 The error code from the last command is 1. Stop. Does anyone have any ideas on how I can get around this error. *** The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error, please notify the sender by return e-mail, delete this e-mail, and refrain from any disclosure or action based on the information. *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba printing idea... really cool
Envinronment: Samba PDC w/LDAP backend XP Pro clients. OK, so here is my idea: The ESP PrintPro drivers are free native windows CUPS network drivers that facilitate all the cool wackiness and printer control that users are used to. So what if we just use Samba to distribute them? Then everything is native CUPS and users still get point and print. :-) Is this feasible? Am I way off base here? Of course an alternative is to just drop a link on each users desktop that points at a share where the PrintPro drivers are kept and a doc on how to use them, but I much prefer point and print. Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.7: username map doesn't work with security=ADS
I've got a samba 3 box that's part of an AD domain. It works correctly for most users; but there was a problem where certain users couldn't connect. We'd get a log message that looks like this: Username SAMPLE.COM\pcuser is invalid on this system It turns out that the users who could not connect are those who have a different unix username then their AD username. Even though I have a username map file set up, samba didn't seem to be using it. This bug appeared somewhere between 3.0.2a and 3.0.6. When we were on 3.0.2a, the username map worked. I looked at the code, and found a problem in smbd/sesssetup.c: reply_spnego_kerberos() calls map_username() with DOMAIN\username but map_username() expects the username without the domain. So, as a workaround, I could change my usermap file to include the domain with the usernames; e.g., unixuser = pcuser SAMPLE.COM\pcuser but that's kind of clunky. So instead I modified sessetup.c as shown in the attached patch. --- sesssetup.c.dist2004-07-08 12:06:10.0 -0500 +++ sesssetup.c 2004-10-07 12:41:35.643671676 -0500 @@ -153,7 +153,7 @@ DATA_BLOB session_key = data_blob(NULL, 0); uint8 tok_id[2]; DATA_BLOB nullblob = data_blob(NULL, 0); - fstring real_username; + fstring real_username, mapped_client; ZERO_STRUCT(ticket); ZERO_STRUCT(auth_data); @@ -238,12 +238,13 @@ } } - asprintf(user, %s%c%s, domain, *lp_winbind_separator(), client); + fstrcpy(mapped_client, client); + map_username(mapped_client); + + asprintf(user, %s%c%s, domain, *lp_winbind_separator(), mapped_client); /* lookup the passwd struct, create a new user if necessary */ - map_username( user ); - pw = smb_getpwnam( user, real_username, True ); if (!pw) { PGP.sig Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Can join domain; can't logon
An update: I managed to get a domain entry added to my LDAP directory. Still got the same error. Googled for it; found out that I had to put my machine trust accounts in ou=people instead of ou=machines. Did so. Still get the same message from Windows: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. From Samba, it's the same old thing: get_md4pw: Workstation GUINEA-PIG$: no account in domain What the heck does this mean? How can I fix it? Does Samba just hate me? I've attached the section of the smbd log that appears to pertain to the immediate problem. Any insights you can offer would be greatly appreciated. Thank you. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 On Tue, 5 Oct 2004, Chris St. Pierre wrote: I did verify that the account exists in LDAP. To prove it: # ldapsearch -b o=nebrwesleyan.edu,o=isp ((uid=GUINEA-PIG$)(objectClass=sambaSamAccount)) uid=guinea-pig$,ou=machines,o=nebrwesleyan.edu,o=isp [...snip...] And moreover: # getent passwd guinea-pig$ guinea-pig$:x:1001:1000:guinea-pig$:/dev/null:/bin/false I am not running ncsd. The samba machine has a decidedly out-of-sync system clock, but I haven't bothered with it since it's only a test box. However! Here's the smbd log: [2004/10/05 16:24:17, 1] lib/smbldap.c:add_new_domain_info(1289) failed to add domain dn= sambaDomainName=NWU_TEST,o=nebrwesleyan.edu,o=isp with: Object class violation [2004/10/05 16:24:17, 0] lib/smbldap.c:smbldap_search_domain_info(1338) Adding domain info for NWU_TEST failed with NT_STATUS_UNSUCCESSFUL [2004/10/05 16:24:20, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261) get_md4pw: Workstation GUINEA-PIG$: no account in domain [2004/10/05 16:24:20, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261) get_md4pw: Workstation GUINEA-PIG$: no account in domain Which alerts me to the fact that it's the creation of the domain in LDAP that's causing problems. I properly installed the 3.0.7 schema -- as is evidenced by other things working -- but this is giving me an object class violation. I cranked the log level up to 10, but it didn't give me much more information that was readily useful to me; the full 157K log is available, though, if you want it. Any ideas? Or, if anyone has a typical LDAP domain entry I can look at, I can add it by hand and get more info from it. Thanks. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 On Tue, 5 Oct 2004, Igor Belyi wrote: Chris St. Pierre wrote: I had a problem similar to my current one a week or so ago, and I was encouraged to upgrade from Samba 2.2.9 to 3.0.7, which I did. Now that I've completed that nightmare, the problem I initially set out to fix is still there, just different. Namely: I am trying to set up Samba 3.0.7 on a SuSE 9.1 box as an LDAP PDC whose only job will be authentication. Our LDAP server is on a separate box. I can join the domain just fine, but when I try to login via Windows, I get the following error: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. I suspected that neither of these were the case, as I created the account with idealx's smbldap-tools. I verified that the account is there with ldapsearch. Last time I had this problem, Samba wasn't even communicating with LDAP, but this time it is. When I try to login, here's what the LDAP logs show: smbldap-tools create posixAccounts in case you use NSS LDAP support. You should verify that it's there with 'getent passwd GUINEA-PIG$'. If not - you probably use passwd or shadow in which case you need to use adduser to to the job. Besides posixAccount you should also have Samba account as well. You should look at what was responses to the LDAP requests by looking at the SEARCH RESULT lines with the same 'conn=' and 'op='. I would guess that response was 'nentries=0' And it has nothing to do with some optional attributes being empty - just with the fact that there's no such entry with 'objectClass=sambaSamAccount'. It can also be a problem of nscd if you have one. Your LDAP requests are at 10:03 and your nmbd log extract is for 11:14 which means LDAP requests were done long before Samba requests unless there's a timezone issue between the machines or that their clocks are really scrude up. I would also recommend to post smbd log instead of nmbd since its smbd which interacts with LDAP. Igor [05/Oct/2004:10:03:52 -0500] conn=53576 op=7 SRCH base=o=nebrwesleyan.edu,o=isp scope=2 filter=((uid=GUINEA-PIG$)(objectClass=sambaSamAccount)) attrs=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript
[Samba] 3.0.7: 'map to guest' incomplete behavior
I have a 3.0.7 server that is part of an active directory domain, and I have a problem where 'map to guest = Bad User' doesn't do what I expect. On this system, unix users are a subset of AD users. Those users who have accounts on both unix and AD can access the Samba server; but users who have an AD account but not a unix account can not. What I want is for those users without a unix account to still be able to access the world-readable shares as 'guest'. In my smb.conf, I have 'map to guest = Bad User' and 'guest account = guest'. But even with those settings, we still get an error in the smb log: Username DOMAIN\blah is invalid on this system. However, if a user specifies a bogus username when setting up the drive map (i.e., a username that does not exist in AD) then Samba will proceed to connect that user as 'guest'. In other words, 'map to guest' only works if the given username is not in AD. I modified reply_spnego_kerberos() in smbd/sesssetup.c so that it would use the guest user if the user is not in the unix password db and 'map to guest' is on. The patch is attached. If the developers have a problem with extending the 'map to guest' functionality in this way, then I suggest you add a new option ('unix map to guest' or something). I know that there's a hook to have smbd create user accounts on the fly, but that is not an acceptable solution in my environment. I need to have unknown (but valid) AD accounts map to 'guest'. --- sesssetup.c.dist2004-10-07 14:08:16.137991470 -0500 +++ sesssetup.c 2004-10-07 14:11:04.425105686 -0500 @@ -247,6 +247,14 @@ pw = smb_getpwnam( user, real_username, True ); if (!pw) { + if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) || + (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) { + DEBUG(3,(No such unix user %s - using guest account\n, +user)); + pw = smb_getpwnam( lp_guestaccount(), real_username, False ); + } + } + if (!pw) { DEBUG(1,(Username %s is invalid on this system\n,user)); SAFE_FREE(user); SAFE_FREE(client); PGP.sig Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Someone is researching your background via our website
Important message. Please print and keep this for your records. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= An individual at our website is sharing Opinions and Information regarding you in our online community. Why did we send you this email? When people find out others are talking about them, whether it is good or bad, they usually want to know. We feel that is is our responsibility to try to inform subjects so they have an opportunity to find out what is being said. To examine requests regarding you use this link: http://4.sye1.com/lx.php?a=searchb=5[EMAIL PROTECTED] Our Identity Protection System is a simple system in which this website sends email messages to the Experience Request author on your behalf, and vice versa. This website will never reveal the identity of the Experience Request author to you, nor will it reveal your identity to the author of the Experience Request. You can avoid future notification emails like this by adding your email address(es) to our Do Not Email List. Just use the following link: http://9.sye3.org/lx.php?a=donotemail[EMAIL PROTECTED] Once you understand how our website works you will realize that it is really very simple. Although it may seem confusing or complicated at first glance, in reality it is very simple. Regards, Support Department -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble creating RPM
Greetings, I've download the latest source and am trying to install it on my Mandrake machine. I've gotten through the build process (about 12 dozen times) without error, but it never creates the rpm files. The command I used is: rpmbuild -ba --nobuild \ --without acl \ --without vscan \ --without ldap \ SPECS/samba.spec Everything processes normally, until the script just ends. No error, no success, no rpms, nothing in the logs. -snip of output-- Processing files: samba3-passdb-xml-3.0.7-1.1mdk Finding Provides: /usr/lib/rpm/filter.sh ' ' /usr/lib/rpm/find-provides Using BuildRoot: /home/rsa/rpm/tmp/samba3-3.0.7-root to search libs Finding Requires: /usr/lib/rpm/filter.sh ' ' /usr/lib/rpm/find-requires /home/rsa/rpm/tmp/samba3-3.0.7-root i586 Provides: xml.so Requires(rpmlib): rpmlib(PayloadFilesHavePrefix) = 4.0-1 rpmlib(CompressedFileNames) = 3.0.4-1 Requires: samba3-server = 3.0.7-1.1mdk libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1.3) libm.so.6 libpthread.so.0 libxml2.so.2 libz.so.1 Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/rsa/rpm/tmp/samba3-3.0.7-root [EMAIL PROTECTED] rpm]$ -snip of output-- Has anyone created RPMS for Mandrake 9.2 using the latest 3.07? Thanks in advance, -=Ray Ray Anderson System Development Manager 916.788.2444 (Office) 916.798.9439 (Mobile) PRIDE Industries [EMAIL PROTECTED] http://www.prideindustries.com Of course, with the increasing number of aeroplanes one gets increased opportunities for shooting down one's enemies, but at the same time, the opportunity increases of being shot down one's-self. Baron Manfred von Richthofen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with winbindd AD Group access limit problem
I'm running Samba 3.0.2 on Solaris using winbindd to allow me to security tailor access to subdirectories on a Samba share. We assign the subdirectories within a Samba share to an Active Directory group name. This generally works fine but I am having user access issues from the Win2K / Win XP workstations that have mapped the share. The problem seems to be related to the number of groups / total length of group names the user is assigned to in Active Directory. If there are too many groups (or the aggregate length of all group names is too long), the user cannot access the secured directories even though they are a member of the group in AD. If I keep reducing the number of assigned groups in AD, the user can, at some point, gain access to the directories. Can someone tell me the following: 1. What limitation is causing this problem? 2. How to I remove the limitation? Phil Freund System Administrator Kichler Lighting Group -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Info on NetShareEnum RAP throwing User has insufficient privilege
I am looking for more info on the subject, since I get this response from a Windows/XP client to a SMBCLIENT command but do not know what checkings are held in the client (Windows/XP) in order to correct them. Any suggestion is welcome Manfredo Hopp -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Tandem / ServerNet 74000
Im unable to install SAMBA on my 74000 ServerNet Tandem system. Im currently running OSS under G06.11 OS. None of the of the instructions in the many help HTML file are working for me. After running the command make installbin and make installman I was able to read SAMBA man pages via the man command but the output looks bad. Files and directories described do not match the what on the system. Thinking is to delete it all and start over. But without instruction that specific to Tandem OSS I little hope of success. Can you Help? - The information contained in this electronic mail message, and any and all accompanying documents, constitutes confidential information. If you are not the intended recipient of this information, any disclosure, copying, distribution, or the taking of any action in reliance on it is strictly prohibited. If you received this information in error, please notify the sender immediately and destroy this communication. Messages sent via this medium may be subject to delays and/or unauthorized alteration. Neither The Bank of Tokyo-Mitsubishi, Ltd. nor any of its affiliates shall be held liable for the contents of this message. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-to-Samba connection problems
On Thu, 07 Oct 2004 11:41:24 -0500, Brandon Laing [EMAIL PROTECTED] wrote: Hey list, I'm still having some issues getting 2 Fedora machines running Samba 3.0.7 to stay connected for any length of time. My setup looks like this: 1 of the systems is set up as a Samba Server as the main fileserver. I have some Windows XP machines connecting to it just fine, nice and fast. However, I also have some FC2 systems that connect to it using the smbfs filesystem, and while they work initially after booting up, any amount of browsing through Nautilus or trying to run some programs off of the network will cause the system to hang. Not lock up, as I can force close windows, but the system will not respond to anything else. It definitely appears to be an issue with Samba however, and primarily when connecting from another FC2 system. Also, if the client system does hang while browsing the share, if I open a terminal window and try to do anything, I will sometimes get an error like this: error: failed to stat: /mnt: Input/output error Now, I'm thinking that this is only happening on the new version of Samba, 3.0.7-2.FC2 or 3.0.7-2.FC1. I noticed this started to happen around Sep 15th, after a system auto-updated to the newest version. Shortly after, other FC and FC2 boxes started having connection troubles. So, to test this, I set up a new system and didn't update samba on it. Sure enough, works perfectly, no hang ups. Ok, so I'll try the newest version directly from samba.org, 3.0.7-1 on the server. Hangs up within a minute of browsing on that one, same as the 3.0.7-2.FC2 release. Unfortunately, these are production boxes and I can't really wipe them out and reinstall to get the older version back. So, this really seems to be a bug in the most recent release of Samba. I've tried multiple, freshly installed servers and clients now, and can always reproduce this error. It's making things very difficult for us as well, as we have multiple servers that communicate via Samba that suddenly aren't working after they update. Luckily, Windows boxes are not affected by this and are connecting to Samba machines just fine. So, has anyone else experienced this, or know of any potential workarounds? I can post smb.conf files if need be, although I'm using pretty much all defaults and am just setting up simple shares. This setup has been working now for over a year without a hitch. Just to get things working on some critical boxes, I've had to set up NFS shares just to keep the connection alive, as using Samba it freeze up and lose the connection within a matter of hours. Any ideas? Thanks, Brandon -- Also have the same problem with 3.0.7 (FC1 kernel 2.6.8-1), connection troubles with win 98 clients. But yesterday i switched to 2.4 kernel and put option read raw=no, and connections are stable for now. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-to-Samba connection problems
On Fri, 8 Oct 2004 00:53:18 +0200, Stanimir Petrovic [EMAIL PROTECTED] wrote: On Thu, 07 Oct 2004 11:41:24 -0500, Brandon Laing [EMAIL PROTECTED] wrote: Hey list, I'm still having some issues getting 2 Fedora machines running Samba 3.0.7 to stay connected for any length of time. My setup looks like this: 1 of the systems is set up as a Samba Server as the main fileserver. I have some Windows XP machines connecting to it just fine, nice and fast. However, I also have some FC2 systems that connect to it using the smbfs filesystem, and while they work initially after booting up, any amount of browsing through Nautilus or trying to run some programs off of the network will cause the system to hang. Not lock up, as I can force close windows, but the system will not respond to anything else. It definitely appears to be an issue with Samba however, and primarily when connecting from another FC2 system. Also, if the client system does hang while browsing the share, if I open a terminal window and try to do anything, I will sometimes get an error like this: error: failed to stat: /mnt: Input/output error Now, I'm thinking that this is only happening on the new version of Samba, 3.0.7-2.FC2 or 3.0.7-2.FC1. I noticed this started to happen around Sep 15th, after a system auto-updated to the newest version. Shortly after, other FC and FC2 boxes started having connection troubles. So, to test this, I set up a new system and didn't update samba on it. Sure enough, works perfectly, no hang ups. Ok, so I'll try the newest version directly from samba.org, 3.0.7-1 on the server. Hangs up within a minute of browsing on that one, same as the 3.0.7-2.FC2 release. Unfortunately, these are production boxes and I can't really wipe them out and reinstall to get the older version back. So, this really seems to be a bug in the most recent release of Samba. I've tried multiple, freshly installed servers and clients now, and can always reproduce this error. It's making things very difficult for us as well, as we have multiple servers that communicate via Samba that suddenly aren't working after they update. Luckily, Windows boxes are not affected by this and are connecting to Samba machines just fine. So, has anyone else experienced this, or know of any potential workarounds? I can post smb.conf files if need be, although I'm using pretty much all defaults and am just setting up simple shares. This setup has been working now for over a year without a hitch. Just to get things working on some critical boxes, I've had to set up NFS shares just to keep the connection alive, as using Samba it freeze up and lose the connection within a matter of hours. Any ideas? Thanks, Brandon -- Also have the same problem with 3.0.7 (FC1 kernel 2.6.8-1), connection troubles with win 98 clients. But yesterday i switched to 2.4 kernel and put option read raw=no, and connections are stable for now. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Trouble creating RPM
I've download the latest source and am trying to install it on my Mandrake machine. I've also had some trouble building the newer Mandrake RPMs. Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Seek clarification on use of 'net rpc join -U' to join a NT4 domain
Dear Friends: I am trying to join a Suse 9.1 Server running Samba 3.07 to an NT4 Domain. One part I am confused about is the command net rpc join -U ... is the username to be used with this command the name of an administrator on the NT4 PDC? Does that administrator need to be an user on the Samba Server and a member of the root group? I successfully join using the DomainAdmin%Password combo from the NT4 domain, but with subsequent commands such as net rpc trustdom list it fails when I enter the password for the DomainAdmin. What password should I be using? Also the wbinfo commands appear to work but I don't understand the wbinfo --set-auth-user for the same reasons as stated above. Is the user a NT4 DomainAdmin or is it 'root' on the linux box? My smb.conf follows. Thank you for your kind help. Dennis A. Johnson K.M.B., Inc. Phoenix, Arizona # ~ # smb.conf # ~ [global] workgroup = DOMAIN server string = Samba Server netbios name = SRVR3 security = domain password server = SRVR1 SRVR2 wins server = 192.168.0.70 winbind separator = + winbind use default domain = yes idmap uid = 15000-2 idmap gid = 15000-2 use sendfile = yes interfaces = 127.0.0.1 eth0 hosts allow = 192.168.0. 127. bind interfaces only = true local master = no printing = cups printcap name = cups printer admin = @ntadmin, root, administrator disable spoolss = yes encrypt passwords = yes passdb backend = smbpasswd [homes] comment = Home Directories valid users = %S browseable = no read only = no guest ok = no printable = no [Documents] comment = Public Documents path = /export/Documents read only = yes writeable = yes inherit permissions = yes browseable = yes guest ok = no [Pictures] comment = Public Pictures path = /export/Pictures valid users = %S read only = no writeable = yes browseable = yes inherit permissions = yes guest ok = no [printers] comment = All Printers path = /var/spool/samba printer admin = root, itadminkmb, dennis printable = yes create mask = 0600 browseable = no guest ok = no [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 browseable = yes guest ok = no printable = no # ~ # .end. smb.conf # ~ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Can't join domain
TRAPPE wrote: When i do on my pdc server : net rpc join Administrator Create of workstation account failed User specified does not have administrator privileges Unable to join domain BIC. Did you mean to issue: net rpc join -U Administrator? And I would recommend to look in the Samba log files to have better understanding of the problem. Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.7 on Linix/Sparc
Hello all. I'm having a very odd problem that I can't solve and I hopinig someone here can help me. I have the latest samba package installed onto my sparc. Samba is configured for a PDC role with all appropriate machine and user accounds. A Win2K client can authenticate perfectly against the box, get credentials, login to the workstation, etc. A user can browse through shares and folders just fine. However whenever the Win2K client attempts to open a file, the entire workstation locks up, requiring a kill of explorer.exe. Standard logging seems to reveal no obvious problem. Talking with some people on the IRC channel last night reveals that others are seeing similiar problems. I enabled logging at level 4 and through all the spew it appears that whenever the Win2K box tries to access the file, Samba performs a series of file operations, including attempts at locks and then freezes and finally tries to send back an message of NT_STATUS_OBJECT_PATH_NOT_FOUND however this does not seem to unlock the client. For reference Samba appears to see the file exists (and it does exist as -rw-rw-rw). For reference, this same file structure is exported via NFS as well and file access works as expected there. I tried disabling NFS to rule out any lock problems but that didn't seem to help. I've looked at the traffic flow, the TCP steam seems to be working just fine in both directions between the server and the workstation. I've dumped a complete transaction of the Win2k box trying to open a sample file. To setup the scenario a little better, the file location /data/usr is shared as \\cirdan\usr. Within that is /data/usr/jason/learnvi.tar.gz. The user logged in to the Win2K box authenticates to a UNIX user that has read permisions to that file. I've posted a log of the attempt to open the file over Samba at http://www.devrandom.org/~jason/samba.log. My smb.conf i at http://www.devrandom.org/~jason/smb.conf. Anyone help me? I've been beating me head against this for about 8 days now. Thanks!!! -- Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.7 on Linix/Sparc
Tony Breeds wrote: I was told to experiment with the following settings use sendfile = no large readwrite = no max xmit = 16644 For me the sendfile option was the correct answer. 'use sendfile = no' appears to be the winner for me as well. Is this a bug or expected behavior? Thanks for the help! -- Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
samba 2.2.8/util_str.c - Why is '$' exempted from '_' replacement?
The module [.lib]time.c has a VMS specific edit to exempt the '$' character from being replaced with an underscore. So far I can not find a reason that VMS needs this change. -John [EMAIL PROTECTED] Personal Opinion Only PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r2837 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: gd Date: 2004-10-07 11:01:13 + (Thu, 07 Oct 2004) New Revision: 2837 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=2837nolog=1 Log: Fix printer-migration w.r.t. to new naming-convention for policy-handles. Also remove some unused vars. Guenther Modified: branches/SAMBA_3_0/source/utils/net_rpc_printer.c trunk/source/utils/net_rpc_printer.c Changeset: Sorry, the patch is too large (467 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=2837nolog=1
svn commit: samba r2838 - in trunk/source/include: .
Author: mimir Date: 2004-10-07 13:26:13 + (Thu, 07 Oct 2004) New Revision: 2838 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/includerev=2838nolog=1 Log: Big patch. Switch from secrets_* functions to new trust passwords api integrated with passdb interface. - helper macro for rpc calls using channel type parameter - use DATA_BLOB for various trust passwords rather than fstring rafal Modified: trunk/source/include/passdb.h trunk/source/include/secrets.h Changeset: Modified: trunk/source/include/passdb.h === --- trunk/source/include/passdb.h 2004-10-07 11:01:13 UTC (rev 2837) +++ trunk/source/include/passdb.h 2004-10-07 13:26:13 UTC (rev 2838) @@ -262,7 +262,7 @@ uint16 flags; /* flags */ size_t uni_name_len;/* unicode name length */ smb_ucs2_t uni_name[32];/* unicode domain name */ - fstring pass; /* trust password */ + DATA_BLOB pass; /* trust password */ time_t mod_time;/* last change time */ DOM_SID domain_sid; /* trusted domain sid */ } private; Modified: trunk/source/include/secrets.h === --- trunk/source/include/secrets.h 2004-10-07 11:01:13 UTC (rev 2837) +++ trunk/source/include/secrets.h 2004-10-07 13:26:13 UTC (rev 2838) @@ -63,6 +63,11 @@ #define PASS_MACHINE_TRUST_ADS (PASS_TRUST_ADS | PASS_TRUST_MACHINE) #define PASS_DOMAIN_TRUST_ADS (PASS_TRUST_ADS | PASS_TRUST_DOMAIN) +/* Returns secure channel parameter, based on trust flags, for rpc netlogon calls */ +#define SCHANNEL_TYPE(flags) ((flags PASS_TRUST_MACHINE) ? SEC_CHAN_WKSTA : \ + ((flags PASS_TRUST_SERVER) ? SEC_CHAN_BDC : \ + ((flags PASS_TRUST_DOMAIN) ? SEC_CHAN_DOMAIN : 0))) + #define SECRETS_PASSWORDS_MIGRATED SECRETS/PASS_MIGRATED /* structure for storing machine account password
svn commit: samba r2839 - in trunk/source/passdb: .
Author: mimir Date: 2004-10-07 13:37:10 + (Thu, 07 Oct 2004) New Revision: 2839 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/passdbrev=2839nolog=1 Log: Big patch. Switch from secrets_* functions to new trust passwords api integrated with passdb interface. - move tp_key_list variable from global to a structure held as private within passdb context - convert ldap-trust structure initialisation from fstring password to DATA_BLOB - fix gettrustpwent in ldap backend to return correct status codes - use proper sambaDomainName object depending on security mode - set of init/destroy functions for SAM_TRUST_PASSWD structure - return correct type for trust password itself - correctly set trust password in SAM_TRUST_PASSWD with regard to its DATA_BLOB nature - don't lose any (potentially useful) status code returned from backend unless it is NT_STATUS_UNSUCCESSFUL rafal Modified: trunk/source/passdb/passdb.c trunk/source/passdb/pdb_get_set.c trunk/source/passdb/pdb_interface.c trunk/source/passdb/pdb_ldap.c trunk/source/passdb/pdb_tdb.c Changeset: Sorry, the patch is too large (385 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/passdbrev=2839nolog=1
svn commit: samba r2840 - in trunk/source/libsmb: .
Author: mimir Date: 2004-10-07 13:44:10 + (Thu, 07 Oct 2004) New Revision: 2840 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/libsmbrev=2840nolog=1 Log: Big patch. Switch from secrets_* functions to new trust passwords api integrated with passdb interface. Trust passwords migration function. - use necessary trust password structure initialisation - set trust password depending on whether it is plaintext (ADS) or 16 bytes of password hash (NT) - typo fix in comment - use pdb_set_tp_* functions instead of directly accessing structure members - count NT_STATUS_USER_EXISTS code as migrated password rafal Modified: trunk/source/libsmb/trusts_util.c Changeset: Sorry, the patch is too large (308 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/libsmbrev=2840nolog=1
svn commit: samba r2841 - in trunk/source/lib: .
Author: mimir Date: 2004-10-07 13:46:04 + (Thu, 07 Oct 2004) New Revision: 2841 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/librev=2841nolog=1 Log: Big patch. Switch from secrets_* functions to new trust passwords api integrated with passdb interface. - data_blob_clear is too useful outside to be declared static :) rafal Modified: trunk/source/lib/data_blob.c Changeset: Modified: trunk/source/lib/data_blob.c === --- trunk/source/lib/data_blob.c2004-10-07 13:44:10 UTC (rev 2840) +++ trunk/source/lib/data_blob.c2004-10-07 13:46:04 UTC (rev 2841) @@ -97,7 +97,7 @@ /*** clear a DATA_BLOB's contents ***/ -static void data_blob_clear(DATA_BLOB *d) +void data_blob_clear(DATA_BLOB *d) { if (d-data) { memset(d-data, 0, d-length);
svn commit: samba r2842 - in trunk/source/auth: .
Author: mimir Date: 2004-10-07 13:48:19 + (Thu, 07 Oct 2004) New Revision: 2842 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/authrev=2842nolog=1 Log: Big patch. Switch from secrets_* functions to new trust passwords api integrated with passdb interface. - use pdb_* trust passwords interface instead of secrets_* rafal Modified: trunk/source/auth/auth_domain.c trunk/source/auth/auth_util.c Changeset: Sorry, the patch is too large (256 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/authrev=2842nolog=1
svn commit: samba r2843 - in trunk/source/tdb: .
Author: mimir Date: 2004-10-07 13:50:51 + (Thu, 07 Oct 2004) New Revision: 2843 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/tdbrev=2843nolog=1 Log: Big patch. Switch from secrets_* functions to new trust passwords api integrated with passdb interface. - correctly (un)pack trust password structure with regard to DATA_BLOB password rafal Modified: trunk/source/tdb/tdbutil.c Changeset: Modified: trunk/source/tdb/tdbutil.c === --- trunk/source/tdb/tdbutil.c 2004-10-07 13:48:19 UTC (rev 2842) +++ trunk/source/tdb/tdbutil.c 2004-10-07 13:50:51 UTC (rev 2843) @@ -724,32 +724,52 @@ **/ size_t tdb_trustpw_unpack(SAM_TRUST_PASSWD* trustpw, const char* pack_buf, int bufsize) { - int idx, len = 0, pass_len =0; + int idx, len = 0; + char *p_buf = NULL, *buf = NULL; struct trust_passwd_data *t; + TALLOC_CTX *mem_ctx; if (!trustpw || !pack_buf) return -1; t = trustpw-private; + mem_ctx = trustpw-mem_ctx; + + /* allocating pack buffer to satisfy const argument */ + p_buf = (char*) talloc(mem_ctx, bufsize); + if (!p_buf) return -1; + + memcpy((void*)p_buf, (const void*)pack_buf, bufsize); + buf = p_buf; /* packing password type flags */ - len += tdb_unpack(pack_buf + len, bufsize - len, w, t-flags); + len += tdb_unpack(p_buf + len, bufsize - len, w, t-flags); /* unpack unicode domain name and plaintext password */ - len += tdb_unpack(pack_buf + len, bufsize - len, d, t-uni_name_len); + len += tdb_unpack(p_buf + len, bufsize - len, d, t-uni_name_len); for (idx = 0; idx 32; idx++) - len += tdb_unpack((const char*)(pack_buf + len), bufsize - len, + len += tdb_unpack((char*)(p_buf + len), bufsize - len, w, t-uni_name[idx]); - /* unpacking password and last modification time */ - len += tdb_unpack((const char*)(pack_buf + len), bufsize - len, dPd, - pass_len, t-pass, t-mod_time); + /* unpacking password length */ + len += tdb_unpack((char*)(p_buf + len), bufsize - len, d, + t-pass.length); + + /* allocating and unpacking password blob */ + t-pass = data_blob_talloc(mem_ctx, NULL, t-pass.length); +if (t-pass.data) + memset((void*)t-pass.data, 0, t-pass.length); + + for (idx = 0; idx t-pass.length; idx++) + len += tdb_unpack((char*)(p_buf + len), bufsize - len, + b, t-pass.data[idx]); - if (pass_len FSTRING_LEN) return -1; - t-pass[pass_len] = 0; - + /* last change time */ + len += tdb_unpack((char*)(p_buf + len), bufsize - len, d, + t-mod_time); + /* unpack sid */ - len += tdb_sid_unpack((const char*)(pack_buf + len), bufsize - len, + len += tdb_sid_unpack((char*)(p_buf + len), bufsize - len, t-domain_sid); - + return len; } @@ -782,8 +802,8 @@ len += tdb_pack(pack_buf + len, bufsize - len, w, t.uni_name[idx]); /* packing password and last modification time */ - len += tdb_pack(pack_buf + len, bufsize - len, dPd, strlen(t.pass), - t.pass, t.mod_time); + len += tdb_pack(pack_buf + len, bufsize - len, Bd, t.pass.length, + t.pass.data, t.mod_time); /* packing SID structure */ len += tdb_sid_pack(pack_buf + len, bufsize - len, t.domain_sid);
svn commit: samba r2846 - in trunk/source/utils: .
Author: mimir Date: 2004-10-07 14:01:29 + (Thu, 07 Oct 2004) New Revision: 2846 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/utilsrev=2846nolog=1 Log: Big patch. Switch from secrets_* functions to new trust passwords api integrated with passdb interface. - use pdb_* trust passwords interface instead of secrets_* - tell NT trust passwords from ADS when listing them - init trust password structure before using it - upcase trust's domain name before deleting the trust rafal Modified: trunk/source/utils/net.c trunk/source/utils/net_ads.c trunk/source/utils/net_rpc.c trunk/source/utils/net_rpc_join.c trunk/source/utils/net_rpc_samsync.c trunk/source/utils/pdbedit.c Changeset: Sorry, the patch is too large (532 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/utilsrev=2846nolog=1
svn commit: samba r2848 - in trunk/source/smbd: .
Author: mimir Date: 2004-10-07 14:07:32 + (Thu, 07 Oct 2004) New Revision: 2848 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/smbdrev=2848nolog=1 Log: Big patch. Switch from secrets_* functions to new trust passwords api integrated with passdb interface. - use pdb_* trust passwords interface instead of secrets_* - hook trust passwords migration function just before all of smbd starts rafal Modified: trunk/source/smbd/process.c trunk/source/smbd/server.c Changeset: Modified: trunk/source/smbd/process.c === --- trunk/source/smbd/process.c 2004-10-07 14:03:57 UTC (rev 2847) +++ trunk/source/smbd/process.c 2004-10-07 14:07:32 UTC (rev 2848) @@ -1327,6 +1327,8 @@ static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_timeout_processing_time) { + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + SAM_TRUST_PASSWD *trust = NULL; static time_t last_keepalive_sent_time = 0; static time_t last_idle_closed_check = 0; time_t t; @@ -1407,9 +1409,6 @@ password change */ lp_security() == SEC_DOMAIN) { - unsigned char trust_passwd_hash[16]; - time_t lct; - /* * We're in domain level security, and the code that * read the machine password flagged that the machine @@ -1425,11 +1424,19 @@ machine %s in domain %s.\n, global_myname(), lp_workgroup() )); return True; } - - if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, lct, NULL)) { + + nt_status = pdb_init_trustpw(trust); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0, (Couldn't initialise trust password\n)); + return False; + } + + nt_status = pdb_gettrustpwnam(trust, lp_workgroup()); + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,(process: unable to read the machine account password for \ machine %s in domain %s.\n, global_myname(), lp_workgroup())); secrets_lock_trust_account_password(lp_workgroup(), False); + trust-free_fn(trust); return True; } @@ -1437,9 +1444,10 @@ * Make sure someone else hasn't already done this. */ - if(t lct + lp_machine_password_timeout()) { + if(t pdb_get_tp_mod_time(trust) + lp_machine_password_timeout()) { global_machine_password_needs_changing = False; secrets_lock_trust_account_password(lp_workgroup(), False); + trust-free_fn(trust); return True; } @@ -1448,6 +1456,9 @@ change_trust_account_password( lp_workgroup(), NULL); global_machine_password_needs_changing = False; secrets_lock_trust_account_password(lp_workgroup(), False); + + /* free trust password structure */ + trust-free_fn(trust); } /* Modified: trunk/source/smbd/server.c === --- trunk/source/smbd/server.c 2004-10-07 14:03:57 UTC (rev 2847) +++ trunk/source/smbd/server.c 2004-10-07 14:07:32 UTC (rev 2848) @@ -621,6 +621,8 @@ static BOOL init_structs(void ) { + int pass_num = 0; + /* * Set the machine NETBIOS name if not already * set from the config file. @@ -640,6 +642,9 @@ secrets_init(); + /* migrate trust passwords to passdb if not migrated yet */ + pass_num = migrate_trust_passwords(); + return True; }
svn commit: samba r2850 - in branches/SAMBA_4_0/source/libcli/auth: .
Author: metze Date: 2004-10-07 14:44:18 + (Thu, 07 Oct 2004) New Revision: 2850 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/libcli/authrev=2850nolog=1 Log: - check for GENSEC_WANT_SEAL in gensec_unseal_packet() - pass functions to the subcontext in spnego metze Modified: branches/SAMBA_4_0/source/libcli/auth/gensec.c branches/SAMBA_4_0/source/libcli/auth/spnego.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/auth/gensec.c === --- branches/SAMBA_4_0/source/libcli/auth/gensec.c 2004-10-07 14:09:15 UTC (rev 2849) +++ branches/SAMBA_4_0/source/libcli/auth/gensec.c 2004-10-07 14:44:18 UTC (rev 2850) @@ -314,6 +314,10 @@ if (!gensec_security-ops-unseal_packet) { return NT_STATUS_NOT_IMPLEMENTED; } + if (!(gensec_security-want_features GENSEC_WANT_SEAL)) { + return NT_STATUS_INVALID_PARAMETER; + } + return gensec_security-ops-unseal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, Modified: branches/SAMBA_4_0/source/libcli/auth/spnego.c === --- branches/SAMBA_4_0/source/libcli/auth/spnego.c 2004-10-07 14:09:15 UTC (rev 2849) +++ branches/SAMBA_4_0/source/libcli/auth/spnego.c 2004-10-07 14:44:18 UTC (rev 2850) @@ -108,7 +108,6 @@ { struct spnego_state *spnego_state = gensec_security-private_data; - return NT_STATUS_NOT_IMPLEMENTED; if (spnego_state-state_position != SPNEGO_DONE spnego_state-state_position != SPNEGO_FALLBACK) { return NT_STATUS_INVALID_PARAMETER; @@ -129,7 +128,6 @@ { struct spnego_state *spnego_state = gensec_security-private_data; - return NT_STATUS_NOT_IMPLEMENTED; if (spnego_state-state_position != SPNEGO_DONE spnego_state-state_position != SPNEGO_FALLBACK) { return NT_STATUS_INVALID_PARAMETER;
svn commit: samba r2852 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: gd Date: 2004-10-07 14:47:53 + (Thu, 07 Oct 2004) New Revision: 2852 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=2852nolog=1 Log: Oh. Allow to migrate win2k3/xp-drivers as well. Thanks to Bjoern Jacke for his moral support :) Guenther Modified: branches/SAMBA_3_0/source/utils/net_rpc_printer.c trunk/source/utils/net_rpc_printer.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_printer.c === --- branches/SAMBA_3_0/source/utils/net_rpc_printer.c 2004-10-07 14:46:58 UTC (rev 2851) +++ branches/SAMBA_3_0/source/utils/net_rpc_printer.c 2004-10-07 14:47:53 UTC (rev 2852) @@ -32,6 +32,7 @@ {Windows 4.0, WIN40, 0 }, {Windows NT x86, W32X86, 2 }, + {Windows NT x86, W32X86, 3 }, {Windows NT R4000, W32MIPS, 2 }, {Windows NT Alpha_AXP, W32ALPHA,2 }, {Windows NT PowerPC, W32PPC, 2 }, Modified: trunk/source/utils/net_rpc_printer.c === --- trunk/source/utils/net_rpc_printer.c2004-10-07 14:46:58 UTC (rev 2851) +++ trunk/source/utils/net_rpc_printer.c2004-10-07 14:47:53 UTC (rev 2852) @@ -32,6 +32,7 @@ {Windows 4.0, WIN40, 0 }, {Windows NT x86, W32X86, 2 }, + {Windows NT x86, W32X86, 3 }, {Windows NT R4000, W32MIPS, 2 }, {Windows NT Alpha_AXP, W32ALPHA,2 }, {Windows NT PowerPC, W32PPC, 2 },
svn commit: samba r2853 - in branches/SAMBA_4_0/source: libcli/ldap torture/ldap
Author: metze Date: 2004-10-07 15:13:20 + (Thu, 07 Oct 2004) New Revision: 2853 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2853nolog=1 Log: add torture test to find the defaultNamingContext on the RootDSE try a sasl sealed CompareRequest abartlet: we need to check how SINGING only can work, it failed for me:-( metze Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c branches/SAMBA_4_0/source/torture/ldap/basic.c branches/SAMBA_4_0/source/torture/ldap/common.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2004-10-07 14:47:53 UTC (rev 2852) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2004-10-07 15:13:20 UTC (rev 2853) @@ -1481,6 +1481,8 @@ return result; } + gensec_want_feature(conn-gensec, GENSEC_WANT_SIGN|GENSEC_WANT_SEAL); + status = gensec_set_domain(conn-gensec, domain); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, (Failed to start set GENSEC client domain to %s: %s\n, Modified: branches/SAMBA_4_0/source/torture/ldap/basic.c === --- branches/SAMBA_4_0/source/torture/ldap/basic.c 2004-10-07 14:47:53 UTC (rev 2852) +++ branches/SAMBA_4_0/source/torture/ldap/basic.c 2004-10-07 15:13:20 UTC (rev 2853) @@ -71,6 +71,115 @@ return ret; } +static BOOL test_search_rootDSE(struct ldap_connection *conn, char **basedn) +{ + BOOL ret = True; + struct ldap_message *msg, *result; + + printf(Testing RootDSE Search\n); + + *basedn = NULL; + conn-searchid = 0; + conn-next_msgid = 30; + + msg = new_ldap_message(); + if (!msg) { + return False; + } + + msg-type = LDAP_TAG_SearchRequest; + msg-r.SearchRequest.basedn = ; + msg-r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE; + msg-r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER; + msg-r.SearchRequest.timelimit = 0; + msg-r.SearchRequest.sizelimit = 0; + msg-r.SearchRequest.attributesonly = False; + msg-r.SearchRequest.filter = talloc_strdup(msg-mem_ctx, (objectclass=*)); + msg-r.SearchRequest.num_attributes = 0; + msg-r.SearchRequest.attributes = NULL; + + if (!ldap_setsearchent(conn, msg, NULL)) { + printf(Could not setsearchent\n); + return False; + } + + result = ldap_getsearchent(conn, NULL); + if (result) { + int i; + struct ldap_SearchResEntry *r = result-r.SearchResultEntry; + + DEBUG(1,(\tdn: %s\n, r-dn)); + for (i=0; ir-num_attributes; i++) { + int j; + for (j=0; jr-attributes[i].num_values; j++) { + DEBUG(1,(\t%s: %d %.*s\n, r-attributes[i].name, +r-attributes[i].values[j].length, +r-attributes[i].values[j].length, +(char *)r-attributes[i].values[j].data)); + if (!(*basedn) + strcasecmp(defaultNamingContext,r-attributes[i].name)==0) { +*basedn = talloc_asprintf(conn-mem_ctx, %.*s, +r-attributes[i].values[j].length, +(char *)r-attributes[i].values[j].data); + } + } + } + } else { + ret = False; + } + + ldap_endsearchent(conn, NULL); + + return ret; +} + +static BOOL test_compare_sasl(struct ldap_connection *conn, const char *basedn) +{ + BOOL ret = True; + struct ldap_message *msg, *result; + const char *val; + + printf(Testing SASL Compare: %s\n, basedn); + + if (!basedn) { + return False; + } + + conn-next_msgid = 55; + + msg = new_ldap_message(); + if (!msg) { + return False; + } + + msg-type = LDAP_TAG_CompareRequest; + msg-r.CompareRequest.dn = basedn; + msg-r.CompareRequest.attribute = talloc_strdup(msg-mem_ctx, objectClass); + val = domain; + msg-r.CompareRequest.value = data_blob_talloc(msg-mem_ctx, val, strlen(val)); + + if (!ldap_sasl_send_msg(conn, msg, NULL)) { + return False; + } + + DEBUG(5,(Code: %d DN: [%s] ERROR:[%s] REFERRAL:[%s]\n, + msg-r.CompareResponse.resultcode, + msg-r.CompareResponse.dn, + msg-r.CompareResponse.errormessage, + msg-r.CompareResponse.referral)); + + return True; + if (!result) { +