Re: [Samba] How do I stop the guest account printing?
On 06.12.2004 4:20 am, Gerald (Jerry) Carter wrote: Tim wrote: | Is it actually possible to stop guest access to a printer? Use 'security = user' instead of share. Ah, I was hoping you weren't going to say that... The samba server is used by several people, not all of whom have accounts on the linux machine, so I'd much rather have security = share. I'll give it a try though. At the cost of everyone having to log-on (some with the guest account), I'll gain some printer accounting I suppose! So is this a bug/feature in Samba or something (guest ok = no not working for printers when security = share)? Or is it a flaw in the Windows SMB design? Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (/usr/bin/passwd %u) requires a '%u' parameter
Hello, When I configuring samba 3.0.8 as a PDC. When I run the testparm command, I get the error: Error: the 'passwd program' (/usr/bin/passwd %u) requires a '%u' parameter. I have tried to find a solution for this problem and knew, it is a bug. If it is a bug, how can I solve this problem? Cheers #/etc/samba/smb.conf #Samba configurstion file als PDC [global] workgroup = office-santomis security = user netbios name = simpson server string = Samba PDC running %v ;PDC Master and Browser setting #passdb backend = smbpasswd #tdbsam os level = 64 prefered master = yes local master = yes domain master = yes ;security and logging settings security = user #username map = /etc/samba/smbusers domain logons = yes log file = /var/log/samba %m log level = 2 max log size = 50 ;user profiles and home directory logon home = \\%L\%U\.profile logon drive = H: logon path = \\%L\profiles\%U #logon script = netlogon.bat wins support = yes smb passwd file = /var/lib/samba/private/smbpasswd ;sync unix passwords unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*passwd* %n\n *Enter* new*UNIX*passwd* %n\n *Retype*new*UNIX*passwd* %n\n *passwd*successfully*cha nged* strict locking = yes time server = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 interfaces = lo eth0 #bind interfaces only = yes #host allowed = 127.0.0.1 192.168.178.? ;Add user script for new machnies add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false - M %u [netlogon] comment = Domain login service path = /home/samba/netlogon public = no readonly = yes browsable = no [home] comment = Hove Directories path = %H browsable = no writeable = yes [profiles] path=/home/samba/profiles writeable = yes browseable = no create mask = 0600 directory mask = 0700 Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind running on Samba PDC for shell logins
Fired up winbind and voila, my windows users w/ disabled passwords in /etc/passwd can login to the PDC via their windows password stored in the tdb backend. As they change their password on windows, only one actual password changes as a result. Seems nice and clean. So my question is are there any disadvantages to running this way? i.e. would I be better off not bothering w/ winbind and instead use unix password sync ?? Or is there something I haven't thought of that is better? One thing... if you set list of workstations on wich user can login... then pam_winbind can't auth users anymore. Oh wow... that's interesting and good to know. Thanks. So it sounds like you're talking about the windows based workstation access restrictions that are all stored in the tdb backend (access rights, or user rights in the windows based user manager? I use usermgr for testing so end user admins get a GUI for user management on samba PDC ). i.e. if I setup a windows user to only be able to login to 2 out of my 10 windows workstations, then pam_winbind can't authenticate ANY users anymore -- or just that one user or some subset of users? I doubt we'll be restricting what workstations users can login to, but this will save some headaches if we try it and have issues. Thanks again. This is one reason to favor unix password sync. I'm wondering if unix password sync will work -- i.e. a normal samba PDC setup has the windows password encrypted as LM hashes or whatever. Does the PDC every able to recover the plain text of XP/2K passwords so it can use the passwd command as root to set the unix password? Hopefully this thread will be useful to others too -- thanks for replying. -E -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: CUPS, APW
| register_message_flags: tdb_fetch failed The register_message_flags() error has been fixed. See: svn diff -r 4016:4018 svn://svnanon.samba.org/samba/branches/SAMBA_3_0 | do nothing. Unfortunately, something then renames my | queue (in Samba, not CUPS) to the Driver Name that I have installed. | The Share Name is left untouched. No errors in the logs. See the 'force printername' option in smb.conf(5) Thanks. I put 'force printername' in my [printers] section and that did the trick. I am left with two problems... the Access Denied error, and the requirement for an external daemon to restart Samba to complete the process. It works, but I seem to be missing something. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBsPNIIR7qMdg1EfYRAiLPAKCZgVY3XBqUQn7oha/gdO9rHHcumQCgq3DI oHMat0NH1WFclpU6/gcmW8k= =pITo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: CUPS, APW
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff Hardy wrote: | I am left with two problems... the Access Denied error, | and the requirement for an external daemon to restart | Samba to complete the process. It works, but I seem to | be missing something. A simple kill -HUP pid is enough. You shouldn't restart smbd. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtHOjIR7qMdg1EfYRAiZ8AKC4T8Q0QWmAu8paBbacJ1XuTwd0KQCg2VjR R1xBf/30N2xWvSXt1SlJPIY= =rA/o -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] compiling samba v3x with sysconfdir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote : | My Question: Is the sysconfdir deprecated? Or is there | any other solution to set the smb.conf location? | I don't want to work with links or hide my smb.conf | somewhere deep inside... Use --with-configdir instead of sysconfdir. Example build script at http://www.samba.org/~jerry/src/build-samba cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtHXEIR7qMdg1EfYRAge7AKC9A8qaK/p/LgCn1O/JkEr1opRvTwCfeTDg MJaEQdhC+gSrSY2VsPPB4TM= =9bFJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] (/usr/bin/passwd %u) requires a '%u' parameter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 M. Aftab Alam wrote: | Hello, | When I configuring samba 3.0.8 as a PDC. When I run | the testparm command, I get the error: | Error: the 'passwd program' (/usr/bin/passwd %u) requires | a '%u' parameter. I have tried to find a solution for | this problem and knew, it is a bug. If it is a bug, | how can I solve this problem? It was a bogus error message that has been corrected in 3.0.9. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtHYXIR7qMdg1EfYRAvOzAJ9Q0fY7ody455oC3xbfA8UnYLAMMgCdFzAD Ps+qJDOO1+xsSRow9FH77Q0= =0zGC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP and Samba PDC Auth Problem
Some further information. If I go on to the XP machine, and pull up the Security and Sharing information for the Documents and Settings directory for my domain user, instead of seeing the normal blue user icon and a name like DOMAIN\user I see a greyed out icon with a red question mark and then the SID for my domain user account. If I try to Add a user, and tell XP to list all available objects, I get a list of all the various users and groups so it *CAN* read the information from the Samba server. Curiouser and curiouser... - Aaron Smith vox: 269.226.9550 ext.26 Network Director fax: 269.349.9076 Nexcerpt, Inc. http://www.nexcerpt.com ...Nexcerpt... Extend Your Expertise On Sun, 5 Dec 2004, Aaron Smith wrote: I have been running a Samba PDC with Samba version 3.0.0 on Redhat 7.3 for quite some time. My WinXP Pro SP2 system is part of the domain and everything has been working just peachy. And then, of course, I had to tinker with it. I upgraded the linux box to Whitebox Linux 3.0, a derivative of Redhat Enterprise Linux 3.0. It comes with Samba 3.0.7. After installing and updating everything, I brought over the entire contects of my /etc/samba directory and loaded a previously saved LDIF file for my LDAP server (which samba authenticates to). No changes were made in any of these files and no changes were made on the WinXP box. If I do an smbclient -L linux-box-name it prompts me for a password, which is accepted, and a list of shares is presented. If I do the same thing using the WinXp's name, I get: session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE If I attempt to log in with a domain account on the XP box, I get a dialog box that says: Windows could not connect to the domain, either because the domain controller is down, of otherwise unavailable, or because your computer account was not found. I *AM* able to remove the XP machine from the domain and re-add it without incident. Or at least, I get the Welcome to the PANDORANET Domain message when adding it so I'm assuming the kali$ machine account is being properly found. I suspect that this has something to do with the schannel settings. Samba reports that all 4 settings are currently set to Auto which seems to be the ideal setting. The first thing I tried was the registry change for signorseal to 0, but that had no affect. Currently, under the Local Security settings, I have for what I believe are the pertinent settings: Domain member: Digitally encrypt or sign secure channel data (always): Enabled Domain member: Digitally encrypt secure channel data (when possible): Enabled Domain member: Digitally sign secure channel data (when possible): Enabled Microsoft Network Client: Digitally sign communications (always): Disabled Microsoft Network Client: Digitally sign communications (if server agrees): Enabled Microsoft Network Server: Digitally sign communications (always): Disabled Microsoft Network Server: Digitally sign communications (if server agrees): Enabled Anyone have any ideas? I've been tearing my hair out over this all weekend! - Aaron Smith vox: 269.226.9550 ext.26 Network Director fax: 269.349.9076 Nexcerpt, Inc. http://www.nexcerpt.com ...Nexcerpt... Extend Your Expertise -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: CUPS, APW
| I am left with two problems... the Access Denied error, | and the requirement for an external daemon to restart | Samba to complete the process. It works, but I seem to | be missing something. A simple kill -HUP pid is enough. You shouldn't restart smbd. Thanks again. I had previously done this but switched to a restart for some reason. Here is a stripped down version of my Perl addprinter script, for what it is worth. When I looked into this before, I didn't find many examples so maybe it is of some use. Trying to nail that Access Denied problem... if you could, can you please tell me if you see anything wrong or missing? Thanks again for all your help. #!/usr/bin/perl # # param 1 : printer name # param 2 : share name - become the printer name for CUPS # param 3 : port name # param 4 : driver name # param 5 : location - the device uri of the printer, probably IP addy # param 6 : win9x location require '/usr/local/bin/smbapwlib.pl'; #some useful functions #take in args $lpname=shift; $shname=shift; $portname=shift; $drivername=shift; $location=shift; $win9x=shift; #if queue exists, don't do anything #this is because addprinter command is run each time printer modified if (!(checkqueue($shname))){ $shname = uc($shname); #check for location syntax #if no protocol specified... if ($location !~ m#:/#){ #assume an lpd printer $location = lpd://.$location; } #run the cups lpadmin command to add the printer system(/usr/sbin/lpadmin -p $shname -D \$drivername\ -E -v $location); sleep 1; #print sharename to make the port look nice #also supposed to cause samba to reload its config print ($shname); #reload samba manually system(/usr/bin/killall,-HUP,smbd); sleep 2; } -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net share command
Hi team, I need to execute some net share command on a Samba 3.0.4/LDAP server. I guess this command needs to be run as root, so I use Administrator account (uid=0,primarygroupsid=512) but I have the following behaviour : # net share add test=/var/tmp -U administrator%password - with loglevel 0 : no warning, but no new share - with loglevel 3 : [Mon Dec 6 15:39:12 2004 , 1] utils/net_rpc.c:run_rpc_command(141) rpc command function failed! (NT_STATUS_UNSUCCESSFUL) - with loglevel 10 : [Mon Dec 6 15:39:12 2004 , 5] rpc_parse/parse_prs.c:prs_werror(694) 001c status: WERR_ACCESS_DENIED [Mon Dec 6 15:39:12 2004 and server side [Mon Dec 6 15:39:38 2004 , 5] rpc_parse/parse_prs.c:prs_werror(694) 0004 status: WERR_ACCESS_DENIED [Mon Dec 6 15:39:38 2004 , 5] rpc_server/srv_pipe.c:api_rpcTNP(1575) api_rpcTNP: called srvsvc successfully [Mon Dec 6 15:39:38 2004 Did I miss something ? Many thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.9 and macro %f
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Bork wrote: | Hi, | | samba 3.0.9 cannot expand %f anymore: | | Sending a netbios message to the samba server himself | | test2 # echo test | /usr/bin/smbclient -U 'eisfair Samba Server on | TEST2' -M TEST2 -I 192.168.0.6 | Connected. Type your message, ending it with a Control-D | sent 6 bytes | | From smb.conf: | | message command = /bin/mail -s 'message from %f' root %s; rm %s | | And this is the mail (see Subjekt): | ... | To: [EMAIL PROTECTED] | Subject: message from __2___ The code hasn't changed. have you looked at a level 10 debug log for clues? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtIDJIR7qMdg1EfYRApe2AJ9ZTc7dbmSgl+uDprnjRkLUP9PAdQCfQ6qd 2AuL2qpycOjFuECX6gmOlAA= =3aYX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] disable NTLM on Fedora samba-3.0.9
Hi all, I have successfully configured a samba server as a domain member in my 2003 domain (native mode 2003). I also configured winbind, and my domain users successfully can access shares in the samba server. smb.conf: security = ADS I also configured /etc/krb5.conf and used net ads join - successfully. However, I can see that NTLM is the chosen protocol for each client machine (WinXP) accessing samba, and kerberos is not used: from the log: using SPNEGO Selected protocol NT LM 0.12 even though I tried to set client use spnego = no How can I force samba to use kerberos ? Thanks, Nir -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP and Samba PDC Auth Problem
One other thing, it would appear that a username is not being sent by the XP server. If I use smbclient to get a list of shares on the Samba server FROM the samba server, I see this in the log file: [2004/12/06 10:41:12, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/12/06 10:41:12, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] But, when doing the same thing to the XP box (or when trying log in at the XP box, I see this: [2004/12/06 10:41:19, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface[2004/12/06 10:41:19, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] - Aaron Smith vox: 269.226.9550 ext.26 Network Director fax: 269.349.9076 Nexcerpt, Inc. http://www.nexcerpt.com ...Nexcerpt... Extend Your Expertise On Mon, 6 Dec 2004, Aaron Smith wrote: Some further information. If I go on to the XP machine, and pull up the Security and Sharing information for the Documents and Settings directory for my domain user, instead of seeing the normal blue user icon and a name like DOMAIN\user I see a greyed out icon with a red question mark and then the SID for my domain user account. If I try to Add a user, and tell XP to list all available objects, I get a list of all the various users and groups so it *CAN* read the information from the Samba server. Curiouser and curiouser... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: CUPS, APW
Hello, you shouldn't need to restart samba. I'm using a C-programm as addprinter command, and do not need to restart samba. Samba does it by it's own, if it receives one or more lines of text from the script. You allways get these access denied errors, when no line is printed. I know nearly nothing about perl, but (just as an idea) the script output needs a newline at its end. I don't know, if perl does this automaticly. In doubt, take a look at a level 10 debug. You should see the output of your script. Bye, Martin On Monday 06 December 2004 16:29, Jeff Hardy wrote: | I am left with two problems... the Access Denied error, | and the requirement for an external daemon to restart | Samba to complete the process. It works, but I seem to | be missing something. A simple kill -HUP pid is enough. You shouldn't restart smbd. Thanks again. I had previously done this but switched to a restart for some reason. Here is a stripped down version of my Perl addprinter script, for what it is worth. When I looked into this before, I didn't find many examples so maybe it is of some use. Trying to nail that Access Denied problem... if you could, can you please tell me if you see anything wrong or missing? Thanks again for all your help. #!/usr/bin/perl # # param 1 : printer name # param 2 : share name - become the printer name for CUPS # param 3 : port name # param 4 : driver name # param 5 : location - the device uri of the printer, probably IP addy # param 6 : win9x location require '/usr/local/bin/smbapwlib.pl'; #some useful functions #take in args $lpname=shift; $shname=shift; $portname=shift; $drivername=shift; $location=shift; $win9x=shift; #if queue exists, don't do anything #this is because addprinter command is run each time printer modified if (!(checkqueue($shname))){ $shname = uc($shname); #check for location syntax #if no protocol specified... if ($location !~ m#:/#){ #assume an lpd printer $location = lpd://.$location; } #run the cups lpadmin command to add the printer system(/usr/sbin/lpadmin -p $shname -D \$drivername\ -E -v $location); sleep 1; #print sharename to make the port look nice #also supposed to cause samba to reload its config print ($shname); #reload samba manually system(/usr/bin/killall,-HUP,smbd); sleep 2; } -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind running on Samba PDC for shell logins
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | One thing... if you set list of workstations on wich user | can login...then pam_winbind can't auth users anymore. | | Oh wow... that's interesting and good to know. Th I think it will work fine as long as you include the name of the Samba server in that list. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtIEmIR7qMdg1EfYRAv2rAJ42rVff7ekZ1WgzhQd0fDlO+iyA6gCcCfdn tiVD83CyG8juS+bKJhXndlY= =B/5+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Server not browseable with 3.0.8
On Fri, 3 Dec 2004, Michael Lueck wrote: Are you sure you have the smb.conf set to run a master browser? I'll hand out my stock advice as usual. Compare notes to our working Samba3 standard... ftp://ftp.lueckdatasystems.com/pub/presentations/klugsamba3pdc-bookreview.pdf Thanks. I'll check that out. However, this morning, it just started working again. I now strongly suspect the problem is somebody else running some competing server on the same subnet. I'll have to wait until it fails again and look for the culprit. -- Andy Dougherty [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disable NTLM on Fedora samba-3.0.9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nir L wrote: | smb.conf: | security = ADS | I also configured /etc/krb5.conf and used net ads join | - successfully. | | However, I can see that NTLM is the chosen protocol for | each client machine (WinXP) accessing samba, and kerberos | is not used (from the log): | using SPNEGO | Selected protocol NT LM 0.12 This is the smb protocol dialect and has nothing to do with the authentication chosen (not directly at least). | even though I tried to set client use spnego = no The applies only to Samba's client code and not the capability bits set by the server when replying to clients. Besides, you really should not disable spnego. Generally if it doesn't work it would be considered a bug. | How can I force samba to use kerberos ? Look for thew SPNEGO communication in the level 10 log. Hint: search for the string 'OID' and see what mechanism is being negotiated. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtIaZIR7qMdg1EfYRAmtkAKDc2777bMGrmvw3RAEnC3DhYkTYQACeN2fy tMgCGnfpxdChut+G3BGX+do= =4ywm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Server not browseable with 3.0.8
On Fri, 3 Dec 2004, sharif islam wrote: On Fri, 3 Dec 2004 16:16:49 -0500 (EST), Andrew Dougherty [EMAIL PROTECTED] wrote: Ok, stopped /etc/init.d/samba, removed browse.dat, restarted /etc/init.d/samba. Still the same. Oh, well. I'll go back to fighting this on Monday. Meanwhile, if there are any further ideas . . . Do you have this two lines in smb.conf? I am not sure but you can give it a try replacing/adding them. netbios name = NETBIOSNAME netbios aliases = Thanks. I don't have any netbios entries in smb.conf. I'll keep that in mind to check. However, this morning, it just started working again. I now strongly suspect the problem is somebody else running some competing server on the same subnet. I'll have to wait until it fails again and look for the culprit. In the meantime, since it's working, I'm not planning on touching it! -- Andy Dougherty [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Advanced server config question
Greetings, I have an advanced config question that I'm hoping the Samba Gods can help me with in regards to feasibility and execution. I'll give the concept of what I want to do, followed by the details of my present config. I have a functioning samba 3.0.8pre2 server that is multihomed. The 100Mb line is attached to our main network. the 1Gb line is attached to a private 1Gb lan used for backing up our file servers. It is a member server in a W2k3 Active directory domain and its working fine. This is the directory structure of the data being shared, the samba shares are defined on the eng, prod, and ext levels on the primary 100Mb interface. /data/shares/eng /data/shares/prod /data/shares/ext This is what I would like to do. I would like to keep the shares already defined intact sharing out on the 100Mb lan I would like to share to the private 1Gb lan because we have started to use a near-online backup strategy using a dir-sync tool. we do a basic copy with ntfs permissions from the file servers to the backup server's array, from this array, we create the backup tapes. so far so good. I would like to share the file system at the /data/shares level for backup simplicity, but i'm aware that it might not be possible to share at that level because there are subordinate directories already shared. This part is a little more important. The machine is registering itself in wins; registering the various services and names as its supposed to. is there a way to prevent the server from registering the server's 1Gb private lan shares in wins on the primary interface? and if so, how do I do it? My concern is that if I share out to the secondary 1Gb private lan, and it registers itself in wins, that our client machines won't be able to resolve the server sometimes because the client on the main network recieved the 192.168.0.x address from wins. is this setup feasible? what are my options? and how do I go about setting this up? below, I will provide my smb.conf Regards Fred Dussault also, if there are any glaring mistakes in my config, I'll appreciate any constructive criticism... Thanks! # Global parameters [global] workgroup = US realm = US.RAY.COM server string = Samba 3.08pre2 Server interfaces = eth0 security = ADS auth methods = winbind password server = eadc-gc101.us.ray.com log level = 1 log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins bcast host lmhosts server signing = auto #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 5 preferred master = No local master = No domain master = No browse list = No enhanced browsing = No dns proxy = No wins server = 138.127.x.x ldap ssl = no socket address = idmap uid = 7-20 idmap gid = 7-20 winbind separator = + valid users = @us+adc-rfc users, us+labviewadmin admin users = @us+adc-it admin read list = @us+adc-rfc users write list = @us+adc-site support, us+labviewadmin hosts allow = 138.127.x.x/255.255.252.0 map acl inherit = Yes [prod] path = /data/share/prod valid users = @us+adc-rfc users, us+labviewadmin admin users = @us+adc-it admin read list = @us+adc-rfc users write list = @us+adc-site support, @us+adc-fab rf test [eng] path = /data/share/eng valid users = @us+adc-rfc users, us+labviewadmin admin users = @us+adc-it admin read list = @us+adc-rfc users write list = @us+adc-site support, @us+adc-eng test [ext] path = /data/share/ext valid users = @us+adc-rfc users, us+lavbiewadmin admin users = @us+adc-it admin read list = @us+adc-rfc users write list = @us+adc-site support, @us+adc-model -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Server not browseable with 3.0.8
On Sun, 5 Dec 2004, Steve Feehan wrote: On Fri, Dec 03, 2004 at 03:40:48PM -0500, Andrew Dougherty wrote: On Fri, 3 Dec 2004, Michael Lueck wrote: Sounds like you have crud left over in your wins file. Stop the samba services, wack /var/opt/samba/wins.dat and restart samba. Thanks for the suggestion. Alas, I don't have any /var/opt/samba directory at all (nor any wins.dat entries in /var/run/samba or anywhere else.) On debian wins.dat is in /var/lib/samba. Nope, I don't have one there either. There's no wins.dat file anywhere. However, this morning, it just started working again. I now strongly suspect the problem is somebody else running some competing server on the same subnet. I'll have to wait until it fails again and look for the culprit. In the meantime, since it's working, I'm not planning on touching it! -- Andy Dougherty [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] errors from ads_krb5_mk_req errors and util_sock.c:send_smb
After 2 weeks of trying to configure samba as a member server in a native AD domain, with winbind+nss+kerberose following the Samba Collection and (Samba-3 By Exmaple) docuentation, with RedHat AS3, samba 3.0.9, krb5 1.3.1, where 2 KDC's are Windows 2003 and one is Windows 2000, and smb-signing has been turned off,... when a user tries to access a share, they are prompted for a password, and no passwords seem to work, and I see errors like: client connection log lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) winbindd log ibsmb/clikrb5.c:ads_krb5_mk_req(390) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find KDC for requested realm) Details and testing results listed below: -- SAMBA ON REDHAT Advance Server 3 saga, as member server in native AD with winbind -- 1st Problem: Bug in RedHat's smaba rpm when joining a samba 3.0.7-1.3E.1 in a w2k domain https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139668 Solution: Upgrading to samba.org new version (3.0.9) 2nd Problem: Kerberose 1.3 cannot use Microsoft AD Kerberose Tickets, RedHat AS only goes up to 1.2.7 After a successful 'net ads join' I can communcate with KDC, but get ticket errors authenticating users: From Windows XP client, I am prompted for a password and No password works. The samba log for the client session 'smbd/sesssetup.c:reply_spnego_kerberose(173) Failed to verify incoming ticket!' Solution: Upgrade krb5 from 1.2.7 to Fedora Core 1.3.1. 3rd Problem: System appeared to be working and then stopped. Only change: samba was restarted. Solution: No solution yet for smb.conf with 'security=ads' --- Notes from 3rd Problem: --- ### BEGIN /etc/smaba/smb.conf ### #=== Global Settings = [global] server string = Samba Server workgroup = MYREALM realm = MYREALM.MY.MYDOMAIN.COM security = ADS map to guest = Bad User password server = * socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = no local master = no domain master = no os level = 33 wins server = 128.32.68.75 128.32.67.118 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = Yes load printers = no log file = /var/log/samba/%m.log max log size = 0 username map = /etc/samba/smbusers dns proxy = no # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 ### END /etc/smaba/smb.conf ### ### BEGIN /etc/krb5.conf ### [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = MYREALM.MY.MYDOMAIN.COM dns_lookup_realm = true dns_lookup_kdc = true [realms] MYREALM.MY.MYDOMAIN.COM = { kdc = hcs-ad-a.myrealm.my.mydomain.com:88 admin_server = hcs-ad-a.myrealm.my.mydomain.com:749 default_domain = myrealm.my.mydomain.com } [domain_realm] .myrealm.mydomain.com = MYREALM.MY.MYDOMAIN.COM myrealm.mydomain.com = MYREALM.MY.MYDOMAIN.COM .myrealm.my.mydomain.com = MYREALM.MY.MYDOMAIN.COM myrealm.my.mydomain.com = MYREALM.MY.MYDOMAIN.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } ### END /etc/krb5.conf ### # Since hcs-ad-b is a widows 2000 server, change /etc/krb5.conf changed: hcs-ad-a.myrealm.my.mydomain.com to: hcs-ad-b.myrealm.my.mydomain.com # remove cached settings [EMAIL PROTECTED] usr]# rm -rf /var/lib/samba/* /etc/samaba/secret.tdb # start winbind [EMAIL PROTECTED] usr]# /etc/init.d/winbind start # try to add to domain [EMAIL PROTECTED] usr]# net ads join -W MYREALM -S HCS-AD-B -Uadministrator administrator's password: Using short domain name -- MYREALM Joined 'DEVAPACHE2' to realm 'MYREALM.MY.MYDOMAIN.COM' # list what changed: [EMAIL PROTECTED] usr]# ls -ltr /etc/samba/secrets.tdb /var/lib/samba/ -rw---1 root root 8192 Dec 5 12:06 /etc/samba/secrets.tdb wvar/lib/samba/: total 68 drwxr-xr-x2 root root 4096 Nov 30 04:14 printing -rw-r--r--1 root root 4201 Dec 5 04:02 namelist.debug -rw-r--r--1 root root 216 Dec
[Samba] Desperately need help with two printer issues
I just moved a new user onto my Samba server. He needs two things, and neither of them work! 1. When he tries to access one of the printers, he gets Access denied. Only for one of them. I can't find anything in the logs. When I try to access the printer as his user, I get: [2004/12/06 11:16:59, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) I don't think it's right. I have no idea why it's doing that. He is a local admin but a domain admin. Also this printer needs to have the drivers installed locally, though most of the printers have their drivers on the server. 2. He needs some of the printers to map to local lpt ports. In the login script I'm using net use LPT1: \\server\printer but when I go into printer properties, I don't see it mapped to a local port. Am I doing it wrong? Before, we used Novell, and use the Novell printer port capture facility. It is a W2K client, server has Samba 3.0.9 with CUPS printing. Thanks in advance, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: CUPS, APW
Haha. It was that pesky newline. See below. Everything works perfectly now. Thanks very much. -Jeff On Mon, 2004-12-06 at 11:14, Martin Zielinski wrote: Hello, you shouldn't need to restart samba. I'm using a C-programm as addprinter command, and do not need to restart samba. Samba does it by it's own, if it receives one or more lines of text from the script. You allways get these access denied errors, when no line is printed. I know nearly nothing about perl, but (just as an idea) the script output needs a newline at its end. I don't know, if perl does this automaticly. In doubt, take a look at a level 10 debug. You should see the output of your script. Bye, Martin On Monday 06 December 2004 16:29, Jeff Hardy wrote: | I am left with two problems... the Access Denied error, | and the requirement for an external daemon to restart | Samba to complete the process. It works, but I seem to | be missing something. A simple kill -HUP pid is enough. You shouldn't restart smbd. Thanks again. I had previously done this but switched to a restart for some reason. Here is a stripped down version of my Perl addprinter script, for what it is worth. When I looked into this before, I didn't find many examples so maybe it is of some use. Trying to nail that Access Denied problem... if you could, can you please tell me if you see anything wrong or missing? Thanks again for all your help. #!/usr/bin/perl # # param 1 : printer name # param 2 : share name - become the printer name for CUPS # param 3 : port name # param 4 : driver name # param 5 : location - the device uri of the printer, probably IP addy # param 6 : win9x location require '/usr/local/bin/smbapwlib.pl'; #some useful functions #take in args $lpname=shift; $shname=shift; $portname=shift; $drivername=shift; $location=shift; $win9x=shift; #if queue exists, don't do anything #this is because addprinter command is run each time printer modified if (!(checkqueue($shname))){ $shname = uc($shname); #check for location syntax #if no protocol specified... if ($location !~ m#:/#){ #assume an lpd printer $location = lpd://.$location; } #run the cups lpadmin command to add the printer system(/usr/sbin/lpadmin -p $shname -D \$drivername\ -E -v $location); sleep 1; #print sharename to make the port look nice #also supposed to cause samba to reload its config print ($shname); # Change this to: print ($shname\n); #reload samba manually system(/usr/bin/killall,-HUP,smbd); sleep 2; } -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Desperately need help with two printer issues
In addition to the below, I also just found out that he is actually able to print to the queue, even though he is not able to open the printer from Printers. On Monday 06 December 2004 11:26, Misty Stanley-Jones wrote: I just moved a new user onto my Samba server. He needs two things, and neither of them work! 1. When he tries to access one of the printers, he gets Access denied. Only for one of them. I can't find anything in the logs. When I try to access the printer as his user, I get: [2004/12/06 11:16:59, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) I don't think it's right. I have no idea why it's doing that. He is a local admin but a domain admin. Also this printer needs to have the drivers installed locally, though most of the printers have their drivers on the server. 2. He needs some of the printers to map to local lpt ports. In the login script I'm using net use LPT1: \\server\printer but when I go into printer properties, I don't see it mapped to a local port. Am I doing it wrong? Before, we used Novell, and use the Novell printer port capture facility. It is a W2K client, server has Samba 3.0.9 with CUPS printing. Thanks in advance, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Server not browseable with 3.0.8
On Mon, 6 Dec 2004 11:19:33 -0500 (EST), Andrew Dougherty wrote: I now strongly suspect the problem is somebody else running some competing server on the same subnet. Set your server to always win. The settings I have in my smb.conf at the time of writing it will always win as the name server on the network. Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Force user and replace with SUID and SGID
Hi all, I am trying to get rid of a force user setting on our samba server. I read an article that talked about setting the SUID and SGID on the top-level directory, and all sub-directories, of a share and this would cause all files to be own by the user and group for which the sticky bit has been set. Here is what I did. 1. recursively changed owner/group on all file and directories in the share to the user and group who I wanted to own said files and directories. 2. executed find /mnt/fileserver/server -type d -exec ug+s {} \; to set the sticky bit on all directories within the share. 3. removed the force user entry from the share definition and restarted Samba 4. Browsed the share and created a new file. It came up as owned by me not the user who I had set the sticky bit for. It did have the proper group as I am a member of that group. 5. Opened and Excel file and then closed that file. It prompted me to save changes, made none, and when I said no it updated the time stamp anyway. I am using the force user entry to solve the known problem with Microsoft Office files. I have about 14 employees who access the share and all file and directories within it. Timestamps are very important and we need them not be changed when simply viewing a file. It was my understanding that by setting the SUID and SGID it would cause all files to retain their ownership and all newly created files to get the user and group for which the sticky bit was set. I know that this is a Linux file system question, but it is relating to Samba and I am hoping that someone out there has experienced this and can point me in the right direction. Thank you Michael Kelly -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disable NTLM on Fedora samba-3.0.9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nir L wrote: | smb.conf: | security = ADS | I also configured /etc/krb5.conf and used net ads join | - successfully. | | However, I can see that NTLM is the chosen protocol for | each client machine (WinXP) accessing samba, and kerberos | is not used (from the log): | using SPNEGO | Selected protocol NT LM 0.12 This is the smb protocol dialect and has nothing to do with the authentication chosen (not directly at least). | even though I tried to set client use spnego = no The applies only to Samba's client code and not the capability bits set by the server when replying to clients. Besides, you really should not disable spnego. Generally if it doesn't work it would be considered a bug. | How can I force samba to use kerberos ? Look for thew SPNEGO communication in the level 10 log. I tried... I finaliy got not using SPNEGO, but still - got Using protocol NT LM 0.12 after the SPNEGO message. Hint: search for the string 'OID' and see what mechanism no OID strings in my log. is being negotiated. here is my smb.conf. [global] workgroup = domain2003 netbios name = defconn2Logs server string = Major Samba encrypt passwords = Yes log level = 10 log file = /var/samba/logs/log.%m lock dir = /var/samba/locks pid directory = /var/run max log size = 5 preferred master = False local master = No domain master = False dns proxy = No guest account = pacifsconn create mask = 0775 dead time = 15 debug pid = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY oplocks = Yes kernel oplocks = Yes level2 oplocks = Yes defer sharing violations = No name resolve order = lmhosts wins bcast host debug hires timestamp = Yes wins server = 192.168.41.108 realm = DOMAIN2003.com security = ADS domain logons = No client use spnego = No use spnego = No map to guest = bad password map hidden = Yes map system = Yes force group = 1 bind interfaces only = Yes interfaces = 192.168.41.139 smb passwd file = /var/samba/private/ private dir = /var/samba/private winbind separator = + idmap uid = 1-3 idmap gid = 1-3 winbind enum users = Yes winbind enum groups = Yes template homedir = /home/winnt/%D/%U template shell = /bin/bash use sendfile = No strict locking = Yes disable spoolss = Yes mangling method = hash2 [Logs] comment = Share for Logs path = /var/log browseable = Yes read only = Yes available = Yes writeable = No valid users = NONE EXCEPT domain2003+user2 map archive = Yes hide dot files = No directory mask = 751 dos filemode = Yes and part of the logfile: challenge is: [2004/12/06 20:03:36.498409, 5, pid=4142] lib/util.c:dump_data(1899) [000] AB 02 01 6F AA E3 15 2F ...o.../ [2004/12/06 20:03:36.498603, 3, pid=4142] smbd/negprot.c:reply_nt1(327) not using SPNEGO [2004/12/06 20:03:36.498710, 3, pid=4142] smbd/negprot.c:reply_negprot(549) Selected protocol NT LM 0.12 [2004/12/06 20:03:36.498811, 5, pid=4142] smbd/negprot.c:reply_negprot(555) negprot index=5 [2004/12/06 20:03:36.498918, 5, pid=4142] lib/util.c:show_msg(461) [2004/12/06 20:03:36.498982, 5, pid=4142] lib/util.c:show_msg(471) size=99 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]=5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=11776 (0x2E00) smb_vwv[ 8]= 16 (0x10) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=0 (0x0) smb_vwv[12]=62284 (0xF34C) smb_vwv[13]=48615 (0xBDE7) smb_vwv[14]=50395 (0xC4DB) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 2303 (0x8FF) smb_bcc=30 [2004/12/06 20:03:36.500113, 10, pid=4142] lib/util.c:dump_data(1899) [000] AB 02 01 6F AA E3 15 2F 44 00 4F 00 4D 00 41 00 ...o.../ D.O.M.A. [010] 49 00 4E 00 32 00 30 00 30 00 33 00 00 00I.N.2.0. 0.3... [2004/12/06 20:03:36.500380, 6, pid=4142] lib/util_sock.c:write_socket(449) write_socket(22,103) [2004/12/06 20:03:36.500758, 6, pid=4142] lib/util_sock.c:write_socket(452) write_socket(22,103) wrote 103 [2004/12/06 20:03:36.513975, 10, pid=4142] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 308 [2004/12/06 20:03:36.514150, 6, pid=4142] smbd/process.c:process_smb(1091) got message type 0x0 of len 0x134 [2004/12/06 20:03:36.514264, 3, pid=4142]
[Samba] Do you mind? :)))
I'm so sorry! :) Genuine poetry can communicate before it is understood. Sau buligiz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: CUPS, APW
One final question... the deleteprinter command is correctly deleting the underlying CUPS queue and Samba is receiving a SIGHUP. But, the printer still shows in Samba until I restart the daemon. Bug? On Mon, 2004-12-06 at 11:26, Jeff Hardy wrote: Haha. It was that pesky newline. See below. Everything works perfectly now. Thanks very much. -Jeff On Mon, 2004-12-06 at 11:14, Martin Zielinski wrote: Hello, you shouldn't need to restart samba. I'm using a C-programm as addprinter command, and do not need to restart samba. Samba does it by it's own, if it receives one or more lines of text from the script. You allways get these access denied errors, when no line is printed. I know nearly nothing about perl, but (just as an idea) the script output needs a newline at its end. I don't know, if perl does this automaticly. In doubt, take a look at a level 10 debug. You should see the output of your script. Bye, Martin On Monday 06 December 2004 16:29, Jeff Hardy wrote: | I am left with two problems... the Access Denied error, | and the requirement for an external daemon to restart | Samba to complete the process. It works, but I seem to | be missing something. A simple kill -HUP pid is enough. You shouldn't restart smbd. Thanks again. I had previously done this but switched to a restart for some reason. Here is a stripped down version of my Perl addprinter script, for what it is worth. When I looked into this before, I didn't find many examples so maybe it is of some use. Trying to nail that Access Denied problem... if you could, can you please tell me if you see anything wrong or missing? Thanks again for all your help. #!/usr/bin/perl # # param 1 : printer name # param 2 : share name - become the printer name for CUPS # param 3 : port name # param 4 : driver name # param 5 : location - the device uri of the printer, probably IP addy # param 6 : win9x location require '/usr/local/bin/smbapwlib.pl'; #some useful functions #take in args $lpname=shift; $shname=shift; $portname=shift; $drivername=shift; $location=shift; $win9x=shift; #if queue exists, don't do anything #this is because addprinter command is run each time printer modified if (!(checkqueue($shname))){ $shname = uc($shname); #check for location syntax #if no protocol specified... if ($location !~ m#:/#){ #assume an lpd printer $location = lpd://.$location; } #run the cups lpadmin command to add the printer system(/usr/sbin/lpadmin -p $shname -D \$drivername\ -E -v $location); sleep 1; #print sharename to make the port look nice #also supposed to cause samba to reload its config print ($shname); # Change this to: print ($shname\n); #reload samba manually system(/usr/bin/killall,-HUP,smbd); sleep 2; } -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: CUPS, APW
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff Hardy wrote: | One final question... the deleteprinter command is | correctly deleting the underlying CUPS queue and Samba | is receiving a SIGHUP. But, the printer still shows in Samba | until I restart the daemon. Bug? Yes. Already fixed in the latest 3.0 svn tree. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtKZ7IR7qMdg1EfYRAjl3AJ4ze9t9caQkPMNcKAxPfaOGK/ztowCfYdo9 bYLGH/Ny6p992EEFmp5WVhQ= =AW+3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disable NTLM on Fedora samba-3.0.9
In addition to my last email (the one with my smb.conf) I also found out that: if I connect the share using \\ip address\sharename I get access to the share after NTLM has been used. and if I connect using \\netbiosname\sharename I get access denied (NTLM is still used...) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nir L wrote: | smb.conf: | security = ADS | I also configured /etc/krb5.conf and used net ads join | - successfully. | | However, I can see that NTLM is the chosen protocol for | each client machine (WinXP) accessing samba, and kerberos | is not used (from the log): | using SPNEGO | Selected protocol NT LM 0.12 This is the smb protocol dialect and has nothing to do with the authentication chosen (not directly at least). | even though I tried to set client use spnego = no The applies only to Samba's client code and not the capability bits set by the server when replying to clients. Besides, you really should not disable spnego. Generally if it doesn't work it would be considered a bug. | How can I force samba to use kerberos ? Look for thew SPNEGO communication in the level 10 log. Hint: search for the string 'OID' and see what mechanism is being negotiated. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtIaZIR7qMdg1EfYRAmtkAKDc2777bMGrmvw3RAEnC3DhYkTYQACeN2fy tMgCGnfpxdChut+G3BGX+do= =4ywm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] valid characters in domain name
Hi. Sorry if this is a FAQ but I couldn't find the answer. What are the valid characters in a samba domain/workgroup name? Specifically, is the '.' character allowed? Would 'SBB.UVM.EDU' be a valid domain name? Or would a '-' or '_' be more appropriate? I tried to use '.' in a domain name once before. It didn't work so I reverted to a dot-free name. Later I found that there is a 15 character limit on domain names. I'm wondering if this was the cause of the domain name not being valid rather than the existance of the dot. Thanks. -- Steve Feehan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA / LDAP / Domain Password change problem - Repost, actually making some progress
Hmmm. Glad to hear WINS fixed some of the issues. I checked out your slapd.conf and everything looks fine there. I then reread you previous posts and realized the computers and users are in separate OUs. PAM/NSS only allows for one OU for Users, and since a machine to UNIX is just another user, they must all be in the same OU. Try putting your machines and users in the same OU and changing all of your config files to reflect this changes. Also, make sure that the user you are using to add machines to the domain has the right to do so. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Windows Synchronization
I have Samba setup on a RedHat 9.0 box. Everything configured properly I can manually copy files etc with no problem. However when I try to use windows synchronization I always get an access denied on an or all files/folders changed or created. In smb.conf I have it as follows: [files] comment = files path = /file/ valid users = adm public = no writable = yes printable = no create mask = 0755 create directory = 0755 directory mask = 0755 I'm running the latest samba version as well. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Minor annoyances: Samba 3.0.2/Win2k and WinXP
I have three users that are having trouble with my Samba network. This trouble is composed of two (possibly distinct) issues. My network is controlled by a Red Hat ES 3 server running Samba 3.0.2 with an LDAP backend. Issue 1: Laptop users, with Offline Files that are made of their My Documents directories. These directories are stored on the Samba server (so they can be backed up) and sync'ed so they can use them on the road. This issue is intermittent, but when it happens, it *really* happens. The symptoms are the machine will complain that it's Working Offline and ask the user to click an icon in the taskbar to restore the connections. They do, the machine goes back online and things are fine for a varying amount of time (between 10 seconds and days to months). Then the cycle starts all over again. Both of the affected machines are running Windows XP Pro with all of the patches/service packs etc. applied to them. Issue 2: Windows 2000 Pro desktop user. This issue manifests itself as an error message when the user goes to save a file. The error message is: An error occurred while reconnecting Drive Letter: to \\Server\sharename. Microsoft Windows Network: The local device name is already in use. The connection has not been restored. Even though the error message leads the user to believe that something bad has happened, the file he is trying save *is* saved, and no problems exist. This used to happen from time to time, now it has become a normal happening instead of a rare occurrence. I've googled my heart out and have very little info on Issue No. 1, but a lot on Issue No. 2. It seems as though they might be related, but I can't pin any one thing to both of them. All of the info I can find on No. 2, seems to blame either/and a busy network or Microsoft for the problem, but no solution has been offered that actually fixes the problem. I can find evidence of this happening all the way back to 2000 - so I know I'm not alone here. I do have a busy network, but nothing that my systems can not deal with. The biggest problem that I have with all of this is that it only affects these three computers. The remainder of my network appears to be unaffected by them (about 30 computers). So my question is: Does anyone have a solution to this problem? Anyone have a similar issue that we can compare notes on? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] retry: VFS databaseFS
Hi. I'm looking for Database FS, a VFS module written by Eric Lorimer. Anyone knows where to find it? Note that the link on the samba official documentation is no longer valid... TIA Gianni -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Minor annoyances: Samba 3.0.2/Win2k and WinXP
Collins, Kevin wrote: My network is controlled by a Red Hat ES 3 server running Samba 3.0.2... Samba 3.0.2 IS pretty old these days... I'd suggest taking the time to get up to 3.0.9 and then seeing where you stand. Remember to test on non-production servers when at all possible, or stock up on pizza and H2O! ;-) -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba timeuot in shared folder
Hi. i have installed samba 2.27 in nredhat 9, i have a shared folder. all it`s well, but when i have 30 or 40 minutes work in this shared folder from any work station it´s disconnect, and say what not see a shared folder, an then have a restart the server and work please help me and sorry by my english thenk Mario Soto -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems connecting to server from Windows side of Linux/Windows network
In my network's current setup I have a Linux based KDC which provides the TGT to the machines on the network (dual boot Linux/Windows boxes) and they use this to get the TGS from the Active Directory. When I login to the Active Directory domain I can access the shares on the samba server. However, if I try to connect to the Realm I cannot get access to the shares. Any idea what I need to do? If anyone needs any clarification please let me know. -- Cheers, --Lucas Machado -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Networkbrowsing with different subnetmasks
Dear all, I have a workgroup withonly windows 200 workstations in it and one Samba version 2.212 The network is bridged with a subnet mask 255.255.255.240 From the WAN side you get: Internet Modem/router first NIC firewall and out to LAN via second NIC Because the second NIC has no IP address the browsing is done by the first NIC avoiding that the information is not going out to the WAN by making the firewall rules. Altough i did make the sentence inside the firewall pass any from any i did not get the name of the server vissible in the workgroup. Only the win2K workstations where visible The IP parameters where set to subnetmask 255.255.255.240 this includes all the workstations and the first NIC from the firewall. After changing the subnetmask to 255.255.255.0 i see the server joining the workgroup and I could access him. Could someone give me a answer on the following question: Is browsing from samba only on the address xxx.xxx.xxx.255 and not on lower address if used with different subnetmask? Like subnetmask =255.255.255.240 = 15 IP addresses per group browse adress first group = xxx.xxx.xxx.15 second group = xxx.xxx.xxx.31 third group = xxx.xxx.xxx.47 and so on until xxx.xxx.xxx.255 Regards, Ronald RiemVis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ADS Authentication
I'm about ready to smash my head through a wall...I could use a few answers. 1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true? 2. If yes, I have not been able to get it to work. If I have a posix user account with the same name as one in ADS, even if pwords are different, I can log on to the samba server. If no identical posix/ADS account exists on the samba server, then I cannot connect. Any ideas as to where to look would be very helpful, as I am at a complete as to what to do at this point. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Installing Printer drivers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've a Samba PDC ( samba-server-3.0.6-4.2.100mdk ) My cleint machines are all XP Pro without SP2. I've never been able to get Samba to accept a printer driver for download to client machines. How can I achieve this? Note that this will not be an easy question to answer. I've already succeeded at installing pass-through printing and CUPS printing but both suck. I suppose it is CUPS that actually sux. Anyway, I want my printer to work identically to a Windows printer, i.e. users should be able to manipulate properties etc. If I can get help figureing this one out, I'll be very happy to add it to my HOWTO at http://mandrake.vmlinuz.ca/bin/view/Main/SambaThreeDomainController Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtN5d57L0B7uXm9oRAs8LAJ0R7DtkhaiHgJD5XlVrP+FsmFLyQwCfTqo8 SrMJsej2kWaiLagvmCrtRIQ= =2UX2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote: I'm about ready to smash my head through a wall...I could use a few answers. 1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true? Yes, so long as you have nsswitch and pam set up correctly. It sounds like you don't. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Installing Printer drivers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim C. wrote: | I've a Samba PDC ( samba-server-3.0.6-4.2.100mdk ) My cleint machines ... To be more specific about what I want: I want rendering done on the client side with the windows printer drivers downloaded from the DC. I want to be able to install those printer drivers from any box, so long as I am logged into the DC as an Admin user. Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtOZp57L0B7uXm9oRAo7kAJ0dphkpLhNO0FobrMpmG6BhsXvPQwCdGfsj hEkEax3dFlm4+DAMbizYijE= =TY7b -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
Jeremy Allison wrote: On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote: I'm about ready to smash my head through a wall...I could use a few answers. 1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true? Yes, so long as you have nsswitch and pam set up correctly. It sounds like you don't. Well, I've followed every how to that I can find. I have some strangeness. When I log into the unix terminal I have to supply 2 root passwords...the posix one and the one for root in ADS (they're different)to login. The same for a user with both posix and ADS accounts. Non posix account users cannot login with an ADS account to the terminal. Depending on changes to the smb.conf file I get wild results with winbindd. One config gives users and groups with a wbinfo -u/g command. Others error out with differing reasons for the errors. I'm really not sure where the error is...it should be working, but it is not. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] help identifying errors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This from tail -f /var/log/samba/spartack | spartack (192.168.2.102) couldn't find service ::{2227a280-3aea-1069-a2de-08002b30309d} | [2004/12/06 16:18:46, 1] smbd/service.c:make_connection_snum(648) | spartack (192.168.2.102) connect to service print$ initially as user root (uid=0, gid=0) (pid 3004) | [2004/12/06 16:18:46, 1] smbd/service.c:close_cnum(837) | spartack (192.168.2.102) closed connection to service print$ | [2004/12/06 16:18:46, 1] smbd/service.c:make_connection_snum(648) | spartack (192.168.2.102) connect to service print$ initially as user root (uid=0, gid=0) (pid 3004) | [2004/12/06 16:18:46, 1] smbd/service.c:close_cnum(837) | spartack (192.168.2.102) closed connection to service print$ | [2004/12/06 16:18:46, 0] smbd/service.c:make_connection(800) Spartack is the name of one of my clients. What I am trying to do is move from using the generic postscript printer drivers to using the Windows printer drivers and having them downloadble. I can get them to upload but at the end of the upload it says Access denied Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtPgS57L0B7uXm9oRAsg7AJ4rW7P5W2iIqh39+UE8pvKJsvtiXgCcCvoO pi+yF0zGrLEHBTAW20mTIWo= =1HFb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winxp user password change problem
Hello i am new to using the mailing list system. I have my samba 3.0.9 configured as a PDC in my home network, and winxp professional are installed on the clients with service pack 2 updated. There seems to be a problem when the users try to change their password under winxp and it says you do not have permission to change your password I have unix password sync turned on, and the user unix passwords are not locked. I did a search on the internet and it was one of microsoft's update fix that caused this problem. however, i have found no solution to this problem. It'd be great if there is a way for users to change their password in winxp on their own, so i dont have to do it for them. if there is a way to search for the answer to my question, please let me know. I have tried asking in freenode irc channel and searching on the internet and found no solution. please let me know if more information needs to be provided. Any help is greatly appreciated. Thanks -- God Bless You! This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Kerberos Error
Hi, I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on LM10.0. A similar summary to what I'm seeing could be found here. http://lists.samba.org/archive/samba/2004-July/090210.html My relevant config info could be found below. May I ask how could I solve this in LM10.0? What packages do I need to update? The problem does not arise with NT. It happens to only W2K, XP, 2003. Regards, Norman Zhang /var/log/samba/log.2d-052 [2004/12/06 15:19:50, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! # rpm -qa 'samba*' samba-common-3.0.6-4.3.100mdk samba-client-3.0.6-4.3.100mdk samba-doc-3.0.6-4.3.100mdk samba-winbind-3.0.6-4.3.100mdk samba-swat-3.0.6-4.3.100mdk samba-server-3.0.6-4.3.100mdk # rpm -qa '*krb5*' libkrb51-1.3-6.3.100mdk ftp-client-krb5-1.3-6.3.100mdk /etc/samba/smb.conf [global] workgroup = ARKONDOMAIN realm = HQ.ARKONNETWORKS.COM server string = Samba Server %v security = ADS obey pam restrictions = Yes password server = 192.168.22.22 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 18 preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 15000-2 idmap gid = 15000-2 template homedir = /hsd1/transfer/%u template shell = /bin/bash winbind separator = / winbind use default domain = Yes [transfer] comment = Temporary Storage path = /hsd1/transfer read only = No create mask = 0777 directory mask = 0777 /etc/krb5.conf [logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = HQ.ARKONNETWORKS.COM default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc permitted_enctypes = des3-hmac-sha1 des-cbc-crc dns_lookup_realm = false dns_lookup_kdc = false kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 forwardable = true proxiable = true [realms] HQ.ARKONNETWORKS.COM = { kdc = dc2.hq.arkonnetworks.com:88 admin_server = dc2.hq.arkonnetworks.com:749 default_domain = hq.arkonnetworks.com } [domain_realm] .hq.arkonnetworks.com = HQ.ARKONNETWORKS.COM [kdc] profile = /etc/kerberos/krb5kdc/kdc.conf [pam] debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false [login] krb4_convert = false krb4_get_tickets = false -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP and Samba PDC Auth Problem
Well, I never did get any replies on this, but I have, in the interim, discovered the problem. So, for posterity I'm posting the answer here in case someone else comes along with a similar problem. The original smb.conf from the old server included a line setting the guest account to smbguest. Whereas this account existed on my old system, I had not created it on the new system. As soon as I created this account, BOOM, everything started working exactly as it had before. On Sun, 5 Dec 2004, Aaron Smith wrote: I have been running a Samba PDC with Samba version 3.0.0 on Redhat 7.3 for quite some time. My WinXP Pro SP2 system is part of the domain and everything has been working just peachy. And then, of course, I had to tinker with it. I upgraded the linux box to Whitebox Linux 3.0, a derivative of Redhat Enterprise Linux 3.0. It comes with Samba 3.0.7. After installing and updating everything, I brought over the entire contects of my /etc/samba directory and loaded a previously saved LDIF file for my LDAP server (which samba authenticates to). No changes were made in any of these files and no changes were made on the WinXP box. If I do an smbclient -L linux-box-name it prompts me for a password, which is accepted, and a list of shares is presented. If I do the same thing using the WinXp's name, I get: session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE If I attempt to log in with a domain account on the XP box, I get a dialog box that says: Windows could not connect to the domain, either because the domain controller is down, of otherwise unavailable, or because your computer account was not found. I *AM* able to remove the XP machine from the domain and re-add it without incident. Or at least, I get the Welcome to the PANDORANET Domain message when adding it so I'm assuming the kali$ machine account is being properly found. I suspect that this has something to do with the schannel settings. Samba reports that all 4 settings are currently set to Auto which seems to be the ideal setting. The first thing I tried was the registry change for signorseal to 0, but that had no affect. Currently, under the Local Security settings, I have for what I believe are the pertinent settings: Domain member: Digitally encrypt or sign secure channel data (always): Enabled Domain member: Digitally encrypt secure channel data (when possible): Enabled Domain member: Digitally sign secure channel data (when possible): Enabled Microsoft Network Client: Digitally sign communications (always): Disabled Microsoft Network Client: Digitally sign communications (if server agrees): Enabled Microsoft Network Server: Digitally sign communications (always): Disabled Microsoft Network Server: Digitally sign communications (if server agrees): Enabled Anyone have any ideas? I've been tearing my hair out over this all weekend! - Aaron Smith vox: 269.226.9550 ext.26 Network Director fax: 269.349.9076 Nexcerpt, Inc. http://www.nexcerpt.com ...Nexcerpt... Extend Your Expertise -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] retry: VFS databaseFS
On Mon, Dec 06, 2004 at 08:53:02PM +, gianni wrote: I'm looking for Database FS, a VFS module written by Eric Lorimer. Anyone knows where to find it? Note that the link on the samba official documentation is no longer valid... I tried this out a while ago without any success. The idea is very cool though. I forget why I couldn't get it to work. In any case, I put the version I had downloaded on my site. http://www.edplese.com/files/musicdb.0.1-2.tar.gz If you get it to work, please let me know. Ed -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How do I stop the guest account printing?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | The samba server is used by several people, not all of whom have ... | Windows SMB design? Tried this?: invalid users = guest Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBtSsQ57L0B7uXm9oRAvapAJ0WuPS3qUILvToBlD1kjjHpNmG9pgCfYgUH qp0f1MyWxapTOFLgEMT8qaU= =eaLc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: storing of roaming profile fails
Michael Lueck schrieb: Andreas Schlager wrote: a strange problem occurs in samba 3.0.8 (Debian 3.0.8-2 package): You need to pull the Debian 3.0.9 package from samba.org and update. There was a problem copying files to servers in 3.0.8 which was quickly resolved in 3.0.9. Hi Michael, now the 3.0.9 Debian packages are available, and now it works! Many thanks! -Andreas. -- M. Kaindl Holzindustrie Kaindlstraße 2 A-5071 Wals/Salzburg Andreas Schlager, IT EMail: [EMAIL PROTECTED] Phone: +43/662/8588-1420 F A X: +43/662/8588-2030 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.9 and macro %f
Gerald (Jerry) Carter schrieb: | samba 3.0.9 cannot expand %f anymore: | | Sending a netbios message to the samba server himself | | test2 # echo test | /usr/bin/smbclient -U 'eisfair Samba Server on | TEST2' -M TEST2 -I 192.168.0.6 | Connected. Type your message, ending it with a Control-D | sent 6 bytes | | From smb.conf: | | message command = /bin/mail -s 'message from %f' root %s; rm %s | | And this is the mail (see Subjekt): | ... | To: [EMAIL PROTECTED] | Subject: message from __2___ The code hasn't changed. have you looked at a level 10 debug log for clues? [2004/12/07 08:19:29, 5] smbd/connection.c:claim_connection(170) claiming 0 [2004/12/07 08:19:29, 5] smbd/reply.c:reply_special(284) init msg_type=0x81 msg_flags=0x0 [2004/12/07 08:19:29, 6] lib/util_sock.c:write_socket(449) write_socket(24,4) [2004/12/07 08:19:29, 6] lib/util_sock.c:write_socket(452) write_socket(24,4) wrote 4 [2004/12/07 08:19:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 73 [2004/12/07 08:19:29, 6] smbd/process.c:process_smb(1091) got message type 0x0 of len 0x49 [2004/12/07 08:19:29, 3] smbd/process.c:process_smb(1092) Transaction 1 of length 77 [2004/12/07 08:19:29, 5] lib/util.c:show_msg(461) [2004/12/07 08:19:29, 5] lib/util.c:show_msg(471) size=73 smb_com=0xd5 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=2117 smb_uid=0 smb_mid=2 smt_wct=0 smb_bcc=38 [2004/12/07 08:19:29, 10] lib/util.c:dump_data(1899) [000] 04 65 69 73 66 61 69 72 20 53 61 6D 62 61 20 53 .eisfair Samba S [010] 65 72 76 65 72 20 6F 6E 20 54 45 53 54 32 00 04 erver on TEST2.. [020] 54 45 53 54 32 00 TEST2. [2004/12/07 08:19:29, 3] smbd/process.c:switch_message(887) switch message SMBsendstrt (pid 2118) conn 0x0 [2004/12/07 08:19:29, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/12/07 08:19:29, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/12/07 08:19:29, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2004/12/07 08:19:29, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2004/12/07 08:19:29, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/12/07 08:19:29, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/12/07 08:19:29, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 65534 Primary group is 65534 and contains 0 supplementary groups [2004/12/07 08:19:29, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2004/12/07 08:19:29, 2] lib/access.c:check_access(324) Allowed connection from (192.168.0.6) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(eisfair Samba Server on TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(sfair Samba Server on TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(air Samba Server on TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(r Samba Server on TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(Samba Server on TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(mba Server on TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(a Server on TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(Server on TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(rver on TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(er on TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence( on TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(n TEST2) [2004/12/07 08:19:29, 3] lib/charcnv.c:convert_string_internal(247) convert_string_internal: Conversion error: Illegal multibyte sequence(TEST2) [2004/12/07 08:19:29, 3]
Re: [Samba] Local vs Domain user conflict with winbind
On Friday 03 December 2004 19:49, sharif islam wrote: From http://www.faqs.org/docs/samba/ch09.html Be careful when adding local users after domain users have started accessing the Samba server. The domain users will have entries created for them by winbind in /etc/passwd, with UIDs in the range you specify. If you are using a method of creating new accounts that automatically assigns UIDs, it might choose UIDs by adding 1 to the highest UID assigned thus far, which will be the most recent UID added by winbind. (This is the case on Red Hat Linux, with the useradd script, for example.) The UID for the new local user will be within the range allocated for winbind, which will have undesired effects. Make sure to add new local users using a method that assigns them UIDs in the proper range. For example, you can use the -u option of useradd to specify the UID to assign to the new user. I am running samab as a member server with winbind. I tried to create a local user with useradd -u, but winbind seems hang during the process. How do I create a local user? Do I need to turn winbind off then create the user? You can just edit /etc/passwd by hand, and then change password via passwd. -- vda -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
svn commit: samba r4075 - in branches/SAMBA_4_0/source: libnet librpc/idl rpc_server/srvsvc
Author: metze Date: 2004-12-06 11:10:15 + (Mon, 06 Dec 2004) New Revision: 4075 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4075 Log: implement RemoteTOD server function metze Modified: branches/SAMBA_4_0/source/libnet/libnet_time.c branches/SAMBA_4_0/source/librpc/idl/srvsvc.idl branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_time.c === --- branches/SAMBA_4_0/source/libnet/libnet_time.c 2004-12-06 07:13:50 UTC (rev 4074) +++ branches/SAMBA_4_0/source/libnet/libnet_time.c 2004-12-06 11:10:15 UTC (rev 4075) @@ -82,7 +82,7 @@ tm.tm_isdst = -1; r-srvsvc.out.time = timegm(tm); - r-srvsvc.out.time_zone = ((int32_t)tod.out.info-timezone) * 60; + r-srvsvc.out.time_zone = tod.out.info-timezone * 60; goto disconnect; Modified: branches/SAMBA_4_0/source/librpc/idl/srvsvc.idl === --- branches/SAMBA_4_0/source/librpc/idl/srvsvc.idl 2004-12-06 07:13:50 UTC (rev 4074) +++ branches/SAMBA_4_0/source/librpc/idl/srvsvc.idl 2004-12-06 11:10:15 UTC (rev 4075) @@ -1128,14 +1128,14 @@ /* srvsvc_NetRemoteTOD*/ /**/ typedef struct { - uint32 elapsed; - uint32 msecs; + uint32 elapsed; /* time(NULL) */ + uint32 msecs; /* milliseconds till system reboot (uptime) */ uint32 hours; uint32 mins; uint32 secs; uint32 hunds; - uint32 timezone; - uint32 tinterval; + int32 timezone; /* in minutes */ + uint32 tinterval; /* clock tick interval in 0.0001 second units; 310 on windows */ uint32 day; uint32 month; uint32 year; Modified: branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c === --- branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c 2004-12-06 07:13:50 UTC (rev 4074) +++ branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c 2004-12-06 11:10:15 UTC (rev 4075) @@ -24,6 +24,7 @@ #include rpc_server/dcerpc_server.h #include librpc/gen_ndr/ndr_srvsvc.h #include rpc_server/common/common.h +#include system/time.h /* srvsvc_NetCharDevEnum @@ -807,7 +808,36 @@ static WERROR srvsvc_NetRemoteTOD(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct srvsvc_NetRemoteTOD *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct timeval tval; + time_t t; + struct tm tm; + + r-out.info = talloc_p(mem_ctx, struct srvsvc_NetRemoteTODInfo); + WERR_TALLOC_CHECK(r-out.info); + + GetTimeOfDay(tval); + t = tval.tv_sec; + + gmtime_r(t, tm); + + r-out.info-elapsed= t; + /* fake the uptime: just return the milliseconds till 0:00:00 today */ + r-out.info-msecs = (tm.tm_hour*60*60*1000) + + (tm.tm_min*60*1000) + + (tm.tm_sec*1000) + + (tval.tv_usec/1000); + r-out.info-hours = tm.tm_hour; + r-out.info-mins = tm.tm_min; + r-out.info-secs = tm.tm_sec; + r-out.info-hunds = tval.tv_usec/1; + r-out.info-timezone = get_time_zone(t)/60; + r-out.info-tinterval = 310; /* just return the same as windows */ + r-out.info-day= tm.tm_mday; + r-out.info-month = tm.tm_mon + 1; + r-out.info-year = tm.tm_year + 1900; + r-out.info-weekday= tm.tm_wday; + + return WERR_OK; }
svn commit: samba r4077 - in branches/SAMBA_4_0/source/libcli/auth: .
Author: metze Date: 2004-12-06 15:14:42 + (Mon, 06 Dec 2004) New Revision: 4077 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4077 Log: don't add wrapping to empty blobs metze Modified: branches/SAMBA_4_0/source/libcli/auth/gssapi_parse.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/auth/gssapi_parse.c === --- branches/SAMBA_4_0/source/libcli/auth/gssapi_parse.c2004-12-06 15:10:31 UTC (rev 4076) +++ branches/SAMBA_4_0/source/libcli/auth/gssapi_parse.c2004-12-06 15:14:42 UTC (rev 4077) @@ -34,8 +34,12 @@ DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8 tok_id[2]) { struct asn1_data data; - DATA_BLOB ret; + DATA_BLOB ret = data_blob(NULL,0); + if (!ticket-data) { + return ret; + } + ZERO_STRUCT(data); asn1_push_tag(data, ASN1_APPLICATION(0));
svn commit: samba r4078 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: metze Date: 2004-12-06 15:17:43 + (Mon, 06 Dec 2004) New Revision: 4078 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4078 Log: use clearer names metze Modified: branches/SAMBA_4_0/source/librpc/idl/drsblobs.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/drsblobs.idl === --- branches/SAMBA_4_0/source/librpc/idl/drsblobs.idl 2004-12-06 15:14:42 UTC (rev 4077) +++ branches/SAMBA_4_0/source/librpc/idl/drsblobs.idl 2004-12-06 15:17:43 UTC (rev 4078) @@ -95,7 +95,7 @@ typedef [gensize,flag(NDR_PAHEX)] struct { /* this includes the 8 bytes of the repsFromToBlob header */ [value(ndr_size_repsFromTo1(8, r, ndr-flags))] uint32 blobsize; - uint32 consecutive_failures; + uint32 consecutive_sync_failures; NTTIME_1sec last_success; NTTIME_1sec last_attempt; WERROR result_last_attempt; @@ -107,8 +107,8 @@ uint64 tmp_highest_usn; /* updated after each object update */ uint64 reserved_usn; uint64 highest_usn; /* updated after a full replication cycle */ - GUID dsa_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */ - GUID invocation_id_guid; /* the 'invocationId' field of the CN=NTDS Settings object */ + GUID source_dsa_obj_guid; /* the 'objectGuid' field of the CN=NTDS Settings object */ + GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */ GUID transport_guid; } repsFromTo1;
svn commit: samba r4079 - in branches/SAMBA_4_0/source: ldap_server libcli/auth libcli/ldap smb_server
Author: metze Date: 2004-12-06 15:44:17 + (Mon, 06 Dec 2004) New Revision: 4079 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4079 Log: implement the gensec_have_feature() correctly by asking the backend what is actually in use metze Modified: branches/SAMBA_4_0/source/ldap_server/ldap_server.c branches/SAMBA_4_0/source/libcli/auth/gensec.c branches/SAMBA_4_0/source/libcli/auth/gensec.h branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c branches/SAMBA_4_0/source/libcli/ldap/ldap_client.c branches/SAMBA_4_0/source/smb_server/sesssetup.c Changeset: Sorry, the patch is too large (264 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4079
svn commit: samba r4080 - in branches/SAMBA_4_0/source/libcli/raw: .
Author: metze Date: 2004-12-06 15:45:48 + (Mon, 06 Dec 2004) New Revision: 4080 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4080 Log: missing file from the last commit metze Modified: branches/SAMBA_4_0/source/libcli/raw/clisession.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/raw/clisession.c === --- branches/SAMBA_4_0/source/libcli/raw/clisession.c 2004-12-06 15:44:17 UTC (rev 4079) +++ branches/SAMBA_4_0/source/libcli/raw/clisession.c 2004-12-06 15:45:48 UTC (rev 4080) @@ -413,7 +413,7 @@ goto done; } - gensec_want_feature(session-gensec, GENSEC_WANT_SESSION_KEY); + gensec_want_feature(session-gensec, GENSEC_FEATURE_SESSION_KEY); status = gensec_set_domain(session-gensec, parms-generic.in.domain); if (!NT_STATUS_IS_OK(status)) {
svn commit: samba r4081 - in branches/SAMBA_4_0/source: librpc/idl librpc/rpc rpc_server
Author: metze Date: 2004-12-06 17:44:33 + (Mon, 06 Dec 2004) New Revision: 4081 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4081 Log: use clearer names metze Modified: branches/SAMBA_4_0/source/librpc/idl/dcerpc.idl branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/dcerpc.idl === --- branches/SAMBA_4_0/source/librpc/idl/dcerpc.idl 2004-12-06 15:45:48 UTC (rev 4080) +++ branches/SAMBA_4_0/source/librpc/idl/dcerpc.idl 2004-12-06 17:44:33 UTC (rev 4081) @@ -175,7 +175,7 @@ [case(DCERPC_PKT_ALTER)] dcerpc_bind alter; [case(DCERPC_PKT_ALTER_ACK)] dcerpc_bind_ack alter_ack; [case(DCERPC_PKT_FAULT)] dcerpc_faultfault; - [case(DCERPC_PKT_AUTH3)] dcerpc_auth3auth; + [case(DCERPC_PKT_AUTH3)] dcerpc_auth3auth3; [case(DCERPC_PKT_BIND_NAK)] dcerpc_bind_nak bind_nak; } dcerpc_payload; Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2004-12-06 15:45:48 UTC (rev 4080) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2004-12-06 17:44:33 UTC (rev 4081) @@ -681,8 +681,8 @@ pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; pkt.call_id = next_call_id(p); pkt.auth_length = 0; - pkt.u.auth._pad = 0; - pkt.u.auth.auth_info = data_blob(NULL, 0); + pkt.u.auth3._pad = 0; + pkt.u.auth3.auth_info = data_blob(NULL, 0); /* construct the NDR form of the packet */ status = dcerpc_push_auth(blob, mem_ctx, pkt, p-security_state.auth_info); Modified: branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c === --- branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c 2004-12-06 15:45:48 UTC (rev 4080) +++ branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c 2004-12-06 17:44:33 UTC (rev 4081) @@ -157,11 +157,11 @@ /* We can't work without an existing gensec state, and an new blob to feed it */ if (!dce_conn-auth_state.auth_info || !dce_conn-auth_state.gensec_security || - pkt-u.auth.auth_info.length == 0) { + pkt-u.auth3.auth_info.length == 0) { return False; } - status = ndr_pull_struct_blob(pkt-u.auth.auth_info, + status = ndr_pull_struct_blob(pkt-u.auth3.auth_info, call, dce_conn-auth_state.auth_info, (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
svn commit: samba r4082 - in branches/SAMBA_4_0/source/rpc_server: .
Author: metze Date: 2004-12-06 17:48:51 + (Mon, 06 Dec 2004) New Revision: 4082 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4082 Log: support alter_context requests metze Modified: branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c === --- branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c2004-12-06 17:44:33 UTC (rev 4081) +++ branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c2004-12-06 17:48:51 UTC (rev 4082) @@ -564,7 +564,66 @@ return NT_STATUS_OK; } +/* + handle a bind request +*/ +static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call) +{ + struct dcerpc_packet pkt; + struct dcesrv_call_reply *rep; + NTSTATUS status; + uint32_t result=0, reason=0; + /* handle any authentication that is being requested */ + if (!dcesrv_auth_alter(call)) { + /* TODO: work out the right reject code */ + return dcesrv_bind_nak(call, 0); + } + + /* setup a alter_ack */ + dcesrv_init_hdr(pkt); + pkt.auth_length = 0; + pkt.call_id = call-pkt.call_id; + pkt.ptype = DCERPC_PKT_ALTER_ACK; + pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; + pkt.u.alter_ack.max_xmit_frag = 0x2000; + pkt.u.alter_ack.max_recv_frag = 0x2000; + pkt.u.alter_ack.assoc_group_id = call-pkt.u.bind.assoc_group_id; + pkt.u.alter_ack.secondary_address = NULL; + pkt.u.alter_ack.num_results = 1; + pkt.u.alter_ack.ctx_list = talloc_p(call, struct dcerpc_ack_ctx); + if (!pkt.u.alter_ack.ctx_list) { + return NT_STATUS_NO_MEMORY; + } + pkt.u.alter_ack.ctx_list[0].result = result; + pkt.u.alter_ack.ctx_list[0].reason = reason; + GUID_from_string(NDR_GUID, pkt.u.alter_ack.ctx_list[0].syntax.uuid); + pkt.u.alter_ack.ctx_list[0].syntax.if_version = NDR_GUID_VERSION; + pkt.u.alter_ack.auth_info = data_blob(NULL, 0); + + if (!dcesrv_auth_alter_ack(call, pkt)) { + return dcesrv_bind_nak(call, 0); + } + + rep = talloc_p(call, struct dcesrv_call_reply); + if (!rep) { + return NT_STATUS_NO_MEMORY; + } + + status = dcerpc_push_auth(rep-data, call, pkt, + call-conn-auth_state.auth_info); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + dcerpc_set_frag_length(rep-data, rep-data.length); + + DLIST_ADD_END(call-replies, rep, struct dcesrv_call_reply *); + DLIST_ADD_END(call-conn-call_list, call, struct dcesrv_call_state *); + + return NT_STATUS_OK; +} + /* handle a dcerpc request packet */ @@ -848,6 +907,9 @@ case DCERPC_PKT_AUTH3: status = dcesrv_auth3(call); break; + case DCERPC_PKT_ALTER: + status = dcesrv_alter(call); + break; case DCERPC_PKT_REQUEST: status = dcesrv_request(call); break; Modified: branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c === --- branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c 2004-12-06 17:44:33 UTC (rev 4081) +++ branches/SAMBA_4_0/source/rpc_server/dcesrv_auth.c 2004-12-06 17:48:51 UTC (rev 4082) @@ -193,8 +193,79 @@ return True; } +/* + parse any auth information from a dcerpc alter request + return False if we can't handle the auth request for some + reason (in which case we send a bind_nak (is this true for here?)) +*/ +BOOL dcesrv_auth_alter(struct dcesrv_call_state *call) +{ + struct dcerpc_packet *pkt = call-pkt; + struct dcesrv_connection *dce_conn = call-conn; + NTSTATUS status; + /* We can't work without an existing gensec state, and an new blob to feed it */ + if (!dce_conn-auth_state.gensec_security || + pkt-u.alter.auth_info.length == 0) { + return False; + } + + dce_conn-auth_state.auth_info = talloc_p(dce_conn, struct dcerpc_auth); + if (!dce_conn-auth_state.auth_info) { + return False; + } + + status = ndr_pull_struct_blob(pkt-u.alter.auth_info, + call, + dce_conn-auth_state.auth_info, + (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth); + if (!NT_STATUS_IS_OK(status)) { + return False; + } + + return True; +} + /* + add any auth information needed in a alter ack, and process the authentication + information found in the alter. +*/ +BOOL dcesrv_auth_alter_ack(struct dcesrv_call_state *call, struct dcerpc_packet *pkt) +{ + struct dcesrv_connection
svn commit: samba-web r451 - in trunk: .
Author: jerry Date: 2004-12-06 20:54:23 + (Mon, 06 Dec 2004) New Revision: 451 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=451 Log: updating mirroring instructions Modified: trunk/mirroring.html Changeset: Modified: trunk/mirroring.html === --- trunk/mirroring.html2004-12-03 04:31:51 UTC (rev 450) +++ trunk/mirroring.html2004-12-06 20:54:23 UTC (rev 451) @@ -49,8 +49,16 @@ pIf you do attempt to use a web robot then our automatic web robot detector will probably catch you and ban your entire site./p -pInstead, please use anonymous rsync. You can read more about rsync at -a +pYou can use anonymous rsync to obtain a copy of the [sambaftp] +(minus the Binary_Packages download area) and [sambawww] repository. +Please note that official mirror can make use of the [sambaftp-mirror] +repository which includes the Binary_Packages/ directory. However, in +order to do so, you must first obtain the current username and password +for the share. To do this, please send email to a +href=mailto:[EMAIL PROTECTED][EMAIL PROTECTED]/a. +/p + +pYou can read more about rsync at a href=http://rsync.samba.org/;http://rsync.samba.org//a, but basically what you want to do is a href=ftp://samba.org/pub/rsync/;download rsync/a, compile @@ -77,7 +85,7 @@ on that list. Then, if you go ahead, please use rsync like this:/p pre -rsync -az --delete --exclude=ftp mirror.samba.org::sambawww/ /wwwmirrors/samba/ +rsync -az --delete mirror.samba.org::sambawww/ /wwwmirrors/samba/ /pre pTo complete the web mirror you will also need to mirror the ftp site
svn commit: samba-web r452 - in trunk: . scripts
Author: deryck Date: 2004-12-06 21:22:53 + (Mon, 06 Dec 2004) New Revision: 452 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=452 Log: Updating script and info on samba.org since samba.org is automatically sent to us1.samba.org now. Also, remove the reirect page since it's no longer in use. --deryck Modified: trunk/index.html trunk/scripts/js_redirect.py Changeset: Modified: trunk/index.html === --- trunk/index.html2004-12-06 20:54:23 UTC (rev 451) +++ trunk/index.html2004-12-06 21:22:53 UTC (rev 452) @@ -59,11 +59,11 @@ /div div class=request - pVisitors to http://samba.org/ are automatically redirected to one - of our mirrors. If you'd like to change to a mirror closer to your - location, you may choose a span class=punchmirror site/span - from the drop-down menu above. The popularity of Samba puts a strain on - our network. By using a mirror site you can do your bit to reduce the load./p + phttp://samba.org/ is automatically redirected to one of our US + mirrors. To change to a mirror closer to your location, choose a + span class=punchmirror site/span from the drop-down menu above. + The popularity of Samba puts a strain on our network. By using a + mirror site you can do your bit to reduce the load./p /div !--#include virtual=/samba/footer.html -- Modified: trunk/scripts/js_redirect.py === --- trunk/scripts/js_redirect.py2004-12-06 20:54:23 UTC (rev 451) +++ trunk/scripts/js_redirect.py2004-12-06 21:22:53 UTC (rev 452) @@ -1,6 +1,6 @@ #! /usr/bin/python -# Create javascript for redirecting to a random mirror. +# Create list of options for mirrors drop-down menu import os, re @@ -17,19 +17,6 @@ mlist = mirrors.keys() mlist.sort() -# For main samba.org redirect -js = open('redirect_include.html', 'w') -js.write('script language=Javascript type=text/javascript\n') -js.write('!-- Hide from old browsers\n') -js.write('randomMirror = new Array;\n') -for i in range(len(mlist)): -js.write('randomMirror[' + str(i) + '] = ' + mlist[i] + '\n') -js.write('\n') -js.write('n = Math.floor(Math.random()*' + str(len(mirrors.keys())) + ')\n') -js.write('// end hide --\n') -js.write('/script') -js.close() - # For drop-down mirror selection list menu = open('menu_options.html', 'w') for m in mlist:
svn commit: samba-web r453 - in trunk: .
Author: jerry Date: 2004-12-06 22:16:59 + (Mon, 06 Dec 2004) New Revision: 453 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=453 Log: i understand now why --exclude=ftp is needed with sambawww Modified: trunk/mirroring.html Changeset: Modified: trunk/mirroring.html === --- trunk/mirroring.html2004-12-06 21:22:53 UTC (rev 452) +++ trunk/mirroring.html2004-12-06 22:16:59 UTC (rev 453) @@ -85,7 +85,7 @@ on that list. Then, if you go ahead, please use rsync like this:/p pre -rsync -az --delete mirror.samba.org::sambawww/ /wwwmirrors/samba/ +rsync -az --delete --exclude=ftp mirror.samba.org::sambawww/ /wwwmirrors/samba/ /pre pTo complete the web mirror you will also need to mirror the ftp site