[Samba] a question about acl's...
Hi all!! I've a samba server with one share for all the different working projects in the department. So, inside this share i have one folder for each project and each folder is owned by one group (the people working on this project...) Obviously, people who don't belong to a project can't see the files inside of the folder... but... they can see the project folder :( My question is: is there a way to hide the folders using acl? is there any way for doing this? For example, bob belongs to group bob but he can see the folders that belongs to other groups (althought he can't access) Is there a way for doing the hidding of the folders not belonging to bob? If bob only works in 2 projects and the department works in 1000 projects... Ufff, i know i tell the problem very bad (because of my english too, i have to practice), but i hope you will understand it Thx anyway!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] New to Samba world
Hi Team, I am new to Samba. As company has decided to install Linux based file and print server, we are planning to use Samba and LDAP But prior to proceed further, I wanted to know how samba works, what all things needs to be considered at the time of installation. So can any one let me know the same? Thanks Regards Mandar Kulkarni -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New to Samba world
hi, if you are really new to samba i suggest you to use a distro which is already configured for your needs which may be SuSE Linux Enterprise ser. 9. Especialy 2 CPU version is very cheap. byes.. Hi Team, I am new to Samba. As company has decided to install Linux based file and print server, we are planning to use Samba and LDAP But prior to proceed further, I wanted to know how samba works, what all things needs to be considered at the time of installation. So can any one let me know the same? Thanks Regards Mandar Kulkarni -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind ppp 2.4.3 versus ppp-ntlm_auth.patch ppp 2.4.2 + chapms-strip-domain.patch
On Mon, 2005-01-03 at 00:49 +0100, Robert Schetterer wrote: Hi Andrew, i just compiled ppp 2.4.3 on suse 9.2 which worked nice. for yet, i didnt get ready to test ppp winbind auth, as i want a new smb server for this. But i have another question to this stuff did you include the pppd-2.4.2-chapms-strip-domain.patch in 2.4.3 ? or do you know anyone has ported it? ( its very usefull to me ) No, I have not had anything to do with it, as ntlm_auth deals correctly with the domain. Finally, a backport of ppp-ntlm_auth.patch to version 2.4.2 would be great so i could produce a new suse 2.4.2 rpm including this brand new winbind stuff. ( rpmbuild fails at create for many suse patches on 2.4.3 ) I dont think suse will upgrade to ppp 2.4.3 until a new distro version is comming up There were security issues in the earlier patches, so I've removed them from the current SVN repository. The issue occurred when pppd was suid, and my patch was used. I would suggest running the real pppd 2.4.3 - it can't be that hard to rebuild the entire RPM. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Your bill
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is an automated response to e-mail sent to [EMAIL PROTECTED] All potential security issues submitted will be carefully reviewed by the HP Software Security Response Team (SSRT). A follow-up message will be returned to confirm that we are investigating and if necessary to request additional information. Any non-security issue or any PC issue, security related or not, will be forwarded to the appropriate HP resource to be addressed. HP greatly appreciates being informed of any potential security vulnerability identified in an HP supported software product. It is strongly recommended that security related information being communicated to SSRT be encrypted using PGP, especially exploit information. To obtain the security-alert PGP key please send an e-mail message to [EMAIL PROTECTED] with the Subject of 'get key' (no quotes). Thank you, HP Software Security Response Team (SSRT) Hewlett-Packard Company HP is committed to respecting your privacy. For specific guidelines, please read HP's privacy policy here ... http://your.hp.com/m/S.asp?HB12736937685X3249971X334643X HP Privacy Mailbox, 20555 SH 249, MS 040307, Houston, Texas 77070 (automated reply) -BEGIN PGP SIGNATURE- Version: PGP 8.0.3 iQA/AwUBQLdaSOAfOvwtKn1ZEQIYaACdHjeoAPjWIZQ5b8/d9MEUEoYOCOIAn3nd PmBwNGAkwLVctfJmIfQ7cv/3 =q9e9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authenticating PPTP users against Samba/LDAP - Patch doesn't seem to be working
Alex Brown wrote: Andrew Bartlett wrote: On Wed, 2004-10-20 at 00:44, Mike Brodbelt wrote: Hi, I have a few remote user who use a PPTP based VPN. The server is running PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC for (some) added security. Currently, users authentication information is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to put users into LDAP, and have ppp authenticate either directly against LDAP, or against Samba (with an LDAP backend). Any ideas on how I might go about this? Most of the docs I've seen suggest that you can't use PAM for authentication with CHAP, so it seems not to be as simple as I might have hoped. Not related to samba, but I'm using freeradius to authenticate vpn users againts ldap (using sambaNTpassword attribute), works fine for months, and as a bonus we get a detail report of user activities. poptop - freeradius - ldap. -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authenticating PPTP users against Samba/LDAP - Patch doesn't seem to be working
Hi, thx for the info i will try this too. i compiled a suse pack now out of ppp-2.4.3 and will give infos back to the list if winbind feature works like desired Regards Beast schrieb: Alex Brown wrote: Andrew Bartlett wrote: On Wed, 2004-10-20 at 00:44, Mike Brodbelt wrote: Hi, I have a few remote user who use a PPTP based VPN. The server is running PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC for (some) added security. Currently, users authentication information is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to put users into LDAP, and have ppp authenticate either directly against LDAP, or against Samba (with an LDAP backend). Any ideas on how I might go about this? Most of the docs I've seen suggest that you can't use PAM for authentication with CHAP, so it seems not to be as simple as I might have hoped. Not related to samba, but I'm using freeradius to authenticate vpn users againts ldap (using sambaNTpassword attribute), works fine for months, and as a bonus we get a detail report of user activities. poptop - freeradius - ldap. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] graphical configuration tool
ok, i was told by someone on the #samba irc channel to send this here. i have been working on a graphical configuration tool for samba, i have pretty much finished the program which is written in tcl/tk. however, i need people to test it and report bugs and features they would like. to use it you will need: a unix type operating system: (it is designed for linux, but i am interested to find if it is compatable with other OSs ie: unix, bsd, etc. samba: it should be compatable with most recent versions. an xserver: this is a graphical program, so it requires an xserver. a tcl/tk interpreter. the program automatically makes restorable backups of the files it edits and thus shouldn't destroy everything, however until beta testing is finished, i reccommend people to make backups of their smb.conf and /etc/network/interfaces files manually. the program should be untarred into /opt and the .tcl file run. it can be downloaded here: http://www.sourceforge.net/projects/ico2sambaconf i welcome feedback, questions and suggestions, my email address is [EMAIL PROTECTED] thanks to anyone who has taken the time to read this and/or try out my software. ico2 :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pam_winbind troubles
Hi and happy New Year. I test the integration of samba 3.0.10 on a fedora core 3 box in a Microsoft Active Directory (Windows 2003) environment. I already configure samba for the integration in the AD domain and it works fine but I have a problem with the pam_winbind. I can authenticate my AD domain users on the fedora box but I cant change their password with the passwd command. For example, I can log with the VDP\kalaghan domain user but when I try to change his password with the passwd command, Ive got the next error messages in /var/log/messages: Jan 3 14:55:01 fedogat pam_winbind[2869]: user 'VDP\kalaghan' granted access Jan 3 14:55:20 fedogat pam_winbind[2869]: request failed: NT_STATUS_PASSWORD_RESTRICTION, PAM error was 4, NT error was NT_STATUS_PASSWORD_RESTRICTION Jan 3 14:55:20 fedogat pam_winbind[2869]: internal module error (retval = 4, user = `VDP\kalaghan' The password Im using is more than eight characters and Ive disabled the GPO in AD which concerns the complexity of password. My /etc/pam.d/system-auth file: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account sufficient/lib/security/$ISA/pam_winbind.so account sufficient/lib/security/$ISA/pam_succeed_if.so uid 100 quiet account required /lib/security/$ISA/pam_permit.so passwordrequisite /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordsufficient/lib/security/$ISA/pam_winbind.so passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so If someone have an idea Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Slow network and 100% CPU
Hi, I have a samba server which functioned correctly. Only, since 2 weeks, the users have complained about slowness networks and the server is to 100% CPU on the initial process smbd. My version is 3.0.7 and I have a Windows 2000 WINS server for netbios resolution. The samba server use nscd and ldap for password module. I upgraded to samba 3.0.10 for a test, but the problem is not resolved. I would like to know how to determine if is the samba server or the ldap server or is the nscd or is the wins server or is a conflict between to computers which have the same IP adress cause these problems. I don't found in log a trace that is a samba problem. Sometimes I read connection reset by peer and also in nmbd.log, I can read Failing wins test #1. Any information is very apprecied Thank you -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Slow network and 100% CPU
I don't know if this is your problem, but I had a similar problem with Samba 2.2.8 + LDAP. It turns out that my server was running out of file handles. The culprit was NSCD. I killed it off and things have been fine ever since. Good luck. Kevin -Original Message- From: Stéphane Purnelle [mailto:[EMAIL PROTECTED] Sent: Monday, January 03, 2005 10:02 AM To: samba@lists.samba.org; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Samba] Slow network and 100% CPU Hi, I have a samba server which functioned correctly. Only, since 2 weeks, the users have complained about slowness networks and the server is to 100% CPU on the initial process smbd. My version is 3.0.7 and I have a Windows 2000 WINS server for netbios resolution. The samba server use nscd and ldap for password module. I upgraded to samba 3.0.10 for a test, but the problem is not resolved. I would like to know how to determine if is the samba server or the ldap server or is the nscd or is the wins server or is a conflict between to computers which have the same IP adress cause these problems. I don't found in log a trace that is a samba problem. Sometimes I read connection reset by peer and also in nmbd.log, I can read Failing wins test #1. Any information is very apprecied Thank you -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authenticating PPTP users against Samba/LDAP - Patch doesn't seem to be working
Andrew Bartlett wrote: On Fri, 2004-12-31 at 08:48 -0500, Alex Brown wrote: Andrew Bartlett wrote: On Wed, 2004-10-20 at 00:44, Mike Brodbelt wrote: Hi, I have a few remote user who use a PPTP based VPN. The server is running PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC for (some) added security. Currently, users authentication information is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to put users into LDAP, and have ppp authenticate either directly against LDAP, or against Samba (with an LDAP backend). Any ideas on how I might go about this? Most of the docs I've seen suggest that you can't use PAM for authentication with CHAP, so it seems not to be as simple as I might have hoped. Disclaimer - I haven't actually tried any of this yet, I'm just trying to get it clear in my head before I start... The pppd patch (one for 2.4.2, one for current CVS) is here: http://download.samba.org/ftp/unpacked/lorikeet/trunk/pppd The documentation is: http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf Note that the patch changed a little since the report was written, use the instructions in the README for configuration. Andrew Bartlett Hi Andrew, Thanks for creating the final-report document. It is very informative. I'm trying to set up a PoPToP server that authenticates to our Windows NT Domain (with a Windows NT 4.0 PDC) via Samba/Winbind. When I follow the instructions in your document, after changing to the ppp directory to apply the ntlm_auth patch, I get the following output. Current ppp has everything you need already - I finally got it merged upstream. All you need now is the configuration (which has changed since the report was written): Configuration (pppd config file): plugin winbind.so ntlm_auth-helper /usr/local/bin/ntlm_auth --helper-protocol=ntlm- server-1 The --required-membership-of option is also available, to implement a 'dialin users' or 'vpn users' group. Andrew Bartlett Thanks Andrew, I followed your instructions without applying the patch and I modified the /etc/ppp/options.pptpd file to include the changes in your reply. I'm having what I'm sure is a small problem so please forgive my ignorance. When I try to authenticate to the poptop server with my Windows XP client, I see the following messages in my log... Jan 3 08:31:37 papcom pptpd[2603]: MGR: Launching /usr/sbin/pptpctrl to handle client Jan 3 08:31:37 papcom pptpd[2603]: CTRL: local address = 192.168.0.1 Jan 3 08:31:37 papcom pptpd[2603]: CTRL: remote address = 192.168.0.3 Jan 3 08:31:37 papcom pptpd[2603]: CTRL: pppd options file = /etc/ppp/options.pptpd Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Client 66.156.10.36 control connection started Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Received PPTP Control Message (type: 1) Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Made a START CTRL CONN RPLY packet Jan 3 08:31:37 papcom pptpd[2603]: CTRL: I wrote 156 bytes to the client. Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Sent packet to client Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Received PPTP Control Message (type: 7) Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Set parameters to 1525 maxbps, 64 window size Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Made a OUT CALL RPLY packet Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Starting call (launching pppd, opening GRE) Jan 3 08:31:37 papcom pptpd[2603]: CTRL: pty_fd = 5 Jan 3 08:31:37 papcom pptpd[2603]: CTRL: tty_fd = 6 Jan 3 08:31:37 papcom pptpd[2604]: CTRL (PPPD Launcher): Connection speed = 115200 Jan 3 08:31:37 papcom pptpd[2603]: CTRL: I wrote 32 bytes to the client. Jan 3 08:31:38 papcom pptpd[2604]: CTRL (PPPD Launcher): local address = 192.168.0.1 Jan 3 08:31:38 papcom pptpd[2603]: CTRL: Sent packet to client Jan 3 08:31:38 papcom pptpd[2604]: CTRL (PPPD Launcher): remote address = 192.168.0.3 Jan 3 08:31:38 papcom pptpd[2603]: CTRL: Received PPTP Control Message (type: 15) Jan 3 08:31:38 papcom pppd[2604]: Plugin /usr/local/lib/pppd/2.4.3/winbind.so loaded. Jan 3 08:31:38 papcom pptpd[2603]: CTRL: Got a SET LINK INFO packet with standard ACCMs Jan 3 08:31:38 papcom pppd[2604]: WINBIND plugin initialized. Jan 3 08:31:38 papcom pptpd[2603]: GRE: Discarding duplicate packet Jan 3 08:31:38 papcom pppd[2604]: pppd 2.4.3 started by root, uid 0 Jan 3 08:31:38 papcom pppd[2604]: using channel 23 Jan 3 08:31:38 papcom kernel: divert: not allocating divert_blk for non-ethernet device ppp0 Jan 3 08:31:38 papcom pppd[2604]: Using interface ppp0 Jan 3 08:31:38 papcom pppd[2604]: Connect: ppp0 -- /dev/pts/2 Jan 3 08:31:38 papcom pppd[2604]: sent [LCP ConfReq id=0x1 asyncmap 0x0 auth chap MS-v2 magic 0x57d0a938 pcomp accomp] Jan 3 08:31:38 papcom pptpd[2603]: GRE: Bad checksum from pppd. Jan 3 08:31:38 papcom pppd[2604]: rcvd [LCP ConfAck id=0x1 asyncmap 0x0 auth chap MS-v2 magic 0x57d0a938 pcomp accomp] Jan 3 08:31:40 papcom pppd[2604]: rcvd [LCP ConfReq
[Samba] Samba share breaks msi-install process
Hi, I need advise by someone with knowledge about the inner workings of MS Installer to explain the behavioural difference between using a Samba share and a native Windows share. I'm trying to install a (commercial) package on multiple Windows machines. This package shares several database-like files in a central directory on a central share. Using a share on a Windows XP-machine works OK leaving the central files intact, using a Samba share breaks things. First I install the package on the first machine (say pcA). The central directory on the share is created and the files are installed. The package now works excellent. Then I install the package on the second machine (say pcB). The central share is found, but on Samba the important database file is reinitialised, deleting all the information put into it using pcA. The shares are mapped using the same account name and password (only one PC needs to be active at the same time). I have tried both Samba Version 2.0.5a, and Version 3.0.3pre2-2.pre2. Both behave exactly alike. On version 3 I have experimented with serveral options the last setting I tried is: [tmp] comment = Temporary file space path = /tmp read only = no browseable = yes public = yes map hidden = yes dos filetimes = yes dos filetime resolution = yes fstype = FAT fake directory create times = yes ea support = no My feeling is that somehow the file/directory times are important (perhaps the file creation time plays an essential role). I have sniffed the network with ethereal: the important file is copied to a .rbf file. That (roll back?) file isn't touched and later on deleted. The software company ensures me that when using any kind of Windows share the software works as expected, only with Samba it fails (other customers have identical problems). They too would like the problem resolved. They also checked their .msi file: the central database file is marked as very valuable, and shouldn't be destroyed. It is the MSI install process that rewrites the central files. Does anyone know how MSI checks its target files and whether samba can be tweaked either by changing the configuration file of by adding new functionality to Samba to make it work? Thanks a lot, Yves Fonk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 joining Windows 20003 ADS
I don't know if it might also work in your case. After defining an uppercased netbios name on smb.conf, the segfault warnings stopped. netbios name = TTLNX01 Mine was already uppercased, so that's not it. -- Andrew S. Zbikowski | http://andy.zibnet.us A password is like your underwear; Change it frequently, don't share it with others, and don't ask to borrow someone else's. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Troubles loging into Samba PDC
Hello everybody, I have been trying to set up a PDC in samba. As I continue to make what I think are advancements I am still nowhere near having things running. My problem is as follows: I have been in the past using Samba as a simple file server on our Workgroup and decided that I would convert this server over to being a PDC. After configuring and reconfiguring the smb.conf I managed to get things to a point that when I make computer name changes in the WindowsXP system control panel to be a member of my newly created domain it allows me to log in and connect as root. However I can not seem to get it then to allow any sort of user login to the Domain at all, not even as root. /var/log/messages tells me unable to authenticate or something along those lines, I have added the machine and the user to smbpasswd. This is what I know to do so far and would greatly appreciate any help offered. I will include a copy of my smb.conf if that is any help. [global] dns proxy = no log level = 2 log file = /var/log/samba/%m.log smb passwd file = /etc/samba/smbpasswd server string = Intertech Samba Server socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 unix password sync = no workgroup = IntertechDomain wins support = yes add user script = /usr/sbin/useradd -d /dev/null -g staff /bin/false os level = 64 preferred master = yes local master = yes domain master = yes domain logons = yes security = user domain admin group = @staff @root hosts allow = 192.168., passwd program = /usr/bin/passwd %u passwd chat = *New*password*%n\n*Please*retype*new*password* %n\n*password*successfully*updated* logon path = \\%L\home\%U logon home = \\%L\home\%U\profile logon drive = H: logon script = netlogon.bat [homes] create mask = 0700 directory mask = 0700 browseable = no comment = Home Directories writeable = yes valid users = %S [Shares] printable = no writable = yes path = /Intertech_Files/shared write list = @staff force group = staff create mask = 0775 directory mask = 0775 comment = Shared Files public = yes [idsutility] writeable = yes path = /Intertech_Files/idsutility write list = @staff force directory mode = 0775 force create mode = 0775 public = yes create mode = 0775 directory mode = 0775 [accounting] writeable = yes path = /Intertech_Files/accounting write list = @accounting force directory mode = 0770 valid users = @accounting force create mode = 0770 public = yes create mode = 0770 directory mode = 0770 [netlogon] comment = The domain logon service path = /Intertech_Files/netlogon writable = no guest ok = yes Thank you, Jason Self -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Issues with Solaris 9, and ADS
David all, It seems like there's 2 problems. In my understanding of Samba a UNIX account is required in any case. As to the second problem with the realm, could you please post your smb.conf? I'm not sure what would cause that problem other than being in the wrong workgroup or pointing to the wrong AD server. spike David Wruck wrote: I have been working with this for a little over a month now, and here's where we are at: We have 3 domains, 2 of them are sending SIDs to the Solaris box, and Kerbos is compiled and working (we can authenticate to any of the 3 domains), we can get user IDs from any of the 3 domains, however none of the users can gain access to the share unless we give them a Unix account. Samba was compiled with ADS support, and the make file shows that krb5 and ADS are both 1, however when we add the 'realm =' to the config file we get an error with Samba claiming it does not understand the realm setting. We are using 3.0.9, and the exact error is that the AD user is not found, yet wbinfo can find the user accounts just fine. The AD is a 2000 AD. We have followed steps in the docs, and on more mailing lists than I care to remember at this point. If anyone could point out any possible flaw, I'd appreciate it. I apologize for not having cut and paste messages and such, but I'm not anywhere near the machine at the moment, however I could post anything that would be useful later. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: a question about acl's... [solution]
Hi all! well, just a few hours after writing the mail to the list i found a solution jeje I was working on it for 1 week with no success and now... :) The solution is just putting the option hide unreadable = yes in the smb.conf in the share you want to hide the dirs/files that are not readable for the user. If you want it for all the shares you can put it in the global section. Thx anyway! (to the people who readed me and searched a little :p) Send me your success or fails to know if it's the correct solution (for me it works) Xavi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New to Samba world
On Monday 03 January 2005 03:29, Mandar Kulkarni/PUN/IN/STTL wrote: Hi Team, I am new to Samba. As company has decided to install Linux based file and print server, we are planning to use Samba and LDAP But prior to proceed further, I wanted to know how samba works, what all things needs to be considered at the time of installation. So can any one let me know the same? Sure, that's the very reason I wrote the book Samba-3 by Example that has precise example network configurations with step-by-step instructions to help you get it configured. You can purchase the book from Amazon.Com or download it from the Samba web site at: http://www.samba.org/samba/docs/Samba-Guide.pdf Samba with LDAP is covered in Chapter 6. I hope this helps you. Cheers, John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authenticating PPTP users against Samba/LDAP - Patch doesn't seem to be working
Hi Alex, write this ( check your paths to the files ) plugin winbind.so ntlm_auth-helper /usr/sbin/ntlm_auth --helper-protocol=localhost in your /etc/ppp/options also check your winbind config , and your ips in pptpd.conf (they look a little strange to me ) i recommend to test pptpd first with a entry to /etc/ppp/chap.secrets which is the default auth ( chap ) for pptpd , if this works try winbind plugin. At my tests i got the plugin started and the right pop up message in my win xp client, also in the logs everything seems to work right ,but i havent setup samba/winbind yet to test the funktion in a whole. I will post the results if i have it up and running Regards Alex Brown schrieb: Andrew Bartlett wrote: On Fri, 2004-12-31 at 08:48 -0500, Alex Brown wrote: Andrew Bartlett wrote: On Wed, 2004-10-20 at 00:44, Mike Brodbelt wrote: Hi, I have a few remote user who use a PPTP based VPN. The server is running PoPToP (http://www.poptop.org/), and a pppd patched to support MPPE/MPPC for (some) added security. Currently, users authentication information is stored in plaintext in /etc/ppp/chap-secrets. I'd like to be able to put users into LDAP, and have ppp authenticate either directly against LDAP, or against Samba (with an LDAP backend). Any ideas on how I might go about this? Most of the docs I've seen suggest that you can't use PAM for authentication with CHAP, so it seems not to be as simple as I might have hoped. Disclaimer - I haven't actually tried any of this yet, I'm just trying to get it clear in my head before I start... The pppd patch (one for 2.4.2, one for current CVS) is here: http://download.samba.org/ftp/unpacked/lorikeet/trunk/pppd The documentation is: http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf Note that the patch changed a little since the report was written, use the instructions in the README for configuration. Andrew Bartlett Hi Andrew, Thanks for creating the final-report document. It is very informative. I'm trying to set up a PoPToP server that authenticates to our Windows NT Domain (with a Windows NT 4.0 PDC) via Samba/Winbind. When I follow the instructions in your document, after changing to the ppp directory to apply the ntlm_auth patch, I get the following output. Current ppp has everything you need already - I finally got it merged upstream. All you need now is the configuration (which has changed since the report was written): Configuration (pppd config file): plugin winbind.so ntlm_auth-helper /usr/local/bin/ntlm_auth --helper-protocol=ntlm- server-1 The --required-membership-of option is also available, to implement a 'dialin users' or 'vpn users' group. Andrew Bartlett Thanks Andrew, I followed your instructions without applying the patch and I modified the /etc/ppp/options.pptpd file to include the changes in your reply. I'm having what I'm sure is a small problem so please forgive my ignorance. When I try to authenticate to the poptop server with my Windows XP client, I see the following messages in my log... Jan 3 08:31:37 papcom pptpd[2603]: MGR: Launching /usr/sbin/pptpctrl to handle client Jan 3 08:31:37 papcom pptpd[2603]: CTRL: local address = 192.168.0.1 Jan 3 08:31:37 papcom pptpd[2603]: CTRL: remote address = 192.168.0.3 Jan 3 08:31:37 papcom pptpd[2603]: CTRL: pppd options file = /etc/ppp/options.pptpd Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Client 66.156.10.36 control connection started Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Received PPTP Control Message (type: 1) Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Made a START CTRL CONN RPLY packet Jan 3 08:31:37 papcom pptpd[2603]: CTRL: I wrote 156 bytes to the client. Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Sent packet to client Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Received PPTP Control Message (type: 7) Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Set parameters to 1525 maxbps, 64 window size Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Made a OUT CALL RPLY packet Jan 3 08:31:37 papcom pptpd[2603]: CTRL: Starting call (launching pppd, opening GRE) Jan 3 08:31:37 papcom pptpd[2603]: CTRL: pty_fd = 5 Jan 3 08:31:37 papcom pptpd[2603]: CTRL: tty_fd = 6 Jan 3 08:31:37 papcom pptpd[2604]: CTRL (PPPD Launcher): Connection speed = 115200 Jan 3 08:31:37 papcom pptpd[2603]: CTRL: I wrote 32 bytes to the client. Jan 3 08:31:38 papcom pptpd[2604]: CTRL (PPPD Launcher): local address = 192.168.0.1 Jan 3 08:31:38 papcom pptpd[2603]: CTRL: Sent packet to client Jan 3 08:31:38 papcom pptpd[2604]: CTRL (PPPD Launcher): remote address = 192.168.0.3 Jan 3 08:31:38 papcom pptpd[2603]: CTRL: Received PPTP Control Message (type: 15) Jan 3 08:31:38 papcom pppd[2604]: Plugin /usr/local/lib/pppd/2.4.3/winbind.so loaded. Jan 3 08:31:38 papcom pptpd[2603]: CTRL: Got a SET LINK INFO packet with standard ACCMs Jan 3 08:31:38 papcom pppd[2604]: WINBIND plugin initialized. Jan 3 08:31:38 papcom pptpd[2603]: GRE: Discarding
[Samba] Another question about viewing shares (printers in this case)
Hi again, after the thread a question about acl's... here is another tunning question... there is a way to hide the printers for specified users/groups? I have 2 printers, one for users and the other for the administrative personel. So, i have restricted the access of one printer to users and the other for the admins. There's no problem... But, when i see what there are in \\server (file and print server) i see the two printers and i want to see only one (the admin one). Anyway, i cannot access the users printer. It's an example of course. The printer section of my smb.conf: [ Samba 3.0.10 ] [printer1] comment = printer1 path = /var/spool/samba valid users = @admins printable = Yes browseable = yes guest ok = no [printer2] comment = printer2 path = /var/spool/samba valid users = @users printable = Yes browseable = yes guest ok = no Well, it's for tunning better the configuration of the server. Thnx!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow network and 100% CPU
The problem of nscd was runningout out of file gandles is due to an incorrect glibc. nscd and the correct glibc correct version is very important. It's not this problem. The problem is very odd, some compuets hangs as soon as one types something in a spreadsheet for example. Collins, Kevin a écrit : I don't know if this is your problem, but I had a similar problem with Samba 2.2.8 + LDAP. It turns out that my server was running out of file handles. The culprit was NSCD. I killed it off and things have been fine ever since. Good luck. Kevin -Original Message- From: Stéphane Purnelle [mailto:[EMAIL PROTECTED] Sent: Monday, January 03, 2005 10:02 AM To: samba@lists.samba.org; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Samba] Slow network and 100% CPU Hi, I have a samba server which functioned correctly. Only, since 2 weeks, the users have complained about slowness networks and the server is to 100% CPU on the initial process smbd. My version is 3.0.7 and I have a Windows 2000 WINS server for netbios resolution. The samba server use nscd and ldap for password module. I upgraded to samba 3.0.10 for a test, but the problem is not resolved. I would like to know how to determine if is the samba server or the ldap server or is the nscd or is the wins server or is a conflict between to computers which have the same IP adress cause these problems. I don't found in log a trace that is a samba problem. Sometimes I read connection reset by peer and also in nmbd.log, I can read Failing wins test #1. Any information is very apprecied Thank you -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Stéphane Purnelle [EMAIL PROTECTED] Site Web : http://www.linuxplusvalue.be -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba v3 slow with 'security = server'
We were running samba v2.2.x with the 'security = server' option and everything worked wonderfully. We upgraded to samba 3.0.10 with the same configuration. Everything still works but it's very very slow. Opening a file can take 15 to 30 seconds or more. I changed the security option to 'user' and everything is fast again. Clearly something has changed between 2.x.x and 3.x.x to slow this down immensely. Is there any way we can run with security set to server but cache the results of the server conversation? Am I missing a new option that can set? Would 'security = Domain' help? or will it suffer from the same issue. Anthony. -- Anthony R Iano-Fletcher Room 2033, Building 12A,http://dcb.cit.nih.gov/~arif National Institutes of Health, [EMAIL PROTECTED] 12A South Drive, Bethesda, Phone: (+1) 301 402 1741. MD 20892-5624, USA. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba v3 slow with 'security = server'
Anthony, I don't think changing authentication to 'security = Domain' would help a performance problem. I'd make sure that you're not running into memory, disk or network congestion problems. I forget the number but there is a recommended amount of memory/user so knowing the number of connections is important. Memory usage can make a huge difference in a Solaris environment. Make sure there hasn't been any changes in usage either. There are lots of areas that could affect this but those would be my starting points. spike Anthony Iano-Fletcher wrote: We were running samba v2.2.x with the 'security = server' option and everything worked wonderfully. We upgraded to samba 3.0.10 with the same configuration. Everything still works but it's very very slow. Opening a file can take 15 to 30 seconds or more. I changed the security option to 'user' and everything is fast again. Clearly something has changed between 2.x.x and 3.x.x to slow this down immensely. Is there any way we can run with security set to server but cache the results of the server conversation? Am I missing a new option that can set? Would 'security = Domain' help? or will it suffer from the same issue. Anthony. -- Anthony R Iano-Fletcher Room 2033, Building 12A,http://dcb.cit.nih.gov/~arif National Institutes of Health, [EMAIL PROTECTED] 12A South Drive, Bethesda, Phone: (+1) 301 402 1741. MD 20892-5624, USA. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: SUCCESS!!!! [Samba] Re: Authenticating PPTP users against Samba/LDAP - Patch doesn't seem to be working
Robert Schetterer wrote: Hi Alex, write this ( check your paths to the files ) plugin winbind.so ntlm_auth-helper /usr/sbin/ntlm_auth --helper-protocol=localhost in your /etc/ppp/options also check your winbind config , and your ips in pptpd.conf (they look a little strange to me ) i recommend to test pptpd first with a entry to /etc/ppp/chap.secrets which is the default auth ( chap ) for pptpd , if this works try winbind plugin. At my tests i got the plugin started and the right pop up message in my win xp client, also in the logs everything seems to work right ,but i havent setup samba/winbind yet to test the funktion in a whole. I will post the results if i have it up and running Regards WOW!!! It works!! You all are awesome Andrew, YOU ARE THE MAN!!! I've got Poptop using Winbind to authenticate to my NT domain controller. It was something very little that I missed. I had the wrong path to ntlm_auth in my options.pptpd file. Thank you so much Robert for reminding me to check my paths. I used a line similar to the line Andrew suggested . . . ntlm_auth-helper /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 (Notice I had to change my path from /usr/local/bin/ntlm_auth) Robert, I don't believe localhost is an allowable value for the helper-protocol option. This is what I saw when I checked the options: [EMAIL PROTECTED] ~]# ntlm_auth --helper-protocol --help unknown helper protocol [--help] Valid helper protools: squid-2.4-basic squid-2.5-basic squid-2.5-ntlmssp ntlmssp-client-1 gss-spnego gss-spnego-client ntlm-server-1 [EMAIL PROTECTED] ~]# I hope that helps. Thanks again you all. You've helped me get another step closer to my goal. This has been a great experience and I look forward to the coming adventures. Andrew, I really do want to be like you when I grow up. Thanks!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Smab 3 printing
Hi, Samba 3 printing does not work. Samba 2.2.x printing does work. They are using the same smb.conf file. Any ideas? Thanks, Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 + eCS (os/2)
Hi, I use eCS as client for samba. with samba 2.2.x I have never problems after configuration. With update my server from suse 8.1 to 9.1 was also samba changed from 2.2.x to 3.0.x. Since this I have only truble. max protocol lanman1 works without problems, only .. I have no longnames. The docs says, lanman1 is the first with long names support, also not about the pm (desktop from os2). With lanman2 (or higher) I see longnames in the commandline. I can save/create files, I can not copy this this commanline tools, only read and save as. no access about the pm, No Ideas, only dowgrade to Samba 2.2.x, this maks other truble with my wine. Dietrich -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba v3 slow with 'security = server'
On Mon, 2005-01-03 at 10:57 -0800, Spike Burkhardt wrote: Anthony, I don't think changing authentication to 'security = Domain' would help a performance problem. I would still move to security=domain. There is different logic in those code paths, and it is much more stable. It is also worth starting winbindd, as it caches the connection to the domain controller, even if you don't use it's other features. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New to Samba world
On Monday 03 January 2005 05:29, Mandar Kulkarni/PUN/IN/STTL wrote: Hi Team, I am new to Samba. As company has decided to install Linux based file and print server, we are planning to use Samba and LDAP But prior to proceed further, I wanted to know how samba works, what all things needs to be considered at the time of installation. So can any one let me know the same? Thanks Regards Mandar Kulkarni Hi, If you want Samba only as a print and file server, there is not much you need to know, other than some configuration settings and such. In pre-packaged Linux distros, you may only need to edit some settings and you will be ready to go. However, if you panic on security issues (which I do a lot), you will need to know how Samba works and Samba3-howto comes in handy. Rather, if you want Samba for bigger purposes than this, knowing a lot more really helps. There are numerous tools that can help you with any of these. Ask for more if you need. Prakash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Swat not working
I recently decided to set up a Linux machine with the intent to run samba on it. I am running Mandrake 10 and I have installed the latest version of samba from the website. But I can't seem to get samba and swat to work. Because when I go to http://localhost:901 http://localhost:901/ I receive an error, informing me that it cannot be reached. This is what I have done so far. Edit the services file Edit the xinetd Created and edited the smb.conf From what I can tell I should be able to access swat now, but it just does not seem to be working. Any help would be appreciated. Thanks for your time. `Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Swat not working
Did you hup xinetd? Jeff Saxton Sr. Support Engineer SenSage, Inc. ( Formerly Addamark Technologies, Inc. ) http://www.sensage.com mailto:[EMAIL PROTECTED] OFFICE: +1 415-281-1900x128 CELL: +1 415-640-6392 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 03, 2005 12:29 PM To: samba@lists.samba.org Subject: [Samba] Swat not working I recently decided to set up a Linux machine with the intent to run samba on it. I am running Mandrake 10 and I have installed the latest version of samba from the website. But I can't seem to get samba and swat to work. Because when I go to http://localhost:901 http://localhost:901/ I receive an error, informing me that it cannot be reached. This is what I have done so far. Edit the services file Edit the xinetd Created and edited the smb.conf From what I can tell I should be able to access swat now, but it just does not seem to be working. Any help would be appreciated. Thanks for your time. `Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba v3 slow with 'security = server'
Hello Andrew Your comment about running winbindd is the key here. I didn't realise that it caches the connection to the domain controller and that is exactly what I need. With that daemon running everything is much more responsive. Thanks. Anthony On 04 Jan 2005 at 07:15:49, Andrew Bartlett wrote: On Mon, 2005-01-03 at 10:57 -0800, Spike Burkhardt wrote: Anthony, I don't think changing authentication to 'security = Domain' would help a performance problem. I would still move to security=domain. There is different logic in those code paths, and it is much more stable. It is also worth starting winbindd, as it caches the connection to the domain controller, even if you don't use it's other features. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] -- Anthony R Iano-Fletcher Room 2033, Building 12A,http://dcb.cit.nih.gov/~arif National Institutes of Health, [EMAIL PROTECTED] 12A South Drive, Bethesda, Phone: (+1) 301 402 1741. MD 20892-5624, USA. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain administrator is always mapped to root
On Thu, 2004-12-23 at 21:25 +0100, Florian Effenberger wrote: Hi Tom, Yes, if tango is listed as admin user in smb.conf. Don't list Tango as admin user in smb.conf. Is there any other way of having tango as domain admin than listing it as admin user? So, 'admin user' is about users being root on unix. If you want people to be 'domain admins' for windows, and have local admin privileges, then you just need to make them members of a group you have mapped to 'domain admins'. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: SUCCESS!!!! [Samba] Re: Authenticating PPTP users against Samba/LDAP - Patch doesn't seem to be working
Hi Alex, gratulations , the localhost line was only testing example, so i am glad to here that you made it working, i hope to make it work too soon. Regards Alex Brown schrieb: Robert Schetterer wrote: Hi Alex, write this ( check your paths to the files ) plugin winbind.so ntlm_auth-helper /usr/sbin/ntlm_auth --helper-protocol=localhost in your /etc/ppp/options also check your winbind config , and your ips in pptpd.conf (they look a little strange to me ) i recommend to test pptpd first with a entry to /etc/ppp/chap.secrets which is the default auth ( chap ) for pptpd , if this works try winbind plugin. At my tests i got the plugin started and the right pop up message in my win xp client, also in the logs everything seems to work right ,but i havent setup samba/winbind yet to test the funktion in a whole. I will post the results if i have it up and running Regards WOW!!! It works!! You all are awesome Andrew, YOU ARE THE MAN!!! I've got Poptop using Winbind to authenticate to my NT domain controller. It was something very little that I missed. I had the wrong path to ntlm_auth in my options.pptpd file. Thank you so much Robert for reminding me to check my paths. I used a line similar to the line Andrew suggested . . . ntlm_auth-helper /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 (Notice I had to change my path from /usr/local/bin/ntlm_auth) Robert, I don't believe localhost is an allowable value for the helper-protocol option. This is what I saw when I checked the options: [EMAIL PROTECTED] ~]# ntlm_auth --helper-protocol --help unknown helper protocol [--help] Valid helper protools: squid-2.4-basic squid-2.5-basic squid-2.5-ntlmssp ntlmssp-client-1 gss-spnego gss-spnego-client ntlm-server-1 [EMAIL PROTECTED] ~]# I hope that helps. Thanks again you all. You've helped me get another step closer to my goal. This has been a great experience and I look forward to the coming adventures. Andrew, I really do want to be like you when I grow up. Thanks!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 25, Issue 3
Hi, everyone!! I have a problem in the mapping groups.. I have a debian PDC that works with security = user and password backend, and I have a file server of 1TByte with Red Hat Enterprises, that works in security = domain. All the groups and users I created was in the PDC. The mapping between the two servers is supposed to be made by Winbind, but that is my problem. I can see the users of the debian PDC when i do wbinfo -u in the file server, however I can´t see any group that i created previously in debian whn i do wbinfo -g. No group from the PDC appears on the /etc/groups file. So, anyone can help me?? I want to make severals shares in the smb.conf file of the file server to differents groups and with differents permissions, but in this way it´s impossible. I´m waiting for some reply, please. Thanks a lot for your help and time!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: graphical configuration tool.
ok, 2 issues that have been reported with ico2sambaconf-0.8.0: 1: the program does not run due to a config file i forgot to remove, simply delete settings.conf from the programs folder and it will run fine. 2: the magic line that makes it run from bash as a script is missing, to run the program you need to type wish smbthingy.tcl both these issues will be fixed by the next release, but for now the steps above should fix the probs. any more issues or queries: please email me. i enclose a copy of the origional message for convenience. thanks ico2 i have been working on a graphical configuration tool for samba, i have pretty much finished the program which is written in tcl/tk. however, i need people to test it and report bugs and features they would like. to use it you will need: a unix type operating system: (it is designed for linux, but i am interested to find if it is compatable with other OSs ie: unix, bsd, etc. samba: it should be compatable with most recent versions. an xserver: this is a graphical program, so it requires an xserver. a tcl/tk interpreter. the program automatically makes restorable backups of the files it edits and thus shouldn't destroy everything, however until beta testing is finished, i reccommend people to make backups of their smb.conf and /etc/network/interfaces files manually. the program should be untarred into /opt and the .tcl file run. it can be downloaded here: http://www.sourceforge.net/projects/ico2sambaconf i welcome feedback, questions and suggestions, my email address is [EMAIL PROTECTED] thanks to anyone who has taken the time to read this and/or try out my software. ico2 :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to join domain with XP: The parameter is incorrect
I've had a machine set up for some time now running samba 2.something (or maybe it was upgraded to 3.0.something? It was up for a long time) that recently had some hard drive problems and I had to reinstall. So I did that, and used samba 3.0.10, with the same configuration that I had used before (it worked well). I can join the domain and log in using Windows 2000 with no problems, but I'm not able to join the domain in Windows XP: when I try to join, after I put in my root password (root was added as a samba account) I get the error The following error occurred attempting to join the domain UNIVERSE: The parameter is incorrect. I can mount a shared directory on the winXP machine by running (for example) \\zarquon\working and entering the samba user and password that I would use to log in. I've looked around online and verified the following: - the samba user account was added using smbpasswd - the samba root account was added using smbpasswd - the machine was added with the proper $ at the end - the basic setup appears to work because the win2k machine has no trouble joining or logging in - the registry entry in winXP (requiresignorseal) that used to be required is still there (though I understand it's no longer a required change) Some files: /etc/samba/smbpasswd: - root:0:big hash:[U ]:LCT-41D1F740: - epotter:1000:big hash:[U ]:LCT-414C9C10: - frankie$:1200:big hash:[W ]:LCT-41C60E4F: - ford$:1200:big hash:[W ]:LCT-41D1F728: /etc/samba/smb.conf: - [global] -netbios name = ZARQUON -workgroup = UNIVERSE -server string = Primary Domain Controller -hosts allow = 192.168.10. 192.168.20. -log file = /var/log/samba/log.%m -max log size = 1024 -security = user -encrypt passwords = yes -smb passwd file = /etc/samba/smbpasswd -unix password sync = Yes -passwd program = /usr/bin/passwd %u -passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* -include = /etc/samba/smb.conf.%m -socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768 SO_KEEPALIVE IPTOS_LOWDELAY -interfaces = 192.168.10.0/24 192.168.20.0/24 -local master = yes -domain master = yes -preferred master = yes -domain logons = yes -wins support = yes -dns proxy = no -preserve case = yes -short preserve case = yes -default case = lower - homes, netlogon, shares, etc. follow /etc/samba/smb.conf.ford these are all the same except for logon path -logon path = \\ZARQUON\profiles\%U\winxp - - [profiles] -path = /universe/profiles/%U/winxp -browseable = no -guest ok = no -writeable = yes -create mask = 0600 -directory mask = 0700 -profile acls = yes -force user = %U output of testparm: - zarquon:/etc/samba# testparm - Load smb config files from /etc/samba/smb.conf - Can't find include file /etc/samba/smb.conf. - Processing section [homes] - Processing section [netlogon] - Processing section [storage] - Processing section [music] - Processing section [working] - Processing section [programs] - Loaded services file OK. - Server role: ROLE_DOMAIN_PDC - Press enter to see a dump of your service definitions - ^C Any hints? This one has me stumped. Thanks -- Elliott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [2.6 patch] smbfs: make some functions static
The patch below makes some needlessly global functions static. diffstat output: fs/smbfs/inode.c |2 +- fs/smbfs/proc.c|6 +++--- fs/smbfs/proto.h |5 - fs/smbfs/request.c |6 -- 4 files changed, 8 insertions(+), 11 deletions(-) Signed-off-by: Adrian Bunk [EMAIL PROTECTED] --- linux-2.6.10-mm1-full/fs/smbfs/proto.h.old 2005-01-04 00:57:42.0 +0100 +++ linux-2.6.10-mm1-full/fs/smbfs/proto.h 2005-01-04 01:00:11.0 +0100 @@ -25,7 +25,6 @@ extern int smb_proc_flush(struct smb_sb_info *server, __u16 fileid); extern void smb_init_root_dirent(struct smb_sb_info *server, struct smb_fattr *fattr, struct super_block *sb); -extern void smb_decode_unix_basic(struct smb_fattr *fattr, struct smb_sb_info *server, char *p); extern int smb_proc_getattr(struct dentry *dir, struct smb_fattr *fattr); extern int smb_proc_setattr(struct dentry *dir, struct smb_fattr *fattr); extern int smb_proc_setattr_unix(struct dentry *d, struct iattr *attr, unsigned int major, unsigned int minor); @@ -34,7 +33,6 @@ extern int smb_proc_read_link(struct smb_sb_info *server, struct dentry *d, char *buffer, int len); extern int smb_proc_symlink(struct smb_sb_info *server, struct dentry *d, const char *oldpath); extern int smb_proc_link(struct smb_sb_info *server, struct dentry *dentry, struct dentry *new_dentry); -extern int smb_proc_query_cifsunix(struct smb_sb_info *server); extern void smb_install_null_ops(struct smb_ops *ops); /* dir.c */ extern struct file_operations smb_dir_operations; @@ -62,7 +60,6 @@ extern void smb_set_inode_attr(struct inode *inode, struct smb_fattr *fattr); extern void smb_invalidate_inodes(struct smb_sb_info *server); extern int smb_revalidate_inode(struct dentry *dentry); -extern int smb_fill_super(struct super_block *sb, void *raw_data, int silent); extern int smb_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat); extern int smb_notify_change(struct dentry *dentry, struct iattr *attr); /* file.c */ @@ -81,10 +78,8 @@ extern int smb_init_request_cache(void); extern void smb_destroy_request_cache(void); extern struct smb_request *smb_alloc_request(struct smb_sb_info *server, int bufsize); -extern void smb_rget(struct smb_request *req); extern void smb_rput(struct smb_request *req); extern int smb_add_request(struct smb_request *req); -extern int smb_request_send_req(struct smb_request *req); extern int smb_request_send_server(struct smb_sb_info *server); extern int smb_request_recv(struct smb_sb_info *server); /* symlink.c */ --- linux-2.6.10-mm1-full/fs/smbfs/inode.c.old 2005-01-04 00:57:57.0 +0100 +++ linux-2.6.10-mm1-full/fs/smbfs/inode.c 2005-01-04 00:58:02.0 +0100 @@ -493,7 +493,7 @@ smb_kfree(server); } -int smb_fill_super(struct super_block *sb, void *raw_data, int silent) +static int smb_fill_super(struct super_block *sb, void *raw_data, int silent) { struct smb_sb_info *server; struct smb_mount_data_kernel *mnt; --- linux-2.6.10-mm1-full/fs/smbfs/proc.c.old 2005-01-04 00:58:37.0 +0100 +++ linux-2.6.10-mm1-full/fs/smbfs/proc.c 2005-01-04 00:59:12.0 +0100 @@ -74,7 +74,7 @@ static int smb_proc_setattr_ext(struct smb_sb_info *server, struct inode *inode, struct smb_fattr *fattr); -int +static int smb_proc_query_cifsunix(struct smb_sb_info *server); static void install_ops(struct smb_ops *dst, struct smb_ops *src); @@ -2075,7 +2075,7 @@ return result; } -void smb_decode_unix_basic(struct smb_fattr *fattr, struct smb_sb_info *server, char *p) +static void smb_decode_unix_basic(struct smb_fattr *fattr, struct smb_sb_info *server, char *p) { u64 size, disk_bytes; @@ -3392,7 +3392,7 @@ return result; } -int +static int smb_proc_query_cifsunix(struct smb_sb_info *server) { int result; --- linux-2.6.10-mm1-full/fs/smbfs/request.c.old2005-01-04 00:59:31.0 +0100 +++ linux-2.6.10-mm1-full/fs/smbfs/request.c2005-01-04 01:00:18.0 +0100 @@ -27,6 +27,8 @@ /* cache for request structures */ static kmem_cache_t *req_cachep; +static int smb_request_send_req(struct smb_request *req); + /* /proc/slabinfo: name, active, num, objsize, active_slabs, num_slaps, #pages @@ -132,7 +134,7 @@ * What prevents a rget to race with a rput? The count must never drop to zero * while it is in use. Only rput if it is ok that it is free'd. */ -void smb_rget(struct smb_request *req) +static void smb_rget(struct smb_request *req) { atomic_inc(req-rq_count); } @@ -379,7 +381,7 @@ * Send a request and place it on the recvq if successfully sent. * Must be called with the server lock held. */ -int smb_request_send_req(struct smb_request *req) +static int smb_request_send_req(struct smb_request *req) { struct smb_sb_info *server = req-rq_server; int result; -- To unsubscribe from
[Samba] read only share access after upgrade to 3.0.10
Hello Samba gurus. I'm in upgrade hell after upgrading my backup rh9 server and fc2 linux box to 3.0.10 from 3.0.7. rh9 rpm package was from the samba site and the fc2 rpms from redhat. I now have a system where the win xp and win98se machines on the network can read/write to the backup share but my fc2 box only has read only access to the share - it could write before the upgrade. I tried downgrading back to 3.0.7 but the problem is still there - maybe the upgrade made a change that didn't get undone with a rpm -Uvh --oldpackage downgrade? I've checked dns name resolution is working OK, tried the sticky bit suggestion in the Howto (no joy and I didn't need it before anyway) and upped the log level to try and find what's going on but after 3 days I have to admit defeat and get some help... Backup server smb.conf: # Samba config file created using SWAT # from hal.gpv.co.nz (192.168.10.50) # Date: 2004/05/16 12:12:01 # Global parameters [global] workgroup = GPV ENTERPRISES server string = Marvin Samba Server interfaces = eth0 min passwd length = 3 password server = username map = /etc/samba/user.map log level = 3 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hostname lookups = Yes dns proxy = No ldap ssl = no remote announce = 192.168.10.255 hosts allow = 192.168.10., 127.0.0.1 hosts deny = 192.168.20. [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [backup] comment = backup directories path = /backup write list = @gpv read only = No create mask = 0770 directory mask = 0770 If I try smbmount from the fc2 box: [EMAIL PROTECTED] gpv]# smbmount //marvin/backup /marvin (much longer delay here than there used to be...) Password:root password 16155: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed or smbclient: [EMAIL PROTECTED] gpv]# smbclient -L //marvin -d3 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface ip=192.168.10.50 bcast=192.168.10.255 nmask=255.255.255.0 Client started (version 3.0.10-1.fc2). Connecting to 192.168.10.70 at port 445 Password:root password Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x608b0215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPNEGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE So much for 4 public holidays to start the year off with :-( All help welcome. Thanks, Graham -- Graham Vincent -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrade Recommendations and/or Tips - SAMBA 2.2.8 to 3.0.?
Hello all, Pretty new to the whole SAMBA scene. I've been using it for ~3 years now, but haven't had many issues before now. I'm running SCO Unix 5.04 and am currently running SAMBA v2.2.8. We use SAMBA simply has a simple Windows-to-Unix share... With MS release of security updates KB885835 and KB885386 our software doesn't work completely. Any hints on what our next step should be? There seems to be a lot of issues with 3.0.10. Is that the only release that fixes this MS update problem? Thanks for the information and guidance. Chris Dierkens chris@ mailto:chris@nospamdierkens.com nospamdierkens.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] really needs help on compiling samba 3.0.9 with ldap
Hi, I really really needs help, samba won't compile with ldap option,(default as I read) enabled, I'm using Mandrake Linux 9.1 and samba 3.0.9, I use the following configure option ./configure --prefix=/path/to/samba/ --with-ldap (I know I don't have to use with-ldap, just wanted to make sure that it is enabled), this works fine although with some warnings, and then I make the binaries and here's what happened Using FLAGS = -O -I./popt -Iinclude -I/usr/local/src/samba-3.0.9/source/include -I/usr/ local/src/samba-3.0.9/source/ubiqx -I/usr/local/src/samba-3.0.9/source/smbwr apper -I. -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr /local/src/samba-3.0.9/source LIBS = -lcrypt -lresolv -lnsl -ldl LDSHFLAGS = -shared -Wl,-Bsymbolic -Wl,--allow-shlib-undefined LDFLAGS = Linking bin/smbd /usr/bin/ld: cannot find -lgssapi_krb5 collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 note : this result is from second time make, the error were on the exact same one with the first one, When I ./configure --without-ldap everything worked fine, so I am guessing there s something I'm missing for the ldap part, is there anyone who knows what I'm missing, any help is appreciated, I've looked to the archive, and documents, but the documents doesn't say anything about a failed compiling, and the archive doesn't have much about this either, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC and guest access
Hi, is it possible to prepare a share with guest access (i.e., without username and password) on a server that is playing as PDC (i.e., security=user)? The security setting is global, thus it's like not possible, but I'm not sure. Thanks, Luca -- Luca Ferrari, [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r4502 - in branches/SAMBA_4_0/source/lib/ldb/modules: .
Author: idra Date: 2005-01-03 08:52:39 + (Mon, 03 Jan 2005) New Revision: 4502 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4502 Log: add an error reporting function Modified: branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c === --- branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c 2005-01-03 07:57:05 UTC (rev 4501) +++ branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c 2005-01-03 08:52:39 UTC (rev 4502) @@ -230,6 +230,14 @@ static const char *timestamps_errstring(struct ldb_module *module) { ldb_debug(module-ldb, LDB_DEBUG_TRACE, timestamps_errstring\n); + if (data-error_string) { + char *error; + + error = data-error_string; + data-error_string = NULL; + return error; + } + return ldb_next_errstring(module); } @@ -256,14 +264,22 @@ #endif { struct ldb_module *ctx; + struct private_data *data; ctx = talloc_p(ldb, struct ldb_module); if (!ctx) return NULL; + data = talloc_p(ctx, struct private_data); + if (!data) { + talloc_free(ctx); + return NULL; + } + + data-error_string = NULL; + ctx-private_data = data; ctx-ldb = ldb; ctx-prev = ctx-next = NULL; - ctx-private_data = NULL; ctx-ops = timestamps_ops; return ctx;
svn commit: samba r4503 - in branches/SAMBA_4_0/source/lib/ldb/modules: .
Author: idra Date: 2005-01-03 08:59:00 + (Mon, 03 Jan 2005) New Revision: 4503 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4503 Log: add an error reporting function (fixes) Modified: branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c === --- branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c 2005-01-03 08:52:39 UTC (rev 4502) +++ branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c 2005-01-03 08:59:00 UTC (rev 4503) @@ -37,6 +37,10 @@ #include ldb/include/ldb_private.h #include time.h +struct private_data { + const char *error_string; +}; + static int timestamps_close(struct ldb_module *module) { ldb_debug(module-ldb, LDB_DEBUG_TRACE, timestamps_close\n); @@ -57,9 +61,10 @@ return ldb_next_search_free(module, res); } -static int add_time_element(struct ldb_context *ldb, struct ldb_message *msg, +static int add_time_element(struct ldb_module *module, struct ldb_message *msg, const char *attr_name, const char *time_string, unsigned int flags) { + struct private_data *data = (struct private_data *)module-private_data; struct ldb_val *values; char *name, *timestr; int i; @@ -94,6 +99,7 @@ /* add_record: add crateTimestamp/modifyTimestamp attributes */ static int timestamps_add_record(struct ldb_module *module, const struct ldb_message *msg) { + struct private_data *data = (struct private_data *)module-private_data; struct ldb_message *msg2 = NULL; struct tm *tm; char *timestr; @@ -131,10 +137,10 @@ msg2-elements[i] = msg-elements[i]; } - add_time_element(module-ldb, msg2, createTimestamp, timestr, LDB_FLAG_MOD_ADD); - add_time_element(module-ldb, msg2, modifyTimestamp, timestr, LDB_FLAG_MOD_ADD); - add_time_element(module-ldb, msg2, whenCreated, timestr, LDB_FLAG_MOD_ADD); - add_time_element(module-ldb, msg2, whenChanged, timestr, LDB_FLAG_MOD_ADD); + add_time_element(module, msg2, createTimestamp, timestr, LDB_FLAG_MOD_ADD); + add_time_element(module, msg2, modifyTimestamp, timestr, LDB_FLAG_MOD_ADD); + add_time_element(module, msg2, whenCreated, timestr, LDB_FLAG_MOD_ADD); + add_time_element(module, msg2, whenChanged, timestr, LDB_FLAG_MOD_ADD); } if (msg2) { @@ -150,6 +156,7 @@ /* modify_record: change modifyTimestamp as well */ static int timestamps_modify_record(struct ldb_module *module, const struct ldb_message *msg) { + struct private_data *data = (struct private_data *)module-private_data; struct ldb_message *msg2 = NULL; struct tm *tm; char *timestr; @@ -188,8 +195,8 @@ msg2-elements[i] = msg-elements[i]; } - add_time_element(module-ldb, msg2, modifyTimestamp, timestr, LDB_FLAG_MOD_REPLACE); - add_time_element(module-ldb, msg2, whenChanged, timestr, LDB_FLAG_MOD_REPLACE); + add_time_element(module, msg2, modifyTimestamp, timestr, LDB_FLAG_MOD_REPLACE); + add_time_element(module, msg2, whenChanged, timestr, LDB_FLAG_MOD_REPLACE); } if (msg2) { @@ -229,9 +236,11 @@ /* return extended error information */ static const char *timestamps_errstring(struct ldb_module *module) { + struct private_data *data = (struct private_data *)module-private_data; + ldb_debug(module-ldb, LDB_DEBUG_TRACE, timestamps_errstring\n); if (data-error_string) { - char *error; + const char *error; error = data-error_string; data-error_string = NULL;
svn commit: samba r4504 - in branches/SAMBA_4_0/source: libcli/auth librpc/rpc
Author: abartlet Date: 2005-01-03 09:00:37 + (Mon, 03 Jan 2005) New Revision: 4504 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4504 Log: Setting .enabled = True on modules we know are good (and we want on be default) seems neater. Andrew Bartlett Modified: branches/SAMBA_4_0/source/libcli/auth/gensec.c branches/SAMBA_4_0/source/libcli/auth/gensec.h branches/SAMBA_4_0/source/libcli/auth/gensec_gssapi.c branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c branches/SAMBA_4_0/source/libcli/auth/spnego.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc_schannel.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/auth/gensec.c === --- branches/SAMBA_4_0/source/libcli/auth/gensec.c 2005-01-03 08:59:00 UTC (rev 4503) +++ branches/SAMBA_4_0/source/libcli/auth/gensec.c 2005-01-03 09:00:37 UTC (rev 4504) @@ -778,7 +778,7 @@ { const struct gensec_security_ops *ops = _ops; - if (!lp_parm_bool(-1, gensec, ops-name, !ops-disabled_by_default)) { + if (!lp_parm_bool(-1, gensec, ops-name, ops-enabled)) { DEBUG(2,(gensec subsystem %s is disabled\n, ops-name)); return NT_STATUS_OK; } Modified: branches/SAMBA_4_0/source/libcli/auth/gensec.h === --- branches/SAMBA_4_0/source/libcli/auth/gensec.h 2005-01-03 08:59:00 UTC (rev 4503) +++ branches/SAMBA_4_0/source/libcli/auth/gensec.h 2005-01-03 09:00:37 UTC (rev 4504) @@ -94,7 +94,7 @@ struct auth_session_info **session_info); BOOL (*have_feature)(struct gensec_security *gensec_security, uint32 feature); - BOOL disabled_by_default; + BOOL enabled; }; #define GENSEC_INTERFACE_VERSION 0 Modified: branches/SAMBA_4_0/source/libcli/auth/gensec_gssapi.c === --- branches/SAMBA_4_0/source/libcli/auth/gensec_gssapi.c 2005-01-03 08:59:00 UTC (rev 4503) +++ branches/SAMBA_4_0/source/libcli/auth/gensec_gssapi.c 2005-01-03 09:00:37 UTC (rev 4504) @@ -335,7 +335,7 @@ .wrap = gensec_gssapi_wrap, .unwrap = gensec_gssapi_unwrap, .have_feature = gensec_gssapi_have_feature, - .disabled_by_default = True + .enabled= False }; @@ -349,8 +349,7 @@ .wrap = gensec_gssapi_wrap, .unwrap = gensec_gssapi_unwrap, .have_feature = gensec_gssapi_have_feature, - .disabled_by_default = True - + .enabled= False }; NTSTATUS gensec_gssapi_init(void) Modified: branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c === --- branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c 2005-01-03 08:59:00 UTC (rev 4503) +++ branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c 2005-01-03 09:00:37 UTC (rev 4504) @@ -712,7 +712,7 @@ .session_key= gensec_krb5_session_key, .session_info = gensec_krb5_session_info, .have_feature = gensec_krb5_have_feature, - .disabled_by_default = True + .enabled= False }; static const struct gensec_security_ops gensec_ms_krb5_security_ops = { @@ -725,7 +725,7 @@ .session_key= gensec_krb5_session_key, .session_info = gensec_krb5_session_info, .have_feature = gensec_krb5_have_feature, - .disabled_by_default = True + .enabled= False }; Modified: branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c === --- branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c 2005-01-03 08:59:00 UTC (rev 4503) +++ branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c 2005-01-03 09:00:37 UTC (rev 4504) @@ -543,7 +543,8 @@ .unwrap = gensec_ntlmssp_unwrap, .session_key= gensec_ntlmssp_session_key, .session_info = gensec_ntlmssp_session_info, - .have_feature = gensec_ntlmssp_have_feature + .have_feature = gensec_ntlmssp_have_feature, + .enabled= True }; Modified: branches/SAMBA_4_0/source/libcli/auth/spnego.c === --- branches/SAMBA_4_0/source/libcli/auth/spnego.c 2005-01-03 08:59:00 UTC (rev 4503) +++ branches/SAMBA_4_0/source/libcli/auth/spnego.c 2005-01-03 09:00:37 UTC (rev 4504) @@ -777,7 +777,8 @@ .unwrap = gensec_spnego_unwrap, .session_key= gensec_spnego_session_key, .session_info = gensec_spnego_session_info, - .have_feature = gensec_spnego_have_feature + .have_feature = gensec_spnego_have_feature, + .enabled=
svn commit: lorikeet r152 - in trunk/pppd: .
Author: abartlet Date: 2005-01-03 11:15:49 + (Mon, 03 Jan 2005) New Revision: 152 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=152 Log: Explain the security issues with the previous patch. Andrew Bartlett Modified: trunk/pppd/README Changeset: Modified: trunk/pppd/README === --- trunk/pppd/README 2005-01-03 00:36:27 UTC (rev 151) +++ trunk/pppd/README 2005-01-03 11:15:49 UTC (rev 152) @@ -2,6 +2,14 @@ ntlm_auth 'ntlm-server-1' helper protocol in Samba 3.0.3 to add 'winbindd' support to ppp. +*SECURITY NOTE* + +The patches formally at this location are subject to an attack by +local users (ie those with shell access) if the pppd binary is SUID. +For this reason, pppd 2.4.3 should be used instead of a patched +earlier version. + + This is supported for PAP, MSCHAP and MSCHAPv2 authentication types. It is intended to also support the MPPE encryption scheme.
svn commit: lorikeet r153 - in trunk/pppd: . dia win98 winXP
Author: abartlet Date: 2005-01-03 11:47:52 + (Mon, 03 Jan 2005) New Revision: 153 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=153 Log: Add my 'COMP3700 final report' to lorikeet, until I get it intergrated into some kind of HOWTO. I've not looked into the content for a while, but it should be mostly OK... Andrew Bartlett Added: trunk/pppd/auth-structure-radius.dia trunk/pppd/auth-structure-radius.eps trunk/pppd/auth-structure.dia trunk/pppd/auth-structure.eps trunk/pppd/challenge-response-auth.eps trunk/pppd/classic-vpn.dia trunk/pppd/classic-vpn.eps trunk/pppd/comp3700.txt trunk/pppd/dia/ trunk/pppd/dia/SMB11.dia trunk/pppd/dia/SMB11.eps trunk/pppd/dia/SMB15.dia trunk/pppd/dia/SMB15.eps trunk/pppd/final-report.lyx trunk/pppd/final-report.pdf trunk/pppd/pptp-wrap.dia trunk/pppd/pptp-wrap.eps trunk/pppd/win98/ trunk/pppd/win98/VPN-configure-1.png trunk/pppd/win98/VPN-configure-2.png trunk/pppd/win98/VPN-connect.png trunk/pppd/win98/VPN-install-a.png trunk/pppd/win98/VPN-install-b.png trunk/pppd/win98/VPN-install.png trunk/pppd/winXP/ trunk/pppd/winXP/vpn-connect-1-xp.png trunk/pppd/winXP/vpn-setup-1-a-xp.png trunk/pppd/winXP/vpn-setup-1-b-xp.png trunk/pppd/winXP/vpn-setup-2-xp.png trunk/pppd/winXP/vpn-setup-3-xp.png trunk/pppd/winXP/vpn-setup-4-xp.png trunk/pppd/winXP/vpn-setup-5-xp.png trunk/pppd/winXP/vpn-setup-6-xp.png trunk/pppd/winXP/vpn-setup-7-xp.png trunk/pppd/wireless-network-overview.dia trunk/pppd/wireless-network-overview.eps Changeset: Sorry, the patch is too large (20300 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=153
svn commit: samba r4505 - in branches/SAMBA_4_0/source/lib/ldb: . common modules
Author: idra Date: 2005-01-03 14:05:47 + (Mon, 03 Jan 2005) New Revision: 4505 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4505 Log: Add a first very basic schema module To use it you should provide a schema.ldb file where the schema is stored and load the module in the ldb you want to have schema check activated more info soon. currently schema checks are performed only on new object creation not on modifications Simo. Added: branches/SAMBA_4_0/source/lib/ldb/modules/schema.c Modified: branches/SAMBA_4_0/source/lib/ldb/Makefile.ldb branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c branches/SAMBA_4_0/source/lib/ldb/config.mk Changeset: Sorry, the patch is too large (552 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4505
svn commit: samba r4506 - in branches/SAMBA_4_0/source/lib/ldb/modules: .
Author: metze Date: 2005-01-03 14:38:05 + (Mon, 03 Jan 2005) New Revision: 4506 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4506 Log: fix compiler warnings metze Modified: branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c === --- branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c 2005-01-03 14:05:47 UTC (rev 4505) +++ branches/SAMBA_4_0/source/lib/ldb/modules/timestamps.c 2005-01-03 14:38:05 UTC (rev 4506) @@ -64,7 +64,6 @@ static int add_time_element(struct ldb_module *module, struct ldb_message *msg, const char *attr_name, const char *time_string, unsigned int flags) { - struct private_data *data = (struct private_data *)module-private_data; struct ldb_val *values; char *name, *timestr; int i; @@ -99,7 +98,6 @@ /* add_record: add crateTimestamp/modifyTimestamp attributes */ static int timestamps_add_record(struct ldb_module *module, const struct ldb_message *msg) { - struct private_data *data = (struct private_data *)module-private_data; struct ldb_message *msg2 = NULL; struct tm *tm; char *timestr; @@ -156,7 +154,6 @@ /* modify_record: change modifyTimestamp as well */ static int timestamps_modify_record(struct ldb_module *module, const struct ldb_message *msg) { - struct private_data *data = (struct private_data *)module-private_data; struct ldb_message *msg2 = NULL; struct tm *tm; char *timestr;
svn commit: samba r4507 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: metze Date: 2005-01-03 14:42:59 + (Mon, 03 Jan 2005) New Revision: 4507 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4507 Log: this default is unnneded because the switch level is in the r-in metze Modified: branches/SAMBA_4_0/source/librpc/idl/dssetup.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/dssetup.idl === --- branches/SAMBA_4_0/source/librpc/idl/dssetup.idl2005-01-03 14:38:05 UTC (rev 4506) +++ branches/SAMBA_4_0/source/librpc/idl/dssetup.idl2005-01-03 14:42:59 UTC (rev 4507) @@ -74,7 +74,6 @@ [case(DS_ROLE_BASIC_INFORMATION)] dssetup_DsRolePrimaryDomInfoBasic basic; [case(DS_ROLE_UPGRADE_STATUS)]dssetup_DsRoleUpgradeStatus upgrade; [case(DS_ROLE_OP_STATUS)] dssetup_DsRoleOpStatus opstatus; - [default] ; } dssetup_DsRoleInfo; WERROR dssetup_DsRoleGetPrimaryDomainInformation(
svn commit: samba r4508 - in branches/SAMBA_4_0/source/rpc_server/dssetup: .
Author: metze Date: 2005-01-03 14:45:17 + (Mon, 03 Jan 2005) New Revision: 4508 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4508 Log: - simplify the code and allocate only in one place - the ZERO_STRUCT(r-out) is useless and wrong if we would have a [ref,out] parameter also note the r-out is already initialized by the pidl generated code metze Modified: branches/SAMBA_4_0/source/rpc_server/dssetup/dcesrv_dssetup.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/dssetup/dcesrv_dssetup.c === --- branches/SAMBA_4_0/source/rpc_server/dssetup/dcesrv_dssetup.c 2005-01-03 14:42:59 UTC (rev 4507) +++ branches/SAMBA_4_0/source/rpc_server/dssetup/dcesrv_dssetup.c 2005-01-03 14:45:17 UTC (rev 4508) @@ -33,8 +33,11 @@ TALLOC_CTX *mem_ctx, struct dssetup_DsRoleGetPrimaryDomainInformation *r) { - ZERO_STRUCT(r-out); + union dssetup_DsRoleInfo *info; + info = talloc_p(mem_ctx, union dssetup_DsRoleInfo); + W_ERROR_HAVE_NO_MEMORY(info); + switch (r-in.level) { case DS_ROLE_BASIC_INFORMATION: { @@ -42,7 +45,6 @@ const char * const attrs[] = { dnsDomain, nTMixedDomain, objectGUID, name, NULL }; int ret; struct ldb_message **res; - union dssetup_DsRoleInfo *info; enum dssetup_DsRole role = DS_ROLE_STANDALONE_SERVER; uint32 flags = 0; const char *domain = NULL; @@ -52,9 +54,6 @@ ZERO_STRUCT(domain_guid); - info = talloc_p(mem_ctx, union dssetup_DsRoleInfo); - W_ERROR_HAVE_NO_MEMORY(info); - switch (lp_server_role()) { case ROLE_STANDALONE: role= DS_ROLE_STANDALONE_SERVER; @@ -120,11 +119,6 @@ } case DS_ROLE_UPGRADE_STATUS: { - union dssetup_DsRoleInfo *info; - - info = talloc_p(mem_ctx, union dssetup_DsRoleInfo); - W_ERROR_HAVE_NO_MEMORY(info); - info-upgrade.upgrading = DS_ROLE_NOT_UPGRADING; info-upgrade.previous_role = DS_ROLE_PREVIOUS_UNKNOWN; @@ -133,11 +127,6 @@ } case DS_ROLE_OP_STATUS: { - union dssetup_DsRoleInfo *info; - - info = talloc_p(mem_ctx, union dssetup_DsRoleInfo); - W_ERROR_HAVE_NO_MEMORY(info); - info-opstatus.status = DS_ROLE_OP_IDLE; r-out.info = info;
svn commit: lorikeet r154 - in trunk/pppd: .
Author: abartlet Date: 2005-01-03 20:34:57 + (Mon, 03 Jan 2005) New Revision: 154 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=154 Log: Update some of the details in the report, to reflect the inclusion of this patch into PPP. Andrew Bartlett Modified: trunk/pppd/README trunk/pppd/final-report.lyx trunk/pppd/final-report.pdf Changeset: Modified: trunk/pppd/README === --- trunk/pppd/README 2005-01-03 11:47:52 UTC (rev 153) +++ trunk/pppd/README 2005-01-03 20:34:57 UTC (rev 154) @@ -16,15 +16,15 @@ Configuration (pppd config file): plugin winbind.so -ntlm_auth-helper /usr/local/bin/ntlm_auth --helper-protocol=ntlm-server-1 +ntlm_auth-helper /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 The --required-membership-of option is also available, to implement a 'dialin users' or 'vpn users' group. This is a revised version of the patch presented in my paper of VPN -intergration with Samba - http://hawkerc.net/staff/abartlet/comp3700 +integration with Samba, see final-report.pdf -This version also supports PAP (plaintext) authentication (natrually, +This version also supports PAP (plaintext) authentication (naturally, not for VPNs, but useful in some modem setups) Andrew Bartlett Modified: trunk/pppd/final-report.lyx === --- trunk/pppd/final-report.lyx 2005-01-03 11:47:52 UTC (rev 153) +++ trunk/pppd/final-report.lyx 2005-01-03 20:34:57 UTC (rev 154) @@ -1245,9 +1245,8 @@ \layout Standard In order to properly integrate this software into pppd, patches needed to - be applied to expose certain interfaces. - It is hoped that these patches will be accepted by the ppp maintainer. - The rest of the Winbind module may be maintained separately, if required. + be applied to expose certain interfaces, which have now been accepted by + the PPP maintainer, into PPP 2.4.3. \layout Section Installation @@ -1256,8 +1255,8 @@ Samba \layout Standard -Samba 3.0.0 may be installed, by means of the preferred packaging system for - the target platform, or from source. +Samba 3.0.3 (the minimum required version) may be installed, by means of the + preferred packaging system for the target platform, or from source. No special compilation options are required, but a source install will usually place its `prefix' in /usr/local/samba, whereas a binary install will be per the system's normal preferences. @@ -1266,52 +1265,13 @@ PPP \layout Standard -PPP 2.4.2b3 is available only by CVS checkout from pserver.samba.org at this - stage. - It needs to be downloaded, patched (with the supplied patch), and installed - into /usr/sbin/pppd: -\layout LyX-Code +PPP 2.4.3 is available +\begin_inset LatexCommand \htmlurl[from]{http://ppp.samba.org} -wget http://hawkerc.net/staff/abartlet/ppp-ntlm_auth.patch -\layout LyX-Code +\end_inset -cvs -d :pserver:[EMAIL PROTECTED]:/cvsroot login -\layout Standard - -Type `cvs' as a password: -\layout LyX-Code - -cvs -z5 -d :pserver:[EMAIL PROTECTED]:/cvsroot co ppp -\layout LyX-Code - -cd ppp -\layout LyX-Code - -patch -p0 ../ppp-ntlm_auth.patch -\layout LyX-Code - -./configure -\layout LyX-Code - -make -\layout LyX-Code - -make install -\layout Standard - -Next compile and install the Winbind plugins: -\layout LyX-Code - -cd pppd/plugins -\layout LyX-Code - -make -\layout LyX-Code - -make install -\layout Standard - -PPP installation is now complete. +, or soon as RPMs and other packaged software. + \layout Subsection PoPToP @@ -1330,7 +1290,7 @@ \layout Standard The ppp version specified above assumes the use of the correct kernel modules. - The patch is in the ppp/linux/mppe directory, of the CVS checkout, and + The patch is in the ppp/linux/mppe directory, of the source tarball, and assumes a locally-compiled kernel. It is different to the patch marked `openssl' that has shipped with debian. If your kernel sources were in /data/linux-2.4.22 then you would run: @@ -1571,7 +1531,7 @@ plugin winbind.so \layout LyX-Code -ntlm_auth-location /usr/bin/ntlm_auth +ntlm_auth-helper /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 \layout LyX-Code \layout Subsection @@ -2553,7 +2513,7 @@ \layout Standard Components of Samba 3.0 were used by (and modified for) this project. - All these modifications have been included in release of Samba 3.0.0. + All these modifications have been included in release of Samba 3.0.3. \layout Subsubsection Winbind Modified: trunk/pppd/final-report.pdf === (Binary files differ)
svn commit: lorikeet r155 - in trunk/ethereal/plugins/pidl: .
Author: tpot Date: 2005-01-03 22:46:19 + (Mon, 03 Jan 2005) New Revision: 155 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=155 Log: Initialise samr and lsa dissectors. Cleanup to remove a bunch of warnings. Modified: trunk/ethereal/plugins/pidl/pidl.c Changeset: Modified: trunk/ethereal/plugins/pidl/pidl.c === --- trunk/ethereal/plugins/pidl/pidl.c 2005-01-03 20:34:57 UTC (rev 154) +++ trunk/ethereal/plugins/pidl/pidl.c 2005-01-03 22:46:19 UTC (rev 155) @@ -6,19 +6,25 @@ #include plugins/plugin_api.h void proto_reg_handoff_dcerpc_pidl_atsvc(void); +void proto_reg_handoff_dcerpc_pidl_samr(void); +void proto_reg_handoff_dcerpc_pidl_lsarpc(void); + +void proto_register_eparser(void); void proto_register_dcerpc_pidl_atsvc(void); -//void proto_reg_handoff_dcerpc_pidl_misc(void); -//void proto_register_dcerpc_pidl_misc(void); +void proto_register_dcerpc_pidl_samr(void); +void proto_register_dcerpc_pidl_lsarpc(void); extern int proto_dcerpc_pidl_atsvc; -//extern int proto_dcerpc_pidl_misc; +extern int proto_dcerpc_pidl_samr; +extern int proto_dcerpc_pidl_lsarpc; #ifndef ENABLE_STATIC G_MODULE_EXPORT void plugin_reg_handoff(void){ proto_reg_handoff_dcerpc_pidl_atsvc(); -// proto_reg_handoff_dcerpc_pidl_misc(); + proto_reg_handoff_dcerpc_pidl_samr(); + proto_reg_handoff_dcerpc_pidl_lsarpc(); } G_MODULE_EXPORT void @@ -38,17 +44,11 @@ if (proto_dcerpc_pidl_atsvc == -1) proto_register_dcerpc_pidl_atsvc(); -#if 0 - if (proto_dcerpc_pidl_misc == -1) - proto_register_dcerpc_pidl_misc(); - if (proto_dcerpc_pidl_samr == -1) proto_register_dcerpc_pidl_samr(); if (proto_dcerpc_pidl_lsarpc == -1) proto_register_dcerpc_pidl_lsarpc(); -#endif - } #endif
svn commit: lorikeet r156 - in trunk/ethereal/plugins/pidl: .
Author: tpot Date: 2005-01-03 22:47:53 + (Mon, 03 Jan 2005) New Revision: 156 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=156 Log: Remove libndr function typedefs as we want to modify them to use struct pidl_pull. Modified: trunk/ethereal/plugins/pidl/libndr.h Changeset: Modified: trunk/ethereal/plugins/pidl/libndr.h === --- trunk/ethereal/plugins/pidl/libndr.h2005-01-03 22:46:19 UTC (rev 155) +++ trunk/ethereal/plugins/pidl/libndr.h2005-01-03 22:47:53 UTC (rev 156) @@ -252,17 +252,3 @@ } while (0) #define NDR_PUSH_ALLOC(ndr, s) NDR_PUSH_ALLOC_SIZE(ndr, s, sizeof(*(s))) - -/* these are used when generic fn pointers are needed for ndr push/pull fns */ -typedef NTSTATUS (*ndr_push_fn_t)(struct ndr_push *, void *); -typedef NTSTATUS (*ndr_pull_fn_t)(struct ndr_pull *, void *); - -typedef NTSTATUS (*ndr_push_flags_fn_t)(struct ndr_push *, int ndr_flags, void *); -typedef NTSTATUS (*ndr_push_const_fn_t)(struct ndr_push *, int ndr_flags, const void *); -typedef NTSTATUS (*ndr_pull_flags_fn_t)(struct ndr_pull *, int ndr_flags, void *); -typedef NTSTATUS (*ndr_push_union_fn_t)(struct ndr_push *, int ndr_flags, uint32_t, void *); -typedef NTSTATUS (*ndr_pull_union_fn_t)(struct ndr_pull *, int ndr_flags, uint32_t, void *); -typedef void (*ndr_print_fn_t)(struct ndr_print *, const char *, void *); -typedef void (*ndr_print_function_t)(struct ndr_print *, const char *, int, void *); -typedef void (*ndr_print_union_fn_t)(struct ndr_print *, const char *, uint32_t, void *); -
svn commit: lorikeet r157 - in trunk/ethereal/plugins/pidl: .
Author: tpot Date: 2005-01-03 22:50:58 + (Mon, 03 Jan 2005) New Revision: 157 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=157 Log: Add function prototypes for ndr_pull_*_fn_t. Fix bug in prototype for ndr_pull_relative2(). Initialise array_length_list and relative_list. Fix parameters to function called in ndr_pull_subcontext_flags_fn. Modified: trunk/ethereal/plugins/pidl/eparser.c trunk/ethereal/plugins/pidl/eparser.h Changeset: Modified: trunk/ethereal/plugins/pidl/eparser.c === --- trunk/ethereal/plugins/pidl/eparser.c 2005-01-03 22:47:53 UTC (rev 156) +++ trunk/ethereal/plugins/pidl/eparser.c 2005-01-03 22:50:58 UTC (rev 157) @@ -15,6 +15,8 @@ ndr-drep = drep; ndr-flags = NDR_SCALARS|NDR_BUFFERS|LIBNDR_FLAG_REF_ALLOC; ndr-array_size_list = NULL; + ndr-array_length_list = NULL; + ndr-relative_list = NULL; return ndr; } @@ -598,7 +600,7 @@ pull a relative object - stage2 called during BUFFERS processing */ -NTSTATUS ndr_pull_relative2(struct ndr_pull *ndr, const void *p) +NTSTATUS ndr_pull_relative2(struct pidl_pull *ndr, const void *p) { uint32_t rel_offset; ndr_token_retrieve(ndr-relative_list, p, rel_offset); @@ -668,7 +670,7 @@ struct pidl_pull *ndr2; NDR_ALLOC(ndr, ndr2); ndr_pull_subcontext_header(ndr, tree, sub_size, ndr2); - fn(ndr2, NDR_SCALARS|NDR_BUFFERS, base); + fn(ndr2, NDR_SCALARS|NDR_BUFFERS, tree, base); if (sub_size) { ndr_pull_advance(ndr, tvb_length(ndr2-tvb)); } else { Modified: trunk/ethereal/plugins/pidl/eparser.h === --- trunk/ethereal/plugins/pidl/eparser.h 2005-01-03 22:47:53 UTC (rev 156) +++ trunk/ethereal/plugins/pidl/eparser.h 2005-01-03 22:50:58 UTC (rev 157) @@ -92,6 +92,12 @@ extern gint hf_conformant_size; +/* these are used when generic fn pointers are needed for ndr push/pull fns */ +typedef NTSTATUS (*ndr_pull_fn_t)(struct pidl_pull *, void *); + +typedef NTSTATUS (*ndr_pull_flags_fn_t)(struct pidl_pull *, int ndr_flags, pidl_tree *tree, void *); +typedef NTSTATUS (*ndr_pull_union_fn_t)(struct pidl_pull *, int ndr_flags, pidl_tree *tree, uint32_t, void *); + // Prototypes for libndr functions NTSTATUS ndr_pull_struct_start(struct pidl_pull *ndr); @@ -126,6 +132,7 @@ NTSTATUS ndr_pull_time_t(struct pidl_pull *ndr, pidl_tree *tree, int hf, time_t *data); NTSTATUS ndr_pull_relative1(struct pidl_pull *ndr, const void *p, uint32_t rel_offset); +NTSTATUS ndr_pull_relative2(struct pidl_pull *ndr, const void *p); void ndr_pull_save(struct pidl_pull *ndr, struct ndr_pull_save *save); void ndr_pull_restore(struct pidl_pull *ndr, struct ndr_pull_save *save); NTSTATUS ndr_pull_subcontext_flags_fn(struct pidl_pull *ndr, pidl_tree *tree,
svn commit: samba r4509 - in branches/SAMBA_4_0/source/build/pidl: .
Author: tpot Date: 2005-01-03 23:28:45 + (Mon, 03 Jan 2005) New Revision: 4509 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4509 Log: Add missing cr. Modified: branches/SAMBA_4_0/source/build/pidl/parser.pm Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/parser.pm === --- branches/SAMBA_4_0/source/build/pidl/parser.pm 2005-01-03 14:45:17 UTC (rev 4508) +++ branches/SAMBA_4_0/source/build/pidl/parser.pm 2005-01-03 23:28:45 UTC (rev 4509) @@ -551,7 +551,7 @@ pidl \tif (_ptr_$e-{NAME}) {\n; pidl \t\tNDR_ALLOC(ndr, $var_prefix$e-{NAME});\n; if (util::has_property($e, relative)) { - pidl \t\tNDR_CHECK(ndr_pull_relative1(ndr, $var_prefix$e-{NAME}, _ptr_$e-{NAME}));; + pidl \t\tNDR_CHECK(ndr_pull_relative1(ndr, $var_prefix$e-{NAME}, _ptr_$e-{NAME}));\n; } pidl \t} else {\n; pidl \t\t$var_prefix$e-{NAME} = NULL;\n;
svn commit: lorikeet r158 - in trunk/ethereal/plugins/pidl: .
Author: tpot Date: 2005-01-03 23:30:15 + (Mon, 03 Jan 2005) New Revision: 158 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=158 Log: Call registration functions for misc.idl and security.idl in plugin init. Modified: trunk/ethereal/plugins/pidl/pidl.c Changeset: Modified: trunk/ethereal/plugins/pidl/pidl.c === --- trunk/ethereal/plugins/pidl/pidl.c 2005-01-03 22:50:58 UTC (rev 157) +++ trunk/ethereal/plugins/pidl/pidl.c 2005-01-03 23:30:15 UTC (rev 158) @@ -10,14 +10,13 @@ void proto_reg_handoff_dcerpc_pidl_lsarpc(void); void proto_register_eparser(void); +void proto_register_dcerpc_pidl_misc(void); +void proto_register_dcerpc_pidl_security(void); + void proto_register_dcerpc_pidl_atsvc(void); void proto_register_dcerpc_pidl_samr(void); void proto_register_dcerpc_pidl_lsarpc(void); -extern int proto_dcerpc_pidl_atsvc; -extern int proto_dcerpc_pidl_samr; -extern int proto_dcerpc_pidl_lsarpc; - #ifndef ENABLE_STATIC G_MODULE_EXPORT void @@ -41,14 +40,12 @@ proto_register_eparser(); - if (proto_dcerpc_pidl_atsvc == -1) - proto_register_dcerpc_pidl_atsvc(); + proto_register_dcerpc_pidl_misc(); + proto_register_dcerpc_pidl_security(); - if (proto_dcerpc_pidl_samr == -1) - proto_register_dcerpc_pidl_samr(); - - if (proto_dcerpc_pidl_lsarpc == -1) - proto_register_dcerpc_pidl_lsarpc(); + proto_register_dcerpc_pidl_atsvc(); + proto_register_dcerpc_pidl_samr(); + proto_register_dcerpc_pidl_lsarpc(); } #endif
svn commit: lorikeet r159 - in trunk/ethereal/plugins/pidl: .
Author: tpot Date: 2005-01-03 23:38:34 + (Mon, 03 Jan 2005) New Revision: 159 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=159 Log: Register field info for subcontext sizes, array length and offset, and num auths. samr now completely decodes! Modified: trunk/ethereal/plugins/pidl/eparser.c Changeset: Modified: trunk/ethereal/plugins/pidl/eparser.c === --- trunk/ethereal/plugins/pidl/eparser.c 2005-01-03 23:30:15 UTC (rev 158) +++ trunk/ethereal/plugins/pidl/eparser.c 2005-01-03 23:38:34 UTC (rev 159) @@ -563,29 +563,6 @@ return ndr_token_peek(ndr-array_size_list, p); } -void proto_register_eparser(void) -{ -static hf_register_info hf[] = { -{ hf_string4_len, { Length, eparser.string4_length, FT_UINT32, BASE_DEC, NULL, 0x0, String4 length, HFILL }}, -{ hf_string4_offset, { Offset, eparser.string4_offset, FT_UINT32, BASE_DEC, NULL, 0x0, String4 offset, HFILL }}, -{ hf_string4_len2, { Length2, eparser.string4_length2, FT_UINT32, BASE_DEC, NULL, 0x0, String4 length2, HFILL }}, -{ hf_string_data, { Data, eparser.string_data, FT_NONE, BASE_NONE, NULL, 0x0, String data, HFILL }}, -{ hf_array_size, { Array size, eparser.array_size, FT_UINT32, BASE_DEC, NULL, 0x0, Array size, HFILL }}, -{ hf_array_uint8, { Uint8 array value, eparser.uint8_array, FT_UINT8, BASE_DEC, NULL, 0x0, Uint8 array value, HFILL }}, -{ hf_array_uint32, { Uint32 array value, eparser.uint32_array, FT_UINT32, BASE_DEC, NULL, 0x0, Uint32 array value, HFILL }}, -}; - -static gint *ett[] = { - ett_array, -}; - -int proto_dcerpc; - -proto_dcerpc = proto_get_id_by_filter_name(dcerpc); -proto_register_field_array(proto_dcerpc, hf, array_length(hf)); -proto_register_subtree_array(ett, array_length(ett)); -} - NTSTATUS ndr_pull_relative1(struct pidl_pull *ndr, const void *p, uint32_t rel_offset) { if (ndr-flags LIBNDR_FLAG_RELATIVE_CURRENT) { @@ -622,7 +599,8 @@ } -static int hf_subcontext_size = -1; +static int hf_subcontext_size16 = -1; +static int hf_subcontext_size32 = -1; /* handle subcontext buffers, which in midl land are user-marshalled, but @@ -643,7 +621,7 @@ case 2: { uint16_t size; - ndr_pull_uint16(ndr, tree, hf_subcontext_size, size); + ndr_pull_uint16(ndr, tree, hf_subcontext_size16, size); if (size == 0) return NT_STATUS_OK; ndr_pull_subcontext(ndr, ndr2, size); break; @@ -651,7 +629,7 @@ case 4: { uint32_t size; - ndr_pull_uint32(ndr, tree, hf_subcontext_size, size); + ndr_pull_uint32(ndr, tree, hf_subcontext_size32, size); if (size == 0) return NT_STATUS_OK; ndr_pull_subcontext(ndr, ndr2, size); break; @@ -774,3 +752,32 @@ } gint hf_conformant_size = -1; + +void proto_register_eparser(void) +{ +static hf_register_info hf[] = { +{ hf_string4_len, { Length, eparser.string4_length, FT_UINT32, BASE_DEC, NULL, 0x0, String4 length, HFILL }}, +{ hf_string4_offset, { Offset, eparser.string4_offset, FT_UINT32, BASE_DEC, NULL, 0x0, String4 offset, HFILL }}, +{ hf_string4_len2, { Length2, eparser.string4_length2, FT_UINT32, BASE_DEC, NULL, 0x0, String4 length2, HFILL }}, +{ hf_string_data, { Data, eparser.string_data, FT_NONE, BASE_NONE, NULL, 0x0, String data, HFILL }}, +{ hf_array_size, { Array size, eparser.array_size, FT_UINT32, BASE_DEC, NULL, 0x0, Array size, HFILL }}, +{ hf_array_length, { Array length, eparser.array_length, FT_UINT32, BASE_DEC, NULL, 0x0, Array length, HFILL }}, +{ hf_array_offset, { Array offset, eparser.array_offset, FT_UINT32, BASE_DEC, NULL, 0x0, Array offset, HFILL }}, +{ hf_array_uint8, { Uint8 array value, eparser.uint8_array, FT_UINT8, BASE_DEC, NULL, 0x0, Uint8 array value, HFILL }}, +{ hf_array_uint32, { Uint32 array value, eparser.uint32_array, FT_UINT32, BASE_DEC, NULL, 0x0, Uint32 array value, HFILL }}, +{ hf_subcontext_size16, { Uint16 subcontext, eparser.subcontext16, FT_UINT16, BASE_DEC, NULL, 0x0, Uint16 subcontext, HFILL }}, +{ hf_subcontext_size32, { Uint32 subcontext, eparser.subcontext32, FT_UINT32, BASE_DEC, NULL, 0x0, Uint32 subcontext, HFILL }}, +{ hf_dom_sid2_num_auths, { dom_sid2 num auths, eparser.num_auths, FT_UINT32, BASE_DEC, NULL, 0x0, dom_sid2 num auths, HFILL }}, +}; + +static gint *ett[] = { + ett_array, +}; + +int proto_dcerpc; + +proto_dcerpc = proto_get_id_by_filter_name(dcerpc); +proto_register_field_array(proto_dcerpc, hf, array_length(hf)); +proto_register_subtree_array(ett, array_length(ett)); +} +
Build status as of Tue Jan 4 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-01-03 00:16:18.0 + +++ /home/build/master/cache/broken_results.txt 2005-01-04 00:00:21.0 + @@ -1,15 +1,15 @@ -Build status as of Mon Jan 3 00:15:57 2005 +Build status as of Tue Jan 4 00:00:01 2005 Build counts: Tree Total Broken Panic -ccache 29 3 0 +ccache 31 2 0 distcc 29 1 0 -ppp 7 0 0 -rsync30 2 0 -samba2 1 0 +ppp 9 0 0 +rsync32 2 0 +samba2 2 1 samba-docs 0 0 0 -samba4 34 12 0 -samba_3_032 8 1 +samba4 35 13 0 +samba_3_034 10 1 Currently broken builds: Host Tree Compiler Status @@ -18,9 +18,9 @@ rhonwynsamba4 gcc-4.0ok/ 2/?/? rhonwynsamba_3_0gcc-4.0ok/ 2/?/? superego samba4 gccok/ 2/?/? -gc8samba4 gccok/ 1/?/? +gc8samba4 gcc 127/?/?/? +gc4samba4 gcc 127/?/?/? smartserv1 samba_3_0gcc-4.0ok/ok/ok/ 2 -gwen ccache cc ok/ 1/?/? gwen distcc cc ok/ 1/?/? gwen samba4 cc ok/ 1/?/? us4samba4 cc ok/ 1/?/? @@ -31,7 +31,9 @@ opisol10 samba_3_0gccok/ 1/?/? gc20 rsyncgccok/ 2/?/? gc20 samba4 gcc 1/?/?/? -gc20 samba_3_0gccok/ 2/?/? +gc20 samba_3_0gcc 1/?/?/? +sun1 samba_3_0cc ok/ 2/?/? +sun1 samba_3_0gccok/ok/ok/ 1 fire1 samba_3_0cc ok/ 2/?/? m30ccache gccok/ok/ok/ 2 m30rsyncgccok/ok/ok/ 2 @@ -40,4 +42,5 @@ metze02sambagccok/ 2/?/? metze02samba4 gccok/ 2/?/? metze02samba4 gcc-3.4ok/ 2/?/? +metze01sambagccok/ok/ok/ 1/PANIC
svn commit: samba r4510 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2005-01-04 03:06:23 + (Tue, 04 Jan 2005) New Revision: 4510 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4510 Log: Some more tests for RPC-NETLOGON, checking the idea that we could combine the NTLM and LMv2 responses, for maximum compatability from a client perspective, allowing access to servers that require NTLMv2, as well as those that don't support it. Currently, this is unfortunetly not possible against Win2k3 (and Samba is being coded to match that behaviour at this point). Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/samlogon.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/samlogon.c === --- branches/SAMBA_4_0/source/torture/rpc/samlogon.c2005-01-03 23:28:45 UTC (rev 4509) +++ branches/SAMBA_4_0/source/torture/rpc/samlogon.c2005-01-04 03:06:23 UTC (rev 4510) @@ -626,6 +626,135 @@ } /* + * Test the NTLM and LMv2 responses + */ + +static BOOL test_lmv2_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string) +{ + BOOL pass = True; + NTSTATUS nt_status; + DATA_BLOB ntlmv2_response = data_blob(NULL, 0); + DATA_BLOB lmv2_response = data_blob(NULL, 0); + DATA_BLOB lmv2_session_key = data_blob(NULL, 0); + DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state-mem_ctx, lp_netbios_name(), lp_workgroup()); + + DATA_BLOB ntlm_response = data_blob_talloc(samlogon_state-mem_ctx, NULL, 24); + DATA_BLOB ntlm_session_key = data_blob_talloc(samlogon_state-mem_ctx, NULL, 16); + + uint8_t lm_hash[16]; + uint8_t lm_session_key[8]; + uint8_t user_session_key[16]; + uint8_t nt_hash[16]; + + SMBNTencrypt(samlogon_state-password, samlogon_state-chall.data, +ntlm_response.data); + E_md4hash(samlogon_state-password, nt_hash); + SMBsesskeygen_ntv1(nt_hash, + ntlm_session_key.data); + E_deshash(samlogon_state-password, lm_hash); + + ZERO_STRUCT(lm_session_key); + ZERO_STRUCT(user_session_key); + + /* TODO - test with various domain cases, and without domain */ + if (!SMBNTLMv2encrypt(samlogon_state-account_name, samlogon_state-account_domain, + samlogon_state-password, samlogon_state-chall, + names_blob, + lmv2_response, ntlmv2_response, + lmv2_session_key, ntlmv2_session_key)) { + data_blob_free(names_blob); + return False; + } + data_blob_free(names_blob); + + nt_status = check_samlogon(samlogon_state, + break_which, + samlogon_state-chall, + lmv2_response, + ntlm_response, + lm_session_key, + user_session_key, + error_string); + + data_blob_free(lmv2_response); + data_blob_free(ntlmv2_response); + + + if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) { + return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH)); + } + + if (!NT_STATUS_IS_OK(nt_status)) { + return False; + } + + switch (break_which) { + case NO_NT: + if (memcmp(lmv2_session_key.data, user_session_key, + sizeof(user_session_key)) != 0) { + printf(USER (LMv2) Session Key does not match expectations!\n); + printf(user_session_key:\n); + dump_data(1, user_session_key, 16); + printf(expected:\n); + dump_data(1, lmv2_session_key.data, ntlmv2_session_key.length); + pass = False; + } + if (memcmp(lmv2_session_key.data, lm_session_key, + sizeof(lm_session_key)) != 0) { + printf(LM (LMv2) Session Key does not match expectations!\n); + printf(lm_session_key:\n); + dump_data(1, lm_session_key, 8); + printf(expected:\n); + dump_data(1, lmv2_session_key.data, 8); + pass = False; + } + break; + case BREAK_LM: + if (memcmp(ntlm_session_key.data, user_session_key, + sizeof(user_session_key)) != 0) { + printf(USER (NTLMv2) Session Key does not match expectations!\n); + printf(user_session_key:\n); + dump_data(1, user_session_key, 16); +
svn commit: samba r4511 - in branches/SAMBA_4_0/source/build/pidl: .
Author: tpot Date: 2005-01-04 05:21:24 + (Tue, 04 Jan 2005) New Revision: 4511 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4511 Log: Remove a crapload of dead code. Modified: branches/SAMBA_4_0/source/build/pidl/eparser.pm Changeset: Sorry, the patch is too large (880 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4511
svn commit: lorikeet r160 - in trunk/ethereal/plugins/pidl: .
Author: tpot Date: 2005-01-04 05:43:59 + (Tue, 04 Jan 2005) New Revision: 160 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=160 Log: When creating subtrees for ndr structures, make the name a bit friendlier looking than the IDL field name. Modified: trunk/ethereal/plugins/pidl/eparser.c Changeset: Modified: trunk/ethereal/plugins/pidl/eparser.c === --- trunk/ethereal/plugins/pidl/eparser.c 2005-01-03 23:38:34 UTC (rev 159) +++ trunk/ethereal/plugins/pidl/eparser.c 2005-01-04 05:43:59 UTC (rev 160) @@ -517,6 +517,7 @@ GSList *l; proto_item *item; struct subtree_info *info; + char *item_name, *tmp; if (!tree-proto_tree) return tree; @@ -530,13 +531,31 @@ return info-subtree; } + /* Create a more friendly looking name */ + + item_name = g_strdup(name); + + for(tmp = item_name; *tmp; tmp++) { /* Underscores to spaces */ + if (*tmp == '_') + *tmp = ' '; + } + + for(tmp = item_name; *tmp; tmp++) { /* Capitalise each word */ + if (tmp == item_name || *(tmp - 1) == ' ') + *tmp = toupper(*tmp); + } + /* Create new subtree entry */ info = (struct subtree_info *)g_malloc(sizeof(struct subtree_info)); info-name = g_strdup(name); + item = proto_tree_add_text( - tree-proto_tree, ndr-tvb, ndr-offset, 0, name); + tree-proto_tree, ndr-tvb, ndr-offset, 0, item_name); + + g_free(item_name); + info-subtree.subtree_list = NULL; info-subtree.proto_tree = proto_item_add_subtree(item, ett);
svn commit: samba r4512 - in branches/SAMBA_4_0/source/build/pidl: .
Author: tpot Date: 2005-01-04 06:35:53 + (Tue, 04 Jan 2005) New Revision: 4512 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4512 Log: Give arrays of scalar types their own subtree. Modified: branches/SAMBA_4_0/source/build/pidl/eparser.pm Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/eparser.pm === --- branches/SAMBA_4_0/source/build/pidl/eparser.pm 2005-01-04 05:21:24 UTC (rev 4511) +++ branches/SAMBA_4_0/source/build/pidl/eparser.pm 2005-01-04 06:35:53 UTC (rev 4512) @@ -173,25 +173,36 @@ if ($t-{DATA}-{TYPE} eq STRUCT) { for my $e (@{$t-{DATA}-{ELEMENTS}}) { + $e-{PARENT} = $t-{DATA}; + if ($needed{pull_$t-{NAME}}) { $needed{pull_$e-{TYPE}} = 1; } if (util::is_scalar_type($e-{TYPE})) { + + if (defined($e-{ARRAY_LEN}) or + util::has_property($e, size_is)) { + + $needed{ett_$e-{NAME}} = 1; + + } else { - $needed{hf_$e-{NAME}_$e-{TYPE}} = { - 'name' = field2name($e-{NAME}), - 'type' = $e-{TYPE}, - 'ft' = type2ft($e-{TYPE}), - 'base' = elementbase($e) - }; - - $e-{PARENT} = $t-{DATA}; - - if ($needed{pull_$t-{NAME}}) { - $needed{pull_$e-{TYPE}} = 1; + $needed{hf_$e-{NAME}_$e-{TYPE}} = { + 'name' = field2name($e-{NAME}), + 'type' = $e-{TYPE}, + 'ft' = type2ft($e-{TYPE}), + 'base' = elementbase($e) + }; + + $e-{PARENT} = $t-{DATA}; + + if ($needed{pull_$t-{NAME}}) { + $needed{pull_$e-{TYPE}} = 1; + } } + } else { $needed{ett_$e-{TYPE}} = 1; @@ -420,8 +431,10 @@ # Add tree argument to ndr_pull_array() - s/(ndr_pull_array([^\(]*?)\(ndr, (NDR_[^,]*?), ([^\)].*?)\);)/ndr_pull_array$2( ndr, $3, tree, $4);/smg; + s/(ndr_pull_array([^\(_]*?)\(ndr, (NDR_[^,]*?), ([^\)].*?)\);)/ndr_pull_array$2( ndr, $3, tree, $4);/smg; + s/(ndr_pull_array_([^\(]*?)\(ndr, (NDR_[^,]*?), (r-((in|out).)?([^,]*?)), (.*?)\);)/ndr_pull_array_$2( ndr, $3, get_subtree(tree, \$7\, ndr, ett_$7), $4, $8);/smg; + # Save ndr_pull_relative[12]() calls from being wrapped by the # proceeding regexp.
svn commit: lorikeet r162 - in trunk/ethereal/plugins/pidl: .
Author: tpot Date: 2005-01-04 06:37:39 + (Tue, 04 Jan 2005) New Revision: 162 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=162 Log: Check in changes to autogenerated dissectors after the last couple of bugfixes (hey the diffs for this are actually pretty descriptive of what has changed). Modified: trunk/ethereal/plugins/pidl/packet-dcerpc-lsa.c trunk/ethereal/plugins/pidl/packet-dcerpc-misc.c trunk/ethereal/plugins/pidl/packet-dcerpc-samr.c trunk/ethereal/plugins/pidl/packet-dcerpc-security.c Changeset: Sorry, the patch is too large (546 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=162