RE [Samba] samba -cups
My test is OK.Thanks a lot There is a mistake in cups exemple web interface gb. --- Your URI is incorrect if your printer is a network printer the correct URI must be : lpd://myprinter --- Stéphane PURNELLE stephane.purnelle at corman.be https://lists.samba.org/mailman/listinfo/samba Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman.be at lists.samba.org https://lists.samba.org/mailman/listinfo/samba a écrit sur 19/01/2005 16:38:44 : / hello // // I try to manage a printer (Apple Lawerwriter 16/600 ) with cups but /without / succes !!! // // with cups web interface : // // I add a printer: // device = LPD/LPR Host or Printer // URI= lpd://mymachine/lp // Type= Apple // Model = Apple LaserWriter16/600 Foomatic/Postscript (Recommended)(en) // // I try to print a testpage but without succes // // - 'mymachine' is either in my dns and my /etc/hosts file // - no problem with ping myprinter // - no problem with telnet myprinter 515 // - no problem with 'settings of myprinter // // LaserWriter 16/600 PS // TCP/IP Interface Information // // Interface Status: Ready // PostScript Banner Page : Disabled // IP Address : xxx.yyy.zzz.aa // Subnet Mask : 255.255.255.0 // Default Gateway : xxx.yyy.zzz.bb // Timeout Checking: Enabled // Ethernet Address: 09:01:08:05:7D:99 // // - but when I add myprinter and try to print a testpage, (loglevel debug/) / I have : // Remote host did not respond with command status byte after 300 seconds! // // is there someone to help me? // thanks // // gb./ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Excel files file modification time
Hi everyone, I have a problem on samba running on RHEL 3 kernel 2.4.21 with RHEL 3 samba packages - samba-3.0.7-1.3E.1. The problem is, that when people open excel files (with office 97 version of excel) the file modification time is changed (even if the file is only opened and excel closed without saving). This same problem does not occur on the [homes] share (in every test untill now it never happened on that share). I am wondering what is different between [homes] and other shares, since I do not have any special/different settings for those shares. I hope someone can enlighten me with an answer. Regards, Bostjan -- buhdej evridej -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT status page
Hello everyone I have not used SWAT for quite a while, and there have been upgrades since last using it (currently running on 3.0.10-SUSE on a SuSE 9.0 i386 box). It logs on fine, but it displays the status of smbd incorrectly: even though it is running, it displays not running. All the connections, shares and files are shown correctly in the status page, and I can verify that smbd is running with smbstatus (and the fact that my phone is quiet!). I read an older post that said it may have something to do with not connecting by the samba boxes netbios name, but I have tried with its netbios name, its aliases and its IP, all of them show smbd as not running. Some background: I have added an A record for the samba box (some linux boxes could not reach it by netbios) - so I think the name is resolved with DNS rather than netbios, could this be the problem? Also, could any upgrades have been the problem (they have been done with SuSE rpms, once with sernet), maybe its using slightly different files or links? Thanks for any suggestions! H signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.10 is mult task
Hi (sorry I do this question again, but my computer is block and I lost all my e-mail) I will install samba 3.0.10 in solaris 9/10. I would like to know if this version of samba is multi task. Today I use the samba 2.2.2 in solaris 8 (server with 2 processor), bat the sons process of samba work only one processor (100%) and the other processor be empty (0%) [the sons process only work where was started the father process]. Thank for answer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel files file modification time
This must be related to this one I think http://lists.samba.org/archive/samba/2004-April/084461.html There were a couple of fixes wrt locking issues addressed in latest 3.0.11pre1. Regards, Lieven Op do, 20-01-2005 te 10:33 +0100, schreef Bostjan Mller: Hi everyone, I have a problem on samba running on RHEL 3 kernel 2.4.21 with RHEL 3 samba packages - samba-3.0.7-1.3E.1. The problem is, that when people open excel files (with office 97 version of excel) the file modification time is changed (even if the file is only opened and excel closed without saving). This same problem does not occur on the [homes] share (in every test untill now it never happened on that share). I am wondering what is different between [homes] and other shares, since I do not have any special/different settings for those shares. I hope someone can enlighten me with an answer. Regards, Bostjan -- buhdej evridej -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Lieven Van Acker e-mail: [EMAIL PROTECTED] Directie ICT, Afdeling Infrastructuur Groep Systemen tel: +32 9 264 4732 Universiteit Gent fax: +32 9 264 4994 Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating from Windows 2000 Server to Samba
Hello, I'm aiming to migrate a few Windows 2000 Server boxes to Linux with Samba and I would like to check what Samba can do before actually comitting myself to this idea. There are a few servers, all located in different locations, connected to one central server. The remote servers contains files only, and the central server controls internet access and has Exchange installed on. Currently, when I log in one computer, I have access to the local server's hard drive, Outlook is set up to access the Exchange server located in the central server. I do my work, and then move to a different computer, log in, and everything's similar to what I had before, Outlook is already set up, I have the same access to the files. I then move to a different office, log in and it's as if I've never changed computers - even the Outlook bar has been disabled and stuff. Would similar be possible using Samba along with Exim and a range of email clients - i.e. if I log in, I don't have to set up email each time? Also can Samba send logon scripts to the computer for it to execute? Thanks very much for your help in advance Cheers - Piers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem adding computer to domain
Hi All I have the following problem: I'm using samba with ldap. Everybody can login on the domain, access shares and so on. But when I want to add a new computer to the domain, windows asks for a password (this is normal) and as ever we tried to login with root and the password. But unfortunately , now it says: can't find user. I check with phpldapadmin and I see the user root in the ldap database. I can also access shares as user root This is the ldap logging and I don't see any errors: Jan 20 12:48:46 localhost slapd[8709]: daemon: conn=97 fd=20 connection from IP=172.16.6.3:52231 (IP=0.0.0.0:389) accepted. Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=0 BIND dn=CN=MANAGER,DC=SIF-GROUP,DC=NL method=128 Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=0 RESULT tag=97 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=1 SRCH base=dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=SIF-GROUP)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=1 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=2 SRCH base=dc=sif-group,dc=nl scope=2 filter=((uid=root)(objectClass=sambaSamAccount)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=2 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: daemon: conn=98 fd=25 connection from IP=127.0.0.1:52232 (IP=0.0.0.0:389) accepted. Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=0 BIND dn= method=128 Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=0 RESULT tag=97 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=1 SRCH base=dc=sif-group,dc=nl scope=2 filter=(uid=root) Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=1 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=2 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=1 filter=((objectClass=posixGroup)(|(memberUid=root)(uniqueMember=uid=root,ou=People,dc=sif-group,dc=nl))) Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=2 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=3 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=0)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=3 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=4 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=1)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=4 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=5 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=2)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=5 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=6 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=3)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=6 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=7 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=4)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=7 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=8 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=6)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=8 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=9 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=10)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=9 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=10 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=512)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=10 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=-1 fd=20 closed Jan 20 12:48:46 localhost slapd[8709]: conn=-1 fd=25 closed Jan 20 12:48:47 localhost slapd[8709]: daemon: conn=99 fd=20 connection from IP=172.16.6.3:52233 (IP=0.0.0.0:389) accepted. Jan 20 12:48:47 localhost slapd[8709]: conn=99 op=0 BIND dn=CN=MANAGER,DC=SIF-GROUP,DC=NL method=128 Jan 20 12:48:47 localhost slapd[8709]: conn=99 op=0 RESULT tag=97 err=0 text= Jan 20 12:48:47 localhost slapd[8709]: conn=99 op=1 SRCH base=dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=SIF-GROUP)) Jan 20 12:48:47 localhost slapd[8709]: conn=99 op=1 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:47 localhost slapd[8709]: conn=99 op=2 SRCH base=dc=sif-group,dc=nl scope=2 filter=((uid=root)(objectClass=sambaSamAccount)) Jan 20 12:48:47 localhost slapd[8709]: conn=99 op=2 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:47 localhost slapd[8709]: daemon: conn=100 fd=25 connection from
Re: [Samba] Problem adding computer to domain
If somebody wants to kow: I'musing Samba version 3.0.9-1.3E.1 greetz Bart - Original Message - From: Bart Hendrix [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Thursday, January 20, 2005 12:56 PM Subject: [Samba] Problem adding computer to domain Hi All I have the following problem: I'm using samba with ldap. Everybody can login on the domain, access shares and so on. But when I want to add a new computer to the domain, windows asks for a password (this is normal) and as ever we tried to login with root and the password. But unfortunately , now it says: can't find user. I check with phpldapadmin and I see the user root in the ldap database. I can also access shares as user root This is the ldap logging and I don't see any errors: Jan 20 12:48:46 localhost slapd[8709]: daemon: conn=97 fd=20 connection from IP=172.16.6.3:52231 (IP=0.0.0.0:389) accepted. Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=0 BIND dn=CN=MANAGER,DC=SIF-GROUP,DC=NL method=128 Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=0 RESULT tag=97 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=1 SRCH base=dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=SIF-GROUP)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=1 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=2 SRCH base=dc=sif-group,dc=nl scope=2 filter=((uid=root)(objectClass=sambaSamAccount)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=2 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: daemon: conn=98 fd=25 connection from IP=127.0.0.1:52232 (IP=0.0.0.0:389) accepted. Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=0 BIND dn= method=128 Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=0 RESULT tag=97 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=1 SRCH base=dc=sif-group,dc=nl scope=2 filter=(uid=root) Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=1 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=2 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=1 filter=((objectClass=posixGroup)(|(memberUid=root)(uniqueMember=uid=root,ou=People,dc=sif-group,dc=nl))) Jan 20 12:48:46 localhost slapd[8709]: conn=98 op=2 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=3 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=0)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=3 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=4 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=1)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=4 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=5 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=2)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=5 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=6 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=3)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=6 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=7 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=4)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=7 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=8 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=6)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=8 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=9 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=10)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=9 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=10 SRCH base=ou=Groups,dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=512)) Jan 20 12:48:46 localhost slapd[8709]: conn=97 op=10 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:46 localhost slapd[8709]: conn=-1 fd=20 closed Jan 20 12:48:46 localhost slapd[8709]: conn=-1 fd=25 closed Jan 20 12:48:47 localhost slapd[8709]: daemon: conn=99 fd=20 connection from IP=172.16.6.3:52233 (IP=0.0.0.0:389) accepted. Jan 20 12:48:47 localhost slapd[8709]: conn=99 op=0 BIND dn=CN=MANAGER,DC=SIF-GROUP,DC=NL method=128 Jan 20 12:48:47 localhost slapd[8709]: conn=99 op=0 RESULT tag=97 err=0 text= Jan 20 12:48:47 localhost slapd[8709]: conn=99 op=1 SRCH base=dc=sif-group,dc=nl scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=SIF-GROUP)) Jan 20 12:48:47 localhost slapd[8709]: conn=99 op=1 SEARCH RESULT tag=101 err=0 text= Jan 20 12:48:47 localhost slapd[8709]: conn=99 op=2 SRCH base=dc=sif-group,dc=nl scope=2
Re: [Samba] Migrating from Windows 2000 Server to Samba
Hi Pier, samba acts as a nt 4 server so most everything which works on a win nt 4 server works with samba too, include logon scripts. Exchange 5.5 should work with a samba domain. No Way for Exchange 2000 or higher as this needs the active dir. ( There is a way to make it work but i dont recommend it ) For further Questions you should read the samba doku , which has real good descriptions for migration scenarios. There are some Outlook compatibel Linux Servers like scalix etc, which would give you the outlook behavior you know now. Best Regards Piers Kittel schrieb: Hello, I'm aiming to migrate a few Windows 2000 Server boxes to Linux with Samba and I would like to check what Samba can do before actually comitting myself to this idea. There are a few servers, all located in different locations, connected to one central server. The remote servers contains files only, and the central server controls internet access and has Exchange installed on. Currently, when I log in one computer, I have access to the local server's hard drive, Outlook is set up to access the Exchange server located in the central server. I do my work, and then move to a different computer, log in, and everything's similar to what I had before, Outlook is already set up, I have the same access to the files. I then move to a different office, log in and it's as if I've never changed computers - even the Outlook bar has been disabled and stuff. Would similar be possible using Samba along with Exim and a range of email clients - i.e. if I log in, I don't have to set up email each time? Also can Samba send logon scripts to the computer for it to execute? Thanks very much for your help in advance Cheers - Piers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3 PDC: Home directories in other machine
Hi, I've a Samba-3 PDC LDAP Based and I want to put the home directories in other machine. It's impossible that this machine was a BDC; this machine only exports via NFS. My idea is mount via NFS this machine in my Samba-3 PDC machine (i.e: /users/), and share this directory from my users. Is it possible? I've searched, but nothing... Some links?? Thanks! PD: My english is odd, I know... -- Juan José Vidal Agustín Universidad de Murcia (ÁTICA) Área de Tecnologías de la Información y las Comunicaciones Aplicadas Proyecto SOFTLA - Software Libre y Abierto Universidad de Murcia Edificio Ática, Campus Univ. de Espinardo E-30100 Murcia (SPAIN) Tlf.: +34 968 39 8741 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3 PDC: Home directories in other machine
On Thu, 20 Jan 2005 14:05:09 +0100, Juan José Vidal [EMAIL PROTECTED] wrote: Hi, I've a Samba-3 PDC LDAP Based and I want to put the home directories in other machine. It's impossible that this machine was a BDC; this machine only exports via NFS. My idea is mount via NFS this machine in my Samba-3 PDC machine (i.e: /users/), and share this directory from my users. Is it possible? Yes, I've already done this. I've searched, but nothing... Some links?? This depends on your OS. Just find a recipe that tells you how to set up NFS. From experience, the HOWTOs for Linux, FreeBSD and Solaris are all very straightforward. Samba doesn't care really care one way or another whether the path of a share is an NFS mount or not. Well, it may underneath, but not that I noticed. The main question is one of permissions. Does the exporting server use nsswitch to authenticate off LDAP, or does it use its own /etc/passwd? David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3 PDC: Home directories in other machine
David Landgren a écrit : On Thu, 20 Jan 2005 14:05:09 +0100, Juan José Vidal [EMAIL PROTECTED] wrote: Hi, I've a Samba-3 PDC LDAP Based and I want to put the home directories in other machine. It's impossible that this machine was a BDC; this machine only exports via NFS. My idea is mount via NFS this machine in my Samba-3 PDC machine (i.e: /users/), and share this directory from my users. Is it possible? I've make a document (in french sorry) for exporting account and home directories with LDAP / automount and NFS. http://lesouriciergris.free.fr/support/openldap.pdf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Huge problem with roaming profiles
Well, I thought everything was fine! Guess not. Yesterday I was playing with NetBIOS settings trying to get two servers to see each other across subnets. Well, since then, my users are randomly disconnected from the server, and every few times they log out / in, they get a message that their roaming profile wasn't available and a cached copy will be used instead. When that happens they have no connectivity to the CORP domain (they can't even click CORP in their network places) and their login script doesn't get executed. I think this is some name resolution thing, but AFAIK I have put everything back to how it was before. Can anyone think of what I should check? Maybe the broadcast order? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] very slow transfert rate and charge cpu high
hi, sorry for my english ... I have a problem with samba 3.0.10 on FC3 and machine XP ; a transfert from XP to samba server is very very slow with huge file ( 1go ) and the cpu charge is high ( 80% cpu ) for the smbd process . help please ... thanks in advance Best regards -- Didier GUILLOT - Institut des Matériaux de Nantes Tel : 02 40 37 39 04 Fax : 02 40 37 39 95 Emile : [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC + LDAP without local Unix accounts?
Related to this topic, I haven't followed the developments in Samba/FreeBSD for 6 months or so. Does Samba 3.0.10/FreeBSD 5.3 work with LDAP/NSSwitch/Winbind. I know at one point the getgrent/getpwent stuff didn't work so you couldn't enumerate native windows groups. Has all this been fixed? I would like to begin building a new samba box but don't want to waste my time on this combination to find out it still doesn't work Thank you, Matt Pusateri On Wed, 19 Jan 2005 22:05:56 -0500, Adam Tauno Williams [EMAIL PROTECTED] wrote: We are trying to use Samba 3.0.10 running on FreeBSD 5.3 to replace a legacy NT4 PDC. Our goal is to use LDAP to centralize all user information and authentication on the network. To that end, we've set up Samba to use LDAP for authentication of all the Windows users. This is working, but Samba seems to require that all Windows account have a matching Unix account as well. YES This would be fine, except that all of the user profile directories and Samba shares are hosted on a separate machine, making the Unix accounts superfluous. (As far as I know.) If at all possible, we'd like to avoid having to maintain user accounts on both the LDAP server and the Samba PDC. I had entertained the idea of using an LDAP PAM module simulate the Unix accounts, but this is looking more and more like the wrong way to go about it as PAM seems tied strictly to authentication and Samba already handles that part. Your confusing PAM and NSS. So to summarize, I'd like to know if a Samba PDC can be authenticate users via an LDAP backand without having to contain local Unix accounts for those users as well. You need to have a 'Unix' account; but your using LDAP, so it doesn't need to be 'local'. I confess to not being a Windows or Samba guru, but I have read a lot of documentation and none of it has shed any light on this particular problem. If there's an easy and obvious way to do this, it has eluded me. NSS, you probably don't need PAM. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SASL build error on solaris 8
Hi, My ultimate goal is to deploy a source-built Samba 3.0.1 on Solaris 8 that can join an Active Directory. According to the docs, Samba requires Kerberos and OpenLDAP and OpenLDAP requires SASL. Hence my problem. when i try to build cyrus-sasl-2.1.15 i have got the following configure warnings configure: warning: No DES support for DIGEST-MD5 configure: warning: OpenSSL not found -- OTP will be disabled configure: warning: OpenSSL not found -- SRP will be disabled configure: warning: No DES library found for Kerberos V4 support configure: warning: OpenSSL not found -- NTLM will be disabled configure: warning: No DES library found for Kerberos V4 support when i try to make i have got the following error /usr/ccs/bin/make all-recursive Making all in include Making all in sasldb Making all in plugins Making all in lib /bin/sh ../libtool --mode=link gcc -Wall -W -Wall -g -O2 -L/usr/local/lib -R/usr/local/lib -L/usr/local/lib -L/usr/local/lib -o libsasl2.la -rpath =/usr/local/lib -version-info 2:15:0 auxprop.lo canonusr.lo checkpw.lo client.lo common.lo config.lo external.lo md5.lo saslutil.lo server.lo seterror.lo dlopen.lo plugin_common.lo -ldl -lresolv -lsocket -lnsl -lresolv -lresolv -lresolv -lsocket libtool: link: only absolute run-paths are allowed *** Error code 1 make: Fatal error: Command failed for target `libsasl2.la' Current working directory /export/home/fmg/ads/cyrus-sasl-2.1.15/lib *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Current working directory /export/home/fmg/ads/cyrus-sasl-2.1.15 *** Error code 1 make: Fatal error: Command failed for target `all-recursive-am' If anybody has a success story, or even a hints, Id be most grateful. Heres my component installation summary set GCC=/usr/local/bin/gcc; set cc=$gcc Get M4 build M4 Set GCC=/usr/local/bin/gcc set cflags = -I /usr/local/include -l/usr/local/lib sh configure sh make 1) Install/build AutoConf 2.57 sh configure --prefix=/usr/local make make install 2) Install/build AutoMake 1.7.2 sh configure --prefix=/usr/local make make install sh configure --prefix=/usr/local make make install 3) repeat step 1 then repeat step 2 4) Install libtool download from sunfreeware.com gunzip ...filename pkgadd -d pgkname -s /var/spool/pkg/ pkgadd 5) Install/build Berkeleydb /db4.1.5 cd /dist .configure --prefix=/usr/local make make install 6) Flex NOTE: Flex used lex and yacc cd flex autoconf configure --prefix=/usr/local make make install cd .. 7) Bison NOTE: Bison used lex and yacc cd bison autoconf configure --prefix=/usr/local make make install 8) Repeat Step1. then. Step2. Now both tools use each other cd .. 9) Build KRB5 1.3.1 cd krb5 /src configure -- enable-dns -- enable-dns-for-kdc -- enable-dns-for-realm --without-tcl \ --prefix=/usr/local --exec_prefix=/usr/local --libdir=/usr/local/lib make make install 10) Build Install SASL cd syrus_sasl_2.1.15 ./configure --prefix=/usr/local \ --exec_prefix=/usr/local \ --enable-login \ --enable-ntlm \ --enable-gssapi=/usr/local \ --libdir =/usr/local/lib \ --with-openssl=/usr/local/ssl DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] What happens when a windows client joins a domain ?
Hi, I know this is not tipically a samba question, but I thought maybe someone here would have the proper technical expertise to answer. My goal is to reinstall frequently 80 workstations under Windows XP. In intend to use ghost for this. Maybe my approach is totally wrong, but I figured that the easiest way to not mess-up with the PDC would be to backup whatever is needed on the workstations, multicast ghost them, and then, using a script, restore the domain credentials at first boot. First, I supposed that backing up and restoring the SID and the name of the workstation might be enough, but there must be something else. Hence my question : what happens ? So, what would I have to backup/restore so that the PDC would think that the box never left the domain and will always see it exactly the same even after reinstalling ? Thanks a lot for any answer (or link) you might provide. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Why would nsswitch.conf be needed at all ?
Hi, I have setup a samba server as a domain member to share print queues. As I'm doing print quotas, I need the users to be authenticated properly. The setup works except that it appears that I need to add winbind to my nsswitch.conf. This is kind of upsetting as I don't see a reason why I have to share windows users' namespace with my linux users base (mainly root and system users btw). As far as samba is concerned, it creates uid/gid mappings on the fly. Why would it absolutely need the system to be able to resolve username/uids ? Maybe I missed something ? Thanks for your insights. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sudden domain login problems from XP-pro sp2 clients, Please help!
Update: I had to remove every PC on the network from the domain, delete the machine account from the pdb backened, and then rejoin the computer to the domain. I am starting to realize that the problem stems from a corrupted pdb backend, as now, some accounts (samba not unix) have dissapeared. Some of the accounts I can just re-add via smbpasswd -a, set their password, and then they can login. But other accounts will not allow me to login after I do this. There are a whole bunch of these corrupted accounts. Running pdbedit -u username -v, and comparing to working accounts, I can't tell any difference. I AM able to connect with the bad usernames to regular shares, I just can't login to the domain. What do I do??? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Why would nsswitch.conf be needed at all ?
I have setup a samba server as a domain member to share print queues. As I'm doing print quotas, I need the users to be authenticated properly. The setup works except that it appears that I need to add winbind to my nsswitch.conf. This is kind of upsetting as I don't see a reason why I have to share windows users' namespace with my linux users base (mainly root and system users btw). As far as samba is concerned, it creates uid/gid mappings on the fly. Why would it absolutely need the system to be able to resolve username/uids ? windbind does this exactly in order to be able to provide such information via NSS. Samba is a UNIX process, it needs to know about the users. Maybe I missed something ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Why would nsswitch.conf be needed at all ?
I have setup a samba server as a domain member to share print queues. As I'm doing print quotas, I need the users to be authenticated properly. The setup works except that it appears that I need to add winbind to my nsswitch.conf. This is kind of upsetting as I don't see a reason why I have to share windows users' namespace with my linux users base (mainly root and system users btw). As far as samba is concerned, it creates uid/gid mappings on the fly. Why would it absolutely need the system to be able to resolve username/uids ? windbind does this exactly in order to be able to provide such information via NSS. Samba is a UNIX process, it needs to know about the users. I'm not sure I agree. Samba is a unix process which needs to know about a username/uid mapping. As it gets this information internally via winbind, I just don't understand why it has to make sure the mapping is also recognized by the system. The only real use I see of the nsswitch.conf is to allow any other non samba software to get access to this mapping (/bin/ls as a simple example). So, why would samba ever need to control that the system is able to do this mapping when everything happens internally (sending a job to cups is certainly not a case in which a usernam/uid mapping is usefull. It would only be if one chooses to use lprm from a shell under one of the domain users) ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Access Problem
Hello, I've a problem whith my share between 2 linux : When i connect to my share from the first computer to the server I could'nt create file with correct access rights ... I try all the combination of mask but my file has always x status. Does anyone have a solution ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Active Directory integration - where to go next??
Hi, I think I've hit a bit of a brick wall with integrating Samba and Active Directory and aren't sure which direction I should go - I've had a look through the How-To and this made me doubt myself even more. At the moment I've configured a Samba domain member to authenticate users against AD. wbinfo and getent both correctly produce user/groups lists from AD and test shares/ACL's are working OK. But should I be storing the mapped Windows user ID's in some kind of DB? Ie LDAP or tdbsam? My aim is to have a second Samba member that will act as a failover. How would this affect the user mappings? I think I read somewhere that each box would map the Windows users separately, so they may not have identical UID's - which would in turn cause problems with permissions and ACL's. Is this the case?? If so do I need to create a single repository to store the user mappings that both Samba members use? Again how does this work?? And how does this get updated when new users are added to AD? Thanks for your time - I'm getting a bit frustrated and need a push in the right direction. Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Why would nsswitch.conf be needed at all ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frederic Olivie wrote: | I'm not sure I agree. Samba is a unix process which needs | to know about a username/uid mapping. As it gets this | information internally via winbind, I just don't understand | why it has to make sure the mapping is also recognized | by the system. | | The only real use I see of the nsswitch.conf is to | allow any other non samba software to get access to | this mapping (/bin/ls as a simple example). | | So, why would samba ever need to control that the | system is able to do this mapping when everything | happens internally (sending a job to cups is certainly | not a case in which a usernam/uid mapping is usefull. | It would only be if one chooses to use lprm from | a shell under one of the domain users) ? The design philosophy makes the code path cleaner if you use NSS. This way you don't have one code path when winbindd is present and one when it is not. Granted it is not a clean in practice as I make is sound but it is much cleaner. And unless you are running on an appliance type box, most people would prefer to see user and group names when they run 'ls -l' so you end up needing NSS anyways. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB79kUIR7qMdg1EfYRApbsAKCph9XNSuVtu3TqtYe1IWehvYY8kQCeOf/+ E903LPGl4Dxk9ukXRPlO+fo= =aYYv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: ACL Win XP problem
Hmm. Don't think this is it, since even if I log in as root it still fails. I'll try again though. Do I need to map the root user to something in any way? Jamison Bart Hendrix wrote: Hello Jamison, I'm not if I'm right, but if you want tosearch for a username when you want to set acl, you have to do this as root. So if the popup comes up, try username root and the password of root. Then you will see al users and you can add / modify and so on. Greetz Bart - Original Message - From: Jamison Stepan [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Wednesday, January 19, 2005 10:37 PM Subject: [Samba] ACL Win XP problem Ok, I've been searching Google for two days and can't seem to find an answer for this. I want to use ACL's, but I need to be able to administer them in Win XP. My distro is Suse 9.1 and I'm running a standalone Samba server. I can create acl's just fine in Linux/shell, and when I view a file in the Security tab I can see and edit all the ACL parameter's just fine. However, when I attempt to add a user I get a box asking me to search for a user name. When I enter a username I then get a box that asks for a username and password. However, no matter what username and password I put in here I still get a message back that it cannot find the object. As I've read through the posts about this in the past everything seems to revolve around having a domain running, which we do not/cannot have. Is it possible to add users to an file's ACL with a standalone samba server? And if so, is there a configuration part that you need in order to add users? Thanks, Jamison Stepan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Please help me decipher a two-packet NetBT conversation...
My clients are Windows XP SP1 and SP2, members of a Samba-PDC NT domain (tested 3.0.7 and 3.0.10, same result).Attached is ethereal output of a two packet client-server exchange that takes place when an offline files sync is done. SP1 quickly does this exchange twice - first broadcast, then unicast (as attached) and goes on its way. SP2 tries, pauses many seconds, tries again, finally giving up and completing the sync. Basically the client is attempting a SAM logon request with an empty user name. Samba responds with user unknown. Even at high log levels, I get nothing in the Samba logs. I found one other reference to this sort of issue, on an earlier Samba list post in 2002, then a follow-up in 8/04, both unanswered. I'd be happy to look at the Samba code to better understand how/why this is happening, but don't know where to start. Advice is much appreciated. Regards, David Black No. TimeSourceDestination Protocol Info 4191 14:45:44.739000 dblack-pc.magnalynx.com ha1.magnalynx.com NETLOGON SAM LOGON request from client Frame 4191 (281 bytes on wire, 281 bytes captured) Arrival Time: Jan 19, 2005 14:45:44.73900 Time delta from previous packet: 0.03000 seconds Time since reference or first frame: 1238.005492000 seconds Frame Number: 4191 Packet Length: 281 bytes Capture Length: 281 bytes Ethernet II, Src: 00:0d:60:af:59:fc, Dst: 00:0d:60:0f:01:d6 Destination: 00:0d:60:0f:01:d6 (ha1.magnalynx.com) Source: 00:0d:60:af:59:fc (dblack-pc.magnalynx.com) Type: IP (0x0800) Internet Protocol, Src Addr: dblack-pc.magnalynx.com (192.168.10.151), Dst Addr: ha1.magnalynx.com (192.168.10.230) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 00.. = Differentiated Services Codepoint: Default (0x00) ..0. = ECN-Capable Transport (ECT): 0 ...0 = ECN-CE: 0 Total Length: 267 Identification: 0x31b6 (12726) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0x715e (correct) Source: dblack-pc.magnalynx.com (192.168.10.151) Destination: ha1.magnalynx.com (192.168.10.230) User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138) Source port: netbios-dgm (138) Destination port: netbios-dgm (138) Length: 247 Checksum: 0x7e57 (correct) NetBIOS Datagram Service Message Type: Direct_group datagram (17) More fragments follow: No This is first fragment: Yes Node Type: P node (1) Datagram ID: 0x8022 Source IP: dblack-pc.magnalynx.com (192.168.10.151) Source Port: 138 Datagram length: 225 bytes Packet offset: 0 bytes Source name: DBLACK-PC00 (Workstation/Redirector) Destination name: MAGNALYNX1c (Domain Controllers) SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Trans (0x25) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... = Request/Response: Message is a request to the server .0.. = Notify: Notify client only on open ..0. = Oplocks: OpLock not requested/granted ...0 = Canonicalized Pathnames: Pathnames are not canonicalized 0... = Case Sensitivity: Path names are case sensitive ..0. = Receive Buffer Posted: Receive buffer has not been posted ...0 = Lock and Read: LockRead, WriteUnlock are not supported Flags2: 0x 0... = Unicode Strings: Strings are ASCII .0.. = Error Code Type: Error codes are DOS error codes ..0. = Execute-only Reads: Don't permit reads if execute-only ...0 = Dfs: Don't resolve pathnames with Dfs 0... = Extended Security Negotiation: Extended security negotiation is not supported .0.. = Long Names Used: Path names in request are not long file names .0.. = Security Signatures: Security signatures are not supported ..0. = Extended Attributes: Extended attributes are not supported ...0 = Long Names Allowed: Long file names are not allowed in the response Process ID High: 0 Signature: Reserved: Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Trans Request (0x25) Word Count (WCT): 17 Total Parameter Count: 0 Total Data Count: 65 Max Parameter Count: 0 Max Data Count: 0 Max Setup Count: 0 Reserved: 00
[Samba] compiling libldap error??
Samba experts, Ok, we are having so many problems getting ldap to work, we decided to start over with our compile. We are compiling Samba --with-ldap on our AIX 5.1 system which uses gcc. Openldap (for client support) exists in /usr/local/openldap/2.2.17. In order for Samba to find the ldap.h file, we had to configure with CPPFLAGS=-I/usr/local/openldap/2.2.17/include which worked great! Now it finds ldap.h with no problem. However, now the ./configure gives this error: configure: error: libldap is needed for LDAP support What exactly is it looking for now.? Is libldap supposed to be a binary or library? We can't find libldap anywhere. There is a lib directory in openldap that contains a bunch of files such as: # pwd /usr/local/openldap/2.2.17/lib # dir total 12560 drwx-- 2 root system 512 Dec 15 13:59 . drwx-- 7 root system 512 Dec 15 13:59 .. -rw-r--r-- 1 root system 454117 Dec 15 13:59 liblber.a -rw-r--r-- 1 root system 646 Dec 15 13:59 liblber.la -rw-r--r-- 1 root system 2507942 Dec 15 13:59 libldap.a -rw-r--r-- 1 root system 692 Dec 15 13:59 libldap.la -rw-r--r-- 1 root system 3442991 Dec 15 13:59 libldap_r.a -rw-r--r-- 1 root system 698 Dec 15 13:59 libldap_r.la Is it looking for libldap.a? Note: we tried to configure with LDFLAGS=-L/usr/local/openldap/2.2.17/lib but that didn't resolve it. Any suggestions for what we may need to do? Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP + SASL (kerberos) password syncing
I am getting a bit confused about which methods to use to keep my passwords synced given the following scenario. Samba PDC using LDAP backend. LDAP uses [EMAIL PROTECTED] type passwords Sasl mechanism is saslauthd using kerberos5 I can use pam like: password required pam_smbpass.so password required pam_krb5.so use_first_pass and then passwd will set both passwords but how can I make it so that changing user password from a windows workstation will also change the kerberos password? pam passwd change does not seem to be doing the trick. On a side note, is there a way to test windows-style password changing from the server? I'm assuming smbpasswd won't do the trick, I expected something like net rpc passwd... Thanks, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble with User Management
Hi all ! I am trying to setup a Samba 3 server which allows WinXP machines to access directories on a Linux box. So far, I have managed to set upa stand-alone server with a public share which can be read by everybody in the Windows Neighborhood. What I want to do, though, is to have some kind of user management, so that only the person who owns a Linux directory in the share can access it via his or her Windows machine. Unfortunately, I can´t get it to work : the server asks me for a Username/Password, but won´t accept it. Right now, I am testing my setup with a single directory I want to import to the Windows network. Since both my Windows User and my Linux user have the same username and password (I also created a SMB user with smbpasswd -a...) I don´t understand why Samba should deny my authorization. Neither log.nmbd nor log.smbd show anything about authorization troubles. My smb.conf : [global] workgroup = leat netbios name = nimloth server string = Nimloth SAMBA Server security = user local master = no encrypt passwords = yes username map = /etc/samba/smbusers [LoraFlox] comment = LoraFlox valid users = leichejo guest ok = No path = /net/nimloth/disc1/projekte/loraflox read only = No guest ok = No browseable = Yes my smbusers #root = administrator admin leichejo = leichejo BALIN/leichejo #nobody = guest pcguest smbguest Any ideas ? As you might have noticed, I am pretty new to Samba. Thanks for the help, Jörg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Why would nsswitch.conf be needed at all ?
On Thu, Jan 20, 2005 at 04:47:48PM +0100, Frederic Olivie wrote: So, why would samba ever need to control that the system is able to do this mapping when everything happens internally (sending a job to cups is certainly not a case in which a usernam/uid mapping is usefull. It would only be if one chooses to use lprm from a shell under one of the domain users) ? It does if you want users to be able to manipulate their print jobs, no? -- _ _ _ _ _ _ _ _ _ _ _ _ _ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ ( t | i | m | @ | i | t | . | k | p | t | . | c | c ) \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ GPG key fingerprint = 1DEE CD9B 4808 F608 FBBF DC21 2807 D7D3 09CA 85BF -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] passwd chat
Hello, I have seen several examples of smb.conf's that use the passwd chat parameter. There isn't much explanation in the Samba documentation that I can see for this parameter, can someone explain a bit about what adding the parameter to your [global] section does for you? The examples usually look like this: passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* But I wonder what does it allow you to do, that is, how will this feature be used by the users on the box? Does it allow windows clients to get a dialog box of some sort that will let them change their passwd in the smbpasswd file? Or does it update their password in the /etc/passwd file? Or both? Thanks, Mike Partyka Stonepath Logistics Systems Administrator (651)405-4300 Desk (651)208-5734 Cell (651)405-4342 Fax -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Please help me decipher a two-packet NetBT conversation...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Black wrote: | My clients are Windows XP SP1 and SP2, members of a Samba-PDC NT domain | (tested 3.0.7 and 3.0.10, same result).Attached is ethereal output | of a two packet client-server exchange that takes place when an offline | files sync is done. SP1 quickly does this exchange twice - first | broadcast, then unicast (as attached) and goes on its way. SP2 tries, | pauses many seconds, tries again, finally giving up and completing the | sync. | | Basically the client is attempting a SAM logon request with an empty | user name. Samba responds with user unknown. Even at high log levels, | I get nothing in the Samba logs. I found one other reference to this | sort of issue, on an earlier Samba list post in 2002, then a follow-up | in 8/04, both unanswered. | This is the correct response based on my memory of the network traffic. You could be running down the wrong trail here. I haven't dug in to the offline caching support so I can't comment on that too much. But the response code in your trace was right as far as I know. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB7/HEIR7qMdg1EfYRAlB2AKDkkQ1mfVXEbXwhk4JPrCfwi6qKpgCeILdr kKnH2vT7i3VNhrJwQ5s9tZc= =Jz3Z -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticating off a Windows 2003 ADS DC with Samba/Winbind
Hi, I'm having the same problem. I suppose the problem occurs when you try to re-join the same computer in AD. It begins to happen with one computer so I 've started to install in another computer and it worked. So I'd got to reinstall the new computer, formatted him, and the problem started to occur with the new computer.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Why would nsswitch.conf be needed at all ?
I understand the spirit, but, as far as my application is concerned (print server only for windows boxes), don't I have a way of not having to include winbind in nsswitch ? And unless you are running on an appliance type box, most people would prefer to see user and group names when they run 'ls -l' so you end up needing NSS anyways. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB79kUIR7qMdg1EfYRApbsAKCph9XNSuVtu3TqtYe1IWehvYY8kQCeOf/+ E903LPGl4Dxk9ukXRPlO+fo= =aYYv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Why would nsswitch.conf be needed at all ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frederic Olivie wrote: | I understand the spirit, but, as far as my application is | concerned (print server only for windows boxes), don't | I have a way of not having to include winbind in nsswitch ? No. nsswitch is required for winbindd. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB7/S6IR7qMdg1EfYRAtRkAJ941sKzYPIYvdHhknxQ7NnOXNepZQCdEKYb SkOkhSQVSAXjmgWEXlp9KS4= =Whtt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Why would nsswitch.conf be needed at all ?
On Thu, Jan 20, 2005 at 04:47:48PM +0100, Frederic Olivie wrote: So, why would samba ever need to control that the system is able to do this mapping when everything happens internally (sending a job to cups is certainly not a case in which a usernam/uid mapping is usefull. It would only be if one chooses to use lprm from a shell under one of the domain users) ? It does if you want users to be able to manipulate their print jobs, no? No. They manipulate their print jobs from the XP boxes. And these access the print queue through samba which already has this mapping through winbind. I just don't understand why I would have to mix the two namespaces. When you have an LDAP authentication system for your postfix+cyrus, you don't need to resort to system users (because that's what it's all about, virtually adding your whole AD users base inside your /etc/passwd file). The job is passed to another subsystem (cups in this case) which does not need system users either. It trusts the username passed as an argument. The interest in messing up with system users is when you use the samba as a file server and render the files accessible through another mean on the unix side (locally in a shell or remotely in NFS for example). In this case, both users bases have to be in accordance. In my case, I just don't see why. But if samba is made this way, there is not a lot I can do about it unless I stick my nose inside of it, right ? :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Why would nsswitch.conf be needed at all ?
I understand the spirit, but, as far as my application is concerned (print server only for windows boxes), don't I have a way of not having to include winbind in nsswitch ? Currently I think the answer is no. Perhaps you can just access all the printers as guest? Alhtough I have no idea why there is a problem adding winbind to nss; it makes logs easier to read, etc... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Please help me decipher a two-packet NetBT conversation...
Thanks for your response, Jerry. I too would expect that response from Samba, given the seemingly odd request. What I'm up against is the client - especially XP SP2, doesn't seem to like that response, retrying after a considerable pause. Absent any other trails to follow, I'd like to try making Samba give some other responses and see how the client responds. Dave Gerald (Jerry) Carter wrote: This is the correct response based on my memory of the network traffic. You could be running down the wrong trail here. I haven't dug in to the offline caching support so I can't comment on that too much. But the response code in your trace was right as far as I know. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [PATCH 8/40] fs/proc: replace schedule_timeout() with msleep()
Hi, Please consider applying. Description: Use msleep() instead of schedule_timeout() to guarantee the task delays as expected. TASK_INTERRUPTIBLE is used in the current code, but signals are not checked for, so I believe the change to msleep() is appropriate. Signed-off-by: Nishanth Aravamudan [EMAIL PROTECTED] --- 2.6.11-rc1-kj-v/fs/smbfs/proc.c 2005-01-15 16:55:41.0 -0800 +++ 2.6.11-rc1-kj/fs/smbfs/proc.c 2005-01-18 11:07:41.0 -0800 @@ -23,6 +23,7 @@ #include linux/smb_fs.h #include linux/smbno.h #include linux/smb_mount.h +#include linux/delay.h #include net/sock.h @@ -2397,8 +2398,7 @@ smb_proc_readdir_long(struct file *filp, if (req-rq_rcls == ERRSRV req-rq_err == ERRerror) { /* a damn Win95 bug - sometimes it clags if you ask it too fast */ - current-state = TASK_INTERRUPTIBLE; - schedule_timeout(HZ/5); + msleep(200); continue; } -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] What does ldap passwd sync do?
Question regarding what the smb.conf line ldap passwd sync = Yes actually does. I have a lab with mixed Win2k and RH9 computers running Samba 3 and OpenLdap. Right now we're having a problem with password expiration. Samba is working just fine and when a user changes their password, the date changes as well. But for Linux, however the password is being changed is not updating the shadowLastChange parameter. So even though the users are successfully changing their passwords (though Windows), the Linux boxes are denying access due to that parameter not being set. So after saying all that, I am trying to get a handle on what ldap passwd sync enables so that I can figure out if this is a bug, Samba config problem, LDAP config problem, script issue, or PAM problem. Thanks in advance, Anthony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] More help on ACL problem please.
Hello, I am running Fedora Core 2. Kernel: linux-2.6.5-1.358 Kernel supports ACL: [EMAIL PROTECTED] configs]# grep FS_SECURITY kernel-2.6.5-i686-smp.config CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT3_FS_SECURITY=y CONFIG_XFS_SECURITY=y CONFIG_DEVPTS_FS_SECURITY=y [EMAIL PROTECTED] configs]# grep XATTR kernel-2.6.5-i686-smp.config CONFIG_EXT2_FS_XATTR=y CONFIG_EXT3_FS_XATTR=y CONFIG_DEVPTS_FS_XATTR=y Have extended attributes set in /etc/fstab is as follows: /dev/Goliath/root / ext3acl,user_xattr 1 1 I have a directory called Planning with ACL permissions assigned via the setfacl command: drwxrwx---+ 2 root AVMAX+Planning 4096 Jan 14 09:55 Planning which looks like this with getfacl: [EMAIL PROTECTED] avamx_shares]# getfacl Planning/ # file: Planning # owner: root # group: AVMAX+Planning user::rwx group::rwx group:AVMAX+Domain Users:r-- mask::rwx other::--- Problem: If I add my user to the AVMAX+Planning group on my NT DOMAIN PDC there is no problem. I can browse to the Planning directory via My Network Places. However if I remove my account from the AVMAX+Planning group and browse to the Planning directory it prompts me for a password. Because my account is by default a member of the AVMAX+Domain Users and I have configured (i think) the Planning directory ACL to allow read access to the AVMAX+Domain Users group.I should be able to browse this directory without being prompted for a username and password QUESTION: What did I do wrong or not do at all to make the applied ACL function correctly and allow all users in the AVMAX+Domain Users group read acces to the Planning samba share? Cheers, Travis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getting Samba3.0.9 to work on Debian(woody) for AD Authentication
Hi, I am using samba 3.0.9 on Debian (woody) IA 64 bit server. I have made a post on linuxquestions.org which contains my compilation and its arguments, krb5.conf, smb.conf, also my kinit and wbinfo -u, g, t, all of which work. I also have the official samba guide and samba by example. I do not have telnet installed and have tried to configure my SSH PAM options. I was wondering if anyone could send me and example working SSH PAM module to use as a base for figuring out the authentication. I am in Windows server 2003 network running in native mode and the username(s) and password(s) that I am trying to sign in with only exist in AD. There are only two local accounts on the machine, root one other. I hope you don't think I'm trying to take a shortcut and get someone to give me there configuration without working for it. Believe me I've been working on this for a while and posting is usually my last option and I try to avoid it because as you can see from my post on linuxquestions.org it has 400 views and zero responses. I am sure that I am close and have tried to eliminate all other options. I can give you more recent log files than what is on the post. I just wanted to try use a working SSH PAM config first to see if that is all of my problems. Here is the link to the post on linuxquestions.org. Thanks again. http://www.linuxquestions.org/questions/showthread.php?s=threadid=26596 3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba LDAP and add machine script problems
I'm trying to integrate Openldap with Samba version 3.0.10. I have populated my LDAP server via smbldap-populate.pl and I've gotten PAM to recognize LDAP as an authentication mechanism. Thus, I can add a user with smbldap-useradd.pl and su to that user. The problem I am having is when I attempt to add a computer from MS Windoze XP. When I attempt to join my domain XP prompts me for a user ID and password. If I enter a user ID of root with either my box's actual root password or the password for the LDAP user uid=Administrator,ou=Users,dc=somedomain,dc=org I get the following: unknown user or bad password. I suppose this makes sense because there are only two users in ou=Users (Administrator and nobody) neither of which is root. Alternatively, if I attempt to join the domain with a user ID of Administrator I get Access is denied. So, my question is do I need to create a LDAP user in ou=Users with a user ID of root. If so how should I do this and wouldn't it conflict with the root UID in /etc/passwd? I've been trying to follow the directions in By Example - Making Users Happy but it seems to be a little sketchy on this topic. I can provide logs on request. Here is my smb.conf: # Global parameters [global] workgroup = PEANUTS server string = Snoopy Samba Server log level = 5 log file = /var/log/samba/log.%m max log size = 50 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = %U.bat #logon path = #logon home = domain logons = Yes preferred master = Yes domain master = Yes wins support = Yes #username map = /etc/samba/smbusers # LDAP Related ldap passwd sync = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=somedomain,dc=org ldap suffix = dc=somedomain,dc=org ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap,dc=somedomain,dc=org # Avoid the risk of UID/GID inconsistencies across systems # by having a common LDAP backend. idmap backend = ldap:ldap://127.0.0.1 # These should match the values specified in smbldap_conf.pm idmap uid = 1-2 idmap gid = 1-2 map acl inherit = Yes #ldap ssl = start_tls add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' security = user template shell = /bin/false winbind use default domain = no [netlogon] path = /var/lib/samba/netlogon browseable = No root preexec = /var/lib/samba/netlogon/logon.pl %U %I [common] comment = Common material path = /home/common force group = common read only = No create mask = 0774 directory mask = 0775 browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Finished print jobs, Samba 3.0.9
Gerald (Jerry) Carter wrote: Yes. I know. I'm still working on that log file. But I have to finish up one more file on the privilege support for 3.0.11. All I said is that some people are reporting success with the current 3.0 code in svn. Not everyone obviously. Maybe the error has something to do with: [2005/01/15 13:20:55, 6] lib/util_sock.c:write_socket(449) write_socket(27,158) [2005/01/15 13:20:55, 6] lib/util_sock.c:write_socket(452) write_socket(27,158) wrote 158 [2005/01/15 13:21:15, 10] lib/util_sock.c:read_socket_with_timeout(305) read_socket_with_timeout: timeout read. select timed out. [2005/01/15 13:21:15, 10] lib/util_sock.c:receive_smb_raw(556) receive_smb_raw: length 0! [2005/01/15 13:21:15, 10] libsmb/clientgen.c:client_receive_smb(65) client_receive_smb failed [2005/01/15 13:21:15, 5] lib/util.c:show_msg(464) [2005/01/15 13:21:15, 5] lib/util.c:show_msg(474) size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 [2005/01/15 13:21:15, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 2 milliseconds [2005/01/15 13:21:15, 2] rpc_client/cli_pipe.c:cli_nt_session_open(1479) cli_nt_session_open: rpc bind to \PIPE\spoolss failed [2005/01/15 13:21:15, 0] rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2628) spoolss_connect_to_client: unable to open the domain client session to machine SATURN. Error was : Call timed out: server did not respond after 2 milliseconds. [2005/01/15 13:21:15, 5] rpc_parse/parse_prs.c:prs_debug(82) 00 spoolss_io_r_rffpcnex [2005/01/15 13:21:15, 5] rpc_parse/parse_prs.c:prs_werror(702) status: WERR_SERVER_UNAVAILABLE Another error from the log: [2005/01/15 13:29:54, 10] printing/nt_printing.c:nt_printing_getsec(4937) secdesc_ctr for repr1 has 3 aces: [2005/01/15 13:29:54, 10] printing/nt_printing.c:nt_printing_getsec(4946) S-1-1-0 0 2 0xe000 [2005/01/15 13:29:54, 10] printing/nt_printing.c:nt_printing_getsec(4946) S-1-5-21-3031169430-2530732004-3017537316-1000 0 9 0x1000 [2005/01/15 13:29:54, 10] printing/nt_printing.c:nt_printing_getsec(4946) S-1-5-21-3031169430-2530732004-3017537316-1000 0 2 0x1000 [2005/01/15 13:29:54, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0xe000 to 0x00020008 [2005/01/15 13:29:54, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x1000 to 0x000f000c [2005/01/15 13:29:54, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x1000 to 0x000f000c [2005/01/15 13:29:54, 10] lib/util_seaccess.c:se_access_check(234) se_access_check: requested access 0x000f000c, for NT token with 5 entries and first sid S-1-5-21-3031169430-2530732004-3017537316-5002. [2005/01/15 13:29:54, 3] lib/util_seaccess.c:se_access_check(251) [2005/01/15 13:29:54, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-3031169430-2530732004-3017537316-5002 se_access_check: also S-1-5-21-3031169430-2530732004-3017537316-1201 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x02, SID = S-1-1-0 mask = 20008, current desired = f000c se_access_check: ACE 1: type 0, flags = 0x09, SID = S-1-5-21-3031169430-2530732004-3017537316-1000 mask = f000c, current desired = d0004 se_access_check: ACE 2: type 0, flags = 0x02, SID = S-1-5-21-3031169430-2530732004-3017537316-1000 mask = f000c, current desired = d0004 [2005/01/15 13:29:54, 5] lib/util_seaccess.c:se_access_check(315) se_access_check: access (f000c) denied. [2005/01/15 13:29:54, 4] printing/nt_printing.c:print_access_check(5087) access check was FAILURE [2005/01/15 13:29:54, 3] rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1745) access DENIED for printer open der tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What does ldap passwd sync do?
On Thu, 2005-01-20 at 15:00 -0500, Anthony Linux wrote: Question regarding what the smb.conf line ldap passwd sync = Yes actually does. I have a lab with mixed Win2k and RH9 computers running Samba 3 and OpenLdap. Right now we're having a problem with password expiration. Samba is working just fine and when a user changes their password, the date changes as well. But for Linux, however the password is being changed is not updating the shadowLastChange parameter. So even though the users are successfully changing their passwords (though Windows), the Linux boxes are denying access due to that parameter not being set. It is up to your LDAP sever to update these values. Samba makes a call to the OpenLDAP defined (and internet-stadnard-proposed, I think) password set extended operation. The LDAP server is expected to do something sane . You may need to obtain/write some modules for OpenLDAP to handle this. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP + SASL (kerberos) password syncing
On Wed, 2005-01-19 at 20:16 -0500, Mark Roach wrote: I am getting a bit confused about which methods to use to keep my passwords synced given the following scenario. Samba PDC using LDAP backend. LDAP uses [EMAIL PROTECTED] type passwords Sasl mechanism is saslauthd using kerberos5 I can use pam like: password required pam_smbpass.so password required pam_krb5.so use_first_pass and then passwd will set both passwords but how can I make it so that changing user password from a windows workstation will also change the kerberos password? pam passwd change does not seem to be doing the trick. Samba don't have the plaintext password, so can't do things via PAM that require the original plaintext. At my site, I have Heimdal Kerberos backed onto the same LDAP directory as Samba, so they share the passwords for the arcfour-hmac-md5 encryption type, and so there is no need for a separate Kerberos password set. You could also use the smbk5pwd OpenLDAP module, which will fill out the other Kerberos encryption types at the same time. (I'm not yet running this). I think this module should run with 'ldap password sync = only'. If you can't do all that, then you need to write a script for the 'unix password sync' and specify it in 'passwd program'. It must have the ability to set passwords, while being root on your Samba server, without the previous plaintext. (ie, a wrapper around kadmin). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What does ldap passwd sync do?
Thanks. I will read up on this functionality in OpenLDAP. From what I've read so far, the default is to just update userPassword, but I will look into the modules or configuration options to add shadowLastChange to that. Thanks again, A On Fri, 21 Jan 2005 09:09:27 +1100, Andrew Bartlett [EMAIL PROTECTED] wrote: On Thu, 2005-01-20 at 15:00 -0500, Anthony Linux wrote: Question regarding what the smb.conf line ldap passwd sync = Yes actually does. I have a lab with mixed Win2k and RH9 computers running Samba 3 and OpenLdap. Right now we're having a problem with password expiration. Samba is working just fine and when a user changes their password, the date changes as well. But for Linux, however the password is being changed is not updating the shadowLastChange parameter. So even though the users are successfully changing their passwords (though Windows), the Linux boxes are denying access due to that parameter not being set. It is up to your LDAP sever to update these values. Samba makes a call to the OpenLDAP defined (and internet-stadnard-proposed, I think) password set extended operation. The LDAP server is expected to do something sane . You may need to obtain/write some modules for OpenLDAP to handle this. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba LDAP and add machine script problems
I'm trying to integrate Openldap with Samba version 3.0.10. I have populated my LDAP server via smbldap-populate.pl and I've gotten PAM to recognize LDAP as an authentication mechanism. Thus, I can add a user with smbldap- useradd.pl and su to that user. Can you do a straight login / ssh as that new user? The problem I am having is when I attempt to add a computer from MS Windoze XP. When I attempt to join my domain XP prompts me for a user ID and password. If I enter a user ID of root with either my box's actual root password or the password for the LDAP user uid=Administrator,ou=Users,dc=somedomain,dc=org I get the following: unknown user or bad password. I suppose this makes sense because there are only two users in ou=Users (Administrator and nobody) neither of which is root. Alternatively, if I attempt to join the domain with a user ID of Administrator I get Access is denied. Somewhere in those howto's and example books that JHT, et al, has written he says to set the uid of the Administrator to 0. what UID does your administrator have? I believe from vague memory that the smbldap-populate script automatically sets the uid of the Administrator to 0. Just use smbldap-passwd Administrator to make sure that the password is set. then try adding your Machine again. This worked for me last night when I got the same error. tell us what happens. Regards Geoff. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP + SASL (kerberos) password syncing
Hi, Andrew. On Fri, 2005-01-21 at 09:16 +1100, Andrew Bartlett wrote: Samba don't have the plaintext password, so can't do things via PAM that require the original plaintext. At my site, I have Heimdal Kerberos backed onto the same LDAP directory as Samba, so they share the passwords for the arcfour-hmac-md5 encryption type, and so there is no need for a separate Kerberos password set. Ahh, that makes sense. I am using heimdal, not using the ldap backend yet though. It sounds like the method described here: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap right? You could also use the smbk5pwd OpenLDAP module, which will fill out the other Kerberos encryption types at the same time. (I'm not yet running this). I think this module should run with 'ldap password sync = only'. That seems like the ideal situation. It sounds like I'm not going to be able to pull this off with the versions of openldap and heimdal in the debian repositories though. Not a big deal, but not ideal for my purposes. Perhaps I'll do some custom packaging. If you can't do all that, then you need to write a script for the 'unix password sync' and specify it in 'passwd program'. It must have the ability to set passwords, while being root on your Samba server, without the previous plaintext. (ie, a wrapper around kadmin). I have already wrapped some of the kadmin library for use from python, I'm not quite sure how to accomplish this piece of it, but it might be worth the effort... Thanks very much for your response. -Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Using ssh for samba authentication?
On Tue, 2005-01-18 at 22:30 +0100, Igor Bukanov wrote: On Tue, 18 Jan 2005 11:49:00 -0800, Jim C. [EMAIL PROTECTED] said: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | I use ssh port forwarding to connect to a samba server from Windows ... | ask for any password for shares? Why not set ssh up for public key auth? Coupled with Samba's own encryption, it should be secure enough. ;-) I already use public key authentication in ssh and for this reason the additional password typing is annoyance that can potentially leak passwords. So I thought that maybe there was a way to start samba from ssh connection and assume that user already authentificated among the lines of sftp subsystem in ssh. Yes, it is possible to construct such a system, but I really doubt it is worth the pain. You would need to construct an auth module that understood that SSH had already authenticated the user, while still using the same username/password on the client as the server (this is important for session key stuff), run smbd as the user initially (which breaks certain behaviours where we become root). On the client, you would need to forward the socket to the SSH process. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP + SASL (kerberos) password syncing
On Thu, 2005-01-20 at 20:58 -0500, Mark Roach wrote: Hi, Andrew. On Fri, 2005-01-21 at 09:16 +1100, Andrew Bartlett wrote: Samba don't have the plaintext password, so can't do things via PAM that require the original plaintext. At my site, I have Heimdal Kerberos backed onto the same LDAP directory as Samba, so they share the passwords for the arcfour-hmac-md5 encryption type, and so there is no need for a separate Kerberos password set. Ahh, that makes sense. I am using heimdal, not using the ldap backend yet though. It sounds like the method described here: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap right? That's the URL I keep pointing at. :-) You could also use the smbk5pwd OpenLDAP module, which will fill out the other Kerberos encryption types at the same time. (I'm not yet running this). I think this module should run with 'ldap password sync = only'. That seems like the ideal situation. It sounds like I'm not going to be able to pull this off with the versions of openldap and heimdal in the debian repositories though. Not a big deal, but not ideal for my purposes. Perhaps I'll do some custom packaging. I'll be interested to see what you come up with, and happy to help on it. I'm looking to move my LDAP off RedHat, so I can use the Heimdal libs and this stuff :-) Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Netbios Aliases and %L and port 445
Running v3.0.2a-SUSE, joined to AD, all clients are XP.SP2 When smb.conf has smb ports = 139, then %L is populated with the appropriate netbios alias name as selected by the end user, and everything works as expected. When smb ports = 445 or is not specified, then %L is populated with the host name instead of the alias name. Is there a code patch for %L or an undocumented %parm to use instead to get the alias name as selected by the client (not the hosting server name)?? The reason I ask is because Netbios is still responding to the alias name, and an Ethereal sniff of simple traffic Net View \\samba-alias (after an NBTstat - R) when smb ports = 445 seems to show the alias name still being used back forth to the Samba box, and Samba itself is resolving the alias name (I don't have Disable Netbios=yes). Therefore, isn't there some way for Samba to internally pick this up and populate %L correctly? Thx in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netbios Aliases and %L and port 445
On Thu, 2005-01-20 at 20:03 -0800, David Loudon wrote: Running v3.0.2a-SUSE, joined to AD, all clients are XP.SP2 When smb.conf has smb ports = 139, then %L is populated with the appropriate netbios alias name as selected by the end user, and everything works as expected. When smb ports = 445 or is not specified, then %L is populated with the host name instead of the alias name. Is there a code patch for %L or an undocumented %parm to use instead to get the alias name as selected by the client (not the hosting server name)?? If there was, we would use it. This information is simply no longer supplied by the client, when it talks to port 445. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Pre-approved Application for samba@samba.org
Get a capable html e-mailer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot delete files: the mounted file system does not
I found that it has to do with Microsoft Security Bulleting KB885835. I Un-installed the patch on my Windows 2K Servers and I can now delete files on the SAMBA shares. So either upgrading SAMBA or Un-installing the Patch will work. Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting Samba3.0.9 to work on Debian(woody) for AD Authentication
On Friday 21 January 2005 08:23, Unix Technician wrote: Hi, I am using samba 3.0.9 on Debian (woody) IA 64 bit server. I have made a post on linuxquestions.org which contains my compilation and its arguments, krb5.conf, smb.conf, also my kinit and wbinfo -u, g, t, all of which work. I also have the official samba guide and samba by example. I do not have telnet installed and have tried to configure my SSH PAM options. I was wondering if anyone could send me and example working SSH PAM module to use as a base for figuring out the authentication. I am in Windows server 2003 network running in native mode and the username(s) and password(s) that I am trying to sign in with only exist in AD. There are only two local accounts on the machine, root one other. I hope you don't think I'm trying to take a shortcut and get someone to give me there configuration without working for it. Believe me I've been working on this for a while and posting is usually my last option and I try to avoid it because as you can see from my post on linuxquestions.org it has 400 views and zero responses. I am sure that I am close and have tried to eliminate all other options. I can give you more recent log files than what is on the post. I just wanted to try use a working SSH PAM config first to see if that is all of my problems. Here is the link to the post on linuxquestions.org. Thanks again. I notice you don't mention libnss-winbind? You do have getent {passwd,group} working right? I was using the following smb.conf everything else default values. [global] netbios name = MYDEBBOX workgroup = INTERNAL # smbd ad membership realm = INTERNAL.MYDOMAIN.NET security = ADS encrypt passwords = yes password server = MYADPDC.INTERNAL.MYDOMAIN.NET # winbind winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash idmap uid = 1-2 idmap gid = 1-2 For pam.d/ssh (before pam_unix.so's) xxx sufficient pam_winbind.so I should mention though that I was not using the krb5 1.2 as packaged for woody, it just wouldn't work. You have to use = 1.3. Though a post I made on here had a followup saying perhaps in samba 3.0.11 would have a work-around/fix or something. In any case I was working with 3.0.9 as you are. Tyler -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Inherit permissions question
Hi guys, How are you ? We have a share named [userprofile] on our Samba-3.0.9 server where each users' profile is stored. Fairly often a user which is not the user that owns the profile i.e and admin, needs to copy files into other users' profile folders. The problem which then arises is that the user who owns the profile is unable to access the new files, due to the UNIX permissions being set to the person who copied the files into the directory. I've looked through the smb.conf and found the inherit permissions parameter and tried it but cannot seem to get it to work ? In my smb.conf for the [userprofile] share I have the following: [userprofile] path = /data/userprofile read only = no guest ok = yes profile acls = yes browseable = no csc policy = disable share modes = no inherit permissions = yes If the administrator connects to \\server\userprofile\user1 and writes a file named test.txt into the directory the permissions from the directory user1 are not propagated down to the new file. My permissions on the user1 directory are set as follows: drwx- 16 user1 users 4096 2005-01-21 user1/ The file test.txt gets written with the following permissions: -rw-- 16 root Domain Admins 0 2005-01-21 07:07 test.txt Any ideas on how I get samba to write it so that the owner of the folder propagates to new files written into the folder even if a domain admin writes them there ? Many thanks. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba SID
Hi! We have Samba PDC (samba 3.09 rhel3u4) I transvered user account, group and computer from NT PDC. (one domain) Samba PDC use ldapsam (openldap). example: net rpc join -S NT4S -W MEGANET -U Administrator%not24get net rpc vampire -S NT4S In smbldap-toos config file (smbldap-tools.conf) is SID=S-1-5-21-3703471949-3718591838-2324585696 domain sid is from command: net getlocalsid Now I have tow differend sid 1.) users and group data is sid from smbldap-tools.conf (local sid) and 2.) samba domain sid (samba domain name) potentially from NT PDC This is ok ? Must I change SIDs to same or make other commands ? Thanks! Mika -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Please help me decipher a two-packet NetBT conversation...
On Thu, 2005-01-20 at 10:33 -0600, David Black wrote: My clients are Windows XP SP1 and SP2, members of a Samba-PDC NT domain (tested 3.0.7 and 3.0.10, same result).Attached is ethereal output of a two packet client-server exchange that takes place when an offline files sync is done. SP1 quickly does this exchange twice - first broadcast, then unicast (as attached) and goes on its way. SP2 tries, pauses many seconds, tries again, finally giving up and completing the sync. Basically the client is attempting a SAM logon request with an empty user name. Samba responds with user unknown. Before you spend too much time barking up the wrong tree, my understating is that the username in this UDP SamLogon request is not honoured by any modern operating system, and user-unknown is the correct reply. Giving out this information would confirm/deny a given username without authentication, which is considered a bad thing. Samba has always left it up to the logon process to actually decide this. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain- AND local Users....
Hi all, I've my samba-server as member of our Windows2k-Domain (Security = DOMAIN) and userauthentication for domain-users works fine. Now I need some local users which should also access shares from this server. I created a unix-local user, created an entry in smbpasswd and also created the user on my windows-box, all users have the same password but I'm not able to connect to our shares. when looking at the smb-log, i found that authentication is only tried against windows-domain and not for smbpasswd What am I doing wrong? Can this be done? And if yes, how?? Thanks a lot, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: lorikeet r196 - in trunk/heimdal: . appl/ftp appl/ftp/ftp appl/kf appl/telnet appl/telnet/telnet appl/xnlock cf doc doc/standardisation include kadmin kdc kpasswd kuser lib/asn1 lib/des lib/gssapi lib/hdb lib/krb5 lib/otp lib/roken lib/sl lib/vers
Author: abartlet Date: 2005-01-20 09:27:06 + (Thu, 20 Jan 2005) New Revision: 196 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=196 Log: Merge Heimdal up to 20050120 snapshot. Andrew Bartlett Added: trunk/heimdal/ChangeLog.2004 trunk/heimdal/cf/check-symbols.sh trunk/heimdal/doc/standardisation/draft-ietf-kitten-2478bis-04.txt trunk/heimdal/doc/standardisation/draft-ietf-kitten-gssapi-prf-01.txt trunk/heimdal/doc/standardisation/draft-ietf-kitten-krb5-gssapi-prf-01.txt trunk/heimdal/doc/standardisation/draft-zhu-kerb-enctype-nego-00.txt trunk/heimdal/kadmin/dump-format.txt trunk/heimdal/lib/krb5/krb5_is_thread_safe.3 trunk/heimdal/lib/krb5/krb5_is_thread_safe.cat3 trunk/heimdal/lib/roken/test-mem.h Modified: trunk/heimdal/ChangeLog trunk/heimdal/NEWS trunk/heimdal/appl/ftp/ChangeLog trunk/heimdal/appl/ftp/ftp/domacro.c trunk/heimdal/appl/ftp/ftp/ftp.c trunk/heimdal/appl/kf/kfd.c trunk/heimdal/appl/telnet/ChangeLog trunk/heimdal/appl/telnet/telnet/commands.c trunk/heimdal/appl/telnet/telnet/telnet.c trunk/heimdal/appl/xnlock/ChangeLog trunk/heimdal/appl/xnlock/xnlock.c trunk/heimdal/cf/ChangeLog trunk/heimdal/cf/Makefile.am.common trunk/heimdal/doc/Makefile.am trunk/heimdal/doc/apps.texi trunk/heimdal/doc/heimdal.info trunk/heimdal/doc/heimdal.texi trunk/heimdal/doc/setup.texi trunk/heimdal/doc/win2k.texi trunk/heimdal/include/bits.c trunk/heimdal/kadmin/ChangeLog trunk/heimdal/kadmin/dump.c trunk/heimdal/kdc/524.c trunk/heimdal/kdc/hpropd.c trunk/heimdal/kdc/kerberos4.c trunk/heimdal/kdc/kerberos5.c trunk/heimdal/kdc/kstash.c trunk/heimdal/kpasswd/kpasswd.1 trunk/heimdal/kpasswd/kpasswd.c trunk/heimdal/kpasswd/kpasswd.cat1 trunk/heimdal/kpasswd/kpasswdd.8 trunk/heimdal/kpasswd/kpasswdd.c trunk/heimdal/kpasswd/kpasswdd.cat8 trunk/heimdal/kuser/kinit.c trunk/heimdal/lib/asn1/Makefile.am trunk/heimdal/lib/asn1/hash.c trunk/heimdal/lib/asn1/k5.asn1 trunk/heimdal/lib/des/ChangeLog trunk/heimdal/lib/gssapi/8003.c trunk/heimdal/lib/gssapi/ChangeLog trunk/heimdal/lib/gssapi/accept_sec_context.c trunk/heimdal/lib/gssapi/acquire_cred.c trunk/heimdal/lib/gssapi/get_mic.c trunk/heimdal/lib/gssapi/gssapi_locl.h trunk/heimdal/lib/gssapi/import_sec_context.c trunk/heimdal/lib/gssapi/unwrap.c trunk/heimdal/lib/gssapi/verify_mic.c trunk/heimdal/lib/gssapi/wrap.c trunk/heimdal/lib/hdb/Makefile.am trunk/heimdal/lib/hdb/hdb-ldap.c trunk/heimdal/lib/hdb/keys.c trunk/heimdal/lib/krb5/Makefile.am trunk/heimdal/lib/krb5/acache.c trunk/heimdal/lib/krb5/addr_families.c trunk/heimdal/lib/krb5/appdefault.c trunk/heimdal/lib/krb5/asn1_glue.c trunk/heimdal/lib/krb5/auth_context.c trunk/heimdal/lib/krb5/build_auth.c trunk/heimdal/lib/krb5/changepw.c trunk/heimdal/lib/krb5/context.c trunk/heimdal/lib/krb5/crypto.c trunk/heimdal/lib/krb5/generate_subkey.c trunk/heimdal/lib/krb5/get_in_tkt.c trunk/heimdal/lib/krb5/init_creds_pw.c trunk/heimdal/lib/krb5/keytab_keyfile.c trunk/heimdal/lib/krb5/krb5-private.h trunk/heimdal/lib/krb5/krb5-protos.h trunk/heimdal/lib/krb5/krb5.3 trunk/heimdal/lib/krb5/krb5.cat3 trunk/heimdal/lib/krb5/krb5.h trunk/heimdal/lib/krb5/krb5_create_checksum.3 trunk/heimdal/lib/krb5/krb5_create_checksum.cat3 trunk/heimdal/lib/krb5/krb5_encrypt.3 trunk/heimdal/lib/krb5/krb5_encrypt.cat3 trunk/heimdal/lib/krb5/krb5_keyblock.3 trunk/heimdal/lib/krb5/krb5_keyblock.cat3 trunk/heimdal/lib/krb5/mk_req_ext.c trunk/heimdal/lib/krb5/principal.c trunk/heimdal/lib/krb5/rd_cred.c trunk/heimdal/lib/krb5/rd_req.c trunk/heimdal/lib/krb5/verify_krb5_conf.c trunk/heimdal/lib/otp/ChangeLog trunk/heimdal/lib/otp/otp_parse.c trunk/heimdal/lib/sl/ChangeLog trunk/heimdal/lib/sl/slc-gram.y trunk/heimdal/lib/vers/ChangeLog trunk/heimdal/lib/vers/print_version.c Changeset: Sorry, the patch is too large (12315 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=196
svn commit: samba r4866 - branches/SAMBA_3_0/source/rpcclient trunk/source/rpcclient
Author: gd Date: 2005-01-20 13:49:34 + (Thu, 20 Jan 2005) New Revision: 4866 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4866 Log: Add createdomgroup to rpcclient (needed to generate huge amounts of groups when 'net rpc group add' is just to slow). Guenther Modified: branches/SAMBA_3_0/source/rpcclient/cmd_samr.c trunk/source/rpcclient/cmd_samr.c Changeset: Modified: branches/SAMBA_3_0/source/rpcclient/cmd_samr.c === --- branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2005-01-20 05:57:05 UTC (rev 4865) +++ branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2005-01-20 13:49:34 UTC (rev 4866) @@ -1215,6 +1215,57 @@ return result; } +/* Create domain group */ + +static NTSTATUS cmd_samr_create_dom_group(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + POLICY_HND connect_pol, domain_pol, group_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + const char *grp_name; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; + + if ((argc 2) || (argc 3)) { + printf(Usage: %s groupname [access mask]\n, argv[0]); + return NT_STATUS_OK; + } + + grp_name = argv[1]; + + if (argc 2) +sscanf(argv[2], %x, access_mask); + + /* Get sam policy handle */ + + result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, + connect_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + /* Get domain policy handle */ + + result = cli_samr_open_domain(cli, mem_ctx, connect_pol, + access_mask, + domain_sid, domain_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + /* Create domain user */ + + result = cli_samr_create_dom_group(cli, mem_ctx, domain_pol, + grp_name, MAXIMUM_ALLOWED_ACCESS, + group_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + done: + return result; +} + /* Lookup sam names */ static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli, @@ -1575,6 +1626,7 @@ { enumalsgroups, RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups, NULL, PI_SAMR, Enumerate alias groups, }, { createdomuser, RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user, NULL, PI_SAMR, Create domain user, }, + { createdomgroup, RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group, NULL, PI_SAMR, Create domain group, }, { samlookupnames, RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names, NULL, PI_SAMR, Look up names,}, { samlookuprids, RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids, NULL, PI_SAMR, Look up names,}, { deletedomuser, RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user, NULL, PI_SAMR, Delete domain user, }, Modified: trunk/source/rpcclient/cmd_samr.c === --- trunk/source/rpcclient/cmd_samr.c 2005-01-20 05:57:05 UTC (rev 4865) +++ trunk/source/rpcclient/cmd_samr.c 2005-01-20 13:49:34 UTC (rev 4866) @@ -1215,6 +1215,57 @@ return result; } +/* Create domain group */ + +static NTSTATUS cmd_samr_create_dom_group(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + POLICY_HND connect_pol, domain_pol, group_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + const char *grp_name; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; + + if ((argc 2) || (argc 3)) { + printf(Usage: %s groupname [access mask]\n, argv[0]); + return NT_STATUS_OK; + } + + grp_name = argv[1]; + + if (argc 2) +sscanf(argv[2], %x, access_mask); + + /* Get sam policy handle */ + + result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, + connect_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + /* Get domain policy handle */ + + result = cli_samr_open_domain(cli, mem_ctx, connect_pol, + access_mask, + domain_sid, domain_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + /* Create domain user */ + + result = cli_samr_create_dom_group(cli, mem_ctx, domain_pol, + grp_name, MAXIMUM_ALLOWED_ACCESS, + group_pol); + +
svn commit: samba-docs r326 - in trunk/Samba-Developers-Guide: .
Author: jerry Date: 2005-01-20 14:10:26 + (Thu, 20 Jan 2005) New Revision: 326 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=326 Log: fix a few typos Modified: trunk/Samba-Developers-Guide/unix-smb.xml Changeset: Modified: trunk/Samba-Developers-Guide/unix-smb.xml === --- trunk/Samba-Developers-Guide/unix-smb.xml 2005-01-17 15:04:38 UTC (rev 325) +++ trunk/Samba-Developers-Guide/unix-smb.xml 2005-01-20 14:10:26 UTC (rev 326) @@ -238,8 +238,8 @@ sect1 titlePort numbers/title para -There is a convention that clients on sockets use high unprivilaged -port numbers (1000) and connect to servers on low privilaged port +There is a convention that clients on sockets use high unprivileged +port numbers (1000) and connect to servers on low privilegedg port numbers. This is enforced in Unix as non-root users can't open a socket for listening on port numbers less than 1000. /para
svn commit: samba-web r510 - in trunk/news: articles developers
Author: deryck Date: 2005-01-20 15:11:57 + (Thu, 20 Jan 2005) New Revision: 510 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=510 Log: Adding news item on Nico Earnshaw's thesis on the Samba community. deryck Added: trunk/news/articles/earnshaw_thesis.pdf trunk/news/developers/earnshaw_thesis.html Changeset: Added: trunk/news/articles/earnshaw_thesis.pdf === (Binary files differ) Property changes on: trunk/news/articles/earnshaw_thesis.pdf ___ Name: svn:mime-type + application/octet-stream Added: trunk/news/developers/earnshaw_thesis.html === --- trunk/news/developers/earnshaw_thesis.html 2005-01-19 08:14:33 UTC (rev 509) +++ trunk/news/developers/earnshaw_thesis.html 2005-01-20 15:11:57 UTC (rev 510) @@ -0,0 +1,28 @@ +h3a name=earnshaw_thesisSociological Study of the Samba Community/a/h3 + +div class=article +pNico Earnshaw has completed a thesis on the Samba community as part of +his Bachelor of Arts Informatics degree at the University of Sydney. The +work is a very fine study of the practices of members of the community, +with particular attention paid to Samba Team developers (their motivations, +goals, practices, etc.). The general question explored seems to be, how +does being a part of the Samba community define a developer?/p + +blockquote +This research is an exploratory study into the constitution of identity in +the Samba community. The results presented are based upon an analysis of +documents, websites, internet-relay-chat (IRC), mailing lists, private +correspondence and face-to-face interviews. The primary method of data +collection was the semi-structured interview method. +/blockquote + +pThe paper also draws on other research/writings on OSS communities, but +the observations specific to Samba development and the Samba community are +unique to this work. There are lots of nice quotes from Samba Team members, +too. Nicely done, Nico./p + +pTo read the complete thesis, see a href=/samba/news/articles/earnshaw_thesis.pdf +The Samba Project: Transformation of Self through Open Source Software Development/a./p. +/div + +
svn commit: samba r4867 - in branches/SAMBA_3_0/examples/LDAP: .
Author: jerry Date: 2005-01-20 16:31:42 + (Thu, 20 Jan 2005) New Revision: 4867 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4867 Log: Removing smbldap-tools from the svn tree. I'll include the latest version in the actual release tarballs. Have spoken to the idealx developers about this. Updated README to reflect the changte for people using svn. Removed ldapsync.pl since it is no longer needed when using the smbldap-tools (only keep things you support). Removed: branches/SAMBA_3_0/examples/LDAP/ldapsync.pl branches/SAMBA_3_0/examples/LDAP/smbldap-tools/ Modified: branches/SAMBA_3_0/examples/LDAP/README Changeset: Modified: branches/SAMBA_3_0/examples/LDAP/README === --- branches/SAMBA_3_0/examples/LDAP/README 2005-01-20 13:49:34 UTC (rev 4866) +++ branches/SAMBA_3_0/examples/LDAP/README 2005-01-20 16:31:42 UTC (rev 4867) @@ -52,23 +52,13 @@ smbldap-tools/ -- -This is a collection of perl scripts (wrapped around the standard -OpenLDAP command line tools) for managing Samba and posix accounts -in an LDAP directory. See the README file included with the scripts -for more details. +The smbldap-tools have been removed from the samba svn +tree. The latest version will continue to be included +in Samba releases. +The smbldap-tools package can be downloaded individually from +http://samba.idealx.org/dist/ -ldapsync.pl -For more information on these scripts, see - - http://www.mami.net/univr/tng-ldap/howto/ - - -The ldapsync.pl script requires a small command (smbencrypt) -for generating LanMan and NT password hashes which -can be found at ftp://samba.org/pub/samba/contributed/ - !== !== end of README !== Deleted: branches/SAMBA_3_0/examples/LDAP/ldapsync.pl === --- branches/SAMBA_3_0/examples/LDAP/ldapsync.pl2005-01-20 13:49:34 UTC (rev 4866) +++ branches/SAMBA_3_0/examples/LDAP/ldapsync.pl2005-01-20 16:31:42 UTC (rev 4867) @@ -1,122 +0,0 @@ -#!/usr/bin/perl -w - -# LDAP to unix password sync script for samba-tng -# originally by Jody Haynes [EMAIL PROTECTED] -# 12/12/2000[EMAIL PROTECTED] -# modified for use with MD5 passwords -# 12/16/2000 [EMAIL PROTECTED] -# modified to change lmpassword and ntpassword for samba -# 05/01/2001 [EMAIL PROTECTED] -# modified for being also a /bin/passwd replacement -# -# ACHTUNG!!For servers that support the LDAP Modify password -# extended op (e.g. OpenLDAP), see the ldap password -# sync option in smb.conf(5). -# - -$basedn = ou=Students,dc=univr, dc=it; -$binddn = uid=root,dc=univr,dc=it; -$scope = sub; -$passwd = mysecret; - -foreach $arg (@ARGV) { - if ($ != 0) { - die Only root can specify parameters\n; - } else { - if ( ($arg eq '-?') || ($arg eq '--help') ) { - print Usage: $0 [-o] [username]\n; - print -o, --without-old-password do not ask for old password (root only)\n; - print -?, --help show this help message\n; - exit (-1); - } elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) { - $oldpass = 1; - } elsif (substr($arg,0) ne '-') { - $user = $arg; - if (!defined(getpwnam($user))) { - die $0: Unknown user name '$user'\n; ; - } - } - } -} - -if (!defined($user)) { - $user=$ENV{USER}; -} - -if (!defined($oldpass)) { - system stty -echo; - print Old password for user $user: ; - chomp($oldpass=STDIN); - print \n; - system stty echo; - - $ntpwd = `/usr/local/sbin/smbencrypt '$oldpass'`; - $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')); chomp $lmpassword; - $ntpassword = substr($ntpwd, index($ntpwd, ':')+1); chomp $ntpassword; - - # Find dn for user $user (maybe check unix password too?) - $dn=`ldapsearch -b '$basedn' -s '$scope' '((uid=$user)(lmpassword=$lmpassword)(ntpassword=$ntpassword))'|head -1`; - chomp $dn; - - if ($dn eq '') { - print Wrong password for user $user!\n; - exit (-1); - } -} else { - # Find dn for user $user - $dn=`ldapsearch -b '$basedn' -s '$scope' '(uid=$user)'|head -1`; - chomp $dn; -} - -system stty -echo; -print New password for user $user: ; -chomp($pass=STDIN); -print \n; -system stty echo; - -system stty -echo; -print Retype new password for user $user: ; -chomp($pass2=STDIN); -print \n; -system stty echo; - -if ($pass ne $pass2) { - die Wrong password!\n; -} else { -# MD5 password -$random = join '', ('.', '/', 0..9, 'A'..'Z',
svn commit: samba r4868 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/rpc_parse branches/SAMBA_3_0/source/utils trunk/source/include trunk/source/rpc_parse trunk/source/utils
Author: gd Date: 2005-01-20 16:51:24 + (Thu, 20 Jan 2005) New Revision: 4868 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4868 Log: Add net rpc user RENAME-command. Note that Samba3 does not yet support it server-side. Guenther Modified: branches/SAMBA_3_0/source/include/rpc_samr.h branches/SAMBA_3_0/source/rpc_parse/parse_samr.c branches/SAMBA_3_0/source/utils/net_help.c branches/SAMBA_3_0/source/utils/net_rpc.c trunk/source/include/rpc_samr.h trunk/source/rpc_parse/parse_samr.c trunk/source/utils/net_help.c trunk/source/utils/net_rpc.c Changeset: Sorry, the patch is too large (557 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4868
svn commit: samba-web r511 - in trunk/news/developers: .
Author: deryck Date: 2005-01-20 16:54:32 + (Thu, 20 Jan 2005) New Revision: 511 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=511 Log: Killing a hanging period. deryck Modified: trunk/news/developers/earnshaw_thesis.html Changeset: Modified: trunk/news/developers/earnshaw_thesis.html === --- trunk/news/developers/earnshaw_thesis.html 2005-01-20 15:11:57 UTC (rev 510) +++ trunk/news/developers/earnshaw_thesis.html 2005-01-20 16:54:32 UTC (rev 511) @@ -22,7 +22,5 @@ too. Nicely done, Nico./p pTo read the complete thesis, see a href=/samba/news/articles/earnshaw_thesis.pdf -The Samba Project: Transformation of Self through Open Source Software Development/a./p. +The Samba Project: Transformation of Self through Open Source Software Development/a./p /div - -
svn commit: samba r4869 - branches/SAMBA_3_0/source/rpcclient trunk/source/rpcclient
Author: gd Date: 2005-01-20 16:55:55 + (Thu, 20 Jan 2005) New Revision: 4869 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4869 Log: Display sam_user_info_7 in rpcclient. Guenther Modified: branches/SAMBA_3_0/source/rpcclient/cmd_samr.c trunk/source/rpcclient/cmd_samr.c Changeset: Modified: branches/SAMBA_3_0/source/rpcclient/cmd_samr.c === --- branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2005-01-20 16:51:24 UTC (rev 4868) +++ branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2005-01-20 16:55:55 UTC (rev 4869) @@ -28,6 +28,17 @@ extern DOM_SID domain_sid; / + display sam_user_info_7 structure + / +static void display_sam_user_info_7(SAM_USER_INFO_7 *usr) +{ + fstring temp; + + unistr2_to_ascii(temp, usr-uni_name, sizeof(temp)-1); + printf(\tUser Name :\t%s\n, temp); +} + +/ display sam_user_info_21 structure / static void display_sam_user_info_21(SAM_USER_INFO_21 *usr) @@ -336,7 +347,17 @@ if (!NT_STATUS_IS_OK(result)) goto done; - display_sam_user_info_21(user_ctr-info.id21); + switch (user_ctr-switch_value) { + case 21: + display_sam_user_info_21(user_ctr-info.id21); + break; + case 7: + display_sam_user_info_7(user_ctr-info.id7); + break; + default: + printf(Unsupported infolevel: %d\n, info_level); + break; + } done: return result; Modified: trunk/source/rpcclient/cmd_samr.c === --- trunk/source/rpcclient/cmd_samr.c 2005-01-20 16:51:24 UTC (rev 4868) +++ trunk/source/rpcclient/cmd_samr.c 2005-01-20 16:55:55 UTC (rev 4869) @@ -28,6 +28,17 @@ extern DOM_SID domain_sid; / + display sam_user_info_7 structure + / +static void display_sam_user_info_7(SAM_USER_INFO_7 *usr) +{ + fstring temp; + + unistr2_to_ascii(temp, usr-uni_name, sizeof(temp)-1); + printf(\tUser Name :\t%s\n, temp); +} + +/ display sam_user_info_21 structure / static void display_sam_user_info_21(SAM_USER_INFO_21 *usr) @@ -336,7 +347,17 @@ if (!NT_STATUS_IS_OK(result)) goto done; - display_sam_user_info_21(user_ctr-info.id21); + switch (user_ctr-switch_value) { + case 21: + display_sam_user_info_21(user_ctr-info.id21); + break; + case 7: + display_sam_user_info_7(user_ctr-info.id7); + break; + default: + printf(Unsupported infolevel: %d\n, info_level); + break; + } done: return result;
svn commit: samba r4871 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jerry Date: 2005-01-20 17:05:10 + (Thu, 20 Jan 2005) New Revision: 4871 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4871 Log: BUG 603: patch by Daniel Beschorner [EMAIL PROTECTED]. Correct access mask check for _samr_lookup_domain() to work with Windows RAS server Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-01-20 17:04:16 UTC (rev 4870) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-01-20 17:05:10 UTC (rev 4871) @@ -2541,8 +2541,11 @@ if (!find_policy_by_hnd(p, q_u-connect_pol, (void**)info)) return NT_STATUS_INVALID_HANDLE; + /* win9x user manager likes to use SA_RIGHT_SAM_ENUM_DOMAINS here. + Reverted that change so we will work with RAS servers again */ + if (!NT_STATUS_IS_OK(r_u-status = access_check_samr_function(info-acc_granted, - SA_RIGHT_SAM_ENUM_DOMAINS, _samr_lookup_domain))) + SA_RIGHT_SAM_OPEN_DOMAIN, _samr_lookup_domain))) { return r_u-status; }
svn commit: samba r4872 - in trunk: examples/LDAP source/rpc_server
Author: jerry Date: 2005-01-20 17:11:05 + (Thu, 20 Jan 2005) New Revision: 4872 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4872 Log: svn merge -r4866:4867 $SVNURL/branches/SAMBA_3_0 svn merge -r4870:4871 $SVNURL/branches/SAMBA_3_0 Removed: trunk/examples/LDAP/ldapsync.pl trunk/examples/LDAP/smbldap-tools/ Modified: trunk/examples/LDAP/README trunk/source/rpc_server/srv_samr_nt.c Changeset: Modified: trunk/examples/LDAP/README === --- trunk/examples/LDAP/README 2005-01-20 17:05:10 UTC (rev 4871) +++ trunk/examples/LDAP/README 2005-01-20 17:11:05 UTC (rev 4872) @@ -52,23 +52,13 @@ smbldap-tools/ -- -This is a collection of perl scripts (wrapped around the standard -OpenLDAP command line tools) for managing Samba and posix accounts -in an LDAP directory. See the README file included with the scripts -for more details. +The smbldap-tools have been removed from the samba svn +tree. The latest version will continue to be included +in Samba releases. +The smbldap-tools package can be downloaded individually from +http://samba.idealx.org/dist/ -ldapsync.pl -For more information on these scripts, see - - http://www.mami.net/univr/tng-ldap/howto/ - - -The ldapsync.pl script requires a small command (smbencrypt) -for generating LanMan and NT password hashes which -can be found at ftp://samba.org/pub/samba/contributed/ - !== !== end of README !== Deleted: trunk/examples/LDAP/ldapsync.pl === --- trunk/examples/LDAP/ldapsync.pl 2005-01-20 17:05:10 UTC (rev 4871) +++ trunk/examples/LDAP/ldapsync.pl 2005-01-20 17:11:05 UTC (rev 4872) @@ -1,122 +0,0 @@ -#!/usr/bin/perl -w - -# LDAP to unix password sync script for samba-tng -# originally by Jody Haynes [EMAIL PROTECTED] -# 12/12/2000[EMAIL PROTECTED] -# modified for use with MD5 passwords -# 12/16/2000 [EMAIL PROTECTED] -# modified to change lmpassword and ntpassword for samba -# 05/01/2001 [EMAIL PROTECTED] -# modified for being also a /bin/passwd replacement -# -# ACHTUNG!!For servers that support the LDAP Modify password -# extended op (e.g. OpenLDAP), see the ldap password -# sync option in smb.conf(5). -# - -$basedn = ou=Students,dc=univr, dc=it; -$binddn = uid=root,dc=univr,dc=it; -$scope = sub; -$passwd = mysecret; - -foreach $arg (@ARGV) { - if ($ != 0) { - die Only root can specify parameters\n; - } else { - if ( ($arg eq '-?') || ($arg eq '--help') ) { - print Usage: $0 [-o] [username]\n; - print -o, --without-old-password do not ask for old password (root only)\n; - print -?, --help show this help message\n; - exit (-1); - } elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) { - $oldpass = 1; - } elsif (substr($arg,0) ne '-') { - $user = $arg; - if (!defined(getpwnam($user))) { - die $0: Unknown user name '$user'\n; ; - } - } - } -} - -if (!defined($user)) { - $user=$ENV{USER}; -} - -if (!defined($oldpass)) { - system stty -echo; - print Old password for user $user: ; - chomp($oldpass=STDIN); - print \n; - system stty echo; - - $ntpwd = `/usr/local/sbin/smbencrypt '$oldpass'`; - $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')); chomp $lmpassword; - $ntpassword = substr($ntpwd, index($ntpwd, ':')+1); chomp $ntpassword; - - # Find dn for user $user (maybe check unix password too?) - $dn=`ldapsearch -b '$basedn' -s '$scope' '((uid=$user)(lmpassword=$lmpassword)(ntpassword=$ntpassword))'|head -1`; - chomp $dn; - - if ($dn eq '') { - print Wrong password for user $user!\n; - exit (-1); - } -} else { - # Find dn for user $user - $dn=`ldapsearch -b '$basedn' -s '$scope' '(uid=$user)'|head -1`; - chomp $dn; -} - -system stty -echo; -print New password for user $user: ; -chomp($pass=STDIN); -print \n; -system stty echo; - -system stty -echo; -print Retype new password for user $user: ; -chomp($pass2=STDIN); -print \n; -system stty echo; - -if ($pass ne $pass2) { - die Wrong password!\n; -} else { -# MD5 password -$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64]; -$bsalt = \$1\$; $esalt = \$; -$modsalt = $bsalt.$random.$esalt; -$password = crypt($pass, $modsalt); - -# LanManager and NT clear text passwords -$ntpwd = `/usr/local/sbin/smbencrypt '$pass'`; -chomp($lmpassword = substr($ntpwd, 0, index($ntpwd,
svn commit: samba r4873 - in branches/SAMBA_3_0/examples/scripts/perl: .
Author: jerry Date: 2005-01-20 17:17:29 + (Thu, 20 Jan 2005) New Revision: 4873 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4873 Log: example delete printer script for use with cups Added: branches/SAMBA_3_0/examples/scripts/perl/smbdelprinter Changeset: Added: branches/SAMBA_3_0/examples/scripts/perl/smbdelprinter === --- branches/SAMBA_3_0/examples/scripts/perl/smbdelprinter 2005-01-20 17:11:05 UTC (rev 4872) +++ branches/SAMBA_3_0/examples/scripts/perl/smbdelprinter 2005-01-20 17:17:29 UTC (rev 4873) @@ -0,0 +1,27 @@ +#!/usr/bin/perl +## Delete printer script for samba, APW, and cups +## Copyright (C) Gerald (Jerry) Carter [EMAIL PROTECTED]2004 +## +## This program is free software; you can redistribute it +## and/or modify it under the terms of the GNU General +## Public License as published by the Free Software Foundation; +## ither version 2 of the License, or (at your option) any +## later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public +## License along with this program; if not, write to the Free +## Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, +## USA. + [EMAIL PROTECTED] = @ARGV; + +# take in args +my $lpname=shift(@argv); # printer name + +system(/usr/sbin/lpadmin -x $lpname); + Property changes on: branches/SAMBA_3_0/examples/scripts/perl/smbdelprinter ___ Name: svn:executable + *
svn commit: samba r4874 - in branches/SAMBA_3_0/source/printing: .
Author: jerry Date: 2005-01-20 17:42:15 + (Thu, 20 Jan 2005) New Revision: 4874 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4874 Log: add DOmain Admins (Full Control) to the default printer sd if we are a DC Modified: branches/SAMBA_3_0/source/printing/nt_printing.c Changeset: Modified: branches/SAMBA_3_0/source/printing/nt_printing.c === --- branches/SAMBA_3_0/source/printing/nt_printing.c2005-01-20 17:17:29 UTC (rev 4873) +++ branches/SAMBA_3_0/source/printing/nt_printing.c2005-01-20 17:42:15 UTC (rev 4874) @@ -4806,7 +4806,8 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) { - SEC_ACE ace[3]; + SEC_ACE ace[5]; /* max number of ace entries */ + int i = 0; SEC_ACCESS sa; SEC_ACL *psa = NULL; SEC_DESC_BUF *sdb = NULL; @@ -4817,7 +4818,7 @@ /* Create an ACE where Everyone is allowed to print */ init_sec_access(sa, PRINTER_ACE_PRINT); - init_sec_ace(ace[0], global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, + init_sec_ace(ace[i++], global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_CONTAINER_INHERIT); /* Make the security descriptor owned by the Administrators group @@ -4836,20 +4837,38 @@ } init_sec_access(sa, PRINTER_ACE_FULL_CONTROL); - init_sec_ace(ace[1], owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, + init_sec_ace(ace[i++], owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); init_sec_access(sa, PRINTER_ACE_FULL_CONTROL); - init_sec_ace(ace[2], owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, + init_sec_ace(ace[i++], owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_CONTAINER_INHERIT); + /* Add the domain admins group if we are a DC */ + + if ( IS_DC ) { + DOM_SID domadmins_sid; + + sid_copy(domadmins_sid, get_global_sam_sid()); + sid_append_rid(domadmins_sid, DOMAIN_GROUP_RID_ADMINS); + + init_sec_access(sa, PRINTER_ACE_FULL_CONTROL); + init_sec_ace(ace[i++], domadmins_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, +sa, SEC_ACE_FLAG_OBJECT_INHERIT | +SEC_ACE_FLAG_INHERIT_ONLY); + + init_sec_access(sa, PRINTER_ACE_FULL_CONTROL); + init_sec_ace(ace[i++], domadmins_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, +sa, SEC_ACE_FLAG_CONTAINER_INHERIT); + } + /* The ACL revision number in rpc_secdesc.h differs from the one created by NT when setting ACE entries in printer descriptors. NT4 complains about the property being edited by a NT5 machine. */ - if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) != NULL) { + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) != NULL) { psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, owner_sid, NULL, NULL, psa, sd_size);
svn commit: samba r4875 - in branches/SAMBA_3_0/source/rpc_parse: .
Author: jra Date: 2005-01-20 18:31:11 + (Thu, 20 Jan 2005) New Revision: 4875 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4875 Log: Fix for bugid #221, inspired by Mrinal Kalakrishnan [EMAIL PROTECTED]. NT sometimes send garbage bytes in NT security descriptor linearizations when sending well-known sids. Cope with these. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_parse/parse_sec.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_parse/parse_sec.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_sec.c 2005-01-20 17:42:15 UTC (rev 4874) +++ branches/SAMBA_3_0/source/rpc_parse/parse_sec.c 2005-01-20 18:31:11 UTC (rev 4875) @@ -3,7 +3,7 @@ * Version 1.9. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Jeremy R. Allison1995-2003. + * Copyright (C) Jeremy R. Allison1995-2005. * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, * Copyright (C) Paul Ashton 1997-1998. * @@ -94,8 +94,24 @@ return False; } + /* Theorectically an ACE can have a size greater than the + sum of its components. When marshalling, pad with extra null bytes up to the + correct size. */ + + if (MARSHALLING(ps) (psa-size prs_offset(ps) - old_offset)) { + uint32 extra_len = psa-size - (prs_offset(ps) - old_offset); + uint32 i; + uint8 c = 0; + + for (i = 0; i extra_len; i++) { + if (!prs_uint8(ace extra space, ps, depth, c)) + return False; + } + } + if(!prs_uint16_post(size , ps, depth, psa-size, offset_ace_size, old_offset)) return False; + return True; } @@ -165,6 +181,20 @@ return False; } + /* Theorectically an ACL can have a size greater than the + sum of its components. When marshalling, pad with extra null bytes up to the + correct size. */ + + if (MARSHALLING(ps) (psa-size prs_offset(ps) - old_offset)) { + uint32 extra_len = psa-size - (prs_offset(ps) - old_offset); + uint8 c = 0; + + for (i = 0; i extra_len; i++) { + if (!prs_uint8(acl extra space, ps, depth, c)) + return False; + } + } + if(!prs_uint16_post(size , ps, depth, psa-size, offset_acl_size, old_offset)) return False; @@ -181,7 +211,7 @@ uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ uint32 tmp_offset = 0; - + SEC_DESC *psd; if (ppsd == NULL) @@ -203,16 +233,6 @@ prs_debug(ps, depth, desc, sec_io_desc); depth++; -#if 0 - /* -* if alignment is needed, should be done by the the -* caller. Not here. This caused me problems when marshalling -* printer info into a buffer. --jerry -*/ - if(!prs_align(ps)) - return False; -#endif - /* start of security descriptor stored for back-calc offset purposes */ old_offset = prs_offset(ps); @@ -222,6 +242,42 @@ if(!prs_uint16(type , ps, depth, psd-type)) return False; + if (MARSHALLING(ps)) { + uint32 offset = SEC_DESC_HEADER_SIZE; + + /* +* Work out the offsets here, as we write it out. +*/ + + if (psd-sacl != NULL) { + psd-off_sacl = offset; + offset += psd-sacl-size; + } else { + psd-off_sacl = 0; + } + + if (psd-dacl != NULL) { + psd-off_dacl = offset; + offset += psd-dacl-size; + } else { + psd-off_dacl = 0; + } + + if (psd-owner_sid != NULL) { + psd-off_owner_sid = offset; + offset += sid_size(psd-owner_sid); + } else { + psd-off_owner_sid = 0; + } + + if (psd-grp_sid != NULL) { + psd-off_grp_sid = offset; + offset += sid_size(psd-grp_sid); + } else { + psd-off_grp_sid = 0; + } + } + if(!prs_uint32(off_owner_sid, ps, depth, psd-off_owner_sid)) return False; @@ -289,7 +345,6 @@ return False; } - if ((psd-type SEC_DESC_DACL_PRESENT) psd-off_dacl != 0) { tmp_offset = prs_offset(ps); if(!prs_set_offset(ps, old_offset + psd-off_dacl)) @@
svn commit: samba r4876 - in trunk/source/rpc_parse: .
Author: jra Date: 2005-01-20 18:31:12 + (Thu, 20 Jan 2005) New Revision: 4876 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4876 Log: Fix for bugid #221, inspired by Mrinal Kalakrishnan [EMAIL PROTECTED]. NT sometimes send garbage bytes in NT security descriptor linearizations when sending well-known sids. Cope with these. Jeremy. Modified: trunk/source/rpc_parse/parse_sec.c Changeset: Modified: trunk/source/rpc_parse/parse_sec.c === --- trunk/source/rpc_parse/parse_sec.c 2005-01-20 18:31:11 UTC (rev 4875) +++ trunk/source/rpc_parse/parse_sec.c 2005-01-20 18:31:12 UTC (rev 4876) @@ -3,7 +3,7 @@ * Version 1.9. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Jeremy R. Allison1995-2003. + * Copyright (C) Jeremy R. Allison1995-2005. * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, * Copyright (C) Paul Ashton 1997-1998. * @@ -94,8 +94,24 @@ return False; } + /* Theorectically an ACE can have a size greater than the + sum of its components. When marshalling, pad with extra null bytes up to the + correct size. */ + + if (MARSHALLING(ps) (psa-size prs_offset(ps) - old_offset)) { + uint32 extra_len = psa-size - (prs_offset(ps) - old_offset); + uint32 i; + uint8 c = 0; + + for (i = 0; i extra_len; i++) { + if (!prs_uint8(ace extra space, ps, depth, c)) + return False; + } + } + if(!prs_uint16_post(size , ps, depth, psa-size, offset_ace_size, old_offset)) return False; + return True; } @@ -165,6 +181,20 @@ return False; } + /* Theorectically an ACL can have a size greater than the + sum of its components. When marshalling, pad with extra null bytes up to the + correct size. */ + + if (MARSHALLING(ps) (psa-size prs_offset(ps) - old_offset)) { + uint32 extra_len = psa-size - (prs_offset(ps) - old_offset); + uint8 c = 0; + + for (i = 0; i extra_len; i++) { + if (!prs_uint8(acl extra space, ps, depth, c)) + return False; + } + } + if(!prs_uint16_post(size , ps, depth, psa-size, offset_acl_size, old_offset)) return False; @@ -181,7 +211,7 @@ uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ uint32 tmp_offset = 0; - + SEC_DESC *psd; if (ppsd == NULL) @@ -203,16 +233,6 @@ prs_debug(ps, depth, desc, sec_io_desc); depth++; -#if 0 - /* -* if alignment is needed, should be done by the the -* caller. Not here. This caused me problems when marshalling -* printer info into a buffer. --jerry -*/ - if(!prs_align(ps)) - return False; -#endif - /* start of security descriptor stored for back-calc offset purposes */ old_offset = prs_offset(ps); @@ -222,6 +242,42 @@ if(!prs_uint16(type , ps, depth, psd-type)) return False; + if (MARSHALLING(ps)) { + uint32 offset = SEC_DESC_HEADER_SIZE; + + /* +* Work out the offsets here, as we write it out. +*/ + + if (psd-sacl != NULL) { + psd-off_sacl = offset; + offset += psd-sacl-size; + } else { + psd-off_sacl = 0; + } + + if (psd-dacl != NULL) { + psd-off_dacl = offset; + offset += psd-dacl-size; + } else { + psd-off_dacl = 0; + } + + if (psd-owner_sid != NULL) { + psd-off_owner_sid = offset; + offset += sid_size(psd-owner_sid); + } else { + psd-off_owner_sid = 0; + } + + if (psd-grp_sid != NULL) { + psd-off_grp_sid = offset; + offset += sid_size(psd-grp_sid); + } else { + psd-off_grp_sid = 0; + } + } + if(!prs_uint32(off_owner_sid, ps, depth, psd-off_owner_sid)) return False; @@ -289,7 +345,6 @@ return False; } - if ((psd-type SEC_DESC_DACL_PRESENT) psd-off_dacl != 0) { tmp_offset = prs_offset(ps); if(!prs_set_offset(ps, old_offset + psd-off_dacl)) @@ -303,6 +358,7 @@ if(!prs_set_offset(ps, max_offset))
svn commit: samba r4877 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: gd Date: 2005-01-20 21:42:05 + (Thu, 20 Jan 2005) New Revision: 4877 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4877 Log: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour Lockout Duration: Forever. Guenther Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c trunk/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2005-01-20 18:31:12 UTC (rev 4876) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2005-01-20 21:42:05 UTC (rev 4877) @@ -1021,7 +1021,10 @@ if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) return nt_status; - if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime/60)) + if (u_lockouttime != -1) + u_lockouttime /= 60; + + if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) return nt_status; if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta-logon_chgpass)) Modified: trunk/source/utils/net_rpc_samsync.c === --- trunk/source/utils/net_rpc_samsync.c2005-01-20 18:31:12 UTC (rev 4876) +++ trunk/source/utils/net_rpc_samsync.c2005-01-20 21:42:05 UTC (rev 4877) @@ -1028,7 +1028,10 @@ if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) return nt_status; - if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime/60)) + if (u_lockouttime != -1) + u_lockouttime /= 60; + + if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) return nt_status; if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta-logon_chgpass))
svn commit: samba-docs r327 - in trunk/manpages: .
Author: gd Date: 2005-01-20 21:56:35 + (Thu, 20 Jan 2005) New Revision: 327 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=327 Log: Document net rpc user rename. Guenther Modified: trunk/manpages/net.8.xml Changeset: Modified: trunk/manpages/net.8.xml === --- trunk/manpages/net.8.xml2005-01-20 14:10:26 UTC (rev 326) +++ trunk/manpages/net.8.xml2005-01-20 21:56:35 UTC (rev 327) @@ -231,6 +231,13 @@ /refsect3 refsect3 +title[RPC|ADS] USER RENAME replaceableoldname/replaceable replaceablenewname/replaceable/title + +paraRename specified user./para + +/refsect3 + +refsect3 title[RPC|ADS] USER ADD replaceablename/replaceable [password] [-F user flags] [-C comment]/title paraAdd specified user./para
svn commit: samba-docs r328 - in trunk/manpages: .
Author: gd Date: 2005-01-20 22:28:27 + (Thu, 20 Jan 2005) New Revision: 328 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=328 Log: Start documenting pam_winbind's options. Maybe someone more fluent in english can look over it... Guenther Modified: trunk/manpages/pam_winbind.8.xml trunk/manpages/winbindd.8.xml Changeset: Modified: trunk/manpages/pam_winbind.8.xml === --- trunk/manpages/pam_winbind.8.xml2005-01-20 21:56:35 UTC (rev 327) +++ trunk/manpages/pam_winbind.8.xml2005-01-20 22:28:27 UTC (rev 328) @@ -29,17 +29,66 @@ refsect1 titleOPTIONS/title + para + pam_winbind does support several options: + variablelist - para - pam_winbind does not support any additional options. + varlistentry + termdebug/term + listitemparaGives debugging-output to syslog./para/listitem + /varlistentry + + varlistentry + termrequire_membership_of=[SID or NAME]/term + listitempara + If this option is set, pam_winbind will only succeed if the + user is a member of the given SID or NAME. A SID can be either a group-SID, a + alias-SID or even a user-SID. It is also possible to give a NAME instead of the + SID. That name must have the form: parameterMYDOMAIN\mygroup/parameter or + parameterMYDOMAIN\myuser/parameter. pam_winbind will, in that case, lookup + the SID internally. You can verify the list of SIDs a user is a member of with + wbinfo --user-sids=SID. + /para/listitem + /varlistentry + + varlistentry + termtry_first_pass/term + listitempara/para/listitem + /varlistentry + + varlistentry + termuse_first_pass/term + listitempara + The default is, that pam_winbind tries to get the + authentication token from a previous module. If no token is available, the user + is asked for the old password. With this option, pam_winbind aborts with an + error if no authentication token from a previous module is available. + /para/listitem + /varlistentry + + varlistentry + termuse_authtok/term + listitempara + Set the new password to the one provided by the previously + stacked password module. If this option is not set, pam_winbind would ask the + user for the new password. + /para/listitem + /varlistentry + + /variablelist + + /para /refsect1 refsect1 titleSEE ALSO/title - - parawinbind(8)/para + paraciterefentry + refentrytitlewbinfo/refentrytitle + manvolnum1/manvolnum/citerefentry, citerefentry + refentrytitlewinbindd/refentrytitle + manvolnum8/manvolnum/citerefentry/para /refsect1 refsect1 @@ -56,7 +105,7 @@ by the Samba Team as an Open Source project similar to the way the Linux kernel is developed./para - paraThis manpage was written by Jelmer Vernooij./para + paraThis manpage was written by Jelmer Vernooij and Guenther Deschner./para /refsect1 Modified: trunk/manpages/winbindd.8.xml === --- trunk/manpages/winbindd.8.xml 2005-01-20 21:56:35 UTC (rev 327) +++ trunk/manpages/winbindd.8.xml 2005-01-20 22:28:27 UTC (rev 328) @@ -461,7 +461,9 @@ refentrytitlentlm_auth/refentrytitle manvolnum8/manvolnum/citerefentry, citerefentry refentrytitlesmb.conf/refentrytitle - manvolnum5/manvolnum/citerefentry/para + manvolnum5/manvolnum/citerefentry, citerefentry + refentrytitlepam_winbind/refentrytitle + manvolnum8/manvolnum/citerefentry/para /refsect1 refsect1
svn commit: samba r4878 - in trunk/source/include: .
Author: jra Date: 2005-01-20 22:41:57 + (Thu, 20 Jan 2005) New Revision: 4878 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4878 Log: Fix rewinddir - rewind_dir. Noticed by James Peach. Jeremy Modified: trunk/source/include/vfs_macros.h Changeset: Modified: trunk/source/include/vfs_macros.h === --- trunk/source/include/vfs_macros.h 2005-01-20 21:42:05 UTC (rev 4877) +++ trunk/source/include/vfs_macros.h 2005-01-20 22:41:57 UTC (rev 4878) @@ -40,7 +40,7 @@ #define SMB_VFS_READDIR(conn, dirp) ((conn)-vfs.ops.readdir((conn)-vfs.handles.readdir, (conn), (dirp))) #define SMB_VFS_SEEKDIR(conn, dirp, offset) ((conn)-vfs.ops.seekdir((conn)-vfs.handles.seekdir, (conn), (dirp), (offset))) #define SMB_VFS_TELLDIR(conn, dirp) ((conn)-vfs.ops.telldir((conn)-vfs.handles.telldir, (conn), (dirp))) -#define SMB_VFS_REWINDDIR(conn, dirp) ((conn)-vfs.ops.rewinddir((conn)-vfs.handles.rewinddir, (conn), (dirp))) +#define SMB_VFS_REWINDDIR(conn, dirp) ((conn)-vfs.ops.rewind_dir((conn)-vfs.handles.rewind_dir, (conn), (dirp))) #define SMB_VFS_MKDIR(conn, path, mode) ((conn)-vfs.ops.mkdir((conn)-vfs.handles.mkdir,(conn), (path), (mode))) #define SMB_VFS_RMDIR(conn, path) ((conn)-vfs.ops.rmdir((conn)-vfs.handles.rmdir, (conn), (path))) #define SMB_VFS_CLOSEDIR(conn, dir) ((conn)-vfs.ops.closedir((conn)-vfs.handles.closedir, (conn), dir)) @@ -141,7 +141,7 @@ #define SMB_VFS_OPAQUE_READDIR(conn, dirp) ((conn)-vfs_opaque.ops.readdir((conn)-vfs_opaque.handles.readdir, (conn), (dirp))) #define SMB_VFS_OPAQUE_SEEKDIR(conn, dirp, offset) ((conn)-vfs_opaque.ops.seekdir((conn)-vfs_opaque.handles.seekdir, (conn), (dirp), (offset))) #define SMB_VFS_OPAQUE_TELLDIR(conn, dirp) ((conn)-vfs_opaque.ops.telldir((conn)-vfs_opaque.handles.telldir, (conn), (dirp))) -#define SMB_VFS_OPAQUE_REWINDDIR(conn, dirp) ((conn)-vfs_opaque.ops.rewinddir((conn)-vfs_opaque.handles.rewinddir, (conn), (dirp))) +#define SMB_VFS_OPAQUE_REWINDDIR(conn, dirp) ((conn)-vfs_opaque.ops.rewind_dir((conn)-vfs_opaque.handles.rewind_dir, (conn), (dirp))) #define SMB_VFS_OPAQUE_MKDIR(conn, path, mode) ((conn)-vfs_opaque.ops.mkdir((conn)-vfs_opaque.handles.mkdir,(conn), (path), (mode))) #define SMB_VFS_OPAQUE_RMDIR(conn, path) ((conn)-vfs_opaque.ops.rmdir((conn)-vfs_opaque.handles.rmdir, (conn), (path))) #define SMB_VFS_OPAQUE_CLOSEDIR(conn, dir) ((conn)-vfs_opaque.ops.closedir((conn)-vfs_opaque.handles.closedir, (conn), dir))
svn commit: samba r4879 - in branches/SAMBA_3_0/source/include: .
Author: jra Date: 2005-01-20 22:42:08 + (Thu, 20 Jan 2005) New Revision: 4879 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4879 Log: Fix rewinddir - rewind_dir. Noticed by James Peach. Jeremy Modified: branches/SAMBA_3_0/source/include/vfs_macros.h Changeset: Modified: branches/SAMBA_3_0/source/include/vfs_macros.h === --- branches/SAMBA_3_0/source/include/vfs_macros.h 2005-01-20 22:41:57 UTC (rev 4878) +++ branches/SAMBA_3_0/source/include/vfs_macros.h 2005-01-20 22:42:08 UTC (rev 4879) @@ -40,7 +40,7 @@ #define SMB_VFS_READDIR(conn, dirp) ((conn)-vfs.ops.readdir((conn)-vfs.handles.readdir, (conn), (dirp))) #define SMB_VFS_SEEKDIR(conn, dirp, offset) ((conn)-vfs.ops.seekdir((conn)-vfs.handles.seekdir, (conn), (dirp), (offset))) #define SMB_VFS_TELLDIR(conn, dirp) ((conn)-vfs.ops.telldir((conn)-vfs.handles.telldir, (conn), (dirp))) -#define SMB_VFS_REWINDDIR(conn, dirp) ((conn)-vfs.ops.rewinddir((conn)-vfs.handles.rewinddir, (conn), (dirp))) +#define SMB_VFS_REWINDDIR(conn, dirp) ((conn)-vfs.ops.rewind_dir((conn)-vfs.handles.rewind_dir, (conn), (dirp))) #define SMB_VFS_MKDIR(conn, path, mode) ((conn)-vfs.ops.mkdir((conn)-vfs.handles.mkdir,(conn), (path), (mode))) #define SMB_VFS_RMDIR(conn, path) ((conn)-vfs.ops.rmdir((conn)-vfs.handles.rmdir, (conn), (path))) #define SMB_VFS_CLOSEDIR(conn, dir) ((conn)-vfs.ops.closedir((conn)-vfs.handles.closedir, (conn), dir)) @@ -141,7 +141,7 @@ #define SMB_VFS_OPAQUE_READDIR(conn, dirp) ((conn)-vfs_opaque.ops.readdir((conn)-vfs_opaque.handles.readdir, (conn), (dirp))) #define SMB_VFS_OPAQUE_SEEKDIR(conn, dirp, offset) ((conn)-vfs_opaque.ops.seekdir((conn)-vfs_opaque.handles.seekdir, (conn), (dirp), (offset))) #define SMB_VFS_OPAQUE_TELLDIR(conn, dirp) ((conn)-vfs_opaque.ops.telldir((conn)-vfs_opaque.handles.telldir, (conn), (dirp))) -#define SMB_VFS_OPAQUE_REWINDDIR(conn, dirp) ((conn)-vfs_opaque.ops.rewinddir((conn)-vfs_opaque.handles.rewinddir, (conn), (dirp))) +#define SMB_VFS_OPAQUE_REWINDDIR(conn, dirp) ((conn)-vfs_opaque.ops.rewind_dir((conn)-vfs_opaque.handles.rewind_dir, (conn), (dirp))) #define SMB_VFS_OPAQUE_MKDIR(conn, path, mode) ((conn)-vfs_opaque.ops.mkdir((conn)-vfs_opaque.handles.mkdir,(conn), (path), (mode))) #define SMB_VFS_OPAQUE_RMDIR(conn, path) ((conn)-vfs_opaque.ops.rmdir((conn)-vfs_opaque.handles.rmdir, (conn), (path))) #define SMB_VFS_OPAQUE_CLOSEDIR(conn, dir) ((conn)-vfs_opaque.ops.closedir((conn)-vfs_opaque.handles.closedir, (conn), dir))
svn commit: samba-docs r329 - in trunk/manpages: .
Author: gd Date: 2005-01-20 22:47:09 + (Thu, 20 Jan 2005) New Revision: 329 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=329 Log: Thanks to abartlet: Add note about spaces in pam_winbind's options. Guenther Modified: trunk/manpages/pam_winbind.8.xml Changeset: Modified: trunk/manpages/pam_winbind.8.xml === --- trunk/manpages/pam_winbind.8.xml2005-01-20 22:28:27 UTC (rev 328) +++ trunk/manpages/pam_winbind.8.xml2005-01-20 22:47:09 UTC (rev 329) @@ -46,8 +46,9 @@ alias-SID or even a user-SID. It is also possible to give a NAME instead of the SID. That name must have the form: parameterMYDOMAIN\mygroup/parameter or parameterMYDOMAIN\myuser/parameter. pam_winbind will, in that case, lookup - the SID internally. You can verify the list of SIDs a user is a member of with - wbinfo --user-sids=SID. + the SID internally. Note that NAME may not contain any spaces. It is thus + recommended to only use SIDs. You can verify the list of SIDs a user is a member + of with commandwbinfo --user-sids=SID/command. /para/listitem /varlistentry
Build status as of Fri Jan 21 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-01-20 00:00:15.0 + +++ /home/build/master/cache/broken_results.txt 2005-01-21 00:00:26.0 + @@ -1,14 +1,14 @@ -Build status as of Thu Jan 20 00:00:01 2005 +Build status as of Fri Jan 21 00:00:01 2005 Build counts: Tree Total Broken Panic -ccache 43 8 0 +ccache 44 8 0 distcc 43 8 0 ppp 21 4 0 rsync44 7 0 samba2 2 2 samba-docs 0 0 0 -samba4 46 32 0 +samba4 47 16 0 samba_3_045 15 1 Currently broken builds: @@ -16,32 +16,24 @@ aix1 rsynccc 77/?/?/? aix1 samba4 cc 77/?/?/? aix1 samba_3_0cc 77/?/?/? -aix1 samba4 gccok/ 2/?/? -mungerasamba4 gccok/ 2/?/? mungerasamba_3_0gccok/ok/ok/ 2/PANIC +cyberone samba4 gccok/ 2/?/? fusberta samba4 gccok/ 2/?/? -yurok samba4 gccok/ 2/?/? -sasoe_smb samba4 gccok/ 2/?/? -samba-s390 samba4 gccok/ 2/?/? rhonwynsamba4 gcc-4.0ok/ 2/?/? -rhonwynsamba_3_0gcc-4.0ok/ 2/?/? +rhonwynsamba_3_0gcc-4.0 2/?/?/? quango ccache gcc 137/?/?/? quango distcc gcc 137/?/?/? quango ppp gccok/ 2/?/? quango rsyncgcc 137/?/?/? quango samba4 gcc 137/?/?/? quango samba_3_0gcc 137/?/?/? -superego samba4 gccok/ 2/?/? -cl012 samba4 gccok/ 2/?/? gc8samba4 gccok/ 1/?/? -aretnapsamba4 gccok/ 1/?/? aretnapccache iccok/ok/ok/ 1 aretnapsamba4 iccok/ 1/?/? -gc4samba4 gccok/ 1/?/? -sbfsamba4 gccok/ 1/?/? smartserv1 samba_3_0gcc-4.0ok/ok/ok/ 2 gwen distcc cc ok/ 1/?/? gwen samba4 cc ok/ 1/?/? +gwen samba_3_0cc ok/ok/ok/ 12 gwen ccache gcc 77/?/?/? gwen distcc gcc 77/?/?/? gwen rsyncgcc 77/?/?/? @@ -54,18 +46,14 @@ gwen samba_3_0icc 77/?/?/? au2distcc cc ok/ 1/?/? au2distcc gccok/ 1/?/? -us4samba4 cc ok/ 1/?/? -us4samba4 gccok/ 1/?/? flock samba4 gccok/ 1/?/? svamp samba_3_0gccok/ok/ok/ 42 opisol10 ccache gccok/ok/ok/ 1 opisol10 ppp gccok/ 1/?/? opisol10 samba4 gccok/ 1/?/? opisol10 samba_3_0gccok/ 1/?/? -gc20 samba_3_0gccok/ 2/?/? sun1 samba4 cc ok/ 2/?/? sun1 samba_3_0cc ok/ 2/?/? -sun1 samba4 gccok/ 2/?/? sun1 ccache icc 77/?/?/? sun1 distcc icc 77/?/?/? sun1 rsyncicc 77/?/?/? @@ -77,16 +65,12 @@ Isis samba4 cc 77/?/?/? Isis samba_3_0cc 77/?/?/? Isis ppp gccok/ 2/?/? -Isis samba4 gccok/ 2/?/? fire1 samba_3_0cc ok/ 2/?/? -fire1 samba4 gccok/ 2/?/? m30ccache gccok/ok/ok/ 2 m30rsyncgccok/ok/ok/ 2 m30samba4 gccok/ 2/?/? m30samba_3_0gccok/ok/ok/ 42 metze02sambagccok/ok/ok/ 1/PANIC metze01sambagccok/ok/ok/ 1/PANIC -metze01samba4 gccok/ 2/?/? opippp gccok/ 2/?/? -opisamba4 gccok/ 2/?/?
svn commit: samba r4880 - in trunk/source/printing: .
Author: jra Date: 2005-01-21 00:29:33 + (Fri, 21 Jan 2005) New Revision: 4880 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4880 Log: Varient of Lar's patch for #2270. Jerry promises to test :-). Jeremy. Modified: trunk/source/printing/print_cups.c Changeset: Sorry, the patch is too large (947 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4880
svn commit: samba r4881 - in branches/SAMBA_3_0/source/printing: .
Author: jra Date: 2005-01-21 00:29:38 + (Fri, 21 Jan 2005) New Revision: 4881 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4881 Log: Varient of Lar's patch for #2270. Jerry promises to test :-). Jeremy. Modified: branches/SAMBA_3_0/source/printing/print_cups.c Changeset: Sorry, the patch is too large (947 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4881
svn commit: samba r4882 - in branches/SAMBA_3_0/source/libads: .
Author: jra Date: 2005-01-21 01:42:45 + (Fri, 21 Jan 2005) New Revision: 4882 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4882 Log: Fix for #2255. Debug should have been 10 not 0. Jeremy. Modified: branches/SAMBA_3_0/source/libads/kerberos_verify.c Changeset: Modified: branches/SAMBA_3_0/source/libads/kerberos_verify.c === --- branches/SAMBA_3_0/source/libads/kerberos_verify.c 2005-01-21 00:29:38 UTC (rev 4881) +++ branches/SAMBA_3_0/source/libads/kerberos_verify.c 2005-01-21 01:42:45 UTC (rev 4882) @@ -110,7 +110,7 @@ ret = krb5_rd_req(context, auth_context, p_packet, host_princ, keytab, NULL, pp_tkt); krb5_free_principal(context, host_princ); if (ret) { - DEBUG(0, (krb5_rd_req(%s) failed: %s\n, host_princ_s[i], error_message(ret))); + DEBUG(10, (krb5_rd_req(%s) failed: %s\n, host_princ_s[i], error_message(ret))); } else { DEBUG(10,(krb5_rd_req succeeded for principal %s\n, host_princ_s[i])); auth_ok = True;
svn commit: samba-docs r330 - in trunk/manpages: .
Author: vance Date: 2005-01-21 01:46:03 + (Fri, 21 Jan 2005) New Revision: 330 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=330 Log: Since English is my first language, I suppose I qualify for someone more fluent in english. (note, though, that none of these corrections are grammatically necessary, but they do make it flow a little more naturally.) Vance Modified: trunk/manpages/pam_winbind.8.xml Changeset: Modified: trunk/manpages/pam_winbind.8.xml === --- trunk/manpages/pam_winbind.8.xml2005-01-20 22:47:09 UTC (rev 329) +++ trunk/manpages/pam_winbind.8.xml2005-01-21 01:46:03 UTC (rev 330) @@ -30,12 +30,12 @@ refsect1 titleOPTIONS/title para - pam_winbind does support several options: + pam_winbind supports several options: variablelist varlistentry termdebug/term - listitemparaGives debugging-output to syslog./para/listitem + listitemparaGives debugging output to syslog./para/listitem /varlistentry varlistentry @@ -60,9 +60,9 @@ varlistentry termuse_first_pass/term listitempara - The default is, that pam_winbind tries to get the - authentication token from a previous module. If no token is available, the user - is asked for the old password. With this option, pam_winbind aborts with an + By default, that pam_winbind tries to get the + authentication token from a previous module. If no token is available it asks the user + for the old password. With this option, pam_winbind aborts with an error if no authentication token from a previous module is available. /para/listitem /varlistentry @@ -71,7 +71,7 @@ termuse_authtok/term listitempara Set the new password to the one provided by the previously - stacked password module. If this option is not set, pam_winbind would ask the + stacked password module. If this option is not set pam_winbind will ask the user for the new password. /para/listitem /varlistentry
svn commit: samba-docs r331 - in trunk/manpages: .
Author: vance Date: 2005-01-21 03:04:17 + (Fri, 21 Jan 2005) New Revision: 331 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=331 Log: Apparently Herb is more fluent than me... (Remove an extraneous that as Herb Lewis pointed out.) Vance Modified: trunk/manpages/pam_winbind.8.xml Changeset: Modified: trunk/manpages/pam_winbind.8.xml === --- trunk/manpages/pam_winbind.8.xml2005-01-21 01:46:03 UTC (rev 330) +++ trunk/manpages/pam_winbind.8.xml2005-01-21 03:04:17 UTC (rev 331) @@ -60,7 +60,7 @@ varlistentry termuse_first_pass/term listitempara - By default, that pam_winbind tries to get the + By default, pam_winbind tries to get the authentication token from a previous module. If no token is available it asks the user for the old password. With this option, pam_winbind aborts with an error if no authentication token from a previous module is available.
svn commit: samba r4883 - in branches/SAMBA_4_0/source/build/pidl: .
Author: tridge Date: 2005-01-21 06:44:52 + (Fri, 21 Jan 2005) New Revision: 4883 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4883 Log: support ndr_size_ generation on unions as well as structures Modified: branches/SAMBA_4_0/source/build/pidl/header.pm Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/header.pm === --- branches/SAMBA_4_0/source/build/pidl/header.pm 2005-01-21 01:42:45 UTC (rev 4882) +++ branches/SAMBA_4_0/source/build/pidl/header.pm 2005-01-21 06:44:52 UTC (rev 4883) @@ -228,7 +228,12 @@ my($d) = shift; if (needed::is_needed(ndr_size_$d-{NAME})) { - $res .= size_t ndr_size_$d-{NAME}(const struct $d-{NAME} *r, int flags);\n; + if ($d-{DATA}{TYPE} eq STRUCT) { + $res .= size_t ndr_size_$d-{NAME}(const struct $d-{NAME} *r, int flags);\n; + } + if ($d-{DATA}{TYPE} eq UNION) { + $res .= size_t ndr_size_$d-{NAME}(const union $d-{NAME} *r, uint32_t level, int flags);\n; + } } if (!util::has_property($d, public)) {
svn commit: samba r4884 - in branches/SAMBA_4_0/source/build/pidl: .
Author: tridge Date: 2005-01-21 06:46:07 + (Fri, 21 Jan 2005) New Revision: 4884 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4884 Log: - 2nd part of support ndr_size_ generation on unions as well as structures - added nopull and nopush flags, to allow for externally written parsers for sub-structures Modified: branches/SAMBA_4_0/source/build/pidl/idl.pm branches/SAMBA_4_0/source/build/pidl/idl.yp branches/SAMBA_4_0/source/build/pidl/needed.pm branches/SAMBA_4_0/source/build/pidl/parser.pm Changeset: Sorry, the patch is too large (1657 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4884
svn commit: samba r4885 - in branches/SAMBA_4_0/source: include libcli libcli/nbt librpc librpc/idl librpc/ndr
Author: tridge Date: 2005-01-21 06:54:10 + (Fri, 21 Jan 2005) New Revision: 4885 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4885 Log: added a new NBT client library. Features include: - structures defined using IDL in nbt.idl - build around our events structure, and talloc - fully async - supports all NBT packet fields as per rfc1002 - easy interfaces for name query and status For the moment there are just a couple of test functions in namequery.c, test_name_query() and test_name_status(). These will be removed when we hook the new library into libcli/ fully The new library will also be a fairly good basis for a nbt server. Although it can't be a server as-is, I wrote it with the needs of a server in mind (for example, extremely scalable idtree based packet handling) Added: branches/SAMBA_4_0/source/libcli/nbt/ branches/SAMBA_4_0/source/libcli/nbt/libnbt.h branches/SAMBA_4_0/source/libcli/nbt/namequery.c branches/SAMBA_4_0/source/libcli/nbt/nbtname.c branches/SAMBA_4_0/source/libcli/nbt/nbtsocket.c branches/SAMBA_4_0/source/librpc/idl/nbt.idl Modified: branches/SAMBA_4_0/source/include/structs.h branches/SAMBA_4_0/source/libcli/config.mk branches/SAMBA_4_0/source/librpc/config.mk branches/SAMBA_4_0/source/librpc/idl/idl_types.h branches/SAMBA_4_0/source/librpc/ndr/libndr.h branches/SAMBA_4_0/source/librpc/ndr/ndr.c branches/SAMBA_4_0/source/librpc/ndr/ndr_basic.c Changeset: Sorry, the patch is too large (1445 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4885
svn commit: samba r4886 - in branches/SAMBA_4_0/source: libcli/raw librpc/rpc
Author: tridge Date: 2005-01-21 06:55:33 + (Fri, 21 Jan 2005) New Revision: 4886 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4886 Log: fixed two places where we process the send side of a socket after the recv side in the same event. That's a bad idea, as the first callback could decide to destroy the socket. Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc_sock.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c === --- branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2005-01-21 06:54:10 UTC (rev 4885) +++ branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2005-01-21 06:55:33 UTC (rev 4886) @@ -40,6 +40,7 @@ if (flags EVENT_FD_READ) { smbcli_transport_process_recv(transport); + return; } if (flags EVENT_FD_WRITE) { smbcli_transport_process_send(transport); Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_sock.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_sock.c 2005-01-21 06:54:10 UTC (rev 4885) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc_sock.c 2005-01-21 06:55:33 UTC (rev 4886) @@ -199,6 +199,7 @@ if (flags EVENT_FD_WRITE) { sock_process_send(p); + return; } if (sock-sock == NULL) {
svn commit: samba r4888 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: tridge Date: 2005-01-21 06:56:57 + (Fri, 21 Jan 2005) New Revision: 4888 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4888 Log: use the neater calling convention Modified: branches/SAMBA_4_0/source/torture/rpc/echo.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/echo.c === --- branches/SAMBA_4_0/source/torture/rpc/echo.c2005-01-21 06:56:13 UTC (rev 4887) +++ branches/SAMBA_4_0/source/torture/rpc/echo.c2005-01-21 06:56:57 UTC (rev 4888) @@ -336,38 +336,15 @@ return False; } - if (!test_addone(p, mem_ctx)) { - ret = False; - } + ret = test_addone(p, mem_ctx); + ret = test_sinkdata(p, mem_ctx); + ret = test_echodata(p, mem_ctx); + ret = test_sourcedata(p, mem_ctx); + ret = test_testcall(p, mem_ctx); + ret = test_testcall2(p, mem_ctx); + ret = test_enum(p, mem_ctx); + ret = test_sleep(p, mem_ctx); - if (!test_sinkdata(p, mem_ctx)) { - ret = False; - } - - if (!test_echodata(p, mem_ctx)) { - ret = False; - } - - if (!test_sourcedata(p, mem_ctx)) { - ret = False; - } - - if (!test_testcall(p, mem_ctx)) { - ret = False; - } - - if (!test_testcall2(p, mem_ctx)) { - ret = False; - } - - if (!test_enum(p, mem_ctx)) { - ret = False; - } - - if (!test_sleep(p, mem_ctx)) { - ret = False; - } - printf(\n); talloc_free(mem_ctx);
svn commit: samba r4889 - in branches/SAMBA_4_0/source/utils: .
Author: tridge Date: 2005-01-21 06:58:16 + (Fri, 21 Jan 2005) New Revision: 4889 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4889 Log: make sure ndr print flags are initialised in ndrdump Modified: branches/SAMBA_4_0/source/utils/ndrdump.c Changeset: Modified: branches/SAMBA_4_0/source/utils/ndrdump.c === --- branches/SAMBA_4_0/source/utils/ndrdump.c 2005-01-21 06:56:57 UTC (rev 4888) +++ branches/SAMBA_4_0/source/utils/ndrdump.c 2005-01-21 06:58:16 UTC (rev 4889) @@ -205,9 +205,10 @@ dump_data(0, ndr-data+ndr-offset, ndr-data_size - ndr-offset); } - pr = talloc_p(NULL, struct ndr_print); + pr = talloc(NULL, struct ndr_print); pr-print = ndr_print_debug_helper; pr-depth = 1; + pr-flags = 0; f-ndr_print(pr, function, flags, st); if (!NT_STATUS_IS_OK(status) ||