Re: [Samba] corruption in the locking tdb, samba panics [SOLVED]
hehehe, i've got the same here, with the 2.4.2x kernels. guess that's the problem... i disabled all locking and oplocking within samba, and that solvwed the problem.. and you can always update to a 2.6.x kernel, but that you figured already out. so.. Greetings COllen Luca Olivetti wrote: Luca Olivetti wrote: Hello, last friday I switched my users from an old server running 2.2.12 to a new one running 3.0.10 (that I've been testing myself and with smbtorture). After a while I had to switch back to the old server because some users were having serious problems. This is one of the logs (the others are very similar): [2005/03/04 12:25:05, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/cache/samba/locking.tdb): tdb_lock failed on list 80 ltype=1 (Resource deadlock avoided) [2005/03/04 12:25:05, 0] smbd/oplock.c:remove_oplock(272) remove_oplock: failed to lock share entry for file eplan4/N/0408/Se.gif [2005/03/04 12:25:05, 0] smbd/reply.c:reply_lockingX(4559) reply_lockingX: error in removing oplock on file eplan4/N/0408/Se.gif [2005/03/04 12:25:05, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/cache/samba/locking.tdb): tdb_lock failed on list 80 ltype=1 (Resource deadlock avoided) [2005/03/04 12:25:05, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/cache/samba/locking.tdb): tdb_lock failed on list 80 ltype=0 (Resource deadlock avoided) [2005/03/04 12:25:05, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/cache/samba/locking.tdb): tdb_unlock: count is 0 [2005/03/04 12:25:05, 0] smbd/oplock.c:request_oplock_break(977) request_oplock_break: PANIC : breaking our own oplock requested for dev = fe00, inode = 745870013, file_id = 1471 a nd no fsp found ! [2005/03/04 12:25:05, 0] lib/util.c:smb_panic2(1482) PANIC: request_oplock_break: no fsp found for our own oplock [2005/03/04 12:25:05, 0] lib/util.c:smb_panic2(1490) BACKTRACE: 14 stack frames: #0 smbd(smb_panic2+0x1b6) [0x81cdf1a] #1 smbd(smb_panic+0x19) [0x81cdd62] #2 smbd(request_oplock_break+0x1d5) [0x81fca07] #3 smbd [0x80bf613] #4 smbd(open_file_shared1+0x801) [0x80c08ce] #5 smbd(open_file_shared+0x51) [0x80c00cb] #6 smbd(reply_open_and_X+0x2bc) [0x80a14c4] #7 smbd [0x80d04c4] #8 smbd [0x80d0574] #9 smbd(process_smb+0x1eb) [0x80d08b9] #10 smbd(smbd_process+0x170) [0x80d149c] #11 smbd(main+0x7d4) [0x8240f8c] #12 /lib/tls/libc.so.6(__libc_start_main+0xed) [0x402ec95d] #13 smbd(fsetxattr+0x31) [0x8078aa1] I've looked at the changelog for 3.0.11 but I see nothing there regarding this problem. I also searched google and I found something similar here: http://tinyurl.com/3nhdj As a followup, I have switched to the new server the problematic share only, and it has been working no problem for the last two days. I don't know what cured my issues: I upgraded samba from 3.0.10 to 3.0.11, changed kernel from 2.4.25-8mdk to 2.6.3-25mdk (now hp proliant diagnostics are working even under 2.6, but I don't remember any hp advisory telling that), upgraded to smbldap-tools 0.8.7 and re-imported all users' credentials in ldap (though I doubt that these two steps had anything to do with the solution of my problems). I'm keeping my fingers crossed but it seems everything is working as expected. Bye -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.10 and ADS
I am having a bit of a problem and hope someone on here can help (if it has been covered already please feel free to point me in the right direction - I have searched and searched but found nothing!) Setup: Linux box : Debian Sarge using Samba 3.0.10-Debian windows Box : Windows 2003 SBS acting as ADS master. I ran through the setup instruction and can connect from the linux box to the windows box (using smbclient -k) Problems Using wbinfo -u I get a list of the windows users (but no domain prepended) Using wbinfo -g I get a list of the windows groups (again no domain prepended) If I try to connect to a samba share (or browse the linux box) from the windows box I get the authentication dialogue and it won't let me go any further. I am unable to assign windows users and groups permissions to files on the linux box. Configs: /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = EBUYER.SHE dns_lookup_realm = true dns_lookup_kdc = true [realms] EBUYER.SHE = { kdc = srv2003.ebuyer.she:88 admin_server = srv2003.ebuyer.she:749 default_domain = ebuyer.she } [domain_realm] .ebuyer.she = EBUYER.SHE ebuyer.she = EBUYER.SHE [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } /etc/samba/smb.conf security = ADS realm = ebuyer.she workgroup = EBUYER server string = Samba Server encrypt passwords = yes winbind separator = + winbind use default domain = yes password server = 172.16.0.10 printcap name = /etc/printcap load printers = yes printing = cups cups options = raw log file = /var/log/samba/%m.log max log size = 5000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 remote browse sync = 172.16.0.10 remote announce = 172.16.0.10 local master = no os level = 33 domain master = no preferred master = no wins support = no wins server = 172.16.0.10 dns proxy = yes preserve case = no short preserve case = no default case = lower case sensitive = no winbind uid = 1 - 2 winbind gid = 1 - 2 winbind enum groups = yes winbind enum users = yes map to guest = bad user [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no [Profiles] path = /home/profiles browseable = no guest ok = yes [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = no writable = no printable = yes [public] comment = Public Stuff path = /home/samba public = yes read only = yes Regards Phil -- Phil Foxton Systems Administrator Ebuyer (UK) Ltd 201 Woodbourn Road, Sheffield, S9 3LR Today I am a Sad Fish :-( -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and cups printing: lp_servicenumber: couldn't find hl5150d
Gerald (Jerry) Carter [EMAIL PROTECTED] writes: [...]Hash: SHA1 Peter Weiss wrote: | Hello, | | found no answer for the following elsewhere setting up | samba on a Debian box: The printer is seen on the net from | the clients but no printing is possible. | I traced the thing down to the following: | | [2005/03/13 13:01:08, 10] printing/print_cups.c:cups_server(51) | cups server left to default localhost | [2005/03/13 13:01:08, 7] param/loadparm.c:lp_servicenumber(4051) | lp_servicenumber: couldn't find hl5150d | [2005/03/13 13:01:08, 8] param/loadparm.c:add_a_service(2305) | add_a_service: Creating snum = 7 for hl5150d | | Looking at the sources the printer is first looked up | in lp_servicenumber() and _after that_ the service is added | by add_a_service(). Has anyone a hint where to look at? This is normal (the log message). smbd defers to explicitly defined shares in smb.conf. We create one if [printers] exists and the requested name can be validated by the printing subsystem. [...] Okay, here are the details: smbclient -L pichuco shows the printer, I'm able to login and use the Disk shares (so I guess it's no authentification problem). But if I try to use the printer I get a tree connect failed: NT_STATUS_BAD_NETWORK_NAME. I still think it's related to the add_a_service()/ lp_servicenumber() order. In the log.smbd I see no errors or hints for possible reasons. I can send them on demand, the NT_STATUS_BAD_NETWORK_NAME error does not show up. Peter ~:1 smbclient -L pichuco Password: Domain=[TANGO] OS=[Unix] Server=[Samba 3.0.10-Debian] Sharename Type Comment - --- public Disk Export Pool Directory homes Disk User Home Directories tmp Disk Temporary disk space print$ Disk Printer Drivers IPC$IPC IPC Service (Pichuco) ADMIN$ IPC IPC Service (Pichuco) hl5150d Printer Brother HL5150D PostScript Printer hl5150ddbl Printer Brother HL5150D Duplex PostScript Printer peter Disk User Home Directories Domain=[TANGO] OS=[Unix] Server=[Samba 3.0.10-Debian] Server Comment ---- PICHUCO Pichuco WorkgroupMaster ---- TANGOPICHUCO ~:1 smbclient //pichuco/hl5150d Password: Domain=[TANGO] OS=[Unix] Server=[Samba 3.0.10-Debian] tree connect failed: NT_STATUS_BAD_NETWORK_NAME -- [EMAIL PROTECTED] ConSol* Software GmbH Phone +49 89 45841-100 Consulting Solutions Mobile +49 177 6040121Franziskanerstr. 38 http://www.consol.de D-81669 München -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] running two servers with one install
Hello, I think this is possible. You need to have different config files for each instance of samba . Its better to have different directories for each instance ( say /opt/samba/Inst1 and /opt/samba/Inst2 ) and have instance specifc directories like var ,lib, logs, private, shares, var/locks inside each of them. The smb.conf also need to be modified accordingly for each instance. Also the startup script should be modified to start the demons for both these instances specifying the correct config files. Hope this helps, bye, Kiran On Tue, 15 Mar 2005 16:12:46 +0100, Rainer Bendig aka Ny [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, i want to run two samba servers on the same machine. How can i do this? Is there any example.conf file for such a thing? Is it possible to set them up in one config file? Samba is there in version 3.0.10 - -- - - Rainer Bendig aka Ny | http://www.moins.de | GnuPG-Key 0x41D44F10 -BEGIN PGP SIGNATURE- Version: GnuPG v1.9.16-cvs (GNU/Linux) iD8DBQFCNvttWmkXC0TkjEgRAsSLAKCMg80gEAoHS+VwgcBns4ZrwgADggCeK7CD bI0KDXATEZN4kAMfuCUXfRs= =u666 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Local user authentication.
Hi, I have installed samba with the following smb.conf parameters settings, in this way it authenticate the NT Domain users on the share, but I want to authenticate also local users on the SRVLX03 they are declared in passdb.tdb file and works on MS-DOS client. So I've try to connect to the share by smbclient command with these users and it works fine if I put -W SRVLX03 (they aren't on DOMAIN) , but how can I get the same on MS-DOS client? Thanks a lot. Marco. #Date: 15/10/2004 11:44 [global] workgroup = DOMAIN netbios name = SRVLX03 os level = 16 wins server = XXX.XXX.XXX.XXX security = domain auth methods = guest sam winbind encrypt passwords = Yes winbind uid = 1-2 winbind gid = 1-2 winbind enable local accounts = Yes printcap name = cups disable spoolss = No show add printer wizard = Yes printing = cups printer admin = DOMAIN\adm_user admin users = DOMAIN\adm_user map acl inherit = Yes nt acl support = Yes passdb backend = tdbsam:/etc/samba/passdb.tdb [printers] comment = Printers path = /var/spool/samba guest ok = Yes printable = Yes use client driver = No browseable = No [print$] path = /data/printers guest ok = Yes browseable = Yes read only = No write list = [data] comment = data path = /data read only = No create mask = 0775 security mask = 0777 force security mode = 0 directory mask = 0775 directory security mask = 0777 force directory security mode = 0 dos filetimes = Yes # valid users = @DOMAIN\Domain Users, spcuser ( I've try also to specified the user ) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba pdc + winbind possible ?
Erghmm.. i have a question... i got a samba 3.0.11 service running as pdc. now i need to run winbind aswell on the same server.! i'm gonna use winbind to auth users with true a pam-module for an ftp service, also on the same server.. just wanna know if that is possible, or does it get screwed up ?? L8r COllen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer (PDF) Problem
On Tue, 2005-03-15 at 15:33 +, Nick Gushlow wrote: Hi guys, I've got a PDF printer setup on one of my Samba boxes that has been running fine for months; however I'm now having problems with it despite that fact that I've made no changes to Samba and performed no upgrades. I'm thinking that the problem might be to do with a client PC sending a large/corrupt stream to the printer. Problem Symptoms: - Samba process showing 50% CPU usage constantly - Windows clients attempting to print report printer not responding (after a long time) or crash What I've tried: - Renaming printer - works as normal - Removing corrupt spool / temp files - none found in /var/spool/samba /tmp /tmp/samba - Look for possibly offending client PC in logs - none found (could be I'm not looking for the right thing). Anyone have any ideas what might be wrong and how to solve it? Are you sure its the printer? If so, maybe you could try using a different driver - we use an HP Colour Laserjet driver here, maybe you could experiment with others - as long as its postscript it will work. Hope that helps, H signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 and ADS
On Wed, 2005-03-16 at 14:54 +0530, ankush grover wrote: On Wed, 16 Mar 2005 08:03:42 +, Phil Foxton [EMAIL PROTECTED] wrote: I am having a bit of a problem and hope someone on here can help (if it has been covered already please feel free to point me in the right direction - I have searched and searched but found nothing!) Hey, i don't know what kind of setup you want, I have a setup in my company consisting of linux and windows pcs.I have created a samba server (debian) with security = domain and password server = win2k3 domain server.Before joining the win2k3 domain i created all the windows users on the samba server but not as samba users but as normal linux users. I don't want to have to have the administration over head of creating users on 2 boxes. What I am aiming for is the following: The ADS box acts as DC from the AD, only authenticating users and nothing else. All file and print shares are stored on the linux box, including user profiles etc. Regards Phil -- Phil Foxton Systems Administrator Ebuyer (UK) Ltd 201 Woodbourn Road, Sheffield, S9 3LR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Machine Account default group.
biff: Do machine accounts have to have a group of their own ? If you're using Samba, Posix yes, Windows no. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc + winbind possible ?
Hmm strainge problem occured.. i fired up winbind, and adjusted the pam files and all. but now i get plain-text authentication for user DOCENT returned NT_STATUS_ACCESS_DENIED (PAM: 4) and ofcoz' the login is denied !! what worries me is that, i'd got an imap http server running (on an other machine) and the pam/winbind works as a charm there (auth agains this pdc server) but when used localy that error pop's up, also we don't use plain-text passwords and all.. so i need a differend smb.conf for the winbind, then for the pdc (still same computer) ?? does someone have a clue where it goes wrong ? Greetings Collen Robert Schetterer wrote: Collen schrieb: Erghmm.. i have a question... i got a samba 3.0.11 service running as pdc. now i need to run winbind aswell on the same server.! i'm gonna use winbind to auth users with true a pam-module for an ftp service, also on the same server.. just wanna know if that is possible, or does it get screwed up ?? L8r COllen Hi, yes it is possible to use winbind on a smb pdc on the same machine, the only failure i got with it is that it does not resolve group names by wbinfo so i use the sid id of the desired group in ntlm-auth of squid and pptpd Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with MS Office (Excel/Word) Samba 3.0.11, (moved to testing 3.0.12-RC1) attn Jerry
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: |I don't know if this is related, but I am still having | fits in Office 2003 with the file open dialog hanging for 30 | seconds when trying to open files. The recent exchange is shown below: What the delay in the log file ? Or a network trace? This could be printing related. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCOD4HIR7qMdg1EfYRAluTAKCmXdea18hbU9SNTgTCTAk6PEaZ4QCguqJ4 1In6k1T6TBB43NZ/Wb/KpzE= =UWoY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems with MS Office (Excel/Word) Samba 3.0.11, (moved to testing 3.0.12-RC1) attn Jerry
In our experience, the network delay had to do with a couple of things: #1 - name resolution, some machines were using WINS, othere DNS, others nothing at all - changed all machines to dhcp clients using WINS DNS - fixed a lot #2 - NDS/Novell client issues, running Novell Netware samba not work well when neither know's of the other's existence, since we're retiring Novell server anyhow - removal of Netware Client drastically sped up browsing on clients (not to mention, means we are running solely tcpip - no more IPX/SPC protocol) #3 - One network, one protocol. We have since moved any of the remaining Netware clients (which must remain for accounting software packages amongst other things) to purely tcpip clients, thus removing all IPX/SPX traffic from the LAN. We also subnetted the office and shop networks independantly as the various shop machines don't need to resolve from the windows clients at all. Just a few housecleaning items which really should have been done anyways, but figured they were worth mentioning in case anyone else has been experiencing delays too. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmplt.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerald (Jerry) Carter Sent: Wednesday, March 16, 2005 9:09 AM To: david rankin Cc: samba Subject: Re: [Samba] Problems with MS Office (Excel/Word) Samba 3.0.11,(moved to testing 3.0.12-RC1) attn Jerry -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: |I don't know if this is related, but I am still having fits in | Office 2003 with the file open dialog hanging for 30 seconds when | trying to open files. The recent exchange is shown below: What the delay in the log file ? Or a network trace? This could be printing related. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCOD4HIR7qMdg1EfYRAluTAKCmXdea18hbU9SNTgTCTAk6PEaZ4QCguqJ4 1In6k1T6TBB43NZ/Wb/KpzE= =UWoY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
Phil, After migrating the domain data did you change the role of the Samba server to PDC? In your smb.conf you need to set in [global]: domain master = Yes The run 'testparm' to validate your settings. - John T. On Wednesday 16 March 2005 05:39, Phil Dawson wrote: Hello, Second post: first had logs attached but was too big. I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode install ), 1 linux server ( to become pdc ) and a win xp box to test logon when the migration was completed. The problem is no matter what I try after the migration the win xp's logonserver = windows server not linux server. I have no idea what is going on here. I've listed the process for migration just incase I'm doing something wrong. NB: Initially I had a problem with the migration because machines were not being created. The problem was due to useradd conforming to the posix standard and wouldn't allow accounts prefixed with $. Got an interim fix from RedHat which fixed this problem. i can log in using smbclient -L localhost -U% -- anonymous shares available smbclient -L //linuxpdc/public -U pdawson -- shares available plus home directory Is there anything obvious I've missed? I've been at this for weeks now and have no idea what to check next. ( logs are a blur now ). for the purpose of log entries ( supplied if requested ) Domain: TESTPDC0 Windows 2000: TESTPDC ( 192.168.44.80 ) Linux ServerLINUXPDC ( RHES4 )( 192.168.44.81 ) WinXP ( 192.168.44.20 ) ( machine name HP96281120913 ) Added linuxpdc and testpdc to /etc/samba/lmhosts Added linuxpdc and testpdc to our DNS cleaned groups up with -- delGrps.sh net groupmap cleanup net groupmap delete ntgroup=Print Operators net groupmap delete ntgroup=Domain Guests net groupmap delete ntgroup=System Operators net groupmap delete ntgroup=DnsAdmins net groupmap delete ntgroup=Replicator net groupmap delete ntgroup=Guests net groupmap delete ntgroup=Power Users net groupmap delete ntgroup=DnsUpdateProxy net groupmap delete ntgroup=Administrators net groupmap delete ntgroup=Account Operators net groupmap delete ntgroup=Backup Operators net groupmap delete ntgroup=Users net groupmap delete ntgroup=Domain Users net groupmap delete ntgroup=Domain Admins net groupmap delete ntgroup=Domain Computers net groupmap delete ntgroup=Cert Publishers net groupmap delete ntgroup=RAS and IAS Servers net groupmap delete ntgroup=Pre-Windows 2000 Compatible Access net groupmap delete ntgroup=Group Policy Creator Owners net groupmap delete ntgroup=Enterprise Admins net groupmap delete ntgroup=Domain Controllers net groupmap delete ntgroup=Schema Admins net groupmap delete ntgroup=Server Operators -- delGrps.sh end removed secrets.tdb and passwd.tdb set up smb.conf to be ROLE_DOMAIN_BDC testparm showed no errors net rpc join -S testpdc -W testpdc0 -UAdministrator%password joined the domain ok. checked on the win2000 server and linuxpdc was listed as a domain controller net rpc getsid -S testpdc -W testpdc0 sid was put into secrets net getlocalsid testpdc0 S-1-5-21-705938202-4238141491-2786779978 showed correct sid net getlocalsid no sid available so used: net setlocalsid S-1-5-21-705938202-4238141491-2786779978 net getlocalsid S-1-5-21-705938202-4238141491-2786779978 used initGrps.sh script to add groups --- initGrps.sh -- net groupmap modify ntgroup=Domain Admins unixgroup=root net groupmap modify ntgroup=Domain Users unixgroup=users net groupmap modify ntgroup=Domain Guests unixgroup=nobody --- initGrps.sh end -- net rpc vampire -S testpdc -U Administrator%password no errors list the groups on win 2000 box net group -l -S testpdc -U Administrator%password list groups on linuxpdc net groupmap list - Server Operators (S-1-5-32-549) - Server Operators Domain Guests (S-1-5-21-705938202-4238141491-2786779978-514) - nobody Enterprise Admins (S-1-5-21-705938202-4238141491-2786779978-519) - Enterprise Admins DnsAdmins (S-1-5-21-705938202-4238141491-2786779978-1101) - DnsAdmins Domain Controllers (S-1-5-21-705938202-4238141491-2786779978-516) - Domain Controllers Administrators (S-1-5-21-705938202-4238141491-2786779978-1007) - sys Schema Admins (S-1-5-21-705938202-4238141491-2786779978-518) - Schema Admins Replicators (S-1-5-21-705938202-4238141491-2786779978-1019) - kmem Replicator (S-1-5-32-552) - Replicator Guests (S-1-5-32-546) - nobody Group Policy Creator Owners (S-1-5-21-705938202-4238141491-2786779978-520) - Group Policy Creator Owners Domain Users (S-1-5-21-705938202-4238141491-2786779978-1201) - users Power Users (S-1-5-32-547) - ntadmin Domain Guests (S-1-5-21-705938202-4238141491-2786779978-1199) - nobody DnsUpdateProxy
Re: [Samba] Can XP Home really Samba ?
Hi, I guess XP Home can Samba if McAfee allows it. I was able to access the Samba shares after I completly removed the McAfee firewall. Exiting the firewall and stopping the services proved to be of no use and caused me endless grief. I reluctantly gave it a shot since you expect the firewall to stop poking its nose after it is disabled and the services stopped and I was not expecting this weird behaviour. Thanks to all the kind folks who have helped me out with suggestions. -Venkata. On Tue, 15 Mar 2005 18:57:03 +0100, Rainer Bendig aka Ny [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Moin Moin Venkata Avasarala, *, Venkata Avasarala wrote on Mar 15, 2005 at 09:41AM -0500: 2)Since I know the IP address of the Samba server doing a net use with the IP address like net use b: \\192.168.0.4\Apache results in a System error 1 on the XP box. Hmmm on my winxp workstation in an vmware box it works perfectly. Everything, mount by net use, browsing etc. Are you sure that your xp - own firewall allows windows shares ? - -- - - Rainer Bendig aka Ny | http://www.moins.de | GnuPG-Key 0x41D44F10 -BEGIN PGP SIGNATURE- Version: GnuPG v1.9.16-cvs (GNU/Linux) iD8DBQFCNyHuWmkXC0TkjEgRAoXxAJ46ZuR/LFREPyh+P1+8Onu4e25EmwCfQ8lg NNjfUam/64nOg8by7N3jABs= =wE16 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Share Group Access
Easy fix: Make group D and add GROUP A and B as members, but not C, then make the subfolders group ownership GROUP D, with GROUP Access. On Tuesday 15 March 2005 5:43 pm, Bruno Quintas wrote: Hi, i have 3 groups in Samba PDC. One Folder called Geral (with rwx access to all of them), and i want to create anothe folder inside it with rwx access by groups A and B, and no access by group C, is this possible? What should i do?I got a bit confused after looking at the Howto. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc + winbind possible ?
the list mentions, that winbind should not run on a DC at all...why don't you use pam_ldap/pam_smbpass module? greez -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and LDAP Base DN
Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? TIA, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
More info: I tried deleting ou=corp (after making a backup of course) and still no dice. As soon as I put back ou=corp and make the baseDN in smb.conf ou=corp, everything works. If I take all the entries under ou=corp and copy them one level up, I can't authenticate to Samba anymore. It doesn't make any sense. On Wednesday 16 March 2005 10:57 am, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? TIA, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc + winbind possible ?
Hmm, does pam_smbpass only uses the smbpasswd text file, or does it uses the configed passwd backend (mysql) i just need a good way to authenticate ftp users against the samba users DB.. i don't use the passwd and shadow files for passwords to keep them out of other services on the server.. Thx, i'll try the pam_smbpass tomorrow.. Collen Michael Gasch wrote: the list mentions, that winbind should not run on a DC at all...why don't you use pam_ldap/pam_smbpass module? greez -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
Misty Stanley-Jones wrote: More info: I tried deleting ou=corp (after making a backup of course) and still no dice. As soon as I put back ou=corp and make the baseDN in smb.conf ou=corp, everything works. If I take all the entries under ou=corp and copy them one level up, I can't authenticate to Samba anymore. It doesn't make any sense. Hrm... where is your admin DN? Is it part of ou=corp and you're not setting that and the relevent data in secrets.tdb? (grasping at straws) On Wednesday 16 March 2005 10:57 am, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? TIA, Misty -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
Misty, If your binddn has changed you need to re-run: smbpasswd -w 'secret' to update your secrets.tdb file. - John T. On Wednesday 16 March 2005 09:06, Misty Stanley-Jones wrote: More info: I tried deleting ou=corp (after making a backup of course) and still no dice. As soon as I put back ou=corp and make the baseDN in smb.conf ou=corp, everything works. If I take all the entries under ou=corp and copy them one level up, I can't authenticate to Samba anymore. It doesn't make any sense. On Wednesday 16 March 2005 10:57 am, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? TIA, Misty -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Weird message in log files
Smb specialists, I did some tests inside test server using Samba 2.2.8a. I used the below configuration: _ # ../bin/testparm -x -L pscdv001 ../lib/smb.conf | more Load smb config files from ../lib/smb.conf Processing section [DVfcsload] Processing section [rodrigo] Processing section [ipc$] Loaded services file OK. WARNING: You have some share names that are longer than 8 chars These may give errors while browsing or may not be accessible to some older clients Press enter to see a dump of your service definitions # Global parameters [global] workgroup = MFG4 netbios aliases = pscdv001 server string = PCS Samba Server - Desenvolvimento 3 encrypt passwords = Yes null passwords = Yes smb passwd file = /etc/smbpasswd password level = 8 username level = 8 log level = 0 log file = /var/log/samba/%L/log.%m max log size = 50 deadtime = 4 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 include = /usr/local/samba/lib/smb.conf.pscdv001 [DVfcsload] comment = FCS_LOADER PSCDV001 path = /jfcs/loader read only = No create mask = 0775 directory mask = 0775 hosts allow = 10.114.132.54 187.10.16.33 187.10.32.100 10.114.132.196 [rodrigo] comment = My folder path = /home/ars052 read only = No create mask = 0775 directory mask = 0775 hosts allow = 187.10.16.216 [ipc$] path = /tmp hosts allow = 187.10.16.0/23 187.10.64.0/23 10.114.132.0/23 187.10.32.0/23 127.0.0.1 hosts deny = 0.0.0.0/0 _ From my desktop I mapped the SHARE [rodrigo] and I have no problems to access it. Therefore, analysing the logs files, specifically the client log file in the server, I saw some weird messages: ... [2005/03/15 18:04:18, 0] lib/access.c:check_access(333) Denied connection from (187.10.16.216) [2005/03/15 18:04:18, 0] lib/access.c:check_access(333) Denied connection from (187.10.16.216) [2005/03/15 18:04:18, 0] lib/access.c:check_access(333) Denied connection from (187.10.16.216) [2005/03/15 18:04:18, 0] lib/access.c:check_access(333) Denied connection from (187.10.16.216) [2005/03/15 18:04:18, 0] lib/access.c:check_access(333) Denied connection from (187.10.16.216) [2005/03/15 18:04:18, 0] lib/access.c:check_access(333) Denied connection from (187.10.16.216) ... The weird thing is that this messages are logged only when I open some file inside the shared directory from samba. Using windows explorer, I mapped the share associating a driver letter and using on the server the command tail -f log.client. At the moment of openning file, a tenth of this messages are logged. The IP address showed is the IP of my Desktop and the open file operation is sucedeed without any error messages from windows. See also that in the smb.conf file, on the SHARE [rodrigo] I put a explicit configuration that allow my host 187.10.16.216 to access that SHARE. Why these messages are logged ?? What is wrong inside my configuration ?? Is wrong ? Tks in advance, Rodrigo José dos Santos Solvo S.A. IT UNIX Administrator Senior (Solaris Specialist) Computing Engineer Phone: (55) 19 3847 6003 Fax: (55) 19 3847 6230 Mobile: (55) 19 8111 8560 EMAIL: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem joining a Samba 3 domain - DC can't be contacted
Dear all, I configured samba 3.0.11 as PDC with openLDAP. Wehen I try to join my samba domain from a windows machine (XP or 2003) I get this error message a domain controller for the domain my_samba_domain could not be contacted. Do have any idea of what is hapening? Just for reference: I do not have a dns server. Regards. Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] srvtools : only able to assign primary group
Hello to all. I'm testing Samba as a domain controller (I'm using tdbsam). All is working perfectly so far, but I have an issue when using srvtools to manage my users. I'm only able to assign the primary group to an user account. All additionnal groups added to the member of: section are ignored (I press OK and the srvtools don't complain or anything, but when I come back to see groups assignment they are all gone to the exception of the group that I have set as the primary group). The only way that I have find to make an user member of more than one group is to create additional group maps directly on the server with the command net groupmap. For example : - With srvtools I set the primary group for the user Joe to the group Sales department (if I try to add any others groups they are simply ignored) - On the server I execute the following command : net groupmap add ntgroup=User joe unixgroup=joe - Now I go back to srvtools and I can effectively see the two assigned groups in the member of: section However, at this point a new problem arise with srvtools. If srvtools see than an user is member of more than one group, then I'm no longer to remove group(s) for this user (srvtools popup an Access is denied error message when I'm validating the group removal). Is that a known issue? Is me better to dump the use of srvtools (I have to admit that I like to use srvtools to manage my users and groups). PS - srvtools work perfectly to add and remove users and groups (I only have a problem with the issue mentionned). I'm using Fedora Core 3 and samba-3.0.10-1 (installed via yum). Thanks for any help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted
My domain name is SAMBA-DOMAIN, I can't join it from a win 2003 machine. Now, if I try to join it from a XP machine, I am asked to enter a username and password for a user allowed to join the domain, however, the info I enter is not accepted!!! Any idea please? Thank you Note: to manage joining my samba domain from a xp machine, I had to change a registry key. --- Mccrory, Kevin B [EMAIL PROTECTED] wrote: What is your domain name? If you have special characters in the domain name the workstations won't join properly. The domain name should be all one word. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of fatima riadi Sent: Wednesday, March 16, 2005 11:59 AM To: samba@lists.samba.org Subject: [Samba] Problem joining a Samba 3 domain - DC can't be contacted Dear all, I configured samba 3.0.11 as PDC with openLDAP. Wehen I try to join my samba domain from a windows machine (XP or 2003) I get this error message a domain controller for the domain my_samba_domain could not be contacted. Do have any idea of what is hapening? Just for reference: I do not have a dns server. Regards. Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted
Take the DASH out of your domain name. While allowed at creation time most clients cant use this name properly..windows, samba, or otherwise. On Wednesday 16 March 2005 11:28 am, fatima riadi wrote: My domain name is SAMBA-DOMAIN, I can't join it from a win 2003 machine. Now, if I try to join it from a XP machine, I am asked to enter a username and password for a user allowed to join the domain, however, the info I enter is not accepted!!! Any idea please? Thank you Note: to manage joining my samba domain from a xp machine, I had to change a registry key. --- Mccrory, Kevin B [EMAIL PROTECTED] wrote: What is your domain name? If you have special characters in the domain name the workstations won't join properly. The domain name should be all one word. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of fatima riadi Sent: Wednesday, March 16, 2005 11:59 AM To: samba@lists.samba.org Subject: [Samba] Problem joining a Samba 3 domain - DC can't be contacted Dear all, I configured samba 3.0.11 as PDC with openLDAP. Wehen I try to join my samba domain from a windows machine (XP or 2003) I get this error message a domain controller for the domain my_samba_domain could not be contacted. Do have any idea of what is hapening? Just for reference: I do not have a dns server. Regards. Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Folder permissions not shown under XP
Hello, First, let me state that I have attempted to search for this topic and have only turned up other requests for the same issue. I couldn't find anything even remotely helpful for a solution. So, if this is a common issue, I apologize. Anyways, on a WinXP client, opening the security properties on a folder (directory)in a samba share shows all the checkboxes as blank. Opening sec properties on a FILE works fine. Only directories show up blank. I am not sure what happens on a 2k or earlier box (I have none handy to test). The folders do have unix permissions (770) on them, and no ACL. It just seems like windows doesn't 'see' them somehow. They are honored by windows though. I saw this problem under 3.0.5, and still see it after upgrading to 3.0.11. Samba is running on Solaris 8 on sparc. Here is one article I found from awile back that seems to be the same problem, with no responces: http://marc.theaimsgroup.com/?l=sambam=109909254602241w=2 Any help or suggestions are welcome. Thanks! -Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted
Change the domain name to sambadomain. Having the - in the name prevents the windows machines from joining. I ran into the same problem here. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: fatima riadi [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 16, 2005 12:28 PM To: Mccrory, Kevin B; samba@lists.samba.org Subject: RE: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted My domain name is SAMBA-DOMAIN, I can't join it from a win 2003 machine. Now, if I try to join it from a XP machine, I am asked to enter a username and password for a user allowed to join the domain, however, the info I enter is not accepted!!! Any idea please? Thank you Note: to manage joining my samba domain from a xp machine, I had to change a registry key. --- Mccrory, Kevin B [EMAIL PROTECTED] wrote: What is your domain name? If you have special characters in the domain name the workstations won't join properly. The domain name should be all one word. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of fatima riadi Sent: Wednesday, March 16, 2005 11:59 AM To: samba@lists.samba.org Subject: [Samba] Problem joining a Samba 3 domain - DC can't be contacted Dear all, I configured samba 3.0.11 as PDC with openLDAP. Wehen I try to join my samba domain from a windows machine (XP or 2003) I get this error message a domain controller for the domain my_samba_domain could not be contacted. Do have any idea of what is hapening? Just for reference: I do not have a dns server. Regards. Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon logging logs
I'm looking for a simple solution to log a single entry for each login to a Samba PDC. My current attempt(s) of using a root prexec script in either the [netlogon] share definition or the [global] section are working, but not exactly as expected. In [netlogon] I have an entry: root preexec = /path/to/script/makelogonscript.pl %g %u %m %I ...where makelogonscript.pl generates a customized logon script for each user/group etc. AND, at the top of this script, a simple section has been added to log to a logonlog.log file the following information: Date Time Primary_Group IP_Address machinename username So far so good. The problem I am seeing with this is that every time someone logs into the domain, it appears that the [netlogon] share is opened twice because this script writes two entries for each user, usually about 4 seconds apart, sometimes about 10 seconds apart, but I have seen as high as 30 seconds or more. ie: 03-16-2005 12:14:00 group xx.xx.xx.xx machinename username 03-16-2005 12:14:04 group xx.xx.xx.xx machinename username Speaking in #samba on freenode we agreed that this might be because some versions of windows temporarily map a Z: drive to the netlogon share and then work off of that during the logon process. OK, so next up was putting a simple root preexec logging script in the [global] section of smb.conf Similar, but not exact results were found. Most domain logins were logged twice, some were only logged once. Also, there are now some entries with nobody as the group and username but these nobody entries can be easily omitted from reports with sed/grep/awk/perl/whatever so they are inconsequential. :) So, I guess my basic question is: Where in the logon process is the correct place to tell Samba to do something (ie: run this script) but do it only once? Thanks for any help! - Bill Arlofski [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted
I changed the domain name but the problem is still here (the reason then is not the name). Now, my PDC can be contacted: I am asked to enter a login and password of a user authorised to join the domain, but when I enter Administrator login and password, they are not accepted. May be the problem is caused by OpenLDAP. Please, how may I fix that? --- Mccrory, Kevin B [EMAIL PROTECTED] wrote: Change the domain name to sambadomain. Having the - in the name prevents the windows machines from joining. I ran into the same problem here. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: fatima riadi [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 16, 2005 12:28 PM To: Mccrory, Kevin B; samba@lists.samba.org Subject: RE: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted My domain name is SAMBA-DOMAIN, I can't join it from a win 2003 machine. Now, if I try to join it from a XP machine, I am asked to enter a username and password for a user allowed to join the domain, however, the info I enter is not accepted!!! Any idea please? Thank you Note: to manage joining my samba domain from a xp machine, I had to change a registry key. --- Mccrory, Kevin B [EMAIL PROTECTED] wrote: What is your domain name? If you have special characters in the domain name the workstations won't join properly. The domain name should be all one word. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of fatima riadi Sent: Wednesday, March 16, 2005 11:59 AM To: samba@lists.samba.org Subject: [Samba] Problem joining a Samba 3 domain - DC can't be contacted Dear all, I configured samba 3.0.11 as PDC with openLDAP. Wehen I try to join my samba domain from a windows machine (XP or 2003) I get this error message a domain controller for the domain my_samba_domain could not be contacted. Do have any idea of what is hapening? Just for reference: I do not have a dns server. Regards. Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Attachment. who can I best report this to for forensis?
Johan B, please let it through+ The headers are needed. I live in the Netherlands, where the police contacts for this sort of thing are grey and unknown to me. The Metropolitan Police (London only) in England is 100% on the ball, but they're under resourced and I don't live in their manor (London slang for area). I'd like to push it out to as powerful an organization as possible, that really cares. As a one-time father (they're long grown up now) I rate the sender on a par with the terrorist syndrome, that we've all seen so much of lately. Of course the shitt went through a zombie or open relay, of course it was sent anonymously, but that's what forensics are for. The proper authority will be keeping a database and ISP trail on the whole.That's why I'm asking SANS. Thanks! --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl They love us, don't they, They feed us, won't they ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Two questions
Hi All, I have the following questions: We have some folders / shares where we store for example only .doc files. But some users also saves the .jpg files in this share. We don't want this and we wondered if we can block saving .jpg files with samba. Is there an option to set in smb.conf so we can block the saving of .jpg files? Second one: Some users saves the .doc files for example as thisisanexampleforarealylongnameforawordfile.doc Is there an option to prevent these long names? Thanx Met vriendelijke groeten, Bart Hendrix -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two questions
Bart Hendrix wrote: Hi All, I have the following questions: We have some folders / shares where we store for example only .doc files. But some users also saves the .jpg files in this share. We don't want this and we wondered if we can block saving .jpg files with samba. Is there an option to set in smb.conf so we can block the saving of .jpg files? Second one: Some users saves the .doc files for example as thisisanexampleforarealylongnameforawordfile.doc Is there an option to prevent these long names? Thanx Met vriendelijke groeten, Bart Hendrix Hi Bart.. This sounds to me like two training issues, and possibly one scripting issue. What I mean is, users should be trained to create intelligently named files that are also sensible names to other users. What would you have Samba do with that long name for example? Truncate it? Perform the idiotic Micrsofttrncat~1 deal on it? I think those options would make your life more miserable. :) Next, tell the users not to put .jpg files in that share. Follow up with pain and suffering for those that don't follow directions. grin And optionally, for those that still can not follow simple directions, write a cron job to rm -f *.jpg in that directory weekly/nightly/hourly Just some thoughts. - Bill Arlofski Reverse Polarity 860-824-2433 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA problem
Hello all, We are configuring a SAMBA server with multipile Windows 2000 computers. We are using Debian Sarge (Testing) and using the SAMBA software (3.0.10) that comes with it. We have populated the smb.conf file with just the following: netbios name = server-cardiff workgroup = bda-cdf passdb backend = tdbsam os level = 65 preferred master = yes domain master = yes local master = yes security = user domain logons = yes and then started the server, and the log shows: Mar 16 19:23:44 server-cardiff nmbd[5586]: [2005/03/16 19:23:44, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124) Mar 16 19:23:44 server-cardiff nmbd[5586]: become_logon_server_success: Samba is now a logon server for workgroupBDA-CDF on subnet 10.3.1.3 Mar 16 19:23:44 server-cardiff nmbd[5586]: [2005/03/16 19:23:44, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124) Mar 16 19:23:44 server-cardiff nmbd[5586]: become_logon_server_success: Samba is now a logon server for workgroupBDA-CDF on subnet 10.3.1.3 Mar 16 19:23:48 server-cardiff nmbd[5586]: [2005/03/16 19:23:48, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113) Mar 16 19:23:48 server-cardiff nmbd[5586]: * Mar 16 19:23:48 server-cardiff nmbd[5586]: Mar 16 19:23:48 server-cardiff nmbd[5586]: Samba server SERVER-CARDIFF is now a domain master browser for workgroup BDA-CDF on subnet 10.3.1.3 Mar 16 19:23:48 server-cardiff nmbd[5586]: Mar 16 19:23:48 server-cardiff nmbd[5586]: * Then I do an smbpasswd -a piersk and enter the password. All seems OK. Then take one Windows 2000 computer, go to System Properties, then Network Identification, then click on Properties, select domain and type in bda-cdf and click on OK and after a while, it asks for the username and password, and I enter piersk as username, and then the password, and it always return an Logon filure: unknown username or bad password even tho pdbedit -Lv | grep piers shows an entey. We have been attacking this problem for several hours and we don't know what's wrong - we even tried debug level 3 but it's not showing anything helpful - does anyone have an idea where we are going wrong? Thanks very much for your help in advance Cheers - Piers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Compile error: libsmbclient on 12rc1 on Solaris 9
snip from make.log: Compiling libsmb/libsmbclient.c with -KPIC libsmb/libsmbclient.c, line 3249: warning: argument #3 is incompatible with prototype: prototype: pointer to char : libsmb/libsmbclient.c, line 1167 argument : pointer to const char libsmb/libsmbclient.c, line 3843: warning: argument #5 is incompatible with prototype: prototype: pointer to char : libsmb/libsmbclient.c, line 3120 argument : pointer to const char libsmb/libsmbclient.c, line 4097: invalid directive libsmb/libsmbclient.c, line 4236: invalid directive libsmb/libsmbclient.c, line 4373: warning: argument #7 is incompatible with prototype: prototype: pointer to char : libsmb/libsmbclient.c, line 3315 argument : pointer to const char libsmb/libsmbclient.c, line 4373: warning: argument #8 is incompatible with prototype: prototype: pointer to char : libsmb/libsmbclient.c, line 3315 argument : pointer to const char cc: acomp failed for libsmb/libsmbclient.c *** Error code 2 make: Fatal error: Command failed for target `libsmb/libsmbclient.po.o' build method: #!/bin/bash export SOURCEPATH='/private/src/samba' export PATH=/usr/sbin:/sbin:/usr/bin:/depot/sws60/bin:/usr/ccs/bin:/depot/util/arch/bin export SAMBAVERSION='3.0.12rc1' cd ${SOURCEPATH}/samba-${SAMBAVERSION}/source export CPPFLAGS=-I/opt/krb5/include -I/opt/openldap/include export LDFLAGS=-L/opt/krb5/lib -R/opt/krb5/lib -L/opt/openldap/lib -R/opt/openldap/lib export CC='/depot/sws60/bin/cc' export PATH=/opt/krb5:${PATH} ./configure --prefix=/opt/samba-${SAMBAVERSION} --with-ads --with-syslog --with-acl-support --with-krb5=/opt/krb5 --with-ldap --with-winbind make make.log My build method hasn't changed since at least before 3.0.8. If I configure --with-libsmbclient=no it builds successfully. I haven't run into an acomp failure before. Any suggestions? Thanks very much. -- David Pullman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
On Wed, 2005-03-16 at 10:57 -0500, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? change nss/padl stuff? /etc/ldap.conf ??? Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
On Wednesday 16 March 2005 02:43 pm, Craig White wrote: On Wed, 2005-03-16 at 10:57 -0500, Misty Stanley-Jones wrote: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? change nss/padl stuff? /etc/ldap.conf ??? Yes I already did that, and nss_ldap is working just fine on all systems concerned (it's still changed). Samba is the only thing still using the ou=corp DN. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two questions
Bart Hendrix wrote: Hi All, I have the following questions: We have some folders / shares where we store for example only .doc files. But some users also saves the .jpg files in this share. We don't want this and we wondered if we can block saving .jpg files with samba. Is there an option to set in smb.conf so we can block the saving of .jpg files? Second one: Some users saves the .doc files for example as thisisanexampleforarealylongnameforawordfile.doc Is there an option to prevent these long names? Thanx Met vriendelijke groeten, Bart Hendrix To restric the .jpg files the veto files option is for you... |veto files = /*.mp3/ /*.wav/ /*.mpeg/ /*.avi/ Check this link... http://www.faqs.org/docs/samba/ch08.html For the long names i don't know... :D | -- OrvUx Making the Hard...Soft with GNU/Linux ;) Usuario Linux #16088 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two questions
OrvUx wrote: Bart Hendrix wrote: Hi All, I have the following questions: We have some folders / shares where we store for example only .doc files. But some users also saves the .jpg files in this share. We don't want this and we wondered if we can block saving .jpg files with samba. Is there an option to set in smb.conf so we can block the saving of .jpg files? Second one: Some users saves the .doc files for example as thisisanexampleforarealylongnameforawordfile.doc Is there an option to prevent these long names? Thanx Met vriendelijke groeten, Bart Hendrix To restric the .jpg files the veto files option is for you... |veto files = /*.mp3/ /*.wav/ /*.mpeg/ /*.avi/ Check this link... http://www.faqs.org/docs/samba/ch08.html For the long names i don't know... :D From that link: --- If you want to prevent users from seeing files completely, you can instead use the veto files option. This option, which takes the same syntax as the hide files option, specifies a list of files that should never be seen by the user. For example, let's change the [data] share to the following: [data] veto files = /*.java/*README*/ -- This will only prevent them from seeing these files. I know that end users are always looking for ways to get around any technical solution that is put in place to enforce a company policy. Based on my experience with end users (mostly K-12 students), I'd still opt for training followed by ramifications for violators. :) Cheers. - Bill Arlofski [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba configure script not finding ldap libs
Hey All, I'm trying to compile Samba 3.0.12rc1 on a Redhat Linux Fedora Core 3 machine. I have the following LDAP RPMS installed: rpm -qa | grep ldap gives: openldap-2.2.13-2 python-ldap-2.0.1-2 openldap-clients-2.2.13-2 openldap-devel-2.2.13-2 openldap-servers-2.2.13-2 nss_ldap-220-3 I run configure in the following fashion: CFLAGS=-O2 -march=prescott -I/usr/lib; export CFLAGS ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --localstatedir=/var \ --with-libdir=/usr/lib \ --with-configdir=/etc/samba \ --mandir=/usr/share/man \ --with-privatedir=/etc/samba \ --with-lockdir=/var/lock/samba \ --with-piddir=/var/run/samba \ --with-swatdir=/usr/local/swat \ --with-pam \ --with-pam_smbpass \ --with-syslog \ --with-quotas \ --with-utmp \ --with-ldap=/usr \ --with-ads \ --with-smbmount \ --with-automount \ --with-winbind I get the following message from configure: checking for LDAP support... auto checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_scanf in -llber... yes checking for ldap_init in -lldap... no checking for ldap_domain2hostlist... no checking for ldap_set_rebind_proc... no checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no configure: WARNING: libldap is needed for LDAP support checking for Active Directory and krb5 support... yes configure: error: Active Directory Support requires LDAP support So I check for ldaplib with find /* -name ldaplib* and get: /usr/lib/libldap_r-2.2.so.7.0.6 /usr/lib/evolution-openldap/lib/libldap.a /usr/lib/evolution-openldap/lib/libldap_r.a /usr/lib/libldap_r.so /usr/lib/libldap.a /usr/lib/libldap.so /usr/lib/libldap-2.2.so.7.0.6 /usr/lib/libldap-2.2.so.7 /usr/lib/libldap_r-2.2.so.7 /usr/lib/libldap_r.a So this looks fine to me, I have no idea why configure isn't finding these libs? Thanks in advance for any help! Regards, Theo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Is a 'Samba' DFS readable by MS Win98SE / DOS 6.22 clients possible?
Hi, I am looking into implementing Linux Redhat + Samba to mount various Windows shares to create a single, contiguous 'DFS'-like namespace viewable from DOS Win98SE / DOS 6.22 clients (I'm doing this because it appears that DOS NT LAN Manager does not support MS DFS). Is this possible with Samba? If so, can someone point me in the right direction to get started on this? (Note, I am NOT trying to mount existing MS DFS shares, but to create a 'Samba' DFS share that is readable by MS DOS Win98SE / DOS 6.22 clients) Thanks in advance! -- Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configure Samba with non-standard OpenLDAP location
Dariusz Lis: How to configure (and compile) Samba with non-standard OpenLDAP location? Is it possible? Basically, yes. It all depends on where the LDAP libraries (libldap, liblber) were told to look for ${prefix} during the OpenLDAP compilation. When Samba source (or srpm installation) is compiled, it should find them automatically, depending on your systems library database (e.g.Red Hat Linux ldconfig/ld.so.conf - 'cat /etc/ld.so.conf'). --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP Base DN
Misty Stanley-Jones: Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to dc=mycompany,dc=com. I change the /etc/ldap.conf files to all point to the new OU. Perfect. However when I change the baseDN in my smb.conf, all of a sudden I cannot authenticate. Even when doing smbcontrol smbd reload-config. The only thing I can figure is that it might be doing a 'sub' search and finding two entries for my user, because I left the 'ou=corp' DN as it was. Is it that, or is there something else I have to do in order to restructure my LDAP tree? Your /etc/ldap.conf doesn't have anything to do with /etc/samba/smb.conf. Further copying leaves in containers to other leaves in other containers is bound to end you up in some deep trouble, since you will then have duplicate UIDs and a lot more shit. First understand LDAP, then adapt it to Samba. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba(PDC)+LDAP+XPpro cannot join domain /w XP pro machine
I receive an Access is Denied error after provide the Administrator username and password when trying to join my Samba domain. Has anyone run into this?? ---log.smbd- [2005/03/14 19:37:19, 2] lib/interface.c:add_interface(79) added interface ip=192.168.2.4 bcast=192.168.2.255 nmask=255.255.255.0 [2005/03/14 19:37:19, 2] lib/tallocmsg.c:register_msg_pool_usage(57) Registered MSG_REQ_POOL_USAGE [2005/03/14 19:37:19, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2005/03/14 19:37:19, 2] smbd/server.c:open_sockets_smbd(324) waiting for a connection [2005/03/14 19:38:05, 2] lib/smbldap.c:smbldap_search_domain_info(1373) Searching for:[((objectClass=sambaDomain)(sambaDomainName=SRSCORP))] [2005/03/14 19:38:05, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/14 19:38:05, 1] lib/smbldap.c:add_new_domain_info(1343) failed to add domain dn= sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists [2005/03/14 19:38:05, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL [2005/03/14 19:38:05, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_search_domain_info(1373) Searching for:[((objectClass=sambaDomain)(sambaDomainName=SRSCORP))] [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_search_domain_info(1373) Searching for:[((objectClass=sambaDomain)(sambaDomainName=SRSCORP))] [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/14 19:38:06, 1] lib/smbldap.c:add_new_domain_info(1343) failed to add domain dn= sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists [2005/03/14 19:38:06, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL [2005/03/14 19:38:06, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs [2005/03/14 19:38:06, 1] lib/smbldap.c:add_new_domain_info(1343) failed to add domain dn= sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists [2005/03/14 19:38:06, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL [2005/03/14 19:38:06, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs -- ---smb.conf [global] workgroup = SRSCORP netbios name = mail1 enable privileges = yes interfaces = 192.168.2.4 username map = /etc/samba/smbusers server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No #unix password sync = Yes #passwd program = /usr/local/sbin/smbldap-passwd -u %u #passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n ldap passwd sync = Yes log level = 2 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:ldap://127.0.0.1/ ldap://slave.srsmanagement.com; # ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=samba,ou=DSA,dc=srsmanagement,dc=com ldap suffix = dc=srsmanagement,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users #ldap ssl = start tls ldap ssl = no add user script = /usr/local/sbin/smbldap-useradd -m %u ldap delete dn = Yes
[Samba] Sun One Directory Server 5.2 ldapclient init -v -a Problem
Hi All, I Have installed the Sun Directory Server 5.2 from JES 2004Q2 CD's with following options /etc/hosts 192.168.1.23 train01.tipu.com.pk train01 loghost DNS is running for tipu.com.pk on the same machine and here is /etc/resolv.conf domain tipu.com.pk nameserver 192.168.1.23 Directory Server installed using the following Suffix dc=tipu,dc=com,dc=pk when i run /usr/lib/ldap/idsconfig it's working fine below are the configuration i did while running idsconfig /usr/lib/ldap/idsconfig It is strongly recommended that you BACKUP the directory server before running idsconfig. Press Ctrl-C at any time before the final confirmation to exit. Do you wish to continue with server setup (y/n/h)? [n] y Enter the iPlanet Directory Server's (iDS) hostname to setup: train01 Enter the port number for iDS (h=help): [389] Enter the directory manager DN: [cn=Directory Manager] Enter passwd for cn=Directory Manager : Enter the domainname to be served (h=help): [tipu.com.pk] Enter LDAP Base DN (h=help): [dc=tipu,dc=com,dc=pk] Enter the profile name (h=help): [default] Default server list (h=help): [192.168.1.23] Preferred server list (h=help): Choose desired search scope (one, sub, h=help): [one] The following are the supported credential levels: 1 anonymous 2 proxy 3 proxy anonymous Choose Credential level [h=help]: [1] 2 The following are the supported Authentication Methods: 1 none 2 simple 3 sasl/DIGEST-MD5 4 tls:simple 5 tls:sasl/DIGEST-MD5 Choose Authentication Method (h=help): [1] 2 Current authenticationMethod: simple Do you want to add another Authentication Method? n Do you want the clients to follow referrals (y/n/h)? [n] Do you want to modify the server timelimit value (y/n/h)? [n] Do you want to modify the server sizelimit value (y/n/h)? [n] Do you want to store passwords in crypt format (y/n/h)? [n] y Do you want to setup a Service Authentication Methods (y/n/h)? [n] Client search time limit in seconds (h=help): [30] Profile Time To Live in seconds (h=help): [43200] Bind time limit in seconds (h=help): [10] Do you wish to setup Service Search Descriptors (y/n/h)? [n] Summary of Configuration 1 Domain to serve : tipu.com.pk 2 Base DN to setup : dc=tipu,dc=com,dc=pk 3 Profile name to create : default 4 Default Server List : 192.168.1.23 5 Preferred Server List : 6 Default Search Scope : one 7 Credential Level : proxy 8 Authentication Method : simple 9 Enable Follow Referrals : FALSE 10 iDS Time Limit : 11 iDS Size Limit : 12 Enable crypt password storage : TRUE 13 Service Auth Method pam_ldap : 14 Service Auth Method keyserv : 15 Service Auth Method passwd-cmd: 16 Search Time Limit : 30 17 Profile Time to Live : 43200 18 Bind Limit : 10 19 Service Search Descriptors Menu Enter config value to change: (1-19 0=commit changes) [0] Enter DN for proxy agent:[cn=proxyagent,ou=profile,dc=tipu,dc=com,dc=pk] Enter passwd for proxyagent: proxy Re-enter passwd: proxy WARNING: About to start committing changes. (y=continue, n=EXIT) y 1. Changed passwordstoragescheme to crypt in cn=config. 2. Schema attributes have been updated. 3. Schema objectclass definitions have been added. 4. NisDomainObject added to dc=tipu,dc=com,dc=pk. 5. Top level ou containers complete. 6. automount maps: auto_home auto_direct auto_master auto_shared processed. 7. ACI for dc=tipu,dc=com,dc=pkm modified to disable self modify. 8. Add of VLV Access Control Information (ACI). 9. Proxy Agent cn=proxyagent,ou=profile,dc=tipu,dc=com,dc=pk added. 10. Give cn=proxyagent,ou=profile,dc=tipu,dc=com,dc=pk read permission for password. 11. Generated client profile and loaded on server. 12. Processing eq,pres indexes: ipHostNumber (eq,pres) Finished indexing. uidNumber (eq,pres) Finished indexing. ipNetworkNumber (eq,pres) Finished indexing. gidnumber (eq,pres) Finished indexing. oncrpcnumber (eq,pres) Finished indexing. automountKey (eq,pres) Finished indexing. 13. Processing eq,pres,sub indexes: membernisnetgroup (eq,pres,sub) Finished indexing. 14. Processing VLV indexes: tipu.com.pk.getgrent vlv_index Entry created tipu.com.pk.gethostent vlv_index Entry created tipu.com.pk.getnetent vlv_index Entry created tipu.com.pk.getpwent vlv_index Entry created tipu.com.pk.getrpcent vlv_index Entry created tipu.com.pk.getspent vlv_index Entry created idsconfig: Setup of iDS server train01 is complete. After This when i run ldapclient it's giving me the following error ldapclient init -v -a proxydn=cn=proxyagent,ou=profile,dc=tipu,dc=com,dc=pk -a domainname=tipu.com.pk -a proxypassword=proxy 192.168.1.23 findDN: begins findDN: calling __ns_ldap_default_config() found 2 namingcontexts findDN: __ns_ldap_list(NULL, ((objectclass=nisDomainObject)(nisdomain=tipu.com.pk)) rootDN[0] dc=tipu,dc=com,dc=pk NOTFOUND:Could not find the nisDomainObject for DN dc=tipu,dc=com,dc=pk findDN: __ns_ldap_list(NULL, ((objectclass=nisDomainObject)(nisdomain=tipu.com.pk)) rootDN[1] o=NetscapeRoot NOTFOUND:Could not find the nisDomainObject for DN o=NetscapeRoot cannot
RE: ***SPAM*** Re: [Samba] Configure Samba with non-standard OpenLDAP location
I'm having a similar problem where the configure just doesn't find the ldap libraries even though I've got the ldap-devel rpm installed and the libraries are in their normal location in /usr/lib. -TJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Earnshaw Sent: Wednesday, March 16, 2005 12:15 PM To: Dariusz Lis Cc: samba@lists.samba.org Subject: ***SPAM*** Re: [Samba] Configure Samba with non-standard OpenLDAP location Dariusz Lis: How to configure (and compile) Samba with non-standard OpenLDAP location? Is it possible? Basically, yes. It all depends on where the LDAP libraries (libldap, liblber) were told to look for ${prefix} during the OpenLDAP compilation. When Samba source (or srpm installation) is compiled, it should find them automatically, depending on your systems library database (e.g.Red Hat Linux ldconfig/ld.so.conf - 'cat /etc/ld.so.conf'). --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
SOLVED Re: [Samba] Samba and LDAP Base DN
It appears that Samba needs to be restarted in order for the search base to be reset. Is this a bug? The BaseDN was reset without doing anything other than editing the smb.conf. But even then, viewing of the LDAP logs showed that the search base was still including the old DN. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB signing broken? 3.0.7 - 3.0.8
On Wed, 2005-03-16 at 11:46 +, Tim wrote: Hi Jeremy, Yep, that reversion patch you did fixed it. I'm a little surprised nobody else has mentioned this before me though. I assume it would affect everybody who's DCs require smb signing? Thanks for your help, I'll be rolling out 3.0.11 today. It did bite others - I was dealing with one vendor on IRC. What will be interesting to find out is what RedHat was seeing in the first place... Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Attachment. who can I best report this to for forensis?
Tony Earnshaw: Johan B, please let it through+ The headers are needed. I live in the Netherlands, where the police contacts for this sort of thing are grey and unknown to me. The Metropolitan Police (London only) in England is 100% on the ball, but they're under resourced and I don't live in their manor (London slang for area). I'd like to push it out to as powerful an organization as possible, that really cares. As a one-time father (they're long grown up now) I rate the sender on a par with the terrorist syndrome, that we've all seen so much of lately. Of course the shitt went through a zombie or open relay, of course it was sent anonymously, but that's what forensics are for. The proper authority will be keeping a database and ISP trail on the whole.That's why I'm asking SANS. O.k., for the samba list readers, the samba list child porn attachment was stripped, basta. It wasn't to the dshield (SANS) list. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA problem
[EMAIL PROTECTED]: [...] Then I do an smbpasswd -a piersk and enter the password. All seems OK. Then take one Windows 2000 computer, go to System Properties, then Network Identification, then click on Properties, select domain and type in bda-cdf and click on OK and after a while, it asks for the username and password, and I enter piersk as username, and then the password, and it always return an Logon filure: unknown username or bad password even tho pdbedit -Lv | grep piers shows an entey. We have been attacking this problem for several hours and we don't know what's wrong - we even tried debug level 3 but it's not showing anything helpful - does anyone have an idea where we are going wrong? Basically,you have first to create a Posix user including his Posix group (like in /etc/passwd and /etc/group - or the same in LDAP or NIS? if you're into those), and only then can you run smbpasswd on that. It's all in the docs, follow the docs (aka RTFM). Thanks very much for your help in advance I didn't help in advance, I tried to help afterward. Read the docs, is good advice for help in advance. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbstatus question
Hello All, The following is partial output from smbstatus. Please note that under the Machine column some WinXP PC's are listed by text name and some WinXP PC's are listed by IP. What could account for this difference? Is this anything I should be concerned about? I am running winbind and joined to a Win2K domain using security = ads. Thanks for any comments, suggestions, etc. Bruce filesrv1:~ # smbstatus Samba version 3.0.9-2.1.6-SUSE PID Username Group Machine --- 30652 aaukerDomain Users aauker1 (192.168.1.36) 24769 multidnc Domain Users multi-dnc (192.168.1.11) 25275 aschneiderDomain Users 192.168.1.27 (192.168.1.27) 25182 ups_user Domain Users 192.168.1.40 (192.168.1.40) 25810 administrator Domain Users 192.168.1.71 (192.168.1.71) 31498 mlindamoodDomain Users mlindamood2 (192.168.1.25) 25337 assembly Domain Users assembly (192.168.1.127) 24930 apostal Domain Users 192.168.1.49 (192.168.1.49) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble samba sharing a read-only nfs mount
Greetings, I've been using samba for a few years now sharing files from the local filesystems without a hitch. Recently I have tried to throw into the mix read only samba shares of read only nfs mounts. I can browse these shares but any attempt to copy files from them seems to reset the connection. Windows says the resource is unavailable. On the Debian system that is sharing the file I see that these resets leave smb processes that don't exit for whatever user tried to copy from the share. I have dozens of them hanging around four hours after the last time I had tried to connect during which time the windows machine has been powered off. I see other smb processes that are days old from when other users have tried to copy from the same shares. What settings are required to make a read only samba share work on a read only nfs mount? I have tried faking or not using optlocks in the shares and of course writable=no. Does it matter that the nfs mounted share is a local nfs export? I was experimenting with rsync snapshot backups to provide 'support yourself' backups to users as described here: http://www.mikerubel.org/computers/rsync_snapshots/ I think this would have been covered/solved somewhere but it seems to be beyond my searching skills. I saw many posts talking about how samba sharing a nfs read only mount should work fine, but no details of the configuration or issues similar to mine. Thank you for your time and advice, -- Jacob Anawalt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] is it possible to cut and paste linux shadow file passwd hashes to smbpasswd file?
is it possible to cut and paste linux shadow file passwd hashes to smbpasswd file? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] is it possible to cut and paste linux shadow file passwd hashes to smbpasswd file?
On Wednesday 16 March 2005 23:26, davidmarcus wrote: is it possible to cut and paste linux shadow file passwd hashes to smbpasswd file? Yes, it is possible, but it will do no good! UNIX/Linux password hashes as encoded differently than Windows passwords. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind: How to map windows admin-user to Linux root ?
Hi, Is there any way that I can map window AD admin-user to Linux root user (uid=gid=0) ? I noticed that windows Active-Directory users can use idmap [uid-range] to map to Linux users, but the idmap uid-range doesn't include '0'. e.g. idmap uid = 1-2 idmap gid = 1-2 Thanks! YY Yanping Du Software Engineer, Cisco Systems 820 Alder Dr. Milpitas, CA 95035 Tel: 408-525-3929 (o) __ Do you Yahoo!? Make Yahoo! your home page http://www.yahoo.com/r/hs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] usrmgr.exe and problems
Hello! Jerry you are right about script and permissions! I'm looking again to usrmgr.exe and has corrected most of the problems of which I spoke earlier This patch is corrected most problems, but i can't fixed, current moment, problems where not root create global group ... sorry :( This patch not create security holes and another holes ... :) I'm testing and is looking good ... Is try help you, i hope :) Sergey Loskutov --- srv_samr_nt.c.orig 2005-03-16 09:33:15.394423183 -1000 +++ srv_samr_nt.c 2005-03-17 17:41:13.297259499 -1000 @@ -2865,8 +2865,10 @@ * id21. I don't know if they need to be set.--jerry */ - if (IS_SAM_CHANGED(pwd, PDB_GROUPSID)) - set_unix_primary_group(pwd); + if (IS_SAM_CHANGED(pwd, PDB_GROUPSID) !set_unix_primary_group(pwd) ) { + pdb_free_sam(pwd); + return False; + } /* write the change out */ if(!pdb_update_sam_account(pwd)) { @@ -2933,8 +2935,10 @@ ZERO_STRUCT(plaintext_buf); - if (IS_SAM_CHANGED(pwd, PDB_GROUPSID)) - set_unix_primary_group(pwd); + if (IS_SAM_CHANGED(pwd, PDB_GROUPSID) !set_unix_primary_group(pwd) ) { + pdb_free_sam(pwd); + return False; + } if(!pdb_update_sam_account(pwd)) { pdb_free_sam(pwd); @@ -3624,12 +3628,16 @@ sid_copy(user_sid, get_global_sam_sid()); sid_append_rid(user_sid, q_u-rid); - + + ret = pdb_init_sam(sam_user); + if (!NT_STATUS_IS_OK(ret)) return ret; + become_root(); check = pdb_getsampwsid(sam_user, user_sid); + unbecome_root(); if (check != True) { pdb_free_sam(sam_user); @@ -3708,6 +3716,7 @@ uint32 acc_granted; SE_PRIV se_rights; BOOL can_add_accounts; + BOOL ret; /* * delete the group member named q_u-rid @@ -3740,7 +3749,12 @@ /* check if the user exists before trying to remove it from the group */ pdb_init_sam(sam_pass); - if (!pdb_getsampwsid(sam_pass, user_sid)) { + + become_root(); + ret = pdb_getsampwsid(sam_pass, user_sid); + unbecome_root(); + + if (!ret) { DEBUG(5,(User %s doesn't exist.\n, pdb_get_username(sam_pass))); pdb_free_sam(sam_pass); return NT_STATUS_NO_SUCH_USER; @@ -4253,6 +4267,7 @@ GROUP_MAP map; GROUP_INFO_CTR *ctr; uint32 acc_granted; + BOOL ret; if (!get_lsa_policy_samr_sid(p, q_u-pol, group_sid, acc_granted)) return NT_STATUS_INVALID_HANDLE; @@ -4276,9 +4291,13 @@ default: return NT_STATUS_INVALID_INFO_CLASS; } + + become_root(); + ret = pdb_update_group_mapping_entry(map); + unbecome_root(); - if(!pdb_update_group_mapping_entry(map)) { - return NT_STATUS_NO_SUCH_GROUP; + if(!ret) { + return NT_STATUS_NO_SUCH_GROUP; } return NT_STATUS_OK; @@ -4430,6 +4449,7 @@ BOOLis_user = False; NTSTATUSresult; enum SID_NAME_USE type = SID_NAME_UNKNOWN; + BOOLret; sid_copy( delete_sid, q_u-sid.sid ); @@ -4466,18 +4486,27 @@ pdb_init_sam(sam_pass); - if ( pdb_getsampwsid(sam_pass, delete_sid) ) { - is_user = True; + become_root(); + + ret = pdb_getsampwsid(sam_pass, delete_sid); + + if ( ret ) { + is_user = True; } else { - /* maybe it is a group */ - if( !pdb_getgrsid(map, delete_sid) ) { - DEBUG(3,(_samr_remove_sid_foreign_domain: %s is not a user or a group!\n, - sid_string_static(delete_sid))); - result = NT_STATUS_INVALID_SID; - goto done; - } + /* maybe it is a group */ + ret = pdb_getgrsid(map, delete_sid); + } + + unbecome_root(); + + if ( !ret ) { + DEBUG(3,(_samr_remove_sid_foreign_domain: %s is not a user or a group!\n, + sid_string_static(delete_sid))); + result = NT_STATUS_INVALID_SID; + goto done; } + /* we can only delete a user from a group since we don't have nested groups anyways. So in the latter case, just say OK */ @@ -4486,7 +4515,10 @@ int num_groups, i; struct group*grp2; - if ( pdb_enum_group_mapping(type, mappings, num_groups, False) num_groups0 ) { + become_root(); + ret = pdb_enum_group_mapping(type, mappings, num_groups,
[Samba] Where can I find more info on account flags?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I see this in smbldap-usermod: - -HsambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]') I would like to know where I can find out more about what effects these flags have on a users account. :-) Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCOTVJ57L0B7uXm9oRAlB9AJ9w0pRKInqHWbo/OFir9ZV76qMhEwCeMVXa M6V+O+J2lWGbQtLr3xhNOIU= =dyCX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r5828 - in branches/SAMBA_4_0/source: include librpc/idl librpc/ndr
Author: metze Date: 2005-03-16 09:25:52 + (Wed, 16 Mar 2005) New Revision: 5828 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5828 Log: add some idl for DsAddEntry() metze Modified: branches/SAMBA_4_0/source/include/structs.h branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c Changeset: Modified: branches/SAMBA_4_0/source/include/structs.h === --- branches/SAMBA_4_0/source/include/structs.h 2005-03-16 06:18:20 UTC (rev 5827) +++ branches/SAMBA_4_0/source/include/structs.h 2005-03-16 09:25:52 UTC (rev 5828) @@ -29,7 +29,8 @@ struct spoolss_EnumPrinterDrivers; struct spoolss_EnumPorts; -struct drsuapi_DsGetNCChangesInfo1; +struct drsuapi_DsReplicaObjectListItem; +struct drsuapi_DsReplicaObjectListItemEx; struct MULTI_QI; struct COSERVERINFO; Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl === --- branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2005-03-16 06:18:20 UTC (rev 5827) +++ branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2005-03-16 09:25:52 UTC (rev 5828) @@ -114,7 +114,7 @@ /*/ /* Function 0x02 */ - typedef [gensize,flag(NDR_PAHEX)] struct { + typedef [gensize] struct { [value(ndr_size_drsuapi_DsReplicaObjectIdentifier(r, ndr-flags)-4)] uint32 __ndr_size; [value(ndr_length_dom_sid(r-sid))] uint32 __ndr_size_sid; GUID guid; @@ -295,12 +295,12 @@ } drsuapi_DsReplicaObject; typedef [noprint] struct { - drsuapi_DsGetNCChangesInfo1 *next; + drsuapi_DsReplicaObjectListItemEx *next_object; drsuapi_DsReplicaObject object; uint32 unknown1; GUID *guid; drsuapi_DsReplicaMetaDataCtr *meta_data_ctr; - } drsuapi_DsGetNCChangesInfo1; + } drsuapi_DsReplicaObjectListItemEx; typedef struct { GUID guid1; @@ -311,7 +311,7 @@ drsuapi_DsReplicaCoursorEx05Ctr *coursor_ex; drsuapi_DsGetNCChangesRequest_Ctr12 ctr12; uint32 u1[3]; - drsuapi_DsGetNCChangesInfo1 *info1; + drsuapi_DsReplicaObjectListItemEx *first_object; uint32 u2; } drsuapi_DsGetNCChangesCtr1; @@ -630,8 +630,53 @@ /*/ /* Function 0x11 */ - WERROR drsuapi_DsAddEntry(); + typedef [noprint] struct { + drsuapi_DsReplicaObjectListItem *next_object; + drsuapi_DsReplicaObject object; + } drsuapi_DsReplicaObjectListItem; + typedef struct { + drsuapi_DsReplicaObjectListItem first_object; + } drsuapi_DsAddEntryRequest2; + + typedef [switch_type(int32)] union { + [case(2)] drsuapi_DsAddEntryRequest2 req2; + } drsuapi_DsAddEntryRequest; + + typedef struct { + uint32 unknown1; + uint32 unknown2; + uint32 unknown3; + } drsuapi_DsAddEntryCtr3Info1; + + typedef [switch_type(uint32)] union { + [case(1)] drsuapi_DsAddEntryCtr3Info1 info1; + } drsuapi_DsAddEntryCtr3Info; + + typedef struct { + GUID guid; + [subcontext_size(28),subcontext(0)] dom_sid sid; + } drsuapi_DsReplicaObjectIdentifier2; + + typedef struct { + drsuapi_DsReplicaObjectIdentifier *id; + uint32 level; + [switch_is(level)] drsuapi_DsAddEntryCtr3Info *info; + [range(0,1)] uint32 count; + [size_is(count)] drsuapi_DsReplicaObjectIdentifier2 *objects[]; + } drsuapi_DsAddEntryCtr3; + + typedef [switch_type(int32)] union { + [case(3)] drsuapi_DsAddEntryCtr3 ctr3; + } drsuapi_DsAddEntryCtr; + + WERROR drsuapi_DsAddEntry( + [in,ref] policy_handle *bind_handle, + [in,out] int32 level, + [in,switch_is(level)] drsuapi_DsAddEntryRequest req, + [out,switch_is(level)] drsuapi_DsAddEntryCtr ctr + ); + /*/ /* Function 0x12 */ WERROR DRSUAPI_EXECUTE_KCC(); Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c === --- branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c 2005-03-16 06:18:20 UTC (rev 5827) +++ branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c 2005-03-16 09:25:52 UTC (rev 5828) @@ -24,12 +24,23 @@ #include includes.h #include librpc/gen_ndr/ndr_drsuapi.h +void ndr_print_drsuapi_DsReplicaObjectListItem(struct ndr_print *ndr, const char *name, struct drsuapi_DsReplicaObjectListItem *r) +{ + ndr_print_struct(ndr, name, drsuapi_DsReplicaObjectListItem); +
svn commit: samba-docs r424 - in trunk: .
Author: jelmer Date: 2005-03-16 13:01:59 + (Wed, 16 Mar 2005) New Revision: 424 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=424 Log: Update list of (possible) dependencies Allow multiple possible programs (will be used to support multiple xslt processors later on) Modified: trunk/README trunk/aclocal.m4 Changeset: Modified: trunk/README === --- trunk/README2005-03-16 01:57:56 UTC (rev 423) +++ trunk/README2005-03-16 13:01:59 UTC (rev 424) @@ -12,8 +12,6 @@ Run: -autoreconf -./configure make all What are DocBook documents doing in the Samba Distribution ? @@ -53,10 +51,12 @@ To generate the docs, you need to have the following packages installed: - * autoconf + * GNU Make + * GNU autoconf * docbook-utils * xsltproc * pngtopnm and pnmtops (from the netpbm utilities) + * dia For generating PDF (thru LaTeX): * db2latex (from http://db2latex.sf.net/). Make sure to get CVS version @@ -65,13 +65,27 @@ * pdflatex * thumbpdf +For generating PDF (thru FO): + * fop (http://xml.apache.org/fop/) + For generating PostScript (thru LaTeX): + * db2latex * latex * dvips For generating ASCII: * html2text +For generating Palm-viewable docs: + * plucker-build + +For generating texi files: + * docbook2x-texi + * makeinfo + +For validating: + * xmllint + This directory now contains a ./configure script and Makefile to support the automated building of man pages (including HTML versions), and the building of the Samba-HOWTO-Collection and the Modified: trunk/aclocal.m4 === --- trunk/aclocal.m42005-03-16 01:57:56 UTC (rev 423) +++ trunk/aclocal.m42005-03-16 13:01:59 UTC (rev 424) @@ -27,7 +27,7 @@ dnl arg3: target that requires it AC_DEFUN(DOCS_TARGET_REQUIRE_PROGRAM, [ - AC_PATH_PROG([$1], [$2]) + AC_CHECK_PROGS([$1], [$2]) if test x$$1 = x; then if test x$$3_REQUIRES = x; then $3_REQUIRES=$2
svn commit: samba r5829 - in trunk/source/rpc_server: .
Author: jerry Date: 2005-03-16 14:31:36 + (Wed, 16 Mar 2005) New Revision: 5829 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5829 Log: event log read fixups from Marcin Porwit [EMAIL PROTECTED] Modified: trunk/source/rpc_server/srv_eventlog_nt.c Changeset: Modified: trunk/source/rpc_server/srv_eventlog_nt.c === --- trunk/source/rpc_server/srv_eventlog_nt.c 2005-03-16 09:25:52 UTC (rev 5828) +++ trunk/source/rpc_server/srv_eventlog_nt.c 2005-03-16 14:31:36 UTC (rev 5829) @@ -71,7 +71,7 @@ handle-data5[4]); } -/* +/** * Callout to open the specified event log * * smbrun calling convention -- @@ -176,7 +176,7 @@ return WERR_OK; } -/* +/** * Callout to get the number of records in the specified event log * * smbrun calling convention -- @@ -252,7 +252,7 @@ return WERR_OK; } -/* +/** * Callout to find the oldest record in the log * * smbrun calling convention -- @@ -330,7 +330,7 @@ return WERR_OK; } -/* +/** * Callout to close the specified event log * * smbrun calling convention -- @@ -419,8 +419,8 @@ { char *start = NULL, *stop = NULL; pstring temp; -int temp_len = 0; - +int temp_len = 0, i; + start = line; if(start == NULL || strlen(start) == 0) @@ -528,7 +528,6 @@ rpcstr_push((void *)(entry-data_record.computer_name), temp, sizeof(entry-data_record.computer_name), STR_TERMINATE); entry-data_record.computer_name_len = (strlen_w(entry-data_record.computer_name)* 2) + 2; - entry-record.num_strings++; } else if(0 == strncmp(start, SID, stop - start)) { @@ -546,15 +545,27 @@ /* now skip any other leading whitespace */ while(isspace(stop[0])) stop++; + temp_len = strlen(stop); memset(temp, 0, sizeof(temp)); - temp_len = strlen(stop); strncpy(temp, stop, temp_len); - rpcstr_push((void *)(entry-data_record.strings), temp, - sizeof(entry-data_record.strings), STR_TERMINATE); - entry-data_record.strings_len = (strlen_w(entry-data_record.strings) * 2) + 2; + rpcstr_push((void *)(entry-data_record.strings + entry-data_record.strings_len), + temp, + sizeof(entry-data_record.strings) - entry-data_record.strings_len, + STR_TERMINATE); + entry-data_record.strings_len += temp_len + 1; + fprintf(stderr, Dumping strings:\n); + for(i = 0; i entry-data_record.strings_len; i++) + { + fputc((char)entry-data_record.strings[i], stderr); + } + fprintf(stderr, \nDone\n); + entry-record.num_strings++; } else if(0 == strncmp(start, DAT, stop - start)) { + /* Now that we're done processing the STR data, adjust the length to account for + unicode, then proceed with the DAT data. */ + entry-data_record.strings_len *= 2; /* skip past initial : */ stop++; /* now skip any other leading whitespace */ @@ -577,7 +588,7 @@ } return True; } -/* +/** * Callout to read entries from the specified event log * * smbrun calling convention -- @@ -594,7 +605,6 @@ * TMW:(uint32) - time written, seconds since January 1, 1970, UTC * EID:(uint32) - eventlog source defined event identifier. If there's a stringfile for the event, it is an index into that * ETP:(uint16) - eventlog type - one of ERROR, WARNING, INFO, AUDIT_SUCCESS, AUDIT_FAILURE - * NST:(uint16) - number of strings in this log entry -- for now we only handle one string, so 0 or 1 * ECT:(uint16) - event category - depends on the eventlog generator... * RS2:(uint16) - reserved, make it * CRN:(uint32) - reserved, make it for now @@ -602,9 +612,8 @@ * SRC:[(uint8)] - Name of the source, for example ccPwdSvc, in hex bytes. Can not be multiline. * SRN:[(uint8)] - Name of the computer on which this is generated, the short hostname usually. * SID:[(uint8)] - User sid if one exists. Must be present even if there is no SID. - * STR:[(uint8)] - String data. First WORD specifies which string this is. Would be nice for this to ascend by one each time, maybe start from zero? - * followed by the actual string information, encoded into hex8 characters... If two-plus consecutive lines have same #, it's means string concats. - * If two have same #, but not consecutive, that's an error. If there is no String Data (and NST==0), must include the specifier. + * STR:[(uint8)] - String data. One string per line. Multiple strings can be specified using consecutive STR lines, + *
svn commit: samba-docs r425 - in trunk/xslt: .
Author: jelmer Date: 2005-03-16 15:33:49 + (Wed, 16 Mar 2005) New Revision: 425 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=425 Log: Add xslt script that can generate dependency makefiles Added: trunk/xslt/generate-dependencies.xsl Changeset: Copied: trunk/xslt/generate-dependencies.xsl (from rev 415, trunk/xslt/find-image-dependencies.xsl) === --- trunk/xslt/find-image-dependencies.xsl 2005-03-13 19:20:25 UTC (rev 415) +++ trunk/xslt/generate-dependencies.xsl2005-03-16 15:33:49 UTC (rev 425) @@ -0,0 +1,52 @@ +?xml version='1.0'? +!-- + Find the image dependencies of a certain XML file + Generates (part of) a Makefile + + - $(FNAME)-images-latex-{png,dvi} for role=latex + - $(FNAME)-images-role for all other roles + - $(TXTDIR)/$(FNAME)-text + + (C) Jelmer Vernooij 2004-2005 +-- +xsl:stylesheet xmlns:xsl=http://www.w3.org/1999/XSL/Transform; version=1.1 + xsl:output method=text/ + + xsl:template match=/ + xsl:for-each select=//mediaobject/[EMAIL PROTECTED] and not(@role=following::imageobject/@role)] + xsl:call-template name=generate-images + xsl:with-param name=rolexsl:value-of select=@role//xsl:with-param + /xsl:call-template + /xsl:for-each + xsl:call-template name=generate-images + xsl:with-param name=role/ + /xsl:call-template + xsl:call-template name=generate-txt-chunks/ + /xsl:template + + xsl:template name=generate-images + xsl:value-of select=$target/xsl:text-images-/xsl:textxsl:value-of select=$role/xsl:text = /xsl:text + xsl:for-each select=//mediaobject/[EMAIL PROTECTED] + xsl:value-of select=imagedata/@fileref/ + xsl:text /xsl:text + /xsl:for-each + xsl:text#10;/xsl:text + /xsl:template + + xsl:template name=generate-txt-chunks + xsl:value-of select=$target/xsl:text-txt-chunks: /xsl:text + xsl:for-each select=(//chapter|//preface|//appendix)[EMAIL PROTECTED]|book + xsl:value-of select=$txtbasedir/ + xsl:choose + xsl:when test=name() = 'book' + xsl:textindex/xsl:text + /xsl:when + xsl:when test=@id != '' + xsl:value-of select=@id/ + /xsl:when + /xsl:choose + xsl:text.txt /xsl:text + /xsl:for-each + xsl:text#10;/xsl:text + /xsl:template +/xsl:stylesheet
svn commit: samba r5830 - in branches/SAMBA_4_0/source: librpc/idl torture/rpc
Author: metze Date: 2005-03-16 15:47:19 + (Wed, 16 Mar 2005) New Revision: 5830 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5830 Log: start to analyse the attribute values, depending on the attribute type metze Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl branches/SAMBA_4_0/source/torture/rpc/drsuapi.c Changeset: Sorry, the patch is too large (273 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5830
svn commit: samba r5831 - in branches/SAMBA_3_0/source/smbd: .
Author: jmcd Date: 2005-03-16 16:14:04 + (Wed, 16 Mar 2005) New Revision: 5831 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5831 Log: Along with jra's recent checkins, fix dir/xcopy of empty dirs on OS/2. Bugs 2335, 2337. Modified: branches/SAMBA_3_0/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/trans2.c === --- branches/SAMBA_3_0/source/smbd/trans2.c 2005-03-16 15:47:19 UTC (rev 5830) +++ branches/SAMBA_3_0/source/smbd/trans2.c 2005-03-16 16:14:04 UTC (rev 5831) @@ -1484,13 +1484,13 @@ } /* -* If there are no matching entries we must return ERRDOS/ERRbadfile - +* If there are no matching entries we must return ERRDOS/ERRnofiles - * from observation of NT. */ if(numentries == 0) { dptr_close(dptr_num); - return ERROR_DOS(ERRDOS,ERRbadfile); + return ERROR_DOS(ERRDOS,ERRnofiles); } /* At this point pdata points to numentries directory entries. */
svn commit: samba-docs r426 - in trunk: .
Author: jelmer Date: 2005-03-16 17:14:05 + (Wed, 16 Mar 2005) New Revision: 426 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=426 Log: Use document names rather then file locations in the makefile. Modified: trunk/Makefile Changeset: Modified: trunk/Makefile === --- trunk/Makefile 2005-03-16 15:33:49 UTC (rev 425) +++ trunk/Makefile 2005-03-16 17:14:05 UTC (rev 426) @@ -7,13 +7,15 @@ -include Makefile.settings # Docs to build -MAIN_DOCS = $(patsubst %/index.xml,$(DOCBOOKDIR)/%.xml,$(wildcard */index.xml)) +MAIN_DOCS = $(patsubst %/index.xml,%,$(wildcard */index.xml)) MANPAGES = $(wildcard $(MANPAGEDIR)/*.?.xml) # Lists of files to process LATEX_FIGURES = xslt/figures/caution.pdf xslt/figures/important.pdf xslt/figures/note.pdf xslt/figures/tip.pdf xslt/figures/warning.pdf MANPAGES_PLUCKER = $(patsubst $(MANPAGEDIR)/%.xml,$(PLUCKERDIR)/%.pdb,$(MANPAGES)) +DATETIME := $(shell date +%Y%m%d%H%M%S) + ifndef OUTPUTDIR Makefile.settings: Makefile.settings.in configure @echo Makefile.settings not present, trying to run configure... @@ -43,29 +45,29 @@ # Pseudo targets all: $(TARGETS) -everything: manpages pdf html-single html htmlman txt ps fo htmlhelp pearson validate +everything: manpages pdf html-single html htmlman txt ps fo htmlhelp pearson release: manpages htmlman html pdf # Output format targets -pdf: $(patsubst $(DOCBOOKDIR)/%.xml,$(PDFDIR)/%.pdf,$(MAIN_DOCS)) -dvi: $(patsubst $(DOCBOOKDIR)/%.xml,$(DVIDIR)/%.dvi,$(MAIN_DOCS)) -ps: $(patsubst $(DOCBOOKDIR)/%.xml,$(PSDIR)/%.ps,$(MAIN_DOCS)) -txt: $(patsubst $(DOCBOOKDIR)/%.xml,$(TXTDIR)/%.txt,$(MAIN_DOCS)) -txt-chunks: $(patsubst $(DOCBOOKDIR)/%.xml,$(TXTDIR)/%/,$(MAIN_DOCS)) -fo: $(patsubst $(DOCBOOKDIR)/%.xml,$(FODIR)/%.fo,$(MAIN_DOCS)) -fo-pdf: $(patsubst $(DOCBOOKDIR)/%.xml,$(FOPDFDIR)/%.pdf,$(MAIN_DOCS)) -tex: $(patsubst $(DOCBOOKDIR)/%.xml,%.tex,$(MAIN_DOCS)) -texi: $(patsubst $(DOCBOOKDIR)/%.xml,$(TEXINFODIR)/%.texi,$(MAIN_DOCS)) -texiinfo: $(patsubst $(DOCBOOKDIR)/%.xml,$(TEXINFODIR)/%.info,$(MAIN_DOCS)) +pdf: $(patsubst %,$(PDFDIR)/%.pdf,$(MAIN_DOCS)) +dvi: $(patsubst %,$(DVIDIR)/%.dvi,$(MAIN_DOCS)) +ps: $(patsubst %,$(PSDIR)/%.ps,$(MAIN_DOCS)) +txt: $(patsubst %,$(TXTDIR)/%.txt,$(MAIN_DOCS)) +txt-chunks: $(addsuffix -txt-chunks,$(MAIN_DOCS)) +fo: $(patsubst %,$(FODIR)/%.fo,$(MAIN_DOCS)) +fo-pdf: $(patsubst %,$(FOPDFDIR)/%.pdf,$(MAIN_DOCS)) +tex: $(addsuffix .tex,$(MAIN_DOCS)) +texi: $(patsubst %,$(TEXINFODIR)/%.texi,$(MAIN_DOCS)) +texiinfo: $(patsubst %,$(TEXINFODIR)/%.info,$(MAIN_DOCS)) manpages: $(patsubst $(MANPAGEDIR)/%.xml,$(MANDIR)/%,$(MANPAGES)) pearson: $(PEARSONDIR)/Samba-HOWTO-Collection.xml pearson-verify: $(PEARSONDIR)/Samba-HOWTO-Collection.report.html -plucker: $(patsubst $(DOCBOOKDIR)/%.xml,$(PLUCKERDIR)/%.pdb,$(MAIN_DOCS)) +plucker: $(patsubst %,$(PLUCKERDIR)/%.pdb,$(MAIN_DOCS)) htmlman: $(patsubst $(MANPAGEDIR)/%.xml,$(HTMLDIR)/%.html,$(MANPAGES)) $(HTMLDIR)/manpages.html -html-single: $(patsubst $(DOCBOOKDIR)/%.xml,$(HTMLDIR)/%.html,$(MAIN_DOCS)) -html: $(patsubst $(DOCBOOKDIR)/%.xml,$(HTMLDIR)/%/index.html,$(MAIN_DOCS)) $(HTMLDIR)/index.html -htmlhelp: $(patsubst $(DOCBOOKDIR)/%.xml,$(HTMLHELPDIR)/%,$(MAIN_DOCS)) -validate: $(patsubst $(DOCBOOKDIR)/%.xml,%-validate,$(MAIN_DOCS)) +html-single: $(patsubst %,$(HTMLDIR)/%.html,$(MAIN_DOCS)) +html: $(patsubst %,$(HTMLDIR)/%/index.html,$(MAIN_DOCS)) $(HTMLDIR)/index.html +htmlhelp: $(addprefix $(HTMLHELPDIR)/,$(MAIN_DOCS)) +validate: $(addsuffix -validate,$(MAIN_DOCS)) # Intermediate docbook docs @@ -245,8 +247,8 @@ # Archiving archive: pdf mkdir -p $(ARCHIVEDIR) - cp $(PDFDIR)/Samba-HOWTO-Collection.pdf $(ARCHIVEDIR)/TOSHARG-$(shell date +%Y%m%d%H%M%S).pdf - cp $(PDFDIR)/Samba-Guide.pdf $(ARCHIVEDIR)/S3bE-$(shell date +%Y%m%d%H%M%S).pdf + cp $(PDFDIR)/Samba-HOWTO-Collection.pdf $(ARCHIVEDIR)/TOSHARG-$(DATETIME).pdf + cp $(PDFDIR)/Samba-Guide.pdf $(ARCHIVEDIR)/S3bE-$(DATETIME).pdf # XSL scripts xslt/html.xsl: xslt/html-common.xsl settings.xsl @@ -265,7 +267,7 @@ rm -f *.xml rm -f xslt/figures/*pdf rm -f $(SMBDOTCONFDOC)/parameters.*.xml - rm -f $(patsubst $(DOCBOOKDIR)/%.xml,%.*,$(MAIN_DOCS)) + rm -f $(addsuffix .*,$(MAIN_DOCS)) # Always keep intermediate files if we can .SECONDARY:
svn commit: samba-web r583 - in trunk: .
Author: deryck Date: 2005-03-16 18:05:39 + (Wed, 16 Mar 2005) New Revision: 583 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=583 Log: Add link to news RSS feed within header for main samba.org. deryck Modified: trunk/header2.html Changeset: Modified: trunk/header2.html === --- trunk/header2.html 2005-03-14 18:37:04 UTC (rev 582) +++ trunk/header2.html 2005-03-16 18:05:39 UTC (rev 583) @@ -2,6 +2,7 @@ link rel=stylesheet href=/samba/style/common.css type=text/css media=all / link rel=stylesheet href=/samba/style/main.css type=text/css media=all / link rel=shortcut icon href=/samba/images/favicon.ico / +link rel=alternate href=/samba/news/sambanews.xml type=application/rss+xml title=Samba News / !--[if gte IE 5.5] style type=text/css
svn commit: samba r5832 - in trunk/source: include rpc_parse rpc_server
Author: jerry Date: 2005-03-16 18:22:32 + (Wed, 16 Mar 2005) New Revision: 5832 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5832 Log: * add QueryServiceConfig() ControlService() parsing code and stub server support * add prs_io_uinstr2[_p]() for dealing with UNISTR2* rpc elements. (tested it out on QueryServiceConfig() and the SPOOL_USER_1 structure in spoolss code). * started svcctl.tdb interface for persistent storage of service properties. Modified: trunk/source/include/rpc_spoolss.h trunk/source/include/rpc_svcctl.h trunk/source/rpc_parse/parse_misc.c trunk/source/rpc_parse/parse_spoolss.c trunk/source/rpc_parse/parse_svcctl.c trunk/source/rpc_server/srv_svcctl.c trunk/source/rpc_server/srv_svcctl_nt.c Changeset: Sorry, the patch is too large (689 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5832
svn commit: samba r5833 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-03-16 19:31:15 + (Wed, 16 Mar 2005) New Revision: 5833 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5833 Log: Revert change for bug #2335. Tested with a Win9x client and the original error code is correct. I have some theories as to why this is different, I'll add some code to the torture tester to confirm. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/trans2.c === --- branches/SAMBA_3_0/source/smbd/trans2.c 2005-03-16 18:22:32 UTC (rev 5832) +++ branches/SAMBA_3_0/source/smbd/trans2.c 2005-03-16 19:31:15 UTC (rev 5833) @@ -1484,13 +1484,13 @@ } /* -* If there are no matching entries we must return ERRDOS/ERRnofiles - +* If there are no matching entries we must return ERRDOS/ERRbadfile - * from observation of NT. */ if(numentries == 0) { dptr_close(dptr_num); - return ERROR_DOS(ERRDOS,ERRnofiles); + return ERROR_DOS(ERRDOS,ERRbadfile); } /* At this point pdata points to numentries directory entries. */
svn commit: samba r5834 - in trunk/source: client libsmb
Author: jra Date: 2005-03-16 20:06:58 + (Wed, 16 Mar 2005) New Revision: 5834 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5834 Log: Make smbclient obey the max protocol argument again. Jeremy. Modified: trunk/source/client/client.c trunk/source/libsmb/clidfs.c Changeset: Modified: trunk/source/client/client.c === --- trunk/source/client/client.c2005-03-16 19:31:15 UTC (rev 5833) +++ trunk/source/client/client.c2005-03-16 20:06:58 UTC (rev 5834) @@ -43,7 +43,7 @@ static int io_bufsize = 64512; static int name_type = 0x20; -static int max_protocol = PROTOCOL_NT1; +extern int max_protocol; static int process_tok(pstring tok); static int cmd_help(void); Modified: trunk/source/libsmb/clidfs.c === --- trunk/source/libsmb/clidfs.c2005-03-16 19:31:15 UTC (rev 5833) +++ trunk/source/libsmb/clidfs.c2005-03-16 20:06:58 UTC (rev 5834) @@ -37,10 +37,10 @@ static BOOL use_kerberos; static BOOL got_pass; static int signing_state; +int max_protocol = PROTOCOL_NT1; static int port; static int name_type = 0x20; -static int max_protocol = PROTOCOL_NT1; static BOOL have_ip; static struct in_addr dest_ip;
svn commit: samba r5835 - in branches/SAMBA_3_0/source: client libsmb
Author: jra Date: 2005-03-16 20:07:08 + (Wed, 16 Mar 2005) New Revision: 5835 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5835 Log: Make smbclient obey the max protocol argument again. Jeremy. Modified: branches/SAMBA_3_0/source/client/client.c branches/SAMBA_3_0/source/libsmb/clidfs.c Changeset: Modified: branches/SAMBA_3_0/source/client/client.c === --- branches/SAMBA_3_0/source/client/client.c 2005-03-16 20:06:58 UTC (rev 5834) +++ branches/SAMBA_3_0/source/client/client.c 2005-03-16 20:07:08 UTC (rev 5835) @@ -43,7 +43,7 @@ static int io_bufsize = 64512; static int name_type = 0x20; -static int max_protocol = PROTOCOL_NT1; +extern int max_protocol; static int process_tok(pstring tok); static int cmd_help(void); Modified: branches/SAMBA_3_0/source/libsmb/clidfs.c === --- branches/SAMBA_3_0/source/libsmb/clidfs.c 2005-03-16 20:06:58 UTC (rev 5834) +++ branches/SAMBA_3_0/source/libsmb/clidfs.c 2005-03-16 20:07:08 UTC (rev 5835) @@ -37,10 +37,10 @@ static BOOL use_kerberos; static BOOL got_pass; static int signing_state; +int max_protocol = PROTOCOL_NT1; static int port; static int name_type = 0x20; -static int max_protocol = PROTOCOL_NT1; static BOOL have_ip; static struct in_addr dest_ip;
svn commit: samba-web r584 - in trunk/news/developers: .
Author: deryck Date: 2005-03-16 20:22:50 + (Wed, 16 Mar 2005) New Revision: 584 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=584 Log: Adding news item about crh's jCIFS piece in Linux Magazine. deryck Added: trunk/news/developers/crh_jcifs_can_opener.html Changeset: Added: trunk/news/developers/crh_jcifs_can_opener.html === --- trunk/news/developers/crh_jcifs_can_opener.html 2005-03-16 18:05:39 UTC (rev 583) +++ trunk/news/developers/crh_jcifs_can_opener.html 2005-03-16 20:22:50 UTC (rev 584) @@ -0,0 +1,23 @@ +h3a name=crh_jcifs_can_openerjCIFS Possibilities in Linux Magazine/a/h3 + +div class=article +pSamba Team member Chris Hertel has a new article up on +a href=http://www.linux-mag.com/;Linux Magazine/a. The article +provides a nice introduction to jCIFS and outlines some possible ways +to use jCIFS as an interface to your CIFS server./p + +pHere's a teaser from the piece:/p + +blockquote +jCIFS (http://jcifs.samba.org/) is the product of an unlikely union +between Sun's Java and Microsoft's SMB/CIFS file sharing suite. jCIFS +provides all of the tools a Java coder needs to get along in a Windows +Network Neighborhood; jCIFS dances elegantly with Samba; and jCIFS runs +on everything from palmtops to mainframes. Where else but in open source +could such a story be told? +/blockquote + +pFor the complete article, please see +a href=http://www.linux-mag.com/content/view/127/2123/; jCIFS: The +SMB Can Opener/a./p +/div
svn commit: samba-docs r427 - in trunk/Samba-Guide: .
Author: jht Date: 2005-03-16 20:24:47 + (Wed, 16 Mar 2005) New Revision: 427 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=427 Log: More review needed - this fixes a big glitch. Modified: trunk/Samba-Guide/Chap08b-MigrateNW4Samba3.xml Changeset: Modified: trunk/Samba-Guide/Chap08b-MigrateNW4Samba3.xml === --- trunk/Samba-Guide/Chap08b-MigrateNW4Samba3.xml 2005-03-16 17:14:05 UTC (rev 426) +++ trunk/Samba-Guide/Chap08b-MigrateNW4Samba3.xml 2005-03-16 20:24:47 UTC (rev 427) @@ -862,17 +862,18 @@ # Where are stored Computers # Ex: computersdn=ou=Computers,dc=IDEALX,dc=ORG -computersdn=ou=Computers,${suffix} +computersdn=ou=People,${suffix} # Where are stored Groups # Ex groupsdn=ou=Groups,dc=IDEALX,dc=ORG groupsdn=ou=Groups,${suffix} + # Where are stored Idmap entries (used if samba is a domain member server) # Ex groupsdn=ou=Idmap,dc=IDEALX,dc=ORG -idmapdn=ou=People,${suffix} +idmapdn=ou=Idmap,${suffix} # Where to store next uidNumber and gidNumber available -sambaUnixIdPooldn=ou=People,${suffix} +sambaUnixIdPooldn=sambaDomainName=MEGANET2,dc=abmas,dc=biz # Default scope Used scope=sub @@ -883,7 +884,7 @@ titleIdealx smbldap-tools Control File smbmdash; Part C/title screen # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) -hash_encrypt=SSHA +hash_encrypt=MD5 # if hash_encrypt is set to CRYPT, you may set a salt format. # default is %s, but many systems will generate MD5 hashed
svn commit: samba r5836 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-03-16 23:32:42 + (Wed, 16 Mar 2005) New Revision: 5836 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5836 Log: Correct fix for OS/2 bug #2335. The error return code in this case is protocol level dependent. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/trans2.c === --- branches/SAMBA_3_0/source/smbd/trans2.c 2005-03-16 20:07:08 UTC (rev 5835) +++ branches/SAMBA_3_0/source/smbd/trans2.c 2005-03-16 23:32:42 UTC (rev 5836) @@ -1485,12 +1485,18 @@ /* * If there are no matching entries we must return ERRDOS/ERRbadfile - -* from observation of NT. +* from observation of NT. NB. This changes to ERRDOS,ERRnofiles if +* the protocol level is less than NT1. Tested with smbclient. JRA. +* This should fix the OS/2 client bug #2335. */ if(numentries == 0) { dptr_close(dptr_num); - return ERROR_DOS(ERRDOS,ERRbadfile); + if (protocol PROTOCOL_NT1) { + return ERROR_DOS(ERRDOS,ERRnofiles); + } else { + return ERROR_BOTH(NT_STATUS_NO_SUCH_FILE,ERRDOS,ERRbadfile); + } } /* At this point pdata points to numentries directory entries. */
svn commit: samba r5837 - in trunk/source/smbd: .
Author: jra Date: 2005-03-16 23:32:50 + (Wed, 16 Mar 2005) New Revision: 5837 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5837 Log: Correct fix for OS/2 bug #2335. The error return code in this case is protocol level dependent. Jeremy Modified: trunk/source/smbd/trans2.c Changeset: Modified: trunk/source/smbd/trans2.c === --- trunk/source/smbd/trans2.c 2005-03-16 23:32:42 UTC (rev 5836) +++ trunk/source/smbd/trans2.c 2005-03-16 23:32:50 UTC (rev 5837) @@ -1485,12 +1485,18 @@ /* * If there are no matching entries we must return ERRDOS/ERRbadfile - -* from observation of NT. +* from observation of NT. NB. This changes to ERRDOS,ERRnofiles if +* the protocol level is less than NT1. Tested with smbclient. JRA. +* This should fix the OS/2 client bug #2335. */ if(numentries == 0) { dptr_close(dptr_num); - return ERROR_DOS(ERRDOS,ERRbadfile); + if (protocol PROTOCOL_NT1) { + return ERROR_DOS(ERRDOS,ERRnofiles); + } else { + return ERROR_BOTH(NT_STATUS_NO_SUCH_FILE,ERRDOS,ERRbadfile); + } } /* At this point pdata points to numentries directory entries. */
Build status as of Thu Mar 17 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-03-16 00:00:39.0 + +++ /home/build/master/cache/broken_results.txt 2005-03-17 00:00:22.0 + @@ -1,39 +1,38 @@ -Build status as of Wed Mar 16 00:00:01 2005 +Build status as of Thu Mar 17 00:00:01 2005 Build counts: Tree Total Broken Panic -ccache 36 3 0 +ccache 37 3 0 distcc 36 2 0 ppp 21 2 0 -rsync36 5 0 +rsync36 4 0 samba1 1 1 samba-docs 0 0 0 -samba4 40 13 0 -samba_3_038 15 1 +samba4 40 11 0 +samba_3_038 18 0 Currently broken builds: Host Tree Compiler Status fusberta samba4 gccok/ 2/?/? -fusberta samba_3_0gccok/ok/ok/ 6/PANIC -yurok samba_3_0gccok/ok/ok/ 1 -samba-s390 samba4 gccok/ 2/?/? +fusberta samba_3_0gccok/ 2/?/? rhonwynsamba4 gcc-4.0ok/ 2/?/? rhonwynsamba_3_0gcc-4.0ok/ 2/?/? rhonwynsamba4 tccok/ 2/?/? -superego rsyncgcc 77/?/?/? superego samba_3_0gccok/ok/ 2/? -cl012 samba_3_0gccok/ok/ok/ 1 +cl012 samba_3_0gccok/ 2/?/? +dev4-003 samba_3_0gccok/ 2/?/? +aretnapsamba_3_0gccok/ 1/?/? aretnapccache iccok/ok/ok/ 1 +sbfsamba_3_0gccok/ 1/?/? +wetlizard samba_3_0gccok/ 2/?/? gwen distcc cc ok/ 1/?/? gwen samba4 cc ok/ 1/?/? gwen samba_3_0cc ok/ 1/?/? us4samba_3_0cc ok/ok/ok/ 2 -us4samba4 gcc 127/?/?/? us4samba_3_0gccok/ok/ok/ 2 flock samba4 gccok/ 1/?/? shubnigurath samba4 cc ok/ 1/?/? -sol10 samba4 gcc 127/?/?/? -sol10 samba_3_0gcc 127/?/?/? +sol10 samba_3_0gccok/ 1/?/? gc20 samba_3_0gccok/ 2/?/? sun1 rsynccc ok/ok/ok/ 2 sun1 samba4 cc ok/ 2/?/? @@ -52,6 +51,7 @@ m30samba4 gccok/ 2/?/? m30samba_3_0gccok/ok/ok/ 1 metze02sambagccok/ok/ok/ 1/PANIC +metze02samba4 gcc-3.4ok/ 2/?/? l390vme1 samba_3_0gccok/ 2/?/? opippp gccok/ 2/?/?
svn commit: samba r5838 - in trunk/source: include rpc_parse rpc_server
Author: jerry Date: 2005-03-17 00:11:26 + (Thu, 17 Mar 2005) New Revision: 5838 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5838 Log: * add InitiateSystemShutdownEx() server support (based on patch by Marcin Porwit [EMAIL PROTECTED] * add UNISTR4 for deal with combined (UNIHDR + UNISTR2*) structures. Includes prs_unistr4_p() Modified: trunk/source/include/rpc_misc.h trunk/source/include/rpc_reg.h trunk/source/rpc_parse/parse_misc.c trunk/source/rpc_parse/parse_prs.c trunk/source/rpc_parse/parse_reg.c trunk/source/rpc_server/srv_reg.c trunk/source/rpc_server/srv_reg_nt.c Changeset: Sorry, the patch is too large (607 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5838
svn commit: samba-docs r428 - in trunk: . scripts xslt
Author: jelmer Date: 2005-03-17 00:13:11 + (Thu, 17 Mar 2005) New Revision: 428 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=428 Log: Autogenerate parts of the makefile rather then calling seperate shell scripts. Avoids a lot of copying images that are already present. Removed: trunk/scripts/copy-images.sh trunk/xslt/find-image-dependencies.xsl Modified: trunk/Makefile trunk/configure.in Changeset: Modified: trunk/Makefile === --- trunk/Makefile 2005-03-16 20:24:47 UTC (rev 427) +++ trunk/Makefile 2005-03-17 00:13:11 UTC (rev 428) @@ -4,7 +4,7 @@ # James Moore [EMAIL PROTECTED] # Gerald Carter [EMAIL PROTECTED] # Jelmer Vernooij [EMAIL PROTECTED] --include Makefile.settings +include Makefile.settings # Docs to build MAIN_DOCS = $(patsubst %/index.xml,%,$(wildcard */index.xml)) @@ -17,7 +17,7 @@ DATETIME := $(shell date +%Y%m%d%H%M%S) ifndef OUTPUTDIR -Makefile.settings: Makefile.settings.in configure +Makefile.settings: configure @echo Makefile.settings not present, trying to run configure... @./configure @@ -91,20 +91,18 @@ mkdir -p $(@D) cp $ $@ -$(HTMLDIR)/%/index.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/%/samba.css xslt/html-chunk.xsl +$(HTMLDIR)/%/index.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/%/samba.css xslt/html-chunk.xsl %-images-html-chunks mkdir -p $(@D) $(XSLTPROC) --stringparam base.dir $(HTMLDIR)/$*/ xslt/html-chunk.xsl $ - mkdir -p $(@D)/images - $(COPY_IMAGES) html $(DOCBOOKDIR)/$*.xml $* $(@D) # Single large HTML files $(OUTPUTDIR)/%/samba.css: xslt/html/samba.css mkdir -p $(@D) cp $ $@ +$(patsubst %,$(HTMLDIR)/%.html,$(MAIN_DOCS)): $(HTMLDIR)/%.html: %-images-html-single + $(HTMLDIR)/%.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/samba.css xslt/html.xsl - mkdir -p $(@D)/images - $(COPY_IMAGES) html $(DOCBOOKDIR)/$*.xml $* $(@D) $(XSLTPROC) --output $@ xslt/html.xsl $ # Attributions @@ -116,15 +114,13 @@ mkdir -p $(@D) $(HTML2TEXT) -nobs -style pretty -o $@ $ -$(TXTDIR)/%/: $(HTMLDIR)/%/index.html - $(MAKE) `echo $(HTMLDIR)/$*/*.html | $(PERL) -p -e 's|$(HTMLDIR)|$(TXTDIR)|g;s/\.html/\.txt/g;'` - # Tex files %.tex: $(DOCBOOKDIR)/%.xml xslt/latex.xsl mkdir -p $(@D) $(XSLTPROC) --output $@ xslt/latex.xsl $ latexfigures: $(LATEX_FIGURES) + touch $@ $(PDFDIR)/%.pdf: %.pdf mkdir -p $(@D) @@ -136,11 +132,46 @@ %.ind: %.idx $(MAKEINDEX) $ +# Dependency files +%.d: $(DOCBOOKDIR)/%.xml xslt/generate-dependencies.xsl + $(XSLTPROC) \ + --novalid \ + --stringparam txtbasedir $(TXTDIR)/$*/ \ + --stringparam target $* \ + -o $@ xslt/generate-dependencies.xsl $ + @echo $*-images-latex-png: \$$(addsuffix .png, \$$($*-images-latex)) $@ + @echo touch \$$@ $@ + @echo $@ + @echo $*-images-latex-eps: \$$(addsuffix .eps, \$$($*-images-latex)) $@ + @echo touch \$$@ $@ + @echo $@ + @echo \$$(HTMLDIR)/%: $*/% $@ + @echo mkdir -p \$$(@D) $@ + @echo cp \$$ \$$@ $@ + @echo $@ + @echo \$$(HTMLDIR)/$*/%: $*/% $@ + @echo mkdir -p \$$(@D) $@ + @echo cp \$$ \$$@ $@ + @echo $@ + @echo \$$(HTMLHELPDIR)/$*/%: $*/% $@ + @echo mkdir -p \$$(@D) $@ + @echo cp \$$ \$$@ $@ + @echo $@ + @echo $*-images-html-single: \$$(addprefix \$$(HTMLDIR)/, \$$($*-images-html)) $@ + @echo touch \$$@ $@ + @echo $*-images-html-chunks: \$$(addprefix \$$(HTMLDIR)/$*/, \$$($*-images-html)) $@ + @echo touch \$$@ $@ + @echo $*-images-htmlhelp: \$$(addprefix \$$(HTMLHELPDIR)/$*/, \$$($*-images-html)) $@ + @echo touch \$$@ $@ + +ifdef OUTPUTDIR +include $(addsuffix .d,$(MAIN_DOCS)) +endif + # Adobe PDF files -%.pdf: %.tex %.ind latexfigures - $(MAKE) $(shell $(XSLTPROC) --stringparam prepend --stringparam append .png --stringparam role latex xslt/find-image-dependencies.xsl $(DOCBOOKDIR)/$*.xml) +%.pdf: %.tex %.ind latexfigures %-images-latex-png -$(PDFLATEX) $ - $(THUMBPDF) $*.pdf + $(THUMBPDF) --quiet $*.pdf -$(PDFLATEX) $ # DVI files @@ -148,8 +179,7 @@ mkdir -p $(@D) cp $ $@ -%.dvi: %.tex %.idx - $(MAKE) $(shell $(XSLTPROC) --stringparam prepend --stringparam append .eps --stringparam role latex xslt/find-image-dependencies.xsl $(DOCBOOKDIR)/$*.xml) +%.dvi: %.tex %.idx %-images-latex-eps -$(LATEX) $ %.png: %.dia @@ -176,10 +206,11 @@ mkdir -p $(@D) JAVA_OPTS=-Xmx250m $(FOP) -q -d $ -pdf $@ -$(HTMLHELPDIR)/%: $(DOCBOOKDIR)/%.xml - mkdir -p $@/images - $(COPY_IMAGES) html $(DOCBOOKDIR)/$*.xml $* $@ - $(XSLTPROC) --stringparam htmlhelp.chm
svn commit: samba r5839 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: metze Date: 2005-03-17 00:33:56 + (Thu, 17 Mar 2005) New Revision: 5839 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5839 Log: add LDAP DirSync control idl metze Modified: branches/SAMBA_4_0/source/librpc/idl/drsblobs.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/drsblobs.idl === --- branches/SAMBA_4_0/source/librpc/idl/drsblobs.idl 2005-03-17 00:11:26 UTC (rev 5838) +++ branches/SAMBA_4_0/source/librpc/idl/drsblobs.idl 2005-03-17 00:33:56 UTC (rev 5839) @@ -126,4 +126,30 @@ void decode_repsFromTo( [in] repsFromToBlob blob ); + + typedef struct { + GUID guid1; + dlong usn; + } ldapControlDirSyncArray; + + typedef [public] struct { + uint8 prefix[4]; + uint32 u1; + NTTIME time; + uint32 u2; + uint32 u3; + uint32 u4; + dlong usn1; + dlong usn2; + dlong usn3; + GUID guid1; + dlong h4; + uint32 count; + uint32 u5; + ldapControlDirSyncArray array[count]; + } ldapControlDirSyncBlob; + + void decode_ldapControlDirSync( + [in] ldapControlDirSyncBlob blob + ); }
svn commit: samba r5840 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2005-03-17 00:37:39 + (Thu, 17 Mar 2005) New Revision: 5840 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5840 Log: Fix findfirst/findnext with protocol level NT1. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/clitrans.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clitrans.c === --- branches/SAMBA_3_0/source/libsmb/clitrans.c 2005-03-17 00:33:56 UTC (rev 5839) +++ branches/SAMBA_3_0/source/libsmb/clitrans.c 2005-03-17 00:37:39 UTC (rev 5840) @@ -195,11 +195,12 @@ /* * An NT RPC pipe call can return ERRDOS, ERRmoredata * to a trans call. This is not an error and should not -* be treated as such. +* be treated as such. Note that STATUS_NO_MORE_FILES is +* returned when a trans2 findfirst/next finishes. */ status = cli_nt_error(cli); - if (NT_STATUS_IS_ERR(status)) { + if (NT_STATUS_IS_ERR(status) || NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES)) { cli_signing_trans_stop(cli); return False; }
svn commit: samba r5841 - in trunk/source/libsmb: .
Author: jra Date: 2005-03-17 00:37:43 + (Thu, 17 Mar 2005) New Revision: 5841 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5841 Log: Fix findfirst/findnext with protocol level NT1. Jeremy. Modified: trunk/source/libsmb/clitrans.c Changeset: Modified: trunk/source/libsmb/clitrans.c === --- trunk/source/libsmb/clitrans.c 2005-03-17 00:37:39 UTC (rev 5840) +++ trunk/source/libsmb/clitrans.c 2005-03-17 00:37:43 UTC (rev 5841) @@ -195,11 +195,12 @@ /* * An NT RPC pipe call can return ERRDOS, ERRmoredata * to a trans call. This is not an error and should not -* be treated as such. +* be treated as such. Note that STATUS_NO_MORE_FILES is +* returned when a trans2 findfirst/next finishes. */ status = cli_nt_error(cli); - if (NT_STATUS_IS_ERR(status)) { + if (NT_STATUS_IS_ERR(status) || NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES)) { cli_signing_trans_stop(cli); return False; }
svn commit: samba r5842 - in trunk/source/smbd: .
Author: jra Date: 2005-03-17 01:02:29 + (Thu, 17 Mar 2005) New Revision: 5842 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5842 Log: Removed unused variable - pointed out by [EMAIL PROTECTED] in bugid #2460. Jeremy. Modified: trunk/source/smbd/dir.c Changeset: Modified: trunk/source/smbd/dir.c === --- trunk/source/smbd/dir.c 2005-03-17 00:37:43 UTC (rev 5841) +++ trunk/source/smbd/dir.c 2005-03-17 01:02:29 UTC (rev 5842) @@ -594,10 +594,8 @@ BOOL dptr_SearchDir(struct dptr_struct *dptr, const char *name, long *poffset, SMB_STRUCT_STAT *pst) { - BOOL ret; - ZERO_STRUCTP(pst); - while ((ret = SearchDir(dptr-dir_hnd, name, poffset)) == True) { + while (SearchDir(dptr-dir_hnd, name, poffset) == True) { if (is_visible_file(dptr-conn, dptr-path, name, pst, True)) { return True; }
svn commit: samba r5843 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-03-17 01:02:30 + (Thu, 17 Mar 2005) New Revision: 5843 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5843 Log: Removed unused variable - pointed out by [EMAIL PROTECTED] in bugid #2460. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/dir.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/dir.c === --- branches/SAMBA_3_0/source/smbd/dir.c2005-03-17 01:02:29 UTC (rev 5842) +++ branches/SAMBA_3_0/source/smbd/dir.c2005-03-17 01:02:30 UTC (rev 5843) @@ -594,10 +594,8 @@ BOOL dptr_SearchDir(struct dptr_struct *dptr, const char *name, long *poffset, SMB_STRUCT_STAT *pst) { - BOOL ret; - ZERO_STRUCTP(pst); - while ((ret = SearchDir(dptr-dir_hnd, name, poffset)) == True) { + while (SearchDir(dptr-dir_hnd, name, poffset) == True) { if (is_visible_file(dptr-conn, dptr-path, name, pst, True)) { return True; }
svn commit: samba r5844 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-03-17 01:19:49 + (Thu, 17 Mar 2005) New Revision: 5844 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5844 Log: Fix typo. Add cast for bug #2464 reported by [EMAIL PROTECTED] Jeremy. Modified: branches/SAMBA_3_0/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/trans2.c === --- branches/SAMBA_3_0/source/smbd/trans2.c 2005-03-17 01:02:30 UTC (rev 5843) +++ branches/SAMBA_3_0/source/smbd/trans2.c 2005-03-17 01:19:49 UTC (rev 5844) @@ -143,7 +143,7 @@ } else { pea-name = ea_name; } - pea-value.data = val; + pea-value.data = (unsigned char *)val; pea-value.length = (size_t)sizeret; return True; } @@ -1492,7 +1492,7 @@ if(numentries == 0) { dptr_close(dptr_num); - if (protocol PROTOCOL_NT1) { + if (Protocol PROTOCOL_NT1) { return ERROR_DOS(ERRDOS,ERRnofiles); } else { return ERROR_BOTH(NT_STATUS_NO_SUCH_FILE,ERRDOS,ERRbadfile);
svn commit: samba r5845 - in trunk/source/smbd: .
Author: jra Date: 2005-03-17 01:19:50 + (Thu, 17 Mar 2005) New Revision: 5845 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5845 Log: Fix typo. Add cast for bug #2464 reported by [EMAIL PROTECTED] Jeremy. Modified: trunk/source/smbd/trans2.c Changeset: Modified: trunk/source/smbd/trans2.c === --- trunk/source/smbd/trans2.c 2005-03-17 01:19:49 UTC (rev 5844) +++ trunk/source/smbd/trans2.c 2005-03-17 01:19:50 UTC (rev 5845) @@ -143,7 +143,7 @@ } else { pea-name = ea_name; } - pea-value.data = val; + pea-value.data = (unsigned char *)val; pea-value.length = (size_t)sizeret; return True; } @@ -1492,7 +1492,7 @@ if(numentries == 0) { dptr_close(dptr_num); - if (protocol PROTOCOL_NT1) { + if (Protocol PROTOCOL_NT1) { return ERROR_DOS(ERRDOS,ERRnofiles); } else { return ERROR_BOTH(NT_STATUS_NO_SUCH_FILE,ERRDOS,ERRbadfile);
svn commit: samba r5846 - in trunk/examples/LDAP: .
Author: jra Date: 2005-03-17 01:24:57 + (Thu, 17 Mar 2005) New Revision: 5846 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5846 Log: Fixes from Lars M?\195?\188ller and Vince Brimhall @Novell for NDS schema. Jeremy. Modified: trunk/examples/LDAP/samba-nds.schema Changeset: Modified: trunk/examples/LDAP/samba-nds.schema === --- trunk/examples/LDAP/samba-nds.schema2005-03-17 01:19:50 UTC (rev 5845) +++ trunk/examples/LDAP/samba-nds.schema2005-03-17 01:24:57 UTC (rev 5846) @@ -128,7 +128,7 @@ dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) ## ## SID, of any type
svn commit: samba r5847 - in branches/SAMBA_3_0/examples/LDAP: .
Author: jra Date: 2005-03-17 01:25:16 + (Thu, 17 Mar 2005) New Revision: 5847 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5847 Log: Fixes from Lars M?\195?\188ller and Vince Brimhall @Novell for NDS schema. Jeremy. Modified: branches/SAMBA_3_0/examples/LDAP/samba-nds.schema Changeset: Modified: branches/SAMBA_3_0/examples/LDAP/samba-nds.schema === --- branches/SAMBA_3_0/examples/LDAP/samba-nds.schema 2005-03-17 01:24:57 UTC (rev 5846) +++ branches/SAMBA_3_0/examples/LDAP/samba-nds.schema 2005-03-17 01:25:16 UTC (rev 5847) @@ -128,7 +128,7 @@ dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) ## ## SID, of any type
svn commit: samba r5848 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-03-17 01:50:09 + (Thu, 17 Mar 2005) New Revision: 5848 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5848 Log: Fix inherit owner to chown directories in a porable and secure way (from just secure on Linux). Idea from tridge. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/open.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/open.c === --- branches/SAMBA_3_0/source/smbd/open.c 2005-03-17 01:25:16 UTC (rev 5847) +++ branches/SAMBA_3_0/source/smbd/open.c 2005-03-17 01:50:09 UTC (rev 5848) @@ -115,67 +115,55 @@ } else { /* We've already done an lstat into psbuf, and we know it's a directory. If - we can do an open/fstat and the dev/ino are the same then we can safely - fchown without races. This works under Linux - but should just fail gracefully - if any step on the way fails. JRA */ + we can cd into the directory and the dev/ino are the same then we can safely + chown without races as we're locking the directory in place by being in it. + This should work on any UNIX (thanks tridge :-). JRA. + */ - BOOL need_close_fsp = False; + pstring saved_dir; SMB_STRUCT_STAT sbuf; - int fd = -1; - if (!fsp) { - int action; - fsp = open_directory(conn, fname, psbuf, FILE_GENERIC_READ, - SET_DENY_MODE(DENY_NONE)|SET_OPEN_MODE(DOS_OPEN_RDONLY), - FILE_EXISTS_OPEN, action); - if (!fsp) { - DEBUG(10,(change_owner_to_parent: open_directory on %s failed. Error was %s\n, - fname, strerror(errno) )); - return; - } - need_close_fsp = True; - } - fd = SMB_VFS_OPEN(conn,fname,O_RDONLY,0); - if (fd == -1) { - DEBUG(10,(change_owner_to_parent: failed to VFS_OPEN directory %s. Error was %s\n, - fname, strerror(errno) )); + if (!vfs_GetWd(conn,saved_dir)) { + DEBUG(0,(change_owner_to_parent: failed to get current working directory\n)); + return; + } + + /* Chdir into the new path. */ + if (vfs_ChDir(conn, fname) == -1) { + DEBUG(0,(change_owner_to_parent: failed to change current working directory to %s. \ +Error was %s\n, fname, strerror(errno) )); goto out; } - ret = SMB_VFS_FSTAT(fsp,fd,sbuf); - if (ret == -1) { - DEBUG(10,(change_owner_to_parent: failed to VFS_STAT directory %s. Error was %s\n, - fname, strerror(errno) )); + + if (SMB_VFS_STAT(conn,.,sbuf) == -1) { + DEBUG(0,(change_owner_to_parent: failed to stat directory '.' (%s) \ +Error was %s\n, fname, strerror(errno))); goto out; } /* Ensure we're pointing at the same place. */ - if (sbuf.st_dev != psbuf-st_dev || sbuf.st_ino != psbuf-st_ino || !S_ISDIR(sbuf.st_mode)) { - DEBUG(0,(change_owner_to_parent: device/inode/mode on director %s changed. Refusing to fchown !\n, + if (sbuf.st_dev != psbuf-st_dev || sbuf.st_ino != psbuf-st_ino || sbuf.st_mode != psbuf-st_mode ) { + DEBUG(0,(change_owner_to_parent: device/inode/mode on directory %s changed. Refusing to chown !\n, fname )); goto out; } become_root(); - ret = SMB_VFS_FCHOWN(fsp, fd, parent_st.st_uid, (gid_t)-1); + ret = SMB_VFS_CHOWN(conn, ., parent_st.st_uid, (gid_t)-1); unbecome_root(); if (ret == -1) { - DEBUG(10,(change_owner_to_parent: failed to fchown directory %s to parent directory uid %u. \ + DEBUG(10,(change_owner_to_parent: failed to chown directory %s to parent directory uid %u. \ Error was %s\n, fname, (unsigned int)parent_st.st_uid, strerror(errno) )); goto out; } - DEBUG(10,(change_owner_to_parent: changed new directory %s to parent directory uid %u.\n, + DEBUG(10,(change_owner_to_parent: changed ownership of new directory %s to parent directory uid %u.\n, fname, (unsigned int)parent_st.st_uid )); out: - if (fd != -1)
svn commit: samba r5849 - in trunk/source/smbd: .
Author: jra Date: 2005-03-17 01:50:09 + (Thu, 17 Mar 2005) New Revision: 5849 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5849 Log: Fix inherit owner to chown directories in a porable and secure way (from just secure on Linux). Idea from tridge. Jeremy. Modified: trunk/source/smbd/open.c Changeset: Modified: trunk/source/smbd/open.c === --- trunk/source/smbd/open.c2005-03-17 01:50:09 UTC (rev 5848) +++ trunk/source/smbd/open.c2005-03-17 01:50:09 UTC (rev 5849) @@ -115,67 +115,55 @@ } else { /* We've already done an lstat into psbuf, and we know it's a directory. If - we can do an open/fstat and the dev/ino are the same then we can safely - fchown without races. This works under Linux - but should just fail gracefully - if any step on the way fails. JRA */ + we can cd into the directory and the dev/ino are the same then we can safely + chown without races as we're locking the directory in place by being in it. + This should work on any UNIX (thanks tridge :-). JRA. + */ - BOOL need_close_fsp = False; + pstring saved_dir; SMB_STRUCT_STAT sbuf; - int fd = -1; - if (!fsp) { - int action; - fsp = open_directory(conn, fname, psbuf, FILE_GENERIC_READ, - SET_DENY_MODE(DENY_NONE)|SET_OPEN_MODE(DOS_OPEN_RDONLY), - FILE_EXISTS_OPEN, action); - if (!fsp) { - DEBUG(10,(change_owner_to_parent: open_directory on %s failed. Error was %s\n, - fname, strerror(errno) )); - return; - } - need_close_fsp = True; - } - fd = SMB_VFS_OPEN(conn,fname,O_RDONLY,0); - if (fd == -1) { - DEBUG(10,(change_owner_to_parent: failed to VFS_OPEN directory %s. Error was %s\n, - fname, strerror(errno) )); + if (!vfs_GetWd(conn,saved_dir)) { + DEBUG(0,(change_owner_to_parent: failed to get current working directory\n)); + return; + } + + /* Chdir into the new path. */ + if (vfs_ChDir(conn, fname) == -1) { + DEBUG(0,(change_owner_to_parent: failed to change current working directory to %s. \ +Error was %s\n, fname, strerror(errno) )); goto out; } - ret = SMB_VFS_FSTAT(fsp,fd,sbuf); - if (ret == -1) { - DEBUG(10,(change_owner_to_parent: failed to VFS_STAT directory %s. Error was %s\n, - fname, strerror(errno) )); + + if (SMB_VFS_STAT(conn,.,sbuf) == -1) { + DEBUG(0,(change_owner_to_parent: failed to stat directory '.' (%s) \ +Error was %s\n, fname, strerror(errno))); goto out; } /* Ensure we're pointing at the same place. */ - if (sbuf.st_dev != psbuf-st_dev || sbuf.st_ino != psbuf-st_ino || !S_ISDIR(sbuf.st_mode)) { - DEBUG(0,(change_owner_to_parent: device/inode/mode on director %s changed. Refusing to fchown !\n, + if (sbuf.st_dev != psbuf-st_dev || sbuf.st_ino != psbuf-st_ino || sbuf.st_mode != psbuf-st_mode ) { + DEBUG(0,(change_owner_to_parent: device/inode/mode on directory %s changed. Refusing to chown !\n, fname )); goto out; } become_root(); - ret = SMB_VFS_FCHOWN(fsp, fd, parent_st.st_uid, (gid_t)-1); + ret = SMB_VFS_CHOWN(conn, ., parent_st.st_uid, (gid_t)-1); unbecome_root(); if (ret == -1) { - DEBUG(10,(change_owner_to_parent: failed to fchown directory %s to parent directory uid %u. \ + DEBUG(10,(change_owner_to_parent: failed to chown directory %s to parent directory uid %u. \ Error was %s\n, fname, (unsigned int)parent_st.st_uid, strerror(errno) )); goto out; } - DEBUG(10,(change_owner_to_parent: changed new directory %s to parent directory uid %u.\n, + DEBUG(10,(change_owner_to_parent: changed ownership of new directory %s to parent directory uid %u.\n, fname, (unsigned int)parent_st.st_uid )); out: - if (fd != -1) { - SMB_VFS_CLOSE(fsp,fd); -
svn commit: samba r5850 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: metze Date: 2005-03-17 04:24:35 + (Thu, 17 Mar 2005) New Revision: 5850 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5850 Log: enable parsing of revision 4 security acl's metze Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl branches/SAMBA_4_0/source/librpc/idl/security.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl === --- branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2005-03-17 01:50:09 UTC (rev 5849) +++ branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2005-03-17 04:24:35 UTC (rev 5850) @@ -384,9 +384,7 @@ [case(DRSUAPI_ATTRIBUTE_objectSid)] drsuapi_DsAttributeValueCtrSID sid; /* SecurityDescriptor */ - /* we can't parse some ads specific security_descriptors yet [case(DRSUAPI_ATTRIBUTE_ntSecurityDescriptor)] drsuapi_DsAttributeValueCtrSecurityDescriptor security_descriptor; - */ /* UnicodeString */ [case(DRSUAPI_ATTRIBUTE_description)] drsuapi_DsAttributeValueCtrUnicodeString unicode_string; Modified: branches/SAMBA_4_0/source/librpc/idl/security.idl === --- branches/SAMBA_4_0/source/librpc/idl/security.idl 2005-03-17 01:50:09 UTC (rev 5849) +++ branches/SAMBA_4_0/source/librpc/idl/security.idl 2005-03-17 04:24:35 UTC (rev 5850) @@ -214,28 +214,55 @@ SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT= 8 } security_ace_type; + typedef bitmap { + SEC_ACE_OBJECT_TYPE_PRESENT = 0x0001, + SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x0002 + } security_ace_object_flags; + + typedef [nodiscriminant] union { + /* this is the 'schemaIDGUID' attribute of the attribute object in the schema naming context */ + [case(SEC_ACE_OBJECT_TYPE_PRESENT)] GUID type; + [default]; + } security_ace_object_type; + + typedef [nodiscriminant] union { + /* this is the 'schemaIDGUID' attribute of the objectclass object in the schema naming context +* (of the parent container) +*/ + [case(SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] GUID inherited_type; + [default]; + } security_ace_object_inherited_type; + + typedef struct { + security_ace_object_flags flags; + [switch_is(flags SEC_ACE_OBJECT_TYPE_PRESENT)] security_ace_object_type type; + [switch_is(flags SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] security_ace_object_inherited_type inherited_type; + } security_ace_object; + + typedef [nodiscriminant] union { + [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] security_ace_object object; + [case(SEC_ACE_TYPE_ACCESS_DENIED_OBJECT)] security_ace_object object; + [case(SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT)] security_ace_object object; + [case(SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT)] security_ace_object object; + [default]; + } security_ace_object_ctr; + typedef [public] struct { security_ace_type type; /* SEC_ACE_TYPE_* */ security_ace_flags flags; /* SEC_ACE_FLAG_* */ [value(ndr_size_security_ace(r))] uint16 size; uint32 access_mask; - -#if 0 - /* the 'obj' part is present when type is _TYPE__OBJECT */ - struct { - uint32 flags; - GUID object_guid; - GUID inherit_guid; - } *obj; -#endif - + [switch_is(type)] security_ace_object_ctr object; dom_sid trustee; } security_ace; typedef enum { - NT4_ACL_REVISION = 2 + SECURITY_ACL_REVISION_NT4 = 2, + SECURITY_ACL_REVISION_ADS = 4 } security_acl_revision; + const uint NT4_ACL_REVISION = SECURITY_ACL_REVISION_NT4; + typedef [public] struct { security_acl_revision revision; [value(ndr_size_security_acl(r))] uint16 size; @@ -245,10 +272,10 @@ /* default revision for new ACLs */ typedef [enum8bit] enum { - SEC_DESC_REVISION_1 = 1 + SECURITY_DESCRIPTOR_REVISION_1 = 1 } security_descriptor_revision; - const int SD_REVISION= SEC_DESC_REVISION_1; + const int SD_REVISION= SECURITY_DESCRIPTOR_REVISION_1; /* security_descriptor-type bits */ typedef [bitmap16bit] bitmap { @@ -277,7 +304,6 @@ const int SECINFO_DACL = 0x0004; const int SECINFO_SACL = 0x0008; - typedef
svn commit: samba r5851 - in branches/SAMBA_3_0/source/libsmb: .
Author: jerry Date: 2005-03-17 04:55:00 + (Thu, 17 Mar 2005) New Revision: 5851 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5851 Log: BUG 2456: reported by Jason Mader; remove non standard pragma (my fault); should fix some builds with non-gcc compilers Modified: branches/SAMBA_3_0/source/libsmb/libsmbclient.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/libsmbclient.c === --- branches/SAMBA_3_0/source/libsmb/libsmbclient.c 2005-03-17 04:24:35 UTC (rev 5850) +++ branches/SAMBA_3_0/source/libsmb/libsmbclient.c 2005-03-17 04:55:00 UTC (rev 5851) @@ -4094,7 +4094,6 @@ dos_attr_parse(context, dad, srv, namevalue); /* Set the new DOS attributes */ -#warning Should try Set Path Info first, but it's not yet implemented #if 0 /* not yet implemented */ if (! cli_setpathinfo(srv-cli, path, dad-c_time, @@ -4233,7 +4232,6 @@ dos_attr_parse(context, dad, srv, namevalue); /* Set the new DOS attributes */ -#warning Should try Set Path Info first, but it's not yet implemented #if 0 /* not yet implemented */ ret2 = cli_setpathinfo(srv-cli, path, dad-c_time,