RE: [Samba] Users' Profiles
I am having an issue with users' profiles under the SAMBA environment. The users would be using a Windows XP Pro workstation that is under the SAMBA domain. Ever since SAMBA was implemented, I would have to recreate users' profiles intermittently. Whenever this happens, the users would be prompt with an error message which states that it is unable to log onto the local profile and it would eventually create a temporary profile when logging in. Just this morning, I made the attempt to just reboot the workstation when the issue happened again. Surprisingly, it worked and I did not have to recreate the user's profile. Do you happen to know why? What do I need to do to prevent this issue from happening again? I don't think this is a Samba issue as I have had this occur with our Win2K server and XP Pro clients as well. Don't know what causes it but rebooting the workstation seems to take care of the problem. hardly the type of investigative problem solving that inspires confidence in the system administrator... I have seen several instances when Microsoft stuff such as Outlook or Windows Media Player creates files like prf9.tmp and these files are poisonous to loading a roaming profile (substitute other numbers for the 9). If you were having the same problem that I had, that won't help since I wasn't using roaming profiles. I was using folder redirection but that won't cause the prf .tmp files to be created since a profile is not being synchronized. I guess it is possible that the problem is caused by a bad nic but I can't say whether that was my problem since I switched server hardware shortly after the problem occured and haven't seen it since. No reason to bother investigating something that isn't there any more. I do stand by the point of my original response though by simple stating that I don't believe this problem is caused by something inherent in Samba. Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Restricting winbind to the default domain
Etienne Goyer wrote: Greetings, I want to use winbind in conjunction with nsswitch in a pretty large AD. I would like winbind to only map users in the default domain. As it is, winbind map users in other trusted domain of the AD too, which is *not* what I want. I am not sure I made myself very clear, so here is an example. Let's say I have an AD called ACME.COM. There are the domains PROD.ACME.COM and ADMIN.ACME.COM in this AD. I made my Samba server join the PROD.ACME.COM domain. When I have nsswitch.conf configured correctly, getent passwd@ return all the users in both domains. I would prefer it return only users in the PROD.ACME.COM domain, and not those in ADMIN.ACME.COM. Is that possible ? I know about winbind enum users and winbind enum groups, but this is not what I want. I do not want account outside the default domain to be valid on my this server for services other than Samba. I am running Samba 3.0.10 on RHEL 4. Thanks a lot ! Etienne Goyer please have a look at allow trusted domains -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.10 mysql pdbedit
Hmm here is a thought.. it looks like your samba user in the mysql-server is set wrong. standard, mysql set's somthing like: [EMAIL PROTECTED] [EMAIL PROTECTED] ect ect. in the user db. now mysql uses [EMAIL PROTECTED] for your samba user, and my guess is that that account in mysql has no password set, when trying to login to mysql with a pass, mysql returns access denied! here is what you should try, go to a bash shell fire-up mysql-client and try to login as user samba on localhost. if you get access denied it's still set wrong. (you could try to use user samba and no pass) so try to remove the [EMAIL PROTECTED] and make sure you have an alternative login (incase things screw up) set your samba user with the pass you desire.. and now try to login with your mysql client again, providing the correct user pass db and ip.. if you can get in, you succeed. and you can continue with your samba setting, if not, look if there are anny more entries in the mysql user db (the mysql user db that is, not the samba db within mysql!!) good luck. this is ovious a mysql thing, not a samba.! Collen. ps. you could also try to set 'mysql:mysql host = 192.168.x.x' to work around the localhost problem ?? Peter Stickney wrote: That did it! I thought I had tried that, but apparently not. I guess the only reason I was getting the host, user and database correctly output from pdbedit was because it is the default values, and it wasnt actually getting read from the conf file. Sorry about hijacking this thread too. Accidental. thanks -peter [EMAIL PROTECTED] wrote: Hi Follow the sample come with samba source: - [global] netbios name = FOOBAR workgroup = TESTGROUP security = domain domain logons = yes domain master = yes passdb backend = plugin:/usr/local/samba/lib/pdb_mysql.so:mysql mysql:mysql host = rhonwyn mysql:mysql user = samba mysql:mysql password = ambas mysql:mysql database = samba -- In your smb.conf just replace as above: ... passdb backend = mysql:kodos kodos:mysql user = samba kodos:mysql password = samba ... -butsyk Hello - A little mysql/samba help if I can get it. I'm running samba 3.0.10. configured with : ./configure --with-mysql-prefix=/usr --prefix=/usr/local/samba-3.0.10 --with-expsam=mysql [smb.conf] netbios name= KODOS passdb backend = mysql:mysql kodos:mysql user = samba kodos:mysql password = samba kodos:mysql database = samba kodos:domain column = 'PVPSC' kodos:fullname column = CONCAT(firstname, ' ', surname); kodos:lanman pass column = lm_pass; kodos:nt pass column = nt_pass; kodos:unknown 3 column = NULL when I run pbdedit -L as a test of the mysql plugin I get: Connecting to database server, host: localhost, user: samba, password: , database: samba, port: 3306 Failed to connect to mysql database: error: Access denied for user: '[EMAIL PROTECTED]' (Using password: NO) pdb backend mysql:mysql did not correctly init (error was NT_STATUS_UNSUCCESSFUL) Loading mysql:mysql failed! What concerns me is the blank password that pdbedit returns. There is a password defined it the conf file, but it looks like it doesn't make it over to here. I made created the mysql user already:' GRANT ALL PRIVILEGES ON samba.* TO 'samba'@'localhost' IDENTIFIED BY 'samba' WITH GRANT OPTION; Anyone have a similiar issue? Or am I missing something simple? thanks -peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] autocad locking problem
Hi list, I was wondering is it possible for third part apps to force LEVEL_II oplocks? We have designer office with autocad 2004 which doesn't do level2 oplocks, but M$ Word do all the time. It seems that M$ Word create lock file like name.ext = ~$me.ext but autcad create name.dwg = name.dwl lock file. Thanks. -butsyk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NetShareEnum
I'm trying to list my Linux shared exported by samba from a Windows 2003 I'm using the NetShareEnum api the sample is working between 2 windows but it fails on the linux with error 5 Access Denied who to configure samba on the linux to ba able to do that ? thanks hervé -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mounting Wind0ws server share with write access
Hi there, I have to admit Im new to samba and have been struggling for weeks now on how to mount a wind0ws 2000 server share on my Linux box with read-write access. I have mounted the windows share using the command: mount -t smbfs -o username=winaccount //windows/share /my/mountpoint but the problem is it's mounted as read-only to a regular user. Only the root account have the write access to the wind0ws share. How can i mount the wind0ws share on my Linux box with write access to regular Linux users? Im using samba samba-2.2.7a-8.9.0 on RedHat Linux 9 with Ximian Desktop. It's also a thin-client server for some of the employees who also need access to wind0ws shares. I'm listing my smb.conf below and hope some1 would be able to help me out. Any advice, comments, links, would be appreciated :) thanx in advice. Cheers... Allison S. Gatdula [global] workgroup = windomain netbios name = RH9SERVER netbios aliases = tower server string = ltsp server interfaces = eth1* eth0 security = DOMAIN encrypt passwords = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = No dns proxy = No valid users = allison hosts allow = 192.168.0. 192.168.104. 127. printing = cups [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Strange Konqueror behaviow with samba share
I have a samba share mounted as follows //193.29.247.11/USERNAME$ /mnt/USERNAME smbfs fmask=6770,dmask=6770,uid=USERNAME,gid=USERNAME,credentials=/etc/cred,workgroup=WORKGROUG,iocharset=iso8859-1 0 0 As USERNAME in Konqueror (KDE 3.3.2) I can create a directory, but not delete it which is very annoying. Creating and deleting directories in console works fine, but only after closing Konqueror. Anyone using KDE with samba shares know what could be causeing this behavior? ii libsmbclient 3.0.14a-1 shared library that allows applications to t ii smbclient 3.0.14a-1 a LanManager-like simple client for Unix ii smbfs 3.0.14a-1 mount and umount commands for the smbfs (for rc tksmb 0.8.8-6SMB (Samba and Windows) network browser Thanks in advance, Chris -- Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie! Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind problem with Solaris 8
Hi, We are having a problem with Samba 3.0.13 winbind on Sparc Solaris 8 NT4 domain. The following is appearing during our overnight backup jobs and looks like winbind cannot map a unix uid to a windows SID. Samba itself works and users are able to see and use the share. Wbinfo -u -g -t all work I have winbind in nsswitch.conf passwd: files winbind group: files winbind The output of log.winbindd is as follows Copyright The Samba Team 2000-2004 [2005/05/17 20:41:10, 1] nsswitch/winbindd.c:main(864) winbindd version 3.0.13 started. Copyright The Samba Team 2000-2004 [2005/05/18 01:44:20, 1] nsswitch/winbindd_user.c:winbindd_getpwuid(238) could not convert uid 10259 to SID [2005/05/18 01:48:08, 1] nsswitch/winbindd_user.c:winbindd_getpwuid(238) could not convert uid 10259 to SID [2005/05/18 07:10:03, 1] nsswitch/winbindd.c:main(864) winbindd version 3.0.13 started. Copyright The Samba Team 2000-2004 The problem also occurs when running ls -l from the UNIX prompt which hangs on the samba share directory ls -ln works. Any help appreciated. Thank You Graeme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] losing access to profile when user becomes domain user instead domain admin
Hi, thanks for your answer. I have found the problem, was not as complicated as it looked. I did not read the error message well enough to see that only some files could not be saved in the profile. These were files the user was not the owner and so he did not have access to them. Reason was he copied them from the local admin profile. Once I got this fixed everything is working as expected. Thank you Rainer Thomas M. Skeren III wrote: Rainer Traut wrote: Hi, I am in the process of migrating our windows workstations to a samba domain. Here is the problem: When creating the domain user I put every user additionalyy in the domain admin group so that he/she can copy his old files on the local profile to his new domain account. Then after this is done I put them to the domain users group but some (!) of the user the lose then access to the profile. Yeah, that's what happens. It's mostly a Windows problem...well not problem, rather it's security related. If you're using WinXP, the best way to do this is to using the file and setting transfer wizard in the non domain account and export the settings. Then login to the domain account and import those settings. This way the user needs no special permissions and the profile is fully restored for the user. I've done this numerous times, and this is by far the best way to do it. TMS III When I look at permissions on their workstation everything looks ok, but he/she has no write access, though he is listed as owner. samba is samba-3.0.13-1.4E.2 on Redhat EL4. Here are parts of smb.conf [Profiles] comment = Roaming profiles share path = /shares/profiles writeable = yes create mask = 0700 directory mask = 0770 browsable = no valid users = @domusers root force user = %U profile acls = yes [EMAIL PROTECTED] Eigene Dateien]# net groupmap list Domain Admins (S-1-5-21-2187243289-1530508873-3638611354-512) - domadmins System Operators (S-1-5-32-549) - -1 Domain Guests (S-1-5-21-2187243289-1530508873-3638611354-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Domain Users (S-1-5-21-2187243289-1530508873-3638611354-513) - domusers Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 This works: [EMAIL PROTECTED] Eigene Dateien]# id koe uid=24446(koe) gid=1000(domusers) Gruppen=1000(domusers),1003(domadmins) [EMAIL PROTECTED] Eigene Dateien]# This does not: [EMAIL PROTECTED] Eigene Dateien]# id koe uid=24446(koe) gid=1000(domusers) Gruppen=1000(domusers) [EMAIL PROTECTED] Eigene Dateien]# Thanks for help Rainer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba compatibility with NetAPP filers.
Hi! We are also using NetApp filers (F880) runnning OS 7.0.0.1GD with samba 3.0.11 and 3.0.14a with no problems at all! We also had it working back when dataontap 6.5.5 and samba 3.0.9 was new! so i dont think DataOntap and Samba are not compatable! Regards Jeremy Allison wrote: On Tue, May 17, 2005 at 05:29:48PM -0400, Badinter, George wrote: Still the same issue : session request ok Serverzone is 14400 Password: Doing spnego session setup (blob length=89) got OID=1 2 840 48018 1 2 2 got OID=1 3 6 1 4 1 311 2 2 10 got [EMAIL PROTECTED] Got challenge flags: Got NTLMSSP neg_flags=0x00890205 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x00080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x00080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 spnego_parse_auth_response failed at 9 Failed to parse auth response SPNEGO login failed: Unexpected information received session setup failed: SUCCESS - 0 I need access to a NetApp box running whatever version of their OS is giving the problem in order to fix it. Jeremy. -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit 1a Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Browsing problem
Hi guys, I've just upgraded from Debian Woody to Sarge, that involved upgrading my working Samba setup to version 3.0.14. With no changes to my config file, I now find that my windows machines cannot correctly browse the network. They can open shares on the linux box if I do Start - Run \\ip.address.of.machine but the browse list isn't showing up. The samba server is correctly becoming the master browser, is a WINS server, and the windows clients are set to use this WINS server. Can anyone offer any assistance? The appropriate portion of smb.conf is below. If any more information would be helpful, please let me know. Many thanks Andy [global] panic action = /usr/share/samba/panic-action %d smb passwd file = /etc/samba/smbpasswd printing = bsd printcap name = /etc/printcap load printers = no guest account = nobody add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u security = user workgroup = gently netbios name = cube server string = %h server (Samba %v) syslog only = no syslog = 0; socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 encrypt passwords = true passdb backend = tdbsam guest wins support = yes os level = 64 domain master = yes local master = yes preferred master = yes name resolve order = wins lmhosts host dns proxy = no preserve case = yes short preserve case = yes case sensitive = no unix password sync = false passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . max log size = 1000 interfaces = 192.168.202.0/255.255.255.0 socket address = 192.168.202.101 allow hosts = 192.168.202.0/255.255.255.0 127. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] MS Desktop and MyDocuments in /home?
Hi! Im rather new to Samba, so please excuse me, if I'm asking something obvious. Im using Samba in my Home- Lan as PDC for WinXP Prof Clients whith roaming profiles. Since all clients in the LAN are Dualboot WinXP/ SuSE 9.2, I would like an easy way of accessing my files the same way when I use Windows or Linux. Therefore I moved the users Desktop and MyDocuments Folders in a offline- available share with path /home on the Samba Server. MyDocuments resolves to Documents and Desktop to Desktop. So when I mount the serves /home- directory to my Linux boxes, I have the same files in my Home Directory and on my Desktop. Now my question. Is there any reason, not to do so? During my studies, I often read, one shouldn't put MyDocuments in the the [home] share, but what if I share the whole directory? and do these 2 shares interfere? As far as I know, [home] is needed, when setting up a Samba Server. I'm using this setup right now and didn't encounter any problems, but it would be nice to know, if there will be any in the future. Thanks for your answers. Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ldap user suffix, 3.0.14a
Hi - I'm using samba 3.0.14a - the latest release from debian and it nearly works perfectly. However, i'm finding that the ldap user suffix paramater in the configuration file is being ignored and it's using the value of ldap suffix instead. From what i've read of the changelog this behaviour isn't supposed to happen anymore so i'm wondering if anyone can help me. I've tried settting ldap user suffix to the part of the dn relative to the ldap suffix as the documentation suggests and i've also tried setting it to the full dn but either way i can see in both my samba and my ldap logs that it's being ignored. Users authenticate correctly as the scope of the ldap search is set to sub but this is not the behaviour i need. I want to use aliases to manage which users have access to samba. Any help or advice you can give me would be much appreciated. please cc me manually in your reply as i'm not subscribed to the list. Thanks, John Allman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Message (Your message dated Wed, 18 May 2005 12:30:57 UTC...)
Your message dated Wed, 18 May 2005 12:30:57 UTC with subject Transparenz ist das Mindeste has been submitted to the moderator of the TEXTBREAKINGNEWS list. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mac os x
Hello list, I have a simple question: I have a mac os X server running ldap. I want to install Linux and Samba on another machine, and let Samba authenticate to the LDAP. Is this doable? I know samba can authenticate with LDAP, but that there are some differences when doing this to a mac os X LDAP. thanks in advance. -Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind users and vnc logins
Is there any way for winbind to authenticate vnc logins? I've got winbind up and running and working fine for local and gdm logins on a Fedora Core 3 installation. But when I try to set up vncserver on it, it doesn't recognize winbind users. There doesn't seem to be a PAM for vnc. So is remote access via vnc out of the question for winbind users? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba smbpasswds and local Linux passwords
Hello all, I am new to the list and am in need of some assistance: Does anyone have a current solution that they are using to synchronize the smbpasswd's on samba 3.0 with their local /etc/shadow passwords on RedHat 3.0 ES? I need a way to do this for the existing users on the system and for new users that get created nightly on the systems. Our users do log into the system remotely as well as access their samba shares. This only involves one server: RedHat 3.0 ES, running Samba 3.0 with user security, our windows environment is Win 2003 native mode. I have tried a few How-to's to get it to authenticate via ADS but with no success, so that is why I am looking for a way to sync the local /etc/shadow passwords with the smbpasswd file. Any help with this would be of great assistance. Vince -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Restricting winbind to the default domain
Michael Gasch wrote: Etienne Goyer wrote: I want to use winbind in conjunction with nsswitch in a pretty large AD. I would like winbind to only map users in the default domain. As it is, winbind map users in other trusted domain of the AD too, which is *not* what I want. [...snip...] please have a look at allow trusted domains Thank you very much sir, this is precisely what I need. It is worth noting that the smb.conf(5) man page have the following to say regarding this directive : This option only takes effect when the security option is set to server or domain. This is incorrect, as I am running with security = ads, and it apparently do the right thing. I'll try to contact the maintainer of this man page on the subject. Thanks again ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Err#150 EINPROGRESS
Hi, I have a problem with a csw Samba 3.0.13 Installation. From time to time, Samba processes stop responding. The result is that the files which are locked by that process are not accessible until I kill that process, obviously. Loglevel 3 doesn't report anything. The only error message I get (see header) is reported by truss Here's the last few truss lines: getuid()= 0 [0] write(262, [ 2 0 0 5 / 0 5 / 1 8 .., 86)= 86 getuid()= 0 [0] write(262, s e t t i n g s e.., 49)= 49 getuid()= 0 [0] getgid()= 0 [0] setgroups(0, 0x)= 0 setregid(-1, 0) = 0 getgid()= 0 [0] setreuid(-1, 0) = 0 getuid()= 0 [0] sysconfig(_CONFIG_NGROUPS) = 16 open(/etc/default/nss, O_RDONLY|O_LARGEFILE) = 256 read(256, # i d e n t\t @ ( #.., 1024) = 749 read(256, 0x003F5A90, 1024) = 0 close(256) = 0 open(/etc/group, O_RDONLY)= 256 close(256) = 0 door_info(4, 0xFFBF8490)= 0 door_call(4, 0xFFBF8478)= 0 so_socket(PF_INET, SOCK_STREAM, IPPROTO_IP, , 1) = 256 setsockopt(256, tcp, TCP_NODELAY, 0xFFBFBB0C, 4, 1) = 0 fcntl(256, F_GETFL, 0xFF357AA8) = 2 fcntl(256, F_SETFL, 0x0082) = 0 connect(256, 0x003E9B10, 16, 1) Err#150 EINPROGRESS After that the process goes sleeping and doesn't come back. Any ideas? Anyone? Thanks in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind Problem
Hi, I have got two production facilities having the same configuration, facility 1-(domain CSW)Samba 3.0.5 PDC running on redhat 9 and 4 member server running the same samba version on redhat 9, facility-2- (domain CSWN)Samba 3.0.5 PDC with 2 domain member server, the domain member server uses winbind to authenticate usersthey connect to the local PDC, I have configured two way trust between the two facilities , everything was running perfectly from last 6 months, but from last two days the winbind is giving problem in domain CSW, the following error message appears on the member server in log.winbindd [2005/05/18 15:10:01, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe:return critical error. Error was call timed out: server did not respond after 1 millisecond where as wbinfo -t is successful, but wbinfo -u and -g gives me the listing of only the trusting domain users(CSWN list and no CSW user list). The following error message is appearing on the domain controller of CSW domain make_server_info_info3:pdb_init_sam failed! Please suggest me some solution. Regards, Honey -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Good day
I apologize for this automatic reply to your email. To control spam, I now allow incoming messages only from senders I have approved beforehand. If you would like to be added to my list of approved senders, please fill out the short request form (see link below). Once I approve you, I will receive your original message in my inbox. You do not need to resend your message. I apologize for this one-time inconvenience. Click the link below to fill out the request: https://webmail.atl.earthlink.net/wam/[EMAIL PROTECTED]id=1dyovi4Xs3Nl3qB0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] strange error
hey all im using samba v.3.02, an a redhat es sp2 system i get the following error: May 18 14:08:17 ejpdxt0002 smbd[13169]: [2005/05/18 14:08:17, 0] smbd/nttrans.c:call_nt_transact_ioctl(1990) May 18 14:08:17 ejpdxt0002 smbd[13169]: call_nt_transact_ioctl(0x84002490): Currently not implemented. im using sanergy, perhaps this is a issue? thanks in advance regards michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind users and vnc logins
Basil Copeland schrieb: Is there any way for winbind to authenticate vnc logins? I've got winbind up and running and working fine for local and gdm logins on a Fedora Core 3 installation. But when I try to set up vncserver on it, it doesn't recognize winbind users. There doesn't seem to be a PAM for vnc. So is remote access via vnc out of the question for winbind users? Hi, vnc has its own password set, which is very cool if windows auth fails, ( maybe there are prof vnc clones which work in an other way ) for domain/win auth use dameware Redgards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] OS X Server and Duplication
Yes, and no. Depends on who for and how you set things up. In our case, we have a master and a slave OpenLDAP-based LDAP directory servicing both UNIX and Windows logons via nss_ldap, and samba. Our user home directories are all stored on one machine, various network shares, printers, and other stuff on the 'backup' server. Every day we sync the data from one to the other via rsync (could do more frequently, but for reasons beyond the scope of this discussion we don't). Should for some reason the primary server fail, the BDC will accept logons, and a simple change of the login script to change drive mappings and we're all set with at the very worst, yesterdays data - without requiring any data recovery from backups, etc. The system works well, but all of the details you don't need to answer your question. Mac OS X is based on FreeBSD, and shares similar traits especially so in the networking and kernel-land stuff... As such there is little to no difference running OpenLDAP on either. Just a matter of configuring and running slurp, (the replication facility within OpenLDAP). You can configure samba to read it's directory from more than one LDAP server, so even samba need not be restarted in the event of failure. The details of setting up OpenLDAP to use replication are the same for any db stored in OpenLDAP, regardless of the db's use or purpose - I'd point you on over to the how-to's which do a fairly good job of elaborating on how/why replication is done and will walk you through completing your setup. http://www.openldap.org/ has a great set of documentation, as does samba on the matter - try reading a bit and come back should you have any further more detailed issues arrise. Good luck, -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmptl.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Msdigital Sent: Tuesday, May 17, 2005 8:14 PM To: [EMAIL PROTECTED]; samba@lists.samba.org Subject: [Samba] OS X Server and Duplication One question and a comment--- Is it possible to setup a G4 X Server into a duplicating server for my k12 LDAP Server? If not, what are the steps to creating a duplication server for my LDAP server using a PC. I am fairly new to LDAP, and as I play around with it more I am understanding the way it functions. But I am a bit confused about duplication server. As I understand it, a duplication server only duplicates login information( Username Password), but not home directory information. Only the Master has the home directory. IF the master fails, the nearest duplication server (slave) will allow user to login. Please correct me if I am wrong. --mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] No Folder browseable
Hello everybody! after no answer has been send, i've read a little bit around and searched the docs and found this hints, where i think this could be the origin of the problem. It also included a change in behavior of winbindd. Please refer to the man page for smb.conf before implementing any update from versions prior to 3.0.8 to a current version. The main problem is, i have read both man pages of smb.conf (3.0.9 and 3.0.14a) but none of them spends any word on how the behavior of winbind has changed. From my point of view, the tdb files have changed. is that right. the samba server is a member of an nt4 domain. Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| rg -| [mailto:[EMAIL PROTECTED] -| .samba.org] On Behalf Of [EMAIL PROTECTED] -| Sent: Tuesday, May 17, 2005 9:25 AM -| To: samba@lists.samba.org -| Cc: Lutz, Mathias; Oeltze, Benjamin -| Subject: [Samba] No Folder browseable -| -| Hello everybody, -| -| i upgraded last week a samba installation from version -| 3.0.9 to version 3.0.14a using -| the rpms from ftp.sernet.de (sles9-i386 tree). I just -| installed the rpms as usual -| with the rpm -e and rpm -i and everything seems to be fine. -| But there was no browsing -| possible. due to a small timeslot i had to downgrade to -| 3.0.9 then which worked very fine. -| the problem is that i have to find out, why the upgrade -| failed before trying to upgrade -| again. has any tdbfile be changed or why was i not able to -| browse the shares. they were accessable, mountable -| but not browsable. -| -| Mit freundlichem Gruß, -| -| -| -| Dirk Laurenz -| Systems Engineer -| -| Fujitsu Siemens Computers -| S CE DE SE PS N/O -| Sales Central Europe Deutschland -| Professional Service Nord / Ost -| -| Hildesheimer Strasse 25 -| 30880 Laatzen -| Germany -| -| Telephone: +49 (511) 84 89 - 18 08 -| Telefax:+49 (511) 84 89 - 25 18 08 -| Mobile: +49 (170) 22 10 781 -| Email: mailto:[EMAIL PROTECTED] -| Internet: http://www.fujitsu-siemens.com -| http://www.fujitsu-siemens.de/services/index.html -| -| *** -| -| -- -| To unsubscribe from this list go to the following URL and read the -| instructions: https://lists.samba.org/mailman/listinfo/samba -| -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind users and vnc logins
On 5/18/05, Robert Schetterer [EMAIL PROTECTED] wrote: Hi, vnc has its own password set, which is very cool if windows auth fails, ( maybe there are prof vnc clones which work in an other way ) for domain/win auth use dameware The problem isn't the vnc password. The problem is that vnc doesn't recognize the user. The user is a winbind user, i.e. a Win2k3 Active Directory user. For this user to get authenticated, pam_winbind.so has to be invoked. Without a PAM module for vnc, I guess that's not going to happen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 dms doesn't allow access through interdomain trust
Hello everyone! I have a little problem: HRH = trusted domain (Samba 3) Hendricks = trusting domain (NT4 sp6a) Trusts are setup between the NT4 and Samba3 + OpenLDAP domain and appear to be working properly. When logged into the HRH domain on a W2k workstation I can view,read, and write on available shares for HRH groups and users on our Windows file servers. Whenever I try to see available shares on our Samba 3 domain member server I get the prompt for 'Incorrect password or unknown user name for fp3lb'. If I put in my Hendricks username and password it will let me in. I have gone through the smb.conf(5) man page and tried all the settings that I could find for the smb.conf that might help. So far no luck. I have included some details and outputs from our setup below. If someone could tell me what I'm missing or where to go look I would appreciate it Best regards to all, John Little Network Engineer Hendricks Regional Health http://hendricks.org Scenario Samba versions in use: HRH (trusted Samba 3 domain): hrhdc01:~ # smbd -V Version 3.0.10-SerNet-SuSE hrhdc01:~ # Hendricks (trusting NT4 sp6a domain): fp3lb:/share2 # smbd -V Version 3.0.11-SerNet-SuSE fp3lb:/share2 # NT4 sp6a Domain = Hendricks Samba 3 OpenLDAP Domain = HRH The interdomain trusts are setup: From the NT4 domain using a Samba 3 domain member server (fp3lb): fp3lb:~ # net rpc trustdom list -U jslittl Password: Trusted domains list: HRH S-1-5-21-1418864132-1159184377-506600700 Trusting domains list: HRH S-1-5-21-1418864132-1159184377-506600700 fp3lb:~ # From the Samba OpenLDAP domain (HRHDC01, domain controller) hrhdc01:~ # net rpc trustdom list Password: Trusted domains list: HENDRICKS S-1-5-21-1606818979-933581049-1307212239 Trusting domains list: HENDRICKS S-1-5-21-1606818979-933581049-1307212239 hrhdc01:~ # getent password snippet from the Samba dms on the Hendricks (trusting domain): ymculpe:x:12084:10003:Culpepper, Yvonne:/home/HENDRICKS/ymculpe:/bin/bash ypmayer:x:12085:10003:Mayer Yvonne:/home/HENDRICKS/ypmayer:/bin/bash ysbrown:x:12086:10003:Brown, Yong S.:/home/HENDRICKS/ysbrown:/bin/bash zgeorg:x:12087:10003:George, Zachary:/home/HENDRICKS/zgeorg:/bin/bash ztlcordet:x:12088:10003:ZZCordes, Theresa:/home/HENDRICKS/ztlcordet:/bin/bash HRH+administrator:x:12372:10149:Administrator:/home/HRH/administrator:/bin/bash HRH+nobody:x:12373:10149:nobody:/home/HRH/nobody:/bin/bash HRH+root:x:12364:10149:root:/home/HRH/root:/bin/bash HRH+jslittl:x:12363:10149:john little:/home/HRH/jslittl:/bin/bash ACLs are working on the Samba dms for the HRH (trusted) domain: fp3lb:/share2 # setfacl -R -m u:HRH+jslittl:rwx test fp3lb:/share2 # getfacl test # file: test # owner: jslittl # group: infosys1 user::rwx user:HRH+jslittl:rwx group::rwx mask::rwx other::r-x fp3lb:/share2 # Mounting a share on a Windows (Hendricks, trusting domain) file server from the HRHDC01 (HRH domain controller) hrhdc01:~ # smbmount //newexchange/Documents /tmp/d01 -o username=HRH\\jslittl Password: hrhdc01:~ # l /tmp/d01 total 954 drwxr-xr-x 1 root root 4096 May 18 08:53 ./ drwxrwxrwt 16 root root480 May 18 08:45 ../ -rwxr-xr-x 1 root root 98304 Jun 16 2004 Info Mgt Pln 05-01-16-04 Drft.doc* -rwxr-xr-x 1 root root 221240 May 27 2004 STAFF.pdf* -rwxr-xr-x 1 root root 146412 May 27 2004 VISITOR VOLUNTEER.pdf* drwxr-xr-x 1 root root 4096 Nov 9 2004 _vti_cnf/ -rwxr-xr-x 1 root root 16058 May 18 2005 devotions.pdf* -rwxr-xr-x 1 root root 202772 Mar 9 10:52 devotions.pdf.old* -rwxr-xr-x 1 root root 80364 Jul 13 2004 menu.002* -rwxr-xr-x 1 root root 61289 May 10 12:56 menu.pdf* -rwxr-xr-x 1 root root 58940 Jul 19 2004 next.002* -rwxr-xr-x 1 root root 80848 May 17 11:20 next.pdf* hrhdc01:~ # Attempting to mount a share on the Samba 3 (Hendricks, trusting domain)file server from the HRHDC01 (HRH domain controller) hrhdc01:~ # smbumount /tmp/d01/ hrhdc01:~ # smbmount //cluster1/test /tmp/d01 -o username=HRH\\jslittl Password: 7159: session setup failed: ERRDOS - ERRnoaccess SMB connection failed hrhdc01:~ # l /tmp/d01 total 1 drwxr-xr-x 2 root root 48 May 18 04:06 ./ drwxrwxrwt 16 root root 480 May 18 09:00 ../ hrhdc01:~ # Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind users and vnc logins
Basil Copeland wrote: Is there any way for winbind to authenticate vnc logins? Not the (free) vnc edition. The Enterprise (non-free) vnc edition from http://www.realvnc.com/ (supposedly) supports authenticating against windows/domain logins. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba server as dfs host?
I'm trying to configure a samba server in a Win2K3 domain as a dfs host. The dfs host part is working: from a win client I can map the dfs root on the samba server (on FC3 fwiw) and see the link I've created to a share on a Win2k3 active directory domain controller. From samba server, I can smbclient to the share on the Win2k3 DC, and can mount the share as -t cifs (but not -t smbfs if that's any clue: this returns the smb signing error). For testing purposes I've added everyone to the security permissions for the share on the Win2k3 DC, but that doesn't seem to do anything. With the mount -t cifs I am prompted for a domain user account and password. But trying to get to the share through the dfs link doesn't even do that (prompt for a user and password). I suspect that this is a Win2k3 configuration issue, but am hoping nonetheless that a Samba guru can point me in the right direction. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] All works except MS Office 2003 Pro navigation of win. shortcuts to shares
All works except MS Office 2003 Pro navigation of win. shortcuts to shares Redhat Enterprise Linux 3 on IBM e-series Xserver Samba 3.0.9-1.3E.2 (PDC) OpenLDAP backend Used Idealx tutorial (Hats off to the Samba, OpenLDAP, Idealx teams!) Because of the 100+ shares needed, and the fact that Windows can only map drives to a maximum=letters of the alphabet, I setup a read only share with windows shortcuts (\\Samba\sharename) pointing to all the necessary shares. Everything works like a charm except Microsoft Office 2003 Pro. Windows explorer, Wordpad, Notepad, even Autodesk5; they all can browse (eg File-Save as) the shares via the shortcuts and are either allowed or denied as per the smb.conf permissions. However, MS Office 2003 Pro can only *see* and follow the shortcuts which are pointing to shares which have valid users = @Domain Users (everyone) [sharename] valid users = @accounting Even if a logged in user belongs to a group with permissions on a share Office still does not *see* the shortcut to that share. (If when doing file-saves as or file-open and selecting all files, Office will try to open shortcut as a file and not follow it to a share). Tried changing permissions to everyone but shortcut still not visible. The work-around is to browse to share using explorer and rightclicking new Word document - Then Word will be able to see contents of directory and to File-save as into that share. It will even remember location through recent files... Then after tearing most of my hair out, a test share I setup suddenly appeared from within Word! Ok, check the logs. Of course I was restarting samba several times and the /var/log/samba/smbd.log shows the Processing section... for each share every time I restarted Samba. However the /var/log/samba/log. shows the Processing section... at odd intervals with no apparent periodicity (except Sunday mornings at 4am). My test share showing up within Word seemed to coincide with a Processing section... event. So I changed permissions to all shares to @Domain Users (everyone) and waited for the Processing.. event. It happened Sunday morning 4am but Word still does not see the shortcuts. Ok. My test share had browseable = Yes so I changed all shares to browseable = Yes and am waiting for the event to occur again. Waiting Waiting... So my question: Is there a way of forcing this event to occur? smb.conf ... log level = 2 syslog = 0 log file = /var/log/samba/log.%U ... smbd.log [2005/05/16 09:13:36, 0] smbd/server.c:main(760) smbd version 3.0.9-1.3E.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2005/05/16 09:13:36, 2] param/loadparm.c:do_section(3421) Processing section [homes] [2005/05/16 09:13:36, 2] param/loadparm.c:do_section(3421) Processing section [netlogon] [2005/05/16 09:13:36, 2] param/loadparm.c:do_section(3421) Processing section [profiles] [2005/05/16 09:13:36, 2] param/loadparm.c:do_section(3421) Processing section [printers] [2005/05/16 09:13:36, 2] param/loadparm.c:do_section(3421) Processing section (ditto for all the 100+ shares) log. ... Processing section [homes] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [netlogon] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [profiles] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [printers] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [print$] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [all_staff_exchange] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [fileplan] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [test] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [A00admin_general] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [A01admin_Assoc (ditto for all the 100+ shares) __ Post your free ad now! http://personals.yahoo.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Tiger, Samba, and ADS
Trying to get Samba working with Active Directory and ACL's on an OS X (Tiger) server. So far it hasn't been too easy. We were able to finally recompile version 3.014 with ACL's on the server. Now we are stuck trying to get AD integration to work. Ideally, we would like it set up so that the OS X file server knows and uses all of the users and groups from Active Directory without having to create our own mapping file (does that make sense?). All of the clients are Win XP. As of right now, the file server has been able to join the domain. Issuing a wbinfo -u or wbinfo -g gives the expected output. Now, whenever I try to log into the system using my AD credentials, I see this in the log.smbd file: Username DOMAIN\MFLATLEY$ is invalid on this system Here is the Global section of our smb.conf file: [global] workgroup = DOMAINNY display charset = UTF-8-MAC unix charset = UTF-8-MAC dos charset = CP437 realm = DOMAIN.ORG encrypt passwords = yes password server = adserv2 map acl inherit = yes nt acl support = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 security = ADS client ntlmv2 auth = yes wins support = no wins server = 10.0.11.17 guest account = unknown allow trusted domains = no netbios name = osx-fileserv2 max smbd processes = 0 server string = Mac OS X local master = no domain master = no map to guest = Never defer sharing violations = no log level = 1 use spnego = yes passdb backend = ldapsam smbpasswd auth methods = guest opendirectory username map = /etc/samba/private/smbusers idmap uid = 1-65000 idmap gid = 1-65000 winbind cache time = 10 winbind enum users = yes winbind enum groups = yes template primary group = Domain Users Can anybody help us out with this? Thanks! mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] All works except MS Office 2003 Pro navigation of win . shortcuts to shares
Hi, That 4. a.m. periodicity is logrotate restarting your samba in order to rotate it's logs... The Processing section... appears everytime a new smdb starts ( every new client connection to server, samba restarting, etc). If you want to force it, just restart your samba. Remember that windows caching may get in the way. So if you really want to be sure, restart also the Win Client. Hope this helps. Best Regards. Bruno Guerreiro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 18 de Maio de 2005 15:39 To: samba@lists.samba.org Subject: [Samba] All works except MS Office 2003 Pro navigation of win. shortcuts to shares All works except MS Office 2003 Pro navigation of win. shortcuts to shares Redhat Enterprise Linux 3 on IBM e-series Xserver Samba 3.0.9-1.3E.2 (PDC) OpenLDAP backend Used Idealx tutorial (Hats off to the Samba, OpenLDAP, Idealx teams!) Because of the 100+ shares needed, and the fact that Windows can only map drives to a maximum=letters of the alphabet, I setup a read only share with windows shortcuts (\\Samba\sharename) pointing to all the necessary shares. Everything works like a charm except Microsoft Office 2003 Pro. Windows explorer, Wordpad, Notepad, even Autodesk5; they all can browse (eg File-Save as) the shares via the shortcuts and are either allowed or denied as per the smb.conf permissions. However, MS Office 2003 Pro can only *see* and follow the shortcuts which are pointing to shares which have valid users = @Domain Users (everyone) [sharename] valid users = @accounting Even if a logged in user belongs to a group with permissions on a share Office still does not *see* the shortcut to that share. (If when doing file-saves as or file-open and selecting all files, Office will try to open shortcut as a file and not follow it to a share). Tried changing permissions to everyone but shortcut still not visible. The work-around is to browse to share using explorer and rightclicking new Word document - Then Word will be able to see contents of directory and to File-save as into that share. It will even remember location through recent files... Then after tearing most of my hair out, a test share I setup suddenly appeared from within Word! Ok, check the logs. Of course I was restarting samba several times and the /var/log/samba/smbd.log shows the Processing section... for each share every time I restarted Samba. However the /var/log/samba/log. shows the Processing section... at odd intervals with no apparent periodicity (except Sunday mornings at 4am). My test share showing up within Word seemed to coincide with a Processing section... event. So I changed permissions to all shares to @Domain Users (everyone) and waited for the Processing.. event. It happened Sunday morning 4am but Word still does not see the shortcuts. Ok. My test share had browseable = Yes so I changed all shares to browseable = Yes and am waiting for the event to occur again. Waiting Waiting... So my question: Is there a way of forcing this event to occur? smb.conf ... log level = 2 syslog = 0 log file = /var/log/samba/log.%U ... smbd.log [2005/05/16 09:13:36, 0] smbd/server.c:main(760) smbd version 3.0.9-1.3E.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2005/05/16 09:13:36, 2] param/loadparm.c:do_section(3421) Processing section [homes] [2005/05/16 09:13:36, 2] param/loadparm.c:do_section(3421) Processing section [netlogon] [2005/05/16 09:13:36, 2] param/loadparm.c:do_section(3421) Processing section [profiles] [2005/05/16 09:13:36, 2] param/loadparm.c:do_section(3421) Processing section [printers] [2005/05/16 09:13:36, 2] param/loadparm.c:do_section(3421) Processing section (ditto for all the 100+ shares) log. ... Processing section [homes] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [netlogon] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [profiles] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [printers] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [print$] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [all_staff_exchange] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [fileplan] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [test] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [A00admin_general] [2005/05/10 14:02:54, 2] param/loadparm.c:do_section(3421) Processing section [A01admin_Assoc (ditto for all the 100+ shares) __ Post your free ad now! http://personals.yahoo.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe
Re: [Samba] Samba server suddenly started asking for authentication of the us ers
There is not enough information to make a guess. Send me (off-list) your smb.conf. Also, set your log level to 5 and log file = /var/opt/samba/log.%m, then attempt the share mount, and send me the log file (log.machine name). Whatever the outcome, you will need to upgrade your Samba version. If you are using HP CIFS Server, you can stay on 2.2 - we still supply and support 2.2.12. You can also upgrade to 3.0.8. If you are using opensource, then you should go to 3.0.14a. Eric Roseme Hewlett-Packard [EMAIL PROTECTED] Majid Chavoshi wrote: Samba Server Name: hamilton Samba Server OS: HP-UX 11.11 Samba Version: 2.2.3.a Hi All, I have the same version of Samba running on many of our HP servers with almost identical smb.conf file and configured the same way. No other Samba server seem to be having any problems except this one (hamilton). When a legitimate user tries to access a Samba share from a Windows client, it asks for his/her User name password, and it won't accept the user's current network id password. Can anyone advise as to what might be the problem and how to fix it. Many thanks in advance. Regards, Majid Chavoshi Unix Systems Administrator Belkin Corporation Information Services 310-604-2098 Office 310-604-2022 Fax 310-877-1428 Mobile [EMAIL PROTECTED] www.belkin.com Confidential This e-mail and any files transmitted with it are the property of Belkin Corporation and/or its affiliates, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipients or otherwise have reason to believe that you have received this e-mail in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Restricting winbind to the default domain
On Wednesday 18 May 2005 06:53, Etienne Goyer wrote: Michael Gasch wrote: Etienne Goyer wrote: I want to use winbind in conjunction with nsswitch in a pretty large AD. I would like winbind to only map users in the default domain. As it is, winbind map users in other trusted domain of the AD too, which is *not* what I want. [...snip...] please have a look at allow trusted domains Thank you very much sir, this is precisely what I need. It is worth noting that the smb.conf(5) man page have the following to say regarding this directive : This option only takes effect when the security option is set to server or domain. This is incorrect, as I am running with security = ads, and it apparently do the right thing. I'll try to contact the maintainer of this man page on the subject. Thanks for mentioning this. It has been fixed now. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Tiger, Samba, and ADS (resend)
I apologize if you received this twice. I received an error after my first email... Trying to get Samba working with Active Directory and ACL's on an OS X (Tiger) server. So far it hasn't been too easy. We were able to finally recompile version 3.014 with ACL's on the server. Now we are stuck trying to get AD integration to work. Ideally, we would like it set up so that the OS X file server knows and uses all of the users and groups from Active Directory without having to create our own mapping file (does that make sense?). All of the clients are Win XP. As of right now, the file server has been able to join the domain. Issuing a wbinfo -u or wbinfo -g gives the expected output. Now, whenever I try to log into the system using my AD credentials, I see this in the log.smbd file: Username DOMAIN\MFLATLEY$ is invalid on this system Here is the Global section of our smb.conf file: [global] workgroup = DOMAINNY display charset = UTF-8-MAC unix charset = UTF-8-MAC dos charset = CP437 realm = DOMAIN.ORG encrypt passwords = yes password server = adserv2 map acl inherit = yes nt acl support = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 security = ADS client ntlmv2 auth = yes wins support = no wins server = 10.0.11.17 guest account = unknown allow trusted domains = no netbios name = osx-fileserv2 max smbd processes = 0 server string = Mac OS X local master = no domain master = no map to guest = Never defer sharing violations = no log level = 1 use spnego = yes passdb backend = ldapsam smbpasswd auth methods = guest opendirectory username map = /etc/samba/private/smbusers idmap uid = 1-65000 idmap gid = 1-65000 winbind cache time = 10 winbind enum users = yes winbind enum groups = yes template primary group = Domain Users Can anybody help us out with this? Thanks! mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Restricting winbind to the default domain
I would like to know if I am able to run wbinfo -u and -g option, it works successfully. But when I try to connect from a Win XP box, it say it is not able to connect to the domain controller or access denied. Can you guys help me with this problem? Thanks, -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 18, 2005 11:06 AM To: samba@lists.samba.org Subject: Re: [Samba] Re: Restricting winbind to the default domain On Wednesday 18 May 2005 06:53, Etienne Goyer wrote: Michael Gasch wrote: Etienne Goyer wrote: I want to use winbind in conjunction with nsswitch in a pretty large AD. I would like winbind to only map users in the default domain. As it is, winbind map users in other trusted domain of the AD too, which is *not* what I want. [...snip...] please have a look at allow trusted domains Thank you very much sir, this is precisely what I need. It is worth noting that the smb.conf(5) man page have the following to say regarding this directive : This option only takes effect when the security option is set to server or domain. This is incorrect, as I am running with security = ads, and it apparently do the right thing. I'll try to contact the maintainer of this man page on the subject. Thanks for mentioning this. It has been fixed now. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Restricting winbind to the default domain
On Wednesday 18 May 2005 09:58, Talwar, Puneet (NIH/NIAID) wrote: I would like to know if I am able to run wbinfo -u and -g option, it works successfully. But when I try to connect from a Win XP box, it say it is not able to connect to the domain controller or access denied. Can you guys help me with this problem? What is the output of the following?: net rpc testjoin net rpc info - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tiger, Samba, and ADS
Hello Little different path to get AD users and groups to work on OS X. Far as I know, winbind won't work because nsswitch doesn't exist on OS X. As such, no way to tell the machine to use winbind for user/group names. The correct solution is to user OS X's Directory Access tool (/Applications/Utilies/Directory Access) to join the Windows domain. That said, there are know issues with 10.4 proper and directory access and SMB that are supposedly fixed in 10.4.1. I don't know, as I haven't had time to test yet. Trying to get Samba working with Active Directory and ACL's on an OS X (Tiger) server. So far it hasn't been too easy. We were able to finally recompile version 3.014 with ACL's on the server. Now we are stuck trying to get AD integration to work. Ideally, we would like it set up so that the OS X file server knows and uses all of the users and groups from Active Directory without having to create our own mapping file (does that make sense?). All of the clients are Win XP. As of right now, the file server has been able to join the domain. Issuing a wbinfo -u or wbinfo -g gives the expected output. Best of Luck -Matt Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Upgrade process from FC3 to FC4?
On 5/18/05, Alexander Dalloz [EMAIL PROTECTED] wrote: Am Mi, den 18.05.2005 schrieb Basil Copeland um 16:37: Normally I stay away from upgrades also. But I'm thinking about it this time, if for no other reason than hearing that some of my essential features -- xfce4 and nedit, for example -- will not be part of the available packages. xfce4 is part of Fedora Extras when FC4 stable comes out. But doesn't this mean that one would have to install it *after* the initial install from cd or dvd? Not that it would be so hard to do. I'm just wanting to make sure I understand the process. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba+LDAP PDC working, but without groups
Hi, I'm running a Samda+LDAP PDC, and it's working flawless. The problem is that I cannot have any domain admins. When I run net groupmap list , I have nothing... it's clean. So I tried the following command: samba:~ # net groupmap add ntgroup=Domain Admins unixgroup=wheel rid=512 Which returns me: adding entry for group Domain Admins failed! and nothing more... I'm running Samba 3.0.12 with OpenLDAP 2.2.23 on a Suse 9.3 server. Any help? -- Thiago Vinhas de Moraes CODIN - Cia. de Desenvolvimento Industrial do Estado RJ Departamento de Informática email: [EMAIL PROTECTED] Tel: (21) 2517-5411 Somos aquilo que fazemos consistentemente. Assim, a excelência não é um ato, mas sim um hábito. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: RHEL 3 and MIT kerberos
My apologies. I'll do that. Dimitri On Wed, 2005-05-18 at 12:39 -0400, Charlie Brady wrote: On Tue, 17 May 2005, Dimitri Yioulos wrote: Hello to all. I read in a prior post that samba 3.x.x doesn't play well with MIT kerberos from version 1.2.something and earlier (or vice-versa. Sorry, I looked briefly, but didn't find the earlier post). I tried making an RPM of a later version of kerberos, but failed. Does anyone know if there's a later version of MIT kerberos available in RPM or SRPM that will work on RHEL AS 3? Pehraps you should ask on a kerberos or RHEL related list. This has nothing to do with netfilter Thanks. Dimitri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba compatibility with NetAPP filers.
On Wed, May 18, 2005 at 11:20:39AM +0100, Daniel Wilson wrote: Hi! We are also using NetApp filers (F880) runnning OS 7.0.0.1GD with samba 3.0.11 and 3.0.14a with no problems at all! We also had it working back when dataontap 6.5.5 and samba 3.0.9 was new! so i dont think DataOntap and Samba are not compatable! I'm not saying they're not compatible, I'm saying if this particular bug is to be fixed I'll need access to a NetApp filer running whatever version of their OS that reproduces the problem. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Did posixGroups ever get fixed?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As I recall, there was a problem with OpenLDAP that consisted of the fact that one couldn't specify access to the server itself through an ACL without using dn syntax. The old posixGroup did not use dn syntax. There was a new standard produced but last I new it had not yet been incorporated into the schema's. Anyway, the impact on Samba was that unless you were really good with OpenLDAP and knew how to incorporate the new posixGroup schema, you were stuck with using redundant groupOfNames objects to provide Samba users with the ability to change records. So is this fixed? Wanted: Easy step by step guide for creating a simple schema. Perhaps an address book record or something. Jim C. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCi3lQB4AhF6wVFMERAvgiAKCyoI8bxPSkmblZyMorkXLphXP0xACgiwYr 9Newqupl7Ejdt+5SrZ2iXS4= =919Z -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Two questions on winbind and nsswitch.conf
Greetings folks, I am using winbind in /etc/nsswitch.conf for the passwd database (passwd file winbind). I have two little problems : 1. winbind return what look like machine trust account, ie WORKSTATION1$, when running wbinfo -u. These account also show when I do getent passwd. Is it possible to make winbind not return these ? 2. The domain to which I connect have username in both upper- and lowercase, ie user1 and USER2. Is there a way to make winbind lowercase all username ? I am running Samba 3.0.10 on RHEL 4. Thanks very much for any tips ! Etienne Goyer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two questions on winbind and nsswitch.conf
On Wednesday 18 May 2005 12:45, Etienne Goyer wrote: Greetings folks, I am using winbind in /etc/nsswitch.conf for the passwd database (passwd file winbind). I have two little problems : 1. winbind return what look like machine trust account, ie WORKSTATION1$, when running wbinfo -u. These account also show when I do getent passwd. Is it possible to make winbind not return these ? No. 2. The domain to which I connect have username in both upper- and lowercase, ie user1 and USER2. Is there a way to make winbind lowercase all username ? I am running Samba 3.0.10 on RHEL 4. Suggest you update to 3.0.14a (current stable) or 3.0.15pre3 (current SVN) as I believe we made a few changes in this code. If I am not mistaken all user names are now returned in lower case. Domain names remain in uppercase as I recall. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem accessing samba fileserver with smbclient using Kerberos
I have a setup with a w2k3 AD and Samba 3.0.15pre2 as fileservers on Linux. I created two AD computer objects and used ktpass to create the Keberos keys. The keytab has the following entries host/[EMAIL PROTECTED] mapped to a computer account linux-host$ for general Kerberos services (ftp,ssh,..) cifs/[EMAIL PROTECTED] mapped to a computer account linux-cifs$ for Windows 2003/XP clients and HOST/[EMAIL PROTECTED] a copy of host/linux.test.com for Windows 2000 clients I can access the samba share from 2000/2003/XP but not with smbclient from the linux box itself. It seems smbclient tries to use a principal [EMAIL PROTECTED] which isn't in my keytab and I don't see a reason why it should. BTW smbclient works when accessing a 2003 share. I looked at the traffic the XP client creates to the kdc and it immediatly asks for a cifs/linux.test.com principal. Shouldn't smbclient be able to do the same ? Thanks Markus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Two questions on winbind and nsswitch.conf
John H Terpstra wrote: On Wednesday 18 May 2005 12:45, Etienne Goyer wrote: 2. The domain to which I connect have username in both upper- and lowercase, ie user1 and USER2. Is there a way to make winbind lowercase all username ? Suggest you update to 3.0.14a (current stable) or 3.0.15pre3 (current SVN) as I believe we made a few changes in this code. If I am not mistaken all user names are now returned in lower case. Domain names remain in uppercase as I recall. My error, the question was not pertinent to my setup in the first place. I assumed that the username from nsswitch would be the same as returned by wbinfo -u. I just checked, and username are indeed lowercased when running getent passwd. I am using samba-3.0.10-1.4E rpm on RHEL 4. Thanks very much for your prompt answer M. Terpstra. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux integration with AD
Barkan Nir wrote: Thanks. -Original Message- From: Doug VanLeuven [mailto:[EMAIL PROTECTED] Sent: 18 2005 02:44 To: Barkan Nir Cc: samba@lists.samba.org Subject: Re: [Samba] Linux integration with AD Nir B wrote: Hi All, I extended my AD schema (SFU 3.5) and migrated the users and groups from my NIS domain. The groups migrated from the NIS have the same GID like on the NIS. I added linux machines to my AD domain using windbind, and define on the smb.conf idmap gid = 1-2. I logged in using my AD user account, and when I'm doing id, I see that all the AD groups GID start at 1. How can I define that groups GID will be exactly like on my AD? (The msSFU30GidNumber attribute) I use padl xad_oss_plugins subcomponent idmap_ad to lookup the uid/gid from the SFU schema extension. Use it as a backend. idmap backend = ad:ldap://dc.mydomain.com I copied it to source/modules and patched Makefile.in to recompile and install it for the various svn's. Since you're interested, here's the diff on configure.in and Makefile.in Line numbers are off current svn. I had to hand edit to get rid of irrelavent stuff. Just makes it easier to maintain. Regards, Doug Index: configure.in === --- configure.in(revision 6793) +++ configure.in(working copy) @@ -430,7 +430,7 @@ default_static_modules=pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_svcctl rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_eventlog auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin printerdb_file dnl These are preferably build shared, and static if dlopen() is not available -default_shared_modules=vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy charset_CP850 charset_CP437 +default_shared_modules=vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy charset_CP850 charset_CP437 idmap_ad if test x$developer = xyes; then default_static_modules=$default_static_modules rpc_echo @@ -4572,6 +4586,7 @@ SMB_MODULE(idmap_ldap, sam/idmap_ldap.o, bin/idmap_ldap.$SHLIBEXT, IDMAP) SMB_MODULE(idmap_tdb, sam/idmap_tdb.o, bin/idmap_tdb.$SHLIBEXT, IDMAP) +SMB_MODULE(idmap_ad, \$(IDMAP_AD_OBJ), bin/ad.$SHLIBEXT, IDMAP) SMB_MODULE(idmap_rid, sam/idmap_rid.o, bin/idmap_rid.$SHLIBEXT, IDMAP) SMB_SUBSYSTEM(IDMAP,sam/idmap.o) Index: Makefile.in === --- Makefile.in (revision 6793) +++ Makefile.in (working copy) @@ -349,6 +349,8 @@ VFS_AFSACL_OBJ = modules/vfs_afsacl.o VFS_CATIA_OBJ = modules/vfs_catia.o +IDMAP_AD_OBJ = modules/idmap_ad.o + PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o SLCACHE_OBJ = libsmb/samlogon_cache.o @@ -1237,6 +1230,11 @@ @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_EXPAND_MSDFS_OBJ:[EMAIL PROTECTED]@) \ @[EMAIL PROTECTED] [EMAIL PROTECTED] +bin/[EMAIL PROTECTED]@: $(IDMAP_AD_OBJ:.o=.po) + @echo Building plugin $@ + @$(SHLD) $(LDSHFLAGS) -o $@ $(IDMAP_AD_OBJ:.o=.po) \ + @[EMAIL PROTECTED] [EMAIL PROTECTED] + bin/[EMAIL PROTECTED]@: $(VFS_AFSACL_OBJ:.o=.po) @echo Building plugin $@ @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_AFSACL_OBJ:.o=.po) \ @@ -1420,6 +1420,7 @@ @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(VFSLIBDIR) $(DESTDIR)$(VFS_MODULES) @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(PDBLIBDIR) $(DESTDIR)$(PDB_MODULES) @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(RPCLIBDIR) $(DESTDIR)$(RPC_MODULES) + @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(IDMAPLIBDIR) $(DESTDIR)$(IDMAP_MODULES) @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(CHARSETLIBDIR) $(DESTDIR)$(CHARSET_MODULES) @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(AUTHLIBDIR) $(DESTDIR)$(AUTH_MODULES) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba vpn pptp [the specified network name is no longer available]
hi guys, I'm having trouble accessing samba share files from a windows xp client using a vpn pptp connection. I configured samba and it works excellent on the LAN but when i connect through pptp and access the samba server \\192.168.3.1 I can see the shared folders but when i try to browse them, windows hangs (4 a change!) for a while then returns the specified network name is no longer available. The vpn works fine cause i can ping 192.168.3.1 . These are my samba settings:- [global] workgroup = xxx server string = xx password server = None username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 50 name resolve order = wins lmhosts hosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 path = [homes] comment = Home Directories browseable = No [xxx] path = x valid users = xxx read only = No I'm running samba Version 3.0.10-1.fc2 Any help would be much appreciated cause i'm desperate. Regards SLeePBoY -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] One more (was: Re: Two questions on winbind and nsswitch.conf)
One more question regarding winbind as a source of local Unix user via nsswtich.conf. Is it possible to make available as Unix user only members of a specific Windows group ? For example, make only members of the Unix Users group in the Windows domain appear as local user when nsswitch is configured to use winbind. Thanks again ! Etienne Goyer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Comple Problem on Solaris 2.8
So I am compling the newest release of samba 3.0.14a on Solaris 2.8. I can get it to compile but I don't get all the built in modules that I should and smbd when fired up bombs out with something like, --- [EMAIL PROTECTED]:/opt/UMsmb/sbin# ./smbd -c /etc/samba/smb.conf -i smbd version 3.0.14a started. Copyright Andrew Tridgell and the Samba Team 1992-2004 No builtin nor plugin backend for smbpasswd found Loading smbpasswd failed! --- [EMAIL PROTECTED]:/opt/UMsmb/sbin# cat /etc/samba/smb.conf [global] server string = SuperNova workgroup = PC security = ADS netbios name = SUPERNOVA realm = PC.UMIACS.UMD.EDU password server = neo.pc.umiacs.umd.edu trinity.pc.umiacs.umd.edu log file = /var/adm/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # wins server = 128.8.130.146 [tmp] path = /tmp browseable = yes writeable = yes -- [EMAIL PROTECTED]:/opt/UMsmb/sbin# ./smbd -c /etc/samba/smb.conf -i -b | tail sizeof(int): 4 sizeof(long):4 sizeof(uint8): 1 sizeof(uint16): 2 sizeof(uint32): 4 sizeof(short): 2 sizeof(void*): 4 Builtin modules: pdb_guest rpc_srv rpc_spoolss idmap_tdb --- And if you look at a good RHEL3 box, [EMAIL PROTECTED] /]$ cat /etc/redhat-release Red Hat Enterprise Linux WS release 3 (Taroon Update 4) [EMAIL PROTECTED] /]$ rpm -q samba samba-3.0.9-1.3E.2 [EMAIL PROTECTED] /]$ /usr/sbin/smbd -b | tail sizeof(int): 4 sizeof(long):4 sizeof(uint8): 1 sizeof(uint16): 2 sizeof(uint32): 4 sizeof(short): 2 sizeof(void*): 4 Builtin modules: pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_guest rpc_lsa rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_samr idmap_ldap idmap_tdb auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin --- Attached are the full build args for the Solaris 2.8 compile. Is there something I am missing? Also when the Makefile is generated I must put the following into the RPC_SERVER_OBJ line, $(RPC_LSA_OBJ) $(RPC_LSA_DS_OBJ) $(RPC_REG_OBJ) $(RPC_DFS_OBJ) $(RPC_WKS_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) Otherwise it will bomb out when linking in samba saying undefined symbols. Thanks, derek -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies [EMAIL PROTECTED] Build environment: Built by:[EMAIL PROTECTED] Built on:Wed May 18 15:57:53 EDT 2005 Built using: gcc Build host: SunOS spork.umiacs.umd.edu 5.8 Generic_117350-11 sun4u sparc SRCDIR: /export/work/Builds/UMsmb/samba-3.0.14a/source BUILDDIR:/export/work/Builds/UMsmb/samba-3.0.14a/source Paths: SBINDIR: /opt/UMsmb/sbin BINDIR: /opt/UMsmb/bin SWATDIR: /opt/UMsmb/swat CONFIGFILE: /etc/samba/smb.conf LOGFILEBASE: /opt/UMsmb/var LMHOSTSFILE: /etc/samba/lmhosts LIBDIR: /opt/UMsmb/lib SHLIBEXT: so LOCKDIR: /var/spool/locks PIDDIR: /var/run SMB_PASSWD_FILE: /etc/samba/private/smbpasswd PRIVATE_DIR: /etc/samba/private System Headers: HAVE_SYS_ACL_H HAVE_SYS_FCNTL_H HAVE_SYS_FILIO_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_MMAN_H HAVE_SYS_MODE_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_SOCKIO_H HAVE_SYS_STATFS_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSLOG_H HAVE_SYS_SYSMACROS_H HAVE_SYS_TERMIO_H HAVE_SYS_TIME_H HAVE_SYS_TYPES_H HAVE_SYS_UNISTD_H HAVE_SYS_VFS_H HAVE_SYS_WAIT_H Headers: HAVE_ARPA_INET_H HAVE_COM_ERR_H HAVE_CTYPE_H HAVE_DIRENT_H HAVE_DLFCN_H HAVE_FCNTL_H HAVE_GLOB_H HAVE_GRP_H HAVE_GSSAPI_H HAVE_INTTYPES_H HAVE_KRB5_H HAVE_LANGINFO_H HAVE_LASTLOG_H HAVE_LBER_H HAVE_LDAP_H HAVE_LIMITS_H HAVE_LOCALE_H HAVE_MEMORY_H HAVE_NETINET_IN_SYSTM_H HAVE_NETINET_IP_H HAVE_NETINET_TCP_H HAVE_NET_IF_H HAVE_NSSWITCH_H HAVE_NSS_COMMON_H HAVE_POLL_H HAVE_READLINE_HISTORY_H HAVE_READLINE_READLINE_H HAVE_RPCSVC_YPCLNT_H HAVE_RPC_NETTYPE_H HAVE_SECURITY_PAM_APPL_H HAVE_SECURITY_PAM_MODULES_H HAVE_SHADOW_H HAVE_STDARG_H HAVE_STDLIB_H HAVE_STRINGS_H HAVE_STRING_H HAVE_STROPTS_H HAVE_SYSLOG_H HAVE_TERMIOS_H HAVE_TERMIO_H HAVE_UNISTD_H HAVE_UTIME_H UTMP Options: HAVE_GETUTMPX HAVE_UTMPX_H HAVE_UTMP_H HAVE_UT_UT_EXIT HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP WITH_UTMP HAVE_* Defines: HAVE_ADDR_TYPE_IN_KRB5_ADDRESS HAVE_AP_OPTS_USE_SUBKEY HAVE_ATEXIT HAVE_BER_SCANF HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_CONNECT HAVE_COPY_AUTHENTICATOR HAVE_CREAT64 HAVE_CRYPT HAVE_DIRENT_D_OFF HAVE_DLCLOSE
Re: [Samba] samba vpn pptp [the specified network name is no longer available]
Reggie Cushing schrieb: hi guys, I'm having trouble accessing samba share files from a windows xp client using a vpn pptp connection. I configured samba and it works excellent on the LAN but when i connect through pptp and access the samba server \\192.168.3.1 I can see the shared folders but when i try to browse them, windows hangs (4 a change!) for a while then returns the specified network name is no longer available. The vpn works fine cause i can ping 192.168.3.1 . These are my samba settings:- [global] workgroup = xxx server string = xx password server = None username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 50 name resolve order = wins lmhosts hosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 path = [homes] comment = Home Directories browseable = No [xxx] path = x valid users = xxx read only = No I'm running samba Version 3.0.10-1.fc2 Any help would be much appreciated cause i'm desperate. Regards SLeePBoY Hi, did you give wins and dns server to the vpn client via pptpd ? use the same user and same password in pptpd and samba , what are your smb log tell? dont use any firewall during testing on the client or on the vpn server. your conf shows up samba running as domain cotroller but no auth backend, (tdbsam, smbpasswd, ldap?) path = in global is senseless study the samba faqs for using samba as domain controlleris you setup working ( conect in intranet? ) idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 as far i remember this entries are only needed on a member server, so your conf makes no sense in general Regards -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer.org Munich / Bavaria / Germany https://www.schetterer.org \** \* gnupgp \* public key: \* https://www.schetterer.org/public.key \** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: One more
Etienne Goyer wrote: Is it possible to make available as Unix user only members of a specific Windows group ? I too would be very interested in this. I don't want/need to give access to our Linux boxes to *every* AD user. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] dual boot linux/winxp, winbind
We have a bunch of dual-boot boxes (linux/winxp). I'd like to be able to use winbind (against ads) for user authentication on the linux side, but it appears samba has to join the AD too. Upon joining the AD under linux/samba, it makes the windows side of things stop working (machine account has been modified). In the past, when using an NT4 domain, I was able to tell samba to use a different (netbios) name, via (in smb.conf): netbios name = hostname-samba netbios aliases = hostname When trying this now against ads, it *appears* to join the domain ok, but it doesn't work. For example, $ wbinfo -t checking the trust secret vi RPC calls failed error code was STATUS_BUFFER_OVERFLOW (0x8005) Could not check secret Suggestions/workarounds for dual-boot machines? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble joining domain at BDC site
I have no trouble joining the domain in our main office(samba PDC) or a branch office(samba BDC) but for some reason I can't join the domain at the branch office 2(also samba BDC) All three offices are running 3.0.11 and the 2 branch offices have identical configurations, aside from ip address'. The message I get from Windows XP is: The following error occured attempting to join the domain strozllc The specified domain does not exist or could not be contacted. I was able to join a linux machine to the domain by doing: net rpc join -U administrator -S FQDN.OF.PDC Is there a windows registry entry where I can put the FQDN of the PDC or is there something else I should try? -- David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane 15th Floor New York, NY 10038 Tel 212.981.6527 Fax 917.495.4918 This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No right to confidential or privileged treatment of this message is waived or lost by any error in transmission. If you have received this message in error, please immediately notify the sender by e-mail or by telephone at 212.981.6540, delete the message and all copies from your system and destroy any hard copies. You must not, directly or indirectly, use, disclose, distribute, print or copy any part of this message if you are not the intended recipient. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble joining domain at BDC site
David Sonenberg wrote: I have no trouble joining the domain in our main office(samba PDC) or a branch office(samba BDC) but for some reason I can't join the domain at the branch office 2(also samba BDC) All three offices are running 3.0.11 and the 2 branch offices have identical configurations, aside from ip address'. The message I get from Windows XP is: The following error occured attempting to join the domain strozllc The specified domain does not exist or could not be contacted. I was able to join a linux machine to the domain by doing: net rpc join -U administrator -S FQDN.OF.PDC Is there a windows registry entry where I can put the FQDN of the PDC or is there something else I should try? Quite frankly it sounds like a WINS problem. TMS III -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Server Report
I apologize for this automatic reply to your email. To control spam, I now allow incoming messages only from senders I have approved beforehand. If you would like to be added to my list of approved senders, please fill out the short request form (see link below). Once I approve you, I will receive your original message in my inbox. You do not need to resend your message. I apologize for this one-time inconvenience. Click the link below to fill out the request: https://webmail.atl.earthlink.net/wam/[EMAIL PROTECTED]id=1dyl7Z2iz3Nl3qB0 PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r6878 - in trunk/source/nsswitch: .
Author: vlendec Date: 2005-05-18 10:36:00 + (Wed, 18 May 2005) New Revision: 6878 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6878 Log: Decouple sid2gid the same way as sid2uid. Volker Modified: trunk/source/nsswitch/winbindd_async.c Changeset: Sorry, the patch is too large (540 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6878
svn commit: samba r6879 - in branches/SAMBA_4_0/source/include/system: .
Author: abartlet Date: 2005-05-18 11:50:09 + (Wed, 18 May 2005) New Revision: 6879 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6879 Log: Another attempt at including the 'right' kerberos headers on dual-install systems. Andrew Bartlett Modified: branches/SAMBA_4_0/source/include/system/kerberos.h Changeset: Modified: branches/SAMBA_4_0/source/include/system/kerberos.h === --- branches/SAMBA_4_0/source/include/system/kerberos.h 2005-05-18 10:36:00 UTC (rev 6878) +++ branches/SAMBA_4_0/source/include/system/kerberos.h 2005-05-18 11:50:09 UTC (rev 6879) @@ -28,19 +28,22 @@ #endif #if defined(HAVE_GSSAPI_H) -#include gssapi.h +# include gssapi.h +# ifdef HAVE_GSSAPI_KRB5_H +# include gssapi_krb5.h +# endif #elif defined(HAVE_GSSAPI_GSSAPI_H) -#include gssapi/gssapi.h +# include gssapi/gssapi.h +# if defined(HAVE_GSSAPI_GSSAPI_KRB5_H) +# include gssapi/gssapi_krb5.h +# endif #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) -#include gssapi/gssapi_generic.h +# include gssapi/gssapi_generic.h +# if defined(HAVE_GSSAPI_GSSAPI_KRB5_H) +# include gssapi/gssapi_krb5.h +# endif #endif -#ifdef HAVE_GSSAPI_KRB5_H -#include gssapi_krb5.h -#elif defined(HAVE_GSSAPI_GSSAPI_KRB5_H) -#include gssapi/gssapi_krb5.h -#endif - #ifdef HAVE_COM_ERR_H #include com_err.h #endif
svn commit: samba r6880 - in branches/SAMBA_3_0/source/utils: .
Author: vlendec Date: 2005-05-18 11:57:53 + (Wed, 18 May 2005) New Revision: 6880 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6880 Log: Fix bug 2070 after positive feedback from Leon Vernikov. Thanks! Volker Modified: branches/SAMBA_3_0/source/utils/net_rpc.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc.c === --- branches/SAMBA_3_0/source/utils/net_rpc.c 2005-05-18 11:50:09 UTC (rev 6879) +++ branches/SAMBA_3_0/source/utils/net_rpc.c 2005-05-18 11:57:53 UTC (rev 6880) @@ -3491,6 +3491,13 @@ int i; struct user_token *result; + if (lp_winbind_use_default_domain() + (opt_target_workgroup == NULL)) { + d_printf(winbind use default domain = yes set, please +specify a workgroup\n); + return False; + } + /* Send request to winbind daemon */ ZERO_STRUCT(request); @@ -3533,15 +3540,16 @@ DEBUG(3, (%s\n, name)); - if (p == NULL) - continue; + if (p == NULL) { + fstrcpy(domain, opt_target_workgroup); + fstrcpy(user, name); + } else { + *p++ = '\0'; + fstrcpy(domain, name); + strupper_m(domain); + fstrcpy(user, p); + } - *p++ = '\0'; - - fstrcpy(domain, name); - strupper_m(domain); - fstrcpy(user, p); - get_user_sids(domain, user, (result[i].token)); i+=1; }
svn commit: samba r6881 - in trunk/source/utils: .
Author: vlendec Date: 2005-05-18 11:58:26 + (Wed, 18 May 2005) New Revision: 6881 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6881 Log: Fix bug 2070 after positive feedback from Leon Vernikov. Thanks! Volker Modified: trunk/source/utils/net_rpc.c Changeset: Modified: trunk/source/utils/net_rpc.c === --- trunk/source/utils/net_rpc.c2005-05-18 11:57:53 UTC (rev 6880) +++ trunk/source/utils/net_rpc.c2005-05-18 11:58:26 UTC (rev 6881) @@ -3491,6 +3491,13 @@ int i; struct user_token *result; + if (lp_winbind_use_default_domain() + (opt_target_workgroup == NULL)) { + d_printf(winbind use default domain = yes set, please +specify a workgroup\n); + return False; + } + /* Send request to winbind daemon */ ZERO_STRUCT(request); @@ -3533,15 +3540,16 @@ DEBUG(3, (%s\n, name)); - if (p == NULL) - continue; + if (p == NULL) { + fstrcpy(domain, opt_target_workgroup); + fstrcpy(user, name); + } else { + *p++ = '\0'; + fstrcpy(domain, name); + strupper_m(domain); + fstrcpy(user, p); + } - *p++ = '\0'; - - fstrcpy(domain, name); - strupper_m(domain); - fstrcpy(user, p); - get_user_sids(domain, user, (result[i].token)); i+=1; }
Re: svn commit: samba r6880 - in branches/SAMBA_3_0/source/utils: .
On Wed, May 18, 2005 at 11:57:53AM +, [EMAIL PROTECTED] wrote: Fix bug 2070 after positive feedback from Leon Vernikov. Thanks! Ok, this is 2720... Volker
svn commit: samba r6882 - in branches/SAMBA_4_0/source/auth: gensec kerberos
Author: abartlet Date: 2005-05-18 14:17:53 + (Wed, 18 May 2005) New Revision: 6882 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6882 Log: Put in configure tests and #ifdef to keep Samba building on older Heimdal. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c branches/SAMBA_4_0/source/auth/kerberos/config.m4 Changeset: Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c === --- branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2005-05-18 11:58:26 UTC (rev 6881) +++ branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2005-05-18 14:17:53 UTC (rev 6882) @@ -256,6 +256,7 @@ return nt_status; } +#ifdef HAVE_GSS_KRB5_CCACHE_NAME /* FIXME, we need an alternate function */ maj_stat = gss_krb5_ccache_name(min_stat, gensec_gssapi_state-ccache_name, NULL); @@ -265,6 +266,7 @@ gssapi_error_string(gensec_gssapi_state, maj_stat, min_stat))); return NT_STATUS_UNSUCCESSFUL; } +#endif maj_stat = gss_acquire_cred(min_stat, gensec_gssapi_state-client_name, Modified: branches/SAMBA_4_0/source/auth/kerberos/config.m4 === --- branches/SAMBA_4_0/source/auth/kerberos/config.m4 2005-05-18 11:58:26 UTC (rev 6881) +++ branches/SAMBA_4_0/source/auth/kerberos/config.m4 2005-05-18 14:17:53 UTC (rev 6882) @@ -454,7 +454,8 @@ AC_CHECK_FUNC_EXT(gsskrb5_get_initiator_subkey, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS) - + AC_CHECK_FUNC_EXT(gsskrb5_register_acceptor_identity, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(gss_krb5_ccache_name, $KRB5_LIBS) if test x$ac_cv_lib_ext_krb5_krb5_mk_req_extended = xyes; then AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support]) AC_MSG_CHECKING(whether KRB5 support is used)
svn commit: samba r6883 - in branches/SAMBA_4_0/source: auth setup
Author: abartlet Date: 2005-05-18 14:19:17 + (Wed, 18 May 2005) New Revision: 6883 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6883 Log: Move to what simo assures me is the 'correct' way to find the NetBIOS and long names for a domain. Add servicePrincipalName mapping table (administrator configurable), in the same spot as microsoft uses. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/auth_sam.c branches/SAMBA_4_0/source/setup/provision.ldif Changeset: Modified: branches/SAMBA_4_0/source/auth/auth_sam.c === --- branches/SAMBA_4_0/source/auth/auth_sam.c 2005-05-18 14:17:53 UTC (rev 6882) +++ branches/SAMBA_4_0/source/auth/auth_sam.c 2005-05-18 14:19:17 UTC (rev 6883) @@ -179,6 +179,7 @@ struct ldb_message ***ret_msgs, struct ldb_message ***ret_msgs_domain) { + struct ldb_message **msgs_tmp; struct ldb_message **msgs; struct ldb_message **msgs_domain; @@ -210,12 +211,12 @@ NULL, }; - const char *domain_attrs[] = {flatname, objectSid}; + const char *domain_attrs[] = {nETBIOSName, nCName}; if (domain_name) { /* find the domain's DN */ ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, msgs_domain, domain_attrs, - (|((dnsDomain=%s)(objectClass=domainDNS))((flatname=%s)(objectclass=domain))), + (((|((dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*)), domain_name, domain_name); if (ret_domain == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -233,7 +234,7 @@ return NT_STATUS_INTERNAL_DB_CORRUPTION; } - domain_dn = msgs_domain[0]-dn; + domain_dn = samdb_result_string(msgs_domain[0], nCName, NULL); } /* pull the user attributes */ @@ -264,24 +265,44 @@ } /* find the domain's DN */ + ret = gendb_search(sam_ctx, mem_ctx, NULL, msgs_tmp, NULL, + ((objectSid=%s)(objectclass=domain)), + domain_sid); + if (ret == -1) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if (ret == 0) { + DEBUG(3,(check_sam_security: Couldn't find domain_sid [%s] in passdb file.\n, +domain_sid)); + return NT_STATUS_NO_SUCH_USER; + } + + if (ret 1) { + DEBUG(0,(Found %d records matching domain_sid [%s]\n, +ret, domain_sid)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, msgs_domain, domain_attrs, - ((objectSid=%s)(objectclass=domain)), - domain_sid); + (nCName=%s), msgs_tmp[0]-dn); + if (ret_domain == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } if (ret_domain == 0) { DEBUG(3,(check_sam_security: Couldn't find domain [%s] in passdb file.\n, -domain_sid)); +msgs_tmp[0]-dn)); return NT_STATUS_NO_SUCH_USER; } if (ret_domain 1) { DEBUG(0,(Found %d records matching domain [%s]\n, -ret_domain, domain_sid)); +ret_domain, msgs_tmp[0]-dn)); return NT_STATUS_INTERNAL_DB_CORRUPTION; } + } *ret_msgs = msgs; @@ -304,7 +325,7 @@ NTTIME last_set_time; struct samr_Password *lm_pwd, *nt_pwd; NTSTATUS nt_status; - const char *domain_dn = msgs_domain[0]-dn; + const char *domain_dn = samdb_result_string(msgs_domain[0], nCName, ); acct_flags = samdb_result_acct_flags(msgs[0], sAMAcctFlags); @@ -355,7 +376,7 @@ struct dom_sid **groupSIDs = NULL; struct dom_sid *account_sid; struct dom_sid *primary_group_sid; - const char *str; + const char *str, *ncname; int i; uint_t rid; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); @@ -412,7 +433,7 @@ server_info-account_name = talloc_reference(server_info, samdb_result_string(msgs[0], sAMAccountName, NULL)); -
svn commit: lorikeet r297 - in trunk/heimdal/lib: gssapi hdb krb5
Author: abartlet Date: 2005-05-18 14:21:24 + (Wed, 18 May 2005) New Revision: 297 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=297 Log: Add a flag and wrapper function for krb5_rd_rep() to handle the DCE_STYLE caclulation. No further patches are required for DCE_STYLE to operate (except cleanup). Add support for servicePrincipalName aliases. This is how CIFS/ and cifs/ map onto host/ without explicit entries. Andrew Bartlett Andrew Bartlett Modified: trunk/heimdal/lib/gssapi/accept_sec_context.c trunk/heimdal/lib/hdb/hdb-ldb.c trunk/heimdal/lib/krb5/krb5-private.h trunk/heimdal/lib/krb5/rd_rep.c Changeset: Sorry, the patch is too large (352 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=297
svn commit: samba r6884 - in branches/SAMBA_4_0/source/setup: .
Author: metze Date: 2005-05-18 14:29:23 + (Wed, 18 May 2005) New Revision: 6884 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6884 Log: the invocationID is only used as objectGUID on the NTDS Settings object on the first DC in the forest! metze Modified: branches/SAMBA_4_0/source/setup/provision.ldif Changeset: Modified: branches/SAMBA_4_0/source/setup/provision.ldif === --- branches/SAMBA_4_0/source/setup/provision.ldif 2005-05-18 14:19:17 UTC (rev 6883) +++ branches/SAMBA_4_0/source/setup/provision.ldif 2005-05-18 14:29:23 UTC (rev 6884) @@ -1237,7 +1237,7 @@ name: Services systemFlags: 0x8000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${INVOCATIONID} +objectGUID: ${NEWGUID} dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} objectClass: top @@ -1251,7 +1251,7 @@ showInAdvancedViewOnly: TRUE name: Windows NT objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${INVOCATIONID} +objectGUID: ${NEWGUID} dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} objectClass: top @@ -1265,7 +1265,7 @@ showInAdvancedViewOnly: TRUE name: Directory Service objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${INVOCATIONID} +objectGUID: ${NEWGUID} sPNMappings: host=ldap,dns,cifs
svn commit: samba r6885 - in trunk/source: param rpc_server smbd
Author: jerry Date: 2005-05-18 14:35:11 + (Wed, 18 May 2005) New Revision: 6885 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6885 Log: add new parameter 'enable asu support' which defaults to yes. Way back in Samba 2.x days (maybe 2.0.x) the ADMIN$ share was added as an IPC share to allow an ASU client to join a Samba domain. I haven't been able to get traces to confirm that this is in fact the case. But until it can be proven otherwise, we have to assume this is true. This parameter is used to turn on/off those hacks that are needed for ASU clients. By setting 'enable asu support = no', an administrator can add an [ADMIN$] share to smb.conf. Which is required by certain apps like Microsoft's Print Migrator. Modified: trunk/source/param/loadparm.c trunk/source/rpc_server/srv_srvsvc_nt.c trunk/source/smbd/service.c Changeset: Modified: trunk/source/param/loadparm.c === --- trunk/source/param/loadparm.c 2005-05-18 14:29:23 UTC (rev 6884) +++ trunk/source/param/loadparm.c 2005-05-18 14:35:11 UTC (rev 6885) @@ -308,6 +308,7 @@ BOOL bUseKerberosKeytab; BOOL bDeferSharingViolations; BOOL bEnablePrivileges; + BOOL bASUSupport; int restrict_anonymous; int name_cache_timeout; int client_signing; @@ -952,6 +953,7 @@ {server signing, P_ENUM, P_GLOBAL, Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, {client use spnego, P_BOOL, P_GLOBAL, Globals.bClientUseSpnego, NULL, NULL, FLAG_ADVANCED}, + {enable asu support, P_BOOL, P_GLOBAL, Globals.bASUSupport, NULL, NULL, FLAG_ADVANCED}, {enable svcctl, P_LIST, P_GLOBAL, Globals.szServicesList, NULL, NULL, FLAG_ADVANCED}, {N_(Tuning Options), P_SEP, P_SEPARATOR}, @@ -1603,6 +1605,8 @@ operations as root */ Globals.bEnablePrivileges = False; + + Globals.bASUSupport = True; Globals.szServicesList = str_list_make( Spooler NETLOGON, NULL ); } @@ -1858,6 +1862,7 @@ FN_GLOBAL_BOOL(lp_use_kerberos_keytab, Globals.bUseKerberosKeytab) FN_GLOBAL_BOOL(lp_defer_sharing_violations, Globals.bDeferSharingViolations) FN_GLOBAL_BOOL(lp_enable_privileges, Globals.bEnablePrivileges) +FN_GLOBAL_BOOL(lp_enable_asu_support, Globals.bASUSupport) FN_GLOBAL_INTEGER(lp_os_level, Globals.os_level) FN_GLOBAL_INTEGER(lp_max_ttl, Globals.max_ttl) FN_GLOBAL_INTEGER(lp_max_wins_ttl, Globals.max_wins_ttl) @@ -4035,7 +4040,8 @@ /* When 'restrict anonymous = 2' guest connections to ipc$ are denied */ lp_add_ipc(IPC$, (lp_restrict_anonymous() 2)); - /* lp_add_ipc(ADMIN$, False); */ + if ( lp_enable_asu_support() ) + lp_add_ipc(ADMIN$, False); } set_server_role(); Modified: trunk/source/rpc_server/srv_srvsvc_nt.c === --- trunk/source/rpc_server/srv_srvsvc_nt.c 2005-05-18 14:29:23 UTC (rev 6884) +++ trunk/source/rpc_server/srv_srvsvc_nt.c 2005-05-18 14:35:11 UTC (rev 6885) @@ -1480,7 +1480,7 @@ Check a given DOS pathname is valid for a share. / -static char *valid_share_pathname(char *dos_pathname) +char *valid_share_pathname(char *dos_pathname) { char *ptr; @@ -1493,7 +1493,7 @@ if (strlen(dos_pathname) 2 ptr[1] == ':' ptr[0] != '/') ptr += 2; - /* Only abolute paths allowed. */ + /* Only absolute paths allowed. */ if (*ptr != '/') return NULL; @@ -1525,8 +1525,12 @@ r_u-parm_error = 0; - if (strequal(share_name,IPC$) || strequal(share_name,ADMIN$) || strequal(share_name,global)) + if ( strequal(share_name,IPC$) + || ( lp_enable_asu_support() strequal(share_name,ADMIN$) ) + || strequal(share_name,global) ) + { return WERR_ACCESS_DENIED; + } snum = find_service(share_name); @@ -1756,8 +1760,12 @@ return WERR_UNKNOWN_LEVEL; } - if (strequal(share_name,IPC$) || strequal(share_name,ADMIN$) || strequal(share_name,global)) + if ( strequal(share_name,IPC$) + || ( lp_enable_asu_support() strequal(share_name,ADMIN$) ) + || strequal(share_name,global) ) + { return WERR_ACCESS_DENIED; + } snum = find_service(share_name); @@ -1839,8 +1847,12 @@ unistr2_to_ascii(share_name, q_u-uni_share_name, sizeof(share_name)); - if (strequal(share_name,IPC$) || strequal(share_name,ADMIN$) || strequal(share_name,global)) + if ( strequal(share_name,IPC$) + || ( lp_enable_asu_support() strequal(share_name,ADMIN$) ) + ||
svn commit: samba r6886 - in branches/tmp/pidl2/source: build/pidl build/pidl/tests lib/ldb/ldb_tdb
Author: jelmer Date: 2005-05-18 15:49:46 + (Wed, 18 May 2005) New Revision: 6886 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6886 Log: Get rid of goto, merge some more changes Modified: branches/tmp/pidl2/source/build/pidl/ndr_parser.pm branches/tmp/pidl2/source/build/pidl/tests/ndr_string.pl branches/tmp/pidl2/source/lib/ldb/ldb_tdb/ldb_tdb.c Changeset: Sorry, the patch is too large (287 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6886
svn commit: samba r6887 - in branches/tmp/pidl2/source/build/pidl: .
Author: jelmer Date: 2005-05-18 16:17:07 + (Wed, 18 May 2005) New Revision: 6887 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6887 Log: Print error messages in the standard format for compilers: filename:linenumber:error-message Modified: branches/tmp/pidl2/source/build/pidl/idl.pm branches/tmp/pidl2/source/build/pidl/idl.yp branches/tmp/pidl2/source/build/pidl/validator.pm Changeset: Sorry, the patch is too large (768 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6887
svn commit: samba r6888 - in branches/tmp/pidl2/source/build/pidl: .
Author: jelmer Date: 2005-05-18 16:43:23 + (Wed, 18 May 2005) New Revision: 6888 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6888 Log: Initial work on getting pidl to (optionally) warn about used pidl extensions. Added: branches/tmp/pidl2/source/build/pidl/compat.pm Modified: branches/tmp/pidl2/source/build/pidl/pidl.pl Changeset: Added: branches/tmp/pidl2/source/build/pidl/compat.pm === --- branches/tmp/pidl2/source/build/pidl/compat.pm 2005-05-18 16:17:07 UTC (rev 6887) +++ branches/tmp/pidl2/source/build/pidl/compat.pm 2005-05-18 16:43:23 UTC (rev 6888) @@ -0,0 +1,55 @@ +### +# IDL Compatibility checker +# Copyright [EMAIL PROTECTED] 2005 +# released under the GNU GPL + +package IDLCompat; + +use strict; + +my($res); + +sub warning($$) +{ + my $l = shift; + my $m = shift; + + print $l-{FILE}:$l-{LINE}:$m\n; +} + +sub CheckInterface($) +{ + my $if = shift; + if (util::has_property($if, pointer_default_top)) { + warning($if, pointer_default_top() is pidl-specific); + } + + foreach my $x (@{$if-{DATA}}) { + if ($x-{TYPE} eq DECLARE) { + warning($if, the declare keyword is pidl-specific); + next; + } + + if ($x-{TYPE} eq TYPEDEF) { + if ($x-{DATA}-{TYPE} eq UNION) { + if (util::has_property($x, nodiscriminant)) { + warning($x, nodiscriminant property is pidl-specific); + } + } + } + } +} + +sub Check($) +{ + my $pidl = shift; + my $res = ; + + foreach my $x (@{$pidl}) { + CheckInterface($x) if ($x-{TYPE} eq INTERFACE); + } + + return $res; +} + +1; Modified: branches/tmp/pidl2/source/build/pidl/pidl.pl === --- branches/tmp/pidl2/source/build/pidl/pidl.pl2005-05-18 16:17:07 UTC (rev 6887) +++ branches/tmp/pidl2/source/build/pidl/pidl.pl2005-05-18 16:43:23 UTC (rev 6888) @@ -29,6 +29,7 @@ use util; use template; use swig; +use compat; my($opt_help) = 0; my($opt_parse) = 0; @@ -47,6 +48,7 @@ my($opt_odl) = 0; my($opt_quiet) = 0; my($opt_output); +my($opt_warn_compat) = 0; my $idl_parser = new idl; @@ -87,6 +89,7 @@ --odl accept ODL input --dcom-proxy create DCOM proxy (implies --odl) --com-header create header for COM interfaces (implies --odl) +--warn-compat warn about incompatibility with other compilers --quiet be quiet \n; exit(0); @@ -110,7 +113,8 @@ 'swig' = \$opt_swig, 'dcom-proxy' = \$opt_dcom_proxy, 'com-header' = \$opt_com_header, - 'quiet' = \$opt_quiet + 'quiet' = \$opt_quiet, + 'warn-compat' = \$opt_warn_compat ); if ($opt_help) { @@ -185,6 +189,10 @@ $opt_odl = 1; } + if ($opt_warn_compat) { + IDLCompat::Check($pidl); + } + if ($opt_odl) { $pidl = ODL::ODL2IDL($pidl); }
svn commit: samba r6889 - in trunk/source: lib printing rpc_server smbd
Author: jra Date: 2005-05-18 18:02:12 + (Wed, 18 May 2005) New Revision: 6889 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6889 Log: Refactor printing interface to take offset into job. Fixes bug where large print jobs can have out-of-order offsets. Bug found by Arcady Chernyak [EMAIL PROTECTED] Jeremy. Modified: trunk/source/lib/util.c trunk/source/lib/util_sock.c trunk/source/printing/printing.c trunk/source/rpc_server/srv_spoolss_nt.c trunk/source/smbd/fileio.c Changeset: Modified: trunk/source/lib/util.c === --- trunk/source/lib/util.c 2005-05-18 16:43:23 UTC (rev 6888) +++ trunk/source/lib/util.c 2005-05-18 18:02:12 UTC (rev 6889) @@ -640,6 +640,46 @@ #endif } +/*** + Write data into an fd at a given offset. Ignore seek errors. +/ + +ssize_t write_data_at_offset(int fd, const char *buffer, size_t N, SMB_OFF_T pos) +{ + size_t total=0; + ssize_t ret; + + if (pos == (SMB_OFF_T)-1) { + return write_data(fd, buffer, N); + } +#if defined(HAVE_PWRITE) || defined(HAVE_PRWITE64) + while (total N) { + ret = sys_pwrite(fd,buffer + total,N - total, pos); + if (ret == -1 errno == ESPIPE) { + return write_data(fd, buffer + total,N - total); + } + if (ret == -1) { + DEBUG(0,(write_data_at_offset: write failure. Error = %s\n, strerror(errno) )); + return -1; + } + if (ret == 0) { + return total; + } + total += ret; + pos += ret; + } + return (ssize_t)total; +#else + /* Use lseek and write_data. */ + if (sys_lseek(fd, pos, SEEK_SET) == -1) { + if (errno != ESPIPE) { + return -1; + } + } + return write_data(fd, buffer, N); +#endif +} + / Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available, else Modified: trunk/source/lib/util_sock.c === --- trunk/source/lib/util_sock.c2005-05-18 16:43:23 UTC (rev 6888) +++ trunk/source/lib/util_sock.c2005-05-18 18:02:12 UTC (rev 6889) @@ -490,7 +490,7 @@ Write data to a socket - use send rather than write. / -static ssize_t write_socket_data(int fd,char *buffer,size_t N) +static ssize_t write_socket_data(int fd, const char *buffer, size_t N) { size_t total=0; ssize_t ret; @@ -514,7 +514,7 @@ Write to a socket. / -ssize_t write_socket(int fd,char *buf,size_t len) +ssize_t write_socket(int fd, const char *buf, size_t len) { ssize_t ret=0; @@ -552,7 +552,7 @@ Timeout is in milliseconds. / -static ssize_t read_smb_length_return_keepalive(int fd,char *inbuf,unsigned int timeout) +static ssize_t read_smb_length_return_keepalive(int fd, char *inbuf, unsigned int timeout) { ssize_t len=0; int msg_type; @@ -586,7 +586,7 @@ Timeout is in milliseconds. / -ssize_t read_smb_length(int fd,char *inbuf,unsigned int timeout) +ssize_t read_smb_length(int fd, char *inbuf, unsigned int timeout) { ssize_t len; @@ -615,7 +615,7 @@ Doesn't check the MAC on signed packets. / -BOOL receive_smb_raw(int fd,char *buffer, unsigned int timeout) +BOOL receive_smb_raw(int fd, char *buffer, unsigned int timeout) { ssize_t len,ret; @@ -680,7 +680,7 @@ Checks the MAC on signed packets. / -BOOL receive_smb(int fd,char *buffer, unsigned int timeout) +BOOL receive_smb(int fd, char *buffer, unsigned int timeout) { if (!receive_smb_raw(fd, buffer, timeout)) { return False; @@ -701,7 +701,7 @@ Send an smb to a fd. / -BOOL send_smb(int fd,char *buffer) +BOOL send_smb(int fd, char *buffer) { size_t len; size_t nwritten=0; Modified: trunk/source/printing/printing.c === --- trunk/source/printing/printing.c2005-05-18 16:43:23 UTC (rev 6888) +++ trunk/source/printing/printing.c2005-05-18 18:02:12 UTC (rev 6889) @@
svn commit: samba r6890 - in branches/SAMBA_3_0/source: lib printing rpc_server smbd
Author: jra Date: 2005-05-18 18:02:15 + (Wed, 18 May 2005) New Revision: 6890 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6890 Log: Refactor printing interface to take offset into job. Fixes bug where large print jobs can have out-of-order offsets. Bug found by Arcady Chernyak [EMAIL PROTECTED] Jeremy. Modified: branches/SAMBA_3_0/source/lib/util.c branches/SAMBA_3_0/source/lib/util_sock.c branches/SAMBA_3_0/source/printing/printing.c branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c branches/SAMBA_3_0/source/smbd/fileio.c Changeset: Modified: branches/SAMBA_3_0/source/lib/util.c === --- branches/SAMBA_3_0/source/lib/util.c2005-05-18 18:02:12 UTC (rev 6889) +++ branches/SAMBA_3_0/source/lib/util.c2005-05-18 18:02:15 UTC (rev 6890) @@ -640,6 +640,46 @@ #endif } +/*** + Write data into an fd at a given offset. Ignore seek errors. +/ + +ssize_t write_data_at_offset(int fd, const char *buffer, size_t N, SMB_OFF_T pos) +{ + size_t total=0; + ssize_t ret; + + if (pos == (SMB_OFF_T)-1) { + return write_data(fd, buffer, N); + } +#if defined(HAVE_PWRITE) || defined(HAVE_PRWITE64) + while (total N) { + ret = sys_pwrite(fd,buffer + total,N - total, pos); + if (ret == -1 errno == ESPIPE) { + return write_data(fd, buffer + total,N - total); + } + if (ret == -1) { + DEBUG(0,(write_data_at_offset: write failure. Error = %s\n, strerror(errno) )); + return -1; + } + if (ret == 0) { + return total; + } + total += ret; + pos += ret; + } + return (ssize_t)total; +#else + /* Use lseek and write_data. */ + if (sys_lseek(fd, pos, SEEK_SET) == -1) { + if (errno != ESPIPE) { + return -1; + } + } + return write_data(fd, buffer, N); +#endif +} + / Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available, else Modified: branches/SAMBA_3_0/source/lib/util_sock.c === --- branches/SAMBA_3_0/source/lib/util_sock.c 2005-05-18 18:02:12 UTC (rev 6889) +++ branches/SAMBA_3_0/source/lib/util_sock.c 2005-05-18 18:02:15 UTC (rev 6890) @@ -403,7 +403,7 @@ Write data to a fd. / -ssize_t write_data(int fd,char *buffer,size_t N) +ssize_t write_data(int fd, const char *buffer, size_t N) { size_t total=0; ssize_t ret; @@ -427,7 +427,7 @@ Write data to a socket - use send rather than write. / -static ssize_t write_socket_data(int fd,char *buffer,size_t N) +static ssize_t write_socket_data(int fd, const char *buffer, size_t N) { size_t total=0; ssize_t ret; @@ -451,7 +451,7 @@ Write to a socket. / -ssize_t write_socket(int fd,char *buf,size_t len) +ssize_t write_socket(int fd, const char *buf, size_t len) { ssize_t ret=0; @@ -489,7 +489,7 @@ Timeout is in milliseconds. / -static ssize_t read_smb_length_return_keepalive(int fd,char *inbuf,unsigned int timeout) +static ssize_t read_smb_length_return_keepalive(int fd, char *inbuf, unsigned int timeout) { ssize_t len=0; int msg_type; @@ -523,7 +523,7 @@ Timeout is in milliseconds. / -ssize_t read_smb_length(int fd,char *inbuf,unsigned int timeout) +ssize_t read_smb_length(int fd, char *inbuf, unsigned int timeout) { ssize_t len; @@ -552,7 +552,7 @@ Doesn't check the MAC on signed packets. / -BOOL receive_smb_raw(int fd,char *buffer, unsigned int timeout) +BOOL receive_smb_raw(int fd, char *buffer, unsigned int timeout) { ssize_t len,ret; @@ -617,7 +617,7 @@ Checks the MAC on signed packets. / -BOOL receive_smb(int fd,char *buffer, unsigned int timeout) +BOOL receive_smb(int fd, char *buffer, unsigned int timeout) { if (!receive_smb_raw(fd, buffer, timeout)) { return False; @@ -638,7 +638,7 @@ Send an smb to a fd.
svn commit: samba r6891 - in branches/tmp/pidl2/source/build/pidl: .
Author: jelmer Date: 2005-05-18 19:44:00 + (Wed, 18 May 2005) New Revision: 6891 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6891 Log: Fix another allocation bug. smbd appears to work correctly now! :-) Modified: branches/tmp/pidl2/source/build/pidl/ndr_parser.pm Changeset: Modified: branches/tmp/pidl2/source/build/pidl/ndr_parser.pm === --- branches/tmp/pidl2/source/build/pidl/ndr_parser.pm 2005-05-18 18:02:15 UTC (rev 6890) +++ branches/tmp/pidl2/source/build/pidl/ndr_parser.pm 2005-05-18 19:44:00 UTC (rev 6891) @@ -1939,8 +1939,27 @@ ParseElementPull($e, ndr, r-in., $env, 1, 1); } + # allocate the simple out ref variables. FIXME: Shouldn't this have it's + # own flag rather then be in NDR_IN ? + + foreach my $e (@{$fn-{ELEMENTS}}) { + next unless (grep(/out/, @{$e-{DIRECTION}})); + next unless ($e-{LEVELS}[0]-{TYPE} eq POINTER and +$e-{LEVELS}[0]-{POINTER_TYPE} eq ref); + next unless ($e-{LEVELS}[1]-{TYPE} eq DATA); + + pidl NDR_ALLOC(ndr, r-out.$e-{NAME});; + + if (grep(/in/, @{$e-{DIRECTION}})) { + pidl *r-out.$e-{NAME} = *r-in.$e-{NAME};; + } else { + pidl ZERO_STRUCTP(r-out.$e-{NAME});; + } + } + deindent; pidl }; + pidl if (flags NDR_OUT) {; indent;
svn commit: lorikeet r298 - in trunk: .
Author: tpot Date: 2005-05-18 20:50:33 + (Wed, 18 May 2005) New Revision: 298 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=298 Log: Rename old version of ntacl-lsm module. Added: trunk/ntacl-lsm.old/ Removed: trunk/ntacl-lsm/ Changeset: Copied: trunk/ntacl-lsm.old (from rev 297, trunk/ntacl-lsm)
svn commit: samba r6892 - in branches/tmp/pidl2/source/build/pidl: .
Author: jelmer Date: 2005-05-18 20:52:42 + (Wed, 18 May 2005) New Revision: 6892 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6892 Log: More allocation fixes. smbd works now! Modified: branches/tmp/pidl2/source/build/pidl/ndr_parser.pm Changeset: Modified: branches/tmp/pidl2/source/build/pidl/ndr_parser.pm === --- branches/tmp/pidl2/source/build/pidl/ndr_parser.pm 2005-05-18 19:44:00 UTC (rev 6891) +++ branches/tmp/pidl2/source/build/pidl/ndr_parser.pm 2005-05-18 20:52:42 UTC (rev 6892) @@ -1946,14 +1946,27 @@ next unless (grep(/out/, @{$e-{DIRECTION}})); next unless ($e-{LEVELS}[0]-{TYPE} eq POINTER and $e-{LEVELS}[0]-{POINTER_TYPE} eq ref); - next unless ($e-{LEVELS}[1]-{TYPE} eq DATA); - pidl NDR_ALLOC(ndr, r-out.$e-{NAME});; + + if ($e-{LEVELS}[1]-{TYPE} eq ARRAY) { + my $size = ParseExpr($e-{LEVELS}[1]-{SIZE_IS}, $env); + check_null_pointer($size); + + pidl NDR_ALLOC_N(ndr, r-out.$e-{NAME}, $size);; + + if (grep(/in/, @{$e-{DIRECTION}})) { + pidl memcpy(r-out.$e-{NAME}, r-in.$e-{NAME}, $size * sizeof(*r-in.$e-{NAME}));; + } else { + pidl memset(r-out.$e-{NAME}, 0, $size * sizeof(*r-out.$e-{NAME}));; + } + } else { + pidl NDR_ALLOC(ndr, r-out.$e-{NAME});; - if (grep(/in/, @{$e-{DIRECTION}})) { - pidl *r-out.$e-{NAME} = *r-in.$e-{NAME};; - } else { - pidl ZERO_STRUCTP(r-out.$e-{NAME});; + if (grep(/in/, @{$e-{DIRECTION}})) { + pidl *r-out.$e-{NAME} = *r-in.$e-{NAME};; + } else { + pidl ZERO_STRUCTP(r-out.$e-{NAME});; + } } }
svn commit: samba r6893 - in trunk/source: . registry rpc_server
Author: jerry Date: 2005-05-18 20:56:22 + (Wed, 18 May 2005) New Revision: 6893 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6893 Log: RegSaveKey() implementation. Sort of working. The registry file is written. Probably needs some more paranoia checks. But for some reason, I can load the file on a Windows 2000 box. H. Modified: trunk/source/Makefile.in trunk/source/registry/reg_frontend.c trunk/source/registry/regfio.c trunk/source/rpc_server/srv_reg_nt.c Changeset: Sorry, the patch is too large (387 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6893
svn commit: lorikeet r299 - in trunk: . ntacl-lsm
Author: tpot Date: 2005-05-18 21:38:10 + (Wed, 18 May 2005) New Revision: 299 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=299 Log: This is the new version of my ntacl-lsm module. It has the advantage over the old version of a) using much newer ndr routines b) autogenerated pidl code from newer IDL files and c) actually compiling. Last time I checked the unlink() system call caused a parse of any ACL attached to the file to be deleted, but the actual access check is not done. Added: trunk/ntacl-lsm/ trunk/ntacl-lsm/Makefile trunk/ntacl-lsm/access_check.c trunk/ntacl-lsm/dlinklist.h trunk/ntacl-lsm/includes.h trunk/ntacl-lsm/main.c trunk/ntacl-lsm/ndr.c trunk/ntacl-lsm/ndr_misc.h trunk/ntacl-lsm/ndr_misc_pull.c trunk/ntacl-lsm/ndr_security.h trunk/ntacl-lsm/ndr_security_pull.c trunk/ntacl-lsm/ndr_xattr.h trunk/ntacl-lsm/ndr_xattr_pull.c trunk/ntacl-lsm/talloc.c Changeset: Sorry, the patch is too large (2871 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=299
svn commit: samba-docs r564 - in trunk/Samba-HOWTO-Collection: .
Author: jht Date: 2005-05-18 21:44:30 + (Wed, 18 May 2005) New Revision: 564 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=564 Log: Adding missing files. Added: trunk/Samba-HOWTO-Collection/TOSHARG-SecureLDAP.xml trunk/Samba-HOWTO-Collection/TOSHARG-preface.xml Changeset: Sorry, the patch is too large (478 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=564
svn commit: samba r6894 - in branches/tmp/pidl2/source: auth libcli rpc_server torture utils
Author: jelmer Date: 2005-05-18 23:22:29 + (Wed, 18 May 2005) New Revision: 6894 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6894 Log: Fix some config issues Modified: branches/tmp/pidl2/source/auth/config.mk branches/tmp/pidl2/source/libcli/config.mk branches/tmp/pidl2/source/rpc_server/config.mk branches/tmp/pidl2/source/torture/config.mk branches/tmp/pidl2/source/utils/config.mk Changeset: Modified: branches/tmp/pidl2/source/auth/config.mk === --- branches/tmp/pidl2/source/auth/config.mk2005-05-18 20:56:22 UTC (rev 6893) +++ branches/tmp/pidl2/source/auth/config.mk2005-05-18 23:22:29 UTC (rev 6894) @@ -31,7 +31,7 @@ auth/auth_winbind.o REQUIRED_SUBSYSTEMS = \ LIB_WINBIND_CLIENT \ - NDR_NETLOGON NDR + NDR_NETLOGON LIBNDR # End MODULE auth_winbind ### @@ -43,7 +43,7 @@ INIT_OBJ_FILES = \ auth/auth_domain.o REQUIRED_SUBSYSTEMS = \ - NDR_NETLOGON NDR + NDR_NETLOGON LIBNDR # End MODULE auth_winbind ### Modified: branches/tmp/pidl2/source/libcli/config.mk === --- branches/tmp/pidl2/source/libcli/config.mk 2005-05-18 20:56:22 UTC (rev 6893) +++ branches/tmp/pidl2/source/libcli/config.mk 2005-05-18 23:22:29 UTC (rev 6894) @@ -35,7 +35,7 @@ libcli/nbt/nameregister.o \ libcli/nbt/namerefresh.o \ libcli/nbt/namerelease.o -REQUIRED_SUBSYSTEMS = NDR_RAW NDR_NBT SOCKET LIBCLI_COMPOSITE_BASE LIBEVENTS +REQUIRED_SUBSYSTEMS = LIBNDR_RAW NDR_NBT SOCKET LIBCLI_COMPOSITE_BASE LIBEVENTS [SUBSYSTEM::LIBCLI_DGRAM] ADD_OBJ_FILES = \ Modified: branches/tmp/pidl2/source/rpc_server/config.mk === --- branches/tmp/pidl2/source/rpc_server/config.mk 2005-05-18 20:56:22 UTC (rev 6893) +++ branches/tmp/pidl2/source/rpc_server/config.mk 2005-05-18 23:22:29 UTC (rev 6894) @@ -197,7 +197,7 @@ rpc_server/handles.o REQUIRED_SUBSYSTEMS = \ LIBCLI_AUTH \ - NDR + LIBNDR # # End SUBSYSTEM DCERPC Modified: branches/tmp/pidl2/source/torture/config.mk === --- branches/tmp/pidl2/source/torture/config.mk 2005-05-18 20:56:22 UTC (rev 6893) +++ branches/tmp/pidl2/source/torture/config.mk 2005-05-18 23:22:29 UTC (rev 6894) @@ -63,7 +63,7 @@ ADD_OBJ_FILES = \ torture/com/simple.o REQUIRED_SUBSYSTEMS = \ - LIBCOM LIBDCOM + COM DCOM # End SUBSYSTEM TORTURE_COM # Modified: branches/tmp/pidl2/source/utils/config.mk === --- branches/tmp/pidl2/source/utils/config.mk 2005-05-18 20:56:22 UTC (rev 6893) +++ branches/tmp/pidl2/source/utils/config.mk 2005-05-18 23:22:29 UTC (rev 6894) @@ -10,7 +10,7 @@ LIBCMDLINE \ LIBBASIC \ NDR_ALL \ - RPC + LIBRPC # FIXME: ndrdump shouldn't have to depend on RPC... # End BINARY ndrdump # @@ -25,7 +25,7 @@ LIBCMDLINE \ LIBBASIC \ LIBSMB \ - RPC + LIBRPC # End BINARY ntlm_auth # @@ -38,7 +38,7 @@ CONFIG \ LIBCMDLINE \ LIBBASIC \ - RPC \ + LIBRPC \ NDR_XATTR # End BINARY getntacl # @@ -52,7 +52,7 @@ CONFIG \ LIBCMDLINE \ LIBBASIC \ - RPC + LIBRPC # End BINARY setntacl # @@ -65,7 +65,7 @@ CONFIG \ LIBCMDLINE \ LIBBASIC \ - RPC \ + LIBRPC \ NDR_XATTR \ NDR_SAMR # End BINARY setnttoken
svn commit: samba r6895 - in branches/SAMBA_3_0/source: param smbd
Author: jra Date: 2005-05-18 23:37:35 + (Wed, 18 May 2005) New Revision: 6895 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6895 Log: Add acl check permissions to turn on/off the new behaviour of checking for write access in a directory before delete. Also controls checking for write access before labeling a file read-only if DOS attributes are not being stored in EA's. Docuementation to follow. Jeremy. Modified: branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/smbd/dosmode.c branches/SAMBA_3_0/source/smbd/nttrans.c branches/SAMBA_3_0/source/smbd/posix_acls.c Changeset: Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2005-05-18 23:22:29 UTC (rev 6894) +++ branches/SAMBA_3_0/source/param/loadparm.c 2005-05-18 23:37:35 UTC (rev 6895) @@ -436,6 +436,7 @@ BOOL bMap_acl_inherit; BOOL bAfs_Share; BOOL bEASupport; + BOOL bAclCheckPermissions; int iallocation_roundup_size; param_opt_struct *param_opt; @@ -563,6 +564,7 @@ False, /* bMap_acl_inherit */ False, /* bAfs_Share */ False, /* bEASupport */ + True, /* bAclCheckPermissions */ SMB_ROUNDUP_ALLOCATION_SIZE,/* iallocation_roundup_size */ NULL, /* Parametric options */ @@ -865,6 +867,7 @@ {writeable, P_BOOLREV, P_LOCAL, sDefault.bRead_only, NULL, NULL, FLAG_HIDE}, {writable, P_BOOLREV, P_LOCAL, sDefault.bRead_only, NULL, NULL, FLAG_HIDE}, + {acl check permissions, P_BOOL, P_LOCAL, sDefault.bAclCheckPermissions, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, {create mask, P_OCTAL, P_LOCAL, sDefault.iCreate_mask, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, {create mode, P_OCTAL, P_LOCAL, sDefault.iCreate_mask, NULL, NULL, FLAG_HIDE}, {force create mode, P_OCTAL, P_LOCAL, sDefault.iCreate_force_mode, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, @@ -1968,6 +1971,7 @@ FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls) FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit) FN_LOCAL_BOOL(lp_afs_share, bAfs_Share) +FN_LOCAL_BOOL(lp_acl_check_permissions, bAclCheckPermissions) FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask) FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode) FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask) Modified: branches/SAMBA_3_0/source/smbd/dosmode.c === --- branches/SAMBA_3_0/source/smbd/dosmode.c2005-05-18 23:22:29 UTC (rev 6894) +++ branches/SAMBA_3_0/source/smbd/dosmode.c2005-05-18 23:37:35 UTC (rev 6895) @@ -116,13 +116,18 @@ Change a unix mode to a dos mode. / -uint32 dos_mode_from_sbuf(connection_struct *conn, SMB_STRUCT_STAT *sbuf) +uint32 dos_mode_from_sbuf(connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbuf) { int result = 0; - if ((sbuf-st_mode S_IWUSR) == 0) + if (lp_acl_check_permissions(SNUM(conn))) { + if (!can_write_to_file(conn, path, sbuf)) { + result |= aRONLY; + } + } else if ((sbuf-st_mode S_IWUSR) == 0) { result |= aRONLY; - + } + if (MAP_ARCHIVE(conn) ((sbuf-st_mode S_IXUSR) != 0)) result |= aARCH; @@ -291,7 +296,7 @@ return result; } - result = dos_mode_from_sbuf(conn, sbuf); + result = dos_mode_from_sbuf(conn, path, sbuf); /* Now do any modifications that depend on the path name. */ /* hide files with a name starting with a . */ @@ -433,9 +438,11 @@ int file_utime(connection_struct *conn, const char *fname, struct utimbuf *times) { + SMB_STRUCT_STAT sbuf; int ret = -1; errno = 0; + ZERO_STRUCT(sbuf); if(SMB_VFS_UTIME(conn,fname, times) == 0) return 0; @@ -453,7 +460,7 @@ */ /* Check if we have write access. */ - if (can_write_to_file(conn, fname)) { + if (can_write_to_file(conn, fname, sbuf)) { /* We are allowed to become root and change the filetime. */ become_root(); ret = SMB_VFS_UTIME(conn,fname, times); Modified: branches/SAMBA_3_0/source/smbd/nttrans.c === --- branches/SAMBA_3_0/source/smbd/nttrans.c2005-05-18 23:22:29 UTC (rev 6894) +++ branches/SAMBA_3_0/source/smbd/nttrans.c2005-05-18 23:37:35 UTC (rev 6895) @@ -802,7 +802,7 @@ if (desired_access DELETE_ACCESS) { #else /* Setting FILE_SHARE_DELETE is the hint. */ - if ((share_access
svn commit: samba r6896 - in trunk/source: param smbd
Author: jra Date: 2005-05-18 23:39:02 + (Wed, 18 May 2005) New Revision: 6896 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6896 Log: Add acl check permissions to turn on/off the new behaviour of checking for write access in a directory before delete. Also controls checking for write access before labeling a file read-only if DOS attributes are not being stored in EA's. Docuementation to follow. Jeremy. Modified: trunk/source/param/loadparm.c trunk/source/smbd/dosmode.c trunk/source/smbd/nttrans.c trunk/source/smbd/posix_acls.c Changeset: Modified: trunk/source/param/loadparm.c === --- trunk/source/param/loadparm.c 2005-05-18 23:37:35 UTC (rev 6895) +++ trunk/source/param/loadparm.c 2005-05-18 23:39:02 UTC (rev 6896) @@ -441,6 +441,7 @@ BOOL bMap_acl_inherit; BOOL bAfs_Share; BOOL bEASupport; + BOOL bAclCheckPermissions; int iallocation_roundup_size; param_opt_struct *param_opt; @@ -568,6 +569,7 @@ False, /* bMap_acl_inherit */ False, /* bAfs_Share */ False, /* bEASupport */ + True, /* bAclCheckPermissions */ SMB_ROUNDUP_ALLOCATION_SIZE,/* iallocation_roundup_size */ NULL, /* Parametric options */ @@ -871,6 +873,7 @@ {writeable, P_BOOLREV, P_LOCAL, sDefault.bRead_only, NULL, NULL, FLAG_HIDE}, {writable, P_BOOLREV, P_LOCAL, sDefault.bRead_only, NULL, NULL, FLAG_HIDE}, + {acl check permissions, P_BOOL, P_LOCAL, sDefault.bAclCheckPermissions, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, {create mask, P_OCTAL, P_LOCAL, sDefault.iCreate_mask, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, {create mode, P_OCTAL, P_LOCAL, sDefault.iCreate_mask, NULL, NULL, FLAG_HIDE}, {force create mode, P_OCTAL, P_LOCAL, sDefault.iCreate_force_mode, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, @@ -1990,6 +1993,7 @@ FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls) FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit) FN_LOCAL_BOOL(lp_afs_share, bAfs_Share) +FN_LOCAL_BOOL(lp_acl_check_permissions, bAclCheckPermissions) FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask) FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode) FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask) Modified: trunk/source/smbd/dosmode.c === --- trunk/source/smbd/dosmode.c 2005-05-18 23:37:35 UTC (rev 6895) +++ trunk/source/smbd/dosmode.c 2005-05-18 23:39:02 UTC (rev 6896) @@ -116,13 +116,18 @@ Change a unix mode to a dos mode. / -uint32 dos_mode_from_sbuf(connection_struct *conn, SMB_STRUCT_STAT *sbuf) +uint32 dos_mode_from_sbuf(connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbuf) { int result = 0; - if ((sbuf-st_mode S_IWUSR) == 0) + if (lp_acl_check_permissions(SNUM(conn))) { + if (!can_write_to_file(conn, path, sbuf)) { + result |= aRONLY; + } + } else if ((sbuf-st_mode S_IWUSR) == 0) { result |= aRONLY; - + } + if (MAP_ARCHIVE(conn) ((sbuf-st_mode S_IXUSR) != 0)) result |= aARCH; @@ -291,7 +296,7 @@ return result; } - result = dos_mode_from_sbuf(conn, sbuf); + result = dos_mode_from_sbuf(conn, path, sbuf); /* Now do any modifications that depend on the path name. */ /* hide files with a name starting with a . */ @@ -433,9 +438,11 @@ int file_utime(connection_struct *conn, const char *fname, struct utimbuf *times) { + SMB_STRUCT_STAT sbuf; int ret = -1; errno = 0; + ZERO_STRUCT(sbuf); if(SMB_VFS_UTIME(conn,fname, times) == 0) return 0; @@ -453,7 +460,7 @@ */ /* Check if we have write access. */ - if (can_write_to_file(conn, fname)) { + if (can_write_to_file(conn, fname, sbuf)) { /* We are allowed to become root and change the filetime. */ become_root(); ret = SMB_VFS_UTIME(conn,fname, times); Modified: trunk/source/smbd/nttrans.c === --- trunk/source/smbd/nttrans.c 2005-05-18 23:37:35 UTC (rev 6895) +++ trunk/source/smbd/nttrans.c 2005-05-18 23:39:02 UTC (rev 6896) @@ -802,7 +802,7 @@ if (desired_access DELETE_ACCESS) { #else /* Setting FILE_SHARE_DELETE is the hint. */ - if ((share_access FILE_SHARE_DELETE) (desired_access DELETE_ACCESS)) { + if (lp_acl_check_permissions(SNUM(conn)) (share_access FILE_SHARE_DELETE) (desired_access DELETE_ACCESS)) { #endif
Build status as of Thu May 19 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-05-18 00:00:44.0 + +++ /home/build/master/cache/broken_results.txt 2005-05-19 00:00:39.0 + @@ -1,123 +1,126 @@ -Build status as of Wed May 18 00:00:01 2005 +Build status as of Thu May 19 00:00:01 2005 Build counts: Tree Total Broken Panic -ccache 36 4 0 -distcc 36 3 0 -lorikeet-heimdal 29 25 0 +ccache 36 7 0 +distcc 36 1 0 +lorikeet-heimdal 30 29 0 ppp 21 0 0 rsync37 1 0 samba1 1 1 samba-docs 0 0 0 -samba4 39 17 0 +samba4 39 15 0 samba_3_037 8 0 talloc 30 15 0 tdb 30 30 0 Currently broken builds: Host Tree Compiler Status -aix1 lorikeet-heimdal gcc 127/?/?/? +aix1 lorikeet-heimdal gcc 1/?/?/? aix1 samba4 gccok/ 2/?/? aix1 talloc gccok/ok/ 2/? -aix1 tdb gcc 2/?/?/? -lithiumlorikeet-heimdal gcc 127/?/?/? +aix1 tdb gccok/ 2/?/? +lithiumlorikeet-heimdal gcc 1/?/?/? +lithiumsamba4 gcc 127/?/?/? lithiumtdb gcc 2/?/?/? -samba-s390 lorikeet-heimdal gcc 127/?/?/? +samba-s390 lorikeet-heimdal gcc 1/?/?/? samba-s390 samba4 gccok/ 2/?/? samba-s390 talloc gccok/ 2/?/? samba-s390 tdb gcc 2/?/?/? rhonwynsamba4 gcc-4.0ok/ 2/?/? rhonwynsamba_3_0gcc-4.0ok/ 2/?/? rhonwynsamba4 tccok/ 2/?/? -superego lorikeet-heimdal gccok/ok/ 2/? +superego lorikeet-heimdal gccok/ 2/?/? superego tdb gcc 2/?/?/? -cl012 lorikeet-heimdal gcc 127/?/?/? +cl012 lorikeet-heimdal gcc 1/?/?/? cl012 tdb gcc 2/?/?/? -dev4-003 lorikeet-heimdal gccok/ 2/?/? +dev4-003 lorikeet-heimdal gcc 1/?/?/? dev4-003 tdb gcc 2/?/?/? -berks lorikeet-heimdal gcc 127/?/?/? +berks lorikeet-heimdal gccok/ 2/?/? berks tdb gcc 2/?/?/? shelob tdb gcc 2/?/?/? shelob ccache iccok/ok/ok/ 2 +shelob lorikeet-heimdal iccok/ 2/?/? shelob tdb icc 2/?/?/? -aretnaplorikeet-heimdal gcc 127/?/?/? +aretnaplorikeet-heimdal gccok/ 1/?/? aretnaptalloc gccok/ok/ 2/? aretnaptdb gcc 2/?/?/? aretnapccache iccok/ok/ok/ 1 -aretnaplorikeet-heimdal icc 127/?/?/? -aretnapsamba_3_0iccok/ok/ok/ 4 +aretnaplorikeet-heimdal iccok/ 1/?/? +aretnapsamba_3_0iccok/ok/ok/ 5 aretnaptalloc iccok/ok/ 2/? aretnaptdb icc 2/?/?/? gc4lorikeet-heimdal gcc 127/?/?/? gc4talloc gccok/ok/ 2/? gc4tdb gcc 2/?/?/? -sbflorikeet-heimdal gcc 127/?/?/? +sbfccache gccok/ 1/?/? +sbflorikeet-heimdal gccok/ 1/?/? sbfsamba4 gccok/ 1/?/? sbftalloc gccok/ok/ 2/? sbftdb gcc 2/?/?/? -ragnarok distcc gcc 1/?/?/? +ragnarok ccache gccok/ 1/?/? +ragnarok lorikeet-heimdal gccok/ 1/?/? ragnarok samba4 gcc 1/?/?/? -ragnarok samba_3_0gcc 1/?/?/? -ragnarok talloc gcc 1/?/?/? +ragnarok samba_3_0gccok/ok/ok/ 32 +ragnarok talloc gccok/ok/ 2/? ragnarok tdb gcc 2/?/?/? -smartserv1 samba4 gccok/ 1/?/? +smartserv1 ccache gccok/ 1/?/? +smartserv1 ccache gcc-4.0ok/ 1/?/? smartserv1 samba4 gcc-4.0ok/ 1/?/? smartserv1 samba_3_0gcc-4.0ok/ 1/?/? -wetlizard lorikeet-heimdal gcc 1/?/?/? +wetlizard lorikeet-heimdal gccok/ 2/?/? wetlizard tdb gcc 2/?/?/?
svn commit: samba-docs r565 - in trunk/Samba-HOWTO-Collection: .
Author: jht Date: 2005-05-19 00:54:42 + (Thu, 19 May 2005) New Revision: 565 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=565 Log: Fixed formatting. Modified: trunk/Samba-HOWTO-Collection/TOSHARG-SecureLDAP.xml Changeset: Sorry, the patch is too large (676 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=565
svn commit: lorikeet r300 - in trunk/heimdal: . appl/ftp appl/ftp/ftpd appl/login appl/popper appl/rcp appl/su appl/telnet appl/telnet/telnet appl/telnet/telnetd cf doc kadmin kdc lib/com_err lib/des lib/gssapi lib/kadm5 lib/krb5 lib/roken lib/sl
Author: abartlet Date: 2005-05-19 01:13:31 + (Thu, 19 May 2005) New Revision: 300 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=300 Log: Update to Heimdal 20050519. Andrew Bartlett Modified: trunk/heimdal/ChangeLog trunk/heimdal/appl/ftp/ChangeLog trunk/heimdal/appl/ftp/ftpd/pathnames.h trunk/heimdal/appl/login/ChangeLog trunk/heimdal/appl/login/login.c trunk/heimdal/appl/popper/ChangeLog trunk/heimdal/appl/popper/pop_pass.c trunk/heimdal/appl/rcp/rcp.c trunk/heimdal/appl/su/ChangeLog trunk/heimdal/appl/su/su.c trunk/heimdal/appl/telnet/ChangeLog trunk/heimdal/appl/telnet/telnet/telnet.c trunk/heimdal/appl/telnet/telnetd/sys_term.c trunk/heimdal/cf/ChangeLog trunk/heimdal/cf/check-var.m4 trunk/heimdal/cf/roken-frag.m4 trunk/heimdal/doc/ack.texi trunk/heimdal/doc/setup.texi trunk/heimdal/kadmin/ChangeLog trunk/heimdal/kadmin/kadmin.c trunk/heimdal/kdc/kerberos5.c trunk/heimdal/kdc/pkinit.c trunk/heimdal/lib/com_err/ChangeLog trunk/heimdal/lib/com_err/compile_et.c trunk/heimdal/lib/com_err/compile_et.h trunk/heimdal/lib/com_err/lex.l trunk/heimdal/lib/com_err/parse.y trunk/heimdal/lib/des/ChangeLog trunk/heimdal/lib/des/aes.c trunk/heimdal/lib/des/des.c trunk/heimdal/lib/des/rc2.c trunk/heimdal/lib/gssapi/ChangeLog trunk/heimdal/lib/gssapi/init_sec_context.c trunk/heimdal/lib/kadm5/ChangeLog trunk/heimdal/lib/kadm5/init_c.c trunk/heimdal/lib/kadm5/password_quality.c trunk/heimdal/lib/kadm5/test_pw_quality.c trunk/heimdal/lib/krb5/Makefile.am trunk/heimdal/lib/krb5/addr_families.c trunk/heimdal/lib/krb5/context.c trunk/heimdal/lib/krb5/creds.c trunk/heimdal/lib/krb5/fcache.c trunk/heimdal/lib/krb5/free.c trunk/heimdal/lib/krb5/get_cred.c trunk/heimdal/lib/krb5/get_for_creds.c trunk/heimdal/lib/krb5/keyblock.c trunk/heimdal/lib/krb5/keytab_file.c trunk/heimdal/lib/krb5/keytab_krb4.c trunk/heimdal/lib/krb5/keytab_memory.c trunk/heimdal/lib/krb5/krb5.3 trunk/heimdal/lib/krb5/krb5.cat3 trunk/heimdal/lib/krb5/krb5.h trunk/heimdal/lib/krb5/krb5_auth_context.3 trunk/heimdal/lib/krb5/krb5_auth_context.cat3 trunk/heimdal/lib/krb5/krb5_compare_creds.3 trunk/heimdal/lib/krb5/krb5_compare_creds.cat3 trunk/heimdal/lib/krb5/krb5_get_credentials.3 trunk/heimdal/lib/krb5/krb5_get_credentials.cat3 trunk/heimdal/lib/krb5/krb5_get_init_creds.3 trunk/heimdal/lib/krb5/krb5_get_init_creds.cat3 trunk/heimdal/lib/krb5/krb5_keytab.3 trunk/heimdal/lib/krb5/krb5_keytab.cat3 trunk/heimdal/lib/krb5/krb5_krbhst_init.3 trunk/heimdal/lib/krb5/krb5_krbhst_init.cat3 trunk/heimdal/lib/krb5/krb5_storage.3 trunk/heimdal/lib/krb5/krb5_storage.cat3 trunk/heimdal/lib/krb5/kuserok.c trunk/heimdal/lib/krb5/mit_glue.c trunk/heimdal/lib/krb5/pkinit.c trunk/heimdal/lib/krb5/rd_error.c trunk/heimdal/lib/roken/ChangeLog trunk/heimdal/lib/roken/Makefile.am trunk/heimdal/lib/roken/environment.c trunk/heimdal/lib/roken/issuid.c trunk/heimdal/lib/roken/roken.h.in trunk/heimdal/lib/roken/strptime.c trunk/heimdal/lib/sl/ChangeLog trunk/heimdal/lib/sl/sl.c trunk/heimdal/lib/sl/slc-lex.l Changeset: Sorry, the patch is too large (4347 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=300
svn commit: lorikeet r301 - in trunk/heimdal: .
Author: abartlet Date: 2005-05-19 01:30:02 + (Thu, 19 May 2005) New Revision: 301 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=301 Log: A more sensible ./autogen.sh. This one seems to install copies of the files, rather than symlinks that will never work. Andrew Bartlett Modified: trunk/heimdal/autogen.sh Changeset: Modified: trunk/heimdal/autogen.sh === --- trunk/heimdal/autogen.sh2005-05-19 01:13:31 UTC (rev 300) +++ trunk/heimdal/autogen.sh2005-05-19 01:30:02 UTC (rev 301) @@ -1,4 +1,3 @@ -automake -a rm -rf autom4*.cache -autoreconf -f +autoreconf -f -i rm -rf autom4*.cache
svn commit: samba r6897 - in trunk/source: include registry rpc_server
Author: jerry Date: 2005-05-19 02:50:12 + (Thu, 19 May 2005) New Revision: 6897 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6897 Log: * move HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print * make registry.tdb CLEAR_IF_FIRST tdb so i can update the reg_db paths. Modified: trunk/source/include/rpc_reg.h trunk/source/registry/reg_db.c trunk/source/registry/reg_frontend.c trunk/source/registry/reg_printing.c trunk/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: trunk/source/include/rpc_reg.h === --- trunk/source/include/rpc_reg.h 2005-05-18 23:39:02 UTC (rev 6896) +++ trunk/source/include/rpc_reg.h 2005-05-19 02:50:12 UTC (rev 6897) @@ -64,7 +64,9 @@ #define KEY_HKUHKU #define KEY_HKCR HKCR #define KEY_PRINTING HKLM\\SYSTEM\\CurrentControlSet\\Control\\Print +#define KEY_PRINTING_2KHKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print #define KEY_EVENTLOG HKLM\\SYSTEM\\CurrentControlSet\\Services\\Eventlog +#define KEY_SHARES HKLM\\SYSTEM\\CurrentControlSet\\Services\\Lanman\\Shares #define KEY_TREE_ROOT /* Registry data types */ Modified: trunk/source/registry/reg_db.c === --- trunk/source/registry/reg_db.c 2005-05-18 23:39:02 UTC (rev 6896) +++ trunk/source/registry/reg_db.c 2005-05-19 02:50:12 UTC (rev 6897) @@ -83,13 +83,13 @@ regsubkey_ctr_init( subkeys ); pstrcpy( keyname, KEY_HKLM ); pstrcat( keyname, /SOFTWARE/Microsoft/Windows NT/CurrentVersion ); - regsubkey_ctr_addkey( subkeys, SystemRoot ); + regsubkey_ctr_addkey( subkeys, Print ); if ( !regdb_store_reg_keys( keyname, subkeys )) return False; regsubkey_ctr_destroy( subkeys ); pstrcpy( keyname, KEY_HKLM ); - pstrcat( keyname, /SOFTWARE/Microsoft/Windows NT/CurrentVersion/SystemRoot ); + pstrcat( keyname, /SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print ); if ( !regdb_store_reg_keys( keyname, subkeys )) return False; @@ -153,8 +153,8 @@ if ( !regdb_store_reg_keys( keyname, subkeys )) return False; - regsubkey_ctr_init( subkeys ); /*added */ - pstrcpy( keyname, KEY_HKLM ); /*added */ + regsubkey_ctr_init( subkeys ); + pstrcpy( keyname, KEY_HKLM ); pstrcat( keyname, /SYSTEM/CurrentControlSet/Services/Tcpip ); regsubkey_ctr_addkey( subkeys, Parameters ); if ( !regdb_store_reg_keys( keyname, subkeys )) @@ -197,12 +197,9 @@ if (tdb_reg local_pid == sys_getpid()) return True; - /* -* try to open first without creating so we can determine -* if we need to init the data in the registry -*/ + /* placeholder tdb; reinit upon startup */ - tdb_reg = tdb_open_log(lock_path(registry.tdb), 0, TDB_DEFAULT, O_RDWR, 0600); + tdb_reg = tdb_open_log(lock_path(registry.tdb), 0, TDB_DEFAULT|TDB_CLEAR_IF_FIRST, O_RDWR, 0600); if ( !tdb_reg ) { tdb_reg = tdb_open_log(lock_path(registry.tdb), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); @@ -213,12 +210,13 @@ } DEBUG(10,(init_registry: Successfully created registry tdb\n)); + } - /* create the registry here */ - if ( !init_registry_data() ) { - DEBUG(0,(init_registry: Failed to initiailize data in registry!\n)); - return False; - } + /* create the registry here */ + + if ( !init_registry_data() ) { + DEBUG(0,(init_registry: Failed to initiailize data in registry!\n)); + return False; } local_pid = sys_getpid(); Modified: trunk/source/registry/reg_frontend.c === --- trunk/source/registry/reg_frontend.c2005-05-18 23:39:02 UTC (rev 6896) +++ trunk/source/registry/reg_frontend.c2005-05-19 02:50:12 UTC (rev 6897) @@ -1,7 +1,7 @@ /* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines - * Copyright (C) Gerald Carter 2002. + * Copyright (C) Gerald Carter 2002-2005 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,8 +32,9 @@ /* array of REGISTRY_HOOK's which are read into a tree for easy access */ REGISTRY_HOOK reg_hooks[] = { - { KEY_PRINTING, printing_ops }, - { KEY_EVENTLOG, eventlog_ops }, + { KEY_PRINTING,printing_ops }, + { KEY_PRINTING_2K, printing_ops }, + { KEY_EVENTLOG,eventlog_ops }, {
svn commit: samba r6898 - in trunk/source: . include registry
Author: jerry Date: 2005-05-19 03:27:33 + (Thu, 19 May 2005) New Revision: 6898 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6898 Log: * adding initial support for HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares * cleaned up registry/reg_*.c by making more functions static Added: trunk/source/registry/reg_shares.c Modified: trunk/source/Makefile.in trunk/source/include/rpc_reg.h trunk/source/registry/reg_db.c trunk/source/registry/reg_eventlog.c trunk/source/registry/reg_frontend.c trunk/source/registry/reg_printing.c Changeset: Sorry, the patch is too large (374 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6898
svn commit: samba r6899 - in trunk/source/registry: .
Author: jerry Date: 2005-05-19 03:32:41 + (Thu, 19 May 2005) New Revision: 6899 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6899 Log: fix segfault in the eventlog registry code Modified: trunk/source/registry/reg_eventlog.c Changeset: Modified: trunk/source/registry/reg_eventlog.c === --- trunk/source/registry/reg_eventlog.c2005-05-19 03:27:33 UTC (rev 6898) +++ trunk/source/registry/reg_eventlog.c2005-05-19 03:32:41 UTC (rev 6899) @@ -202,10 +202,14 @@ if ( !path ) top_level = True; -evtlog_list = lp_eventlog_list(); num_subkeys = 0; +if ( !(evtlog_list = lp_eventlog_list()) ) { + SAFE_FREE(path); + return num_subkeys; +} + -if ( top_level ) +if ( top_level ) { /* todo - get the eventlog subkey values from the smb.conf file for ( num_subkeys=0; num_subkeysMAX_TOP_LEVEL_KEYS; num_subkeys++ )