[Samba] samba ldap cups recyle acl kix usrmgr etc... example
For everybody who wants a nice example you can download it from this location. http://www.ratio-benelux.nl/sambaldap.rar.gz this set includes. samba 3.0.14a example with cups, acl, recycle and ldap smbldap-tools example ldap config example libnss_ldap config pam_ldap config poledit.exe with the needed .adm templates nt4 user and server manager kix logon scripts + examples ldapadmin from ldapadmin.sf.net some extra tools some very small readme's to gide you. if you want you server quick up and running, with this its possible to do it within 10 minutes. ( if you running debian. ) .. if your running debian just folow de debian questons bij installing packaged, then folow my readme. for printing. i use cups RAW PRINTING. i use the windows drivers for point and print setup. everything is inspired bij the idealx setup. a nice howto for debian is comming but wil take some time. Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind-Problem with samba 3.0.14a/3.0.20pre and Solaris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Aug 09, 2005 at 08:02:01AM +0200, Charles Bueche wrote: On lun, 2005-07-04 at 12:33 +0200, Joerg Dietze wrote: Hi Guys, anybody has a idea why getent groups only lists a few groups from my NT4-Dom. ? I have configured samba with security=domain, uid and gid maps and configured nsswitch.conf to use windbind. wbinfo -g works fine but getent group stops after few domaingroups. I had yesterday an incomplete list from `getent group` on system where nsswitch is told to use NSS. None of the groups from LDAP were shown. It turned out that the change from 'ou=Group' into 'ou=Groups' in the LDAP database, also needed a change in /etc/libnss-ldap.conf on 'nss_base_group'. Has winbind also a /etc/libnss-winbind.conf ? I think the problem is the domain-user - group because i can query all domaingroups with gentent group domain\groupname except the group domain-users. This group has more the 2000 members in it, it´s possible thats the problem under solaris. The query was about groups, not about the members of each group. But yes, I can imaging smart programmers saying: Hey, a query about groups, next query is most likey about the members of those groups, lets fetch allready information about it. Not realizing that it chokes the system. I have also a linux - based NAS-head for tests here this box works fine and lists all groups with getent group. thank you Joerg Dietze Hi Joerg, I have had the problem before, see my posts : http://lists.samba.org/archive/samba/2004-August/090422.html http://lists.samba.org/archive/samba/2004-June/087291.html If you have find a solution, please share :-) People reading the archive love to read in the sane order 8^) Please reply below the text. Charles Cheers Geert Stappers -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFC+b76OSINbgwa/7sRAlhcAKCeYJLVnX6gUHSdKXeTQrGa2ggpuwCguQgu VaLfFA1lQL8ypzh7QHOStog= =mb/t -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - XP performance problem
Thank you for the suggestion. I'll keep the info for reference. Followup for the performance issue: The trace shows that the conversation changes right after the trans2: query file info internal stage, so I looked into the samba code at this file: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_0/source/smbd/trans2.c?rev=8959view=markup case SMB_FILE_INTERNAL_INFORMATION: /* This should be an index number - looks like dev/ino to me :-) I think this causes us to fail the IFSKIT BasicFileInformationTest. -tpot */ DEBUG(10,(call_trans2qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION\n)); SIVAL(pdata,0,sbuf.st_dev); SIVAL(pdata,4,sbuf.st_ino); data_size = 8; break; The comment speaks for itself. I suspect the 8 byte here contains some magic that makes XP behaves as I found. I made an other experiment: I turned off the oplock support (Oplocks = No) and this made XP behave like if it was talking to a Windows server. No extra tran2 calls and 1 byte writes. The performance got better because the slowdowns disappeared, but it was still slower compared to the windows machine. Then I looked into the traces again and found that XP sends 1260 bytes in each packets when talking to the windows server and 536 bytes when talking to the samba server. The MTU is 1300. I suspect, this issue may be related to the different subnets where the two machines are located. Hope this helps someone out there, David. Jonathan Johnson wrote: I can't say that this will apply in your situation, but I've seen where having stale connections to non-existent servers can cause a performance issue when browsing. Here's a couple of things to try: 1) Remove any shortcuts to non-existent network locations -- this applies to broken mapped drives, shortcuts on the desktop and in My Documents, and shortcuts in My Network Places 2) Look in the registry at HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 (or ...\MountPoints) -- Under this key, there will be several subkeys. Some of these are in the form of ##Server##Share -- if there are any of these that refer to nonexistent servers or shares, remove them. DO NOT remove any of the other keys, else your system might not boot properly. This key is seems to be the Windows version of the /etc/fstab file. Nevertheless, I'm glad to see that you found something interesting. Hopefully, your research will help the developers solve some other nagging problems! --Jonathan Johnson David Beck wrote: Hello There, After having googled the whole internet for days I decided to go public with this issue. The result of my google queries so far is that there are plenty of others with the very same problem I have and noone posted a reasonable answer to this: Using Samba 3 with XP gets bad performance. I tested this on Tru64 5.1b and FreeBSD 5.3 with the very same symptoms. The throughput bw XP and Samba goes up and down. It starts transfering with a reasonable speed and after having transfered around 16 megs it slows down. I tried many configuration options regarding locking, tcp settings, xmit size and every combination that could make any sense for me. Then I gave up with this configuration mess as I could lower the performnce easily, but the performance jittering was the same. Now a few notes before I continue: I tested the FreeBSD server on the loopback interface and the file write speed was around 43 Megs that is close to the disks maximum. I also tested the XP machine with a Windows server and the write performnce was around 10 Megs on a 100Mbit link. In addition to that the FreeBSD machine is at my home and the Tru64 and the Windows server are where I work. I'm pretty sure that this is not a network issue. After spending a lot of time with investigation I decided to go deeper in this issue. I installed ethereal to capture the traffic and compare the results bw XP-Windows and XP-Tru64. The test was to copy 50Meg file to both servers and capture the packets. To my surprise the conversation was quite different. XP-Windows (excerpt): - nt create and x - trans2: query file info internal - set file info - tcp data stream... XP-Samba (excerpt): - nt create and x - trans2: query file info internal - (query file info + write and x request) many times, incresing offset, one byte length - tcp data stream In case of XP-Samba, the last two steps are repeated many times. Large part of the effective bandwith is filled with query file info and 1 byte writes. The packet data can be downloaded from these links: http://dbeck.beckground.hu/download/xp-samba.bz2 http://dbeck.beckground.hu/download/xp-win.bz2 I also made a screenshot of a bandwith monitor to show what I mean by performance
Re: [Samba] Samba filenames cpoy
You should also consider the character-set/encoding of your tty to be ISO8859-15. Otto Lars schrieb am 09.08.2005 22:50: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey I'm having problems with speciel characters such as Ü, ö and etc. Plus copying files. I have 2 Harddrive with 2 Partition being shared with samba on a Debian Sarge server. After googling around i think that this is a samba problem, and it only occurs on the samba shares. 1) The character are being changes from ó to _ or sim. 2) I can't the files/folders with the changes names/stranges characters . The error is cannot stat - no directory. I can move the files with no problem.. There is a post from 2003, where he has almost the same problem. But no answer.. http://lists.samba.org/archive/samba/2003-April/065747.html - -- /Lars Maxime Woznicki schrieb am 10.08.2005 00:42: Hello, For your characters problems, try in the global section of your smb.conf : display charset = ISO8859-15 (this value is for Western Europe (France), use an appropriated one) unix charset = the value of the default system charset (for more precisions, man smb.conf) Restart samba and this should work. If it doesn't work, look at your kernel supported native languages in file systems section, select those which are needed (never uncheck UTF8) and recompile it. I hope it helps you. For your second issue, I don't know Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Acl and mask issue
Hello all, I've set up a samba 3.0.14a on debian with kernel 2.6.5 with ext3 and acl support. Samba is running as a simple PDC just to share efficiently and to manage permissions on shares. My problem is really simple : How to force file creation mode to rwxr-x--- (0640) and directory creation mode to rwxr-x--- (0750) for all users of the same group ? I've set a lot of parameters to manage this but result is always the same : files are created with rwxrwx--- permissions directories are created with rwxrwxr-x permissions Notice : Files and directories are created from an XP pro box the root share : # getfacl /share user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:other::r-x From windows as Administrator, I created a dedicated directory for group RD and give to it full control (with security panel): # getfacl /share/RD user::rwx group::r-x group:RD:rwx mask::rwx other::--- default:user::rwx default:group::r-x default:group:RD:rwx default:mask::rwx default:other::--- Then from windows as an RD member, if I create a file or a directory in RD directory, the group flag w is set... I don't want it. My configuration : [share] hide dot files = yes writable = yes path = /share public = no force create mask = 0640 force directory mask = 0750 directory security mask = 0775 security mask = 0774 valid users = %U admin users = Administrator root vfs object = recycle:recycle recycle:repository = .deleted recycle:keeptree = yes recycle:touch = yes recycle:versions = yes nt acl support = yes ; inherit acls = yes (should I uncomment it ? I've tried but doesn't change anything) oplocks = no level2 oplocks = no locking = yes blocking locks = yes Thx for help, I'm becoming crazy. Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The Next Guide Will Be...
Hi Dustin, Dortch, Dustin wrote: The Next Guide Will Be... August 3rd, 2005 The next guide on Sambadmin will about creating a great LDAP infrastructure. I have been disappointed that I have only received two comments about what the next guide should be, especially since the site has had over 500 visitors in the past two days. I was one of these :). I am looking forward to see Your site growing. I came to this decision after reading my posts. I stated that the core motivation behind all of this is LDAP. Sure, Samba IS great, but we can have file/print sharing on a Windows server. What really takes the cake is to have tightly integrated services, and this is made possible by LDAP. So, if you have any comments you would like to make about what a completely integrated directory solution should include, do not hesitate to comment. Here is what I will list, for starters. http://www.sambadmin.com/sambadmin/?postid=8 One of LDAPs main problems for N00bs is to understand the setup procedures. Maybe You could break the first steps down to a level that even I could understand :). I think everybody would like to have seperated the system users and the samba (domain) users with LDAP or MySQL as backend. As John wrote, don't be disappointed. Your are doing great. Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Maybe OT?
Hi all,
I recently setup Samba to auth to Active Directory - wow do I feel like
an alchemist for doing that - despite the deceased foul involved in
getting this setup - it is now working very well.
My problem comes in that logging from AD is constantly complaining about
failed authentication. I assume that as the User ID field shows only the
SID that AD can not (reverse) map the user - so it's failing - but if my
samba is working well - how can I find out what is trying to auth??
Has anyone else set this up and figured out how to maybe cache
appropriate credentials to keep the errors from spewing?
Example error:
Where earth is DC Goethe is the Unix host -
13Aug 10 08:15:09 earth MSWinEventLog 2 Security 12336 Wed Aug 10
08:15:09 2005 675 Security SYSTEM User Failure Audit EARTH Account Logon
Pre-authentication failed: User Name: goethe$ User ID:
%{S-1-5-21-934913212-3928056223-3945149382-9156} Service Name:
krbtgt/CORP.PHILLIPS.COM Pre-Authentication Type: 0x0 Failure Code: 0x19
Client Address: 172.17.81.164 12232
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] debian pam.d/gdm working config please
Hi all. I posted a more complex message a few days ago about issues with ubuntu/debian logging on to a debian domain member server through a windows active directory server but got no reply. At this stage I want to work out for sure Ive got the ubuntu clients configured correctly. 2k3 info on ubuntu seems scarce and or non solutional for me. security= ADS winbind/pam net ads join works okay getent works as per the samba by example chapter 7. I do this on both the member server with the shares and on the ubuntu clients. Auth with active directory seems to be working... Im still having trouble getting access to the shares on the debian domain member server from the ubuntu clients though. Can someone please post debian sarge pam.d/gdm etc that is configured for winbind correctly. Ive tried sticking auth etc sufficient pam_winbind.so blindly everywhere to get the authentication and access happening correctly but I still have issues with too many logon dialogues (and also the share permissions). The examples only deal with Suse and Red Hat. Also, no matter what I do I still only get share access on the member server as read only...I can get full access only on the win2k3 server when logging on as administrator and DOMAIN+administrator is added as an admin user in smb.conf (directory and file permissions set wide open, chmod 777 -R the shared directory files, full control to domain users in 2003is there something else I should be configuring with users/groups to get full permissions???...it seems to be an issue with the ubuntu boxes but not the 2k3 server. Im going nuts with trying smb.conf variations and am currently totally confused) Thanks in advance John Dooley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fw: [Samba] Mac OSX Tiger 10.4.2 SMB
Hi Guys, Can anyone offer me any assistance at all with the query below. Even perhaps if there is some how to somewhere to get Tiger pcs to join a domain. I really need to get this problem solved, and I have searched and searched and haven't found anything yet. Thanks! Neil Wilson Powered by Linux, Driven by Passion ! - Original Message - From: Neil Wilson To: samba@lists.samba.org Sent: Thursday, August 04, 2005 2:20 PM Subject: [Samba] Mac OSX Tiger 10.4.2 SMB Hi Guys and girls, I'm having exactly the same error as this person in the post below had. Only differences is we are running Slackware 10.1 with Samba 3.0.14a, and the Mac connecting is using 10.4.2 Does anyone know of a work around, or a solution to the problem? Any help would be appreciated. Thanks. Neil Wilson Powered by Linux, Driven by Passion ! [Samba] OS X 10.4.1 ( Tiger ) client borked cliff white cliffw at easystreet.com Mon May 23 20:31:38 GMT 2005 Previous message: [Samba] OS X 10.4.1 ( Tiger ) client borked Next message: [Samba] Configuration on Sun Solaris 9/Sun SPAARC Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] On Mon, 23 May 2005 07:53:42 -0500 Gerald (Jerry) Carter jerry at samba.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 cliffw wrote: | Appears Apple messed something up in 10.4,and 10.4.1. | | Attempting to connect to a 3.0.14a server (debian unstable) | from an OS X client causes OS X Finder to hang, and puts | these errors in the samba server logs: | | [2005/05/22 21:48:20, 0] rpc_parse/parse_prs.c:prs_mem_get(537) | prs_mem_get: reading data of size 2 would overrun buffer. | [2005/05/22 21:48:20, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(919) | api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct. | | Apparently it's also causing breakage in some NAS boxes | ( Adaptec's Snap is mentioned ) | |From a 'level 2' guy on Apple's support forum ( re: a Snap report ): | | Tiger does a kind of authentication called NTLMv2, | which Panther did not attempt to do. NTLMv2 is more secure than | the kind of authentication Panther did, but Snap may not support | it correctly. Snap grants Tiger only guest access instead of the | full user access requested, and guest access is not sufficient | to even get a list of the files. Panther works OK with Snap because | it doesn't attempt MTLMv2 authentication. | | | Any chance this is the same problem i'm seeing? Possibly. Can you send me a level 10 debug log from smbd and a raw ethereal trace file? tcpdump is fine if you use this following command: tcpdump -w dump.pcap -s 0 -i eth0 port 139 or port 445 I did two tests for you, but nothing captured on port 445. Two tarballs of test logs, and one tcpdump file enclosed cliffw cheers, jerry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] help please with winbind...
All, Can anyone help me with an issue I seem to be having with my samba/winbind (3.0.9) install on Solaris 8. I've got to the stage where Samba and winbind seem to be working ok but... The # getent group command returns all the unix groups and only one Windows groups - Domain Admins - I think I'm really close with this and am unsure where the problem could be. With the # getent passwd command this works fine and returns all the users in Unix and PC Domain with a group id of 11803 for PC accounts but I can't then check the PC group name with # getent group|grep 11803 because it doesn't list this group only Domain Admins!!! Your help would be greatly appreciated and if more info is needed please let me know. Regards Greg -- This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient. Any review, use, distribution, or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 2.2.7 - 3.0.14a arabic file name dispaly
After migrating from 2.2.7 to 3.0.14a arabic file names were displayed in Japaneese charcters. I used convmv -f cp850 -t utf8 but still unreadable characters. Best Regards, Ahmed Mahmoud Ibnouf Head of Networking and Support Dubai Civil Defence P.O. Box 11377 Tel : 04-2073810 050-7152523 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.10 Authentication in an NT4 Domain
I'm trying to set up a Samba file server inside of an NT4 domain. I'm using Samba 3.0.10 My config files are at the bottom of this post. The server appears on the windows network inside the domain called for in it's smb.conf. But when you try to access it from any client which does not have an account on the box it prompts for a user name and password. When you enter a user name and password of a user on the NT4 domain, you are unable to log in. It feels as if the box is a member of the domain, but is not getting it's users and groups lists from the domain controller. Can anyone tell me how to resolve this, and what mechanism handles how the server gets this info from the domain controller? The physical share folder is at /mnt/PublicShare with permissions of 777 and owner:group of root:root. My smb.conf looks like this: ### # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2005/08/10 08:56:53 # Global parameters [global] workgroup = CILNET server string = CILTESTSERVER security = DOMAIN auth methods = winbind password server = 10.1.0.4 preferred master = No domain master = No wins server = 10.1.0.4 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind separator = / winbind use default domain = Yes [PublicShare] comment = Public Share path = /mnt/publicshare read only = No guest ok = Yes ### My nsswitch.conf looks like this: ### # # /etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind ### -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Undefined references during compiling
I'm attempting to compile the latest samba on an old Mandrake 8.1 system. (Current samba there is 2.2.? and doesn't allow login from XP). During compiling I get a number of error message such as modules/vfs_recycle.po: In function `recycle_connect': modules/vfs_recycle.po(.text+0x23): undefined reference to `DEBUGLEVEL_CLASS' modules/vfs_recycle.po(.text+0x31): undefined reference to `DEBUGLEVEL_CLASS_ISSET' modules/vfs_recycle.po(.text+0x55): undefined reference to `dbghdr' modules/vfs_recycle.po(.text+0x6d): undefined reference to `dbgtext' modules/vfs_recycle.po: In function `recycle_disconnect': modules/vfs_recycle.po(.text+0xb3): undefined reference to `DEBUGLEVEL_CLASS' modules/vfs_recycle.po(.text+0xc1): undefined reference to `DEBUGLEVEL_CLASS_ISSET' modules/vfs_recycle.po(.text+0xe5): undefined reference to `dbghdr' modules/vfs_recycle.po(.text+0x101): undefined reference to `lp_servicename' modules/vfs_recycle.po(.text+0x111): undefined reference to `dbgtext' modules/vfs_recycle.po: In function `recycle_repository': modules/vfs_recycle.po(.text+0x177): undefined reference to `lp_parm_const_string' but it still trudges along and compiles. Since these appear to be references to function that can't be found, does this represent a problem or can I still go ahead and perform an install? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba logons
I have a 'root prexec' and a 'root postexec' in samba that executes a perl script that makes a batch file for the user logging on. The file is saved as /opt/samba/netlogon/username.bat. The batch file is then run to make logonscripts. The 'root prexec' runs when the user logs in to create the file, which is fine. The 'root postexec' is supposed to run when the user logs out to delete the batch file, if I am correct on how the 'root postexec' works. The problem is (not causing any problem, but want to know what is happening), that the batch file seems to actually dissappear off of the server after a bit of time, without the user logging out. Why would this happen? -- Scott Mayo Technology Coordinator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Pager: 800-264-2535 X2549 Duct tape is like the force, it has a light side and a dark side and it holds the universe together. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Bug in LDAP stuff?
I think I've found a bug in the LDAP stuff. I've got a LDAP backend setup based on the idealx scripts. When I try to join a machine to my domain, I get the following. The important bit I want to point out is that the LDAP search is looking for (a lot of) properties, but it seems to be looking for _ALL_ objectClass=sambaSamAccount's. At this point in the trace, it should be trying to validate the login *as root* in order to join the machine. The query it's making does indeed return two entries: root and nobody, as it should, but two entries screws up the process now. Shouldn't the filter here be more like '((objectClass=sambaSamAccount)(uid=root))'? (Or whatever uid you're using to try to join the machine with. I know that the idealx stuff is out of date now post 3.0.11 with the root requirement. Here's hoping they update their stuff soon.) The filter is being supplied by Samba itself; hence, I'm thinking it's a bug. The question is: where do I go from here? Regards, dk Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3] lib/smbldap.c:smbldap_connect_system(866) Aug 10 09:38:50 excelsior smbd[32235]: ldap_connect_system: succesful connection to the LDAP server Aug 10 09:38:50 excelsior smbd[32235]: ldap_connect_system: LDAP server does support paged resultsAug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 4] lib/smbldap.c:smbldap_open(929) Aug 10 09:38:50 excelsior smbd[32235]: The LDAP server is succesfully connected Aug 10 09:38:50 excelsior slapd[31471]: conn=64 op=2 SRCH base=dc=starfleet,dc=mil scope=2 deref=0 filter=((objectClass=sambaSamAccount)) Aug 10 09:38:50 excelsior slapd[31471]: conn=64 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 1] passdb/pdb_ldap.c:ldapsam_getsampwnam(1338) Aug 10 09:38:50 excelsior smbd[32235]: ldapsam_getsampwnam: Duplicate entries for this user [root] Failing. count=2 Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3] smbd/sec_ctx.c:pop_sec_ctx(386) Aug 10 09:38:50 excelsior smbd[32235]: pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3] auth/auth_sam.c:check_sam_security(257) Aug 10 09:38:50 excelsior smbd[32235]: check_sam_security: Couldn't find user 'root' in passdb. Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3] auth/auth_winbind.c:check_winbind_security(80) Aug 10 09:38:50 excelsior smbd[32235]: check_winbind_security: Not using winbind, requested domain [STARFLEET] was for this SAM. Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 2] auth/auth.c:check_ntlm_password(312)Aug 10 09:38:50 excelsior smbd[32235]: check_ntlm_password: Authentication for user [root] - [root] FAILED with error NT_STATUS_NO_SUCH_USER Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3] smbd/sesssetup.c:do_map_to_guest(41)Aug 10 09:38:50 excelsior smbd[32235]: No such user root [STARFLEET] - using guest account -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Bug in LDAP stuff?
Hi, since samba-3.0.20rc1 the ldap filter parameter is removed. you can resolve your problem by comment the ldap-filter parameter. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 10/08/2005 17:15:01 : I think I've found a bug in the LDAP stuff. I've got a LDAP backend setup based on the idealx scripts. When I try to join a machine to my domain, I get the following. The important bit I want to point out is that the LDAP search is looking for (a lot of) properties, but it seems to be looking for _ALL_ objectClass=sambaSamAccount's. At this point in the trace, it should be trying to validate the login *as root* in order to join the machine. The query it's making does indeed return two entries: root and nobody, as it should, but two entries screws up the process now. Shouldn't the filter here be more like '((objectClass=sambaSamAccount)(uid=root))'? (Or whatever uid you're using to try to join the machine with. I know that the idealx stuff is out of date now post 3.0.11 with the root requirement. Here's hoping they update their stuff soon.) The filter is being supplied by Samba itself; hence, I'm thinking it's a bug. The question is: where do I go from here? Regards, dk Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3] lib/smbldap.c:smbldap_connect_system(866) Aug 10 09:38:50 excelsior smbd[32235]: ldap_connect_system: succesful connection to the LDAP server Aug 10 09:38:50 excelsior smbd[32235]: ldap_connect_system: LDAP server does support paged resultsAug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 4] lib/smbldap.c:smbldap_open(929) Aug 10 09:38:50 excelsior smbd[32235]: The LDAP server is succesfully connected Aug 10 09:38:50 excelsior slapd[31471]: conn=64 op=2 SRCH base=dc=starfleet,dc=mil scope=2 deref=0 filter=((objectClass=sambaSamAccount)) Aug 10 09:38:50 excelsior slapd[31471]: conn=64 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 1] passdb/pdb_ldap.c:ldapsam_getsampwnam(1338) Aug 10 09:38:50 excelsior smbd[32235]: ldapsam_getsampwnam: Duplicate entries for this user [root] Failing. count=2 Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3] smbd/sec_ctx.c:pop_sec_ctx(386) Aug 10 09:38:50 excelsior smbd[32235]: pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3] auth/auth_sam.c:check_sam_security(257) Aug 10 09:38:50 excelsior smbd[32235]: check_sam_security: Couldn't find user 'root' in passdb. Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3] auth/auth_winbind.c:check_winbind_security(80) Aug 10 09:38:50 excelsior smbd[32235]: check_winbind_security: Not using winbind, requested domain [STARFLEET] was for this SAM. Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 2] auth/auth.c:check_ntlm_password(312)Aug 10 09:38:50 excelsior smbd[32235]: check_ntlm_password: Authentication for user [root] - [root] FAILED with error NT_STATUS_NO_SUCH_USER Aug 10 09:38:50 excelsior smbd[32235]: [2005/08/10 09:38:50, 3] smbd/sesssetup.c:do_map_to_guest(41)Aug 10 09:38:50 excelsior smbd[32235]: No such user root [STARFLEET] - using guest account -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] plz. solve my prob
sir, i am going to configure debian samba server i am getting problems. how can i configure samba as a pdc . plz. reply me back as soon as possible with complete steps. Thanking you. sumit kumar 09848097138 INDIA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] plz. solve my prob
Le Mercredi 10 Août 2005 16:38, sumit kumar a écrit : sir, i am going to configure debian samba server i am getting problems. how can i configure samba as a pdc . plz. reply me back as soon as possible with complete steps. Step1 : open your favorite web browser Step2 : open www.samba.org website Step3 : clik on Official HOWTO in the learn samba section in the left menu Step4 : read it and do what it says to configure samba as a PDC Step5 : enjoy Thanking you. You're welcome Pierre DV -- --- Auberge --- Comme Clinton à la Maison-Blanche, Chirac cherche à louer les chambres prestigieuses de l'Elysée. On a le choix entre la chambre où Mitterrand tirait ses maîtresses et la chambre où Bernadette fait ses réussites. +-- Brèves Charlie Hebdo n°246 (05/03/97) --+ pgpiZ6l6L6IlT.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - XP performance problem
On Wed, Aug 10, 2005 at 11:05:06AM +0200, David Beck wrote:
Thank you for the suggestion. I'll keep the info for reference.
Followup for the performance issue:
The trace shows that the conversation changes right after the trans2:
query file info internal stage, so I looked into the samba code at this
file:
http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_0/source/smbd/trans2.c?rev=8959view=markup
case SMB_FILE_INTERNAL_INFORMATION:
/* This should be an index number - looks like
dev/ino to me :-)
I think this causes us to fail the IFSKIT
BasicFileInformationTest. -tpot */
DEBUG(10,(call_trans2qfilepathinfo:
SMB_FILE_INTERNAL_INFORMATION\n));
SIVAL(pdata,0,sbuf.st_dev);
SIVAL(pdata,4,sbuf.st_ino);
data_size = 8;
break;
The comment speaks for itself. I suspect the 8 byte here contains some
magic that makes XP behaves as I found.
Hmmm. Good detective work. One thing I'd like to check though - can you try the
following (not production) patch and recompile and test please ? I'm
still at LinuxWorld and so won't be able to get to this until tomorrow
at the earliest.
If this fix makes things go faster I have a working theory...
Jeremy.
Index: smbd/dosmode.c
===
--- smbd/dosmode.c (revision 9229)
+++ smbd/dosmode.c (working copy)
@@ -22,11 +22,13 @@
static int set_sparse_flag(const SMB_STRUCT_STAT * const sbuf)
{
+#if 0 /* JRATEST */
#if defined (HAVE_STAT_ST_BLOCKS) defined(STAT_ST_BLOCKSIZE)
if (sbuf-st_size sbuf-st_blocks * (SMB_OFF_T)STAT_ST_BLOCKSIZE) {
return FILE_ATTRIBUTE_SPARSE;
}
#endif
+#endif
return 0;
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joining XP SP2 to a Samba PDC
Hello and Thanks in advance. I have a CentOS 4.1 Server and i have samba Version 3.0.10-1.4E I have 2 users on this server right now: Root, Dsanchez. I have also issued this command to set up these 2 users on the Samba Server as well. smbpasswd -a root smbpasswd -a dsanchez and i set up the password to match the linux account. Here is my SMB.conf file: # Global parameters [global] workgroup = ETNET server string = Samba PDC Server passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u add machine script = /usr/sbin/useradd -c Machine -d /dev/null -s /bin/false machine_name$ domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 hosts allow = 10.78., 127. cups options = raw [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No I have also made the following changes to the XP box. Registry changes: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters\Requiresignorseal Which i set to '0' from '1' I have made sure the following in Local Security Policy is set: I edited or checked the following entries: Domain member: Digitally encrypt or sign secure channel(Disabled) Domain member: Disable machine account password changes(Disabled). Domain member: Require strong (Windows 2000 or later) session key(Disabled) Then i go to the Systems Properties/computer name change/ I change from workgroup: workgroup to Domain:ETINET Then i click the 'ok' button, and a login window pops up. I then use the following usernames to 'Join' root admin administrator dsanchez etinet\root etinet\admin etinet\administrator etinet\dsanchez I get the following error when i try to join as: administrator admin etinet\admin etinet\administrator The following error occurred attempting to join the domain ETINET: Logon Failure: Unknown Username or bad password. When i try using the following this is what i get: root etinet\root The following error occurred attempting to join the domain ETINET: The username could not be found. Then, if i try and use my account, whcih i added to the root group. Dsanchez etinet\Dsanchez The following error occurred attempting to join the domain ETINET: Access is Denied. Note, this is an XP SP2 Machine and i only have 1 user on this machine (Dsanchez) Also, I did find that this script add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false has a group of 102 and the machine log file that was in /var/log/samba/machinename.log had this error in it. useradd: unknown group 102 however i do have this script in the smb.conf file. add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u So do i need both of these lines? do i need to make a group with the Gid of 102? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba with ads
Hello, I am currently building samba 3.10 on a Solaris 9. When I use the following configure line ./configure --with-pam --with-winbind --with-ads --with-krb5=/usr/lib/krb5 --with-ldap=/usr/local/openldap I get this message: checking for LDAP support... auto checking ldap.h usability... no checking ldap.h presence... yes configure: WARNING: ldap.h: present but cannot be compiled configure: WARNING: ldap.h: check for missing prerequisite headers? configure: WARNING: ldap.h: see the Autoconf documentation configure: WARNING: ldap.h: section Present But Cannot Be Compiled configure: WARNING: ldap.h: proceeding with the preprocessor's result configure: WARNING: ldap.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## checking for ldap.h... yes checking lber.h usability... yes It seems it sees ldap.h, but it can't use it. Any ideas? Rick Mattier Systems Analyst II Wind River Systems Canton: 781 364-2002 Nashua 603 897-2084 Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining XP SP2 to a Samba PDC
Have you added the machine name to the linux box using the command
adduser {machine name}$ (if it doesn't allow the $ then add it to the
end of the machine name in /etc/passwd
then do:
smbpasswd -m {machine name}$
Then try joining the domain by using the administrator username and the
root password for the Linux box.
DSanchez wrote:
Hello and Thanks in advance.
I have a CentOS 4.1 Server and i have samba Version 3.0.10-1.4E
I have 2 users on this server right now: Root, Dsanchez.
I have also issued this command to set up these 2 users on the Samba
Server as well.
smbpasswd -a root
smbpasswd -a dsanchez
and i set up the password to match the linux account.
Here is my SMB.conf file:
# Global parameters
[global]
workgroup = ETNET
server string = Samba PDC Server
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
/bin/false -M %u
add machine script = /usr/sbin/useradd -c Machine -d /dev/null
-s /bin/false machine_name$
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
hosts allow = 10.78., 127.
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = Yes
share modes = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
I have also made the following changes to the XP box.
Registry changes:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters\Requiresignorseal
Which i set to '0' from '1'
I have made sure the following in Local Security Policy is set:
I edited or checked the following entries:
Domain member: Digitally encrypt or sign secure channel(Disabled)
Domain member: Disable machine account password changes(Disabled).
Domain member: Require strong (Windows 2000 or later) session key(Disabled)
Then i go to the Systems Properties/computer name change/
I change from workgroup: workgroup to Domain:ETINET
Then i click the 'ok' button, and a login window pops up.
I then use the following usernames to 'Join'
root
admin
administrator
dsanchez
etinet\root
etinet\admin
etinet\administrator
etinet\dsanchez
I get the following error when i try to join as:
administrator
admin
etinet\admin
etinet\administrator
The following error occurred attempting to join the domain ETINET:
Logon Failure: Unknown Username or bad password.
When i try using the following this is what i get:
root
etinet\root
The following error occurred attempting to join the domain ETINET:
The username could not be found.
Then, if i try and use my account, whcih i added to the root group.
Dsanchez
etinet\Dsanchez
The following error occurred attempting to join the domain ETINET:
Access is Denied.
Note, this is an XP SP2 Machine and i only have 1 user on this machine
(Dsanchez)
Also,
I did find that this script
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
has a group of 102
and the machine log file that was in /var/log/samba/machinename.log
had this error in it.
useradd: unknown group 102
however i do have this script in the smb.conf file.
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
So do i need both of these lines?
do i need to make a group with the Gid of 102?
Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining XP SP2 to a Samba PDC
Correction, the command you want is:
smbpasswd -a -m {machine name, no $}
DSanchez wrote:
Hello and Thanks in advance.
I have a CentOS 4.1 Server and i have samba Version 3.0.10-1.4E
I have 2 users on this server right now: Root, Dsanchez.
I have also issued this command to set up these 2 users on the Samba
Server as well.
smbpasswd -a root
smbpasswd -a dsanchez
and i set up the password to match the linux account.
Here is my SMB.conf file:
# Global parameters
[global]
workgroup = ETNET
server string = Samba PDC Server
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
/bin/false -M %u
add machine script = /usr/sbin/useradd -c Machine -d /dev/null
-s /bin/false machine_name$
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
hosts allow = 10.78., 127.
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = Yes
share modes = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
I have also made the following changes to the XP box.
Registry changes:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters\Requiresignorseal
Which i set to '0' from '1'
I have made sure the following in Local Security Policy is set:
I edited or checked the following entries:
Domain member: Digitally encrypt or sign secure channel(Disabled)
Domain member: Disable machine account password changes(Disabled).
Domain member: Require strong (Windows 2000 or later) session key(Disabled)
Then i go to the Systems Properties/computer name change/
I change from workgroup: workgroup to Domain:ETINET
Then i click the 'ok' button, and a login window pops up.
I then use the following usernames to 'Join'
root
admin
administrator
dsanchez
etinet\root
etinet\admin
etinet\administrator
etinet\dsanchez
I get the following error when i try to join as:
administrator
admin
etinet\admin
etinet\administrator
The following error occurred attempting to join the domain ETINET:
Logon Failure: Unknown Username or bad password.
When i try using the following this is what i get:
root
etinet\root
The following error occurred attempting to join the domain ETINET:
The username could not be found.
Then, if i try and use my account, whcih i added to the root group.
Dsanchez
etinet\Dsanchez
The following error occurred attempting to join the domain ETINET:
Access is Denied.
Note, this is an XP SP2 Machine and i only have 1 user on this machine
(Dsanchez)
Also,
I did find that this script
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
has a group of 102
and the machine log file that was in /var/log/samba/machinename.log
had this error in it.
useradd: unknown group 102
however i do have this script in the smb.conf file.
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
So do i need both of these lines?
do i need to make a group with the Gid of 102?
Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [GOLUM] RE: [Samba] pdbedit not working as documented
Thanks everyone for your lack of any response whatsoever, I find it builds
character to be ignored throughout challenges I encounter in my life. Since
I was unable to explain why Samba is predisposed to a range of SID for all
accounts, the client who was interested in keeping his Linux/Samba solution
will be migrating to Window 2003. I hope that feels as bad, deep in your
stomach, as it does mine! Thanks for nothing.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
John McLoskey
Sent: Tuesday, August 09, 2005 3:03 AM
To: samba@lists.samba.org; [EMAIL PROTECTED]
Subject: [GOLUM] RE: [Samba] pdbedit not working as documented
Am I building user_sid internally every time?
We seem to ignore -U argument to pdbedit.
At line 475 of samba-3.0.14a/source/utils/pdbedit.c;
if (user_sid) {
DOM_SID u_sid;
if (!string_to_sid(u_sid, user_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int u_rid;
if (sscanf(user_sid, %d, u_rid) != 1) {
fprintf(stderr, Error passed string is not
a complete user SID or RID!\n);
return -1;
}
sid_copy(u_sid, get_global_sam_sid());
sid_append_rid(u_sid, u_rid);
}
pdb_set_user_sid (sam_pwent, u_sid, PDB_CHANGED);
}
if (group_sid) {
DOM_SID g_sid;
if (!string_to_sid(g_sid, group_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int g_rid;
if (sscanf(group_sid, %d, g_rid) != 1) {
fprintf(stderr, Error passed string is not
a complete group SID or RID!\n);
return -1;
}
sid_copy(g_sid, get_global_sam_sid());
sid_append_rid(g_sid, g_rid);
}
pdb_set_group_sid (sam_pwent, g_sid, PDB_CHANGED);
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of John McLoskey
Sent: Tuesday, August 09, 2005 12:46 AM
To: samba@lists.samba.org
Subject: RE: [Samba] pdbedit not working as documented
Modifying account has same behavior;
smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010
Unix username:test1
NT username:
Account Flags:[U ]
User SID: S-1-5-21-1375268081-527015025-691025275-3008
Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3009
Full Name:User
Home Directory: \\smbsvr\home\test1
HomeDir Drive:H:
Logon Script:
Profile Path: \\smbsvr\home\test1\profile
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC
Password last set:Tue, 09 Aug 2005 04:53:13 UTC
Password can change: Tue, 09 Aug 2005 04:53:13 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password : 0
Bad password count : 0
Logon hours : FF
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of John McLoskey
Sent: Monday, August 08, 2005 11:55 PM
To: samba@lists.samba.org
Subject: [Samba] pdbedit not working as documented
I have am hitting a wall with pdbedit, as shown below.
Any workarounds would be greatly appreciated.
I am encountering the inability to change any users (profile) SID on Samba
3.x for Linux and BSD, which causes the accounts to no longer recognize
their local Samba 2 profiles once they join Samba 3 domain. If I add a new
user and pdbedit -a user -U SID it ignores the -U.
The old profiles appear on the Windows clients as unknown profile.
The problem is that the profiles are inaccessible.
If I man pdbedit, it clearly states the ability to;
smbsvr# man pdbedit
...
-G SID|rid
This option can be used while adding or modifying a user
ac-
count. It will specify the users' new primary group SID
(Securi-
ty Identifier) or rid.
Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201
-U SID|rid
This option can be used while adding or modifying a user
ac-
count. It will specify the users' new SID (Security
Identifier)
or rid.
Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004
Last login: Mon Aug 8 22:00:37 2005 from 192.168.1.101
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.4-RELEASE (GENERIC) #0: Sun
Re: RE [Samba] Bug in LDAP stuff?
On Wed, 2005-08-10 at 17:29 +0200, [EMAIL PROTECTED] wrote: since samba-3.0.20rc1 the ldap filter parameter is removed. you can resolve your problem by comment the ldap-filter parameter. I had seen this note before, so my ldap filter was equal to nothing. I commented it completely out, but nothing changed. I still get the same sorts of filters in my logs when I try to join the domain. Thanks, dk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [GOLUM] RE: [Samba] pdbedit not working as documented
Thats quite correct, we are all out to get you. Not only did you reply
to your email 3 times but its only been 2 days since you posted.
If you want help in future, learn to be more patient, not everyone has
time to respond to emails. Sometimes people can only reply at weekends,
or using their works email account that they don't have access to from
home. If thats the case then if someone was off on Tues or Monday then
it will be 2 days until you get a reply.
NO'ONE is guaranteed to get a response, but replying to your own emails
and then giving a shitty reply after not receiving a lightning quick
response from a volunteer supported mailing list WILL get an email like
this.
Now go and play with Mr Gates, no doubt you will send an email to the
Windows 2003 server mailing lists of a similar style.
John McLoskey wrote:
Thanks everyone for your lack of any response whatsoever, I find it builds
character to be ignored throughout challenges I encounter in my life. Since
I was unable to explain why Samba is predisposed to a range of SID for all
accounts, the client who was interested in keeping his Linux/Samba solution
will be migrating to Window 2003. I hope that feels as bad, deep in your
stomach, as it does mine! Thanks for nothing.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
John McLoskey
Sent: Tuesday, August 09, 2005 3:03 AM
To: samba@lists.samba.org; [EMAIL PROTECTED]
Subject: [GOLUM] RE: [Samba] pdbedit not working as documented
Am I building user_sid internally every time?
We seem to ignore -U argument to pdbedit.
At line 475 of samba-3.0.14a/source/utils/pdbedit.c;
if (user_sid) {
DOM_SID u_sid;
if (!string_to_sid(u_sid, user_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int u_rid;
if (sscanf(user_sid, %d, u_rid) != 1) {
fprintf(stderr, Error passed string is not
a complete user SID or RID!\n);
return -1;
}
sid_copy(u_sid, get_global_sam_sid());
sid_append_rid(u_sid, u_rid);
}
pdb_set_user_sid (sam_pwent, u_sid, PDB_CHANGED);
}
if (group_sid) {
DOM_SID g_sid;
if (!string_to_sid(g_sid, group_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int g_rid;
if (sscanf(group_sid, %d, g_rid) != 1) {
fprintf(stderr, Error passed string is not
a complete group SID or RID!\n);
return -1;
}
sid_copy(g_sid, get_global_sam_sid());
sid_append_rid(g_sid, g_rid);
}
pdb_set_group_sid (sam_pwent, g_sid, PDB_CHANGED);
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of John McLoskey
Sent: Tuesday, August 09, 2005 12:46 AM
To: samba@lists.samba.org
Subject: RE: [Samba] pdbedit not working as documented
Modifying account has same behavior;
smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010
Unix username:test1
NT username:
Account Flags:[U ]
User SID: S-1-5-21-1375268081-527015025-691025275-3008
Primary Group SID:S-1-5-21-1375268081-527015025-691025275-3009
Full Name:User
Home Directory: \\smbsvr\home\test1
HomeDir Drive:H:
Logon Script:
Profile Path: \\smbsvr\home\test1\profile
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC
Password last set:Tue, 09 Aug 2005 04:53:13 UTC
Password can change: Tue, 09 Aug 2005 04:53:13 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password : 0
Bad password count : 0
Logon hours : FF
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of John McLoskey
Sent: Monday, August 08, 2005 11:55 PM
To: samba@lists.samba.org
Subject: [Samba] pdbedit not working as documented
I have am hitting a wall with pdbedit, as shown below.
Any workarounds would be greatly appreciated.
I am encountering the inability to change any users (profile) SID on Samba
3.x for Linux and BSD, which causes the accounts to no longer recognize
their local Samba 2 profiles once they join Samba 3 domain. If I add a new
user and pdbedit -a user -U SID it ignores the -U.
The old profiles appear on the Windows clients as unknown profile.
The problem is that the profiles are inaccessible.
If I man pdbedit, it
RE: [GOLUM] RE: [Samba] pdbedit not working as documented
On Wed, 2005-08-10 at 12:35 -0500, John McLoskey wrote: Thanks everyone for your lack of any response whatsoever, I find it builds character to be ignored throughout challenges I encounter in my life. Since I was unable to explain why Samba is predisposed to a range of SID for all accounts, the client who was interested in keeping his Linux/Samba solution will be migrating to Window 2003. good luck I hope that feels as bad, deep in your stomach, as it does mine! Thanks for nothing. actually, problem solving is part of the learning process. Too bad your client didn't have someone more committed to the learning process. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [GOLUM] RE: [Samba] pdbedit not working as documented
You think Microsoft's mailing lists and forums are better? Just wait (and
wait, and and ...). Oh, that's right, you can call Microsft for help ,,, and
shell out $295 per.
Dimitri
John McLoskey wrote:
Thanks everyone for your lack of any response whatsoever, I find it builds
character to be ignored throughout challenges I encounter in my life. Since
I was unable to explain why Samba is predisposed to a range of SID for all
accounts, the client who was interested in keeping his Linux/Samba solution
will be migrating to Window 2003. I hope that feels as bad, deep in your
stomach, as it does mine! Thanks for nothing.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
John McLoskey
Sent: Tuesday, August 09, 2005 3:03 AM
To: samba@lists.samba.org; [EMAIL PROTECTED]
Subject: [GOLUM] RE: [Samba] pdbedit not working as documented
Am I building user_sid internally every time?
We seem to ignore -U argument to pdbedit.
At line 475 of samba-3.0.14a/source/utils/pdbedit.c;
if (user_sid) {
DOM_SID u_sid;
if (!string_to_sid(u_sid, user_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int u_rid;
if (sscanf(user_sid, %d, u_rid) != 1) {
fprintf(stderr, Error passed string is not
a complete user SID or RID!\n);
return -1;
}
sid_copy(u_sid, get_global_sam_sid());
sid_append_rid(u_sid, u_rid);
}
pdb_set_user_sid (sam_pwent, u_sid, PDB_CHANGED);
}
if (group_sid) {
DOM_SID g_sid;
if (!string_to_sid(g_sid, group_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int g_rid;
if (sscanf(group_sid, %d, g_rid) != 1) {
fprintf(stderr, Error passed string is not
a complete group SID or RID!\n);
return -1;
}
sid_copy(g_sid, get_global_sam_sid());
sid_append_rid(g_sid, g_rid);
}
pdb_set_group_sid (sam_pwent, g_sid, PDB_CHANGED);
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of John McLoskey
Sent: Tuesday, August 09, 2005 12:46 AM
To: samba@lists.samba.org
Subject: RE: [Samba] pdbedit not working as documented
Modifying account has same behavior;
smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010
Unix username: test1
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1375268081-527015025-691025275-3008
Primary Group SID: S-1-5-21-1375268081-527015025-691025275-3009
Full Name: User
Home Directory: \\smbsvr\home\test1
HomeDir Drive: H:
Logon Script:
Profile Path: \\smbsvr\home\test1\profile
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC
Password last set: Tue, 09 Aug 2005 04:53:13 UTC
Password can change: Tue, 09 Aug 2005 04:53:13 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password : 0
Bad password count : 0
Logon hours : FF
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of John McLoskey
Sent: Monday, August 08, 2005 11:55 PM
To: samba@lists.samba.org
Subject: [Samba] pdbedit not working as documented
I have am hitting a wall with pdbedit, as shown below.
Any workarounds would be greatly appreciated.
I am encountering the inability to change any users (profile) SID on Samba
3.x for Linux and BSD, which causes the accounts to no longer recognize
their local Samba 2 profiles once they join Samba 3 domain. If I add a new
user and pdbedit -a user -U SID it ignores the -U.
The old profiles appear on the Windows clients as unknown profile.
The problem is that the profiles are inaccessible.
If I man pdbedit, it clearly states the ability to;
smbsvr# man pdbedit
...
-G SID|rid
This option can be used while adding or modifying a user
ac-
count. It will specify the users' new primary group SID
(Securi-
ty Identifier) or rid.
Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201
-U SID|rid
This option can be used while adding or modifying a user
ac-
count. It will specify the users' new SID (Security
Identifier)
or rid.
Example: -U
[Samba] Re: document request for samba + edirectory
Tara Chopra [EMAIL PROTECTED] wrote: So i have gone through the archives and see a lot of people asking if samba can use edirectory as a source for user passwords. No i'm down the same road myself =D my company is using edirectory 8.7.3 on Solaris and redhat enterprise linux 3. the samba server only needs to talk to the redhat edirectory server though. From the turtorials that i have read a lot pf people hook up edirectory and samba for a lot of user info but when it comes time for the passwords they rely on smbpasswd command to maintain a seperate samba user password database. Is there no secure way of making samba fetch user passwords from edirectory directly? -- Tara C. What you need to extend your ldap server schema. Samba specific schema definition for your server is located in samba source distribution, in the following file: /examples/LDAP/samba-nds.schema To make it work in a secure way you have to make sure: 1) attributes operation (read, write, etc) permissions are set properly 2) some sort of secure authentication (SASL, SSL/TLS) system is deployed Cheers, -- Michal Kurowski [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Replacing a PDC
Hi. I'm having a helluva time trying to replace my Samba PDC machine with new hardware, and I'd really appreciate some pointers about how I should be doing it. I'm sorry, I wrote a lot of detail in this email - trying to mention everything that might be relevant. Here's the detail: I've a perfectly functional PDC running on older hardware under RedHat 9 and Samba 3.0.2. When I set it up, I was creating a windows domain for the first time, so I had no data to migrate. It was really easy to set up once I'd read about all the options I needed in the smb.conf file. (I've posted the smb.conf files at the end.) I now want to replace this machine with a completely new box. So I've got the new hardware and installed FC4 on there, including Samba version 3.0.14. I've migrated with no problems the NIS, DNS, cups and so on and they are all working just fine off the new machine. The old PDC is now ypbound to the new machine for unix users, and it's still working just fine in samba. I want to migrate the SMB from the old to the new box. I tried simply copying all the samba config files and /var/samba/* from the PDC to the same places on the new box, then stopping smb on the old box and starting it on the new one. This resulted in none of the windows machines being able to see any domain controller at all, so I nuked all that and started again. I uninstalled all samba from the new machine, then searched the hard disk and removed all the samba directories to ensure a completely clean start, then I installed samba from scratch. I tried setting up the new server as a BDC, and joining the domain (using 'net join'). I copied and edited the smb.conf file from the working server, then copied over passdb.tdb and smbusers. I then used 'net rpc getsid' to set the sid of the BDC and started smb. The new machine thought that it was working fine as a BDC, but none of the windows machines connected to it. I then stopped the PDC service, and again none of the windows boxes could see any kind of domain controller (even after rebooting them). Finally, I edited the smb.conf on the new server to tell it to be a PDC, in an attempt to promote it. After rebooting, the workstations could see it as a domain controller. However, they will only let me log in to the domain as user root (which I'd added to the original server early on to make things work). It doesn't allow anyone else to log in with the 'helpful' message Windows could not log you on. Obviously it's sort of working, because the machines seem to be able to connect and see the domain, and if I log in as root and then, say, go to add a domain user to the Administrators group, it works fine and I can view a full list of domain users as I would expect. So how do I get this thing to work? I'm not using LDAP as the backend, and although I can see the advantages I don't right now want to try and set all that up. How do I migrate all the user and machine information from the old PDC to the new one, using tdbsam as the backend? Should I export the contents of tdbsam to smbpasswd and then back again on the new machine? In which case, how do I do this? Any help appreciated. Paul. --- Here are my smb.conf files. (I've not posted some of the bits which I'm pretty sure aren't relevant like logging options and comments). Here's the config from the working PDC snip [global] netbios name = antonia workgroup = vilnt server string = vilnt PDC (antonia) passdb backend = tdbsam security = user add machine script = /usr/sbin/useradd -g 100 -d /dev/null -s /bin/false -M %u encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 50 domain master = yes preferred master = yes domain logons = yes logon script = %U.bat logon path = \\picard\%U\.ntprofile logon drive = H: logon home = \\picard\%U wins support = yes dns proxy = yes # Share Definitions == [netlogon] comment = Network Logon Service path = /netlogon guest ok = yes writable = no share modes = no /snip And here is the config from the new server: snip [global] netbios name = charlotte workgroup = vilnt server string = vilnt new PDC (charlotte) passdb backend = tdbsam security = user add machine script = /usr/sbin/useradd -g 100 -d /dev/null -s /bin/false -M %u encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 50 domain master = yes preferred master = yes domain logons = yes logon script = %U.bat logon path = \\picard\%U\.ntprofile logon drive = H: logon home = \\picard\%U wins support = yes dns proxy = yes # Share Definitions ==
[Samba] lock request at offset?
I was trying to copy swf file (35MB) from a windows machine to my samba share. It told me There is not enough disk space. However, it lets me copy it in another share. I didn't notice anything different with the share I am having problem with. I noticed the following messages in the log: [2005/08/10 13:56:47, 0] locking/posix.c:posix_fcntl_lock(657) posix_fcntl_lock: WARNING: lock request at offset 34836480, length 61440 returned [2005/08/10 13:56:47, 0] locking/posix.c:posix_fcntl_lock(658) an Invalid argument error. This can happen when using 64 bit lock offsets [2005/08/10 13:56:47, 0] locking/posix.c:posix_fcntl_lock(659) on 32 bit NFS mounted file systems. [2005/08/10 13:56:50, 0] smbd/service.c:make_connection(794) machinename couldn't find service systemswe [2005/08/10 13:57:05, 0] smbd/sec_ctx.c:initialise_groups(203) Unable to initgroups. Error was Operation not permitted [2005/08/10 13:57:05, 1] smbd/service.c:make_connection_snum(642) machinename connect to service peopleweb initially as user DOMAIN\username (uid=10250, gid=12729) (pid 17463)[2005/08/10 13:57:11, 0] locking/posix.c:posix_fcntl_lock(657) posix_fcntl_lock: WARNING: lock request at offset 21012480, length 61440 returned [2005/08/10 13:57:11, 0] locking/posix.c:posix_fcntl_lock(658) an Invalid argument error. This can happen when using 64 bit lock offsets [2005/08/10 13:57:11, 0] locking/posix.c:posix_fcntl_lock(659) on 32 bit NFS mounted file systems. [2005/08/10 13:57:16, 0] smbd/service.c:make_connection(794) machinename couldn't find service peoplewe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Server Netbios name
John Graves wrote: Here is the global conf: [global] domain master = No netbios name = Debian local master = No workgroup = AUDUBON os level = 20 security = share preferred master = no Wow, you have like every option flipped from how I set up Samba PDC's... I would guess that what ever is suppose to be your WINS server on the network is not cataloging this server correctly. To me it looks like this is suppose to be some sort of peer file share box at best... set to be very apologetic about the fact that it is on the network. You don't offer many details about the rest of your network... but these settings lead me to believe you have other SMB talking servers, yes? -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP disconnect from SCO/Unix Server
Hello Everyone! I have a SCO\Unix 5.0.2Eb server that is running Samba along with several Windows XP Pro computers. Throughout the day these computers will be disconnected from mapped folders on this SCO\Unix server. If the end-user logs of their computer and them back on, the connects is re-established and all is well. My network\domain is a Windows 2003 server that has a mixture of XP, 98 and 2000 machines on it. These other machines are not affected and their mappings remain connected all day, it is only the XP machines. I don't run any policies because my network is main composed of 98 machines and I have checked the local policies on the XP machines altering any time to live configurations that are there. My next thought is it has to be within the Samba that is causing my problem. Has anyone run into this kind of problem, if so, what have you done to correct it? I am going to be adding numerous more XP machines to my network and I can't have this continue to happen. Sincerely; Carol L Cordon-Allred Information System Specialist Horizon Credit Union -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACLs - backup and restore
Hi all, How is the best way to perform backups of my files witch has acls in order to don't lose then when I need to recover some file or folder? Is there anybody here who has problems of losing acls when backup files and restore? thanks! Felipe. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACLs - backup and restore
Try using star (http://freshmeat.net/projects/star/) it supports ACLs whereas tar doesn't. Felipe wrote: Hi all, How is the best way to perform backups of my files witch has acls in order to don't lose then when I need to recover some file or folder? Is there anybody here who has problems of losing acls when backup files and restore? thanks! Felipe. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fw: [Samba] Mac OSX Tiger 10.4.2 SMB
Hi Neil, didn't even knew that OS X could join domains. Perhabs this site http://www.macwindows.com has something to offer for You. Good Luck. Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] BUG: samba-3.0.14a samba-3.0.20pre2 endless loop AIX 5.3 (jfs2) Win98
Hi, I have replaced an older AIX system with a new one running AIX 5.3, all the latest patches. It is acting as a PDC (I think irrelevant). The old server was running AIX 4.3.2 with Samba 3.0.14a (upgraded from 2.0.7) , and was working 100% fine. I had the old server running 3.0.14a for 6 weeks prior to the upgrade as part of my migration plan. There are Windows 98 boxes that connect to this server (workgroup), as well as XP SP2 boxes that connect to the server (domain). The shares that I am having problems with are on IBM's jfs2 filesystem. The XP boxes are working perfectly. The Windows 98 boxes work to read and save files. HOWEVER... if one Explores into one of the folders, Samba goes into an endless loop. The little flashlight in Windows 98 Explorer just keeps waving back and forth. The behavior can be duplicated by going into a DOS prompt and doing a DIR on the shared directory. It is more obvious what is happening, because the screen updates continuously. It just scrolls forever. It gets to the end of the directory listing and starts again at the top...looping forever. 1. AIX 4.3.2, jfs, samba-3.0.14a worked perfectly 2. AIX 5.3, jfs2, samba-3.0.14a samba-3.0.20pre2 have problem with Windows 98 computers 3. Samba compiled on AIX 5.3 with gcc IBM's C, no difference 4. AIX 5.3 filesystem is much larger than the AIX 4.3.2 filesystem 5. Windows XP Pro SP2 clients work fine. Things I cannot do: 1. Move files to non-jfs2 filesystem. There are 500,000 files in this filesytem.. in various folders. 2. Try the old version of AIX... it is off the network now Anything else I can do as long as it is not too disruptive.. I am recommending the Windows 98 boxes be replaced with new systems with XP Pro SP2 boxes. There are only a handful, so I think it will be an acceptable solution. However, I know that Samba 3.0.20 is trying to get out the door I thought this is worth reporting. I can make some time to troubleshoot this over the next day or two if someone wants to provide me some guidance... it is a production system, but I can sneak on during quiet times to bump log levels, etc. I have a 2 meg logfile (I can't remember what level) from when I first discovered the problem. It was only 1 PC that time, but then people came back from holidays they discovered other computers today :-( Here is a snippit of the logfile (3.0.14a) that I have... I have no idea if it is relevant or not.. Is anyone interested in persuing this?? If so, let me know what kind of information you need I'll try to work through it. Cheers, Steve Here is a snippit of the logfile (3.0.14a) that I have... I have no idea if it is relevant or not.. [2005/08/02 13:13:04, 3] smbd/process.c:process_smb(1091) Transaction 7500 of length 92 [2005/08/02 13:13:04, 3] smbd/process.c:switch_message(886) switch message SMBtrans2 (pid 72450) conn 0x201b8e68 [2005/08/02 13:13:04, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(159) fetch sid from uid cache 487 - S-1-5-21-990301892-1366075780-2263035062-1974 [2005/08/02 13:13:04, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(233) fetch sid from gid cache 50 - S-1-5-21-990301892-1366075780-2263035062-1101 [2005/08/02 13:13:04, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(233) fetch sid from gid cache 1 - S-1-5-21-990301892-1366075780-2263035062-513 [2005/08/02 13:13:04, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (487, 50) - sec_ctx_stack_ndx = 0 [2005/08/02 13:13:04, 3] smbd/trans2.c:call_trans2findnext(1595) call_trans2findnext: dirhandle = 257, max_data_bytes = 2432, maxentries = 4, close_after_request=0, close_if_end = 0 requires_resume_key = 0 resume_key = 0 resume name = sums continue=0 level = 260 [2005/08/02 13:13:04, 3] smbd/dir.c:dptr_fetch_lanman2(667) fetching dirptr 257 for path ./ [2005/08/02 13:13:04, 3] smbd/trans2.c:call_trans2findnext(1653) dptr_num is 257, mask = *, attr = 1016, dirptr=(0x201BD398,-1) [2005/08/02 13:13:04, 3] smbd/trans2.c:call_trans2findnext(1752) SMBtrans2 mask=* directory=./ dirtype=4118 numentries=4 [2005/08/02 13:13:04, 3] smbd/process.c:process_smb(1091) Transaction 7501 of length 96 [2005/08/02 13:13:04, 3] smbd/process.c:switch_message(886) switch message SMBtrans2 (pid 72450) conn 0x201b8e68 [2005/08/02 13:13:04, 3] smbd/trans2.c:call_trans2findnext(1595) call_trans2findnext: dirhandle = 256, max_data_bytes = 2432, maxentries = 4, close_after_request=0, close_if_end = 0 requires_resume_key = 0 resume_key = 0 resume name = 188754 continue=0 level = 260 [2005/08/02 13:13:04, 3] smbd/dir.c:dptr_fetch_lanman2(667) fetching dirptr 256 for path ./ [2005/08/02 13:13:04, 3] smbd/trans2.c:call_trans2findnext(1653) dptr_num is 256, mask = *, attr = 16, dirptr=(0x2010B488,0) [2005/08/02 13:13:04, 3] smbd/trans2.c:call_trans2findnext(1752) SMBtrans2 mask=* directory=./ dirtype=22 numentries=4 [2005/08/02 13:13:04, 3] smbd/process.c:process_smb(1091) Transaction 7502
[Samba] Compiling smbtorture
Is smbtorture a simple SMB client that is completely separate from Samba server? (I.e., can I use it to test, e.g., a regular Windows SMB server?) Or is it something that only tests Samba server? Anyway, I haven't had any luck compiling it. Any hints? Here is a transcript (this is on SUSE Linux Enterprise 9): [EMAIL PROTECTED]:~/tmp/apps/samba-3.0.14a/source ./configure --prefix=$HOME/local/samba make bin/smbtorture SAMBA VERSION: 3.0.14a checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking for gcc... (cached) gcc checking whether we are using the GNU C compiler... (cached) yes checking whether gcc accepts -g... (cached) yes checking for gcc option to accept ANSI C... (cached) none needed checking how to run the C preprocessor... gcc -E checking for a BSD-compatible install... /usr/bin/install -c checking for gawk... gawk checking for perl... /usr/bin/perl checking for ar... ar checking if the linker (ld) is GNU ld... yes checking GNU ld release date... 20040303 checking for library containing strerror... none required checking whether gcc and cc understand -c and -o together... yes checking that the C compiler understands -Werror... yes checking that the C compiler understands volatile... yes checking uname -s... Linux checking uname -r... 2.6.5-7.139-default checking uname -m... i686 checking uname -p... i686 checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking config.cache system type... same checking for LFS support... yes checking for inline... inline checking for egrep... grep -E checking for ANSI C header files... yes checking for dirent.h that defines DIR... yes checking for library containing opendir... none required checking whether time.h and sys/time.h may both be included... yes checking for sys/wait.h that is POSIX.1 compatible... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking arpa/inet.h usability... yes checking arpa/inet.h presence... yes checking for arpa/inet.h... yes checking sys/fcntl.h usability... yes checking sys/fcntl.h presence... yes checking for sys/fcntl.h... yes checking sys/select.h usability... yes checking sys/select.h presence... yes checking for sys/select.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking sys/unistd.h usability... yes checking sys/unistd.h presence... yes checking for sys/unistd.h... yes checking rpc/nettype.h usability... no checking rpc/nettype.h presence... no checking for rpc/nettype.h... no checking for unistd.h... (cached) yes checking utime.h usability... yes checking utime.h presence... yes checking for utime.h... yes checking grp.h usability... yes checking grp.h presence... yes checking for grp.h... yes checking sys/id.h usability... no checking sys/id.h presence... no checking for sys/id.h... no checking limits.h usability... yes checking limits.h presence... yes checking for limits.h... yes checking for memory.h... (cached) yes checking rpc/rpc.h usability... yes checking rpc/rpc.h presence... yes checking for rpc/rpc.h... yes checking rpcsvc/nis.h usability... yes checking rpcsvc/nis.h presence... yes checking for rpcsvc/nis.h... yes checking rpcsvc/yp_prot.h usability... yes checking rpcsvc/yp_prot.h presence... yes checking for rpcsvc/yp_prot.h... yes checking rpcsvc/ypclnt.h usability... yes checking rpcsvc/ypclnt.h presence... yes checking for rpcsvc/ypclnt.h... yes checking sys/param.h usability... yes checking sys/param.h presence... yes checking for sys/param.h... yes checking ctype.h usability... yes checking ctype.h presence... yes checking for ctype.h... yes checking for sys/wait.h... (cached) yes checking sys/resource.h usability... yes checking sys/resource.h presence... yes checking for sys/resource.h... yes checking sys/ioctl.h usability... yes checking sys/ioctl.h presence... yes checking for sys/ioctl.h... yes checking sys/ipc.h usability... yes checking sys/ipc.h presence... yes checking for sys/ipc.h... yes checking sys/mode.h usability... no checking sys/mode.h presence... no checking for sys/mode.h... no checking sys/mman.h usability... yes checking sys/mman.h presence... yes checking for sys/mman.h... yes checking sys/filio.h usability... no checking sys/filio.h
[Samba] Cannot find KDC for requested realm
I'm trying to install Samba.
I need to put some files on Samba server accessed from Windows clients and
authenticated through our Win2k Active Directory Server.
I'm following instructions from Chapter 13_ Identity Mapping (IDMAP).htm, but
at the moment I cannot connect. I've follow many directions from too much sites
over Internet, and there are a lot of instructions, buy I cannot get connected.
When I type \\my_smb_server from Start/Run menu on a machine signed as
Administrator, appear a Window asking for user and password.
When a type net ads join -UAdministrator
Administrator's password:
I get this:
[2005/08/09 14:22:20, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested
realm
[2005/08/09 14:22:20, 0] utils/net_ads.c:ads_startup(191) ads_connect: Cannot
find KDC for requested realm
Here are my configuration files:
-
File smb.conf
-
[global]
workgroup = MAINWIN2KGROUP
netbios name = SMBHOST
realm = MYDOMAIN.COM
security = ADS
template shell = /bin/bash
idmap uid = 500-1000
idmap gid = 500-1000
winbind use default domain = Yes
winbind nested groups = Yes
# Shares section
[shared1]
comment = Datos compartidos
path = /home/user/toSamba
force user = Administrator
browseable = yes
--
/etc/krb5.conf
--
[logging]
default = FILE:/var/kerberos/krb5/krb5libs.log
kdc = FILE=/var/kerberos/krb5/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
log.smbd
[2005/08/09 13:11:26, 5]
lib/module.c:smb_probe_module(104)
Probing module 'ISO8859-1'
[2005/08/09 13:11:26, 5]
lib/module.c:smb_probe_module(115)
Probing module 'ISO8859-1': Trying to load from
/opt/local/samba/lib/charset/ISO8859-1.so
[2005/08/09 13:11:26, 3]
lib/module.c:do_smb_load_module(49)
Error loading module 'opt/local/samba/lib/charset/ISO8859-1.so': ld.so.1
: /opt/local/samba/sbin/smbd: fatal: /opt/local/samba/lib/charset/ISO8859-1.so:
open failed: No such file or directory
[2005/08/09 13:11:26, 5]
lib/charcnv.c:charset_name(78)
Locale charset 'ISO8859-1' unsupported, using ASCII instead
Thank you for any answer.
Regards.
-
Start your day with Yahoo! - make it your home page
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] username map file to link Domain groups to user
Morning to all, Question: is it possible to use the username map file to link a domain group - as supplied by wbinfo -u with a sigle local (/etc/passwd) user, so that only domain memebers of that group can access a particular share, but from the shares point of view it is accessed by the same user? Cheers, Boris * The information contained in this e-mail, and any attachments to it, is intended for the use of the addressee and is confidential. If you are not the intended recipient you must not use, disclose, read, forward, copy or retain any of the information. If you received this e-mail in error, please delete it and notify the sender by return e-mail or telephone. The Commonwealth does not warrant that any attachments are free from viruses or any other defects. You assume all liability for any loss, damage or other consequences which may arise from opening or using the attachments. * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot find KDC for requested realm
AD uses SRV records to find the KDC for a domain. Windows sets these up automatically if the AD server is also the DNS server for the domain. To check for the SRV record, try $ host -t srv _kerberos._tcp.MYDOMAIN.COM This MS article talks about the required SRV records: http://support.microsoft.com/default.aspx?scid=kb;en-us;816587 On 8/10/05, P V [EMAIL PROTECTED] wrote: snip When a type net ads join -UAdministrator Administrator's password: I get this: [2005/08/09 14:22:20, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm [2005/08/09 14:22:20, 0] utils/net_ads.c:ads_startup(191) ads_connect: Cannot find KDC for requested realm Here are my configuration files: snip - /etc/krb5.conf -- snip Setting up krb5.conf shouldn't be necessary. In fact, the Samba HOWTO warns against doing it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SuSE 9.3 + Samba 3 + LDAP
Horst B. Simon wrote: Hi All, I have OX with Samba 3 and Ldap working fine, except that workstation can not join the domain. When I try to join the domain I get following error message: The following error occurred attempting to join the domain. Can not find user name in Domain. But the user is there and it creates the computer in ou=computers in ldap. All users have no problems accessing the samba shares and using OX. Anyone in this group has successful joined a computer into ldap with OX and Samba3? Regards, Horst Horst, Is the user either root account in LDAP or been given sepriveledges as per chapter 5 of JHT example book? Does your smb.conf point to the correct part of ldap for your users? Have nss and pam been configured pointing correctly to where to the users are? Is the user that you are trying actually in that part of LDAP? Eg. You aren't trying to use: cn=Manager,dc=hsimon,dc=com,dc=au When your users are in : ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au Are you? Cheers Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Compiling smbtorture
OK, I was able to build successfully by downloading a release of SMB2 (I used samba-2.2.9). I then set up a share on a Windows 2000 box by creating an empty directory called 'netbench' (as specified in http://samba.org/ftp/tridge/dbench/README) and allowing Everyone to read/write (in both Sharing and Security). I then ran smbtorture: [EMAIL PROTECTED]:~/tmp/apps/samba-2.2.9/source bin/smbtorture //9.1.73.188/netbench -U yang ALL [2005/08/10 17:23:49, 0] lib/charset.c:load_client_codepage(213) load_client_codepage: filename /codepage.000 does not exist. [2005/08/10 17:23:49, 0] lib/util_unistr.c:load_unicode_map(617) load_unicode_map: filename /unicode_map.850 does not exist. [2005/08/10 17:23:49, 0] lib/util_unistr.c:load_unicode_map(617) load_unicode_map: filename /unicode_map.ISO8859-1 does not exist. [2005/08/10 17:23:49, 0] param/params.c:OpenConfFile(543) params.c:OpenConfFile() - Unable to open configuration file /home/cwu/local/samba2/lib/smb.conf: No such file or directory Password for user yang: host=9.1.73.188 shares=netbench users=yang, yang myname=cham6 Running FDPASS 9.1.73.188 rejected the session TEST FDPASS FAILED! FDPASS took 0.502151 secs Running LOCK1 9.1.73.188 rejected the session TEST LOCK1 FAILED! LOCK1 took 0.500834 secs [...all other tests fail similarly...] Looking into the source, I see that it's failing after delivering an NBT session request packet. What's going on? Thanks in advance for any help. Thus spake overbored on 8/10/2005 3:27 PM: Is smbtorture a simple SMB client that is completely separate from Samba server? (I.e., can I use it to test, e.g., a regular Windows SMB server?) Or is it something that only tests Samba server? Anyway, I haven't had any luck compiling it. Any hints? Here is a transcript (this is on SUSE Linux Enterprise 9): [EMAIL PROTECTED]:~/tmp/apps/samba-3.0.14a/source ./configure --prefix=$HOME/local/samba make bin/smbtorture SAMBA VERSION: 3.0.14a checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking for gcc... (cached) gcc checking whether we are using the GNU C compiler... (cached) yes checking whether gcc accepts -g... (cached) yes checking for gcc option to accept ANSI C... (cached) none needed checking how to run the C preprocessor... gcc -E checking for a BSD-compatible install... /usr/bin/install -c checking for gawk... gawk checking for perl... /usr/bin/perl checking for ar... ar checking if the linker (ld) is GNU ld... yes checking GNU ld release date... 20040303 checking for library containing strerror... none required checking whether gcc and cc understand -c and -o together... yes checking that the C compiler understands -Werror... yes checking that the C compiler understands volatile... yes checking uname -s... Linux checking uname -r... 2.6.5-7.139-default checking uname -m... i686 checking uname -p... i686 checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking config.cache system type... same checking for LFS support... yes checking for inline... inline checking for egrep... grep -E checking for ANSI C header files... yes checking for dirent.h that defines DIR... yes checking for library containing opendir... none required checking whether time.h and sys/time.h may both be included... yes checking for sys/wait.h that is POSIX.1 compatible... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking arpa/inet.h usability... yes checking arpa/inet.h presence... yes checking for arpa/inet.h... yes checking sys/fcntl.h usability... yes checking sys/fcntl.h presence... yes checking for sys/fcntl.h... yes checking sys/select.h usability... yes checking sys/select.h presence... yes checking for sys/select.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking sys/unistd.h usability... yes checking sys/unistd.h presence... yes checking for sys/unistd.h... yes checking rpc/nettype.h usability... no checking rpc/nettype.h presence... no checking for rpc/nettype.h... no checking for unistd.h... (cached) yes checking utime.h usability... yes checking utime.h presence... yes checking for utime.h... yes checking grp.h usability... yes checking grp.h presence... yes checking for
[Samba] Re: SuSE 9.3 + Samba 3 + LDAP
On Aug 11, 2005 10:35 AM, Geoffrey Scott [EMAIL PROTECTED] wrote: Horst B. Simon wrote: Hi All, I have OX with Samba 3 and Ldap working fine, except that workstation can not join the domain. When I try to join the domain I get following error message: The following error occurred attempting to join the domain. Can not find user name in Domain. But the user is there and it creates the computer in ou=computers in ldap. All users have no problems accessing the samba shares and using OX. Anyone in this group has successful joined a computer into ldap with OX and Samba3? Regards, Horst Horst, Is the user either root account in LDAP or been given sepriveledges as per chapter 5 of JHT example book? Does your smb.conf point to the correct part of ldap for your users? Have nss and pam been configured pointing correctly to where to the users are? Is the user that you are trying actually in that part of LDAP? Eg. You aren't trying to use: cn=Manager,dc=hsimon,dc=com,dc=au When your users are in : ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au Are you? Cheers Geoff Hi Geoff, I am not near the box now, I think you are on the right track. I will post tonight the relevant parts of my ldap.conf and smb.conf. Yes my binddn is uid=Manager,dc=hsimon,dc=com,dc=au and the user are in ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au. I tried to use the root user and I set up a administrator according to the information in the IDEALX document. Cheers, Horst -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] name resolving on a simple network
Pardon me if I don't adhere to list protocol - this is my first post: I have a simple home network with a seemingly intractable problem. I'm pretty new to Samba, though, and I can't help but think the answer, like the purloined letter in Edgar Allan Poe's story, is staring me in the face. Various folks have been helping me over on the Fedora list for 9 days, now, so I thought I'd try this problem here. The networks consists of the following: A linux Fedora Core server running several services, right on the net: It's Samba name is vrproductions2 - it's robustly firewalled but, temporarily, all connections are allowed between the lan and the firewall. This machine is doing dhcp for the lan, and routing. The lan consists of three Windows machines: FHB is not a concern, is running Win98, and is just getting routed to the net. StudioPC is fixed ip 192.168.2.32 and two hard drives are being shared. Julimobile is a laptop that gets its ip from the dhcp server on the Linux box and both of its drives are shared. As currently configured, I get the following: Open a konqueror browser window and enter smb:/ and I get my 'workgroup' icon; click on that, and I get the three PC's that have shares opened, VRPRODUCTIONS2, STUDYPC, and JULIMOBILE; Click on each of these in turn, and I see the shares; in the case of JULIMOBILE and VRPRODUCTIONS2, clicking on these shares allows me to enter to the root directories of the shares, and then browse all shared folders; clicking on STUDIOPC results in an error. Internal Error Please send a full bug report at http://bugs.kde.org libsmbclient reported an error, but did not specify what the problem is. This might indicate a severe problem with your network - but also might indicate a problem with libsmbclient. If you want to help us, please provide a tcpdump of the network interface while you try to browse (be aware that it might contain private data, so do not post it if you are unsure about that - you can send it privately to the developers if they ask for it) On the other hand, if I enter smb://192.168.2.32 in the konqueror address window, I can get into STUDYPC and browse its folders just fine... STUDYPC is listed in hosts and lmhosts Here is my smb.conf: [global] workgroup=workgroup hosts allow = 192.168.2., 127. local master=yes domain master=yes os level = 65 wins support=yes name resolve order=lmhosts host wins bcast ldap ssl = No restrict anonymous = no server string = Samba max protocol = NT server signing = Disabled interfaces = 192.168.2.1 127.0.0.1 security = share netbios name = VRPRODUCTIONS2 log file=/var/log/samba/smb.log.%m log level=3 [CJ home] case sensitive = no guest ok = yes msdfs proxy = no read only = no path = /home/cj Can anyone see what we've overlooked? -- Claude Jones Bluemont, VA, USA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] newbie: Samba with Mysql question
Greetings All, I am new to this list and currently have a Fedora 3 server set up with Samba which just needs to be configured. I would like to set up the MySQL database support for users and passwords as we have another project that will want to add entries to the Samba database so when the users are created so that they will have access to their home directories via samba. Could someone please give me a little guidance on how to set this up? I have Samba samba-3.0.10-1.fc3 installed and my next step after getting it to function cleanly will be to install the OpenVPN software on the server so the clients will have clean and secure access through samba. Thanks for any help and guidance that you could provide to get me started on the configurations. Lonnie Cumberland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SuSE 9.3 + Samba 3 + LDAP
On Thu, 2005-08-11 at 11:37 +1000, Horst B. Simon wrote: I am not near the box now, I think you are on the right track. I will post tonight the relevant parts of my ldap.conf and smb.conf. Yes my binddn is uid=Manager,dc=hsimon,dc=com,dc=au and the user are in ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au. I tried to use the root user and I set up a administrator according to the information in the IDEALX document. I've posted a couple of messages recently about this issue. I'm getting the exact same error message upon trying to join the domain as you are. If you could, please check your /var/log/messages for slapd errors that say something about Duplicate entries. You can check my recent post Bug in LDAP Stuff? for the details, but it seems to me that Samba is pre-filtering the LDAP search for the user you're (we're) trying to use to join the domain. It's finding all the users instead of just the one. (It's not limiting to the one user.) As someone replied to me, the latest version of Samba no longer needs the ldap filter configuration setting. I think this is too bad, because it looks like the relevant line in the IDEALX Howto -- which is commented out in the docs -- does *EXACTLY* what I think needs to be done. Like I'm implying here, I think this is a bug in the Samba code. I guess this means I ought to enter a bug in Samba's bugzilla? Regards, dk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SuSE 9.3 + Samba 3 + LDAP
On Wed, 2005-08-10 at 22:48 -0500, David Krider wrote: As someone replied to me, the latest version of Samba no longer needs the ldap filter configuration setting. I think this is too bad, because it looks like the relevant line in the IDEALX Howto -- which is commented out in the docs -- does *EXACTLY* what I think needs to be done. Like I'm implying here, I think this is a bug in the Samba code. I guess this means I ought to enter a bug in Samba's bugzilla? Holy crap! On a lark, I added ldap filter = ((objectClass=sambaSamAccount)(uid=%u)) to my smb.conf file -- like the IDEALX script _used_ to say (but was commented out), and which the LDAP logs suggested I needed -- and, lo and behold, IT WORKED!!! I got a machine added to the domain. Notes: * I changed the gid of the root LDAP user to 512. It seemed to choke on the fact that there was no group with an id of 0. * I had to re-add all the %u's to the various script lines in my smb.conf file. Apparently, SWAT wiped them off. * There's still some problem with the ldap filter parameter in logging into the domain. Samba still wants to only search on 'objectClass=sambaSamAccount'. The filter parameter causes this to be redundant (which doesn't hurt anything), but it's the (uid=%u) that's saving the day. Now that I think about it, the filter ought to have just been (uid=%u) -- or maybe ((uid=u)), depending -- I'll have to test this further on the next machine join. * The IDEALX smbldap-useradd script example in their smb.conf file is a little misleading. You'll need a `-a' to get it to add a sambaSamAccount object-classed account. * phpldapadmin is fantastic. I highly recommend it. It looks to me like the Samba people need to revoke the ldap-filter-isn't-needed-any-more line, and the IDEALX people need to address the fact that you don't need a uid 0 account to add machines to the domain any more. (Or is this also not NOT true now?) The bottom line here, Horst, is that I think you need this in your smb.conf file: ldap filter = (uid=%u) Please let us know how you get on. Regards, dk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Administrator-installed printers unavailable to regular users
Hi all, I'm having a very strange problem with printers under 3.0.10, running on an up to date Gentoo 2005.0 box. Essentially, if I install a Samba-networked printer on one of our NT workstations as administrator, it doesn't show up for all the other users of that particular machine. It's as if they don't have any printers installed. What's more, none of these users have the required privileges to install a printer by themselves. We recently replaced our old Samba machine with a new server, which may have something to do with this, but I really don't know where to start looking. Administrator could install printers and make them available to other machine users before the upgrade. At first I thought it had something to do with the auto-download-and-install-drivers magic, so I disabled that, but the problem persisted. Ideally, I'm looking for a way to let regular users install their own printers, but some way to let administrator install printers that everyone can use would be good too. Here's most of my smb.conf file. What other information would be helpful here? I don't even know where to start looking with this. Best, ...jurgen [global] # Machine configurations workgroup = netbios name = Yarra server string = Yarra file server socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 # PDC stuff os level = 64 preferred master = yes local master = yes domain master = yes logon script = netlogon.bat domain logons = yes wins support = yes admin users = root # Security and log settings follow symlinks = yes wide links = yes security = user encrypt passwords = yes log file = /var/log/samba/log.%m log level = 2 max log size = 50 hosts allow = x.x.x.x # User Profiles and Home Directory stuff logon drive = H: add machine script = smbpasswd -a -m %m # Printing with CUPS printing = cups printcap name = cups load printers = yes use client driver = no unix extensions = no # # --- # [homes] comment = Home Directories browseable = no writeable = yes path = /home/%U veto files = /*lost+found*/ inherit permissions = yes hide dot files = yes follow symlinks = yes wide links = yes # MySQL Logging preexec = /var/www/localhost/htdocs/freddy/commandLine/sambaLogin.php on %u %m %d %I %S postexec = /var/www/localhost/htdocs/freddy/commandLine/sambaLogin.php off %u %m %d %I % S ;[print$] ; comment = Printer Drivers ; path = /share/samba/printerdrivers ; guest ok = no ; browseable = yes ; read only = yes ; write list = root [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes printer admin = root create mode = 0700 print command = lpr -P %p -o raw %s -r lpq command = lpstat -o %p lprm command = cancel %p-%j [...] snip [...] -- [EMAIL PROTECTED] is jurgen's gmail address. Visit http://jurgen.ca/ for more yummy goodness. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: SuSE 9.3 + Samba 3 + LDAP
David Krider wrote: * The IDEALX smbldap-useradd script example in their smb.conf file is a little misleading. You'll need a `-a' to get it to add a sambaSamAccount object-classed account. You need to use an -a when using the smbldap-tools scripts on the commandline, but there should be no such need within your smb.conf as samba takes care of samba attributes by itself. GS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Administrator-installed printers unavailable to regular users
On Thursday 11 August 2005 12:44 am, jurgen wrote: deally, I'm looking for a way to let regular users install their own printers, but some way to let administrator install printers that everyone can use would be good too. It helps to be familiar with Windows before using Samba. In Windows, local printers are installed per machine, network printers are installed per user. Generally default permissions allow Windows users to install network printers. If your users can't then something is changed. Use the rundll32 printui.dll,PrintUIEntry stuff in a logon script to automate network printer installs. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Administrator-installed printers unavailable to regular users
Hi, Thanks for your answer... On 11/08/05, Chris [EMAIL PROTECTED] wrote: In Windows, local printers are installed per machine, network printers are installed per user. The way it worked before: Administrator would install printers into an NT workstation. Those printers would be able to be used by any user who logs into that machine. Users would inherit whichever printer set is installed on the machine they're using. The printers were named Printername on Servername. So, were these network or local printers? Generally default permissions allow Windows users to install network printers. If your users can't then something is changed. That's what I'm trying to figure out. My users can't install printers. Administrator can install printers, but users can't see them. What has changed? Where can I look to find this *something* that has changed? Is it a domain administration, policy, group issue? Is it some weird mismatch between driver types? Use the rundll32 printui.dll,PrintUIEntry stuff in a logon script to automate network printer installs. I'd really rather not automate anything until I get it working manually. ..jurgen -- [EMAIL PROTECTED] is jurgen's gmail address. Visit http://jurgen.ca/ for more yummy goodness. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r9227 - in branches/SAMBA_4_0: source/scripting/libjs swat/esptest swat/scripting
Author: tridge
Date: 2005-08-10 06:58:05 + (Wed, 10 Aug 2005)
New Revision: 9227
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9227
Log:
cleanup and simplify the AJAJ code
Removed:
branches/SAMBA_4_0/swat/esptest/registry_calls.esp
branches/SAMBA_4_0/swat/esptest/remote.esp
Modified:
branches/SAMBA_4_0/source/scripting/libjs/server_call.js
branches/SAMBA_4_0/swat/esptest/qooxdoo.esp
branches/SAMBA_4_0/swat/esptest/registry.esp
branches/SAMBA_4_0/swat/scripting/general_calls.esp
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/server_call.js
===
--- branches/SAMBA_4_0/source/scripting/libjs/server_call.js2005-08-10
06:55:46 UTC (rev 9226)
+++ branches/SAMBA_4_0/source/scripting/libjs/server_call.js2005-08-10
06:58:05 UTC (rev 9227)
@@ -21,20 +21,20 @@
*/
function __run_call() {
var c = this;
- var name = form['func'];
+ var name = form['ajaj_func'];
if (name == undefined) {
- println(no function name given in run_call);
+ /* no function to run */
return;
}
- var args = form['args'];
+ var args = form['ajaj_args'];
if (args == undefined) {
println(no function arguments given in run_call);
- return;
+ exit(0);
}
args = decodeObject(args);
if (c.calls[name] == undefined) {
println(undefined remote call + name);
- return;
+ exit(0);
}
var f = c.calls[name];
var res;
@@ -59,11 +59,12 @@
res = f(args[0], args[1], args[2], args[3], args[4], args[5],
args[6], args[7]);
} else {
println(too many arguments for remote call: + name);
- return;
+ exit(0);
}
var repobj = new Object();
repobj.res = res;
write(encodeObject(repobj));
+ exit(0);
}
Modified: branches/SAMBA_4_0/swat/esptest/qooxdoo.esp
===
--- branches/SAMBA_4_0/swat/esptest/qooxdoo.esp 2005-08-10 06:55:46 UTC (rev
9226)
+++ branches/SAMBA_4_0/swat/esptest/qooxdoo.esp 2005-08-10 06:58:05 UTC (rev
9227)
@@ -1,4 +1,26 @@
-%
+%
+/**/
+/* server side AJAJ functions */
+libinclude(server_call.js);
+
+/* this is a call that the client js code can make - it just adds
+ some more elements to the passed object, then returns the object */
+function testfunc(x) {
+ var sys = sys_init();
+ x.nttime = sys.nttime();
+ x.timestring = sys.httptime(x.nttime);
+ return x;
+}
+
+/* register a call for clients to make */
+var call = servCallObj();
+call.add('testfunc', testfunc);
+
+/* run the function that was asked for */
+call.run();
+
+ /***/
+ /* now the main page */
page_header(columns, ESP qooxdoo test, esptest);
%
@@ -48,7 +70,7 @@
shared.rate = shared.counter / (shared.time_diff * 0.001);
shared.counter++;
if (stopit == 0) {
- server_call('remote.esp', 'testfunc', callback, shared);
+ server_call_url(@@request.REQUEST_URI, 'testfunc',
callback, shared);
}
}
@@ -57,7 +79,7 @@
stopit = 0;
shared.counter = 0;
shared.start_time = 0;
- server_call('remote.esp', 'testfunc', callback, shared);
+ server_call_url(@@request.REQUEST_URI, 'testfunc', callback,
shared);
};
function stop_call() {
Modified: branches/SAMBA_4_0/swat/esptest/registry.esp
===
--- branches/SAMBA_4_0/swat/esptest/registry.esp2005-08-10 06:55:46 UTC
(rev 9226)
+++ branches/SAMBA_4_0/swat/esptest/registry.esp2005-08-10 06:58:05 UTC
(rev 9227)
@@ -1,4 +1,38 @@
-%
+%
+/**/
+/* server side AJAJ functions */
+libinclude(base.js);
+libinclude(winreg.js);
+libinclude(server_call.js);
+
+/*
+ server side call to return a listing of elements in a winreg path
+*/
+function enum_path(binding, path) {
+ printf(enum_path(%s, %s)\n, binding, path);
+ var reg = winreg_init();
+ security_init(reg);
+
+ reg.credentials = session.authinfo.credentials;
+
+ var status = reg.connect(binding);
+ if (status.is_ok != true) {
+ printVars(status);
+ return undefined;
+ }
+ var list = winreg_enum_path(reg, path);
+ return list;
+}
+
+/* register a call for clients to make */
+var call = servCallObj();
+call.add('enum_path', enum_path);
+
+/* run the function that was asked for */
+call.run();
+
+ /***/
+ /* now the main page */
page_header(columns, ESP registry edit, esptest);
%
@@ -33,7 +67,7 @@
function
svn commit: samba r9228 - in branches/SAMBA_4_0/swat/scripting/client: .
Author: tridge
Date: 2005-08-10 07:03:10 + (Wed, 10 Aug 2005)
New Revision: 9228
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9228
Log:
cleanup and simplify the AJAJ code - part 2
Modified:
branches/SAMBA_4_0/swat/scripting/client/call.js
Changeset:
Modified: branches/SAMBA_4_0/swat/scripting/client/call.js
===
--- branches/SAMBA_4_0/swat/scripting/client/call.js2005-08-10 06:58:05 UTC
(rev 9227)
+++ branches/SAMBA_4_0/swat/scripting/client/call.js2005-08-10 07:03:10 UTC
(rev 9228)
@@ -48,7 +48,7 @@
The callback() function is called with the returned
object. 'callback' may be null.
*/
-function vserver_call(url, func, callback, args) {
+function vserver_call_url(url, func, callback, args) {
var args2 = new Object();
args2.length = args.length;
var i;
@@ -58,7 +58,7 @@
var req = __http_object();
req.open(POST, url, true);
req.setRequestHeader('Content-Type',
'application/x-www-form-urlencoded');
- req.send(func= + func + args= + encodeObject(args2));
+ req.send(ajaj_func= + func + ajaj_args= + encodeObject(args2));
req.onreadystatechange = function() {
if (4 == req.readyState callback != null) {
var o = decodeObject(req.responseText);
@@ -71,7 +71,7 @@
/*
usage:
- server_call(url, func, callback, ...);
+ server_call_url(url, func, callback, ...);
'func' is a function name to call on the server
any additional arguments are passed to func() on the server
@@ -79,14 +79,14 @@
The callback() function is called with the returned
object. 'callback' may be null.
*/
-function server_call(url, func, callback) {
+function server_call_url(url, func, callback) {
var args = new Object();
var i;
for (i=3;iarguments.length;i++) {
args[i-3] = arguments[i];
}
args.length = i-3;
- vserver_call(url, func, callback, args);
+ vserver_call_url(url, func, callback, args);
}
@@ -94,5 +94,25 @@
call printf on the server
*/
function srv_printf() {
- vserver_call('/scripting/general_calls.esp', 'srv_printf', null,
arguments);
+ vserver_call_url('/scripting/general_calls.esp', 'srv_printf', null,
arguments);
}
+
+/*
+ usage:
+
+ server_call(func, callback, ...);
+
+ 'func' is a function name to call on the server
+ any additional arguments are passed to func() on the server
+
+ The callback() function is called with the returned
+ object. 'callback' may be null.
+*/
+function server_call(func, callback) {
+ var args = new Array(arguments.length-2);
+ var i;
+ for (i=0;iargs.length;i++) {
+ args[i] = arguments[i+1];
+ }
+ vserver_call_url(@request.REQUEST_URI, func, callback, args);
+}
svn commit: samba r9229 - in branches/SAMBA_3_0/source/rpc_server: .
Author: gd
Date: 2005-08-10 16:02:32 + (Wed, 10 Aug 2005)
New Revision: 9229
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9229
Log:
merge from trunk:
allow admins to uncheck the User must change Password at next Logon
checkbox in Usermanager.
Guenther
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c2005-08-10
07:03:10 UTC (rev 9228)
+++ branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c2005-08-10
16:02:32 UTC (rev 9229)
@@ -286,7 +286,25 @@
DEBUG(10,(INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON:
%02X\n,from-passmustchange));
if (from-passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
+ pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
+ } else {
+ uint32 expire;
+ time_t new_time;
+ if (pdb_get_pass_must_change_time(to) == 0) {
+ if (!account_policy_get(AP_MAX_PASSWORD_AGE, expire)
+ || expire == (uint32)-1) {
+ new_time = get_time_t_max();
+ } else {
+ time_t old_time =
pdb_get_pass_last_set_time(to);
+ new_time = old_time + expire;
+ if ((new_time) time(0)) {
+ new_time = time(0) + expire;
+ }
+ }
+ if (!pdb_set_pass_must_change_time (to, new_time,
PDB_CHANGED)) {
+ DEBUG (0, (pdb_set_pass_must_change_time
failed!\n));
+ }
+ }
}
DEBUG(10,(INFO_21 PADDING_2: %02X\n,from-padding2));
@@ -490,7 +508,6 @@
DEBUG(15,(INFO_23 LOGON_HRS.HOURS: %s -
%s\n,pdb_get_hours(to),from-logon_hrs.hours));
/* Fix me: only update if it changes --metze */
pdb_set_hours(to, from-logon_hrs.hours, PDB_CHANGED);
-
}
if (from-fields_present ACCT_BAD_PWD_COUNT) {
@@ -510,6 +527,24 @@
DEBUG(10,(INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON:
%02X\n,from-passmustchange));
if (from-passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
+ } else {
+ uint32 expire;
+ time_t new_time;
+ if (pdb_get_pass_must_change_time(to) == 0) {
+ if (!account_policy_get(AP_MAX_PASSWORD_AGE, expire)
+ || expire == (uint32)-1) {
+ new_time = get_time_t_max();
+ } else {
+ time_t old_time =
pdb_get_pass_last_set_time(to);
+ new_time = old_time + expire;
+ if ((new_time) time(0)) {
+ new_time = time(0) + expire;
+ }
+ }
+ if (!pdb_set_pass_must_change_time (to, new_time,
PDB_CHANGED)) {
+ DEBUG (0, (pdb_set_pass_must_change_time
failed!\n));
+ }
+ }
}
DEBUG(10,(INFO_23 PADDING_2: %02X\n,from-padding2));
svn commit: lorikeet r404 - in trunk/sangria/src/LatestDesign: cgi classes/GroupManager classes/ServerObjects parser test
Author: amit Date: 2005-08-10 16:36:29 + (Wed, 10 Aug 2005) New Revision: 404 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=404 Log: cgi_lib.py added which includes common methods used in the cgi scripts and many classes updated with more methode Modified: trunk/sangria/src/LatestDesign/cgi/cgi_lib.py trunk/sangria/src/LatestDesign/cgi/manager.cgi trunk/sangria/src/LatestDesign/cgi/serverconfig.cgi trunk/sangria/src/LatestDesign/classes/GroupManager/GroupManagerClass.py trunk/sangria/src/LatestDesign/classes/ServerObjects/FileShareClass.py trunk/sangria/src/LatestDesign/classes/ServerObjects/PrintShareClass.py trunk/sangria/src/LatestDesign/classes/ServerObjects/ServerClass.py trunk/sangria/src/LatestDesign/parser/SambaConfig.py trunk/sangria/src/LatestDesign/test/test.py Changeset: Sorry, the patch is too large (688 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=404
svn commit: samba r9230 - in branches/SAMBA_4_0/swat: install scripting
Author: deryck
Date: 2005-08-10 19:25:07 + (Wed, 10 Aug 2005)
New Revision: 9230
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9230
Log:
Star out passwords and add confim text input for provisioning.
Also, add addMethod() to form elements now.
deryck
Modified:
branches/SAMBA_4_0/swat/install/provision.esp
branches/SAMBA_4_0/swat/scripting/forms.js
Changeset:
Modified: branches/SAMBA_4_0/swat/install/provision.esp
===
--- branches/SAMBA_4_0/swat/install/provision.esp 2005-08-10 16:02:32 UTC
(rev 9229)
+++ branches/SAMBA_4_0/swat/install/provision.esp 2005-08-10 19:25:07 UTC
(rev 9230)
@@ -8,7 +8,7 @@
h1Samba4 provisioning/h1
%
-var f = FormObj(Provisioning, 9, 2);
+var f = FormObj(Provisioning, 0, 3);
var i;
var lp = loadparm_init();
@@ -18,26 +18,19 @@
var subobj = provision_guess();
+/* Don't supply default password for web interface */
+subobj.ADMINPASS = ;
-f.element[0].label = Realm;
-f.element[0].name = REALM;
-f.element[1].label = Domain Name;
-f.element[1].name = DOMAIN;
-f.element[2].label = Host Name;
-f.element[2].name = HOSTNAME;
-f.element[3].label = Administrator Password;
-f.element[3].name = ADMINPASS;
-f.element[3].type = password;
-f.element[4].label = Domain SID;
-f.element[4].name = DOMAINSID;
-f.element[5].label = Host GUID;
-f.element[5].name = HOSTGUID;
-f.element[6].label = Base DN;
-f.element[6].name = BASEDN;
-f.element[7].label = Host IP;
-f.element[7].name = HOSTIP;
-f.element[8].label = Default Site;
-f.element[8].name = DEFAULTSITE;
+f.add(REALM, Realm);
+f.add(DOMAIN, Domain Name);
+f.add(HOSTNAME, Hostname);
+f.add(ADMINPASS, Administrator Password, password);
+f.add(CONFIRM, Confirm Password, password);
+f.add(DOMAINSID, Domain SID);
+f.add(HOSTGUID, Host GUID);
+f.add(BASEDN, Base DN);
+f.add(HOSTIP, Host IP);
+f.add(DEFAULTSITE, Default Site);
f.submit[0] = Initial provision;
f.submit[1] = Provision;
f.submit[2] = Cancel;
@@ -58,11 +51,15 @@
lp.set(realm, subobj.REALM);
-if (form['submit'] == Provision) {
+var goodpass = (subobj.CONFIRM == subobj.ADMINPASS);
+if (form['submit'] == Provision goodpass) {
provision(subobj, writefln, true);
-} else if (form['submit'] == Initial provision) {
+} else if (form['submit'] == Initial provision goodpass) {
provision(subobj, writefln, false);
} else {
+ if (!goodpass form['submit'] != undefined) {
+ write(h3Passwords don't match. Please try again./h3);
+ }
f.display();
}
%
Modified: branches/SAMBA_4_0/swat/scripting/forms.js
===
--- branches/SAMBA_4_0/swat/scripting/forms.js 2005-08-10 16:02:32 UTC (rev
9229)
+++ branches/SAMBA_4_0/swat/scripting/forms.js 2005-08-10 19:25:07 UTC (rev
9230)
@@ -10,6 +10,8 @@
f.action= action to be taken on submit (optional, defaults to
current page)
f.class = css class (optional, defaults to 'form')
f.submit= an array of submit labels
+f.add(name, label, [type], [value]) =
+ Add another element
f.element[i].label = element label
f.element[i].name = element name (defaults to label)
f.element[i].type = element type (defaults to text)
@@ -69,6 +71,22 @@
write(/form\n);
}
+function __addMethod(name, label)
+{
+ var f = this;
+ var i = f.element.length;
+ f.element[i] = new Object();
+ f.element[i].name = name;
+ f.element[i].label = label;
+ f.element[i].type = text;
+ f.element[i].value = ;
+ if (arguments.length 2) {
+ f.element[i].type = arguments[2];
+ }
+ if (arguments.length 3) {
+ f.element[i].value = arguments[3];
+ }
+}
/*
create a Form object with the defaults filled in, ready for display()
@@ -81,6 +99,7 @@
f.submit = new Array(num_submits);
f.action = session_uri(request.REQUEST_URI);
f.class = defaultform;
+ f.add = __addMethod;
for (i in f.element) {
f.element[i] = new Object();
f.element[i].type = text;
svn commit: samba r9231 - in branches/SOC/SAMBA_3_0/source: include libmsrpc libmsrpc/test libmsrpc/test/lsa libmsrpc/test/reg
Author: skel Date: 2005-08-10 20:33:23 + (Wed, 10 Aug 2005) New Revision: 9231 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9231 Log: added cac_RegGetKeySecurity(), cac_RegSetKeySecurity(), cac_RegSaveKey() and cleaned up test directory Added: branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsa/ branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsa/ear.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsa/lsaenum.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsa/lsaenumprivs.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsa/lsapol.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsa/lsaq.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsa/lsatrust.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/ branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/regdelete.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/regkey.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/regkeycreate.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/regkeyenum.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/regopen.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/regopenkey.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/regqueryval.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/regsetval.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/regvalenum.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/shutdown.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/regdelete.c Removed: branches/SOC/SAMBA_3_0/source/libmsrpc/test/ear.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsaaddrights.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsaenum.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsaenumprivs.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsapol.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsaq.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/regkey.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/regkeycreate.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/regkeyenum.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/regopenkey.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/regqueryval.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/regsetval.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/regvalenum.c Modified: branches/SOC/SAMBA_3_0/source/include/libmsrpc.h branches/SOC/SAMBA_3_0/source/libmsrpc/cac_winreg.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/Makefile Changeset: Sorry, the patch is too large (4042 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9231
svn commit: samba r9232 - in branches/SAMBA_4_0/swat/esptest: .
Author: deryck
Date: 2005-08-10 20:47:03 + (Wed, 10 Aug 2005)
New Revision: 9232
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9232
Log:
Rename some objects to make code clear.
deryck
Modified:
branches/SAMBA_4_0/swat/esptest/registry.esp
Changeset:
Modified: branches/SAMBA_4_0/swat/esptest/registry.esp
===
--- branches/SAMBA_4_0/swat/esptest/registry.esp2005-08-10 20:33:23 UTC
(rev 9231)
+++ branches/SAMBA_4_0/swat/esptest/registry.esp2005-08-10 20:47:03 UTC
(rev 9232)
@@ -43,43 +43,43 @@
script type=text/javascript
-function folder_list(t, list) {
+function folder_list(parent, list) {
var i;
- t.populated = true;
- t.removeAll();
+ parent.populated = true;
+ parent.removeAll();
for (i=0;ilist.length;i++) {
- var te;
- te = new QxTreeFolder(list[i]);
- t.add(te);
- te.binding = t.binding;
- if (t.reg_path == '') {
- te.reg_path = list[i];
+ var child;
+ child = new QxTreeFolder(list[i]);
+ parent.add(child);
+ child.binding = parent.binding;
+ if (parent.reg_path == '') {
+ child.reg_path = list[i];
} else {
- te.reg_path = t.reg_path + '' + list[i];
+ child.reg_path = parent.reg_path + '' + list[i];
}
- te.add(new QxTreeFolder('Working ...'));
- te.addEventListener(click, function() {
+ child.add(new QxTreeFolder('Working ...'));
+ child.addEventListener(click, function() {
var el = this; folder_click(el);
});
- t.setOpen(1);
+ parent.setOpen(1);
}
}
-function folder_click(t) {
- if (!t.populated) {
+function folder_click(node) {
+ if (!node.populated) {
server_call_url(@@request.REQUEST_URI, 'enum_path',
- function(list) { folder_list(t, list); },
- t.binding, t.reg_path);
+ function(list) { folder_list(node, list); },
+ node.binding, node.reg_path);
}
}
/* return a registry tree for the given server */
function registry_tree(binding) {
- var t = new QxTree(registry: + binding);
- t.binding = binding;
- t.reg_path = ;
- t.populated = false;
- with(t)
+ var tree = new QxTree(registry: + binding);
+ tree.binding = binding;
+ tree.reg_path = ;
+ tree.populated = false;
+ with(tree)
{
setBackgroundColor(255);
setBorder(QxBorder.presets.inset);
@@ -89,10 +89,10 @@
setHeight(400);
setTop(20);
}
- t.addEventListener(click, function() {
+ tree.addEventListener(click, function() {
var el = this; folder_click(el);
});
- return t;
+ return tree;
}
window.application.main = function()
svn commit: samba r9233 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: abartlet
Date: 2005-08-10 22:27:04 + (Wed, 10 Aug 2005)
New Revision: 9233
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9233
Log:
Ensure that the output variable is initialised in this conversion from
error to non-error case.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/spnego.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/spnego.c
===
--- branches/SAMBA_4_0/source/auth/gensec/spnego.c 2005-08-10 20:47:03 UTC
(rev 9232)
+++ branches/SAMBA_4_0/source/auth/gensec/spnego.c 2005-08-10 22:27:04 UTC
(rev 9233)
@@ -354,6 +354,7 @@
* for better luck next time */
if (NT_STATUS_EQUAL(nt_status,
NT_STATUS_INVALID_PARAMETER)) {
+ *unwrapped_out = data_blob(NULL, 0);
nt_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
}
}
svn commit: samba r9234 - in branches/SAMBA_4_0/source/torture/auth: .
Author: abartlet Date: 2005-08-10 22:27:55 + (Wed, 10 Aug 2005) New Revision: 9234 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9234 Log: Ensure we always change the end of the PAC, no matter what it is. Fix typo in comment. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/auth/pac.c Changeset: Modified: branches/SAMBA_4_0/source/torture/auth/pac.c === --- branches/SAMBA_4_0/source/torture/auth/pac.c2005-08-10 22:27:04 UTC (rev 9233) +++ branches/SAMBA_4_0/source/torture/auth/pac.c2005-08-10 22:27:55 UTC (rev 9234) @@ -413,7 +413,7 @@ krb5_free_keyblock_contents(smb_krb5_context-krb5_context, server_keyblock); - DEBUG(0, (PAC push failed: orignial buffer length[%u] != created buffer length[%u]\n, + DEBUG(0, (PAC push failed: original buffer length[%u] != created buffer length[%u]\n, (unsigned)tmp_blob.length, (unsigned)validate_blob.length)); talloc_free(mem_ctx); return False; @@ -432,8 +432,8 @@ } /* Finally... Bugger up the signature, and check we fail the checksum */ - - tmp_blob.data[tmp_blob.length - 2] = 0xff; + tmp_blob.data[tmp_blob.length - 2]++; + nt_status = kerberos_decode_pac(mem_ctx, pac_data, tmp_blob, smb_krb5_context,
svn commit: samba r9235 - in branches/SAMBA_4_0/source/kdc: .
Author: abartlet
Date: 2005-08-10 22:28:37 + (Wed, 10 Aug 2005)
New Revision: 9235
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9235
Log:
Remove attribute search we no longer reference.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/kdc/hdb-ldb.c
Changeset:
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2005-08-10 22:27:55 UTC (rev
9234)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2005-08-10 22:28:37 UTC (rev
9235)
@@ -46,7 +46,6 @@
static const char * const krb5_attrs[] = {
objectClass,
cn,
- name,
sAMAccountName,
userPrincipalName,
svn commit: samba r9236 - in branches/SOC/SAMBA_3_0/source: include libmsrpc libmsrpc/test libmsrpc/test/reg
Author: skel Date: 2005-08-10 23:38:10 + (Wed, 10 Aug 2005) New Revision: 9236 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9236 Log: added (optional) recursive support to cac_RegDeleteKey() Added: branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/security.c Modified: branches/SOC/SAMBA_3_0/source/include/libmsrpc.h branches/SOC/SAMBA_3_0/source/libmsrpc/cac_winreg.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/Makefile branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/regdelete.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/regkeyenum.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/reg/shutdown.c Changeset: Sorry, the patch is too large (578 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9236
Build status as of Thu Aug 11 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-08-10 00:00:07.0 + +++ /home/build/master/cache/broken_results.txt 2005-08-11 00:00:11.0 + @@ -1,17 +1,17 @@ -Build status as of Wed Aug 10 00:00:01 2005 +Build status as of Thu Aug 11 00:00:01 2005 Build counts: Tree Total Broken Panic ccache 9 3 0 -distcc 11 2 0 -lorikeet-heimdal 33 33 0 -ppp 16 2 0 -rsync13 2 0 +distcc 12 2 0 +lorikeet-heimdal 34 34 0 +ppp 19 2 0 +rsync14 2 0 samba0 0 0 samba-docs 0 0 0 -samba4 40 13 0 -samba_3_036 4 0 -smb-build24 4 0 -talloc 17 5 0 +samba4 41 14 0 +samba_3_037 2 0 +smb-build26 4 0 +talloc 18 5 0 tdb 9 4 0
svn commit: samba r9237 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: tpot
Date: 2005-08-11 03:31:35 + (Thu, 11 Aug 2005)
New Revision: 9237
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9237
Log:
Fix eventlog_Record typedef so it decodes records source and computer
names. Need to get working with SIDs and extra data.
Modified:
branches/SAMBA_4_0/source/librpc/idl/eventlog.idl
Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/eventlog.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/eventlog.idl 2005-08-10 23:38:10 UTC
(rev 9236)
+++ branches/SAMBA_4_0/source/librpc/idl/eventlog.idl 2005-08-11 03:31:35 UTC
(rev 9237)
@@ -32,26 +32,25 @@
uint16 unknown1;
} eventlog_OpenUnknown0;
- typedef struct {
+ typedef [public] struct {
uint32 size;
uint32 reserved;
- uint32 recordnumber;
- uint32 creationtime;
- uint32 writetime;
- uint32 eventnumber;
- uint16 eventtype;
+ uint32 record_number;
+ uint32 time_generated;
+ uint32 time_written;
+ uint32 event_id;
+ uint16 event_type;
uint16 num_of_strings;
- uint16 category;
- uint16 reserved_flag;
- uint32 closingrecord;
+ uint16 event_category;
+ uint16 reserved_flags;
+ uint32 closing_record_number;
uint32 stringoffset;
- [size_is(num_of_strings)] lsa_String bla[*];
uint32 sid_length;
- [size_is(sid_length)] dom_sid *sids;
+ uint32 sid_offset;
uint32 data_length;
- [size_is(data_length)] uint8 *data;
- unistr *source_name;
- unistr *machine_name;
+ uint32 data_offset;
+ nstring source_name;
+ nstring computer_name;
} eventlog_Record;
/**/
@@ -71,7 +70,6 @@
[in,out,ref] policy_handle *handle
);
-
/**/
/* Function: 0x03 */
NTSTATUS eventlog_DeregisterEventSource();
svn commit: samba r9238 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: tpot
Date: 2005-08-11 04:04:16 + (Thu, 11 Aug 2005)
New Revision: 9238
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9238
Log:
Some test code to do user-unmarshalling of eventlog_Record data.
Modified:
branches/SAMBA_4_0/source/torture/rpc/eventlog.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/eventlog.c
===
--- branches/SAMBA_4_0/source/torture/rpc/eventlog.c2005-08-11 03:31:35 UTC
(rev 9237)
+++ branches/SAMBA_4_0/source/torture/rpc/eventlog.c2005-08-11 04:04:16 UTC
(rev 9238)
@@ -66,6 +66,12 @@
r.in.flags = EVENTLOG_BACKWARDS_READ|EVENTLOG_SEQUENTIAL_READ;
while (1) {
+ DATA_BLOB blob;
+ struct eventlog_Record rec;
+ struct ndr_pull *ndr;
+
+ /* Read first for number of bytes in record */
+
r.in.number_of_bytes = 0;
r.out.data = NULL;
@@ -80,6 +86,8 @@
return False;
}
+ /* Now read the actual record */
+
r.in.number_of_bytes = r.out.real_size;
r.out.data = talloc_size(mem_ctx, r.in.number_of_bytes);
@@ -90,6 +98,24 @@
return False;
}
+ /* Decode a user-marshalled record */
+
+ blob.length = r.out.sent_size;
+ blob.data = talloc_steal(mem_ctx, r.out.data);
+
+ ndr = ndr_pull_init_blob(blob, mem_ctx);
+
+ status = ndr_pull_eventlog_Record(
+ ndr, NDR_SCALARS|NDR_BUFFERS, rec);
+
+ NDR_PRINT_DEBUG(eventlog_Record, rec);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf(ReadEventLog failed parsing event log record
+ - %s\n, nt_errstr(status));
+ return False;
+ }
+
r.in.offset++;
}
svn commit: samba r9239 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: tpot Date: 2005-08-11 04:05:21 + (Thu, 11 Aug 2005) New Revision: 9239 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9239 Log: I think this is the right IDL for the eventlog record. Pidl is generating incorrect code for arrays of strings here. Modified: branches/SAMBA_4_0/source/librpc/idl/eventlog.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/eventlog.idl === --- branches/SAMBA_4_0/source/librpc/idl/eventlog.idl 2005-08-11 04:04:16 UTC (rev 9238) +++ branches/SAMBA_4_0/source/librpc/idl/eventlog.idl 2005-08-11 04:05:21 UTC (rev 9239) @@ -51,6 +51,8 @@ uint32 data_offset; nstring source_name; nstring computer_name; + nstring strings[num_of_strings]; + astring raw_data; } eventlog_Record; /**/
