Re: [Samba] Hide printers share?
in the [Global] section, set : disable spoolss = Yes Restart Samba. - Original Message - From: Shawn Wright [EMAIL PROTECTED] To: samba@lists.samba.org Subject: [Samba] Hide printers share? Date: Thu, 18 Aug 2005 15:28:51 -0700 I'm sure there is a simple solution to this one... how do I make the printers share go away? I have no printers, and no [printers] section. I tried adding one, and making it browseable=no, but it still appears. This is on v 3.0.11 and 3.0.14a -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access to shares from a machine with no trust account
Hi Michael, It sound like you are not using winbind. See the Handling of Foreign SIDs section of Chapter 23 in the how to for more info. http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2632948 regards -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com Michael Free wrote: Hi folks I don't understand why it is possible to access a share on the samba server from a pc that hasn't a Trust Account on the samba server. All i do is to log in on the pc with a local login account (not in the domain). Then i can access the shares in the following way on the server: \\server\MyShare pc asks for username/password -- i login with a valid combination -- i get access to shares security level is set to user (not to shares!) Can anybody explain what's going on here? Thanks. Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Binding to Tun0 device
Lonnie wrote: Hello all, We have a few aliased Ethernet addresses on our server and if I do not use the Bind statement in the Global section then the NMBD seems to try to bind to all of the addresses. We are actually using OpenVPN which make the connections just fine on a 172.16.x.x subnet to tun0 device. The problem is that Samba does not seem to find the tun0 device and reports that there are no network cards available if I use the: Bind Interfaces Only = True Interfaces tun0 172.16.0.1 How can I just bind Samba to the tun0 device? Also, with my home machine on the 192.168.x.x subnet and can see another Samba server just fine in the WORKGROUP but I cannot see the workgroup on the 172.16.x.x subnet through the VPN connection. Any ideas on how to be able to see the other workgroup as well? Lonnie, The cleanest way to do this is to set up a single WINS server for all your subnets and domains. also, check out the remote announce parameter in smb.conf . Maybe a search on the openvpn list will help you with the other problem. regards, Ian -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WG: User RID equal UID
Hello List, Ive got a question: Is it possible to change the samba RID algorithm in a way, that the users UID is equal to his RID? Thanks Benny -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems
I', having the same problem!!! Does anyone know if there are issues using winbind 3.0.14a to communicate with a 2.2.3a samba build? In my case, it's entirely Samba 3.0.14a. I've setup winbind using all the documentation on the site but all I get are the following results: # wbinfo -u Error looking up domain users # wbinfo -g BUILTIN+system operators BUILTIN+replicators BUILTIN+guests BUILTIN+power users BUILTIN+print operators BUILTIN+administrators BUILTIN+account operators BUILTIN+backup operators BUILTIN+users Yes, all that too. I'm running a single SAMBA server with no Windoze servers at all. (Samba as pdc). I've run into this whilst trying to get Squid to do NTLM authentication. Getting that head + brickwall = pain feeling, any help anyone can give would be appreciated. I'm completely with you on this one. Looks like either:- 1) we have both managed to mis-compile winbindd or 2) There's an issue with this version of winbindd. HELP!!! Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joing win 2003 server to samba 2.2.8 domain
Hi, Is it possible for a win2003 machine to join a samba 2.2.8 domain? I've disabled signorseal, but no luck so far Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] loosing connection to samba shares
hi list, I have this curious problem: When I connect to the server directly (i.e. \\server\share), everything is working fine. I can copy as many files as I want, I can watch movies or listen to MP3s without a problem. But when I try to connect via mapped network drives (i.e. z:), these things just don't work, because always after a view seconds I get an error message like Specified Network Path no longer valid. The only clue I have is this error message from 'log.smbd': --- [2005/06/28 22:42:12, 1, pid=13714, effective(1000, 100), real(1000, 0)] smbd/service.c:make_connection_snum(642) hotshot (192.168.0.2) connect to service Games initially as user hotshot (uid=1000, gid=100) (pid 13714) [2005/06/28 22:42:13, 0, pid=13714, effective(1000, 100), real(1000, 0)] lib/fault.c:fault_report(36) === [2005/06/28 22:42:13, 0, pid=13714, effective(1000, 100), real(1000, 0)] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 13714 (3.0.13-1.1-SUSE) Please read the appendix Bugs of the Samba HOWTO collection [2005/06/28 22:42:13, 0, pid=13714, effective(1000, 100), real(1000, 0)] lib/fault.c:fault_report(39) === [2005/06/28 22:42:13, 0, pid=13714, effective(1000, 100), real(1000, 0)] lib/util.c:smb_panic2(1495) PANIC: internal error [2005/06/28 22:42:13, 0, pid=13714, effective(1000, 100), real(1000, 0)] lib/util.c:smb_panic2(1503) BACKTRACE: 6 stack frames: #0 /usr/sbin/smbd(smb_panic2+0xe9) [0x59a6f9] #1 /usr/sbin/smbd(smb_panic+0xe) [0x59a87e] #2 /usr/sbin/smbd [0x5880bd] #3 /lib64/tls/libc.so.6 [0x2c0faf00] #4 /lib64/tls/libc.so.6(__getmntent_r+0x1b) [0x2c1814ab] #5 [0x7fffb9b0] --- Client: WinXP SP2 Server: SuSe 9.3-64 w/ Samba 3.0.13 If someone could help me I would be extremely gratefull! Thanks in advance for any help, hints, tipps or pointers. /Markus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems
I hope its not the former as I'm using the debian sarge winbind package, looks like I'm going to have to go for plan 'B' and maintain 2 user/group lists, it's painfull but it's scriptable. I might have a crack on the debian lists first just in case its been covered there. -- Martin Clapson Paul Simpson wrote: snip I'm completely with you on this one. Looks like either:- 1) we have both managed to mis-compile winbindd or 2) There's an issue with this version of winbindd. HELP!!! Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon share
hi, i'm not able to get logon script working logon script =\\%L\netlogon\logon.%U.bat [netlogon] comment = Network Logon Service path = /var/netlogon admin users = @ntadmin guest ok = Yes browseable = No i'm not even finding any hint in the logfiles. thanks L.Cerini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding machine to domain fails - check permissions? (ldap)
I made a short summary of the current situation, and i hope that someone can give me some pointers The summary can be found at: http://nergens.org/download/ldap-problems.pdf -- Eduard Witteveen +31 (0)6 414 789 23 nl_NL fy_NL en_US -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Binding to Tun0 device
Lonnie schrieb: Hello all, We have a few aliased Ethernet addresses on our server and if I do not use the Bind statement in the Global section then the NMBD seems to try to bind to all of the addresses. We are actually using OpenVPN which make the connections just fine on a 172.16.x.x subnet to tun0 device. The problem is that Samba does not seem to find the tun0 device and reports that there are no network cards available if I use the: Bind Interfaces Only = True Interfaces tun0 172.16.0.1 How can I just bind Samba to the tun0 device? Also, with my home machine on the 192.168.x.x subnet and can see another Samba server just fine in the WORKGROUP but I cannot see the workgroup on the 172.16.x.x subnet through the VPN connection. Any ideas on how to be able to see the other workgroup as well? as far i know you have to use the tap interface for samba as tun is not a real ethernet nic ( but i may fail here ) if you use openvpn read the faqs on their website about differents between tun and tap i have found no problems using samba with tap interfaces so i recommed to use them insted of tun Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] directory content refresh issues
Hi All, Im down to the last issue in my samba install. I have an ftp server that supports many webservers via mapped network drives. in this instance the drive is to a samba share. The only problem i have is that it takes quite a while for the contents to show. i.e. if you create a directory and refresh it in your ftp client it disappears. if you then keep refreshing to window after several seconds it will re-appear. The sam if u upload a file..it immediately disappears, then if you keep refreshing the window will reappear after several seconds. This does not happen when accessing the share vi windows explorernor does it happen when connecting via ftp to any of the drives mapped to shares on windows boxes. I have turned off all caching in the ftp client and the ftp server just in case. Please help, it's my final issue! Paul :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Joing win 2003 server to samba 2.2.8 domain
Alex Schaft wrote: Hi, Is it possible for a win2003 machine to join a samba 2.2.8 domain? I've disabled signorseal, but no luck so far Alex Found the problem. Had a iso mounted as a virtual cd in win 2003 on a unc path, which didn't show up on net use * /d -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WINS Bind Config
Greetings All, Can some one please tell me what causes this: --- [2005/08/19 01:45:07, 0] nmbd/nmbd_nameregister.c:register_name_response(130) register_name_response: WINS server at IP 172.16.0.1 rejected our name registration of PEOPLESQUEST00 IP 172.16.0.1 with error code 5. [2005/08/19 01:45:07, 0] nmbd/nmbd_workgroupdb.c:fail_register(228) fail_register: Failed to register name PEOPLESQUEST00 on subnet UNICAST_SUBNET. [2005/08/19 01:45:07, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(283) standard_fail_register: Failed to register/refresh name PEOPLESQUEST00 on subnet UNICAST_SUBNET [2005/08/19 01:45:07, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113) * --- I have: [global] workgroup = PEOPLESQUEST hosts allow = 172.16. socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8576 SO_SNDBUF=8576 oplocks = True level2oplocks = True # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 Bind Interfaces Only = True Interfaces = eth0:99 172.16.0.1 remote announce = 172.16.255.255 # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 64 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes name resolve order = host wins lmhosts bcast netbios name = PEOPLESQUEST wins support = yes wins proxy = yes idmap_uid = 16777216-33554431 idmap_gid = 16777216-33554431 public = yes browseable = yes lm announce = yes browse list = yes auto services = yes Not sure if I need all of these, but here are the important ones. Any idea on this? -- Cheers, Lonnie Cumberland OutStep Technologies Incorporated -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding a windows user to unix group?
18 Aug 2005 13:51:15 +0100 - To: samba@lists.samba.org Subject: [Samba] Adding a windows user to unix group? Hi All, Running version 3.0.14a on freebsd 5.4. configured as a member server of a 2k domain. the directory i need access to is for public websites /usr/local/www/sites and permissions are drwxr-xr-x www www. A single share is configured as below: # FTP share [ftp_share] comment = FTP Share path = /usr/local/www/sites valid users = domain\user browseable = no read only = no writable = yes printable = no public = no write list = domain\user This share is to allow ftp access from a central ftp server which serves several webservers (all windows until now) via a mysql database and UNC paths. I can access the folder but have no permissions in it. I believe i need to add the windows user account the the unix www group but have no idea how to do it. This is my first experience of samba and all went really well...this is the last thing to sort! Paul Just create a group mapping between one of the Windows groups (or create a new windows domain group) using net groupmap functions. Then you'll need to add the Unix usernames of your Samba users you want to give access to the Unix group. Check out: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html Hope that helps, Arnold Andrews Systems Sr. Administrator Seagate Technology -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and netgroups in LDAP
Hello, Has anyone got netgroups working with Samba 3.0.14a where the netgroups are stored in the LDAP directory? I'm using Solaris 9 and SUN's directory server v5.2. What I'm seeing is that samba goes through the motions of looking up a host in a netgroup, but no query is seen by the LDAP server or on the network and the host is never found in the netgroup. Any help would be appreciated. -- Tom. Tom Crummey, Systems and Network Manager, EMAIL: [EMAIL PROTECTED] Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Win98 share does not exist?
SUSE93 system with these samba packages: kbase3-samba-3.4.0-28 samba-3.0.12-5 samba-client-3.0.12-5 yast2-samba-client-2.11.5-3 yast2-samba-server-2.11.14-3 YAST - Security and Users - Firewall - stop firewall. YAST - Network Services - Samba Client - Workgroup=BAX Desktop - Network Browsing - SMB Shares - BAX I see a list of computers in the BAX workgroup (on my home network), but last character of description is missing of each one. When I click on icon for any of these machines, I see a list of shares available on the machine. One of the machines is OpenBSD running Samba, and I can access those shares, no problem. There are three Win98 systems with shared folders. I can see a list of folder names, but when I click on a folder name, I get: -- The file or folder smb://machine/folder does not exist. Did I miss something? Extraneous(?) Info about local network: There is also a WinXP system on the network - not in BAX workgroup - we use Internet Connection Sharing to access DSL connection (router is currently broken and not yet replaced - a long story). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and netgroups in LDAP
Hello, One further piece of information that has come to light is that the following error messages are appearing in /var/adm/messages when smbd is configured to use a netgroup in the hosts allow statement: Aug 19 14:44:42 spock smbd[1006]: [ID 293258 user.error] libsldap: Status: 7 Mesg: LDAP ERROR (-7): Bad search filter. Aug 19 14:44:42 spock smbd[1006]: [ID 293258 user.error] libsldap: Status: 7 Mesg: LDAP ERROR (-7): Bad search filter. Aug 19 14:44:42 spock last message repeated 1 time Aug 19 14:44:42 spock last message repeated 1 time -- Tom. Tom Crummey, Systems and Network Manager, EMAIL: [EMAIL PROTECTED] Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problems with group memberships in AD
Looks like I'm seeing bug 1493[*]. I have posted the relevant info to the bug report. [*] https://bugzilla.samba.org/show_bug.cgi?id=1493 On 8/18/05, Svend Sorensen [EMAIL PROTECTED] wrote: I have a Samba box joined to a Windows 2003 AD. I have noticed a strange problem with adding users to groups. I added user 'shw' to the group 'project1' on the AD. When the user logs in the the Samba box, he does not have the permissions of someone in the 'project1' group. When I run 'id shw', group 'project1' shows up. However when I run 'id' as shw2, group 'project1' does not show up. For example: # getent group project1 project1:x:15026:svend,shw # su - shw -c id shw uid=15013(shw) gid=15000(domain users) groups=15000(domain users),15026(project1) # su - shw -c id uid=15013(shw) gid=15000(domain users) groups=15000(domain users) # wbinfo -r shw 15000 15026 I have restarted the winbindd daemon several times. Has anyone seen this behavior before? Any know fixes? Details: Samba 3.0.14a on Slackware 10.0 /etc/samba/smb.conf [global] workgroup = SOLARSYSTEM netbiosname = earth realm = solarsystem.us security = ads password server = sun.solarsystem.us idmap uid = 15000-2 idmap gid = 15000-2 winbind user default domain = yes template shell = /bin/bash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Seeking in large files
I understand the various 2G file issues (after searching through all the archived digests), but I have a slightly different questions. We can create and see and copy greater than 2G files, but we cannot *seek* past 2G in a file. Here is the e-mail from the engineer who tried: We can read past 2G linearly (md5sum or NvMedia/Tests/Dvd), but it looks like any seek past 2G fails, even using fseeko (that uses off_t, which is 64bits, because we compiled with _FILE_OFFSET_BITS=64) This means we can't seek/scan in large files over SMB. The same test works just fine with the iso file on my computer... We are currently using smbfs, will going to cifs fix this seek issue? Thanks you, Ron Vaughn Nvidia Corp. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Is anyone successfully using Solaris 8/Samba 3.0.x w/ads and OpenLDAP 2.1.22?
Has anyone had success getting OpenLDAP 2.1.22 to work with Samba and ADS. I can get 2.1.22 to work with Samba 3.0.x. If I try a newer version, it barfs when it calls ldap_set_option in function ads_do_search. I've tried with 3.0.14a and 3.0.20pre2. They changed how OpenLDAP interacts with Kerberos after 2.1.23. I did exchange some emails with the OpenLDAP developers. It wasn't much help -- they said that Kerberos access should go through Cyrus SASL. I have looked at http://samba.org/~jht/Notes/Samba-Install-Solaris9.txt But that refers to openldap-2.1.23. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Users cannot change password w/ SMBPASSWORD-Help??
Hello - Im having a problem w/ my users being able to change their SMB password. What is the best approach to allow users acces to smbpasswd to change their own passwords when they want? Right now Im getting the following: machine 127.0.0.1 rejected the (anonymous) password change: Error was : Wrong Password. Failed to change password for donald -- Thank you Todd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] password changing errors
For several versions now, we've been unable to get password changing to work *without errors*. Now management would like to see it working fantastic so that we can age passwords, but without errors. No matter what I do, I get a couple of errors. The first time I try to change from a 7 letter password to '#1password', which should be complex enough for any rule, I get: The username or old password is incorrect. Letters in password must be typed using the correct case. No matter what I change to at this point, short/long/simple/complex passwords, I get: You do not have permission to change your password. The rub is that regardless of the error, the password change is successful, and is properly echoed back to the unix subsystem. I am currently on 3.0.14a on FC3, LDAP backend with the smbldap-tools package - likely older than current but it has been an issue since this WAS current. During the operation, the following log entries are made under log level 1 [2005/08/19 15:02:36, 1] rpc_server/srv_pipe.c:api_pipe_ntlmssp_verify(441) api_pipe_ntlmssp_verify: User [AEI]\[pgienger] from machine RADON failed authentication on named pipe samr. [2005/08/19 15:02:38, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1495) ldapsam_modify_entry: Failed to modify user dn= uid=pgienger,ou=People,dc=ae-solutions,dc=com with: No such attribute modify/delete: sambaLMPassword: no such value [2005/08/19 15:02:38, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1720) ldapsam_update_sam_account: failed to modify user with uid = pgienger, error: modify/delete: sambaLMPassword: no such value (Success) [2005/08/19 15:02:40, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1495) ldapsam_modify_entry: Failed to modify user dn= uid=pgienger,ou=People,dc=ae-solutions,dc=com with: No such attribute modify/delete: sambaLMPassword: no such value [2005/08/19 15:02:40, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1720) ldapsam_update_sam_account: failed to modify user with uid = pgienger, error: modify/delete: sambaLMPassword: no such value (Success) My current LDAP LDIF is as follows (some irrelevant attributes deleted or changed) dn: uid=pgienger,ou=People,dc=ae-solutions,dc=com uid: pgienger cn: Paul Gienger givenName: Paul sn: Gienger mail: [EMAIL PROTECTED] homeDirectory: /home/pgienger uidNumber: 2266 o: Applied Engineering, Inc. loginShell: /usr/bin/bash displayName: Paul Gienger gecos: Paul Gienger gidNumber: 2028 objectClass: posixAccount objectClass: inetOrgPerson objectClass: shadowAccount objectClass: sambaSamAccount sambaSID: S-1-5-21-112718084-1284083569-2990761952-5532 sambaPrimaryGroupSID: S-1-5-21-112718084-1284083569-2990761952-5057 sambaPasswordHistory: sambaPwdCanChange: 1101921819 shadowLastChange: 12829 sambaAcctFlags: [UX ] sambaPwdMustChange: 1209265396 sambaHomePath: \\fgoserv\pgienger sambaLMPassword: F095287D9161743BAAD3 sambaNTPassword: 1C67D5538C78A1C1687C sambaPwdLastSet: 1124478817 userPassword:: e0NSWVBUfWN1LmJIWXVblahblak= Free cookies to anyone that can help me figure out how to get this to work As Advertised. If a higher log level is needed I'll be glad to help. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Stop disabling accounts?
When a user tries logging in and enters the wrong password a few times in a row, their account becomes disabled. Is there a way to prevent this behavior? I couldn't find anything in the smb.conf man page about it. Alternatively, could we use a preexec script to just re-enable all accounts when there's a logon attempt? Or does that script only get executed after a user is authenticated? Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Distributed File System
Was looking at the DFS option and it looks very attractive. Is this as easy as it looks to setup? Also, can I have more than one DFS share? Thanks. -- Scott Mayo Technology Coordinator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Pager: 800-264-2535 X2549 Duct tape is like the force, it has a light side and a dark side and it holds the universe together. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Distributed File System
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott Mayo wrote: Was looking at the DFS option and it looks very attractive. Is this as easy as it looks to setup? Yup. Pretty much. Also, can I have more than one DFS share? Yup again. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDBkxBIR7qMdg1EfYRApTrAKDEecIIRAOglI0zNrXBPJQuCe7f3ACgz5I0 l2xqmBgUkpPT6fXAoXYf384= =nmzr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba VERY slow
Hello All, I have been trying to speed up my connection from a Windows XP machine to a Fedora 3 system running Samba both having 100Mbit connections but when I try browse my directory on the samba server, it seems to run VERY slow and takes a long time to do anything. This seems to be much much slower than regular FTP. is there anything that I can do? -- Cheers, Lonnie Cumberland OutStep Technologies Incorporated -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printer install confusion
I have a windows NT4 client with a deskjet printer. I can connect to the printer using cups without any problem. I have also been able to make a printer share where I can connect to it via a W2K client by loading the drivers on the W2K client. (W2K-Samba-NT4). Then I created another share with the raw feed setting and tried to load the drivers to the Samba Server via the Windows APW. When I initially did this everything appeared to work fine. Until I went to another W2K client, when I clicked on the printer share it asked me if I wanted windows to set it up, I clicked yes and everything seemed to work fine. Then I tried to go to properties and received the error message Function address 0xX caused a protection fault (exception code 0xc005). Some or all of the property pages may not be displayed. I then looked around and found some info that this was a problem with Samba 3.0.0 that was fixed in 3.0.1. Found 3.0.10 and installed it. Created a new printer share and tried to install the drivers, now at the very end of the installation I get an error message Explorer.exe has generated error and will be closed by Windows. You will need to restart the program. When I go to properties for that printer share and try to load the printer I get the same error message as before with 3.0.0 installed. I have checked the drivers in /etc/samba/drivers/3 and they all appear to be there ( I compared the files to those on the Windows 2000 Printer Test Page). Should I delete the drivers and try again? What would be the best way to delete the drivers? There is also a shared printer that is still showing which I had deleted in cups, but it is still there. What would be the method for making sure this is properly deleted( I had about 3 others which I created and deleted during this testing and they do not show up anymore ). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User Password Change Problems - Errors - Please help ?
Folks- Having an issue w/ users changeing passwords on the SMB server. They can ssh/telnet in and run smbpasswd and get throug the chat. Once completed it fails for them and says machine 127.0.0.1 rejected the (anonymous) password change: Error was : Wrong Password. Failed to change password for xx I check the log and I have this error going on when the do it. NT password change supplied for user x, but we have no NT password to check it with NT password change supplied for user x, but we have no NT password to check it with NT password change supplied for user x, but we have no NT password to check it with Here is a break down of my [global] settings netbios name = WOOT socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 server string = Samba 3.0 Test local master = yes interfaces = eri*, 127.0.0.1 unix password sync = yes domain master = no passwd chat debug = true passwd program = /bin/passwd %u passwd chat = *old password* %o\n *new password* %n\n *changed* log file = /var/log/samba/log.%m max log size = 50 lock directory = /var/lock/samba printcap name = /etc/printcap load printers = yes wins support = yes -- Thank you Todd Johnson == Todd Johnson State of Alaska Dept. of Natural Resources Computer Information Center MicroComputer/Network Specialist (907) 269-8831 (907) 269-8920 FAX [EMAIL PROTECTED] == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win98 share does not exist?
At 09:47 AM 8/19/05, Frank Bax wrote: SUSE93 system with these samba packages: kbase3-samba-3.4.0-28 samba-3.0.12-5 samba-client-3.0.12-5 yast2-samba-client-2.11.5-3 yast2-samba-server-2.11.14-3 YAST - Security and Users - Firewall - stop firewall. YAST - Network Services - Samba Client - Workgroup=BAX Desktop - Network Browsing - SMB Shares - BAX I see a list of computers in the BAX workgroup (on my home network), but last character of description is missing of each one. When I click on icon for any of these machines, I see a list of shares available on the machine. One of the machines is OpenBSD running Samba, and I can access those shares, no problem. There are three Win98 systems with shared folders. I can see a list of folder names, but when I click on a folder name, I get: -- The file or folder smb://machine/folder does not exist. Did I miss something? Extraneous(?) Info about local network: There is also a WinXP system on the network - not in BAX workgroup - we use Internet Connection Sharing to access DSL connection (router is currently broken and not yet replaced - a long story). I just tried smbclient and got similar results. Works with OpenBSD server, crashes with Win98 server: [EMAIL PROTECTED]:~ smbclient -N //Compaq/Shared smb: \ ls do_list: [\*] ERRDOS - ERRbadfunc (Invalid function.) Error in dskattr: ERRDOS - ERRbadfunc (Invalid function.) Segmentation fault Google of error msg turned up source code and a german page I don't really understand. I notice SUSE93 is mentioned (accessing an ME share?) and I think there is a suggestion to try command as root, but that produces same result. http://www.computerhilfen.de/hilfen-6-76563-0.html Then it finally dawned on me to check for updates. Upgrade to 3.0.13 (via YAST2) resolved the issue. Sorry to interrupt your day with my noise. Release Notes for Samba 3.0.13 Common bugs fixed in 3.0.13 include: o Infinite FindNext() loop from Windows 9x client when copying or deleting files on a Samba file share using explorer.exe. o Numerous smbclient bugs when listing directories. o Failures in smbclient when connecting to a Windows 9x file server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === It may just be a storm in a teacup, but to the ant in the teacup it certainly feels like a typhoon. -- anonymous === Release Announcements = This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. This is a substantial upgrade from previous Samba 3.0.x releases. Please read the section What happened to 3.0.15 - 3.0.19? and the other major change descriptions. Additional features introduced in Samba 3.0.20 include: o Support for several new Win32 rpc pipes. o Improved support for OS/2 clients. o New 'net rpc service' tool for managing Win32 services. o Capability to set the owner on new files and directory based on the parent's ownership. o Experimental, asynchronous IO file serving support. o Completed Support for Microsoft Print Migrator. o New Winbind IDmap plugin (ad) for retrieving uid and gid from AD servers which maintain the SFU user and group attributes. o Rewritten support for POSIX pathnames when utilizing the Linux CIFS fs client. o New asynchronous winbindd. o Support for Microsoft Print Migrator. o New Windows NT registry file I/O library. o New user right (SeTakeOwnershipPrivilege) added. o New net share migrate options. A special thanks those members of the Samba Test Squad, Joerg Pulz, Thomas Bork, and Christoph Beyer in particular, for helping to test and stabilize several last minute critical bugs fixes. What happened to 3.0.15 - 3.0.19? == After some discussion it was deemed that the amount of changes going into the next Samba 3.0 release needed something to catch people's attention. Skipping several releases was chosen as the best solution with the least overhead. There will be no 3.0.15 - 3.0.19 ever released. The next production release following 3.0.20 should be 3.0.21. The original announcement about the version number change can be found in the samba mailing list archives: http://marc.theaimsgroup.com/?l=sambam=111721010206997w=2 Asynchronous Winbind Implementation === Winbindd has been completely rewritten in this release to support an almost completely non-blocking, asynchronous request/reply model. This means that winbindd will scale much better in large domain environments and on high latency networks. Neither the client interface nor the command line tools (i.e. wbinfo) have changed in their calling conventions or syntax. However, due to internal structure changes, it is required (more so than normal) that you install the nss_winbind.so library included in this release. Support for Microsoft Print Migrator Samba 3.0.20 includes full support for migrating printers from Windows servers or other Samba servers via the Microsoft Print Migrator tool. Restoring printers requires a working add printer command defined in smb.conf. Current support also allows administrators to create a master list of printer drivers which can be restored in bulk on new (or existing) Samba installations. Asynchronous IO Support === Experimental support for async IO has been added to smbd for certain platforms. To enable this new feature, Samba must be compiled to include the --with-aio-support configure option. In addition, the aio read size and aio write size to non-zero values. See the smb.conf(5) man page for more details on these settings. Download Details The uncompressed tarball and patch files have been signed using GnuPG (ID F17F9772). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/history/samba-3.0.20.html Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDBkMDIR7qMdg1EfYRAouaAKDz6Amto9em/kjpnb4Eps0kdJvTmwCdGZFD ckUolSE5wF7DvCYF+AcKqvs= =wovg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r9397 - in branches/SAMBA_4_0/swat: . desktop scripting
Author: deryck Date: 2005-08-19 12:02:30 + (Fri, 19 Aug 2005) New Revision: 9397 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9397 Log: Playing with qooxdoo a bit and saving my work, so I can get to it later today at work. Not much to see yet, and not linked to from SWAT yet. Playing with the idea of a web-based desktop, and just seeing how widgets can be used. deryck Added: branches/SAMBA_4_0/swat/desktop/ branches/SAMBA_4_0/swat/desktop/index.esp branches/SAMBA_4_0/swat/scripting/footer_desktop.esp branches/SAMBA_4_0/swat/scripting/header_desktop.esp Changeset: Added: branches/SAMBA_4_0/swat/desktop/index.esp === --- branches/SAMBA_4_0/swat/desktop/index.esp 2005-08-18 22:36:12 UTC (rev 9396) +++ branches/SAMBA_4_0/swat/desktop/index.esp 2005-08-19 12:02:30 UTC (rev 9397) @@ -0,0 +1,168 @@ +% +/*** Reg stuff ***/ +libinclude(base.js); +libinclude(winreg.js); +libinclude(server_call.js); + +/* + server side call to return a listing of elements in a winreg path +*/ +function enum_path(binding, path) { + printf(enum_path(%s, %s)\n, binding, path); + var reg = winreg_init(); + security_init(reg); + + reg.credentials = session.authinfo.credentials; + + var status = reg.connect(binding); + if (status.is_ok != true) { + printVars(status); + return undefined; + } + var list = winreg_enum_path(reg, path); + return list; +} + +/* register a call for clients to make */ +var call = servCallObj(); +call.add('enum_path', enum_path); + +/* run the function that was asked for */ +call.run(); +/** endReg stuff */ + + page_header(desktop, Virtual Desktop Design Test, desktop); +% + +script type=text/javascript src=/scripting/client/encoder.js/script +script type=text/javascript src=/scripting/client/call.js/script + +script type=text/javascript + +function folder_list(fParent, list) { + var i; + fParent.populated = true; + fParent.removeAll(); + for (i=0;ilist.length;i++) { + var fChild; + fChild = new QxTreeFolder(list[i]); + fParent.add(fChild); + fChild.binding = fParent.binding; + if (fParent.reg_path == '') { + fChild.reg_path = list[i]; + } else { + fChild.reg_path = fParent.reg_path + '' + list[i]; + } + fChild.add(new QxTreeFolder('Working ...')); + fChild.addEventListener(click, function() { + var el = this; folder_click(el); + }); + fParent.setOpen(1); + } +} + +function folder_click(node) { + if (!node.populated) { + server_call_url(@@request.REQUEST_URI, 'enum_path', + function(list) { folder_list(node, list); }, + node.binding, node.reg_path); + } +} + +/* return a registry tree for the given server */ +function registry_tree(binding) { + var tree = new QxTree(registry: + binding); + tree.binding = binding; + tree.reg_path = ; + tree.populated = false; + with(tree) + { +setBackgroundColor(255); +setBorder(QxBorder.presets.inset); +setOverflow(scroll); +setStyleProperty(padding, 2px); +setWidth(400); +setHeight(400); +setTop(20); + } + tree.addEventListener(click, function() { + var el = this; folder_click(el); + }); + return tree; +} + +/*** init the page for qooxdoo ***/ +window.application.main = function() +{ + // Don't declare local with var + doc = this.getClientWindow().getClientDocument(); +} + +function showReg() +{ +var inlineWidget = new QxInline; +var fieldSet = new QxFieldSet(Registry); +var binding = ncalrpc:; + +with(fieldSet) +{ + setWidth(40%); + setMinHeight(500); + setBottom(48); + setMinWidth(500); + setBackgroundColor(#FFF); +}; + +var gl = new QxGridLayout(auto,auto,auto,auto,auto, 100%); +gl.setEdge(0); +gl.setCellPaddingTop(3); +gl.setCellPaddingBottom(3); + + inlineWidget.add(fieldSet); + +var t = registry_tree(binding); + +function change_binding(e) { + binding = e.getNewValue(); + srv_printf(changed binding to %s\\n, binding); + gl.remove(t); + t = registry_tree(binding); + gl.add(t, { row : 2, col : 1 }); +} + +var b = new QxTextField(binding); +b.addEventListener(changeText, change_binding); + +gl.add(b, { row : 1, col : 1 }); +gl.add(t, { row : 2, col : 1 }); + +fieldSet.add(gl); +inlineWidget.add(fieldSet); +doc.add(inlineWidget, canvas); + +w1.setVisible(false); +} + +function startSwat() +{ + // Don't declare
svn commit: lorikeet r428 - in trunk/sangria/src/LatestDesign: . cgi classes/AccountManager classes/GroupManager classes/ServerObjects config docs test
Author: amit Date: 2005-08-19 13:03:46 + (Fri, 19 Aug 2005) New Revision: 428 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=428 Log: new test files added and CGI scripts updated to make them run under apache web server Added: trunk/sangria/src/LatestDesign/cgi/.htaccess trunk/sangria/src/LatestDesign/cgi/.htpasswd trunk/sangria/src/LatestDesign/classes/AccountManager/New_AccountManagerClass.py trunk/sangria/src/LatestDesign/config/ trunk/sangria/src/LatestDesign/config/config.py trunk/sangria/src/LatestDesign/test/fileshare_test.py trunk/sangria/src/LatestDesign/test/printshare_test.py trunk/sangria/src/LatestDesign/test/server_test.py trunk/sangria/src/LatestDesign/test/setserver_params.py Removed: trunk/sangria/src/LatestDesign/test/test.py Modified: trunk/sangria/src/LatestDesign/cgi/cgi_lib.py trunk/sangria/src/LatestDesign/cgi/fileshare_result.cgi trunk/sangria/src/LatestDesign/cgi/smb.conf trunk/sangria/src/LatestDesign/classes/GroupManager/GroupManagerClass.py trunk/sangria/src/LatestDesign/classes/ServerObjects/ServerClass.py trunk/sangria/src/LatestDesign/docs/HOW-TO.TXT Changeset: Sorry, the patch is too large (976 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=428
svn commit: lorikeet r429 - in trunk/ntacl-lsm: .
Author: metze Date: 2005-08-19 13:36:29 + (Fri, 19 Aug 2005) New Revision: 429 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=429 Log: a bunch of updates, to come closer to real access checking metze Added: trunk/ntacl-lsm/access_check.h Modified: trunk/ntacl-lsm/main.c Changeset: Sorry, the patch is too large (696 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=429
svn commit: samba-docs r797 - in trunk/smbdotconf/security: .
Author: jra Date: 2005-08-19 16:40:15 + (Fri, 19 Aug 2005) New Revision: 797 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=797 Log: Added acl group control docs. Jeremy. Added: trunk/smbdotconf/security/aclgroupcontrol.xml Changeset: Added: trunk/smbdotconf/security/aclgroupcontrol.xml === --- trunk/smbdotconf/security/aclgroupcontrol.xml 2005-08-18 00:36:55 UTC (rev 796) +++ trunk/smbdotconf/security/aclgroupcontrol.xml 2005-08-19 16:40:15 UTC (rev 797) @@ -0,0 +1,47 @@ +samba:parameter name=acl group control + context=S +type=boolean + xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; +description + para + In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions + and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the + emphasisprimary group owner/emphasis of a file or directory to modify the permissions and ACLs + on that file. + /para + para + On a Windows server, groups may be the owner of a file or directory - thus allowing anyone in + that group to modify the permissions on it. This allows the delegation of security controls + on a point in the filesystem to the group owner of a directory and anything below it also owned + by that group. This means there are multiple people with permissions to modify ACLs on a file + or directory, easing managability. + /para + para + This parameter allows Samba to also permit delegation of the control over a point in the exported + directory hierarchy in much the same was as Windows. This allows all members of a UNIX group to + control the permissions on a file or directory they have group ownership on. + /para + + para + This parameter is best used with the smbconfoption name=inherit owner/ option and also + on on a share containing directories with the UNIX emphasissetgid bit/emphasis bit set + on them, which causes new files and directories created within it to inherit the group + ownership from the containing directory. + /para + + para + This is a new parameter introduced in Samba 3.0.20. + /para + + para + This can be particularly useful to allow groups to manage their own security on a part + of the filesystem they have group ownership of, removing the bottleneck of having only + the user owner or superuser able to reset permissions. + /para +/description + +relatedinherit owner/related +relatedinherit permissions/related + +value type=defaultno/value +/samba:parameter
svn commit: samba r9398 - in branches/SAMBA_3_0_RELEASE/source: .
Author: jerry Date: 2005-08-19 17:14:39 + (Fri, 19 Aug 2005) New Revision: 9398 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9398 Log: cutting 3.0.20 Modified: branches/SAMBA_3_0_RELEASE/source/VERSION Changeset: Modified: branches/SAMBA_3_0_RELEASE/source/VERSION === --- branches/SAMBA_3_0_RELEASE/source/VERSION 2005-08-19 12:02:30 UTC (rev 9397) +++ branches/SAMBA_3_0_RELEASE/source/VERSION 2005-08-19 17:14:39 UTC (rev 9398) @@ -63,7 +63,7 @@ # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # - 3.0.0-SVN-build-199 # -SAMBA_VERSION_IS_SVN_SNAPSHOT=yes +SAMBA_VERSION_IS_SVN_SNAPSHOT= # This can be set by vendors if they want... #
svn commit: samba r9399 - in trunk/source/lib: .
Author: jht Date: 2005-08-19 17:22:48 + (Fri, 19 Aug 2005) New Revision: 9399 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9399 Log: Syncing HOWTO reference from SAMBA_3_0 branch. Modified: trunk/source/lib/fault.c Changeset: Modified: trunk/source/lib/fault.c === --- trunk/source/lib/fault.c2005-08-19 17:14:39 UTC (rev 9398) +++ trunk/source/lib/fault.c2005-08-19 17:22:48 UTC (rev 9399) @@ -35,7 +35,8 @@ DEBUG(0,(===\n)); DEBUG(0,(INTERNAL ERROR: Signal %d in pid %d (%s),sig,(int)sys_getpid(),SAMBA_VERSION_STRING)); - DEBUG(0,(\nPlease read the appendix Bugs of the Samba HOWTO collection\n)); + DEBUG(0,(\nPlease read the Trouble-Shooting section of the Samba3-HOWTO\n)); + DEBUG(0,(\nFrom: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf\n;)); DEBUG(0,(===\n)); smb_panic(internal error);
svn commit: samba r9400 - in branches/SAMBA_3_0_RELEASE: .
Author: jerry Date: 2005-08-19 17:48:29 + (Fri, 19 Aug 2005) New Revision: 9400 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9400 Log: updating release notes Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt Changeset: Sorry, the patch is too large (1275 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9400
svn commit: samba r9401 - in branches/SAMBA_3_0/source/client: .
Author: sfrench Date: 2005-08-19 18:06:05 + (Fri, 19 Aug 2005) New Revision: 9401 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9401 Log: Allow disabling mandatory byte range lock mount flag, and fix corresponding entry in mtab. Modified: branches/SAMBA_3_0/source/client/mount.cifs.c Changeset: Modified: branches/SAMBA_3_0/source/client/mount.cifs.c === --- branches/SAMBA_3_0/source/client/mount.cifs.c 2005-08-19 17:48:29 UTC (rev 9400) +++ branches/SAMBA_3_0/source/client/mount.cifs.c 2005-08-19 18:06:05 UTC (rev 9401) @@ -506,6 +506,8 @@ *filesys_flags = ~MS_NOSUID; } else if (strncmp(data, nodev, 5) == 0) { *filesys_flags |= MS_NODEV; + } else if (strncmp(data, nobrl, 5) == 0) { + *filesys_flags = ~MS_MANDLOCK; } else if (strncmp(data, dev, 3) == 0) { *filesys_flags = ~MS_NODEV; } else if (strncmp(data, noexec, 6) == 0) { @@ -1138,8 +1140,6 @@ strcat(mountent.mnt_opts,rw); if(flags MS_MANDLOCK) strcat(mountent.mnt_opts,,mand); - else - strcat(mountent.mnt_opts,,nomand); if(flags MS_NOEXEC) strcat(mountent.mnt_opts,,noexec); if(flags MS_NOSUID)
svn commit: samba r9402 - in branches/SAMBA_3_0_RELEASE: .
Author: jerry Date: 2005-08-19 18:37:08 + (Fri, 19 Aug 2005) New Revision: 9402 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9402 Log: fixing one typo (thanks to Jason Mader) Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2005-08-19 18:06:05 UTC (rev 9401) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2005-08-19 18:37:08 UTC (rev 9402) @@ -77,7 +77,7 @@ certain platforms. To enable this new feature, Samba must be compiled to include the --with-aio-support configure option. In addition, the aio read size and aio write size to non-zero -values. See the smb,conf(5) man page for more details on these +values. See the smb.conf(5) man page for more details on these settings.
svn commit: samba r9403 - in tags: .
Author: jerry Date: 2005-08-19 18:41:25 + (Fri, 19 Aug 2005) New Revision: 9403 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9403 Log: tagging 3.0.20 Added: tags/release-3-0-20/ Changeset: Copied: tags/release-3-0-20 (from rev 9402, branches/SAMBA_3_0_RELEASE)
svn commit: samba-docs r798 - in tags: .
Author: jerry Date: 2005-08-19 18:41:26 + (Fri, 19 Aug 2005) New Revision: 798 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=798 Log: tagging 3.0.20 Added: tags/release-3-0-20/ Changeset: Copied: tags/release-3-0-20 (from rev 797, trunk)
svn commit: samba r9404 - in branches/SOC/SAMBA_4_0: . source/auth source/auth/gensec source/cldap_server source/dsdb/samdb source/dsdb/samdb/ldb_modules source/include source/kdc source/ldap_server s
Author: brad Date: 2005-08-19 20:47:36 + (Fri, 19 Aug 2005) New Revision: 9404 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9404 Log: [EMAIL PROTECTED]: j0j0 | 2005-08-19 13:45:34 -0600 [EMAIL PROTECTED]: j0j0 | 2005-08-19 10:51:13 -0600 [EMAIL PROTECTED] (orig r9377): tridge | 2005-08-17 23:09:26 -0600 made winreg a user tool (I find it quite useful). I expect it to get the ability to add/remove keys and values in the future. add it to the standard tests, ensuring that we know if winreg breaks. This is particularly important as winreg uses such unusual IDL constructs [EMAIL PROTECTED] (orig r9378): tridge | 2005-08-18 00:14:10 -0600 initialise the last_mod attribute in the ldb backend. Better to return 0 than an uninitialised value, but we should put proper last_modified time support into the ldb winreg backend in the future [EMAIL PROTECTED] (orig r9379): tridge | 2005-08-18 00:19:32 -0600 the valgrind test box is now just going past the max 30 minute smbd runtime for testing. Increased to 45 minutes. [EMAIL PROTECTED] (orig r9381): tpot | 2005-08-18 01:00:37 -0600 Line wrapping. [EMAIL PROTECTED] (orig r9382): tpot | 2005-08-18 01:06:19 -0600 Add a dummy registry for HKEY_USERS to get rid of the annoying dialog presented by regedt32. I think this hive is dynamically generated from SAM information. [EMAIL PROTECTED] (orig r9383): tridge | 2005-08-18 03:33:03 -0600 remove unused file [EMAIL PROTECTED] (orig r9384): tridge | 2005-08-18 04:12:55 -0600 added a debug to show the dcerpc fault code for any calls we fault [EMAIL PROTECTED] (orig r9385): idra | 2005-08-18 04:23:53 -0600 Remove unused functions [EMAIL PROTECTED] (orig r9386): tridge | 2005-08-18 04:58:05 -0600 OpenKey with a bad name must return WERR_BADFILE (w2k3 regedit relies on this) [EMAIL PROTECTED] (orig r9387): tridge | 2005-08-18 05:15:15 -0600 regedit uses New Key #nn for newly created keys, which conflicts with the stricter DN rules in ldb. Escape the DN components to cope. Simo, sorry for making a change in ldb_dn.c while you have changes pending. Please feel free to revert these and switch reg_backend_ldb.c to use the new dn construction code. [EMAIL PROTECTED] (orig r9388): tridge | 2005-08-18 05:16:32 -0600 we should fault bad handles given to winreg_GetVersion() [EMAIL PROTECTED] (orig r9389): tridge | 2005-08-18 06:19:16 -0600 handle errors reading from files in web server bug found by coverity [EMAIL PROTECTED] (orig r9390): tridge | 2005-08-18 06:21:42 -0600 fixed mixing of code and data [EMAIL PROTECTED] (orig r9391): idra | 2005-08-18 09:02:01 -0600 Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form [EMAIL PROTECTED] (orig r9392): idra | 2005-08-18 10:18:48 -0600 Fix ldb_dn_compose to make build farm happy Add ldb_dn_string_compose so that you can build a dn starting from a struct ldb_dn base and a set of parameters to be composed in a format string with the same syntax of printf [EMAIL PROTECTED] (orig r9393): idra | 2005-08-18 10:27:09 -0600 Fix ldb standalone build [EMAIL PROTECTED] (orig r9394): idra | 2005-08-18 10:41:27 -0600 avoid to use BOOL in ldb [EMAIL PROTECTED] (orig r9396): abartlet | 2005-08-18 16:36:12 -0600 ntlm_auth updates, including again support for the NTLMSSP client mode, and specification of the workstation. Andrew Bartlett [EMAIL PROTECTED] (orig r9397): deryck | 2005-08-19 06:02:30 -0600 Playing with qooxdoo a bit and saving my work, so I can get to it later today at work. Not much to see yet, and not linked to from SWAT yet. Playing with the idea of a web-based desktop, and just seeing how widgets can be used. deryck Added: branches/SOC/SAMBA_4_0/source/scripting/bin/winreg branches/SOC/SAMBA_4_0/swat/desktop/ branches/SOC/SAMBA_4_0/swat/desktop/index.esp branches/SOC/SAMBA_4_0/swat/scripting/footer_desktop.esp branches/SOC/SAMBA_4_0/swat/scripting/header_desktop.esp Removed: branches/SOC/SAMBA_4_0/testprogs/ejs/winreg.js Modified: branches/SOC/SAMBA_4_0/ branches/SOC/SAMBA_4_0/source/auth/auth_sam.c branches/SOC/SAMBA_4_0/source/auth/gensec/schannel_state.c branches/SOC/SAMBA_4_0/source/cldap_server/netlogon.c branches/SOC/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectguid.c branches/SOC/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c branches/SOC/SAMBA_4_0/source/dsdb/samdb/samdb.c branches/SOC/SAMBA_4_0/source/include/structs.h branches/SOC/SAMBA_4_0/source/kdc/hdb-ldb.c branches/SOC/SAMBA_4_0/source/ldap_server/config.mk
Build status as of Sat Aug 20 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-08-19 00:00:10.0 + +++ /home/build/master/cache/broken_results.txt 2005-08-20 00:00:16.0 + @@ -1,17 +1,17 @@ -Build status as of Fri Aug 19 00:00:01 2005 +Build status as of Sat Aug 20 00:00:02 2005 Build counts: Tree Total Broken Panic ccache 9 3 0 distcc 10 4 0 -lorikeet-heimdal 35 23 0 -ppp 21 2 0 +lorikeet-heimdal 34 21 0 +ppp 19 2 0 rsync36 2 0 samba0 0 0 samba-docs 0 0 0 -samba4 41 14 0 -samba_3_037 3 0 -smb-build29 5 0 -talloc 14 5 0 -tdb 9 5 0 +samba4 41 13 0 +samba_3_037 4 0 +smb-build27 5 0 +talloc 15 6 0 +tdb 9 6 0
svn commit: samba r9406 - in branches/SAMBA_4_0/source/torture/basic: .
Author: abartlet Date: 2005-08-20 00:10:03 + (Sat, 20 Aug 2005) New Revision: 9406 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9406 Log: Add const. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/basic/denytest.c Changeset: Modified: branches/SAMBA_4_0/source/torture/basic/denytest.c === --- branches/SAMBA_4_0/source/torture/basic/denytest.c 2005-08-19 20:50:10 UTC (rev 9405) +++ branches/SAMBA_4_0/source/torture/basic/denytest.c 2005-08-20 00:10:03 UTC (rev 9406) @@ -32,7 +32,7 @@ static const char *denystr(int denymode) { - struct { + const struct { int v; const char *name; } deny_modes[] = { @@ -52,7 +52,7 @@ static const char *openstr(int mode) { - struct { + const struct { int v; const char *name; } open_modes[] = { @@ -69,7 +69,7 @@ static const char *resultstr(enum deny_result res) { - struct { + const struct { enum deny_result res; const char *name; } results[] = {
svn commit: samba r9407 - in branches/SOC/SAMBA_4_0: . source/libnet source/torture/rpc
Author: brad Date: 2005-08-20 01:22:42 + (Sat, 20 Aug 2005) New Revision: 9407 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9407 Log: [EMAIL PROTECTED]: j0j0 | 2005-08-19 19:28:22 -0600 libnet/libnet_join.c Some more fixes so ldb uses ldb_dn's. torture/rpc/dssync.c Some debugging printf()'s. ldb_dn fixes. torture/rpc/testjoin.c Change torture_join_domain() to use libnet_JoinDomain() rather than libnet_Join(). Some more debugging statements. I'm not sure why, but GUID_all_zero(user_handle.uuid) is returning true in torture_leave_domain() when called it from torture_destroy_context() in torture/rpc/dssync.c. That's what i'm working out now. Modified: branches/SOC/SAMBA_4_0/ branches/SOC/SAMBA_4_0/source/libnet/libnet_join.c branches/SOC/SAMBA_4_0/source/torture/rpc/dssync.c branches/SOC/SAMBA_4_0/source/torture/rpc/testjoin.c Changeset: Property changes on: branches/SOC/SAMBA_4_0 ___ Name: svk:merge - 0c0555d6-39d7-0310-84fc-f1cc0bd64818:/branches/SAMBA_4_0:9397 d349723c-e9fc-0310-b8a8-fdedf1c27407:/local/SAMBA_4_0:5500 d349723c-e9fc-0310-b8a8-fdedf1c27407:/local/samba-SAMBA_4_0:5497 + 0c0555d6-39d7-0310-84fc-f1cc0bd64818:/branches/SAMBA_4_0:9397 d349723c-e9fc-0310-b8a8-fdedf1c27407:/local/SAMBA_4_0:5502 d349723c-e9fc-0310-b8a8-fdedf1c27407:/local/samba-SAMBA_4_0:5497 Modified: branches/SOC/SAMBA_4_0/source/libnet/libnet_join.c === --- branches/SOC/SAMBA_4_0/source/libnet/libnet_join.c 2005-08-20 00:10:03 UTC (rev 9406) +++ branches/SOC/SAMBA_4_0/source/libnet/libnet_join.c 2005-08-20 01:22:42 UTC (rev 9407) @@ -81,7 +81,6 @@ struct dom_sid *domain_sid; const char *domain_name; const char *realm = NULL; /* Also flag for remote being AD */ - const struct ldb_dn *account_dn; tmp_ctx = talloc_named(mem_ctx, 0, libnet_Join temp context); @@ -457,7 +456,7 @@ struct ldb_context *remote_ldb; - const char *account_dn; + const struct ldb_dn *account_dn; char *remote_ldb_url; struct ldb_message **msgs, *msg; Modified: branches/SOC/SAMBA_4_0/source/torture/rpc/dssync.c === --- branches/SOC/SAMBA_4_0/source/torture/rpc/dssync.c 2005-08-20 00:10:03 UTC (rev 9406) +++ branches/SOC/SAMBA_4_0/source/torture/rpc/dssync.c 2005-08-20 01:22:42 UTC (rev 9407) @@ -115,6 +115,19 @@ /*create machine account*/ ctx-new_dc.join = torture_join_domain(mem_ctx, TEST_MACHINE_NAME, lp_workgroup(), ACB_SVRTRUST, new_dc_pass); + /* debugging printf()'s*/ + if (torture_join_samr_pipe(ctx-new_dc.join) != NULL) { +printf(test_create_context(): tj-p isn't null\n); + } else { + printf(test_create_context(): tj-p is null.\n); + } + + if (torture_join_samr_user_policy(ctx-new_dc.join) != NULL) { + printf(test_create_context(): tj-user_handle isn't null\n); + } else { + printf(test_create_context(): tj-user_handle is null.\n); + } + /* ctx-libnet_ctx = libnet_context_init(NULL); if (ctx-libnet_ctx == NULL) { @@ -172,6 +185,7 @@ ldb_errstring(ctx-ldb_ctx)); return; } + /* ldif = talloc_asprintf(ctx, dn: %s\n @@ -219,10 +233,12 @@ This will need to be replaced with a libnet leave domain call. It will remove the computer dn: CN=smbtorturedssync,OU=Domain Controllers,DC=smb,DC=test entry, and maybe the server dn also. + */ + printf(test_destroy_context(): Removing machine account %s$.\n,TEST_MACHINE_NAME); if (ctx-new_dc.join) { torture_leave_domain(ctx-new_dc.join); } - */ + talloc_free(ctx); } Modified: branches/SOC/SAMBA_4_0/source/torture/rpc/testjoin.c === --- branches/SOC/SAMBA_4_0/source/torture/rpc/testjoin.c2005-08-20 00:10:03 UTC (rev 9406) +++ branches/SOC/SAMBA_4_0/source/torture/rpc/testjoin.c2005-08-20 01:22:42 UTC (rev 9407) @@ -286,7 +286,7 @@ */ struct libnet_context *libnet_ctx; - struct libnet_Join libnet_r; + struct libnet_JoinDomain libnet_r; struct test_join *tj; NTSTATUS status; @@ -298,22 +298,45 @@ libnet_r.in.domain_name = domain; libnet_r.in.level = LIBNET_JOIN_SPECIFIED; libnet_r.in.netbios_name = machine_name; - - if (acct_flags == ACB_SVRTRUST) { - libnet_r.in.secure_channel_type = SEC_CHAN_BDC; - } else if (acct_flags == ACB_WSTRUST) { -
svn commit: samba r9408 - in trunk/source: include lib libsmb registry rpc_client rpc_parse rpc_server
Author: jra Date: 2005-08-20 01:38:31 + (Sat, 20 Aug 2005) New Revision: 9408 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9408 Log: The *classic* friday night check-in :-). Ok - this code (especially the RPC client code) will probably not work. But enough of the server RPC code is fixed that we need to have it in the tree so others can start banging on it. Brings back the NTLMv2 code from Samba4 gensec and allows Samba3 rpc pipes to negotiate NTLMv2 sign and seal - using auth type 10. Next I need to fix up the secondary alter context code to make auth type 9 (SPNEGO NTLMSSP) work. Finally I need to fix up the client RPC code to correctly do sign and seal. But it's getting there. It works with Samba4 smbtorture using the RPC-ECHO test until I get a segfault (in Samba4 smbtorture). I'm going to look into that next. Thanks to Andrew Bartlett for his wonderfully clear gensec code and some extremely useful help and advice in doing this. Jeremy. Modified: trunk/source/include/ntdomain.h trunk/source/include/ntlmssp.h trunk/source/include/rpc_client.h trunk/source/include/rpc_dce.h trunk/source/lib/data_blob.c trunk/source/libsmb/ntlmssp.c trunk/source/libsmb/ntlmssp_sign.c trunk/source/libsmb/samlogon_cache.c trunk/source/libsmb/smbencrypt.c trunk/source/registry/reg_printing.c trunk/source/rpc_client/cli_dfs.c trunk/source/rpc_client/cli_ds.c trunk/source/rpc_client/cli_echo.c trunk/source/rpc_client/cli_lsarpc.c trunk/source/rpc_client/cli_netlogon.c trunk/source/rpc_client/cli_pipe.c trunk/source/rpc_client/cli_samr.c trunk/source/rpc_client/cli_shutdown.c trunk/source/rpc_client/cli_spoolss_notify.c trunk/source/rpc_client/cli_srvsvc.c trunk/source/rpc_client/cli_unixinfo.c trunk/source/rpc_client/cli_wkssvc.c trunk/source/rpc_parse/parse_prs.c trunk/source/rpc_parse/parse_rpc.c trunk/source/rpc_server/srv_pipe.c trunk/source/rpc_server/srv_pipe_hnd.c trunk/source/rpc_server/srv_samr_nt.c trunk/source/rpc_server/srv_spoolss_nt.c Changeset: Sorry, the patch is too large (4347 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9408
svn commit: samba-web r772 - in trunk: . history
Author: jerry Date: 2005-08-20 03:37:25 + (Sat, 20 Aug 2005) New Revision: 772 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=772 Log: announcing 3.0.20 Added: trunk/history/samba-3.0.20.html Modified: trunk/header_columns.html trunk/index.html Changeset: Sorry, the patch is too large (5139 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=772
svn commit: samba r9409 - in branches/SAMBA_4_0/source/web_server: .
Author: tridge Date: 2005-08-20 04:38:35 + (Sat, 20 Aug 2005) New Revision: 9409 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9409 Log: fix a problem that volker noticed with web page timeouts causing smbd to crash. This is one of the downsides of the fact that the ejs engine is not event driven, resulting in the rendering of each web page being 'semi-async'. We need to protect the web context from the timeout processing until we have unwound the stack back to the point that the 'web' variable representing the page rendering logic won't be used any more. Modified: branches/SAMBA_4_0/source/web_server/http.c branches/SAMBA_4_0/source/web_server/web_server.c Changeset: Modified: branches/SAMBA_4_0/source/web_server/http.c === --- branches/SAMBA_4_0/source/web_server/http.c 2005-08-20 01:38:31 UTC (rev 9408) +++ branches/SAMBA_4_0/source/web_server/http.c 2005-08-20 04:38:35 UTC (rev 9409) @@ -501,6 +501,7 @@ return; } #endif + res = espProcessRequest(esp-req, url, buf, emsg); if (res != 0 emsg) { http_writeBlock(web, pre, 5); @@ -866,6 +867,12 @@ } } + if (web-conn == NULL) { + /* the connection has been terminated above us, probably + via a timeout */ + goto internal_error; + } + if (!web-output.output_pending) { http_output_headers(web); EVENT_FD_WRITEABLE(web-conn-event.fde); @@ -909,7 +916,9 @@ internal_error: mprSetCtx(esp); talloc_free(esp); - http_error(web, 500, Internal server error); + if (web-conn != NULL) { + http_error(web, 500, Internal server error); + } mprSetCtx(save_mpr_ctx); ejs_restore_state(ejs_save); } Modified: branches/SAMBA_4_0/source/web_server/web_server.c === --- branches/SAMBA_4_0/source/web_server/web_server.c 2005-08-20 01:38:31 UTC (rev 9408) +++ branches/SAMBA_4_0/source/web_server/web_server.c 2005-08-20 04:38:35 UTC (rev 9409) @@ -52,7 +52,11 @@ struct timeval t, void *private) { struct websrv_context *web = talloc_get_type(private, struct websrv_context); - stream_terminate_connection(web-conn, websrv_timeout: timed out); + struct stream_connection *conn = web-conn; + web-conn = NULL; + /* TODO: send a message to any running esp context on this connection + to stop running */ + stream_terminate_connection(conn, websrv_timeout: timed out); } /* @@ -108,7 +112,17 @@ web-input.partial.data[web-input.content_length] = 0; } EVENT_FD_NOT_READABLE(web-conn-event.fde); + + /* the reference/unlink code here is quite subtle. It +is needed because the rendering of the web-pages, and +in particular the esp/ejs backend, is semi-async. So +we could well end up in the connection timeout code +while inside http_process_input(), but we must not +destroy the stack variables being used by that +rendering process when we handle the timeout. */ + talloc_reference(web-task, web); http_process_input(web); + talloc_unlink(web-task, web); } return;
svn commit: samba r9410 - in branches/SAMBA_4_0/source/rpc_server/winreg: .
Author: tridge Date: 2005-08-20 04:40:08 + (Sat, 20 Aug 2005) New Revision: 9410 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9410 Log: - a winreg_CloseKey() should return a zero key on success (zeroing the callers key). This is the normal pattern with rpc handles. - fixed reference to undefined error variable in winreg_DeleteKey() Modified: branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c === --- branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c2005-08-20 04:38:35 UTC (rev 9409) +++ branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c2005-08-20 04:40:08 UTC (rev 9410) @@ -85,6 +85,8 @@ talloc_free(h); + ZERO_STRUCTP(r-out.handle); + return WERR_OK; } @@ -123,15 +125,10 @@ struct winreg_DeleteKey *r) { struct dcesrv_handle *h; - WERROR result; DCESRV_PULL_HANDLE_FAULT(h, r-in.handle, HTYPE_REGKEY); - - if (W_ERROR_IS_OK(result)) { - return reg_key_del((struct registry_key *)h-data, r-in.key.name); - } - - return result; + + return reg_key_del((struct registry_key *)h-data, r-in.key.name); }
svn commit: samba r9411 - in branches/SAMBA_4_0/source/auth: gensec ntlmssp
Author: abartlet Date: 2005-08-20 04:42:19 + (Sat, 20 Aug 2005) New Revision: 9411 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9411 Log: Ensure we don't send a challenge without first getting a negotiate in NTLMSSP, unless we are in datagram mode (not fully implemented yet). Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.h branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c Changeset: Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.h === --- branches/SAMBA_4_0/source/auth/gensec/gensec.h 2005-08-20 04:40:08 UTC (rev 9410) +++ branches/SAMBA_4_0/source/auth/gensec/gensec.h 2005-08-20 04:42:19 UTC (rev 9411) @@ -40,6 +40,7 @@ #define GENSEC_FEATURE_SEAL0x0004 #define GENSEC_FEATURE_DCE_STYLE 0x0008 #define GENSEC_FEATURE_ASYNC_REPLIES 0x0010 +#define GENSEC_FEATURE_DATAGRAM_MODE 0x0020 /* GENSEC mode */ enum gensec_role Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c === --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c2005-08-20 04:40:08 UTC (rev 9410) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c2005-08-20 04:42:19 UTC (rev 9411) @@ -138,8 +138,14 @@ ntlmssp_command = NTLMSSP_INITIAL; break; case NTLMSSP_SERVER: - /* 'datagram' mode - no neg packet */ - ntlmssp_command = NTLMSSP_NEGOTIATE; + if (gensec_security-want_features GENSEC_FEATURE_DATAGRAM_MODE) { + /* 'datagram' mode - no neg packet */ + ntlmssp_command = NTLMSSP_NEGOTIATE; + } else { + /* This is normal in SPNEGO mech negotiation fallback */ + DEBUG(2, (Failed to parse NTLMSSP packet: zero length\n)); + return NT_STATUS_INVALID_PARAMETER; + } break; } } else {