[Samba] File owning and rights problems
Hi! I use protocol manager on a boot diskete to map a network drive share which is shared by a samba server. (i.e net use i: \\server\d) I give a username and a password which exists in /etc/samba/smbpasswd (i.e user name: user1 and password: passwd1) but when I create and/or edit a file, it changes the ownership to that file to owner user: dobody and group owner: nobody. Also the rights are changed from -rwxrwxrwx to -rwx-r--r-- In conclusion: even if a duply a valid username and password, the server logs me in as nobody... and I don't want ownership and rights to be changed... What can I do? Thanx for your help! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File owning and rights problems
- Original Message - From: kurt weiss [EMAIL PROTECTED] To: UNIREA Sannicolau Mare [EMAIL PROTECTED] Sent: Wednesday, September 14, 2005 9:12 AM Subject: Re: [Samba] File owning and rights problems a) i think, u should post smb.conf. b) u should try to lock out failed logins (map to guest = bad user). this will exclude problems with failed logins... c) are u using force user = ??? UNIREA Sannicolau Mare schrieb: Hi! I use protocol manager on a boot diskete to map a network drive share which is shared by a samba server. (i.e net use i: \\server\d) I give a username and a password which exists in /etc/samba/smbpasswd (i.e user name: user1 and password: passwd1) but when I create and/or edit a file, it changes the ownership to that file to owner user: dobody and group owner: nobody. Also the rights are changed from -rwxrwxrwx to -rwx-r--r-- In conclusion: even if a duply a valid username and password, the server logs me in as nobody... and I don't want ownership and rights to be changed... What can I do? Thanx for your help! My smb.conf file has the following content: smb.conf [global] workgroup = S netbios name = CASA1 security = SHARE printcap name = cups disable spoolss = Yes show add printer wizard = No printing = cups idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [c] comment = unitatea c path = /c read only = No guest ok = Yes [d] comment = unitatea d path = /d read only = No guest ok = Yes [slash] comment = ROOT DIRECTORY path = / read only = No guest ok = Yes [scoop] comment = scoop path = /scoop #force user = caseria read only = No guest ok = Yes [tcoop] comment = tcoop path = /tcoop #force user = caseria read only = No guest ok = Yes [printers] comment = Imprimante path = /var/spool/samba printer admin = root, user1 create mask = 0600 guest ok = Yes printable = Yes use client driver = No browseable = No ##end smb.conf## -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Usermap not linking accounts
Solution: I downloaded the latest version 3.0.20 and installed it from a compiled build, and no longer have any problem. One thing I also had to do was to change the usermap layout to LinuxUID = WindowsUID DOMAINname/WindownsUID and with this the linking of windows to Linux accounts works like a charm. Note: Also tried this usermap layout on the default version of Samba, but also with no success. Cheers, On Fri, 2005-07-29 at 09:16 +0200, Kristof Bruyninckx wrote: Hello @ll, I have recently installed a RHEL 4 system with the default samba packages : samba-common-3.0.10-1.4E samba-swat-3.0.10-1.4E samba-3.0.10-1.4E samba-client-3.0.10-1.4E Now I have successfully linked this server to our Windows domain. This means that all the windows IDs are known. Now we have our systems setup in away that only people with existing GNULinux accounts can have access to there home folders. This setup is configured and working on several other server RHEL3 and HP-UX11.11 servers. But on the RHEL4 the link to the existing Unix account seems to be broken? Also the GNULinux accounts have been setup by a NIS, in case this would be important. contents of the smb.conf, basic setup actually : [global] workgroup = realm = server string = CLearCase server security = DOMAIN auth methods = winbind obey pam restrictions = Yes password server = username map = /etc/opt/samba/smbusers log level = 3 log file = /var/log/samba/smbd.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = / winbind cache time = 10 winbind use default domain = Yes hosts allow = 192.168.1. [homes] comment = Home Directories path = %H read only = No [sharing] comment = File sharing area path = /home/sharing read only = No guest ok = Yes and the layout of the smbusers file is: LinuxAccount = DOMAIN\Windows.Account etc... also tried layout like this LinuxAccount = Windows.Account etc.. but no effect. Does anybody have any more ideas of what could be setup wrongly? Or is this related to a bug in samba? -- Kristof.Bruyninckx We are Microsoft. What you are experiencing is not a problem; it is an undocumented feature. -- Bruyninckx Kristof Thales Services Division GNULinux/Unix System Administrator / Test developer [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems installing printer driver
Hello Martin, On Tue, Sep 13, 2005 at 09:19:36AM +0200, Martin Zielinski wrote: The PPD-Files (the driver only contains ppd-files) of this package _are_ read-only (Properties - Attributes - Write Protected). You might try to remove this flag on (should be) KM6020EG.PPD and repeat the installation. You were right, this did away with the problem. Thanks a lot! Wolf -- How are you going to get a reputation as a miracle worker if you tell the Captain the actual amount of time it will take?!?! (Scotty on TNG) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Samba PDC + LDAP] How to set user password never expires using smb-ldap tools
Hi Everybody, Target is to set Samba PDC server with ldap backend. Environment used : Samba 3.0.20 Samba ldap tools 0.9.1-1 I can add user but pasword gets expired frequently, So my question is how can i set Password Never Expires using samba-ldap tools. Thanx Arun Sharma -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.14a linking to 2k3AD, utmp issues
Hi the list! Got an issue with utmp. Ive compiled with utmp, and have got utmp = yes in smb.conf But... When I do a w or a who, all I see is the 1st 8 charecters of the DOMAIN+Username :/ I know strictly speaking this is an issue with the w/who programs not showing more than 8 charecters, but since its ment to work with samba, id thought id ask if anyone else has had this problem and re written the w/who or another program etc. I either need it not to display the domain+ (in smb conf I already have winbind use default domain = yes which works for everything else so far, just not utmp :/ Any help gratefully received Ross -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: samba and crash server
Hi, please check, if your hard drives are ok. Status D means Disk Sleeps and Samba is waiting for Harddisk I/O. Can you do a ls in these directories? Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| ts.samba.org -| [mailto:samba-technical-bounces+dirk.laurenz=fujitsu-siemens -| [EMAIL PROTECTED] On Behalf Of Oleg Novikov -| Sent: Tuesday, September 13, 2005 9:38 AM -| To: samba-technical@lists.samba.org -| Subject: samba and crash server -| -| Hello All! -| -| We use Samba 3.0.14a as PDC on server with dual P4 -| Xeon processor. -| Earlier we use previos version, but problem is -| same. On server -| instaled SLES 9. -| -| When samba working in system is occur process with status D, i.e. -| #ps ax -| 9264 ?S 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf -| 9265 ?S 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf -| 9272 ?D 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf -| 9274 ?D 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf -| 9281 ?D 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf -|^^^ -| -| The quantity of such processes quickly grows. We cannot -| kill any of -| this process. In few minutes the server is cannot make -| anything. Then -| we press reset on server, but in some time this error -| is repeated -| again. -| -| smb.conf: -| -| [global] -| -| workgroup = NCSTU -| netbios name = server-class -| server string = Server class PDC -| time server = yes -| hosts allow = 195.209.245. 195.209.244. 62.76.116. -| 192.168. 127. 62.76.117. 10.35.5.194 -| use sendfile = no -| -| log file = /var/log/samba/log.%m.%I -| log level = 3 -| syslog = 0 -| max log size = 1000 -| -| security = user -| -| encrypt passwords = yes -| null passwords = yes -| socket options = SO_KEEPALIVE SO_REUSEADDR SO_BROADCAST -| TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_SNDBUF=5 -| SO_RCVBUF=5 -| -| interfaces = 195.209.244.13/24 127.0.0.1 -| local master = yes -| os level = 65535 -| domain master = yes -| preferred master = yes -| domain logons = yes -| logon script = %m.bat -| logon script = %U.bat -| -| logon path = \\%L\Profiles\%U -| logon drive = Z: -| wins support = yes -| -| dns proxy = no -| passwd chat = *new*password* %n\n *new*password* %n\n -| *seccessfuly* -| unix password sync = yes -| add machine script = /usr/local/sbin/smbldap-useradd.pl -| -w -d /dev/null -g 553 -s /bin/false %u -| delete user script = /usr/local/sbin/smbldap-userdel.pl %u -| -| #ldap -| passdb backend = ldapsam:ldap://127.0.0.1:389/ -| ldap suffix = dc=server-class,dc=ncstu,dc=ru -| ldap ssl = no -| ldap passwd sync = yes -| ldap machine suffix = -| ou=Computers,cn=int.ncstu.ru,sambaDomainName=NCSTU,dn=serve -| r-class, dc=ncstu, dc=ru -| ldap user suffix = -| ou=Users,cn=int.ncstu.ru,sambaDomainName=NCSTU,dn=server-cl -| ass, dc=ncstu, dc=ru -| ldap admin dn = cn=Manager,dc=server-class,dc=ncstu,dc=ru -| -| nt acl support = yes -| unix charset = UTF8 -| dos charset = 866 -| display charset = UTF8 -| deadtime = 1 -| enable privileges = yes -| -| # Share Definitions -| == -| -| # Un-comment the following and create the netlogon -| directory for Domain Logons -| [netlogon] -| comment = Network Logon Service -| path = /var/spool/samba/netlogon -| guest ok = yes -| writable = no -| share modes = no -| -| -| # Un-comment the following to provide a specific roving -| profile share -| # the default is to use the user's home directory -| [student] -| path = /var/spool/samba/student -| read only = no -| browseable = no -| writeable = no -| create mask = 0660 -| security mask = 0550 -| force security mode = -| directory mask = 0770 -| directory security mask = 0550 -| -| -| [Profiles] -| path = /var/spool/samba/profiles -| read only = no -| browseable = no -| writeable = yes -| create mask = 0600 -| directory mask = 0700 -| -| -- -| Oleg Novikov -| -- To unsubscribe from this list go to
[Samba] Winbind Problem on RedHat es3 samba 3.14a
Hi the list! Got an issue on my main filestore box, winbind keeps panicing :/ Ive got round it for now by restarting samba in the middle of the night. Previously it would only last 2 - 3 days (MAX) before winbind would panic 45692383- === 45692449-[2005/09/14 08:09:25, 0] lib/fault.c:fault_report(37) 45692503- INTERNAL ERROR: Signal 6 in pid 748 (3.0.14a) 45692551- Please read the appendix Bugs of the Samba HOWTO collection 45692613-[2005/09/14 08:09:25, 0] lib/fault.c:fault_report(39) 45692667- === 45692733:[2005/09/14 08:09:25, 0] lib/util.c:smb_panic2(1495) 45692786- PANIC: internal error 45692810:[2005/09/14 08:09:25, 0] lib/util.c:smb_panic2(1503) 45692863- BACKTRACE: 25 stack frames: 45692893: #0 /usr/local/samba/sbin/winbindd(smb_panic2+0x18c) [0x80c074f] 45692960: #1 /usr/local/samba/sbin/winbindd(smb_panic+0x10) [0x80c05c1] 45693025- #2 /usr/local/samba/sbin/winbindd [0x80b0572] 45693074- #3 /usr/local/samba/sbin/winbindd [0x80b05c7] 45693123- #4 /lib/tls/libc.so.6 [0xad3eb8] 45693159- #5 /lib/tls/libc.so.6(abort+0x1d5) [0xad54e5] 45693208- #6 /usr/local/samba/sbin/winbindd [0x80dde5b] 45693257- #7 /usr/local/samba/sbin/winbindd [0x80de1a9] 45693306- #8 /usr/local/samba/sbin/winbindd(cli_krb5_get_ticket+0x1c6) [0x80de4ba] 45693382- #9 /usr/local/samba/sbin/winbindd(spnego_gen_negTokenTarg+0x2f) [0x80defca] 45693461- #10 /usr/local/samba/sbin/winbindd [0x814d6c7] 45693511- #11 /usr/local/samba/sbin/winbindd [0x814d966] 45693561- #12 /usr/local/samba/sbin/winbindd(ads_sasl_bind+0xfe) [0x814df2a] 45693631- #13 /usr/local/samba/sbin/winbindd(ads_connect+0x218) [0x8148c3e] 45693700- #14 /usr/local/samba/sbin/winbindd(ads_do_search_retry+0x1af) [0x8152d57] 45693777- #15 /usr/local/samba/sbin/winbindd(ads_search_retry+0x22) [0x8152e91] 45693850- #16 /usr/local/samba/sbin/winbindd [0x8082e92] 45693900- #17 /usr/local/samba/sbin/winbindd [0x8078ede] 45693950- #18 /usr/local/samba/sbin/winbindd(winbindd_getpwnam+0x39f) [0x8070a14] 45694025- #19 /usr/local/samba/sbin/winbindd(strftime+0x1320) [0x806f314] 45694092- #20 /usr/local/samba/sbin/winbindd(winbind_process_packet+0x1d) [0x806f5d0] 45694171- #21 /usr/local/samba/sbin/winbindd(do_dual_daemon+0x1d3) [0x8085340] 45694243- #22 /usr/local/samba/sbin/winbindd(main+0x44b) [0x807033b] 45694305- #23 /lib/tls/libc.so.6(__libc_start_main+0xda) [0xac178a] 45694366- #24 /usr/local/samba/sbin/winbindd(chroot+0x31) [0x806ece5] In fact, this happened this morning, restart winbindd and its fine again, for a while Any ideas? Need more info? Cheers Ross -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Samba PDC + LDAP] How to set user password never expires using smb-ldap tools
Arun Sharma schrieb: Hi Everybody, Target is to set Samba PDC server with ldap backend. Environment used : Samba 3.0.20 Samba ldap tools 0.9.1-1 I can add user but pasword gets expired frequently, So my question is how can i set Password Never Expires using samba-ldap tools. Try using LAM - http://lam.sf.net - for managing your users, groups etc. There you can easily set the password expiry, logon hours etc. lots of useful features. -- Tomek http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon fails
Hello List, I have a network consisting of several Win2K Pro, WinXp Home, WinXp Pro Clients, a Linux Server with Samba 3 and a MS Small Business Server 2003. The Linux Server authenticates domain users using winbind. That works fine and all users can Login to the linux box using FTP, SSH, ... The only thing that doesn't work is connecting to samba shares. For some time I got the messages that there are no logon servers available until I set domain logons = Yes. Now the client gets a logon window but the password is rejected. If they try to connect to the ADS server everything works fine. Maybe a hint: On my notebook the username/password are the same as in active directory and it works. It also worked when domain logons wasn't switched on. I think it's an encryption issue. Could it be that windows uses another default encryption if I don't authenticate through the logon popup window but on boot? Here's a short dump of a logon sequence with loglevel 10: [2005/09/14 13:11:38, 10] lib/util_sock.c:read_data(517) read_data: read of 4 returned 0. Error = Success [2005/09/14 13:11:38, 10] lib/util_sock.c:receive_smb_raw(666) receive_smb_raw: length 0! [2005/09/14 13:11:38, 3] smbd/process.c:timeout_processing(1366) timeout_processing: End of file from client (client has disconnected). [2005/09/14 13:11:38, 5] lib/gencache.c:gencache_shutdown(88) Closing cache file [2005/09/14 13:11:38, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2005/09/14 13:11:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/09/14 13:11:38, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2005/09/14 13:11:38, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/09/14 13:11:38, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/09/14 13:11:38, 2] smbd/server.c:exit_server(608) Closing connections [2005/09/14 13:11:38, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/09/14 13:11:38, 5] smbd/oplock.c:receive_local_message(110) receive_local_message: doing select with timeout of 1 ms [2005/09/14 13:11:38, 3] smbd/server.c:exit_server(652) Server exit (normal exit) Thanks for your help mit freundlichen Grüssen, | with best regards, -- Daniel Khan Technische Leitung | CTO Geschäftsführender Gesellschafter | Managing Partner ventigo Werbung . IT . Marketing GmbH Kornstrasse 10 4060 Leonding T. +43 (0) 732 37 09 60 | F. +43 (0) 732 37 09 60 10 http://www.ventigo.com | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind PANIC
Hi! Seems winbind has a build-in :) error. It repeats twice a day. What other/debug info I must send ? [2005/09/14 14:40:08, 0] lib/fault.c:fault_report(36) === [2005/09/14 14:40:08, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 8384 (3.0.20) Please read the appendix Bugs of the Samba HOWTO collection [2005/09/14 14:40:08, 0] lib/fault.c:fault_report(39) === [2005/09/14 14:40:08, 0] lib/util.c:smb_panic2(1548) PANIC: internal error [2005/09/14 14:40:08, 0] lib/util.c:smb_panic2(1556) BACKTRACE: 10 stack frames: #0 /net/samba/winbindd(smb_panic2+0x8c) [0x800a6e2c] #1 /net/samba/winbindd(smb_panic+0x1a) [0x800a707a] #2 /net/samba/winbindd [0x80091364] #3 [0xe420] #4 /net/samba/winbindd [0x8005465b] #5 /net/samba/winbindd [0x80051697] #6 /net/samba/winbindd [0x800510aa] #7 /net/samba/winbindd [0x8002f9fc] #8 /net/samba/winbindd(main+0x75b) [0x80030dcb] #9 /unix/lib/libc.so.6(__libc_start_main+0xec) [0x40179fdc] /aTan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Gerhard Schaller/HOL_DV/Kuester/DE ist außer Hau s. ['Watchdog': checked]
Ich bin außer Haus ab 14.09.2005 und für Sie wieder erreichbar ab 15.09.2005. I'm not in the office on 14.09.2005 and will be available to you on 15.09.2005. Ich werde Ihre Nachricht nach meiner Rückkehr beantworten. Diese E-mail ist nur für den bezeichneten Adressaten bestimmt und kann vertrauliche und/oder rechtlich geschützte Informationen enthalten. Sollten Sie diese E-mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-mail. Wenn Sie nicht der vorgesehene Adressat dieser E-mail sein sollten, so beachten Sie bitte, dass jede Überarbeitung, Weiterleitung, Verbreitung oder jeder weitere Gebrauch dieser E-mail ausdrücklich untersagt ist. This e-mail is intended solely for the addressee and may contain confidential and/or privileged information. If you are not the intended recipient, please notify the sender immediately and destroy this e-mail. In this case any form of reproduction, disclosure, distribution or any action taken or refrained from in reliance on it, is strictly prohibited. . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: samba and crash server
hi, the smbd daemons are fallting into process status D (uninterruptible sleep). The only way to ged rid of these processes is rebooting your system! To analayze why smbd is falling into status D you have to check your logs. Another option is building a strace profile of smbd to see what`s going on. cheers Stefan Original Message Subject: [Samba] RE: samba and crash server (14-Sep-2005 11:57) From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] Hi, please check, if your hard drives are ok. Status D means Disk Sleeps and Samba is waiting for Harddisk I/O. Can you do a ls in these directories? Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone:+49 (511) 84 89 - 18 08 Telefax: +49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email:mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| ts.samba.org -| [mailto:samba-technical-bounces+dirk.laurenz=fujitsu-siemens -| [EMAIL PROTECTED] On Behalf Of Oleg Novikov -| Sent: Tuesday, September 13, 2005 9:38 AM -| To: samba-technical@lists.samba.org -| Subject: samba and crash server -| -| Hello All! -| -| We use Samba 3.0.14a as PDC on server with dual P4 -| Xeon processor. -| Earlier we use previos version, but problem is -| same. On server -| instaled SLES 9. -| -| When samba working in system is occur process with status D, i.e. -| #ps ax -| 9264 ?S 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf -| 9265 ?S 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf -| 9272 ?D 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf -| 9274 ?D 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf -| 9281 ?D 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf -|^^^ -| -| The quantity of such processes quickly grows. We cannot -| kill any of -| this process. In few minutes the server is cannot make -| anything. Then -| we press reset on server, but in some time this error -| is repeated -| again. -| -| smb.conf: -| -| [global] -| -| workgroup = NCSTU -| netbios name = server-class -| server string = Server class PDC -| time server = yes -| hosts allow = 195.209.245. 195.209.244. 62.76.116. -| 192.168. 127. 62.76.117. 10.35.5.194 -| use sendfile = no -| -| log file = /var/log/samba/log.%m.%I -| log level = 3 -| syslog = 0 -| max log size = 1000 -| -| security = user -| -| encrypt passwords = yes -| null passwords = yes -| socket options = SO_KEEPALIVE SO_REUSEADDR SO_BROADCAST -| TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_SNDBUF=5 -| SO_RCVBUF=5 -| -| interfaces = 195.209.244.13/24 127.0.0.1 -| local master = yes -| os level = 65535 -| domain master = yes -| preferred master = yes -| domain logons = yes -| logon script = %m.bat -| logon script = %U.bat -| -| logon path = \\%L\Profiles\%U -| logon drive = Z: -| wins support = yes -| -| dns proxy = no -| passwd chat = *new*password* %n\n *new*password* %n\n -| *seccessfuly* -| unix password sync = yes -| add machine script = /usr/local/sbin/smbldap-useradd.pl -| -w -d /dev/null -g 553 -s /bin/false %u -| delete user script = /usr/local/sbin/smbldap-userdel.pl %u -| -| #ldap -| passdb backend = ldapsam:ldap://127.0.0.1:389/ -| ldap suffix = dc=server-class,dc=ncstu,dc=ru -| ldap ssl = no -| ldap passwd sync = yes -| ldap machine suffix = -| ou=Computers,cn=int.ncstu.ru,sambaDomainName=NCSTU,dn=serve -| r-class, dc=ncstu, dc=ru -| ldap user suffix = -| ou=Users,cn=int.ncstu.ru,sambaDomainName=NCSTU,dn=server-cl -| ass, dc=ncstu, dc=ru -| ldap admin dn = cn=Manager,dc=server-class,dc=ncstu,dc=ru -| -| nt acl support = yes -| unix charset = UTF8 -| dos charset = 866 -| display charset = UTF8 -| deadtime = 1 -| enable privileges = yes -| -| # Share Definitions -| == -| -| # Un-comment the following and create the netlogon -| directory for Domain Logons -| [netlogon] -| comment = Network Logon Service -| path = /var/spool/samba/netlogon -| guest ok = yes -| writable = no -| share modes = no -| -| -| # Un-comment the following to provide a specific
[Samba] Gerhard Schaller/HOL_DV/Kuester/DE ist außer Hau s. ['Watchdog': checked]
Ich bin außer Haus ab 14.09.2005 und für Sie wieder erreichbar ab 15.09.2005. I'm not in the office on 14.09.2005 and will be available to you on 15.09.2005. Ich werde Ihre Nachricht nach meiner Rückkehr beantworten. Diese E-mail ist nur für den bezeichneten Adressaten bestimmt und kann vertrauliche und/oder rechtlich geschützte Informationen enthalten. Sollten Sie diese E-mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-mail. Wenn Sie nicht der vorgesehene Adressat dieser E-mail sein sollten, so beachten Sie bitte, dass jede Überarbeitung, Weiterleitung, Verbreitung oder jeder weitere Gebrauch dieser E-mail ausdrücklich untersagt ist. This e-mail is intended solely for the addressee and may contain confidential and/or privileged information. If you are not the intended recipient, please notify the sender immediately and destroy this e-mail. In this case any form of reproduction, disclosure, distribution or any action taken or refrained from in reliance on it, is strictly prohibited. . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind PANIC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vitaly Protsko wrote: | Hi! | | Seems winbind has a build-in :) error. It repeats twice a day. | What other/debug info I must send ? | | | [2005/09/14 14:40:08, 0] lib/fault.c:fault_report(36) | === | [2005/09/14 14:40:08, 0] lib/fault.c:fault_report(37) | INTERNAL ERROR: Signal 11 in pid 8384 (3.0.20) | Please read the appendix Bugs of the Samba HOWTO collection [2005/09/14 | 14:40:08, 0] lib/fault.c:fault_report(39) | === | [2005/09/14 14:40:08, 0] lib/util.c:smb_panic2(1548) | PANIC: internal error | [2005/09/14 14:40:08, 0] lib/util.c:smb_panic2(1556) | BACKTRACE: 10 stack frames: |#0 /net/samba/winbindd(smb_panic2+0x8c) [0x800a6e2c] |#1 /net/samba/winbindd(smb_panic+0x1a) [0x800a707a] |#2 /net/samba/winbindd [0x80091364] |#3 [0xe420] |#4 /net/samba/winbindd [0x8005465b] |#5 /net/samba/winbindd [0x80051697] |#6 /net/samba/winbindd [0x800510aa] |#7 /net/samba/winbindd [0x8002f9fc] |#8 /net/samba/winbindd(main+0x75b) [0x80030dcb] |#9 /unix/lib/libc.so.6(__libc_start_main+0xec) [0x40179fdc] Are you on a 64-bit x86 system ? I've got some patches that need posting website. Hopefully I'll get them done later today. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDKBZbIR7qMdg1EfYRAlVLAJ4mszAzaFCiUIuydCbjeysIh8dLQACgk9xS InRxQURsynZ8xxMk/Svaus4= =EZq/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba compatibility with NetAPP filers.
You may want to try this: Set on your smb.conf the line: client use spnego = no And then access using smbclient with -s option That worked for me ! -- Yair G. Rajwan 972-54-7887532 -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Sunday, September 11, 2005 12:59 AM To: Rajwan, Yair Cc: samba@lists.samba.org Subject: Re: [Samba] Samba compatibility with NetAPP filers. On Sat, Sep 10, 2005 at 11:47:21PM +0300, Rajwan, Yair wrote: Jeremy There is NetApp simulator that may help you ! Check now.netapp.com What url ? There's nothing about the simulator directly on that page I'm afraid. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind PANIC
Hi! No, compiled with -march=pentium4 -mtune=pentium4 and code works on HP's DL3x0 May be it is another problem/bug ? I'll compile new binaries just after you upload patches to site and then report problems if any... /aTan -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 14, 2005 4:24 PM To: Vitaly Protsko Cc: samba@lists.samba.org Subject: Re: [Samba] Winbind PANIC -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vitaly Protsko wrote: | Hi! | | Seems winbind has a build-in :) error. It repeats twice a day. What | other/debug info I must send ? | | | [2005/09/14 14:40:08, 0] lib/fault.c:fault_report(36) | === | [2005/09/14 14:40:08, 0] lib/fault.c:fault_report(37) | INTERNAL ERROR: Signal 11 in pid 8384 (3.0.20) | Please read the appendix Bugs of the Samba HOWTO collection | [2005/09/14 14:40:08, 0] lib/fault.c:fault_report(39) | === | [2005/09/14 14:40:08, 0] lib/util.c:smb_panic2(1548) | PANIC: internal error | [2005/09/14 14:40:08, 0] lib/util.c:smb_panic2(1556) | BACKTRACE: 10 stack frames: |#0 /net/samba/winbindd(smb_panic2+0x8c) [0x800a6e2c] |#1 /net/samba/winbindd(smb_panic+0x1a) [0x800a707a] |#2 /net/samba/winbindd [0x80091364] |#3 [0xe420] |#4 /net/samba/winbindd [0x8005465b] |#5 /net/samba/winbindd [0x80051697] |#6 /net/samba/winbindd [0x800510aa] |#7 /net/samba/winbindd [0x8002f9fc] |#8 /net/samba/winbindd(main+0x75b) [0x80030dcb] |#9 /unix/lib/libc.so.6(__libc_start_main+0xec) [0x40179fdc] Are you on a 64-bit x86 system ? I've got some patches that need posting website. Hopefully I'll get them done later today. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDKBZbIR7qMdg1EfYRAlVLAJ4mszAzaFCiUIuydCbjeysIh8dLQACgk9xS InRxQURsynZ8xxMk/Svaus4= =EZq/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] OT: Download Archived Messages Locally?
My apologies for asking this OT question on the list, but I'm hoping someone can help me. I have been lurking and monitoring this list for a long time, but getting messages in digest mode. Now, I am getting ready to roll out a live installation, and I'd like to have all of the list messages on my local computer so that I can view them in my preferred client (Thunderbird) as threads. Is there a way to download the entire list archives locally, keeping the message states (Date/Times, etc)? Tia, even if the answer is no... ;) -- Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OT: Download Archived Messages Locally?
Charles Marcus schrieb: My apologies for asking this OT question on the list, but I'm hoping someone can help me. I have been lurking and monitoring this list for a long time, but getting messages in digest mode. Now, I am getting ready to roll out a live installation, and I'd like to have all of the list messages on my local computer so that I can view them in my preferred client (Thunderbird) as threads. Is there a way to download the entire list archives locally, keeping the message states (Date/Times, etc)? Tia, even if the answer is no... ;) perhaps something like wget -r -np http://lists.samba.org/archive/samba/ would download the archives? -- Tomek http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo returns Error looking up domain users
On Tue, 13 Sep 2005 01:02:51 +0200 Henti Smith [EMAIL PROTECTED] wrote: I'm busy downgrading to 2.0.14 to see if this will help for now. this has not helped. I'm not getting any joy, and sadly no responces. I've gone back to 3.0.20 again. i've added all the patches on samba site as well. I'm now getting : checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) Could not check secret when trying to run wbinfo -t Is there anyway to debug wbinfo to see what it's trying to do. I don't mean debug winbind but what winbind is sending to samba/ldap or something. As mentioned before samba and ldap is working fine. all the normal operations are working fine just winbind thats not working anymore. When I use the usrmgr.exe I see the groups but no users. I can add groups and users per nomal they just don't show up. I'm going to try and build another BDC and join to domain and see if I can get something work that way to test with. -- Henti Smith [EMAIL PROTECTED] +27 82 958 2525 http://www.geekware.co.za DISCLAIMER : Unauthorised use of characters, images, sounds, odors, severed limbs, noodles, wierd dreams, strange looking fruit, oxygen, and certain parts of Jupiter are strictly forbidden. If I find you violating, or molesting my property in any way, I will employ a pair of burly convicts to find you, kidnap you, and perform god-awful sexual experiments on you until you lose the ability to sound out vowels. I don't know why you are still reading this, but by doing so you have proven that you have far too much time on your hands, and you should go plant a tree, or read a book or something. - http://www.ctrlaltdel-online.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming profile : taking forever to login /log off
Hi, i had a lot of similar problems inthe past now solved, just i didn't understand if the roaming profile of your client are actually about 200mb or not. In one case is possible to manage not to copy all the profile at every logon/off, instead if the trouble is not concerning the bigness of roaming profiles i need to know something more about your lan ( how many clients, how many people, etc..) L.Cerini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo returns Error looking up domain users
On Wed, 14 Sep 2005 02:24:34 +0200 Henti Smith [EMAIL PROTECTED] wrote: checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) Could not check secret This goes away when I disable domain logons' does this mean I'm getting the error due to domain login information not being sent, or not being sent correctly ? H -- Henti Smith [EMAIL PROTECTED] +27 82 958 2525 http://www.geekware.co.za DISCLAIMER : Unauthorised use of characters, images, sounds, odors, severed limbs, noodles, wierd dreams, strange looking fruit, oxygen, and certain parts of Jupiter are strictly forbidden. If I find you violating, or molesting my property in any way, I will employ a pair of burly convicts to find you, kidnap you, and perform god-awful sexual experiments on you until you lose the ability to sound out vowels. I don't know why you are still reading this, but by doing so you have proven that you have far too much time on your hands, and you should go plant a tree, or read a book or something. - http://www.ctrlaltdel-online.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication against AD?
Could I get an example of the /etc/pam.d/login configuration for use with winbind? Dimitri Yioulos wrote: On Tuesday 13 September 2005 3:58 pm, Rex Dieter wrote: Jason Gerfen wrote: I am having a hard time getting Samba to authentication correctly against a Windows Active Directory setup. template shell = /bin/bash template homedir = /home/%D/%U I can run the net ads join command which works fine, but if I try to authentication without a local account I am recieving errors. Any assistance or pointers is appreciated. If you want to avoid the use of local accounts, you also need to configure/use winbind and pam+nss_winbind -- Rex Rex is right. You need to configure resolv.conf, nsswitch.conf, and etc/pam.d/login. Dimitri -- Jason Gerfen Student Computing Labs, University Of Utah [EMAIL PROTECTED] J. Willard Marriott Library 295 S 1500 E, Salt Lake City, UT 84112-0860 801-585-9810 My girlfriend threated to leave me if I went boarding... I will miss her. ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OT: Download Archived Messages Locally?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Chmielewski wrote: | perhaps something like | | wget -r -np http://lists.samba.org/archive/samba/ | | would download the archives? or even - -- #!/bin/sh baseurl=http://lists.samba.org/archive/samba/ for i in January February March do curl $baseurl/2005-$i.txt.gz -o 200#1-$i.txt.gz done - -- But the real question is to you really *need* to do this? That's about 63Mb of mail :-) cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDKDMtIR7qMdg1EfYRAjmCAKCzcbAAftk1mLI3XQ8SRuWm9kVpugCfcyLO WAnpxQK4ImQomn002x5Q/OY= =YdB5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] pam_ldap problem on an LDAP+SMB configuration
Thanks for your responses. I did run the smbpasswd -w command, even before populating ldap (smbldap-populate command of smbldap-tools-0.9.1-1.2). In fact I change to a bogus password and I keep receiving the same message on my logs: pam_ldap: error trying to bind as user uid=testuser1,ou=Users,dc=valeeuro,dc=com (Invalid credentials) This is a fragment of my smb.conf with ldap configuration: ** ldap passwd sync = Yes #passwd program = /usr/sbin/smbldap-passwd -u %u ldap passwd sync = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=Manager,dc=valeeuro,dc=com ldap suffix = dc=valeeuro,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u *** As you can see, communication with ldap is not secure. Thanks in advance. David -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Craig White Enviado el: Martes, 13 de Septiembre de 2005 11:11 p.m. Para: samba@lists.samba.org Asunto: Re: [Samba] pam_ldap problem on an LDAP+SMB configuration On Tue, 2005-09-13 at 18:40 -0500, David Martinez wrote: Hi there. This is my first post to this list, I hope I can help you in the future. By now, I'm the one who needs help :) I've been trying to configure a Fedora Core 4 box to use samba + LDAP. I followed instructions of http://www.idealx.org/prj/samba/smbldap-howto.en.html but it seems like I'm having problems on the pam_ldap layer: when I go to step 4.5 (http://www.idealx.org/prj/samba/smbldap-howto.en.html#htoc32) ssh [EMAIL PROTECTED] I get the following message on /var/log/messages: Sep 13 18:09:40 linux2 sshd(pam_unix)[23077]: check pass; user unknown Sep 13 18:09:40 linux2 sshd(pam_unix)[23077]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser=rhost=linux2 Sep 13 18:09:40 linux2 sshd[23077]: pam_ldap: error trying to bind as user uid=testuser1,ou=Users,dc=valeeuro,dc=com (Invalid credentials) I have tried everything, but no success, I always get to this and I don't know what to do now. Its really important to me to get this configuration working, so I don't want to give up. Can someone help me or tell me if I have to read somewhere else ? probably would help if you posted the ldap relevant sections of your smb.conf to the list - also, for the ldap admin...did you set the password (smbpasswd -w X) ? Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: OT: Download Archived Messages Locally?
Now, I am getting ready to roll out a live installation, and I'd like to have all of the list messages on my local computer so that I can view them in my preferred client (Thunderbird) as threads. You might want to check out http://gmane.org/ . It wouldnt be a local copy but you can view the list as threads via a newsgroup interface. -- Rens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication against AD?
On Wednesday 14 September 2005 10:21 am, you wrote: Could I get an example of the /etc/pam.d/login configuration for use with winbind? Dimitri Yioulos wrote: On Tuesday 13 September 2005 3:58 pm, Rex Dieter wrote: Jason Gerfen wrote: I am having a hard time getting Samba to authentication correctly against a Windows Active Directory setup. template shell = /bin/bash template homedir = /home/%D/%U I can run the net ads join command which works fine, but if I try to authentication without a local account I am recieving errors. Any assistance or pointers is appreciated. If you want to avoid the use of local accounts, you also need to configure/use winbind and pam+nss_winbind -- Rex Rex is right. You need to configure resolv.conf, nsswitch.conf, and etc/pam.d/login. Dimitri Jason, I'll do it, but you really should read Samba-3 by Example. John H. and company have done an excellent job of documenting Samba configuration and use. It would be better to use the mailing list after that. That said: #%PAM-1.0 auth required pam_securetty.so auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass auth required pam_stack.so service=system-auth auth required pam_nologin.so account sufficient pam_winbind.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so Dimitri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP Profile write ok, no read.
Hi, I still have a problem with samba and profiles. The profile is correctly written to the profile share. but when i logon a other computer, logon takes ages.. and im unable to do anything registry is locked for example. ( see logs below ) when i copy the network profile to the local computer there is no problem. ( because the local profile is used ) OS : Linux Kernel 2.6.11 ( custom build ) Debian Sarge 3.1 (stable) Samba 3.014a-debian Ldap 2.2.23-8 ( debian ) smbldap-tools 0.8.7-4 (debian) i have the nt Usrmgr.exe working, no problems. i cups with nt point en print setup, no problems. i have kix logon script working. i also use nfs without problems i use acl en ext3 and no problem. i use policies with folder redirection, no problems. the starting rights on /home/samba/profiles is 777 user directories are automaticly created with 700 my base was the idealx setup. ( but debianized ) i have added these reg keys in my computers [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] ExcludeProfileDirs=Temporary Internet Files;History;Temp ;- ; force Windows XP Professional clients to accept Samba as a PDC [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] requiresignorseal=dword: signsecurechannel=dword: ;- ; Do not check for user ownership of Roaming Profile Folders [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 I have in my smb.conf the following [profiles] path = /home/samba/profiles comment = Profiel omgeving read only = no create mask = 0600 directory mask = 0700 browseable = Yes guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @Domain Admins this in the user/computer samba log : [2005/09/14 16:27:53, 2] rpc_parse/parse_prs.c:netsec_decode(1594) netsec_decode: FAILED: packet sequence number: [2005/09/14 16:27:53, 2] lib/util.c:dump_data(1995) [000] 3C C7 63 37 99 18 D6 F2 .c7 [2005/09/14 16:27:53, 2] rpc_parse/parse_prs.c:netsec_decode(1596) should be: [2005/09/14 16:27:53, 2] lib/util.c:dump_data(1995) [000] 00 00 00 00 80 00 00 00 [2005/09/14 16:27:54, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: ms249-wxp-043$ [2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: ehouh [2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) init_group_from_ldap: Entry found for group: 2005 [2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) init_group_from_ldap: Entry found for group: 2017 [2005/09/14 16:27:54, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [ehouh] - [ehouh] - [ehouh] succeeded [2005/09/14 16:27:55, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain BAZUIN - S-1-5-21-1569642236-1413433477-3613035652 [2005/09/14 16:27:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: ehouh [2005/09/14 16:27:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: ehouh [2005/09/14 16:27:55, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [ehouh] - [ehouh] - [ehouh] succeeded [2005/09/14 16:27:55, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp [2005/09/14 16:27:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: ehouh [2005/09/14 16:27:55, 1] smbd/service.c:make_connection_snum(642) ms249-wxp-043 (192.168.249.132) connect to service profiles initially as user ehouh (uid=2132, gid=513) (pid 13913) this is in the userenv.log from xp ( sp 2) USERENV(27c.280) 16:28:16:828 GetUserGuid: Failed to get user guid with 1355. USERENV(27c.280) 16:28:16:828 GetUserGuid: Failed to get user guid with 1355. USERENV(27c.280) 16:28:16:953 GetUserGuid: Failed to get user guid with 1355. USERENV(27c.280) 16:28:17:984 GetSpecialFolderPath : ShGetSpecialFolderPath failed, hr = 800703F0 USERENV(6e0.6f4) 16:28:18:296 MigrateNT4ToNT5: Failed to get root registry key with 0 USERENV(28c.290) 16:29:02:421
[Samba] Printers don't stick
Hi, Having a weird problem here. We've got Sambe 3.0.14a and cups 1.1.23 on a Debian system. I've run: cupsaddsmb -U RALPH\\jgoerzen -a -v Where RALPH is our PDC (and it also the machine I'm running this command on). The entire command *appears* to work, but: * None of the tdb files in /var/lib/samba, including ntforms.tdb, ntprinters.tdb, etc. have their date stamp updated. (They all still show last month, which is when we upgraded to Samba 3). * Whenever we have had to shut down (cleanly) the server and reboot, on reboot, Samba has completely forgotten about all of our printers. I usually have to send SIGHUP to Samba and then rerun cupsaddsmb, which normally takes care of things until the next reboot. Any idea what might be going on here? Thanks, -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication against AD?
I just wanted to make sure what I have currently is accurate for the /etc/pam.d/login, which according to what you sent me and the HOWTO you refered me to it is. For some reason I have still having problems. Would it matter if I had a non-traditional active directory schema (was modified to include unix services)? Dimitri Yioulos wrote: On Wednesday 14 September 2005 10:21 am, you wrote: Could I get an example of the /etc/pam.d/login configuration for use with winbind? Dimitri Yioulos wrote: On Tuesday 13 September 2005 3:58 pm, Rex Dieter wrote: Jason Gerfen wrote: I am having a hard time getting Samba to authentication correctly against a Windows Active Directory setup. template shell = /bin/bash template homedir = /home/%D/%U I can run the net ads join command which works fine, but if I try to authentication without a local account I am recieving errors. Any assistance or pointers is appreciated. If you want to avoid the use of local accounts, you also need to configure/use winbind and pam+nss_winbind -- Rex Rex is right. You need to configure resolv.conf, nsswitch.conf, and etc/pam.d/login. Dimitri Jason, I'll do it, but you really should read Samba-3 by Example. John H. and company have done an excellent job of documenting Samba configuration and use. It would be better to use the mailing list after that. That said: #%PAM-1.0 auth required pam_securetty.so authsufficient pam_winbind.so authsufficient pam_unix.so use_first_pass auth required pam_stack.so service=system-auth auth required pam_nologin.so account sufficient pam_winbind.so accountrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth sessionoptional pam_console.so Dimitri -- Jason Gerfen Student Computing Labs, University Of Utah [EMAIL PROTECTED] J. Willard Marriott Library 295 S 1500 E, Salt Lake City, UT 84112-0860 801-585-9810 My girlfriend threated to leave me if I went boarding... I will miss her. ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] session setup failed: ERRHRD
Hi all, Here is the situation: I have a W2k AD server, authenticating the users. The main file areas is on another server running Fedora Core 2 and samba 3.0.14a, I have a bunch of win2k and winxp workstations, that works fine. Now I am experimenting with a linux workstation, but I can't get it to connect the shares from the samba server. There are some shares on the W2k server as well, and I can connect to them without problems. The workstation is running Fedora Core 4 with the stock smb client tools included in the distro. Here is the output from smbclient when run with debug level 10: Command (for your information): sudo smbmount //njord/Gemensamt gemensamt -o user=uname,workgroup=sau,uid=uname,gid=users,debug=10 passthrough options 'user=uname' mount.smbfs started (version 3.0.14a-2) added interface ip=192.168.1.5 bcast=192.168.1.255 nmask=255.255.255.0 internal_resolve_name: looking up njord#20 Opening cache file at /var/cache/samba/gencache.tdb Returning valid cache entry: key = NBT/NJORD#20, value = 192.168.1.8:0, timeout = Wed Sep 14 17:21:08 2005 name njord#20 found. Connecting to 192.168.1.8 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 16384 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 16054: session request ok write_socket(4,183) write_socket(4,183) wrote 183 got smb length of 85 size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=16054 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]=7 (0x7) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=17408 (0x4400) smb_vwv[ 8]= 85 (0x55) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=0 (0x0) smb_vwv[12]=13587 (0x3513) smb_vwv[13]=16000 (0x3E80) smb_vwv[14]=50617 (0xC5B9) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 2303 (0x8FF) smb_bcc=16 [000] F2 9C DB 02 E4 0A 80 4F 53 00 41 00 55 00 00 00 ...O S.A.U... size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=16054 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]=7 (0x7) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=17408 (0x4400) smb_vwv[ 8]= 85 (0x55) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=0 (0x0) smb_vwv[12]=13587 (0x3513) smb_vwv[13]=16000 (0x3E80) smb_vwv[14]=50617 (0xC5B9) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 2303 (0x8FF) smb_bcc=16 [000] F2 9C DB 02 E4 0A 80 4F 53 00 41 00 55 00 00 00 ...O S.A.U... Serverzone is -7200 Password: write_socket(4,133) write_socket(4,133) wrote 133 got smb length of 35 size=35 smb_com=0x73 smb_rcls=3 smb_reh=0 smb_err=31 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=16054 smb_uid=0 smb_mid=2 smt_wct=0 smb_bcc=0 16054: session setup failed: ERRHRD - ERRgeneral (General failure.) SMB connection failed If anyone knows about this error, and how to resolve it, I will be most grateful. I have googled on the error message, and found a german page with a solution (add the workgroup= option), but that didn't work out for me. Best regards, Staffan Emren Societas Archaeologica Upsaliensis http://www.sau.se -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication against AD?
On Wednesday 14 September 2005 11:11 am, you wrote: I just wanted to make sure what I have currently is accurate for the /etc/pam.d/login, which according to what you sent me and the HOWTO you refered me to it is. For some reason I have still having problems. Would it matter if I had a non-traditional active directory schema (was modified to include unix services)? Dimitri Yioulos wrote: On Wednesday 14 September 2005 10:21 am, you wrote: Could I get an example of the /etc/pam.d/login configuration for use with winbind? Dimitri Yioulos wrote: On Tuesday 13 September 2005 3:58 pm, Rex Dieter wrote: Jason Gerfen wrote: I am having a hard time getting Samba to authentication correctly against a Windows Active Directory setup. template shell = /bin/bash template homedir = /home/%D/%U I can run the net ads join command which works fine, but if I try to authentication without a local account I am recieving errors. Any assistance or pointers is appreciated. If you want to avoid the use of local accounts, you also need to configure/use winbind and pam+nss_winbind -- Rex Rex is right. You need to configure resolv.conf, nsswitch.conf, and etc/pam.d/login. Dimitri Jason, I'll do it, but you really should read Samba-3 by Example. John H. and company have done an excellent job of documenting Samba configuration and use. It would be better to use the mailing list after that. That said: #%PAM-1.0 auth required pam_securetty.so authsufficient pam_winbind.so authsufficient pam_unix.so use_first_pass auth required pam_stack.so service=system-auth auth required pam_nologin.so account sufficient pam_winbind.so accountrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth sessionoptional pam_console.so Dimitri I don't particularly see that as being an issue. So, let's review: - Your smb.conf was changed to include/modify/etc. the directives mentioned in previous posts. Let me say here that I use the ip address in password server =. I'd also change realm = server.com to realm = SERVER.COM. I know these work for me, and we have 6 samba member servers working great in our AD scheme. - nsswitch.conf, resolv.conf, and /etc/pam.d/login are configured correctly. - krb5.conf is configured correctly. You might want to post your krb5.conf so we can have a look-see. When you start samba, do you also start the winbind daemon? Dimitri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication against AD?
You might want to post your krb5.conf so we can have a look-see. When you start samba, do you also start the winbind daemon? Dimitri [libdefaults] default_realm = REALM.COM clockskew = 300 [realms] UTAH.EDU = { kdc = 192.168.0.5 default_domain = domain.com admin_server = 192.168.0.5 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .domain.com = REALM.COM [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 } And I am starting both the winbind daemon with the samba daemon. -- Jason Gerfen My girlfriend threated to leave me if I went boarding... I will miss her. ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication against AD?
On Wednesday 14 September 2005 11:38 am, you wrote: You might want to post your krb5.conf so we can have a look-see. When you start samba, do you also start the winbind daemon? Dimitri [libdefaults] default_realm = REALM.COM clockskew = 300 [realms] UTAH.EDU = { kdc = 192.168.0.5 default_domain = domain.com admin_server = 192.168.0.5 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .domain.com = REALM.COM [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 } And I am starting both the winbind daemon with the samba daemon. You showed me yours, I'll show you mine :-) [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.COM dns_lookup_realm = true dns_lookup_kdc = true default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc [realms] MYDOMAIN.COM = { default_domain = mydomain.com kdc = 192.168.100.3 admin_server = 192.168.100.3 } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Note the default enctypes. Seems in the way back I was getting errors; adding these fixed that. Others may disagree, and YMMV. Dimitri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems compiling Samba-3.0.20 on Slackware 10.1 using kernel version 2.4.29 (unmodified)
Processes run: ./autogen.sh ./configure ./make Make results in the following error: /usr/lib/gcc-lib/i486-slackware-linux/3.3.4/../../../../i486-slackware-linux/bin/ld: cannot find -lssl collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 ssl version OpenSSL 0.9.7g 11 Apr 2005 is installed under /usr/local/ssl/ and is listed in /etc/ld.so.conf but is not stipulated when compiling. Does it need to be? Any ideas anyone? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems compiling Samba-3.0.20 on Slackware 10.1 using kernel version 2.4.29 (unmodified)
Processes run: ./autogen.sh ./configure ./make Make results in the following error: /usr/lib/gcc-lib/i486-slackware-linux/3.3.4/../../../../i486-slackware-linux/bin/ld: cannot find -lssl collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 ssl version OpenSSL 0.9.7g 11 Apr 2005 is installed under /usr/local/ssl/ and is listed in /etc/ld.so.conf but is not stipulated when compiling. Does it need to be? Any ideas anyone? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printers don't stick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Goerzen wrote: | Hi, | | Having a weird problem here. | | We've got Sambe 3.0.14a and cups 1.1.23 on a Debian system. I've run: | | cupsaddsmb -U RALPH\\jgoerzen -a -v | | Where RALPH is our PDC (and it also the machine I'm running this command | on). The entire command *appears* to work, but: | | * None of the tdb files in /var/lib/samba, including ntforms.tdb, |ntprinters.tdb, etc. have their date stamp updated. (They all still |show last month, which is when we upgraded to Samba 3). | | * Whenever we have had to shut down (cleanly) the server and reboot, |on reboot, Samba has completely forgotten about all of our printers. | |I usually have to send SIGHUP to Samba and then rerun cupsaddsmb, |which normally takes care of things until the next reboot. | | Any idea what might be going on here? Yeah. Potentially there's a missing mmap() related call in the tdb code. I'll try to follow up on it tomorrow. I'm tied up in other things right now. We might do a 3.0.20a release next week to rollup the current patch set from http://www.samba.org/samba/patches/ cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD4DBQFDKFLgIR7qMdg1EfYRAmvUAJd0Kf7aa2+/GdF3sc1ivsCMsv82AJ90DRrj iOicb2eHlJ4bSxJ0ypwsvw== =HjKf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Solaris NSS/winbind problem - large groups
Does anyone know if this is a problem specific to Solaris or if there is an existing fix or one on the way? Any help is greatly appreciated. 'getent group Domain Users' (or any other large group)-hangs 'getent group' -does not return a full group listing. 'wbinfo -g' -lists all groups partial truss output of getent group Domain Users (Repeats): alarm(0)= 0 sigaction(SIGALRM, 0xFFBFD6F8, 0xFFBFD7A8) = 0 sigfillset(0xFF242AA8) = 0 sigprocmask(SIG_BLOCK, 0xFFBFD798, 0xFFBFD788) = 0 alarm(1)= 0 Received signal #14, SIGALRM, in sigsuspend() [caught] sigsuspend(0xFFBFD778) Err#4 EINTR setcontext(0xFFBFD460) alarm(0)= 0 sigprocmask(SIG_UNBLOCK, 0xFFBFD798, 0x) = 0 sigaction(SIGALRM, 0xFFBFD6F8, 0x) = 0 alarm(0)= 0 sigaction(SIGALRM, 0xFFBFD6F8, 0xFFBFD7A8) = 0 sigprocmask(SIG_BLOCK, 0xFFBFD798, 0xFFBFD788) = 0 alarm(2)= 0 sigsuspend(0xFFBFD778) (sleeping...) Received signal #14, SIGALRM, in sigsuspend() [caught] sigsuspend(0xFFBFD778) Err#4 EINTR setcontext(0xFFBFD460) alarm(0)= 0 sigprocmask(SIG_UNBLOCK, 0xFFBFD798, 0x) = 0 sigaction(SIGALRM, 0xFFBFD6F8, 0x) = 0 alarm(0)= 0 sigaction(SIGALRM, 0xFFBFD6F8, 0xFFBFD7A8) = 0 sigprocmask(SIG_BLOCK, 0xFFBFD798, 0xFFBFD788) = 0 alarm(4)= 0 sigsuspend(0xFFBFD778) (sleeping...) In a previous list in samba-technical from last year, Andrew Bartlett wrote: From what I understand, the issue is not in winbindd, or wbinfo - but in nss_winbindd. So the command to run under truss is 'id' or 'getent group' etc. This is why I think this is a solaris specific sun (or winbind_nss_solaris.c) bug. Andrew Bartlett Thanks- , Kevin Hutching -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pam_ldap and Samba password change
Hi everybody, i have set up a Samba PDC with LDAP Backend as described in this howto: http://de.gentoo-wiki.com/Samba_PDC_mit_LDAP-Backend Everything runs fine now. I also changed configuration of my linux boxes to authenticate against the ldap server. When i log in into windows and change my user password, the Unix password of my user is also changed, when i type passwd on a linux box, it changes the unix password of the user in the ldap, but not the samba password also stored in ldap. Is there any chance to make passwd change the samba password too? Maybe possible with pam_ldap, but i did not find anything about this on the web. Help would be appreciated! Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profile : taking forever to login /log off
Hello, Thank you for your help :-) Yes some users have 200 MB profile Lorenzo Cerini wrote: Hi, i had a lot of similar problems inthe past now solved, just i didn't understand if the roaming profile of your client are actually about 200mb or not. In one case is possible to manage not to copy all the profile at every logon/off, instead if the trouble is not concerning the bigness of roaming profiles i need to know something more about your lan ( how many clients, how many people, etc..) L.Cerini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication against AD?
snippit dns_lookup_realm = true dns_lookup_kdc = true default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc I have added these options to my krb5.conf per your suggestion Note the default enctypes. Seems in the way back I was getting errors; adding these fixed that. Others may disagree, and YMMV. Dimitri I have the following services running smbd, nmbd winbindd. Here are snippits of the logs log.nmbd, log.smbd and log.winbind log.winbind [2005/09/14 10:38:06, 1] nsswitch/winbindd.c:main(864) winbindd version 3.0.13-1.1-SUSE started. Copyright The Samba Team 2000-2004 [2005/09/14 10:38:08, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain SCL.UTAH.EDU failed: No such file or directory log.smbd [2005/09/14 11:03:04, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2005/09/14 11:03:04, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused ** I am not running cups log.nmbd add_domain_logon_names: Attempting to become logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 [2005/09/14 10:38:12, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124) become_logon_server_success: Samba is now a logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 [2005/09/14 10:43:48, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) * Samba name server ODIN-NEWB is now a local master browser for workgroup DOMAIN.Com on subnet 192.168.0.3 * I am still not able to authenticate against the domain, any other suggestions? -- Jason Gerfen My girlfriend threated to leave me if I went boarding... I will miss her. ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication against AD?
Jason Gerfen wrote: snippit dns_lookup_realm = true dns_lookup_kdc = true default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc I have added these options to my krb5.conf per your suggestion Note the default enctypes. Seems in the way back I was getting errors; adding these fixed that. Others may disagree, and YMMV. Dimitri I have the following services running smbd, nmbd winbindd. Here are snippits of the logs log.nmbd, log.smbd and log.winbind log.winbind [2005/09/14 10:38:06, 1] nsswitch/winbindd.c:main(864) winbindd version 3.0.13-1.1-SUSE started. Copyright The Samba Team 2000-2004 [2005/09/14 10:38:08, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain SCL.UTAH.EDU failed: No such file or directory log.smbd [2005/09/14 11:03:04, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2005/09/14 11:03:04, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused ** I am not running cups log.nmbd add_domain_logon_names: Attempting to become logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 [2005/09/14 10:38:12, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124) become_logon_server_success: Samba is now a logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 [2005/09/14 10:43:48, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) * Samba name server ODIN-NEWB is now a local master browser for workgroup DOMAIN.Com on subnet 192.168.0.3 * I am still not able to authenticate against the domain, any other suggestions? If it helps any this is the response from wbinfo % wbinfo -m BUILTIN the -t and -u options return errors as well: [EMAIL PROTECTED]:~ sudo wbinfo -m BUILTIN [EMAIL PROTECTED]:~ sudo wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_PIPE_NOT_AVAILABLE (0xc0ac) Could not check secret [EMAIL PROTECTED]:~ sudo wbinfo -u Error looking up domain users -- Jason Gerfen Student Computing Labs, University Of Utah [EMAIL PROTECTED] J. Willard Marriott Library 295 S 1500 E, Salt Lake City, UT 84112-0860 801-585-9810 My girlfriend threated to leave me if I went boarding... I will miss her. ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Printers don't stick
On 2005-09-14, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: Yeah. Potentially there's a missing mmap() related call in the tdb code. I'll try to follow up on it tomorrow. I'm tied up in other things right now. OK, thanks for looking into it. Let me know if there's any way I can help. -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACL problem
Hi all, I have joined samba server (3.0.14a-2) to an ADS. I can copy, move and remove files from any windows workstation and also I can set ACLs. I need migrate files from 4 w2k servers to samba server and preserve ACL's. One server are into ADS domain, but the others server are into others domains. I use robocopy.exe to migrate files and folders. When I run robocopy the files and folders are copied but the ACLs are not preserved. The error is: [2005/09/13 10:15:06, 1] smbd/service.c:make_connection_snum(642) wxp (192.168.1.115) connect to service docu initially as user CECOTDM +administrador (uid=1, gid=1) (pid 2695) [2005/09/13 10:15:06, 0] smbd/posix_acls.c:create_canon_ace_lists(1388) create_canon_ace_lists: unable to map SID S-1-5-21-1844237615-920026266-725345543-500 to uid or gid. Possibly an idea? David, -- INGENT GROUP SYSTEMS, SL www.ingent.net David Mataró i Ciller [EMAIL PROTECTED] 629 819 621 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to change file permissions on samba mount.
Hello, We share out user home dirs from a a solaris server via samba. On a windows machine I can change file permissions to files in my samba home dir. From OS X 10.4.2 all the files are at 700 and chmod does nothing to them. From the GUI get info just says that I can read and write. The smb.conf on the sun server has the following entries under the [home] section: browseable = no read only = no create mode = 0700 directory mode = 0700 wide links = no hide dot files = yes any help would be appreciated. I have also bound the mac to the windows domain and it logs me on and auto connects the samba home dir fine, I just can't change file permissions. Thanks, Derek -- Derek Pearson Systems Administrator Baskin School of Engineering UCSC 459-5605 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication against AD?
Dimitri Yioulos wrote: On Wednesday 14 September 2005 1:07 pm, you wrote: snippit add_domain_logon_names: Attempting to become logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 [2005/09/14 10:38:12, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124) become_logon_server_success: Samba is now a logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 [2005/09/14 10:43:48, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) * Samba name server ODIN-NEWB is now a local master browser for workgroup DOMAIN.Com on subnet 192.168.0.3 * I am still not able to authenticate against the domain, any other suggestions? I think a tip-off is: nmbd/nmbd_logonnames.c:become_logon_server_success(124) become_logon_server_success: Samba is now a logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 Is that what you want? If the samba box has become the logon server, then what's the purpose of your Win2k3 server? Dimitri Ok, so how do I fix it? Here is my configuration: smb.conf [global] workgroup = DOMAIN.COM realm = REALM.COM security = ADS domain logons = yes encrypt passwords = yes password server = DC1.DOMAIN.COM DC2.DOMAIN.COM server string = odin.scl.utah.edu ldap idmap suffix = ou=users,dc=domain,dc=com prefered master = No local master = no domain master = No prefered master = no hide unreadable = no wins support = no dns proxy = no idmap uid = 15000-2 idmap gid = 15000-2 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ use spnego = yes update encrypted = yes winbind use default domain = yes winbind separator = \ winbind enum users = yes winbind enum groups = yes os level = 20 template shell = /bin/bash template homedir = /home/%D/%U [odin] comment = samba box inherit acls = Yes path = /usr/local/odin/ read only = no user = @DOMAIN+domain users force group = users force user = users guest ok = no krb5.conf [libdefaults] default_realm = REALM.COM clockskew = 300 dns_lookup_realm = true dns_lookup_kdc = true default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc [realms] REALM.COM = { kdc = 192.168.0.2 default_domain = scl.utah.edu admin_server = 192.168.0.2 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .domain.com = REALM.COM domain.com = REALM.COM [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 } nsswitch.conf passwd: files winbind shadow: files group: files winbind pam.d/login #%PAM-1.0 auth required pam_securetty.so auth includecommon-auth auth required pam_nologin.so auth required pam_mail.so auth sufficient pam_winbind.so #account include common-account account sufficientpam_winbind.so password includecommon-password session includecommon-session session required pam_resmgr.so What am I doing wrong? I followed the samba howto on ADS domain membership http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member here are the results of the commands run when creating the computer account: [EMAIL PROTECTED]:~ sudo net ads join -UAdmin Admin's password: [2005/09/14 13:26:03, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for odin-newb already exists - modifying old account Using short domain name -- SCL.UTAH.EDU Joined 'ODIN-NEWB' to realm 'SCL.UTAH.EDU' Am I ok up to this point? -- Jason Gerfen My girlfriend threated to leave me if I went boarding... I will miss her. ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Installing Samba on AIX V5.1
I'm trying to install on an AIX box V5.1. I downloaded the Samba version for 5.1 and ran the executable. But the install fails. I got the file from www.bullfreeware.com http://www.bullfreeware.com/ Does anyone have any idea why the install would fail? Thanks Joe Joseph Madrinkian Consultant, Professional Services - Speedware Speedware Division of Activant Solutions Inc. 6380 Cote de Liesse Rd., Suite 110 St. Laurent, Quebec Canada H4T 1E3 T: 514.747.7007 ext. 8334 F: 514.747.3380 M: 514.249.9433 E-mail: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] Web site: www.speedware.com file:///C:\Documents%20and%20Settings\joseph.madrinkian\Application%20D ata\Microsoft\Signatures\www.speedware.com http://www.speedware.com http://www.speedware.com/ Notice: This transmission is for the sole use of the intended recipient(s) and may contain information that is confidential and/or privileged. If you are not the intended recipient, please delete this transmission and any attachments and notify the sender by return email immediately. Any unauthorized review, use, disclosure or distribution is prohibited. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication against AD?
On Wednesday 14 September 2005 3:26 pm, Jason Gerfen wrote: Dimitri Yioulos wrote: On Wednesday 14 September 2005 1:07 pm, you wrote: snippit add_domain_logon_names: Attempting to become logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 [2005/09/14 10:38:12, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124) become_logon_server_success: Samba is now a logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 [2005/09/14 10:43:48, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) * Samba name server ODIN-NEWB is now a local master browser for workgroup DOMAIN.Com on subnet 192.168.0.3 * I am still not able to authenticate against the domain, any other suggestions? I think a tip-off is: nmbd/nmbd_logonnames.c:become_logon_server_success(124) become_logon_server_success: Samba is now a logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 Is that what you want? If the samba box has become the logon server, then what's the purpose of your Win2k3 server? Dimitri Ok, so how do I fix it? Here is my configuration: smb.conf [global] workgroup = DOMAIN.COM realm = REALM.COM security = ADS domain logons = yes encrypt passwords = yes password server = DC1.DOMAIN.COM DC2.DOMAIN.COM server string = odin.scl.utah.edu ldap idmap suffix = ou=users,dc=domain,dc=com prefered master = No local master = no domain master = No prefered master = no hide unreadable = no wins support = no dns proxy = no idmap uid = 15000-2 idmap gid = 15000-2 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ use spnego = yes update encrypted = yes winbind use default domain = yes winbind separator = \ winbind enum users = yes winbind enum groups = yes os level = 20 template shell = /bin/bash template homedir = /home/%D/%U [odin] comment = samba box inherit acls = Yes path = /usr/local/odin/ read only = no user = @DOMAIN+domain users force group = users force user = users guest ok = no krb5.conf [libdefaults] default_realm = REALM.COM clockskew = 300 dns_lookup_realm = true dns_lookup_kdc = true default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc [realms] REALM.COM = { kdc = 192.168.0.2 default_domain = scl.utah.edu admin_server = 192.168.0.2 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .domain.com = REALM.COM domain.com = REALM.COM [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 } nsswitch.conf passwd: files winbind shadow: files group: files winbind pam.d/login #%PAM-1.0 auth required pam_securetty.so auth includecommon-auth auth required pam_nologin.so auth required pam_mail.so auth sufficient pam_winbind.so #account include common-account account sufficientpam_winbind.so password includecommon-password session includecommon-session session required pam_resmgr.so What am I doing wrong? I followed the samba howto on ADS domain membership http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.ht ml#ads-member here are the results of the commands run when creating the computer account: [EMAIL PROTECTED]:~ sudo net ads join -UAdmin Admin's password: [2005/09/14 13:26:03, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for odin-newb already exists - modifying old account Using short domain name -- SCL.UTAH.EDU Joined 'ODIN-NEWB' to realm 'SCL.UTAH.EDU' Am I ok up to this point? -- Jason Gerfen CLIP Please undertsand that mu configuration is pretty straightforward. My samba boxes are not PDCs/BDCs, I don't use ACLs, etc. All I want is basic access for file and print serving. Again, that said: Looks like you're good, up to a point, in that you've joined the domain. If you go to your Win2k3 server, can you browse the samba share you created? I'm certainly no expert (in fact, the people on the list have helped me), but I'm not sure why you need: ldap idmap suffix = ou=users,dc=domain,dc=com Anyway, here's my smb.conf from one of my servers: [global] workgroup = HEADQUARTERS netbios name = NORWELL server string = hosts allow = 192.168.100. 10.8.0.0/24 127. printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max
Re: [Samba] Re: Authentication against AD?
On Wednesday 14 September 2005 3:56 pm, you wrote: On Wednesday 14 September 2005 3:26 pm, Jason Gerfen wrote: Dimitri Yioulos wrote: On Wednesday 14 September 2005 1:07 pm, you wrote: snippit add_domain_logon_names: Attempting to become logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 [2005/09/14 10:38:12, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124) become_logon_server_success: Samba is now a logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 [2005/09/14 10:43:48, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) * Samba name server ODIN-NEWB is now a local master browser for workgroup DOMAIN.Com on subnet 192.168.0.3 * I am still not able to authenticate against the domain, any other suggestions? I think a tip-off is: nmbd/nmbd_logonnames.c:become_logon_server_success(124) become_logon_server_success: Samba is now a logon server for workgroup SCL.UTAH.EDU on subnet 192.168.0.3 Is that what you want? If the samba box has become the logon server, then what's the purpose of your Win2k3 server? Dimitri Ok, so how do I fix it? Here is my configuration: smb.conf [global] workgroup = DOMAIN.COM realm = REALM.COM security = ADS domain logons = yes encrypt passwords = yes password server = DC1.DOMAIN.COM DC2.DOMAIN.COM server string = odin.scl.utah.edu ldap idmap suffix = ou=users,dc=domain,dc=com prefered master = No local master = no domain master = No prefered master = no hide unreadable = no wins support = no dns proxy = no idmap uid = 15000-2 idmap gid = 15000-2 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ use spnego = yes update encrypted = yes winbind use default domain = yes winbind separator = \ winbind enum users = yes winbind enum groups = yes os level = 20 template shell = /bin/bash template homedir = /home/%D/%U [odin] comment = samba box inherit acls = Yes path = /usr/local/odin/ read only = no user = @DOMAIN+domain users force group = users force user = users guest ok = no krb5.conf [libdefaults] default_realm = REALM.COM clockskew = 300 dns_lookup_realm = true dns_lookup_kdc = true default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc [realms] REALM.COM = { kdc = 192.168.0.2 default_domain = scl.utah.edu admin_server = 192.168.0.2 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .domain.com = REALM.COM domain.com = REALM.COM [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 } nsswitch.conf passwd: files winbind shadow: files group: files winbind pam.d/login #%PAM-1.0 auth required pam_securetty.so auth includecommon-auth auth required pam_nologin.so auth required pam_mail.so auth sufficient pam_winbind.so #account include common-account account sufficientpam_winbind.so password includecommon-password session includecommon-session session required pam_resmgr.so What am I doing wrong? I followed the samba howto on ADS domain membership http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member. ht ml#ads-member here are the results of the commands run when creating the computer account: [EMAIL PROTECTED]:~ sudo net ads join -UAdmin Admin's password: [2005/09/14 13:26:03, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for odin-newb already exists - modifying old account Using short domain name -- SCL.UTAH.EDU Joined 'ODIN-NEWB' to realm 'SCL.UTAH.EDU' Am I ok up to this point? -- Jason Gerfen CLIP Please undertsand that mu configuration is pretty straightforward. My samba boxes are not PDCs/BDCs, I don't use ACLs, etc. All I want is basic access for file and print serving. Again, that said: Looks like you're good, up to a point, in that you've joined the domain. If you go to your Win2k3 server, can you browse the samba share you created? I'm certainly no expert (in fact, the people on the list have helped me), but I'm not sure why you need: ldap idmap suffix = ou=users,dc=domain,dc=com Anyway, here's my smb.conf from one of my servers: [global]
[Samba] Installing Samba on AIX V5.1...More Info
I'm trying to install on an AIX box V5.1. I downloaded the Samba version for 5.1 and ran the executable. But the install fails. I got the file from www.bullfreeware.com http://www.bullfreeware.com/ The installation error message I get is Installation failed for the user part Does anyone have any idea why the install would fail? Notice: This transmission is for the sole use of the intended recipient(s) and may contain information that is confidential and/or privileged. If you are not the intended recipient, please delete this transmission and any attachments and notify the sender by return email immediately. Any unauthorized review, use, disclosure or distribution is prohibited. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba + nis
It is possible to integrate the samba authentication with a NIS Domain? What I want to do is configure a PDC to use my nis users and passwords. Tks -- Felipe L. Tocchetto msn [EMAIL PROTECTED] icq 163263160 [EMAIL PROTECTED] http://www.felipe.tocchetto.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP - Can't add machine
Ok, I'm pretty much following the book Samba 3 by Example and I've run into a few problems. I can't add a machine account: # net rpc join -U Administrator%SECRET Create of workstation account failed Unable to join domain HANDY_AUTH. If I try root: # net rpc join -U root%SECRET Could not connect to server PRIMARY The username or password was not correct. When I try smbpasswd -a root, I end up getting an error: # smbpasswd -a root New SMB password: Retype new SMB password: ldapsam_add_sam_account: SID 'S-1-5-21-1529261333-2934293496-63313958-1000' already in the base, with samba attributes Failed to add entry for user root. Failed to modify password entry for user root Additionally, I also run into the following: # net groupmap list [2005/09/14 19:44:47, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2458) ldapsam_setsamgrent: LDAP search failed: Size limit exceeded [2005/09/14 19:44:47, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2523) ldapsam_enum_group_mapping: Unable to open passdb I seem to get this Size Limit eror in several places, on of which is the web based LAM utility when clicking on the 'Groups' tab. So somewhere along the way I've screwed up, and after trying from scratch several times I'm getting a little frustrated at the wasted time. Is there a list of steps I can take to diagnose and resolve this issue? Any help or insight would be very much appreciated! Michael Christian Jr. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba install w/FC#3
On Wed, 2005-09-14 at 12:09 -0600, dave croden wrote: downloaded samba i386,common, client rpm's. Samba can't find the common and client files, but the system says they are already installed.Any suggestions.Should I upgrade to FC#4 and download the 3 files for FC4 and try it? I don't run FC, but someone on the list might know something ... -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profile : taking forever to login /log off
do not use the home directory as profile dir... you need profile acls = yes there. similar like this: logon path = \\%N\profiles\%u [profiles] csc policy = disable browsable = no profile acls = yes path = /var/smbdata/profiles writable = yes create mask = 0600 directory mask = 0700 if u use the homedir as profiledir, u must not use profile acls=yes... therefore u have problems with logon. this - maybe - will slow down your logon process. details u can find, if u turn log level to a higher value. -- greetings, kurt, austria. (http://www.kwnet.at) this is a posting from a samba *user* - not a samba developer. the posting is created on the base of experiences an may be faulty. so, please, if there's any mistake in it, please feel free to correct it FM schrieb: Hello everybody, We are using SMB as PDC and roaming profile. but login /log off are taking 15 min (200 MB) on our GB network. when I use tcpdump to monitor SMB on the client and the server , I can see that the copy hang during several minutes. our stations : win xp sp2 (webclient disabled) our smb serveur : samba-3.0.9 here is my smb.conf : # Global parameters [global] workgroup = DOMAIN server string = DOMAIN PDC Server interfaces = IP passdb backend = ldapsam:ldap://ldap-master.lan.lexum.pri/ passwd program = /usr/local/sbin/krb5_update_pwd.pl -u %u passwd chat = *Password:* %n\n *Again:* %n\n *Changed* username map = /etc/samba/smbusers unix password sync = Yes log level = 10 log file = /var/log/samba/%m.log max log size = 50 name resolve order = wins lmhosts bcast host dns time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap add user script = /usr/local/sbin/smbldap-useradd -m %u delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u add machine script = /usr/local/sbin/smbldap-useradd -t 5 -w %u logon path = \\%L\%U\windows logon drive = Z: logon home = \\%L\%U domain logons = Yes os level = 33 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=samba,ou=LdapSystem,dc=lan,dc=lexum,dc=pri ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=lan,dc=lexum,dc=pri ldap ssl = no ldap user suffix = ou=Users hosts allow = 192.168.4., 127.0.0.1 cups options = raw mangled names = No [homes] comment = Home Directories read only = No browseable = No csc policy = disable [netlogon] comment = Network Logon Service path = /etc/samba/netlogon guest ok = Yes share modes = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File owning and rights problems
you allow map to guest and guest is nobody. so, if login failes, you are logged on as nobody. for me it looks like your login failes and you are logged in as guest. you can proofe this, if you set map to guest = bad user(global) and guest ok = false check login for your case and if login succeeds, you'll see the real username in linux. So I did that! It works now! Thanx for your help!... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r10221 - branches/SAMBA_3_0/source/rpc_server trunk/source/registry trunk/source/rpc_server
Author: jerry Date: 2005-09-14 12:49:24 + (Wed, 14 Sep 2005) New Revision: 10221 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10221 Log: add free pass for root in svcctl and default winreg access checks Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c trunk/source/registry/reg_frontend.c trunk/source/rpc_server/srv_svcctl_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-09-14 01:32:37 UTC (rev 10220) +++ branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-09-14 12:49:24 UTC (rev 10221) @@ -46,6 +46,14 @@ se_map_generic( access_desired, reg_generic_map ); se_access_check( sec_desc, token, access_desired, access_granted, result ); + + if ( !NT_STATUS_IS_OK(result) ) { + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,(registry_access_check: access check bypassed for 'root'\n)); + *access_granted = access_desired; + return NT_STATUS_OK; + } + } return result; } Modified: branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c2005-09-14 01:32:37 UTC (rev 10220) +++ branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c2005-09-14 12:49:24 UTC (rev 10221) @@ -59,10 +59,18 @@ uint32 access_desired, uint32 *access_granted ) { NTSTATUS result; - + /* maybe add privilege checks in here later */ se_access_check( sec_desc, token, access_desired, access_granted, result ); + + if ( !NT_STATUS_IS_OK(result) ) { + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,(svcctl_access_check: access check bypassed for 'root'\n)); + *access_granted = access_desired; + return NT_STATUS_OK; + } + } return result; } Modified: trunk/source/registry/reg_frontend.c === --- trunk/source/registry/reg_frontend.c2005-09-14 01:32:37 UTC (rev 10220) +++ trunk/source/registry/reg_frontend.c2005-09-14 12:49:24 UTC (rev 10221) @@ -58,6 +58,15 @@ se_map_generic( access_desired, reg_generic_map ); se_access_check( sec_desc, token, access_desired, access_granted, result ); + + if ( !NT_STATUS_IS_OK(result) ) { + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,(registry_access_check: access check bypassed for 'root'\n)); + *access_granted = access_desired; + return NT_STATUS_OK; + } + } + return result; } Modified: trunk/source/rpc_server/srv_svcctl_nt.c === --- trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-14 01:32:37 UTC (rev 10220) +++ trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-14 12:49:24 UTC (rev 10221) @@ -104,10 +104,18 @@ uint32 access_desired, uint32 *access_granted ) { NTSTATUS result; - + /* maybe add privilege checks in here later */ se_access_check( sec_desc, token, access_desired, access_granted, result ); + + if ( !NT_STATUS_IS_OK(result) ) { + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,(svcctl_access_check: access check bypassed for 'root'\n)); + *access_granted = access_desired; + return NT_STATUS_OK; + } + } return result; }
svn commit: samba r10222 - in trunk/source/rpc_server: .
Author: jerry Date: 2005-09-14 12:53:18 + (Wed, 14 Sep 2005) New Revision: 10222 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10222 Log: * remove additional regkey_access_check() from _reg_delete_key * check for DELETE access on the requested handle and not on the immediate parent. Modified: trunk/source/rpc_server/srv_reg_nt.c Changeset: Modified: trunk/source/rpc_server/srv_reg_nt.c === --- trunk/source/rpc_server/srv_reg_nt.c2005-09-14 12:49:24 UTC (rev 10221) +++ trunk/source/rpc_server/srv_reg_nt.c2005-09-14 12:53:18 UTC (rev 10222) @@ -1189,6 +1189,15 @@ if ( !parent ) return WERR_BADFID; + + /* MSDN says parent the handle must have been opened with DELETE access */ + + /* (1) check for delete rights on the parent */ + + if ( !(parent-access_granted STD_RIGHT_DELETE_ACCESS) ) { + result = WERR_ACCESS_DENIED; + goto done; + } rpcstr_pull( name, q_u-name.string-buffer, sizeof(name), q_u-name.string-uni_str_len*2, 0 ); @@ -1197,47 +1206,24 @@ if ( strrchr( name, '\\' ) ) { pstring newkeyname; char *ptr; - uint32 access_granted; - /* (1) check for enumerate rights on the parent handle. CLients can try - create things like 'SOFTWARE\Samba' on the HKLM handle. - (2) open the path to the child parent key if necessary */ + /* (2) open the path to the child parent key if necessary */ + /* split the registry path and save the subkeyname */ - if ( !(parent-access_granted SEC_RIGHTS_ENUM_SUBKEYS) ) - return WERR_ACCESS_DENIED; - pstrcpy( newkeyname, name ); ptr = strrchr( newkeyname, '\\' ); *ptr = '\0'; + pstrcpy( name, ptr+1 ); - result = open_registry_key( p, newparent_handle, newparentinfo, parent, newkeyname, 0 ); + result = open_registry_key( p, newparent_handle, newparentinfo, parent, newkeyname, (REG_KEY_READ|REG_KEY_WRITE) ); if ( !W_ERROR_IS_OK(result) ) return result; - - if ( !regkey_access_check( newparentinfo, REG_KEY_READ|REG_KEY_WRITE, access_granted, p-pipe_user.nt_user_token ) ) { - result = WERR_ACCESS_DENIED; - goto done; - } - - newparentinfo-access_granted = access_granted; - - /* copy the new key name (just the lower most keyname) */ - - pstrcpy( name, ptr+1 ); } else { /* use the existing open key information */ newparentinfo = parent; - memcpy( newparent_handle, q_u-handle, sizeof(POLICY_HND) ); } - /* (3) check for delete rights on the correct parent */ - - if ( !(newparentinfo-access_granted STD_RIGHT_DELETE_ACCESS) ) { - result = WERR_ACCESS_DENIED; - goto done; - } - if ( !(subkeys = TALLOC_ZERO_P( p-mem_ctx, REGSUBKEY_CTR )) ) { result = WERR_NOMEM; goto done;
svn commit: samba r10223 - in trunk/source: include rpc_server
Author: jerry Date: 2005-09-14 13:59:09 + (Wed, 14 Sep 2005) New Revision: 10223 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10223 Log: * map generic bits for scm and service access masks Needed by srvmgr.exe Modified: trunk/source/include/rpc_secdes.h trunk/source/rpc_server/srv_svcctl_nt.c Changeset: Modified: trunk/source/include/rpc_secdes.h === --- trunk/source/include/rpc_secdes.h 2005-09-14 12:53:18 UTC (rev 10222) +++ trunk/source/include/rpc_secdes.h 2005-09-14 13:59:09 UTC (rev 10223) @@ -481,13 +481,16 @@ SC_RIGHT_MGR_ENUMERATE_SERVICE| \ SC_RIGHT_MGR_QUERY_LOCK_STATUS ) -#define SC_MANAGER_ALL_ACCESS \ +#define SC_MANAGER_EXECUTE_ACCESS SC_MANAGER_READ_ACCESS + +#define SC_MANAGER_WRITE_ACCESS \ ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ SC_MANAGER_READ_ACCESS| \ SC_RIGHT_MGR_CREATE_SERVICE | \ SC_RIGHT_MGR_LOCK | \ SC_RIGHT_MGR_MODIFY_BOOT_CONFIG ) +#define SC_MANAGER_ALL_ACCESS SC_MANAGER_WRITE_ACCESS /* Service Object Bits */ @@ -515,12 +518,14 @@ SC_RIGHT_SVC_STOP | \ SC_RIGHT_SVC_PAUSE_CONTINUE ) -#define SERVICE_ALL_ACCESS \ +#define SERVICE_WRITE_ACCESS \ ( STANDARD_RIGHTS_REQUIRED_ACCESS | \ SERVICE_READ_ACCESS | \ SERVICE_EXECUTE_ACCESS| \ SC_RIGHT_SVC_CHANGE_CONFIG ) +#define SERVICE_ALL_ACCESS SERVICE_WRITE_ACCESS + /* Modified: trunk/source/rpc_server/srv_svcctl_nt.c === --- trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-14 12:53:18 UTC (rev 10222) +++ trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-14 13:59:09 UTC (rev 10223) @@ -39,7 +39,12 @@ struct service_control_op *svcctl_ops; +static struct generic_mapping scm_generic_map = + { SC_MANAGER_READ_ACCESS, SC_MANAGER_WRITE_ACCESS, SC_MANAGER_EXECUTE_ACCESS, SC_MANAGER_ALL_ACCESS }; +static struct generic_mapping svc_generic_map = + { SERVICE_READ_ACCESS, SERVICE_WRITE_ACCESS, SERVICE_EXECUTE_ACCESS, SERVICE_ALL_ACCESS }; + / / @@ -247,6 +252,7 @@ if ( !(sec_desc = construct_scm_sd( p-mem_ctx )) ) return WERR_NOMEM; + se_map_generic( q_u-access, scm_generic_map ); status = svcctl_access_check( sec_desc, p-pipe_user.nt_user_token, q_u-access, access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status ); @@ -280,6 +286,7 @@ if ( !(sec_desc = svcctl_get_secdesc( p-mem_ctx, service, get_root_nt_token() )) ) return WERR_NOMEM; + se_map_generic( q_u-access, svc_generic_map ); status = svcctl_access_check( sec_desc, p-pipe_user.nt_user_token, q_u-access, access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status );
svn commit: samba r10224 - in trunk/source: include rpc_parse rpc_server
Author: jerry Date: 2005-09-14 14:54:21 + (Wed, 14 Sep 2005) New Revision: 10224 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10224 Log: add {Unl,L}ockServiceDatabase() to get srvmgr.exe to work Modified: trunk/source/include/rpc_svcctl.h trunk/source/rpc_parse/parse_svcctl.c trunk/source/rpc_server/srv_svcctl.c trunk/source/rpc_server/srv_svcctl_nt.c Changeset: Sorry, the patch is too large (398 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10224
svn commit: samba r10225 - in branches/SAMBA_4_0/swat/style/qooxdoo/layouts: .
Author: deryck Date: 2005-09-14 15:08:46 + (Wed, 14 Sep 2005) New Revision: 10225 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10225 Log: Adding back a style rule to qooxdoo that was originally removed. This is a cross browser hack that makes for better performance amone differing browsers. deryck Modified: branches/SAMBA_4_0/swat/style/qooxdoo/layouts/application.css Changeset: Modified: branches/SAMBA_4_0/swat/style/qooxdoo/layouts/application.css === --- branches/SAMBA_4_0/swat/style/qooxdoo/layouts/application.css 2005-09-14 14:54:21 UTC (rev 10224) +++ branches/SAMBA_4_0/swat/style/qooxdoo/layouts/application.css 2005-09-14 15:08:46 UTC (rev 10225) @@ -3,3 +3,4 @@ @import url(../test.css); @import url(../themes.css); @import url(../widgets.css); +body,html{overflow:hidden;width:100%;height:100%;} :root,:root body{overflow:-moz-scrollbars-unscrollable;}
svn commit: samba r10226 - in trunk/source: . include rpc_parse rpc_server
Author: jerry Date: 2005-09-14 16:38:33 + (Wed, 14 Sep 2005) New Revision: 10226 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10226 Log: here we go again. have to implement another pipe to get the MMC service control plugin to stop whining. Looks like I have about 1/2 dozen RPCs to match Win2k Added: trunk/source/include/rpc_ntsvcs.h trunk/source/rpc_parse/parse_ntsvcs.c trunk/source/rpc_server/srv_ntsvcs.c trunk/source/rpc_server/srv_ntsvcs_nt.c Modified: trunk/source/Makefile.in trunk/source/configure.in trunk/source/include/includes.h trunk/source/include/smb.h trunk/source/rpc_parse/parse_rpc.c trunk/source/rpc_server/srv_pipe.c Changeset: Sorry, the patch is too large (387 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10226
svn commit: samba r10227 - in trunk/source: include rpc_parse rpc_server
Author: jerry Date: 2005-09-14 18:48:55 + (Wed, 14 Sep 2005) New Revision: 10227 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10227 Log: more ntsvcs code for the MMC service control plugin. Making some progress Modified: trunk/source/include/doserr.h trunk/source/include/rpc_ntsvcs.h trunk/source/rpc_parse/parse_misc.c trunk/source/rpc_parse/parse_ntsvcs.c trunk/source/rpc_server/srv_ntsvcs.c trunk/source/rpc_server/srv_ntsvcs_nt.c Changeset: Sorry, the patch is too large (379 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10227
svn commit: samba r10228 - in branches/SAMBA_4_0/swat: desktop scripting scripting/client
Author: deryck Date: 2005-09-14 21:48:03 + (Wed, 14 Sep 2005) New Revision: 10228 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10228 Log: Reorganizing a bit, trying to simplify. This is an attempt to find what's going wrong in IE formatting. This is some better, but still IE needs help. deryck Modified: branches/SAMBA_4_0/swat/desktop/index.esp branches/SAMBA_4_0/swat/scripting/client/desktop.js branches/SAMBA_4_0/swat/scripting/header_desktop.esp Changeset: Modified: branches/SAMBA_4_0/swat/desktop/index.esp === --- branches/SAMBA_4_0/swat/desktop/index.esp 2005-09-14 18:48:55 UTC (rev 10227) +++ branches/SAMBA_4_0/swat/desktop/index.esp 2005-09-14 21:48:03 UTC (rev 10228) @@ -35,39 +35,22 @@ setBottom(2); } ok.addEventListener(click, function() { - w.remove(message); + doc.remove(message); }); message.add(note); message.add(ok); - w.add(message); + doc.add(message); message.setVisible(true); } function blankW() { var blank = new Window.standard('SWAT'); - w.add(blank); + doc.add(blank); blank.setVisible(true); } -// Always open with stats -var win = new QxWindow(); -document.js.add('/scripting/client/status.js'); -win._onclosebuttonclick = function(e) -{ - this.close(); - e.stopPropagation(); - document.js.remove('/scripting/client/status.js'); -}; -with(win) { - setTop(50); - setRight(50); - setHeight(175); -} -w.add(win); -getServerStatus(win); - function showReg() { document.js.add('/scripting/client/regedit.js'); @@ -88,7 +71,7 @@ var regedit = regedit_widget(ncalrpc:); regWin.add(regedit); - w.add(regWin); + doc.add(regWin); regWin.setVisible('true'); } @@ -112,7 +95,7 @@ cmenu.setLeft(e.getClientX()); cmenu.setTop(e.getClientY()); - w.add(cmenu); + doc.add(cmenu); cmenu.setVisible(true); } @@ -150,7 +133,7 @@ var srv5 = new QxMenuButton(WINS Server, null); var srv6 = new QxMenuButton(Kerberos Server, null); srvMenu.add(srv1, srv2, srv3, srv4, srv5, srv6); - w.add(srvMenu); + doc.add(srvMenu); srvMenu.setVisible(false); var editReg = new QxCommand; @@ -161,7 +144,7 @@ var espMenu = new QxMenu; var esp1 = new QxMenuButton(Registry Editor, null, editReg); espMenu.add(esp1); - w.add(espMenu); + doc.add(espMenu); espMenu.setVisible(false); var opt1 = new QxMenuButton(Servers, null) @@ -184,7 +167,7 @@ var newMenu = new QxMenu; var new1 = new QxMenuButton(Window, null, openWin); newMenu.add(new1); - w.add(newMenu); + doc.add(newMenu); newMenu.setVisible(false); var opt2 = new QxMenuButton(Installation, null); @@ -218,9 +201,61 @@ sMenu.add(opt1, opt2, opt3, sep1, opt4, sep2, opt5, opt6); sMenu.setLeft(0); sMenu.setTop(docY() - 150); - w.add(sMenu); + doc.add(sMenu); sMenu.setVisible(true); } + +function contextMenu(e) +{ + var t = e.getTarget() + var tObj = t.getHtmlAttribute(class) + + if (tObj == 'QxClientDocument QxThemeWin9x') { + clientContextMenu(e); + } else if (tObj == 'QxWindowPane') { + windowContextMenu(t, e); + } +} + +window.application.main = function() +{ + doc = this.getClientWindow().getClientDocument(); + doc.addEventListener(contextmenu, contextMenu); + + var bar = new QxMenuBar; + with (bar) { + setBottom(0); + setLeft(0); + setWidth(100%); + setHeight(25); + setBackgroundColor(ThreeDFace); + } + + var start = new QxMenuButton(START); + start.addEventListener(click, function() { + startMenu(); + }); + bar.add(start); + + doc.add(bar); + + // Always open with stats + var win = new QxWindow(); + document.js.add('/scripting/client/status.js'); + win._onclosebuttonclick = function(e) + { + this.close(); + e.stopPropagation(); + document.js.remove('/scripting/client/status.js'); + }; + with(win) { + setTop(50); + setRight(50); + setHeight(175); + } + doc.add(win); + getServerStatus(win); +} /script % page_footer(); % Modified: branches/SAMBA_4_0/swat/scripting/client/desktop.js === --- branches/SAMBA_4_0/swat/scripting/client/desktop.js 2005-09-14 18:48:55 UTC (rev 10227) +++ branches/SAMBA_4_0/swat/scripting/client/desktop.js 2005-09-14 21:48:03 UTC (rev 10228) @@ -5,10 +5,6 @@
svn commit: samba r10229 - in trunk/source/rpc_server: .
Author: jerry Date: 2005-09-14 22:04:43 + (Wed, 14 Sep 2005) New Revision: 10229 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10229 Log: got past the invalid device ID error from the Configuration Manager. Now onto the next rpc (0x06) Modified: trunk/source/rpc_server/srv_ntsvcs_nt.c Changeset: Modified: trunk/source/rpc_server/srv_ntsvcs_nt.c === --- trunk/source/rpc_server/srv_ntsvcs_nt.c 2005-09-14 21:48:03 UTC (rev 10228) +++ trunk/source/rpc_server/srv_ntsvcs_nt.c 2005-09-14 22:04:43 UTC (rev 10229) @@ -31,7 +31,7 @@ { static pstring path; - pstr_sprintf( path, ROOT\\Legacy\\%s\\, device ); + pstr_sprintf( path, ROOT\\Legacy_%s\\, device ); return path; } @@ -80,6 +80,10 @@ rpcstr_pull(device, q_u-devicename-buffer, sizeof(device), q_u-devicename-uni_str_len*2, 0); devicepath = get_device_path( device ); + /* From the packet traces I've see, I think this really should be an array + of UNISTR2's. But I've never seen more than one string in spite of the + fact that the string in dounel NULL terminated. -- jerry */ + init_unistr2( r_u-devicepath, devicepath, UNI_STR_TERMINATE ); r_u-needed = r_u-devicepath.uni_str_len;
svn commit: samba r10230 - in trunk/source: include rpc_parse rpc_server
Author: jerry Date: 2005-09-14 22:20:05 + (Wed, 14 Sep 2005) New Revision: 10230 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10230 Log: add another stub server ntsvcs function (NTSVCS_VALIDATE_DEVICE_INSTANCE) Modified: trunk/source/include/rpc_ntsvcs.h trunk/source/rpc_parse/parse_ntsvcs.c trunk/source/rpc_server/srv_ntsvcs.c trunk/source/rpc_server/srv_ntsvcs_nt.c Changeset: Modified: trunk/source/include/rpc_ntsvcs.h === --- trunk/source/include/rpc_ntsvcs.h 2005-09-14 22:04:43 UTC (rev 10229) +++ trunk/source/include/rpc_ntsvcs.h 2005-09-14 22:20:05 UTC (rev 10230) @@ -77,7 +77,7 @@ /**/ typedef struct { - UNISTR2 *devicepath; + UNISTR2 devicepath; uint32 flags; } NTSVCS_Q_VALIDATE_DEVICE_INSTANCE; Modified: trunk/source/rpc_parse/parse_ntsvcs.c === --- trunk/source/rpc_parse/parse_ntsvcs.c 2005-09-14 22:04:43 UTC (rev 10229) +++ trunk/source/rpc_parse/parse_ntsvcs.c 2005-09-14 22:20:05 UTC (rev 10230) @@ -169,5 +169,49 @@ return True; } +/*** +/ +BOOL ntsvcs_io_q_validate_device_instance(const char *desc, NTSVCS_Q_VALIDATE_DEVICE_INSTANCE *q_u, prs_struct *ps, int depth) +{ + if (q_u == NULL) + return False; + prs_debug(ps, depth, desc, ntsvcs_io_q_validate_device_instance); + depth++; + + if(!prs_align(ps)) + return False; + + if ( !prs_io_unistr2(devicepath, ps, depth, q_u-devicepath) ) + return False; + if( !prs_align(ps) ) + return False; + + if ( !prs_uint32(flags, ps, depth, q_u-flags) ) + return False; + + return True; + +} + +/*** +/ + +BOOL ntsvcs_io_r_validate_device_instance(const char *desc, NTSVCS_R_VALIDATE_DEVICE_INSTANCE *r_u, prs_struct *ps, int depth) +{ + if ( !r_u ) + return False; + + prs_debug(ps, depth, desc, ntsvcs_io_r_validate_device_instance); + depth++; + + if(!prs_werror(status, ps, depth, r_u-status)) + return False; + + return True; +} + + + + Modified: trunk/source/rpc_server/srv_ntsvcs.c === --- trunk/source/rpc_server/srv_ntsvcs.c2005-09-14 22:04:43 UTC (rev 10229) +++ trunk/source/rpc_server/srv_ntsvcs.c2005-09-14 22:20:05 UTC (rev 10230) @@ -95,7 +95,31 @@ return True; } +/*** + / +static BOOL api_ntsvcs_validate_device_instance(pipes_struct *p) +{ + NTSVCS_Q_VALIDATE_DEVICE_INSTANCE q_u; + NTSVCS_R_VALIDATE_DEVICE_INSTANCE r_u; + prs_struct *data = p-in_data.data; + prs_struct *rdata = p-out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!ntsvcs_io_q_validate_device_instance(, q_u, data, 0)) + return False; + + r_u.status = _ntsvcs_validate_device_instance(p, q_u, r_u); + + if(!ntsvcs_io_r_validate_device_instance(, r_u, rdata, 0)) + return False; + + return True; +} + + /*** \PIPE\svcctl commands / @@ -104,7 +128,8 @@ { { NTSVCS_GET_VERSION , NTSVCS_GET_VERSION , api_ntsvcs_get_version }, { NTSVCS_GET_DEVICE_LIST_SIZE , NTSVCS_GET_DEVICE_LIST_SIZE , api_ntsvcs_get_device_list_size }, - { NTSVCS_GET_DEVICE_LIST , NTSVCS_GET_DEVICE_LIST , api_ntsvcs_get_device_list } + { NTSVCS_GET_DEVICE_LIST , NTSVCS_GET_DEVICE_LIST , api_ntsvcs_get_device_list }, + { NTSVCS_VALIDATE_DEVICE_INSTANCE , NTSVCS_VALIDATE_DEVICE_INSTANCE , api_ntsvcs_validate_device_instance } }; Modified: trunk/source/rpc_server/srv_ntsvcs_nt.c === --- trunk/source/rpc_server/srv_ntsvcs_nt.c 2005-09-14 22:04:43 UTC (rev 10229) +++ trunk/source/rpc_server/srv_ntsvcs_nt.c 2005-09-14 22:20:05 UTC (rev 10230) @@ -90,3 +90,12 @@ return WERR_OK; } +/ +/ + +WERROR _ntsvcs_validate_device_instance( pipes_struct *p, NTSVCS_Q_VALIDATE_DEVICE_INSTANCE *q_u, NTSVCS_R_VALIDATE_DEVICE_INSTANCE *r_u ) +{ +
svn commit: samba r10231 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: idra Date: 2005-09-14 22:39:24 + (Wed, 14 Sep 2005) New Revision: 10231 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10231 Log: seem I flipped these, fix. Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2005-09-14 22:20:05 UTC (rev 10230) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2005-09-14 22:39:24 UTC (rev 10231) @@ -518,12 +518,12 @@ if (dn0 == NULL || dn1 == NULL) return dn1 - dn0; edn0 = ldb_dn_explode_casefold(ldb, dn0); - if (edn0 == NULL) return 0; + if (edn0 == NULL) return 1; edn1 = ldb_dn_explode_casefold(ldb, dn1); if (edn1 == NULL) { talloc_free(edn0); - return 0; + return -1; } ret = ldb_dn_compare(ldb, edn0, edn1);
svn commit: samba r10233 - in branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3: .
Author: idra Date: 2005-09-14 23:14:42 + (Wed, 14 Sep 2005) New Revision: 10233 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10233 Log: add commented PRAGMA to avoid fsyncs Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c 2005-09-14 22:45:49 UTC (rev 10232) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c 2005-09-14 23:14:42 UTC (rev 10233) @@ -1616,7 +1616,7 @@ /* * Triggers */ - + CREATE TRIGGER ldb_object_classes_insert_tr AFTER INSERT ON ldb_object_classes @@ -1637,7 +1637,7 @@ SET max_child_num = max_child_num + 1 WHERE class_name = new.parent_class_name; END; - + /* * Table initialization */ @@ -1667,6 +1667,12 @@ return -1; } + /* DANGEROUS +if (query_norows(lsqlite3, PRAGMA synchronous = OFF;) != 0) { +return -1; +} + */ + /* Establish a busy timeout of 30 seconds */ if ((ret = sqlite3_busy_timeout(lsqlite3-sqlite, 3)) != SQLITE_OK) {
svn commit: samba r10234 - in branches/SAMBA_3_0/source: . auth lib
Author: jra Date: 2005-09-14 23:58:14 + (Wed, 14 Sep 2005) New Revision: 10234 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10234 Log: Add new auth module auth_script to allow valid users to be provisioned on demand - calls script with domain, username, challenge and LM and NT responses - passing the info through a pipe. Jeremy. Added: branches/SAMBA_3_0/source/auth/auth_script.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/lib/smbrun.c Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in === --- branches/SAMBA_3_0/source/Makefile.in 2005-09-14 23:14:42 UTC (rev 10233) +++ branches/SAMBA_3_0/source/Makefile.in 2005-09-14 23:58:14 UTC (rev 10234) @@ -368,6 +368,7 @@ AUTH_SERVER_OBJ = auth/auth_server.o AUTH_UNIX_OBJ = auth/auth_unix.o AUTH_WINBIND_OBJ = auth/auth_winbind.o +AUTH_SCRIPT_OBJ = auth/auth_script.o AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/auth_compat.o \ auth/auth_ntlmssp.o \ @@ -1165,6 +1166,10 @@ @echo Building plugin $@ @$(SHLD) $(LDSHFLAGS) -o $@ $(AUTH_DOMAIN_OBJ:[EMAIL PROTECTED]@) @[EMAIL PROTECTED] [EMAIL PROTECTED] +bin/[EMAIL PROTECTED]@: $(AUTH_SCRIPT_OBJ:[EMAIL PROTECTED]@) + @echo Building plugin $@ + @$(SHLD) $(LDSHFLAGS) -o $@ $(AUTH_SCRIPT_OBJ:[EMAIL PROTECTED]@) @[EMAIL PROTECTED] [EMAIL PROTECTED] + bin/[EMAIL PROTECTED]@: $(AUTH_SERVER_OBJ:[EMAIL PROTECTED]@) @echo Building plugin $@ @$(SHLD) $(LDSHFLAGS) -o $@ $(AUTH_SERVER_OBJ:[EMAIL PROTECTED]@) @[EMAIL PROTECTED] [EMAIL PROTECTED] Added: branches/SAMBA_3_0/source/auth/auth_script.c === --- branches/SAMBA_3_0/source/auth/auth_script.c2005-09-14 23:14:42 UTC (rev 10233) +++ branches/SAMBA_3_0/source/auth/auth_script.c2005-09-14 23:58:14 UTC (rev 10234) @@ -0,0 +1,155 @@ +/* + Unix SMB/CIFS implementation. + + Call out to a shell script for an authentication check. + + Copyright (C) Jeremy Allison 2005. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include includes.h + +#undef malloc + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + +/* Create a string containing the supplied : + * domain\n + * user\n + * ascii hex challenge\n + * ascii hex LM response\n + * ascii hex NT response\n\0 + * and execute a shell script to check this. + * Allows external programs to create users on demand. + * Script returns zero on success, non-zero on fail. + */ + +static NTSTATUS script_check_user_credentials(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + const char *script = lp_parm_const_string( GLOBAL_SECTION_SNUM, auth_script, script, NULL); + char *secret_str; + size_t secret_str_len; + char hex_str[49]; + int ret, i; + + if (!script) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (!user_info) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (!auth_context) { + DEBUG(3,(script_check_user_credentials: no auth_info !\n)); + return NT_STATUS_INVALID_PARAMETER; + } + + secret_str_len = strlen(user_info-domain.str) + 1 + + strlen(user_info-smb_name.str) + 1 + + 16 + 1 + /* 8 bytes of challenge going to 16 */ + 48 + 1 + /* 24 bytes of challenge going to 48 */ + 48 + 1; + + secret_str = malloc(secret_str_len); + if (!secret_str) { + return NT_STATUS_NO_MEMORY; + } + + safe_strcpy( secret_str, user_info-domain.str, secret_str_len - 1); + safe_strcat( secret_str, \n, secret_str_len - 1); + safe_strcat( secret_str, user_info-smb_name.str, secret_str_len - 1); + safe_strcat( secret_str, \n, secret_str_len - 1); + + for (i = 0; i 8;
Build status as of Thu Sep 15 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-09-14 00:00:09.0 + +++ /home/build/master/cache/broken_results.txt 2005-09-15 00:00:12.0 + @@ -1,17 +1,17 @@ -Build status as of Wed Sep 14 00:00:02 2005 +Build status as of Thu Sep 15 00:00:02 2005 Build counts: Tree Total Broken Panic -ccache 6 2 0 -distcc 8 2 0 -lorikeet-heimdal 33 14 0 -ppp 21 0 0 -rsync35 2 0 -samba1 0 0 +ccache 9 4 0 +distcc 9 2 0 +lorikeet-heimdal 34 14 0 +ppp 22 0 0 +rsync36 2 0 +samba2 1 0 samba-docs 0 0 0 -samba4 37 12 1 -samba_3_035 13 0 -smb-build27 2 0 -talloc 8 3 0 -tdb 6 3 0 +samba4 38 11 1 +samba_3_036 14 0 +smb-build29 3 0 +talloc 8 2 0 +tdb 8 4 0
svn commit: samba r10235 - in trunk/source: . auth lib
Author: jra Date: 2005-09-15 00:08:04 + (Thu, 15 Sep 2005) New Revision: 10235 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10235 Log: Add new auth module auth_script to allow valid users to be provisioned on demand - calls script with domain, username, challenge and LM and NT responses - passing the info through a pipe. Jeremy. Added: trunk/source/auth/auth_script.c Modified: trunk/source/Makefile.in trunk/source/configure.in trunk/source/lib/smbrun.c Changeset: Modified: trunk/source/Makefile.in === --- trunk/source/Makefile.in2005-09-14 23:58:14 UTC (rev 10234) +++ trunk/source/Makefile.in2005-09-15 00:08:04 UTC (rev 10235) @@ -375,6 +375,7 @@ AUTH_SERVER_OBJ = auth/auth_server.o AUTH_UNIX_OBJ = auth/auth_unix.o AUTH_WINBIND_OBJ = auth/auth_winbind.o +AUTH_SCRIPT_OBJ = auth/auth_script.o AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/auth_compat.o \ auth/auth_ntlmssp.o \ @@ -1168,6 +1169,10 @@ @echo Building plugin $@ @$(SHLD) $(LDSHFLAGS) -o $@ $(AUTH_DOMAIN_OBJ:[EMAIL PROTECTED]@) @[EMAIL PROTECTED] [EMAIL PROTECTED] +bin/[EMAIL PROTECTED]@: $(AUTH_SCRIPT_OBJ:[EMAIL PROTECTED]@) + @echo Building plugin $@ + @$(SHLD) $(LDSHFLAGS) -o $@ $(AUTH_SCRIPT_OBJ:[EMAIL PROTECTED]@) @[EMAIL PROTECTED] [EMAIL PROTECTED] + bin/[EMAIL PROTECTED]@: $(AUTH_SERVER_OBJ:[EMAIL PROTECTED]@) @echo Building plugin $@ @$(SHLD) $(LDSHFLAGS) -o $@ $(AUTH_SERVER_OBJ:[EMAIL PROTECTED]@) @[EMAIL PROTECTED] [EMAIL PROTECTED] Added: trunk/source/auth/auth_script.c === --- trunk/source/auth/auth_script.c 2005-09-14 23:58:14 UTC (rev 10234) +++ trunk/source/auth/auth_script.c 2005-09-15 00:08:04 UTC (rev 10235) @@ -0,0 +1,155 @@ +/* + Unix SMB/CIFS implementation. + + Call out to a shell script for an authentication check. + + Copyright (C) Jeremy Allison 2005. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include includes.h + +#undef malloc + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + +/* Create a string containing the supplied : + * domain\n + * user\n + * ascii hex challenge\n + * ascii hex LM response\n + * ascii hex NT response\n\0 + * and execute a shell script to check this. + * Allows external programs to create users on demand. + * Script returns zero on success, non-zero on fail. + */ + +static NTSTATUS script_check_user_credentials(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + const char *script = lp_parm_const_string( GLOBAL_SECTION_SNUM, auth_script, script, NULL); + char *secret_str; + size_t secret_str_len; + char hex_str[49]; + int ret, i; + + if (!script) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (!user_info) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (!auth_context) { + DEBUG(3,(script_check_user_credentials: no auth_info !\n)); + return NT_STATUS_INVALID_PARAMETER; + } + + secret_str_len = strlen(user_info-domain.str) + 1 + + strlen(user_info-smb_name.str) + 1 + + 16 + 1 + /* 8 bytes of challenge going to 16 */ + 48 + 1 + /* 24 bytes of challenge going to 48 */ + 48 + 1; + + secret_str = malloc(secret_str_len); + if (!secret_str) { + return NT_STATUS_NO_MEMORY; + } + + safe_strcpy( secret_str, user_info-domain.str, secret_str_len - 1); + safe_strcat( secret_str, \n, secret_str_len - 1); + safe_strcat( secret_str, user_info-smb_name.str, secret_str_len - 1); + safe_strcat( secret_str, \n, secret_str_len - 1); + + for (i = 0; i 8; i++) { + slprintf(hex_str[i*2], 3, %02X, auth_context-challenge.data[i]); + } + safe_strcat( secret_str, hex_str,