Re: [Samba] stale name lookup result SOLVED
On Mon, 19 Sep 2005, Brandon Kuczenski wrote: I am running a Samba 3.0.10 server on freeBSD and 3.0.10-Debian client. I just had a perplexing problem. The client is a laptop and moves about different samba networks. My home computer's name (Unix hostname and samba name) is 'ocean'. When I'm at home I run smbmount //ocean/mydir /mnt/samba/ocean/mydir -o options Normally this is fine. I've been running the same script to do this for about 2 years, without problems. But this morning when I tried to connect it kept telling me timeout connecting to NOT.MY.IP.ADDR:445 timeout connecting to NOT.MY.IP.ADDR:139 [NOT.MY.IP.ADDR is replaced by an actual IP address that I've never seen before, but belongs to a separate wireless network that I occasionally visit] Running nmblookup: # nmblookup ocean querying ocean on 192.168.0.255 -- this IS my network 192.168.0.5 ocean00 -- this IS the right IP address Ocean is right there in the next room -- AND it's acting as a WINS server -- AND nmblookup seems to find it just fine. Why is my laptop trying to connect to the wrong host? The last time I had connected to a wireless network, my client software created a file /etc/samba/dhcp.conf which had stale information. I deleted that file, and then deleted /var/run/samba/gencache.tdb, and that solved the problem. -Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] deny writing to share root
Hi, is it possible to deny writing to the share root, allowing writing to the subfolders of such root? In other words, I don't want the root to be changed (adding/removing) folders and files, while I want to allow users to change the content of the subfolders of the root. How to reach this? Thanks, Luca -- Luca Ferrari [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vfs module problem with new samba version
Sorry, I was using old testparm version (3.0.4), so wrong warnings... And I needed to recompile the clamav module (3.0.6b with 2.0.20 of SAMBA) Works great now! thanks Xavier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File access rights on a NFS share: please help !
Jeremy, Tom, First of all thanks a lot for your help. Jeremy Any way you can move to an NFS server that supports more groups ? Actually, I set up 3 NFS servers for the tests: a Solaris 8, a Linux SuSe E9 and an EMC NAS NS600 one but each time I came to the same conclusion... Tom Something I'd look at though is the actual gid of the iis directory by simply using Tom ls -n and verify for sure that the gid of the iis directory is 16777328. Tom Possibly you have two gids both named NCEDOM\dev-iis and it isn't gid 16777328 Tom that the iis directory belongs to. I tested that also but I confirm that there is only one gid 16777328... Any more idea ? Rgds, Sabrina To Sabrina Lautier [EMAIL PROTECTED] cc samba@lists.samba.org, [EMAIL PROTECTED] Jeremy Allison [EMAIL PROTECTED] Subject Re: [Samba] File access rights on a NFS share: please help ! Please respond to Jeremy Allison [EMAIL PROTECTED] 19/09/2005 18:07 On Mon, Sep 19, 2005 at 05:03:34PM +0200, Sabrina Lautier wrote: Hello, As I didn't get any answer, I'm posting my question again. Sorry to insist but I'm very embarrassed... I'm having troubles with access rights on files located on a NFS server (Solaris 8). The client machine is a Linux SuSe E9.0 and the samba suite version is samba-3.0.20, directly installed from a Linux package. Solaris 8 has a limit of 16 groups I believe. If your user is in more than 16 groups the groups over 16 will be silently truncated for NFS access. Any way you can move to an NFS server that supports more groups ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file to large
Hi I cannont copying files larger than 2 GB over samba share (monted with smbmount). Do you have a solution? Stephan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] share disconnect timeout
Hello everybody, is there a possibility in samba (3.0.14a) to prevent the server from closing the connection to a client after a thirten time? I played with the deadtime option without succes. Background is an application,claiming the server to have disconnected the share. The app. reconnects without problems but logs an annoying warnig message. Any suggestions? Thanks in advance Carsten John -- Max Planck Institut fuer marine Mikrobiologie - Network Administration - Celsiustr. 1 D-28359 Bremen Tel.: +49 421 2028568 Fax.: +49 421 2028565 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 as PDC with Debian Linux server and Windows XP clients
Dear list I am relatively new to networking problems of this kind so apologies for the potentially simple question. I am trying to upgrade an existing network to one using Samba 3 to configure roaming XP profiles on a limited number of clients. I have re-written the smb.conf file to reflect what I think are the appropriate settings, and this passed testparm successfully, but I am unclear what to do next, despite the help offered in the usual howtos. Additionally when i try to run smbclient -L [hostname] read_socket_with_timeout: timeout read. read error = Connection reset by peer.tree connect failed: Read error: Connection reset by peer Can anyone let me know what I should be doing next? Part of my confusion is whether I need to move or otherwise re-set existing user-logins (for Unix, currently matched but not synchronised in the samba database) and passwords for them to act as individual profiles for XP. Many thanks for any help Andy Dr Andrew Bevan Lecturer Institute of Archaeology University College London 31-34 Gordon Square London WC1H 0PY tel: +44 (0)20 7679 7523 (internal 27523) fax: +44 (0)20 7383 2572 email: [EMAIL PROTECTED] info: www.ucl.ac.uk/archaeology/staff/profiles/bevan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP (How to Expires an Account on Specified date)
you must change sambakickofftime, e.g. by smbldap-usermod ... from idealx greez Arun Sharma wrote: Hi Everybody, Structure of my server environment : Using Samba 3.0.20, Openldap V3 My requiremnt : 1) How to expire an user Account on a specified date.? Thanks all -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RES: RES: [Samba] Re: ACLs with Problem
Luis Henrique de Faria Guimarães wrote: [2005/09/26 17:11:53, 3] smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2581) convert_canon_ace_to_posix_perms: Too many ACE entries for file teste.txt to convert to posix perms. I wonder why convert_canon_ace_to_posix_perms is called with an file_ace_list with more than three canon_ace elements. set_nt_acl should never call convert_canon_ace_to_posix_perms that way. I guess it fails because you have an ACL_USER_OBJ which makes the file_ace_list longer than three entries but for some reason set_nt_acl thinks it cannot use set_canon_ace_list. I just start to read the code so maybe someone who really knows what's going on could clear this up a bit. hth Paul BTW: check your samba binary for ACL support, could be that ./configure failed to pick up some libs or headers and the whole feature is not present. Use strings $(which smbd) | grep HAVE_POSIX_ACLS. If you don't get anything back your binary lacks ACL support. PS: Try not to start a new thread with each response and please keep your replies on the list. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Option deprecated.
Hi, I have noticed in my log files an error the winbind enable local accounts option is deprecated. Sometimes winbind crash, it is possible that I have remove this option? But I have need the option to enable local accounts. How can I replace this future? RH9 + samba-3.0.14a-1. Thanks. Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Need help with IDMAP storage in LDAP using Winbind
Hello @ll, First a small sketch of my working environment. There is one PDC, W2000 server, which contains an Active directory, so basically all the windows users are maintained there. And the Linux/Unix accounts are stored on a NIS server. My goal would be the following 2 things. Firstly currently all the Linux/Unix servers are setup with individual winbind setups to make the windows users known, which work nicely. But recently the ID's of all the users should be identical on all the servers. Therefore I'm trying to implement the IDMAP Storage in LDAP using Winbind chapter. And secondly migrating all the NIS users also to the same LDAP but under a different OU. This is my setup thus far : /etc/samba/smb.conf: I think the way I setup this configuration is so that winbind points to the PDC to collect al the windows users information, and uses the LDAP backend to store it. Please correct me if I'm wrong. # Global parameters [global] log level = 3 workgroup = THALES-IS #Is the windows domain name realm = THALES-IS.BE #winbind needs this to point to the PDC server string = Samba Server security = ads password server = 192.168.1.99 username map = /etc/opt/samba/smbusers log file = /var/log/samba/smbd.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No ldap ssl = no ldap admin dn = cn=Manager,dc=thales,dc=be#Is the new domain I'm trying to setup thales.be, just to avoid confusion with the existing thales-is.be ldap idmap suffix = ou=idmap ldap suffix = dc=thales,dc=be idmap backend = ldap:ldap://127.0.0.1 encrypt passwords = yes idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash winbind separator = / winbind cache time = 10 winbind use default domain = yes [homes] comment = Home Directories path = %H read only = No browseable = No /etc/krb5.conf: As far as I can figure this is needed to do the kerberos authentication, this is only pointing to the windows domain, and not the new thales.be. But I'm not sure this is significant since it is only needed by winbind to retrieve information from the PDC. [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = THALES-IS.BE dns_lookup_realm = true dns_lookup_kdc = true [realms] THALES-IS.BE = { kdc = backup1.thales-is.be:88 kdc = 192.168.1.99 admin_server = backup1.thales-is.be:749 kdc = 192.168.1.99 } thales-is.be = { kdc = 192.168.1.99 } [domain_realm] .thales-is.be = THALES-IS.BE thales-is.be = THALES-IS.BE [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } /etc/nsswitch.conf: passwd: files winbind ldap shadow: files winbind ldap group: files winbind ldap hosts: files dns /etc/openldap/slapd.conf : # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd.pid argsfile/var/run/slapd.args databaseldbm ## suffix dc=thales,dc=be ### rootdn cn=Manager,dc=thales,dc=be ### rootpw secret ### directory /var/lib/ldap/thales.be ### # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShelleq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntryeq,pres,sub /etc/ldap.conf : Only shown changes, rest is default # Your LDAP server. Must be resolvable without using LDAP. # Multiple hosts may be specified, each
[Samba] net join between Solaris member and Linux Samba PDC
net rpc join member -S FRANKFURT -U rwiegand Password: Create of workstation account failed Unable to join domain DOMAIN. This is the message I'm getting when I try joining a Solaris 9/samba 3.0.10 member server ./testparm Load smb config files from /usr/local/samba/lib/smb.conf Can't find include file /var/samba/log. Processing section [homes] Processing section [printers] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = DOMAIN server string = Proxy Samba Server interfaces = 172.18.1.1/16 security = DOMAIN password server = FRANKFURT log level = 3 passdb:5 auth:10 winbind:2 log file = /usr/sfw/lib/smb.conf.%m max log size = 50 dns proxy = No idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = Yes include = /var/samba/log. [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No and a Linux FC3 samba PDC server: [global] smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd %u printing = lprng dns proxy = no encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap preferred master = no debug level = 4 passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authenticat ion*tokens*updated*successfully* domain admin group = @admins admin users = @admins security = domain unix password sync = Yes server string = Samba Server workgroup = domain preferred master = yes log file = /var/log/samba/%m.log netbios name = Frankfurt load printers = yes domain logons = yes logon script = %G.bat domain master = yes [netlogon] browsable = yes path = /home/netlogon public = yes # read only = yes # guest ok = yes # share modes = no writable = yes # no comment = Network Login Service [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [TML1] path = /data1 writable = yes public = yes comment = Data share data1 Looks like I'm missing something here? My goal is to have LAN users authenticate via a samba PDC when they pass through a Squid server to the internet. I'm trying to keep it simple for now. So I'm not using AD, but I will have to set this up in the near future as well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Need help with IDMAP storage in LDAP using Winbind
Kristof Bruyninckx wrote: # Use the OpenLDAP password change # extended operation to update the password. pam_password md5 If you want it to do what the comment suggest this should read: pam_password exop dn: cn=Manager,dc=thales,dc=be objectClass: organizationalRole cn: Manager description: Directory Manager I think that may be your problem. The DN is the same as your rootdn in slapd.conf but does not have a userPassword attribute. It might shadow your rootdn making binds with that DN fail (see below). You don't have to add the rootdn from slapd.conf to your directory but it is generally discouraged to use it in daily operations as ACLs do not apply to rootdn. Sep 27 13:31:47 linux14 slapd: = access_allowed: auth access to cn=Manager,dc=thales,dc=be userPassword requested Sep 27 13:31:47 linux14 slapd: = access_allowed: backend default auth access granted to (anonymous) Sep 27 13:31:47 linux14 slapd: send_ldap_result: err=49 matched= err=49 means invalid credentials most likely due to the missing userPassword attribute of cn=manager,dc=thales,dc=be. Try removing cn=Manager,dc=thales,dc=be from your ldif and see if you can bind with rootdn and rootpw from your slapd.conf. If that works create another entry in your DIT with a userPassword attribute, give it appropriate permissions in slapd.conf and use that for your ldap admin dn in smb.conf hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Slow shutdowns and tmp files?[VASCL:A1037FCE7F5]
I am having problems with long shutdown periods. The machines are building large tmp files, like prf2E6.tmp. These files are over 1 gig. I am running Windows 2000 and Windows XP clients to a Redhat ES 4.0 with Samba 3.0.14. I have a domain setup. In each of these machines there are large amounts of files in My Documents. When I end up with these tmp files, the clients build temp profiles. How can this be avoided. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 as PDC with Debian Linux server and Windows XP clients
I'm running Samba 3 on Debian/Sarge. The roaming profiles seems to come by default if you follow the example/directions in the Official Samba 3 Howto Reference Guide. There's also the newer Samba 3 by example. Both are available at samba.org. Make sure you have a samba folder with netlogon and profiles subfolders. I keep mine in /home. When you say upgrading, do you have an existing Domain and controller or are you starting up a domain? If you are starting a new domain, make it easy on yourself and use SWAT. You need to uncomment the swat line in /etc/inetd.conf and restart it. If you are converting from a Windows domain controller, there is a vampire mode that sucks the existing date from your domain controller. Then you need to remove your old domain controller and promote your new one. However, I've had problems after doing this. You may prefer just to set up a new domain if you only have a limited number of clients. Andrew Bevan wrote: Dear list I am relatively new to networking problems of this kind so apologies for the potentially simple question. I am trying to upgrade an existing network to one using Samba 3 to configure roaming XP profiles on a limited number of clients. I have re-written the smb.conf file to reflect what I think are the appropriate settings, and this passed testparm successfully, but I am unclear what to do next, despite the help offered in the usual howtos. Additionally when i try to run smbclient -L [hostname] read_socket_with_timeout: timeout read. read error = Connection reset by peer.tree connect failed: Read error: Connection reset by peer Can anyone let me know what I should be doing next? Part of my confusion is whether I need to move or otherwise re-set existing user-logins (for Unix, currently matched but not synchronised in the samba database) and passwords for them to act as individual profiles for XP. Many thanks for any help Andy Dr Andrew Bevan Lecturer Institute of Archaeology University College London 31-34 Gordon Square London WC1H 0PY tel: +44 (0)20 7679 7523 (internal 27523) fax: +44 (0)20 7383 2572 email: [EMAIL PROTECTED] info: www.ucl.ac.uk/archaeology/staff/profiles/bevan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Need help with IDMAP storage in LDAP using Winbind
Hi, I removed the entry for cn=manager,dc=thales,dc=be and checked with ldapmodigy if I could change the existing NIS users, which seems to still work. Now I added a user called Admin , output from slapcat : dn: ou=People,dc=thales,dc=be ou: People description: All Nis people objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: 15579caa-c053-1029-82d3-9e2135f77083 creatorsName: cn=Manager,dc=thales,dc=be createTimestamp: 20050923075459Z entryCSN: 20050923075459Z#01#00#00 modifiersName: cn=Manager,dc=thales,dc=be modifyTimestamp: 20050923075459Z dn: uid=root,ou=Idmap,dc=thales,dc=be structuralObjectClass: account entryUUID: 1d5990e8-c053-1029-82d4-9e2135f77083 creatorsName: cn=Manager,dc=thales,dc=be createTimestamp: 20050923075512Z uid: root cn: Admin objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: secret shadowLastChange: 13041 shadowMax: 9 shadowWarning: 7 loginShell: /bin/bash uidNumber: 0 gidNumber: 0 homeDirectory: /root gecos: root entryCSN: 20050927142003Z#01#00#00 modifiersName: cn=Manager,dc=thales,dc=be modifyTimestamp: 20050927142003Z And then added the access permissions inside slapd.conf. access to attr=userPassword by self write by anonymous auth by dn.base=cn=Admin,dc=thales,dc=be write by * none access to * by self write by dn.base=cn=Admin,dc=thales,dc=be write by * read and also changed the ldap admin in samba to : ldap admin dn = cn=Admin,dc=thales,dc=be Now when I restart the winbind daemons he is still complaining about the dn entry: [2005/09/27 17:05:43, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 15 try! [2005/09/27 17:05:44, 2] lib/smbldap.c:smbldap_open_connection(630) smbldap_open_connection: connection opened [2005/09/27 17:05:44, 2] lib/smbldap.c:smbldap_connect_system(790) failed to bind to server ldap://127.0.0.1 with dn=cn=Admin,dc=thales,dc=be Error: Invalid credentials The ldif I used to add the Admin acount is identical ass that of the Manager : root.ldif dn: uid=root,ou=Idmap,dc=thales,dc=be uid: root cn: Admin objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}$1$lB0twC9d$i542IIFLEH11VLUzdEUr91 shadowLastChange: 13041 shadowMax: 9 shadowWarning: 7 loginShell: /bin/bash uidNumber: 0 gidNumber: 0 homeDirectory: /root gecos: root Any ideas off what I'm doing wrong? Thanks, On Tue, 2005-09-27 at 15:02 +0200, paul kölle wrote: Kristof Bruyninckx wrote: # Use the OpenLDAP password change # extended operation to update the password. pam_password md5 If you want it to do what the comment suggest this should read: pam_password exop dn: cn=Manager,dc=thales,dc=be objectClass: organizationalRole cn: Manager description: Directory Manager I think that may be your problem. The DN is the same as your rootdn in slapd.conf but does not have a userPassword attribute. It might shadow your rootdn making binds with that DN fail (see below). You don't have to add the rootdn from slapd.conf to your directory but it is generally discouraged to use it in daily operations as ACLs do not apply to rootdn. Sep 27 13:31:47 linux14 slapd: = access_allowed: auth access to cn=Manager,dc=thales,dc=be userPassword requested Sep 27 13:31:47 linux14 slapd: = access_allowed: backend default auth access granted to (anonymous) Sep 27 13:31:47 linux14 slapd: send_ldap_result: err=49 matched= err=49 means invalid credentials most likely due to the missing userPassword attribute of cn=manager,dc=thales,dc=be. Try removing cn=Manager,dc=thales,dc=be from your ldif and see if you can bind with rootdn and rootpw from your slapd.conf. If that works create another entry in your DIT with a userPassword attribute, give it appropriate permissions in slapd.conf and use that for your ldap admin dn in smb.conf hth Paul -- Kristof.Bruyninckx We are Microsoft. What you are experiencing is not a problem; it is an undocumented feature. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Print$ share for athlon 64bit systems or xeon 64bit
Does any one know if there is to be a seperate folder created under the print$ share for any of the 64 bit systems? Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Print$ share for athlon 64bit systems or xeon 64bit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Does any one know if there is to be a seperate | folder created under the print$ share for any of the 64 | bit systems? Thanks in advance. yes. You need an x64 directory. But you probably also are interested in https://bugzilla.samba.org/bug/3057 cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDOWnBIR7qMdg1EfYRAqrVAJ992eD9I07XKUVgRm0BVgDSlVWWiwCfV0Wv vZJnjhWaMBpoXdcXIGws2ck= =CcLn -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMB/LDAP: Confused...
Hi. I have an existing departmental network based on AFS, Kerberos 5 and LDAP. All unixes work nicely, logging in remotely. So, Samba acting as a PDC with OpenLDAP. Now I'd like to interoperate with all windows workstations. I chose the LDAP way, since it's the most flexible and secure way... or at least, it seems to me more flexible than using a single /etc/passwd file on a distributed environment. LDAP contains a rootdc=dept and we already have groups and persons just working, and experimental hosts: # group example dn: cn=deptafs,ou=info,dc=dept objectClass: top objectClass: posixGroup cn: diaafs gidNumber: 1 description: general afs group # user example dn: uid=doe,ou=info,dc=dept objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson cn: John uid: Doe uidNumber: 1 gidNumber: 1 description: info will be here title: Mr. sn: Doe o: MyUniversity ou: Dept st: State l: City mail: [EMAIL PROTECTED] gecos: ,,, givenName: John displayName: John Doe homeDirectory: /afs/my.dept.org/users/d/doe loginShell: /bin/bash # host example dn: cn=host.dept.org,ou=host,dc=dept objectClass: locality objectClass: ipHost objectClass: ieee802Device objectClass: bootableDevice ipHostNumber: 123.123.123.11 cn: host.dept.org macAddress: 00:00:00:00:00:00 My ldap admin is cn=sysadmin and there's just a rootdn entry in slapd.conf, the password is provided by kerberos via GSSAPI/SASL. I've got many questions, but one important thing is not to mess with ldap database so much... I don't like to rewrite the db from scratch. Now my concerns :) The smbldap-tools are of no use probably for us, since all the docs I've read start with smbldap-populate... but I have a db just working. So, I need to add the minimum required entries into ldap and modify the existing names in order to make all users use the remote profiling. My UIDs are LDAP-only. I generate them from AFS, and so they are unmodifiable. Of course, this shouldn't be an issue... I hope. As long as I've understood, I must add a dn for the domain. I have no idea how to generate a SID, and I have no idea how RidBase works with samba if we do not use smbldap-tools. This is my example: # TESTING, dia dn: sambaDomainName=TESTING,dc=dept sambaDomainName: TESTING sambaSID: S-1-1-21-3138413446-3899332943-2322914696 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain All users must be modified using samba schema. Again. What I can do with SIDs (user and groups)? I mean, can I use *any* sid I want from the UID I have or I must make some kind of trick? What about LM password and NT password? I will use, if I understand, the userPassword field, not the other two. The profile can be put wherever I want, if I understand... so I'd like to store them under / afs/../username/windows, so username-dependent... this is difficult to understand for me: how to specity a UNC path for user profiling, given this unix pattern /afs/my.dept.org/users/d/doe, and putting profiles under windows/ on each home directory. That's my guess, wrong for sure: dn: uid=doe,ou=info,dc=dept uidNumber: 1 gidNumber: 1 homeDirectory: /afs/my.dept.org/users/d/doe loginShell: /bin/bash gecos: ,,, description: info will be here sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: John Doe sambaSID: S-1-5-21-4231626423-2410014848-2360679739-3000 sambaPrimaryGroupSID: S-1-5-21-4231626423-2410014848-2360679739-513 sambaLogonScript: common.bat sambaProfilePath: \\TESTINGPDC\users\d\doe\windows sambaHomePath: \\TESTINGPDC\users\d\doe sambaHomeDrive: Z: sambaLMPassword: 7584248B8D2C9F9EAAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: 186CB09181E2C2ECAAC768C47C729904 sambaPwdLastSet: 1081281346 sambaPwdMustChange: 1085169346 userPassword: {SSHA}jg1v0WaeBkymhWasjeiprxzHxdmTAHd+ [global] workgroup=TESTING netbios name=TESTINGPDC enable privileges=yes server string=Samba-LDAP ldap passwd sync=yes passdb backend=ldapsam:ldap://ldap.dept.org/ ldap admin dn=cn=sysadmin,dc=dept ldap suffix=dc=dept ldap group suffix=ou=info,dc=dept ldap user suffix=ou=info,dc=dept ldap machine suffix=ou=host,dc=dept ldap ssl=no logon script=scripts\logon.bat domain logons=yes os level=64 preferred master=yes domain master=yes #[profiles] #path=/var/local/samba/profiles #read only=no #create mask=0600 #directory mask=0700 #browseable=no #guest ok=yes #profile acls=yes #csc policy=disable #force user=%U [netlogon] path=/var/local/samba/netlogon browseable=no read only=yes -- Sensei [EMAIL PROTECTED] The difference between stupidity and genius is that genius has its limits. (A. Einstein) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication confusion - may be LDAP related
All; I think I may have a clue about what's going wrong in my little environment here, but I could really use a more experienced eye on it. I've been having some strange authentication problems on a new install. With some digging, I may have a clue about what's going wrong. Some background: I'm only looking to use samba to share Unix directories to the Windows community. I'm not looking to build a full up login server. This is usually a VERY basic, and simple thing to to. You simply have to be sure that the windows users also have a matching account on the *nix side (doesn't need to be an smbpasswd account, just a very generic *nix account). I've done this several times, so when it blew up on me this time, it has caused me some sleepless nights trying to figure out. Here goes: In the last install I did ( at another company ), I did a very simple install, and it worked for what it was needed to do (simply provide the windows users with access to Unix directories, via shares). I didn't need a login controller, and I don't now. In that case, there was an LDAP server that validated Unix logins, but I pretty much just ignored it, and all was well. The *nix OS handled the authentication just fine (a very basic setup. For this kind of setup, the user only has to exist. The OS could check that very easily). So, I was trying to do the same here. When nothing would work right without making samba specific users (via smbpasswd), I started digging into the LDAP server. This environment is tortured. Here's what I found. On the Windows ADS, user IDs are pure numeric. So, for example, my Windows login is: 123456 Unix doesn't like that.So the unix logins are: u123456 Handling the translation for samba is just a usermap entry u123456 = 123456 Should be simple enough. But I'm getting No Such User errors. So I dug into the LDAP server. The user identification is strange. the dn: here looks like: dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata uid: 1040 username: u123456 snip with u123456 being my *nix login. To me, this looks very wrong (not to mention that there's no dc=). My last LDAP server it looked like: dn: uid=tibbetts,ou=People,dc=ldap-test,dc=com uidNumber: 123456 uid: tibbetts snip with tibbetts being my login. If I'm seeing this right, shouldn't the login be the uid not username? Is that what Samba is looking for? With the login being set to username, and uid being (what should be) the uidNumber, I believe that it's confusing Samba, and that's why I'm getting the user not found errors. Is a way to work around this? Or am I just SOL? Or am I all wet, and looking in the wrong place? I'd really appreciate a fresh set of eyes on this. Thanks in advance for any advice on this one!!! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Need help with IDMAP storage in LDAP using Winbind
Kristof Bruyninckx wrote: Hi, I removed the entry for cn=manager,dc=thales,dc=be and checked with ldapmodigy if I could change the existing NIS users, which seems to still work. Now I added a user called Admin , output from slapcat : no, you have not. You authenticate with a DN and a password so a user object in LDAP is identified with a DistinguishedName, not something with a cn=whatever attribute. Any ideas off what I'm doing wrong? Your accounts are still messed up. You create an entry with DN uid=root,ou=Idmap,dc=thales,dc=be but your admin dn is cn=Admin,dc=thales,dc=be how is that supposed to work? given the admin should not be used for other stuff (think of least privileges model;) it could look like: dn: uid=samba,ou=services,dc=thales,dc=be objectClass: top objectClass: simpleSecurityObject objectClass: account uid: samba userPassword: {CLEARTEXT}whatever description: DN for samba then you would do: 1. change the ou to your needs 2. change the password 3. fix your ACLs 3. put exactly that DN in your smb.conf 4. run: smbpasswd -w DN as in ldap admin dn - type in password from step 2. Of course you can use whatever DN you like, it needs just a userPassword attribute. hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Free space/capacity displayed as garbage...
Dear, I'm having some strange problems with Samba. I have shared a linux folder on my samba and have mapped it to a drive letter in Windows XP (I also tried with Windows 2000). When I right click my mapped drive and click on properties to view the free space and capacity, I get all garbage as can be seen from the screenshot at: http://www.nuonsoft.com/temp/samba_free_space.jpg I'm running the latest version 3.0.20 and it is running on AlphaCore which is Fedora Core 3 for the Alpha (64 bit platform). It compiled without problems with gcc 3.4.3. Because of this issue, I'm unable to use my samba network share from programs that check the freespace before doing something, like for example creating a cd image. Any help will be appreciated. My smb.conf is as follows: [global] workgroup = GREGOIRE server string = Alpha Server printcap name = cups cups options = raw log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 dns proxy = no winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 restrict anonymous = no domain master = no preferred master = no max protocol = NT ldap ssl = No server signing = Auto username map = /etc/samba/smbusers [homes] comment = Home Directories browseable = no read only = no [printers] comment = All Printers path = /var/spool/samba printable = yes printer name = EPSPHOTO guest ok = yes [mydocs] case sensitive = no guest ok = yes msdfs proxy = no read only = no path = /mydocs Some more system info: [EMAIL PROTECTED] ~]# smbd --version Version 3.0.20 [EMAIL PROTECTED] ~]# nmbd --version Version 3.0.20 [EMAIL PROTECTED] ~]# uname -a Linux alpha 2.6.11-1.1180axp_FC3 #1 Mon Apr 18 11:34:15 EEST 2005 alpha alpha alpha GNU/Linux If you need other system information, please ask. Kind Regards, Marc -- Marc Gregoire NuonSoft Website: http://www.nuonsoft.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] error NT_STATUS_ACCESS_DENIED
Hello I'm running Samba version 3.0.2a on Solaris 9 and can not get access to my defined shares. My config is below. I believe my configuration is good and I can see the server in the Windows Network browser but can not authenticate. Any one have any ideas? Thanks Steve [global] netbios name = f2z32-07 workgroup = LEVEL3 server string = %h # do not change anything in the [global] section beyond this point. # Security settings to allow operation with Windows domain credentials. # Misconfiguration will impact the availability of this system # and is a severity 3 exposure. security = domain password server = * allow trusted domains = yes encrypt passwords = yes client use spnego = yes # We don't want Samba to become a master browser on the network, and # never act as the Primary Domain Controller. # Misconfiguration will impact the stability of the production # network and is a severity 4 exposure. local master = no domain logons = no domain master = no # Set up to be a WINS client, but definitely not a WINS server. # Misconfiguration will impact the availability of this system # and is a severity 3 exposure. wins support = no wins server = 10.1.7.10 10.1.7.11 # Only allow access from internal clients # Misconfiguration could allow unauthorized access and is a # severity 3 exposure. hosts allow = 10.0.0.0/8 hosts deny = ALL interfaces = 127.0.0.1 10.0.0.0/8 bind interfaces only = yes # Root is explicitly not allowed access. # Misconfiguration could allow connection with root privilege # and is a severity 3 exposure. invalid users = root # Only users in the ntusers group are allowed access # Misconfiguration could contribute to allowing access # to unauthorized users and is a severity 2 exposure. valid users = @ntusers # We need to map NT usernames to UNIX usernames # Misconfiguration could allow unauthorized access and is # a severity 3 exposure. username map = /usr/local/samba/lib/usernames.map # don't allow older, weaker encryption spec to be used lanman auth = no # no OS/2 client support is needed lm announce = no # NT/2000/XP should all be able to cope, and the added strength is necessary min protocol = NT1 # We're on a Local Area Network, so these settings are appropriate socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Logging options, record Create / Delete / Rename / Perm Change / Open / Close # Misconfiguration will impact monitoring and is a severity 2 exposure. vfs objects = extd_audit log level = 2 ; log file = /var/log/samba.log # Set up umasks for object creation # Misconfiguration could allow files to be created with undesireable # permissions and is a severity 2 exposure. inherit permissions = no create mask = 0644 directory mask = 0755 # Authenticated access is required to all resources # Misconfiguration could allow unauthorized access to the resources and # is a severity 3 exposure. guest ok = no # As a further safety, shares are read only by default. read only = yes [public] path = /home/public read only = no # [lecinv] guest ok = yes path = /lecinv valid users = wfarrell,sbrown writeable = yes bash-2.05# Steve Brown Unix Systems Administration Level 3 Communications 1025 Eldorado Blvd (720)888-3545 Pager Pin 8774636766 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Page Print Jobs Wont Sort
Hello List, Im running samba 3 with cups. When I change the sort order in msword when printing multiple pages the sort order is stuck to page 1,1 then page 2,2 etc. So printing 2 copies of a multiple page ducument will not result in a sort order of 1,2,3 .. per document. I'm running multiple HPjetdirect printers in a mixed windows environment, using client printer driver = yes. However, using cups drivers or raw queue'ing doesn't solve the issue. Any hints would be greatly appriciated. Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.14a-0.4-SUSE winbind -t error with NT4 domain
I am trying to use winbind on SLES 9 (SP2) with Samba version 3.0.14a-0.4-SUSE as a member server. Using wbinfo -u and -g work great (and getent passwd/group). When I try wbinfo -t, I receive the following error: checking the trust secret via RPC calls failed error code was NT_STATUS_INVALID_COMPUTER_NAME (0xc122) Could not check secret With winbind running I can not view shares on system (net view \\xxx). From Windows system I receive: System error 1210 has occurred. The format of the specified computer name is invalid. If I stop winbind, the shares are visible. I'm sure it is something I have mis-configured but can't find it. Any help would be greatly appreciated!!! Bob Dehn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authentication confusion - may be LDAP related
Ric Tibbetts wrote: dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata uid: 1040 username: u123456 snip with u123456 being my *nix login. To me, this looks very wrong (not to mention that there's no dc=). It looks wrong and the author surely has had no clue what cn means etc. nevertheless it should work. If I'm seeing this right, shouldn't the login be the uid not username? Is that what Samba is looking for? You can set ldap filter = (username=%u) in smb.conf along with a suitable value for ldap suffix. Check the users with getent passwd to test if they are visible to the system. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba/Firewall issues?
Greetings, I am running into *possible* Samba/Firewall issues. Our Samba v3.0.11 server is also running iptables. In our log.nmbd file we have noticed the following: [2005/09/27 15:43:41, 1] libsmb/cliconnect.c:cli_connect(1313) Error connecting to 130.xx.xx.xx (Connection refused) [2005/09/27 15:50:21, 0] libsmb/nmblib.c:send_udp(790) Packet send failed to 130.xx.xx.xx(138) ERRNO=Operation not permitted [2005/09/27 14:07:57, 1] libsmb/cliconnect.c:cli_connect(1313) Error connecting to 130.xx.xx.xx (No route to host) [2005/09/27 14:12:51, 1] libsmb/cliconnect.c:cli_connect(1313) Error connecting to 130.xx.xx.xx (Connection refused) [2005/09/27 14:23:04, 1] libsmb/cliconnect.c:cli_connect(1313) A search turned up the following: http://seclists.org/lists/bugtraq/2001/Mar/0285.html Obviously, the netfilter nat code breaks nmap while using the -O flag or using decoy options. The (sendto in send_tcp_raw: sendto) error is a symptom of this. It also breaks other packet shaping utilities such as hping, etc., so this does not appear to be an nmap problem. I don't believe the connection tracking portion of netfilter is to blame in this case. In my tests the connection tracking code, whether it was loaded as a module or built statically into the kernel, didn't seem to get in the way. The cause of the 'sendto..' errors seems to be caused solely by the iptable_nat.o module(which is huge, of course). Once you load that one, or build it into the kernel, nmap -O no worky. Without it, nmap/hping/everything works just peachy. Best Regards, Steve - Now I have removed iptable_nat with rmmod but I am still seeing errors. For our end users the error shows up as Domain not found. Anyone see these errors before ?? Thanks Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication confusion - may be LDAP related
At 02:20 PM 9/27/2005, paul kölle wrote: Ric Tibbetts wrote: dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata uid: 1040 username: u123456 snip with u123456 being my *nix login. To me, this looks very wrong (not to mention that there's no dc=). It looks wrong and the author surely has had no clue what cn means etc. nevertheless it should work. If I'm seeing this right, shouldn't the login be the uid not username? Is that what Samba is looking for? You can set ldap filter = (username=%u) in smb.conf along with a suitable value for ldap suffix. Check the users with getent passwd to test if they are visible to the system. Okay, I tried this. Here's my smb.conf: # Global parameters [global] workgroup = WIN server string = RX01 %a-%v security = user password server = a server username map = /usr/local/samba/private/smbusers log level = 100 log file = /var/log/samba/%m.log max log size = 500 wins server = a server socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ldap filter = (username=%u) ldap admin dn = cn=root ldap suffix = cn=aixsecdb,cn=aixdata ldap group suffix = ou=aixgroup ldap user suffix = ou=aixuser ldap machine suffix = cn=aixid,ou=system [Homes] comment = User Home Directories valid users = %S read only = No guest ok = Yes Still no good. I have no getent installed. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication confusion - may be LDAP related
At 02:20 PM 9/27/2005, paul kölle wrote: Ric Tibbetts wrote: dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata uid: 1040 username: u123456 snip with u123456 being my *nix login. To me, this looks very wrong (not to mention that there's no dc=). It looks wrong and the author surely has had no clue what cn means etc. nevertheless it should work. If I'm seeing this right, shouldn't the login be the uid not username? Is that what Samba is looking for? You can set ldap filter = (username=%u) in smb.conf along with a suitable value for ldap suffix. Check the users with getent passwd to test if they are visible to the system. This is from the error log: attempting to make a user_info for u212442 (212442) making strings for u212442's user_info struct making blobs for u212442's user_info struct made an encrypted user_info for u212442 (212442) check_ntlm_password: mapped user is: [EMAIL PROTECTED] getsampwnam (smbpasswd): search by name: u212442 check_sam_security: Couldn't find user 'u212442' in passdb. check_ntlm_password: Authentication for user [212442] - [u212442] FAILED with error NT_STATUS_NO_SUCH_USER Yet, from that same AIX box if I check my id: # id u212442 uid=1040(u212442) gid=1001(sysadmin) So the OS knows the id exists, it's just not passing that info to Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication confusion - may be LDAP related
At 02:20 PM 9/27/2005, paul kölle wrote: Ric Tibbetts wrote: dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata uid: 1040 username: u123456 snip with u123456 being my *nix login. To me, this looks very wrong (not to mention that there's no dc=). It looks wrong and the author surely has had no clue what cn means etc. nevertheless it should work. Suprisingly enough (maybe not...) this is the default configuration from IBM for thier LDAP server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC Configuration
Hi i need to install samba as pdc of my network, please can anybody can send me a smb.conf example? or the steps that i must follow to do that? im new in linux, i have to change from Windows 2003 to RHEL 4. thanks for the help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] When will be released samba 3.0.20a with latest patches ?
Hi all. When will be released samba 3.0.20a with latest patches from this: http://us4.samba.org/samba/patches/ There is statement: *ATTENTION* A patch release, Samba 3.0.20a, is planned for late in the week of September 19, 2005. This release will incorporate all the patches for 3.0.20 listed on this page as well as a few possible other fixes. We are all after Semptember 19 and there is no samba 3.0.20a :( P.S. I have upgrade my serwer with samba 3.0.20 but my dos apps hang with bug: BUG 3044 https://bugzilla.samba.org/bug/3044 and 3060 https://bugzilla.samba.org/bug/3060 DOS application interoperability issues So i rolled back to samba 3.0.14a :( Best regrads, Jancio Wodnik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] When will be released samba 3.0.20a with latest patches ?
On Tue, Sep 27, 2005 at 11:04:38PM +0200, Jancio Wodnik wrote: Hi all. When will be released samba 3.0.20a with latest patches from this: http://us4.samba.org/samba/patches/ There is statement: *ATTENTION* A patch release, Samba 3.0.20a, is planned for late in the week of September 19, 2005. This release will incorporate all the patches for 3.0.20 listed on this page as well as a few possible other fixes. We are all after Semptember 19 and there is no samba 3.0.20a :( We're working on it... We're trying to ensure there are no outstanding critical bugs for 3.0.20a, and I just fixed another DOS client one. You'd rather it be correct than on time I hope ? :-). P.S. I have upgrade my serwer with samba 3.0.20 but my dos apps hang with bug: BUG 3044 https://bugzilla.samba.org/bug/3044 and 3060 https://bugzilla.samba.org/bug/3060 DOS application interoperability issues Those will definately be fixed in 3.0.20a. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] When will be released samba 3.0.20a with latest patches ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: | | We're working on it... We're trying to ensure there | are no outstanding critical bugs for 3.0.20a, and | I just fixed another DOS client one. | | You'd rather it be correct than on time I hope ? :-). I just updated the patches page to list a notice of the delay. I put down Oct 7 now as the target date. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDObYWIR7qMdg1EfYRAko7AJ9tqkOHWhRi70w3ifE1v1Tu/RveCACgqyTb J9sy8p6H502zJkr3cFaXmOs= =B1ck -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] When will be released samba 3.0.20a with latest patches ?
Jeremy Allison wrote: On Tue, Sep 27, 2005 at 11:04:38PM +0200, Jancio Wodnik wrote: Hi all. When will be released samba 3.0.20a with latest patches from this: http://us4.samba.org/samba/patches/ There is statement: *ATTENTION* A patch release, Samba 3.0.20a, is planned for late in the week of September 19, 2005. This release will incorporate all the patches for 3.0.20 listed on this page as well as a few possible other fixes. We are all after Semptember 19 and there is no samba 3.0.20a :( We're working on it... We're trying to ensure there are no outstanding critical bugs for 3.0.20a, and I just fixed another DOS client one. You'd rather it be correct than on time I hope ? :-). P.S. I have upgrade my serwer with samba 3.0.20 but my dos apps hang with bug: BUG 3044 https://bugzilla.samba.org/bug/3044 and 3060 https://bugzilla.samba.org/bug/3060 DOS application interoperability issues Those will definately be fixed in 3.0.20a. Jeremy. Ok Jeremy. I will keep my eyes on this. Jancio Wodnik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] When will be released samba 3.0.20a with latest patches ?
On Tue, Sep 27, 2005 at 11:22:52PM +0200, Jancio Wodnik wrote: Those will definately be fixed in 3.0.20a. Jeremy. Ok Jeremy. I will keep my eyes on this. If you want to make sure all your issues are fixed I suggest joining the Samba Testers list and offering help to test against regressions with DOS clients. We don't have anyone specifically testing with old clients at the moment I think, as most people care about W2K/WNT/WXP and above. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authentication confusion - may be LDAP related
Ric Tibbetts wrote: This is from the error log: attempting to make a user_info for u212442 (212442) making strings for u212442's user_info struct making blobs for u212442's user_info struct made an encrypted user_info for u212442 (212442) check_ntlm_password: mapped user is: [EMAIL PROTECTED] getsampwnam (smbpasswd): search by name: u212442 check_sam_security: Couldn't find user 'u212442' in passdb. check_ntlm_password: Authentication for user [212442] - [u212442] FAILED with error NT_STATUS_NO_SUCH_USER If you can increase the log level for the LDAP server you can see what filter is used above and find out why the object is not found. Have you added the sambaSamAccount objectClass and attributes to the user? You can use smbldap-tools for that. Yet, from that same AIX box if I check my id: # id u212442 uid=1040(u212442) gid=1001(sysadmin) So the OS knows the id exists, it's just not passing that info to Samba. Sorry, I don't know AIX, but if all users and groups samba needs to know about are in LDAP, you can probably set ldapsam:trusted = yes in smb.conf bypassing the whole NSS story. Read the manpage of smb.conf what this parameter does. hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file to large
Stephan Böni wrote: Hi I cannont copying files larger than 2 GB over samba share (monted with smbmount). Do you have a solution? Stephan tray this: mount -t smbfs -o lfs,username=administrator //192.168.0.25/C$ /mnt/large_filesystem options lfs - large filesystem support old ext2 filesystem to manage files up than 2GB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Login to windows with samba running as domain master doesn't set HOMEPATH environment variable
I'm running samba as a domain master, Have implemented roaming profiles (correctly I hope). However, have discovered that if I use the client Windows 2K machine on the domain Local machine the environment variable %HOMEPATH% is set correctly to \Documents and Settings\myname however if I then login to my domain implemented by samba %HOMEPATH% is simply not defined. HOMEDRIVE and the rest seem OK, it's just HOMEPATH. Now I have searched the archives for related questions but nothing really applicable has come up therefore its going to be something wrong with my configuration (either server or client) but I really am stuck to what it could be. Thanks Derek Information - Server: OS SuSE Linux 9.1 Samba Version 3.0.13-1.1-SUSE Smb.conf - # Global parameters [global] workgroup = ELMSCLOSE map to guest = Bad User unix password sync = Yes passdb backend = smbpasswd:/etc/samba/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *changed* passwd chat debug = Yes printcap cache time = 750 printcap name = cups add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon path = \\%L\profiles\.msprofile logon drive = Y: logon home = \\%L\%U\.9xprofile domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes admin users = root, derek printer admin = @ntadmin, root, administrator cups options = raw include = /etc/samba/dhcp.conf template homedir = /home/%D/%U [homes] path = /home/%U/ comment = Home Directories valid users = %S read only = No inherit acls = Yes browseable = No [profiles] comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root [public] comment = Public Shared Directory path = /home/public read only = No inherit acls = Yes Client: OS Windows 2000 Pro Have joined domain ELMSCLOSE without any problems Have created a user with profiles being copied to LINUX box without problems No other changes made -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel problem with samba 3.0.4 and 3.0.10
I applied the fix for my test system running SunOS 2.9 + samba 3.0.10 on a ufs file system. I've done the following: # umount /export/home # mount -o noatime /dev/dsk/c0t0d0s7 /export/home # ls -lu /export/home/TEST.xls - record access time # ls -l /export/home/TEST.xls - record modification time From PC , I accessed and opened/closed the exel file TEST.xls. modification time got updated ,not access time. So far I have tried Exel 2000 and Exel 2003. I verified that autosave was disabled but the file's timestamp still got updated. Any idea?! Thanks, Xuan Kevin W. Gagel wrote: Read up on atime here: http://www.faqs.org/docs/securing/chap6sec73.html Its what you're after. - Original Message - From: xuan van [EMAIL PROTECTED] To: samba@lists.samba.org Subject: [Samba] Excel problem with samba 3.0.4 and 3.0.10 Date: Mon, 26 Sep 2005 09:55:04 -0700 Problem Description == Open and close without saving EXCEL files causes time stamp updated Problem occurs on both samba versions 3.0.4 and 3.0.10 I am looking for a solution to this problem. I would appreciate any help. Thanks in advance Xuan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 448 --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel problem with samba 3.0.4 and 3.0.10
Yes, you're right! I upgraded samba to 3.0.20 and the problem seems to go away. Thanks, Xuan Jeremy Allison wrote: On Mon, Sep 26, 2005 at 09:55:04AM -0700, xuan van wrote: Problem Description == Open and close without saving EXCEL files causes time stamp updated Problem occurs on both samba versions 3.0.4 and 3.0.10 I am looking for a solution to this problem. I would appreciate any help. Thanks in advance This was fixed for 3.0.20 I believe... Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] FW: Need HELP in upgrading SAMBA 2.2.12 to 3.0.20
_ From: Agda Maria Galli Cartolano Sent: Tuesday, September 27, 2005 5:08 PM To: samba-technical@lists.samba.org Subject: Need HELP in upgrading SAMBA 2.2.12 to 3.0.20 Good people, I need some help... I am trying to upgrade SAMBA 2.2.12 to 3.0.20 but I am very confused and cannot find my way... The SAMBA server is a SunFire V210, Solaris 9, 64 bit server. I went to the samba web site and downloaded samba-3.0.20-1-noads-sunos5.9-sparc.pkg.gz. All the instructions I found were related to installation and not upgrade. Does it matter? Is the process the same? Will my old shares (filled up with 2.2.12 files) be compatible with 3.0.20? The instructions just tell to gunzip the file, verify the signatures and pkgadd. Sorry but I have never used wget or gpg. How can I get them? Please HEP !!! Thanks, amgc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Page Print Jobs Wont Sort
-- Forwarded message -- From: frame down under [EMAIL PROTECTED] Date: 28-Sep-2005 00:41 Subject: Re: [Samba] Multiple Page Print Jobs Wont Sort To: John Ward [EMAIL PROTECTED] Is there any indication why a local printer sorts ok, but a networked printer doesn't ? Frank On 27/09/05, John Ward [EMAIL PROTECTED] wrote: From: frame down under [EMAIL PROTECTED] Date: 2005/09/27 Tue PM 12:52:36 PDT To: samba@lists.samba.org Subject: [Samba] Multiple Page Print Jobs Wont Sort Hello List, Im running samba 3 with cups. When I change the sort order in msword when printing multiple pages the sort order is stuck to page 1,1 then page 2,2 etc. So printing 2 copies of a multiple page ducument will not result in a sort order of 1,2,3 .. per document. I'm running multiple HPjetdirect printers in a mixed windows environment, using client printer driver = yes. However, using cups drivers or raw queue'ing doesn't solve the issue. Any hints would be greatly appriciated. Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba I have noticed this also, if you print to a 'local' printer then all is ok, if you print to a Windows spooled printer, good luck. John. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r10527 - in branches/SAMBA_4_0/source/script: .
Author: tridge Date: 2005-09-27 07:11:33 + (Tue, 27 Sep 2005) New Revision: 10527 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10527 Log: don't attempt self gdb attach if running under valgrind. This was causing fort to get rather unhappy Modified: branches/SAMBA_4_0/source/script/gdb_backtrace Changeset: Modified: branches/SAMBA_4_0/source/script/gdb_backtrace === --- branches/SAMBA_4_0/source/script/gdb_backtrace 2005-09-27 05:11:14 UTC (rev 10526) +++ branches/SAMBA_4_0/source/script/gdb_backtrace 2005-09-27 07:11:33 UTC (rev 10527) @@ -1,5 +1,10 @@ #!/bin/sh +if [ -n $VALGRIND -o -n $SMBD_VALGRIND ]; then +echo Not running gdb under valgrind +exit 1 +fi + # we want everything on stderr, so the program is not disturbed exec 12
svn commit: samba-docs r815 - in trunk/smbdotconf/tuning: .
Author: ab Date: 2005-09-27 08:42:49 + (Tue, 27 Sep 2005) New Revision: 815 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=815 Log: Code in Samba 3 states use sendfile = false so documentation must reflect it Modified: trunk/smbdotconf/tuning/usesendfile.xml Changeset: Modified: trunk/smbdotconf/tuning/usesendfile.xml === --- trunk/smbdotconf/tuning/usesendfile.xml 2005-09-16 19:06:50 UTC (rev 814) +++ trunk/smbdotconf/tuning/usesendfile.xml 2005-09-27 08:42:49 UTC (rev 815) @@ -13,5 +13,5 @@ /para /description -value type=defaultyes/value +value type=defaultfalse/value /samba:parameter
svn commit: samba r10528 - in branches/SAMBA_4_0/source: client gtk/common include lib lib/cmdline lib/samba3 ntvfs/cifs rpc_server/remote scripting/ejs torture torture/basic torture/rpc utils
Author: jelmer Date: 2005-09-27 10:00:27 + (Tue, 27 Sep 2005) New Revision: 10528 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10528 Log: Add credentials.h back into includes.h as some compilers don't seem to be able to handle incomplete enum types. Modified: branches/SAMBA_4_0/source/client/client.c branches/SAMBA_4_0/source/gtk/common/credentials.c branches/SAMBA_4_0/source/include/includes.h branches/SAMBA_4_0/source/include/structs.h branches/SAMBA_4_0/source/lib/cmdline/popt_common.c branches/SAMBA_4_0/source/lib/credentials.c branches/SAMBA_4_0/source/lib/samba3/secrets.c branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c branches/SAMBA_4_0/source/scripting/ejs/smbcalls_cli.c branches/SAMBA_4_0/source/scripting/ejs/smbcalls_creds.c branches/SAMBA_4_0/source/torture/basic/secleak.c branches/SAMBA_4_0/source/torture/gentest.c branches/SAMBA_4_0/source/torture/locktest.c branches/SAMBA_4_0/source/torture/masktest.c branches/SAMBA_4_0/source/torture/rpc/samlogon.c branches/SAMBA_4_0/source/torture/rpc/samsync.c branches/SAMBA_4_0/source/torture/rpc/schannel.c branches/SAMBA_4_0/source/utils/ntlm_auth.c Changeset: Modified: branches/SAMBA_4_0/source/client/client.c === --- branches/SAMBA_4_0/source/client/client.c 2005-09-27 07:11:33 UTC (rev 10527) +++ branches/SAMBA_4_0/source/client/client.c 2005-09-27 10:00:27 UTC (rev 10528) @@ -32,7 +32,6 @@ #include system/dir.h #include system/filesys.h #include dlinklist.h -#include credentials.h #include system/readline.h #include pstring.h Modified: branches/SAMBA_4_0/source/gtk/common/credentials.c === --- branches/SAMBA_4_0/source/gtk/common/credentials.c 2005-09-27 07:11:33 UTC (rev 10527) +++ branches/SAMBA_4_0/source/gtk/common/credentials.c 2005-09-27 10:00:27 UTC (rev 10528) @@ -20,7 +20,6 @@ #include includes.h #include gtk/common/gtk-smb.h -#include include/credentials.h static void gtk_get_credentials(struct cli_credentials *credentials) { Modified: branches/SAMBA_4_0/source/include/includes.h === --- branches/SAMBA_4_0/source/include/includes.h2005-09-27 07:11:33 UTC (rev 10527) +++ branches/SAMBA_4_0/source/include/includes.h2005-09-27 10:00:27 UTC (rev 10528) @@ -114,6 +114,7 @@ #include ntvfs/ntvfs.h #include cli_context.h #include lib/com/com.h +#include credentials.h #define malloc_p(type) (type *)malloc(sizeof(type)) #define malloc_array_p(type, count) (type *)realloc_array(NULL, sizeof(type), count) Modified: branches/SAMBA_4_0/source/include/structs.h === --- branches/SAMBA_4_0/source/include/structs.h 2005-09-27 07:11:33 UTC (rev 10527) +++ branches/SAMBA_4_0/source/include/structs.h 2005-09-27 10:00:27 UTC (rev 10528) @@ -297,7 +297,3 @@ struct param_context; struct param_section; struct param; - -enum credentials_obtained; -struct cli_credentials; -struct ccache_container; Modified: branches/SAMBA_4_0/source/lib/cmdline/popt_common.c === --- branches/SAMBA_4_0/source/lib/cmdline/popt_common.c 2005-09-27 07:11:33 UTC (rev 10527) +++ branches/SAMBA_4_0/source/lib/cmdline/popt_common.c 2005-09-27 10:00:27 UTC (rev 10528) @@ -25,7 +25,6 @@ #include system/filesys.h #include system/passwd.h #include lib/cmdline/popt_common.h -#include credentials.h /* Handle command line options: * -d,--debuglevel Modified: branches/SAMBA_4_0/source/lib/credentials.c === --- branches/SAMBA_4_0/source/lib/credentials.c 2005-09-27 07:11:33 UTC (rev 10527) +++ branches/SAMBA_4_0/source/lib/credentials.c 2005-09-27 10:00:27 UTC (rev 10528) @@ -27,7 +27,6 @@ #include librpc/gen_ndr/ndr_samr.h /* for struct samrPassword */ #include system/kerberos.h #include auth/kerberos/kerberos.h -#include include/credentials.h /** Modified: branches/SAMBA_4_0/source/lib/samba3/secrets.c === --- branches/SAMBA_4_0/source/lib/samba3/secrets.c 2005-09-27 07:11:33 UTC (rev 10527) +++ branches/SAMBA_4_0/source/lib/samba3/secrets.c 2005-09-27 10:00:27 UTC (rev 10528) @@ -30,7 +30,6 @@ #include system/filesys.h #include librpc/gen_ndr/ndr_security.h #include lib/tdb/include/tdbutil.h -#include credentials.h /** * Unpack SID into a pointer Modified: branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c === --- branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c 2005-09-27 07:11:33 UTC (rev 10527) +++
svn commit: samba r10529 - in branches/SAMBA_4_0/source/libcli/composite: .
Author: metze Date: 2005-09-27 10:29:13 + (Tue, 27 Sep 2005) New Revision: 10529 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10529 Log: fix a crash bug in full async code the uses the composite_trigger_done() code the event subsystem wants to free timed_events! metze Modified: branches/SAMBA_4_0/source/libcli/composite/composite.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/composite/composite.c === --- branches/SAMBA_4_0/source/libcli/composite/composite.c 2005-09-27 10:00:27 UTC (rev 10528) +++ branches/SAMBA_4_0/source/libcli/composite/composite.c 2005-09-27 10:29:13 UTC (rev 10529) @@ -52,6 +52,12 @@ { struct composite_context *c = talloc_get_type(ptr, struct composite_context); if (c-async.fn) { + /* +* the event is a child of req, +* and req will be free'ed by the callback fn +* but the events code wants to free the event itself +*/ + talloc_steal(ev, te); c-async.fn(c); } }
svn commit: samba r10530 - in branches/SAMBA_4_0/source/libcli/wrepl: .
Author: metze Date: 2005-09-27 10:31:57 + (Tue, 27 Sep 2005) New Revision: 10530 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10530 Log: - fix some crash bugs when we lost the connection... metze Modified: branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.h Changeset: Modified: branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c === --- branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c 2005-09-27 10:29:13 UTC (rev 10529) +++ branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c 2005-09-27 10:31:57 UTC (rev 10530) @@ -31,6 +31,8 @@ */ static void wrepl_socket_dead(struct wrepl_socket *wrepl_socket) { + wrepl_socket-dead = True; + event_set_fd_flags(wrepl_socket-fde, 0); while (wrepl_socket-send_queue) { @@ -118,7 +120,10 @@ req-buffer.data + req-num_read, 4 - req-num_read, nread, 0); - if (NT_STATUS_IS_ERR(req-status)) goto failed; + if (NT_STATUS_IS_ERR(req-status)) { + wrepl_socket_dead(wrepl_socket); + return; + } if (!NT_STATUS_IS_OK(req-status)) return; req-num_read += nread; @@ -140,7 +145,10 @@ req-buffer.data + req-num_read, req-buffer.length - req-num_read, nread, 0); - if (NT_STATUS_IS_ERR(req-status)) goto failed; + if (NT_STATUS_IS_ERR(req-status)) { + wrepl_socket_dead(wrepl_socket); + return; + } if (!NT_STATUS_IS_OK(req-status)) return; req-num_read += nread; @@ -275,6 +283,7 @@ wrepl_socket-send_queue = NULL; wrepl_socket-recv_queue = NULL; + wrepl_socket-dead = False; wrepl_socket-fde = event_add_fd(wrepl_socket-event_ctx, wrepl_socket, socket_get_fd(wrepl_socket-sock), @@ -368,8 +377,37 @@ return wrepl_connect_recv(req); } +/* + callback from wrepl_request_trigger() +*/ +static void wrepl_request_trigger_handler(struct event_context *ev, struct timed_event *te, + struct timeval t, void *ptr) +{ + struct wrepl_request *req = talloc_get_type(ptr, struct wrepl_request); + if (req-async.fn) { + /* +* the event is a child of req, +* and req will be free'ed by the callback fn +* but the events code wants to free the event itself +*/ + talloc_steal(ev, te); + req-async.fn(req); + } +} /* + trigger an immediate event on a wrepl_request +*/ +static void wrepl_request_trigger(struct wrepl_request *req) +{ + /* a zero timeout means immediate */ + event_add_timed(req-wrepl_socket-event_ctx, + req, timeval_zero(), + wrepl_request_trigger_handler, req); +} + + +/* send a generic wins replication request */ struct wrepl_request *wrepl_request_send(struct wrepl_socket *wrepl_socket, @@ -381,12 +419,20 @@ req = talloc_zero(wrepl_socket, struct wrepl_request); if (req == NULL) goto failed; + if (wrepl_socket-dead) { + req-wrepl_socket = wrepl_socket; + req-state= WREPL_REQUEST_ERROR; + req-status = NT_STATUS_INVALID_CONNECTION; + wrepl_request_trigger(req); + return req; + } + req-wrepl_socket = wrepl_socket; req-state= WREPL_REQUEST_SEND; wrap.packet = *packet; req-status = ndr_push_struct_blob(req-buffer, req, wrap, - (ndr_push_flags_fn_t)ndr_push_wrepl_wrap); + (ndr_push_flags_fn_t)ndr_push_wrepl_wrap); if (!NT_STATUS_IS_OK(req-status)) goto failed; if (DEBUGLVL(10)) { @@ -468,6 +514,7 @@ struct wrepl_packet *packet=NULL; NTSTATUS status; status = wrepl_request_recv(req, req-wrepl_socket, packet); + NT_STATUS_NOT_OK_RETURN(status); if (packet-mess_type != WREPL_START_ASSOCIATION_REPLY) { status = NT_STATUS_UNEXPECTED_NETWORK_ERROR; } @@ -527,6 +574,7 @@ int i; status = wrepl_request_recv(req, req-wrepl_socket, packet); + NT_STATUS_NOT_OK_RETURN(status); if (packet-mess_type != WREPL_REPLICATION) { status = NT_STATUS_NETWORK_ACCESS_DENIED; } else if (packet-message.replication.command != WREPL_REPL_TABLE_REPLY) { @@ -630,6 +678,7 @@ int i; status = wrepl_request_recv(req, req-wrepl_socket, packet); +
svn commit: samba r10531 - in branches/SAMBA_4_0/source: heimdal_build lib/socket
Author: jelmer Date: 2005-09-27 10:32:49 + (Tue, 27 Sep 2005) New Revision: 10531 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10531 Log: (hopefully) improve detection of socket-related functions in external libraries Modified: branches/SAMBA_4_0/source/heimdal_build/config.mk branches/SAMBA_4_0/source/lib/socket/config.m4 branches/SAMBA_4_0/source/lib/socket/config.mk Changeset: Modified: branches/SAMBA_4_0/source/heimdal_build/config.mk === --- branches/SAMBA_4_0/source/heimdal_build/config.mk 2005-09-27 10:31:57 UTC (rev 10530) +++ branches/SAMBA_4_0/source/heimdal_build/config.mk 2005-09-27 10:32:49 UTC (rev 10531) @@ -324,7 +324,6 @@ HEIMDAL_ROKEN_ADDRINFO \ HEIMDAL_ROKEN_GAI_STRERROR \ HEIMDAL_ROKEN_INET_ATON \ - EXT_LIB_SOCKET \ EXT_LIB_XNET NOPROTO = YES # End SUBSYSTEM HEIMDAL_ROKEN Modified: branches/SAMBA_4_0/source/lib/socket/config.m4 === --- branches/SAMBA_4_0/source/lib/socket/config.m4 2005-09-27 10:31:57 UTC (rev 10530) +++ branches/SAMBA_4_0/source/lib/socket/config.m4 2005-09-27 10:32:49 UTC (rev 10531) @@ -18,32 +18,17 @@ # it. AC_CHECK_FUNCS(connect) if test x$ac_cv_func_connect = xno; then -case $LIBS $SOCKET_LIBS in -*-lnsl*) ;; -*) AC_CHECK_LIB_EXT(nsl_s, SOCKET_LIBS, printf) ;; -esac -case $LIBS $SOCKET_LIBS in -*-lnsl*) ;; -*) AC_CHECK_LIB_EXT(nsl, SOCKET_LIBS, printf) ;; -esac -case $LIBS $SOCKET_LIBS in -*-lsocket*) ;; -*) AC_CHECK_LIB_EXT(socket, SOCKET_LIBS, connect) ;; -esac -case $LIBS $SOCKET_LIBS in -*-linet*) ;; -*) AC_CHECK_LIB_EXT(inet, SOCKET_LIBS, connect) ;; -esac +AC_CHECK_LIB(nsl_s, printf) +AC_CHECK_LIB(nsl, printf) +AC_CHECK_LIB(socket, connect) +AC_CHECK_LIB_EXT(inet, connect) dnl We can't just call AC_CHECK_FUNCS(connect) here, because the value dnl has been cached. if test x$ac_cv_lib_ext_socket_connect = xyes || test x$ac_cv_lib_ext_inet_connect = xyes; then -# ac_cv_func_connect=yes -# don't! it would cause AC_CHECK_FUNC to succeed next time configure is run AC_DEFINE(HAVE_CONNECT,1,[Whether the system has connect()]) fi fi -SMB_EXT_LIB(SOCKET,[${SOCKET_LIBS}],[${SOCKET_CFLAGS}],[${SOCKET_CPPFLAGS}],[${SOCKET_LDFLAGS}]) # check for unix domain sockets Modified: branches/SAMBA_4_0/source/lib/socket/config.mk === --- branches/SAMBA_4_0/source/lib/socket/config.mk 2005-09-27 10:31:57 UTC (rev 10530) +++ branches/SAMBA_4_0/source/lib/socket/config.mk 2005-09-27 10:32:49 UTC (rev 10531) @@ -6,7 +6,6 @@ INIT_OBJ_FILES = \ lib/socket/socket_ipv4.o NOPROTO=YES -REQUIRED_SUBSYSTEMS = EXT_LIB_SOCKET # End MODULE socket_ipv4 @@ -17,7 +16,6 @@ INIT_OBJ_FILES = \ lib/socket/socket_ipv6.o NOPROTO=YES -REQUIRED_SUBSYSTEMS = EXT_LIB_SOCKET # End MODULE socket_ipv6 @@ -28,7 +26,6 @@ INIT_OBJ_FILES = \ lib/socket/socket_unix.o NOPROTO=YES -REQUIRED_SUBSYSTEMS = EXT_LIB_SOCKET # End MODULE socket_unix
svn commit: samba r10532 - in branches/SAMBA_4_0/source/auth: .
Author: jelmer Date: 2005-09-27 11:02:06 + (Tue, 27 Sep 2005) New Revision: 10532 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10532 Log: Replace next_token() with str_list_make() Modified: branches/SAMBA_4_0/source/auth/auth_sam.c Changeset: Modified: branches/SAMBA_4_0/source/auth/auth_sam.c === --- branches/SAMBA_4_0/source/auth/auth_sam.c 2005-09-27 10:32:49 UTC (rev 10531) +++ branches/SAMBA_4_0/source/auth/auth_sam.c 2005-09-27 11:02:06 UTC (rev 10532) @@ -25,7 +25,6 @@ #include system/time.h #include auth/auth.h #include lib/ldb/include/ldb.h -#include pstring.h / Do a specific test for an smb password being correct, given a smb_password and @@ -161,21 +160,21 @@ /* Test workstation. Workstation list is comma separated. */ if (workstation_list *workstation_list) { BOOL invalid_ws = True; - const char *s = workstation_list; - - fstring tok; - - while (next_token(s, tok, ,, sizeof(tok))) { + int i; + const char **workstations = str_list_make(mem_ctx, workstation_list, ,); + + for (i = 0; workstations[i]; i++) { DEBUG(10,(sam_account_ok: checking for workstation match '%s' and '%s'\n, - tok, user_info-workstation_name)); + workstations[i], user_info-workstation_name)); - if (strequal(tok, user_info-workstation_name)) { + if (strequal(workstations[i], user_info-workstation_name)) { invalid_ws = False; - break; } } + talloc_free(workstations); + if (invalid_ws) { return NT_STATUS_INVALID_WORKSTATION; }
svn commit: samba r10533 - in branches/SAMBA_4_0/source/lib: .
Author: jelmer Date: 2005-09-27 11:10:57 + (Tue, 27 Sep 2005) New Revision: 10533 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10533 Log: Eliminate another use of next_token() Modified: branches/SAMBA_4_0/source/lib/util_sock.c Changeset: Modified: branches/SAMBA_4_0/source/lib/util_sock.c === --- branches/SAMBA_4_0/source/lib/util_sock.c 2005-09-27 11:02:06 UTC (rev 10532) +++ branches/SAMBA_4_0/source/lib/util_sock.c 2005-09-27 11:10:57 UTC (rev 10533) @@ -21,20 +21,16 @@ #include includes.h #include system/network.h -#include pstring.h - enum SOCK_OPT_TYPES {OPT_BOOL,OPT_INT,OPT_ON}; -typedef struct smb_socket_option { +static const struct { const char *name; int level; int option; int value; int opttype; -} smb_socket_option; - -static const smb_socket_option socket_options[] = { +} socket_options[] = { {SO_KEEPALIVE, SOL_SOCKET,SO_KEEPALIVE,0, OPT_BOOL}, {SO_REUSEADDR, SOL_SOCKET,SO_REUSEADDR,0, OPT_BOOL}, {SO_BROADCAST, SOL_SOCKET,SO_BROADCAST,0, OPT_BOOL}, @@ -76,9 +72,11 @@ / void set_socket_options(int fd, const char *options) { - fstring tok; + const char **options_list = str_list_make(NULL, options, \t,); + int j; - while (next_token(options,tok, \t,, sizeof(tok))) { + for (j = 0; options_list[j]; j++) { + const char *tok = options_list[j]; int ret=0,i; int value = 1; char *p; @@ -121,5 +119,7 @@ if (ret != 0) DEBUG(0,(Failed to set socket option %s (Error %s)\n,tok, strerror(errno) )); } + + talloc_free(options_list); }
svn commit: samba r10534 - in branches/tmp/samba4-winsrepl: . source/auth source/auth/kerberos source/build/m4 source/build/smb_build source/client source/gtk/common source/heimdal_build source/includ
Author: metze Date: 2005-09-27 11:24:03 + (Tue, 27 Sep 2005) New Revision: 10534 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10534 Log: [EMAIL PROTECTED] (orig r10513): jelmer | 2005-09-26 18:57:08 +0200 Reduce some use of pstring. The main reason some parts of the code still use pstring is next_token() now. [EMAIL PROTECTED] (orig r10514): jelmer | 2005-09-26 19:42:12 +0200 Add str_list_make_shell() and str_list_join_shell() [EMAIL PROTECTED] (orig r10515): jelmer | 2005-09-26 20:15:24 +0200 Handle replacement of domain logons and domain master by server role [EMAIL PROTECTED] (orig r10516): jelmer | 2005-09-26 20:16:23 +0200 Add seperator argument to str_list_{make,join}_shell() [EMAIL PROTECTED] (orig r10517): jelmer | 2005-09-26 20:16:38 +0200 Get rid of use of next_token() in lib/samba3/ [EMAIL PROTECTED] (orig r10520): abartlet | 2005-09-27 00:27:44 +0200 The join is a nice quick RPC test. Andrew Bartlett [EMAIL PROTECTED] (orig r10521): jelmer | 2005-09-27 02:11:21 +0200 Also check sys/socket.h for definition of socklen_t (needed for AIX) [EMAIL PROTECTED] (orig r10522): tridge | 2005-09-27 03:26:34 +0200 finally got the locking working on solaris10. This adds a read lock on the transaction lock in tdb_traverse_read(). This prevents a pattern of locks which triggers the deadlock detection code in solaris10. I suspect solaris10 is trying to prevent lock starvation by granting locks in the order they were requested, which makes it much easier to produce deadlocks. [EMAIL PROTECTED] (orig r10523): tridge | 2005-09-27 04:36:56 +0200 fixed timegm() to not depend on get_time_zone(), so it works in lib/replace/ the old timegm() replacement was also broken (it returned the wrong value) [EMAIL PROTECTED] (orig r10524): tridge | 2005-09-27 05:09:38 +0200 SAFE_FREE() in tdb does not need the discard_const_p() the discard_const_p() was causing problems on openbsd where intptr_t is not defined [EMAIL PROTECTED] (orig r10525): tridge | 2005-09-27 05:11:08 +0200 change from AC_CHECK_TYPES() to AC_CHECK_TYPE() for intptr_t, so the type is always available, which means we need less #ifdefs [EMAIL PROTECTED] (orig r10526): tridge | 2005-09-27 07:11:14 +0200 BASEDIR must be set or we end up installing most of the binaries into lib/ [EMAIL PROTECTED] (orig r10527): tridge | 2005-09-27 09:11:33 +0200 don't attempt self gdb attach if running under valgrind. This was causing fort to get rather unhappy [EMAIL PROTECTED] (orig r10528): jelmer | 2005-09-27 12:00:27 +0200 Add credentials.h back into includes.h as some compilers don't seem to be able to handle incomplete enum types. [EMAIL PROTECTED] (orig r10529): metze | 2005-09-27 12:29:13 +0200 fix a crash bug in full async code the uses the composite_trigger_done() code the event subsystem wants to free timed_events! metze [EMAIL PROTECTED] (orig r10530): metze | 2005-09-27 12:31:57 +0200 - fix some crash bugs when we lost the connection... metze [EMAIL PROTECTED] (orig r10531): jelmer | 2005-09-27 12:32:49 +0200 (hopefully) improve detection of socket-related functions in external libraries [EMAIL PROTECTED] (orig r10532): jelmer | 2005-09-27 13:02:06 +0200 Replace next_token() with str_list_make() [EMAIL PROTECTED] (orig r10533): jelmer | 2005-09-27 13:10:57 +0200 Eliminate another use of next_token() Added: branches/tmp/samba4-winsrepl/source/torture/local/util_strlist.c Modified: branches/tmp/samba4-winsrepl/ branches/tmp/samba4-winsrepl/source/auth/auth_developer.c branches/tmp/samba4-winsrepl/source/auth/auth_sam.c branches/tmp/samba4-winsrepl/source/auth/kerberos/kerberos.c branches/tmp/samba4-winsrepl/source/auth/kerberos/kerberos_verify.c branches/tmp/samba4-winsrepl/source/build/m4/rewrite.m4 branches/tmp/samba4-winsrepl/source/build/smb_build/makefile.pm branches/tmp/samba4-winsrepl/source/client/client.c branches/tmp/samba4-winsrepl/source/gtk/common/credentials.c branches/tmp/samba4-winsrepl/source/heimdal_build/config.mk branches/tmp/samba4-winsrepl/source/include/enums.h branches/tmp/samba4-winsrepl/source/include/includes.h branches/tmp/samba4-winsrepl/source/include/structs.h branches/tmp/samba4-winsrepl/source/lib/cmdline/popt_common.c branches/tmp/samba4-winsrepl/source/lib/cmdline/popt_common.h branches/tmp/samba4-winsrepl/source/lib/credentials.c branches/tmp/samba4-winsrepl/source/lib/ldb/include/includes.h branches/tmp/samba4-winsrepl/source/lib/pidfile.c branches/tmp/samba4-winsrepl/source/lib/replace/config.m4 branches/tmp/samba4-winsrepl/source/lib/replace/replace.c branches/tmp/samba4-winsrepl/source/lib/samba3/group.c branches/tmp/samba4-winsrepl/source/lib/samba3/secrets.c branches/tmp/samba4-winsrepl/source/lib/samba3/winsdb.c branches/tmp/samba4-winsrepl/source/lib/socket/config.m4
svn commit: samba r10535 - in branches/SAMBA_4_0/source/lib: .
Author: tridge Date: 2005-09-27 11:59:39 + (Tue, 27 Sep 2005) New Revision: 10535 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10535 Log: fixed the pidfile code (it didn't survive the recent pstring changes) Modified: branches/SAMBA_4_0/source/lib/pidfile.c Changeset: Modified: branches/SAMBA_4_0/source/lib/pidfile.c === --- branches/SAMBA_4_0/source/lib/pidfile.c 2005-09-27 11:24:03 UTC (rev 10534) +++ branches/SAMBA_4_0/source/lib/pidfile.c 2005-09-27 11:59:39 UTC (rev 10535) @@ -39,9 +39,9 @@ asprintf(pidFile, %s/%s.pid, lp_piddir(), name); fd = open(pidFile, O_NONBLOCK | O_RDONLY, 0644); - SAFE_FREE(pidFile); if (fd == -1) { + SAFE_FREE(pidFile); return 0; } @@ -63,11 +63,13 @@ } close(fd); + SAFE_FREE(pidFile); return (pid_t)ret; noproc: close(fd); unlink(pidFile); + SAFE_FREE(pidFile); return 0; }
svn commit: samba r10536 - in branches/tmp/samba4-winsrepl: . source/lib
Author: metze Date: 2005-09-27 12:07:01 + (Tue, 27 Sep 2005) New Revision: 10536 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10536 Log: [EMAIL PROTECTED] (orig r10535): tridge | 2005-09-27 13:59:39 +0200 fixed the pidfile code (it didn't survive the recent pstring changes) Modified: branches/tmp/samba4-winsrepl/ branches/tmp/samba4-winsrepl/source/lib/pidfile.c Changeset: Property changes on: branches/tmp/samba4-winsrepl ___ Name: svk:merge - 0c0555d6-39d7-0310-84fc-f1cc0bd64818:/branches/SAMBA_4_0:10533 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba4:9495 a953eb74-4aff-0310-a63c-855d20285ebb:/local/samba4:11632 + 0c0555d6-39d7-0310-84fc-f1cc0bd64818:/branches/SAMBA_4_0:10535 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba4:9495 a953eb74-4aff-0310-a63c-855d20285ebb:/local/samba4:11632 Modified: branches/tmp/samba4-winsrepl/source/lib/pidfile.c === --- branches/tmp/samba4-winsrepl/source/lib/pidfile.c 2005-09-27 11:59:39 UTC (rev 10535) +++ branches/tmp/samba4-winsrepl/source/lib/pidfile.c 2005-09-27 12:07:01 UTC (rev 10536) @@ -39,9 +39,9 @@ asprintf(pidFile, %s/%s.pid, lp_piddir(), name); fd = open(pidFile, O_NONBLOCK | O_RDONLY, 0644); - SAFE_FREE(pidFile); if (fd == -1) { + SAFE_FREE(pidFile); return 0; } @@ -63,11 +63,13 @@ } close(fd); + SAFE_FREE(pidFile); return (pid_t)ret; noproc: close(fd); unlink(pidFile); + SAFE_FREE(pidFile); return 0; }
svn commit: samba r10537 - in branches/SAMBA_4_0/source: gtk/common lib/events libcli/composite libcli/wrepl
Author: metze Date: 2005-09-27 12:54:08 + (Tue, 27 Sep 2005) New Revision: 10537 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10537 Log: - we now use a much nicer way to handle talloc_free(timed_event) the events code replaces a destructor to one that returns allways -1 while it's calling the event handler - we don't need the composite and winsrepl specific fixes any more - this also fixes the problem with smbcli, dcerpc, cldap, ldap and nbt request timeouts metze Modified: branches/SAMBA_4_0/source/gtk/common/gtk_events.c branches/SAMBA_4_0/source/lib/events/events_liboop.c branches/SAMBA_4_0/source/lib/events/events_standard.c branches/SAMBA_4_0/source/libcli/composite/composite.c branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c Changeset: Modified: branches/SAMBA_4_0/source/gtk/common/gtk_events.c === --- branches/SAMBA_4_0/source/gtk/common/gtk_events.c 2005-09-27 12:07:01 UTC (rev 10536) +++ branches/SAMBA_4_0/source/gtk/common/gtk_events.c 2005-09-27 12:54:08 UTC (rev 10537) @@ -209,46 +209,44 @@ } struct gtk_timed_event { - BOOL running; guint te_id; }; -static gboolean gtk_event_timed_handler(gpointer data) +/* + destroy a timed event +*/ +static int gtk_event_timed_destructor(void *ptr) { - struct timed_event *te = talloc_get_type(data, struct timed_event); + struct timed_event *te = talloc_get_type(ptr, struct timed_event); struct gtk_timed_event *gtk_te = talloc_get_type(te-additional_data, struct gtk_timed_event); - struct timeval t = timeval_current(); - gtk_te-running = True; - te-handler(te-event_ctx, te, t, te-private_data); - gtk_te-running = False; + g_source_remove(gtk_te-te_id); - talloc_free(te); + return 0; +} - /* return FALSE mean this event should be removed */ - return gtk_false(); +static int gtk_event_timed_deny_destructor(void *ptr) +{ + return -1; } -/* - destroy a timed event -*/ -static int gtk_event_timed_destructor(void *ptr) +static gboolean gtk_event_timed_handler(gpointer data) { - struct timed_event *te = talloc_get_type(ptr, struct timed_event); + struct timed_event *te = talloc_get_type(data, struct timed_event); struct gtk_timed_event *gtk_te = talloc_get_type(te-additional_data, struct gtk_timed_event); + struct timeval t = timeval_current(); - if (gtk_te-running) { - /* the event is running reject the talloc_free() - as it's done by the gtk_event_timed_handler() -*/ - return -1; - } + /* deny the handler to free the event */ + talloc_set_destructor(te, gtk_event_timed_deny_destructor); + te-handler(te-event_ctx, te, t, te-private_data); - g_source_remove(gtk_te-te_id); + talloc_set_destructor(te, gtk_event_timed_destructor); + talloc_free(te); - return 0; + /* return FALSE mean this event should be removed */ + return gtk_false(); } /* @@ -285,7 +283,6 @@ timeout = ((diff_tv.tv_usec+999)/1000)+(diff_tv.tv_sec*1000); gtk_te-te_id = g_timeout_add(timeout, gtk_event_timed_handler, te); - gtk_te-running = False; talloc_set_destructor(te, gtk_event_timed_destructor); Modified: branches/SAMBA_4_0/source/lib/events/events_liboop.c === --- branches/SAMBA_4_0/source/lib/events/events_liboop.c2005-09-27 12:07:01 UTC (rev 10536) +++ branches/SAMBA_4_0/source/lib/events/events_liboop.c2005-09-27 12:54:08 UTC (rev 10537) @@ -172,12 +172,23 @@ fde-flags = flags; } +static int oop_event_timed_destructor(void *ptr); +static int oop_event_timed_deny_destructor(void *ptr) +{ + return -1; +} + static void *oop_event_timed_handler(oop_source *oop, struct timeval t, void *ptr) { struct timed_event *te = ptr; + /* deny the handler to free the event */ + talloc_set_destructor(te, oop_event_timed_deny_destructor); te-handler(te-event_ctx, te, t, te-private_data); + talloc_set_destructor(te, oop_event_timed_destructor); + talloc_free(te); + return OOP_CONTINUE; } @@ -218,7 +229,7 @@ te-private_data= private_data; te-additional_data = NULL; - oop-cancel_time(oop, te-next_event, oop_event_timed_handler, te); + oop-on_time(oop, te-next_event, oop_event_timed_handler, te); talloc_set_destructor(te, oop_event_timed_destructor); Modified: branches/SAMBA_4_0/source/lib/events/events_standard.c === ---
svn commit: samba r10540 - in branches/SAMBA_4_0/source/gtk/common: .
Author: metze Date: 2005-09-27 13:04:07 + (Tue, 27 Sep 2005) New Revision: 10540 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10540 Log: fix compiler warning metze Modified: branches/SAMBA_4_0/source/gtk/common/gtk_events.c Changeset: Modified: branches/SAMBA_4_0/source/gtk/common/gtk_events.c === --- branches/SAMBA_4_0/source/gtk/common/gtk_events.c 2005-09-27 12:59:47 UTC (rev 10539) +++ branches/SAMBA_4_0/source/gtk/common/gtk_events.c 2005-09-27 13:04:07 UTC (rev 10540) @@ -234,8 +234,6 @@ static gboolean gtk_event_timed_handler(gpointer data) { struct timed_event *te = talloc_get_type(data, struct timed_event); - struct gtk_timed_event *gtk_te = talloc_get_type(te-additional_data, -struct gtk_timed_event); struct timeval t = timeval_current(); /* deny the handler to free the event */
svn commit: samba r10541 - in branches/tmp/samba4-winsrepl/source/nbt_server/wins: .
Author: metze Date: 2005-09-27 13:05:33 + (Tue, 27 Sep 2005) New Revision: 10541 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10541 Log: use a transaction when we allocate a new version metze Modified: branches/tmp/samba4-winsrepl/source/nbt_server/wins/winsdb.c Changeset: Modified: branches/tmp/samba4-winsrepl/source/nbt_server/wins/winsdb.c === --- branches/tmp/samba4-winsrepl/source/nbt_server/wins/winsdb.c 2005-09-27 13:04:07 UTC (rev 10540) +++ branches/tmp/samba4-winsrepl/source/nbt_server/wins/winsdb.c 2005-09-27 13:05:33 UTC (rev 10541) @@ -33,6 +33,7 @@ */ static uint64_t winsdb_allocate_version(struct wins_server *winssrv) { + int trans; int ret; struct ldb_context *ldb = winssrv-wins_db; struct ldb_dn *dn; @@ -41,6 +42,9 @@ TALLOC_CTX *tmp_ctx = talloc_new(winssrv); uint64_t maxVersion = 0; + trans = ldb_transaction_start(ldb); + if (trans != LDB_SUCCESS) goto failed; + dn = ldb_dn_explode(tmp_ctx, CN=VERSION); if (!dn) goto failed; @@ -72,10 +76,14 @@ if (ret != 0) ret = ldb_add(ldb, msg); if (ret != 0) goto failed; + trans = ldb_transaction_commit(ldb); + if (trans != LDB_SUCCESS) goto failed; + talloc_free(tmp_ctx); return maxVersion; failed: + if (trans == LDB_SUCCESS) ldb_transaction_cancel(ldb); talloc_free(tmp_ctx); return 0; }
svn commit: samba r10542 - in branches/SAMBA_4_0/source/libcli/raw: .
Author: metze Date: 2005-09-27 13:31:17 + (Tue, 27 Sep 2005) New Revision: 10542 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10542 Log: if the transport is dead we need to return tridge: I think this is correct, comments? metze Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c === --- branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2005-09-27 13:05:33 UTC (rev 10541) +++ branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2005-09-27 13:31:17 UTC (rev 10542) @@ -353,6 +353,7 @@ req-out.size, nwritten); if (NT_STATUS_IS_ERR(status)) { smbcli_transport_dead(transport); + return; } if (!NT_STATUS_IS_OK(status)) { return; @@ -540,6 +541,7 @@ nread); if (NT_STATUS_IS_ERR(status)) { smbcli_transport_dead(transport); + return; } if (!NT_STATUS_IS_OK(status)) { return; @@ -571,6 +573,7 @@ nread); if (NT_STATUS_IS_ERR(status)) { smbcli_transport_dead(transport); + return; } if (!NT_STATUS_IS_OK(status)) { return;
svn commit: samba-web r816 - in trunk/support: .
Author: deryck Date: 2005-09-27 14:17:47 + (Tue, 27 Sep 2005) New Revision: 816 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=816 Log: Add India support provider at the request of the company. deryck Modified: trunk/support/india.html Changeset: Modified: trunk/support/india.html === --- trunk/support/india.html2005-09-18 13:08:28 UTC (rev 815) +++ trunk/support/india.html2005-09-27 14:17:47 UTC (rev 816) @@ -25,6 +25,32 @@ /small/pre +!-- Added: 27 Sept 2005 -- +hr / +presmall +Yukthi Systems is an IT consulting company providing cost-effective +solutions on Linux platform. We have core competency in providing +IT Infrastructure and Security solutions on Linux. + +We are also specialized in Linux/Windows network integration, +implementing SAMBA Domain Controllers, Single-Signon and migrating +from Windows to Linux networks. + +We also manage and support existing Linux servers. Support will be +provided over phone, email, remote and onsite. + + +Yukthi Systems Pvt. Ltd. +Fazal Manor, 3rd Floor, +# 89, Richmond Road, +Bangalore 560 025, + +Tel: +91 80 2248 3813 / 2248 3222 +URL: a href=http://www.yukthi.com/;www.yukthi.com/a +Email: a href=mailto:[EMAIL PROTECTED][EMAIL PROTECTED]/a +/small/pre + + !-- Added: 14 July 2005 -- hr / h3Coimbatore/h3
svn commit: samba r10543 - in trunk/source: include printing
Author: jerry Date: 2005-09-27 14:25:24 + (Tue, 27 Sep 2005) New Revision: 10543 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10543 Log: fixing job deletion to call the lprm command during teh tdb traversal instead of just skipping it when we don't know the unix jobid Modified: trunk/source/include/printing.h trunk/source/printing/print_cups.c trunk/source/printing/print_generic.c trunk/source/printing/print_iprint.c trunk/source/printing/printing.c Changeset: Sorry, the patch is too large (470 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10543
svn commit: samba r10544 - in trunk/source: . param
Author: jerry Date: 2005-09-27 14:45:31 + (Tue, 27 Sep 2005) New Revision: 10544 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10544 Log: removing config_ldap so we can just copy trunk over to SAMBA_3_0 when it is time to do the merge. We can get this back later if we want Removed: trunk/source/param/config_ldap.c trunk/source/param/modconf.c Modified: trunk/source/Makefile.in trunk/source/configure.in trunk/source/param/loadparm.c Changeset: Sorry, the patch is too large (577 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10544
svn commit: samba r10545 - in branches/SAMBA_4_0/source/libcli/util: .
Author: metze Date: 2005-09-27 16:20:17 + (Tue, 27 Sep 2005) New Revision: 10545 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10545 Log: map ECONNRESET to NT_STATUS_CONNECTION_RESET metze Modified: branches/SAMBA_4_0/source/libcli/util/errormap.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/util/errormap.c === --- branches/SAMBA_4_0/source/libcli/util/errormap.c2005-09-27 14:45:31 UTC (rev 10544) +++ branches/SAMBA_4_0/source/libcli/util/errormap.c2005-09-27 16:20:17 UTC (rev 10545) @@ -1277,6 +1277,9 @@ { ENOMEM, NT_STATUS_NO_MEMORY }, { EPIPE,NT_STATUS_CONNECTION_DISCONNECTED }, { ECONNREFUSED, NT_STATUS_CONNECTION_REFUSED }, +#ifdef ECONNRESET + { ECONNRESET, NT_STATUS_CONNECTION_RESET }, +#endif { EBUSY,NT_STATUS_SHARING_VIOLATION }, #ifdef ENOTSUP { ENOTSUP, NT_STATUS_NOT_SUPPORTED},
svn commit: samba r10546 - in trunk/source/rpc_server: .
Author: jerry Date: 2005-09-27 16:40:32 + (Tue, 27 Sep 2005) New Revision: 10546 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10546 Log: remove extra reload_services() call in update_printer() Modified: trunk/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: trunk/source/rpc_server/srv_spoolss_nt.c === --- trunk/source/rpc_server/srv_spoolss_nt.c2005-09-27 16:20:17 UTC (rev 10545) +++ trunk/source/rpc_server/srv_spoolss_nt.c2005-09-27 16:40:32 UTC (rev 10546) @@ -6122,17 +6122,12 @@ || !strequal(printer-info_2-portname, old_printer-info_2-portname) || !strequal(printer-info_2-location, old_printer-info_2-location)) ) { + /* add_printer_hook() will call reload_services() */ + if ( !add_printer_hook(p-pipe_user.nt_user_token, printer) ) { result = WERR_ACCESS_DENIED; goto done; } - - /* -* make sure we actually reload the services after -* this as smb.conf could have a new section in it -* shouldn't but could -*/ - reload_services(False); } /*
svn commit: samba r10547 - in branches/SAMBA_4_0/source/libcli/wrepl: .
Author: metze Date: 2005-09-27 16:53:08 + (Tue, 27 Sep 2005) New Revision: 10547 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10547 Log: - add wrepl_request timeout handling - when we got an unexpected READ event, we need to do a socket_recv() to find connection errors and we need to mark the socket as dead (and remove the fde_event) to prevent, endless loops on broken connections tridge: we should look carefull at other protocol, to handle broken connections without spinning metze Modified: branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.h Changeset: Modified: branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c === --- branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c 2005-09-27 16:40:32 UTC (rev 10546) +++ branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c 2005-09-27 16:53:08 UTC (rev 10547) @@ -29,17 +29,28 @@ /* mark all pending requests as dead - called when a socket error happens */ -static void wrepl_socket_dead(struct wrepl_socket *wrepl_socket) +static void wrepl_socket_dead(struct wrepl_socket *wrepl_socket, NTSTATUS status) { wrepl_socket-dead = True; - event_set_fd_flags(wrepl_socket-fde, 0); + if (wrepl_socket-fde) { + talloc_free(wrepl_socket-fde); + wrepl_socket-fde = NULL; + } + if (wrepl_socket-sock) { + talloc_free(wrepl_socket-sock); + wrepl_socket-sock = NULL; + } + + if (NT_STATUS_EQUAL(NT_STATUS_UNSUCCESSFUL, status)) { + status = NT_STATUS_UNEXPECTED_NETWORK_ERROR; + } while (wrepl_socket-send_queue) { struct wrepl_request *req = wrepl_socket-send_queue; DLIST_REMOVE(wrepl_socket-send_queue, req); req-state = WREPL_REQUEST_ERROR; - req-status = NT_STATUS_UNEXPECTED_NETWORK_ERROR; + req-status = status; if (req-async.fn) { req-async.fn(req); } @@ -48,13 +59,20 @@ struct wrepl_request *req = wrepl_socket-recv_queue; DLIST_REMOVE(wrepl_socket-recv_queue, req); req-state = WREPL_REQUEST_ERROR; - req-status = NT_STATUS_UNEXPECTED_NETWORK_ERROR; + req-status = status; if (req-async.fn) { req-async.fn(req); } } } +static void wrepl_request_timeout_handler(struct event_context *ev, struct timed_event *te, + struct timeval t, void *ptr) +{ + struct wrepl_request *req = talloc_get_type(ptr, struct wrepl_request); + wrepl_socket_dead(req-wrepl_socket, NT_STATUS_IO_TIMEOUT); +} + /* handle send events */ @@ -67,7 +85,7 @@ status = socket_send(wrepl_socket-sock, req-buffer, nsent, 0); if (NT_STATUS_IS_ERR(status)) { - wrepl_socket_dead(wrepl_socket); + wrepl_socket_dead(wrepl_socket, status); return; } if (!NT_STATUS_IS_OK(status) || nsent == 0) return; @@ -99,7 +117,16 @@ DATA_BLOB blob; if (req == NULL) { + NTSTATUS status; + EVENT_FD_NOT_READABLE(wrepl_socket-fde); + + status = socket_recv(wrepl_socket-sock, NULL, 0, nread, 0); + if (NT_STATUS_EQUAL(NT_STATUS_END_OF_FILE,status)) return; + if (NT_STATUS_IS_ERR(status)) { + wrepl_socket_dead(wrepl_socket, status); + return; + } return; } @@ -121,7 +148,7 @@ 4 - req-num_read, nread, 0); if (NT_STATUS_IS_ERR(req-status)) { - wrepl_socket_dead(wrepl_socket); + wrepl_socket_dead(wrepl_socket, req-status); return; } if (!NT_STATUS_IS_OK(req-status)) return; @@ -146,7 +173,7 @@ req-buffer.length - req-num_read, nread, 0); if (NT_STATUS_IS_ERR(req-status)) { - wrepl_socket_dead(wrepl_socket); + wrepl_socket_dead(wrepl_socket, req-status); return; } if (!NT_STATUS_IS_OK(req-status)) return; @@ -225,7 +252,8 @@ struct wrepl_socket); struct wrepl_request *req = wrepl_socket-recv_queue; - talloc_free(fde); + talloc_free(wrepl_socket-fde); + wrepl_socket-fde = NULL; if (req == NULL) return; @@ -255,6 +283,15 @@ } } +/* + destroy a wrepl_socket destructor +*/ +static int
svn commit: samba r10548 - in branches/tmp/samba4-winsrepl: . source/gtk/common source/libcli/raw source/libcli/util source/libcli/wrepl
Author: metze Date: 2005-09-27 16:54:37 + (Tue, 27 Sep 2005) New Revision: 10548 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10548 Log: [EMAIL PROTECTED] (orig r10540): metze | 2005-09-27 15:04:07 +0200 fix compiler warning metze [EMAIL PROTECTED] (orig r10542): metze | 2005-09-27 15:31:17 +0200 if the transport is dead we need to return tridge: I think this is correct, comments? metze [EMAIL PROTECTED] (orig r10545): metze | 2005-09-27 18:20:17 +0200 map ECONNRESET to NT_STATUS_CONNECTION_RESET metze [EMAIL PROTECTED] (orig r10547): metze | 2005-09-27 18:53:08 +0200 - add wrepl_request timeout handling - when we got an unexpected READ event, we need to do a socket_recv() to find connection errors and we need to mark the socket as dead (and remove the fde_event) to prevent, endless loops on broken connections tridge: we should look carefull at other protocol, to handle broken connections without spinning metze Modified: branches/tmp/samba4-winsrepl/ branches/tmp/samba4-winsrepl/source/gtk/common/gtk_events.c branches/tmp/samba4-winsrepl/source/libcli/raw/clitransport.c branches/tmp/samba4-winsrepl/source/libcli/util/errormap.c branches/tmp/samba4-winsrepl/source/libcli/wrepl/winsrepl.c branches/tmp/samba4-winsrepl/source/libcli/wrepl/winsrepl.h Changeset: Sorry, the patch is too large (289 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10548
svn commit: samba r10549 - in branches/tmp/samba4-winsrepl/source/wrepl_server: .
Author: metze Date: 2005-09-27 16:58:37 + (Tue, 27 Sep 2005) New Revision: 10549 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10549 Log: - add first start of wins pull replication - we not yet apply records to our database but we fetch them correct form our partners (we need conflict handling for this) - we also need to filter out our own records! metze Modified: branches/tmp/samba4-winsrepl/source/wrepl_server/wrepl_out_connection.c branches/tmp/samba4-winsrepl/source/wrepl_server/wrepl_server.c branches/tmp/samba4-winsrepl/source/wrepl_server/wrepl_server.h Changeset: Sorry, the patch is too large (914 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10549
svn commit: samba r10550 - in trunk/source/smbd: .
Author: jra Date: 2005-09-27 17:41:56 + (Tue, 27 Sep 2005) New Revision: 10550 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10550 Log: We need to check if the source path is a parent directory of the destination (ie. a rename of /foo/bar/baz - /foo/bar/baz/bibble/bobble. If so we must refuse the rename with a sharing violation. Under UNIX the above call can *succeed* if /foo/bar/baz is a symlink to another area in the share. We probably need to check that the client is a Windows one before disallowing this as a UNIX client (one with UNIX extensions) can know the source is a symlink and make this decision intelligently. Found by an excellent bug report from [EMAIL PROTECTED]. Jeremy. Modified: trunk/source/smbd/reply.c Changeset: Modified: trunk/source/smbd/reply.c === --- trunk/source/smbd/reply.c 2005-09-27 16:58:37 UTC (rev 10549) +++ trunk/source/smbd/reply.c 2005-09-27 17:41:56 UTC (rev 10550) @@ -4066,6 +4066,35 @@ } / + We need to check if the source path is a parent directory of the destination + (ie. a rename of /foo/bar/baz - /foo/bar/baz/bibble/bobble. If so we must + refuse the rename with a sharing violation. Under UNIX the above call can + *succeed* if /foo/bar/baz is a symlink to another area in the share. We + probably need to check that the client is a Windows one before disallowing + this as a UNIX client (one with UNIX extensions) can know the source is a + symlink and make this decision intelligently. Found by an excellent bug + report from [EMAIL PROTECTED]. +/ + +static BOOL rename_path_prefix_equal(const char *src, const char *dest) +{ + const char *psrc = src; + const char *pdst = dest; + size_t slen; + + if (psrc[0] == '.' psrc[1] == '/') { + psrc += 2; + } + if (pdst[0] == '.' pdst[1] == '/') { + pdst += 2; + } + if ((slen = strlen(psrc)) strlen(pdst)) { + return False; + } + return ((memcmp(psrc, pdst, slen) == 0) pdst[slen] == '/'); +} + +/ Rename an open file - given an fsp. / @@ -4160,6 +4189,10 @@ return error; } + if (rename_path_prefix_equal(fsp-fsp_name, newname)) { + return NT_STATUS_ACCESS_DENIED; + } + if(SMB_VFS_RENAME(conn,fsp-fsp_name, newname) == 0) { DEBUG(3,(rename_internals_fsp: succeeded doing rename on %s - %s\n, fsp-fsp_name,newname)); @@ -4381,6 +4414,10 @@ return NT_STATUS_OBJECT_NAME_COLLISION; } + if (rename_path_prefix_equal(directory, newname)) { + return NT_STATUS_SHARING_VIOLATION; + } + if(SMB_VFS_RENAME(conn,directory, newname) == 0) { DEBUG(3,(rename_internals: succeeded doing rename on %s - %s\n, directory,newname)); @@ -4479,6 +4516,10 @@ continue; } + if (rename_path_prefix_equal(fname, destname)) { + return NT_STATUS_SHARING_VIOLATION; + } + if (!SMB_VFS_RENAME(conn,fname,destname)) { rename_open_files(conn, sbuf1.st_dev, sbuf1.st_ino, newname); count++;
svn commit: samba r10551 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-09-27 17:42:11 + (Tue, 27 Sep 2005) New Revision: 10551 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10551 Log: We need to check if the source path is a parent directory of the destination (ie. a rename of /foo/bar/baz - /foo/bar/baz/bibble/bobble. If so we must refuse the rename with a sharing violation. Under UNIX the above call can *succeed* if /foo/bar/baz is a symlink to another area in the share. We probably need to check that the client is a Windows one before disallowing this as a UNIX client (one with UNIX extensions) can know the source is a symlink and make this decision intelligently. Found by an excellent bug report from [EMAIL PROTECTED]. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/reply.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/reply.c === --- branches/SAMBA_3_0/source/smbd/reply.c 2005-09-27 17:41:56 UTC (rev 10550) +++ branches/SAMBA_3_0/source/smbd/reply.c 2005-09-27 17:42:11 UTC (rev 10551) @@ -4076,6 +4076,35 @@ } / + We need to check if the source path is a parent directory of the destination + (ie. a rename of /foo/bar/baz - /foo/bar/baz/bibble/bobble. If so we must + refuse the rename with a sharing violation. Under UNIX the above call can + *succeed* if /foo/bar/baz is a symlink to another area in the share. We + probably need to check that the client is a Windows one before disallowing + this as a UNIX client (one with UNIX extensions) can know the source is a + symlink and make this decision intelligently. Found by an excellent bug + report from [EMAIL PROTECTED]. +/ + +static BOOL rename_path_prefix_equal(const char *src, const char *dest) +{ + const char *psrc = src; + const char *pdst = dest; + size_t slen; + + if (psrc[0] == '.' psrc[1] == '/') { + psrc += 2; + } + if (pdst[0] == '.' pdst[1] == '/') { + pdst += 2; + } + if ((slen = strlen(psrc)) strlen(pdst)) { + return False; + } + return ((memcmp(psrc, pdst, slen) == 0) pdst[slen] == '/'); +} + +/ Rename an open file - given an fsp. / @@ -4170,6 +4199,10 @@ return error; } + if (rename_path_prefix_equal(fsp-fsp_name, newname)) { + return NT_STATUS_ACCESS_DENIED; + } + if(SMB_VFS_RENAME(conn,fsp-fsp_name, newname) == 0) { DEBUG(3,(rename_internals_fsp: succeeded doing rename on %s - %s\n, fsp-fsp_name,newname)); @@ -4391,6 +4424,10 @@ return NT_STATUS_OBJECT_NAME_COLLISION; } + if (rename_path_prefix_equal(directory, newname)) { + return NT_STATUS_SHARING_VIOLATION; + } + if(SMB_VFS_RENAME(conn,directory, newname) == 0) { DEBUG(3,(rename_internals: succeeded doing rename on %s - %s\n, directory,newname)); @@ -4489,6 +4526,10 @@ continue; } + if (rename_path_prefix_equal(fname, destname)) { + return NT_STATUS_SHARING_VIOLATION; + } + if (!SMB_VFS_RENAME(conn,fname,destname)) { rename_open_files(conn, sbuf1.st_dev, sbuf1.st_ino, newname); count++;
svn commit: samba r10552 - in trunk/source/printing: .
Author: jerry Date: 2005-09-27 17:48:52 + (Tue, 27 Sep 2005) New Revision: 10552 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10552 Log: fix compile breakage Modified: trunk/source/printing/printing.c Changeset: Modified: trunk/source/printing/printing.c === --- trunk/source/printing/printing.c2005-09-27 17:42:11 UTC (rev 10551) +++ trunk/source/printing/printing.c2005-09-27 17:48:52 UTC (rev 10552) @@ -752,11 +752,12 @@ if ( pjob.smbjob ) { for (i=0;its-qcount;i++) { + uint32 curr_jobid; if ( pjob.status == LPQ_DELETED ) continue; - uint32 curr_jobid = print_parse_jobid(ts-queue[i].fs_file); + curr_jobid = print_parse_jobid(ts-queue[i].fs_file); if (jobid == curr_jobid) {
svn commit: samba r10553 - in branches/SAMBA_3_0/source/auth: .
Author: jerry Date: 2005-09-27 19:01:27 + (Tue, 27 Sep 2005) New Revision: 10553 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10553 Log: ignore .po files Modified: branches/SAMBA_3_0/source/auth/ Changeset: Property changes on: branches/SAMBA_3_0/source/auth ___ Name: svn:ignore + *.po
svn commit: samba r10554 - branches/SAMBA_3_0/source/client branches/SAMBA_3_0/source/printing trunk/source/client trunk/source/printing
Author: jerry Date: 2005-09-27 19:18:20 + (Tue, 27 Sep 2005) New Revision: 10554 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10554 Log: * BUG 3057: assume x64 drivers are v3 drivers * BUG 3087: allow smbspool to establisha geust connection using a username with no password Modified: branches/SAMBA_3_0/source/client/smbspool.c branches/SAMBA_3_0/source/printing/nt_printing.c trunk/source/client/smbspool.c trunk/source/printing/nt_printing.c Changeset: Modified: branches/SAMBA_3_0/source/client/smbspool.c === --- branches/SAMBA_3_0/source/client/smbspool.c 2005-09-27 19:01:27 UTC (rev 10553) +++ branches/SAMBA_3_0/source/client/smbspool.c 2005-09-27 19:18:20 UTC (rev 10554) @@ -457,15 +457,15 @@ get_myname(myname); - if ( (username) ( *username ) (password) (*password) ) + /* See if we have a username first. This is for backwards compatible + behavior with 3.0.14a */ + + if ( username *username ) { - /* - * User/password specified in the DEVICE_URI, use those credentials - * to connect to the server - */ cli = smb_complete_connection(myname, server, port, username, password, workgroup, share, 0 ); - if (cli ) { return cli; } + if (cli) +return cli; } /* Modified: branches/SAMBA_3_0/source/printing/nt_printing.c === --- branches/SAMBA_3_0/source/printing/nt_printing.c2005-09-27 19:01:27 UTC (rev 10553) +++ branches/SAMBA_3_0/source/printing/nt_printing.c2005-09-27 19:18:20 UTC (rev 10554) @@ -1386,12 +1386,19 @@ *perr = WERR_INVALID_PARAM; /* If architecture is Windows 95/98/ME, the version is always 0. */ - if (strcmp(architecture, WIN40) == 0) { + if (strcmp(architecture, SPL_ARCH_WIN40) == 0) { DEBUG(10,(get_correct_cversion: Driver is Win9x, cversion = 0\n)); *perr = WERR_OK; return 0; } + /* If architecture is Windows x64, the version is always 3. */ + if (strcmp(architecture, SPL_ARCH_X64) == 0) { + DEBUG(10,(get_correct_cversion: Driver is x64, cversion = 3\n)); + *perr = WERR_OK; + return 3; + } + /* * Connect to the print$ share under the same account as the user connected * to the rpc pipe. Note we must still be root to do this. Modified: trunk/source/client/smbspool.c === --- trunk/source/client/smbspool.c 2005-09-27 19:01:27 UTC (rev 10553) +++ trunk/source/client/smbspool.c 2005-09-27 19:18:20 UTC (rev 10554) @@ -460,15 +460,15 @@ get_myname(myname); - if ( (username) ( *username ) (password) (*password) ) + /* See if we have a username first. This is for backwards compatible + behavior with 3.0.14a */ + + if ( username *username ) { - /* - * User/password specified in the DEVICE_URI, use those credentials - * to connect to the server - */ cli = smb_complete_connection(myname, server, port, username, password, workgroup, share, 0 ); - if (cli ) { return cli; } + if (cli) +return cli; } /* Modified: trunk/source/printing/nt_printing.c === --- trunk/source/printing/nt_printing.c 2005-09-27 19:01:27 UTC (rev 10553) +++ trunk/source/printing/nt_printing.c 2005-09-27 19:18:20 UTC (rev 10554) @@ -1386,12 +1386,19 @@ *perr = WERR_INVALID_PARAM; /* If architecture is Windows 95/98/ME, the version is always 0. */ - if (strcmp(architecture, WIN40) == 0) { + if (strcmp(architecture, SPL_ARCH_WIN40) == 0) { DEBUG(10,(get_correct_cversion: Driver is Win9x, cversion = 0\n)); *perr = WERR_OK; return 0; } + /* If architecture is Windows x64, the version is always 3. */ + if (strcmp(architecture, SPL_ARCH_X64) == 0) { + DEBUG(10,(get_correct_cversion: Driver is x64, cversion = 3\n)); + *perr = WERR_OK; + return 3; + } + /* * Connect to the print$ share under the same account as the user connected * to the rpc pipe. Note we must still be root to do this.
svn commit: samba r10555 - in branches/SAMBA_3_0/source/printing: .
Author: jerry Date: 2005-09-27 19:34:19 + (Tue, 27 Sep 2005) New Revision: 10555 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10555 Log: a few compile warnings from jason Mader Modified: branches/SAMBA_3_0/source/printing/printing.c Changeset: Modified: branches/SAMBA_3_0/source/printing/printing.c === --- branches/SAMBA_3_0/source/printing/printing.c 2005-09-27 19:18:20 UTC (rev 10554) +++ branches/SAMBA_3_0/source/printing/printing.c 2005-09-27 19:34:19 UTC (rev 10555) @@ -91,7 +91,7 @@ if (rap_jobid == 0) rap_jobid = ++next_rap_jobid; SSVAL(buf,0,rap_jobid); - data.dptr = buf; + data.dptr = (char*)buf; data.dsize = sizeof(rap_jobid); tdb_store(rap_tdb, key, data, TDB_REPLACE); tdb_store(rap_tdb, data, key, TDB_REPLACE); @@ -112,7 +112,7 @@ return False; SSVAL(buf,0,rap_jobid); - key.dptr = buf; + key.dptr = (char*)buf; key.dsize = sizeof(rap_jobid); data = tdb_fetch(rap_tdb, key); if ( data.dptr data.dsize == sizeof(struct rap_jobid_key) ) @@ -164,7 +164,7 @@ rap_jobid = SVAL(data.dptr, 0); SAFE_FREE(data.dptr); SSVAL(buf,0,rap_jobid); - data.dptr=buf; + data.dptr = (char*)buf; data.dsize = sizeof(rap_jobid); tdb_delete(rap_tdb, key); tdb_delete(rap_tdb, data);
svn commit: samba r10556 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: jerry Date: 2005-09-27 19:39:13 + (Tue, 27 Sep 2005) New Revision: 10556 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10556 Log: BUG 3083: patch from Alex Deiter [EMAIL PROTECTED] to fix checking trusted account for winbindd running on a Samba PDC Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c trunk/source/nsswitch/winbindd_cm.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2005-09-27 19:34:19 UTC (rev 10555) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2005-09-27 19:39:13 UTC (rev 10556) @@ -1175,7 +1175,10 @@ /* if we are a DC and this is a trusted domain, then we need to use our domain name in the net_req_auth2() request */ - if ( IS_DC ) { + if ( IS_DC +!strequal(domain-name, lp_workgroup()) +lp_allow_trusted_domains() ) + { account_name = talloc_asprintf( mem_ctx, %s$, lp_workgroup() ); } else { Modified: trunk/source/nsswitch/winbindd_cm.c === --- trunk/source/nsswitch/winbindd_cm.c 2005-09-27 19:34:19 UTC (rev 10555) +++ trunk/source/nsswitch/winbindd_cm.c 2005-09-27 19:39:13 UTC (rev 10556) @@ -1294,7 +1294,10 @@ /* if we are a DC and this is a trusted domain, then we need to use our domain name in the net_req_auth2() request */ - if ( IS_DC ) { + if ( IS_DC +!strequal(domain-name, lp_workgroup()) +lp_allow_trusted_domains() ) + { account_name = lp_workgroup(); } else { account_name = domain-primary ? global_myname() : domain-name;
svn commit: samba r10557 - in trunk/source/smbd: .
Author: jra Date: 2005-09-27 20:41:04 + (Tue, 27 Sep 2005) New Revision: 10557 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10557 Log: Fix bug #3010 yet again. Die monster, die ! Jeremy. Modified: trunk/source/smbd/dir.c Changeset: Modified: trunk/source/smbd/dir.c === --- trunk/source/smbd/dir.c 2005-09-27 19:39:13 UTC (rev 10556) +++ trunk/source/smbd/dir.c 2005-09-27 20:41:04 UTC (rev 10557) @@ -1148,8 +1148,23 @@ void SeekDir(struct smb_Dir *dirp, long offset) { if (offset != dirp-offset) { - if (offset == START_OF_DIRECTORY_OFFSET || offset == DOT_DOT_DIRECTORY_OFFSET) { + if (offset == START_OF_DIRECTORY_OFFSET) { RewindDir(dirp, offset); + /* +* Ok we should really set the file number here +* to 1 to enable .. to be returned next. Trouble +* is I'm worried about callers using SeekDir(dirp,0) +* as equivalent to RewindDir(). So leave this alone +* for now. +*/ + } else if (offset == DOT_DOT_DIRECTORY_OFFSET) { + RewindDir(dirp, offset); + /* +* Set the file number to 2 - we want to get the first +* real file entry (the one we return after ..) +* on the next ReadDir. +*/ + dirp-file_number = 2; } else if (offset == END_OF_DIRECTORY_OFFSET) { ; /* Don't seek in this case. */ } else {
svn commit: samba r10558 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-09-27 20:41:22 + (Tue, 27 Sep 2005) New Revision: 10558 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10558 Log: Fix bug #3010 yet again. Die monster, die ! Jeremy. Modified: branches/SAMBA_3_0/source/smbd/dir.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/dir.c === --- branches/SAMBA_3_0/source/smbd/dir.c2005-09-27 20:41:04 UTC (rev 10557) +++ branches/SAMBA_3_0/source/smbd/dir.c2005-09-27 20:41:22 UTC (rev 10558) @@ -1148,8 +1148,23 @@ void SeekDir(struct smb_Dir *dirp, long offset) { if (offset != dirp-offset) { - if (offset == START_OF_DIRECTORY_OFFSET || offset == DOT_DOT_DIRECTORY_OFFSET) { + if (offset == START_OF_DIRECTORY_OFFSET) { RewindDir(dirp, offset); + /* +* Ok we should really set the file number here +* to 1 to enable .. to be returned next. Trouble +* is I'm worried about callers using SeekDir(dirp,0) +* as equivalent to RewindDir(). So leave this alone +* for now. +*/ + } else if (offset == DOT_DOT_DIRECTORY_OFFSET) { + RewindDir(dirp, offset); + /* +* Set the file number to 2 - we want to get the first +* real file entry (the one we return after ..) +* on the next ReadDir. +*/ + dirp-file_number = 2; } else if (offset == END_OF_DIRECTORY_OFFSET) { ; /* Don't seek in this case. */ } else {
svn commit: samba r10559 - in branches/SAMBA_3_0_RELEASE/source/smbd: .
Author: jerry Date: 2005-09-27 20:44:54 + (Tue, 27 Sep 2005) New Revision: 10559 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10559 Log: jra's looping directory fix (BUG 3065) Modified: branches/SAMBA_3_0_RELEASE/source/smbd/dir.c Changeset: Modified: branches/SAMBA_3_0_RELEASE/source/smbd/dir.c === --- branches/SAMBA_3_0_RELEASE/source/smbd/dir.c2005-09-27 20:41:22 UTC (rev 10558) +++ branches/SAMBA_3_0_RELEASE/source/smbd/dir.c2005-09-27 20:44:54 UTC (rev 10559) @@ -1148,8 +1148,23 @@ void SeekDir(struct smb_Dir *dirp, long offset) { if (offset != dirp-offset) { - if (offset == START_OF_DIRECTORY_OFFSET || offset == DOT_DOT_DIRECTORY_OFFSET) { + if (offset == START_OF_DIRECTORY_OFFSET) { RewindDir(dirp, offset); + /* +* Ok we should really set the file number here +* to 1 to enable .. to be returned next. Trouble +* is I'm worried about callers using SeekDir(dirp,0) +* as equivalent to RewindDir(). So leave this alone +* for now. +*/ + } else if (offset == DOT_DOT_DIRECTORY_OFFSET) { + RewindDir(dirp, offset); + /* +* Set the file number to 2 - we want to get the first +* real file entry (the one we return after ..) +* on the next ReadDir. +*/ + dirp-file_number = 2; } else if (offset == END_OF_DIRECTORY_OFFSET) { ; /* Don't seek in this case. */ } else {
svn commit: samba-web r817 - in trunk/patches: .
Author: jerry Date: 2005-09-27 21:13:04 + (Tue, 27 Sep 2005) New Revision: 817 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=817 Log: adding note about 3.0.20a delays Modified: trunk/patches/index.html Changeset: Modified: trunk/patches/index.html === --- trunk/patches/index.html2005-09-27 14:17:47 UTC (rev 816) +++ trunk/patches/index.html2005-09-27 21:13:04 UTC (rev 817) @@ -10,10 +10,13 @@ main Samba development trees for the next version of Samba 3.0.x./p -pbATTENTION/b A patch release, Samba 3.0.20a, is planned for late in the week +pbATTENTION/b Samba 3.0.20a, is planned for late in the week of September 19, 2005. This release will incorporate all the patches for 3.0.20 listed on this page as well as a few possible other fixes./p +pemUpdate/em: The Samba 3.0.20a release has been delayed slightly due to some +minor last minute bugs. We are hoping to finalize the release by October 7./p + pFollow these instructions for applying patches:/p pre$ tar zxvf samba-3.0.x.tar.gz $ cd samba-3.0.x
svn commit: samba r10560 - in trunk/source/include: .
Author: jelmer Date: 2005-09-27 23:18:55 + (Tue, 27 Sep 2005) New Revision: 10560 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10560 Log: Ignore includes.h.gch Modified: trunk/source/include/ Changeset: Property changes on: trunk/source/include ___ Name: svn:ignore - build_env.h config.h stamp-h proto.h wrepld_proto.h config.h.in version.h include.h.gch + build_env.h config.h stamp-h proto.h wrepld_proto.h config.h.in version.h includes.h.gch
Build status as of Wed Sep 28 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-09-27 00:00:16.0 + +++ /home/build/master/cache/broken_results.txt 2005-09-28 00:00:20.0 + @@ -1,17 +1,17 @@ -Build status as of Tue Sep 27 00:00:02 2005 +Build status as of Wed Sep 28 00:00:02 2005 Build counts: Tree Total Broken Panic ccache 38 5 0 distcc 38 2 0 -lorikeet-heimdal 32 17 0 +lorikeet-heimdal 33 18 0 ppp 23 0 0 rsync37 2 0 -samba3 1 0 +samba3 0 0 samba-docs 0 0 0 -samba4 38 22 1 -samba_3_039 8 0 +samba4 37 18 2 +samba_3_038 9 0 smb-build32 3 0 talloc 36 12 0 -tdb 36 3 0 +tdb 36 2 0
svn commit: samba r10561 - in branches/SAMBA_4_0/source: auth/kerberos heimdal/lib/krb5
Author: abartlet Date: 2005-09-28 01:09:10 + (Wed, 28 Sep 2005) New Revision: 10561 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10561 Log: This patch takes over KDC socket routines in Heimdal, and directs them at the Samba4 socket layer. The intention here is to ensure that other events may be processed while heimdal is waiting on the KDC. The interface is designed to be sufficiently flexible, so that the plugin may choose how to time communication with the KDC (ie multiple outstanding requests, looking for a functional KDC). I've hacked the socket layer out of cldap.c to handle this very specific case of one udp packet and reply. Likewise I also handle TCP, stolen from the winbind code. This same plugin system might also be useful for a self-contained testing mode in Heimdal, in conjunction with libkdc. I would suggest using socket-wrapper instead however. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/kerberos/krb5_init_context.c branches/SAMBA_4_0/source/heimdal/lib/krb5/context.c branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-protos.h branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5.h branches/SAMBA_4_0/source/heimdal/lib/krb5/send_to_kdc.c Changeset: Sorry, the patch is too large (542 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10561
svn commit: samba r10562 - in branches/SAMBA_4_0/source/kdc: .
Author: abartlet Date: 2005-09-28 02:22:31 + (Wed, 28 Sep 2005) New Revision: 10562 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10562 Log: Ensure we initalise the error table with hdb errors. This ensures we get good text error strings. Andrew Bartlett Modified: branches/SAMBA_4_0/source/kdc/kdc.c branches/SAMBA_4_0/source/kdc/kdc.h Changeset: Modified: branches/SAMBA_4_0/source/kdc/kdc.c === --- branches/SAMBA_4_0/source/kdc/kdc.c 2005-09-28 01:09:10 UTC (rev 10561) +++ branches/SAMBA_4_0/source/kdc/kdc.c 2005-09-28 02:22:31 UTC (rev 10562) @@ -271,6 +271,8 @@ return; } + krb5_add_et_list(kdc-smb_krb5_context-krb5_context, initialize_hdb_error_table_r); + kdc-config-logf = kdc-smb_krb5_context-logf; kdc-config-db = talloc(kdc-config, struct HDB *); if (!kdc-config-db) { Modified: branches/SAMBA_4_0/source/kdc/kdc.h === --- branches/SAMBA_4_0/source/kdc/kdc.h 2005-09-28 01:09:10 UTC (rev 10561) +++ branches/SAMBA_4_0/source/kdc/kdc.h 2005-09-28 02:22:31 UTC (rev 10562) @@ -24,6 +24,7 @@ #include system/kerberos.h #include auth/kerberos/kerberos.h #include heimdal/kdc/kdc.h +#include heimdal/lib/hdb/hdb.h #include kdc/pac-glue.h krb5_error_code hdb_ldb_create(TALLOC_CTX *mem_ctx,
svn commit: samba r10563 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2005-09-28 02:37:03 + (Wed, 28 Sep 2005) New Revision: 10563 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10563 Log: a null 'join' is a no-op. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/testjoin.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/testjoin.c === --- branches/SAMBA_4_0/source/torture/rpc/testjoin.c2005-09-28 02:22:31 UTC (rev 10562) +++ branches/SAMBA_4_0/source/torture/rpc/testjoin.c2005-09-28 02:37:03 UTC (rev 10563) @@ -416,6 +416,9 @@ struct samr_DeleteUser d; NTSTATUS status; + if (!join) { + return; + } d.in.user_handle = join-user_handle; d.out.user_handle = join-user_handle;
svn commit: samba r10564 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2005-09-28 02:58:53 + (Wed, 28 Sep 2005) New Revision: 10564 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10564 Log: Make the RPC-SCHANNEL test use the libnet_join code via torture_join_domain Handle error cases in torture_create_testuser, where we can't connect to the target server (we were segfaulting due to an untested error path). Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/schannel.c branches/SAMBA_4_0/source/torture/rpc/testjoin.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/schannel.c === --- branches/SAMBA_4_0/source/torture/rpc/schannel.c2005-09-28 02:37:03 UTC (rev 10563) +++ branches/SAMBA_4_0/source/torture/rpc/schannel.c2005-09-28 02:58:53 UTC (rev 10564) @@ -159,8 +159,8 @@ TALLOC_CTX *test_ctx = talloc_named(mem_ctx, 0, test_schannel context); char *test_machine_account = talloc_asprintf(NULL, %s$, TEST_MACHINE_NAME); - join_ctx = torture_create_testuser(test_machine_account, lp_workgroup(), - acct_flags, machine_password); + join_ctx = torture_join_domain(TEST_MACHINE_NAME, + acct_flags, machine_password); if (!join_ctx) { printf(Failed to join domain with acct_flags=0x%x\n, acct_flags); talloc_free(test_ctx); Modified: branches/SAMBA_4_0/source/torture/rpc/testjoin.c === --- branches/SAMBA_4_0/source/torture/rpc/testjoin.c2005-09-28 02:37:03 UTC (rev 10563) +++ branches/SAMBA_4_0/source/torture/rpc/testjoin.c2005-09-28 02:58:53 UTC (rev 10564) @@ -134,7 +134,7 @@ DCERPC_SAMR_UUID, DCERPC_SAMR_VERSION); if (!NT_STATUS_IS_OK(status)) { - goto failed; + return NULL; } c.in.system_name = NULL; @@ -148,7 +148,7 @@ errstr = dcerpc_errstr(join, join-p-last_fault_code); } printf(samr_Connect failed - %s\n, errstr); - goto failed; + return NULL; } printf(Opening domain %s\n, domain); @@ -284,6 +284,10 @@ struct libnet_context *libnet_ctx; struct libnet_JoinDomain *libnet_r; struct test_join *tj; + struct samr_SetUserInfo s; + union samr_UserInfo u; + struct lsa_String comment; + struct lsa_String full_name; tj = talloc(NULL, struct test_join); if (!tj) return NULL; @@ -325,6 +329,30 @@ tj-dom_sid = dom_sid_string(tj, libnet_r-out.domain_sid); *machine_password = libnet_r-out.join_password; + ZERO_STRUCT(u); + s.in.user_handle = tj-user_handle; + s.in.info = u; + s.in.level = 21; + + u.info21.fields_present = SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME; + comment.string = talloc_asprintf(tj, +Tortured by Samba4: %s, +timestring(tj, time(NULL))); + u.info21.comment = comment; + full_name.string = talloc_asprintf(tj, +Torture account for Samba4: %s, +timestring(tj, time(NULL))); + u.info21.full_name = full_name; + + u.info21.description.string = talloc_asprintf(tj, + Samba4 torture account created by host %s: %s, + lp_netbios_name(), timestring(tj, time(NULL))); + + status = dcerpc_samr_SetUserInfo(tj-p, tj, s); + if (!NT_STATUS_IS_OK(status)) { + printf(SetUserInfo (non-critical) failed - %s\n, nt_errstr(status)); + } + DEBUG(0, (%s joined domain %s (%s).\n, libnet_r-in.netbios_name, libnet_r-out.domain_name,
svn commit: samba r10565 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: abartlet Date: 2005-09-28 04:50:02 + (Wed, 28 Sep 2005) New Revision: 10565 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10565 Log: Try to make Kerberos authentication a bit more friendly. This disables it for 'localhost' as well as for any host our KDC does not recognise. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c Changeset: Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c === --- branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2005-09-28 02:58:53 UTC (rev 10564) +++ branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2005-09-28 04:50:02 UTC (rev 10565) @@ -239,9 +239,13 @@ return NT_STATUS_INVALID_PARAMETER; } if (is_ipaddress(hostname)) { - DEBUG(2, (Cannot do GSSAPI to an IP address)); + DEBUG(2, (Cannot do GSSAPI to an IP address\n)); return NT_STATUS_INVALID_PARAMETER; } + if (strequal(hostname, localhost)) { + DEBUG(2, (GSSAPI to 'localhost' does not make sense\n)); + return NT_STATUS_INVALID_PARAMETER; + } nt_status = gensec_gssapi_start(gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { @@ -269,7 +273,7 @@ DEBUG(2, (GSS Import name of %s failed: %s\n, (char *)name_token.value, gssapi_error_string(gensec_gssapi_state, maj_stat, min_stat))); - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_INVALID_PARAMETER; } principal = gensec_get_target_principal(gensec_security); @@ -306,9 +310,16 @@ NULL, NULL); if (maj_stat) { - DEBUG(1, (Aquiring initiator credentails failed: %s\n, - gssapi_error_string(gensec_gssapi_state, maj_stat, min_stat))); - return NT_STATUS_UNSUCCESSFUL; + switch (min_stat) { + case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: + DEBUG(3, (Server [%s] is not registered with our KDC: %s\n, + hostname, gssapi_error_string(gensec_gssapi_state, maj_stat, min_stat))); + return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */ + default: + DEBUG(1, (Aquiring initiator credentails failed: %s\n, + gssapi_error_string(gensec_gssapi_state, maj_stat, min_stat))); + return NT_STATUS_UNSUCCESSFUL; + } } return NT_STATUS_OK; @@ -408,12 +419,23 @@ gss_release_buffer(min_stat2, output_token); return NT_STATUS_MORE_PROCESSING_REQUIRED; - } else { - if (maj_stat == GSS_S_FAILURE -(min_stat == KRB5KRB_AP_ERR_BADVERSION || min_stat == KRB5KRB_AP_ERR_MSG_TYPE)) { + } else if ((gensec_gssapi_state-gss_oid-length == gss_mech_krb5-length) +(memcmp(gensec_gssapi_state-gss_oid-elements, gss_mech_krb5-elements, + gensec_gssapi_state-gss_oid-length) == 0)) { + switch (min_stat) { + case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: + DEBUG(3, (Server is not registered with our KDC: %s\n, + gssapi_error_string(gensec_gssapi_state, maj_stat, min_stat))); + return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */ + case KRB5KRB_AP_ERR_MSG_TYPE: /* garbage input, possibly from the auto-mech detection */ return NT_STATUS_INVALID_PARAMETER; + default: + DEBUG(1, (GSS(krb5) Update failed: %s\n, + gssapi_error_string(out_mem_ctx, maj_stat, min_stat))); + return nt_status; } + } else { DEBUG(1, (GSS Update failed: %s\n, gssapi_error_string(out_mem_ctx, maj_stat, min_stat))); return nt_status; Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c === --- branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2005-09-28 02:58:53 UTC (rev 10564) +++ branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2005-09-28 04:50:02 UTC (rev 10565) @@ -172,7 +172,10 @@ DEBUG(2, (Cannot do krb5 to an IP address)); return NT_STATUS_INVALID_PARAMETER; } - + if (strequal(hostname, localhost)) { + DEBUG(2, (krb5 to 'localhost' does not make
Re: svn commit: samba r10565 - in branches/SAMBA_4_0/source/auth/gensec: .
This disables it for 'localhost' as well as for any host our KDC does not recognise. If it is disabled for localhost, then does that mean we can't test it in the build farm? Or will 'localhost.$REALM' work? Cheers, Tridge
svn commit: samba r10566 - in branches/SAMBA_4_0/source/libnet: .
Author: abartlet Date: 2005-09-28 05:38:20 + (Wed, 28 Sep 2005) New Revision: 10566 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10566 Log: Clean up error messages to provide more accurate info. Andrew Bartlett Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c === --- branches/SAMBA_4_0/source/libnet/libnet_join.c 2005-09-28 04:50:02 UTC (rev 10565) +++ branches/SAMBA_4_0/source/libnet/libnet_join.c 2005-09-28 05:38:20 UTC (rev 10566) @@ -613,9 +613,15 @@ status = libnet_RpcConnect(ctx, c, c); if (!NT_STATUS_IS_OK(status)) { - r-out.error_string = talloc_asprintf(mem_ctx, - Connection to LSA pipe of PDC of domain '%s' failed: %s, - r-in.domain_name, nt_errstr(status)); + if (r-in.level == LIBNET_JOINDOMAIN_AUTOMATIC) { + r-out.error_string = talloc_asprintf(mem_ctx, + Connection to LSA pipe of PDC of domain '%s' failed: %s, + r-in.domain_name, nt_errstr(status)); + } else { + r-out.error_string = talloc_asprintf(mem_ctx, + Connection to LSA pipe with binding '%s' failed: %s, + r-in.binding, nt_errstr(status)); + } talloc_free(tmp_ctx); return status; } @@ -835,9 +841,8 @@ r-out.error_string = talloc_asprintf(mem_ctx, samr_LookupNames for [%s] returns %d RIDs\n, r-in.account_name, ln.out.rids.count); - status = NT_STATUS_INVALID_PARAMETER; talloc_free(tmp_ctx); - return status; + return NT_STATUS_INVALID_PARAMETER; } /* prepare samr_OpenUser */