Re: [Samba] The single WINS problem
Marcus White schrieb: On Sat, 2005-11-26 at 09:29 +0100, Tomasz Chmielewski wrote: John H Terpstra schrieb: On Friday 25 November 2005 17:41, Andreas Hasenack wrote: Em Sexta 25 Novembro 2005 21:45, John H Terpstra escreveu: With all due respect, I belive that your alarm and concern is a little excessive. What sort of response are you looking for? What are you hoping to achieve from your request? The point is not how often the wins service (or its machine) fails, but what happens to the rest of the network when it does. Considering netbios name resolution is not just about mapping name-IP, but also about locating services (who is the logon server? who is the domain master browser?), a single wins makes the windows network, which is already fragile, even more so. I've seen a wins server fail (kernel panic), and it wasn't pretty to the rest of the network. That failure was not the fault of the WINS server. Certainly the kernel panic wasn't the fault of Samba running WINS, but the consequences point us to the limitations of Samba. Even a single network disruption between WINS/PDC and the rest of your network can cause trouble similar to WINS/PDC kernel panicking. To prevent such cases, where networks are separate (i.e. in different cities) but use a single user database (in LDAP), I just set up PDCs instead of BDCs (they don't see each other via netbios anyway), and each of them is acting as a WINS server. I find it much more resistent to such failures. -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba Are you replicating the LDAP database to each network? yes. -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printer admin: deprecated?
Hi! On Thu, 2005-11-24 at 09:53 +1000, Adam Nielsen wrote: If printer admin is deprecated, what option replace it? I'm not sure, I was wondering this same question myself. printer admin is still valid? if yes, until version will support it? I'm using Samba 3.0.20 and it still seems to work, but I'm not sure when it'll be taken out. I understand it has been replaced with proper ACLs and privileges. Check the release notes. Ok, I can use SePrintOperatorPrivilege but I use printer admin in the share section so that I can decide which users/groups are administrators (for a printer) and which not. I can do that using SePrintOperatorPrivilege ? No, I think, because I can't specify a particular printer. is it wrong? Thanks a lot, Fabio Andrew Bartlett -- Dott. Fabio Marcone 2T srl Telefono+39 - 0871- 540154 Fax +39 - 0871- 571594 Email [EMAIL PROTECTED] Indirizzo Viale B. Croce 573, 66013 Chieti Scalo (CH) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Share disconnect after inactivity
Hi, On Mon, Nov 28, 2005 at 08:53:04AM +0100, Andreas Schlager wrote: deadtime is set to 0 (= default value). Maybe the documentation is wrong here?? (it says: A deadtime of zero indicates that no auto-disconnection should be performed.) Try use 30 min. In this case we can understand -- is this option work. Or could it be a problem in the implementation? I've googled around and found that windows servers (NT4 and above) have a default disconnect time from 15 minutes. But with a windows server this wasn't a problem for me at any time. AFAIK, connection can be closed from server and from client. Possible, you need tune your clients machines. Not samba server. WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 ext.203 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOLVED : AS/U as a member server on a SAmba PDC
Hi Andrew, actually, I must deal with 3.0.4 version for the moment for uniformisation purposes (samba on different OS and no compilation/packaging platform). I've solved my problem addind information in AS/U lmhosts file. AS/U couldn't find which server had which role on the domain. I'll try to have some servers for tests and I'll produce a logfile if it can help for AS/U integration. Many thanks for your answer Regards, Fred On Wed, 2005-11-23 at 18:05 +0100, Lapin(c) wrote: Hi team, I actually managed to join AS/U (version 4.0 on AIX) into a domain, with a Samba PDC. Samba tells me that the AS/U server is a member, but there is still some failing dialog between AS/U and Samba. For instance, I can't access to AS/U's shares, it seems that I fall into a timeout, and more presumably a schannel error (even increasing log level gives me few informations...). Samba is 3.0.4. I've seen a 'enable asu support' in 3.0.20, could this option deals with that problem ? You should always run the latest Samba, if at all possible. The option here was due to a change in functionality that would allegedly break ASU, but be more like windows by default. That is, there was an old comment in the code, and some fear that a change might have broken AS/U. If you post more debugging details (logfiles, pcap format network sniffs, etc) to the list, one of the Samba3 maintainers might have a bit more of a clue what is going on. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and AD problem
I am following the examples section 9.3 in the Samba 3 By Example book. I can SSH onto the samba server as an AD user but I cant mount a samba share. If I run wbinfo -u or -g it shows the users and groups BUT it doesn't show the short domain name, also if I run the getent commands they shouw details but no domain name. Can anyone offer any suggestions as to what may be wrong. Thanks Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOLVED : AS/U as a member server on a SAmba PDC
On Mon, 2005-11-28 at 10:08 +0100, Lapin(c) wrote: Hi Andrew, actually, I must deal with 3.0.4 version for the moment for uniformisation purposes (samba on different OS and no compilation/packaging platform). Watch out, there are known deficiencies and security issues with that version. I've solved my problem addind information in AS/U lmhosts file. AS/U couldn't find which server had which role on the domain. Sounds like a configuration error, have you pointed it at the right WINS server? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and AD problem
Ian Harper wrote: I am following the examples section 9.3 in the Samba 3 By Example book. I can SSH onto the samba server as an AD user but I cant mount a samba share. verify existing and valid kerberos ticket, append a -o krb to your smbmount. If I run wbinfo -u or -g it shows the users and groups BUT it doesn't show the short domain name, also if I run the getent commands they shouw details but no domain name. this should be no problem using samba as an ad member; annoying log ouput can be suppressed by changing the log level. Can anyone offer any suggestions as to what may be wrong. Thanks Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and AD problem
Unfortunately its a windoze client trying to mount the samba share. On 28/11/05, Markus Klimke [EMAIL PROTECTED] wrote: Ian Harper wrote: I am following the examples section 9.3 in the Samba 3 By Example book. I can SSH onto the samba server as an AD user but I cant mount a samba share. verify existing and valid kerberos ticket, append a -o krb to your smbmount. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The single WINS problem
Em Segunda 28 Novembro 2005 01:24, Marcus White escreveu: Are you replicating the LDAP database to each network? I am. Is there some sort of ldap backend for wins? ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.14a-2 / Cups problem
Not yet, I will try this tonight when I have access to my fileserver again. I've never done this so I am not familiar with its effects but did you try... disable spoolss = yes ? Craig Disclaimer: This message contains information that may be privileged or confidential and is the property of Sogeti Nederland B.V. or its Group members. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and AD problem
Hi Ian, please post your smb.conf for that. Ian Harper wrote: Unfortunately its a windoze client trying to mount the samba share. On 28/11/05, Markus Klimke [EMAIL PROTECTED] wrote: Ian Harper wrote: I am following the examples section 9.3 in the Samba 3 By Example book. I can SSH onto the samba server as an AD user but I cant mount a samba share. verify existing and valid kerberos ticket, append a -o krb to your smbmount. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mounting W2k3 shares from Linux
Hi all, have found a solution for this which works for me: 1.) Enable Netbios over TCP/IP or switch it to Standard in the network settings of your adapter (Standard should work) either on client and domain controller side 2.) Next disable Digitally sign communications in your Windows Domain Controller Default Domain Controllers Policy: Computer Configuration - Windows Settings - Security Settings - Local Policies - Security Options Switch to Disabled on Microsoft network server: Digitally sign communications (always) This worked for me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mounting W2k3 shares from Linux
Thats ok unless you have limited say over the windows server - I cannot disable the digitally signed comms - it take some persuasion to allow a Linux/Samba server to verify users against the AD server. On 28/11/05, markus [EMAIL PROTECTED] wrote: Hi all, have found a solution for this which works for me: 1.) Enable Netbios over TCP/IP or switch it to Standard in the network settings of your adapter (Standard should work) either on client and domain controller side 2.) Next disable Digitally sign communications in your Windows Domain Controller Default Domain Controllers Policy: Computer Configuration - Windows Settings - Security Settings - Local Policies - Security Options Switch to Disabled on Microsoft network server: Digitally sign communications (always) This worked for me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and AD problem
On 28/11/05, markus [EMAIL PROTECTED] wrote: Hi Ian, please post your smb.conf for that. Ian Harper wrote: Unfortunately its a windoze client trying to mount the samba share. On 28/11/05, Markus Klimke [EMAIL PROTECTED] wrote: Ian Harper wrote: I am following the examples section 9.3 in the Samba 3 By Example book. I can SSH onto the samba server as an AD user but I cant mount a samba share. verify existing and valid kerberos ticket, append a -o krb to your smbmount. #=== Global Settings = [global] log level = 1 workgroup = TEST server string = Samba Server printcap name = /etc/printcap load printers = yes printing = cups log file = /var/log/samba/%m.log max log size = 0 security = ads encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* pam password change = yes obey pam restrictions = yes local master = no os level = 33 domain master = no dns proxy = no # added for ADS stuff idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind separator = % realm = TEST.SAMPLE.COM template shell = /bin/bash template homedir = /home/%U # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [testit] path = /tmp/xyz valid users = xyz public = no writeable = yes printable = no create mask = 0765 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The single WINS problem
On Mon, 2005-11-28 at 08:18 -0200, Andreas Hasenack wrote: Em Segunda 28 Novembro 2005 01:24, Marcus White escreveu: Are you replicating the LDAP database to each network? I am. Is there some sort of ldap backend for wins? ;) The idea was actually tossed about for a moment a few years back, but the semantics (particularly in the single-master openldap modal most deploy samba with) just were not right. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ntlm_auth from pppd help
Andrew Bartlett wrote: I could not find the patch you speek of, but I am using the same daemon I used in a PPTP config that works. Oh, and that uses winbind auth? I'm using a version obtained from PopTop and yes it works with windbind auth. Is the l2tp in a chroot or similar? Not yet, still trying to get a simple set-up working. Andrew Bartlett Brian Hoover -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and AD problem
Try adding the following options to [global]: netbios name = [Hostname in capital letters, not the FQDN] password server = [IP-Address(es) of your W2k3-Machines] winbind trusted domains only = Yes winbind nested groups = Yes Hope that helps. Ian Harper wrote: On 28/11/05, markus [EMAIL PROTECTED] wrote: Hi Ian, please post your smb.conf for that. Ian Harper wrote: Unfortunately its a windoze client trying to mount the samba share. On 28/11/05, Markus Klimke [EMAIL PROTECTED] wrote: Ian Harper wrote: I am following the examples section 9.3 in the Samba 3 By Example book. I can SSH onto the samba server as an AD user but I cant mount a samba share. verify existing and valid kerberos ticket, append a -o krb to your smbmount. #=== Global Settings = [global] log level = 1 workgroup = TEST server string = Samba Server printcap name = /etc/printcap load printers = yes printing = cups log file = /var/log/samba/%m.log max log size = 0 security = ads encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* pam password change = yes obey pam restrictions = yes local master = no os level = 33 domain master = no dns proxy = no # added for ADS stuff idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind separator = % realm = TEST.SAMPLE.COM template shell = /bin/bash template homedir = /home/%U # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [testit] path = /tmp/xyz valid users = xyz public = no writeable = yes printable = no create mask = 0765 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] error whit more than one user.
Hi. I having a problem when more then one user open the same file. It's a MS-Access database file (yeah, ugh.). In my samba share, for the fist user who open the file works fine, but when the second try to open the file (when the first user still using the database file) doesn't work. If the first user disconnect from the file, the second one can open-it just fine. And if i make this share in a windows box, works fine. Don't know if it's in my samba configuration or a file system problem. Tried whit ext3 and ntfs. If anyone can help me to make more than one connection open the same file, thanks. here's my samba conf.: [global] locking = no workgroup = (asd) netbios name = (asdasd) server string = announce as = NT Server security = share log file = /var/log/samba/samba.%m max log size = 100 debug level = 3 local master = no os level = 100 domain master = no preferred master = no domain logons = no wins support = no dns proxy = no keep alive = 20 load printers = no hosts deny = all hosts allow = 192.168.1. [the share] path = (path) public = yes writable = yes printable = no browsable = yes create mask = 0777 directory mask = 0777 read only = no force create mode = 777 force security mode = 770 force directory mode = 770 force directory security mode = 777 guest ok = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba passwd.tdb problem
Hi guys, I'm trying to set up a samba domain controller for our network, and I'm following the instructions outlined at http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2523715. I am having difficulty getting my test user on a Windows machine to join the domain I've created, and when I check the log created on the server, this is the information I get back: Nov 25 14:49:15 davelinux smbd[16434]: [2005/11/25 14:49:15, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(195) Nov 25 14:49:15 davelinux smbd[16434]: Unable to open/create TDB passwd Nov 25 14:49:15 davelinux smbd[16434]: [2005/11/25 14:49:15, 0] passdb/pdb_tdb.c:tdbsam_getsampwnam(434) Nov 25 14:49:15 davelinux smbd[16434]: pdb_getsampwnam: Unable to open TDB passwd (/etc/samba/passdb.tdb)! The weird thing about the passdb.tdb file is that it's empty. As far as I can see, when I try to authenticate to my new domain from the windows machine, the password that is supposed to be used doesn't exist in the file! Thanks for any suggestions, Dave -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can Winbind go directly to LDAP/Kerberos? Or is it PDC NTLM only?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SAMBA wrote: | What I would like to do is: | (1) direct authentication to AD KDC Winbindd provides NTLM authenticationonly at the moment. One of the developers is working on extending that in pam_winbind. For now you would use pam_krb5 if you need to enable kerberos auth for Unix services. Note that smbd supports ticket based authentication for file and print services when joined to an AD domain. | (2) referencing AD LDAP for account info Sure. try 3.0.21rc1 for the latest set of improvements. | (3) writing any mapped SID to UID/GID in SFU extended Active Directory | LDAP, instead of local database. Winbindd won't write to an SFU enabled AD but it will use the info if you use the ad idmap backend. | I've been digging through published and online documents, | but most documentation is oriented to old-school PDC. I | want to avoid NTLM and PDCs of the past for security and | performance reasons (NTLM single DES vs. Kerberos triple | DES for instance) Windows 2000 and 2003 prefer RC4-HMAC and don't support 3des for kerberos encryption types. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDhhpXIR7qMdg1EfYRAqEkAKDKoqVJsFH8SFcxtMhYba16rr/lPQCePC7O jZtvgblmoAgw8aNsyXPFB+g= =uhBB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need some help with debuggin.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Louis van Belle wrote: | Unable to get jobs for ipp://localhost/printers//usr/bin/lpq | -P'pdfprinter' - | | printing is setup RAW, using windows printer drivers. Make sure that that you are explicitly defining [pdfprinter] printing = bsd your log shows a mix of cups and bsd. | Packet send failed to 192.168.249.202(138) | ERRNO=Operation not permitted Firewall? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDhhhyIR7qMdg1EfYRAiFxAJ9g1V1QoFO35sPAwumbvystOX+ssQCgs3/w QF+L2k52SgrNLb057jMOQdQ= =srtZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rpcclient to multiple servers simultaneously
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Revital Eres wrote: | Hello, | | I have noticed that rpcclient support the ability to | maintain connections to multiple servers simultaneously. | (http://optics.ph.unimelb.edu.au/help/samba/rpcclient.8.html) | My question is what is the samba's version that support | this ability and where I can find an example of it's use? That is an extremely old man page. The current rpcclient does not support concurrent connections to multiple servers. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDhhbGIR7qMdg1EfYRAhk+AJ4mAr5LsqvtGba04exxuSMGCfLlWQCg5DV3 EyX5VF9axGbeWgauJsaPhuY= =QunG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printer admin: deprecated?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fabio wrote: | Hi! | I'm using samba 3.0.20b (in sarge). Today I note that smbstatus prints | this warning message: | 'WARNING: The printer admin option is deprecated' | | I use this option to set printer admin in each printable share | I have in smb.conf. If printer admin is deprecated, | what option replace it? printer admin is still valid? if yes, | until version will support it? The replacement is the SePrintOperatorPrivilege. Printer admin will probably stay around for a while though. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDhhdhIR7qMdg1EfYRAl+iAJ0U5Yu+N3Yww28fU/osve9T/8hB3QCfU4Y7 fg/djaUKb7PlEYjoy3fEVVk= =oWMa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT/UNIX username mapping possible directly via tdbsam?
Hello everyone, I've been wondering if NT and UNIX username mapping can be done directly via the SAM database instead of the 'username map = filename' option in smb.conf. The problem with 'username map' files is that the mappings seem to work only in one direction, namely from NT towards UNIX usernames. However, I'd like to achieve a true, bi-directional one-to-one mapping, e.g. between UNIX username 'root' and NT username 'Administrator'. The command 'pdbedit -Lv username' shows separate fields for both UNIX and NT usernames. (I'm using the tdbsam backend, btw.) Will Samba operate correctly if those entries contain different usernames? I've enhanced 'pdbedit' on my system so that it allows manipulation of the 'NT username' field. Is this smart or stupid? I haven't yet had the opportunity to try this in a working Samba environment. Maybe someone has technical advice or knowledge on what I'm trying to do? Thanks, Dominik -- http://www.fastmail.fm - Faster than the air-speed velocity of an unladen european swallow -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printer admin: deprecated?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Nov 28, 2005, at 3:37 AM, Fabio wrote: Hi! On Thu, 2005-11-24 at 09:53 +1000, Adam Nielsen wrote: If printer admin is deprecated, what option replace it? I'm not sure, I was wondering this same question myself. printer admin is still valid? if yes, until version will support it? I'm using Samba 3.0.20 and it still seems to work, but I'm not sure when it'll be taken out. I understand it has been replaced with proper ACLs and privileges. Check the release notes. Ok, I can use SePrintOperatorPrivilege but I use printer admin in the share section so that I can decide which users/groups are administrators (for a printer) and which not. I can do that using SePrintOperatorPrivilege ? No, I think, because I can't specify a particular printer. is it wrong? I granted the SePrintOperatorPrivilege to everyone who will be managing printers and then added specific users or groups to the security tab of the printer(s) they will be managing. Derek Thanks a lot, Fabio Andrew Bartlett -- Dott. Fabio Marcone 2T srl Telefono+39 - 0871- 540154 Fax +39 - 0871- 571594 Email [EMAIL PROTECTED] Indirizzo Viale B. Croce 573, 66013 Chieti Scalo (CH) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDiwe4sUNgsBVjM+0RApVmAJ0Vm4Hf1fBLBYq6dLws1fW8FElQ9wCdEJQT cAZE+q2/tcfSm/9L7bn+63g= =JNN2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT clients syncronyzing in a Samba PDC Domain
Hi, Plz, i have installed a Samba NT PDC Domain with XP Prof. and strangelly the machines are syncronizing with the Samba Server when the user Logoff of the domain. I've used the smb.conf below in others domains and XP clients have never synchronized before. I understand that i'm not using roaming profile, because the logon path is empty. The only difference in this domain is that i'm using winbind to the remote domain users (that is a trusted domain) be able to print in my domain. The message is something like: syncronizing \\server\username in SERVER. This happens just after logoff. Someone plz can say me what is this and how i disable it? My configurations... :~# net rpc trustdom list Password: Trusted domains list: REMDOMAINS-1-5-21-1370651826-174269758-184960113 Trusting domains list: none :~# The smb.conf is: [global] netbios name = SERVER workgroup = DOMAIN wins support = yes dns proxy = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . load printers = no socket options = TCP_NODELAY domain master = yes local master = yes preferred master = yes os level = 65 unix charset = iso8859-1 add user script = /usr/sbin/useradd -m -g users %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g ntmachines %u add group script = /usr/local/bin/smb-addgroupscript %g add user to group script = /usr/sbin/adduser %u %g delete user script = /usr/sbin/userdel %u delete group script = /usr/sbin/groupdel %g delete user from group script = /usr/sbin/deluser %u %g set primary group script = /usr/sbin/usermod -g %g %u logon script = logon.%U.bat logon home = \\%N\%U logon path = logon drive = U: domain logons = yes idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = template shell = /bin/false username map = /etc/samba/smbusers [homes] comment = Home Directories browseable = no writeable = yes create mask = 0644 directory mask = 0755 [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writable = no browseable = no root preexec = /home/samba/netlogon/gen_logon.sh %u root postexec = /home/samba/netlogon/del_logon.sh %u [printers] comment = All Printers browseable = no path = /tmp printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [geral] comment = Arquivos Publicos path = /home/geral writeable = yes create mask = 666 directory mask = 777 -- Joel Franco | | self-powered by | Debian Linux | | .''`. | : :' : | `. `' | `- | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT clients syncronyzing in a Samba PDC Domain
Joel Franco schrieb: Hi, Plz, i have installed a Samba NT PDC Domain with XP Prof. and strangelly the machines are syncronizing with the Samba Server when the user Logoff of the domain. I've used the smb.conf below in others domains and XP clients have never synchronized before. I understand that i'm not using roaming profile, because the logon path is empty. The only difference in this domain is that i'm using winbind to the remote domain users (that is a trusted domain) be able to print in my domain. The message is something like: syncronizing \\server\username in SERVER. This happens just after logoff. isn't it some 3rd party program that does it? -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT clients syncronyzing in a Samba PDC Domain
No, i think... The instalation is standard with classic components like Office, Outlook +Express, etc.. The synchronizing window (at logoff) appears strongly be of Windows environment. Thank You, -- Joel Franco | | self-powered by | Debian Linux | | .''`. | : :' : | `. `' | `- | On Seg Nov 28 05 15:57, Tomasz Chmielewski wrote: Joel Franco schrieb: Hi, Plz, i have installed a Samba NT PDC Domain with XP Prof. and strangelly the machines are syncronizing with the Samba Server when the user Logoff of the domain. I've used the smb.conf below in others domains and XP clients have never synchronized before. I understand that i'm not using roaming profile, because the logon path is empty. The only difference in this domain is that i'm using winbind to the remote domain users (that is a trusted domain) be able to print in my domain. The message is something like: syncronizing \\server\username in SERVER. This happens just after logoff. isn't it some 3rd party program that does it? -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] All Windows ACL in samba share.. is it possible?
Hai All, Is it possible to make work all set of permission in samba that work in windows... ie:- Full Control Modify Read Execute List Folder Contents Read Write in my present situation i was not able to set modify permission for folders.. if i set that, its automatically changing to full permission...(no control on that) my file servers are running in Linux but my ADS and all workstation is running windows 2003 and windowsXP all my samba servers are connected to Domain.. so i wish to set the permission form windows . because for my situation it better.. please tell me.. is it possible or not if possible.. what all things i have to so.. Thank You in advance Jerrynikki. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] rpcclient + addform = result was WERR_ACCESS_DENIED
I am trying insert a form within a printer using samba + cups I used the following sintaxe to insert the form: rpcclient -L server -U user%password -c 'addform printer new_form_name' But I receive the following error message: result was WERR_ACCESS_DENIED With this user I can insert new printer, set a new driver etc, but that operation (addform) I can't. Someone has an idea about it ? Thanks. Alexandre -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to synchronise multiple samba server ?
-- Joel Franco | | self-powered by | Debian Linux | | .''`. | : :' : | `. `' | `- | On Sex Nov 25 05 11:24, Aurelien Vf wrote: Hi ! I got a new problem, the company I work for had just open a new office with a network ADSL link to the old one. We have one domain controler (samba on linux) and 50 workstations in windows XP. I need to put a second domain controler at the new office, but I don't know how to link the both and then to synchronise them ? (account and passwd) Do you want to have 2 separate domains (domain A and domain B) or do you want to have the same domain with the same users in both offices? In first case, you have to look at interdomain trusts and in case B i think (fixme) that you could be a PDC and a BDC to synchorinise it. Look at the official howto in this 2 topics. And finaly, if I reach this point, how can I do to know which one will validate my users ? Is there specials parameters I do write into smb.conf file ? Any help would be really apreciate... thx Au.Vf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] sfu ad plugin missing in debian debs from samba.org
Hi, Today i was trying to update samba from the samba.org repository and i didnt find the shared library for the ad sfu plugin. Which package should i install to get it? christophk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind.log - invalid trustdom response?
I am recieving this error in the logs after upgrading the samba packages on a SuSE 9.3 box to Samba-3.0.21rc1. How can I resolve this? [2005/11/28 08:46:01, 0] lib/util_sid.c:string_to_sid(285) string_to_sid: Sid S-0-0 is not in a valid format. [2005/11/28 08:46:01, 0] nsswitch/winbindd_util.c:trustdom_recv(259) Got invalid trustdom response -- Jason Gerfen Oh I have seen alot of what the world can do, and its breaking my heart in two... ~ Wild World, Cat Stevens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] uid - sid conversion with winbindd
Hi, Today i tried to update samba and winbindd with the debs from samba.org from 3.0.14 to 3.0.20. Most things worked out of the box, but uid - sid conversion was broken after the update. Heres a summary of our setup: Samba member server joined to a win2k3 domain with the following smb.conf entries: [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will # part of workgroup = CIP-POOL winbind trusted domains only = yes allow trusted domains = no winbind use default domain = yes security = ADS realm = WIWI.UNI-KARLSRUHE.DE restrict anonymous = 2 map to guest = Bad Uid all domain users avaible locally on the samba server with nss_ldap, i.e getent passwd christophk returns christophk:x:2006:2000:Christoph Klein:/home/Admins/christophk:/bin/bash resoltion from usernames to sids work too, wbinfo -n christophk returns: S-1-5-21-1475544817-17105652-1213672966-12910 User (1) But wbinfo -S S-1-5-21-1475544817-17105652-1213672966-12910 returns Could not convert sid S-1-5-21-1475544817-17105652-1213672966-12910 to uid quite similar to wbinfo -U2006: Could not convert uid 2006 to sid Winbindd versions prior to 3.0.20 were able to map uids and sids out of the box if the usernames for the unix and the windows account were the same. Was there any change in here or did i miss something in my setup. I couldnt find any hint in the release notes. Do i have to use idmap_sfu ?! Thanks christophk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 'wins proxy' not working very well
I have setup the 10.0.2.177 machine with: wins server = 192.168.1.10 wins proxy = yes 192.168.1.10 is a PDC, and 192.168.2.10 is a BDC. Querying 192.168.1.10 directly works: # nmblookup -R -U 192.168.1.10 domain#1c querying domain on 192.168.1.10 192.168.1.10 domain1c 192.168.2.10 domain1c Querying the local subnet (10.0.7.255) doesn't work very well: # nmblookup domain#1c querying domain on 10.0.7.255 192.168.1.10 domain1c It only returns the PDC server and ignores the BDC. If I repeat it: # nmblookup domain#1c querying domain on 10.0.7.255 name_query failed to find name domain#1c So, the wins proxy = yes machine just forgot things. And, when it remembers (only the first run), it doesn't know about the BDC. Am I doing something wrong here? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Losing wallpapers on roaming profiles
On Sun, Nov 27, 2005 at 01:11:19PM +0100, Thomas Widhalm wrote: Hi! I'm getting difficulties with wallpapers on roaming profiles on a samba 3.0.9-2.3 under SuSE 9.2 with Windows XP Professional Clients. I discovered, by reading other postings concerning this topic, that Windows won't use jpegs as wallpapers on roaming profiles (converts them to bmp and stores them in Local Settings, which doesn't roam). So I converted the pictures to bmp myself an used them as wallpaper. Still they got lost most of the time. Has anyone encountered the same problem and found some solutions? I have a similar problem. I found out that the wallpaper change was learned by the workstations, but not applied. If I right-click on the desktop I see the new wallpaper name, but it's not applied (i.e., I still see the old one). Clicking OK at that dialog (without changing anything else) then applies the wallpaper to the desktop. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profiles, not roaming
i did verify that the profile was in fact a roaming profile the profile downloads just fine from the system that we first logon too with that user. any changes made with the same user on the original system do get saved to the server, i had a look in the /profiles/user name/Desktop directory for files we placed on the desktop after logging off, the files are on the server. when we go to another machine configured exactly the same way log on as that same user not does the profile not load but what looks like a local xp profile loads. i also tried making a new user on the smb box logging on with the same system which was displaying the wrong profile, and it woks fine, as long as the profile gets downloaded from the same system that it initially worked on, it seems to work fine. i am stumped. On Mon, November 21, 2005 7:28 pm, Craig White said: On Mon, 2005-11-21 at 18:21 -0500, Jack Mendez wrote: the profiles get saved ack to the samba machine no problem, its just when the user moves to a different machine that the correct profiles does not get downloaded the profiles are owned by username.group. Then it would seem to me that the possibilities... the other machines aren't properly joined to the domain. or the profile that is on the system that is working is not set to roam at all...verify...Start-Settings-Control Panel-System-Advanced-User Profiles-Settings Is the type for the user 'roaming' ? How about another user account on one of the other machines...log in, log out...does profile get saved to server? Does profile get loaded to first machine? Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] subdirectory permissions
Hi I recently installed Redhat ES 4 with a view to eventually doing away with our SBS 2003 server. I can share directories ok but cannot seem to pass the directory share parameters onto the subdirectories and files within. Is there a way to do this without creating seperate shares for the subdirectories (there are far too many subdirectories to consider this, unless I have no option). I have tried the 'Inherit permissions from parent directory' but this does not seem to work. I am quite new to the linux environment as far as using it as a file server are concerned anyway. Any help would be much appreciated Thanks in advance Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Creating domain list takes too long
Hello -- We have a LAN that consists of a samba domain controller and a bunch of PCs. The samba version is 3.0.20b and the PCs are running Windows XP (sp2). The Windows clients can join the domain without any problem, however, a message saying Please wait while the domain list is created shows up right after the first time after the clients join the domain and reboot. This procedure of creating the domain list takes a very very long time. I wonder if there is a way to reduce it. Thanks, --Lingtao - Yahoo! Music Unlimited - Access over 1 million songs. Try it free. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating domain list takes too long
I have seen this happen on a domain without a Samba server on the network. The only way I found to skip this step is Ctrl+Alt+Del and they are listed. I've just put it down to one of those quirks of Microsoft Windows but its definatly not a Samba issue. Taolizhong wrote: Hello -- We have a LAN that consists of a samba domain controller and a bunch of PCs. The samba version is 3.0.20b and the PCs are running Windows XP (sp2). The Windows clients can join the domain without any problem, however, a message saying Please wait while the domain list is created shows up right after the first time after the clients join the domain and reboot. This procedure of creating the domain list takes a very very long time. I wonder if there is a way to reduce it. Thanks, --Lingtao - Yahoo! Music Unlimited - Access over 1 million songs. Try it free. -- Lee Ball 08707 45 87 14 effective it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind error?
I just tried looking up this error but was not able to find anything on it. When attempting to authenticate a valid domain user of which the samba is a valid domain member server I am recieving this error in the log.winbind logs: winbindd[7389]: [2005/11/28 10:31:44, 0] rpc_client/cli_pipe.c:cli_rpc_close(1767) Nov 28 10:31:44 new-odin winbindd[7389]: cli_rpc_open failed on pipe \NETLOGON to machine LOKI. Error was SUCCESS - 0 Anyone have some insight into this? -- Jason Gerfen Oh I have seen alot of what the world can do, and its breaking my heart in two... ~ Wild World, Cat Stevens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profiles, not roaming
Re-arranging top post to bottom for ease of replying... On Mon, 2005-11-28 at 11:45 -0500, Jack Mendez wrote: On Mon, November 21, 2005 7:28 pm, Craig White said: On Mon, 2005-11-21 at 18:21 -0500, Jack Mendez wrote: the profiles get saved ack to the samba machine no problem, its just when the user moves to a different machine that the correct profiles does not get downloaded the profiles are owned by username.group. Then it would seem to me that the possibilities... the other machines aren't properly joined to the domain. or the profile that is on the system that is working is not set to roam at all...verify...Start-Settings-Control Panel-System-Advanced-User Profiles-Settings Is the type for the user 'roaming' ? How about another user account on one of the other machines...log in, log out...does profile get saved to server? Does profile get loaded to first machine? i did verify that the profile was in fact a roaming profile the profile downloads just fine from the system that we first logon too with that user. for clarity purposes, let's call this system A any changes made with the same user on the original system do get saved to the server, i had a look in the /profiles/user name/Desktop directory for files we placed on the desktop after logging off, the files are on the server. good - system A seems to have roaming profiles that save back onto server as expected when we go to another machine configured exactly the same way log on as that same user not does the profile not load but what looks like a local xp profile loads. let's call this system B You can verify if profile is local or roaming using method I described above. You can verify if changes are saved to server in manner similar to how you tested the user on system A i also tried making a new user on the smb box logging on with the same system which was displaying the wrong profile, and it woks fine, as long as the profile gets downloaded from the same system that it initially worked on, it seems to work fine. i am stumped. - I am unclear here...you created a new user. Logged into system B with this user and profile is indeed 'roaming' as indicated by Start-Settings-Control Panels-System-Advanced-User Profiles- Settings? And at logoff, the user profile is uploaded to samba server? If that is the case, what happens when you log on as that user on system A? Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo -g delay
Hi, I have a problem retriving domain groups. I use SAMBA 3.0.20b and the client is joined to a windows 2003 server enterprise edition (active directory in 2003 native mode). I have to wait more than a minute waiting winbind get me domain groups list. getent group have the same problem. It seems like winbind is trying to connect to same LDAP server (there is not). Any suggestions? Thanks Vittorio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba guest account
Hi all, Does the Samba guest account have some special restrictions placed upon it beyond the permissions and authority of the user itself (perhaps some compile-time options...)? Thanks! Rick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joel, Joel Franco wrote: | Empirically, when a NT based is added to the | existing network, the database application runs | slowly (access data) in this client machine | and in others NT machines that are added to the LAN. | | If i substitute this samba server with a Win2k3 | Standard Server, the application latency backs | to the original (or close), before the NT clients. | This was a big deception to me and since then, i'm | trying to find why this happens but i'm specialist. What version of Samba are you running? | I have observed in the ethereal sniffer that exists a | lot of Locking AndX Request and Locking AndX Response | that is highly ping pong communication between | the server and the client, that certainly don't | permit a good brute transfer. I understand that must | exist a lock mechanism to not corrupt the file | database shared between others stations. Most people running pc based database apps disable oplocks on the server. Can you run a quick test with and without oplocks in the Samba share. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDi0vaIR7qMdg1EfYRAgIUAJ9jkPtfLkm+enDbZNH8nVFFx6I9WwCfQWfm h3PNQINCD70+Tu6/atQdPeA= =2Gjd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo -g and -u problems ? no answer at my first post ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Noc Phibee wrote: | I have upgraded from 3.0.14a to 3.0.20b and now when i put | wbinfo -u or wbinfo -g i have a error message : | | [EMAIL PROTECTED] samba]# wbinfo -g | Error looking up domain groups | [EMAIL PROTECTED] samba]# wbinfo -u | Error looking up domain users | [EMAIL PROTECTED] samba]# | | | and into the log.winbind: | [2005/11/28 06:13:20, 3] | nsswitch/winbindd_misc.c:winbindd_interface_version(461) | [0]: request interface version | [2005/11/28 06:13:20, 3] | nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(494) | [0]: request location of privileged pipe | [2005/11/28 06:13:20, 3] | nsswitch/winbindd_group.c:winbindd_list_groups(813) | [0]: list groups | [2005/11/28 06:13:20, 3] | nsswitch/winbindd_group.c:get_sam_group_entries(528) | get_sam_group_entries: Failed to enumerate domain local groups! Can you send me a level 10 debug log? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDi01aIR7qMdg1EfYRAqXiAJ98+Os+MO3VmLEwFWJol7fFW6eXhACfdsCv yCIc7m2aSBq05e2vYPOZ8CE= =pN1m -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT/UNIX username mapping possible directly via tdbsam?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dominik Schuppli wrote: | Hello everyone, | | I've been wondering if NT and UNIX username mapping can | be done directly via the SAM database instead of | the 'username map = filename' option in smb.conf. | | The problem with 'username map' files is that the | mappings seem to work only in one direction, namely | from NT towards UNIX usernames. However, I'd like | to achieve a true, bi-directional one-to-one | mapping, e.g. between UNIX username 'root' and NT | username 'Administrator'. What would you expect by going in the reverse direction? Can you give me an example? | The command 'pdbedit -Lv username' shows separate fields | for both UNIX and NT usernames. (I'm using the tdbsam | backend, btw.) Will Samba operate correctly if those | entries contain different usernames? I think the nt user name is essentially unused. | I've enhanced 'pdbedit' on my system so that it | allows manipulation of the 'NT username' field. Is this smart | or stupid? I haven't yet had the opportunity to try | this in a working Samba environment. Maybe someone | has technical advice or knowledge on what I'm trying to do? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDi03sIR7qMdg1EfYRAm0pAKDUSLwpiYRbIgXmkEnaf+2QQm04NACg3Vrk MkEzA6V2lqGShw8AJNR3FBg= =Htvj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profiles, not roaming
If that is the case, what happens when you log on as that user on system A? the user is able to log on but the profile does not download what actually happens is that the system loads what looks like a profile from the local system. very similar to a default local profile that one would get when installing a fresh copy of xp. On Mon, November 28, 2005 12:47 pm, Craig White said: Re-arranging top post to bottom for ease of replying... On Mon, 2005-11-28 at 11:45 -0500, Jack Mendez wrote: On Mon, November 21, 2005 7:28 pm, Craig White said: On Mon, 2005-11-21 at 18:21 -0500, Jack Mendez wrote: the profiles get saved ack to the samba machine no problem, its just when the user moves to a different machine that the correct profiles does not get downloaded the profiles are owned by username.group. Then it would seem to me that the possibilities... the other machines aren't properly joined to the domain. or the profile that is on the system that is working is not set to roam at all...verify...Start-Settings-Control Panel-System-Advanced-User Profiles-Settings Is the type for the user 'roaming' ? How about another user account on one of the other machines...log in, log out...does profile get saved to server? Does profile get loaded to first machine? i did verify that the profile was in fact a roaming profile the profile downloads just fine from the system that we first logon too with that user. for clarity purposes, let's call this system A any changes made with the same user on the original system do get saved to the server, i had a look in the /profiles/user name/Desktop directory for files we placed on the desktop after logging off, the files are on the server. good - system A seems to have roaming profiles that save back onto server as expected when we go to another machine configured exactly the same way log on as that same user not does the profile not load but what looks like a local xp profile loads. let's call this system B You can verify if profile is local or roaming using method I described above. You can verify if changes are saved to server in manner similar to how you tested the user on system A i also tried making a new user on the smb box logging on with the same system which was displaying the wrong profile, and it woks fine, as long as the profile gets downloaded from the same system that it initially worked on, it seems to work fine. i am stumped. - I am unclear here...you created a new user. Logged into system B with this user and profile is indeed 'roaming' as indicated by Start-Settings-Control Panels-System-Advanced-User Profiles- Settings? And at logoff, the user profile is uploaded to samba server? If that is the case, what happens when you log on as that user on system A? Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind cache time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam Clark wrote: | http://lists.samba.org/archive/samba-technical/2003-February/027095.html | | Which confused me a bit. Ignore that mail. Out of date. | Is the argument to winbind cache time in seconds? | And what is the default value for this parameter? yes. it's in seconds. Default is 5 minutes (300 seconds). | With that in mind, how long after a password change can | a user be guaranteed To be authenticated properly with ntlm_auth? Winbindd does not cache passwords. So the answer really depends on your DC. There was a Windows 2003 bug where the DC would continue to authenticate the old password for a period of time. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDi00fIR7qMdg1EfYRAlmWAKDcMzlXCUpxMQJb53xas9PZKx+Q8gCguYlo FrKVriFNN0WsCPpfdC+rU3o= =5b0d -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pam_smb_auth.so support in version 3 or pam_winbind.so?
I am having trouble getting pam_smb_auth.so to work with the latest version of samba. It was working with the 2.* versions but when I tried to upgrade to Samba 3 authentication fails on the client. I do not know if I need to reconfigure samba to work with pam_smb_auth.so, I have tried man options. Please also refer to: http://lists.samba.org/archive/samba-technical/2005-November/043973.html I have using the stock RPM and compiling from source. I use the same approach for version 2 and 3 but 3 does not work. Please help. -- Matt Finlayson Information Technology Specialist School of Engineering and Computer Science Washington State University Vancouver 360-546-9481 It has been said, “A day that is without troubles is not fulfilling. Rather, give me a day of troubles well handled so that I can be content with my achievements.” -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind group mapping
Hi! I'm on a organization with 2 different 2003 domain (DOMAIN_A and DOMAIN_B) with a trust relationship. I'm using samba version 3.0.14a that comes with Ubuntu Breezy to map Active Directory group and users. I use local groups of DOMAIN_A but some users of these groups are from DOMAIN_B: $ getent group DOMAIN_A\group1 DOMAIN_A\group:x:10787:DOMAIN_A\user1 $ net rpc group members group1 -S domain_controler_A.domain_a.com DOMAIN_A\user1 DOMAIN_B\user2 DOMAIN_B\user3 DOMAIN_B\user4 Also tested changing security param in the smb.conf: ads: winbind behaves as exposed domain: winbind doesn't know nothing about local domain groups. I really want to solve this problem because is preventing me to use samba to setup a printserver. Please ask for anything that can help to trace the problem. Greetings Ximo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] master browser problems for one workgroup
Could somebody please tell me how can I know what computers of one local network are setuped up as master browsers for a local workgroup? I mean, is it possible to use nmblookup or other command for this? what parameters are needed? I'm having problems with a workgroup for which smbclient -L server gives different results every certain time, e.g. from one week to another the results change, like this: WorkgroupMaster ---- MYGROUP PC1 and some weeks later: WorkgroupMaster ---- MYGROUP PC2 (not only two, I have seen four different master browsers) perhaps the PCs of that workgroup are misconfigured, but I don't have physical access to them. I'm thinking to install a master browser with an 'os level' high enough in order to get rid of the other possible master browsers. Is it ok? thanks, Pablo Chamorro C. -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba password expiry time
I have found that when passwords are reset from a windows machine, the default password expiry period is around 40 days. I would like to change this to say 90 days, but have been unable to find a way. I tried the option password expire time but testparm doesn't seem to recognise it. There is nothing in the official Samba How-to about this. Has anyone managed to set thier default expiry time? I am using Samba 3.0.14a-Debian with an OpenLDAP backend. Cheers Please note: The SolNet Solutions offices will be closed from Friday the 23rd December to Wednesday the 4th January. During this time, please call 0800-SOLNET (0800-765638) if you require urgent assistance. Please enjoy the break and take care over the holiday period. Attention: This email may contain information intended for the sole use of the original recipient. Please respect this when sharing or disclosing this email's contents with any third party. If you believe you have received this email in error, please delete it and notify the sender or [EMAIL PROTECTED] as soon as possible. The content of this email does not necessarily reflect the views of SolNet Solutions Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Hiding and showing folders in Samba.
Michel Bouchet wrote: Does anyone know how to solve it ? hide unreadable = yes or other hide* parameters (man smb.conf) cheers Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] get_users_in_group bug on Solaris
Hi I just compiled Samba 3.0.20b on Linux with a 2.6.11.12 kernel. Adding users to domain groups works. The smbd daemon correctly calls the script pointed to by the add users to group script option. The user is added to the domain group under samba and under Linux. However, the script is still not called when adding users to LOCAL groups. What's the point of LOCAL groups - they don't seem to do anything? I know what LOCAL groups are for under proper Windows but what purpose do they serve for Samba - considering you can't add people to them (automagically)? However, it's proof at least that Samba-3 is definately broke on SOlaris. Hugo Hi List I have been trying to setup a very basic (basic as in it's using the simple config from the HOWTO) to tryout 3.0.20b on Solaris 8. The problems I have had have all revolved around the new (samba-3) feature add user to group script option. I could be well off the mark here but I think I may have found a bug - everyone else clearly thinks I'm mad as the only replies I've had run along the lines of well it works for me. Basically Samba never calls the script for local groups and is broken for domain groups. After some further testing and code spelunking (I'm not a programmer so I could be well wrong) I have found that the smb_add_user_group() function is never called when adding a user to a local group, but it is called when adding a user to a domain group. However, when adding a user to a DOMAIN group (samba does call the script and it works) but returns the NT_STATUS_MEMBER_NOT_IN_GROUP error. I've tracked this problem with adding to Domain groups down to the get_users_in_group function in lib/util_getent.c The broken section is the #if section that starts #if !defined(BROKEN_GETGRNAM) Now according to the comments (not many in the files) TRU64 Unix has a Broken GETGRNAM function. This is Solaris 8 so I would've thought that BROKEN_GETGRNAM should *not* be defined. If I manually edit the code to remove the '!' to force it to call the correct section of code all of a sudden as if by magic I can add users to domain groups. I still have not figured out why the code is *never* called for adding to local groups but now assume it must be a similar bug - don't think I'd be so lucky that simply properly undefining BROKEN_GETGRNAM would sort this problem. Naturally I appreciate many people will simple dismiss this missive on the grounds He's clearly mad - it works for me but I suspect it probably only works on Linux and not SOlaris. I am pretty confident that it is not me who has loused things up. I only configured samba with: ./configure --with-acl-support and then compiled and installed. I have only tried my fix against 3.0.20b but in my investigations I have compiled 3.0.11, 3.0.12,3.0.14 all with Sun Workshop compiler 5.1 and GCC 3.x (whatever is the most recent on Sunfreeware). I have also used the 3.0.10 package from Sunfreeware. ALL exhibit exactly the same problems: the add user to group script funciton doesn't work (not at all for local groups, or properly for domain groups). I would really truly appreciate if someone could tell me why the smb_add_user_group() function is never ever called when adding users to local groups (ON SOLARIS) with a mind to fixing it. I'm not a developer, I don't know how debuggers work, and I hate crawling through C code - I have found what I have by several days worth of crawling through logs, grepping C code. I'm sure a developer could just say OH, you want function blah in file x in a matter of minutes (I know plenty of people spend days crawling through logs and C code but that kinda stuff would take me several life times). Help, please. Hugo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba password expiry time
On Tue, 2005-11-29 at 10:11 +1300, Mike Hodgkinson wrote: I have found that when passwords are reset from a windows machine, the default password expiry period is around 40 days. I would like to change this to say 90 days, but have been unable to find a way. I tried the option password expire time but testparm doesn't seem to recognise it. There is nothing in the official Samba How-to about this. Has anyone managed to set thier default expiry time? I am using Samba 3.0.14a-Debian with an OpenLDAP backend. chapter 10 of the How-To available from www.samba.org (I mention this in case you have older dead tree form) the command is called pdbedit Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT clients syncronyzing in a Samba PDC Domain
On Mon, 2005-11-28 at 12:45 -0200, Joel Franco wrote: Hi, Plz, i have installed a Samba NT PDC Domain with XP Prof. and strangelly the machines are syncronizing with the Samba Server when the user Logoff of the domain. I've used the smb.conf below in others domains and XP clients have never synchronized before. I understand that i'm not using roaming profile, because the logon path is empty. The only difference in this domain is that i'm using winbind to the remote domain users (that is a trusted domain) be able to print in my domain. The message is something like: syncronizing \\server\username in SERVER. This happens just after logoff. Someone plz can say me what is this and how i disable it? The problem is the offline file support in WinXP. I had much pain with this, and in theory you should be able to disable this support with the 'csc policy' parameter. I had no end of pain with that (but perhaps I never set it right...), so I ended up setting a system policy to disable offline files. I used this in my .adm file for poledit: CLASS MACHINE CATEGORY !!OfflineFiles POLICY !!OfflineFileControl KEYNAME Software\Policies\Microsoft\NetCache PART !!DisableOfflineFiles CHECKBOX VALUENAME Enabled VALUEON NUMERIC 0 VALUEOFF NUMERIC 1 END PART END POLICY POLICY !!OfflineFileControlKey KEYNAME Software\Microsoft\Windows\CurrentVersion\NetCache PART !!DisableOfflineFilesKey CHECKBOX VALUENAME Enabled VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END PART END POLICY END CATEGORY [Strings] OfflineFiles=Offline Files OfflineFileControl=Control Offline Files (Policy) OfflineFileControlKey=Control Offline Files (Key) DisableOfflineFiles=Disable Offline Files (Policy) DisableOfflineFilesKey=Disable Offline Files (Key) Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ntlm_auth from pppd help
On Mon, 2005-11-28 at 06:27 -0500, Brian Hoover wrote: Andrew Bartlett wrote: I could not find the patch you speek of, but I am using the same daemon I used in a PPTP config that works. Oh, and that uses winbind auth? I'm using a version obtained from PopTop and yes it works with windbind auth. Is the l2tp in a chroot or similar? Not yet, still trying to get a simple set-up working. All I can suggest is to chase it down from the l2tp and pppd side with strace. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] unreachable trusted domains in enterprise environment
Hi All We have quite a complex enterprise environment which includes a global domain and lots of little asteroid domains all trusted by the central domain. We have (imaginatively) called this central domain ENTERPRISE. I have configured samba to be an ADS member server successfully, but due to our network design many of the asteroid domains's DC's are uncontactable from our regional office. Additionally, many of the ENTERPRISE domain DC's are also uncontactable (but this does not cause us any problem, since all of our DC's have a replica of the entire AD tree - yes I know this is stupid). Basically what we would like to do is ensure that any ADS/Kerberos/LDAP traffic follow the 'sites and services' definition we have setup. That is, the ADS/LDAP/Kerberos traffic does not leave our office and only attempts to use our local DC for any queries. We'd also like to ignore (or use) a list of domains we specify. I did try setting the password server, but I think it is only for security = Domain type configurations (?). Anyways, I can't see any options in smb.conf or other places that might have this type of configuration.. As an ugly kludge I did try to delete the default gateway so any requests to remote dc's get failed instantly (our DC is on the same subnet as our samba server) but it didn't make much difference. Any help would be greatly appreciated. Alan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT/UNIX username mapping possible directly via tdbsam?
Hello everyone, I've been wondering if NT and UNIX username mapping can be done directly via the SAM database instead of the 'username map = filename' option in smb.conf. The problem with 'username map' files is that the mappings seem to work only in one direction, namely from NT towards UNIX usernames. However, I'd like to achieve a true, bi-directional one-to-one mapping, e.g. between UNIX username 'root' and NT username 'Administrator'. The command 'pdbedit -Lv username' shows separate fields for both UNIX and NT usernames. (I'm using the tdbsam backend, btw.) Will Samba operate correctly if those entries contain different usernames? I've enhanced 'pdbedit' on my system so that it allows manipulation of the 'NT username' field. Is this smart or stupid? I haven't yet had the opportunity to try this in a working Samba environment. Maybe someone has technical advice or knowledge on what I'm trying to do? Thanks, Dominik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how-to Multiple Workgroups in a single PDC?
We wish to create multiple workgroups using a single domain SAMBA(LDAP) on a LINUX Server. The linux Server is the primary domain controller. or I need a linux/samba server per workgroup?, if we has for example 30 workgrous, then?... Really we wish view groups and not all machines on a single group(domain). any ideas? Thansks! --- Este mensaje fue enviado a traves del webmail corporativo de Pulxar. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Eclipse and Samba romaing profiles
Hi, some time ago you said you were having problems with Eclipse running in a Samba profile (using roaming). Did you find anything? I'm having the same problem... Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT clients syncronyzing in a Samba PDC Domain
No, i think... The instalation is standard with classic components like Office, Outlook Express, etc.. The synchronizing window (at logoff) appears strongly be of Windows environment. Thank You, -- Joel Franco Guzmán On Seg Nov 28 05 15:57, Tomasz Chmielewski wrote: Joel Franco schrieb: Hi, Plz, i have installed a Samba NT PDC Domain with XP Prof. and strangelly the machines are syncronizing with the Samba Server when the user Logoff of the domain. I've used the smb.conf below in others domains and XP clients have never synchronized before. I understand that i'm not using roaming profile, because the logon path is empty. The only difference in this domain is that i'm using winbind to the remote domain users (that is a trusted domain) be able to print in my domain. The message is something like: syncronizing \\server\username in SERVER. This happens just after logoff. isn't it some 3rd party program that does it? -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] multiple smbd process spawning with Samba 3.0.14
SLES 9 Service Pack 2 Samba 3.0.14 We are currently experiencing an issue with multiple smbd processes spawning. Do you have any suggestions as how to alleviate this condition or patch this problem? Or is this a configuration issues? Thanks, Mark Naumowicz IT Administrator The Equitable Trust Company 30 St. Clair Ave. West Suite 700 Toronto, Ont. M4V 3A1 416-515-7000 xt365 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] include directive
Hi everyone, Is there a way to have a share incorporate multiple includes for valid users? for instance, I have a share, and I want to incorporate several include files. Each file simply has a valid users = userA,userB,etc in it. It appears that the last include wins. Can I do something like: valid users = valid users,userA,userB essentially stacking the valid users directives? thanks, -C -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] roaming profiles, not roaming
This is a common setup issue, set profiles acls = no rights /data/sambaprofiles 777 create mask 600 directorie mask 700 this wil work. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Jack Mendez Verzonden: maandag 28 november 2005 17:45 Aan: Craig White CC: samba@lists.samba.org Onderwerp: Re: [Samba] roaming profiles, not roaming i did verify that the profile was in fact a roaming profile the profile downloads just fine from the system that we first logon too with that user. any changes made with the same user on the original system do get saved to the server, i had a look in the /profiles/user name/Desktop directory for files we placed on the desktop after logging off, the files are on the server. when we go to another machine configured exactly the same way log on as that same user not does the profile not load but what looks like a local xp profile loads. i also tried making a new user on the smb box logging on with the same system which was displaying the wrong profile, and it woks fine, as long as the profile gets downloaded from the same system that it initially worked on, it seems to work fine. i am stumped. On Mon, November 21, 2005 7:28 pm, Craig White said: On Mon, 2005-11-21 at 18:21 -0500, Jack Mendez wrote: the profiles get saved ack to the samba machine no problem, its just when the user moves to a different machine that the correct profiles does not get downloaded the profiles are owned by username.group. Then it would seem to me that the possibilities... the other machines aren't properly joined to the domain. or the profile that is on the system that is working is not set to roam at all...verify...Start-Settings-Control Panel-System-Advanced-User Profiles-Settings Is the type for the user 'roaming' ? How about another user account on one of the other machines...log in, log out...does profile get saved to server? Does profile get loaded to first machine? Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT/UNIX username mapping possible directly via tdbsam?
On Mon, 2005-11-28 at 09:46 +0100, Dominik Schuppli wrote: Hello everyone, I've been wondering if NT and UNIX username mapping can be done directly via the SAM database instead of the 'username map = filename' option in smb.conf. The problem with 'username map' files is that the mappings seem to work only in one direction, namely from NT towards UNIX usernames. However, I'd like to achieve a true, bi-directional one-to-one mapping, e.g. between UNIX username 'root' and NT username 'Administrator'. The command 'pdbedit -Lv username' shows separate fields for both UNIX and NT usernames. (I'm using the tdbsam backend, btw.) Will Samba operate correctly if those entries contain different usernames? I've enhanced 'pdbedit' on my system so that it allows manipulation of the 'NT username' field. Is this smart or stupid? I haven't yet had the opportunity to try this in a working Samba environment. Maybe someone has technical advice or knowledge on what I'm trying to do? Install 'Services for Unix' on your Windows system so they can have the benefit of mapping Unix users to Windows users...at least that's what it seems that you are trying to do. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pam_smb_auth.so support in version 3 or pam_winbind.so?
On Mon, 2005-11-28 at 10:46 -0800, Matt Finlayson wrote: I am having trouble getting pam_smb_auth.so to work with the latest version of samba. It was working with the 2.* versions but when I tried to upgrade to Samba 3 authentication fails on the client. I do not know if I need to reconfigure samba to work with pam_smb_auth.so, I have tried man options. Please also refer to: You mention that you are thinking of using pam_winbindd. I strongly suggest that option. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Guest account problem ... please help
Hi Rick, It's as if the samba user is not even coming into play, although I've taken measures to insure that's the user used for when connections are made to the Samba server. Very strange. What do you think? Are you 100% sure you're logging in to the server as the correct user? I had Samba set up to map to the guest user for a bad password which got me. You should be able to run net status sessions or net status shares to see who's actually connected to the share. Hopefully this will be the username you're expecting. You could also try creating a file from the Windows box (in a chmod 777 folder if necessary) - this new file will tell you for sure what credentials Samba is using when connected as that user. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ~! High CPU usage on SLES9 box running 3.0.14a when printing via LPD !~
Greetings, I am currently experiencing an issue on our network when people are printing via LPD. Recently, we upgraded our main Samba server from Suse 8.0 running Samba 2.28 to SLES9 running 3.0.14a. The upgrade was done mainly to resolve oplocks issues that appear to be resolved in 3.0.14a. Since we have upgraded, top is showing that lp is running above 50% of CPU usage on the server when being printed to. Basically it seems that whenever we have a fair bit of printing on the network, (30 clients printing) the CPU usage for lp will spike and eventually the server becomes unresponsive. The server does not stop working, it just becomes bogged down and lp will eventually stop. So if I run a chkconfig on the server, I will not see lp running, it is stopped. This is currently causing some major issues on our network, and was not something that we encountered when testing with 3 systems during a test period on a test LAN. Any help or further information that I can provide? Does anybody have any suggestions as to what could be causing the high cpu usage? Possible testing procedures? We currently have our smb.conf file set to printing = lprng. Your time and attention to this issue are greatly appreciated. Thanks, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple smbd process spawning with Samba 3.0.14
Are you sure you're not just seeing the normal behaviour of samba? Samba spawns a new smbd per client. You can use smbstatus -p to list the pids along with the user and IP they are serving. -- David Miller On 11/28/05, Mark Naumowicz [EMAIL PROTECTED] wrote: SLES 9 Service Pack 2 Samba 3.0.14 We are currently experiencing an issue with multiple smbd processes spawning. Do you have any suggestions as how to alleviate this condition or patch this problem? Or is this a configuration issues? Thanks, Mark Naumowicz IT Administrator The Equitable Trust Company 30 St. Clair Ave. West Suite 700 Toronto, Ont. M4V 3A1 416-515-7000 xt365 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ~! High CPU usage on SLES9 box running 3.0.14a when printing via LPD !~
Greetings, I am currently experiencing an issue on our network when people are printing via LPD. Recently, we upgraded our main Samba server from Suse 8.0 running Samba 2.28 to SLES9 running 3.0.14a. The upgrade was done mainly to resolve oplocks issues that appear to be resolved in 3.0.14a. Since we have upgraded, top is showing that lp is running above 50% of CPU usage on the server when being printed to. Basically it seems that whenever we have a fair bit of printing on the network, (30 clients printing) the CPU usage for lp will spike and eventually the server becomes unresponsive. The server does not stop working, it just becomes bogged down and lp will eventually stop. So if I run a chkconfig on the server, I will not see lp running, it is stopped. This is currently causing some major issues on our network, and was not something that we encountered when testing with 3 systems during a test period on a test LAN. Any help or further information that I can provide? Does anybody have any suggestions as to what could be causing the high cpu usage? Possible testing procedures? We currently have our smb.conf file set to printing = lprng. Your time and attention to this issue are greatly appreciated. Thanks, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba password expiry time
On Monday 28 November 2005 14:11, Mike Hodgkinson wrote: I have found that when passwords are reset from a windows machine, the default password expiry period is around 40 days. I would like to change this to say 90 days, but have been unable to find a way. I tried the option password expire time but testparm doesn't seem to recognise it. There is nothing in the official Samba How-to about this. Quick - fire the documentation maintainer! Bad boy! Bad, Bad Boy! Oops, How about chapter 10 of the Official HOWTO? http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Maybe some day we will get our doc right. ;-/ - John T. Has anyone managed to set thier default expiry time? I am using Samba 3.0.14a-Debian with an OpenLDAP backend. Cheers Please note: The SolNet Solutions offices will be closed from Friday the 23rd December to Wednesday the 4th January. During this time, please call 0800-SOLNET (0800-765638) if you require urgent assistance. Please enjoy the break and take care over the holiday period. Attention: This email may contain information intended for the sole use of the original recipient. Please respect this when sharing or disclosing this email's contents with any third party. If you believe you have received this email in error, please delete it and notify the sender or [EMAIL PROTECTED] as soon as possible. The content of this email does not necessarily reflect the views of SolNet Solutions Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba password expiry time
Ah pdbedit, thank you. It didnt come up after hours of googling and searching through the official howto, otherwise I wouldn't have asked here. Perhaps it is just my inexperience with the Samba How-to. Cheers Craig White wrote: On Tue, 2005-11-29 at 10:11 +1300, Mike Hodgkinson wrote: I have found that when passwords are reset from a windows machine, the default password expiry period is around 40 days. I would like to change this to say 90 days, but have been unable to find a way. I tried the option password expire time but testparm doesn't seem to recognise it. There is nothing in the official Samba How-to about this. Has anyone managed to set thier default expiry time? I am using Samba 3.0.14a-Debian with an OpenLDAP backend. chapter 10 of the How-To available from www.samba.org (I mention this in case you have older dead tree form) the command is called pdbedit Craig Please note: The SolNet Solutions offices will be closed from Friday the 23rd December to Wednesday the 4th January. During this time, please call 0800-SOLNET (0800-765638) if you require urgent assistance. Please enjoy the break and take care over the holiday period. Attention: This email may contain information intended for the sole use of the original recipient. Please respect this when sharing or disclosing this email's contents with any third party. If you believe you have received this email in error, please delete it and notify the sender or [EMAIL PROTECTED] as soon as possible. The content of this email does not necessarily reflect the views of SolNet Solutions Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] roaming profiles, not roaming
i do appreciate your help with this.. according to manpages. profile acls (S) This boolean parameter was added to fix the problems that people have been having with storing user profiles on Samba shares from Windows 2000 or Windows XP clients. New versions of Windows 2000 or Windows XP service packs do security ACL checking i have only xp clients running newest service packs, when i set profile acls to no, it gives me an error message about not being able to download the profile. 777 is very insecure that means that all users on the system can over write anyones profile my problem is not that the profiles can not write to the server, changes to the profile do get saved, its just they don't get saved to the server on more then one system. On Mon, November 28, 2005 5:50 pm, Louis van Belle said: This is a common setup issue, set profiles acls = no rights /data/sambaprofiles 777 create mask 600 directorie mask 700 this wil work. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Jack Mendez Verzonden: maandag 28 november 2005 17:45 Aan: Craig White CC: samba@lists.samba.org Onderwerp: Re: [Samba] roaming profiles, not roaming i did verify that the profile was in fact a roaming profile the profile downloads just fine from the system that we first logon too with that user. any changes made with the same user on the original system do get saved to the server, i had a look in the /profiles/user name/Desktop directory for files we placed on the desktop after logging off, the files are on the server. when we go to another machine configured exactly the same way log on as that same user not does the profile not load but what looks like a local xp profile loads. i also tried making a new user on the smb box logging on with the same system which was displaying the wrong profile, and it woks fine, as long as the profile gets downloaded from the same system that it initially worked on, it seems to work fine. i am stumped. On Mon, November 21, 2005 7:28 pm, Craig White said: On Mon, 2005-11-21 at 18:21 -0500, Jack Mendez wrote: the profiles get saved ack to the samba machine no problem, its just when the user moves to a different machine that the correct profiles does not get downloaded the profiles are owned by username.group. Then it would seem to me that the possibilities... the other machines aren't properly joined to the domain. or the profile that is on the system that is working is not set to roam at all...verify...Start-Settings-Control Panel-System-Advanced-User Profiles-Settings Is the type for the user 'roaming' ? How about another user account on one of the other machines...log in, log out...does profile get saved to server? Does profile get loaded to first machine? Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba guide Ch5: cannot resolve user id
Hello, I am following Ch5 of the Samba Guide and so far it has been working pretty good till that point: * *Procedure 5.8. LDAP Directory Initialization Steps * 12. This step will determine whether or not identity resolution is working correctly. Do not procede is this step fails, rather find the cause of the failure. The *id* command may be used to validate your configuration so far, as shown here: |root# | id chrisr uid=1002(chrisr) gid=513(Domain Users) groups=513(Domain Users) *I can see the user I added as a result of step 11 but at step 12 I get a No Such User error. Sorry if this is obvious to some of you, I have to say I have absolutely no experience of this kind of setup :-( What can I check to find the cause of the failure ? Many thanks for your help ! Olivier Thibaut. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba domian and running services on XP ws
On 11/27/05, maxxik [EMAIL PROTECTED] wrote: Ppl advice me how can I force every ws in domain have particular service running ? other words - when any station login to domain(samba based) it get running just services I want ? In a Windows environment, this would be handled with Group Policy. In a Samba environment, you could use a tool like WPKG to run a startup script every time the workstations are booted to start and stop the appropriate services (by invoking Windows' net or sc command). Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows printer driver installation with samba and cups
[print$] path = /daten/printers myserver:/ # la daten/printers/ total 1 drwxrwxr-x 2 root mygroup 48 Nov 25 15:29 . drwxr-xr-x 20 root mygroup 472 Nov 25 14:59 .. Where are the driver files? It looks like you haven't installed them. Under my windows 2000 (and XP) client, I see my printer within the folder PRINTERS. With properties-No-Advanced-New Driver (Windows-Driver-Wizard) I can specify the driver and follow all instructions. At the end, when I finish the wizard, a message can not install driver. the procedure could not finished appears. Within the directory /daten/printers NO DRIVER is installed! *You* have to put the printer's drivers in /daten/printers by hand first, so that the Windows boxes can find those files and copy them across. Did someone know this problem or see something similar? Try man cupsaddsmb and read the Samba manual referring to installing printers. It looks like all you need to do is copy the printer drivers across, run cupsaddsmb and then it will work. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NT clients syncronyzing in a Samba PDC Domain
I understand that i'm not using roaming profile, because the logon path is empty. The only difference in this domain is that i'm using winbind to the remote domain users (that is a trusted domain) be able to print in my domain. The message is something like: syncronizing \\server\username in SERVER. This happens just after logoff. Open Windows Explorer. Click on your C: drive Click Tools-Folder Options Click the Offline Files tab Uncheck Enable Offline Files and all the other boxes for that matter I think that should take care of the problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba guide Ch5: cannot resolve user id
On Monday 28 November 2005 21:22, Olivier Thibaut wrote: Hello, I am following Ch5 of the Samba Guide and so far it has been working pretty good till that point: * *Procedure 5.8. LDAP Directory Initialization Steps * 12. This step will determine whether or not identity resolution is working correctly. Do not procede is this step fails, rather find the cause of the failure. The *id* command may be used to validate your configuration so far, as shown here: |root# | id chrisr uid=1002(chrisr) gid=513(Domain Users) groups=513(Domain Users) *I can see the user I added as a result of step 11 but at step 12 I get a No Such User error. Sorry if this is obvious to some of you, I have to say I have absolutely no experience of this kind of setup :-( What can I check to find the cause of the failure ? Many thanks for your help ! Follow section 5.1.3.7 to find the cause of it not working. Your version of nss_ldap may be too old. Also check that nscd is NOT running. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba guide Ch5: cannot resolve user id
John H Terpstra wrote: *I can see the user I added as a result of step 11 but at step 12 I get a No Such User error. Sorry if this is obvious to some of you, I have to say I have absolutely no experience of this kind of setup :-( What can I check to find the cause of the failure ? Many thanks for your help ! Follow section 5.1.3.7 to find the cause of it not working. Your version of nss_ldap may be too old. Also check that nscd is NOT running. - John T. Oops, seems I missed an important part. nscd was the culprit, thanks for your help :-) Olivier Thibaut. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] configure 3.0.21rc1 on solaris
Hello, i got an error while configuring samba on solaris 5.8: lib/smbldap.c: In function `smbldap_connect_system': lib/smbldap.c:770: warning: passing arg 2 of `ldap_set_rebind_proc' from incompatible pointer type lib/smbldap.c:770: error: too few arguments to function `ldap_set_rebind_proc' make: *** [lib/smbldap.o] Error 1 As 3.0.20b is configuring without this error, are there any hints what to do? I need the newest version of samba because of filesystems with many files and because of this to high load on the smb processes. Regards -- WIGE Konstruktionen Schwanenstrasse 4 88214 Ravensburg Systembetreuung Phone: ++49-751-36609-29 [EMAIL PROTECTED] http://www.wige.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: Beginner question on setting passwords
Dr Robert Young wrote: I can not easily read the docs on samba 2.2.8 (8/17/2005) since they are all HTML (I am working on a VT320 ). Lynx, a text format web browser, would be helpful to you in this case. http://lynx.browser.org/ -- Brian Tillman Smiths Aerospace 3290 Patterson Ave. SE, MS 1B3 Grand Rapids, MI 49512-1991 Brian.Tillman is the name, smiths-aerospace.com is the domain. /table /Pre HTML br br br The information contained in, or attached to, this e-mail, may contain confidential information and is intended solely for the use of the individual or entity to whom they are addressed and may be subject to legal privilege. If you have received this e-mail in error you should notify the sender immediately by reply e-mail, delete the message from your system and notify your system manager. Please do not copy it for any purpose, or disclose its contents to any other person. The views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company. The recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused, directly or indirectly, by any virus transmitted in this email.br br /HTML PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r11940 - in branches/SAMBA_4_0/source: auth/kerberos heimdal/kdc
Author: abartlet Date: 2005-11-28 07:59:46 + (Mon, 28 Nov 2005) New Revision: 11940 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11940 Log: Love has clarified why this code does what it does. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c Changeset: Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt === --- branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt 2005-11-28 05:44:14 UTC (rev 11939) +++ branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt 2005-11-28 07:59:46 UTC (rev 11940) @@ -179,14 +179,6 @@ allow multiple passwords per account in krb5. (I think this was intened to allow multiple salts) - - When sending the enc-type negotiation, we call get_pa_etype_info if - there are only 'old' enc types present, but always call - get_pa_etype_info2. It would seem more logical to have an - either/or, or only send both to clients that show signs of knowing - about the old enc types. - - Perhaps this is to cope with clients that expect the older info in - the first position? (Comments needed) - State Machine safety Modified: branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c === --- branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c 2005-11-28 05:44:14 UTC (rev 11939) +++ branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c 2005-11-28 07:59:46 UTC (rev 11940) @@ -1099,6 +1099,12 @@ pa-padata_value.data = NULL; #endif + /* RFC4120 requires: +- If the client only knows about old enctypes, then send both info replies + (we send 'info' first in the list). +- If the client is 'modern', because it knows about 'new' enc types, then + only send the 'info2' reply. + */ /* XXX check ret */ if (only_older_enctype_p(req)) ret = get_pa_etype_info(context, config, method_data, client-entry,
svn commit: samba r11941 - in branches/SAMBA_4_0/source/libcli/nbt: .
Author: metze Date: 2005-11-28 13:15:57 + (Mon, 28 Nov 2005) New Revision: 11941 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11941 Log: fix cut'n'paste bug metze Modified: branches/SAMBA_4_0/source/libcli/nbt/nbtsocket.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/nbt/nbtsocket.c === --- branches/SAMBA_4_0/source/libcli/nbt/nbtsocket.c2005-11-28 07:59:46 UTC (rev 11940) +++ branches/SAMBA_4_0/source/libcli/nbt/nbtsocket.c2005-11-28 13:15:57 UTC (rev 11941) @@ -506,7 +506,7 @@ { NBT_RCODE_IMP, NT_STATUS_NOT_SUPPORTED }, { NBT_RCODE_RFS, NT_STATUS_ACCESS_DENIED }, { NBT_RCODE_ACT, NT_STATUS_ADDRESS_ALREADY_EXISTS }, - { NBT_RCODE_ACT, NT_STATUS_CONFLICTING_ADDRESSES } + { NBT_RCODE_CFT, NT_STATUS_CONFLICTING_ADDRESSES } }; for (i=0;iARRAY_SIZE(map);i++) { if (map[i].rcode == rcode) {
svn commit: samba-web r862 - in trunk/history: .
Author: jerry Date: 2005-11-28 13:21:49 + (Mon, 28 Nov 2005) New Revision: 862 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=862 Log: adding missing link to old CVE article Modified: trunk/history/security.html Changeset: Modified: trunk/history/security.html === --- trunk/history/security.html 2005-11-23 11:19:53 UTC (rev 861) +++ trunk/history/security.html 2005-11-28 13:21:49 UTC (rev 862) @@ -115,9 +115,8 @@ tdBuffer overrun condition in the SMB/CIFS packet fragment re-assembly code./td tdall 2.0 releases and = 2.2.8/td - tda - href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201;CAN-2003 --0201/a/td + tda href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196;CAN-2003-0196/a, + a href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201;CAN-2003-0201/a/td tda href=/samba/history/samba-2.2.8a.htmlrelease notes/a/td /tr @@ -128,8 +127,6 @@ requests from clients./td td2.2.2 - 2.2.6/td tda - href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201;CAN-2003 --0201/a , a href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085;CAN-2003 -0085/a/td tda href=/samba/history/samba-2.2.7a.htmlrelease notes/a/td
svn commit: samba r11942 - branches/SAMBA_3_0/examples/perfcounter trunk/examples/perfcounter
Author: jerry Date: 2005-11-28 15:56:10 + (Mon, 28 Nov 2005) New Revision: 11942 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11942 Log: patch from Marcin to fix the mkdir() in perfcount daemon Modified: branches/SAMBA_3_0/examples/perfcounter/perf_writer_util.c trunk/examples/perfcounter/perf_writer_util.c Changeset: Modified: branches/SAMBA_3_0/examples/perfcounter/perf_writer_util.c === --- branches/SAMBA_3_0/examples/perfcounter/perf_writer_util.c 2005-11-28 13:15:57 UTC (rev 11941) +++ branches/SAMBA_3_0/examples/perfcounter/perf_writer_util.c 2005-11-28 15:56:10 UTC (rev 11942) @@ -77,7 +77,7 @@ fprintf(stderr, Usage: %s [-d] [-f file_path].\n, progname); fprintf(stderr, \t-d: run as a daemon.\n); fprintf(stderr, \t-f file_path: path where the TDB files reside.\n); -fprintf(stderr, \t\tDEFAULT is /tmp/counters\n); +fprintf(stderr, \t\tDEFAULT is /var/lib/samba/perfmon\n); exit(1); } @@ -116,13 +116,13 @@ if(strlen(rt-dbDir) == 0) { /* No file path was passed in, use default */ - sprintf(rt-dbDir, /tmp/counters); + sprintf(rt-dbDir, /var/lib/samba/perfmon); } sprintf(rt-nameFile, %s/names.tdb, rt-dbDir); sprintf(rt-counterFile, %s/data.tdb, rt-dbDir); -mkdir(rt-dbDir, O_RDWR); +mkdir(rt-dbDir, 0755); rt-cnames = tdb_open(rt-nameFile, 0, TDB_CLEAR_IF_FIRST, O_RDWR | O_CREAT, 0644); rt-cdata = tdb_open(rt-counterFile, 0, TDB_CLEAR_IF_FIRST, O_RDWR | O_CREAT, 0644); Modified: trunk/examples/perfcounter/perf_writer_util.c === --- trunk/examples/perfcounter/perf_writer_util.c 2005-11-28 13:15:57 UTC (rev 11941) +++ trunk/examples/perfcounter/perf_writer_util.c 2005-11-28 15:56:10 UTC (rev 11942) @@ -77,7 +77,7 @@ fprintf(stderr, Usage: %s [-d] [-f file_path].\n, progname); fprintf(stderr, \t-d: run as a daemon.\n); fprintf(stderr, \t-f file_path: path where the TDB files reside.\n); -fprintf(stderr, \t\tDEFAULT is /tmp/counters\n); +fprintf(stderr, \t\tDEFAULT is /var/lib/samba/perfmon\n); exit(1); } @@ -116,13 +116,13 @@ if(strlen(rt-dbDir) == 0) { /* No file path was passed in, use default */ - sprintf(rt-dbDir, /tmp/counters); + sprintf(rt-dbDir, /var/lib/samba/perfmon); } sprintf(rt-nameFile, %s/names.tdb, rt-dbDir); sprintf(rt-counterFile, %s/data.tdb, rt-dbDir); -mkdir(rt-dbDir, O_RDWR); +mkdir(rt-dbDir, 0755); rt-cnames = tdb_open(rt-nameFile, 0, TDB_CLEAR_IF_FIRST, O_RDWR | O_CREAT, 0644); rt-cdata = tdb_open(rt-counterFile, 0, TDB_CLEAR_IF_FIRST, O_RDWR | O_CREAT, 0644);
svn commit: samba r11943 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-11-28 17:03:50 + (Mon, 28 Nov 2005) New Revision: 11943 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11943 Log: Don't reset attrs to zero in EA get - we are adding to the attr list not resetting it. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/dosmode.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/dosmode.c === --- branches/SAMBA_3_0/source/smbd/dosmode.c2005-11-28 15:56:10 UTC (rev 11942) +++ branches/SAMBA_3_0/source/smbd/dosmode.c2005-11-28 17:03:50 UTC (rev 11943) @@ -190,7 +190,8 @@ return False; } - *pattr = 0; + /* Don't reset pattr to zero as we may already have filename-based attributes we + need to preserve. */ sizeret = SMB_VFS_GETXATTR(conn, path, SAMBA_XATTR_DOS_ATTRIB, attrstr, sizeof(attrstr)); if (sizeret == -1) {
svn commit: samba r11944 - in trunk/source/smbd: .
Author: jra Date: 2005-11-28 17:03:52 + (Mon, 28 Nov 2005) New Revision: 11944 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11944 Log: Don't reset attrs to zero in EA get - we are adding to the attr list not resetting it. Jeremy. Modified: trunk/source/smbd/dosmode.c Changeset: Modified: trunk/source/smbd/dosmode.c === --- trunk/source/smbd/dosmode.c 2005-11-28 17:03:50 UTC (rev 11943) +++ trunk/source/smbd/dosmode.c 2005-11-28 17:03:52 UTC (rev 11944) @@ -190,7 +190,8 @@ return False; } - *pattr = 0; + /* Don't reset pattr to zero as we may already have filename-based attributes we + need to preserve. */ sizeret = SMB_VFS_GETXATTR(conn, path, SAMBA_XATTR_DOS_ATTRIB, attrstr, sizeof(attrstr)); if (sizeret == -1) {
svn commit: samba r11945 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-11-28 20:14:07 + (Mon, 28 Nov 2005) New Revision: 11945 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11945 Log: Make us follow the newly documented pathname processing rules: As a special case for directories with large numbers of files, if the case options are set as follows, case sensitive = yes, case preserve = no, short preserve case = no then the default case option will be applied and will modify all filenames sent from the client when accessing this share. This is needed as fixing the case preserve rules to only apply to new filenames broke the large directory fix. Glad we caught this before release. Thanks to jht for this one. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/filename.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/filename.c === --- branches/SAMBA_3_0/source/smbd/filename.c 2005-11-28 17:03:52 UTC (rev 11944) +++ branches/SAMBA_3_0/source/smbd/filename.c 2005-11-28 20:14:07 UTC (rev 11945) @@ -150,6 +150,19 @@ pstrcpy(saved_last_component, name); } + /* +* Large directory fix normalization. If we're case sensitive, and +* the case preserving parameters are set to no, normalize the case of +* the incoming filename from the client WHETHER IT EXISTS OR NOT ! +* This is in conflict with the current (3.0.20) man page, but is +* what people expect from the large directory howto. I'll update +* the man page. Thanks to [EMAIL PROTECTED] for finding this. JRA. +*/ + + if (conn-case_sensitive !conn-case_preserve !conn-short_case_preserve) { + strnorm(name, lp_defaultcase(SNUM(conn))); + } + start = name; pstrcpy(orig_path, name);
svn commit: samba r11946 - in trunk/source/smbd: .
Author: jra Date: 2005-11-28 20:14:09 + (Mon, 28 Nov 2005) New Revision: 11946 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11946 Log: Make us follow the newly documented pathname processing rules: As a special case for directories with large numbers of files, if the case options are set as follows, case sensitive = yes, case preserve = no, short preserve case = no then the default case option will be applied and will modify all filenames sent from the client when accessing this share. This is needed as fixing the case preserve rules to only apply to new filenames broke the large directory fix. Glad we caught this before release. Thanks to jht for this one. Jeremy. Modified: trunk/source/smbd/filename.c Changeset: Modified: trunk/source/smbd/filename.c === --- trunk/source/smbd/filename.c2005-11-28 20:14:07 UTC (rev 11945) +++ trunk/source/smbd/filename.c2005-11-28 20:14:09 UTC (rev 11946) @@ -150,6 +150,19 @@ pstrcpy(saved_last_component, name); } + /* +* Large directory fix normalization. If we're case sensitive, and +* the case preserving parameters are set to no, normalize the case of +* the incoming filename from the client WHETHER IT EXISTS OR NOT ! +* This is in conflict with the current (3.0.20) man page, but is +* what people expect from the large directory howto. I'll update +* the man page. Thanks to [EMAIL PROTECTED] for finding this. JRA. +*/ + + if (conn-case_sensitive !conn-case_preserve !conn-short_case_preserve) { + strnorm(name, lp_defaultcase(SNUM(conn))); + } + start = name; pstrcpy(orig_path, name);
svn commit: samba-docs r870 - in trunk/Samba3-ByExample: .
Author: jht Date: 2005-11-28 20:18:50 + (Mon, 28 Nov 2005) New Revision: 870 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=870 Log: Update to include Centrify information. Modified: trunk/Samba3-ByExample/SBE-AddingUNIXClients.xml Changeset: Modified: trunk/Samba3-ByExample/SBE-AddingUNIXClients.xml === --- trunk/Samba3-ByExample/SBE-AddingUNIXClients.xml2005-11-28 20:15:21 UTC (rev 869) +++ trunk/Samba3-ByExample/SBE-AddingUNIXClients.xml2005-11-28 20:18:50 UTC (rev 870) @@ -2160,22 +2160,30 @@ paraindexterm primaryIdentity management/primary /indexterm - There are really only three solutions that provide integrated authentication and + There are really four solutions that provide integrated authentication and user identity management facilities: /para itemizedlist listitempara - Samba winbind (free) + Samba winbind (free). Samba-3.0.20 introduced a complete replacement for Winbind that now + provides a greater level of scalability in large ADS environments. /para/listitem listitempara - ulink url=http://www.padl.com;PADL/ulink PAM and LDAP tools (free) + ulink url=http://www.padl.com;PADL/ulink PAM and LDAP tools (free). /para/listitem listitempara - ulink url=http://www.vintela.com;Vintela/ulink Authentication Services (commercial) + ulink url=http://www.vintela.com;Vintela/ulink Authentication Services (commercial). /para/listitem + +listitempara + ulink url=http://www.centrify.com;Centrify/ulink DirectControl (commercial). + Centrify's commercial product allows UNIX and Linux systems to use Active Directory + security, directory and policy services. Enhancements include a centralized ID mapping that + allows Samba, DirectControl and Active Directory to seamlessly work together. +/para/listitem /itemizedlist para
svn commit: samba-docs r871 - in trunk/manpages-3: .
Author: jht Date: 2005-11-28 20:33:34 + (Mon, 28 Nov 2005) New Revision: 871 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=871 Log: Adding modification of Jeremy's documenation for for 3.0.21 large directory support and tidy up source file. Modified: trunk/manpages-3/smb.conf.5.xml Changeset: Modified: trunk/manpages-3/smb.conf.5.xml === --- trunk/manpages-3/smb.conf.5.xml 2005-11-28 20:18:50 UTC (rev 870) +++ trunk/manpages-3/smb.conf.5.xml 2005-11-28 20:33:34 UTC (rev 871) @@ -520,36 +520,31 @@ varlistentry termdefault case = upper/lower/term listitempara - controls what the default case is for new filenames (ie. files that don't currently exist - in the filesystem). Default emphasislower/emphasis. - IMPORTANT NOTE ! This option will be used to modify the case of emphasisall/emphasis - incoming client filenames, not just new filenames if the options - case sensitive = yes, case preserve = no, short preserve case = no are set. - This change is needed as part of the optimisations - for directories containing large numbers of files. + controls what the default case is for new filenames (ie. files that don't currently exist in the filesystem). + Default emphasislower/emphasis. IMPORTANT NOTE: This option will be used to modify the case of + emphasisall/emphasis incoming client filenames, not just new filenames if the options case smbconfoption + name=case sensitiveyes/smbconfoption, smbconfoption name=case preserveNo/smbconfoption, + smbconfoption name=short preserve caseNo/smbconfoption are set. This change is needed as part of the + optimisations for directories containing large numbers of files. /para/listitem /varlistentry varlistentry termpreserve case = yes/no/term listitempara - controls whether new files (ie. files that don't currently exist - in the filesystem) are created with the case that the client passes, - or if they are forced to be the - literaldefault/literal case. Default emphasisyes/emphasis. + controls whether new files (ie. files that don't currently exist in the filesystem) are created with the case + that the client passes, or if they are forced to be the literaldefault/literal case. Default + emphasisyes/emphasis. /para/listitem /varlistentry varlistentry termshort preserve case = yes/no/term listitempara - controls if new files (ie. files that don't currently exist - in the filesystem) which conform to 8.3 syntax, that is all in - upper case and of suitable length, are created upper case, or if - they are forced to be the literaldefault/literal case. This - option can be used with literalpreserve case = yes/literal to - permit long filenames to retain their case, while short - names are lowercased. Default emphasisyes/emphasis. + controls if new files (ie. files that don't currently exist in the filesystem) which conform to 8.3 syntax, + that is all in upper case and of suitable length, are created upper case, or if they are forced to be the + literaldefault/literal case. This option can be used with literalpreserve case = yes/literal to permit + long filenames to retain their case, while short names are lowercased. Default emphasisyes/emphasis. /para/listitem /varlistentry /variablelist
svn commit: samba r11947 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
Author: vlendec Date: 2005-11-28 20:42:18 + (Mon, 28 Nov 2005) New Revision: 11947 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11947 Log: Back out passdb:expand_explicit until we find consensus. I'll file this as a bugzilla entry. Volker Modified: branches/SAMBA_3_0/source/passdb/passdb.c branches/SAMBA_3_0/source/passdb/pdb_ldap.c trunk/source/passdb/passdb.c trunk/source/passdb/pdb_ldap.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/passdb.c === --- branches/SAMBA_3_0/source/passdb/passdb.c 2005-11-28 20:14:09 UTC (rev 11946) +++ branches/SAMBA_3_0/source/passdb/passdb.c 2005-11-28 20:42:18 UTC (rev 11947) @@ -1751,8 +1751,6 @@ uint32 pwHistLen = 0; BOOL ret = True; fstring tmpstring; - BOOL expand_explicit = lp_parm_bool(-1, passdb, expand_explicit, - False); if(sampass == NULL || buf == NULL) { DEBUG(0, (init_sam_from_buffer_v2: NULL parameters found!\n)); @@ -1817,10 +1815,7 @@ if (homedir) { fstrcpy( tmpstring, homedir ); - if (expand_explicit) { - standard_sub_basic( username, tmpstring, - sizeof(tmpstring) ); - } + standard_sub_basic( username, tmpstring, sizeof(tmpstring) ); pdb_set_homedir(sampass, tmpstring, PDB_SET); } else { @@ -1836,10 +1831,7 @@ if (logon_script) { fstrcpy( tmpstring, logon_script ); - if (expand_explicit) { - standard_sub_basic( username, tmpstring, - sizeof(tmpstring) ); - } + standard_sub_basic( username, tmpstring, sizeof(tmpstring) ); pdb_set_logon_script(sampass, tmpstring, PDB_SET); } else { @@ -1850,10 +1842,7 @@ if (profile_path) { fstrcpy( tmpstring, profile_path ); - if (expand_explicit) { - standard_sub_basic( username, tmpstring, - sizeof(tmpstring) ); - } + standard_sub_basic( username, tmpstring, sizeof(tmpstring) ); pdb_set_profile_path(sampass, tmpstring, PDB_SET); } else { Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c === --- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2005-11-28 20:14:09 UTC (rev 11946) +++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2005-11-28 20:42:18 UTC (rev 11947) @@ -604,8 +604,6 @@ LOGIN_CACHE *cache_entry = NULL; uint32 pwHistLen; pstring tmpstring; - BOOL expand_explicit = lp_parm_bool(-1, passdb, expand_explicit, - False); /* * do a little initialization @@ -778,10 +776,7 @@ PDB_DEFAULT ); } else { pstrcpy( tmpstring, homedir ); - if (expand_explicit) { - standard_sub_basic( username, tmpstring, - sizeof(tmpstring) ); - } + standard_sub_basic( username, tmpstring, sizeof(tmpstring) ); pdb_set_homedir(sampass, tmpstring, PDB_SET); } @@ -793,10 +788,7 @@ PDB_DEFAULT ); } else { pstrcpy( tmpstring, logon_script ); - if (expand_explicit) { - standard_sub_basic( username, tmpstring, - sizeof(tmpstring) ); - } + standard_sub_basic( username, tmpstring, sizeof(tmpstring) ); pdb_set_logon_script(sampass, tmpstring, PDB_SET); } @@ -808,10 +800,7 @@ PDB_DEFAULT ); } else { pstrcpy( tmpstring, profile_path ); - if (expand_explicit) { - standard_sub_basic( username, tmpstring, - sizeof(tmpstring) ); - } + standard_sub_basic( username, tmpstring, sizeof(tmpstring) ); pdb_set_profile_path(sampass, tmpstring, PDB_SET); } Modified: trunk/source/passdb/passdb.c === --- trunk/source/passdb/passdb.c2005-11-28 20:14:09 UTC (rev 11946) +++ trunk/source/passdb/passdb.c2005-11-28 20:42:18 UTC (rev 11947) @@ -874,11 +874,13 @@ become_root(); if (pdb_getsampwnam(sam_account, user)) { + uint16 acct; const DOM_SID *user_sid; unbecome_root();
svn commit: lorikeet r495 - in trunk/heimdal: kdc lib/gssapi lib/hdb lib/krb5
Author: abartlet Date: 2005-11-28 21:17:20 + (Mon, 28 Nov 2005) New Revision: 495 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=495 Log: Merge changes (particularly hdb_entry_ex) from Samba4 into lorikeet-heimdal. These don't work at the moment, but I'll merge Heimdal in and fix up the non-Samba backends. Andrew Bartlett Modified: trunk/heimdal/kdc/kdc_locl.h trunk/heimdal/kdc/kerberos5.c trunk/heimdal/kdc/misc.c trunk/heimdal/lib/gssapi/init_sec_context.c trunk/heimdal/lib/hdb/hdb.c trunk/heimdal/lib/hdb/hdb.h trunk/heimdal/lib/krb5/krb5.h trunk/heimdal/lib/krb5/mk_req.c trunk/heimdal/lib/krb5/ticket.c Changeset: Sorry, the patch is too large (860 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=495
svn commit: samba r11949 - in branches/SAMBA_4_0/source/libcli/smb2: .
Author: tridge Date: 2005-11-28 22:53:42 + (Mon, 28 Nov 2005) New Revision: 11949 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11949 Log: make sure we ask gensec to give us a session key andrew, this answers your question on irc about whether the same session key mechanisms are used in smb2. They are - the RPC-LSA secret tests pass fine over ncacn_np on SMB2, which means the session key must be working Modified: branches/SAMBA_4_0/source/libcli/smb2/session.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/smb2/session.c === --- branches/SAMBA_4_0/source/libcli/smb2/session.c 2005-11-28 21:26:22 UTC (rev 11948) +++ branches/SAMBA_4_0/source/libcli/smb2/session.c 2005-11-28 22:53:42 UTC (rev 11949) @@ -54,6 +54,8 @@ return NULL; } + gensec_want_feature(session-gensec, GENSEC_FEATURE_SESSION_KEY); + return session; }
svn commit: lorikeet r496 - in trunk/heimdal: . appl/telnet appl/telnet/telnet appl/telnet/telnetd doc/standardisation kdc lib/gssapi lib/krb5
Author: abartlet Date: 2005-11-28 23:08:22 + (Mon, 28 Nov 2005) New Revision: 496 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=496 Log: Update to Heimdal 2005-11-29, including removal of hacks now replaced by proper implementations in upstream Heimdal. (This removes gss_krb5_acquire_creds()). Andrew Bartlett Added: trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-rfc1510ter-01.txt trunk/heimdal/doc/standardisation/draft-jaganathan-rc4-hmac-00.txt trunk/heimdal/doc/standardisation/draft-jaganathan-rc4-hmac-01.txt Modified: trunk/heimdal/ChangeLog trunk/heimdal/appl/telnet/ChangeLog trunk/heimdal/appl/telnet/telnet/telnet.c trunk/heimdal/appl/telnet/telnetd/sys_term.c trunk/heimdal/configure.in trunk/heimdal/kdc/kerberos5.c trunk/heimdal/lib/gssapi/accept_sec_context.c trunk/heimdal/lib/gssapi/acquire_cred.c trunk/heimdal/lib/gssapi/arcfour.c trunk/heimdal/lib/gssapi/copy_ccache.c trunk/heimdal/lib/gssapi/gssapi.h trunk/heimdal/lib/gssapi/gssapi_locl.h trunk/heimdal/lib/gssapi/init_sec_context.c trunk/heimdal/lib/gssapi/release_cred.c trunk/heimdal/lib/gssapi/test_kcred.c trunk/heimdal/lib/krb5/cache.c trunk/heimdal/lib/krb5/get_for_creds.c trunk/heimdal/lib/krb5/keytab.c trunk/heimdal/lib/krb5/krb5_ccache.3 trunk/heimdal/lib/krb5/rd_cred.c trunk/heimdal/lib/krb5/test_crypto.c Changeset: Sorry, the patch is too large (9610 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=496
svn commit: lorikeet r497 - in trunk/heimdal/lib/hdb: .
Author: abartlet Date: 2005-11-28 23:17:18 + (Mon, 28 Nov 2005) New Revision: 497 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=497 Log: These memsets should ensure that we don't call hdb function pointers (such as the new fetch_entry_ex) that don't exist. Andrew Bartlett Modified: trunk/heimdal/lib/hdb/db.c trunk/heimdal/lib/hdb/ndbm.c Changeset: Modified: trunk/heimdal/lib/hdb/db.c === --- trunk/heimdal/lib/hdb/db.c 2005-11-28 23:08:22 UTC (rev 496) +++ trunk/heimdal/lib/hdb/db.c 2005-11-28 23:17:18 UTC (rev 497) @@ -276,6 +276,8 @@ return ENOMEM; } +memset(*db, '\0', sizeof(**db)); + (*db)-hdb_db = NULL; (*db)-hdb_name = strdup(filename); if ((*db)-hdb_name == NULL) { Modified: trunk/heimdal/lib/hdb/ndbm.c === --- trunk/heimdal/lib/hdb/ndbm.c2005-11-28 23:08:22 UTC (rev 496) +++ trunk/heimdal/lib/hdb/ndbm.c2005-11-28 23:17:18 UTC (rev 497) @@ -339,6 +339,8 @@ return ENOMEM; } +memset(*db, '\0', sizeof(**db)); + (*db)-hdb_db = NULL; (*db)-hdb_name = strdup(filename); if ((*db)-hdb_name == NULL) {
Build status as of Tue Nov 29 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-11-28 00:00:34.0 + +++ /home/build/master/cache/broken_results.txt 2005-11-29 00:00:25.0 + @@ -1,17 +1,17 @@ -Build status as of Mon Nov 28 00:00:02 2005 +Build status as of Tue Nov 29 00:00:01 2005 Build counts: Tree Total Broken Panic -ccache 33 5 0 -distcc 13 1 0 -lorikeet-heimdal 28 14 0 +ccache 15 2 0 +distcc 12 2 0 +lorikeet-heimdal 30 19 0 ppp 17 0 0 -rsync10 1 0 +rsync9 1 0 samba3 0 0 samba-docs 0 0 0 -samba4 32 18 0 +samba4 32 17 0 samba_3_033 3 0 -smb-build24 1 0 -talloc 10 3 0 -tdb 8 2 0 +smb-build24 2 0 +talloc 8 2 0 +tdb 7 2 0
svn commit: lorikeet r498 - in trunk/heimdal/lib: gssapi hdb krb5
Author: abartlet Date: 2005-11-29 01:23:17 + (Tue, 29 Nov 2005) New Revision: 498 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=498 Log: A couple of updates to bring us in line with Heimdal CVS on 2005-11-29 (Love intergrated some of the fixes, including the GSSAPI credentials forwarding fix). Andrew Bartlett Modified: trunk/heimdal/lib/gssapi/copy_ccache.c trunk/heimdal/lib/hdb/db.c trunk/heimdal/lib/hdb/db3.c trunk/heimdal/lib/krb5/get_for_creds.c Changeset: Modified: trunk/heimdal/lib/gssapi/copy_ccache.c === --- trunk/heimdal/lib/gssapi/copy_ccache.c 2005-11-28 23:17:18 UTC (rev 497) +++ trunk/heimdal/lib/gssapi/copy_ccache.c 2005-11-29 01:23:17 UTC (rev 498) @@ -33,7 +33,7 @@ #include gssapi_locl.h -RCSID($Id: copy_ccache.c,v 1.12 2005/11/26 11:00:08 lha Exp $); +RCSID($Id: copy_ccache.c,v 1.13 2005/11/28 23:05:44 lha Exp $); OM_uint32 gss_krb5_copy_ccache(OM_uint32 *minor_status, Modified: trunk/heimdal/lib/hdb/db.c === --- trunk/heimdal/lib/hdb/db.c 2005-11-28 23:17:18 UTC (rev 497) +++ trunk/heimdal/lib/hdb/db.c 2005-11-29 01:23:17 UTC (rev 498) @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include hdb_locl.h -RCSID($Id: db.c,v 1.32 2005/06/23 13:34:17 lha Exp $); +RCSID($Id: db.c,v 1.33 2005/11/28 23:30:51 lha Exp $); #if HAVE_DB1 @@ -270,14 +270,12 @@ hdb_db_create(krb5_context context, HDB **db, const char *filename) { -*db = malloc(sizeof(**db)); +*db = calloc(1, sizeof(**db)); if (*db == NULL) { krb5_set_error_string(context, malloc: out of memory); return ENOMEM; } -memset(*db, '\0', sizeof(**db)); - (*db)-hdb_db = NULL; (*db)-hdb_name = strdup(filename); if ((*db)-hdb_name == NULL) { Modified: trunk/heimdal/lib/hdb/db3.c === --- trunk/heimdal/lib/hdb/db3.c 2005-11-28 23:17:18 UTC (rev 497) +++ trunk/heimdal/lib/hdb/db3.c 2005-11-29 01:23:17 UTC (rev 498) @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include hdb_locl.h -RCSID($Id: db3.c,v 1.16 2005/08/09 09:28:39 lha Exp $); +RCSID($Id: db3.c,v 1.17 2005/11/28 23:33:24 lha Exp $); #if HAVE_DB3 @@ -318,7 +318,7 @@ hdb_db_create(krb5_context context, HDB **db, const char *filename) { -*db = malloc(sizeof(**db)); +*db = calloc(1, sizeof(**db)); if (*db == NULL) { krb5_set_error_string(context, malloc: out of memory); return ENOMEM; Modified: trunk/heimdal/lib/krb5/get_for_creds.c === --- trunk/heimdal/lib/krb5/get_for_creds.c 2005-11-28 23:17:18 UTC (rev 497) +++ trunk/heimdal/lib/krb5/get_for_creds.c 2005-11-29 01:23:17 UTC (rev 498) @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -385,17 +385,13 @@ cred.enc_part.cipher.data = buf; cred.enc_part.cipher.length = buf_size; } else { - /* -* RFC4120 claims we should use the session key, but Heimdal -* before 0.8 used the remote subkey if it was send in the -* auth_context. -* -* Lorikeet-Heimdal is interested in windows compatiblity -* more than Heimdal compatability, so we must choose the -* session key, and break forwarding credentials to older -* Heimdal servers. -*/ - + /* +* Here older versions then 0.7.2 of Heimdal used the local or +* remote subkey. That is wrong, the session key should be +* used. Heimdal 0.7.2 and newer have code to try both in the +* receiving end. +*/ + ret = krb5_crypto_init(context, auth_context-keyblock, 0, crypto); if (ret) { free(buf);