Re: [Samba] Restricting logins to certain clients
On Mon, 12 Dec 2005 18:50:55 +0100 Hans Musil [EMAIL PROTECTED] wrote: HM I run samba-3 as PDC for a small domain with 4 clients. User HM A should be allowed to login on all client machines, while HM logins for the privileged user B should be restricted to 2 HM machines for security reasons. Any ideas how to manage HM that? Suggestions for further reading would be highly HM appreciated? A simple solution is to make a logoff in a logon script e.g. if %USERNAME%==B if %computername%==MACHINEX \\server\netlogon\logoff.exe it's a easy to maintain but a determined user B could log in anyway! A sturdier solution: map an Unix group to a Windows group e.g. Undesirables make B a member of Undesirables set security to deny all for the group Undesirables in C: C:\Documents and Settings on all machines where B is unwanted. It's a bit difficult to stay on a machine where you can't read a damn thing :-) -- Jean-Jacques Moulis Tel: (013) 281684 ISYFax: (013) 139282 Linköping UniversityE-mail: [EMAIL PROTECTED] 581 83 Linköping -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Restricting logins to certain clients
Jean-Jacques Moulis schrieb: On Mon, 12 Dec 2005 18:50:55 +0100 Hans Musil [EMAIL PROTECTED] wrote: HM I run samba-3 as PDC for a small domain with 4 clients. User HM A should be allowed to login on all client machines, while HM logins for the privileged user B should be restricted to 2 HM machines for security reasons. Any ideas how to manage HM that? Suggestions for further reading would be highly HM appreciated? if you use Samba with LDAP, it's easy to do so if you manage your users with LAM (LDAP Account Manager) - http://lam.sf.net -- Tomek http://wpkg.org WPKG - software management with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] share mounted xp share
Hi, I have recently upgraded from Redhat 9.0 / Samba 2 to Centos 4.2/ Samba 3. The upgrade went smoothly enough with exception to the roaming profiles which required modifying the SID with the profiles tool. The problem is I have a winXP service running on one of the machines which recieves confirmation files from a reservations system. All the useres require access to these files but winXP has a limit of a maximum of 10 connections to a share. Previously I had mounted the winXP share on the linux box using (mount -t smbfs //xpmachine/tairs /home/tairs/ -o umask=777,gid=selsdon,uid=habib,fmask=777) and set the mounted directory as a samba share. This worked fine if the xp machine was turned off the share would become inaccessible but would reconnect as soon as the machine was up again. Now however if the xp machine is turned off or restarted the mount seems to hang. I then have to force unmount it and then remount. Is there some option that needs to be set to get it working the old way again. Habib -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: The single WINS problem: question
On Monday 12 December 2005 02:02, werner maes wrote: hello I've been reading the thread (http://marc.theaimsgroup.com/?t=11328637691r=1w=2) and I have the same limitation with WINS in a PDC/BDC. That's why I have the following (experimental) setup: PDC == wins support = yes, passdb backend: master ldap BDC == wins support = yes, passdb backend: slave ldap I configured some of my XP clients to use both WINS servers and it seems to work. Well, you CAN do this, but then it is necessary to use the remote browse sync and remote announce parameters on both systems to gain cross-subnet browsing and name resolution capability. You will likely find that Windows hosts will register with only one WINS server - that is one of the key reasons for the advice that is in the man page and in the HOWTO book. but in the manual of smb.conf I read: wins support (G) Note that you should NEVER set this to yes on more than one machine in your network. What could happen if you use more than one WINS server on your network? You COULD (likely will) have broken NetBIOS name resolution, with the result that windows clients can panic and blue-screen. - John T. thanks for your advice john. I will setup a few XP clients with two WINS servers configured and see what happens. but I need this kind of backup because else I can't see the point of setting up a BDC if the WINS server remains the single point of failure. I'm looking forward to Samba4 where WINS replication support is nearly finished as I've read on the website (http://us4.samba.org/samba/ftp/slides/tridge_sambaxp05.pdf) kind regards werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind problem (Trusting domains)
HI all, I have install 2 domains both on linux servers running debian samba 3.0.20b-2+b1. (Latest) I have both domains trusting each other. Domain A have 300 users and the other domain B have 3000 users. I have winbind on the nsswitch.conf for both PDCs. I have not errors runnning wbinfo -u, or wbinfo -g except when I run it on Domain A PDC. Domain users group which all 3000 users are at failed to show up at the output. The rest of the domain groups are displayed. Looking in the winbindd log:- (Domain B PDC = BAUGLIR; Domain B=UWCSTU) [2005/12/14 18:36:42, 10] nsswitch/winbindd_rpc.c:lookup_groupmem(539) rpc: lookup_groupmem UWCSTU sid=S-1-5-21-2723404422-2550591724-2764062575-513 [2005/12/14 18:36:52, 0] rpc_client/cli_pipe.c:rpc_api_pipe(438) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds [2005/12/14 18:36:52, 0] rpc_client/cli_pipe.c:rpc_api_pipe(438) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds [2005/12/14 18:36:52, 10] nsswitch/winbindd_rpc.c:lookup_groupmem(539) rpc: lookup_groupmem UWCSTU sid=S-1-5-21-2723404422-2550591724-2764062575-513 [2005/12/14 18:36:52, 3] nsswitch/winbindd_cm.c:connection_ok(819) Connection to BAUGLIR for domain UWCSTU has died or was never started (fd == -1) [2005/12/14 18:36:52, 0] rpc_client/cli_pipe.c:cli_rpc_close(1767) cli_rpc_open failed on pipe \samr to machine BAUGLIR. Error was Call timed out: server did not respond after 1 milliseconds Can anyone know who to cache winbind well or increase the pagesize? I guess the timeout is because of the 3000 entries. Regards, adrian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with password prompting.
Dear all, I am having a problem where by if I create a persistent mapping on a windows 2000 server as: net use q: \\123.45.67.89\fred password /user:tom /persistent:yes where: 1. my Win2K account name that I log in with is tom and my password is password. The w2k box is a member of a workgroup workgroup. 2. the share is exported from a samba server with HPUX 11.11i and running samba 2.2.9 (HP version). in the samba conf file, security = shared method is used. 3. the unix user defined in the passwd file user tom and password is password. 4. the above command maps the drive perfectly. When I log out then login again I'm prompted for the password again. I though that windows was supposed to remember the password and map the drive. If I enter the password correctly (password) the drive maps ok. What do I need to do to automatically map the q: drive next time I log in (i.e. no password prompt)? Help much appreciated. regards, John Chenoweth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba recycle bin
Hi all, can anyone tell me how i can setup a recycle bin for my samba share? it will be a very very good for me.. please give me the steps or please point to any document.. Thank you in advance, Jerrynikky. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba recycle bin
This is how I did it. I have Redhat ES 3 and samba-3.0.0-14.3E. vfs objects = recycle recycle:exclude = *.tmp,*.temp recycle:keeptree = yes recycle:repository = .recycle/%U recycle:touch = yes recycle:versions = yes updatemyself . wrote: Hi all, can anyone tell me how i can setup a recycle bin for my samba share? it will be a very very good for me.. please give me the steps or please point to any document.. Thank you in advance, Jerrynikky. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with SID and mem of group
Installs Samba 3.0.20a in Debian 2.4.27-2-586tsc, forms smb.conf like BDC with backend=tdbsam, I made the migration of users and groups of a PDC Windows NT using net rpc vampire and finally forms Samba like PDC, all this following the steps descriptos in The Official Samba-3 HOWTO, my problem is that now when I want to add a new group to the domain # net rpc group add SupportEngrs -Uroot%not24get often agrees the SID of this one with a already existing SID of the migrated users of the domain. I solves this executing # groupadd SupportEngrs # net groupmap add rid=1501 ntgroup=SupportEngrs unixgroup=SupportEngrs My question is if this is common and I am going to have to assign rid to each new group so that it does not agree with sid already existing Another problem that I have is that in the migration the properties to the groups by user were not respected, since by single user this allowing me to be member of two groups only, for example when executing # net rpc group addmem DOMAIN\SupportEngrs usr1 -Uroot%not24get eliminates one to me of membresias of the user usr1 to specify this new I solves this publishing /etc/group directly and then yes accept, verifying it with # net rpc to user info usr1 -Uroot%not24get would thank for any commentary to Them on these disadvantages and I request know to excuse my english to them. Greetings Despa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba recycle bin
Hi Shaun can u give me the full configuration of that share... because i didnt get much idea.. where i have to add this.. things.. hope its adding under share definisions... really getting confused.. so please... my present share configuration is.. this [vol8] path = /vol08_800 valid users = @1629 read only = No create mask = 0644 security mask = 0755 directory mask = 0775 inherit permissions = Yes inherit acls = Yes inherit owner = Yes Thanks A lot.. Jerrynikki. On 12/14/05, Shaun Bolling [EMAIL PROTECTED] wrote:This is how I did it. I have Redhat ES 3 and samba-3.0.0-14.3E. vfs objects = recycle recycle:exclude = *.tmp,*.temp recycle:keeptree = yes recycle:repository = .recycle/%U recycle:touch = yes recycle:versions = yes On 12/14/05, Shaun Bolling [EMAIL PROTECTED] wrote: This is how I did it. I have Redhat ES 3 and samba-3.0.0-14.3E. vfs objects = recycle recycle:exclude = *.tmp,*.temp recycle:keeptree = yes recycle:repository = .recycle/%U recycle:touch = yes recycle:versions = yes updatemyself . wrote: Hi all, can anyone tell me how i can setup a recycle bin for my samba share? it will be a very very good for me.. please give me the steps or please point to any document.. Thank you in advance, Jerrynikky. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Check permissions on share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 12 Dec 2005, Henrik Zagerholm wrote: I wonder if there is som easy way to determine the permissions for a specific user on a share? Parsing smbcacls is the only solutions I can come up with right now but its not pretty! This is not as easy as it seems. The reason is the interaction between the share permissions (security descriptor) and the smb.conf parameters such as valid users, read list, etc cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDoBWlIR7qMdg1EfYRApoJAJ46RUSorS4VY9k2qqB7hn8zzyfjIACguvYF Zd/xwK5BLDpGtFGyCJX+kQA= =gVB0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nisplussam support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 12 Dec 2005, Arkadiy Chapkis - Arc wrote: As I've read Release Notes, the nisplussam plug-in was removed from Samba 3.0.x However I cannot compile 2.2.12 on my Solaris 10 machine (gives me undefined symbol probably due to gcc v. 3.4.3). Is there a way to include nisplussam support manually? I downloaded pdb_nisplus.c and tried to change configure.in and configure, but as I'm not a programmer, I couldn't get it to be included in Makefile. And as I tried to manually add passdb/pdb_nisplus.o in Makefile, the make process failed right at the beginning. Can someone help me with short instruction on how to make nisplussam back into samba 3.0.x, please? Thank you very much, Are you really sure you want that? Why do you want to store Samba smbpasswd files in NIS+? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDoBX1IR7qMdg1EfYRAj9fAJ9CoshrhbLDmVejF5iaJmMMseajygCg5NNv Wbf7ADn92pRqE8NMFyASz2s= =M4nz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] deactivate document settings for all users
Hi, we have samba 3.0.14 which works very well. But we have one problem : for each user who is connecting on the station a directory of his name is created under C:\Documents and Settings (we have about 3000 students...) So we want that only one (the Default User) directory is used (no other will no more be created) and we also want that the default User directory is redirected to P: (home directory of each user on samba server). Does someone know how to achieve this ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: sambaNTPassword does NOT write to master LDAP when machines auto change the values
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 12 Dec 2005, Rex Dieter wrote: Paul Hanson wrote: We have SuSE SLES9 servers with LDAP master/slave replication (24 replications/BDC's) All working fine -joining domain etc. The problem I am having is PC's at remote sites (BDC) with a local replica (OpenLDAP) periodically change the sambaNTPassword/sambaLMPassword on there own and write to the local LDAP server and do NOT follow the referral to the master. Can you help on this subject - this is causing major issues with machines moving sites!!! I'd suggest filing a formal bug report/enhancement request: http://bugzilla.samba.org/ Yeah. That should be working. It was at one time IIRC. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDoBZtIR7qMdg1EfYRAtG+AKCjFG0Jvq4ZV30/GfTP9O2bmEtp5wCggeUl kOwSRBmfRFqB5OyJhr2P9LY= =xL90 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain group membership.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 8 Dec 2005, Dennis B. Hopp wrote: Hmm..this is interesting. It seems that getent may fail if there are a large number of users in a domain group. [EMAIL PROTECTED] ~]# getent group Domain Users domain users:x:15000: All of my domain users are in the Domain Users group...but if I do: This is a known issue with 'Domain Users' and 'security = ads'. Windows won't return the group membership in an LDAP search (at least not like the one we currently issue). It's on the todo list to fix. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDoBiMIR7qMdg1EfYRAjwaAKCn3wHI4D7UdssdzRwLJo+p4cYITwCgwf0r N6EXnJNCRjn+cR5El2cj7mo= =IlUO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Server 2003 can't join samba PDC domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 5 Dec 2005, Stefan Lindström wrote: Hello! I'm running samba 3.0.20 on Solaris as PDC. But I cannot add Windows Server 2003 clients to the domain. After authenticating as root, I get the following error message: The parameter is incorrect. in Windows. The result is that the computer isn't added to the domain. :( Can you retest against 3.0.21rc2? This should be working in previous releases as well (I test this pretty regularly). cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDoBsNIR7qMdg1EfYRAhveAKC8XXu7AcT82uGaVQQRGcI4NVPyCQCg7ccc hVsCdndJ08+mn7CUi7jxV68= =fHlW -END PGP SIGNATURE--- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Updates of the printer.tdb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 5 Dec 2005, Franz Pförtsch wrote: I want to know at which time the tdb-File of a printer located at /var/lib/samba/printing will be updated? I have my printerdrivers! After this I looked at the directory and the files untouched. I have done some changes with the windows panels, but there are no changes of the timestamps? This has been recently fixed inthe tdb code. Should be ok in 3.0.21rc2. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDoBqJIR7qMdg1EfYRAvwcAKCixZxSwgf2Wajilvwb9iozytY5ngCgzClP vKtViesP2Wq4mr65USdRWSY= =1Fpq -END PGP SIGNATURE--- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net getlocalsid and net getlocalsid domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 5 Dec 2005, Michael Billerbeck wrote: does the output of the two commands really mean that the server FILESERVER is not in the domain?: # net getlocalsid SID for domain FILESERVER is: S-1-5-21-4161338278-3756552359-245403906 # net getlocalsid domainname SID for domain domainname is: S-1-5-21-2018781741-1218349122-1862352094 The local machine SID is always different than the domain SID on members servers. Is there another method to check if a server is in a domain? Can I use 'net rpc testjoin' to see if the join to the above domain is valid? Yes, you can use with 'net rpc testjoin' or wbinfo -t. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDoBufIR7qMdg1EfYRAlqFAJ91NS8XpHPNESCwYRqFAokjIzAPWwCg3AQh 0c8Ohovh+Gcg+qLPD5+06ow= =xgOo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Big into winbindd ? 100% of cpu after 5mn of utilisation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 6 Dec 2005, Noc Phibee wrote: No solutions ? it's a bug into 3.0.20b version ?? Didn't I respond to this already? The winbind cache time defaults to 5 minutes. You might want to try setting 'winbind enum users = no' and 'winbind enum groups = no'. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDoBvjIR7qMdg1EfYRAhG4AJ4pZ54q8LETmFg289EiFZcX45NTygCeIHY2 jYMbSFwGK7U5cf2+h9E0S/8= =L4CC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Admin Printers and Faxes from Windows XP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 5 Dec 2005, Will Wheatley wrote: I have been stuffing around with thsi problem for a couple of weeks now, without much success :) I am sure i am missing something simple. I have a Samba server setup as a member server in a 2000 domain. (samba 3.0.10) Samba is printing through CUPS and the printing works fine. when i click on Printers and Faxes froma windows xp machine, it takes about 30-60 seconds to show the list and the samba logs show: rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2583) spoolss_connect_to_client: unable to connect to SMB server on machine MALAZ. Error was : SUCCESS - 0. From what i understand the Samba machine trys to connect back to the spooler service on my client machine but fails. (well times out) If i do it from a windows 2000 server, it works fine, I can find people with the same symptons, but no solutions :( It's the XP firewall. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDoBoyIR7qMdg1EfYRAjSIAJ9CZFh+ogFqO5Ss4JVORop1twxzgQCgpADF AdNmhsHQyaEGL4C7nXyP89Y= =PIAl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Winbind on Solaris for Samba 3.0.21rc2.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 7 Dec 2005, Security Officer wrote: Hello again, I have been testing Samba 3.0.21rc2 with Windows ADS support on SPARC/Solaris 8 and 9 and am experiencing problems with winbind for nsswitch. Firstly, can anyone confirm this configuration this works at all? Yes. I test on Solaris 9. Secondly, how did you get it to work? I am aware of various difficulties with winbind/nsswitch on Solaris and I thought I had done everything necessary to solve that. My specific problem is that Samba seems to work as expected when winbind/nsswitch is enabled but there is a side effect where any new SSH sessions are disconnected after a couple of minutes by the server. Here is an example from log file: |Dec 5 12:51:07 numbat sshd[7356]: [ID 800047 auth.info] Accepted publickey for mewtwo from 192.168.1.101 port 34809 ssh2 |Dec 5 12:53:02 numbat sshd[7356]: [ID 800047 auth.crit] fatal: Timeout before authentication for 192.168.1.101 Sun's ssh or OpenSSH ? I am using a very basic smb.conf file too: # Samba config file. [global] workgroup = PERTH realm = PERTH.LOCALDOMAIN security = ADS encrypt passwords = yes client use spnego = yes winbind cache time = 10 winbind enum users = yes winbind enum groups = yes Try turning these 2 parameters off. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDoBk2IR7qMdg1EfYRAlKrAKC/hTizyBoPLhfMdzOvHUIX/39BcQCeLMkC tFPZ/iNHJVEv7KBtehNWKcY= =iYzI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind on PDC
Hi list ! Is it possible to run winbind on the pdc to get posix uids /gids ? I´ve successsfully ran winbind on an domain member server und was able to do wbinfo -u an got all the users in a domain but if I try the same setup working on the pdc directly all I get is Error looking up domain users. I googled for two days now but I´m not getting the crucial clue. I´m using Samba 3.0.14 on Debian Sarge. I´ve tried with LDAP Backend as well as with tdbsam. I´m grateful for every help. If more information is needed, please let me know. Best regards, Patrick Kranz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba management tools
dear list On the samba.org pages there is an overview of Samba GUI's. I've recently (via a post on this mailinglist) discovered http://ldapadmin.sourceforge.net/ It looks very good. Anyone using it here? Experiences? A specific reason why it it not listed on the Samba GUI page? Regards, mj -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3 with LDAP
Hi all I am setting up Samba Primary Domain controller with LDAP in Redhat Enterprise Linux ES 4.0 . The open Ldap version is _*OpenLDAP 2.2.3*_ and samba version _*3.0.10-1.4E .*_ i used smbldap-tools which comes default in RHEL ES 4.0 . After configuring samba and Ldap ie slapd.conf, and configuring smbldap-conf.pm and populate it through smbldap-populate.pl i get the following error Global symbol $ldapsearch requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 236. Global symbol $ldapsearchnobind requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 237. Global symbol $ldappasswd requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 239. Global symbol $ldapadd requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 240. Global symbol $ldapdelete requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 241. Global symbol $ldapmodrdn requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 242. Compilation failed in require at /usr/local/sbin///smbldap_tools.pm line 4. BEGIN failed--compilation aborted at /usr/local/sbin///smbldap_tools.pm line 4. Compilation failed in require at ./smbldap-populate.pl line 34. BEGIN failed--compilation aborted at ./smbldap-populate.pl line 34. and when i type *net getlocalsid* command i get the following error # [2005/12/14 18:49:49, 0] lib/smbldap.c:smbldap_search_suffix(1155) smbldap_search_suffix: Problem during the LDAP search: (No such object) SID for domain TDC17 is: S-1-5-21-664927944-2827829345-1370909811 # Please guide me Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Extremely slow Samba3 performance with ArcView/WinXP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All! I would like to bring up this topic again as I still have no solution for the problem :-( Andreas Haumer schrieb: Hi! I have a user who is running a Samba server to store data files for his ArcView 3.3 application. Client operating system is Windows XP professional. With Samba2 (2.2.8a) this was working quite fine, it usually took less than a few seconds to load and render one of the GIS presentations with ArcView. We then did an upgrade to Samba3 (3.0.20b) and suddenly the same operation now takes more than 20 seconds or even minutes in some cases. You can even see the picture forming slowly on the screen. Other applications do not suffer from performance problems (The new Samba3 server is a really fast Dual Opteron server with 4GB of RAM and a fast external U320 RAID running under Linux-2.4.31) I took a IP traffic dump with tcpdump and also samba logs with loglevel 10 and found that there are a _lot_ of small packets going between the WinXP client and the Samba3 server. [...] On the Samba mailing list I have found one report describing (exactly?) the same problem I see: very slow read performance with ArcView (only) and Samba due to very small packets beeing transferred (see http://lists.samba.org/archive/samba/1998-May/007244.html) But this report was from May 6th, 1998 for Samba-1.9.18(!) and the solution seemingly was to set the samba configuration parameter socket options = TCP_NODELAY, which I already have set (as well as SO_RCVBUF=8192 and SO_SNDBUF=8192, see the listing of global configuration settings in my original mail) Is there anyone else out there using ArcView together with Samba3 who has the same problem or who does _not_ have this problem (so we can compare configuration settings)? What is different between the way ArcView uses the Samba share compared to other applications? What might cause ArcView to request blocks of 512 bytes only with Samba3 (and not larger blocks of 4096 or even 32768 bytes, as it is the case with Samba2)? Does anyone have any idea on how to proceed? Thanks! - - andreas - -- Andreas Haumer | mailto:[EMAIL PROTECTED] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoCm/xJmyeGcXPhERAmuhAKCc8NFGApQnje1O86WUpZ8Ec1/UjwCeMIjE BykbfOxyO0RLsXzQqVBhJ6o= =lw4+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] samba 3 with LDAP
What is the version of smbldap-tools ? --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 14/12/2005 15:03:57 : Hi all I am setting up Samba Primary Domain controller with LDAP in Redhat Enterprise Linux ES 4.0 . The open Ldap version is _*OpenLDAP 2.2.3*_ and samba version _*3.0.10-1.4E .*_ i used smbldap-tools which comes default in RHEL ES 4.0 . After configuring samba and Ldap ie slapd.conf, and configuring smbldap-conf.pm and populate it through smbldap-populate.pl i get the following error Global symbol $ldapsearch requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 236. Global symbol $ldapsearchnobind requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 237. Global symbol $ldappasswd requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 239. Global symbol $ldapadd requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 240. Global symbol $ldapdelete requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 241. Global symbol $ldapmodrdn requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 242. Compilation failed in require at /usr/local/sbin///smbldap_tools.pm line 4. BEGIN failed--compilation aborted at /usr/local/sbin///smbldap_tools.pm line 4. Compilation failed in require at ./smbldap-populate.pl line 34. BEGIN failed--compilation aborted at ./smbldap-populate.pl line 34. and when i type *net getlocalsid* command i get the following error # [2005/12/14 18:49:49, 0] lib/smbldap.c:smbldap_search_suffix(1155) smbldap_search_suffix: Problem during the LDAP search: (No such object) SID for domain TDC17 is: S-1-5-21-664927944-2827829345-1370909811 # Please guide me Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba management tools
Yes, im using is with great success. ldap non ssl and ssl works great. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens mourik jan c heupink Verzonden: woensdag 14 december 2005 14:33 Aan: samba@lists.samba.org Onderwerp: [Samba] samba management tools dear list On the samba.org pages there is an overview of Samba GUI's. I've recently (via a post on this mailinglist) discovered http://ldapadmin.sourceforge.net/ It looks very good. Anyone using it here? Experiences? A specific reason why it it not listed on the Samba GUI page? Regards, mj -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The single WINS problem: question
On Monday 12 December 2005 02:02, werner maes wrote: hello I've been reading the thread (http://marc.theaimsgroup.com/?t=11328637691r=1w=2) and I have the same limitation with WINS in a PDC/BDC. That's why I have the following (experimental) setup: PDC == wins support = yes, passdb backend: master ldap BDC == wins support = yes, passdb backend: slave ldap I configured some of my XP clients to use both WINS servers and it seems to work. Well, you CAN do this, but then it is necessary to use the remote browse sync and remote announce parameters on both systems to gain cross-subnet browsing and name resolution capability. You will likely find that Windows hosts will register with only one WINS server - that is one of the key reasons for the advice that is in the man page and in the HOWTO book. but in the manual of smb.conf I read: wins support (G) Note that you should NEVER set this to yes on more than one machine in your network. What could happen if you use more than one WINS server on your network? You COULD (likely will) have broken NetBIOS name resolution, with the result that windows clients can panic and blue-screen. - John T. sorry for the repost, hope it appears in the right thread now... thanks for your advice john. I will setup a few XP clients with two WINS servers configured and see what happens. but I need this kind of backup because else I can't see the point of setting up a BDC if the WINS server remains the single point of failure. I'm looking forward to Samba4 where WINS replication support is nearly finished as I've read on the website (http://us4.samba.org/samba/ftp/slides/tridge_sambaxp05.pdf) kind regards werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fwd: roaming profile contents
AFAIK- The profile is usually C:\Documents and Settings\username\NTUSER.DAT With roaming profiles, you identify the location of this file with various [NETLOGON] and [GLOBAL] settings. It is copied into the C:\Documents and Settings\username\NTUSER.DAT on login and copied back to the server location on logout. Everything else can be redirected. Profiles can be shared between NT and Win2K. I don't know about XP. If you have users who move between different architectures, you can use the %a variable to identify the OS and select the appropriate profile to load. I hope that is close. Michael Adrian told me on 12/14/2005 00:23: What exactly comprises a profile? Do they have anything more than the contents of a user's Documents and Settings directory? To what extent is profile data shared between Windows OSes? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3 with LDAP
On Wed, 2005-12-14 at 19:33 +0530, GMAIL wrote: Hi all I am setting up Samba Primary Domain controller with LDAP in Redhat Enterprise Linux ES 4.0 . The open Ldap version is _*OpenLDAP 2.2.3*_ and samba version _*3.0.10-1.4E .*_ i used smbldap-tools which comes default in RHEL ES 4.0 . You need to get the latest smbldap-tools up2date smbldap-tools or up2date -u should do this for you but note that once you do this, the configuration stuff is in /etc/smbldap After configuring samba and Ldap ie slapd.conf, and configuring smbldap-conf.pm and populate it through smbldap-populate.pl i get the following error Global symbol $ldapsearch requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 236. Global symbol $ldapsearchnobind requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 237. Global symbol $ldappasswd requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 239. Global symbol $ldapadd requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 240. Global symbol $ldapdelete requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 241. Global symbol $ldapmodrdn requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 242. Compilation failed in require at /usr/local/sbin///smbldap_tools.pm line 4. BEGIN failed--compilation aborted at /usr/local/sbin///smbldap_tools.pm line 4. Compilation failed in require at ./smbldap-populate.pl line 34. BEGIN failed--compilation aborted at ./smbldap-populate.pl line 34. and when i type *net getlocalsid* command i get the following error # [2005/12/14 18:49:49, 0] lib/smbldap.c:smbldap_search_suffix(1155) smbldap_search_suffix: Problem during the LDAP search: (No such object) SID for domain TDC17 is: S-1-5-21-664927944-2827829345-1370909811 # Please guide me Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Account Manager 0.5.3 released
LDAP Account Manager (LAM) 0.5.3 - December 14th, 2005 == A web frontend for managing accounts stored in an OpenLDAP directory. Announcement: - This release fixes some bugs and allows to upload JPG images for users. Features: - * management of Unix user and group accounts (posixAccount/posixGroup) * management of Samba 2.x/3 user and host accounts (sambaAccount/sambaSamAccount) * management of Kolab 2 accounts (kolabInetorgPerson) * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units (OU) * schema browser * tree view * multiple configuration files * multi-language support (Catalan, English, French, German, Hungarian, Italian, Japanese, Spanish) * support for LDAP+SSL Availability: - This software is available under the GNU General Public License V2.0. You can get the newest version at http://lam.sf.net. It may take some time until you can download the files from all mirrors. File formats: DEB, RPM, tar.gz There is also a FreeBSD port. Debian users may use the packages in unstable. Demo installation: -- You can try our demo installation online. http://lam.sf.net/live-demo/index.htm Support: If you find a bug please file a bug report. For questions or implementing new features please use the forum and feature request tracker at our Sourceforge homepage http://www.sf.net/projects/lam. Authors Copyright: Copyright (C) 2003 - 2005: Michael Duergner [EMAIL PROTECTED] Roland Gruber [EMAIL PROTECTED] Tilo Lutz [EMAIL PROTECTED] LAM is published under the GNU General Public License. The comlete list of licenses can be found in the copyright file. signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Fwd: roaming profile contents
for your information. the profile is NOT ONLY NTUSER.DAT its the complete C:\Documents and Settings\username enviroment Profiles uses the TimeStamp of NTUSER.DAT. if time is too much different roaming profiles doesnt work. Profiles can be shares with NT4x - W2k - WXP ! AND W98 + W95, but because of changes in directories and the uses of other variables W98 - W95 mixing with WNT and higher is not recommended. it's possible, but for that create a profile enviroment for W9x only. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Michael Barnes Verzonden: woensdag 14 december 2005 15:47 Aan: Adrian CC: samba@lists.samba.org Onderwerp: Re: [Samba] Fwd: roaming profile contents AFAIK- The profile is usually C:\Documents and Settings\username\NTUSER.DAT With roaming profiles, you identify the location of this file with various [NETLOGON] and [GLOBAL] settings. It is copied into the C:\Documents and Settings\username\NTUSER.DAT on login and copied back to the server location on logout. Everything else can be redirected. Profiles can be shared between NT and Win2K. I don't know about XP. If you have users who move between different architectures, you can use the %a variable to identify the OS and select the appropriate profile to load. I hope that is close. Michael Adrian told me on 12/14/2005 00:23: What exactly comprises a profile? Do they have anything more than the contents of a user's Documents and Settings directory? To what extent is profile data shared between Windows OSes? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind on PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Patrick Kranz wrote: Hi list ! Is it possible to run winbind on the pdc to get posix uids /gids ? I´ve successsfully ran winbind on an domain member server und was able to do wbinfo -u an got all the users in a domain but if I try the same setup working on the pdc directly all I get is Error looking up domain users. I googled for two days now but I´m not getting the crucial clue. I´m using Samba 3.0.14 on Debian Sarge. I´ve tried with LDAP Backend as well as with tdbsam. I´m grateful for every help. If more information is needed, please let me know. winbindd on a PDC only alloocates Unix ids for users and groups from trusted domains. Not its own domain. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoDxYIR7qMdg1EfYRAkovAJ0T5gSHFzXXZLrNuinzNKDatDirUACg6rbi UeP8etltYgmaFnC+AtYeDIg= =zizl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba management tools
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 mourik jan c heupink wrote: dear list On the samba.org pages there is an overview of Samba GUI's. I've recently (via a post on this mailinglist) discovered http://ldapadmin.sourceforge.net/ It looks very good. Anyone using it here? Experiences? A specific reason why it it not listed on the Samba GUI page? Nope. Just an oversight. I'll get Deryck to post a link today. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoDyGIR7qMdg1EfYRAkXmAKC+xn5uHpUnsmjxypnPLBw9IxABFgCfUiov WuA1iXvXdvR8gfyEPoQ1d6g= =A9YT -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP account management tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoD1nIR7qMdg1EfYRAhtRAJ96f9EkXp5HXfWDqtkeMEobhp2DagCg84Td DL7RkytBkdocVVWyMhf9SCA= =sADU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] New Winbind crash but only with a specific user ..
Hi i don't have answer to my question, but for archives ;=) I thinks that he have a serious bug into Winbindd but i can see it. i start smb/winbindd ... good that's work ... wbinfo -t = Ok wbinfo -g= Ok But: [EMAIL PROTECTED] samba]# wbinfo -a GROUPE/christ%briquet plaintext password authentication succeeded challenge/response password authentication succeeded [EMAIL PROTECTED] samba]# ok That's work ! [EMAIL PROTECTED] samba]# wbinfo -a GROUPE/jmcol%basique no answer and process of Winbindd use 100% of cpu i duplicate the account jmcol on my active directory ... same name, same password, same group only login change .. and that's work ! [EMAIL PROTECTED] samba]# wbinfo -a GROUPE/jmcol2%basique plaintext password authentication succeeded challenge/response password authentication succeeded [EMAIL PROTECTED] samba]# Anyone have this problems ?? In log level 10, the latest line when he use 100% of cpu is: [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint32s(898) 0240 sub_auths : 0015 087e60f9 5a3924ad 6dd83d7d 0692 [2005/12/14 16:37:50, 7] rpc_parse/parse_prs.c:prs_debug(82) 000254 smb_io_dom_sid2 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0254 num_auths: 0005 [2005/12/14 16:37:50, 8] rpc_parse/parse_prs.c:prs_debug(82) 000258 smb_io_dom_sid sid [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0258 sid_rev_num: 01 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0259 num_auths : 05 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 025a id_auth[0] : 00 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 025b id_auth[1] : 00 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 025c id_auth[2] : 00 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 025d id_auth[3] : 00 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 025e id_auth[4] : 00 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 025f id_auth[5] : 05 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint32s(898) 0260 sub_auths : 0015 087e60f9 5a3924ad 6dd83d7d 06bb [2005/12/14 16:37:50, 7] rpc_parse/parse_prs.c:prs_debug(82) 000274 smb_io_dom_sid2 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0274 num_auths: 0005 [2005/12/14 16:37:50, 8] rpc_parse/parse_prs.c:prs_debug(82) 000278 smb_io_dom_sid sid [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0278 sid_rev_num: 01 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0279 num_auths : 05 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 027a id_auth[0] : 00 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 027b id_auth[1] : 00 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 027c id_auth[2] : 00 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 027d id_auth[3] : 00 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 027e id_auth[4] : 00 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint8(582) 027f id_auth[5] : 05 [2005/12/14 16:37:50, 5] rpc_parse/parse_prs.c:prs_uint32s(898) 0280 sub_auths : 0015 087e60f9 5a3924ad 6dd83d7d 05d2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deactivate document settings for all users
On Wednesday 14 December 2005 05:55, Patrick DUBAU wrote: Hi, we have samba 3.0.14 which works very well. But we have one problem : for each user who is connecting on the station a directory of his name is created under C:\Documents and Settings (we have about 3000 students...) So we want that only one (the Default User) directory is used (no other will no more be created) and we also want that the default User directory is redirected to P: (home directory of each user on samba server). Does someone know how to achieve this ? Sure. Follow the information in chapter 5 of the book Samba-3 by Example for setting up the default network user profile. Then configure your windows clients to use roaming profiles that delete on logoff. Lastly, do not have profiles share, but do configure everything else as if you will use roaming profiles. The default network user profile should be configured with folder redirection. The book is available from Amazon.Com (hard copy), or in PDF from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba management tools
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: mourik jan c heupink wrote: dear list On the samba.org pages there is an overview of Samba GUI's. I've recently (via a post on this mailinglist) discovered http://ldapadmin.sourceforge.net/ It looks very good. Anyone using it here? Experiences? A specific reason why it it not listed on the Samba GUI page? Nope. Just an oversight. I'll get Deryck to post a link today. We usually only add tools as I'm notified about them, so some how this one escaped our attention/notice (in terms of the list). Will get it added shortly. Cheers, deryck - -- Deryck Hodgehttp://www.devurandom.org/ Samba Team http://www.samba.org/ This is the 21st century ... Magic isn't dead. --Marillion (2001) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoEZx4glRK0DaE8gRApvKAJ4zogGMco1LYL70UWV2TUW332QyFwCgqmMJ ODhGt0+Iicasi6LmtO9Z0NE= =CrUp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: LDAP account management tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. Meanwhile, can others chime in with their favorite LDAP tools? Cheers, deryck - -- Deryck Hodgehttp://www.devurandom.org/ Samba Team http://www.samba.org/ This is the 21st century ... Magic isn't dead. --Marillion (2001) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoEch4glRK0DaE8gRAq3iAKCr0w7kBiuAV7eO0Rmb8EcJF0jZ+ACgzudn nPe6a3X9x5R8C2XKMVIurYU= =x6Mu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hanging SMBD processes - Samba CRASHING
In our case its RHEL3, and any version of Samba that RedHat distributes. Local file system is ext3. The version of 2.2.12 I'm using comes from the RHEL2.1 source RPM recompiled for x86_64 platform. Brian Pickering System Administrator - Information Services Schweitzer Engineering Laboratories, Inc. Email - [EMAIL PROTECTED] Telephone - 509-332-1890 x1212 Gerald (Jerry) Carter [EMAIL PROTECTED] 12/13/2005 08:51 AM To Matt Johnson [EMAIL PROTECTED] cc [EMAIL PROTECTED], samba@lists.samba.org Subject Re: [Samba] Hanging SMBD processes - Samba CRASHING -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 8 Dec 2005, Matt Johnson wrote: On Thu, 8 Dec 2005, [EMAIL PROTECTED] wrote: We've had similar troubles with Samba 3.x on our ClearCase VOB server running RHEL3. Our fix was to go back to the old 2.2.12, and we haven't had a problem since. Unfortunately I was never able to devote enough time to tracking down the problem fully. I had hoped that upgrading to RHEL4 using a 2.6 kernel would help, but your experience doesn't bode well for that. We had similar problems. stracing hung child smbd processes pointed the finger at *local* locking issues: processes were hanging in fcntl(...,F_SETLKW64,...) for one byte locks on fd 14 = locking.tdb; the culprit function is tdb_brlock. What is the local filesystem? And remind me what server OS this. RHEL 4 ? Thanks. Turning off oplocks seems to have helped, but we'd also like to get to the bottom of this... is this fcntl/locking hang behavior what you are seeing too? The tdb files make extensive use of byte range locking and a coherent map implementation on the server. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDnvwSIR7qMdg1EfYRAmbHAJkB3Rt2LLUvAg00fMlSjo6gVghXFwCdG4Re DMzt05E+Z/lXasn5YwsthlM= =i6ui -END PGP SIGNATURE- -- This e-mail may contain SEL confidential or legally privileged information. The opinions expressed are not necessarily those of SEL. Any unauthorized disclosure, distribution or other use is prohibited. If you received this e-mail in error, please notify the sender, permanently delete it, and destroy any printed copies. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows admin, anything special?
I apologize for re-posting, but I am stuck. Has anyone connected from a Windows XP admin account to a Samba server? Did you have to do anything special? All of my other users work but not my admin account. Thanks, -Mont -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba recycle bin
No problem. [bus-dev] comment = Business Developemnt Directories path = /home/share admin users = shaun_bolling read only = No create mask = 0777 directory mask = 0777 guest ok = no vfs objects = recycle recycle:exclude = *.tmp,*.temp recycle:keeptree = yes recycle:repository = .recycle/%U recycle:touch = yes recycle:versions = yes updatemyself . wrote: Hi Shaun can u give me the full configuration of that share... because i didnt get much idea.. where i have to add this.. things.. hope its adding under share definisions... really getting confused.. so please... my present share configuration is.. this [vol8] path = /vol08_800 valid users = @1629 read only = No create mask = 0644 security mask = 0755 directory mask = 0775 inherit permissions = Yes inherit acls = Yes inherit owner = Yes Thanks A lot.. Jerrynikki. On 12/14/05, Shaun Bolling [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote:This is how I did it. I have Redhat ES 3 and samba-3.0.0-14.3E . vfs objects = recycle recycle:exclude = *.tmp,*.temp recycle:keeptree = yes recycle:repository = .recycle/%U recycle:touch = yes recycle:versions = yes On 12/14/05, Shaun Bolling [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: This is how I did it. I have Redhat ES 3 and samba-3.0.0-14.3E. vfs objects = recycle recycle:exclude = *.tmp,*.temp recycle:keeptree = yes recycle:repository = .recycle/%U recycle:touch = yes recycle:versions = yes updatemyself . wrote: Hi all, can anyone tell me how i can setup a recycle bin for my samba share? it will be a very very good for me.. please give me the steps or please point to any document.. Thank you in advance, Jerrynikky. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20b - vfs_GetWd: SMB_VFS_GETWD call failed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pierre Lebrun wrote: Hi, I just migrate 2 networks with 3.0.20b as PDC with mbpasswd backend and discover the following error in log files: [2005/12/13 08:43:30, 0, effective(20550, 2007), real(0, 0)] smbd/vfs.c:(851) vfs_GetWd: SMB_VFS_GETWD call failed, errno Permission denied Does anyone know what this message is relevant for ? I suppose a misconfiguration but have really no idea about the place to look for. Check for funky permissions on the roots of all your file shares. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoFB6IR7qMdg1EfYRAkHKAJ94xre4wOG6PsYzKnmNIMp7dcveQQCfTPwq DzzF3LaoEtIfvZwZL/sdoAk= =3uF9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: LDAP account management tools?
Hi, not samba-specific but a really cool LDAP tool. http://ldapadmin.sourceforge.net/ (I think it has already been talked about in here) Best Regards, Bruno Guerreiro -Original Message- From: Deryck Hodge [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 14 de Dezembro de 2005 16:24 To: Gerald (Jerry) Carter Cc: [EMAIL PROTECTED] Subject: [Samba] Re: LDAP account management tools? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. Meanwhile, can others chime in with their favorite LDAP tools? Cheers, deryck - -- Deryck Hodgehttp://www.devurandom.org/ Samba Team http://www.samba.org/ This is the 21st century ... Magic isn't dead. --Marillion (2001) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoEch4glRK0DaE8gRAq3iAKCr0w7kBiuAV7eO0Rmb8EcJF0jZ+ACgzudn nPe6a3X9x5R8C2XKMVIurYU= =x6Mu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] new server: NT_STATUS_LOGON_FAILURE
I've googled, RTFMed, and I still can't fix this. Hoping someone here can offer a suggestion. I'm learning, so please explain a little if you can. I installed samba on a Ubuntu 5.10 machine (named mog). My XP machine sees it, but the username/password dialog fails. I've traced it down to what I think is an authentication problem: [EMAIL PROTECTED]:/etc/samba$ smbclient -L mog -U mat Password: I enter my password here session setup failed: NT_STATUS_LOGON_FAILURE If I replace -U mat with -N I get a typical smbclient -L listing, so I know something is working. Another fact is that I have an older Ubuntu (Hoary) machine that also serves samba and works. I copied its /etc/samba/smb.conf to the machine having trouble; the two machines are the same (config, username, and password). Right now the workgroup names are different on the two machines, but that didn't make a difference. I'm stumped. Mat *** /etc/samba/smb.conf follows * # Samba config file created using SWAT # from 192.168.0.103 (192.168.0.103) # Date: 2005/12/12 15:40:02 # Global parameters [global] workgroup = ECLIPSE server string = %h server (Samba, Ubuntu) obey pam restrictions = Yes passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No ldap ssl = no panic action = /usr/share/samba/panic-action %d invalid users = root [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [homes] valid users = %S read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
Are there any plans for the Samba team to implement their own set of web-based graphical tools to control accounts and servers? The Directory server that Redhat Enterprise and Fedora are pushing is looking good, but how involved is the Samba team with that? phpLdapAdmin and LAM are excellent products, but it sure would be nice if the tool was coming right from the Samba team, and it pretty much did it all. From walking you through setting up the server, initializing your LDAP directory, to administration of the directory and server. Maybe you have plans for this, maybe you don't. I'm just curious. Deryck Hodge wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. Meanwhile, can others chime in with their favorite LDAP tools? Cheers, deryck - -- Deryck Hodgehttp://www.devurandom.org/ Samba Team http://www.samba.org/ This is the 21st century ... Magic isn't dead. --Marillion (2001) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoEch4glRK0DaE8gRAq3iAKCr0w7kBiuAV7eO0Rmb8EcJF0jZ+ACgzudn nPe6a3X9x5R8C2XKMVIurYU= =x6Mu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Deryck Hodge schrieb: Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. One idea: it would be nice to have a site where infos about LDAP account database best practice could be collected. There are so many books (Jerry: I like your LDAP System Administration very much ;-), HOWTOs, tips, emails etc. out there but I always have the impression that the least common demoninator about several significant decisions is very low. Not to mention that many tips and HOWTOs even contradict each other or are outdated (It's a fast developing area!) An (incomplete) list of those best practice topics might include: * overall layout of LDAP tree Deep or shallow? What ou should be there? * how to store passwords cleartext? crypt? SSHA? MD5? What are the pros and cons? * where to store machine trust accounts? Should you sub-structure your accounts ou or not? * use DSA for NSS, PAM, Samba, Radius, replication, etc.? pros? cons? Impact on ACL? * Where to store the sambaDomainName entry? (directly at the tree root or use your own ou?) * best way on how to configure your ACL * Which tools should one use to change user passwords? smbldap tools? Web GUI? PAM with pam_ldap? etc. Decisions on all of these topics have impact on the way each subsystem has to be configured and on how they all work together. Of course over the years I have developed a structure I like best, but this is not to say it _is_ the best (under any metrics you might imagine). One should also take into account that different LDAP administration tools might more or less enforce a specific way of how to set up your LDAP database, which is the link I see between the list of LDAP system admin tools and a LDAP account database best practice info site. Meanwhile, can others chime in with their favorite LDAP tools? I use GOSA on several installations and I like it! http://oss.gonicus.de/gosa/index.php/Main_Page Regards, - - andreas - -- Andreas Haumer | mailto:[EMAIL PROTECTED] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoFaGxJmyeGcXPhERAq2WAJ48M6Ash5U1ay65mzFtc4c2PXRbvQCghN/N ciXfCE1BnBMH938vSEXdm7I= =0559 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + ldap
Hi, all. I carefuly read [samba]ldapsam:trusted = yes kills smbd thread, but it not help me. My samba want use domain-likes SID's. I have 5 (possible, more) distributed over world samba servers. This servers nothing know about neighbours. Today we are using rsync for syncing smbpasswd files. Also, I have several replicated ldap servers with my unix users accounts. And I want use this servers for replacing smbpasswd files. I have to use security = user, instead PDC-BDC, because my samba servers can't interact. I use samba-3.0.20b,1 on FreeBSD 6.0-STABLE Problem is -- I can't authentificate on samba server. My smb.conf, smb.ldif (my tree) and samba log (with log lovel = 10) accessible on http://clh.higis.ru/~dimma/samba/ Plz, help me. On Fri, Nov 25, 2005 at 04:43:43PM +, Daniel Wilson wrote: i had the same problem as this!! well if your using ldapsam:trusted=yes look for the thread titled [samba]ldapsam:trusted = yes kills smbd ..but pretty much it was this.. i have changed the sambaPrimaryGroupSid: S-1-1-0 on uid=nobody and changed sambaSID: S-1-1-0 on group nobody and it now starts yeh!! :) On Fri, 2005-11-25 at 14:37, Dmitriy Kirhlarov wrote: Hi, all. Now my ldap-directory used for storing unix users accounts. I want use it for samba auth too. My samba config and ldap records attached. When I try start smbd I get error in logfile: [2005/11/25 16:30:21, 3]passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2513) primary group of [nobody] not found Any ideas? WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 ext.203 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows admin, anything special?
On Wednesday 14 December 2005 09:54, Mont Rothstein wrote: I apologize for re-posting, but I am stuck. Has anyone connected from a Windows XP admin account to a Samba server? Did you have to do anything special? All of my other users work but not my admin account. Have you read any of the official Samba documentation? http://www.samba.org/samba/docs/ If you have, what parts do not make sense to you? - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new server: NT_STATUS_LOGON_FAILURE
On Wednesday 14 December 2005 10:12, Mathew D. Watson wrote: I've googled, RTFMed, and I still can't fix this. Hoping someone here can offer a suggestion. I'm learning, so please explain a little if you can. I installed samba on a Ubuntu 5.10 machine (named mog). My XP machine sees it, but the username/password dialog fails. I've traced it down to what I think is an authentication problem: [EMAIL PROTECTED]:/etc/samba$ smbclient -L mog -U mat Password: I enter my password here session setup failed: NT_STATUS_LOGON_FAILURE If I replace -U mat with -N I get a typical smbclient -L listing, so I know something is working. Another fact is that I have an older Ubuntu (Hoary) machine that also serves samba and works. I copied its /etc/samba/smb.conf to the machine having trouble; the two machines are the same (config, username, and password). Right now the workgroup names are different on the two machines, but that didn't make a difference. I'm stumped. [...] Please follow the official Samba documentation. Suggest you follow the examples and the step-by-step deployment information in the book Samba-3 by Example. You can purchase hard copy from Amazon.Com, or download the PDF from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf If you have a problem with any step, in any chapter of this book please email me the datails so I can improve the documentation. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RHEL4 and samba
I brought over the /etc/samba directory from a RHEL3 system to a RHEL4 system. I disable selinux in case there was a problem with a port being blocked iptables has port 139 and 445 enabled. I can see the server in the Windows Network Neighborhood but the user cannot connect because they are unauthorized to attach from their computer. Most of the test in the samba documentation work except. smbclient -L server -N shows no computers, but does show the shares and SERVER COMMENTS myserverserver comments Workgroup Master - myworkgroup 2nd workgroup master2 3rd workgroup master3 nmblookup -B myserver __SAMBA__ querying __SAMBA__ on correct ip address name_query failed to find name __SAMBA__ nmblooup -M myworkgroup querying myworkgroup on mysubnet ip address of a client myworkgroup1d netstat -a show netbios-ns What do I have set up incorrectly? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Worked examples?
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] RHEL4 and samba
Begin forwarded message: From: Margaret_Doll [EMAIL PROTECTED] Date: Wed Dec 14, 2005 1:09:24 PM US/Eastern To: samba samba@lists.samba.org Subject: [Samba] RHEL4 and samba I brought over the /etc/samba directory from a RHEL3 system to a RHEL4 system. I disable selinux in case there was a problem with a port being blocked iptables has port 139 and 445 enabled. I can see the server in the Windows Network Neighborhood but the user cannot connect because they are unauthorized to attach from their computer. Most of the test in the samba documentation work except. smbclient -L server -N shows no computers, but does show the shares and SERVER COMMENTS myserverserver comments Workgroup Master - myworkgroup 2nd workgroup master2 3rd workgroup master3 nmblookup -B myserver __SAMBA__ querying __SAMBA__ on correct ip address name_query failed to find name __SAMBA__ nmblooup -M myworkgroup querying myworkgroup on mysubnet ip address of a client myworkgroup1d netstat -a show netbios-ns What do I have set up incorrectly? -- I found that from the computers I cannot attach to the server through the network neighborhood. I can, however, log into the server if I do a search on the computer. So the server is not announcing itself. How do I fix this problem? Is this a firewall problem? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba management tools
thanks! Deryck Hodge wrote: We usually only add tools as I'm notified about them, so some how this one escaped our attention/notice (in terms of the list). Will get it added shortly. Cheers, deryck - -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new server: NT_STATUS_LOGON_FAILURE
John H Terpstra wrote: On Wednesday 14 December 2005 10:12, Mathew D. Watson wrote: I've traced it down to what I think is an authentication problem: [EMAIL PROTECTED]:/etc/samba$ smbclient -L mog -U mat Password: I enter my password here session setup failed: NT_STATUS_LOGON_FAILURE If I replace -U mat with -N I get a typical smbclient -L listing, so I know something is working. Another fact is that I have an older Ubuntu (Hoary) machine that also serves samba and works. I copied its /etc/samba/smb.conf to the machine having trouble; the two machines are the same (config, username, and password). Right now the workgroup names are different on the two machines, but that didn't make a difference. I'm stumped. [...] Please follow the official Samba documentation. I have. I read the Samba3-HOWTO and many of the html docs that came with the samba-docs package. I will readily admit that I didn't understand a _lot_ of what I read. I'm an independent scientist who's trying to make the most of my PC resources. I managed to get this working before, but I can't repeat. By googling I found examples of the same error, but that's all I found, problems and no solutions. Suggest you follow the examples and the step-by-step deployment information in the book Samba-3 by Example. You can purchase hard copy from Amazon.Com, or download the PDF from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf If you have a problem with any step, in any chapter of this book please email me the datails so I can improve the documentation. I read through the first several chapters. None of the situations described seemed to fit, and much of what I read didn't make sense. The book assumes the reader is skillful regarding windows networking, which I'm not. Please don't think I'm saying it's a bad book. I'm simply saying I had difficulty reading it. I'm comfortable with UNIX, and I found the samba3-Howto much more readable, as it goes over the Windows principles on which samba is based. All I want to do is set up password protected read write home shares on 1 to 3 linux PCs that I can access from the 1 to 3 linux PCs and 1 XP machine. Right now I have only one user account on all the machines (mat), but I can imagine having a couple more users. If you suggest an appropriate example from your book, I'll be happy to go back and study that chapter (and its predecessors), and then try to implement it. Sincerely, Mat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Wed, 2005-12-14 at 10:24 -0600, Deryck Hodge wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. Meanwhile, can others chime in with their favorite LDAP tools? I use webmin http://www.webmin.com Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Worked examples?
Okay, that worked to allow me to see the files, but now I'm not prompted for any login and access to the share is denied when I open the file and try to save directly back to the share. The only thing I changed were the transposition errors you pointed out. With that same config, is there something else I'm missing? Before I made that change I was prompted for a password. Or did the password get saved? I guess that's possible, but then why can't the owner of the file (which is who I'm logged in under), save directly back to the file? -Myles On 12/14/05, Philip Washington [EMAIL PROTECTED] wrote: Donald Musser wrote: Alright, here it is... [global] workgroup = swtest netbios name = nagios-02 printcap name = cups disable spoolss = Yes show add printer wizard = No printing = cups [homes] comment = Home Directories valid users = %S I believe you need a path here. read only = No browseable = No [public] comment = Data paht = /export1 This should be path = force user = maryo force group = users guest ok = Yes read only = No [printers] comment = All Printers path /var/spool/samba printer admin - root, maryo This should be printer admin = run 'testparm' from your prompt and see if anything else shows up create mask = 0600 guest ok = Yes printable = Yes use client driver = Yes browseable = No #EOF I don't know whether you did this or not, but you might try running testparm outputtestparm.txt That way if some of these errors are typos from translation to email you can avoid this by just copying or editing the file outputtestparm.txt. [EMAIL PROTECTED] /]# ls -al export1 total 24 drwxr-x--- 2 maryo users 4096 Dec 12 13:49 . drwxr-xr-x 25 root root 4096 Dec 13 14:03 .. -rw-r--r-- 1 root root 644 Dec 12 13:49 hi Notice anything? Anymore info you need? I've been logging in mainly as maryo in this setup. -Myles On 12/13/05, Mark Sarria [EMAIL PROTECTED] wrote: Post your Config file, let's take a look! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Donald Musser Sent: Tuesday, December 13, 2005 7:46 AM To: samba@lists.samba.org Subject: [Samba] Worked examples? I've been experimenting with Samba a bit. I won't claim to know a whole lot about it, because I don't, and I'm even somewhat of a newbie when it comes to Linux/UNIX. But I've been working with the worked examples that the HOW TO docs describe on the website, configuring my smb.conf file as is stated. I'm running Samba 3.0.14a-2 on Fedora Core 4, and I'm running into a bit of a problem. When I work with the example of a simple Anonymous Read-Only File Server, I am able to access those files from my WinXP system just fine. However, when I get to the example of a Secure Office Server, I am able to log in using any of the users I specified in my config, but none of the users are able to view any files I've placed in that share -- not even the owner of the files. This is the case when I try to access the files from both my WinXP system and locally by logging into the Samba server from command line. I can post my smb.conf file if needed, but I was wondering if there's something common that I'm missing... TIA, ~Myles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Wed, 2005-12-14 at 18:29 +0100, Andreas Haumer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Deryck Hodge schrieb: Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. One idea: it would be nice to have a site where infos about LDAP account database best practice could be collected. There are so many books (Jerry: I like your LDAP System Administration very much ;-), HOWTOs, tips, emails etc. out there but I always have the impression that the least common demoninator about several significant decisions is very low. Not to mention that many tips and HOWTOs even contradict each other or are outdated (It's a fast developing area!) An (incomplete) list of those best practice topics might include: * overall layout of LDAP tree Deep or shallow? What ou should be there? not really a samba issue * how to store passwords cleartext? crypt? SSHA? MD5? What are the pros and cons? not really a samba issue * where to store machine trust accounts? Should you sub-structure your accounts ou or not? * use DSA for NSS, PAM, Samba, Radius, replication, etc.? pros? cons? Impact on ACL? * Where to store the sambaDomainName entry? (directly at the tree root or use your own ou?) * best way on how to configure your ACL * Which tools should one use to change user passwords? smbldap tools? Web GUI? PAM with pam_ldap? Methinks that the future samba wiki might be a good place for this etc. Decisions on all of these topics have impact on the way each subsystem has to be configured and on how they all work together. Of course over the years I have developed a structure I like best, but this is not to say it _is_ the best (under any metrics you might imagine). One should also take into account that different LDAP administration tools might more or less enforce a specific way of how to set up your LDAP database, which is the link I see between the list of LDAP system admin tools and a LDAP account database best practice info site. Meanwhile, can others chime in with their favorite LDAP tools? I use GOSA on several installations and I like it! http://oss.gonicus.de/gosa/index.php/Main_Page Thanks Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new server: NT_STATUS_LOGON_FAILURE
Take one machine to learn on. Wipe it out and do a bare metal install. Once your basic Linux is installed and working, follow Chapter 3 of Samba3 - By Example step by step. Don't change anything. See how it all works. THEN, go in and change things one at a time to see the results and tune it to your desires. Michael Mathew D. Watson told me on 12/14/2005 13:10: John H Terpstra wrote: On Wednesday 14 December 2005 10:12, Mathew D. Watson wrote: I've traced it down to what I think is an authentication problem: [EMAIL PROTECTED]:/etc/samba$ smbclient -L mog -U mat Password: I enter my password here session setup failed: NT_STATUS_LOGON_FAILURE If I replace -U mat with -N I get a typical smbclient -L listing, so I know something is working. Another fact is that I have an older Ubuntu (Hoary) machine that also serves samba and works. I copied its /etc/samba/smb.conf to the machine having trouble; the two machines are the same (config, username, and password). Right now the workgroup names are different on the two machines, but that didn't make a difference. I'm stumped. [...] Please follow the official Samba documentation. I have. I read the Samba3-HOWTO and many of the html docs that came with the samba-docs package. I will readily admit that I didn't understand a _lot_ of what I read. I'm an independent scientist who's trying to make the most of my PC resources. I managed to get this working before, but I can't repeat. By googling I found examples of the same error, but that's all I found, problems and no solutions. Suggest you follow the examples and the step-by-step deployment information in the book Samba-3 by Example. You can purchase hard copy from Amazon.Com, or download the PDF from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf If you have a problem with any step, in any chapter of this book please email me the datails so I can improve the documentation. I read through the first several chapters. None of the situations described seemed to fit, and much of what I read didn't make sense. The book assumes the reader is skillful regarding windows networking, which I'm not. Please don't think I'm saying it's a bad book. I'm simply saying I had difficulty reading it. I'm comfortable with UNIX, and I found the samba3-Howto much more readable, as it goes over the Windows principles on which samba is based. All I want to do is set up password protected read write home shares on 1 to 3 linux PCs that I can access from the 1 to 3 linux PCs and 1 XP machine. Right now I have only one user account on all the machines (mat), but I can imagine having a couple more users. If you suggest an appropriate example from your book, I'll be happy to go back and study that chapter (and its predecessors), and then try to implement it. Sincerely, Mat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new server: NT_STATUS_LOGON_FAILURE
Michael Barnes wrote: Take one machine to learn on. Wipe it out and do a bare metal install. Once your basic Linux is installed and working, follow Chapter 3 of Samba3 - By Example step by step. Don't change anything. See how it all works. THEN, go in and change things one at a time to see the results and tune it to your desires. Thanks Michael and John. I'll do that, especially the Don't change anything part. Mat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joining a Samba 3 domain repost
Sorry still unable to find documentation Hello I have set up a Samba 3 PDC on RHEL4 using the tdbsam backed. I can log in as a user who has been added to the tdbsam database from a workstation. When I try to add the workstation to the domain (after breaking user connections to the server) I get The following error occurred while trying to joining the domain xyz.com. Access denied. I havent seen any instructions in the how-tos on how to create the Administrative account on the server to accept workstations to join the domain? How do I create security groups and join them to users ie Joe is a member of managers, accounts, engineers etc? Many thanks Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a Samba 3 domain repost
On Wednesday 14 December 2005 12:50, Mike wrote: Sorry still unable to find documentation Suggest you check the official documentation: http://www.samba.org/samba/docs/ There are two books: Samba3-HOWTO.pdf Samba3-ByExample.pdf The HOWTO is a mechanic's guide, the ByExample is the deployment guide. The deployment guide has a range of network configurations that are fully documented and provides step-by-step instructions to help you get your network running. Suggest you check Chapter 4 of the ByExample book - it most closely matches your usage. It is often easier to follow known-to-work examples, and then learn by changing a working system, than to try to learn everything from a cold start. Hello I have set up a Samba 3 PDC on RHEL4 using the tdbsam backed. I can log in as a user who has been added to the tdbsam database from a workstation. When I try to add the workstation to the domain (after breaking user connections to the server) I get The following error occurred while trying to joining the domain xyz.com. Access denied. I havent seen any instructions in the how-tos on how to create the Administrative account on the server to accept workstations to join the domain? Refer to chapter 14 of the HOWTO. How do I create security groups and join them to users ie Joe is a member of managers, accounts, engineers etc? See chapter 11 of the HOWTO. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a Samba 3 domain repost
Thanks Chris I tried that to User is there But I get the message error while joining domain xyz user not found --- Unix username:root NT username: Account Flags:[U ] User SID: S-1-5-21-2865329454-1566569267-2544077890-1000 Primary Group SID:S-1-5-21-2865329454-1566569267-2544077890-1001 Full Name:root Home Directory: \\server\root HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\server\Profiles\root Domain: xyz Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 09:45:51 GMT Kickoff time: Sat, 14 Dec 1901 09:45:51 GMT Password last set:Wed, 14 Dec 2005 17:16:39 GMT Password can change: Wed, 14 Dec 2005 17:16:39 GMT Password must change: Sat, 14 Dec 1901 09:45:51 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF Chris Lounsbury wrote: Mike You need to make sure your root account exists in your tbsam backend and then use root and its password when joining your windows workstations. At least that's how I did it Chris Mike [EMAIL PROTECTED] 12/14/05 12:50 PM Sorry still unable to find documentation Hello I have set up a Samba 3 PDC on RHEL4 using the tdbsam backed. I can log in as a user who has been added to the tdbsam database from a workstation. When I try to add the workstation to the domain (after breaking user connections to the server) I get The following error occurred while trying to joining the domain xyz.com. Access denied. I havent seen any instructions in the how-tos on how to create the Administrative account on the server to accept workstations to join the domain? How do I create security groups and join them to users ie Joe is a member of managers, accounts, engineers etc? Many thanks Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a Samba 3 domain repost
On Thu, 2005-12-15 at 08:50 +1300, Mike wrote: Sorry still unable to find documentation Hello I have set up a Samba 3 PDC on RHEL4 using the tdbsam backed. I can log in as a user who has been added to the tdbsam database from a workstation. When I try to add the workstation to the domain (after breaking user connections to the server) I get The following error occurred while trying to joining the domain xyz.com. Access denied. I havent seen any instructions in the how-tos on how to create the Administrative account on the server to accept workstations to join the domain? How do I create security groups and join them to users ie Joe is a member of managers, accounts, engineers etc? http://www.samba.org/samba/docs Check out the 'By Example' Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: * where to store machine trust accounts? Should you sub-structure your accounts ou or not? * use DSA for NSS, PAM, Samba, Radius, replication, etc.? pros? cons? Impact on ACL? * Where to store the sambaDomainName entry? (directly at the tree root or use your own ou?) * best way on how to configure your ACL * Which tools should one use to change user passwords? smbldap tools? Web GUI? PAM with pam_ldap? Methinks that the future samba wiki might be a good place for this Agreed. Craig is aware of this, but for others who are interested... Jerry and I are working on infrastructure for the wiki, which we hope to have completed in the next couple weeks. This took longer than originally expected due to a server upgrade. More wiki info will follow when available. Cheers, deryck - -- Deryck Hodgehttp://www.devurandom.org/ Samba Team http://www.samba.org/ This is the 21st century ... Magic isn't dead. --Marillion (2001) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoIQX4glRK0DaE8gRAjMbAJ9tQ69CB5MCG1TSLack0oq3QykrlQCgkzcD gsfwmTxTMZNykVqC/a/BKDk= =YziC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Craig White schrieb: On Wed, 2005-12-14 at 18:29 +0100, Andreas Haumer wrote: [...] An (incomplete) list of those best practice topics might include: * overall layout of LDAP tree Deep or shallow? What ou should be there? not really a samba issue * how to store passwords cleartext? crypt? SSHA? MD5? What are the pros and cons? not really a samba issue Agreed, but still these decisions have to be made if a LDAP database is to be set up and used as system account database, with or without Samba. And for me (and I'm sure for many others, too) Samba (read: the release of Samba3 with much improved LDAP support) was the main reason to deep into the universe of LDAP directories and account databases. * where to store machine trust accounts? Should you sub-structure your accounts ou or not? * use DSA for NSS, PAM, Samba, Radius, replication, etc.? pros? cons? Impact on ACL? * Where to store the sambaDomainName entry? (directly at the tree root or use your own ou?) * best way on how to configure your ACL * Which tools should one use to change user passwords? smbldap tools? Web GUI? PAM with pam_ldap? Methinks that the future samba wiki might be a good place for this I agree. This even might be sort of a standardisation driving force for LDAP system account database structure. Currently there doesn't seem to exist such standard (apart from very basic things) - - andreas - -- Andreas Haumer | mailto:[EMAIL PROTECTED] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoIYVxJmyeGcXPhERAlu+AJwJW2fdJVN5lJ+5anky2Uq0vHetmQCfVGXL hA6SGWWrwqVli8yhe98U+aI= =Tsge -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows admin, anything special?
What I missed, and I'm not sure if it is in the docs or simply the nature of my distro (RHEL ES 4), is that smbusers has a default entry of root = administrator admin This doesn't show up in the system-config-admin UI. I don't want admin to be root, so I had created a Unix account named administrator and given in the samba/windows name of admin. Thanks for asking. If there isn't anything in the official docs about this perhaps a warning somewhere? -Mont On 12/14/05, John H Terpstra [EMAIL PROTECTED] wrote: On Wednesday 14 December 2005 09:54, Mont Rothstein wrote: I apologize for re-posting, but I am stuck. Has anyone connected from a Windows XP admin account to a Samba server? Did you have to do anything special? All of my other users work but not my admin account. Have you read any of the official Samba documentation? http://www.samba.org/samba/docs/ If you have, what parts do not make sense to you? - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error looking up domain users
I know this problem has been addressed before on this list, but I think I'm running into something new here. I have a couple of debian boxes on my network that reference two Windows 2003 Domain controllers. I had them set up and working very well, until a couple of days ago when my windows admin decided to install Service Pack 1 to the 2003 servers. Now when I try to get a user list with wbinfo -u, I get the Error Looking up domain users message. I can still authenticate with wbinfo -a. I can get a list of the BUILTIN groups with 'wbinfo -g'. I've tried restarting winbind and samba.. I've tried rejoining the domain and setting the auth-user with 'wbinfo --set-auth-user=username%password'. Has anyone else experienced this problem after installation of Service Pack 1 under 2003? Here's my smb.conf file:[global] workgroup = DOMAINNAME server string = %h server (Samba, Debian) security = share password server = 192.168.0.5 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew \sUNIX\spas sword:* %n\n . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes wins server = 192.168.0.5 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fwd: [Samba] RHEL4 and samba
Margaret_Doll wrote: Begin forwarded message: From: Margaret_Doll [EMAIL PROTECTED] Date: Wed Dec 14, 2005 1:09:24 PM US/Eastern To: samba samba@lists.samba.org Subject: [Samba] RHEL4 and samba I brought over the /etc/samba directory from a RHEL3 system to a RHEL4 system. I disable selinux in case there was a problem with a port being blocked iptables has port 139 and 445 enabled. open ports 137 and 138, I forget which one, but the announcement is on one of these ports, you also need to check your protocols tcp udp as far as iptables is concerned. Usually in this cases I open up all protocols and the ports needed(check the protocols udp and tcp on 139 445 also) and then start DROP ing or REJECT ing ports-protocols until it breaks. selinux should not be an issue with this. I can see the server in the Windows Network Neighborhood but the user cannot connect because they are unauthorized to attach from their computer. Most of the test in the samba documentation work except. smbclient -L server -N shows no computers, but does show the shares and SERVERCOMMENTS myserverserver comments WorkgroupMaster - myworkgroup 2nd workgroupmaster2 3rd workgroupmaster3 nmblookup -B myserver __SAMBA__ querying __SAMBA__ on correct ip address name_query failed to find name __SAMBA__ nmblooup -M myworkgroup querying myworkgroup on mysubnet ip address of a client myworkgroup1d netstat -a show netbios-ns What do I have set up incorrectly? -- I found that from the computers I cannot attach to the server through the network neighborhood. I can, however, log into the server if I do a search on the computer. So the server is not announcing itself. How do I fix this problem? Is this a firewall problem? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Worked examples?
Donald Musser wrote: Okay, that worked to allow me to see the files, but now I'm not prompted for any login and access to the share is denied when I open the file and try to save directly back to the share. The only thing I changed were the transposition errors you pointed out. With that same config, is there something else I'm missing? Before I made that change I was prompted for a password. Or did the password get saved? I guess that's possible, but then why can't the owner of the file (which is who I'm logged in under), save directly back to the file? -Myles On 12/14/05, Philip Washington [EMAIL PROTECTED] wrote: Donald Musser wrote: Alright, here it is... [global] workgroup = swtest netbios name = nagios-02 printcap name = cups disable spoolss = Yes show add printer wizard = No printing = cups [homes] comment = Home Directories valid users = %S I believe you need a path here. read only = No browseable = No [public] comment = Data paht = /export1 This should be path = force user = maryo force group = users guest ok = Yes read only = No [printers] comment = All Printers path /var/spool/samba printer admin - root, maryo This should be printer admin = run 'testparm' from your prompt and see if anything else shows up create mask = 0600 guest ok = Yes printable = Yes use client driver = Yes browseable = No #EOF I don't know whether you did this or not, but you might try running testparm outputtestparm.txt That way if some of these errors are typos from translation to email you can avoid this by just copying or editing the file outputtestparm.txt. [EMAIL PROTECTED] /]# ls -al export1 total 24 drwxr-x--- 2 maryo users 4096 Dec 12 13:49 . drwxr-xr-x 25 root root 4096 Dec 13 14:03 .. -rw-r--r-- 1 root root 644 Dec 12 13:49 hi run 'chown -R maryo.users export1' in the directory below this, that might be part of your problem. Notice anything? Anymore info you need? I've been logging in mainly as maryo in this setup. -Myles On 12/13/05, Mark Sarria [EMAIL PROTECTED] wrote: Post your Config file, let's take a look! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Donald Musser Sent: Tuesday, December 13, 2005 7:46 AM To: samba@lists.samba.org Subject: [Samba] Worked examples? I've been experimenting with Samba a bit. I won't claim to know a whole lot about it, because I don't, and I'm even somewhat of a newbie when it comes to Linux/UNIX. But I've been working with the worked examples that the HOW TO docs describe on the website, configuring my smb.conf file as is stated. I'm running Samba 3.0.14a-2 on Fedora Core 4, and I'm running into a bit of a problem. When I work with the example of a simple Anonymous Read-Only File Server, I am able to access those files from my WinXP system just fine. However, when I get to the example of a Secure Office Server, I am able to log in using any of the users I specified in my config, but none of the users are able to view any files I've placed in that share -- not even the owner of the files. This is the case when I try to access the files from both my WinXP system and locally by logging into the Samba server from command line. I can post my smb.conf file if needed, but I was wondering if there's something common that I'm missing... TIA, ~Myles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a Samba 3 domain repost
Hi I have now been through the documentation by-example guide http://www.samba.org/samba/docs/ There are two books: Samba3-HOWTO.pdf Samba3-ByExample.pdf But I get the message error while joining domain xyz user not found when trying to join the domain with the root rootpassword Many thanks Mike Matt Lung wrote: have you tried this documentation yet?? http://www.idealx.org/prj/samba/smbldap-howto.en.html Mike wrote: Thanks Chris I tried that to User is there But I get the message error while joining domain xyz user not found --- Unix username:root NT username: Account Flags:[U ] User SID: S-1-5-21-2865329454-1566569267-2544077890-1000 Primary Group SID:S-1-5-21-2865329454-1566569267-2544077890-1001 Full Name:root Home Directory: \\server\root HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\server\Profiles\root Domain: xyz Account desc:Workstations:Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 09:45:51 GMT Kickoff time: Sat, 14 Dec 1901 09:45:51 GMT Password last set:Wed, 14 Dec 2005 17:16:39 GMT Password can change: Wed, 14 Dec 2005 17:16:39 GMT Password must change: Sat, 14 Dec 1901 09:45:51 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF Chris Lounsbury wrote: Mike You need to make sure your root account exists in your tbsam backend and then use root and its password when joining your windows workstations. At least that's how I did it Chris Mike [EMAIL PROTECTED] 12/14/05 12:50 PM Sorry still unable to find documentation Hello I have set up a Samba 3 PDC on RHEL4 using the tdbsam backed. I can log in as a user who has been added to the tdbsam database from a workstation. When I try to add the workstation to the domain (after breaking user connections to the server) I get The following error occurred while trying to joining the domain xyz.com. Access denied. I havent seen any instructions in the how-tos on how to create the Administrative account on the server to accept workstations to join the domain? How do I create security groups and join them to users ie Joe is a member of managers, accounts, engineers etc? Many thanks Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbclient lookup fails when querying local machine
Hi Ryan, boothost:~# smbclient -L 172.21.23.1 -Uvalidusr added interface ip=172.21.23.1 bcast=172.21.23.255 nmask=255.255.255.0 Password: session setup failed: Call timed out: server did not respond after 2 milliseconds Can bad WINS entries affect results even if WINS isn't in the name resolve order? When you use -L ip it bypasses WINS, hosts, lmhosts, etc. altogether and connects directly to that IP address. So that would explain why -L BH1230 doesn't work, because WINS might be mapping back to an IP, but you still get the timeout when connecting to that IP anyway. Try running netstat -lnp | grep smbd to get a list of all ports that Samba has open, and make sure they're all opened on the firewall (including the 'lo' interface.) I have a feeling there are two or three different ports that need to be opened. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a Samba 3 domain repost
Thanks Jimmy Yes this is a Unix SAMBA server, only xp workstations here. Can log int shares using administrator or root but not join the domain? Arhh Many thanks mike Jimmy D. Smith wrote: Mike, You must join the Domain with a valid Windows user that has Administrative privileges in the Domain, assuming this is a Windows envirionment, not a Unix PDC. In the Windows world, root has no meaning or privilege. Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Sent: Wednesday, December 14, 2005 3:30 PM To: samba-list Subject: Re: [Samba] Joining a Samba 3 domain repost Hi I have now been through the documentation by-example guide http://www.samba.org/samba/docs/ There are two books: Samba3-HOWTO.pdf Samba3-ByExample.pdf But I get the message error while joining domain xyz user not found when trying to join the domain with the root rootpassword Many thanks Mike Matt Lung wrote: have you tried this documentation yet?? http://www.idealx.org/prj/samba/smbldap-howto.en.html Mike wrote: Thanks Chris I tried that to User is there But I get the message error while joining domain xyz user not found --- Unix username:root NT username: Account Flags:[U ] User SID: S-1-5-21-2865329454-1566569267-2544077890-1000 Primary Group SID:S-1-5-21-2865329454-1566569267-2544077890-1001 Full Name:root Home Directory: \\server\root HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\server\Profiles\root Domain: xyz Account desc:Workstations:Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 09:45:51 GMT Kickoff time: Sat, 14 Dec 1901 09:45:51 GMT Password last set:Wed, 14 Dec 2005 17:16:39 GMT Password can change: Wed, 14 Dec 2005 17:16:39 GMT Password must change: Sat, 14 Dec 1901 09:45:51 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF Chris Lounsbury wrote: Mike You need to make sure your root account exists in your tbsam backend and then use root and its password when joining your windows workstations. At least that's how I did it Chris Mike [EMAIL PROTECTED] 12/14/05 12:50 PM Sorry still unable to find documentation Hello I have set up a Samba 3 PDC on RHEL4 using the tdbsam backed. I can log in as a user who has been added to the tdbsam database from a workstation. When I try to add the workstation to the domain (after breaking user connections to the server) I get The following error occurred while trying to joining the domain xyz.com. Access denied. I havent seen any instructions in the how-tos on how to create the Administrative account on the server to accept workstations to join the domain? How do I create security groups and join them to users ie Joe is a member of managers, accounts, engineers etc? Many thanks Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Restricting logins to certain clients
Thank you all for your help. I think I will try the logoff.exe approach. Of course, it is not a perfectly clean solution, but clean enough for my needs and much easier to handle than LDAP. Thanks Hans Musil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba on Mac OS X Server and opendirectorypdbconfig
Hi there, I am struggling to find more info on the opendirectorypdbconfig tool for Open Directory and Samba integration in Mac OS X Server 10.4. Thought here I may get pointed to the right direction. Thanks -- Anthony Palermo IT Consultant @ www.aderium.com 305.303.3204 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain connection fails
I am using 3.0.21rc2 on fc4. After I upgraded from 3.0.14a, I found that I cannot connect to my DOMAIN. I am using DOMAIN security. In log.wb-DOMAINNAME I find the following lines which may be related to the problem: [2005/12/14 18:14:09, 0] nsswitch/winbindd_dual.c:child_read_request(49) Got invalid request length: 0 [2005/12/14 18:14:09, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm [2005/12/14 18:14:09, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain DOMAINNAME failed: Cannot find KDC for requested realm Because of the failure to connect to the domain, I cannot authenticate as a user and am unable to access samba shares. Is this a bug or am I doing something wrong? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind fail to start:
Hi all, I followed Happy Users document, i was able to start named, dhcpd,ldap,smb but winbind couldn't start. I don't know where the problem is. I downloaded samba-3.0.20b and configuring on RHEL4. I copied the error from /var/log/samba/log.winbindd and pasted below. Thank you in advance, the-poet [2005/12/14 11:54:43, 1] nsswitch/winbindd.c:main(935) winbindd version 3.0.20b started. Copyright The Samba Team 2000-2004 [2005/12/14 11:54:43, 0] lib/fault.c:fault_report(36) === [2005/12/14 11:54:43, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 9204 (3.0.20b) Please read the Trouble-Shooting section of the Samba3-HOWTO [2005/12/14 11:54:43, 0] lib/fault.c:fault_report(39) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2005/12/14 11:54:43, 0] lib/fault.c:fault_report(40) === [2005/12/14 11:54:43, 0] lib/util.c:smb_panic2(1548) PANIC: internal error [2005/12/14 11:54:43, 0] lib/util.c:smb_panic2(1556) BACKTRACE: 20 stack frames: #0 winbindd(smb_panic2+0x128) [0x80d9b48] #1 winbindd(smb_panic+0x19) [0x80d9a19] #2 winbindd [0x80c6bbb] #3 /lib/tls/libc.so.6 [0x4528c8] #4 /lib/tls/libc.so.6 [0x44a170] #5 /lib/tls/libc.so.6 [0x449bc2] #6 /lib/tls/libc.so.6(setlocale+0x143) [0x4493f3] #7 winbindd [0x80c37d4] #8 winbindd(init_iconv+0x67) [0x80c3977] #9 winbindd [0x80c00c4] #10 winbindd(lp_do_parameter+0x2db) [0x80c0c7b] #11 winbindd [0x80c0fdd] #12 winbindd [0x80c315b] #13 winbindd [0x80c3464] #14 winbindd(pm_process+0xe9) [0x80c3669] #15 winbindd(lp_load+0x101) [0x80c21a1] #16 winbindd(ber_scanf+0x16a) [0x8071b9e] #17 winbindd(main+0x18a) [0x807355a] #18 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x43fe23] #19 winbindd(ldap_msgfree+0x7d) [0x8071ad1] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new server: NT_STATUS_LOGON_FAILURE
Mathew D. Watson wrote: I installed samba on a Ubuntu 5.10 machine (named mog). My XP machine sees it, but the username/password dialog fails. I've traced it down to what I think is an authentication problem: [EMAIL PROTECTED]:/etc/samba$ smbclient -L mog -U mat Password: I enter my password here session setup failed: NT_STATUS_LOGON_FAILURE If I replace -U mat with -N I get a typical smbclient -L listing, so I know something is working. Another fact is that I have an older Ubuntu (Hoary) machine that also serves samba and works. I copied its /etc/samba/smb.conf to the machine having trouble; the two machines are the same (config, username, and password). Right now the workgroup names are different on the two machines, but that didn't make a difference. The solution to this problem is to run (as root): # smbpasswd -a username where username corresponds to a user account that already exists on the samba server. In my case I used mat as the username. This account is on all of my systems, and the login password is the same on all accounts. I'm not sure this is necessary, but I can say it worked. I was tempted to run this earlier, but I didn't for two reasons. First, the official documentation says something about smbpasswd backend being replaced by tdbsam. Second, my old (working system) didn't have an smbpasswd file at the location reported by 'smbd -b', so I figured I hadn't run smbpasswd before (otherwise there'd be an smbpasswd file. right?). Wrong. Running smbpasswd didn't create an smbpasswd file. I guess it's because I specified the tdbsam backend, which must use some-other-place to stash the password data gathered by smbpasswd. Mat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Wed, 2005-12-14 at 21:52 +0100, Andreas Haumer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Craig White schrieb: On Wed, 2005-12-14 at 18:29 +0100, Andreas Haumer wrote: [...] An (incomplete) list of those best practice topics might include: * overall layout of LDAP tree Deep or shallow? What ou should be there? not really a samba issue * how to store passwords cleartext? crypt? SSHA? MD5? What are the pros and cons? not really a samba issue Agreed, but still these decisions have to be made if a LDAP database is to be set up and used as system account database, with or without Samba. And for me (and I'm sure for many others, too) Samba (read: the release of Samba3 with much improved LDAP support) was the main reason to deep into the universe of LDAP directories and account databases. don't stop there - LDAP offers much more than just account management for posixAccounts and sambaSamAccounts. * where to store machine trust accounts? Should you sub-structure your accounts ou or not? * use DSA for NSS, PAM, Samba, Radius, replication, etc.? pros? cons? Impact on ACL? * Where to store the sambaDomainName entry? (directly at the tree root or use your own ou?) * best way on how to configure your ACL * Which tools should one use to change user passwords? smbldap tools? Web GUI? PAM with pam_ldap? Methinks that the future samba wiki might be a good place for this I agree. This even might be sort of a standardisation driving force for LDAP system account database structure. Currently there doesn't seem to exist such standard (apart from very basic things) The problem with this is right from the base, everybody's structure is going to be different. What works for a small company isn't going to work for a medium size company which isn't even going to slightly resemble what the DIT would look like for a big company. LDAP is by nature not designed to have a specific shape or style (standardization as you put it) and if you are constrained into thinking that the structure is to be dictated by Samba (as proxy for Microsoft), then you probably ought to just use Microsoft AD as they have already configured the parts they are interested in. For the record, Microsoft didn't create LDAP. I am continually finding more uses for LDAP and those have nothing to do with Samba at all. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba 3 with LDAP
Hi Thanks for replying, I do not have net connection to the SAMBA server, to update it, as i am in intranet, can you suggest any rpm's or tar.gz in any link that you know, Regards Niranjan On 12/14/05, Craig White [EMAIL PROTECTED] wrote: On Wed, 2005-12-14 at 19:33 +0530, GMAIL wrote: Hi all I am setting up Samba Primary Domain controller with LDAP in Redhat Enterprise Linux ES 4.0 . The open Ldap version is _*OpenLDAP 2.2.3*_ and samba version _*3.0.10-1.4E .*_ i used smbldap-tools which comes default in RHEL ES 4.0 . You need to get the latest smbldap-tools up2date smbldap-tools or up2date -u should do this for you but note that once you do this, the configuration stuff is in /etc/smbldap After configuring samba and Ldap ie slapd.conf, and configuring smbldap-conf.pm and populate it through smbldap-populate.pl i get the following error Global symbol $ldapsearch requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 236. Global symbol $ldapsearchnobind requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 237. Global symbol $ldappasswd requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 239. Global symbol $ldapadd requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 240. Global symbol $ldapdelete requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 241. Global symbol $ldapmodrdn requires explicit package name at /usr/local/sbin///smbldap_conf.pm line 242. Compilation failed in require at /usr/local/sbin///smbldap_tools.pm line 4. BEGIN failed--compilation aborted at /usr/local/sbin///smbldap_tools.pm line 4. Compilation failed in require at ./smbldap-populate.pl line 34. BEGIN failed--compilation aborted at ./smbldap-populate.pl line 34. and when i type *net getlocalsid* command i get the following error # [2005/12/14 18:49:49, 0] lib/smbldap.c:smbldap_search_suffix(1155) smbldap_search_suffix: Problem during the LDAP search: (No such object) SID for domain TDC17 is: S-1-5-21-664927944-2827829345-1370909811 # Please guide me Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] System error 64 with Redhat 7.2
Dear all, I am using Samba 3.0.20b on REdHat 7.2 and + OpenLDAP 2.2.X on another RedHat 7.3 When I try to connect to Samba from XP, it always returns System error 64 occurred. The specified network name is no longer available. But I were using IP to connect to the samba so there should'n have network name issue. After I restart smbd, then everything fine. Is there any problem with Samba on RedHat 7.2 for this un-stable situation?? The case is: in XP, net use * \\IP\public /user:username * First time ok. Then net use Z: /delete and reconnect with net use, then error occurred. Thx. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind problem (Trusting domains)
Hi, are you telling me to install nscd and it will solve my problem? Also i read somewhere in the samba website that you should not run nscd with winbind. Is that true?If it is, what are some ways of improving the performance of winbind and how can I make it scale? Thanks for your replies. adrian Vijay Avarachen wrote: I am not sure if this will help but I was getting strange errors and often dead winbinds due to the large amount of users and groups. I have had great success with setting up OpenLDAP for idmap backend. Now all my Linux machines are authenticating users and I also use nscd to speed things up and ease the load on OpenLDAP. On 12/14/05, *Adrian Chow* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: HI all, I have install 2 domains both on linux servers running debian samba 3.0.20b-2+b1. (Latest) I have both domains trusting each other. Domain A have 300 users and the other domain B have 3000 users. I have winbind on the nsswitch.conf for both PDCs. I have not errors runnning wbinfo -u, or wbinfo -g except when I run it on Domain A PDC. Domain users group which all 3000 users are at failed to show up at the output. The rest of the domain groups are displayed. Looking in the winbindd log:- (Domain B PDC = BAUGLIR; Domain B=UWCSTU) [2005/12/14 18:36:42, 10] nsswitch/winbindd_rpc.c:lookup_groupmem(539) rpc: lookup_groupmem UWCSTU sid=S-1-5-21-2723404422-2550591724-2764062575-513 [2005/12/14 18:36:52, 0] rpc_client/cli_pipe.c:rpc_api_pipe(438) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds [2005/12/14 18:36:52, 0] rpc_client/cli_pipe.c:rpc_api_pipe(438) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds [2005/12/14 18:36:52, 10] nsswitch/winbindd_rpc.c:lookup_groupmem(539) rpc: lookup_groupmem UWCSTU sid=S-1-5-21-2723404422-2550591724-2764062575-513 [2005/12/14 18:36:52, 3] nsswitch/winbindd_cm.c:connection_ok(819) Connection to BAUGLIR for domain UWCSTU has died or was never started (fd == -1) [2005/12/14 18:36:52, 0] rpc_client/cli_pipe.c:cli_rpc_close(1767) cli_rpc_open failed on pipe \samr to machine BAUGLIR. Error was Call timed out: server did not respond after 1 milliseconds Can anyone know who to cache winbind well or increase the pagesize? I guess the timeout is because of the 3000 entries. Regards, adrian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba https://lists.samba.org/mailman/listinfo/samba -- Knowledge is the only wealth that grows as you spend it, and diminishes as you save it. -- ancient Sanskrit saying -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: NET VIEW equivalent in Samba
Hi findsmb() does not let you specify a workgroup which then will be used to list the containing machines in that workgroup and secondly findsmb does not display all of the workgroups on the subnet. I actually wrote a own little C module that uses libsmbclient and it will display ALL workgroups on a subnät and kan also list all computers in a spcific workgroup. Regards, Henrik 14 dec 2005 kl. 21:05 skrev Jim Tee: findsmb Henrik Zagerholm wrote: Hi! Is there a NET VIEW equivalent in samba? I looked at smbclient -L but then I have to know the browser master. I only want to specifiy a workgroup.. Regards, Henrik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r12228 - in branches/SAMBA_4_0/source/nbt_server/wins: .
Author: metze Date: 2005-12-14 08:38:25 + (Wed, 14 Dec 2005) New Revision: 12228 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12228 Log: fix the expire time for RELEASED records metze Modified: branches/SAMBA_4_0/source/nbt_server/wins/winsdb.h branches/SAMBA_4_0/source/nbt_server/wins/winsserver.c Changeset: Modified: branches/SAMBA_4_0/source/nbt_server/wins/winsdb.h === --- branches/SAMBA_4_0/source/nbt_server/wins/winsdb.h 2005-12-14 07:22:25 UTC (rev 12227) +++ branches/SAMBA_4_0/source/nbt_server/wins/winsdb.h 2005-12-14 08:38:25 UTC (rev 12228) @@ -54,6 +54,19 @@ /* wins server database handle */ struct ldb_context *wins_db; - uint32_t min_ttl; - uint32_t max_ttl; + /* some configuration */ + struct { + /* +* the interval (in secs) till an active record will be marked as RELEASED +*/ + uint32_t min_renew_interval; + uint32_t max_renew_interval; + + /* +* the interval (in secs) a record remains in RELEASED state, +* before it will be marked as TOMBSTONE +* (also known as extinction interval) +*/ + uint32_t tombstone_interval; + } config; }; Modified: branches/SAMBA_4_0/source/nbt_server/wins/winsserver.c === --- branches/SAMBA_4_0/source/nbt_server/wins/winsserver.c 2005-12-14 07:22:25 UTC (rev 12227) +++ branches/SAMBA_4_0/source/nbt_server/wins/winsserver.c 2005-12-14 08:38:25 UTC (rev 12228) @@ -4,7 +4,8 @@ core wins server handling Copyright (C) Andrew Tridgell 2005 - + Copyright (C) Stefan Metzmacher 2005 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -31,8 +32,8 @@ */ uint32_t wins_server_ttl(struct wins_server *winssrv, uint32_t ttl) { - ttl = MIN(ttl, winssrv-max_ttl); - ttl = MAX(ttl, winssrv-min_ttl); + ttl = MIN(ttl, winssrv-config.max_renew_interval); + ttl = MAX(ttl, winssrv-config.min_renew_interval); return ttl; } @@ -419,6 +420,10 @@ break; } + if (rec-state == WREPL_STATE_RELEASED) { + rec-expire_time = winssrv-config.tombstone_interval; + } + ret = winsdb_modify(winssrv-wins_db, rec, modify_flags); if (ret != NBT_RCODE_OK) { DEBUG(1,(WINS: FAILED: released name %s at %s: error:%u\n, @@ -468,6 +473,8 @@ */ NTSTATUS nbtd_winsserver_init(struct nbtd_server *nbtsrv) { + uint32_t tombstone_interval; + if (!lp_wins_support()) { nbtsrv-winssrv = NULL; return NT_STATUS_OK; @@ -476,8 +483,10 @@ nbtsrv-winssrv = talloc_zero(nbtsrv, struct wins_server); NT_STATUS_HAVE_NO_MEMORY(nbtsrv-winssrv); - nbtsrv-winssrv-max_ttl = lp_max_wins_ttl(); - nbtsrv-winssrv-min_ttl = lp_min_wins_ttl(); + nbtsrv-winssrv-config.max_renew_interval = lp_max_wins_ttl(); + nbtsrv-winssrv-config.min_renew_interval = lp_min_wins_ttl(); + tombstone_interval = lp_parm_int(-1,wreplsrv,tombstone_interval, 6*24*60*60); + nbtsrv-winssrv-config.tombstone_interval = tombstone_interval; nbtsrv-winssrv-wins_db = winsdb_connect(nbtsrv-winssrv); if (!nbtsrv-winssrv-wins_db) {
svn commit: samba r12229 - in branches/SAMBA_4_0/source/nbt_server/wins: .
Author: metze Date: 2005-12-14 08:46:52 + (Wed, 14 Dec 2005) New Revision: 12229 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12229 Log: fix the expire time for released records metze Modified: branches/SAMBA_4_0/source/nbt_server/wins/winsserver.c Changeset: Modified: branches/SAMBA_4_0/source/nbt_server/wins/winsserver.c === --- branches/SAMBA_4_0/source/nbt_server/wins/winsserver.c 2005-12-14 08:38:25 UTC (rev 12228) +++ branches/SAMBA_4_0/source/nbt_server/wins/winsserver.c 2005-12-14 08:46:52 UTC (rev 12229) @@ -421,7 +421,7 @@ } if (rec-state == WREPL_STATE_RELEASED) { - rec-expire_time = winssrv-config.tombstone_interval; + rec-expire_time = time(NULL) + winssrv-config.tombstone_interval; } ret = winsdb_modify(winssrv-wins_db, rec, modify_flags);
svn commit: samba r12230 - in branches/SAMBA_4_0/source/wrepl_server: .
Author: metze Date: 2005-12-14 10:56:43 + (Wed, 14 Dec 2005) New Revision: 12230 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12230 Log: prepare for a generic periodic processing scheduling of pull,push,scavenging and reread-config events metze Added: branches/SAMBA_4_0/source/wrepl_server/wrepl_periodic.c Modified: branches/SAMBA_4_0/source/wrepl_server/config.mk branches/SAMBA_4_0/source/wrepl_server/wrepl_server.c branches/SAMBA_4_0/source/wrepl_server/wrepl_server.h Changeset: Modified: branches/SAMBA_4_0/source/wrepl_server/config.mk === --- branches/SAMBA_4_0/source/wrepl_server/config.mk2005-12-14 08:46:52 UTC (rev 12229) +++ branches/SAMBA_4_0/source/wrepl_server/config.mk2005-12-14 10:56:43 UTC (rev 12230) @@ -9,7 +9,8 @@ wrepl_in_call.o \ wrepl_out_connection.o \ wrepl_out_helpers.o \ - wrepl_apply_records.o + wrepl_apply_records.o \ + wrepl_periodic.o REQUIRED_SUBSYSTEMS = \ LIBCLI_WREPL WINSDB # End SUBSYSTEM WREPL_SRV Added: branches/SAMBA_4_0/source/wrepl_server/wrepl_periodic.c === --- branches/SAMBA_4_0/source/wrepl_server/wrepl_periodic.c 2005-12-14 08:46:52 UTC (rev 12229) +++ branches/SAMBA_4_0/source/wrepl_server/wrepl_periodic.c 2005-12-14 10:56:43 UTC (rev 12230) @@ -0,0 +1,82 @@ +/* + Unix SMB/CIFS implementation. + + WINS Replication server + + Copyright (C) Stefan Metzmacher 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include includes.h +#include dlinklist.h +#include lib/events/events.h +#include lib/socket/socket.h +#include smbd/service_task.h +#include smbd/service_stream.h +#include lib/messaging/irpc.h +#include librpc/gen_ndr/ndr_winsrepl.h +#include wrepl_server/wrepl_server.h +#include nbt_server/wins/winsdb.h +#include ldb/include/ldb.h +#include libcli/composite/composite.h +#include libcli/wrepl/winsrepl.h +#include wrepl_server/wrepl_out_helpers.h + +static uint32_t wreplsrv_periodic_run(struct wreplsrv_service *service, uint32_t next_interval) +{ + DEBUG(2,(wreplsrv_periodic_run: next in %u secs\n, next_interval)); + return next_interval; +} + +static void wreplsrv_periodic_handler_te(struct event_context *ev, struct timed_event *te, +struct timeval t, void *ptr) +{ + struct wreplsrv_service *service = talloc_get_type(ptr, struct wreplsrv_service); + uint32_t next_interval; + + service-periodic.te = NULL; + + next_interval = wreplsrv_periodic_run(service, service-config.periodic_interval); + + service-periodic.next_event = timeval_current_ofs(next_interval, 0); + service-periodic.te = event_add_timed(service-task-event_ctx, service, + service-periodic.next_event, + wreplsrv_periodic_handler_te, service); + if (!service-periodic.te) { + task_server_terminate(service-task,event_add_timed() failed! no memory!\n); + return; + } +} + +NTSTATUS wreplsrv_setup_periodic(struct wreplsrv_service *service) +{ + NTSTATUS status; + + /* +* TODO: this should go away, and we should do everything +*within the wreplsrv_periodic_run() +*/ + status = wreplsrv_setup_out_connections(service); + NT_STATUS_NOT_OK_RETURN(status); + + service-periodic.next_event = timeval_current(); + service-periodic.te = event_add_timed(service-task-event_ctx, service, + service-periodic.next_event, + wreplsrv_periodic_handler_te, service); + NT_STATUS_HAVE_NO_MEMORY(service-periodic.te); + + return NT_STATUS_OK; +} Modified: branches/SAMBA_4_0/source/wrepl_server/wrepl_server.c === --- branches/SAMBA_4_0/source/wrepl_server/wrepl_server.c 2005-12-14 08:46:52 UTC (rev 12229) +++ branches/SAMBA_4_0/source/wrepl_server/wrepl_server.c 2005-12-14
svn commit: samba r12232 - in branches/SAMBA_4_0/swat/esptest: .
Author: abartlet Date: 2005-12-14 17:16:06 + (Wed, 14 Dec 2005) New Revision: 12232 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12232 Log: I hate SWAT code being outside 'source'. Add in code to push the user's session info into ldb structure for the ldb tests. Andrew Bartlett Modified: branches/SAMBA_4_0/swat/esptest/ldb.esp Changeset: Modified: branches/SAMBA_4_0/swat/esptest/ldb.esp === --- branches/SAMBA_4_0/swat/esptest/ldb.esp 2005-12-14 12:30:07 UTC (rev 12231) +++ branches/SAMBA_4_0/swat/esptest/ldb.esp 2005-12-14 17:16:06 UTC (rev 12232) @@ -9,6 +9,8 @@ var dbfile = lp.get(sam database); var attrs = new Array(name, dnsDomain, objectSid, dn); var ldb = ldb_init(); +ldb.session_info = session.authinfo.session_info; + var ok = ldb.connect(dbfile); assert(ok);
svn commit: samba r12233 - in trunk/source: locking smbd
Author: jra Date: 2005-12-14 17:46:26 + (Wed, 14 Dec 2005) New Revision: 12233 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12233 Log: Reduce the race condition for renames by holding the lock longer. Instigated by complaints on the fix for #3303 from SATOH Fumiyasu [EMAIL PROTECTED]. Jeremy. Modified: trunk/source/locking/locking.c trunk/source/smbd/reply.c Changeset: Modified: trunk/source/locking/locking.c === --- trunk/source/locking/locking.c 2005-12-14 17:16:06 UTC (rev 12232) +++ trunk/source/locking/locking.c 2005-12-14 17:46:26 UTC (rev 12233) @@ -605,8 +605,8 @@ lck-num_share_modes = 0; lck-share_modes = NULL; lck-delete_on_close = False; + lck-fresh = False; lck-modified = False; - lck-fresh = False; if (tdb_chainlock(tdb, key) != 0) { DEBUG(3, (Could not lock share entry\n)); @@ -668,6 +668,10 @@ size_t msg_len; int i; + if (!lck) { + return False; + } + DEBUG(10, (rename_share_filename: servicepath %s newname %s\n, servicepath, newname)); Modified: trunk/source/smbd/reply.c === --- trunk/source/smbd/reply.c 2005-12-14 17:16:06 UTC (rev 12232) +++ trunk/source/smbd/reply.c 2005-12-14 17:46:26 UTC (rev 12233) @@ -4086,13 +4086,20 @@ asynchronously. / -static void rename_open_files(connection_struct *conn, SMB_DEV_T dev, SMB_INO_T inode, const char *newname) +static void rename_open_files(connection_struct *conn, struct share_mode_lock *lck, + SMB_DEV_T dev, SMB_INO_T inode, const char *newname) { files_struct *fsp; BOOL did_rename = False; - struct share_mode_lock *lck = NULL; for(fsp = file_find_di_first(dev, inode); fsp; fsp = file_find_di_next(fsp)) { + /* fsp_name is a relative path under the fsp. To change this for other + sharepaths we need to manipulate relative paths. */ + /* TODO - create the absolute path and manipulate the newname + relative to the sharepath. */ + if (fsp-conn != conn) { + continue; + } DEBUG(10,(rename_open_files: renaming file fnum %d (dev = %x, inode = %.0f) from %s - %s\n, fsp-fnum, (unsigned int)fsp-dev, (double)fsp-inode, fsp-fsp_name, newname )); @@ -4105,19 +4112,8 @@ (unsigned int)dev, (double)inode, newname )); } - /* Notify all remote smbd's. */ - lck = get_share_mode_lock(NULL, dev, inode, NULL, NULL); - if (lck == NULL) { - DEBUG(5,(rename_open_files: Could not get share mode lock for file %s\n, - fsp-fsp_name)); - return; - } - - /* Change the stored filename. */ + /* Send messages to all smbd's (not ourself) that the name has changed. */ rename_share_filename(lck, conn-connectpath, newname); - - /* Send messages to all smbd's (not ourself) that the name has changed. */ - talloc_free(lck); } / @@ -4161,6 +4157,7 @@ NTSTATUS error = NT_STATUS_OK; BOOL dest_exists; BOOL rcdest = True; + struct share_mode_lock *lck = NULL; ZERO_STRUCT(sbuf); rcdest = unix_convert(newname,conn,newname_last_component,bad_path,sbuf); @@ -4248,13 +4245,18 @@ return NT_STATUS_ACCESS_DENIED; } + lck = get_share_mode_lock(NULL, fsp-dev, fsp-inode, NULL, NULL); + if(SMB_VFS_RENAME(conn,fsp-fsp_name, newname) == 0) { DEBUG(3,(rename_internals_fsp: succeeded doing rename on %s - %s\n, fsp-fsp_name,newname)); - rename_open_files(conn, fsp-dev, fsp-inode, newname); + rename_open_files(conn, lck, fsp-dev, fsp-inode, newname); + talloc_free(lck); return NT_STATUS_OK; } + talloc_free(lck); + if (errno == ENOTDIR || errno == EISDIR) { error = NT_STATUS_OBJECT_NAME_COLLISION; } else { @@ -4286,6 +4288,7 @@ BOOL rc = True; BOOL rcdest = True; SMB_STRUCT_STAT sbuf1, sbuf2; + struct share_mode_lock *lck = NULL; *directory = *mask = 0; @@ -4456,7 +4459,7 @@ */ if (strcsequal(directory, newname)) { - rename_open_files(conn, sbuf1.st_dev, sbuf1.st_ino, newname); + rename_open_files(conn, NULL, sbuf1.st_dev, sbuf1.st_ino, newname);
svn commit: samba r12234 - in branches/SAMBA_3_0/source: locking smbd
Author: jra Date: 2005-12-14 17:46:29 + (Wed, 14 Dec 2005) New Revision: 12234 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12234 Log: Reduce the race condition for renames by holding the lock longer. Instigated by complaints on the fix for #3303 from SATOH Fumiyasu [EMAIL PROTECTED]. Jeremy. Modified: branches/SAMBA_3_0/source/locking/locking.c branches/SAMBA_3_0/source/smbd/reply.c Changeset: Modified: branches/SAMBA_3_0/source/locking/locking.c === --- branches/SAMBA_3_0/source/locking/locking.c 2005-12-14 17:46:26 UTC (rev 12233) +++ branches/SAMBA_3_0/source/locking/locking.c 2005-12-14 17:46:29 UTC (rev 12234) @@ -605,8 +605,8 @@ lck-num_share_modes = 0; lck-share_modes = NULL; lck-delete_on_close = False; + lck-fresh = False; lck-modified = False; - lck-fresh = False; if (tdb_chainlock(tdb, key) != 0) { DEBUG(3, (Could not lock share entry\n)); @@ -668,6 +668,10 @@ size_t msg_len; int i; + if (!lck) { + return False; + } + DEBUG(10, (rename_share_filename: servicepath %s newname %s\n, servicepath, newname)); Modified: branches/SAMBA_3_0/source/smbd/reply.c === --- branches/SAMBA_3_0/source/smbd/reply.c 2005-12-14 17:46:26 UTC (rev 12233) +++ branches/SAMBA_3_0/source/smbd/reply.c 2005-12-14 17:46:29 UTC (rev 12234) @@ -4086,13 +4086,20 @@ asynchronously. / -static void rename_open_files(connection_struct *conn, SMB_DEV_T dev, SMB_INO_T inode, const char *newname) +static void rename_open_files(connection_struct *conn, struct share_mode_lock *lck, + SMB_DEV_T dev, SMB_INO_T inode, const char *newname) { files_struct *fsp; BOOL did_rename = False; - struct share_mode_lock *lck = NULL; for(fsp = file_find_di_first(dev, inode); fsp; fsp = file_find_di_next(fsp)) { + /* fsp_name is a relative path under the fsp. To change this for other + sharepaths we need to manipulate relative paths. */ + /* TODO - create the absolute path and manipulate the newname + relative to the sharepath. */ + if (fsp-conn != conn) { + continue; + } DEBUG(10,(rename_open_files: renaming file fnum %d (dev = %x, inode = %.0f) from %s - %s\n, fsp-fnum, (unsigned int)fsp-dev, (double)fsp-inode, fsp-fsp_name, newname )); @@ -4105,19 +4112,8 @@ (unsigned int)dev, (double)inode, newname )); } - /* Notify all remote smbd's. */ - lck = get_share_mode_lock(NULL, dev, inode, NULL, NULL); - if (lck == NULL) { - DEBUG(5,(rename_open_files: Could not get share mode lock for file %s\n, - fsp-fsp_name)); - return; - } - - /* Change the stored filename. */ + /* Send messages to all smbd's (not ourself) that the name has changed. */ rename_share_filename(lck, conn-connectpath, newname); - - /* Send messages to all smbd's (not ourself) that the name has changed. */ - talloc_free(lck); } / @@ -4161,6 +4157,7 @@ NTSTATUS error = NT_STATUS_OK; BOOL dest_exists; BOOL rcdest = True; + struct share_mode_lock *lck = NULL; ZERO_STRUCT(sbuf); rcdest = unix_convert(newname,conn,newname_last_component,bad_path,sbuf); @@ -4248,13 +4245,18 @@ return NT_STATUS_ACCESS_DENIED; } + lck = get_share_mode_lock(NULL, fsp-dev, fsp-inode, NULL, NULL); + if(SMB_VFS_RENAME(conn,fsp-fsp_name, newname) == 0) { DEBUG(3,(rename_internals_fsp: succeeded doing rename on %s - %s\n, fsp-fsp_name,newname)); - rename_open_files(conn, fsp-dev, fsp-inode, newname); + rename_open_files(conn, lck, fsp-dev, fsp-inode, newname); + talloc_free(lck); return NT_STATUS_OK; } + talloc_free(lck); + if (errno == ENOTDIR || errno == EISDIR) { error = NT_STATUS_OBJECT_NAME_COLLISION; } else { @@ -4286,6 +4288,7 @@ BOOL rc = True; BOOL rcdest = True; SMB_STRUCT_STAT sbuf1, sbuf2; + struct share_mode_lock *lck = NULL; *directory = *mask = 0; @@ -4456,7 +4459,7 @@ */ if (strcsequal(directory, newname)) { - rename_open_files(conn, sbuf1.st_dev, sbuf1.st_ino, newname); +
svn commit: samba r12235 - in branches/SAMBA_3_0: . source/libsmb
Author: derrell Date: 2005-12-14 18:15:54 + (Wed, 14 Dec 2005) New Revision: 12235 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12235 Log: [EMAIL PROTECTED]: derrell | 2005-12-14 13:15:14 -0500 Ensure that when libsmbclient copies a cli, it prevents the cli from later being freed, by turning off the 'allocated' flag. Change a DEBUG message in pipe_open code from level 0 to level 1 since libsmbclient is now regularly attempting to open a pipe for share enumeration, and falling back to RAP if RPC is unavailable (e.g. win98). We don't want the debug message to display when the pipe open fails, under these normal circumstances. Modified: branches/SAMBA_3_0/ branches/SAMBA_3_0/source/libsmb/libsmbclient.c Changeset: Property changes on: branches/SAMBA_3_0 ___ Name: svk:merge - 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:11729 + 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:11738 Modified: branches/SAMBA_3_0/source/libsmb/libsmbclient.c === --- branches/SAMBA_3_0/source/libsmb/libsmbclient.c 2005-12-14 17:46:29 UTC (rev 12234) +++ branches/SAMBA_3_0/source/libsmb/libsmbclient.c 2005-12-14 18:15:54 UTC (rev 12235) @@ -774,6 +774,7 @@ ZERO_STRUCTP(srv); srv-cli = c; +srv-cli.allocated = False; srv-dev = (dev_t)(str_checksum(server) ^ str_checksum(share)); srv-no_pathinfo = False; srv-no_pathinfo2 = False; @@ -863,6 +864,7 @@ ZERO_STRUCTP(ipc_srv); ipc_srv-cli = *ipc_cli; +ipc_srv-cli.allocated = False; free(ipc_cli);
svn commit: samba r12236 - in branches/SAMBA_3_0: . source/rpc_client
Author: derrell Date: 2005-12-14 18:17:05 + (Wed, 14 Dec 2005) New Revision: 12236 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12236 Log: [EMAIL PROTECTED]: derrell | 2005-12-14 13:16:58 -0500 check in the DEBUG message referenced in the previous commit Modified: branches/SAMBA_3_0/ branches/SAMBA_3_0/source/rpc_client/cli_pipe.c Changeset: Property changes on: branches/SAMBA_3_0 ___ Name: svk:merge - 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:11738 + 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:11740 Modified: branches/SAMBA_3_0/source/rpc_client/cli_pipe.c === --- branches/SAMBA_3_0/source/rpc_client/cli_pipe.c 2005-12-14 18:15:54 UTC (rev 12235) +++ branches/SAMBA_3_0/source/rpc_client/cli_pipe.c 2005-12-14 18:17:05 UTC (rev 12236) @@ -2189,7 +2189,7 @@ fnum = cli_nt_create(cli, result-pipe_name, DESIRED_ACCESS_PIPE); if (fnum == -1) { - DEBUG(0,(cli_rpc_pipe_open: cli_nt_create failed on pipe %s + DEBUG(1,(cli_rpc_pipe_open: cli_nt_create failed on pipe %s to machine %s. Error was %s\n, result-pipe_name, cli-desthost, cli_errstr(cli)));
svn commit: samba r12237 - in trunk: . source/libsmb source/rpc_client
Author: derrell Date: 2005-12-14 18:20:19 + (Wed, 14 Dec 2005) New Revision: 12237 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12237 Log: [EMAIL PROTECTED]: derrell | 2005-12-14 13:19:54 -0500 merge changes from samba_3_0 Modified: trunk/ trunk/source/libsmb/libsmbclient.c trunk/source/rpc_client/cli_pipe.c Changeset: Property changes on: trunk ___ Name: svk:merge - 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba-trunk:10820 + 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba-trunk:11773 Modified: trunk/source/libsmb/libsmbclient.c === --- trunk/source/libsmb/libsmbclient.c 2005-12-14 18:17:05 UTC (rev 12236) +++ trunk/source/libsmb/libsmbclient.c 2005-12-14 18:20:19 UTC (rev 12237) @@ -774,6 +774,7 @@ ZERO_STRUCTP(srv); srv-cli = c; +srv-cli.allocated = False; srv-dev = (dev_t)(str_checksum(server) ^ str_checksum(share)); srv-no_pathinfo = False; srv-no_pathinfo2 = False; @@ -863,6 +864,7 @@ ZERO_STRUCTP(ipc_srv); ipc_srv-cli = *ipc_cli; +ipc_srv-cli.allocated = False; free(ipc_cli); Modified: trunk/source/rpc_client/cli_pipe.c === --- trunk/source/rpc_client/cli_pipe.c 2005-12-14 18:17:05 UTC (rev 12236) +++ trunk/source/rpc_client/cli_pipe.c 2005-12-14 18:20:19 UTC (rev 12237) @@ -2189,7 +2189,7 @@ fnum = cli_nt_create(cli, result-pipe_name, DESIRED_ACCESS_PIPE); if (fnum == -1) { - DEBUG(0,(cli_rpc_pipe_open: cli_nt_create failed on pipe %s + DEBUG(1,(cli_rpc_pipe_open: cli_nt_create failed on pipe %s to machine %s. Error was %s\n, result-pipe_name, cli-desthost, cli_errstr(cli)));
svn commit: samba r12240 - in branches/SAMBA_4_0/source/libcli/wrepl: .
Author: metze Date: 2005-12-14 19:04:45 + (Wed, 14 Dec 2005) New Revision: 12240 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12240 Log: if the caller isn't interessted in the reply packet, just free it (mostly use for send_only requests, where we don't have a reply at all) metze Modified: branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c === --- branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c 2005-12-14 18:24:59 UTC (rev 12239) +++ branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c 2005-12-14 19:04:45 UTC (rev 12240) @@ -505,7 +505,7 @@ struct wrepl_packet **packet) { NTSTATUS status = wrepl_request_wait(req); - if (NT_STATUS_IS_OK(status)) { + if (NT_STATUS_IS_OK(status) packet) { *packet = talloc_steal(mem_ctx, req-packet); } talloc_free(req);
svn commit: samba r12241 - in branches/SAMBA_4_0/source/wrepl_server: .
Author: metze Date: 2005-12-14 19:07:53 + (Wed, 14 Dec 2005) New Revision: 12241 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12241 Log: fix the inform push notifies metze Modified: branches/SAMBA_4_0/source/wrepl_server/wrepl_out_helpers.c Changeset: Modified: branches/SAMBA_4_0/source/wrepl_server/wrepl_out_helpers.c === --- branches/SAMBA_4_0/source/wrepl_server/wrepl_out_helpers.c 2005-12-14 19:04:45 UTC (rev 12240) +++ branches/SAMBA_4_0/source/wrepl_server/wrepl_out_helpers.c 2005-12-14 19:07:53 UTC (rev 12241) @@ -802,7 +802,7 @@ enum wreplsrv_push_notify_stage { WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_CONNECT, - WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_UPDATE, + WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_INFORM, WREPLSRV_PUSH_NOTIFY_STAGE_DONE }; @@ -944,7 +944,7 @@ state-req-async.fn= wreplsrv_push_notify_handler_req; state-req-async.private = state; - state-stage = WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_UPDATE; + state-stage = WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_INFORM; return NT_STATUS_OK; } @@ -976,9 +976,15 @@ return NT_STATUS_INTERNAL_ERROR; } -static NTSTATUS wreplsrv_push_notify_wait_update(struct wreplsrv_push_notify_state *state) +static NTSTATUS wreplsrv_push_notify_wait_inform(struct wreplsrv_push_notify_state *state) { - return NT_STATUS_FOOBAR; + NTSTATUS status; + + status = wrepl_request_recv(state-req, state, NULL); + NT_STATUS_NOT_OK_RETURN(status); + + state-stage = WREPLSRV_PUSH_NOTIFY_STAGE_DONE; + return status; } static void wreplsrv_push_notify_handler(struct wreplsrv_push_notify_state *state) @@ -989,8 +995,8 @@ case WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_CONNECT: c-status = wreplsrv_push_notify_wait_connect(state); break; - case WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_UPDATE: - c-status = wreplsrv_push_notify_wait_update(state); + case WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_INFORM: + c-status = wreplsrv_push_notify_wait_inform(state); break; case WREPLSRV_PUSH_NOTIFY_STAGE_DONE: c-status = NT_STATUS_INTERNAL_ERROR;
svn commit: samba r12242 - in branches/SAMBA_4_0/source/wrepl_server: .
Author: metze Date: 2005-12-14 19:19:43 + (Wed, 14 Dec 2005) New Revision: 12242 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12242 Log: - make the push notifications triggered by the change count - for now we fake the change count to '1', so we'll still have periodicly triggered push notifies, the interval is the 'wreplsrv:periodic_interval=60' - add the 'pushUseInform' attribute to the wreplPartner objectClass to configure if we'll use WREPL_REPL_INFORM notifies metze Added: branches/SAMBA_4_0/source/wrepl_server/wrepl_out_push.c Modified: branches/SAMBA_4_0/source/wrepl_server/config.mk branches/SAMBA_4_0/source/wrepl_server/wrepl_out_connection.c branches/SAMBA_4_0/source/wrepl_server/wrepl_periodic.c branches/SAMBA_4_0/source/wrepl_server/wrepl_server.c branches/SAMBA_4_0/source/wrepl_server/wrepl_server.h Changeset: Sorry, the patch is too large (334 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12242
svn commit: samba r12243 - in trunk/source: include param rpc_server
Author: jra Date: 2005-12-14 20:28:45 + (Wed, 14 Dec 2005) New Revision: 12243 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12243 Log: The usershare code needs to validate service names too. Add '%' as an invalid sharename so we don't get bitten by substitution expansion. Jeremy. Modified: trunk/source/include/local.h trunk/source/param/loadparm.c trunk/source/rpc_server/srv_srvsvc_nt.c Changeset: Modified: trunk/source/include/local.h === --- trunk/source/include/local.h2005-12-14 19:19:43 UTC (rev 12242) +++ trunk/source/include/local.h2005-12-14 20:28:45 UTC (rev 12243) @@ -238,4 +238,7 @@ /* tdb hash size for the open database. */ #define SMB_OPEN_DATABASE_TDB_HASH_SIZE 1049 +/* Characters we disallow in sharenames. */ +#define INVALID_SHARENAME_CHARS %*?|/\\+=;:\, + #endif Modified: trunk/source/param/loadparm.c === --- trunk/source/param/loadparm.c 2005-12-14 19:19:43 UTC (rev 12242) +++ trunk/source/param/loadparm.c 2005-12-14 20:28:45 UTC (rev 12243) @@ -4284,6 +4284,13 @@ return True; } + /* The path *must* be absolute. */ + if (sharepath[0] != '/') { + DEBUG(0,(parse_usershare_file: path %s is not an absolute path.\n, + sharepath)); + return False; + } + /* Ensure this is pointing to a directory. */ dp = sys_opendir(sharepath); @@ -4357,8 +4364,11 @@ TALLOC_CTX *ctx = NULL; SEC_DESC *psd = NULL; - /* No names containing substitute chars. */ - if (strchr_m(file_name, '%')) { + /* Ensure share name doesn't contain invalid characters. */ + if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) { + DEBUG(0,(process_usershare_file: share name %s contains + invalid characters (any of %s)\n, + file_name, INVALID_SHARENAME_CHARS )); return -1; } Modified: trunk/source/rpc_server/srv_srvsvc_nt.c === --- trunk/source/rpc_server/srv_srvsvc_nt.c 2005-12-14 19:19:43 UTC (rev 12242) +++ trunk/source/rpc_server/srv_srvsvc_nt.c 2005-12-14 20:28:45 UTC (rev 12243) @@ -29,14 +29,12 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV -#define INVALID_SHARENAME_CHARS *?|/\\+=;:\, - / Check a string for any occurrences of a specified list of invalid characters. / -static BOOL validate_net_name( const char *name, const char *invalid_chars, int max_len ) +BOOL validate_net_name( const char *name, const char *invalid_chars, int max_len ) { int i;
svn commit: samba r12244 - in trunk/source/lib: .
Author: jra Date: 2005-12-14 20:31:54 + (Wed, 14 Dec 2005) New Revision: 12244 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12244 Log: Ooops. Fix the build. Jeremy. Modified: trunk/source/lib/dummysmbd.c Changeset: Modified: trunk/source/lib/dummysmbd.c === --- trunk/source/lib/dummysmbd.c2005-12-14 20:28:45 UTC (rev 12243) +++ trunk/source/lib/dummysmbd.c2005-12-14 20:31:54 UTC (rev 12244) @@ -53,3 +53,8 @@ { return False; } + +BOOL validate_net_name( const char *name, const char *invalid_chars, int max_len ) +{ + return False; +}
svn commit: samba r12245 - in branches/SAMBA_3_0/source/passdb: .
Author: jra Date: 2005-12-14 20:39:42 + (Wed, 14 Dec 2005) New Revision: 12245 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12245 Log: eDirectory returns LDAP_UNWILLING_TO_PERFORM if the account is disabled. If we get this we can't check the password so have to tell the client the account was disabled. Jeremy. Modified: branches/SAMBA_3_0/source/passdb/pdb_nds.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_nds.c === --- branches/SAMBA_3_0/source/passdb/pdb_nds.c 2005-12-14 20:31:54 UTC (rev 12244) +++ branches/SAMBA_3_0/source/passdb/pdb_nds.c 2005-12-14 20:39:42 UTC (rev 12245) @@ -824,6 +824,15 @@ case LDAP_INVALID_CREDENTIALS: nt_status = NT_STATUS_WRONG_PASSWORD; break; + case LDAP_UNWILLING_TO_PERFORM: + /* eDir returns this if the account was disabled. */ + /* The problem is we don't know if the given + password was correct for this account or + not. We have to return more info than we + should and tell the client NT_STATUS_ACCOUNT_DISABLED + so they don't think the password was bad. JRA. */ + nt_status = NT_STATUS_ACCOUNT_DISABLED; + break; default: break; }
svn commit: samba r12246 - in trunk/source/passdb: .
Author: jra Date: 2005-12-14 20:39:45 + (Wed, 14 Dec 2005) New Revision: 12246 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12246 Log: eDirectory returns LDAP_UNWILLING_TO_PERFORM if the account is disabled. If we get this we can't check the password so have to tell the client the account was disabled. Jeremy. Modified: trunk/source/passdb/pdb_nds.c Changeset: Modified: trunk/source/passdb/pdb_nds.c === --- trunk/source/passdb/pdb_nds.c 2005-12-14 20:39:42 UTC (rev 12245) +++ trunk/source/passdb/pdb_nds.c 2005-12-14 20:39:45 UTC (rev 12246) @@ -824,6 +824,15 @@ case LDAP_INVALID_CREDENTIALS: nt_status = NT_STATUS_WRONG_PASSWORD; break; + case LDAP_UNWILLING_TO_PERFORM: + /* eDir returns this if the account was disabled. */ + /* The problem is we don't know if the given + password was correct for this account or + not. We have to return more info than we + should and tell the client NT_STATUS_ACCOUNT_DISABLED + so they don't think the password was bad. JRA. */ + nt_status = NT_STATUS_ACCOUNT_DISABLED; + break; default: break; }
svn commit: samba r12247 - in branches/SAMBA_4_0/source/libcli/wrepl: .
Author: metze Date: 2005-12-14 21:27:29 + (Wed, 14 Dec 2005) New Revision: 12247 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12247 Log: - reject freeing the wrepl_socket inside of wrepl_socket_dead() - free it at the end of wrepl_socket_dead() if needed metze Modified: branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.h Changeset: Modified: branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c === --- branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c 2005-12-14 20:39:45 UTC (rev 12246) +++ branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.c 2005-12-14 21:27:29 UTC (rev 12247) @@ -35,7 +35,6 @@ */ static void wrepl_socket_dead(struct wrepl_socket *wrepl_socket, NTSTATUS status) { - talloc_set_destructor(wrepl_socket, NULL); wrepl_socket-dead = True; if (wrepl_socket-packet) { @@ -62,6 +61,11 @@ DLIST_REMOVE(wrepl_socket-recv_queue, req); wrepl_request_finished(req, status); } + + talloc_set_destructor(wrepl_socket, NULL); + if (wrepl_socket-free_skipped) { + talloc_free(wrepl_socket); + } } static void wrepl_request_timeout_handler(struct event_context *ev, struct timed_event *te, @@ -135,6 +139,10 @@ static int wrepl_socket_destructor(void *ptr) { struct wrepl_socket *sock = talloc_get_type(ptr, struct wrepl_socket); + if (sock-dead) { + sock-free_skipped = True; + return -1; + } wrepl_socket_dead(sock, NT_STATUS_LOCAL_DISCONNECT); return 0; } Modified: branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.h === --- branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.h 2005-12-14 20:39:45 UTC (rev 12246) +++ branches/SAMBA_4_0/source/libcli/wrepl/winsrepl.h 2005-12-14 21:27:29 UTC (rev 12247) @@ -47,6 +47,9 @@ /* remember is the socket is dead */ BOOL dead; + + /* remember if we need to free the wrepl_socket at the end of wrepl_socket_dead() */ + BOOL free_skipped; }; struct wrepl_send_ctrl {