[Samba] Stuck in read-only mode
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm running Samba on Ubuntu linux. I'm trying set it up so that my Windows laptop can use my home directory on the linux box. I've configured the home directory as follows [home] case sensitive = no msdfs proxy = no read only = no username = michael comment = My home directory path = /home/michael When I try to write to the file on my Windows box, however, it shows the directory to be read-only. What am I missing? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDpBKPjeziQOokQnARAgyRAKCIn+cLnz6+6S5efjjDADsFG3lzTQCeP+Ti FqvjGNLX28q7BxKYDSK+eQs= =zh8+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind problem (Trusting domains)
I cannot comment on idmap_rid approach because I am currently using idmap_ldap. I have had a wonderful experience with this setup. Also on all the clients I am running nscd and I have had no troubles. If nscd ever gives you trouble all you have to do is invalidate the cache in question. Rather than shutting down nscd you can simpley do nscd -i passwd to flush the users cache. I must warn you that the idmap_ldap setup is horribly unstable on RHEL3.xand CentOS 3.x. Winbind dies periodically. However on CentOS4/RHEL4 and SLEL 9.3 it is very stable. I am also running Gentoo clients and it is very stable on that too. By the way initially I did all my testing without nscd. I only started to use nscd when I noticed the increased load on ldap server and slow response. On 12/16/05, Simo Sorce [EMAIL PROTECTED] wrote: On Fri, 2005-12-16 at 12:33 +0100, Michael Gasch wrote: it has always been mentioned, that idmap_rid is the better backend in large organizations Sorry ? I do not think idmap_rid is good for v. large organization. Probably the best bet is idmap_ldap. Nscd is ok as long as you know it's downsides. For example on the PDC it is necessary to shut it down while adding or modifying users, and it may be a problem on member servers as it caches both positive _and_ negative lookups. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Knowledge is the only wealth that grows as you spend it, and diminishes as you save it. -- ancient Sanskrit saying -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_LOGON_FAILURE
Donald Musser wrote: Hi everyone, I'm using the online HOWTO manual in the Quick Start reference to try and get a basic domain controller going. So I set up smb.conf, and testparm checked out okay, I've started nmbd and smbd, but when I try to to run [EMAIL PROTECTED] samba]#smbclient -L username -Uusername%password session setup failed: NT_STATUS_LOGON_FAILURE -- I get this error I recently got this message, and the solution in my case was to run (as root): # smbpasswd -a username where username is a valid user account on the samba server. Mat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over PVFS: Corrupted Data
On Fri, 2005-12-16 at 20:56 -0500, Justin Mazzola Paluska wrote: Hello, I'm trying to export Samba shares that access a PVFS2 (http://www.pvfs.org/pvfs2)-mounted partition. PVFS2 is a parallel, distributed file system for Linux clusters. PVFS2 gets mounted like any other partition and it offers non-POSIX file semantics similar to NFS. We can use standard shell commands (mv, ls, cp, etc.) to read and write files on the PVFS2 file system without any problems. On Samba (3.0.13) we've had quite a few problems: The Samba 3.0.13 would be the first thing I would fix. Samba 3.0.21 is about to be released, and with oplock rewrites and other things since 3.0.13, it should provide a better basis for distributed filesystem work. My guess is that the lack of posix locking is causing Word to fail, as it uses a lot of locks. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Using smbmount in a script - no return value
I'm trying to periodically mount an XP share on my linux box, and I've noticed that smbmount doesn't return a value so I can't test for success in my shell script: #!/bin/bash smbmount //NonsenseShare /bad/mnt/point || echo error with smbmount In this case smbmount silently fails. I searched the archives and found a couple of messages about smbmount demonizing before leaving a return value. Is there a good way to test for the success or failure of smbmount? Mat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Stuck in read-only mode
On Sat, 2005-12-17 at 07:28 -0600, Michael Satterwhite wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm running Samba on Ubuntu linux. I'm trying set it up so that my Windows laptop can use my home directory on the linux box. I've configured the home directory as follows [home] case sensitive = no msdfs proxy = no read only = no username = michael comment = My home directory path = /home/michael When I try to write to the file on my Windows box, however, it shows the directory to be read-only. What am I missing? You could try Samba 3.0.21rc2, as there were changes in this area. Is it just shown as read only, or actually read only? The issue I'm talking about can be worked around by setting 'acl check permissions = no' in Samba 3.0.20 (where we had this issue). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA3 + LDAP
mallapadi niranjan wrote: Hi all I have samb3 with LDAP , My query is 1. My clients are windows 2000 professional, and the clients are not able to join the domain but if add the computer name in /etc/passwd ie computername$:x:110:200::/bin/false:/dev/null and then do smbpasswd -a -m computername , the computer is able to join the domain but i have mentioned the add machine script in smb.conf file It seems you missed the nss_ldap part, what is in your /etc/ldap.conf and /etc/nsswitch.conf? 2. After Joining the domain, i am unable to login as Administrator, but able to login as root if i give command getent passwd | grep Administrator , there is no output again, nss_ldap setup broken. 3. How do i create groups , and add users to the groups, it is not taking system groups, when i do smbldap-populate, it adds people,group, Domain Admins, Domain Users, etc and root, but not system groups so how to add system groups , depends, if you have the add user to group script and friends set up in smb.conf you can use usermgr.exe. You can use any ldap-tool to do it though. 4. in have smbldap-tool 0.9 , in that there is no mkntpasswd , is it ok, or this should be there, when i downloaded from the IDEALX website, it was not there int the TAR.gz file. I think it has been replaced with some perl module recently. cheers Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Migrating W2K Workstation to Samba Domain
I'm sorry, I can't help you with the issue of forcing Samba to use local profiles. I should be able to help you, but at the moment I'm rusty on that and I have a headache. But what I CAN help you with, once you get over the issue of roaming vs. local profiles, is how to make sure the users get their old profiles. In this example, let us consider the user account fred. The issue is that when you move the workstation to the new Samba domain, Windows will attempt to create a new profile for the user fred, because the user's SID will have changed (unless you have used 'net rpc vampire' to extract the SIDs from the AD domain). Windows doesn't know you by your name (fred), it knows you by your SID (big long ugly string of characters), just like the bank does. So fred logs in to the Samba domain, and all his settings, desktop, documents, etc. are GONE. What is the poor, embattled administrator to do? The answer lies in the registry, a few keys that associate a SID with a user profile directory. Here's how to fix it. After joining the workstation to the new domain, login as fred. A new profile folder will be created, something like \Documents and Settings\fred.newdomain (note that Fred's old profile was something like \Documents and Settings\fred). Hint: you can determine the profile folder by right-clicking the Start button and clicking Explore (not Explore All). Now log out. Log in to the workstation with an account that has local administrative rights. It helps if this account also has domain admin rights, but it absolutely must have local admin rights. Find Fred's original profile folder, and apply permissions to it such that the user fred in the new domain has full rights to it. (You should see existing permissions of OLDDOMAIN\fred has full rights. You need to add NEWDOMAIN\fred.) Make sure you apply these rights to all child objects. Do the same for any other folders on this workstation that fred might've been given specific rights to. (You can skip this step if the filesystem is FAT32.) Now open the registry editor (regedt32 on Windows 2000 or earlier; regedit ONLY in XP.). Under the HKEY_USERS hive, load the hive \Documents and Settings\fred\ntuser.dat. Note that this is fred's original profile registry hive. Similarly to how you just assigned rights to the profile folder, assign the rights to fred's registry hive. AFTER ASSIGNING RIGHTS, YOU MUST UNLOAD THE HIVE OR RESTART THE WORKSTATION or else Fred won't be able to log on. Go to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. Under this key, you will see several keys named for the user SIDs for profiles on this machine. Locate the key corresponding to fred's SID in the NEW domain. Change the value for ProfileImagePath to reflect the path to fred's original profile*.* Close the registry editor. Assign any other rights, such as local administrator, to fred's new domain account. REBOOT THE WORKSTATION. Log in as fred, to the new domain. You should get fred's original desktop and have access to his documents. WARNING: changes made in the registry editor are immediate. There is no undo. Use caution. ~Jon Johnson Sutinen Consulting, Inc. www.sutinen.com (360) 270-9317 cell Michael Urban wrote: My message dated: Mon, 12 Dec 2005 10:16:14 EST I am replacing a W2K AD server with a Samba server. The server has a single W2K Workstation client, in a public area and used by a dozen or so different users. When I join the workstation to the Samba domain, it complains that it cannot load a roaming profile (in the W2K AD domain, it used local profiles), and it does not create a new local profile, instead using a temporary profile. Obviously a permission problem somewhere. What is the exact problem, and what is the solution? I am still at sea on this. To clarify things a bit more, users of this workstation (under the W2K server) have local profiles, not floating profiles. I would like to let them continue to have local profiles, even if it proves impossible to let them use their old ones due to permission problems. However, even removing their directories from C:\Documents and Settings does not help - Windows does not create a new one for them (as all the documentation I have read led me to believe it would).o logon path= logon home= does not seem to affect this situation. It still seems to try to get a floating profile, fails, and then makes a local profile in TEMP. Hasn't anyone performed this sort of migration before? What other information can I provide (or try to glean from log files) to get this sorted out? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using smbmount in a script - no return value
For some of us simple minded types, like me, perhaps you could have a permanent file in the share and test for it after mounting. Create the file NonsenseShare/iamhere #!/bin/bash smbmount //NonsenseShare /bad/mnt/point if test -f /bad/mnt/point/iamhere ; then printf The mount worked!\n else printf Rats, it didn't work!\n fi If you can't get a return value from one command, use another command :-) HTH, Michael Mathew D. Watson told me on 12/17/2005 11:53: I'm trying to periodically mount an XP share on my linux box, and I've noticed that smbmount doesn't return a value so I can't test for success in my shell script: #!/bin/bash smbmount //NonsenseShare /bad/mnt/point || echo error with smbmount In this case smbmount silently fails. I searched the archives and found a couple of messages about smbmount demonizing before leaving a return value. Is there a good way to test for the success or failure of smbmount? Mat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] HOW TO: Migrating users' locally-stored profiles from one domain or workgroup to a new domain
Migrating Users Profiles When Changing Domain Affiliation: A Primer I. Introduction NOTE: This applies to Windows NT-based systems with locally-stored user profiles. Windows 9x and Me do not manage user profiles in the same way. Quite often we find the need to change a workstation's affiliation, either from a workgroup (that is, the workstation is not in a domain environment) to a domain, from one domain to another, or perhaps we need to remove a workstation from a domain and have it rely on local user authentication. The problem is that in any of these scenarios, established users finds that they have lost access to their locally stored profiles; a new profile is created for them when they log in to the new domain. They need to re-establish the icons on their desktops, they need to re-establish rights on that computer, and they need to copy their personal files (i.e., My Documents) from the old profile to the new one. This is a recipe for a headache and ill feelings toward the network administrator. The traditional solution has been to use roaming profiles, but this is not always convenient or practical, and sometimes something breaks and that tactic doesn't work. There is another method that I've developed which seems to work pretty well. It involves messing with permissions and the registry, so caveat administrator. II. Active Directory Migration Tool: The Microsoft Way Microsoft provides the Active Directory Migration Tool (ADMT) for migrating user accounts, groups, and machine accounts from one domain to another as an installable tool from the Windows Server 2003 CD. You can also download it from Microsoft; go to http://download.microsoft.com/ and search for ADMT. I have used it on several occasions for migrating accounts between Windows domains (NT to 2003, 2000 to 2003, and even Samba to 2003). I do not believe it would work for migrating from a Windows domain to a Samba domain, but I've never tried it. Perhaps some intrepid administrators would like to try it out with the early versions of Samba 4. One of the significant advantages of using ADMT is that in addition to migrating user, group, and machine accounts, it will dispatch to each workstation during the computer migration phase an agent which translates user profiles. In my observations, ADMT performs the following tasks when migrating a machine account (assuming that user accounts have been first migrated with the preserve SID history option): 1. File system rights are translated. This especially applies to user profile folders. 2. File sharing rights are tanslated. 3. Registry hive rights are translated. This especially applies to individual NTUSER.DAT registry hives (the core of the user profile), so that the migrated user has full access to his or her original profile. 4. User rights and groups are translated. If a user was a member of the local administrators group, the user will remain so in the new domain. 5. User is mapped to profle. For machines with numerous user profiles, or for a network with a large number of workstations, ADMT saves the administrator a lot of time, as these tasks are fully automated. Since we are using Samba, we can't use ADMT to translate user rights and migrate these items to the new domain. We must do this manually. III. Manual Migration of Local User Profiles from Domain to Domain or from Workgroup to Domain Before joining the workstation to the new domain, it is helpful to document the location of the profile folder of the user account we wish to migrate. This is easily done from a command shell by typing 'echo %userprofile%'. It is also helpful to note what local groups the user is a member of, such as administrators. Once you have joined the worstation to the new domain, log in to the new domain as the user you wish to migrate. At this time, a new profile will be created. Make a note of this profile's folder location. The profile folder will be deleted in a later step, but by logging in this way we have created the registry entry that defines the user's profile in the new domain. Log out. Now, log in to the workstation as a local administrator. It is helpful if the account also has domain admin priviledges. Assign rights to the user's old domain local profile folder: add the user's new domain account to filesystem security. Be sure to reset permissions on child objects so subfolders and contents will have the proper permissions. Similarly, assign rights to any shares on this workstation that have specific permissions applied. Launch the registry editor. In Windows 2000 or NT, you must use regedt32, not regedit. In Windows XP, use regedit. Under HKEY_USERS, load the user's old domain profile registry hive. This will be the NTUSER.DAT file located in the profile folder you noted at the beginning of this exercise. Assign permissions to this newly loaded hive such that the user's new domain account has full access. Be sure to apply this to all child objects. You may be presented with an
[Samba] Samba over PVFS: Corrupted Data
Hello, I'm trying to export Samba shares that access a PVFS2 (http://www.pvfs.org/pvfs2)-mounted partition. PVFS2 is a parallel, distributed file system for Linux clusters. PVFS2 gets mounted like any other partition and it offers non-POSIX file semantics similar to NFS. We can use standard shell commands (mv, ls, cp, etc.) to read and write files on the PVFS2 file system without any problems. On Samba (3.0.13) we've had quite a few problems: 1. When we first made a Samba share, Windows (XP) explorer could see files, but would not let us manipulate them. For example, if we tried copying a file on the share, Windows would complain about a bad file handle. The Samba logs indicated that send_file_readX was causing a problem, so we put use sendfile = no in the share's configuration. We can now read from the share and save files using Notepad. 2. However, if we try copying files to the share with explorer or cmd, such as a pdf file, they get corrupted. The files are consistently corrupted in the same way. Similarly, Word refuses to write to the share. Unfortunately, for these problems, the samba logs say nothing -- I just see that the Windows computer connected to Samba server and the logs stop there. Has anyone had luck sharing PVFS volumes, or if not, are there any special settings I need for file systems with NFS-like semantics? I'm using a 2.6.14 Linux kernel on Mandrake 10.2. Samba is the aforementioned version 3.0.13. Thanks, --Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User Must Change Password On Next Logon
Hello, you can write this: pdbedit --pwd-must-change-time=1134732000 'username' P.S.: 1134732000 is the time (sec) starting at 01/01/1970, in this case, the user 'username' must change his password after the 16/12/2005 12:20. Bye Emanuele -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WINS clients fail to release/refresh records with Samba WINS server after reboot
Hi all, We are running Samba 3.0.2a and using it as a domain controller and WINS server. After rebooting the server, we are unable to reach (i.e. looking up machines by name) some of our network PCs (Windows 2000 boxes), due to failure with WINS look up. I investigated the wins.db file, and those Win boxes are not listed in there. If I use the command nbtstat -RR on those PCs to refresh and renew their WINS record on the WINS server, this does NOT seem to add them back in. The only way to get them to be added again is to reboot those PCs. What I would like to know is: a) Is there a way to have the PCs to register themselves with the Samba WINS server automatically after the Samba WINS server has been rebooted? b) if there is no way to do this automatically, is there a way or a command to get the PCs to register with the Samba WINS server without having to reboot them? -f. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WINS clients fail to release/refresh records with Samba WINS server after reboot
Hi all, We are running Samba 3.0.2a and using it as a domain controller and WINS server. After rebooting the server, we are unable to reach (i.e. looking up machines by name) some of our network PCs (Windows 2000 boxes), due to failure with WINS look up. I investigated the wins.db file, and those Win boxes are not listed in there. If I use the command nbtstat -RR on those PCs to refresh and renew their WINS record on the WINS server, this does NOT seem to add them back in. The only way to get them to be added again is to reboot those PCs. What I would like to know is: a) Is there a way to have the PCs to register themselves with the Samba WINS server automatically after the Samba WINS server has been rebooted? b) if there is no way to do this automatically, is there a way or a command to get the PCs to register with the Samba WINS server without having to reboot them? -f. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Share Access for SAMBA 2.2.8a on HP-UX 11.11
Security=server Username map=/etc/opt/samba/username.map All NT ids are mapped to the same unix id via username.map. Some NT id's don't see all the SHARES when they access SAMBA...Not sure why this would be if all NT ids are being translated to the same unix id. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP and CA certificates
Hi all, When configuring Samba against an LDAP server, it is possible to configure an SSL connection by using ldap ssl = on in the smb.conf file. Is there a way of telling Samba's LDAP code to ensure that the certificate presented by the LDAP server is signed by a specific CA? Regards, Graham -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windows env variable for USERDOMAIN is wrong
Hi all, I just setup my Samba PDC. Mostly everything works, but I am wondering why on some clients, they have the wrong USERDOMAIN environment variable. (when you run 'set' in win xp cmd) The domain name is MEIDLING, and the user and computer are joined ok. But in set, it shows USERDOMAIN as the Server name. Which is MAIN. How do I change that? Thanks in advance. -- Greg Fischer 1st Byte Solutions http://www.1stbyte.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r12301 - in branches/SAMBA_4_0/source/build/m4: .
Author: metze
Date: 2005-12-17 09:28:39 + (Sat, 17 Dec 2005)
New Revision: 12301
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12301
Log:
FHS 2.2 says that /var/cache/* contains only cached data, which can we removed
without
losing data, we should keep our databases under /var/lib/*
should I merge this to samba3 too?
metze
Modified:
branches/SAMBA_4_0/source/build/m4/check_path.m4
Changeset:
Modified: branches/SAMBA_4_0/source/build/m4/check_path.m4
===
--- branches/SAMBA_4_0/source/build/m4/check_path.m42005-12-17 01:14:04 UTC
(rev 12300)
+++ branches/SAMBA_4_0/source/build/m4/check_path.m42005-12-17 09:28:39 UTC
(rev 12301)
@@ -14,7 +14,7 @@
AC_ARG_WITH(fhs,
[ --with-fhs Use FHS-compliant paths (default=no)],
configdir=${sysconfdir}/samba
-lockdir=\${localstatedir}/cache/samba
+lockdir=\${localstatedir}/lib/samba
piddir=\${localstatedir}/run/samba
logfilebase=\${localstatedir}/log/samba
privatedir=\${CONFIGDIR}/private
svn commit: samba r12302 - in branches/SAMBA_4_0/source: .
Author: metze Date: 2005-12-17 10:10:09 + (Sat, 17 Dec 2005) New Revision: 12302 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12302 Log: - create the logfilebase directory with make install - get rid of unreadable long lines metze Modified: branches/SAMBA_4_0/source/main.mk Changeset: Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2005-12-17 09:28:39 UTC (rev 12301) +++ branches/SAMBA_4_0/source/main.mk 2005-12-17 10:10:09 UTC (rev 12302) @@ -47,6 +47,7 @@ @echo privatedir: $(PRIVATEDIR) @echo piddir: $(PIDDIR) @echo lockdir: $(LOCKDIR) + @echo logfilebase: $(LOGFILEBASE) @echo swatdir: $(SWATDIR) @echo mandir: $(MANDIR) @@ -87,11 +88,35 @@ # is not used. installdirs: - @$(SHELL) $(srcdir)/script/installdirs.sh $(DESTDIR)$(BASEDIR) $(DESTDIR)$(BINDIR) $(DESTDIR)$(SBINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(DESTDIR)$(PRIVATEDIR) $(DESTDIR)$(PIDDIR) $(DESTDIR)$(LOCKDIR) $(DESTDIR)$(PRIVATEDIR)/tls $(DESTDIR)$(INCLUDEDIR) $(DESTDIR)$(PKGCONFIGDIR) + @$(SHELL) $(srcdir)/script/installdirs.sh \ + $(DESTDIR)$(BASEDIR) \ + $(DESTDIR)$(BINDIR) \ + $(DESTDIR)$(SBINDIR) \ + $(DESTDIR)$(LIBDIR) \ + $(DESTDIR)$(VARDIR) \ + $(DESTDIR)$(PRIVATEDIR) \ + $(DESTDIR)$(PIDDIR) \ + $(DESTDIR)$(LOCKDIR) \ + $(DESTDIR)$(LOGFILEBASE) \ + $(DESTDIR)$(PRIVATEDIR)/tls \ + $(DESTDIR)$(INCLUDEDIR) \ + $(DESTDIR)$(PKGCONFIGDIR) installbin: $(SBIN_PROGS) $(BIN_PROGS) installdirs - @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(SBINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(SBIN_PROGS) - @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(BINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(BIN_PROGS) + @$(SHELL) $(srcdir)/script/installbin.sh \ + $(INSTALLPERMS) \ + $(DESTDIR)$(BASEDIR) \ + $(DESTDIR)$(SBINDIR) \ + $(DESTDIR)$(LIBDIR) \ + $(DESTDIR)$(VARDIR) \ + $(SBIN_PROGS) + @$(SHELL) $(srcdir)/script/installbin.sh \ + $(INSTALLPERMS) \ + $(DESTDIR)$(BASEDIR) \ + $(DESTDIR)$(BINDIR) \ + $(DESTDIR)$(LIBDIR) \ + $(DESTDIR)$(VARDIR) \ + $(BIN_PROGS) installlib: libraries installdirs @$(SHELL) $(srcdir)/script/installlib.sh $(DESTDIR)$(LIBDIR) $(SHARED_LIBS)
svn commit: samba r12303 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: vlendec
Date: 2005-12-17 15:38:41 + (Sat, 17 Dec 2005)
New Revision: 12303
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12303
Log:
Move split_domain_and_name to util_getent.c and make it static there.
Volker
Modified:
branches/SAMBA_3_0/source/lib/username.c
branches/SAMBA_3_0/source/lib/util_getent.c
trunk/source/lib/username.c
trunk/source/lib/util_getent.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/username.c
===
--- branches/SAMBA_3_0/source/lib/username.c2005-12-17 10:10:09 UTC (rev
12302)
+++ branches/SAMBA_3_0/source/lib/username.c2005-12-17 15:38:41 UTC (rev
12303)
@@ -35,34 +35,6 @@
return !(strchr_m(name, *lp_winbind_separator()));
}
-/*
- Splits passed user or group name to domain and user/group name parts
- Returns True if name was splitted and False otherwise.
-*/
-
-BOOL split_domain_and_name(const char *name, char *domain, char* username)
-{
- char *p = strchr(name,*lp_winbind_separator());
-
-
- /* Parse a string of the form DOMAIN/user into a domain and a user */
- DEBUG(10,(split_domain_and_name: checking whether name |%s| local or
not\n, name));
-
- if (p) {
- fstrcpy(username, p+1);
- fstrcpy(domain, name);
- domain[PTR_DIFF(p, name)] = 0;
- } else if (lp_winbind_use_default_domain()) {
- fstrcpy(username, name);
- fstrcpy(domain, lp_workgroup());
- } else {
- return False;
- }
-
- DEBUG(10,(split_domain_and_name: all is fine, domain is |%s| and name
is |%s|\n, domain, username));
- return True;
-}
-
/
Get a users home directory.
/
Modified: branches/SAMBA_3_0/source/lib/util_getent.c
===
--- branches/SAMBA_3_0/source/lib/util_getent.c 2005-12-17 10:10:09 UTC (rev
12302)
+++ branches/SAMBA_3_0/source/lib/util_getent.c 2005-12-17 15:38:41 UTC (rev
12303)
@@ -239,6 +239,37 @@
return list_head;
}
+/*
+ Splits passed user or group name to domain and user/group name parts
+ Returns True if name was splitted and False otherwise.
+*/
+
+static BOOL split_domain_and_name(const char *name, char *domain,
+ char* username)
+{
+ char *p = strchr(name,*lp_winbind_separator());
+
+
+ /* Parse a string of the form DOMAIN/user into a domain and a user */
+ DEBUG(10,(split_domain_and_name: checking whether name |%s| local or
+ not\n, name));
+
+ if (p) {
+ fstrcpy(username, p+1);
+ fstrcpy(domain, name);
+ domain[PTR_DIFF(p, name)] = 0;
+ } else if (lp_winbind_use_default_domain()) {
+ fstrcpy(username, name);
+ fstrcpy(domain, lp_workgroup());
+ } else {
+ return False;
+ }
+
+ DEBUG(10,(split_domain_and_name: all is fine, domain is |%s| and
+ name is |%s|\n, domain, username));
+ return True;
+}
+
/
Get the list of UNIX users in a group.
We have to enumerate the /etc/group file as some UNIX getgrnam()
Modified: trunk/source/lib/username.c
===
--- trunk/source/lib/username.c 2005-12-17 10:10:09 UTC (rev 12302)
+++ trunk/source/lib/username.c 2005-12-17 15:38:41 UTC (rev 12303)
@@ -35,34 +35,6 @@
return !(strchr_m(name, *lp_winbind_separator()));
}
-/*
- Splits passed user or group name to domain and user/group name parts
- Returns True if name was splitted and False otherwise.
-*/
-
-BOOL split_domain_and_name(const char *name, char *domain, char* username)
-{
- char *p = strchr(name,*lp_winbind_separator());
-
-
- /* Parse a string of the form DOMAIN/user into a domain and a user */
- DEBUG(10,(split_domain_and_name: checking whether name |%s| local or
not\n, name));
-
- if (p) {
- fstrcpy(username, p+1);
- fstrcpy(domain, name);
- domain[PTR_DIFF(p, name)] = 0;
- } else if (lp_winbind_use_default_domain()) {
- fstrcpy(username, name);
- fstrcpy(domain, lp_workgroup());
- } else {
-
svn commit: samba r12304 - in branches/SAMBA_4_0/source: param script/tests wrepl_server
Author: metze
Date: 2005-12-17 15:45:38 + (Sat, 17 Dec 2005)
New Revision: 12304
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12304
Log:
split out the wins partner configuration into a seperate ldb.
now $privatedir/wins_config.ldb contains the wins partners
and $lockdir/wins.ldb contains the name records
metze
Modified:
branches/SAMBA_4_0/source/param/loadparm.c
branches/SAMBA_4_0/source/script/tests/selftest.sh
branches/SAMBA_4_0/source/wrepl_server/wrepl_server.c
branches/SAMBA_4_0/source/wrepl_server/wrepl_server.h
Changeset:
Modified: branches/SAMBA_4_0/source/param/loadparm.c
===
--- branches/SAMBA_4_0/source/param/loadparm.c 2005-12-17 15:38:41 UTC (rev
12303)
+++ branches/SAMBA_4_0/source/param/loadparm.c 2005-12-17 15:45:38 UTC (rev
12304)
@@ -119,6 +119,7 @@
char *szConfigFile;
char *szSAM_URL;
char *szSPOOLSS_URL;
+ char *szWINS_CONFIG_URL;
char *szWINS_URL;
char *szPrivateDir;
char **jsInclude;
@@ -417,6 +418,7 @@
{password server, P_LIST, P_GLOBAL, Globals.szPasswordServers, NULL,
NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{sam database, P_STRING, P_GLOBAL, Globals.szSAM_URL, NULL, NULL,
FLAG_ADVANCED | FLAG_DEVELOPER},
{spoolss database, P_STRING, P_GLOBAL, Globals.szSPOOLSS_URL, NULL,
NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {wins config database, P_STRING, P_GLOBAL,
Globals.szWINS_CONFIG_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{wins database, P_STRING, P_GLOBAL, Globals.szWINS_URL, NULL, NULL,
FLAG_ADVANCED | FLAG_DEVELOPER},
{private dir, P_STRING, P_GLOBAL, Globals.szPrivateDir, NULL, NULL,
FLAG_ADVANCED | FLAG_DEVELOPER},
{passwd chat, P_STRING, P_GLOBAL, Globals.szPasswdChat, NULL, NULL,
FLAG_ADVANCED | FLAG_DEVELOPER},
@@ -613,6 +615,7 @@
do_parameter(private dir, dyn_PRIVATE_DIR, NULL);
do_parameter(sam database, sam.ldb, NULL);
do_parameter(spoolss database, spoolss.ldb, NULL);
+ do_parameter(wins config database, wins_config.ldb, NULL);
do_parameter(wins database, wins.ldb, NULL);
do_parameter(registry:HKEY_LOCAL_MACHINE, hklm.ldb, NULL);
@@ -817,6 +820,7 @@
FN_GLOBAL_STRING(lp_configfile, Globals.szConfigFile)
FN_GLOBAL_STRING(lp_sam_url, Globals.szSAM_URL)
FN_GLOBAL_STRING(lp_spoolss_url, Globals.szSPOOLSS_URL)
+FN_GLOBAL_STRING(lp_wins_config_url, Globals.szWINS_CONFIG_URL)
FN_GLOBAL_STRING(lp_wins_url, Globals.szWINS_URL)
FN_GLOBAL_CONST_STRING(lp_winbind_separator, Globals.szWinbindSeparator)
FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, Globals.bWinbindSealedPipes)
Modified: branches/SAMBA_4_0/source/script/tests/selftest.sh
===
--- branches/SAMBA_4_0/source/script/tests/selftest.sh 2005-12-17 15:38:41 UTC
(rev 12303)
+++ branches/SAMBA_4_0/source/script/tests/selftest.sh 2005-12-17 15:45:38 UTC
(rev 12304)
@@ -55,7 +55,6 @@
NCALRPCDIR=$PREFIX_ABS/ncalrpc
LOCKDIR=$PREFIX_ABS/lockdir
TLSDIR=$PRIVATEDIR/tls
-WINS_LDB=$PRIVATEDIR/wins.ldb
CONFIGURATION=--configfile=$CONFFILE
export CONFIGURATION
export CONFFILE
@@ -85,7 +84,7 @@
rm -rf $PREFIX/*
mkdir -p $PRIVATEDIR $LIBDIR $PIDDIR $NCALRPCDIR $LOCKDIR $TMPDIR $TLSDIR
-cat $LOCKDIR/wins.ldifEOF
+cat $PRIVATEDIR/wins_config.ldifEOF
dn: name=TORTURE_26,CN=PARTNERS
objectClass: wreplPartner
name: TORTURE_26
@@ -156,7 +155,7 @@
--quiet --domain $DOMAIN --realm $REALM \
--adminpass $PASSWORD --root=$ROOT || exit 1
-./bin/ldbadd -H $LOCKDIR/wins.ldb $LOCKDIR/wins.ldif /dev/null || exit 1
+./bin/ldbadd -H $PRIVATEDIR/wins_config.ldb $PRIVATEDIR/wins_config.ldif
/dev/null || exit 1
echo DONE
Modified: branches/SAMBA_4_0/source/wrepl_server/wrepl_server.c
===
--- branches/SAMBA_4_0/source/wrepl_server/wrepl_server.c 2005-12-17
15:38:41 UTC (rev 12303)
+++ branches/SAMBA_4_0/source/wrepl_server/wrepl_server.c 2005-12-17
15:45:38 UTC (rev 12304)
@@ -33,6 +33,12 @@
#include ldb/include/ldb.h
#include ldb/include/ldb_errors.h
+static struct ldb_context *wins_config_db_connect(TALLOC_CTX *mem_ctx)
+{
+ return ldb_wrap_connect(mem_ctx, private_path(mem_ctx,
lp_wins_config_url()),
+ system_session(mem_ctx), NULL, 0, NULL);
+}
+
/*
open winsdb
*/
@@ -43,6 +49,11 @@
return NT_STATUS_INTERNAL_DB_ERROR;
}
+ service-config.ldb = wins_config_db_connect(service);
+ if (!service-config.ldb) {
+ return NT_STATUS_INTERNAL_DB_ERROR;
+ }
+
/* the default renew interval is 6 days */
service-config.renew_interval=
lp_parm_int(-1,wreplsrv,renew_interval, 6*24*60*60);
@@ -85,7 +96,7 @@
int i;
/* find the record in the WINS database */
-
svn commit: samba r12305 - branches/SAMBA_3_0/source/smbd trunk/source/smbd
Author: vlendec
Date: 2005-12-17 16:31:04 + (Sat, 17 Dec 2005)
New Revision: 12305
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12305
Log:
Reformatting
Modified:
branches/SAMBA_3_0/source/smbd/password.c
trunk/source/smbd/password.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/password.c
===
--- branches/SAMBA_3_0/source/smbd/password.c 2005-12-17 15:45:38 UTC (rev
12304)
+++ branches/SAMBA_3_0/source/smbd/password.c 2005-12-17 16:31:04 UTC (rev
12305)
@@ -381,9 +381,14 @@
if (lp_invalid_users(snum)) {
str_list_copy(invalid, lp_invalid_users(snum));
- if (invalid str_list_substitute(invalid, %S,
lp_servicename(snum))) {
- if ( invalid str_list_sub_basic(invalid,
current_user_info.smb_name) ) {
- ret = !user_in_list(user, (const char
**)invalid, groups, n_groups);
+ if (invalid
+ str_list_substitute(invalid, %S, lp_servicename(snum))) {
+ if ( invalid
+str_list_sub_basic(invalid,
+ current_user_info.smb_name) ) {
+ ret = !user_in_list(user,
+ (const char **)invalid,
+ groups, n_groups);
}
}
}
@@ -392,9 +397,13 @@
if (ret lp_valid_users(snum)) {
str_list_copy(valid, lp_valid_users(snum));
- if ( valid str_list_substitute(valid, %S,
lp_servicename(snum)) ) {
- if ( valid str_list_sub_basic(valid,
current_user_info.smb_name) ) {
- ret = user_in_list(user, (const char **)valid,
groups, n_groups);
+ if ( valid
+str_list_substitute(valid, %S, lp_servicename(snum)) ) {
+ if ( valid
+str_list_sub_basic(valid,
+ current_user_info.smb_name) ) {
+ ret = user_in_list(user, (const char **)valid,
+ groups, n_groups);
}
}
}
@@ -403,8 +412,11 @@
if (ret lp_onlyuser(snum)) {
char **user_list = str_list_make (lp_username(snum), NULL);
- if (user_list str_list_substitute(user_list, %S,
lp_servicename(snum))) {
- ret = user_in_list(user, (const char **)user_list,
groups, n_groups);
+ if (user_list
+ str_list_substitute(user_list, %S,
+ lp_servicename(snum))) {
+ ret = user_in_list(user, (const char **)user_list,
+ groups, n_groups);
}
if (user_list) str_list_free (user_list);
}
Modified: trunk/source/smbd/password.c
===
--- trunk/source/smbd/password.c2005-12-17 15:45:38 UTC (rev 12304)
+++ trunk/source/smbd/password.c2005-12-17 16:31:04 UTC (rev 12305)
@@ -381,9 +381,14 @@
if (lp_invalid_users(snum)) {
str_list_copy(invalid, lp_invalid_users(snum));
- if (invalid str_list_substitute(invalid, %S,
lp_servicename(snum))) {
- if ( invalid str_list_sub_basic(invalid,
current_user_info.smb_name) ) {
- ret = !user_in_list(user, (const char
**)invalid, groups, n_groups);
+ if (invalid
+ str_list_substitute(invalid, %S, lp_servicename(snum))) {
+ if ( invalid
+str_list_sub_basic(invalid,
+ current_user_info.smb_name) ) {
+ ret = !user_in_list(user,
+ (const char **)invalid,
+ groups, n_groups);
}
}
}
@@ -392,9 +397,13 @@
if (ret lp_valid_users(snum)) {
str_list_copy(valid, lp_valid_users(snum));
- if ( valid str_list_substitute(valid, %S,
lp_servicename(snum)) ) {
- if ( valid str_list_sub_basic(valid,
current_user_info.smb_name) ) {
- ret = user_in_list(user, (const char **)valid,
groups, n_groups);
+ if ( valid
+str_list_substitute(valid, %S, lp_servicename(snum)) ) {
+ if ( valid
+str_list_sub_basic(valid,
+
svn commit: samba r12306 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: vlendec Date: 2005-12-17 16:56:24 + (Sat, 17 Dec 2005) New Revision: 12306 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12306 Log: Reformatting Modified: branches/SAMBA_3_0/source/lib/username.c trunk/source/lib/username.c Changeset: Sorry, the patch is too large (549 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12306
svn commit: samba r12307 - branches/SAMBA_3_0/source/smbd trunk/source/smbd
Author: vlendec Date: 2005-12-17 17:13:45 + (Sat, 17 Dec 2005) New Revision: 12307 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12307 Log: Reformatting plus a trivial if/else simplification. There's no point in doing an else branch that only returns NULL. Volker Modified: branches/SAMBA_3_0/source/smbd/service.c trunk/source/smbd/service.c Changeset: Sorry, the patch is too large (851 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12307
svn commit: samba r12308 - branches/SAMBA_3_0/source/smbd trunk/source/smbd
Author: vlendec
Date: 2005-12-17 17:19:21 + (Sat, 17 Dec 2005)
New Revision: 12308
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12308
Log:
Reformatting
Modified:
branches/SAMBA_3_0/source/smbd/service.c
trunk/source/smbd/service.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/service.c
===
--- branches/SAMBA_3_0/source/smbd/service.c2005-12-17 17:13:45 UTC (rev
12307)
+++ branches/SAMBA_3_0/source/smbd/service.c2005-12-17 17:19:21 UTC (rev
12308)
@@ -939,10 +939,8 @@
snum = find_service(service);
if (snum 0) {
- if (strequal(service,IPC$)
- || (lp_enable_asu_support()
- strequal(service,ADMIN$)))
- {
+ if (strequal(service,IPC$) ||
+ (lp_enable_asu_support() strequal(service,ADMIN$))) {
DEBUG(3,(refusing IPC connection to %s\n, service));
*status = NT_STATUS_ACCESS_DENIED;
return NULL;
Modified: trunk/source/smbd/service.c
===
--- trunk/source/smbd/service.c 2005-12-17 17:13:45 UTC (rev 12307)
+++ trunk/source/smbd/service.c 2005-12-17 17:19:21 UTC (rev 12308)
@@ -939,10 +939,8 @@
snum = find_service(service);
if (snum 0) {
- if (strequal(service,IPC$)
- || (lp_enable_asu_support()
- strequal(service,ADMIN$)))
- {
+ if (strequal(service,IPC$) ||
+ (lp_enable_asu_support() strequal(service,ADMIN$))) {
DEBUG(3,(refusing IPC connection to %s\n, service));
*status = NT_STATUS_ACCESS_DENIED;
return NULL;
svn commit: samba r12309 - in branches/SAMBA_4_0/source/wrepl_server: .
Author: metze
Date: 2005-12-17 19:24:13 + (Sat, 17 Dec 2005)
New Revision: 12309
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12309
Log:
fix a crash bug, which appens in an error case
metze
Modified:
branches/SAMBA_4_0/source/wrepl_server/wrepl_out_push.c
Changeset:
Modified: branches/SAMBA_4_0/source/wrepl_server/wrepl_out_push.c
===
--- branches/SAMBA_4_0/source/wrepl_server/wrepl_out_push.c 2005-12-17
17:19:21 UTC (rev 12308)
+++ branches/SAMBA_4_0/source/wrepl_server/wrepl_out_push.c 2005-12-17
19:24:13 UTC (rev 12309)
@@ -40,19 +40,20 @@
static void wreplsrv_push_handler_creq(struct composite_context *creq)
{
struct wreplsrv_partner *partner =
talloc_get_type(creq-async.private_data, struct wreplsrv_partner);
+ struct wreplsrv_push_notify_io *old_notify_io;
partner-push.last_status =
wreplsrv_push_notify_recv(partner-push.creq);
partner-push.creq = NULL;
- talloc_free(partner-push.notify_io);
+ partner-push.last_run = timeval_current();
+
+ old_notify_io = partner-push.notify_io;
partner-push.notify_io = NULL;
- partner-push.last_run = timeval_current();
-
if (NT_STATUS_IS_OK(partner-push.last_status)) {
partner-push.error_count = 0;
DEBUG(2,(wreplsrv_push_notify(%s): %s\n,
partner-address,
nt_errstr(partner-push.last_status)));
- return;
+ goto done;
}
partner-push.error_count++;
@@ -61,13 +62,15 @@
DEBUG(1,(wreplsrv_push_notify(%s): %s: error_count: %u: giving
up\n,
partner-address, nt_errstr(partner-push.last_status),
partner-push.error_count));
- return;
+ goto done;
}
DEBUG(1,(wreplsrv_push_notify(%s): %s: error_count: %u: retry\n,
partner-address, nt_errstr(partner-push.last_status),
partner-push.error_count));
- wreplsrv_out_partner_push(partner,
partner-push.notify_io-in.propagate);
+ wreplsrv_out_partner_push(partner, old_notify_io-in.propagate);
+done:
+ talloc_free(old_notify_io);
}
static void wreplsrv_out_partner_push(struct wreplsrv_partner *partner, BOOL
propagate)
Build status as of Sun Dec 18 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-12-17 00:00:58.0 + +++ /home/build/master/cache/broken_results.txt 2005-12-18 00:00:23.0 + @@ -1,17 +1,17 @@ -Build status as of Sat Dec 17 00:00:02 2005 +Build status as of Sun Dec 18 00:00:01 2005 Build counts: Tree Total Broken Panic -ccache 8 1 0 -distcc 10 2 0 -lorikeet-heimdal 29 18 0 -ppp 15 1 0 +ccache 8 2 0 +distcc 9 2 0 +lorikeet-heimdal 29 19 0 +ppp 15 0 0 rsync31 3 0 samba2 0 0 samba-docs 0 0 0 -samba4 32 14 0 +samba4 32 16 0 samba_3_032 5 0 smb-build23 2 0 -talloc 8 4 0 +talloc 7 3 0 tdb 30 3 0
svn commit: samba r12310 - in branches/SAMBA_4_0/source: auth/credentials lib/ldb/ldb_ildap
Author: abartlet
Date: 2005-12-18 05:01:15 + (Sun, 18 Dec 2005)
New Revision: 12310
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=12310
Log:
Link simple bind support in our internal LDAP libs to LDB and the
command line processing system.
This is a little ugly at the moment, but works. What I cannot manage
to get to work is the extraction and propogation of command line
credentials into the js interface to ldb.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/credentials/credentials.c
branches/SAMBA_4_0/source/auth/credentials/credentials.h
branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.c
===
--- branches/SAMBA_4_0/source/auth/credentials/credentials.c2005-12-17
19:24:13 UTC (rev 12309)
+++ branches/SAMBA_4_0/source/auth/credentials/credentials.c2005-12-18
05:01:15 UTC (rev 12310)
@@ -57,6 +57,8 @@
cred-machine_account = False;
cred-gensec_list = NULL;
+ cred-bind_dn = NULL;
+
return cred;
}
@@ -104,8 +106,25 @@
return False;
}
+BOOL cli_credentials_set_bind_dn(struct cli_credentials *cred,
+const char *bind_dn)
+{
+ cred-bind_dn = talloc_strdup(cred, bind_dn);
+ return True;
+}
+/**
+ * Obtain the BIND DN for this credentials context.
+ * @param cred credentials context
+ * @retval The username set on this context.
+ * @note Return value will be NULL if not specified explictly
+ */
+const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
+{
+ return cred-bind_dn;
+}
+
/**
* Obtain the client principal for this credentials context.
* @param cred credentials context
@@ -171,6 +190,10 @@
BOOL cli_credentials_authentication_requested(struct cli_credentials *cred)
{
+ if (cred-bind_dn) {
+ return True;
+ }
+
if (cred-machine_account_pending) {
cli_credentials_set_machine_account(cred);
}
Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.h
===
--- branches/SAMBA_4_0/source/auth/credentials/credentials.h2005-12-17
19:24:13 UTC (rev 12309)
+++ branches/SAMBA_4_0/source/auth/credentials/credentials.h2005-12-18
05:01:15 UTC (rev 12310)
@@ -61,6 +61,8 @@
const char *principal;
const char *salt_principal;
+ const char *bind_dn;
+
struct samr_Password *nt_hash;
struct ccache_container *ccache;
Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c
===
--- branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c 2005-12-17
19:24:13 UTC (rev 12309)
+++ branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c 2005-12-18
05:01:15 UTC (rev 12310)
@@ -510,11 +510,22 @@
}
if (creds != NULL cli_credentials_authentication_requested(creds)) {
- status = ldap_bind_sasl(ildb-ldap, creds);
- if (!NT_STATUS_IS_OK(status)) {
- ldb_debug(ldb, LDB_DEBUG_ERROR, Failed to bind - %s\n,
- ldap_errstr(ildb-ldap, status));
- goto failed;
+ const char *bind_dn = cli_credentials_get_bind_dn(creds);
+ if (bind_dn) {
+ const char *password =
cli_credentials_get_password(creds);
+ status = ldap_bind_simple(ildb-ldap, bind_dn,
password);
+ if (!NT_STATUS_IS_OK(status)) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR, Failed to bind
- %s\n,
+ ldap_errstr(ildb-ldap, status));
+ goto failed;
+ }
+ } else {
+ status = ldap_bind_sasl(ildb-ldap, creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ ldb_debug(ldb, LDB_DEBUG_ERROR, Failed to bind
- %s\n,
+ ldap_errstr(ildb-ldap, status));
+ goto failed;
+ }
}
}
