Re: [Samba] Re: ADS/Kerberos/LDAP/Win2K
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Roman Sommer wrote: thanks a lot for pointing that out. There might be multiple domains I have to take care of so I probably need a ldap backend. Is there any chance I can use an existing Active Directory domain controller with SFU or 2003 R2 (with ADAM)? Theoretically it should work fine with ADAM as this is a plain ldap database.. but I need people not having any knowledge of ldap to take control of users - so I would really appreciate a solution based on the R2/SFU schema extensions. But since I couldn't find any schemas for this solution I doubt it's possible, is it? Please read this thread at one of the mail archives. I'm pretty sure I've already answered this more than once. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD1N4AIR7qMdg1EfYRAvbQAJ9CO6vbsOqc2j5dzo8USu0TH1QQ5QCgkcis VbSRrzQ9iBfn1NJcygtSKyg= =aPb3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error log assistance with log.winbind
I am encountering some error I am unfamiliar with in the log.winbind. Any help is appreciated. [2006/01/23 06:44:32, 1] nsswitch/winbindd_user.c:winbindd_getpwent(715) could not lookup domain user rjb15 [2006/01/23 06:44:32, 0] tdb/tdbutil.c:tdb_log(772) tdb(/var/lib/samba/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=20784688 [2006/01/23 06:44:32, 0] tdb/tdbutil.c:tdb_log(772) tdb(/var/lib/samba/winbindd_idmap.tdb): rec_read bad magic 0x42424242 at offset=20784688 [2006/01/23 06:44:32, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(329) ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute 'uidNumber' [2006/01/23 06:44:32, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(85) error getting user id for sid S-1-5-21-2000478354-789336058-725345543-115409 Here is my smb.conf details: [global] workgroup = DOM realm = DOM.COM server string = new.dom.com security = ADS update encrypted = Yes encrypt passwords = yes password server = * preferred master = No domain master = No idmap uid = 5000-50 idmap gid = 5000-50 idmap backend = ad winbind nss info = sfu winbind separator = / winbind cache time = 5 winbind use default domain = Yes winbind nested groups = Yes log level = 2 interfaces = eth* bind interfaces only = yes socket options = IPTOS_LOWDELAY TCP_NODELAY write cache size = 262144 [images] comment = ODIN user = %S path = /odin/images inherit acls = Yes browseable = yes writeable = yes read only = no public = yes -- Jason Gerfen The charge that he had insulted Turkey's armed forces was dropped, but he still faces the charge that he insulted Turkishness, lawyers said. ~ BBC News Article -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Must you net join for the Samba machine to become a domain member?
When you manually add the server to the domain, the problem is that Samba doesn't know what the password is. You can set one with the 'net' command I think, however it's much easier to delete the manually added computer and run 'net join', that way Samba does the adding and you're guaranteed that it will know the machine account credentials. ... It'd strongly recommend doing a 'net join', as the Samba configuration will be metaphorically held together with sticky tape if you don't, and I wouldn't be at all surprised if it failed at a later date for seemingly no reason. Thanks for your help again Adam. The problem on our side is that the Windows world and Unix world are administered by separate departments. They're not going to be sharing administrative passwords with each other. I am still doing that net join but using my own domain account (which is not an administrator) and it seems to be OK provided someone manually added the machine account on the Windows side. I was hoping to have it totally automated (on the Unix side at least) with no hard-coded passwords, but I guess it can't work this way. I'll keep my open for that failing at a later date for seemingly no reason thing :-) thanks again, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.14 - very puzzling domain browsing problems
Also, try to run Ethereal (www.ethereal.org) with the filter nbns || smb and see if the samba server is broadcasting the right packets. Umm, You could try remote browser = subnet of pdc making sure the PDC and workstations are in the same subnet and not across a router. -Original Message- From: Anthony Messina [mailto:[EMAIL PROTECTED] Sent: Friday, January 20, 2006 7:00 AM To: Stephen Bosch Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 3.0.14 - very puzzling domain browsing problems Stephen Bosch wrote: Anthony Messina wrote: something simple, perhaps too simple... this once happened to me and i realized it was that the workgroup name that i had specified in samba was not the same as the one in windows, or that i had not joined the proper domain. or is your windows computer set up to use the right wins server? Alas, I wish it were this simple. The domain in question is definitely consistent between workstations and the PDC -- as I noted in a previous post, if the OS level is set to 0 and the domain, preferred and local master are set to no, one of the Windows machines becomes the domain master browser and suddenly workstations appear in the browse list. I'm determined to find the cause of this problem, whatever it takes. I've followed the Samba how-to and everything should be working, but obviously I'm missing something somewhere... Here's my smb.conf: ## # # GLOBAL PARAMETERS ## # [global] # NOTE: change these parameters to suit your business workgroup = HEDLIN-LAUDER netbios name = PDC passdb backend = ldapsam:ldap://ldap.hedlinlauder.com/ ldap admin dn = cn=samba,ou=dsa,dc=hedlinlauder,dc=com ldap suffix = dc=hedlinlauder,dc=com # interface list should be specified for machines with 1 interface ;interfaces = IP1,IP2,... ## # # NOTE: You should not have to change any of the other GLOBAL PARAMETERS # beyond this point, as long as you are building a PDC without WINS # using cups for printing. You may need to change the SHARE DEFINITIONS # (see below) however. ## # server string = Samba Server %v domain logons = yes os level = 65 domain master = yes preferred master = yes local master = yes wins support = yes time server = yes name resolve order = wins bcast lmhosts logon script = %U.bat logon drive = H: logon path = \\%L\Profiles\%U ;logon home = \\%L\%U\.profile # ldap configuration ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=Hosts ldap idmap suffix = ou=Idmap ldap ssl = start_tls ldap delete dn = yes add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u # printers configuration printer admin = @Print Operators load printers = yes create mask = 0640 directory mask = 0750 printing = cups printcap name = cups deadtime = 10 # other guest account = nobody map to guest = Bad User show add printer wizard = yes preserve case = yes short preserve case = yes case sensitive = no enable privileges = yes username map = /etc/samba/smbusers security = user encrypt passwords = yes obey pam restrictions = no ldap passwd sync = yes log level = 2 syslog = 0 log file = /var/log/samba/log.%m max log size = 5000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Dos charset = 850 Unix charset = ISO8859-1 -Stephen- your smb.conf seems correct, and from what i'm understanding, if a windows computer wins the election to be a master broswer, then workstations will appear, if the pdc is the master browser, no workstations appear. is that correct? if that is the case, it really sounds like a case of either a misconfigured wins server or a problem with wins itself. do your nmbd.logs give you any clue as to what might be wrong? another thouhgt... what interfaces do you have on the system? could you try specifying interfaces = lo eth0 (substitute eth* for whatever your lan interface is). and double check your windows clients wins server address to make sure it matches your pdc lan address. -a -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Using same passwords as the linux machine
Hi, Does anyone can help me with this? Thanks Nestor _ -Original Message- From: Nestor Mata Cuthbert [mailto:[EMAIL PROTECTED] Sent: Friday, January 20, 2006 4:39 PM To: 'samba@lists.samba.org' Subject: Using same passwords as the linux machine Hi, I would like to know how to enable samba to use the same user/passwords that those that exists in the linux machine. Best regards, Nestor Mata Cuthbert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
As some of you may know, I'm trying to set up Samba BDC on a disk- and fan-less tiny mipsel_CPU router running OpenWRT distribution. I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and they seem to work fine. The problem is, this tiny distribution for routers doesn't seem to have anything like Name Service Switch (NSS), and relies solely on /etc/passwd and /etc/group. In other words, Samba will be unable to get users from LDAP. I thought that perhaps a workaround would be to fetch all needed info from the LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam perhaps). Is it possible to do so? Or perhaps there are some tools for converting ldapsam to tdbsam? -- Tomasz Chmielewski htp://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
On Mon, 2006-01-23 at 11:22 -0500, simo wrote: Or perhaps there are some tools for converting ldapsam to tdbsam? pdbedit -i -e and look also at importing mapped users sorry I wrote it wrong. This meant to be mapped *groups* not users -- Simo Sorce Samba Team email: [EMAIL PROTECTED] http://samba.org/~idra -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
As some of you may know, I'm trying to set up Samba BDC on a disk- and fan-less tiny mipsel_CPU router running OpenWRT distribution. I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and they seem to work fine. The problem is, this tiny distribution for routers doesn't seem to have anything like Name Service Switch (NSS), and relies solely on /etc/passwd and /etc/group. it doesn't have to be NSS. You can use /etc/passwd for name -- uid mapping and ldap for NT/LM hashes. In other words, Samba will be unable to get users from LDAP. it doesn't have to :-) I thought that perhaps a workaround would be to fetch all needed info from the LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam perhaps). hashed user password are somewhat very different in terms of ldap and passwd. You can use pam, but You don't need it for samba. Is it possible to do so? Or perhaps there are some tools for converting ldapsam to tdbsam? pdbedit it is beatiful thing for converting from anything to anything :-) -- Tomasz Chmielewski htp://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC machine login access
I am using Samba 3.0.20b as a PDC with an OpenLDAP back end. It works great! Many of my users have login access as well as access to Samba shares, so they have a shell, auto_home, etc. in the LDAP directory. I'd like to restrict their ability to log in to a shell on the PDC machine though. I tried using passwd_compat in nsswitch.conf and putting selected netgroups in the passwd file. However, this knocks the excluded users out of the NT domain as well. I thought ldapsam:trusted = yes might be a step in the right direction, but no. This is a Solaris 9 system, BTW. Any thoughts? Thanks! -- Roy McMorran Systems Administrator MDI Biological Laboratory [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
On Mon, 2006-01-23 at 17:08 +0100, Tomasz Chmielewski wrote: As some of you may know, I'm trying to set up Samba BDC on a disk- and fan-less tiny mipsel_CPU router running OpenWRT distribution. I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and they seem to work fine. The problem is, this tiny distribution for routers doesn't seem to have anything like Name Service Switch (NSS), and relies solely on /etc/passwd and /etc/group. In other words, Samba will be unable to get users from LDAP. I thought that perhaps a workaround would be to fetch all needed info from the LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam perhaps). Is it possible to do so? Or perhaps there are some tools for converting ldapsam to tdbsam? pdbedit -i -e and look also at importing mapped users All right. So these will create a tdbsam file out of the current ldapsam (I think it's better to stick with tdbsam): pdbedit -e tdbsam:/tmp/tdbsam.tdb Now, how can I create a /etc/passwd and /etc/group files in a similar way? however probably, given it is a BDC, the best thing is to sync the passwd and group from ldap. That's more or less what I want to do. you may also try to experiment with ldapsam:trusted parameter I just read the ldapsam:trusted description in smb.conf and it seems that this is what I'm looking for. However, I'm not sure: how will Samba write UIDs/GIDs on shared folders, user profiles? Will it just write the GIDs/UIDs as they are (in the ldapsam db), although getent passwd will not show the relevant users? And ls -l /share/some/user/file will show only numeric UIDs/GIDs? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
On Mon, 2006-01-23 at 17:48 +0100, Tomasz Chmielewski wrote: you may also try to experiment with ldapsam:trusted parameter I just read the ldapsam:trusted description in smb.conf and it seems that this is what I'm looking for. However, I'm not sure: how will Samba write UIDs/GIDs on shared folders, user profiles? Will it just write the GIDs/UIDs as they are (in the ldapsam db), although getent passwd will not show the relevant users? And ls -l /share/some/user/file will show only numeric UIDs/GIDs? I think so. You have to experiment, because the trusted parameter is meant only to work as an optimization. You should have the nsswitch data available in the system, so I am not sure a setup without nsswitch will not break for sure. But it may just work for what you need, so it may be worth giving a try. Simo. -- Simo Sorce Samba Team email: [EMAIL PROTECTED] http://samba.org/~idra -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: ADS/Kerberos/LDAP/Win2K
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jason bigler wrote: So what is the difference between idmap backend = AD vs. LDAP? The LDAP backend allows winbindd to allocate Unix ids. The AD backend simply reads information from AD (i.e. you already have tyo have the uid attribute for the user in AD). Isn't this covered in the docs? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD1ROmIR7qMdg1EfYRAkJvAJ9l1LmwX0Ka1mmAMvwjoUgUVQKKNgCeMfeQ Lg8vulTqblXIWqqHllX/ibs= =wNnQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] uid/gid in smb.conf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 PITFALL wrote: Hi! All: I have a question about writing smb.conf: Can I use uid/gid in smb.conf instead of username/group name?? If I was in a domain, can I write +1/20001 in smb.conf? (Note: 1 is gid and 20001 is uid in domain) Does anyone ever try it?? That's not a supported confirmation. Sorry. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD1RVzIR7qMdg1EfYRAvdhAJ0RUicECpsnsyzD5bFpc5IRQSY5nwCgh+jq 5k45yNi2GoSQLAk3B3jf90k= =KVCj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba domain controller with ldap and groupOfUniqueNames groups
I'm having some trouble with groups which contain the groupofuniquenames objectclass. I'm running Samba 3.0.9 on RHEL 3 as a domain controller, and otherwise, it functions properly. When looking at groups which only have the posixGroup and sambaGroupMapping objectclasses with net rpc group members, I'll get a list of users. However, if the group in LDAP has the groupOfUniqueNames objectclass, I won't get any users listed, even if the users are enumerated with posixGroup's memberUid attribute. Is this a known issue? Is there anything that I can do to make this work correctly? I'd prefer to use the uniqueMember attribute so that I can use the same group definitions with posix and non-posix systems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
simo schrieb: On Mon, 2006-01-23 at 17:48 +0100, Tomasz Chmielewski wrote: you may also try to experiment with ldapsam:trusted parameter I just read the ldapsam:trusted description in smb.conf and it seems that this is what I'm looking for. However, I'm not sure: how will Samba write UIDs/GIDs on shared folders, user profiles? Will it just write the GIDs/UIDs as they are (in the ldapsam db), although getent passwd will not show the relevant users? And ls -l /share/some/user/file will show only numeric UIDs/GIDs? I think so. You have to experiment, because the trusted parameter is meant only to work as an optimization. You should have the nsswitch data available in the system, so I am not sure a setup without nsswitch will not break for sure. But it may just work for what you need, so it may be worth giving a try. I tried, but it doesn't work. After adding ldapsam:trusted = yes to smb.conf (on a normal BDC PC), I had trouble starting smbd - it complained about nobody not found in LDAP or something like that. After I fixed that, I could start smbd, but I'm not able to log in, and Samba logs NO SUCH USER. So I guess that I somehow have to fetch user/group info and convert it into /etc/passwd and /etc/group files. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
Ilia Chipitsine schrieb: As some of you may know, I'm trying to set up Samba BDC on a disk- and fan-less tiny mipsel_CPU router running OpenWRT distribution. I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and they seem to work fine. The problem is, this tiny distribution for routers doesn't seem to have anything like Name Service Switch (NSS), and relies solely on /etc/passwd and /etc/group. it doesn't have to be NSS. You can use /etc/passwd for name -- uid mapping and ldap for NT/LM hashes. That's great news! (...) I thought that perhaps a workaround would be to fetch all needed info from the LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam perhaps). hashed user password are somewhat very different in terms of ldap and passwd. You can use pam, but You don't need it for samba. Is it possible to do so? Or perhaps there are some tools for converting ldapsam to tdbsam? pdbedit it is beatiful thing for converting from anything to anything :-) Almost. I don't see if it can convert ldapsam to /etc/passwd and /etc/group. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join segmentation fault
On FreeBSD 6.0-RELEASE-p2 using samba-3.0.21a,1 the net command seg faults. Does anyone know what is going on? Thanks -rcollins - net ads join -Uadministrator -d 10 - [2006/01/23 12:36:59, 5] lib/debug.c:debug_dump_status(368) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 [2006/01/23 12:36:59, 3] param/loadparm.c:lp_load(4195) lp_load: refreshing parameters [2006/01/23 12:36:59, 3] param/loadparm.c:init_globals(1385) Initialising global parameters [2006/01/23 12:36:59, 3] param/params.c:pm_process(574) params.c:pm_process() - Processing configuration file /usr/local/etc/smb.conf [2006/01/23 12:36:59, 3] param/loadparm.c:do_section(3657) Processing section [global] doing parameter workgroup = HWI doing parameter security = ADS doing parameter realm = DHCP.HWI.BUFFALO.EDU doing parameter password server = * doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter allow trusted domains = no doing parameter ldapssl = no doing parameter unix charset = LOCALE [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UCS-2LE [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(111) Registered charset UCS-2LE [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF-16LE [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF-16LE [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UCS-2BE [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(111) Registered charset UCS-2BE [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF-16BE [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF-16BE [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF8 [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF8 [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF-8 [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF-8 [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset ASCII [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(111) Registered charset ASCII [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset 646 [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(111) Registered charset 646 [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset ISO-8859-1 [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(111) Registered charset ISO-8859-1 [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UCS2-HEX [2006/01/23 12:36:59, 5] lib/iconv.c:smb_register_charset(111) Registered charset UCS2-HEX [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE [2006/01/23 12:36:59, 5] lib/charcnv.c:charset_name(81) Substituting charset 'US-ASCII' for LOCALE
[Samba] Odd Samba behavior using Windows XP client API RemoveDirectory function
I'm having problems with a utility I wrote deleting folders from a Thecus N4100 Samba based fileserver. I do not have access or control over its Samba config file and this may not be a Samba problem but perhaps someone here can point me in the right direction??? When I issue a Windows API RemoveDirectory function against an empty folder residing on a Samba share, the function returns with a success return code but does not delete the folder! This is a known problem and is documented in the Cygwin rmdir command as occurring when the folder is flagged as read-only, which is the Samba default. When I issue a GetFileAttributes call the result does not show the folder as being read-only, but looking at its properties under explorer shows that it is!!! There seems to be no way to programmatically delete such a folder, yet when I delete it using the explorer it is removed without problem. This led me to try the SHFileOperation function with the OF_DELETE operator, thinking that if the shell could delete it then this might work. Got even weirder results!!! The folder disappears from the browser for 5 to 10 seconds then reappears!!! There's got to be a way to delete such an empty folder since the Windows Explorer can do it. Any tips or pointers would be much appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] guest account security = domain doesn't work...
Hi, my security is domain, i would like to map users who fail authentication to be mapped to a guest account so they can access printers. My conf file looks like this: [global] workgroup = LAB2000DOMAIN2 security = DOMAIN client schannel = No map to guest = Bad Password password server = 10.86.32.27 log level = 4 passdb:5 auth:10 winbind:4 log file = /local/local1/errorlog/samba.log max log size = 50 smb ports = 50139 lpq cache time = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups preferred master = No local master = No domain master = No dns proxy = No wins server = 10.86.32.27 idmap uid = 7-20 idmap gid = 7-20 template homedir = /local/local1/ template shell = /admin-shell winbind cache time = 10 winbind use default domain = Yes printer admin = @cupsAdmin cups options = raw force printername = Yes [print$] path = /state/samba/printers write list = @cupsAdmin force user = root force group = root guest ok = Yes [printers] comment = All Printers path = /local/local1/spool/samba guest ok = Yes printable = Yes browseable = No But this does not work. Any ideas? Would greatly apreciate your help. Thanks, Aarti. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User Manager
Using Suse ES9 SP2 with OpenLDAP backend with Samba 3.0.21pre I'm getting the following error. The stub received bad data Would you like to administer another domain? then User Manager closes when I select no. User Manager seems to work in limited fashion if Low speed connection is selected. This has worked fine until a few days ago and I have not made any changes. Thanks _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] access of linux files from windows
Hi all, This is a querry regarding the access of files/applications in linux from a windows platform.I have heard of samba.I want to know if its possible to invoke Linux applications from a windows platform(considering that both windows linux has been installed in the pc).Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Please help with samba 3.0.21a on AIX 5.3
On to the next problem: I just got off the phone with IBM and they (the kerberos folks) said they don't work with win2003 :O Has anybody got this working? Here is what I get: When I run 'net ads join -Uadmin' I get (at debug level 3): [EMAIL PROTECTED]:~# net ads join -Umyname -d 3 [2006/01/17 10:50:09, 3] param/loadparm.c:lp_load(4195) lp_load: refreshing parameters [2006/01/17 10:50:09, 3] param/loadparm.c:init_globals(1385) Initialising global parameters [2006/01/17 10:50:09, 3] param/params.c:pm_process(574) params.c:pm_process() - Processing configuration file /opt/Samba/3.0.21a/lib/smb.conf [2006/01/17 10:50:09, 3] param/loadparm.c:do_section(3657) Processing section [global] [2006/01/17 10:50:10, 2] lib/interface.c:add_interface(81) added interface ip=X.X.105.57 bcast=X.X.105.127 nmask=255.255.255.128 [2006/01/17 10:50:10, 2] lib/interface.c:add_interface(81) added interface ip=192.168.255.251 bcast=192.168.255.255 nmask=255.255.0.0 myname's password: [2006/01/17 10:50:12, 3] libads/ldap.c:ads_connect(288) Connected to LDAP server X.X.100.207 [2006/01/17 10:50:12, 3] libads/ldap.c:ads_server_info(2541) got ldap server name [EMAIL PROTECTED], using bind path: dc=CORP,dc=ACSALASKA,dc=COM [2006/01/17 10:50:12, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2006/01/17 10:50:12, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2006/01/17 10:50:12, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2006/01/17 10:50:12, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2006/01/17 10:50:12, 3] libads/sasl.c:ads_sasl_spnego_bind(219) ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] [2006/01/17 10:50:12, 3] libsmb/clikrb5.c:ads_krb5_mk_req(478) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2006/01/17 10:50:12, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/01/17 10:50:12, 0] utils/net_ads.c:ads_startup(191) ads_connect: Cannot resolve network address for KDC in requested realm [2006/01/17 10:50:12, 2] utils/net.c:main(876) return code = -1 === X.X.100.207 is the address of the kdc so it CAN resolve the address X.X.105.57 is the address of the samba server === My krb5.conf looks like this: [libdefaults] default_realm = CORP.ACSALASKA.COM default_keytab_name = FILE:/etc/krb5/krb5.keytab default_tkt_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts des-cbc-md5 des-cbc-crc default_tgs_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts des-cbc-md5 des-cbc-crc # the next 2 lines came from my linux setup that is working but did not help dns_lookup_realm = true dns_lookup_kdc = true [realms] CORP.ACSALASKA.COM = { kdc = acsad6.corp.acsalaska.com:88 admin_server = acsad6.corp.acsalaska.com:749 default_domain = corp.acsalaska.com } [domain_realm] .corp.acsalaska.com = CORP.ACSALASKA.COM acsad6.corp.acsalaska.com = CORP.ACSALASKA.COM [logging] kdc = FILE:/var/krb5/log/krb5kdc.log admin_server = FILE:/var/krb5/log/kadmin.log default = FILE:/var/krb5/log/krb5lib.log -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colht, Charles Sent: Wednesday, January 11, 2006 1:19 PM To: William Jojo; samba@lists.samba.org Subject: RE: [Samba] Please help with samba 3.0.21a on AIX 5.3 Found that! It worked. Thanks for the help. Chuck -Original Message- From: William Jojo [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 10, 2006 1:55 PM To: Colht, Charles; samba@lists.samba.org Subject: Re: [Samba] Please help with samba 3.0.21a on AIX 5.3 - Original Message - From: Colht, Charles [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Monday, January 09, 2006 8:37 PM Subject: [Samba] Please help with samba 3.0.21a on AIX 5.3 *** This transmittal may contain confidential information intended solely for the addressee. If you are not the intended recipient, you are hereby notified that you have received this transmittal in error; any review, dissemination, distribution or copying of this transmittal is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (collect at 907-564-1000) and ask to speak with the message sender. In addition, please immediately delete this message and all attachments. Thank you. ACS -- To unsubscribe from this list go to the
Re: [Samba] Must you net join for the Samba machine to become a domain member?
Karnowski, David wrote: When you manually add the server to the domain, the problem is that Samba doesn't know what the password is. You can set one with the 'net' command I think, however it's much easier to delete the manually added computer and run 'net join', that way Samba does the adding and you're guaranteed that it will know the machine account credentials. ... It'd strongly recommend doing a 'net join', as the Samba configuration will be metaphorically held together with sticky tape if you don't, and I wouldn't be at all surprised if it failed at a later date for seemingly no reason. Thanks for your help again Adam. The problem on our side is that the Windows world and Unix world are administered by separate departments. They're not going to be sharing administrative passwords with each other. I am still doing that net join but using my own domain account (which is not an administrator) and it seems to be OK provided someone manually added the machine account on the Windows side. I was hoping to have it totally automated (on the Unix side at least) with no hard-coded passwords, but I guess it can't work this way. I'll keep my open for that failing at a later date for seemingly no reason thing :-) thanks again, David David - check this thread out for how to do a net ads join with minumum permissions. Doing it this way bypasses the need to manually add the computer with the UsersComputers MMC. http://marc.theaimsgroup.com/?l=sambam=112681698521084w=2 Eric Roseme Hewlett-Packard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Using same passwords as the linux machine
Hi Craig, Thanks, I'll think I'll research about option 2. Best regards, Nestor _ -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Monday, January 23, 2006 5:28 PM To: Nestor Mata Cuthbert Subject: Re: [Samba] RE: Using same passwords as the linux machine On Mon, 2006-01-23 at 09:46 -0600, Nestor Mata Cuthbert wrote: Hi, Does anyone can help me with this? Thanks Nestor _ -Original Message- From: Nestor Mata Cuthbert [mailto:[EMAIL PROTECTED] Sent: Friday, January 20, 2006 4:39 PM To: 'samba@lists.samba.org' Subject: Using same passwords as the linux machine Hi, I would like to know how to enable samba to use the same user/passwords that those that exists in the linux machine. 2 ways I know of... 1 - Heavily NOT recommended...use /etc/passwd file - that means ALL windows machines must be taught (registry) not to use encryption and smb.conf must be likewise configured not to use encryption. 2 - use ldap backend. see http://samba.org/samba/docs/ for details Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ldap authentication fails
Hi folks, We are using Samba 3.0.10 and are using OpenLdap to manage users. We are also usign PAM to track the users on the computer. The problem that we are having is when Samba has the encrypt passwords option is enabled, we recieve an session setup failed: NT_STATUS_LOGON_FAILURE message. When encrypt passwords is disabled the login is succesful. When we left work Friday we thought that there was a different encryption method being used between Samba and ldap. However, that doesn't seem to be the case now, but we are not certain of that. We have setup Samba, OpenLDAP, and PAM to use MD5 as their hashing function. This is the setup of our smb.conf global section: [global] ldap ssl = no name resolve order = wins lmhosts hosts bcast passwd chat = *new*password %n\n *new*password %n\n *successfully* idmap gid = 16777216-33554431 passwd program = /usr/local/sbin/smbldap-passwd -o %u allow hosts = 192.168.5.0/24 192.168.10.0/24 192.168.14.0/24 127.0.0.0/8 dns proxy = no netbios name = * idmap uid = 16777216-33554431 local master = yes workgroup = * os level = 65 security = user max log size = 50 log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #Make sure that passwords are not empty, do not encrypt until we #figure our what is going on with the encryption null passwords = no encrypt passwords = yes #encrypt passwords = no #SET TO update unix passwd unix password sync = yes update encrypted = yes #Set as master Samba server domain master = yes winbind use default domain = no passdb backend = ldapsam:ldap://127.0.0.1/ template shell = /bin/false wins support = yes server string = * Samba Server ldap admin dn = cn=Manager,dc=*,dc=* ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap user suffix = ou=Users path = /home ldap suffix = dc=*,dc=* add user script = /usr/local/sbin/smbldap-useradd -w %u valid users = @Domain Admins,@Domain Users preferred master = yes domain logons = yes logon script = STARTUP.BAT logon path = \\%N\Profiles\%U #ldap passwd sync = only smb passwd file = /etc/samba/smbpasswd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
Ilia Chipitsine schrieb: As some of you may know, I'm trying to set up Samba BDC on a disk- and fan-less tiny mipsel_CPU router running OpenWRT distribution. I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and they seem to work fine. The problem is, this tiny distribution for routers doesn't seem to have anything like Name Service Switch (NSS), and relies solely on /etc/passwd and /etc/group. it doesn't have to be NSS. You can use /etc/passwd for name -- uid mapping and ldap for NT/LM hashes. That's great news! (...) I thought that perhaps a workaround would be to fetch all needed info from the LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam perhaps). hashed user password are somewhat very different in terms of ldap and passwd. You can use pam, but You don't need it for samba. Is it possible to do so? Or perhaps there are some tools for converting ldapsam to tdbsam? pdbedit it is beatiful thing for converting from anything to anything :-) Almost. I don't see if it can convert ldapsam to /etc/passwd and /etc/group. use it to convert ldapsam --- smbpasswd it will handle users, not groups. and some awk hacking will be required also. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?
Ilia Chipitsine schrieb: As some of you may know, I'm trying to set up Samba BDC on a disk- and fan-less tiny mipsel_CPU router running OpenWRT distribution. I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and they seem to work fine. The problem is, this tiny distribution for routers doesn't seem to have anything like Name Service Switch (NSS), and relies solely on /etc/passwd and /etc/group. it doesn't have to be NSS. You can use /etc/passwd for name -- uid mapping and ldap for NT/LM hashes. That's great news! (...) I thought that perhaps a workaround would be to fetch all needed info from the LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam perhaps). hashed user password are somewhat very different in terms of ldap and passwd. You can use pam, but You don't need it for samba. Is it possible to do so? Or perhaps there are some tools for converting ldapsam to tdbsam? pdbedit it is beatiful thing for converting from anything to anything :-) Almost. I don't see if it can convert ldapsam to /etc/passwd and /etc/group. if You are friend of XSL, You can use pdbedit for ldapsam -- XML conversion -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap authentication fails
Andy Kesterson wrote: The problem that we are having is when Samba has the encrypt passwords option is enabled, we recieve an session setup failed: NT_STATUS_LOGON_FAILURE message. When encrypt passwords is disabled the login is succesful. ... We have setup Samba, OpenLDAP, and PAM to use MD5 as their hashing function. When encrypt passwords is disabled, and the client is appropriately configured, the client will establish a session by sending its username and password, both in plain text. With the plain text password from the client, the server can use PAM to authenticate the user. However, if you don't want to reconfigure all of your Windows desktops, and you don't want your passwords sent across the network in plain text for each connection, you should have encrypt passwords turned on. In this configuration, the client and server engage in a challenge-response conversation to authenticate the users. To do that, the server needs to have the plain-text equivalent of the user's password. If you had a smbpasswd file before converting to LDAP, you can use that to get the values that you need. If not, then you'll need all of your users to set their password. However you choose to solve that problem, you need to make sure that in addition to the userPassword attribute, each user has a sambaLMPassword and a sambaNTPassword attribute. The values for those two attributes can be formed using the mkntpwd program, if you want to script the password changes. Be careful to configure your LDAP server such that users can not read the sambaLMPassword and sambaNTPassword attributes from the server. Those values are plain-text equivalents, and could be used to log in as the user to whom they belong. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't Connect to Shares
At 01/22/06 22:06, Adam Nielsen wrote: wbinfo -u == error looking up domain users wbinfo -g == error looking up domain groups You do have winbindd running, don't you? If so, it looks like you haven't joined the domain correctly which I suspect is the cause of all the problems. 'net testjoin' should return OK if you've successfully joined. Yes, winbindd is running. I assume this has to be done on the Samba machine; no such options (join, testjoin, etc) exist on the Win2k PC. I ran, on the Samba machine, both test join and test join PDC (as I have the Samba set for being a PDC), and the commands claimed success at completion, and net rpc testjoin returned Join to 'ASTRA_ENT' is ok. However, both joins also gave the message :ads_connect: Transport endpoint is not connected. I'm assuming (hoping) that's because I'm not running ADS. However, smbclient //server/share -U user still returns the NT_STATUS_NETWORK_NAME error, and wbinfo -u and wbinfo -g both return the same errors as above. And when I try to get my Win2k PC to join the domain (My Computer|Properties|Network ID tab|Properties) I get the credentials conflict, whether I use my root|passwd or a Windows' Admin|passwd authentication. And I still can't connect to any of the three shares--same NT_STATUS_NETWORK_NAME errors. There is some progress, though; nmblookup -B server __SAMBA__ now returns the correct answer. What else do I need to look for? I assume I still need to get the PC to join the domain, but how? Cheers, Adam. Thanks for your help. Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How do I create the samba user
I used samba on FC3 with no problems. I recently upgraded to a new computer AMD 64 X2 and I installed 64 bit FC4. Samba seems to be mostly configured correctly, except that it appears as though somehow for the installation I do NOT have a samba user. If I had to guess, I would say that I have version 3.0.14a-2 for x86_64. I logged in from a windows computer and I was able to look at my home directory, but I was unable to look at a public area because [2006/01/23 23:05:43, 1] smbd/service.c:make_connection_snum(415) Couldn't find user samba [2006/01/23 23:05:46, 1] smbd/service.c:make_connection_snum(415) Couldn't find user samba Again, this is speculation, but I do believe that the server is trying to use the samba user to access the public area, but the samba user does NOT exist. I am not really certain how to create a samba user such that it will not be a security risk. Do I need to simply create a user named samba and give it an arbitrary password that is not easily guesable and then things will start working? -- Andrew Pitonyak My Macro Document: http://www.pitonyak.org/AndrewMacro.odt My Book: http://www.hentzenwerke.com/catalog/oome.htm Info: http://www.pitonyak.org/oo.php See Also: http://documentation.openoffice.org/HOW_TO/index.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba-docs r907 - in trunk/manpages-3: .
Author: lmuelle Date: 2006-01-23 09:56:04 + (Mon, 23 Jan 2006) New Revision: 907 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=907 Log: It's spelled sep_a_rator. Modified: trunk/manpages-3/smb.conf.5.xml Changeset: Modified: trunk/manpages-3/smb.conf.5.xml === --- trunk/manpages-3/smb.conf.5.xml 2006-01-20 20:25:40 UTC (rev 906) +++ trunk/manpages-3/smb.conf.5.xml 2006-01-23 09:56:04 UTC (rev 907) @@ -422,7 +422,7 @@ varlistentry term%w/term - listitemparathe winbind seperator./para/listitem + listitemparathe winbind separator./para/listitem /varlistentry varlistentry
svn commit: samba r13079 - in branches/SAMBA_4_0/source: . lib script
Author: metze Date: 2006-01-23 11:23:39 + (Mon, 23 Jan 2006) New Revision: 13079 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13079 Log: add SAMBA_VERSION_RELEASE_NICKNAME if it's set in source/VERSION smbd --version will print 4.0.0tp1 (Nickname) metze Modified: branches/SAMBA_4_0/source/VERSION branches/SAMBA_4_0/source/lib/version.c branches/SAMBA_4_0/source/script/mkversion.sh Changeset: Modified: branches/SAMBA_4_0/source/VERSION === --- branches/SAMBA_4_0/source/VERSION 2006-01-23 05:03:20 UTC (rev 13078) +++ branches/SAMBA_4_0/source/VERSION 2006-01-23 11:23:39 UTC (rev 13079) @@ -34,6 +34,16 @@ SAMBA_VERSION_REVISION= +# For 'tp' releases the version will be# +# # +# MAJOR.MINOR.RELEASEtpTP_RELEASE # +# # +# e.g. SAMBA_VERSION_PRE_RELEASE=1 # +# - 4.0.0tp1 # + +SAMBA_VERSION_TP_RELEASE= + + # For 'pre' releases the version will be # # # # MAJOR.MINOR.RELEASEprePRE_RELEASE# @@ -66,6 +76,15 @@ SAMBA_VERSION_IS_SVN_SNAPSHOT=yes +# This is for specifying a release nickname# +# # +# e.g. SAMBA_VERSION_RELEASE_NICKNAME=Nicky Nickname # +# smbd --version will then give: # +# - 4.0.0-tp1-VendorVersion (Nicky Nickname) # + +SAMBA_VERSION_RELEASE_NICKNAME= + + # This can be set by vendors if they want... # # This can be a string constant or a function which# # returns a string (const char *) # Modified: branches/SAMBA_4_0/source/lib/version.c === --- branches/SAMBA_4_0/source/lib/version.c 2006-01-23 05:03:20 UTC (rev 13078) +++ branches/SAMBA_4_0/source/lib/version.c 2006-01-23 11:23:39 UTC (rev 13079) @@ -24,21 +24,33 @@ const char *samba_version_string(void) { -#ifndef SAMBA_VERSION_VENDOR_SUFFIX - return SAMBA_VERSION_OFFICIAL_STRING; + const char *official_string = SAMBA_VERSION_OFFICIAL_STRING; +#ifdef SAMBA_VERSION_RELEASE_NICKNAME + const char *release_nickname = SAMBA_VERSION_RELEASE_NICKNAME; #else + const char *release_nickname = NULL; +#endif +#ifdef SAMBA_VERSION_VENDOR_SUFFIX + const char *vendor_suffix = SAMBA_VERSION_VENDOR_SUFFIX; +#else + const char *vendor_suffix = NULL; +#endif static char *samba_version; static BOOL init_samba_version; - if (init_samba_version) + if (init_samba_version) { return samba_version; + } - samba_version = talloc_asprintf( - talloc_autofree_context(), %s-%s, - SAMBA_VERSION_OFFICIAL_STRING, - SAMBA_VERSION_VENDOR_SUFFIX); + samba_version = talloc_asprintf(talloc_autofree_context(), + %s%s%s%s%s%s, + official_string, + (vendor_suffix?-:), + (vendor_suffix?vendor_suffix:), + (release_nickname? (:), + (release_nickname?release_nickname:), + (release_nickname?):)); init_samba_version = True; return samba_version; -#endif } Modified: branches/SAMBA_4_0/source/script/mkversion.sh === --- branches/SAMBA_4_0/source/script/mkversion.sh 2006-01-23 05:03:20 UTC (rev 13078) +++ branches/SAMBA_4_0/source/script/mkversion.sh 2006-01-23 11:23:39 UTC (rev 13079) @@ -19,14 +19,16 @@ SAMBA_VERSION_REVISION=`sed -n 's/^SAMBA_VERSION_REVISION=//p' $SOURCE_DIR$VERSION_FILE` +SAMBA_VERSION_TP_RELEASE=`sed -n 's/^SAMBA_VERSION_TP_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` + SAMBA_VERSION_PRE_RELEASE=`sed -n 's/^SAMBA_VERSION_PRE_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` SAMBA_VERSION_RC_RELEASE=`sed -n 's/^SAMBA_VERSION_RC_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` -SAMBA_VERSION_TP_RELEASE=`sed -n 's/^SAMBA_VERSION_TP_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` - SAMBA_VERSION_IS_SVN_SNAPSHOT=`sed -n 's/^SAMBA_VERSION_IS_SVN_SNAPSHOT=//p' $SOURCE_DIR$VERSION_FILE` +SAMBA_VERSION_RELEASE_NICKNAME=`sed -n 's/^SAMBA_VERSION_RELEASE_NICKNAME=//p'
svn commit: samba r13080 - in branches/SAMBA_4_0/source/wrepl_server: .
Author: metze Date: 2006-01-23 12:55:22 + (Mon, 23 Jan 2006) New Revision: 13080 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13080 Log: fix crash bug metze Modified: branches/SAMBA_4_0/source/wrepl_server/wrepl_scavenging.c Changeset: Modified: branches/SAMBA_4_0/source/wrepl_server/wrepl_scavenging.c === --- branches/SAMBA_4_0/source/wrepl_server/wrepl_scavenging.c 2006-01-23 11:23:39 UTC (rev 13079) +++ branches/SAMBA_4_0/source/wrepl_server/wrepl_scavenging.c 2006-01-23 12:55:22 UTC (rev 13080) @@ -323,7 +323,7 @@ } } } else if (NT_STATUS_IS_OK(status) rec-type == WREPL_TYPE_GROUP) { - if (s-r.out.num_addrs != 1 || strcmp(s-r.out.addrs[i].addr, 255.255.255.255) != 0) { + if (s-r.out.num_addrs != 1 || strcmp(s-r.out.addrs[0].addr, 255.255.255.255) != 0) { different = True; } }
Re: svn commit: samba r13058 - branches/SAMBA_3_0/source/lib trunk/source/lib
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Author: lmuelle Date: 2006-01-20 20:22:23 + (Fri, 20 Jan 2006) New Revision: 13058 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13058 Log: Add %w macro for the winbind seperator which allows us for example valid users = %S, %D%w%S Lars, Why do we need a variable for this? The admin knows the separator. Other than simple convience, is there an advantage here I'm missing? Even on the [homes] share I'm not sure I see it. The share gets renamed to %U. Not %D+%U. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD1OCEIR7qMdg1EfYRAhpDAKCdHfWFpE8DV4Z6BrHstJWze2AxIgCg9D6H g6myJ5y6CKKIKPWfSEPvjaU= =eLDm -END PGP SIGNATURE-
Re: svn commit: samba r13071 - in branches/SAMBA_4_0/source: build/m4 include/system
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] schrieb: Author: jpeach Date: 2006-01-22 23:48:56 + (Sun, 22 Jan 2006) New Revision: 13071 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13071 Log: Work around a really annoying compiler warning where header file ordering causes MIN and MAX to be redefined. Hi James, the build on us4 is broken now... metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD1OHdm70gjA5TCD8RAtYcAKCNrB7LOl/7hgj1ygCwKaR3AgjZWQCeOvpH mBHSLFiQegVv5eaJ42muZ74= =P4sN -END PGP SIGNATURE-
svn commit: samba r13082 - in branches/SAMBA_3_0/source: rpc_server utils
Author: jerry Date: 2006-01-23 14:04:40 + (Mon, 23 Jan 2006) New Revision: 13082 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13082 Log: revert an accidentally commited patch (still in progress) Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c branches/SAMBA_3_0/source/utils/status.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c2006-01-23 14:02:17 UTC (rev 13081) +++ branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c2006-01-23 14:04:40 UTC (rev 13082) @@ -2,8 +2,8 @@ * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Jeremy Allison 2001. - * Copyright (C) Nigel Williams 2001. + * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Nigel Williams 2001. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -1539,7 +1539,6 @@ SEC_DESC *psd = NULL; SE_PRIV se_diskop = SE_DISK_OPERATOR; BOOL is_disk_op = False; - int max_connections = 0; DEBUG(5,(_srv_net_share_set_info: %d\n, __LINE__)); @@ -1584,7 +1583,6 @@ unistr2_to_ascii(comment, q_u-info.share.info2.info_2_str.uni_remark, sizeof(comment)); unistr2_to_ascii(pathname, q_u-info.share.info2.info_2_str.uni_path, sizeof(pathname)); type = q_u-info.share.info2.info_2.type; - max_connections = (q_u-info.share.info2.max_uses == 0x) ? 0 : q_u-info.share.info2.max_uses; psd = NULL; break; #if 0 @@ -1660,8 +1658,8 @@ return WERR_ACCESS_DENIED; } - slprintf(command, sizeof(command)-1, %s \%s\ \%s\ \%s\ \%s\ %d, - lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment, max_connections ); + slprintf(command, sizeof(command)-1, %s \%s\ \%s\ \%s\ \%s\, + lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment); DEBUG(10,(_srv_net_share_set_info: Running [%s]\n, command )); @@ -1953,17 +1951,16 @@ TIME_OF_DAY_INFO *tod; struct tm *t; time_t unixdate = time(NULL); - /* We do this call first as if we do it *after* the gmtime call it overwrites the pointed-to values. JRA */ - uint32 zone = get_time_zone(unixdate)/60; - DEBUG(5,(_srv_net_remote_tod: %d\n, __LINE__)); - - if ( !(tod = TALLOC_ZERO_P(p-mem_ctx, TIME_OF_DAY_INFO)) ) + tod = TALLOC_P(p-mem_ctx, TIME_OF_DAY_INFO); + if (!tod) return WERR_NOMEM; + ZERO_STRUCTP(tod); + r_u-tod = tod; r_u-ptr_srv_tod = 0x1; r_u-status = WERR_OK; Modified: branches/SAMBA_3_0/source/utils/status.c === --- branches/SAMBA_3_0/source/utils/status.c2006-01-23 14:02:17 UTC (rev 13081) +++ branches/SAMBA_3_0/source/utils/status.c2006-01-23 14:04:40 UTC (rev 13082) @@ -103,13 +103,13 @@ static int count; if (count==0) { d_printf(Locked files:\n); - d_printf(Pid DenyMode Access R/WOplock SharePath Name\n); - d_printf(\n); + d_printf(PidDenyMode Access R/WOplock SharePath Name\n); + d_printf(--\n); } count++; if (Ucrit_checkPid(procid_to_pid(e-pid))) { - d_printf(%-11s ,procid_str_static(e-pid)); + d_printf(%s ,procid_str_static(e-pid)); switch (map_share_mode_to_deny_mode(e-share_access, e-private_options)) { case DENY_NONE: d_printf(DENY_NONE ); break; @@ -166,7 +166,7 @@ } count++; - d_printf(%08s %05x:%05x%s %9.0f %9.0f\n, + d_printf(%s %05x:%05x%s %9.0f %9.0f\n, procid_str_static(pid), (int)dev, (int)ino, lock_type==READ_LOCK?R:W, (double)start, (double)size);
svn commit: samba r13083 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jerry Date: 2006-01-23 14:26:48 + (Mon, 23 Jan 2006) New Revision: 13083 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13083 Log: patch suggested by Adam Nielsen for better smbstatus formatting Modified: branches/SAMBA_3_0/source/utils/status.c trunk/source/utils/status.c Changeset: Modified: branches/SAMBA_3_0/source/utils/status.c === --- branches/SAMBA_3_0/source/utils/status.c2006-01-23 14:04:40 UTC (rev 13082) +++ branches/SAMBA_3_0/source/utils/status.c2006-01-23 14:26:48 UTC (rev 13083) @@ -103,13 +103,13 @@ static int count; if (count==0) { d_printf(Locked files:\n); - d_printf(PidDenyMode Access R/WOplock SharePath Name\n); - d_printf(--\n); + d_printf(Pid DenyMode Access R/WOplock SharePath Name\n); + d_printf(\n); } count++; if (Ucrit_checkPid(procid_to_pid(e-pid))) { - d_printf(%s ,procid_str_static(e-pid)); + d_printf(%-11s ,procid_str_static(e-pid)); switch (map_share_mode_to_deny_mode(e-share_access, e-private_options)) { case DENY_NONE: d_printf(DENY_NONE ); break; @@ -166,7 +166,7 @@ } count++; - d_printf(%s %05x:%05x%s %9.0f %9.0f\n, + d_printf(%08s %05x:%05x%s %9.0f %9.0f\n, procid_str_static(pid), (int)dev, (int)ino, lock_type==READ_LOCK?R:W, (double)start, (double)size); Modified: trunk/source/utils/status.c === --- trunk/source/utils/status.c 2006-01-23 14:04:40 UTC (rev 13082) +++ trunk/source/utils/status.c 2006-01-23 14:26:48 UTC (rev 13083) @@ -103,13 +103,13 @@ static int count; if (count==0) { d_printf(Locked files:\n); - d_printf(PidDenyMode Access R/WOplock SharePath Name\n); - d_printf(--\n); + d_printf(Pid DenyMode Access R/WOplock SharePath Name\n); + d_printf(\n); } count++; if (Ucrit_checkPid(procid_to_pid(e-pid))) { - d_printf(%s ,procid_str_static(e-pid)); + d_printf(%-11s ,procid_str_static(e-pid)); switch (map_share_mode_to_deny_mode(e-share_access, e-private_options)) { case DENY_NONE: d_printf(DENY_NONE ); break; @@ -166,7 +166,7 @@ } count++; - d_printf(%s %05x:%05x%s %9.0f %9.0f\n, + d_printf(%08s %05x:%05x%s %9.0f %9.0f\n, procid_str_static(pid), (int)dev, (int)ino, lock_type==READ_LOCK?R:W, (double)start, (double)size);
svn commit: samba r13085 - branches/SAMBA_3_0/source/rpc_server trunk/source/rpc_server
Author: jerry Date: 2006-01-23 14:34:26 + (Mon, 23 Jan 2006) New Revision: 13085 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13085 Log: hook the max connections spin box in the share properties MMC plugin dialog to the 'max connections' smb.conf parameter. Also added the max uses int from the SHARE_INFO_2 structure to the 'modify share command' Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c trunk/source/rpc_server/srv_srvsvc_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c2006-01-23 14:29:10 UTC (rev 13084) +++ branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c2006-01-23 14:34:26 UTC (rev 13085) @@ -2,8 +2,8 @@ * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Jeremy Allison 2001. - * Copyright (C) Nigel Williams 2001. + * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Nigel Williams 2001. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -109,6 +109,8 @@ pstring remark; pstring path; pstring passwd; + int max_connections = lp_max_connections(snum); + uint32 max_uses = max_connections!=0 ? max_connections : 0x; char *net_name = lp_servicename(snum); pstrcpy(remark, lp_comment(snum)); @@ -125,7 +127,7 @@ pstrcpy(passwd, ); - init_srv_share_info2(sh2-info_2, net_name, get_share_type(snum), remark, 0, 0x, 1, path, passwd); + init_srv_share_info2(sh2-info_2, net_name, get_share_type(snum), remark, 0, max_uses, 1, path, passwd); init_srv_share_info2_str(sh2-info_2_str, net_name, remark, path, passwd); } @@ -1539,6 +1541,7 @@ SEC_DESC *psd = NULL; SE_PRIV se_diskop = SE_DISK_OPERATOR; BOOL is_disk_op = False; + int max_connections = 0; DEBUG(5,(_srv_net_share_set_info: %d\n, __LINE__)); @@ -1583,6 +1586,7 @@ unistr2_to_ascii(comment, q_u-info.share.info2.info_2_str.uni_remark, sizeof(comment)); unistr2_to_ascii(pathname, q_u-info.share.info2.info_2_str.uni_path, sizeof(pathname)); type = q_u-info.share.info2.info_2.type; + max_connections = (q_u-info.share.info2.info_2.max_uses == 0x) ? 0 : q_u-info.share.info2.info_2.max_uses; psd = NULL; break; #if 0 @@ -1651,15 +1655,16 @@ /* Only call modify function if something changed. */ - if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) + if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) + || (lp_max_connections(snum) != max_connections) ) { if (!lp_change_share_cmd() || !*lp_change_share_cmd()) { DEBUG(10,(_srv_net_share_set_info: No change share command\n)); return WERR_ACCESS_DENIED; } - slprintf(command, sizeof(command)-1, %s \%s\ \%s\ \%s\ \%s\, - lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment); + slprintf(command, sizeof(command)-1, %s \%s\ \%s\ \%s\ \%s\ %d, + lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment, max_connections ); DEBUG(10,(_srv_net_share_set_info: Running [%s]\n, command )); @@ -1951,16 +1956,17 @@ TIME_OF_DAY_INFO *tod; struct tm *t; time_t unixdate = time(NULL); + /* We do this call first as if we do it *after* the gmtime call it overwrites the pointed-to values. JRA */ + uint32 zone = get_time_zone(unixdate)/60; - tod = TALLOC_P(p-mem_ctx, TIME_OF_DAY_INFO); - if (!tod) + DEBUG(5,(_srv_net_remote_tod: %d\n, __LINE__)); + + if ( !(tod = TALLOC_ZERO_P(p-mem_ctx, TIME_OF_DAY_INFO)) ) return WERR_NOMEM; - ZERO_STRUCTP(tod); - r_u-tod = tod; r_u-ptr_srv_tod = 0x1; r_u-status = WERR_OK; Modified: trunk/source/rpc_server/srv_srvsvc_nt.c === --- trunk/source/rpc_server/srv_srvsvc_nt.c 2006-01-23 14:29:10 UTC (rev 13084) +++ trunk/source/rpc_server/srv_srvsvc_nt.c 2006-01-23 14:34:26 UTC (rev 13085) @@ -2,8 +2,8 @@ * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Jeremy Allison
svn commit: samba r13086 - branches/SAMBA_3_0/source/rpc_server trunk/source/rpc_server
Author: jerry Date: 2006-01-23 14:47:55 + (Mon, 23 Jan 2006) New Revision: 13086 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13086 Log: hooking max connections into 'add share' as well (although the WinXP UI doesn't give you a way to set the value on add Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c trunk/source/rpc_server/srv_srvsvc_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c2006-01-23 14:34:26 UTC (rev 13085) +++ branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c2006-01-23 14:47:55 UTC (rev 13086) @@ -1711,7 +1711,8 @@ } /*** - Net share add. Call 'add_share_command sharename pathname comment read only = xxx' + Net share add. Call 'add_share_command sharename pathname + comment max connections = / WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_SHARE_ADD *r_u) @@ -1728,6 +1729,7 @@ SEC_DESC *psd = NULL; SE_PRIV se_diskop = SE_DISK_OPERATOR; BOOL is_disk_op; + int max_connections = 0; DEBUG(5,(_srv_net_share_add: %d\n, __LINE__)); @@ -1756,6 +1758,7 @@ unistr2_to_ascii(share_name, q_u-info.share.info2.info_2_str.uni_netname, sizeof(share_name)); unistr2_to_ascii(comment, q_u-info.share.info2.info_2_str.uni_remark, sizeof(share_name)); unistr2_to_ascii(pathname, q_u-info.share.info2.info_2_str.uni_path, sizeof(share_name)); + max_connections = (q_u-info.share.info2.info_2.max_uses == 0x) ? 0 : q_u-info.share.info2.info_2.max_uses; type = q_u-info.share.info2.info_2.type; break; case 501: @@ -1792,9 +1795,8 @@ return WERR_INVALID_NAME; } - if ( strequal(share_name,IPC$) - || ( lp_enable_asu_support() strequal(share_name,ADMIN$) ) - || strequal(share_name,global) ) + if ( strequal(share_name,IPC$) || strequal(share_name,global) + || ( lp_enable_asu_support() strequal(share_name,ADMIN$) ) ) { return WERR_ACCESS_DENIED; } @@ -1818,8 +1820,13 @@ string_replace(path, '', ' '); string_replace(comment, '', ' '); - slprintf(command, sizeof(command)-1, %s \%s\ \%s\ \%s\ \%s\, - lp_add_share_cmd(), dyn_CONFIGFILE, share_name, path, comment); + slprintf(command, sizeof(command)-1, %s \%s\ \%s\ \%s\ \%s\ %d, + lp_add_share_cmd(), + dyn_CONFIGFILE, + share_name, + path, + comment, + max_connections); DEBUG(10,(_srv_net_share_add: Running [%s]\n, command )); Modified: trunk/source/rpc_server/srv_srvsvc_nt.c === --- trunk/source/rpc_server/srv_srvsvc_nt.c 2006-01-23 14:34:26 UTC (rev 13085) +++ trunk/source/rpc_server/srv_srvsvc_nt.c 2006-01-23 14:47:55 UTC (rev 13086) @@ -1517,7 +1517,8 @@ } /*** - Net share add. Call 'add_share_command sharename pathname comment read only = xxx' + Net share add. Call 'add_share_command sharename pathname + comment max connections = / WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_SHARE_ADD *r_u) @@ -1534,6 +1535,7 @@ SEC_DESC *psd = NULL; SE_PRIV se_diskop = SE_DISK_OPERATOR; BOOL is_disk_op; + int max_connections = 0; DEBUG(5,(_srv_net_share_add: %d\n, __LINE__)); @@ -1562,6 +1564,7 @@ unistr2_to_ascii(share_name, q_u-info.share.info2.info_2_str.uni_netname, sizeof(share_name)); unistr2_to_ascii(comment, q_u-info.share.info2.info_2_str.uni_remark, sizeof(share_name)); unistr2_to_ascii(pathname, q_u-info.share.info2.info_2_str.uni_path, sizeof(share_name)); + max_connections = (q_u-info.share.info2.info_2.max_uses == 0x) ? 0 : q_u-info.share.info2.info_2.max_uses; type = q_u-info.share.info2.info_2.type; break; case 501: @@ -1598,9 +1601,8 @@ return WERR_INVALID_NAME; } - if ( strequal(share_name,IPC$) - || ( lp_enable_asu_support() strequal(share_name,ADMIN$) ) - || strequal(share_name,global) ) + if ( strequal(share_name,IPC$) || strequal(share_name,global) + || ( lp_enable_asu_support()
svn commit: samba r13084 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: metze Date: 2006-01-23 14:29:10 + (Mon, 23 Jan 2006) New Revision: 13084 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13084 Log: fix 'make test'! I would sugguest to run 'make test make valgrind' before each commit at this stage... metze Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-23 14:26:48 UTC (rev 13083) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-23 14:29:10 UTC (rev 13084) @@ -551,11 +551,6 @@ return false; } - if (lp.get(server role) == pdc) { - message(server role must not be set to 'pdc' during the install\n); - return false; - } - return true; }
svn commit: samba r13087 - in branches/SAMBA_4_0/source/nbt_server/wins: .
Author: metze Date: 2006-01-23 14:54:10 + (Mon, 23 Jan 2006) New Revision: 13087 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13087 Log: don't store timestamps for static records (only a per record timestamp when it's not active) metze Modified: branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c Changeset: Modified: branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c === --- branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c 2006-01-23 14:47:55 UTC (rev 13086) +++ branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c 2006-01-23 14:54:10 UTC (rev 13087) @@ -310,22 +310,30 @@ /* encode the winsdb_addr(address) attribute like this: + non-static record: 172.31.1.1;winsOwner:172.31.9.202;expireTime:20050923032330.0Z; + static record: + 172.31.1.1 */ -static int ldb_msg_add_winsdb_addr(struct ldb_message *msg, +static int ldb_msg_add_winsdb_addr(struct ldb_message *msg, struct winsdb_record *rec, const char *attr_name, struct winsdb_addr *addr) { struct ldb_val val; const char *str; - char *expire_time; - expire_time = ldb_timestring(msg, addr-expire_time); - if (!expire_time) return -1; - str = talloc_asprintf(msg, %s;winsOwner:%s;expireTime:%s;, - addr-address, addr-wins_owner, - expire_time); - talloc_free(expire_time); - if (!str) return -1; + if (rec-is_static) { + str = talloc_strdup(msg, addr-address); + if (!str) return -1; + } else { + char *expire_time; + expire_time = ldb_timestring(msg, addr-expire_time); + if (!expire_time) return -1; + str = talloc_asprintf(msg, %s;winsOwner:%s;expireTime:%s;, + addr-address, addr-wins_owner, + expire_time); + talloc_free(expire_time); + if (!str) return -1; + } val.data = discard_const_p(uint8_t, str); val.length = strlen(str); @@ -617,13 +625,6 @@ struct ldb_message *msg = ldb_msg_new(mem_ctx); if (msg == NULL) goto failed; - if (rec-is_static rec-state == WREPL_STATE_ACTIVE) { - rec-expire_time = get_time_t_max(); - for (i=0;rec-addresses[i];i++) { - rec-addresses[i]-expire_time = rec-expire_time; - } - } - /* make sure we don't put in corrupted records */ addr_count = winsdb_addr_list_length(rec-addresses); if (rec-state == WREPL_STATE_ACTIVE addr_count == 0) { @@ -652,12 +653,15 @@ ret |= ldb_msg_add_fmt(msg, recordState, %u, rec-state); ret |= ldb_msg_add_fmt(msg, nodeType, %u, rec-node); ret |= ldb_msg_add_fmt(msg, isStatic, %u, rec-is_static); - ret |= ldb_msg_add_string(msg, expireTime, expire_time); + ret |= ldb_msg_add_empty(msg, expireTime, 0); + if (!(rec-is_static rec-state == WREPL_STATE_ACTIVE)) { + ret |= ldb_msg_add_string(msg, expireTime, expire_time); + } ret |= ldb_msg_add_fmt(msg, versionID, %llu, (long long)rec-version); ret |= ldb_msg_add_string(msg, winsOwner, rec-wins_owner); ret |= ldb_msg_add_empty(msg, address, 0); for (i=0;rec-addresses[i];i++) { - ret |= ldb_msg_add_winsdb_addr(msg, address, rec-addresses[i]); + ret |= ldb_msg_add_winsdb_addr(msg, rec, address, rec-addresses[i]); } ret |= ldb_msg_add_empty(msg, registeredBy, 0); if (rec-registered_by) {
svn commit: samba r13088 - in branches/SAMBA_4_0/source/wrepl_server: .
Author: metze Date: 2006-01-23 16:04:27 + (Mon, 23 Jan 2006) New Revision: 13088 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13088 Log: - handle non-active static entries - improve verifiying a replica with a remote wins server we now take the ownership of replica records that doesn't match the answer from the wins owner and make the record tombstone. this hopefully causes the original wins owner to propagate its new record, so that it will be replicated back to us metze Modified: branches/SAMBA_4_0/source/wrepl_server/wrepl_scavenging.c Changeset: Sorry, the patch is too large (265 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13088
Re: svn commit: samba r13058 - branches/SAMBA_3_0/source/lib trunk/source/lib
On Mon, Jan 23, 2006 at 07:56:20AM -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Author: lmuelle Date: 2006-01-20 20:22:23 + (Fri, 20 Jan 2006) New Revision: 13058 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13058 Log: Add %w macro for the winbind seperator which allows us for example valid users = %S, %D%w%S Lars, Why do we need a variable for this? The admin knows the separator. Other than simple convience, is there an advantage here I'm missing? Even on the [homes] share I'm not sure I see it. The share gets renamed to %U. Not %D+%U. It's to allow the separator to be set in one place, then all other instances of it in the smb.conf or included files don't need to be changed. It's not a big invasive change and seems to make admin easier so I am in favour really. Jeremy.
Re: svn commit: samba r13058 - branches/SAMBA_3_0/source/lib trunk/source/lib
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: It's to allow the separator to be set in one place, then all other instances of it in the smb.conf or included files don't need to be changed. It's not a big invasive change and seems to make admin easier so I am in favour really. I get that anyways. like you said, it's a minor change. cheers, jerry = I live in a Reply-to-All world. --- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD1RTsIR7qMdg1EfYRAuGbAKCZNdozggqQdskULJ779wb3ynFD6QCgmVsM nG1G6W46EG+MlLGaywxRZuw= =l4KD -END PGP SIGNATURE-
svn commit: samba r13089 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: jerry Date: 2006-01-23 21:57:36 + (Mon, 23 Jan 2006) New Revision: 13089 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13089 Log: quick fix to work around building ilbnss_winbind.so on SOlaris when --enable-developer is specified Modified: branches/SAMBA_3_0/source/nsswitch/winbind_nss_solaris.c trunk/source/nsswitch/winbind_nss_solaris.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbind_nss_solaris.c === --- branches/SAMBA_3_0/source/nsswitch/winbind_nss_solaris.c2006-01-23 16:04:27 UTC (rev 13088) +++ branches/SAMBA_3_0/source/nsswitch/winbind_nss_solaris.c2006-01-23 21:57:36 UTC (rev 13089) @@ -25,6 +25,8 @@ Boston, MA 02111-1307, USA. */ +#undef DEVELOPER + #include stdlib.h #include sys/types.h #include sys/param.h Modified: trunk/source/nsswitch/winbind_nss_solaris.c === --- trunk/source/nsswitch/winbind_nss_solaris.c 2006-01-23 16:04:27 UTC (rev 13088) +++ trunk/source/nsswitch/winbind_nss_solaris.c 2006-01-23 21:57:36 UTC (rev 13089) @@ -25,6 +25,8 @@ Boston, MA 02111-1307, USA. */ +#undef DEVELOPER + #include stdlib.h #include sys/types.h #include sys/param.h
svn commit: samba r13090 - in trunk/source/utils: .
Author: jra Date: 2006-01-23 21:57:56 + (Mon, 23 Jan 2006) New Revision: 13090 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13090 Log: Fix gcc warning about using '0' with %s. Jeremy. Modified: trunk/source/utils/status.c Changeset: Modified: trunk/source/utils/status.c === --- trunk/source/utils/status.c 2006-01-23 21:57:36 UTC (rev 13089) +++ trunk/source/utils/status.c 2006-01-23 21:57:56 UTC (rev 13090) @@ -166,7 +166,7 @@ } count++; - d_printf(%08s %05x:%05x%s %9.0f %9.0f\n, + d_printf(%8s %05x:%05x%s %9.0f %9.0f\n, procid_str_static(pid), (int)dev, (int)ino, lock_type==READ_LOCK?R:W, (double)start, (double)size);
svn commit: samba r13091 - in branches/SAMBA_3_0/source/utils: .
Author: jra Date: 2006-01-23 21:57:58 + (Mon, 23 Jan 2006) New Revision: 13091 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13091 Log: Fix gcc warning about using '0' with %s. Jeremy. Modified: branches/SAMBA_3_0/source/utils/status.c Changeset: Modified: branches/SAMBA_3_0/source/utils/status.c === --- branches/SAMBA_3_0/source/utils/status.c2006-01-23 21:57:56 UTC (rev 13090) +++ branches/SAMBA_3_0/source/utils/status.c2006-01-23 21:57:58 UTC (rev 13091) @@ -166,7 +166,7 @@ } count++; - d_printf(%08s %05x:%05x%s %9.0f %9.0f\n, + d_printf(%8s %05x:%05x%s %9.0f %9.0f\n, procid_str_static(pid), (int)dev, (int)ino, lock_type==READ_LOCK?R:W, (double)start, (double)size);
svn commit: samba r13092 - in trunk/source: lib nsswitch
Author: jra Date: 2006-01-23 22:00:30 + (Mon, 23 Jan 2006) New Revision: 13092 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13092 Log: Add code to remove a race condition when we're fork'ing a new child and changing message disposition. Jeremy. Modified: trunk/source/lib/messages.c trunk/source/nsswitch/winbindd_dual.c Changeset: Modified: trunk/source/lib/messages.c === --- trunk/source/lib/messages.c 2006-01-23 21:57:58 UTC (rev 13091) +++ trunk/source/lib/messages.c 2006-01-23 22:00:30 UTC (rev 13092) @@ -604,4 +604,19 @@ *n_sent = msg_all.n_sent; return True; } + +/* + * Block and unblock receiving of messages. Allows removal of race conditions + * when doing a fork and changing message disposition. + */ + +void message_block(void) +{ + BlockSignals(True, SIGUSR1); +} + +void message_unblock(void) +{ + BlockSignals(False, SIGUSR1); +} /** @} **/ Modified: trunk/source/nsswitch/winbindd_dual.c === --- trunk/source/nsswitch/winbindd_dual.c 2006-01-23 21:57:58 UTC (rev 13091) +++ trunk/source/nsswitch/winbindd_dual.c 2006-01-23 22:00:30 UTC (rev 13092) @@ -557,10 +557,15 @@ ZERO_STRUCT(state); state.pid = getpid(); + /* Ensure we don't process messages whilst we're + changing the disposition for the child. */ + message_block(); + child-pid = sys_fork(); if (child-pid == -1) { DEBUG(0, (Could not fork: %s\n, strerror(errno))); + message_unblock(); return False; } @@ -573,6 +578,8 @@ child-event.flags = 0; child-requests = NULL; add_fd_event(child-event); + /* We're ok with online/offline messages now. */ + message_unblock(); return True; } @@ -600,6 +607,9 @@ message_deregister(MSG_WINBIND_OFFLINE); message_deregister(MSG_WINBIND_ONLINE); + /* The child is ok with online/offline messages now. */ + message_unblock(); + child-mem_ctx = talloc_init(child_mem_ctx); if (child-mem_ctx == NULL) { return False;
svn commit: samba r13093 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/lib branches/SAMBA_3_0/source/script trunk/source trunk/source/lib trunk/source/script
Author: jerry Date: 2006-01-23 22:02:52 + (Mon, 23 Jan 2006) New Revision: 13093 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13093 Log: adding vendor patch level string as announced on samba-technical ml Modified: branches/SAMBA_3_0/source/VERSION branches/SAMBA_3_0/source/lib/version.c branches/SAMBA_3_0/source/script/mkversion.sh trunk/source/VERSION trunk/source/lib/version.c trunk/source/script/mkversion.sh Changeset: Sorry, the patch is too large (263 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13093
svn commit: samba r13094 - in trunk/source/include: .
Author: jra Date: 2006-01-23 22:32:56 + (Mon, 23 Jan 2006) New Revision: 13094 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13094 Log: Fix warnings assigning int to a size_t. Jeremy. Modified: trunk/source/include/auth.h trunk/source/include/smb.h Changeset: Modified: trunk/source/include/auth.h === --- trunk/source/include/auth.h 2006-01-23 22:02:52 UTC (rev 13093) +++ trunk/source/include/auth.h 2006-01-23 22:32:56 UTC (rev 13094) @@ -51,7 +51,7 @@ gid_t gid; /* This groups info is needed for when we become_user() for this uid */ - int n_groups; + size_t n_groups; gid_t *groups; /* NT group information taken from the info3 structure */ Modified: trunk/source/include/smb.h === --- trunk/source/include/smb.h 2006-01-23 22:02:52 UTC (rev 13093) +++ trunk/source/include/smb.h 2006-01-23 22:32:56 UTC (rev 13094) @@ -544,7 +544,7 @@ /* following groups stuff added by ih */ /* This groups info is valid for the user that *opened* the connection */ - int ngroups; + size_t ngroups; gid_t *groups; NT_USER_TOKEN *nt_user_token;
svn commit: samba r13095 - in branches/SAMBA_3_0/source: include smbd
Author: jra Date: 2006-01-23 23:19:31 + (Mon, 23 Jan 2006) New Revision: 13095 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13095 Log: Fix warnings assigning int to a size_t. Jeremy. Modified: branches/SAMBA_3_0/source/include/auth.h branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/smbd/service.c Changeset: Modified: branches/SAMBA_3_0/source/include/auth.h === --- branches/SAMBA_3_0/source/include/auth.h2006-01-23 22:32:56 UTC (rev 13094) +++ branches/SAMBA_3_0/source/include/auth.h2006-01-23 23:19:31 UTC (rev 13095) @@ -58,7 +58,7 @@ gid_t gid; /* This groups info is needed for when we become_user() for this uid */ - int n_groups; + size_t n_groups; gid_t *groups; /* NT group information taken from the info3 structure */ Modified: branches/SAMBA_3_0/source/include/smb.h === --- branches/SAMBA_3_0/source/include/smb.h 2006-01-23 22:32:56 UTC (rev 13094) +++ branches/SAMBA_3_0/source/include/smb.h 2006-01-23 23:19:31 UTC (rev 13095) @@ -514,7 +514,7 @@ /* following groups stuff added by ih */ /* This groups info is valid for the user that *opened* the connection */ - int ngroups; + size_t ngroups; gid_t *groups; NT_USER_TOKEN *nt_user_token; Modified: branches/SAMBA_3_0/source/smbd/service.c === --- branches/SAMBA_3_0/source/smbd/service.c2006-01-23 22:32:56 UTC (rev 13094) +++ branches/SAMBA_3_0/source/smbd/service.c2006-01-23 23:19:31 UTC (rev 13095) @@ -592,6 +592,7 @@ } if (conn-force_user || conn-force_group) { + int ngroups = 0; /* groups stuff added by ih */ conn-ngroups = 0; @@ -600,7 +601,8 @@ /* Find all the groups this uid is in and store them. Used by change_to_user() */ initialise_groups(conn-user, conn-uid, conn-gid); - get_current_groups(conn-gid, conn-ngroups,conn-groups); + get_current_groups(conn-gid, ngroups, conn-groups); + conn-ngroups = ngroups; conn-nt_user_token = create_nt_token(conn-uid, conn-gid,
Build status as of Tue Jan 24 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-01-23 00:00:38.0 + +++ /home/build/master/cache/broken_results.txt 2006-01-24 00:00:06.0 + @@ -1,17 +1,17 @@ -Build status as of Mon Jan 23 00:00:02 2006 +Build status as of Tue Jan 24 00:00:02 2006 Build counts: Tree Total Broken Panic ccache 8 2 0 -distcc 9 2 0 +distcc 9 3 0 lorikeet-heimdal 10 10 0 -ppp 16 0 0 -rsync32 5 0 -samba3 0 0 +ppp 15 0 0 +rsync31 3 0 +samba2 0 0 samba-docs 0 0 0 -samba4 34 18 2 -samba_3_033 6 0 -smb-build24 4 0 -talloc 6 4 0 -tdb 5 1 0 +samba4 33 16 1 +samba_3_032 5 0 +smb-build22 4 0 +talloc 5 3 0 +tdb 4 1 0
svn commit: samba r13097 - in branches/SAMBA_4_0/source: scripting/libjs setup
Author: tridge Date: 2006-01-24 00:11:32 + (Tue, 24 Jan 2006) New Revision: 13097 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13097 Log: move the creation of the default sam name - unix name mappings into the main provision logic, so it can also be used as part of the vampire process Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/source/setup/provision_users.ldif Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-24 00:09:41 UTC (rev 13096) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-24 00:11:32 UTC (rev 13097) @@ -52,25 +52,51 @@ /* add a foreign security principle */ -function add_foreign(str, sid, desc, unixname) +function add_foreign(str, sid, desc) { var add = dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN} objectClass: top objectClass: foreignSecurityPrincipal description: ${DESC} -unixName: ${UNIXNAME} uSNCreated: 1 uSNChanged: 1 ; var sub = new Object(); sub.SID = sid; sub.DESC = desc; - sub.UNIXNAME = unixname; return str + substitute_var(add, sub); } + /* + setup a mapping between a sam name and a unix name + */ +function setup_name_mapping(info, ldb, sid, unixname) +{ + var attrs = new Array(dn); + var res = ldb.search(sprintf(objectSid=%s, sid), +NULL, ldb.SCOPE_DEFAULT, attrs); + if (res.length != 1) { + return false; + } + var mod = sprintf( +dn: %s +changetype: modify +replace: unixName +unixName: %s +, + res[0].dn, unixname); + var ok = ldb.modify(mod); + if (!ok) { + info.message(name mapping for %s failed - %s\n, +sid, ldb.errstring()); + return false; + } + return true; +} + +/* return current time as a nt time string */ function nttime() @@ -258,7 +284,43 @@ return paths; } + /* + setup reasonable name mappings for sam names to unix names +*/ +function setup_name_mappings(info, subobj, session_info, credentials) +{ + var lp = loadparm_init(); + var ldb = ldb_init(); + ldb.session_info = session_info; + ldb.credentials = credentials; + var ok = ldb.connect(lp.get(sam database)); + if (!ok) { + return false; + } + + /* some well known sids */ + setup_name_mapping(info, ldb, S-1-5-7, subobj.NOBODY); + setup_name_mapping(info, ldb, S-1-1-0, subobj.NOGROUP); + setup_name_mapping(info, ldb, S-1-5-2, subobj.NOGROUP); + setup_name_mapping(info, ldb, S-1-5-18, subobj.ROOT); + setup_name_mapping(info, ldb, S-1-5-11, subobj.USERS); + setup_name_mapping(info, ldb, S-1-5-32-544, subobj.WHEEL); + setup_name_mapping(info, ldb, S-1-5-32-546, subobj.NOGROUP); + + /* and some well known domain rids */ + setup_name_mapping(info, ldb, subobj.DOMAINSID + -500, subobj.ROOT); + setup_name_mapping(info, ldb, subobj.DOMAINSID + -518, subobj.WHEEL); + setup_name_mapping(info, ldb, subobj.DOMAINSID + -519, subobj.WHEEL); + setup_name_mapping(info, ldb, subobj.DOMAINSID + -512, subobj.WHEEL); + setup_name_mapping(info, ldb, subobj.DOMAINSID + -513, subobj.USERS); + setup_name_mapping(info, ldb, subobj.DOMAINSID + -520, subobj.WHEEL); + + return true; +} + + +/* provision samba4 - caution, this wipes all existing data! */ function provision(subobj, message, blank, paths, session_info, credentials) @@ -319,10 +381,17 @@ setup_ldb(provision_templates.ldif, info, paths.samdb, NULL, false); message(Setting up sam.ldb data\n); setup_ldb(provision.ldif, info, paths.samdb, NULL, false); - if (blank == false) { - message(Setting up sam.ldb users and groups\n); - setup_ldb(provision_users.ldif, info, paths.samdb, data, false); + if (blank != false) { + return true; } + + message(Setting up sam.ldb users and groups\n); + setup_ldb(provision_users.ldif, info, paths.samdb, data, false); + + if (setup_name_mappings(info, subobj, session_info, credentials) == false) { + return false; + } + return true; } Modified: branches/SAMBA_4_0/source/setup/provision_users.ldif === --- branches/SAMBA_4_0/source/setup/provision_users.ldif2006-01-24 00:09:41 UTC (rev 13096) +++ branches/SAMBA_4_0/source/setup/provision_users.ldif2006-01-24 00:11:32 UTC (rev 13097) @@ -16,7 +16,6 @@ sAMAccountName: Administrator isCriticalSystemObject: TRUE sambaPassword: ${ADMINPASS} -unixName: ${ROOT} dn: CN=Guest,CN=Users,${BASEDN}
svn commit: samba r13098 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: tridge Date: 2006-01-24 00:16:54 + (Tue, 24 Jan 2006) New Revision: 13098 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13098 Log: make check for workgroup and realm case insensitive Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-24 00:11:32 UTC (rev 13097) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-24 00:16:54 UTC (rev 13098) @@ -608,13 +608,13 @@ } - if (lp.get(workgroup) != subobj.DOMAIN) { + if (strupper(lp.get(workgroup)) != strupper(subobj.DOMAIN)) { message(workgroup '%s' in smb.conf must match chosen domain '%s'\n, lp.get(workgroup), subobj.DOMAIN); return false; } - if (lp.get(realm) != subobj.REALM) { + if (strupper(lp.get(realm)) != strupper(subobj.REALM)) { message(realm '%s' in smb.conf must match chosen realm '%s'\n, lp.get(realm), subobj.REALM); return false;
svn commit: samba r13099 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2006-01-24 00:34:58 + (Tue, 24 Jan 2006) New Revision: 13099 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13099 Log: allow shares that point to / Modified: branches/SAMBA_4_0/source/ntvfs/posix/vfs_posix.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/vfs_posix.c === --- branches/SAMBA_4_0/source/ntvfs/posix/vfs_posix.c 2006-01-24 00:16:54 UTC (rev 13098) +++ branches/SAMBA_4_0/source/ntvfs/posix/vfs_posix.c 2006-01-24 00:34:58 UTC (rev 13099) @@ -124,7 +124,9 @@ /* for simplicity of path construction, remove any trailing slash now */ base_directory = talloc_strdup(pvfs, lp_pathname(tcon-service)); NT_STATUS_HAVE_NO_MEMORY(base_directory); - trim_string(base_directory, NULL, /); + if (strcmp(base_directory, /) != 0) { + trim_string(base_directory, NULL, /); + } pvfs-tcon = tcon; pvfs-base_directory = base_directory;
svn commit: samba r13100 - in branches/SAMBA_4_0/swat: .
Author: tridge Date: 2006-01-24 00:47:58 + (Tue, 24 Jan 2006) New Revision: 13100 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13100 Log: removed unused menu item Modified: branches/SAMBA_4_0/swat/menu.js Changeset: Modified: branches/SAMBA_4_0/swat/menu.js === --- branches/SAMBA_4_0/swat/menu.js 2006-01-24 00:34:58 UTC (rev 13099) +++ branches/SAMBA_4_0/swat/menu.js 2006-01-24 00:47:58 UTC (rev 13100) @@ -10,7 +10,6 @@ Main Menu, Servers,session_uri(/?menu=servers), Installation, session_uri(/install/), - Configuration, session_uri(/config/), ESP Tests, session_uri(/esptest/)); swat_menus.servers = simple_menu(
svn commit: samba r13101 - in branches/SAMBA_4_0: .
Author: jelmer Date: 2006-01-24 01:52:42 + (Tue, 24 Jan 2006) New Revision: 13101 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13101 Log: autogen.sh doesn't have to be run when compiling from a released tarball (running it anyway might give problems for people who don't have autoconf installed properly or at all) Fix typo Modified: branches/SAMBA_4_0/howto.txt Changeset: Modified: branches/SAMBA_4_0/howto.txt === --- branches/SAMBA_4_0/howto.txt2006-01-24 00:47:58 UTC (rev 13100) +++ branches/SAMBA_4_0/howto.txt2006-01-24 01:52:42 UTC (rev 13101) @@ -22,6 +22,12 @@ both methods will create a directory called samba4 in the current directory. If you don't have rsync or svn then install one of them. +Since only released versions of Samba contain a pregenerated configure script, +you will have to generate it by hand: + + $ cd samba4/source + $ ./autogen.sh + Note that the above rsync command will give you a checked out svn repository. So if you also have svn you can update it to the latest version at some future date using: @@ -35,14 +41,12 @@ Run this: $ cd samba4/source - $ ./autogen.sh - $ ./configure.developer + $ ./configure $ make proto all -If you have gcc 3.4 or newer, then substitue pch for proto to +If you have gcc 3.4 or newer, then substitute pch for proto to greatly speed up the compile process (about 5x faster). - Step 3: install Samba4 --
svn commit: samba r13102 - in branches/SAMBA_4_0: source/scripting/libjs swat/install
Author: tridge Date: 2006-01-24 01:52:56 + (Tue, 24 Jan 2006) New Revision: 13102 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13102 Log: fixed the vampire code to correctly setup foreign sids and default unix name mappings Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/swat/install/vampire.esp Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-24 01:52:42 UTC (rev 13101) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-01-24 01:52:56 UTC (rev 13102) @@ -52,20 +52,20 @@ /* add a foreign security principle */ -function add_foreign(str, sid, desc) +function add_foreign(ldb, subobj, sid, desc) { - var add = -dn: CN=${SID},CN=ForeignSecurityPrincipals,${BASEDN} + var add = sprintf( +dn: CN=%s,CN=ForeignSecurityPrincipals,%s objectClass: top objectClass: foreignSecurityPrincipal -description: ${DESC} +description: %s uSNCreated: 1 uSNChanged: 1 -; - var sub = new Object(); - sub.SID = sid; - sub.DESC = desc; - return str + substitute_var(add, sub); +, + sid, subobj.BASEDN, desc); + /* deliberately ignore errors from this, as the records may + already exist */ + ldb.add(add); } @@ -78,6 +78,7 @@ var res = ldb.search(sprintf(objectSid=%s, sid), NULL, ldb.SCOPE_DEFAULT, attrs); if (res.length != 1) { + info.message(Failed to find record for objectSid %s\n, sid); return false; } var mod = sprintf( @@ -298,7 +299,22 @@ if (!ok) { return false; } + var attrs = new Array(objectSid); + var res = ldb.search(dnsDomain= + subobj.REALM, +NULL, ldb.SCOPE_DEFAULT, attrs); + if (res.length != 1) { + info.message(Failed to find dnsDomain %s\n, subobj.REALM); + return false; + } + var sid = res[0].objectSid; + /* add some foreign sids if they are not present already */ + add_foreign(ldb, subobj, S-1-5-7, Anonymous); + add_foreign(ldb, subobj, S-1-1-0, World); + add_foreign(ldb, subobj, S-1-5-2, Network); + add_foreign(ldb, subobj, S-1-5-18, System); + add_foreign(ldb, subobj, S-1-5-11, Authenticated Users); + /* some well known sids */ setup_name_mapping(info, ldb, S-1-5-7, subobj.NOBODY); setup_name_mapping(info, ldb, S-1-1-0, subobj.NOGROUP); @@ -307,14 +323,15 @@ setup_name_mapping(info, ldb, S-1-5-11, subobj.USERS); setup_name_mapping(info, ldb, S-1-5-32-544, subobj.WHEEL); setup_name_mapping(info, ldb, S-1-5-32-546, subobj.NOGROUP); + setup_name_mapping(info, ldb, S-1-5-32-551, subobj.BACKUP); /* and some well known domain rids */ - setup_name_mapping(info, ldb, subobj.DOMAINSID + -500, subobj.ROOT); - setup_name_mapping(info, ldb, subobj.DOMAINSID + -518, subobj.WHEEL); - setup_name_mapping(info, ldb, subobj.DOMAINSID + -519, subobj.WHEEL); - setup_name_mapping(info, ldb, subobj.DOMAINSID + -512, subobj.WHEEL); - setup_name_mapping(info, ldb, subobj.DOMAINSID + -513, subobj.USERS); - setup_name_mapping(info, ldb, subobj.DOMAINSID + -520, subobj.WHEEL); + setup_name_mapping(info, ldb, sid + -500, subobj.ROOT); + setup_name_mapping(info, ldb, sid + -518, subobj.WHEEL); + setup_name_mapping(info, ldb, sid + -519, subobj.WHEEL); + setup_name_mapping(info, ldb, sid + -512, subobj.WHEEL); + setup_name_mapping(info, ldb, sid + -513, subobj.USERS); + setup_name_mapping(info, ldb, sid + -520, subobj.WHEEL); return true; } @@ -342,12 +359,6 @@ var rdns = split(,, subobj.BASEDN); subobj.RDN_DC = substr(rdns[0], strlen(DC=)); - data = add_foreign(data, S-1-5-7, Anonymous, ${NOBODY}); - data = add_foreign(data, S-1-1-0, World, ${NOGROUP}); - data = add_foreign(data, S-1-5-2, Network, ${NOGROUP}); - data = add_foreign(data, S-1-5-18, System, ${ROOT}); - data = add_foreign(data, S-1-5-11, Authenticated Users, ${USERS}); - provision_next_usn = 1; info.subobj = subobj; @@ -381,6 +392,7 @@ setup_ldb(provision_templates.ldif, info, paths.samdb, NULL, false); message(Setting up sam.ldb data\n); setup_ldb(provision.ldif, info, paths.samdb, NULL, false); + if (blank != false) { return true; } @@ -458,6 +470,7 @@ subobj.NOBODY = findnss(nss.getpwnam, nobody); subobj.NOGROUP = findnss(nss.getgrnam, nogroup, nobody); subobj.WHEEL= findnss(nss.getgrnam, wheel, root, staff); +
svn commit: samba r13103 - in branches/SAMBA_4_0/source/libcli: .
Author: abartlet Date: 2006-01-24 01:57:31 + (Tue, 24 Jan 2006) New Revision: 13103 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13103 Log: Walk the names in the node status request, so I can find a server name, and use that. (I was trying to find a machine by the name of __SAMBA__) Andrew Bartlett Modified: branches/SAMBA_4_0/source/libcli/finddcs.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/finddcs.c === --- branches/SAMBA_4_0/source/libcli/finddcs.c 2006-01-24 01:52:56 UTC (rev 13102) +++ branches/SAMBA_4_0/source/libcli/finddcs.c 2006-01-24 01:57:31 UTC (rev 13103) @@ -209,23 +209,26 @@ /* We have a node status reply (or perhaps a timeout) */ static void fallback_node_status_replied(struct nbt_name_request *name_req) { + int i; struct finddcs_state *state = talloc_get_type(name_req-async.private, struct finddcs_state); state-ctx-status = nbt_name_status_recv(name_req, state, state-node_status); if (!composite_is_ok(state-ctx)) return; - if (state-node_status.out.status.num_names 0) { - int i; - char *name = talloc_strndup(state-dcs, state-node_status.out.status.names[0].name, 15); - /* Strip space padding */ - if (name) { - i = MIN(strlen(name), 15); - for (; i 0 name[i - 1] == ' '; i--) { - name[i - 1] = '\0'; + for (i=0; i state-node_status.out.status.num_names; i++) { + int j; + if (state-node_status.out.status.names[i].type == NBT_NAME_SERVER) { + char *name = talloc_strndup(state-dcs, state-node_status.out.status.names[0].name, 15); + /* Strip space padding */ + if (name) { + j = MIN(strlen(name), 15); + for (; j 0 name[j - 1] == ' '; j--) { + name[j - 1] = '\0'; + } } + state-dcs[0].name = name; + composite_done(state-ctx); + return; } - state-dcs[0].name = name; - composite_done(state-ctx); - return; } composite_error(state-ctx, NT_STATUS_NO_LOGON_SERVERS); }
svn commit: samba r13104 - in branches/SAMBA_4_0/source/libnet: .
Author: abartlet Date: 2006-01-24 02:25:50 + (Tue, 24 Jan 2006) New Revision: 13104 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13104 Log: Migrate and set secrets keytab values in the 'net join' code. This avoids falling back to in-memory keytabs. Andrew Bartlett Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c === --- branches/SAMBA_4_0/source/libnet/libnet_join.c 2006-01-24 01:57:31 UTC (rev 13103) +++ branches/SAMBA_4_0/source/libnet/libnet_join.c 2006-01-24 02:25:50 UTC (rev 13104) @@ -844,6 +844,8 @@ secret, priorSecret, priorChanged, + krb5Keytab, + privateKeytab, NULL }; uint32_t acct_type = 0; @@ -1036,6 +1038,12 @@ (| SECRETS_PRIMARY_DOMAIN_FILTER (realm=%s)), r2-out.domain_name, r2-out.realm); if (ret == 0) { + rtn = samdb_msg_set_string(ldb, tmp_mem, msg, secretsKeytab, secrets.keytab); + if (rtn == -1) { + r-out.error_string = NULL; + talloc_free(tmp_mem); + return NT_STATUS_NO_MEMORY; + } } else if (ret == -1) { r-out.error_string = talloc_asprintf(mem_ctx, @@ -1044,6 +1052,8 @@ talloc_free(tmp_mem); return NT_STATUS_INTERNAL_DB_CORRUPTION; } else { + const struct ldb_val *private_keytab; + const struct ldb_val *krb5_keytab; const struct ldb_val *prior_secret; const struct ldb_val *prior_modified_time; int i; @@ -1093,6 +1103,26 @@ talloc_free(tmp_mem); return NT_STATUS_NO_MEMORY; } + + /* We will want to keep the keytab names */ + private_keytab = ldb_msg_find_ldb_val(msgs[0], privateKeytab); + if (private_keytab) { + rtn = samdb_msg_set_value(ldb, tmp_mem, msg, privateKeytab, private_keytab); + if (rtn == -1) { + r-out.error_string = NULL; + talloc_free(tmp_mem); + return NT_STATUS_NO_MEMORY; + } + } + krb5_keytab = ldb_msg_find_ldb_val(msgs[0], krb5Keytab); + if (krb5_keytab) { + rtn = samdb_msg_set_value(ldb, tmp_mem, msg, krb5Keytab, krb5_keytab); + if (rtn == -1) { + r-out.error_string = NULL; + talloc_free(tmp_mem); + return NT_STATUS_NO_MEMORY; + } + } } /* create the secret */
svn commit: samba r13105 - in branches/SAMBA_3_0_RELEASE: examples/VFS examples/auth/crackcheck examples/libsmbclient examples/libsmbclient/smbwrapper examples/misc packaging/Solaris source source/cli
Author: jerry Date: 2006-01-24 03:54:33 + (Tue, 24 Jan 2006) New Revision: 13105 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13105 Log: pulling some code over for the 3.0.21b releasefirst take at it Modified: branches/SAMBA_3_0_RELEASE/examples/VFS/configure.in branches/SAMBA_3_0_RELEASE/examples/auth/crackcheck/crackcheck.c branches/SAMBA_3_0_RELEASE/examples/libsmbclient/Makefile branches/SAMBA_3_0_RELEASE/examples/libsmbclient/smbwrapper/Makefile branches/SAMBA_3_0_RELEASE/examples/libsmbclient/smbwrapper/smbsh.c branches/SAMBA_3_0_RELEASE/examples/libsmbclient/smbwrapper/smbw.c branches/SAMBA_3_0_RELEASE/examples/libsmbclient/smbwrapper/smbw.h branches/SAMBA_3_0_RELEASE/examples/libsmbclient/smbwrapper/smbw_dir.c branches/SAMBA_3_0_RELEASE/examples/libsmbclient/smbwrapper/wrapper.c branches/SAMBA_3_0_RELEASE/examples/libsmbclient/smbwrapper/wrapper.h branches/SAMBA_3_0_RELEASE/examples/libsmbclient/testbrowse.c branches/SAMBA_3_0_RELEASE/examples/libsmbclient/teststat.c branches/SAMBA_3_0_RELEASE/examples/misc/adssearch.pl branches/SAMBA_3_0_RELEASE/packaging/Solaris/makepkg.sh branches/SAMBA_3_0_RELEASE/source/VERSION branches/SAMBA_3_0_RELEASE/source/client/clitar.c branches/SAMBA_3_0_RELEASE/source/client/smbmount.c branches/SAMBA_3_0_RELEASE/source/include/includes.h branches/SAMBA_3_0_RELEASE/source/include/ntdomain.h branches/SAMBA_3_0_RELEASE/source/include/rpc_client.h branches/SAMBA_3_0_RELEASE/source/include/rpc_samr.h branches/SAMBA_3_0_RELEASE/source/include/rpc_svcctl.h branches/SAMBA_3_0_RELEASE/source/include/smb.h branches/SAMBA_3_0_RELEASE/source/include/smb_macros.h branches/SAMBA_3_0_RELEASE/source/lib/crc32.c branches/SAMBA_3_0_RELEASE/source/lib/gencache.c branches/SAMBA_3_0_RELEASE/source/lib/substitute.c branches/SAMBA_3_0_RELEASE/source/lib/username.c branches/SAMBA_3_0_RELEASE/source/lib/util_file.c branches/SAMBA_3_0_RELEASE/source/lib/util_sock.c branches/SAMBA_3_0_RELEASE/source/libads/ads_ldap.c branches/SAMBA_3_0_RELEASE/source/libads/ldap.c branches/SAMBA_3_0_RELEASE/source/libads/ldap_user.c branches/SAMBA_3_0_RELEASE/source/libsmb/clikrb5.c branches/SAMBA_3_0_RELEASE/source/libsmb/clispnego.c branches/SAMBA_3_0_RELEASE/source/libsmb/nmblib.c branches/SAMBA_3_0_RELEASE/source/libsmb/ntlmssp.c branches/SAMBA_3_0_RELEASE/source/libsmb/ntlmssp_sign.c branches/SAMBA_3_0_RELEASE/source/libsmb/samlogon_cache.c branches/SAMBA_3_0_RELEASE/source/libsmb/smbencrypt.c branches/SAMBA_3_0_RELEASE/source/modules/vfs_full_audit.c branches/SAMBA_3_0_RELEASE/source/nmbd/nmbd.c branches/SAMBA_3_0_RELEASE/source/nsswitch/wbinfo.c branches/SAMBA_3_0_RELEASE/source/nsswitch/winbind_nss_config.h branches/SAMBA_3_0_RELEASE/source/nsswitch/winbind_nss_solaris.c branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_RELEASE/source/param/loadparm.c branches/SAMBA_3_0_RELEASE/source/passdb/passdb.c branches/SAMBA_3_0_RELEASE/source/passdb/pdb_sql.c branches/SAMBA_3_0_RELEASE/source/passdb/secrets.c branches/SAMBA_3_0_RELEASE/source/printing/nt_printing.c branches/SAMBA_3_0_RELEASE/source/profile/profile.c branches/SAMBA_3_0_RELEASE/source/python/setup.py branches/SAMBA_3_0_RELEASE/source/rpc_client/cli_netlogon.c branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_net.c branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_prs.c branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_samr.c branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_svcctl.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_eventlog_nt.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_reg_nt.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_spoolss_nt.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_srvsvc_nt.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_svcctl.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_svcctl_nt.c branches/SAMBA_3_0_RELEASE/source/rpcclient/cmd_lsarpc.c branches/SAMBA_3_0_RELEASE/source/rpcclient/cmd_samr.c branches/SAMBA_3_0_RELEASE/source/rpcclient/cmd_srvsvc.c branches/SAMBA_3_0_RELEASE/source/rpcclient/rpcclient.c branches/SAMBA_3_0_RELEASE/source/sam/idmap.c branches/SAMBA_3_0_RELEASE/source/sam/idmap_rid.c branches/SAMBA_3_0_RELEASE/source/script/mkversion.sh branches/SAMBA_3_0_RELEASE/source/script/tests/functions branches/SAMBA_3_0_RELEASE/source/script/tests/runtests.sh branches/SAMBA_3_0_RELEASE/source/services/services_db.c branches/SAMBA_3_0_RELEASE/source/smbd/nttrans.c branches/SAMBA_3_0_RELEASE/source/smbd/oplock.c branches/SAMBA_3_0_RELEASE/source/smbd/password.c branches/SAMBA_3_0_RELEASE/source/smbd/posix_acls.c branches/SAMBA_3_0_RELEASE/source/smbd/trans2.c branches/SAMBA_3_0_RELEASE/source/tdb/tdbtool.c branches/SAMBA_3_0_RELEASE/source/tdb/tdbutil.c
svn commit: samba r13106 - in branches/SAMBA_3_0_RELEASE/packaging: .
Author: jerry Date: 2006-01-24 04:06:29 + (Tue, 24 Jan 2006) New Revision: 13106 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13106 Log: syncing up packaging from the 3.0 tree Added: branches/SAMBA_3_0_RELEASE/packaging/RHEL/ branches/SAMBA_3_0_RELEASE/packaging/RedHat-9/ Removed: branches/SAMBA_3_0_RELEASE/packaging/Fedora/ branches/SAMBA_3_0_RELEASE/packaging/RedHat/ Changeset: Copied: branches/SAMBA_3_0_RELEASE/packaging/RHEL (from rev 13105, branches/SAMBA_3_0/packaging/RHEL) Copied: branches/SAMBA_3_0_RELEASE/packaging/RedHat-9 (from rev 13105, branches/SAMBA_3_0/packaging/RedHat-9)
svn commit: samba r13107 - in branches/SAMBA_4_0/source: auth/credentials auth/kerberos heimdal/lib/hdb heimdal/lib/krb5 heimdal_build kdc setup
Author: abartlet Date: 2006-01-24 05:31:08 + (Tue, 24 Jan 2006) New Revision: 13107 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13107 Log: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett Added: branches/SAMBA_4_0/source/heimdal/lib/hdb/keytab.c Modified: branches/SAMBA_4_0/source/auth/credentials/credentials_files.c branches/SAMBA_4_0/source/auth/credentials/credentials_krb5.c branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c branches/SAMBA_4_0/source/auth/kerberos/krb5_init_context.c branches/SAMBA_4_0/source/heimdal/lib/hdb/hdb-protos.h branches/SAMBA_4_0/source/heimdal/lib/hdb/hdb.c branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5.h branches/SAMBA_4_0/source/heimdal_build/config.mk branches/SAMBA_4_0/source/kdc/config.mk branches/SAMBA_4_0/source/kdc/hdb-ldb.c branches/SAMBA_4_0/source/kdc/kdc.c branches/SAMBA_4_0/source/kdc/kdc.h branches/SAMBA_4_0/source/kdc/kpasswdd.c branches/SAMBA_4_0/source/setup/secrets.ldif Changeset: Sorry, the patch is too large (656 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13107
svn commit: samba-web r895 - in trunk/history: .
Author: jelmer Date: 2006-01-24 06:22:40 + (Tue, 24 Jan 2006) New Revision: 895 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=895 Log: Add release announcements for Samba 4.0.0TP1 Added: trunk/history/samba-4.0.0tp1.html Changeset: Added: trunk/history/samba-4.0.0tp1.html === --- trunk/history/samba-4.0.0tp1.html 2006-01-21 18:17:15 UTC (rev 894) +++ trunk/history/samba-4.0.0tp1.html 2006-01-24 06:22:40 UTC (rev 895) @@ -0,0 +1,135 @@ +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + +head +titleSamba - Release Notes Archive/title +/head + +body + + H2Samba 4.0.0TP1 Available for Download/H2 + +p +pre +What's new in Samba 4 Technology Preview + + +Samba 4 is the ambitious next version of the Samba suite that is being +developed in parallel to the stable 3.0 series. The main emphasis in +this branch is support for the Active Directory logon protocols used +by Windows 2000 and above. + +Samba 4 is currently not yet in a state where it is usable in +production environments. Note the WARNINGS below, and the STATUS file, +which aims to document what should and should not work. + +With 3 years of development under our belt since Tridge first proposed +a new Virtual File System (VFS) layer for Samba3 (a project which +eventually lead to our Active Directory efforts), it was felt that we +should create something we could 'show off' to our users. This is a +Technology Preview (TP), aimed at allowing users, managers and +developers to see how we have progressed, and to invite feedback and +support. + +WARNINGS + + +Samba4 TP is currently a pre-alpha technology. It may eat your cat, but +is far more likely to choose to munch on your password database. We +recommend against upgrading any production servers from Samba 3 to +Samba 4 at this stage. If you are upgrading an experimental server, +you should backup all configuration and data. + +We expect that format changes will require that the user database be +rebuilt from scratch a number of times before we make a final release, +losing password data each time. + +Samba 4 Technology Preview includes basic Access Control List (ACL) +protection on the main user database, but due to time constraints, +none on the registry at this stage. We also do not currently have +ACLs on the SWAT web-based management tool. This means that Samba 4 +Technology Preview is not secure. + +File system access should occur as the logged in user, much as Samba3 +does. + +Again, we strongly recommend against use in a production environment +at this stage. + +NEW FEATURES + + +Samba4 supports the server-side of the Active Directory logon environment +used by Windows 2000 and later, so we can do full domain join +and domain logon operations with these clients. + +Our Domain Controller (DC) implementation includes our own built-in +LDAP server and Kerberos Key Distribution Center (KDC) as well as the +Samba3-like logon services provided over CIFS. We correctly generate +the infamous Kerberos PAC, and include it with the Kerberos tickets we +issue. + +SWAT is now integrated into Samba 4 as the user-friendly interface to +Samba server management. SWAT provides easy provides access to our +setup and migration tools. Using SWAT, you can migrate windows +domains in Samba 4, allowing easy setup of initial user databases, and +upgrades from Samba 3. + +The new VFS features in Samba 4 adapts the filesystem on the server to +match the Windows client semantics, allowing Samba 4 to better match +windows behaviour and application expectations. This includes file +annotation information (in streams) and NT ACLs in particular. The +VFS is backed with an extensive automated test suite. + +A new scripting interface has been added to Samba 4, allowing +JavaScript programs to interface to Samba's internals. + +The Samba 4 architecture is based around an LDAP-like database that +can use a range of modular backends. One of the backends supports +standards compliant LDAP servers (including OpenLDAP), and we are +working on modules to map between AD-like behaviours and this backend. +We are aiming for Samba 4 to be powerful frontend to large +directories. + +CHANGES +=== + +Those familiar with Samba 3 can find a list of user-visible changes +since that release series in the NEWS file. + +KNOWN ISSUES + + +- Standalone server and domain member roles are not currently + supported. While we have much of the infrastructure required, we + have not collected these pieces together. + +- There is no printing support in the current release. + +- SWAT can be painful with TAB and forms. Just use the mouse, as + the JavaScript layer doing this will change. + +- Domain logons (using Kerberos) from windows clients