[Samba] Can not cancel print job
Hello, There has been a lot of e-mails about this topic and I am very surprised it is such a problem, since Samba is supposed to be a print / File server first and a lot more second. Yes, I am having problems try to get NON-admin users to cancel there print jobs. I have been using samba for years, but non printer admin user can not cancel print jobs all they get is Accessed denied. I have also tried setting permissions on the printer device so that Manage Documents is set, but it does not make a difference. The error has nothing to do with the Solaris printing system, since /usr/bin/cancel is never called. Error: smbd[21198]: Permission denied-- user not allowed to delete, pause, or resume print job. User name: wstudent. Printer name: lp131. log.smbd: [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(570) user_in_list: checking user wstudent in list [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(575) user_in_list: checking user |wstudent| against |andrew| [2006/02/28 09:46:04, 10] lib/username.c:user_in_list(575) user_in_list: checking user |wstudent| against |root| [global] debuglevel = 10 comment = %h Samba %v server string = %h Samba %v workgroup = DCSNT hosts allow = 193.61.29. 193.61.28. hosts deny = 0.0.0.0/0 locking = yes password level = 10 domain master = no local master = no os level = 80 wins support = no wins server = 193.61.29.179 password server = loki hades security = domain encrypt passwords = yes preserve case = yes short preserve case = yes nt acl support = Yes printer admin = andrew,root load printers = no lprm command = /usr/bin/cancel %p-%j printcap name= lpstat [print$] comment = Printer Driver Download Area path = /usr/local/samba/var/drivers browseable = no guest ok = no read only = yes write list = andrew,root [lp131] comment = Tally T2070 Line Printer Room 131 path = /var/spool/samba writable = no printable = yes public = yes guest ok = no Setup: Solaris 9 and 10 Samba 3.0.20(a) / 3.0.21c Windows XP sp2 Question: - Has anyone got this working, so that non printer admin users can cancel print jobs? I guess it is a knock on effect of moving to the new print system where samba/Windows XP can load printer drivers automatically \\host\printer. As always, Thanks ** Andrew Watkinstel: 020-7631 6720 Unix Administratorfax: 020-7631 6727 System Group Computer Science Department e-mail: [EMAIL PROTECTED] Birkbeck College (University of London) http://www.dcs.bbk.ac.uk/~andrew Malet Street London WC1E 7HX ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple domains served by a single LDAP tree
Hi,
I have a very similar question to this. Are there any Samba/LDAP
howto's or documentation on this issue.
In my situation the users are split over two subnets but many users
need the same access to coroporate resources. However, they should be
using local file server and samba authentication servers.
Any hints or tips are welcome.
Regards,
Abdul-Wahid
On 2/27/06, David B Harris [EMAIL PROTECTED] wrote:
Good {morning,afternoon,evening} everybody,
A while ago I wrote to the list asking about whether the
uidNumber/gidNumber of the commonly-known SIDs had to match the RID of
the SID; the answer was no.
I asked because I intended to implement multiple NT4/Samba domains using
a single LDAP tree; each Samba PDC/BDC instance would only use the
relevant subset of the tree. Unix/Linux hosts would use the full LDAP
tree to resolve every possible UID/GID, but Windows hosts would use
DOMAIN\group and/or DOMAIN\user stuff.
I've read the documentation more, in particular those bits corresponding
to inter-Samba domain trusts, and the documentation quite clearly states
that this isn't particularly recommended given the fragility of SMB
trusts, and the availability of such scalable backends as LDAP.
My question, then, is do people here put together multiple NT4/Samba
domains using a single LDAP backend? I'm betting not. Assuming that's
the case, from Windows, how does one assign permissions and whatnot?
From a single large flatspace containing every user and group? If not,
how are they separated?
Part of this is a user-acceptance issue; I'd like it to be very clear
that a particular user belongs to a particular business group (ie:
DEVEL, EXEC, FINANCE).
I guess the crux of the question is, is there any way to have multiple
NT4/Samba domains served from a single multi-branch LDAP backend without
inter-domain trusts, or is there some better way to go about what I'm
trying to accomplish?
Thanks very much in advance.
--
Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realise the pig is enjoying it.
OpenPGP v4 key ID: 4096R/59DDCB9F
Fingerprint: CC53 F124 35C0 7BC2 58FE 7A3C 157D DFD9 59DD CB9F
Retrieve from subkeys.pgp.net
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Errors after building 3.0.21b on AIX 5.2
- Original Message - From: Ray Gebbie [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Monday, February 27, 2006 5:40 PM Subject: [Samba] Errors after building 3.0.21b on AIX 5.2 I have seen a lot of recent posts about building on AIX 5.2, 5.3, etc. but none showed the same problems I am having. After building Samba 3.0.21b on AIX 5.2, I get this error when running a number of the binaries: Yes, there have been many postings. :-) And I'm quite excited about it! Please see the README file in the AIX binaries folder on any of the Samba mirrors. All of the missing symbol items posted lately (including yours) are addressed there with solutions. Cheers, Bill ./testparm exec(): 0509-036 Cannot load program ./testparm because of the following errors: 0509-130 Symbol resolution failed for /usr/lib/libc.a(posix_aio.o) because: 0509-136 Symbol _posix_kaio_rdwr (number 2) is not exported from dependent module /unix. 0509-136 Symbol _posix_listio (number 3) is not exported from dependent module /unix. 0509-136 Symbol _posix_acancel (number 4) is not exported from dependent module /unix. 0509-136 Symbol _posix_iosuspend (number 5) is not exported from dependent module /unix. 0509-136 Symbol _posix_aio_nwait (number 6) is not exported from dependent module /unix. 0509-136 Symbol _posix_iofsync (number 7) is not exported from dependent module /unix. 0509-192 Examine .loader section symbols with the 'dump -Tv' command. I have not built C programs in a long time, so I am very rusty at debugging these kind of problems. It is obvious that I did not do something right when I ran 'configure'. Here is the command line I used: ./configure --with-acl-support --with-utmp --with-ldap --with-ads --with-pam --with-winbind --with-aio=yes --with-libconf=/usr/local --with-sendfile-support --prefix=/ccase/dist/build/samba --with-quotas --with-krb5=/usr/local --with-shared-modules=idmap_ad,idmap_rid --enable-shared=yes --disable-static What did I do wrong? I am using gcc 4.0.2. Thank you. Ray Gebbie Federated Systems Group San Francisco, CA 94102 415-422-1662 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.2x with trusted domains.
Hello all, we have a samba server on a SLES9 linux box. It is connected to an active directory with multiple trusted domains. With this server, we have strange problems with users/groups in others domains. The users/groups listed in smb.conf that are part of trusted domains are not take in account to access the shares. We cannot as well set ACL correctly on filesystem. This is not an architectrure problem, since another samba box (3.0.2), connected to the same domain, with the same config file, work perfectly. So here is a summary of troubles. Note that after thoses checks, i've upgraded to 3.0.21c (suse rpm packages) without any amelioration on following points : masters# rpm -qa | grep -i samba yast2-samba-server-2.9.33-0.3 samba-client-3.0.20b-3.4 samba-3.0.20b-3.4 samba-doc-3.0.20b-3.4 kdebase3-samba-3.2.1-68.46 yast2-samba-client-2.9.17-1.3 samba-winbind-3.0.20b-3.4 Said that the samba server is linked to Domain1, and there are trusted Domain2, Domain3, etc masters# wbinfo -t checking the trust secret via RPC calls succeeded masters# wbinfo -m Domain1 Domain2 Domain3 masters# wbinfo -n Domain1+user1 S-1-5-21-1220945662-796845957-725345543-21380 User (1) masters# wbinfo -s S-1-5-21-1220945662-796845957-725345543-21380 Domain1+user1 1 masters# wbinfo -r Domain1+user1 1 1 10001 10002 10003 masters# wbinfo -n Domain2+user2 S-1-5-21-2035491313-1038499582-81669161-1396 User (1) masters# wbinfo -s S-1-5-21-2035491313-1038499582-81669161-1396 Domain2+user2 masters# wbinfo -S S-1-5-21-2035491313-1038499582-81669161-1396 10002 masters# wbinfo -r Domain2+user2 Could not get groups for user Domain2+user2 In addition in the log.winbindd i get the following strange record - no SID lookup for trusted domains : [2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain Domain1 S-1-5-21-1220945662-796845957-725345543 [2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain Domain2 S-0-0 [2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain Domain3 S-0-0 [2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain Domain4 S-0-0 Other strange behaviour, is that on a working share, with a domain account which work (primary domain), i can setup ACL on files with users from other computer via windows. The getfacl will show the corresponding unix gid. However, I really don't understand what kind of problem it may come from, so any suggestions are welcome. I repeat that with a 3.0.2 compiled manually a couple of years ago (Feb 2004), is correctly working on a debian server. Best Regard's. Vincent Badier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Invalid user not working
Hi All, In my Samba File server i am not able to set an invalid users... option.. even if i set that, its showing in testparm result but there is no change while accessing it... My Samba Server is connected with Windows 2003 ADS and all the Domain Users can access the share with out entering, any other password ( samba password ) some modification in /etc/pam.d/login, /etc/pam.d/gdm and /etc/pam.d/system-auth OS:- Red Hat Enterprise Linux ES (2.6.9-22.ELsmp) samba :- samba-3.0.21b-3 compiled using samba-3.0.21b-3.src.rpm the users rush and render always having connection more then 200 because of this my samba share getting slow.. and its effected the production following is my smb.conf #=== Global Settings === [global] workgroup = MYDOMAIN server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 security = ads encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no #= Share Definitions password server = 172.16.20.200 realm = MYDOMAIN.COM http://mydomain.com/ idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /home/%D/%U allow trusted domains = no idmap backend = idmap_rid:MYDOMAIN=16777216-33554431 winbind use default domain = yes [volume] path = /vol08_1000 invalid users = rush, render valid users = @Domain Users read only = No create mask = 0644 security mask = 0755 directory mask = 0775 inherit permissions = Yes inherit acls = Yes inherit owner = Yes vfs objects = recycle recycle:versions = yes recycle:touch = yes recycle:keeptree = yes recycle:exclude = *.tmp,*.temp recycle:repository = /home/.Trash/%U-%m-%d -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.21c: idmap_rid segfaults on AIX 5.3 ML4
Hi everyone, I'm trying to use idmap_rid on an AIX 5.3 ML4 machine. Samba compiled successfully using the IBM compiler (vac.C) version 6. The only programs I supplied where db and libiconv. I followed the instructions, and put nsswitch/WINBIND in /usr/lib/security, and edited /usr/lib/security/methods.cfg. When I start winbindd -i, it coredumps with a Signal 11: (dbx) where raise.raise(??) at 0xd030e694 abort.abort() at 0xd033c85c smb_panic2(0x20139ba8, 0x1) at 0x10058350 smb_panic(0x20139ba8) at 0x100583a4 fault_report(0xb) at 0x101677b0 sig_fault(0xb) at 0x10167508 glink.atoi() at 0xd17a0b68 init_module() at 0xd17a04f8 do_smb_load_module(0x2ff22010, 0x1) at 0x10050b00 smb_probe_module(0x200e9958, 0x2017c01e) at 0x100511d4 idmap_init(0x201755e8) at 0x1008d2b0 main(0x2, 0x2ff22b24) at 0x10002970 A level 10 log shows: # winbindd -i winbindd version 3.0.21c started. Copyright The Samba Team 2000-2004 INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 Processing section [homes] add_a_service: Creating snum = 0 for homes hash_a_service: creating tdb servicehash hash_a_service: hashing index 0 for service name homes doing parameter read only = No doing parameter browseable = No Processing section [nmon] add_a_service: Creating snum = 1 for nmon hash_a_service: hashing index 1 for service name nmon doing parameter path = /var/log/nmon doing parameter valid users = +beheer doing parameter read only = yes Processing section [controlcenter] add_a_service: Creating snum = 2 for controlcenter hash_a_service: hashing index 2 for service name controlcenter doing parameter path = /export/nim/non-nim/controlcenter doing parameter read only = yes doing parameter guest ok = yes pm_process() returned Yes add_a_service: Creating snum = 3 for IPC$ hash_a_service: hashing index 3 for service name IPC$ adding IPC service add_a_service: Creating snum = 4 for ADMIN$ hash_a_service: hashing index 4 for service name ADMIN$ adding IPC service set_server_role: role = ROLE_DOMAIN_MEMBER Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE added interface ip=192.168.1.115 bcast=192.168.1.255 nmask=255.255.255.0 added interface ip=172.17.1.115 bcast=172.17.255.255 nmask=255.255.0.0 Netbios name list:- my_netbios_names[0]=TSM-LPAR added interface ip=192.168.1.115 bcast=192.168.1.255 nmask=255.255.255.0 added interface ip=172.17.1.115 bcast=172.17.255.255 nmask=255.255.0.0 Opening cache file at /opt/Samba/3.0.21c/var/locks/gencache.tdb namecache_enable: enabling netbios namecache, timeout 660 seconds smb_register_idmap: Successfully added idmap backend 'tdb' db_idmap_init: Opening tdbfile /opt/Samba/3.0.21c/var/locks/winbindd_idmap.tdb idmap_init: idmap backend uses deprecated 'idmap_' prefix. Please replace 'idmap_rid' by 'rid' in /opt/Samba/3.0.21c/lib/smb.conf idmap_init: using 'rid' as remote backend Probing module 'rid' Probing module 'rid': Trying to load from /opt/Samba/3.0.21c/lib/idmap/rid.so === INTERNAL ERROR: Signal 11 in pid 856292 (3.0.21c) Please read the Trouble-Shooting section of the Samba3-HOWTO From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
Re: [Samba] Multiple domains served by a single LDAP tree
My question, then, is do people here put together multiple NT4/Samba domains using a single LDAP backend? I'm betting not. Assuming that's the case, from Windows, how does one assign permissions and whatnot? From a single large flatspace containing every user and group? If not, how are they separated? What you describe resembles a user domain + multiple resource domain NT/AD construction. The local domains implement policy that restricts access to subsets of the total pool. If all the domains trust the same user domain, permissions are straightforward, and interdomain trusts are not required. [EMAIL PROTECTED] -- Matiu Carr[EMAIL PROTECTED] http://www.people.auckland.ac.nz/Mat/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Need Advice
Okay, first off: You cannot replicate/use Samba as a BDC when an actual NT server is the PDC; though functionally the same, the storage and back-end facilities differ too much from NT4 to Samba+LDAP to necessitate PDC/BDC relationships. NT4 has it's own way of communicating with BDC's and it's not the Samba way. So, make a choice: Samba+LDAP vs NT4... personally, my monies on Samba+LDAP. We're running Samba PDC BDCs here using OpenLDAP trees slaved with slurpd replication to a master tree - works great (knock on wood) for about 75 office and engineering users here. Domain trust relationships do exist, but to what extent that will be useful to you is beyond me, I opted for the 'all-opensource' route myself. If an inter-domain trust relationship can be setup, using the usernames/account information from the current PDC; then I'd go with creating a new domain/PDC using samba at the second site and try it personally. This would make it easier for you to eventually migrate the main site over and get away from NT4... not to mention give you some practical experience with the remote site vs having to migrate/figure it all out at the same time. But again, the inter-domain trust relationship(s) between NT4 PDC and a Samba+LDAP PDC are beyond the scope of my skills and better left to others on this list to answer. I just thought it a good point to point out that replication between NT4 PDC/BDC is NOT possible to Samba as a BDC afaik. Travis Bullock wrote: Alternatively, could I set up a knew Domain in the new location, have the PDC be Samba but have a two-way trust between the new domain and my old windows NT 4.0 domain? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: February 27, 2006 2:04 PM To: 'James Taylor'; 'Samba' Subject: RE: [Samba] Need Advice Well that is what I was thinking as well, but I was unsure if Samba was able to act as a BDC. How does the account replication work between my NT4.0 PDC and the Samba BDC? I do not have the time right now to switch from MS to Samba at my main site. I am trying to learn the ways of the force in regards to OpenLDAP and Samba but have not mastered them yet. With MS still acting as the PDC, will this negate the possibility of a Samba BDC? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Taylor Sent: February 27, 2006 1:55 PM To: [EMAIL PROTECTED]; 'Samba' Subject: RE: [Samba] Need Advice Save yourself the costs of having to buy licensing and extra equipment and run Samba as an NT4 BDC. In my humble belief it would be easier for you to maintain and less overhead at your remote location where you might have limited IT support. JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: Monday, February 27, 2006 12:53 PM To: Samba Subject: [Samba] Need Advice Greetings, We are going to be expanding our operations to another city. I currently use Samba and Winbind to provide shares and file access to my existing locations users. The account information is kept on a NT4.0 PDC and BDC. I have connected the new location via OpenVPN. I am wondering how I should go about expanding my domain. Should I set up another NT4.0 BDC in the new office and have a local Samba machine get account info from that via Winbind? Or should I set up the Samba machine as a BDC itself? Is it possible for a Samba BDC to receive account updates from a NT4.0 PDC? Cheers, Travis -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmptl.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] klist reports no tickets cached
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard Santiago wrote: I have Samba 3.0.21b installed and had it ... These are the errors I get when testing the connection to the AD: [EMAIL PROTECTED] samba]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 02/23/06 16:21:00 02/24/06 02:21:03 krbtgt/[EMAIL PROTECTED] renew until 02/24/06 16:21:00 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Your own person krb5 tickets have nothing to do with winbindd. [EMAIL PROTECTED] samba]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) The DC doesn't like the machine password winbindd used, Are you sure you joined the domain? cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBFQMIR7qMdg1EfYRAv66AKCFiuEfKcDMpxtttrpQ2pHNvsGAmwCcDBmZ 4KAoLdKk1TUGhCr0TpfFXuY= =bmmg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] klist reports no tickets cached
Hi, I'm not really sure if I joined the domain. I do see the Samba server under Domain/Computers in my AD. I thought that the following command outputs was evidence that I had succesfully joined the domain: [EMAIL PROTECTED] samba]# net ads info LDAP server: 10.50.0.190 LDAP server name: rcmroot1 Realm: RCM.UPR.EDU Bind Path: dc=RCM,dc=UPR,dc=EDU LDAP port: 389 Server time: Mon, 27 Feb 2006 13:56:33 VET KDC server: 10.50.0.190 Server time offset: 0 [EMAIL PROTECTED] samba]# net rpc info Domain Name: MYDOMAIN Domain SID: S-1-5-21-4214176146-1751683361-2990660170 Sequence number: 1345 Num users: 4786 Num domain groups: 56 Num local groups: 274 Thanks for your help. Richard Santiago OSI - Administración de Sistemas UPR - Recinto de Ciencias Médicas phone: 787.758.2525 x. 2934 e-mail: [EMAIL PROTECTED] -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 9:46 AM To: Richard Santiago Cc: samba@lists.samba.org Subject: Re: [Samba] klist reports no tickets cached -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard Santiago wrote: I have Samba 3.0.21b installed and had it ... These are the errors I get when testing the connection to the AD: [EMAIL PROTECTED] samba]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 02/23/06 16:21:00 02/24/06 02:21:03 krbtgt/[EMAIL PROTECTED] renew until 02/24/06 16:21:00 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Your own person krb5 tickets have nothing to do with winbindd. [EMAIL PROTECTED] samba]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) The DC doesn't like the machine password winbindd used, Are you sure you joined the domain? cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBFQMIR7qMdg1EfYRAv66AKCFiuEfKcDMpxtttrpQ2pHNvsGAmwCcDBmZ 4KAoLdKk1TUGhCr0TpfFXuY= =bmmg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] klist reports no tickets cached
Hi, [EMAIL PROTECTED] samba]# net ads testjoin Join is OK [EMAIL PROTECTED] samba]# net rpc testjoin Join to 'RCM' is OK Thanks for your help. Richard Santiago OSI - Administración de Sistemas UPR - Recinto de Ciencias Médicas phone: 787.758.2525 x. 2934 e-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 10:07 AM To: Richard Santiago Subject: Re: [Samba] klist reports no tickets cached Richard Santiago wrote: I'm not really sure if I joined the domain. What does net ads testjoin report? -TL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.21c: idmap_rid segfaults on AIX 5.3 ML4
Not sure what the fix is yet, but I did put in a bug report for this already. No fix has some other than them saying do not use pthreads. I am not sure how to get it not to use pthreads (there is not --disable-pthreads option or something like that). I wonder if using an old gcc like 2.95 might do the trick, but I do not have that version. It really would be better if they had a --disable-pthreads option). David Shapiro Unix Team Lead 919-765-2011 Jurjen Oskam [EMAIL PROTECTED] 2/28/2006 8:01:58 AM Hi everyone, I'm trying to use idmap_rid on an AIX 5.3 ML4 machine. Samba compiled successfully using the IBM compiler (vac.C) version 6. The only programs I supplied where db and libiconv. I followed the instructions, and put nsswitch/WINBIND in /usr/lib/security, and edited /usr/lib/security/methods.cfg. When I start winbindd -i, it coredumps with a Signal 11: (dbx) where raise.raise(??) at 0xd030e694 abort.abort() at 0xd033c85c smb_panic2(0x20139ba8, 0x1) at 0x10058350 smb_panic(0x20139ba8) at 0x100583a4 fault_report(0xb) at 0x101677b0 sig_fault(0xb) at 0x10167508 glink.atoi() at 0xd17a0b68 init_module() at 0xd17a04f8 do_smb_load_module(0x2ff22010, 0x1) at 0x10050b00 smb_probe_module(0x200e9958, 0x2017c01e) at 0x100511d4 idmap_init(0x201755e8) at 0x1008d2b0 main(0x2, 0x2ff22b24) at 0x10002970 A level 10 log shows: # winbindd -i winbindd version 3.0.21c started. Copyright The Samba Team 2000-2004 INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 Processing section [homes] add_a_service: Creating snum = 0 for homes hash_a_service: creating tdb servicehash hash_a_service: hashing index 0 for service name homes doing parameter read only = No doing parameter browseable = No Processing section [nmon] add_a_service: Creating snum = 1 for nmon hash_a_service: hashing index 1 for service name nmon doing parameter path = /var/log/nmon doing parameter valid users = +beheer doing parameter read only = yes Processing section [controlcenter] add_a_service: Creating snum = 2 for controlcenter hash_a_service: hashing index 2 for service name controlcenter doing parameter path = /export/nim/non-nim/controlcenter doing parameter read only = yes doing parameter guest ok = yes pm_process() returned Yes add_a_service: Creating snum = 3 for IPC$ hash_a_service: hashing index 3 for service name IPC$ adding IPC service add_a_service: Creating snum = 4 for ADMIN$ hash_a_service: hashing index 4 for service name ADMIN$ adding IPC service set_server_role: role = ROLE_DOMAIN_MEMBER Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE Substituting charset 'ISO8859-1' for LOCALE added interface ip=192.168.1.115 bcast=192.168.1.255 nmask=255.255.255.0 added interface ip=172.17.1.115 bcast=172.17.255.255 nmask=255.255.0.0 Netbios name list:- my_netbios_names[0]=TSM-LPAR added interface ip=192.168.1.115 bcast=192.168.1.255 nmask=255.255.255.0 added interface ip=172.17.1.115 bcast=172.17.255.255 nmask=255.255.0.0 Opening cache file at /opt/Samba/3.0.21c/var/locks/gencache.tdb namecache_enable: enabling netbios namecache, timeout 660 seconds smb_register_idmap: Successfully added idmap backend 'tdb' db_idmap_init: Opening tdbfile /opt/Samba/3.0.21c/var/locks/winbindd_idmap.tdb idmap_init:
Re: [Samba] klist reports no tickets cached
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard Santiago wrote: I thought that the following command outputs was evidence that I had succesfully joined the domain: [EMAIL PROTECTED] samba]# net ads info ... [EMAIL PROTECTED] samba]# net rpc info Richard, Either 'wbinfo -t' or 'net ads testjoin' validates the machine account password. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBF3DIR7qMdg1EfYRAtnqAKCh5/mS/DvdMLPdJVvzq3NZli7acQCgv1/1 Xzdp3shS4GuagMWKN2uYWmI= =elJe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
Hey, Your invalid users list isn't supposed to be comma delimited. Look in the man pages and you'll see that it's just space delimited. This theory matches with the fact that render has access and he is after the comma. HTH Mike. updatemyself . wrote: Hi All, In my Samba File server i am not able to set an invalid users... option.. even if i set that, its showing in testparm result but there is no change while accessing it... My Samba Server is connected with Windows 2003 ADS and all the Domain Users can access the share with out entering, any other password ( samba password ) some modification in /etc/pam.d/login, /etc/pam.d/gdm and /etc/pam.d/system-auth OS:- Red Hat Enterprise Linux ES (2.6.9-22.ELsmp) samba :- samba-3.0.21b-3 compiled using samba-3.0.21b-3.src.rpm the users rush and render always having connection more then 200 because of this my samba share getting slow.. and its effected the production following is my smb.conf #=== Global Settings === [global] workgroup = MYDOMAIN server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 security = ads encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no #= Share Definitions password server = 172.16.20.200 realm = MYDOMAIN.COM http://mydomain.com/ idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /home/%D/%U allow trusted domains = no idmap backend = idmap_rid:MYDOMAIN=16777216-33554431 winbind use default domain = yes [volume] path = /vol08_1000 invalid users = rush, render valid users = @Domain Users read only = No create mask = 0644 security mask = 0755 directory mask = 0775 inherit permissions = Yes inherit acls = Yes inherit owner = Yes vfs objects = recycle recycle:versions = yes recycle:touch = yes recycle:keeptree = yes recycle:exclude = *.tmp,*.temp recycle:repository = /home/.Trash/%U-%m-%d -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple domains served by a single LDAP tree
On Wed Mar 01, 01:54am +1300, Matiu Carr wrote: What you describe resembles a user domain + multiple resource domain NT/AD construction. The local domains implement policy that restricts access to subsets of the total pool. If all the domains trust the same user domain, permissions are straightforward, and interdomain trusts are not required. True, and that's obviously an option. However, there are three things I'm trying to accomplish: 1) This network is being built from scratch, and I'm trying to do things in such a way that everything won't need to be rebuilt entirely a year or two down the line. 2) We're a small but rapidly-growing group, and it won't be too long before we have one or more administratively separate domains. That means multiple authentication servers; I'm hoping there's a better way to do it in a Samba-exclusive environment than inter-domain trusts. 3) My users will be much happier if they see EXEC\TheBoss as and DEVEL\LowLevelMonkey as opposed to EVERYBODY\TheBoss and EVERYBODY\LowLevelMonkey -- Arguing with an engineer is like wrestling with a pig in mud. After a while, you realise the pig is enjoying it. OpenPGP v4 key ID: 4096R/59DDCB9F Fingerprint: CC53 F124 35C0 7BC2 58FE 7A3C 157D DFD9 59DD CB9F Retrieve from subkeys.pgp.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
On Tue, 2006-02-28 at 07:30 -0700, Michael Thrift wrote: Hey, Your invalid users list isn't supposed to be comma delimited. Look in the man pages and you'll see that it's just space delimited. This theory matches with the fact that render has access and he is after the comma. And any valid user/group that have spaces in the name should be probably put between . eg: @Domain Users Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Repost] W2K Offline Files strange locking behavior
Dear All, I want to enable Offline Files support on several Win2K SP4 laptops. We have a samba file server. I have researched as much as I could to get answers and here is what I have. I am unfortunately unable to get this working properly. If anyone can answer or point me in to a good resource, I would greatly appreciate that. I am attempting to offline profile directories mapped to network drive letter X:. Here is my config for the profiles share: - [Profiles] comment = Shared User Profiles path = /home invalid users = nobody, guest create mask = 0600 directory mask = 0700 map acl inherit = Yes case sensitive = Yes hide special files = Yes store dos attributes = Yes csc policy = documents dos filemode = Yes dos filetime resolution = Yes - I get an error similar to the following for every file that I try to make available offline: Could not make 'somthing.doc' available offline. The specified file can not be found. If I create a new file, it appears as available offine, but I can neither delete nor rename it. At that point I usually start to get an Access Denied error on the entire shared drive and am forced to restart. The share is stored on a RHEL 3 server running Samba 3.0.9-1.3E.5 with an EXT3 file system with ACL support enabled. I have also included my global configuration at the bottom of this email. Here is my test procedure. -I make a share available offline. -It synchronizes showing all current files as Unable to make 'file.txt' available offine on '\\server_b\profiles\testuser\My Documents'. The system cannot find the file specified. -I create new files in the folder while online. They appear oplocked in samba status: DENY_NONE RDWR EXCLUSIVE+BATCH /home/testuser/My Documents/New Text Document.txt -I attempt to give the file a name. This results in X:\My Documents folder does not exist. Do you want to create it? -The oplock is removed. -If I edit the file and attempt to save changes, I get This file exists with Read Only attributes. Please use a different name. -If I then name the file something else, the file is created on the windows side and appears offline available. The file appears on the samba server also. -If I try to save this file again, I repeat the This file exists with Read Only attributes... situation from above. -Now, if I take the computer offline by disconnecting the NIC... all files behave normally. -After reconnecting, all files that were changed on windows while offline are synced to the samba server. Could this have something to do with case sensitivity or such? ANY help is greatly appreciated. Thanks! -Cheers, Peter. [global] workgroup = EXAMPLE realm = EXAMPLE.COM server string = File Server [ServerB] (Samba %v) security = ADS password server = SERVERA username level = 5 log level = 1 log file = /var/log/samba/%m max xmit = 65535 name resolve order = host wins bcast socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY load printers = No logon script = \\servera\netlogon\logon.bat logon drive = X: logon home = \\SERVERB\Profiles\%U lm announce = No preferred master = No local master = No domain master = No wins server = 10.0.2.1 lock spin count = 30 lock spin time = 15 ldap ssl = no idmap uid = 1000-2000 idmap gid = 1000-2000 template primary group = @ template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind cache time = 10 winbind use default domain = Yes winbind nested groups = Yes printer admin = jdoe read only = No create mask = 0660 directory mask = 0770 inherit permissions = Yes inherit acls = Yes delete veto files = Yes veto files = /.AppleDouble/.AppleDesktop/Network Trash Folder/ veto oplock files = /*.sem/*.qbw/*.mdb/*.nsf/*.log/*.id/*.ini/ csc policy = disable strict locking = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Moving samba PDC to new machine (same name?)
Mark, thanks for the link. How does this look? OLDSERVER: Stop Samba. Backup smb.conf, smbpasswd, passdb.tdb and secrets.tdb from /etc/samba Backup *.tdb from /var/lib/samba Make note of the users/groups UID/GIDs Power down NEWSERVER: Power up server Change hostname to OLDSERVER Install latest Samba recreate users/groups with same UID/GID as the old server restore backed up files (smb.conf, smbpasswd, passdb.tdb and secrets.tdb from /etc/samba and *.tdb from /var/lib/samba) Recreate shared directories Run testparm Start Samba Check domain SID is the same as the old one Does that handle all the group mappings? I guess they're in the tdb files? The old server is Suse and the new server will be debian, for what it's worth. Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Nienberg Sent: Monday, February 27, 2006 11:50 PM To: samba@lists.samba.org Subject: [Samba] Re: Moving samba PDC to new machine (same name?) Paul Smith wrote: I'm using a tdbsam database with Samba 3.0.11 on a machine that's getting a little long in the tooth. I'd like to move the whole deal to a new machine without any reconfiguring on the clients - I'm happy with a little downtime - out of office hours the system is hardly used anyway. I'd like to upgrade to 3.0.21c at the same time. I'm thinking: 1. backup domain data on old server 2. shut down old server 3. build new server with same name as old one 4. restore domain data to new server I'm having trouble with steps 1 and 4. What exactly do I need to backup, and how? Is this possible or do I have to make a new domain and rejoin the users all over? You can do this with no changes to the clients. they will be able to log on to the new PDC just fine if you do it right. The process is explained here: http://us4.samba.org/samba/docs/man/Samba-Guide/upgrades.html Read the whole chapter and pay particular attention to the section Migrating Samba 3 to a new server, Replacing a domain controller. I did it about a week ago with no difficulties. Mark Nienberg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-Client questions: SMB-blocksize and caching
Dear Samba-Users, could you please help me with the following two questions: 1. How can I increase the maximum SMB-blocksize from currently 4 KByte to the regular 64 KByte with my Red Hat Samba-Client (The server is already configured to 64 KByte and with a Windows-client this SMB-blocksize can be used.) 2. How can I deactivate the buffer on the SMB-client, so that the same file is always transfered with the same rate - even if it just has been read. I have Red Hat Linux release 7.2 Kernel 2.4.18-86np on an i686. But even if you could give me just some general hints, I would be very pleased! Thank you very much Claus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Moving samba PDC to new machine (same name?)
Thanks for the link. How does this look? OLDSERVER: Stop Samba. Backup smb.conf, smbpasswd, passdb.tdb and secrets.tdb from /etc/samba Backup *.tdb from /var/lib/samba Make note of the users/groups UID/GIDs NEWSERVER: Power up server Change hostname to OLDSERVER Install latest Samba recreate users/groups with same UID/GID as the old server restore backed up files (smb.conf, smbpasswd, passdb.tdb and secrets.tdb from /etc/samba and *.tdb from /var/lib/samba) Recreate shared directories Run testparm Start Samba Check domain SID is the same as the old one Does that handle all the group mappings? I guess they're in the tdb files? The old server is Suse and the new server will be debian, for what it's worth. Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Nienberg Sent: Monday, February 27, 2006 11:50 PM To: samba@lists.samba.org Subject: [Samba] Re: Moving samba PDC to new machine (same name?) Paul Smith wrote: I'm using a tdbsam database with Samba 3.0.11 on a machine that's getting a little long in the tooth. I'd like to move the whole deal to a new machine without any reconfiguring on the clients - I'm happy with a little downtime - out of office hours the system is hardly used anyway. I'd like to upgrade to 3.0.21c at the same time. I'm thinking: 1. backup domain data on old server 2. shut down old server 3. build new server with same name as old one 4. restore domain data to new server I'm having trouble with steps 1 and 4. What exactly do I need to backup, and how? Is this possible or do I have to make a new domain and rejoin the users all over? You can do this with no changes to the clients. they will be able to log on to the new PDC just fine if you do it right. The process is explained here: http://us4.samba.org/samba/docs/man/Samba-Guide/upgrades.html Read the whole chapter and pay particular attention to the section Migrating Samba 3 to a new server, Replacing a domain controller. I did it about a week ago with no difficulties. Mark Nienberg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win2K3 Server, in Terminal Session,
* Peter Helander ([EMAIL PROTECTED]) wrote: Hello Steven I read about your problem I am sorry I can't help you. Because have the same problem. And have looked everywhere to find a solution so I wonder if you have fixed it Best regards /Peter Somewhat late, but I think this might be related: http://support.microsoft.com/?kbid=818528 Problems when more than one user accesses the same file through Terminal Services See if it helps, Michele I have looked for several days and can not find the answer to my problem, but I'm sure it has to be a simple issue. I'm trying to map drives inside Windows Server 2003 Terminal Session from a local Samba server but can't get connected. I figure the problem is in Windows Registry but can't find web page on what needs to be changed to get this working. I built a new Windows 2003 server. Logon to the new server through Terminal Services (Remote Desktop Connection). Once connected I open Windows Explorer and try to browse over to my SAMBA server. My problem is that I get a Windows Error box saying I \\FOO_SAMBA is not accessible. Then goes on saying I might not have permission. The last line says The request is not supported. Tried mapping a known share from the FOO_SAMBA server (\\FOO_SAMBA\test) and I get a different windows error message saying The drive could not be mapped because no network was found. The domain this server is in is an is older NT4 style domain. (Not Active Directory.) The Windows 2003 Server is a member of the ADOMAIN Domain. The FOO_SAMBA server in running on Solaris 8 sparc server. I do NOT have any domain machine names configured in /etc/passwd file. Only users I want to allow to connect are in the /etc/passwd file and also part of the 'adomain' group in /etc/group file. I do not have any problem connecting to the FOO_SAMBA server from Win2K or WinXP workstations. Can even connect to shares from other Win2k Terminal Server, inside a Remote Desktop Session. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Moving samba PDC to new machine (same name?)
On Tue, 2006-02-28 at 09:21 -0600, Paul Smith wrote: Thanks for the link. How does this look? OLDSERVER: Stop Samba. Backup smb.conf, smbpasswd, passdb.tdb and secrets.tdb from /etc/samba Backup *.tdb from /var/lib/samba Make note of the users/groups UID/GIDs NEWSERVER: Power up server Change hostname to OLDSERVER Install latest Samba recreate users/groups with same UID/GID as the old server restore backed up files (smb.conf, smbpasswd, passdb.tdb and secrets.tdb from /etc/samba and *.tdb from /var/lib/samba) Recreate shared directories Run testparm Start Samba Check domain SID is the same as the old one Seem pretty much all you need to do. Does that handle all the group mappings? I guess they're in the tdb files? group_mapping.tdb The old server is Suse and the new server will be debian, for what it's worth. Some paths change between distribution, be sure you put the tdb files in the right places for Debian. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
actully my configuration is like this only.. to make u understand.. i written the name.. look at the following.. [vol3] path = /vol08_800 invalid users = 16778634, 16778618 valid users = @1629 read only = No create mask = 0644 security mask = 0755 directory mask = 0775 inherit permissions = Yes inherit acls = Yes inherit owner = Yes vfs objects = recycle recycle:versions = yes recycle:touch = yes recycle:keeptree = yes recycle:exclude = *.tmp,*.temp recycle:repository = /home/.Trash/%U-%m-%d even then its not working... i mean only the case of invalid users... i use only UID and GID insted of name... hope its will be ok regards jerrynikky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Win2K3 Server, in Terminal Session,
I have almost the same setup (NT4 domain, with W2K3 Terminal Server) I am using Suse 9.2, Samba 3.0.21b, with winbindd on a generic x86 server. No special package configurations...just the rpms from samba for Suse. I do have the same problems. -- I have home directories mapped for users. When I log into the Term Server with RDP my home directory on my Samba box comes up just fine.. What permissions do your users have on the Term Server? I am an administrator on the box, but all my users see their home directory as well. Can you do mapping when logged directly into the machine? What do the samba logs say? Is the samba server forcefully rejecting the connection? Good luck, MJB -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 11:16 AM To: samba@lists.samba.org Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Win2K3 Server, in Terminal Session, * Peter Helander ([EMAIL PROTECTED]) wrote: Hello Steven I read about your problem I am sorry I can't help you. Because have the same problem. And have looked everywhere to find a solution so I wonder if you have fixed it Best regards /Peter Somewhat late, but I think this might be related: http://support.microsoft.com/?kbid=818528 Problems when more than one user accesses the same file through Terminal Services See if it helps, Michele I have looked for several days and can not find the answer to my problem, but I'm sure it has to be a simple issue. I'm trying to map drives inside Windows Server 2003 Terminal Session from a local Samba server but can't get connected. I figure the problem is in Windows Registry but can't find web page on what needs to be changed to get this working. I built a new Windows 2003 server. Logon to the new server through Terminal Services (Remote Desktop Connection). Once connected I open Windows Explorer and try to browse over to my SAMBA server. My problem is that I get a Windows Error box saying I \\FOO_SAMBA is not accessible. Then goes on saying I might not have permission. The last line says The request is not supported. Tried mapping a known share from the FOO_SAMBA server (\\FOO_SAMBA\test) and I get a different windows error message saying The drive could not be mapped because no network was found. The domain this server is in is an is older NT4 style domain. (Not Active Directory.) The Windows 2003 Server is a member of the ADOMAIN Domain. The FOO_SAMBA server in running on Solaris 8 sparc server. I do NOT have any domain machine names configured in /etc/passwd file. Only users I want to allow to connect are in the /etc/passwd file and also part of the 'adomain' group in /etc/group file. I do not have any problem connecting to the FOO_SAMBA server from Win2K or WinXP workstations. Can even connect to shares from other Win2k Terminal Server, inside a Remote Desktop Session. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Errors after building 3.0.21b on AIX 5.2
Thank you. The README had the solution for my problem. Ray Gebbie Federated Systems Group San Francisco, CA 94102 415-422-1662 William Jojo [EMAIL PROTECTED] To Sent by: samba@lists.samba.org, Ray samba-bounces+ray Gebbie [EMAIL PROTECTED] [EMAIL PROTECTED] cc ists.samba.org Subject Re: [Samba] Errors after building 02/28/2006 03:31 3.0.21b on AIX 5.2 AM - Original Message - From: Ray Gebbie [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Monday, February 27, 2006 5:40 PM Subject: [Samba] Errors after building 3.0.21b on AIX 5.2 I have seen a lot of recent posts about building on AIX 5.2, 5.3, etc. but none showed the same problems I am having. After building Samba 3.0.21b on AIX 5.2, I get this error when running a number of the binaries: Yes, there have been many postings. :-) And I'm quite excited about it! Please see the README file in the AIX binaries folder on any of the Samba mirrors. All of the missing symbol items posted lately (including yours) are addressed there with solutions. Cheers, Bill ./testparm exec(): 0509-036 Cannot load program ./testparm because of the following errors: 0509-130 Symbol resolution failed for /usr/lib/libc.a(posix_aio.o) because: 0509-136 Symbol _posix_kaio_rdwr (number 2) is not exported from dependent module /unix. 0509-136 Symbol _posix_listio (number 3) is not exported from dependent module /unix. 0509-136 Symbol _posix_acancel (number 4) is not exported from dependent module /unix. 0509-136 Symbol _posix_iosuspend (number 5) is not exported from dependent module /unix. 0509-136 Symbol _posix_aio_nwait (number 6) is not exported from dependent module /unix. 0509-136 Symbol _posix_iofsync (number 7) is not exported from dependent module /unix. 0509-192 Examine .loader section symbols with the 'dump -Tv' command. I have not built C programs in a long time, so I am very rusty at debugging these kind of problems. It is obvious that I did not do something right when I ran 'configure'. Here is the command line I used: ./configure --with-acl-support --with-utmp --with-ldap --with-ads --with-pam --with-winbind --with-aio=yes --with-libconf=/usr/local --with-sendfile-support --prefix=/ccase/dist/build/samba --with-quotas --with-krb5=/usr/local --with-shared-modules=idmap_ad,idmap_rid --enable-shared=yes --disable-static What did I do wrong? I am using gcc 4.0.2. Thank you. Ray Gebbie Federated Systems Group San Francisco, CA 94102 415-422-1662 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Win2K3 Server, in Terminal Session,
OOOPPPSSS I do NOT have the same problems. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael J Barber Sent: Tuesday, February 28, 2006 12:07 PM To: [EMAIL PROTECTED]; samba@lists.samba.org Cc: [EMAIL PROTECTED] Subject: RE: [Samba] Win2K3 Server, in Terminal Session, I have almost the same setup (NT4 domain, with W2K3 Terminal Server) I am using Suse 9.2, Samba 3.0.21b, with winbindd on a generic x86 server. No special package configurations...just the rpms from samba for Suse. I do have the same problems. -- I have home directories mapped for users. When I log into the Term Server with RDP my home directory on my Samba box comes up just fine.. What permissions do your users have on the Term Server? I am an administrator on the box, but all my users see their home directory as well. Can you do mapping when logged directly into the machine? What do the samba logs say? Is the samba server forcefully rejecting the connection? Good luck, MJB -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 11:16 AM To: samba@lists.samba.org Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Win2K3 Server, in Terminal Session, * Peter Helander ([EMAIL PROTECTED]) wrote: Hello Steven I read about your problem I am sorry I can't help you. Because have the same problem. And have looked everywhere to find a solution so I wonder if you have fixed it Best regards /Peter Somewhat late, but I think this might be related: http://support.microsoft.com/?kbid=818528 Problems when more than one user accesses the same file through Terminal Services See if it helps, Michele I have looked for several days and can not find the answer to my problem, but I'm sure it has to be a simple issue. I'm trying to map drives inside Windows Server 2003 Terminal Session from a local Samba server but can't get connected. I figure the problem is in Windows Registry but can't find web page on what needs to be changed to get this working. I built a new Windows 2003 server. Logon to the new server through Terminal Services (Remote Desktop Connection). Once connected I open Windows Explorer and try to browse over to my SAMBA server. My problem is that I get a Windows Error box saying I \\FOO_SAMBA is not accessible. Then goes on saying I might not have permission. The last line says The request is not supported. Tried mapping a known share from the FOO_SAMBA server (\\FOO_SAMBA\test) and I get a different windows error message saying The drive could not be mapped because no network was found. The domain this server is in is an is older NT4 style domain. (Not Active Directory.) The Windows 2003 Server is a member of the ADOMAIN Domain. The FOO_SAMBA server in running on Solaris 8 sparc server. I do NOT have any domain machine names configured in /etc/passwd file. Only users I want to allow to connect are in the /etc/passwd file and also part of the 'adomain' group in /etc/group file. I do not have any problem connecting to the FOO_SAMBA server from Win2K or WinXP workstations. Can even connect to shares from other Win2k Terminal Server, inside a Remote Desktop Session. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
You still have commas in the invalid users list, it's not a comma separated list, it has to be a space separated list like: invalid users = 16778634 16778618 Mike. updatemyself . wrote: actully my configuration is like this only.. to make u understand.. i written the name.. look at the following.. [vol3] path = /vol08_800 invalid users = 16778634, 16778618 valid users = @1629 read only = No create mask = 0644 security mask = 0755 directory mask = 0775 inherit permissions = Yes inherit acls = Yes inherit owner = Yes vfs objects = recycle recycle:versions = yes recycle:touch = yes recycle:keeptree = yes recycle:exclude = *.tmp,*.temp recycle:repository = /home/.Trash/%U-%m-%d even then its not working... i mean only the case of invalid users... i use only UID and GID insted of name... hope its will be ok regards jerrynikky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
thanks a lot for ur support.. but its not working i tried... with out space and only one user... as following [vol3] path = /vol08_800 invalid users = 16778634 valid users = @1629 read only = No create mask = 0644 security mask = 0755 directory mask = 0775 inherit permissions = Yes inherit acls = Yes inherit owner = Yes vfs objects = audit, recycle recycle:versions = Yes recycle:touch = Yes recycle:keeptree = Yes recycle:exclude = *.tmp,*.temp recycle:repository = /home/.Trash/%m-%U-%d even then.. that user can access the share.. thank you in advance jerrynikky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA WINS
Is Samba still unable to replicate WINS information? I have a Samba WINS server in place now at Location A. I am establishing Location B which will connect to Location A via OpenVPN behind a IPCop box. I would like to place a Samba WINS server in Location B so that client WINS traffic will not travel across the VPN, however I am unsure if Samba's inability to replicate WINS has since been changed. Cheers, Travis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
When you say they can access the share, do you mean they can write to it, or just read it? If the unix directory permissions of the vol3 share allow world readable, that's what samba will allow. Samba only does as much as it needs and then it turns it over to the OS configuration. What happens when you do chmod 750 /vol08_800 and then try to browse that share as the unwanted user? Mike. updatemyself . wrote: thanks a lot for ur support.. but its not working i tried... with out space and only one user... as following [vol3] path = /vol08_800 invalid users = 16778634 valid users = @1629 read only = No create mask = 0644 security mask = 0755 directory mask = 0775 inherit permissions = Yes inherit acls = Yes inherit owner = Yes vfs objects = audit, recycle recycle:versions = Yes recycle:touch = Yes recycle:keeptree = Yes recycle:exclude = *.tmp,*.temp recycle:repository = /home/.Trash/%m-%U-%d even then.. that user can access the share.. thank you in advance jerrynikky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Need Advice
Thanks Nathan. I did think that the existence of my NT4 PDC would be a problem. Due to the time restraint on this project I will be opting out of using SAMBA+LDAP until later this year after I have figured it all out in a test environment at which point I will migrate the entire domain over. Cheers, Travis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Vidican Sent: February 28, 2006 6:33 AM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] Need Advice Okay, first off: You cannot replicate/use Samba as a BDC when an actual NT server is the PDC; though functionally the same, the storage and back-end facilities differ too much from NT4 to Samba+LDAP to necessitate PDC/BDC relationships. NT4 has it's own way of communicating with BDC's and it's not the Samba way. So, make a choice: Samba+LDAP vs NT4... personally, my monies on Samba+LDAP. We're running Samba PDC BDCs here using OpenLDAP trees slaved with slurpd replication to a master tree - works great (knock on wood) for about 75 office and engineering users here. Domain trust relationships do exist, but to what extent that will be useful to you is beyond me, I opted for the 'all-opensource' route myself. If an inter-domain trust relationship can be setup, using the usernames/account information from the current PDC; then I'd go with creating a new domain/PDC using samba at the second site and try it personally. This would make it easier for you to eventually migrate the main site over and get away from NT4... not to mention give you some practical experience with the remote site vs having to migrate/figure it all out at the same time. But again, the inter-domain trust relationship(s) between NT4 PDC and a Samba+LDAP PDC are beyond the scope of my skills and better left to others on this list to answer. I just thought it a good point to point out that replication between NT4 PDC/BDC is NOT possible to Samba as a BDC afaik. Travis Bullock wrote: Alternatively, could I set up a knew Domain in the new location, have the PDC be Samba but have a two-way trust between the new domain and my old windows NT 4.0 domain? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: February 27, 2006 2:04 PM To: 'James Taylor'; 'Samba' Subject: RE: [Samba] Need Advice Well that is what I was thinking as well, but I was unsure if Samba was able to act as a BDC. How does the account replication work between my NT4.0 PDC and the Samba BDC? I do not have the time right now to switch from MS to Samba at my main site. I am trying to learn the ways of the force in regards to OpenLDAP and Samba but have not mastered them yet. With MS still acting as the PDC, will this negate the possibility of a Samba BDC? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Taylor Sent: February 27, 2006 1:55 PM To: [EMAIL PROTECTED]; 'Samba' Subject: RE: [Samba] Need Advice Save yourself the costs of having to buy licensing and extra equipment and run Samba as an NT4 BDC. In my humble belief it would be easier for you to maintain and less overhead at your remote location where you might have limited IT support. JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: Monday, February 27, 2006 12:53 PM To: Samba Subject: [Samba] Need Advice Greetings, We are going to be expanding our operations to another city. I currently use Samba and Winbind to provide shares and file access to my existing locations users. The account information is kept on a NT4.0 PDC and BDC. I have connected the new location via OpenVPN. I am wondering how I should go about expanding my domain. Should I set up another NT4.0 BDC in the new office and have a local Samba machine get account info from that via Winbind? Or should I set up the Samba machine as a BDC itself? Is it possible for a Samba BDC to receive account updates from a NT4.0 PDC? Cheers, Travis -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmptl.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: wbinfo_group.pl / wbinfo -r not working!
Sorry, I did not include my distro.
Fedora Core 4 - 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686
i686 i386 GNU/Linux
TIA
On 2/27/06, Adam Bruncaj [EMAIL PROTECTED] wrote:
Hello,
I have been using samba to authenticate my squid users to Active
Directory. Because of the amount of users, I would like to set up my
ACL's based on groups, rather than individual user accounts.
I have successfully joined my samba box to our windows domain (2k).
For some reason I had to enter the domain controller name instead of
the domain name when doing so. I am now having issues looking up user
groups using wbinfo_group and/or wbinfo -r username.
The following are some commands, conf files logs (the parts that I
believe are relevant). I have a feeling I have more than one issue
going on here. Please let me know if you need more info.
I doubt there are limitations, but we are in a somewhat large
environment (about 4,000 users accounts) with multiple sub domains.
-
# I compiled squid with...
./configure --enable-external-acl-helpers=unix_group,wbinfo_group
--
[EMAIL PROTECTED] squid]# rpm -q samba
samba-3.0.21c-1
--
[EMAIL PROTECTED] squid]# wbinfo -a domainuser1%hispass
plaintext password authentication succeeded
challenge/response password authentication succeeded
---
[EMAIL PROTECTED] squid]# wbinfo -t
checking the trust secret via RPC calls succeeded
---
[EMAIL PROTECTED] squid]# wbinfo -u |more
SUBDOMAIN1\exemployees
SUBDOMAIN1\installservice
...
..
SUBDOMAIN2\exch
SUBDOMAIN2\adcsv
SUBDOMAIN2\administrator
..
..
domainuser1 #These are the accounts that I would be working with and
would need lookup there groups. note that
domainuser2
domainuser2
..
..
[EMAIL PROTECTED] samba]# wbinfo -n domainuser1
S-1-5-21-954140891-1229348589-1136263860-10879 User (1)
[EMAIL PROTECTED] squid]# ./wbinfo_group.pl
user1 domain users
Could not lookup name domain users
Could not convert sid to gid
Could not get groups for user user1
OK
# also tried domain\\user domain\\group
--
[EMAIL PROTECTED] samba]# wbinfo -r domainuser1
Could not get groups for user domainuser1
#also tried with domain\\domainuser1
---
[EMAIL PROTECTED] samba]# wbinfo --sequence
SubDomain1 : DISCONNECTED
SubDomain2 : DISCONNECTED
Subdomain3 : 2576451
LIONS : 1
BUILTIN : 1
MyDomain : DISCONNECTED # it states disconnected, but I am able to
view users and groups?
My conf files
(smb.conf) # note that this is the while conf file. I read that this
is all I need
[global]
workgroup = MyDomain
netbios name = lions
password server = 10.20.250.2
security = domain
winbind uid = 1-2
winbind gid = 1-2
winbind use default domain = yes
(nsswitch.conf)
#
# /etc/nsswitch.conf
#
# To use db, put the db in front of files for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:db files nisplus nis
#shadow:db files nisplus nis
#group: db files nisplus nis
passwd: files winbind
shadow: files winbind
group: files winbind
#hosts: db files nisplus nis dns
hosts: files winbind dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc:nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: db files
netmasks: files
networks: files dns
protocols: files winbind
rpc:db files
services: files winbind
netgroup: files winbind
publickey: nisplus
automount: files winbind
aliases:files nisplus
-
(krb5.conf)
[libdefaults]
default_realm = Mydomain.domain.com
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
MY = {
kdc = domaincontroller1.mydomain.domain.com
admin_server = domaincontroller1
kdc = domaincontroller1
}
[domain_realm]
.kerberos.server = MYDOMAIN.DOMAIN.COM
---
Log files:
[EMAIL PROTECTED] samba]# vi winbindd.log
[2006/02/27 08:02:32, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109)
ads_connect for domain SUBDOMAIN2 failed: No such file or directory
[2006/02/27 08:04:08, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
Could not get convert sid from string
[2006/02/27 08:04:27, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
Could not get convert sid from string
[2006/02/27 08:05:06, 1] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(221)
Could not get convert sid from string
Re: [Samba] printer admin still working in 3.0.21c?
Thomas Limoncelli wrote: [2006/02/27 18:21:24, 5] rpc_server/srv_spoolss_nt.c:check_printer_ok(5933) check_printer_ok: servername=\\myserver printername=\\myserver\HP Universal Printing PS sharename=myprinter01 portname=Samba Printer Port drivername=HP Universal Printing PS comment=myprinter01 location= [2006/02/27 18:21:24, 3] rpc_server/srv_spoolss_nt.c:update_printer(6113) update_printer: printer property change denied by handle I'm still pulling my hair out on this one, even after having looked at level 10 Samba logs extensively. While there's high chance I'm doing something stupid, is there anyone willing to point a lost soul into the right direction? What can prevent a printer admin from changing printer properties through a Windows client? I can provide level 10 smbd logs, Ethereal traces and whatever it may take. FWIW, smbstatus reports I'm connected as XXX\me and this account is granted SePrintOperatorPrivileges at least: myserver# smbstatus [...] 17802 XXX\meXXX\domain users myclient (10.11.12.13) myserver# net rpc rights list accounts -S `hostname` -U 'XXX\me' [...] XXX\me SePrintOperatorPrivilege The smb.conf is the one from http://lists.samba.org/archive/samba/2006-February/118057.html plus: [global] printing = CUPS printcap name = CUPS cups options = raw enable privileges = Yes admin users = XXX\me [printers] path = /var/spool/samba create mask = 0644 printable = Yes use client driver = Yes write list = XXX\me guest ok = Yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = XXX\me Crying for help, -TL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.21c Available for Download
Gerald (Jerry) Carter wrote: Can you send me your smb.conf? Thanks. Did you received my smb.conf? der tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
- Original Message - From: William Jojo [EMAIL PROTECTED] To: Gerald (Jerry) Carter [EMAIL PROTECTED] Cc: samba@lists.samba.org; Andrew Tridgell [EMAIL PROTECTED]; Jeremy Allison [EMAIL PROTECTED] Sent: Saturday, February 25, 2006 11:38 AM Subject: Re: [Samba] hanging smbd(s) revisited On Sat, 25 Feb 2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Johnson wrote: Hi, Just to add -- our fcntl locking issue is on Linux, we've seen it on 2.6.9, 2.6.13.1 and 2.6.15.3, running Mandrake 10.2. locking.tdb is on a local disk. All smbd child processes are blocked on apparently the same fcntl when it happens. Hmmm...ok. That ruins my theory. I thought you were on AIX as well. And just to make sure, you are running Samba 3.0.21b as well? Is it possible you're on the right track, but manifests differently on our two systems? :-) Last semester we were running 3.0.20 on this machine. We've been toying with going back to that code base to see if it stabalizes. (Of course putting deadtime back to zero for the test.) That still has me confused as to why the non-zero deadtime seems to make the whole environment more stable. It's the *only* modification we've made that has had any impact at all. If 3.0.20 fails, then it's most likely a kernel bug. It's so hard to get IBM to move on this without *ahem* additional compensation. I even got the duty manager involved on the PMR since I got the brush-off. I would appreciate any more info you have on the fcntl bug you mentioned so I can run it by IBM. I think on Monday we'll try 3.0.20 and see what happens. So we've gone back to 3.0.20 and we're stable again. I should indicate that it's 3.0.20 with patches 9484, 9481 and 9456 to fix Win98 dir loop, excel shared workbook and ACLs (not necessarily in that order). Since the problem manifests in the filesystem where our Samba install is, and it appears to be a tdb (namely locking.tdb for fd=15, but can't identify the fd=3 that spins unmercifully), I'm wondering if *maybe* it could be the Fix for tdb clear-if-first race condition. or some other tdb change after 3.0.20 that traded one bug for another? I'm guessing... :-) We upgraded from 3.0.20 to 3.0.21a for production. It never showed up in development for any version after 3.0.20 since we can't generate that kind of random load, so of course we thought everything was cool. Again, this only happens under heavy load, daily and clears up with a bounce of smbd. It seems to be related to a few hundred students logging off and a few hundred more logging on (classes are switching). Also we noticed that there are several hundred and in some cases a couple thousand cookie files being transfered around in roaming profiles per student (they were not redirected). We are going to start moving to 20a, then 20b, then to 21 then back to 21a where we started (21b did it too, haven't tried 21c yet) after another day or two of 3.0.20 to make sure we're not losing our mind. AIX 5.2 TL-08-1, Windows XP-SP2 clients. Storage is a CX-700 EMC SAN (which rocks, btw) Anything more I can provide, let me know. :-) Cheers, Bill cheers, Bill cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEAIVqIR7qMdg1EfYRAhY9AJsGDSjVGISuB7s5gXiN7SROGskv5wCcCj/C vk+23YRv9n1CWpYkQRXO17o= =dGU1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Moving samba PDC to new machine (same name?)
Paul Smith wrote: Mark, thanks for the link. How does this look? OLDSERVER: Stop Samba. Backup smb.conf, smbpasswd, passdb.tdb and secrets.tdb from /etc/samba Backup *.tdb from /var/lib/samba Make note of the users/groups UID/GIDs Power down NEWSERVER: Power up server Change hostname to OLDSERVER Install latest Samba recreate users/groups with same UID/GID as the old server restore backed up files (smb.conf, smbpasswd, passdb.tdb and secrets.tdb from /etc/samba and *.tdb from /var/lib/samba) Recreate shared directories Run testparm Start Samba Check domain SID is the same as the old one When I did it I had the 2 servers running at the same time for a while so I could move data from old to new using an nfs mount. This took a few hours to move approx 100 Gb. Of course I did this with smb off on both machines. Then I stopped the old server, changed the name and ip address of the new server, and continued as you outlined. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
On Tuesday 28 February 2006 12:19, Michael Thrift wrote: You still have commas in the invalid users list, it's not a comma separated list, it has to be a space separated list I'm fairly certain that it can be comma delimited as well. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
Thanks for ur information... but my doubt is.. if we can restrict it with groups.. whats the usage of invalid users i am not getting its point... i understand the problem clearly. this is because.. my servers volumes are GPFS volume... and 6 samba server is connected to this volumes total 12TB in GPFS if i set permission through one folder of file.. its will be same in other servers also.. so with this point i cant able to stop rush and render only in one server among this six... in man page of smb.conf says... This is a list of users that should not be allowed to login to this service. If a username is in both (invalid users valid users) list, then access is denied for that user. so i am not sure.. its happening.. may be a kinda BUG... if its blocking the service wise.. if an invalid user is trying to access the share it will be blocked.. (not depends on group permission) Thanks You in Advance jerrynikky. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
I agree with you, the service should block it, and you're correct in asking why doesn't this work. What version of samba is it? Can you update it? Do you have any log entries? What happens if you increase the logging in your smb.conf? Mike. updatemyself . wrote: Thanks for ur information... but my doubt is.. if we can restrict it with groups.. whats the usage of invalid users i am not getting its point... i understand the problem clearly. this is because.. my servers volumes are GPFS volume... and 6 samba server is connected to this volumes total 12TB in GPFS if i set permission through one folder of file.. its will be same in other servers also.. so with this point i cant able to stop rush and render only in one server among this six... in man page of smb.conf says... This is a list of users that should not be allowed to login to this service. If a username is in both (invalid users valid users) list, then access is denied for that user. so i am not sure.. its happening.. may be a kinda BUG... if its blocking the service wise.. if an invalid user is trying to access the share it will be blocked.. (not depends on group permission) Thanks You in Advance jerrynikky. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
On Tuesday 28 February 2006 09:41, simo wrote: And any valid user/group that have spaces in the name should be probably put between . eg: @Domain Users Yes, AFAIK, the space is as much a delimiter as a comma. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
On Tuesday 28 February 2006 14:14, updatemyself . wrote: in man page of smb.conf says... This is a list of users that should not be allowed to login to this service. Yes. If a username is in both (invalid users valid users) list, then access is denied for that user. Not so clear, as it doesn't say that in the man page. Why not remove the users from the valid group? Just make another group that contains everyone for other shares. Also, when an item is specified twice, usually the last one specified overrides the previous one. Such as: read only = no read only = yes ...on a share will make it read only. So you might try placing the invalid users line after the valid users line. No guarantees, but it may be worth a shot. Personally I would add a group and adjust their memberships. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
On Sat, 2006-02-25 at 16:58 +, Matt Johnson wrote: On Sat, 25 Feb 2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Johnson wrote: Hi, Just to add -- our fcntl locking issue is on Linux, we've seen it on 2.6.9, 2.6.13.1 and 2.6.15.3, running Mandrake 10.2. locking.tdb is on a local disk. All smbd child processes are blocked on apparently the same fcntl when it happens. Hmmm...ok. That ruins my theory. I thought you were on AIX as well. And just to make sure, you are running Samba 3.0.21b as well? Correct -- 3.0.21b on Linux 2.6. We had the same problem with 3.0.20 but it was MUCH more frequent... 3.0.21b seems to have reduced the frequency of the problem occurring but it does still seem to be there. If you need logs please let me know what level... the problem we have though is that the issue is apparently entirely non-deterministic, I can't replicate it on demand. I have had exactly the same problem. I reported that in thread Samba daemons hang trying to lock locking.tdb, about Jan 25. I had a NFS mount from another server and then shared with samba. I moved the information on that server localy to the Samba server (avoiding NFS). All goes ok from that change. I don't understand why it works, because all smbd daemons were hanging in the previously commented fcntl call, that locks locking.tdb (that was located in local filesystem, not in any NFS mounted shares). I'm using FC4 with last updates (kernel included) and samba 3.0.21b. Cheers, -- Fermin Molina Ibarz Tècnic sistemes - ASIC Universitat de Lleida Tel: +34 973 702151 GPG: 0x060F857A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba on top of NFS question
On Mon, 2006-02-27 at 19:11 -0500, Ryan Taylor wrote: Thank you for the reply, its nice to know someone else is in the same boat. Unfortunately our servers are also in production and therefore we can't try the patch. We also have not found a good way to reproduce without throwing all the users on the system. One interesting fact I have noticed since we have moved our data to the local samba machine: netstat -s -u returns # netstat -s -u Udp: 50898 packets received 16 packets to unknown port received. 0 packet receive errors 17163 packets sent # Where as before when on NFS we had 50%-75% of the number of packets received in packet receive errors Mmm, it's weird. I am beginning to believe you are right, NFS cannot handle the locking required by Samba? Please, read the thread hanging smbd(s) revisited. I think is related to our problems too. I am confused in two directions. We use Whitebox4 and have noticed a newer version of nfs.utils.el4 rpm released but requires (because of two many dependencies) for use to upgrade to CentOS4... 2) We are using AMD X2's so are running the SMP kernel as well. Could it be just a SMP issue? Which is why I am curious if anyone else had samba working in an environment similar to ours. Maybe SMP could affect (I have 4 processors and linux SMP). But in the thread I commented before, people have the same problems with different platforms and configuration. I'm confused. I will wait for some answers in the commented thread. Cheers, -- Fermin Molina Ibarz Tècnic sistemes - ASIC Universitat de Lleida Tel: +34 973 702151 GPG: 0x060F857A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Connecting to SAMBA for first time takes a very looong time
I'm running Samba 3.0.14a-2 on FC4 as a print server. The system is joined to the domain and I'm using the domain security model. Pretty much, it's configured like my old Samba 2.2.7 server (which this new box is replacing). On the PC side, printers are assigned to a user via a VBScript running under a group policy. The first time that script runs and tries to add the printer to the windows machine for a specific user (all our windows machine are XP SP2), it takes anywhere from 2 to 6 minutes. The next time that same user logs in, it's quick. When a DIFFERENT user logs in for the first time to the SAME machine, it again can take from 2 to 6 minutes. If, however, the same script is instead attempting to connect printers on the Samba 2.2.7 server, all is quick in every case. I'm not sure if this is a configuration issue (don't know what parameter might affect it), a bug, or a problem in the windows domain. Any idea where to look and for what? What information might be helpful for me to post. I have included below the global, printers and print$ sections of smb.conf. [global] workgroup = CATNET security = DOMAIN map to guest = Bad User password server = 10.170.131.14 root directory = / passwd chat = log level = 1 log file = /var/log/samba/%m.log max log size = 0 announce as = NT Workstation socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No machine password timeout = 691200 preferred master = No local master = No domain master = No wins server = 10.170.131.11 oplock break wait time = 10 ldap ssl = no remote announce = 10.170.131.11/CATNET invalid users = linfield admin users = root, rtanner, marvin write list = rtanner, marvin printer admin = rtanner, marvin printable = Yes printing = lprng print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j lppause command = lpc hold '%p' %j lpresume command = lpc release '%p' %j queuepause command = lpc stop '%p' queueresume command = lpc start '%p' [printers] comment = All Printers path = /var/spool/samba printer admin = @ntadmin, rtanner, mblanco, marvin printing = lprng print command = lpr -r -P'%p' %s browseable = No [print$] comment = Default Printer Driver Location path = /usr/local/share/samba/printers write list = @wheel, @ntadmin, rtanner, marvin, root printer admin = @wheel, @ntadmin, rtanner, marvin, root guest ok = Yes printable = No -- Rob Tanner UNIX Services Manager Linfield College, McMinnville OR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
On Tue, Feb 28, 2006 at 01:30:40PM -0500, William Jojo wrote: So we've gone back to 3.0.20 and we're stable again. I should indicate that it's 3.0.20 with patches 9484, 9481 and 9456 to fix Win98 dir loop, excel shared workbook and ACLs (not necessarily in that order). Since the problem manifests in the filesystem where our Samba install is, and it appears to be a tdb (namely locking.tdb for fd=15, but can't identify the fd=3 that spins unmercifully), I'm wondering if *maybe* it could be the Fix for tdb clear-if-first race condition. or some other tdb change after 3.0.20 that traded one bug for another? I'm guessing... :-) Identifying that fd would be really useful. We upgraded from 3.0.20 to 3.0.21a for production. It never showed up in development for any version after 3.0.20 since we can't generate that kind of random load, so of course we thought everything was cool. Again, this only happens under heavy load, daily and clears up with a bounce of smbd. It seems to be related to a few hundred students logging off and a few hundred more logging on (classes are switching). Also we noticed that there are several hundred and in some cases a couple thousand cookie files being transfered around in roaming profiles per student (they were not redirected). We are going to start moving to 20a, then 20b, then to 21 then back to 21a where we started (21b did it too, haven't tried 21c yet) after another day or two of 3.0.20 to make sure we're not losing our mind. I've looked over the logic for the aquiring/release of the lock for the locking.tdb in the 3.0.21c release code - I can't see any possible paths, error or otherwise where the lock can be left live on a record. I'll keep looking though. When it's spinning, what is the errno that the fcntl call returns ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
thanks a lot dear guys... in my 1st mail itself i written OS:- Red Hat Enterprise Linux ES (2.6.9-22.ELsmp) samba :- samba-3.0.21b-3 compiled using samba-3.0.21b-3.src.rpm and i installed following RPM samba-client-3.0.21b-3 samba-doc-3.0.21b-3 samba-3.0.21b-3 samba-debuginfo-3.0.21b-3 samba-common-3.0.21b-3 samba-swat-3.0.21b-3 i think this is the latest stable SAMBA Version.. Thanks Once again... regards jerrynikky. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
On Tuesday 28 February 2006 14:25, Chris wrote: If a username is in both (invalid users valid users) list, then access is denied for that user. Not so clear, as it doesn't say that in the man page. Sorry, I'll correct myself. It does say that in the man page under valid users. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
Thanks a Lot Chris ALL, in my ADS around 2500 Users are there.. by adding the @Domain Users i am giving permission to all and every month.. around 100 new users and some resign are there.. while create a user.. by default windows 2003 ADS adding that user to Domain Users group... adding him/her to another particular group just for.. this case is not such easy .. if its a One time.. job.. SURE.. i will do it.. but i have to make sure it.. each and every time.. while i add new users to my ADS and all this doing.. only to remove two users from one service..samba this will be a cracking way... i think if invalid users working proper... whats the point to do this... that's y i am searching for a smart option... let me know.. any one already reported this as BUG -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hanging smbd(s) revisited
- Original Message - From: Jeremy Allison [EMAIL PROTECTED] To: William Jojo [EMAIL PROTECTED] Cc: samba@lists.samba.org; Gerald (Jerry) Carter [EMAIL PROTECTED]; Andrew Tridgell [EMAIL PROTECTED]; Jeremy Allison [EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 3:25 PM Subject: Re: [Samba] hanging smbd(s) revisited On Tue, Feb 28, 2006 at 01:30:40PM -0500, William Jojo wrote: So we've gone back to 3.0.20 and we're stable again. I should indicate that it's 3.0.20 with patches 9484, 9481 and 9456 to fix Win98 dir loop, excel shared workbook and ACLs (not necessarily in that order). Since the problem manifests in the filesystem where our Samba install is, and it appears to be a tdb (namely locking.tdb for fd=15, but can't identify the fd=3 that spins unmercifully), I'm wondering if *maybe* it could be the Fix for tdb clear-if-first race condition. or some other tdb change after 3.0.20 that traded one bug for another? I'm guessing... :-) Identifying that fd would be really useful. Ok, dug it up. This is the IBM info. - Original Message - From: Robert Elias To: [EMAIL PROTECTED] Sent: Monday, February 27, 2006 12:30 PM Subject: Pmr#47402,180 Bill, Thank you for patience while I work through your questions. I ran this issue by our level 3 performance team and received the following input. The file in question is inode 12363 in /samba. Use 'find /samba -inum 12363' to determine the file name. I ran this by the Samba team members that work for IBM and they suggested the following: As a long shot, I suggest that you have him run tdbtorture (a file i/o testcase) from the samba source tree as that does a simulation of the locking that Samba does and if we have a bug in AIX locking. Your comments or thoughts? Thanks, Robert Elias AIX Duty Manager IBM Integrated Technology Services 214-257-9292 - T/L 972 [storage:/samba/3.0.21b] # find /samba -inum 12363 /samba/3.0.21b/var/locks/locking.tdb We are going to start moving to 20a, then 20b, then to 21 then back to 21a where we started (21b did it too, haven't tried 21c yet) after another day or two of 3.0.20 to make sure we're not losing our mind. I've looked over the logic for the aquiring/release of the lock for the locking.tdb in the 3.0.21c release code - I can't see any possible paths, error or otherwise where the lock can be left live on a record. I'll keep looking though. When it's spinning, what is the errno that the fcntl call returns ? What appears to happen is pid 266946 is exiting (exited?) and some kind of dealock has occured which shows the following in filemon.sum from the perfpmr that IBM had me run during the event. snip 9603204 hooks processed (incl. 2108 utility) 60.013 secs in measured interval Cpu utilization: 42.9% Most Active Files #MBs #opns #rds #wrs file volume:inode 230.1 0 29492 0 pid=266946_fd=3 43.3 0 1588129 pid=240270_fd=5 /snip My question to IBM was how can this happen? The above inode number is what was provided to me yesterday. Since moving to 3.0.20 the problem has subsided, I'm back here and not bugging IBM at the moment. :-| Whatever else I can get you, just say the word. :-) Do you agree with us to step to 20a, 20b ... ? Cheers, Bill Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Invalid user not working
On Tuesday 28 February 2006 09:30, Michael Thrift wrote: invalid users = rush, render valid users = @Domain Users Just a note that it's working here with 3.0.21c, but it doesn't work with 3.0.0 (an old server I have - hope no one else is running it). Maybe the invalid user list needs to have the full domain information such as: invalid users = MYDOMAIN\rush MYDOMAIN\render and, of course, replace the \ with your winbind separator if it's different. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA WINS
Travis Bullock schrieb: Is Samba still unable to replicate WINS information? I have a Samba WINS server in place now at Location A. I am establishing Location B which will connect to Location A via OpenVPN behind a IPCop box. I would like to place a Samba WINS server in Location B so that client WINS traffic will not travel across the VPN, however I am unsure if Samba's inability to replicate WINS has since been changed. Cheers, Travis hi, a wins replicate daemon has been released by sernet the german host of samba, catch it there compile and test ( it worked for me with suse 10 ) but if you use openvpn with a direct vpn tap connect between 2 sambas only the right configs where needed in my setup, you can start samba with tap devices so they should find each with broadcast on the same net or with pointing browsing entries in smb.conf to oneanother for sure this connect where long times vpn connects Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't join domain
I've got a Windows XP box that's unable to join my Samba (3.0.20) domain. We've got about 400 other computers, mostly WinXP, that have joined the domain quite successfully. I'm not sure when the most recent one joined, though, but I'm reasonably sure nothing has changed since then. The Samba log gives the following when I try to the computer to the domain: [2006/02/28 15:33:02, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: stpierre [2006/02/28 15:33:02, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) init_group_from_ldap: Entry found for group: 1004 [2006/02/28 15:33:02, 2] auth/auth.c:check_ntlm_password(307) check_ntlm_password: authentication for user [stpierre] - [stpierre] - [stpierre] succeeded [2006/02/28 15:33:02, 1] smbd/ipc.c:api_fd_reply(290) api_fd_reply: INVALID PIPE HANDLE: 739d [2006/02/28 15:33:03, 2] smbd/server.c:exit_server(608) Closing connections Trust account for mrlc-3$ added with uid 1005 and rid 3010 As you can see, it goes ahead and creates the trust account in LDAP anyway, despite the PIPE HANDLE message. (We're using a custom LDAP trust account script.) Due to some recent LDAP problems, it's taking about two minutes to add the machine; could the operation be timing out? Any other ideas what might be happening? Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printer admin still working in 3.0.21c?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Limoncelli wrote: is there anyone willing to point a lost soul into the right direction? What can prevent a printer admin from changing printer properties through a Windows client? ... [printers] path = /var/spool/samba create mask = 0644 printable = Yes use client driver = Yes ^^ Thomas, See the man page for this option. It should never be set on printers for which you want to install drivers on the server. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBOhTIR7qMdg1EfYRAqJEAKC3f62BTAAaGD04wYbNFqQMuddpZwCfddDK Lxmeq8QxBEQpprMXYzsWmw4= =37NE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.21c Debian Packages available on samba.org
I've just uploaded the 3.0.21c packages for sarge. They should be soon available on the mirrors. Have Fun, Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 6 ( Manager - sambaadmin)
Hi Gordon,
This is my admin-accts.ldif;
---
dn: cn=updateuser,dc=tinistuff,dc=com
objectClass: person
cn: updateuser
sn: updateuser
userPassword: {crypt}ABiELdbxGY2fY
dn: cn=sambaadmin,dc=tinistuff,dc=com
objectClass: person
cn: sambaadmin
sn: sambaadmin
userPassword: {crypt}ABiELdbxGY2fY
So the ldap server is stopped, I add these entries; and restart ldap.
[EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif
added: cn=updateuser,dc=tinistuff,dc=com (0002)
added: cn=sambaadmin,dc=tinistuff,dc=com (0003)
Error, entries missing!
entry 1: dc=tinistuff,dc=com
[EMAIL PROTECTED] programs]# ldapsearch -x -D cn=sambaadmin,dc=tinistuff,dc=com
-W uid=sambaadmin
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
It will not let me populate the database either; however I can populate fine
when using Manager instead of sambaadmin
[EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0
Populating LDAP directory for domain TINISTUFF
(S-1-5-21-1850218137-420253120-3974286998)
(using builtin directory structure)
adding new entry: dc=tinistuff,dc=com
failed to add entry: modifications require authentication at
./smbldap-populate line 471, GEN1 line 2.
etc..
Hm :(
Adrian.
From: Gordon Messmer [EMAIL PROTECTED]
To: adrian sender [EMAIL PROTECTED]
CC: samba@lists.samba.org
Subject: Re: [Samba] Samba 3 by Example - chapter 5 6 ( Manager -
sambaadmin)
Date: Sun, 26 Feb 2006 23:08:29 -0800
adrian sender wrote:
Hey Guys,
Gordon, I do not think that is the issue; I have tried what you said but
still get the same error.
Remember I have a SDC or BDC that uses updateuser; the ldif I add for that
uses plain text passwords and works perfectly.
I see... Your original message indicated that you had an updateuser in
the database, but didn't indicate that you were actually using it for
anything.
I'm still guessing that this is an LDAP issue, and not a samba one.
Are you able to perform a search with the sambaadmin user, or the
updateuser user, using the ldapsearch command line? Try both of these, and
make sure that sambaadmin is not the rootdn specified in your slapd.conf:
ldapsearch -x -D cn=sambaadmin,dc=ddesign,dc=com -W uid=sambaadmin
ldapsearch -x -D cn=updateuser,dc=ddesign,dc=com -W uid=sambaadmin
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 6 ( Manager - sambaadmin)
adrian sender wrote: [EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif added: cn=updateuser,dc=tinistuff,dc=com (0002) added: cn=sambaadmin,dc=tinistuff,dc=com (0003) Error, entries missing! entry 1: dc=tinistuff,dc=com If you dump the database, does dc=tinistuff,dc=com show up in there? It looks like the entry for the base DN is missing, which might explain the problems that you're having. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 6 ( Manager - sambaadmin)
On Wed, 2006-03-01 at 15:45 +1100, adrian sender wrote:
Hi Gordon,
This is my admin-accts.ldif;
---
dn: cn=updateuser,dc=tinistuff,dc=com
objectClass: person
cn: updateuser
sn: updateuser
userPassword: {crypt}ABiELdbxGY2fY
dn: cn=sambaadmin,dc=tinistuff,dc=com
objectClass: person
cn: sambaadmin
sn: sambaadmin
userPassword: {crypt}ABiELdbxGY2fY
So the ldap server is stopped, I add these entries; and restart ldap.
[EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif
added: cn=updateuser,dc=tinistuff,dc=com (0002)
added: cn=sambaadmin,dc=tinistuff,dc=com (0003)
Error, entries missing!
entry 1: dc=tinistuff,dc=com
[EMAIL PROTECTED] programs]# ldapsearch -x -D
cn=sambaadmin,dc=tinistuff,dc=com
-W uid=sambaadmin
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
It will not let me populate the database either; however I can populate fine
when using Manager instead of sambaadmin
[EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0
Populating LDAP directory for domain TINISTUFF
(S-1-5-21-1850218137-420253120-3974286998)
(using builtin directory structure)
adding new entry: dc=tinistuff,dc=com
failed to add entry: modifications require authentication at
./smbldap-populate line 471, GEN1 line 2.
no - this seems to have failed too.
can you authenticate with your rootdn?
Craig
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r13750 - branches/SAMBA_3_0/source trunk/source
Author: lmuelle Date: 2006-02-28 11:56:14 + (Tue, 28 Feb 2006) New Revision: 13750 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13750 Log: Cleanup line wrap to less than 80 chars. Modified: branches/SAMBA_3_0/source/Makefile.in trunk/source/Makefile.in Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in === --- branches/SAMBA_3_0/source/Makefile.in 2006-02-28 06:41:09 UTC (rev 13749) +++ branches/SAMBA_3_0/source/Makefile.in 2006-02-28 11:56:14 UTC (rev 13750) @@ -1558,9 +1558,10 @@ clean: delheaders python_clean -rm -f core */*~ *~ */*.o */[EMAIL PROTECTED]@ */[EMAIL PROTECTED]@ \ - $(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(ROOT_SBIN_PROGS) $(MODULES) \ - $(TORTURE_PROGS) $(LIBSMBCLIENT) $(LIBSMBSHAREMODES) \ - $(EVERYTHING_PROGS) $(LIBMSRPC) .headers.stamp + $(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(ROOT_SBIN_PROGS) \ + $(MODULES) $(TORTURE_PROGS) $(LIBSMBCLIENT) \ + $(LIBSMBSHAREMODES) $(EVERYTHING_PROGS) $(LIBMSRPC) \ + .headers.stamp -rm -rf t_dir # Making this target will just make sure that the prototype files Modified: trunk/source/Makefile.in === --- trunk/source/Makefile.in2006-02-28 06:41:09 UTC (rev 13749) +++ trunk/source/Makefile.in2006-02-28 11:56:14 UTC (rev 13750) @@ -1587,9 +1587,10 @@ clean: delheaders python_clean -rm -f core */*~ *~ */*.o */[EMAIL PROTECTED]@ */[EMAIL PROTECTED]@ \ - $(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(ROOT_SBIN_PROGS) $(MODULES) \ - $(TORTURE_PROGS) $(LIBSMBCLIENT) $(LIBSMBSHAREMODES) \ - $(EVERYTHING_PROGS) $(LIBMSRPC) .headers.stamp + $(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(ROOT_SBIN_PROGS) \ + $(MODULES) $(TORTURE_PROGS) $(LIBSMBCLIENT) \ + $(LIBSMBSHAREMODES) $(EVERYTHING_PROGS) $(LIBMSRPC) \ + .headers.stamp -rm -rf t_dir # Making this target will just make sure that the prototype files
svn commit: samba r13751 - branches/SAMBA_3_0/source trunk/source
Author: lmuelle Date: 2006-02-28 11:57:37 + (Tue, 28 Feb 2006) New Revision: 13751 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13751 Log: Call proto_exists before we create the precompiles headers. Modified: branches/SAMBA_3_0/source/Makefile.in trunk/source/Makefile.in Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in === --- branches/SAMBA_3_0/source/Makefile.in 2006-02-28 11:56:14 UTC (rev 13750) +++ branches/SAMBA_3_0/source/Makefile.in 2006-02-28 11:57:37 UTC (rev 13751) @@ -825,7 +825,7 @@ # this adds support for precompiled headers. To use it, install a snapshot # of gcc-3.4 and run 'make pch' before you do the main build. -pch: +pch: proto_exists rm -f $(srcdir)/include/includes.h.gch $(CC) -I. -I$(srcdir) $(FLAGS) @PIE_CFLAGS@ -c $(srcdir)/include/includes.h -o $(srcdir)/include/includes.h.gch Modified: trunk/source/Makefile.in === --- trunk/source/Makefile.in2006-02-28 11:56:14 UTC (rev 13750) +++ trunk/source/Makefile.in2006-02-28 11:57:37 UTC (rev 13751) @@ -841,7 +841,7 @@ # this adds support for precompiled headers. To use it, install a snapshot # of gcc-3.4 and run 'make pch' before you do the main build. -pch: +pch: proto_exists rm -f $(srcdir)/include/includes.h.gch $(CC) -I. -I$(srcdir) $(FLAGS) @PIE_CFLAGS@ -c $(srcdir)/include/includes.h -o $(srcdir)/include/includes.h.gch
svn commit: samba r13752 - in branches/SAMBA_4_0/source/lib/util: .
Author: jelmer Date: 2006-02-28 13:12:39 + (Tue, 28 Feb 2006) New Revision: 13752 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13752 Log: Add doxyfile and fix formatting of comments. Current output is available at http://samba.org/~jelmer/util-api/ Added: branches/SAMBA_4_0/source/lib/util/Doxyfile Modified: branches/SAMBA_4_0/source/lib/util/capability.c branches/SAMBA_4_0/source/lib/util/data_blob.c branches/SAMBA_4_0/source/lib/util/debug.c branches/SAMBA_4_0/source/lib/util/fault.c branches/SAMBA_4_0/source/lib/util/fsusage.c branches/SAMBA_4_0/source/lib/util/genrand.c branches/SAMBA_4_0/source/lib/util/idtree.c branches/SAMBA_4_0/source/lib/util/module.c branches/SAMBA_4_0/source/lib/util/ms_fnmatch.c branches/SAMBA_4_0/source/lib/util/mutex.c branches/SAMBA_4_0/source/lib/util/pidfile.c branches/SAMBA_4_0/source/lib/util/signal.c branches/SAMBA_4_0/source/lib/util/substitute.c branches/SAMBA_4_0/source/lib/util/time.c branches/SAMBA_4_0/source/lib/util/unix_privs.c branches/SAMBA_4_0/source/lib/util/util.c branches/SAMBA_4_0/source/lib/util/util_file.c branches/SAMBA_4_0/source/lib/util/util_sock.c branches/SAMBA_4_0/source/lib/util/util_str.c branches/SAMBA_4_0/source/lib/util/util_strlist.c branches/SAMBA_4_0/source/lib/util/util_unistr.c branches/SAMBA_4_0/source/lib/util/xfile.c Changeset: Sorry, the patch is too large (3110 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13752
svn commit: samba r13753 - in branches/SAMBA_4_0/source/script/tests: .
Author: jelmer Date: 2006-02-28 13:17:39 + (Tue, 28 Feb 2006) New Revision: 13753 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13753 Log: /bin/sh - /bin/bash as this script uses some bash-specific constructs Modified: branches/SAMBA_4_0/source/script/tests/test_cifsdd.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/test_cifsdd.sh === --- branches/SAMBA_4_0/source/script/tests/test_cifsdd.sh 2006-02-28 13:12:39 UTC (rev 13752) +++ branches/SAMBA_4_0/source/script/tests/test_cifsdd.sh 2006-02-28 13:17:39 UTC (rev 13753) @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # Basic script to make sure that cifsdd can do both local and remote I/O.
svn commit: samba r13754 - in branches/SAMBA_4_0: .
Author: jelmer Date: 2006-02-28 13:33:48 + (Tue, 28 Feb 2006) New Revision: 13754 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13754 Log: Update TODO Modified: branches/SAMBA_4_0/TODO Changeset: Modified: branches/SAMBA_4_0/TODO === --- branches/SAMBA_4_0/TODO 2006-02-28 13:17:39 UTC (rev 13753) +++ branches/SAMBA_4_0/TODO 2006-02-28 13:33:48 UTC (rev 13754) @@ -8,6 +8,11 @@ from earlier Samba4 releases in the future) - Add support for reading WINS TDB files as well as WINS dat files. +- seperate adminlog mechanism (as opposed to the current DEBUG log, + which is not really aimed at administrators but more at developers) + Perhaps similar to eventlog so we can also use eventlog to retrieve the data? +- improve handling of test results in testsuite + Configuration options = @@ -195,7 +200,6 @@ - browse list - enhanced browsing - wins proxy -- wins hook - wins partners - blocking locks - fake oplocks @@ -209,21 +213,6 @@ - oplock contention limit - posix locking - share modes -- ldap server -- ldap port -- ldap admin dn -- ldap delete dn -- ldap group suffix -- ldap idmap suffix -- ldap machine suffix -- ldap passwd sync -- ldap password sync -- ldap replication sleep -- ldap suffix -- ldap ssl -- ldap timeout -- ldap page size -- ldap user suffix - add share command - change share command - delete share command
Re: svn commit: samba r13727 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
Author: vlendec
Date: 2006-02-27 21:19:58 + (Mon, 27 Feb 2006)
New Revision: 13727
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13727
Log:
Fix a segfault
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c
===
--- branches/SAMBA_3_0/source/passdb/pdb_interface.c 2006-02-27 19:55:21 UTC
(rev 13726)
+++ branches/SAMBA_3_0/source/passdb/pdb_interface.c 2006-02-27 21:19:58 UTC
(rev 13727)
@@ -342,10 +342,14 @@
TALLOC_CTX *tmp_ctx, const char *name,
uint32 acb_info, uint32 *rid)
{
- struct samu *sam_pass = NULL;
+ struct samu *sam_pass;
NTSTATUS status;
struct passwd *pwd;
+ if ((sam_pass = TALLOC_ZERO_P(tmp_ctx, struct samu)) == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
Volker, the current code provides samu_new( CTX ) rather than calling
talloc() directly. Mostly this is just to handle initialization
of the structure fields.
cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEBFHTIR7qMdg1EfYRAvgbAJ9VwmvXIV4ukF2glQJm0RtP5jU5vwCfZ0GM
gdfbIoBvBXXam9/Vp+HTViw=
=8JZA
-END PGP SIGNATURE-
svn commit: samba r13755 - in branches/tmp/samba4-ldb-register/source: build/smb_build lib/ldb script/tests
Author: jelmer
Date: 2006-02-28 13:41:34 + (Tue, 28 Feb 2006)
New Revision: 13755
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13755
Log:
Allow different semantics for init functions.
Modified:
branches/tmp/samba4-ldb-register/source/build/smb_build/config_mk.pm
branches/tmp/samba4-ldb-register/source/build/smb_build/header.pm
branches/tmp/samba4-ldb-register/source/build/smb_build/input.pm
branches/tmp/samba4-ldb-register/source/lib/ldb/config.mk
branches/tmp/samba4-ldb-register/source/script/tests/test_cifsdd.sh
Changeset:
Modified: branches/tmp/samba4-ldb-register/source/build/smb_build/config_mk.pm
===
--- branches/tmp/samba4-ldb-register/source/build/smb_build/config_mk.pm
2006-02-28 13:33:48 UTC (rev 13754)
+++ branches/tmp/samba4-ldb-register/source/build/smb_build/config_mk.pm
2006-02-28 13:41:34 UTC (rev 13755)
@@ -67,6 +67,8 @@
MAJOR_VERSION = string,
MINOR_VERSION = string,
RELEASE_VERSION = string,
+
+ INIT_FUNCTION_TYPE = string,
OBJ_FILES = list,
Modified: branches/tmp/samba4-ldb-register/source/build/smb_build/header.pm
===
--- branches/tmp/samba4-ldb-register/source/build/smb_build/header.pm
2006-02-28 13:33:48 UTC (rev 13754)
+++ branches/tmp/samba4-ldb-register/source/build/smb_build/header.pm
2006-02-28 13:41:34 UTC (rev 13755)
@@ -30,13 +30,16 @@
my $DEFINE = ();
next if ($key-{TYPE} ne LIBRARY and $key-{TYPE} ne
SUBSYSTEM);
next unless defined($key-{INIT_FUNCTIONS});
-
+
$DEFINE-{COMMENT} = $key-{TYPE} $key-{NAME} INIT;
$DEFINE-{KEY} = STATIC_$key-{NAME}_MODULES;
$DEFINE-{VAL} = { \\\n;
foreach (@{$key-{INIT_FUNCTIONS}}) {
$DEFINE-{VAL} .= \t$_, \\\n;
- $output .= NTSTATUS $_(void);\n;
+ my $fn = $key-{INIT_FUNCTION_TYPE};
+ unless(defined($fn)) { $fn = NTSTATUS (*) (void); }
+ $fn =~ s/\(\*\)/$_/;
+ $output .= $fn;\n;
}
$DEFINE-{VAL} .= \tNULL \\\n };
Modified: branches/tmp/samba4-ldb-register/source/build/smb_build/input.pm
===
--- branches/tmp/samba4-ldb-register/source/build/smb_build/input.pm
2006-02-28 13:33:48 UTC (rev 13754)
+++ branches/tmp/samba4-ldb-register/source/build/smb_build/input.pm
2006-02-28 13:41:34 UTC (rev 13755)
@@ -97,6 +97,10 @@
return;
}
+ unless (defined($lib-{INIT_FUNCTION_TYPE})) {
+ $lib-{INIT_FUNCTION_TYPE} = NTSTATUS (*) (void);
+ }
+
$lib-{INSTALLDIR} = LIBDIR;
}
Modified: branches/tmp/samba4-ldb-register/source/lib/ldb/config.mk
===
--- branches/tmp/samba4-ldb-register/source/lib/ldb/config.mk 2006-02-28
13:33:48 UTC (rev 13754)
+++ branches/tmp/samba4-ldb-register/source/lib/ldb/config.mk 2006-02-28
13:41:34 UTC (rev 13755)
@@ -144,6 +144,7 @@
MAJOR_VERSION = 0
MINOR_VERSION = 0
DESCRIPTION = LDAP-like embedded database library
+INIT_FUNCTION_TYPE = int (*) (void)
RELEASE_VERSION = 1
OBJ_FILES = \
common/ldb.o \
Modified: branches/tmp/samba4-ldb-register/source/script/tests/test_cifsdd.sh
===
--- branches/tmp/samba4-ldb-register/source/script/tests/test_cifsdd.sh
2006-02-28 13:33:48 UTC (rev 13754)
+++ branches/tmp/samba4-ldb-register/source/script/tests/test_cifsdd.sh
2006-02-28 13:41:34 UTC (rev 13755)
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
# Basic script to make sure that cifsdd can do both local and remote I/O.
svn commit: samba r13756 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
Author: jerry
Date: 2006-02-28 13:53:16 + (Tue, 28 Feb 2006)
New Revision: 13756
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13756
Log:
use samu_new() rather than calling talloc() directly.
Modified:
branches/SAMBA_3_0/source/passdb/pdb_interface.c
trunk/source/passdb/pdb_interface.c
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c
===
--- branches/SAMBA_3_0/source/passdb/pdb_interface.c2006-02-28 13:41:34 UTC
(rev 13755)
+++ branches/SAMBA_3_0/source/passdb/pdb_interface.c2006-02-28 13:53:16 UTC
(rev 13756)
@@ -346,7 +346,7 @@
NTSTATUS status;
struct passwd *pwd;
- if ((sam_pass = TALLOC_ZERO_P(tmp_ctx, struct samu)) == NULL) {
+ if ((sam_pass = samu_new(tmp_ctx)) == NULL) {
return NT_STATUS_NO_MEMORY;
}
Modified: trunk/source/passdb/pdb_interface.c
===
--- trunk/source/passdb/pdb_interface.c 2006-02-28 13:41:34 UTC (rev 13755)
+++ trunk/source/passdb/pdb_interface.c 2006-02-28 13:53:16 UTC (rev 13756)
@@ -346,7 +346,7 @@
NTSTATUS status;
struct passwd *pwd;
- if ((sam_pass = TALLOC_ZERO_P(tmp_ctx, struct samu)) == NULL) {
+ if ((sam_pass = samu_new(tmp_ctx)) == NULL) {
return NT_STATUS_NO_MEMORY;
}
svn commit: samba r13757 - in trunk/source/passdb: .
Author: idra
Date: 2006-02-28 14:53:12 + (Tue, 28 Feb 2006)
New Revision: 13757
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13757
Log:
Use samu_new()
Modified:
trunk/source/passdb/pdb_ldap.c
Changeset:
Modified: trunk/source/passdb/pdb_ldap.c
===
--- trunk/source/passdb/pdb_ldap.c 2006-02-28 13:53:16 UTC (rev 13756)
+++ trunk/source/passdb/pdb_ldap.c 2006-02-28 14:53:12 UTC (rev 13757)
@@ -4627,7 +4627,7 @@
sid_copy(user_sid, get_global_sam_sid());
sid_append_rid(user_sid, *rid);
- user = talloc_zero(tmp_ctx, struct samu);
+ user = samu_new(tmp_ctx);
if (!user) {
DEBUG(1,(ldapsam_create_user: Unable to allocate user
struct\n));
return NT_STATUS_NO_MEMORY;
svn commit: samba r13758 - in trunk/source/smbd: .
Author: jra
Date: 2006-02-28 15:53:57 + (Tue, 28 Feb 2006)
New Revision: 13758
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13758
Log:
As pointed out by Volker, it isn't much good creating
a new empty acl in remove_posix_acl if you don't bother
to set it on the file in question :-).
Jeremy.
Modified:
trunk/source/smbd/posix_acls.c
Changeset:
Modified: trunk/source/smbd/posix_acls.c
===
--- trunk/source/smbd/posix_acls.c 2006-02-28 14:53:12 UTC (rev 13757)
+++ trunk/source/smbd/posix_acls.c 2006-02-28 15:53:57 UTC (rev 13758)
@@ -3834,6 +3834,21 @@
}
}
+ /* Set the new empty file ACL. */
+ if (fsp fsp-fh-fd != -1) {
+ if (SMB_VFS_SYS_ACL_SET_FD(fsp, fsp-fh-fd, new_file_acl) ==
-1) {
+ DEBUG(5,(remove_posix_acl: acl_set_file failed on %s
(%s)\n,
+ fname, strerror(errno) ));
+ goto done;
+ }
+ } else {
+ if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS,
new_file_acl) == -1) {
+ DEBUG(5,(remove_posix_acl: acl_set_file failed on %s
(%s)\n,
+ fname, strerror(errno) ));
+ goto done;
+ }
+ }
+
ret = True;
done:
svn commit: samba r13759 - in branches/SAMBA_3_0/source/smbd: .
Author: jra
Date: 2006-02-28 15:58:09 + (Tue, 28 Feb 2006)
New Revision: 13759
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13759
Log:
As pointed out by Volker, it isn't much good creating
a new empty acl in remove_posix_acl if you don't bother
to set it on the file in question :-).
Jeremy.
Modified:
branches/SAMBA_3_0/source/smbd/posix_acls.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/posix_acls.c
===
--- branches/SAMBA_3_0/source/smbd/posix_acls.c 2006-02-28 15:53:57 UTC (rev
13758)
+++ branches/SAMBA_3_0/source/smbd/posix_acls.c 2006-02-28 15:58:09 UTC (rev
13759)
@@ -3834,6 +3834,21 @@
}
}
+ /* Set the new empty file ACL. */
+ if (fsp fsp-fh-fd != -1) {
+ if (SMB_VFS_SYS_ACL_SET_FD(fsp, fsp-fh-fd, new_file_acl) ==
-1) {
+ DEBUG(5,(remove_posix_acl: acl_set_file failed on %s
(%s)\n,
+ fname, strerror(errno) ));
+ goto done;
+ }
+ } else {
+ if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS,
new_file_acl) == -1) {
+ DEBUG(5,(remove_posix_acl: acl_set_file failed on %s
(%s)\n,
+ fname, strerror(errno) ));
+ goto done;
+ }
+ }
+
ret = True;
done:
svn commit: samba r13760 - in branches/SAMBA_4_0/source: .
Author: jelmer Date: 2006-02-28 19:47:02 + (Tue, 28 Feb 2006) New Revision: 13760 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13760 Log: Remove extern declaration for SMB_PASSWD_FILE Modified: branches/SAMBA_4_0/source/dynconfig.h Changeset: Modified: branches/SAMBA_4_0/source/dynconfig.h === --- branches/SAMBA_4_0/source/dynconfig.h 2006-02-28 15:58:09 UTC (rev 13759) +++ branches/SAMBA_4_0/source/dynconfig.h 2006-02-28 19:47:02 UTC (rev 13760) @@ -35,7 +35,6 @@ extern const char *dyn_SHLIBEXT; extern const char *dyn_LOCKDIR; extern const char *dyn_PIDDIR; -extern const char *dyn_SMB_PASSWD_FILE; extern const char *dyn_PRIVATE_DIR; extern const char *dyn_SWATDIR; extern const char *dyn_JSDIR;
svn commit: linux-cifs-client r46 - in branches/linux-2.6-mainline/fs/cifs: .
Author: sfrench Date: 2006-02-28 22:42:36 + (Tue, 28 Feb 2006) New Revision: 46 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=46 Log: Sync cifs client with mainline kernel 2.6.16-rc5 Modified: branches/linux-2.6-mainline/fs/cifs/CHANGES branches/linux-2.6-mainline/fs/cifs/README branches/linux-2.6-mainline/fs/cifs/cifs_debug.c branches/linux-2.6-mainline/fs/cifs/cifs_fs_sb.h branches/linux-2.6-mainline/fs/cifs/cifs_uniupr.h branches/linux-2.6-mainline/fs/cifs/cifsencrypt.c branches/linux-2.6-mainline/fs/cifs/cifsfs.c branches/linux-2.6-mainline/fs/cifs/cifsfs.h branches/linux-2.6-mainline/fs/cifs/cifsglob.h branches/linux-2.6-mainline/fs/cifs/cifspdu.h branches/linux-2.6-mainline/fs/cifs/cifsproto.h branches/linux-2.6-mainline/fs/cifs/cifssmb.c branches/linux-2.6-mainline/fs/cifs/connect.c branches/linux-2.6-mainline/fs/cifs/dir.c branches/linux-2.6-mainline/fs/cifs/file.c branches/linux-2.6-mainline/fs/cifs/inode.c branches/linux-2.6-mainline/fs/cifs/misc.c branches/linux-2.6-mainline/fs/cifs/readdir.c branches/linux-2.6-mainline/fs/cifs/rfc1002pdu.h branches/linux-2.6-mainline/fs/cifs/transport.c branches/linux-2.6-mainline/fs/cifs/xattr.c Changeset: Sorry, the patch is too large (2033 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=46
svn commit: linux-cifs-client r47 - in branches/linux-2.6-cifs-git-devel/fs/cifs: .
Author: sfrench Date: 2006-02-28 22:43:17 + (Tue, 28 Feb 2006) New Revision: 47 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=47 Log: Sync linux cifs client with current (version 1.41b) development tree Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/CHANGES branches/linux-2.6-cifs-git-devel/fs/cifs/Makefile branches/linux-2.6-cifs-git-devel/fs/cifs/cifsencrypt.c branches/linux-2.6-cifs-git-devel/fs/cifs/cifsfs.c branches/linux-2.6-cifs-git-devel/fs/cifs/cifsfs.h branches/linux-2.6-cifs-git-devel/fs/cifs/cifsglob.h branches/linux-2.6-cifs-git-devel/fs/cifs/cifspdu.h branches/linux-2.6-cifs-git-devel/fs/cifs/cifsproto.h branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c branches/linux-2.6-cifs-git-devel/fs/cifs/dir.c branches/linux-2.6-cifs-git-devel/fs/cifs/file.c branches/linux-2.6-cifs-git-devel/fs/cifs/inode.c branches/linux-2.6-cifs-git-devel/fs/cifs/misc.c branches/linux-2.6-cifs-git-devel/fs/cifs/misc.c.orig branches/linux-2.6-cifs-git-devel/fs/cifs/ntlmssp.h branches/linux-2.6-cifs-git-devel/fs/cifs/readdir.c branches/linux-2.6-cifs-git-devel/fs/cifs/transport.c Changeset: Sorry, the patch is too large (1151 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=47
Build status as of Wed Mar 1 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-02-28 00:00:04.0 + +++ /home/build/master/cache/broken_results.txt 2006-03-01 00:00:04.0 + @@ -1,17 +1,17 @@ -Build status as of Tue Feb 28 00:00:02 2006 +Build status as of Wed Mar 1 00:00:02 2006 Build counts: Tree Total Broken Panic ccache 9 3 0 -distcc 10 2 0 -lorikeet-heimdal 14 14 0 +distcc 9 2 0 +lorikeet-heimdal 16 16 0 ppp 15 0 0 rsync31 2 0 samba2 0 0 samba-docs 0 0 0 -samba4 33 21 2 -samba_3_032 6 0 -smb-build22 3 0 -talloc 9 6 0 -tdb 9 3 0 +samba4 33 20 2 +samba_3_032 7 0 +smb-build24 4 0 +talloc 10 7 0 +tdb 7 2 0
svn commit: samba r13761 - in branches/SAMBA_3_0: . source/libsmb
Author: derrell
Date: 2006-03-01 01:41:52 + (Wed, 01 Mar 2006)
New Revision: 13761
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13761
Log:
[EMAIL PROTECTED]: derrell | 2006-02-28 20:40:56 -0500
When only allowing one connection per server, the cache needs to track which
share is currently connected, or we never know whether a tdis()/tcon() for the
new share is required.
Modified:
branches/SAMBA_3_0/
branches/SAMBA_3_0/source/libsmb/libsmb_cache.c
Changeset:
Property changes on: branches/SAMBA_3_0
___
Name: svk:merge
- 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:12422
+ 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:13221
Modified: branches/SAMBA_3_0/source/libsmb/libsmb_cache.c
===
--- branches/SAMBA_3_0/source/libsmb/libsmb_cache.c 2006-02-28 19:47:02 UTC
(rev 13760)
+++ branches/SAMBA_3_0/source/libsmb/libsmb_cache.c 2006-03-01 01:41:52 UTC
(rev 13761)
@@ -156,6 +156,17 @@
continue;
}
+
+SAFE_FREE(srv-share_name);
+srv-share_name = SMB_STRDUP(share);
+if (!srv-share_name) {
+/* Out of memory. */
+cli_shutdown(srv-server-cli);
+
context-callbacks.remove_cached_srv_fn(context, srv-server);
+continue;
+}
+
+
return srv-server;
}
}
svn commit: samba r13762 - in trunk/source/libsmb: .
Author: derrell
Date: 2006-03-01 01:42:37 + (Wed, 01 Mar 2006)
New Revision: 13762
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13762
Log:
When only allowing one connection per server, the cache needs to track which
share is currently connected, or we never know whether a tdis()/tcon() for the
new share is required.
Modified:
trunk/source/libsmb/libsmb_cache.c
Changeset:
Modified: trunk/source/libsmb/libsmb_cache.c
===
--- trunk/source/libsmb/libsmb_cache.c 2006-03-01 01:41:52 UTC (rev 13761)
+++ trunk/source/libsmb/libsmb_cache.c 2006-03-01 01:42:37 UTC (rev 13762)
@@ -156,6 +156,17 @@
continue;
}
+
+SAFE_FREE(srv-share_name);
+srv-share_name = SMB_STRDUP(share);
+if (!srv-share_name) {
+/* Out of memory. */
+cli_shutdown(srv-server-cli);
+
context-callbacks.remove_cached_srv_fn(context, srv-server);
+continue;
+}
+
+
return srv-server;
}
}
svn commit: samba r13763 - in branches/SAMBA_3_0: . source/libsmb
Author: derrell
Date: 2006-03-01 01:48:33 + (Wed, 01 Mar 2006)
New Revision: 13763
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13763
Log:
[EMAIL PROTECTED]: derrell | 2006-02-28 20:48:23 -0500
Add the missing comment about needing to save the new share name.
Modified:
branches/SAMBA_3_0/
branches/SAMBA_3_0/source/libsmb/libsmb_cache.c
Changeset:
Property changes on: branches/SAMBA_3_0
___
Name: svk:merge
- 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:13221
+ 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba3:13223
Modified: branches/SAMBA_3_0/source/libsmb/libsmb_cache.c
===
--- branches/SAMBA_3_0/source/libsmb/libsmb_cache.c 2006-03-01 01:42:37 UTC
(rev 13762)
+++ branches/SAMBA_3_0/source/libsmb/libsmb_cache.c 2006-03-01 01:48:33 UTC
(rev 13763)
@@ -156,7 +156,11 @@
continue;
}
-
+/*
+ * Save the new share name. We've
+ * disconnected from the old share, and are
+ * about to connect to the new one.
+ */
SAFE_FREE(srv-share_name);
srv-share_name = SMB_STRDUP(share);
if (!srv-share_name) {
svn commit: samba r13764 - in trunk/source/libsmb: .
Author: derrell
Date: 2006-03-01 01:49:14 + (Wed, 01 Mar 2006)
New Revision: 13764
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13764
Log:
Add the missing comment about needing to save the new share name.
Modified:
trunk/source/libsmb/libsmb_cache.c
Changeset:
Modified: trunk/source/libsmb/libsmb_cache.c
===
--- trunk/source/libsmb/libsmb_cache.c 2006-03-01 01:48:33 UTC (rev 13763)
+++ trunk/source/libsmb/libsmb_cache.c 2006-03-01 01:49:14 UTC (rev 13764)
@@ -156,7 +156,11 @@
continue;
}
-
+/*
+ * Save the new share name. We've
+ * disconnected from the old share, and are
+ * about to connect to the new one.
+ */
SAFE_FREE(srv-share_name);
srv-share_name = SMB_STRDUP(share);
if (!srv-share_name) {
svn commit: samba r13765 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
Author: jerry
Date: 2006-03-01 02:47:50 + (Wed, 01 Mar 2006)
New Revision: 13765
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13765
Log:
Fix bug reported by jra. Don't check for a group SID when storing
a user since we no longer pay any attention to the value.
Modified:
branches/SAMBA_3_0/source/passdb/pdb_tdb.c
trunk/source/passdb/pdb_tdb.c
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/pdb_tdb.c
===
--- branches/SAMBA_3_0/source/passdb/pdb_tdb.c 2006-03-01 01:49:14 UTC (rev
13764)
+++ branches/SAMBA_3_0/source/passdb/pdb_tdb.c 2006-03-01 02:47:50 UTC (rev
13765)
@@ -1311,11 +1311,13 @@
tdbsam_endsampwent( my_methods );
+#if 0
if ( !pdb_get_group_rid(newpwd) ) {
DEBUG (0,(tdb_update_sam: Failing to store a struct samu for
[%s]
without a primary group RID\n,
pdb_get_username(newpwd)));
return False;
}
+#endif
if ( !(user_rid = pdb_get_user_rid(newpwd)) ) {
DEBUG(0,(tdb_update_sam: struct samu (%s) with no RID!\n,
pdb_get_username(newpwd)));
Modified: trunk/source/passdb/pdb_tdb.c
===
--- trunk/source/passdb/pdb_tdb.c 2006-03-01 01:49:14 UTC (rev 13764)
+++ trunk/source/passdb/pdb_tdb.c 2006-03-01 02:47:50 UTC (rev 13765)
@@ -1311,11 +1311,13 @@
tdbsam_endsampwent( my_methods );
+#if 0
if ( !pdb_get_group_rid(newpwd) ) {
DEBUG (0,(tdb_update_sam: Failing to store a struct samu for
[%s]
without a primary group RID\n,
pdb_get_username(newpwd)));
return False;
}
+#endif
if ( !(user_rid = pdb_get_user_rid(newpwd)) ) {
DEBUG(0,(tdb_update_sam: struct samu (%s) with no RID!\n,
pdb_get_username(newpwd)));
svn commit: samba r13766 - branches/SAMBA_3_0/source/rpc_server trunk/source/rpc_server
Author: jerry
Date: 2006-03-01 03:10:21 + (Wed, 01 Mar 2006)
New Revision: 13766
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13766
Log:
Patch from Arek Glabek [EMAIL PROTECTED]:
* Fix parsing error in eventlogadm caused by log entries
with no DAT: line.
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_eventlog_lib.c
trunk/source/rpc_server/srv_eventlog_lib.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_eventlog_lib.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_eventlog_lib.c 2006-03-01
02:47:50 UTC (rev 13765)
+++ branches/SAMBA_3_0/source/rpc_server/srv_eventlog_lib.c 2006-03-01
03:10:21 UTC (rev 13766)
@@ -707,16 +707,13 @@
memset( temp, 0, sizeof( temp ) );
strncpy( temp, stop, temp_len );
rpcstr_push( ( void * ) ( entry-data_record.strings +
- entry-data_record.strings_len ),
+ ( entry-data_record.strings_len / 2
) ),
temp,
sizeof( entry-data_record.strings ) -
-entry-data_record.strings_len, STR_TERMINATE );
- entry-data_record.strings_len += temp_len + 1;
+( entry-data_record.strings_len / 2 ),
STR_TERMINATE );
+ entry-data_record.strings_len += ( temp_len * 2 ) + 2;
entry-record.num_strings++;
} else if ( 0 == strncmp( start, DAT, stop - start ) ) {
- /* Now that we're done processing the STR data, adjust the
length to account for
- unicode, then proceed with the DAT data. */
- entry-data_record.strings_len *= 2;
/* skip past initial : */
stop++;
/* now skip any other leading whitespace */
Modified: trunk/source/rpc_server/srv_eventlog_lib.c
===
--- trunk/source/rpc_server/srv_eventlog_lib.c 2006-03-01 02:47:50 UTC (rev
13765)
+++ trunk/source/rpc_server/srv_eventlog_lib.c 2006-03-01 03:10:21 UTC (rev
13766)
@@ -707,16 +707,13 @@
memset( temp, 0, sizeof( temp ) );
strncpy( temp, stop, temp_len );
rpcstr_push( ( void * ) ( entry-data_record.strings +
- entry-data_record.strings_len ),
+ ( entry-data_record.strings_len / 2
) ),
temp,
sizeof( entry-data_record.strings ) -
-entry-data_record.strings_len, STR_TERMINATE );
- entry-data_record.strings_len += temp_len + 1;
+( entry-data_record.strings_len / 2 ),
STR_TERMINATE );
+ entry-data_record.strings_len += ( temp_len * 2 ) + 2;
entry-record.num_strings++;
} else if ( 0 == strncmp( start, DAT, stop - start ) ) {
- /* Now that we're done processing the STR data, adjust the
length to account for
- unicode, then proceed with the DAT data. */
- entry-data_record.strings_len *= 2;
/* skip past initial : */
stop++;
/* now skip any other leading whitespace */
