Re: [Samba] Cannot copy back profile
On Tuesday 11 July 2006 09:08, Sensei wrote: Hi! I have a problem with roaming profiles which I don't understand. I can login and logout from XP with a samba PDC with ldapsam flawlessly, but for some reasons when the profile does not belong to the user itself windows tells me upon logout that it cannot copy back some files to the server. Weird, because the directory where the profile resides is readable and writable by the user, although it doesn't belong to him. I have a generic ``smbadmin'' user, belonging to ``Domain Admins'' which reads and writes the profiles, so all the files in any profile in my samba domain (forcing its group) do actually belong to ``smbadmin:Domain Users'' and have rwx set to group and user. I'd like to keep all these files belonging to the smbadmin user. Anyway, I cannot make samba work on these files. Is there a way to tell samba not to bother about UID/GID of profiles? Thanks to anyone! -- Sensei [EMAIL PROTECTED] The optimist thinks this is the best of all possible worlds. The pessimist fears it is true. [J. Robert Oppenheimer] try these options on your workstations ;- ; do not roam the following folders [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] ExcludeProfileDirs=Temporary Internet Files;History;Temp ;- ; Do not check for user ownership of Roaming Profile Folders [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 Jerry Westrick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ArcView + Samba: Performance nightmare under Linux,ok under Solaris or HP-UX
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Tobias, thank you for reply! Tobias Bluhm schrieb: Another shot in the dark . . . . and I don't believe you've stated what fs type your using, but have you tried storing the data using other fs types or playing with the mount options? For the Linux server, I have tested with the following filesystems: *) ext2 *) ext3 *) reiserfs *) xfs In my tests, all filesystems were mounted with standard mount-options: mount -t fstype /dev/data/test /mountpoint On the kernel 2.4 based systems I did not use enhanced features like ACL or XATTR. On the kernel 2.6 based system (SuSE Linux) I did also test with an ACL and XATTR enabled reiserfs. None of my tests with these different filesystem types showed any significant application performance difference. With all of these different filesystems I get the same strange file access pattern. The data files are not very big: the whole share has about 250MB of size and the files which take longest to load (e.g. arc.adf or pal.adf) are about 2MB of size, each. Under Solaris, all these files are loaded by the application in about 12 seconds alltogether: the application loads them with a blocksize of 4K, block by block sequentially. There is a short peak in filesystem I/O and network traffic when files are loaded from the Solaris server by the application. With the various Linux samba servers, the same action takes several minutes: the applications reads the files with a blocksize of 512 Bytes and seems to read each single block several times, not sequentially but intermixed with other blocks like this: [...] read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 1536, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 2048, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 1536, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 1024, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 2048, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 1536, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 1024, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 2048, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 1024, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 2048, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 1024, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 2048, size = 512, returned 512 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 1536, size = 512, returned 512 [...] I can see very low filesystem I/O (about 40kB/s) and some network traffic (a few 100kB/s, but that's a rough estimation from what I can see with tcpdump) between the windows client and the Linux server, but that goes on for several minutes. Note: it's the _application_ (Windows XP + ArcView) which does request the files in that strange way. You can see that if you look at the SMB read request messages in the samba logfiles. Example: [...] [2006/07/10 11:28:25, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/07/10 11:28:25, 10] smbd/process.c:run_events(299) run_events: No events [2006/07/10 11:28:25, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 59 [2006/07/10 11:28:25, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x3b [2006/07/10 11:28:25, 3] smbd/process.c:process_smb(1194) Transaction 3815 of length 63 [2006/07/10 11:28:25, 5] lib/util.c:show_msg(454) [2006/07/10 11:28:25, 5] lib/util.c:show_msg(464) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=105 smb_mid=44611 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6251 (0x186B) smb_vwv[ 3]=53248 (0xD000) smb_vwv[ 4]=0 (0x0) smb_vwv[ 5]= 512 (0x200) smb_vwv[ 6]= 512 (0x200) smb_vwv[ 7]=0 (0x0) smb_vwv[ 8]=0 (0x0) smb_vwv[ 9]= 512 (0x200) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_bcc=0 [2006/07/10 11:28:25, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 2689) conn 0x844ae08 [2006/07/10 11:28:25, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2006/07/10 11:28:25, 10] locking/locking.c:is_locked(109) is_locked: brl start=53248 len=512 unlocked for file daten/covers/dhm_offset/o1000c/arc.adf [2006/07/10 11:28:25, 10] locking/posix.c:is_posix_locked(706) is_posix_locked: File daten/covers/dhm_offset/o1000c/arc.adf, offset = 53248, count = 512, type = READ [2006/07/10 11:28:25, 10] locking/posix.c:posix_lock_in_range(642) posix_lock_in_range: offset_out = 53248,
[Samba] can't contact domain
Hello everyone, Once again I'm trying to set up our Samba server to operate as a PDC, now that I've verified that I have a clean install of the Samba 3 software. However there are some difficulties with this. On my client machine when I try to set the domain name in the system control panel, I get an error message saying that the domain could not be contacted. I've set up my client with the IP address of the Samba server as a WINS server in the network control panel. I have a machine account for the client set up in the /etc/passwd shadow and the smbpasswd. I thought I had everything set up that I need, but it must be the case that I'm still overlooking something that is needed in order for the client to recognize the domain. I'm not seeing any error messages appearing in my samba.log file. Anyody have any suggestions for further things I could check to see why my PC can't see my domain? Thanks very much, Eric PS, Here's the smb.conf: [global] socket address = 128.253.175.155 socket options = TCP_NODELAY invalid users = bin daemon adm sync shutdown halt mail news uucp max log size = 100 print command = /bin/lp -d%p %s; sleep 5; rm -f %s printer = 128_1 printing = SYSV wins support = yes netbios name = pleiades workgroup = PLAB passdb backend = smbpasswd os level = 33 preferred master = auto domain master = yes local master = yes security = user domain logons = yes logon drive = h: log file = /var/log/samba.log log level = 2 max log size = 50 debug timestamp = yes [homes] browseable = no read only = no writeable = yes guest ok = no [amanda2] path = /usersp/amanda2 browseable = no read only = no writeable = yes guest ok = no valid users = amanda [khoisan] path = /usersp/khoisan browseable = no read only = no writeable = yes guest ok = no valid users = amanda,eric [nu] path = /users/Nu_Archive browseable = no read only = no writeable = yes guest ok = no valid users = amanda,johanna,eric,laura,andrea,nina,andrew,howell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoSagainst smbd
(Blond-moment question) I take it then, that this bug doesn't apply to version 3.0.23? - Guillermo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerald (Jerry) Carter Sent: Monday, July 10, 2006 1:21 PM To: [EMAIL PROTECTED] Subject: [Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoSagainst smbd -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == == == Subject: Memory exhaustion DoS against smbd == CVE ID#: CAN-2006-1059 == == Versions:Samba Samba 3.0.1 - 3.0.22 (inclusive) == == Summary: smbd may allow internal structures == maintaining state for share connections == to grow unbounded. == == === Description === The smbd daemon maintains internal data structures used track active connections to file and printer shares. In certain circumstances an attacker may be able to continually increase the memory usage of an smbd process by issuing a large number of share connection requests. This defect affects all Samba configurations. == Patch Availability == A patch for Samba 3.0.1 - 3.0.22 has been posted at http://www.samba.org/samba/security/. Guidelines for securing Samba hosts are listed at http://www.samba.org/docs/server_security.html === Credits === This security issue discovered during an internal security audit of the Samba source code by the Samba Team. == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEsraWIR7qMdg1EfYRAgGgAJwKuXUvw0lOs3fkNwR4qJ65fZMOrACgtuTS M65Y4TJbTWo46oSFuHc4LXE= =CZLB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I want to use CNAMES for my SAMBA server, how?
Hi I asked a similar question half a year ago on the list and I try to sumaries the results Search the thread kerberos netbios alias in 01/2006 samba-technical list Question: Hi, we are running a samba server in a w2k3 AD Domain. The server has the netbios name netbios name = RM-SAMBA01 and several netbios aliases netbios aliases = PRINTSERVER, RM-SW, RM-OS-IMAGES, RM-USERSTORE, PUBLICATIONS When a user connects from a Windows workstation (logged in to the domain) to rm-samba01, hw gets acces without beeing prompted to a password. If he connects to PRINTSERVER he is asked for a password. Even if he enters DOMAIN\username pair, access is denied. samba logs [2005/12/28 21:19:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(180) Failed to verify incoming ticket! The problem is not reproducable. Some workstation can connect to printserver without a password prompt. I have tried to join the domain with the netbios alias names to, but with no success (join works fine, but problem still exists). net ads join Computers -n printserver Do I have to take special care with samba, netbios aliases and kerberos? Do I have to use a special kerberos configuration? Answer from Andrew Bartlett Yes. You must expand the list of servicePrincipalName entries in Samba's AD entry. A good LDAP tool should help you there. Results: Hi your suggestion solved our problem. We added 4 entries in servicePrincipalName CIFS/printserver CIFS/printserver.ntrobotic.robotic.dlr.de HOST/printserver HOST/printserver.ntrobotic.robotic.dlr which seems to solve the problem. Additionaly we added ntrobotic.robotic.dlr.de/Computers/printserver as an additional kerberos name in AD Computer Properties, but we are not sure, if this is necessary. The error message does not occur any more Thank you very much Hansjörg Don Meyer wrote: At 08:15 PM 7/10/2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Don Meyer wrote: My question though is what are the ramifications of a similar situation: Where the CNAME might be dynamically moved to point to another system's base IP address in the case of a transfer of service/fail-over. Does this servicePrincipalName for the FQDN need to be deleted and added to the new host's object, or can the same servicePrincipalName be added to each machine's object? -- each machine that might be used to host that service address, that is... Maybe I misunderstood the original questions. Are we trying top get krb5 authentcation working with cname records? Is the client actuall requesting a service ticket cifs/${name} and the request is failing? Or is something else wrong? I admit I only briefly read the original post. The original poster (Roy Mann) indicated that he was having krb5 authentication failures when his clients were using a CNAME (FQDN) to connect instead of the server's base (A record) FQDN. It works when using the base FQDN. The reason he is trying to employ CNAMEs in his resource mappings is to facilitate the fail-over process without having to change significant numbers of mappings, etc. in the case of a system failure and fail-over. My first question was asking about the logical extension of this -- What has to happen at fail-over (CNAME transfer)? If you have multiple machines which might someday be pointed to by the CNAME, can you pre-add the servicePrincipalName using the CNAME to each server's object in the manner you suggest?This way, only the DNS needs to be adjusted to move the CNAME, and as the change propagates the clients should start using the new server. However, if the serverPrincipalName must be unique, and can only be associated with one server object in the AD at any given time, then this would imply that in order to move the CNAME, one would first need to use the utility you suggest to edit the AD and transfer the serverPrincipalName to another server object. So which case is it? (I'm hoping for the former, but knowing MS, I'd bet money on the latter...) (After that first question, I then jumped deeper into the issue -- but let's back out and get this level dealt with first... ;-) Cheers, -D Don Meyer [EMAIL PROTECTED] Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety. -- Benjamin Franklin, 1759 -- _ Dr. Hansjoerg Maurer | LAN- System-Manager | Deutsches Zentrum | DLR Oberpfaffenhofen f. Luft- und Raumfahrt e.V. | Institut f. Robotik | Postfach 1116 | Muenchner Strasse 20 82230 Wessling
[Samba] Samba 3.0.23 trusts 2003 AD Domain
Can anyone confirm that SID - name lookup with a trusted domain is broken? Thanks Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] domain/WINS problem
Hello, Concerning my problem with not being able to connect to our domain with our Samba clients, there is a further piece of evidence in my samba.log, and I'm hoping that someone who is more experienced in dealing with WINS and domains can clarify the nature of these messages from the log: sync_with_dmb: Initiating sync with domain master browser PLEIADES20 at IP 128.253.175.155 for workgroup PLAB [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 Has anyone else encountered this problem before while trying to run the Samba server as a WINS server? Thanks, Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Length of share name
I am new at setting up Samba3. I had heard that the name share name is supposed to be limited to 8 characters or less; i.e., [home] or [configs], etc. Is this correct, or can the name be longer? Also, are there any specific characters that are not allowed? I am not planning on using any, but I was just wondering. Ciao! -- Gerard Seibert [EMAIL PROTECTED] A foolish consistency is the hobgoblin of little minds, adored by little statesmen and philosophers and divines. With consistency a great soul has simply nothing to do. Ralph Waldo Emerson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Want timestamp to change when copying from WinXP to Samba share
Hi folks, Windows has a default behavior of preserving timestamps when you copy a file. I want to update the 'Date Modified' timestamp to current time when I copy a file from Windows XP to a Samba share, just like a unix file copy would. Is there some way of doing this? Maybe w/ a script? 'dos filetimes' and 'dos filemode' don't seem to do the trick. Here's my setup: Samba 3.0.7 running on Gentoo Linux system. Output from 'testparm' command (with small edits to protect the innocent): [global] workgroup = WINDOWS security = DOMAIN log level = 4 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = winsIPaddress passdb expand explicit = No idmap uid = 1-2 idmap gid = 1-2 force group = mygroup create mask = 0664 directory mask = 0775 inherit owner = Yes [myfolder] comment = My Folder path = /web/virtual/htdocs/myfolder valid users = WINDOWS\medfield read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoSagainst smbd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Guillermo Gutierrez wrote: (Blond-moment question) I take it then, that this bug doesn't apply to version 3.0.23? Actually, you are the second person to ask me this. :-) I thought that since both the security and release announcement can from me, it would be obvious. But if not, the fix was listed in the commits between 3.0.23rc3 and 3.0.23 in the release notes o Volker Lendecke [EMAIL PROTECTED] . * CVE-2006-3403: Fix minor memory exhaustion DoS in smbd. So this confirms once again that no one reads the release notes. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEs7u5IR7qMdg1EfYRAjaBAKCfRYDj5LRDDeL2zAhd34a5JuaSCgCgnPEx qMoze9RYT/7A+23KWRIm4IM= =Odje -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoSagainst smbd
On Tue, 11 Jul 2006 09:54:49 -0500, Gerald (Jerry) Carter wrote So this confirms once again that no one reads the release notes. When you can generate billable hours for your clients by installing upgrades, you do... -- Tim Evans, TKEvans.com, Inc.|5 Chestnut Court [EMAIL PROTECTED] |Owings Mills, MD 21117 http://www.tkevans.com/ |443-394-3864 http://www.come-here.com/News/ | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.23 trusts 2003 AD Domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beschorner Daniel wrote: Can anyone confirm that SID - name lookup with a trusted domain is broken? Works fine for a Samba DC trusted Windows 2003 AD: $ wbinfo -m AQUA COLOR $ wbinfo -n 'COLOR\gcarter' S-1-5-21-3493585492-4029240144-3226775320-1168 User (1) $ bin/wbinfo -s S-1-5-21-3493585492-4029240144-3226775320-1168 COLOR\gcarter 1 For Windows 2003 AD trusting Windows 2000 AD domain: $ wbinfo -m AD VALE SAIL COLOR $ wbinfo -n AD+gcarter S-1-5-21-3234968684-14787312-124015166-1828 User (1) $ wbinfo -s S-1-5-21-3234968684-14787312-124015166-1828 AD+gcarter 1 cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEs8bkIR7qMdg1EfYRAg+PAJ9pH14QqxCrxywt2/BH6LmV7ZoADgCfWiBt MpFBHsmlWeTl7iQcJPG0v/4= =tqxq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Length of share name
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerard Seibert wrote: I am new at setting up Samba3. I had heard that the name share name is supposed to be limited to 8 characters or less; i.e., [home] or [configs], etc. Is this correct, or can the name be longer? Also, are there any specific characters that are not allowed? I am not planning on using any, but I was just wondering. The 8 character limit is for Windows 9x clients. If you don't have those, you can use longer. Up to 256 character IIRC. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEs8c1IR7qMdg1EfYRAr12AJ9o8k9YmVrV18bnHE2S1h7tqqICLQCfcOZP Q2EGLLVbol80sfOAXk3r6E0= =/w0z -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain/WINS problem
On Tue, 2006-07-11 at 10:32 -0400, Eric Evans wrote: Hello, Concerning my problem with not being able to connect to our domain with our Samba clients, there is a further piece of evidence in my samba.log, and I'm hoping that someone who is more experienced in dealing with WINS and domains can clarify the nature of these messages from the log: sync_with_dmb: Initiating sync with domain master browser PLEIADES20 at IP 128.253.175.155 for workgroup PLAB [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 Has anyone else encountered this problem before while trying to run the Samba server as a WINS server? is nmbd running? ps aux|grep nmbd Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain/WINS problem
I'm not expert with WINS server but i've worked on for few days. Buy looking to your log message you could see the wins_registration_timeout: WINS server 127.0.0.1 timed out error. How have you configured the Wins server in the smb.conf, seems to be on 127.0.0.1 ? Using samba as wins server by setting : wins support = yes using samba as wins client by setting : wins server = ip address wins server Maybe is it possible that nmbd using only lo for listing interface ? Vincent Hello, Concerning my problem with not being able to connect to our domain with our Samba clients, there is a further piece of evidence in my samba.log, and I'm hoping that someone who is more experienced in dealing with WINS and domains can clarify the nature of these messages from the log: sync_with_dmb: Initiating sync with domain master browser PLEIADES20 at IP 128.253.175.155 for workgroup PLAB [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 [2006/07/11 10:13:45, 2] nmbd/nmbd_nameregister.c:wins_registration_timeout(184) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 128.253.175.155 Has anyone else encountered this problem before while trying to run the Samba server as a WINS server? Thanks, Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba backup and restore with LDAP
i use slapcat to backup my Ldap - Database and slapadd to restore it. Beware: stop LDAP before Backup!!! There is no reason to stop LDAP if you are using back-bdb or back-hdb (and if you are using back-ldbm you are also crazy). But you might want to do a: su ldap -c /usr/bin/db_checkpoint -1 -v -h /var/lib/ldap ... prior to the backup, and it doesn't hurt to do one periodically anyway (especially with OpenLDAP 2.2.x). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Network Neighbourhood browsing, machines disappear after a while not to return until smbd restart
Hi all, ive got an issue with not being able to see machines in network neighbourhood after a while (ususally less than an hour). Ive seen other posts on these lists about this sort of issue but no answers. When i restart samba the samba.nmbd log shows machines on my network being added to the browse list like so. [2006/07/12 01:00:24, 3] nmbd/nmbd_incomingdgrams.c:process_host_announce(118) process_host_announce: from DADSDESKTOP00 IP 192.168.1.98 to WORKGROUP1d for server DADSDESKTOP. [2006/07/12 01:00:24, 3] nmbd/nmbd_serverlistdb.c:create_server_on_workgroup(159) create_server_on_workgroup: Created server entry DADSDESKTOP of type 40011203 () on workgroup WORKGROUP. [2006/07/12 01:00:34, 3] nmbd/nmbd_serverlistdb.c:write_browse_list(421) write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat After a while samba thinks the machines have expired and removes them from the browse list at which point they disappear from the network neighbourhood only to return if i restart samba. [2006/07/12 01:24:42, 3] nmbd/nmbd_serverlistdb.c:expire_servers(198) expire_old_servers: Removing timed out server DADSDESKTOP [2006/07/12 01:24:42, 3] nmbd/nmbd_serverlistdb.c:write_browse_list(421) write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat The machines are still browsable if i access them by IP or by name, its only the browse list they arnt showing up in. My samba server is set to be LMB and DMB and wins server is active, the samba server is also my dhcp and dns server for my lan and its running slackware 10.2. So i guess what im asking is how to i force my windows clients to refresh with the samba wins server box so that it doesnt think they are dead ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Registering Samba server in a MS DNS
Hi list, I'm not sure if this is the right place to ask this question but I guess someone has probably don this before. I wonder how I can easily register my samba box's in my Windows DNS? It is quite easy to register with WINS but how do I register it to the DNS? Reagards, Henrik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Registering Samba server in a MS DNS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henrik Zagerholm wrote: Hi list, I'm not sure if this is the right place to ask this question but I guess someone has probably don this before. I wonder how I can easily register my samba box's in my Windows DNS? It is quite easy to register with WINS but how do I register it to the DNS? One of our devs at Centeris has code for performing secure, dynamic DNS registration during domain join that will be going into Samba 3.0.24. I'm currently working on integrating it into the SAMBA_3_0 tree. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEs9laIR7qMdg1EfYRAupPAJ9FM/D57FtGgpvjLBoSs8JQ0oDW/gCgmcv0 02ibWJPWFPjLyHJ5poFRNk4= =1IZC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't contact domain
Thanks Craig Vincent for your suggestions. It seems that there is definitely some kind of WINS problem but I still don't know exactly why the WINS serving is not working as it should. I should also mention that I'm occasionally getting error messages that say winbindd: idmap uid range missing or invalid and winbindd: cannot continue, exiting. on samba server command line...try smbclient -L pleiades -U Administrator This command returns the following: Domain=[PLAB] OS=[Unix] Server=[Samba 3.0.22] Sharename Type Comment - --- ADMIN$ IPC IPC Service (Samba 3.0.22) IPC$IPC IPC Service (Samba 3.0.22) scripts Disk ikalangaDisk berber Disk serbian Disk ling420 Disk netlogonDisk _defaultPrinter 128_1 Printer rootDisk Home directory of root Domain=[PLAB] OS=[Unix] Server=[Samba 3.0.22] Server Comment ---- PLEIADES Samba 3.0.22 WorkgroupMaster ---- PLAB PLEIADES and see what happens if you have problems, you might try deleting wins.dat and restarting samba services Yes, this seems like a good suggestion, but I tried this and I'm still having the problem with the client not recognizing the domain. lastly does nmbd.log reveal that pleiades is the master? It would seem so. Here is the most recent output from the log.nmbd (although I'm not so sure about what that last error message means): [2006/07/11 11:19:38, 2] nmbd/nmbd_browsesync.c:announce_local_master_browser_to_domain_master_browser(110) announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup PLAB. Do not announce to ourselves. [2006/07/11 11:19:38, 2] nmbd/nmbd_browsesync.c:sync_with_dmb(154) sync_with_dmb: Initiating sync with domain master browser PLEIADES20 at IP 128.253.175.155 for workgroup PLAB [2006/07/11 11:19:40, 2] nmbd/nmbd_become_dmb.c:become_domain_master_stage1(173) [2006/07/11 13:09:26, 0] nmbd/nmbd.c:main(727) Netbios nameserver version 3.0.22 started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/11 13:09:26, 0] nmbd/nmbd.c:main(746) standard input is not a socket, assuming -D option [2006/07/11 13:09:26, 2] nmbd/nmbd.c:main(751) Becoming a daemon. [2006/07/11 13:09:26, 0] nmbd/asyncdns.c:start_async_dns(151) started asyncdns process 965 [2006/07/11 13:09:26, 0] lib/pidfile.c:pidfile_create(91) ERROR: nmbd is already running. File /usr/local/samba/var/locks/nmbd.pid exists and process id 758 is running. As for Vincent's question, yes I have 'wins support = yes' in my smb.conf and I have the address of the Samba server (WINS server) defined in my client's network control panel in the list of WINS servers. Vincent, I think you have a good point about the address of the WINS server that's showing up in the samba.log though. Why is the WINS server coming up as 127.0.0.1 instead of as its regular IP address? It seems to me that if Samba is taking the IP address of the WINS server to be 127.0.0.1 instead of its real IP address then that would explain my whole problem, because obviously the client is not going to be able to locate the WINS server then by its IP address. So the question I have is, how in the world do I get the Samba server to attach the real IP address, 128.253.175.155, to the WINS server instead of the localhost address? Is there some smb.conf configuration statement that does this that I am overlooking? Thanks a bunch, Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoSagainst smbd
On Tue, 11 Jul 2006, Gerald (Jerry) Carter wrote: Guillermo Gutierrez wrote: (Blond-moment question) I take it then, that this bug doesn't apply to version 3.0.23? Actually, you are the second person to ask me this. :-) I thought that since both the security and release announcement can from me, it would be obvious. The security bug announcement did say that versions up through 3.0.22 were affected, but there are two possible explanations for the appearance of that statement: 1. At the time the security announcement was written, 3.0.23 had been released and was known not to be affected by the security problem, and therefore wasn't included in the list of versions affected. 2. At the time the security announcement was written, 3.0.23 had not been released and wasn't included in the list of versions affected because 3.0.23 did not exist. In order to figure out which, the reader has to determine whether whoever wrote the security announcement knew that 3.0.23 existed. You posted both announcements to the list, but (a) that doesn't mean you wrote both of them (release announcements are usually written by the developer, but security advisories are often written up by some security team and then reposted all over the place), and (b) that doesn't mean, even if you wrote the security advisory, that it was written after 3.0.23 was released; maybe they were both written within 10 minutes of each other because that was when you had time to send out some e-mail messages. In practice, maybe an easy way to deal with this is to include in any security advisory two lists of versions: those known to be affected and those known not to be affected. (ISC does something like this with their security matrix for BIND.) - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot copy back profile
On Jul 11, 2006, at 08:44am, Jerry Westrick wrote: try these options on your workstations ;- ; do not roam the following folders [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion \Winlogon] ExcludeProfileDirs=Temporary Internet Files;History;Temp ;- ; Do not check for user ownership of Roaming Profile Folders [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 Thanks Jerry. That worked perfectly... but now I've got a _privacy_ issue: all users are able to read and write in each other's profiles. The problem is that currently, if a user testuser starts \\PDC, he finds two shares, the Printers/Faxes and himself, a share called testuser. If he selects this share, he finds *all* the user home directories, and can go into the profile folder and do whatever they want. To ensure that I have all the profiles belonging to smbadmin:Domain Users I use ``force user = smbadmin'' in the profile share section. Is there a way to avoid this behavior? Thanks! -- Sensei [EMAIL PROTECTED] The optimist thinks this is the best of all possible worlds. The pessimist fears it is true. [J. Robert Oppenheimer] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC With LDAP Backend, Failed to initialise SAM_ACCOUNT for user
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have seen this problem posted several times and the common answer doesn't seem to be doing it for me. Here's the error: Trying to load: ldapsam_compat:ldap://127.0.0.1/ Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ldapsam_compat:ldap://127.0.0.1/ (ldapsam_compat) Found pdb backend ldapsam_compat pdb backend ldapsam_compat:ldap://127.0.0.1/ has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init smbldap_search_ext: base = [dc=mktec,dc=com], filter = [((uid=Aries$)(objectclass=sambaAccount))], scope = [2] The connection to the LDAP server was closed smb_ldap_setup_connection: ldap://127.0.0.1/ smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as cn=admin,dc=mktec,dc=com ldap_connect_system: succesful connection to the LDAP server Failed to initialise SAM_ACCOUNT for user Aries$. Does this user exist in the UNIX password database ? Failed to modify password entry for user Aries$ ldap_connect_system: LDAP server does support paged results The LDAP server is succesfully connected ldapsam_getsampwnam: Unable to locate user [Aries$] count=0 Finding user Aries$ Trying _Get_Pwnam(), username as lowercase is aries$ Trying _Get_Pwnam(), username as given is Aries$ Trying _Get_Pwnam(), username as uppercase is ARIES$ Checking combinations of 0 uppercase letters in aries$ Get_Pwnam_internals didn't find user [Aries$]! Here is the configuration: - ---START CONFIGURATION--- [global] workgroup = mktec.com netbios name = MKTEC server string = %h server (Samba %v) wins support = yes dns proxy = yes name resolve order = wins lmhosts host bcast log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = ldapsam_compat:ldap://127.0.0.1/ obey pam restrictions = no invalid users = root ldap admin dn = cn=admin,dc=mktec,dc=com ldap suffix = dc=mktec,dc=com ldap group suffix= ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Users ldap idmap suffix = ou=Users ldap ssl = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u enable privileges = yes domain logons = yes domain master = yes preferred master = yes local master = yes load printers = no socket options = TCP_NODELAY [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes read only = yes write list writable = no share modes = no [profiles] comment = Users profiles path = /var/lib/samba/profiles read only = no guest ok = no browseable = no create mask = 0600 directory mask = 0700 - ---END CONFIGURATION--- I mapped the ldap machine suffix to ou=Users rather then ou=Computers because of previous message on the mailing list which suggested there was a bug in Samba3. It doesn't seem to work either way, as it results in the exact same error message. My LDAP directory layed out with the basic Users, Computers, Groups organizational units in existance. I am running on a Ubuntu Dapper server: samba 3.0.22-1 openldap (slapd) 2.2.26-5 Any input or help is greatly appreciated. Thanks, Zach -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEs+FgMyx0fW1d8G0RAmfwAJ0YSw/9CW+hJ0fvwbO/GozZsRN5ZQCfVCM/ MkuJjeCo+bjRZFXZM7TSUY0= =Eyju -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't contact domain
On Tue, 2006-07-11 at 13:27 -0400, Eric Evans wrote: Thanks Craig Vincent for your suggestions. It seems that there is definitely some kind of WINS problem but I still don't know exactly why the WINS serving is not working as it should. I should also mention that I'm occasionally getting error messages that say winbindd: idmap uid range missing or invalid and winbindd: cannot continue, exiting. at this point, you don't need winbindd on samba server command line...try smbclient -L pleiades -U Administrator This command returns the following: Domain=[PLAB] OS=[Unix] Server=[Samba 3.0.22] Sharename Type Comment - --- ADMIN$ IPC IPC Service (Samba 3.0.22) IPC$IPC IPC Service (Samba 3.0.22) scripts Disk ikalangaDisk berber Disk serbian Disk ling420 Disk netlogonDisk _defaultPrinter 128_1 Printer rootDisk Home directory of root Domain=[PLAB] OS=[Unix] Server=[Samba 3.0.22] Server Comment ---- PLEIADES Samba 3.0.22 WorkgroupMaster ---- PLAB PLEIADES and see what happens if you have problems, you might try deleting wins.dat and restarting samba services Yes, this seems like a good suggestion, but I tried this and I'm still having the problem with the client not recognizing the domain. lastly does nmbd.log reveal that pleiades is the master? It would seem so. Here is the most recent output from the log.nmbd (although I'm not so sure about what that last error message means): [2006/07/11 11:19:38, 2] nmbd/nmbd_browsesync.c:announce_local_master_browser_to_domain_master_browser(110) announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup PLAB. Do not announce to ourselves. [2006/07/11 11:19:38, 2] nmbd/nmbd_browsesync.c:sync_with_dmb(154) sync_with_dmb: Initiating sync with domain master browser PLEIADES20 at IP 128.253.175.155 for workgroup PLAB [2006/07/11 11:19:40, 2] nmbd/nmbd_become_dmb.c:become_domain_master_stage1(173) [2006/07/11 13:09:26, 0] nmbd/nmbd.c:main(727) Netbios nameserver version 3.0.22 started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/11 13:09:26, 0] nmbd/nmbd.c:main(746) standard input is not a socket, assuming -D option [2006/07/11 13:09:26, 2] nmbd/nmbd.c:main(751) Becoming a daemon. [2006/07/11 13:09:26, 0] nmbd/asyncdns.c:start_async_dns(151) started asyncdns process 965 [2006/07/11 13:09:26, 0] lib/pidfile.c:pidfile_create(91) ERROR: nmbd is already running. File /usr/local/samba/var/locks/nmbd.pid exists and process id 758 is running. As for Vincent's question, yes I have 'wins support = yes' in my smb.conf and I have the address of the Samba server (WINS server) defined in my client's network control panel in the list of WINS servers. Vincent, I think you have a good point about the address of the WINS server that's showing up in the samba.log though. Why is the WINS server coming up as 127.0.0.1 instead of as its regular IP address? It seems to me that if Samba is taking the IP address of the WINS server to be 127.0.0.1 instead of its real IP address then that would explain my whole problem, because obviously the client is not going to be able to locate the WINS server then by its IP address. So the question I have is, how in the world do I get the Samba server to attach the real IP address, 128.253.175.155, to the WINS server instead of the localhost address? Is there some smb.conf configuration statement that does this that I am overlooking? couldn't start nmbd because nmbd is already running...you probably need to fix that. I don't know about your smb.conf socket address = I don't ever use that. Myself, I would concentrate on hosts allow and possibly bind interfaces only commands if I had multiple ethernet interfaces instead but that's just me. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] {bugzilla,news}.samba.org are temporaily down
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, Just a heads up for everyone. We are aware of the problem and are continuing to work on resolving it. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEs+zZIR7qMdg1EfYRAj3hAJ9kcCQrJ2RLEYD/nY5Spg6CXUocWQCfcOCM XmyID38hqPN5IdVgzf5qbeE= =z1Gm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] {bugzilla,news}.samba.org are temporaily down
On 7/11/06, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: Folks, Just a heads up for everyone. We are aware of the problem and are continuing to work on resolving it. {wiki,people,project}.samba.org are also affected. Cheers, deryck -- Deryck Hodgehttp://www.devurandom.org/ Samba Teamhttp://www.samba.org/ To begin... To begin... How to start? I'm hungry. I should get coffee. Coffee would help me think. --Charlie Kaufman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Fwd: NDN: [Samba] Samba PDC With LDAP Backend, Failed to initialise SAM_ACCOUNT for us]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I got this error when kicking out my first response. I don't know if I should ignore this, or if this is an issue that is affected by the samba.org sites being down... but just in case.. Zach - Original Message Subject:NDN: [Samba] Samba PDC With LDAP Backend, Failed to initialise SAM_ACCOUNT for us Date: Tue, 11 Jul 2006 12:54:51 -0500 From: Gateway To: zdennis [EMAIL PROTECTED] Sorry. Your message could not be delivered to: samba,Arkansas Urology (The name was not found at the remote site. Check that the name has been entered correctly.) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEs/LHMyx0fW1d8G0RAumEAJ9qGddObh6z6ijY3Qc1ZKVwONz6dACeO5Hu KCYRXcczYOHQ8jDiEpFBRTM= =mHCb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't contact domain, problem fixed (?)
couldn't start nmbd because nmbd is already running...you probably need to fix that. Yes I'm not sure where that's coming from but I should fix that. I don't know about your smb.conf socket address = I don't ever use that. Looking back over my smb.conf, I'm not sure why I put that in there back when I first set up Samba for our lab. Maybe at the time I thought it was a desirable option for some reason, but from what I read in the documentation now it seems that this option is only useful for multi-homed machines, which we don't have. Well I finally got the thing to work! At least on the one client that I've tried it on so far. What I did was to delete the socket address command from the smb.conf, and add 'wins server = 128.152.175.155'. Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Registering Samba server in a MS DNS
Interesting! Looking forward to the implementation. Is there anyway to accomplish this in the meantime? E.g using nsupdate or similar? (I've tried nsupdate but never got it to work with a Windows DNS. I believe its an authentication problem) Cheers, Henrik 11 jul 2006 kl. 19:01 skrev Gerald (Jerry) Carter: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henrik Zagerholm wrote: Hi list, I'm not sure if this is the right place to ask this question but I guess someone has probably don this before. I wonder how I can easily register my samba box's in my Windows DNS? It is quite easy to register with WINS but how do I register it to the DNS? One of our devs at Centeris has code for performing secure, dynamic DNS registration during domain join that will be going into Samba 3.0.24. I'm currently working on integrating it into the SAMBA_3_0 tree. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEs9laIR7qMdg1EfYRAupPAJ9FM/D57FtGgpvjLBoSs8JQ0oDW/gCgmcv0 02ibWJPWFPjLyHJ5poFRNk4= =1IZC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Registering Samba server in a MS DNS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henrik Zagerholm wrote: Interesting! Looking forward to the implementation. Is there anyway to accomplish this in the meantime? E.g using nsupdate or similar? (I've tried nsupdate but never got it to work with a Windows DNS. I believe its an authentication problem) There's a Perl script Tridge wrote at one point. Not sure if this is the latest code or not. http://www.samba.org/samba/ftp/tsig-gss/ cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEs/fSIR7qMdg1EfYRArpdAJ9H56/JmUguaavxFK4DUACwEpIv2gCg0ivg ydDRGU6c2O7+KXcSPTvpZkk= =HmLl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How do I troubleshoot this panic?
I tried ext3 on another server... a fresh install of SUSE Linux 10.1. Another panic. Here are the details... === [2006/07/11 15:33:03, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 6 in pid 3586 (3.0.22-11-SUSE-CODE10) Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/07/11 15:33:03, 0] lib/fault.c:fault_report(39) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2006/07/11 15:33:03, 0] lib/fault.c:fault_report(40) === [2006/07/11 15:33:03, 0] lib/util.c:smb_panic2(1554) PANIC: internal error [2006/07/11 15:33:03, 0] lib/util.c:smb_panic2(1562) BACKTRACE: 26 stack frames: #0 /usr/sbin/winbindd(smb_panic2+0x8a) [0x800b699a] #1 /usr/sbin/winbindd(smb_panic+0x19) [0x800b6bf9] #2 /usr/sbin/winbindd [0x800a0f52] #3 [0xe420] #4 /lib/libc.so.6(abort+0x103) [0xb7ca2ea3] #5 /lib/libc.so.6 [0xb7cd6f8b] #6 /lib/libc.so.6(__chk_fail+0x41) [0xb7d48b31] #7 /lib/libc.so.6 [0xb7d48533] #8 /lib/libc.so.6(__snprintf_chk+0x37) [0xb7d48417] #9 /usr/sbin/winbindd [0x8004163a] #10 /usr/sbin/winbindd(tdb_traverse+0xf0) [0x800cdc90] #11 /usr/sbin/winbindd(wcache_flush_cache+0xc0) [0x8003e220] #12 /usr/sbin/winbindd [0x8003e43b] #13 /usr/sbin/winbindd [0x80042eff] #14 /usr/sbin/winbindd [0x80058dc5] #15 /usr/sbin/winbindd(run_events+0x6d) [0x800d15fd] #16 /usr/sbin/winbindd [0x80057f90] #17 /usr/sbin/winbindd(async_domain_request+0x58) [0x80059788] #18 /usr/sbin/winbindd(do_async_domain+0xb0) [0x8005cfe0] #19 /usr/sbin/winbindd(winbindd_lookupname_async+0xe6) [0x8005de76] #20 /usr/sbin/winbindd(winbindd_getpwnam+0x2ad) [0x80035d7d] #21 /usr/sbin/winbindd [0x80032327] #22 /usr/sbin/winbindd [0x80033ab8] #23 /usr/sbin/winbindd(main+0x830) [0x80032dc0] #24 /lib/libc.so.6(__libc_start_main+0xdc) [0xb7c8e87c] #25 /usr/sbin/winbindd [0x80031541] -Original Message- From: Volker Lendecke [mailto:[EMAIL PROTECTED] On Behalf Of Volker Lendecke Sent: Friday, July 07, 2006 10:22 AM To: Trimble, Ronald D Cc: Gerald (Jerry) Carter; samba@lists.samba.org Subject: Re: [Samba] How do I troubleshoot this panic? On Fri, Jul 07, 2006 at 10:17:13AM -0400, Trimble, Ronald D wrote: ReiserFS is a problem? It's the default. I would imagine you would be seeing tons of complaints if it was due to the fs, don't you agree? Just try ext3. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How do I troubleshoot this panic?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Trimble, Ronald D wrote: I tried ext3 on another server... a fresh install of SUSE Linux 10.1. Another panic. Here are the details... This has got to be the static group list bug. Do you have users in more that say 20 - 25 groups in AD ? Could you try the 3.0.23 SuSE rpms on samba.org ? Thanks. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEtACnIR7qMdg1EfYRAr1YAKDzQI0fSdNe6Hffv7RZSPQSRpZOrACeLDN5 bjddzQCN/5YcP4SrUmwgm6g= =rn0N -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How do I troubleshoot this panic?
We most certainly have users with more than 20 to 25 AD groups. I will give the latest release a try. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 11, 2006 3:49 PM To: Trimble, Ronald D Cc: [EMAIL PROTECTED]; samba@lists.samba.org Subject: Re: [Samba] How do I troubleshoot this panic? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Trimble, Ronald D wrote: I tried ext3 on another server... a fresh install of SUSE Linux 10.1. Another panic. Here are the details... This has got to be the static group list bug. Do you have users in more that say 20 - 25 groups in AD ? Could you try the 3.0.23 SuSE rpms on samba.org ? Thanks. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEtACnIR7qMdg1EfYRAr1YAKDzQI0fSdNe6Hffv7RZSPQSRpZOrACeLDN5 bjddzQCN/5YcP4SrUmwgm6g= =rn0N -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] known problems with Debian 3.0.14a-3sarge1 ?
Hi, are there any known problems with Debian's Samba version 3.0.14a-3sarge1 ? I read about client/server connection problems. Are there any reasons, why not to use 3.0.14a-3sarge1 version or should I go to Version 3.0.22-0bpo1 from backports.org? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Fwd: NDN: [Samba] Samba PDC With LDAP Backend, Failed to initialise SAM_ACCOUNT for us]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 zdennis wrote: I got this error when kicking out my first response. I don't know if I should ignore this, or if this is an issue that is affected by the samba.org sites being down... but just in case.. It was a bad subscription and has been removed from the list. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEtATxIR7qMdg1EfYRAia9AJ9H0UfLZO1NvrBxJb9nIQCyUMXDJgCfXV7J w1JtngfUQOoGIRQ9OYvMRKY= =ugm4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] known problems with Debian 3.0.14a-3sarge1 ?
Marcus Sobchak wrote: Hi, are there any known problems with Debian's Samba version 3.0.14a-3sarge1 ? I read about client/server connection problems. Are there any reasons, why not to use 3.0.14a-3sarge1 version or should I go to Version 3.0.22-0bpo1 from backports.org? Thanks, Marcus As a Debian user, I recommend sticking with Debian version unless you have a reason to switch. The Debian package gets security updates and bug fixes from the security team. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba and roaming profile
Another method is the use of hide files in either global or you profile share. hide files = /desktop.ini/ Steve A skrev: In the roaming profile, delete the file: Start Menu\Programs\Startup\desktop.ini Steve :) -- Venlig Hilsen (Best Regards) Rune Tønnesen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot copy back profile
Thanks Jerry. That worked perfectly... but now I've got a _privacy_ issue: all users are able to read and write in each other's profiles. The problem is that currently, if a user testuser starts \\PDC, he finds two shares, the Printers/Faxes and himself, a share called testuser. If he selects this share, he finds *all* the user home directories, and can go into the profile folder and do whatever they want. To ensure that I have all the profiles belonging to smbadmin:Domain Users I use ``force user = smbadmin'' in the profile share section. Is there a way to avoid this behavior? Thanks! -- Sensei [EMAIL PROTECTED] The optimist thinks this is the best of all possible worlds. The pessimist fears it is true. [J. Robert Oppenheimer] --To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba First of all do you have a separate profile share? If not then make one. This way each user will have a separate folder for his/her profile that only he/her has access to. i.e. [global] logon path = \\%logonserver%\profiles\%U [profiles] create mode = 0600 directory mode = 0700 path = /home/samba/profiles/ profile acls = yes read only = no writable = yes if you have a profile share, then please check ownership to see hos access to what. -- Venlig Hilsen (Best Regards) Rune Tønnesen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC With LDAP Backend, Failed to initialise SAM_ACCOUNT for user
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Since I am using an LDAP backend, should I restrict myself from using the smbpasswd and like commands? I can add my machine account using smbldap-* utilities. Zach zdennis wrote: I have seen this problem posted several times and the common answer doesn't seem to be doing it for me. Here's the error: Trying to load: ldapsam_compat:ldap://127.0.0.1/ Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ldapsam_compat:ldap://127.0.0.1/ (ldapsam_compat) Found pdb backend ldapsam_compat pdb backend ldapsam_compat:ldap://127.0.0.1/ has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init smbldap_search_ext: base = [dc=mktec,dc=com], filter = [((uid=Aries$)(objectclass=sambaAccount))], scope = [2] The connection to the LDAP server was closed smb_ldap_setup_connection: ldap://127.0.0.1/ smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as cn=admin,dc=mktec,dc=com ldap_connect_system: succesful connection to the LDAP server Failed to initialise SAM_ACCOUNT for user Aries$. Does this user exist in the UNIX password database ? Failed to modify password entry for user Aries$ ldap_connect_system: LDAP server does support paged results The LDAP server is succesfully connected ldapsam_getsampwnam: Unable to locate user [Aries$] count=0 Finding user Aries$ Trying _Get_Pwnam(), username as lowercase is aries$ Trying _Get_Pwnam(), username as given is Aries$ Trying _Get_Pwnam(), username as uppercase is ARIES$ Checking combinations of 0 uppercase letters in aries$ Get_Pwnam_internals didn't find user [Aries$]! Here is the configuration: ---START CONFIGURATION--- [global] workgroup = mktec.com netbios name = MKTEC server string = %h server (Samba %v) wins support = yes dns proxy = yes name resolve order = wins lmhosts host bcast log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = ldapsam_compat:ldap://127.0.0.1/ obey pam restrictions = no invalid users = root ldap admin dn = cn=admin,dc=mktec,dc=com ldap suffix = dc=mktec,dc=com ldap group suffix= ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Users ldap idmap suffix = ou=Users ldap ssl = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u enable privileges = yes domain logons = yes domain master = yes preferred master = yes local master = yes load printers = no socket options = TCP_NODELAY [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes read only = yes write list writable = no share modes = no [profiles] comment = Users profiles path = /var/lib/samba/profiles read only = no guest ok = no browseable = no create mask = 0600 directory mask = 0700 ---END CONFIGURATION--- I mapped the ldap machine suffix to ou=Users rather then ou=Computers because of previous message on the mailing list which suggested there was a bug in Samba3. It doesn't seem to work either way, as it results in the exact same error message. My LDAP directory layed out with the basic Users, Computers, Groups organizational units in existance. I am running on a Ubuntu Dapper server: samba 3.0.22-1 openldap (slapd) 2.2.26-5 Any input or help is greatly appreciated. Thanks, Zach -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird -
Re: [Samba] Samba 3.0.23 trusts 2003 AD Domain
Beschorner Daniel wrote: Can anyone confirm that SID - name lookup with a trusted domain is broken? Works fine for a Samba DC trusted Windows 2003 AD: Jerry, thank you for checking this! But we don't use winbindd, so I don't even got the wbinfo command. I simply add an ACL entry from the trusted domain to a harddisk file per security tab. When I open the dialog window again I just see the SID of the foreign user. The level 10 log simply says not mapped, I can see no effords to lookup the SID through the foreign DC. Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] known problems with Debian 3.0.14a-3sarge1 ?
Am Dienstag, den 11.07.2006, 16:24 -0400 schrieb Gary Dale: Marcus Sobchak wrote: Hi, are there any known problems with Debian's Samba version 3.0.14a-3sarge1 ? I read about client/server connection problems. Are there any reasons, why not to use 3.0.14a-3sarge1 version or should I go to Version 3.0.22-0bpo1 from backports.org? As a Debian user, I recommend sticking with Debian version unless you have a reason to switch. The Debian package gets security updates and bug fixes from the security team. I agree with you! But security fixes don't help if you run in trouble with 200 Users, because they have problems connectiong to the file server. If no problems are known, I will use Debian's current stable version, no doubt. But if there are problems with the 3.0.14a version it might be better to build an own backport or use the backports.org version. Ciao, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] known problems with Debian 3.0.14a-3sarge1 ?
On Tue, 2006-07-11 at 23:31 +0200, Marcus Sobchak wrote: Am Dienstag, den 11.07.2006, 16:24 -0400 schrieb Gary Dale: Marcus Sobchak wrote: Hi, are there any known problems with Debian's Samba version 3.0.14a-3sarge1 ? I read about client/server connection problems. Are there any reasons, why not to use 3.0.14a-3sarge1 version or should I go to Version 3.0.22-0bpo1 from backports.org? As a Debian user, I recommend sticking with Debian version unless you have a reason to switch. The Debian package gets security updates and bug fixes from the security team. I agree with you! But security fixes don't help if you run in trouble with 200 Users, because they have problems connectiong to the file server. If no problems are known, I will use Debian's current stable version, no doubt. But if there are problems with the 3.0.14a version it might be better to build an own backport or use the backports.org version. 3.0.14 was a great release but it is aging, you may want to give a shot at samba.org provided debian stable targeted packages. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] {bugzilla,wiki,people,projects,news}.samba.org back up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FYI Everything is back up and functioning now. Thanks to Scott at JumpDomain (http://jumpdomain.com/) for doing the hardware swap (and donating the bandwidth). cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEtB6/IR7qMdg1EfYRAjWnAJ0TNmteG/p6TsxvfDzH8KfCzWaPvwCfazeB 0hFnwyD88moqh5nFNQ355uA= =6+z6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SambaSID
I currently have in my slapd.conf: index sambaSID eq the release notes for 3.0.23 say I need index sambaSID sub can I use index sambaSID eq,sub TIA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SambaSID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Cauble wrote: I currently have in my slapd.conf: index sambaSID eq the release notes for 3.0.23 say I need index sambaSID sub can I use index sambaSID eq,sub Yes. Make sure you install the new schema and run slapindex as well. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEtCMNIR7qMdg1EfYRAhYRAJ4+eikFFrZijcusvhQ+lCOpnrWXBQCfT4Xu CmjnRLIn7ppMbiHW9YxbIjk= =Dvya -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joining Windows XP Prof Client To Domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have my PDC up, but I cannot join any windows clients to it. I get prompted for the username/password to join the domain with but everything that is returned is a bad username/password. I created an administrator user who should be the equivalent of the windows domain admin, but perhaps I am wrong. I set the sambaPrimaryGroupSID to S-1-5-21-3040749549-2843134544-1782940832-500 where everything but the -500 is my domains sid as returned by net getlocalsid Here is the entry for my administrator: # administrator, Users, mktec.com dn: uid=administrator,ou=Users,dc=mktec,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: administrator sn: administrator givenName: administrator uid: administrator uidNumber: 500 gidNumber: 512 homeDirectory: /home/administrator loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: System User sambaSID: S-1-5-21-3040749549-2843134544-1782940832-2000 sambaLogonScript: logon.bat sambaProfilePath: \\users.mktec.com\profiles\administrator sambaHomePath: \\users.mktec.com\administrator sambaHomeDrive: H: sambaAcctFlags: [U] sambaPwdLastSet: 1152654539 sambaPwdMustChange: 1156542539 sambaPrimaryGroupSID: S-1-5-21-3040749549-2843134544-1782940832-500 I am trying to follow the instructions in Chapter 6 that state: When the user elects to make the client a domain member, Windows 200x prompts for an account and password that has privileges to create machine accounts in the domain. A Samba administrator account (i.e., a Samba account that has root privileges on the Samba server) must be entered here; the operation will fail if an ordinary user account is given. Perhaps I have misunderstood them? Zach -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEtCU1Myx0fW1d8G0RAuxKAJ9rLcmxyvgn8mz8l8MtG1OicezsbACeM6vU OuHSK1G27WGtnlzbbInEJ60= =0Tdt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Registering Samba server in a MS DNS
On Tue, 2006-07-11 at 12:01 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henrik Zagerholm wrote: Hi list, I'm not sure if this is the right place to ask this question but I guess someone has probably don this before. I wonder how I can easily register my samba box's in my Windows DNS? It is quite easy to register with WINS but how do I register it to the DNS? One of our devs at Centeris has code for performing secure, dynamic DNS registration during domain join that will be going into Samba 3.0.24. I'm currently working on integrating it into the SAMBA_3_0 tree. Doesn't it need to be in the DHCP scripts, rather than the join, to ensure it's done right? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Registering Samba server in a MS DNS
On Wed, 2006-07-12 at 09:13 +1000, Andrew Bartlett wrote: On Tue, 2006-07-11 at 12:01 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henrik Zagerholm wrote: Hi list, I'm not sure if this is the right place to ask this question but I guess someone has probably don this before. I wonder how I can easily register my samba box's in my Windows DNS? It is quite easy to register with WINS but how do I register it to the DNS? One of our devs at Centeris has code for performing secure, dynamic DNS registration during domain join that will be going into Samba 3.0.24. I'm currently working on integrating it into the SAMBA_3_0 tree. Doesn't it need to be in the DHCP scripts, rather than the join, to ensure it's done right? Usually servers have a fixed IP address, they don't use DHCP. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon path/drive/home question in mixed 9x/XP network
As far as I understand it, in a 9x/XP mixed network using roaming profiles, I have to specify: logon home (for the 9x profiles) logon path (for the NT/2000/XP profiles) logon drive (for the NT machines) The upshot of this is that a network drive is automatically mapped on all platforms, eg. on XP where it's not needed. Is this just the way it works... or is there a recommended way of dealing with a mixed network? Thanks, Steve :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Registering Samba server in a MS DNS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Bartlett wrote: One of our devs at Centeris has code for performing secure, dynamic DNS registration during domain join that will be going into Samba 3.0.24. I'm currently working on integrating it into the SAMBA_3_0 tree. Doesn't it need to be in the DHCP scripts, rather than the join, to ensure it's done right? It needs to be hooked in multiple places. Wait until the code is ready. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEtD27IR7qMdg1EfYRAjlGAKDEG/vvAl/3+AvWQhw+QjXPkkHYAgCdEsMK fUBGTtLrnu2n3c9EyEVSFX8= =U8Pi -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Registering Samba server in a MS DNS
On Tue, 2006-07-11 at 19:09 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Bartlett wrote: One of our devs at Centeris has code for performing secure, dynamic DNS registration during domain join that will be going into Samba 3.0.24. I'm currently working on integrating it into the SAMBA_3_0 tree. Doesn't it need to be in the DHCP scripts, rather than the join, to ensure it's done right? It needs to be hooked in multiple places. Wait until the code is ready. I look forward to it. This is something that has been missing for too long, and I'm just really glad to see someone finally picking it up. And at some point, I'll need to look at the server-side of this puzzle... Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] System Policy Editor not running on XP
This Samba Wiki entry: http://wiki.samba.org/index.php/Implementing_System_Policies_with_Samba ... says how to use the MS System Policy Editor, and implies it runs on XP. When I run adminpak.msi (extracted from Windows 2000 SP4) it says it wil l not run on this version of Windows, and if you continue to install you get a System File Protection error. Is this just the way things are now, or have I missed something? If it's the way things are, how does one apply system policies? Thanks, Steve :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't contact domain, problem fixed (?)
On Tue, 2006-07-11 at 14:43 -0400, Eric Evans wrote: couldn't start nmbd because nmbd is already running...you probably need to fix that. Yes I'm not sure where that's coming from but I should fix that. I don't know about your smb.conf socket address = I don't ever use that. Looking back over my smb.conf, I'm not sure why I put that in there back when I first set up Samba for our lab. Maybe at the time I thought it was a desirable option for some reason, but from what I read in the documentation now it seems that this option is only useful for multi-homed machines, which we don't have. Well I finally got the thing to work! At least on the one client that I've tried it on so far. What I did was to delete the socket address command from the smb.conf, and add 'wins server = 128.152.175.155'. It's so clear in black and white in the documentation - why do you continue to fail to read the documentation... This line must not be set in the smb.conf file of the Samba server acting as the WINS server itself. If you set both the wins support = yes option and the wins server = name option then nmbd will fail to start. http://samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2554593 is this a Cornell thing? Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Joining Windows XP Prof Client To Domain
zdennis [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have my PDC up, but I cannot join any windows clients to it. I get prompted for the username/password to join the domain with but everything that is returned is a bad username/password. Type the following two commands and let me know if you see entries from the ldap directory. The first command should show the users from the /etc/passwd and then the users from the ldap directory. The second should show the groups from the /etc/group and then the groups from the ldap directory. getent passwd getent group -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't save 0 size file in samba 2.0.7
Thanks for your answers. First question,if I creat one new NULL txt file in samba share folder whose filesystem is FAT,and I open the file in notepad in windows,type some characters,and save the file,but error says refuse to access.and if the txt file has content,even if one character,there is no the problem. Can you do this via the command line (without Samba)? It could be a filesystem issue, and Samba is just passing along the error. Yes,I can touch one file and edit it by vi in linux even with samba,but in windows I can't edit the NULL txt file and save it. and I used samba 2.2.8a before, the error didn't exit,but samba 2.2.8a has one big bug for me:If I put one big file( 500M),there is erroe The specified network name is no longer available ,so I just use 2.0.7 now. BTW: My work is to port samba into one embeded linux,so I can only use old version samba, but this error exit in both embeded linux and FC4. Second question,if I have changed the smb.conf,for example,I deleted one share folder for user1,but if user1 had opened the share,then he can use the share folder yet unless I kill the smbd process. From the manpage: Reloading the configuration file will not affect connections to any service that is already established. Either the user will have to disconnect from the service, or smbd killed and restarted. Now I use samba 2.0.7 for my file server Samba 2.0.7 is pretty old, you should probably consider upgrading, it might fix a few of these problems. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windows 98 logon script
Hi all, Hope some could help me out with my problem. The following is part of my smb.conf. logon drive = Q: logon path = \\%L\profiles\%U logon home = \\%L\%U logon script = scripts/%g.bat I have a groupname.bat file for each group and that basically maps each users home directory and a common directory of that group. Bellow is a script for group ma and name of the script is ma.bat. net use q: /home net use r: \\server1\ma For windows 2000 and XP clients, the drives 'q' and 'r' gets mapped and can access through my Computer. Windows98 clients says bad command or file name when it executes the same batch file when system starts up and the drives does not get mapped. But if run a batch file with the same content (as mentioned above) after a 98 client is up, the drives gets mapped. Could someone tell me, is there a way with which I can make the windows98 clients run the logon script when the system connetcs the samba PDC, instead of running net use commands or a batch file that contains a net use commands after the windows 98 system is up. Vinayan K P -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC With LDAP Backend, Failed to initialise SAM_ACCOUNT for user
Greating Zach, Samba 3 with LDAP backend work perfectly without problem (For Windows and Linux client). But be sure that your configuration are OK. With the log, I can suppose that you can’t reach your LDAP directory entry and the Aries computer don’t exist in the LDAP directory. Here some input. First, make some modifications to your smb.conf. [global] # Change the next line, you can’t possess .com. workgroup = mktec netbios name = MKTEC server string = %h server (Samba %v) wins support = yes # Did your Samba is a DNS proxy?? Remove it. ; dns proxy = yes # Not usefull. The default value is ok. ; name resolve order = wins lmhosts host bcast log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 security = user encrypt passwords = true # Change the next line like this, you don’t want to use Samba2. passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=admin,dc=mktec,dc=com ldap suffix = dc=mktec,dc=com # The following lines are not necessary. You will specify these entries in the # /etc/openldap/ldap.conf. ; ldap group suffix= ou=Groups ; ldap user suffix = ou=Users ; ldap machine suffix = ou=Users ; ldap idmap suffix = ou=Users # Don’t need to specify, it’s by default. ; ldap ssl = no # Here you using idealix scripts I can’t help you. I think using phpLDAPAdmin is better…but it’s only a opinion. # # passwd program = /usr/sbin/smbldap-passwd %u passwd chat = New*password** %n\n Retype*new*password** %n\n all*authentication*tokens*updated** add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u enable privileges = yes # domain logons = yes domain master = yes preferred master = yes local master = yes # Add this line to be sure that your server was DMB and LMB. os level = 65 # Very necessary to be specified? ; load printers = no socket options = TCP_NODELAY [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon # Just use. browseable = no read only = yes ; guest ok = yes ; read only = yes # The next line have incomplete syntax. ; write list ; writable = no ; share modes = no [profiles] comment = Users profiles path = /var/lib/samba/profiles read only = no # Not realy necessairy if you don’t use roaming profile. ; guest ok = no ; browseable = no ; create mask = 0600 ; directory mask = 0700 After that, be sure that you have done this command. Samba need it to access LDAP. It’s the cn=admin,dc=mktec,dc=com password. smbpasswd -w password Also check that the ldap.conf in /etc/openldap/ldap.conf is OK. He must be like that. BASE dc= mktec,dc=com URI ldap://127.0.0.1 rootbinddn cn=admin,dc=mktec,dc=com scope one ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid pam_password exop #Base parameters. nss_base_passwd dc=mktec,dc=com nss_base_shadow dc=mktec,dc=com # Advanced parameters. nss_base_passwd ou=Users,dc=mktec,dc=com?sub nss_base_shadow ou=Users,dc=mktec,dc=com?sub nss_base_group ou=Groups,dc=mktec,dc=com?sub # Why don’t use Computers in your DIT? # nss_base_hosts ou=Computers,dc=mktec,dc=com nss_base_hosts ou=Users,dc=mktec,dc=com Did your Samba server can ping yourservername.mkteck.com? If not, ajust your resolv.conf (if you use BIND) or/and add the map in the hosts file. And at last, be sure the mktec.com, the computer Aries$ and cn=admin,dc=mktec,dc=com exist in LDAP directory. Hope that can help! Robert -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have seen this problem posted several times and the common answer doesn't seem to be doing it for me. Here's the error: Trying to load: ldapsam_compat:ldap://127.0.0.1/ Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ldapsam_compat:ldap://127.0.0.1/
Re: [Samba] corrupt files on samba server
Rashkae schrieb: Can you define corrupt? If you copy your folder to the server, then copy back from the server to the workstation, do you still have problems with those files? Does the file size change? (are they receiving more or fewer bytes?),, did you try to compare MD5 Sums? If the files really are becomming corrupt somehow, did you check Dmesg on your server to make sure you aren't having serious hardware problems on that end? Hi and thank you for your answer, with coruppt I mean that there aren't any missing bytes. I saw some BMP files which look like you have taken the original photo-image (tho photo came out of an microscope. we are working with a lot of images of plants and genes) and cut it into litle peaces. Than you take this peaces and put them randomly together. I don't know how to describe it better. My english is not that good. Other photos in the same folder are ok. And we got the problem on two different systems, using thair own storage device. I mean they don't share the same drive or something like this. It doesn't matter if we copy the files from the server to a workstation and back or if we copie the files from a workstation to the server and back. We don't compare the md5 checksumes. We cheked our switches to make shure there is nothing wrong with our network installation. And there are no hardware errors because we are having the problem on two different machines. I hope that information can help you. greetings Julian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and NAT and WAN
Hi, I have a question about Samba/NAT/WAN environment. Here is the network. Samba server -- Internet --- NAT'd router -- Windows PC * Can Windows PC map the Samba server as a network drive even if it resides behind NAT? I heard Samba is a bandwidth hog and it is insecure to open to the Internet. * Is there any secure way to use Samba through the Internet without using VPN? * Is Samba inefficient in WAN connection? Then, could you explain why? Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Browsing Problems (Samba 2.2.3a-1 for Debian)
Hi, just wondering if you ever sorted out your problems with the browse list disappearing after 5-10 minutes. My home network is displaying the exact same symptoms i.e samba server always visible with windows clients dissappearing later not to return until ipconfig /release ipconfig/renew or restart of smdb. Any help would be appreciated -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] DHCP and browsing problem
Hi did you ever sort this problem out ? im having the exact same issues at home -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoSagainst smbd
Hello, We were experiencing this problem with samba 3.0.22, after upgrading to 3.0.23 the bug was gone (at least, until now...) Guillermo Gutierrez escreveu: (Blond-moment question) I take it then, that this bug doesn't apply to version 3.0.23? - Guillermo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerald (Jerry) Carter Sent: Monday, July 10, 2006 1:21 PM To: [EMAIL PROTECTED] Subject: [Samba] [SECURITY] Samba 3.0.1 - 3.0.22: memory exhaustion DoSagainst smbd -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == == == Subject: Memory exhaustion DoS against smbd == CVE ID#: CAN-2006-1059 == == Versions:Samba Samba 3.0.1 - 3.0.22 (inclusive) == == Summary: smbd may allow internal structures == maintaining state for share connections == to grow unbounded. == == === Description === The smbd daemon maintains internal data structures used track active connections to file and printer shares. In certain circumstances an attacker may be able to continually increase the memory usage of an smbd process by issuing a large number of share connection requests. This defect affects all Samba configurations. == Patch Availability == A patch for Samba 3.0.1 - 3.0.22 has been posted at http://www.samba.org/samba/security/. Guidelines for securing Samba hosts are listed at http://www.samba.org/docs/server_security.html === Credits === This security issue discovered during an internal security audit of the Samba source code by the Samba Team. == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEsraWIR7qMdg1EfYRAgGgAJwKuXUvw0lOs3fkNwR4qJ65fZMOrACgtuTS M65Y4TJbTWo46oSFuHc4LXE= =CZLB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- ___ Atenciosamente, Daniel Felipe Martin GetNet - Tecnologia em Captura e Processamento de Transações Infra-estrutura Fone: +55 (51) 3598-9800 Fax: +55 (51) 3598-9801Ramal 2301 __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] closewait socket state
I have a probleme with my samba server. I have a lot of closewait socket state causing the load average to increase. Samba generate some errors logs but I don't know the signification of Signal 7 in pid xxx. For information, I am running a samba 3.0.10-1.4E.2 under a kernel Linux version 2.6.9-22 with a RHEL 3.4.4-2. Here is the log file (/var/log/messages) : -- Jul 11 13:56:33 linuxd smbd[8481]: yield_connection: tdb_delete for name J failed with error Record does not exist. Jul 11 13:56:33 linuxd smbd[27341]: [2006/07/11 13:56:33, 0] lib/util_sock.c:write_socket_data(430) Jul 11 13:56:33 linuxd smbd[19620]: [2006/07/11 13:56:33, 0] smbd/connection.c:yield_connection(76) Jul 11 13:56:33 linuxd smbd[27341]: write_socket_data: write failure. Error = Broken pipe Jul 11 13:56:33 linuxd smbd[8408]: [2006/07/11 13:56:33, 0] lib/util_sock.c:write_socket_data(430) Jul 11 13:56:33 linuxd smbd[27341]: [2006/07/11 13:56:33, 0] smbd/connection.c:yield_connection(76) Jul 11 13:56:33 linuxd smbd[8489]: [2006/07/11 13:56:33, 0] smbd/connection.c:yield_connection(76) [...] 1 13:56:33 linuxd smbd[17231]: write_socket_data: write failure. Error = Broken pipe Jul 11 13:56:33 linuxd smbd[16632]: write_socket_data: write failure. Error = Broken pipe Jul 11 13:56:33 linuxd smbd[8410]: write_socket_data: write failure. Error = Broken pipe Jul 11 13:56:33 linuxd smbd[2542]: oplock_break: end of file from client Jul 11 13:56:33 linuxd smbd[13744]: write_socket_data: write failure. Error = Broken pipe Jul 11 13:56:33 linuxd smbd[27841]: write_socket_data: write failure. Error = Connection reset by peer Jul 11 13:56:33 linuxd smbd[8484]: write_socket_data: write failure. Error = Broken pipe [...] ul 11 13:56:37 linuxd smbd[9455]: Error writing 134 bytes to client. -1. (Broken pipe) Jul 11 13:56:37 linuxd smbd[8980]: Error writing 58 bytes to client. -1. (Broken pipe) Jul 11 13:56:37 linuxd smbd[8963]: Error writing 58 bytes to client. -1. (Broken pipe) Jul 11 13:56:37 linuxd smbd[14781]: [2006/07/11 13:56:37, 0] lib/fault.c:fault_report(39) Jul 11 13:56:37 linuxd smbd[10470]: Error writing 58 bytes to client. -1. (Broken pipe) Jul 11 13:56:37 linuxd smbd[8706]: Error writing 134 bytes to client. -1. (Broken pipe) Jul 11 13:56:37 linuxd smbd[9066]: Error writing 134 bytes to client. -1. (Broken pipe) Jul 11 13:56:37 linuxd smbd[9450]: Error writing 134 bytes to client. -1. (Broken pipe) Jul 11 13:56:37 linuxd smbd[8715]: Error writing 134 bytes to client. -1. (Broken pipe) [...] Jul 11 13:56:37 linuxd smbd[14781]: BACKTRACE: 16 stack frames: Jul 11 13:56:37 linuxd smbd[9074]: BACKTRACE: 20 stack frames: Jul 11 13:56:37 linuxd smbd[16632]: yield_connection: tdb_delete for name H failed with error Record does not exist. Jul 11 13:56:37 linuxd smbd[14781]:#0 smbd(smb_panic2+0x8a) [0xe9fe90] Jul 11 13:56:37 linuxd smbd[9074]:#0 smbd(smb_panic2+0x8a) [0xe9fe90] Jul 11 13:56:37 linuxd smbd[14781]:#1 smbd(smb_panic+0x19) [0xea00bc] Jul 11 13:56:37 linuxd smbd[9074]:#1 smbd(smb_panic+0x19) [0xea00bc] Jul 11 13:56:37 linuxd smbd[14781]:#2 smbd [0xe8c80f] Jul 11 13:56:37 linuxd smbd[9074]:#2 smbd [0xe8c80f] Jul 11 13:56:37 linuxd smbd[14781]:#3 /lib/tls/libc.so.6 [0x3f38c8] Jul 11 13:56:37 linuxd smbd[9074]:#3 /lib/tls/libc.so.6 [0x3f38c8] Jul 11 13:56:37 linuxd smbd[14781]:#4 smbd [0xeb393d] Jul 11 13:56:37 linuxd smbd[9074]:#4 smbd [0xeb393d] Jul 11 13:56:37 linuxd smbd[14781]:#5 smbd [0xeb3f2e] Jul 11 13:56:37 linuxd smbd[9074]:#5 smbd [0xeb3f2e] Jul 11 13:56:37 linuxd smbd[14781]:#6 smbd(tdb_store+0x137) [0xeb5056] Jul 11 13:56:37 linuxd smbd[9074]:#6 smbd(tdb_store+0x137) [0xeb5056] Jul 11 13:56:37 linuxd smbd[14781]:#7 smbd(set_share_mode+0x1d3) [0xe5cd19] Jul 11 13:56:37 linuxd smbd[9074]:#7 smbd(claim_connection+0x252) [0xd35b16] Jul 11 13:56:37 linuxd smbd[14781]:#8 smbd(open_file_shared1+0xde2) [0xd77dfd] Jul 11 13:56:37 linuxd smbd[9074]:#8 smbd [0xd8b539] Jul 11 13:56:37 linuxd smbd[14781]:#9 smbd(reply_ntcreate_and_X+0x88f) [0xd4af38] Jul 11 13:56:37 linuxd smbd[9074]:#9 smbd(make_connection+0x162) [0xd8ca54] Jul 11 13:56:37 linuxd smbd[14781]:#10 smbd [0xd89412] Jul 11 13:56:37 linuxd smbd[9074]:#10 smbd(reply_tcon_and_X+0x1d3) [0xd52bb6] Jul 11 13:56:37 linuxd smbd[14781]:#11 smbd(process_smb+0x19b) [0xd8984c] Jul 11 13:56:37 linuxd smbd[9074]:#11 smbd [0xd89412] Jul 11 13:56:37 linuxd smbd[14781]:#12 smbd(smbd_process+0x15f) [0xd8a574] Jul 11 13:56:37 linuxd smbd[9074]:#12 smbd(chain_reply+0x178) [0xd89cb8] Jul 11 13:56:37 linuxd smbd[14781]:#13 smbd(main+0x865) [0xf1c567] Jul 11 13:56:37 linuxd smbd[9074]:#13 smbd(reply_sesssetup_and_X+0xabe) [0xd62feb] Jul 11 13:56:37 linuxd smbd[14781]:#14 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x3e0e23] Jul 11 13:56:37 linuxd smbd[9074]:#14 smbd [0xd89412] Jul 11 13:56:37 linuxd smbd[14781]:#15 smbd
[Samba] problem with winbind
Hi, Since 1 month, I tried without any success to configure Samba. My problem is that winbind crashes when I list users and groups. And I think that it is linked to my trusted domains (wbinfo -domain=myADdomain -u works well). The error is the following : [2006/07/11 14:30:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(757) got [EMAIL PROTECTED] [2006/07/11 14:30:29, 10] libads/kerberos.c:kerberos_kinit_password_ext(88) kerberos_kinit_password: using MEMORY:cliconnect as ccache [2006/07/11 14:30:29, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(546) Doing kerberos session setup [2006/07/11 14:30:29, 0] lib/fault.c:fault_report(41) === [2006/07/11 14:30:29, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 11 in pid 7396 (3.0.23) Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/07/11 14:30:29, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2006/07/11 14:30:29, 0] lib/fault.c:fault_report(45) === [2006/07/11 14:30:29, 0] lib/util.c:smb_panic(1592) PANIC (pid 7396): internal error [2006/07/11 14:30:29, 0] lib/util.c:log_stack_trace(1699) BACKTRACE: 23 stack frames: #0 winbindd(log_stack_trace+0x2d) [0x50081d] #1 winbindd(smb_panic+0x5d) [0x50094d] #2 winbindd [0x4ec30a] #3 [0x297420] #4 /lib/libc.so.6(memcpy+0x1c) [0x18464c] #5 /usr/lib/libkrb5.so.3(krb5_copy_principal+0x115) [0xb90ea5] #6 /usr/lib/libkrb5.so.3(krb5_copy_creds+0x64) [0xb90a04] #7 /usr/lib/libkrb5.so.3 [0xb86feb] #8 /usr/lib/libkrb5.so.3(krb5_cc_store_cred+0x20) [0xb87b90] #9 /usr/lib/libkrb5.so.3(krb5_get_credentials+0x1c3) [0xb94463] #10 winbindd(cli_krb5_get_ticket+0x4b9) [0x529ed9] #11 winbindd(spnego_gen_negTokenTarg+0x62) [0x52aef2] #12 winbindd(cli_session_setup_spnego+0x6b6) [0x5220b6] #13 winbindd [0x492d1d] #14 winbindd(set_dc_type_and_flags+0x9c) [0x49425c] #15 winbindd [0x481fb8] #16 winbindd [0x4849ac] #17 winbindd(winbindd_list_users+0x130) [0x476e90] #18 winbindd [0x4755d7] #19 winbindd [0x476ca8] #20 winbindd(main+0x8e9) [0x476129] #21 /lib/libc.so.6(__libc_start_main+0xdc) [0x12e724] #22 winbindd [0x4747b1] [2006/07/11 14:30:30, 0] lib/fault.c:dump_core(173) dumping core in /var/log/samba/cores/winbindd When, winbind is not launched, I get this error : smbd/sesssetup.c:reply_spnego_kerberos(310) Username myADdomain\MACHINE$ is invalid on this system It works well, but operations on clients are very slow. For ex. a copy hangs 500ms at every file access. My configuration files are : * smb.conf [global] workgroup = myADdomain realm = myADdomain.COM security = ADS password server = myDC log level = 2 passdb:2 winbind:10 auth:2 log file = /var/log/samba/log.smbd max log size = 5 server signing = auto printcap name = /etc/printcap preferred master = No local master = No domain master = No dns proxy = No wins server = myIPWinsServer ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%U winbind trusted domains only = Yes [homes] comment = Home Directories read only = No browseable = No * krb5.conf [logging] default = FILE:/var/log/krb5libs.log [libdefaults] ticket_lifetime = 24000 clockskew = 300 default_realm = MYADDOMAIN.COM [realms] MYADDOMAIN.COM = { kdc = myDC:88 admin_server = myDC:464 default_domain = MYADDOMAIN.COM } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } I run samba 3.023 on a Fedora Core 5 server. My AD domain is in a large forest. My AD domain controller is running Windows 2003 sp1. Other trusted domains are not in the same subnet. Several questions. Is winbind needed in my configuration ? How to limit the usage of Samba to my domain (how to remove trusted domains scans)? Many tanks in advance, --Yann -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba x Windows XP
Folks, The environment im my company is: PC's usging Windows XP Operating System File server using Debian 3.1 with samba 3.0.14a The problem is: Each user has a different samba configuration. Example: a user called test has the following configuration: [BD] comment = Database Engenharia path = /usr4/Programs/BD writeable = yes browseable = Yes [Config_BDE] comment = Config_BDE Engpro_srv01 path = /usr4/Programs/Config_BDE writeable = yes browseable = Yes After this user login on Windows, the mapping drivers are OK, but pressing F5 for some minutes, the mapping drivers change and are presented new drivers, different from a smb.conf from this user. I don't know if it's a problem with a samba cache. Could you please, help us to solve this problem ??? Regards, -- Roberval Fagundes Information Tecnology Dept. Kromberg Schubert Brazil e-mail: [EMAIL PROTECTED] Phone : 55 11 4524-9070 Fax : 55 11 4534-5662 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.23 + ADS + 'valid users' + 'force user' does not work
Just upgraded Samba to 3.0.23 and can no longer map any non-anonymous shares. Here is my smb.conf file: [global] map to guest = Bad User guest account = nobody syslog = 0 log level = 3 workgroup = OAAD realm = OA.PNRAD.NET security = ADS [intranet] path = /srv/www/intranet valid users = nazaand write list = nazaand force user = intranet force group = intranet create mask = 0660 directory mask = 0770 browseable = No Unix user 'nazaand' exists with UID:1000 and GID:100. The ADS authentication also works fine, I get the following entries in the log file: [2006/07/11 17:53:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine FRPDC003.OA.PNRAD.NET pipe \NETLOGON fnum 0xa bind request returned ok. [2006/07/11 17:53:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) store_gid_sid_cache: gid 100 in cache - S-1-5-21-2802976709-2047762053-2842697490-1201 [2006/07/11 17:53:18, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 100 - S-1-5-21-2802976709-2047762053-2842697490-1201 [2006/07/11 17:53:18, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: winbind authentication for user [nazaand] succeeded [2006/07/11 17:53:18, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [nazaand] - [nazaand] - [nazaand] succeeded But the share cannot be mapped because of this: [2006/07/11 17:53:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) store_gid_sid_cache: gid 2147483404 in cache - S-1-5-21-2802976709-2047762053-2842697490-513 [2006/07/11 17:53:18, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/07/11 17:53:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088215 [2006/07/11 17:53:18, 3] smbd/password.c:register_vuid(280) User name: nazaandReal name: [2006/07/11 17:53:18, 3] smbd/password.c:register_vuid(301) UNIX uid 1000 is UNIX user nazaand, and will be vuid 103 [2006/07/11 17:53:18, 3] smbd/password.c:register_vuid(332) Adding homes service for user 'nazaand' using home directory: '/srv/www/htdocs' [2006/07/11 17:53:18, 3] smbd/process.c:process_smb(1110) Transaction 7 of length 86 [2006/07/11 17:53:18, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 16063) conn 0x0 [2006/07/11 17:53:18, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/07/11 17:53:18, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid nazaand does not start with 'S-'. [2006/07/11 17:53:18, 2] smbd/service.c:make_connection_snum(571) user 'nazaand' (from session setup) not permitted to access this share (intranet) [2006/07/11 17:53:18, 3] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Why do I get the not permitted to access this share error if my user is in the valid users list? If I remove the valid users list completely, then the share can be mapped, but I cannot write to it. If I use security = user then everything works ok. Does new Samba version require a different format format for the 'valid users' and 'write list' directives or do I need to specify any additional parameters for it to work as 3.0.22? Thanks for your time -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind: how can I tell which DC it's connecting to?
Winbind appears to lose connections every once in a while. Is there a way to tell which Domain Controller winbind is making connections to? I have 3 DCs currently and trying to track down the problem. Thanks, Toan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Update - Someone with Access Denied from Windows pls try this test to compare notes with me
Wow, an old message from 2004 and I'm seeing the same problem across my network presently. http://lists.samba.org/archive/samba/2004-August/091252.html What is interesting is that there were not problems until about 4 weeks ago. At first I thought it might be me and my numerous passwords getting confused, but then my wofes laptop started showing the same symptoms. Both laptops have Windows XP SP2 installed. My two samba servers are 3.0.4 ALPHA and FEP1 I get Access Denied in Windows and of course SAMBA returns STATUS_ACCESS_DENIED back via SMB Packets. However here's the twist. My Win95 workstation has no problem talking to ALPHA and FEP1 And a further twist two other servers WWW and OTHERWOMAN are running Samaba 2.0.5a, where the laptops and the Win95 workstation can all access. (I haven't added the Mac's to this mix as yet, I think from memory they were working just fine.) From ALPHA using smbclient I can connect and map to all shared services on anything (ALPHA, WWW, OTHERWOMAN, LAPA, LAPB, WWW, MAC1, MAC2, FEP1) What is important is that LAPA and LAPB had NO problem communicating with ALPHA2 prior to a few weeks ago. There are no filewall problems or restrictions and the LAP's can Browse, get a SHARE listing, but not get access to the files or paths. (I haven't tried printers, I want to move my Laser and Inkjets from the NT4 server to ALPHA asap but can't do that if my shares aren't working!) So the bottom line is that SAMBA 3.0.4 being accessed from Win XP SP2 has a problem wherein the user can authenticate and connect, get a share list, but can not access anything within the shares. Now the simple solution may be to upgrade SAMBA, however I have a number of servers and I'm trying to maintain a base configuration across everything. My concern is that it WAS working fine from December 2005 when I deployed the server until lets say 15 June 2006. Since June 2006 the Win XP SP2 laps can't get into the shares. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Control Login hour in Samba
Hello people. I want know if has a command or a setting into smb.conf that give me login restriction by hours like with olther NT4. If don't have, how I can do this?? Thanks -- Kalil de A. Carvalho. Setor de Redes. +55-84-3215-1236/8845-9998 Associação Potiguar de Educação e Cultura - APEC Universidade Potiguar - UnP Natal/RN -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] idmap backend = AD + AD4Unix with SFU 2.0 Shema
Hi * I use Debian Linux with the backport version of Samba 3.0.22. Now, i want to configure winbindd to use my AD with MKS AD4Unix Plugin and the shema SFU 2.0 as idmap backend. (does it really work?) In the changelog I saw that the parameter idmap backend has changed from: idmap backend = idmap_ad to: idmap backend = ad But how to configure it? Can someone send me an example configuration of the smb.conf? Greetings, Dennis -- Erstellt mit Operas revolutionärem E-Mail-Modul: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] FW: Problem using 3.0.23 client in a domain with a Samba 3.0.20c PDC. -- REVISED I am using V3.x.x
Ahsorry for the last note I meant 3.0.23 NOT 2.0.23 == M. D. Parker Systems Administrator General Atomics / Electromagnetic Systems +1 858 455 2877 [EMAIL PROTECTED] -Original Message- From: M. D. Parker [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 11, 2006 4:07 PM To: 'samba@lists.samba.org' Subject: Problem using 3.0.23 client in a domain with a Samba 3.0.20c PDC. Importance: High I have a samba PDC running 3.0.20c I installed Samba 3.0.23 on a client joined to the domain. With this combination, when I attempt to connect to a share on this client from any host even the localhost results in the following: $ smbclient //localhost/atest -U auser Password: Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.23-SerNet-RedHat] tree connect failed: NT_STATUS_ACCESS_DENIED Windows clients will similarly NOT connect. This situation does not happen on other NON-3.0.23 clients containing shares. I have traced the problem to the line in the smb.conf file that I have been using for years: [atest] . . valid users = auser . . If I remove this line, I get connected to the share, however, of course I lose any username protection. I have tried using write list = or even admin users = ... All to no avail. The log file indicates seems to recoginze my id but then finally at the end gets some type of deny message: [2006/07/11 15:38:34, 2] lib/access.c:check_access(324) Allowed connection from (127.0.0.1) [2006/07/11 15:39:37, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [auser] - [auser] - [auser] succeeded [2006/07/11 15:39:37, 2] lib/access.c:check_access(324) Allowed connection from (10.10.32.200) [2006/07/11 15:39:37, 2] lib/access.c:check_access(324) Allowed connection from (10.10.32.200) [2006/07/11 15:39:37, 2] smbd/service.c:make_connection_snum(571) user 'auser' (from session setup) not permitted to access this share (atest) I have had this problem on all the RC versions of 3.0.23 and thought that this was something that would probably be fixed at release time. Wrong assumption. Got a fix or a workaround for this problem? I really need this to work before being able to upgrade to this revision. == M. D. Parker Systems Administrator General Atomics / Electromagnetic Systems +1 858 455 2877 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem using 2.0.23 client in a domain with a Samba 2.0.20c PDC.
I have a samba PDC running 2.0.20c I installed Samba 2.0.23 on a client joined to the domain. With this combination, when I attempt to connect to a share on this client from any host even the localhost results in the following: $ smbclient //localhost/atest -U auser Password: Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.23-SerNet-RedHat] tree connect failed: NT_STATUS_ACCESS_DENIED Windows clients will similarly NOT connect. This situation does not happen on other NON-2.0.23 clients containing shares. I have traced the problem to the line in the smb.conf file that I have been using for years: [atest] . . valid users = auser . . If I remove this line, I get connected to the share, however, of course I lose any username protection. I have tried using write list = or even admin users = ... All to no avail. The log file indicates seems to recoginze my id but then finally at the end gets some type of deny message: [2006/07/11 15:38:34, 2] lib/access.c:check_access(324) Allowed connection from (127.0.0.1) [2006/07/11 15:39:37, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [auser] - [auser] - [auser] succeeded [2006/07/11 15:39:37, 2] lib/access.c:check_access(324) Allowed connection from (10.10.32.200) [2006/07/11 15:39:37, 2] lib/access.c:check_access(324) Allowed connection from (10.10.32.200) [2006/07/11 15:39:37, 2] smbd/service.c:make_connection_snum(571) user 'auser' (from session setup) not permitted to access this share (atest) I have had this problem on all the RC versions of 2.0.23 and thought that this was something that would probably be fixed at release time. Wrong assumption. Got a fix or a workaround for this problem? I really need this to work before being able to upgrade to this revision. == M. D. Parker Systems Administrator General Atomics / Electromagnetic Systems +1 858 455 2877 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r16938 - in branches/SAMBA_4_0/source/lib/tdb/tools: .
Author: abartlet Date: 2006-07-11 07:15:21 + (Tue, 11 Jul 2006) New Revision: 16938 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16938 Log: Fix breakage of TDB on VOS (declaration after statement) Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/tdb/tools/tdbtool.c Changeset: Modified: branches/SAMBA_4_0/source/lib/tdb/tools/tdbtool.c === --- branches/SAMBA_4_0/source/lib/tdb/tools/tdbtool.c 2006-07-11 03:46:22 UTC (rev 16937) +++ branches/SAMBA_4_0/source/lib/tdb/tools/tdbtool.c 2006-07-11 07:15:21 UTC (rev 16938) @@ -183,10 +183,11 @@ static void create_tdb(void) { + char *tok = get_token(1); + struct tdb_logging_context log_ctx; log_ctx.log_fn = tdb_log; - char *tok = get_token(1); if (!tok) { help(); return;
svn commit: samba r16939 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd Date: 2006-07-11 09:22:55 + (Tue, 11 Jul 2006) New Revision: 16939 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16939 Log: Still clear the winbind_cache.tdb when offline logons are not enabled. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c trunk/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-07-11 07:15:21 UTC (rev 16938) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-07-11 09:22:55 UTC (rev 16939) @@ -1891,7 +1891,8 @@ /* when working offline we must not clear the cache on restart */ wcache-tdb = tdb_open_log(lock_path(winbindd_cache.tdb), WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - TDB_DEFAULT /*TDB_CLEAR_IF_FIRST*/, O_RDWR|O_CREAT, 0600); + lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), + O_RDWR|O_CREAT, 0600); if (wcache-tdb == NULL) { DEBUG(0,(Failed to open winbindd_cache.tdb!\n)); @@ -2133,7 +2134,8 @@ /* when working offline we must not clear the cache on restart */ wcache-tdb = tdb_open_log(lock_path(winbindd_cache.tdb), WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - TDB_DEFAULT /* TDB_CLEAR_IF_FIRST */, O_RDWR|O_CREAT, 0600); + lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), + O_RDWR|O_CREAT, 0600); if (!wcache-tdb) { DEBUG(0,(Failed to open winbindd_cache.tdb!\n)); Modified: trunk/source/nsswitch/winbindd_cache.c === --- trunk/source/nsswitch/winbindd_cache.c 2006-07-11 07:15:21 UTC (rev 16938) +++ trunk/source/nsswitch/winbindd_cache.c 2006-07-11 09:22:55 UTC (rev 16939) @@ -2014,7 +2014,8 @@ /* when working offline we must not clear the cache on restart */ wcache-tdb = tdb_open_log(lock_path(winbindd_cache.tdb), WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - TDB_DEFAULT /*TDB_CLEAR_IF_FIRST*/, O_RDWR|O_CREAT, 0600); + lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), + O_RDWR|O_CREAT, 0600); if (wcache-tdb == NULL) { DEBUG(0,(Failed to open winbindd_cache.tdb!\n)); @@ -2256,7 +2257,8 @@ /* when working offline we must not clear the cache on restart */ wcache-tdb = tdb_open_log(lock_path(winbindd_cache.tdb), WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - TDB_DEFAULT /* TDB_CLEAR_IF_FIRST */, O_RDWR|O_CREAT, 0600); + lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), + O_RDWR|O_CREAT, 0600); if (!wcache-tdb) { DEBUG(0,(Failed to open winbindd_cache.tdb!\n));
svn commit: samba r16940 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd Date: 2006-07-11 09:59:22 + (Tue, 11 Jul 2006) New Revision: 16940 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16940 Log: libnscd sets errno, use that to display error message. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c trunk/source/nsswitch/winbindd_util.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2006-07-11 09:22:55 UTC (rev 16939) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2006-07-11 09:59:22 UTC (rev 16940) @@ -1211,13 +1211,13 @@ int ret = nscd_flush_cache(passwd); if (ret) { DEBUG(5,(failed to flush nscd cache for 'passwd' service: %s\n, - strerror(ret))); + strerror(errno))); } ret = nscd_flush_cache(group); if (ret) { DEBUG(5,(failed to flush nscd cache for 'group' service: %s\n, - strerror(ret))); + strerror(errno))); } #else return; Modified: trunk/source/nsswitch/winbindd_util.c === --- trunk/source/nsswitch/winbindd_util.c 2006-07-11 09:22:55 UTC (rev 16939) +++ trunk/source/nsswitch/winbindd_util.c 2006-07-11 09:59:22 UTC (rev 16940) @@ -1211,13 +1211,13 @@ int ret = nscd_flush_cache(passwd); if (ret) { DEBUG(5,(failed to flush nscd cache for 'passwd' service: %s\n, - strerror(ret))); + strerror(errno))); } ret = nscd_flush_cache(group); if (ret) { DEBUG(5,(failed to flush nscd cache for 'group' service: %s\n, - strerror(ret))); + strerror(errno))); } #else return;
svn commit: samba-web r1012 - in trunk/security: .
Author: deryck Date: 2006-07-11 14:27:02 + (Tue, 11 Jul 2006) New Revision: 1012 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1012 Log: Fix bad link. deryck Modified: trunk/security/CAN-2006-3403.html Changeset: Modified: trunk/security/CAN-2006-3403.html === --- trunk/security/CAN-2006-3403.html 2006-07-10 22:22:23 UTC (rev 1011) +++ trunk/security/CAN-2006-3403.html 2006-07-11 14:27:02 UTC (rev 1012) @@ -46,7 +46,7 @@ http://www.samba.org/samba/security/. Guidelines for securing Samba hosts are listed at -http://www.samba.org/docs/server_security.html +http://www.samba.org/samba/docs/server_security.html ===
svn commit: samba r16942 - in trunk/packaging: Debian/debian-sarge Debian/debian-sarge/patches RHEL RHEL/setup RedHat-9
Author: jra Date: 2006-07-11 16:48:59 + (Tue, 11 Jul 2006) New Revision: 16942 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16942 Log: Merge back before merging forward - sync up packaging. Jeremy. Removed: trunk/packaging/Debian/debian-sarge/patches/VERSION.patch trunk/packaging/Debian/debian-sarge/patches/version-fix-vscan.patch Modified: trunk/packaging/Debian/debian-sarge/changelog trunk/packaging/Debian/debian-sarge/patches/fhs.patch trunk/packaging/Debian/debian-sarge/rules trunk/packaging/Debian/debian-sarge/samba.files trunk/packaging/RHEL/makerpms.sh.tmpl trunk/packaging/RHEL/samba.spec.tmpl trunk/packaging/RHEL/setup/filter-requires-samba.sh trunk/packaging/RHEL/setup/smb.init trunk/packaging/RHEL/setup/winbind.init trunk/packaging/RedHat-9/filter-requires-samba_rh8.sh trunk/packaging/RedHat-9/filter-requires-samba_rh9.sh trunk/packaging/RedHat-9/makerpms.sh.tmpl trunk/packaging/RedHat-9/samba.spec.tmpl trunk/packaging/RedHat-9/smb.init Changeset: Sorry, the patch is too large (520 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16942
svn commit: samba r16943 - in branches/SAMBA_3_0/examples: . pcap2nbench
Author: jra Date: 2006-07-11 17:09:38 + (Tue, 11 Jul 2006) New Revision: 16943 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16943 Log: Add Jim's code. Jeremy. Added: branches/SAMBA_3_0/examples/pcap2nbench/ branches/SAMBA_3_0/examples/pcap2nbench/COPYING branches/SAMBA_3_0/examples/pcap2nbench/Makefile branches/SAMBA_3_0/examples/pcap2nbench/README branches/SAMBA_3_0/examples/pcap2nbench/closerequest.cpp branches/SAMBA_3_0/examples/pcap2nbench/closerequest.hpp branches/SAMBA_3_0/examples/pcap2nbench/ethernet.cpp branches/SAMBA_3_0/examples/pcap2nbench/ethernet.hpp branches/SAMBA_3_0/examples/pcap2nbench/ip.cpp branches/SAMBA_3_0/examples/pcap2nbench/ip.hpp branches/SAMBA_3_0/examples/pcap2nbench/main.cpp branches/SAMBA_3_0/examples/pcap2nbench/ntcreateandxrequest.cpp branches/SAMBA_3_0/examples/pcap2nbench/ntcreateandxrequest.hpp branches/SAMBA_3_0/examples/pcap2nbench/ntcreateandxresponse.cpp branches/SAMBA_3_0/examples/pcap2nbench/ntcreateandxresponse.hpp branches/SAMBA_3_0/examples/pcap2nbench/readandxrequest.cpp branches/SAMBA_3_0/examples/pcap2nbench/readandxrequest.hpp branches/SAMBA_3_0/examples/pcap2nbench/readandxresponse.hpp branches/SAMBA_3_0/examples/pcap2nbench/smb.cpp branches/SAMBA_3_0/examples/pcap2nbench/smb.hpp branches/SAMBA_3_0/examples/pcap2nbench/tcp.cpp branches/SAMBA_3_0/examples/pcap2nbench/tcp.hpp branches/SAMBA_3_0/examples/pcap2nbench/writeandxrequest.cpp branches/SAMBA_3_0/examples/pcap2nbench/writeandxrequest.hpp Changeset: Sorry, the patch is too large (2313 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16943
svn commit: samba r16944 - in trunk/examples/scripts/shares/perl: .
Author: jra Date: 2006-07-11 17:19:41 + (Tue, 11 Jul 2006) New Revision: 16944 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16944 Log: Update from 3.0 to get ready for sync. Jeremy. Modified: trunk/examples/scripts/shares/perl/modify_samba_config.pl Changeset: Modified: trunk/examples/scripts/shares/perl/modify_samba_config.pl === --- trunk/examples/scripts/shares/perl/modify_samba_config.pl 2006-07-11 17:09:38 UTC (rev 16943) +++ trunk/examples/scripts/shares/perl/modify_samba_config.pl 2006-07-11 17:19:41 UTC (rev 16944) @@ -36,7 +36,7 @@ if ($#ARGV == 1) { $delete_mode = 1; } -elsif ($#ARGV == 3) { +elsif ($#ARGV == 4) { $add_mode = 1; } else { @@ -101,6 +101,7 @@ if ($add_mode) { $config{$ARGV[1]}{'path'} = $ARGV[2]; $config{$ARGV[1]}{'comment'} = $ARGV[3]; + $config{$ARGV[1]}{'max connections'} = $ARGV[4]; } elsif ($delete_mode) { delete $config{$ARGV[1]};
svn commit: samba r16945 - in branches/SAMBA_3_0/source: . auth client include lib libads libmsrpc libndr libsmb locking modules nmbd nsswitch param passdb printing profile python registry rpc_client
Author: jra Date: 2006-07-11 18:01:26 + (Tue, 11 Jul 2006) New Revision: 16945 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16945 Log: Sync trunk - 3.0 for 3.0.24 code. Still need to do the upper layer directories but this is what everyone is waiting for Jeremy. Added: branches/SAMBA_3_0/source/include/locking.h branches/SAMBA_3_0/source/include/rpc_unixinfo.h branches/SAMBA_3_0/source/lib/util_reg.c branches/SAMBA_3_0/source/libndr/ branches/SAMBA_3_0/source/libndr/libndr.h branches/SAMBA_3_0/source/libndr/misc.h branches/SAMBA_3_0/source/libndr/ndr.c branches/SAMBA_3_0/source/libndr/ndr_basic.c branches/SAMBA_3_0/source/libndr/ndr_misc.c branches/SAMBA_3_0/source/libndr/ndr_sec.h branches/SAMBA_3_0/source/libndr/ndr_sec_helper.c branches/SAMBA_3_0/source/libndr/ndr_string.c branches/SAMBA_3_0/source/libndr/security.h branches/SAMBA_3_0/source/libndr/sid.c branches/SAMBA_3_0/source/modules/vfs_cacheprime.c branches/SAMBA_3_0/source/modules/vfs_commit.c branches/SAMBA_3_0/source/modules/vfs_default.c branches/SAMBA_3_0/source/modules/vfs_prealloc.c branches/SAMBA_3_0/source/rpc_client/cli_unixinfo.c branches/SAMBA_3_0/source/rpc_client/ndr.c branches/SAMBA_3_0/source/rpc_parse/parse_unixinfo.c branches/SAMBA_3_0/source/rpc_server/srv_unixinfo.c branches/SAMBA_3_0/source/rpc_server/srv_unixinfo_nt.c branches/SAMBA_3_0/source/rpcclient/cmd_unixinfo.c branches/SAMBA_3_0/source/tdb/dump.c branches/SAMBA_3_0/source/tdb/error.c branches/SAMBA_3_0/source/tdb/freelist.c branches/SAMBA_3_0/source/tdb/io.c branches/SAMBA_3_0/source/tdb/lock.c branches/SAMBA_3_0/source/tdb/open.c branches/SAMBA_3_0/source/tdb/tdb_private.h branches/SAMBA_3_0/source/tdb/transaction.c branches/SAMBA_3_0/source/tdb/traverse.c branches/SAMBA_3_0/source/torture/pdbtest.c branches/SAMBA_3_0/source/utils/sharesec.c branches/SAMBA_3_0/source/utils/status_profile.c Removed: branches/SAMBA_3_0/source/smbd/vfs-wrap.c branches/SAMBA_3_0/source/tdb/spinlock.c branches/SAMBA_3_0/source/tdb/spinlock.h Modified: branches/SAMBA_3_0/source/Doxyfile branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/aclocal.m4 branches/SAMBA_3_0/source/auth/auth_domain.c branches/SAMBA_3_0/source/auth/auth_server.c branches/SAMBA_3_0/source/auth/auth_util.c branches/SAMBA_3_0/source/client/client.c branches/SAMBA_3_0/source/client/clitar.c branches/SAMBA_3_0/source/client/mount.cifs.c branches/SAMBA_3_0/source/client/smbctool.c branches/SAMBA_3_0/source/client/smbmount.c branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/include/client.h branches/SAMBA_3_0/source/include/idmap.h branches/SAMBA_3_0/source/include/includes.h branches/SAMBA_3_0/source/include/libsmb_internal.h branches/SAMBA_3_0/source/include/mangle.h branches/SAMBA_3_0/source/include/nt_status.h branches/SAMBA_3_0/source/include/ntdomain.h branches/SAMBA_3_0/source/include/nterr.h branches/SAMBA_3_0/source/include/passdb.h branches/SAMBA_3_0/source/include/rpc_netlogon.h branches/SAMBA_3_0/source/include/rpc_reg.h branches/SAMBA_3_0/source/include/rpc_samr.h branches/SAMBA_3_0/source/include/rpc_secdes.h branches/SAMBA_3_0/source/include/rpc_srvsvc.h branches/SAMBA_3_0/source/include/session.h branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/include/smb_macros.h branches/SAMBA_3_0/source/include/smbprofile.h branches/SAMBA_3_0/source/include/talloc.h branches/SAMBA_3_0/source/include/vfs.h branches/SAMBA_3_0/source/include/vfs_macros.h branches/SAMBA_3_0/source/lib/account_pol.c branches/SAMBA_3_0/source/lib/afs.c branches/SAMBA_3_0/source/lib/charcnv.c branches/SAMBA_3_0/source/lib/data_blob.c branches/SAMBA_3_0/source/lib/debug.c branches/SAMBA_3_0/source/lib/popt_common.c branches/SAMBA_3_0/source/lib/socket_wrapper.c branches/SAMBA_3_0/source/lib/substitute.c branches/SAMBA_3_0/source/lib/system.c branches/SAMBA_3_0/source/lib/talloc.c branches/SAMBA_3_0/source/lib/talloctort.c branches/SAMBA_3_0/source/lib/time.c branches/SAMBA_3_0/source/lib/util.c branches/SAMBA_3_0/source/lib/util_str.c branches/SAMBA_3_0/source/libads/dns.c branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/libads/sasl.c branches/SAMBA_3_0/source/libmsrpc/cac_lsarpc.c branches/SAMBA_3_0/source/libmsrpc/cac_samr.c branches/SAMBA_3_0/source/libmsrpc/cac_svcctl.c branches/SAMBA_3_0/source/libmsrpc/cac_winreg.c branches/SAMBA_3_0/source/libmsrpc/libmsrpc_internal.c branches/SAMBA_3_0/source/libsmb/cliconnect.c branches/SAMBA_3_0/source/libsmb/clidfs.c branches/SAMBA_3_0/source/libsmb/clientgen.c branches/SAMBA_3_0/source/libsmb/clikrb5.c branches/SAMBA_3_0/source/libsmb/clirap2.c branches/SAMBA_3_0/source/libsmb/libsmb_cache.c
svn commit: samba r16946 - in trunk/source/utils: .
Author: jra Date: 2006-07-11 18:03:00 + (Tue, 11 Jul 2006) New Revision: 16946 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16946 Log: Fix warning with profile separator when profiles not being used. Jeremy. Modified: trunk/source/utils/status_profile.c Changeset: Modified: trunk/source/utils/status_profile.c === --- trunk/source/utils/status_profile.c 2006-07-11 18:01:26 UTC (rev 16945) +++ trunk/source/utils/status_profile.c 2006-07-11 18:03:00 UTC (rev 16946) @@ -21,6 +21,7 @@ #include includes.h +#ifdef WITH_PROFILE static void profile_separator(const char * title) { char line[79 + 1]; @@ -35,6 +36,7 @@ line[sizeof(line) - 1] = '\0'; d_printf(%s\n, line); } +#endif /*** dump the elements of the profile structure
svn commit: samba r16947 - in branches/SAMBA_3_0/source/utils: .
Author: jra Date: 2006-07-11 18:03:25 + (Tue, 11 Jul 2006) New Revision: 16947 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16947 Log: Fix warning with profile separator when profiles not being used. Jeremy. Modified: branches/SAMBA_3_0/source/utils/status_profile.c Changeset: Modified: branches/SAMBA_3_0/source/utils/status_profile.c === --- branches/SAMBA_3_0/source/utils/status_profile.c2006-07-11 18:03:00 UTC (rev 16946) +++ branches/SAMBA_3_0/source/utils/status_profile.c2006-07-11 18:03:25 UTC (rev 16947) @@ -21,6 +21,7 @@ #include includes.h +#ifdef WITH_PROFILE static void profile_separator(const char * title) { char line[79 + 1]; @@ -35,6 +36,7 @@ line[sizeof(line) - 1] = '\0'; d_printf(%s\n, line); } +#endif /*** dump the elements of the profile structure
svn commit: samba r16948 - in branches/SAMBA_3_0/examples/VFS: .
Author: jra Date: 2006-07-11 18:06:52 + (Tue, 11 Jul 2006) New Revision: 16948 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16948 Log: Sync the exmaples code from trunk. Jeremy. Modified: branches/SAMBA_3_0/examples/VFS/skel_opaque.c branches/SAMBA_3_0/examples/VFS/skel_transparent.c Changeset: Sorry, the patch is too large (957 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16948
svn commit: samba r16949 - in branches/SAMBA_4_0/source/libcli/util: .
Author: metze Date: 2006-07-11 18:06:53 + (Tue, 11 Jul 2006) New Revision: 16949 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16949 Log: add and fix some NOTIFY return codes metze Modified: branches/SAMBA_4_0/source/libcli/util/nterr.c branches/SAMBA_4_0/source/libcli/util/nterr.h Changeset: Modified: branches/SAMBA_4_0/source/libcli/util/nterr.c === --- branches/SAMBA_4_0/source/libcli/util/nterr.c 2006-07-11 18:06:52 UTC (rev 16948) +++ branches/SAMBA_4_0/source/libcli/util/nterr.c 2006-07-11 18:06:53 UTC (rev 16949) @@ -547,6 +547,8 @@ { NT_STATUS_OBJECTID_NOT_FOUND, NT_STATUS_OBJECTID_NOT_FOUND }, { STATUS_MORE_ENTRIES, STATUS_MORE_ENTRIES }, { STATUS_SOME_UNMAPPED, STATUS_SOME_UNMAPPED }, + { STATUS_NOTIFY_CLEANUP, STATUS_NOTIFY_CLEANUP }, + { STATUS_NOTIFY_ENUM_DIR, STATUS_NOTIFY_ENUM_DIR }, DOS_CODE(ERRDOS, ERRsuccess), DOS_CODE(ERRDOS, ERRbadfunc), Modified: branches/SAMBA_4_0/source/libcli/util/nterr.h === --- branches/SAMBA_4_0/source/libcli/util/nterr.h 2006-07-11 18:06:52 UTC (rev 16948) +++ branches/SAMBA_4_0/source/libcli/util/nterr.h 2006-07-11 18:06:53 UTC (rev 16949) @@ -37,9 +37,10 @@ #define STATUS_PENDINGNT_STATUS(0x0103) #define STATUS_MORE_ENTRIES NT_STATUS(0x0105) #define STATUS_SOME_UNMAPPED NT_STATUS(0x0107) +#define STATUS_NOTIFY_CLEANUP NT_STATUS(0x010b) +#define STATUS_NOTIFY_ENUM_DIRNT_STATUS(0x010c) #define ERROR_INVALID_PARAMETER NT_STATUS(0x0057) #define ERROR_INSUFFICIENT_BUFFERNT_STATUS(0x007a) -#define STATUS_NOTIFY_ENUM_DIRNT_STATUS(0x010c) #define ERROR_INVALID_DATATYPE NT_STATUS(0x070c) /* Win32 Error codes extracted using a loop in smbclient then printing a
svn commit: samba r16950 - in branches/SAMBA_4_0/source: ntvfs ntvfs/cifs ntvfs/posix rpc_server/srvsvc smb_server smb_server/smb smb_server/smb2
Author: metze Date: 2006-07-11 18:15:42 + (Tue, 11 Jul 2006) New Revision: 16950 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16950 Log: remove the smb mid from the ntvfs layer and keep a list of pending requests on the smbsrv_connection, to be able to match then on ntcancel metze Modified: branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c branches/SAMBA_4_0/source/ntvfs/ntvfs.h branches/SAMBA_4_0/source/ntvfs/ntvfs_util.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_wait.c branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c branches/SAMBA_4_0/source/rpc_server/srvsvc/srvsvc_ntvfs.c branches/SAMBA_4_0/source/smb_server/smb/reply.c branches/SAMBA_4_0/source/smb_server/smb/request.c branches/SAMBA_4_0/source/smb_server/smb/service.c branches/SAMBA_4_0/source/smb_server/smb2/smb2_server.h branches/SAMBA_4_0/source/smb_server/smb2/tcon.c branches/SAMBA_4_0/source/smb_server/smb_server.h Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c === --- branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c 2006-07-11 18:06:53 UTC (rev 16949) +++ branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c 2006-07-11 18:15:42 UTC (rev 16950) @@ -803,7 +803,7 @@ /* find the matching request */ for (a=private-pending;a;a=a-next) { - if (a-req-smbmid == req-smbmid) { + if (a-req == req) { break; } } Modified: branches/SAMBA_4_0/source/ntvfs/ntvfs.h === --- branches/SAMBA_4_0/source/ntvfs/ntvfs.h 2006-07-11 18:06:53 UTC (rev 16949) +++ branches/SAMBA_4_0/source/ntvfs/ntvfs.h 2006-07-11 18:15:42 UTC (rev 16950) @@ -253,9 +253,6 @@ /* the smb pid is needed for locking contexts */ uint16_t smbpid; - /* the smb mid is needed for matching requests */ - uint16_t smbmid; - /* some statictics for the management tools */ struct { /* the system time when the request arrived */ Modified: branches/SAMBA_4_0/source/ntvfs/ntvfs_util.c === --- branches/SAMBA_4_0/source/ntvfs/ntvfs_util.c2006-07-11 18:06:53 UTC (rev 16949) +++ branches/SAMBA_4_0/source/ntvfs/ntvfs_util.c2006-07-11 18:15:42 UTC (rev 16950) @@ -28,7 +28,7 @@ _PUBLIC_ struct ntvfs_request *ntvfs_request_create(struct ntvfs_context *ctx, TALLOC_CTX *mem_ctx, struct auth_session_info *session_info, - uint16_t smbpid, uint16_t smbmid, + uint16_t smbpid, struct timeval request_time, void *private_data, void (*send_fn)(struct ntvfs_request *), @@ -43,7 +43,6 @@ req-async_states = NULL; req-session_info = session_info; req-smbpid = smbpid; - req-smbmid = smbmid; req-statistics.request_time= request_time; async = talloc(req, struct ntvfs_async_state); Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_wait.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_wait.c 2006-07-11 18:06:53 UTC (rev 16949) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_wait.c 2006-07-11 18:15:42 UTC (rev 16950) @@ -179,8 +179,7 @@ struct pvfs_wait *pwait; for (pwait=pvfs-wait_list;pwait;pwait=pwait-next) { - if (req-smbmid == pwait-req-smbmid - req-smbpid == pwait-req-smbpid) { + if (pwait-req == req) { /* trigger a cancel on the request */ pwait-reason = PVFS_WAIT_CANCEL; ntvfs_async_setup(pwait-req, pwait); Modified: branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c === --- branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c 2006-07-11 18:06:53 UTC (rev 16949) +++ branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c 2006-07-11 18:15:42 UTC (rev 16950) @@ -1417,7 +1417,6 @@ ntvfs_req = ntvfs_request_create(ntvfs_ctx, mem_ctx, dce_call-conn-auth_state.session_info, 0, -0, dce_call-time, NULL, NULL, 0); W_ERROR_HAVE_NO_MEMORY(ntvfs_req); @@ -1459,7 +1458,6 @@ ntvfs_req =
svn commit: samba r16951 - in branches/SAMBA_4_0/source/torture/smb2: .
Author: metze Date: 2006-07-11 18:21:20 + (Tue, 11 Jul 2006) New Revision: 16951 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16951 Log: add the year to the copyright... metze Modified: branches/SAMBA_4_0/source/torture/smb2/lock.c Changeset: Modified: branches/SAMBA_4_0/source/torture/smb2/lock.c === --- branches/SAMBA_4_0/source/torture/smb2/lock.c 2006-07-11 18:15:42 UTC (rev 16950) +++ branches/SAMBA_4_0/source/torture/smb2/lock.c 2006-07-11 18:21:20 UTC (rev 16951) @@ -3,7 +3,7 @@ SMB2 lock test suite - Copyright (C) Stefan Metzmacher + Copyright (C) Stefan Metzmacher 2006 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
svn commit: samba r16952 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/utils trunk/source/include trunk/source/libads trunk/source/utils
Author: jerry Date: 2006-07-11 18:45:22 + (Tue, 11 Jul 2006) New Revision: 16952 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16952 Log: New derive DES salt code and Krb5 keytab generation Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal - 16 host/[EMAIL PROTECTED] (DES cbc mode with CRC-32) 26 host/[EMAIL PROTECTED] (DES cbc mode with RSA-MD5) 36 host/[EMAIL PROTECTED] (ArcFour with HMAC/md5) 46 host/[EMAIL PROTECTED] (DES cbc mode with CRC-32) 56 host/[EMAIL PROTECTED] (DES cbc mode with RSA-MD5) 66 host/[EMAIL PROTECTED] (ArcFour with HMAC/md5) 76 [EMAIL PROTECTED] (DES cbc mode with CRC-32) 86 [EMAIL PROTECTED] (DES cbc mode with RSA-MD5) 96 [EMAIL PROTECTED] (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys. Modified: branches/SAMBA_3_0/source/include/rpc_ds.h branches/SAMBA_3_0/source/libads/kerberos.c branches/SAMBA_3_0/source/libads/kerberos_keytab.c branches/SAMBA_3_0/source/libads/kerberos_verify.c branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/libads/util.c branches/SAMBA_3_0/source/utils/net_ads.c trunk/source/include/rpc_ds.h trunk/source/libads/kerberos.c trunk/source/libads/kerberos_keytab.c trunk/source/libads/kerberos_verify.c trunk/source/libads/ldap.c trunk/source/libads/util.c trunk/source/utils/net_ads.c Changeset: Sorry, the patch is too large (3275 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16952
svn commit: samba r16953 - branches/SAMBA_3_0/source/rpc_server trunk/source/rpc_server
Author: jerry Date: 2006-07-11 20:02:22 + (Tue, 11 Jul 2006) New Revision: 16953 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16953 Log: Don't allow groups to be renamed to an existing user or other group Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c trunk/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-07-11 18:45:22 UTC (rev 16952) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-07-11 20:02:22 UTC (rev 16953) @@ -4590,6 +4590,10 @@ switch (ctr-level) { case 2: + { + fstring group_name; + enum SID_NAME_USE type; + /* We currently do not support renaming groups in the the BUILTIN domain. Refer to util_builtin.c to understand why. The eventually needs to be fixed to be like Windows @@ -4599,13 +4603,26 @@ return NT_STATUS_SPECIAL_ACCOUNT; } - if ( ctr-alias.info2.name.string ) { - unistr2_to_ascii( info.acct_name, ctr-alias.info2.name.string, - sizeof(info.acct_name)-1 ); + /* There has to be a valid name */ + if ( !ctr-alias.info2.name.string ) + return NT_STATUS_INVALID_PARAMETER; + + unistr2_to_ascii( info.acct_name, ctr-alias.info2.name.string, + sizeof(info.acct_name)-1 ); + + /* make sure the name doesn't already exist as a user + or local group */ + + fstr_sprintf( group_name, %s\\%s, global_myname(), info.acct_name ); + if ( lookup_name( p-mem_ctx, group_name, 0, NULL, NULL, NULL, type) ) { + if ( type == SID_NAME_USER ) { + return NT_STATUS_USER_EXISTS; + } + + return NT_STATUS_ALIAS_EXISTS; } - else - fstrcpy( info.acct_name, ); break; + } case 3: if ( ctr-alias.info3.description.string ) { unistr2_to_ascii( info.acct_desc, Modified: trunk/source/rpc_server/srv_samr_nt.c === --- trunk/source/rpc_server/srv_samr_nt.c 2006-07-11 18:45:22 UTC (rev 16952) +++ trunk/source/rpc_server/srv_samr_nt.c 2006-07-11 20:02:22 UTC (rev 16953) @@ -4590,6 +4590,10 @@ switch (ctr-level) { case 2: + { + fstring group_name; + enum SID_NAME_USE type; + /* We currently do not support renaming groups in the the BUILTIN domain. Refer to util_builtin.c to understand why. The eventually needs to be fixed to be like Windows @@ -4599,13 +4603,26 @@ return NT_STATUS_SPECIAL_ACCOUNT; } - if ( ctr-alias.info2.name.string ) { - unistr2_to_ascii( info.acct_name, ctr-alias.info2.name.string, - sizeof(info.acct_name)-1 ); + /* There has to be a valid name */ + if ( !ctr-alias.info2.name.string ) + return NT_STATUS_INVALID_PARAMETER; + + unistr2_to_ascii( info.acct_name, ctr-alias.info2.name.string, + sizeof(info.acct_name)-1 ); + + /* make sure the name doesn't already exist as a user + or local group */ + + fstr_sprintf( group_name, %s\\%s, global_myname(), info.acct_name ); + if ( lookup_name( p-mem_ctx, group_name, 0, NULL, NULL, NULL, type) ) { + if ( type == SID_NAME_USER ) { + return NT_STATUS_USER_EXISTS; + } + + return NT_STATUS_ALIAS_EXISTS; } - else - fstrcpy( info.acct_name, ); break; + } case 3: if ( ctr-alias.info3.description.string ) { unistr2_to_ascii( info.acct_desc,
svn commit: samba r16954 - branches/SAMBA_3_0/source/rpc_server trunk/source/rpc_server
Author: jerry Date: 2006-07-11 20:31:13 + (Tue, 11 Jul 2006) New Revision: 16954 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16954 Log: Volker reminded me we already have code to do this check. Reuse can_create() to prevent renameing a group to an existing user or group. Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c trunk/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-07-11 20:02:22 UTC (rev 16953) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-07-11 20:31:13 UTC (rev 16954) @@ -4592,7 +4592,7 @@ case 2: { fstring group_name; - enum SID_NAME_USE type; + NTSTATUS status; /* We currently do not support renaming groups in the the BUILTIN domain. Refer to util_builtin.c to understand @@ -4614,13 +4614,9 @@ or local group */ fstr_sprintf( group_name, %s\\%s, global_myname(), info.acct_name ); - if ( lookup_name( p-mem_ctx, group_name, 0, NULL, NULL, NULL, type) ) { - if ( type == SID_NAME_USER ) { - return NT_STATUS_USER_EXISTS; - } - - return NT_STATUS_ALIAS_EXISTS; - } + status = can_create( p-mem_ctx, group_name ); + if ( !NT_STATUS_IS_OK( status ) ) + return status; break; } case 3: Modified: trunk/source/rpc_server/srv_samr_nt.c === --- trunk/source/rpc_server/srv_samr_nt.c 2006-07-11 20:02:22 UTC (rev 16953) +++ trunk/source/rpc_server/srv_samr_nt.c 2006-07-11 20:31:13 UTC (rev 16954) @@ -4592,7 +4592,7 @@ case 2: { fstring group_name; - enum SID_NAME_USE type; + NTSTATUS status; /* We currently do not support renaming groups in the the BUILTIN domain. Refer to util_builtin.c to understand @@ -4614,13 +4614,9 @@ or local group */ fstr_sprintf( group_name, %s\\%s, global_myname(), info.acct_name ); - if ( lookup_name( p-mem_ctx, group_name, 0, NULL, NULL, NULL, type) ) { - if ( type == SID_NAME_USER ) { - return NT_STATUS_USER_EXISTS; - } - - return NT_STATUS_ALIAS_EXISTS; - } + status = can_create( p-mem_ctx, group_name ); + if ( !NT_STATUS_IS_OK( status ) ) + return status; break; } case 3:
svn commit: samba r16955 - branches/SAMBA_3_0/source/libads trunk/source/libads
Author: vlendec Date: 2006-07-11 20:50:50 + (Tue, 11 Jul 2006) New Revision: 16955 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16955 Log: Fix an uninitialized var -- Jerry, please check. Modified: branches/SAMBA_3_0/source/libads/kerberos.c trunk/source/libads/kerberos.c Changeset: Modified: branches/SAMBA_3_0/source/libads/kerberos.c === --- branches/SAMBA_3_0/source/libads/kerberos.c 2006-07-11 20:31:13 UTC (rev 16954) +++ branches/SAMBA_3_0/source/libads/kerberos.c 2006-07-11 20:50:50 UTC (rev 16955) @@ -334,13 +334,13 @@ return False; } + salt = (char*)secrets_fetch( key, NULL ); + if ( !salt ) { DEBUG(8,(kerberos_secrets_fetch_des_salt: NULL salt!\n)); secrets_delete( key ); } - salt = (char*)secrets_fetch( key, NULL ); - SAFE_FREE( key ); return salt; Modified: trunk/source/libads/kerberos.c === --- trunk/source/libads/kerberos.c 2006-07-11 20:31:13 UTC (rev 16954) +++ trunk/source/libads/kerberos.c 2006-07-11 20:50:50 UTC (rev 16955) @@ -334,13 +334,13 @@ return False; } + salt = (char*)secrets_fetch( key, NULL ); + if ( !salt ) { DEBUG(8,(kerberos_secrets_fetch_des_salt: NULL salt!\n)); secrets_delete( key ); } - salt = (char*)secrets_fetch( key, NULL ); - SAFE_FREE( key ); return salt;
svn commit: samba r16956 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: vlendec Date: 2006-07-11 20:54:05 + (Tue, 11 Jul 2006) New Revision: 16956 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16956 Log: Walk some of the samba3 srvsvc code Modified: branches/SAMBA_4_0/source/torture/rpc/rpc.c branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/rpc.c === --- branches/SAMBA_4_0/source/torture/rpc/rpc.c 2006-07-11 20:50:50 UTC (rev 16955) +++ branches/SAMBA_4_0/source/torture/rpc/rpc.c 2006-07-11 20:54:05 UTC (rev 16956) @@ -129,6 +129,7 @@ register_torture_op(RPC-BINDSAMBA3, torture_bind_samba3); register_torture_op(RPC-NETLOGSAMBA3, torture_netlogon_samba3); register_torture_op(RPC-SAMBA3SESSIONKEY, torture_samba3_sessionkey); + register_torture_op(RPC-SAMBA3-SRVSVC, torture_samba3_rpc_srvsvc); register_torture_op(RPC-DRSUAPI, torture_rpc_drsuapi); register_torture_op(RPC-CRACKNAMES, torture_rpc_drsuapi_cracknames); register_torture_op(RPC-ROT, torture_rpc_rot); Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c === --- branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2006-07-11 20:50:50 UTC (rev 16955) +++ branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2006-07-11 20:54:05 UTC (rev 16956) @@ -28,6 +28,8 @@ #include librpc/gen_ndr/ndr_samr_c.h #include librpc/gen_ndr/ndr_netlogon.h #include librpc/gen_ndr/ndr_netlogon_c.h +#include librpc/gen_ndr/ndr_srvsvc.h +#include librpc/gen_ndr/ndr_srvsvc_c.h #include lib/cmdline/popt_common.h #include librpc/rpc/dcerpc.h #include torture/rpc/rpc.h @@ -1139,7 +1141,7 @@ wks_name = get_myname(); } - mem_ctx = talloc_init(torture_bind_authcontext); + mem_ctx = talloc_init(torture_samba3_sessionkey); if (mem_ctx == NULL) { d_printf(talloc_init failed\n); @@ -1211,3 +1213,121 @@ return ret; } + +static BOOL test_NetShareGetInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, +const char *sharename) +{ + NTSTATUS status; + struct srvsvc_NetShareGetInfo r; + uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007 }; + int i; + BOOL ret = True; + + r.in.server_unc = talloc_asprintf(mem_ctx, %s, + dcerpc_server_name(p)); + r.in.share_name = sharename; + + for (i=0;iARRAY_SIZE(levels);i++) { + r.in.level = levels[i]; + + ZERO_STRUCT(r.out); + + printf(testing NetShareGetInfo level %u on share '%s'\n, + r.in.level, r.in.share_name); + + status = dcerpc_srvsvc_NetShareGetInfo(p, mem_ctx, r); + if (!NT_STATUS_IS_OK(status)) { + printf(NetShareGetInfo level %u on share '%s' failed + - %s\n, r.in.level, r.in.share_name, + nt_errstr(status)); + ret = False; + continue; + } + if (!W_ERROR_IS_OK(r.out.result)) { + printf(NetShareGetInfo level %u on share '%s' failed + - %s\n, r.in.level, r.in.share_name, + win_errstr(r.out.result)); + ret = False; + continue; + } + } + + return ret; +} + +static BOOL test_NetShareEnum(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + const char **one_sharename) +{ + NTSTATUS status; + struct srvsvc_NetShareEnum r; + struct srvsvc_NetShareCtr0 c0; + uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007 }; + int i; + BOOL ret = True; + + r.in.server_unc = talloc_asprintf(mem_ctx,%s,dcerpc_server_name(p)); + r.in.ctr.ctr0 = c0; + r.in.ctr.ctr0-count = 0; + r.in.ctr.ctr0-array = NULL; + r.in.max_buffer = (uint32_t)-1; + r.in.resume_handle = NULL; + + for (i=0;iARRAY_SIZE(levels);i++) { + r.in.level = levels[i]; + + ZERO_STRUCT(r.out); + + printf(testing NetShareEnum level %u\n, r.in.level); + status = dcerpc_srvsvc_NetShareEnum(p, mem_ctx, r); + if (!NT_STATUS_IS_OK(status)) { + printf(NetShareEnum level %u failed - %s\n, + r.in.level, nt_errstr(status)); + ret = False; + continue; + } + if (!W_ERROR_IS_OK(r.out.result)) { + printf(NetShareEnum level %u failed - %s\n, + r.in.level, win_errstr(r.out.result)); + continue; + } +
svn commit: samba r16957 - branches/SAMBA_3_0/source/libads trunk/source/libads
Author: jerry Date: 2006-07-11 21:09:13 + (Tue, 11 Jul 2006) New Revision: 16957 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16957 Log: fix cut-n-paste error. The check for 'if (\!salt)' make no sense when fetching the DES salting principal Modified: branches/SAMBA_3_0/source/libads/kerberos.c trunk/source/libads/kerberos.c Changeset: Modified: branches/SAMBA_3_0/source/libads/kerberos.c === --- branches/SAMBA_3_0/source/libads/kerberos.c 2006-07-11 20:54:05 UTC (rev 16956) +++ branches/SAMBA_3_0/source/libads/kerberos.c 2006-07-11 21:09:13 UTC (rev 16957) @@ -336,11 +336,6 @@ salt = (char*)secrets_fetch( key, NULL ); - if ( !salt ) { - DEBUG(8,(kerberos_secrets_fetch_des_salt: NULL salt!\n)); - secrets_delete( key ); - } - SAFE_FREE( key ); return salt; Modified: trunk/source/libads/kerberos.c === --- trunk/source/libads/kerberos.c 2006-07-11 20:54:05 UTC (rev 16956) +++ trunk/source/libads/kerberos.c 2006-07-11 21:09:13 UTC (rev 16957) @@ -336,11 +336,6 @@ salt = (char*)secrets_fetch( key, NULL ); - if ( !salt ) { - DEBUG(8,(kerberos_secrets_fetch_des_salt: NULL salt!\n)); - secrets_delete( key ); - } - SAFE_FREE( key ); return salt;
svn commit: samba r16958 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: vlendec Date: 2006-07-11 21:09:56 + (Tue, 11 Jul 2006) New Revision: 16958 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16958 Log: We also do level 1501 on NetShareGetInfo Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c === --- branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2006-07-11 21:09:13 UTC (rev 16957) +++ branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2006-07-11 21:09:56 UTC (rev 16958) @@ -1219,7 +1219,7 @@ { NTSTATUS status; struct srvsvc_NetShareGetInfo r; - uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007 }; + uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007, 1501 }; int i; BOOL ret = True;
svn commit: samba r16959 - in trunk/source: lib rpc_server script/tests utils
Author: vlendec Date: 2006-07-11 21:10:44 + (Tue, 11 Jul 2006) New Revision: 16959 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16959 Log: get_share_security does not need snum, activate RPC-SAMBA3-SRVSVC Modified: trunk/source/lib/sharesec.c trunk/source/rpc_server/srv_srvsvc_nt.c trunk/source/script/tests/test_posix_s3.sh trunk/source/utils/sharesec.c Changeset: Modified: trunk/source/lib/sharesec.c === --- trunk/source/lib/sharesec.c 2006-07-11 21:09:56 UTC (rev 16958) +++ trunk/source/lib/sharesec.c 2006-07-11 21:10:44 UTC (rev 16959) @@ -108,7 +108,8 @@ Pull a security descriptor from the share tdb. / -SEC_DESC *get_share_security( TALLOC_CTX *ctx, int snum, size_t *psize) +SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, + size_t *psize) { prs_struct ps; fstring key; @@ -122,12 +123,13 @@ /* Fetch security descriptor from tdb */ - slprintf(key, sizeof(key)-1, SECDESC/%s, lp_servicename(snum)); + slprintf(key, sizeof(key)-1, SECDESC/%s, servicename); if (tdb_prs_fetch(share_tdb, key, ps, ctx)!=0 || !sec_io_desc(get_share_security, psd, ps, 1)) { - DEBUG(4,(get_share_security: using default secdesc for %s\n, lp_servicename(snum) )); + DEBUG(4, (get_share_security: using default secdesc for %s\n, + servicename)); return get_share_security_default(ctx, psize, GENERIC_ALL_ACCESS); } Modified: trunk/source/rpc_server/srv_srvsvc_nt.c === --- trunk/source/rpc_server/srv_srvsvc_nt.c 2006-07-11 21:09:56 UTC (rev 16958) +++ trunk/source/rpc_server/srv_srvsvc_nt.c 2006-07-11 21:10:44 UTC (rev 16959) @@ -338,7 +338,7 @@ if (mem_ctx == NULL) return False; - psd = get_share_security(mem_ctx, snum, sd_size); + psd = get_share_security(mem_ctx, lp_servicename(snum), sd_size); if (!psd) goto out; @@ -415,7 +415,7 @@ pstrcpy(passwd, ); - sd = get_share_security(ctx, snum, sd_size); + sd = get_share_security(ctx, lp_servicename(snum), sd_size); init_srv_share_info502(sh502-info_502, net_name, get_share_type(snum), remark, 0, 0x, 1, path, passwd, sd, sd_size); init_srv_share_info502_str(sh502-info_502_str, net_name, remark, path, passwd, sd, sd_size); @@ -493,7 +493,7 @@ ZERO_STRUCTP(sh1501); - sd = get_share_security(ctx, snum, sd_size); + sd = get_share_security(ctx, lp_servicename(snum), sd_size); sh1501-sdb = make_sec_desc_buf(p-mem_ctx, sd_size, sd); } @@ -1684,7 +1684,8 @@ SEC_DESC *old_sd; size_t sd_size; - old_sd = get_share_security(p-mem_ctx, snum, sd_size); + old_sd = get_share_security(p-mem_ctx, lp_servicename(snum), + sd_size); if (old_sd !sec_desc_equal(old_sd, psd)) { if (!set_share_security(p-mem_ctx, share_name, psd)) Modified: trunk/source/script/tests/test_posix_s3.sh === --- trunk/source/script/tests/test_posix_s3.sh 2006-07-11 21:09:56 UTC (rev 16958) +++ trunk/source/script/tests/test_posix_s3.sh 2006-07-11 21:10:44 UTC (rev 16959) @@ -34,6 +34,7 @@ raw=$raw RAW-SAMBA3HIDE RAW-SAMBA3BADPATH rpc=RPC-AUTHCONTEXT RPC-BINDSAMBA3 RPC-NETLOGSAMBA3 RPC-SAMBA3SESSIONKEY +rpc=$rpc RPC-SAMBA3-SRVSVC tests=$base $raw $rpc Modified: trunk/source/utils/sharesec.c === --- trunk/source/utils/sharesec.c 2006-07-11 21:09:56 UTC (rev 16958) +++ trunk/source/utils/sharesec.c 2006-07-11 21:10:44 UTC (rev 16959) @@ -382,7 +382,8 @@ switch ( mode ) { case SMB_ACL_VIEW: - if (!(secdesc = get_share_security( ctx, snum, sd_size )) ) { + if (!(secdesc = get_share_security( ctx, sharename, + sd_size )) ) { fprintf(stderr, Unable to retrieve permissions for share [%s]\n, sharename); return -1; }
svn commit: samba r16960 - branches/SAMBA_3_0/source/libsmb branches/SAMBA_3_0/source/torture trunk/source/libsmb trunk/source/torture
Author: vlendec Date: 2006-07-11 21:23:44 + (Tue, 11 Jul 2006) New Revision: 16960 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16960 Log: Some warnings from host opi Modified: branches/SAMBA_3_0/source/libsmb/clikrb5.c branches/SAMBA_3_0/source/torture/msgtest.c branches/SAMBA_3_0/source/torture/torture.c trunk/source/libsmb/clikrb5.c trunk/source/torture/msgtest.c trunk/source/torture/torture.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clikrb5.c === --- branches/SAMBA_3_0/source/libsmb/clikrb5.c 2006-07-11 21:10:44 UTC (rev 16959) +++ branches/SAMBA_3_0/source/libsmb/clikrb5.c 2006-07-11 21:23:44 UTC (rev 16960) @@ -682,7 +682,7 @@ else err = krb5_auth_con_getlocalsubkey(context, auth_context, skey); if (err == 0 skey != NULL) { - DEBUG(10, (Got KRB5 session key of length %d\n, KRB5_KEY_LENGTH(skey))); + DEBUG(10, (Got KRB5 session key of length %d\n, (int)KRB5_KEY_LENGTH(skey))); *session_key = data_blob(KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey)); dump_data_pw(KRB5 Session Key:\n, session_key-data, session_key-length); Modified: branches/SAMBA_3_0/source/torture/msgtest.c === --- branches/SAMBA_3_0/source/torture/msgtest.c 2006-07-11 21:10:44 UTC (rev 16959) +++ branches/SAMBA_3_0/source/torture/msgtest.c 2006-07-11 21:23:44 UTC (rev 16960) @@ -114,7 +114,7 @@ size_t timelimit = n; size_t ping_count = 0; - printf(Sending pings for %d seconds\n, timelimit); + printf(Sending pings for %d seconds\n, (int)timelimit); while (timeval_elapsed(tv) timelimit) { if(message_send_pid(pid_to_procid(pid), MSG_PING, buf, 11, False)) ping_count++; @@ -127,14 +127,14 @@ } printf(waiting for %d remaining replies (done %d)\n, - ping_count - pong_count, pong_count); + (int)(ping_count - pong_count), pong_count); while (timeval_elapsed(tv) 30 pong_count ping_count) { message_dispatch(); } if (ping_count != pong_count) { - fprintf(stderr, ping test failed! received %d, sent %d\n, - pong_count, ping_count); + fprintf(stderr, ping test failed! received %d, sent + %d\n, pong_count, (int)ping_count); } printf(ping rate of %.0f messages/sec\n, Modified: branches/SAMBA_3_0/source/torture/torture.c === --- branches/SAMBA_3_0/source/torture/torture.c 2006-07-11 21:10:44 UTC (rev 16959) +++ branches/SAMBA_3_0/source/torture/torture.c 2006-07-11 21:23:44 UTC (rev 16960) @@ -503,7 +503,7 @@ if ((bytes_read = cli_read(c2, fnum2, buf_rd, 0, buf_size)) != buf_size) { printf(read failed (%s)\n, cli_errstr(c2)); - printf(read %d, expected %ld\n, bytes_read, + printf(read %d, expected %ld\n, (int)bytes_read, (unsigned long)buf_size); correct = False; break; @@ -4257,7 +4257,8 @@ status = cli_raw_ioctl(cli, fnum, code, blob); if (NT_STATUS_IS_OK(status)) { - printf(ioctl 0x%x OK : %d bytes\n, code, blob.length); + printf(ioctl 0x%x OK : %d bytes\n, (int)code, + blob.length); data_blob_free(blob); } } @@ -4408,7 +4409,7 @@ correct = False; } - printf(num_eas = %d\n, num_eas); + printf(num_eas = %d\n, (int)num_eas); if (num_eas != 20) { printf(Should be 20 EA's stored... failing.\n); @@ -4442,7 +4443,7 @@ correct = False; } - printf(num_eas = %d\n, num_eas); + printf(num_eas = %d\n, (int)num_eas); for (i = 0; i num_eas; i++) { printf(%d: ea_name = %s. Val = , i, ea_list[i].name); dump_data(0, (char *)ea_list[i].value.data, Modified: trunk/source/libsmb/clikrb5.c === --- trunk/source/libsmb/clikrb5.c 2006-07-11 21:10:44 UTC (rev 16959) +++ trunk/source/libsmb/clikrb5.c 2006-07-11 21:23:44 UTC (rev 16960) @@ -682,7 +682,7 @@ else err
Build status as of Wed Jul 12 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-07-11 00:00:03.0 + +++ /home/build/master/cache/broken_results.txt 2006-07-12 00:00:03.0 + @@ -1,18 +1,18 @@ -Build status as of Tue Jul 11 00:00:02 2006 +Build status as of Wed Jul 12 00:00:02 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 -ccache 29 3 0 -distcc 30 2 0 +ccache 30 3 0 +distcc 31 2 0 lorikeet-heimdal 0 0 0 -ppp 17 0 0 +ppp 18 0 0 rsync34 2 0 -samba28 5 0 +samba30 8 0 samba-docs 0 0 0 -samba4 40 27 5 -samba_3_036 10 0 +samba4 40 25 5 +samba_3_036 8 0 smb-build25 25 0 talloc 31 12 0 -tdb 29 10 0 +tdb 29 9 0
svn commit: samba r16961 - in branches/SAMBA_4_0/source/auth/ntlmssp: .
Author: abartlet Date: 2006-07-12 00:02:50 + (Wed, 12 Jul 2006) New Revision: 16961 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16961 Log: Merge 'seperate policy from logic' changes from Samba3. The 56-bit flag is handled just like all the others. Also negotiate the unknown 0x0200 flag, to match windows. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.h branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c Changeset: Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c === --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c2006-07-11 21:23:44 UTC (rev 16960) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c2006-07-12 00:02:50 UTC (rev 16961) @@ -260,9 +260,6 @@ if (!(neg_flags NTLMSSP_NEGOTIATE_128)) { gensec_ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_128; - if (neg_flags NTLMSSP_NEGOTIATE_56) { - gensec_ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_56; - } } if (!(neg_flags NTLMSSP_NEGOTIATE_56)) { @@ -273,6 +270,12 @@ gensec_ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_KEY_EXCH; } + /* Woop Woop - unknown flag for Windows compatibility... + What does this really do ? JRA. */ + if (!(neg_flags NTLMSSP_UNKNOWN_0200)) { + gensec_ntlmssp_state-neg_flags = ~NTLMSSP_UNKNOWN_0200; + } + if ((neg_flags NTLMSSP_REQUEST_TARGET)) { gensec_ntlmssp_state-neg_flags |= NTLMSSP_REQUEST_TARGET; } Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.h === --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.h2006-07-11 21:23:44 UTC (rev 16960) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.h2006-07-12 00:02:50 UTC (rev 16961) @@ -62,6 +62,7 @@ #define NTLMSSP_CHAL_NON_NT_SESSION_KEY0x0004 #define NTLMSSP_NEGOTIATE_NTLM20x0008 #define NTLMSSP_CHAL_TARGET_INFO 0x0080 +#define NTLMSSP_UNKNOWN_0200 0x0200 #define NTLMSSP_NEGOTIATE_128 0x2000 /* 128-bit encryption */ #define NTLMSSP_NEGOTIATE_KEY_EXCH 0x4000 #define NTLMSSP_NEGOTIATE_56 0x8000 Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c === --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c 2006-07-11 21:23:44 UTC (rev 16960) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c 2006-07-12 00:02:50 UTC (rev 16961) @@ -800,7 +800,7 @@ gensec_ntlmssp_state-server_multiple_authentications = False; gensec_ntlmssp_state-neg_flags = - NTLMSSP_NEGOTIATE_NTLM; + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_UNKNOWN_0200; gensec_ntlmssp_state-lm_resp = data_blob(NULL, 0); gensec_ntlmssp_state-nt_resp = data_blob(NULL, 0); @@ -810,6 +810,10 @@ gensec_ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_128; } + if (lp_parm_bool(-1, ntlmssp_server, 56bit, True)) { + gensec_ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_56; + } + if (lp_parm_bool(-1, ntlmssp_server, keyexchange, True)) { gensec_ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; }
svn commit: samba r16962 - in branches/SAMBA_3_0/source: client libsmb
Author: jra Date: 2006-07-12 00:21:14 + (Wed, 12 Jul 2006) New Revision: 16962 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16962 Log: Add a few utility fns into client. Allow POSIX capabilities to be selected. Jeremy. Modified: branches/SAMBA_3_0/source/client/client.c branches/SAMBA_3_0/source/libsmb/clifsinfo.c Changeset: Modified: branches/SAMBA_3_0/source/client/client.c === --- branches/SAMBA_3_0/source/client/client.c 2006-07-12 00:02:50 UTC (rev 16961) +++ branches/SAMBA_3_0/source/client/client.c 2006-07-12 00:21:14 UTC (rev 16962) @@ -1672,7 +1672,8 @@ pstring buf; struct cli_state *targetcli; pstring targetname; - + int fnum; + pstrcpy(mask,cur_dir); if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { @@ -1686,12 +1687,76 @@ return 1; } - cli_nt_create(targetcli, targetname, FILE_READ_DATA); + fnum = cli_nt_create(targetcli, targetname, FILE_READ_DATA); + d_printf(open file %s: fnum %d\n, targetname, fnum); return 0; } +static int cmd_close(void) +{ + fstring buf; + int fnum; + if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { + d_printf(close fnum\n); + return 1; + } + + fnum = atoi(buf); + /* We really should use the targetcli here */ + if (!cli_close(cli, fnum)) { + d_printf(close %d: %s\n, fnum, cli_errstr(cli)); + return 1; + } + return 0; +} + +static int cmd_posix(void) +{ + uint16 major, minor; + uint32 caplow, caphigh; + pstring caps; + + if (!SERVER_HAS_UNIX_CIFS(cli)) { + d_printf(Server doesn't support UNIX CIFS extensions.\n); + return 1; + } + + if (!cli_unix_extensions_version(cli, major, minor, caplow, caphigh)) { + d_printf(Can't get UNIX CIFS extensions version from server.\n); + return 1; + } + + d_printf(Server supports CIFS extensions %u.%u\n, (unsigned int)major, (unsigned int)minor); + + *caps = '\0'; +if (caplow CIFS_UNIX_FCNTL_LOCKS_CAP) { + pstrcat(caps, locks ); + } +if (caplow CIFS_UNIX_POSIX_ACLS_CAP) { + pstrcat(caps, acls ); + } +if (caplow CIFS_UNIX_XATTTR_CAP) { + pstrcat(caps, eas ); + } +if (caplow CIFS_UNIX_POSIX_PATHNAMES_CAP) { + pstrcat(caps, pathnames ); + } + + if (strlen(caps) 0 caps[strlen(caps)-1] == ' ') { + caps[strlen(caps)-1] = '\0'; + } + + if (!cli_set_unix_extensions_capabilities(cli, major, minor, caplow, caphigh)) { + d_printf(Can't set UNIX CIFS extensions capabilities. %s.\n, cli_errstr(cli)); + return 1; + } + + d_printf(Selecting server supported CIFS capabilities %s\n, caps); + return 0; +} + / Remove a directory. / @@ -2784,6 +2849,7 @@ {cd,cmd_cd,[directory] change/report the remote directory,{COMPL_REMOTE,COMPL_NONE}}, {chmod,cmd_chmod,src mode chmod a file using UNIX permission,{COMPL_REMOTE,COMPL_REMOTE}}, {chown,cmd_chown,src uid gid chown a file using UNIX uids and gids,{COMPL_REMOTE,COMPL_REMOTE}}, + {close,cmd_close,fid close a file given a fid,{COMPL_REMOTE,COMPL_REMOTE}}, {del,cmd_del,mask delete all matching files,{COMPL_REMOTE,COMPL_NONE}}, {dir,cmd_dir,mask list the contents of the current directory,{COMPL_REMOTE,COMPL_NONE}}, {du,cmd_du,mask computes the total size of the current directory,{COMPL_REMOTE,COMPL_NONE}}, @@ -2805,6 +2871,7 @@ {mput,cmd_mput,mask put all matching files,{COMPL_REMOTE,COMPL_NONE}}, {newer,cmd_newer,file only mget files newer than the specified local file,{COMPL_LOCAL,COMPL_NONE}}, {open,cmd_open,mask open a file,{COMPL_REMOTE,COMPL_NONE}}, + {posix, cmd_posix, turn on all POSIX capabilities, {COMPL_REMOTE,COMPL_NONE}}, {print,cmd_print,file name print a file,{COMPL_NONE,COMPL_NONE}}, {prompt,cmd_prompt,toggle prompting for filenames for mget and mput,{COMPL_NONE,COMPL_NONE}}, {put,cmd_put,local name [remote name] put a file,{COMPL_LOCAL,COMPL_REMOTE}}, Modified: branches/SAMBA_3_0/source/libsmb/clifsinfo.c === --- branches/SAMBA_3_0/source/libsmb/clifsinfo.c2006-07-12 00:02:50 UTC (rev 16961) +++ branches/SAMBA_3_0/source/libsmb/clifsinfo.c2006-07-12 00:21:14 UTC (rev 16962) @@ -79,6 +79,59 @@ return ret; } +/ + Set UNIX extensions capabilities.
svn commit: samba r16963 - in trunk/source: client libsmb
Author: jra Date: 2006-07-12 00:21:16 + (Wed, 12 Jul 2006) New Revision: 16963 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16963 Log: Add a few utility fns into client. Allow POSIX capabilities to be selected. Jeremy. Modified: trunk/source/client/client.c trunk/source/libsmb/clifsinfo.c Changeset: Modified: trunk/source/client/client.c === --- trunk/source/client/client.c2006-07-12 00:21:14 UTC (rev 16962) +++ trunk/source/client/client.c2006-07-12 00:21:16 UTC (rev 16963) @@ -1672,7 +1672,8 @@ pstring buf; struct cli_state *targetcli; pstring targetname; - + int fnum; + pstrcpy(mask,cur_dir); if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { @@ -1686,12 +1687,76 @@ return 1; } - cli_nt_create(targetcli, targetname, FILE_READ_DATA); + fnum = cli_nt_create(targetcli, targetname, FILE_READ_DATA); + d_printf(open file %s: fnum %d\n, targetname, fnum); return 0; } +static int cmd_close(void) +{ + fstring buf; + int fnum; + if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { + d_printf(close fnum\n); + return 1; + } + + fnum = atoi(buf); + /* We really should use the targetcli here */ + if (!cli_close(cli, fnum)) { + d_printf(close %d: %s\n, fnum, cli_errstr(cli)); + return 1; + } + return 0; +} + +static int cmd_posix(void) +{ + uint16 major, minor; + uint32 caplow, caphigh; + pstring caps; + + if (!SERVER_HAS_UNIX_CIFS(cli)) { + d_printf(Server doesn't support UNIX CIFS extensions.\n); + return 1; + } + + if (!cli_unix_extensions_version(cli, major, minor, caplow, caphigh)) { + d_printf(Can't get UNIX CIFS extensions version from server.\n); + return 1; + } + + d_printf(Server supports CIFS extensions %u.%u\n, (unsigned int)major, (unsigned int)minor); + + *caps = '\0'; +if (caplow CIFS_UNIX_FCNTL_LOCKS_CAP) { + pstrcat(caps, locks ); + } +if (caplow CIFS_UNIX_POSIX_ACLS_CAP) { + pstrcat(caps, acls ); + } +if (caplow CIFS_UNIX_XATTTR_CAP) { + pstrcat(caps, eas ); + } +if (caplow CIFS_UNIX_POSIX_PATHNAMES_CAP) { + pstrcat(caps, pathnames ); + } + + if (strlen(caps) 0 caps[strlen(caps)-1] == ' ') { + caps[strlen(caps)-1] = '\0'; + } + + if (!cli_set_unix_extensions_capabilities(cli, major, minor, caplow, caphigh)) { + d_printf(Can't set UNIX CIFS extensions capabilities. %s.\n, cli_errstr(cli)); + return 1; + } + + d_printf(Selecting server supported CIFS capabilities %s\n, caps); + return 0; +} + / Remove a directory. / @@ -2784,6 +2849,7 @@ {cd,cmd_cd,[directory] change/report the remote directory,{COMPL_REMOTE,COMPL_NONE}}, {chmod,cmd_chmod,src mode chmod a file using UNIX permission,{COMPL_REMOTE,COMPL_REMOTE}}, {chown,cmd_chown,src uid gid chown a file using UNIX uids and gids,{COMPL_REMOTE,COMPL_REMOTE}}, + {close,cmd_close,fid close a file given a fid,{COMPL_REMOTE,COMPL_REMOTE}}, {del,cmd_del,mask delete all matching files,{COMPL_REMOTE,COMPL_NONE}}, {dir,cmd_dir,mask list the contents of the current directory,{COMPL_REMOTE,COMPL_NONE}}, {du,cmd_du,mask computes the total size of the current directory,{COMPL_REMOTE,COMPL_NONE}}, @@ -2805,6 +2871,7 @@ {mput,cmd_mput,mask put all matching files,{COMPL_REMOTE,COMPL_NONE}}, {newer,cmd_newer,file only mget files newer than the specified local file,{COMPL_LOCAL,COMPL_NONE}}, {open,cmd_open,mask open a file,{COMPL_REMOTE,COMPL_NONE}}, + {posix, cmd_posix, turn on all POSIX capabilities, {COMPL_REMOTE,COMPL_NONE}}, {print,cmd_print,file name print a file,{COMPL_NONE,COMPL_NONE}}, {prompt,cmd_prompt,toggle prompting for filenames for mget and mput,{COMPL_NONE,COMPL_NONE}}, {put,cmd_put,local name [remote name] put a file,{COMPL_LOCAL,COMPL_REMOTE}}, Modified: trunk/source/libsmb/clifsinfo.c === --- trunk/source/libsmb/clifsinfo.c 2006-07-12 00:21:14 UTC (rev 16962) +++ trunk/source/libsmb/clifsinfo.c 2006-07-12 00:21:16 UTC (rev 16963) @@ -79,6 +79,59 @@ return ret; } +/ + Set UNIX extensions capabilities. +/ +
svn commit: samba r16964 - in branches/SAMBA_4_0/source/kdc: .
Author: abartlet Date: 2006-07-12 00:56:27 + (Wed, 12 Jul 2006) New Revision: 16964 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=16964 Log: Remove extra debugs no longer required in a working KDC Implement the 'DES only' flag. Andrew Bartlett Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c Changeset: Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c === --- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-07-12 00:21:16 UTC (rev 16963) +++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-07-12 00:56:27 UTC (rev 16964) @@ -98,8 +98,6 @@ { HDBFlags flags = int2HDBFlags(0); - krb5_warnx(context, uf2HDBFlags: userAccountControl: %08x\n, userAccountControl); - /* we don't allow kadmin deletes */ flags.immutable = 1; @@ -151,20 +149,13 @@ } */ /* - if (userAccountControl UF_PASSWORD_CANT_CHANGE) { - flags.invalid = 1; - } + UF_PASSWORD_CANT_CHANGE and UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED are irrelevent */ -/* - if (userAccountControl UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) { - flags.invalid = 1; - } -*/ if (userAccountControl UF_TEMP_DUPLICATE_ACCOUNT) { flags.invalid = 1; } -/* UF_DONT_EXPIRE_PASSWD handled in LDB_message2entry() */ +/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in LDB_message2entry() */ /* if (userAccountControl UF_MNS_LOGON_ACCOUNT) { @@ -182,20 +173,12 @@ flags.proxiable = 1; } -/* - if (userAccountControl UF_SMARTCARD_USE_DES_KEY_ONLY) { - flags.invalid = 1; - } -*/ if (userAccountControl UF_DONT_REQUIRE_PREAUTH) { flags.require_preauth = 0; } else { flags.require_preauth = 1; } - - krb5_warnx(context, uf2HDBFlags: HDBFlags: %08x\n, HDBFlags2int(flags)); - return flags; } @@ -246,8 +229,6 @@ memset(entry_ex, 0, sizeof(*entry_ex)); - krb5_warnx(context, LDB_message2entry:\n); - if (!realm) { krb5_set_error_string(context, talloc_strdup: out of memory); ret = ENOMEM; @@ -395,17 +376,33 @@ ret = ENOMEM; goto out; } - entry_ex-entry.keys.len = ldb_keys-num_values; + entry_ex-entry.keys.len = 0; + /* Decode Kerberos keys into the hdb structure */ - for (i=0; i entry_ex-entry.keys.len; i++) { + for (i=0; i ldb_keys-num_values; i++) { size_t decode_len; + Key key; ret = decode_Key(ldb_keys-values[i].data, ldb_keys-values[i].length, -entry_ex-entry.keys.val[i], decode_len); +key, decode_len); if (ret) { /* Could be bougus data in the entry, or out of memory */ goto out; } + + if (userAccountControl UF_USE_DES_KEY_ONLY) { + switch (key.key.keytype) { + case KEYTYPE_DES: + entry_ex-entry.keys.val[entry_ex-entry.keys.len] = key; + entry_ex-entry.keys.len++; + default: + /* We must use DES keys only */ + break; + } + } else { + entry_ex-entry.keys.val[entry_ex-entry.keys.len] = key; + entry_ex-entry.keys.len++; + } } } @@ -930,8 +927,6 @@ priv-realm_ref_msgs = talloc_steal(priv, realm_ref_msgs); - krb5_warnx(context, LDB_firstkey: realm ok\n); - lret = ldb_search(ldb_ctx, realm_dn, LDB_SCOPE_SUBTREE, (objectClass=user), krb5_attrs, res);