Re: [Samba] Unable to add computer to domain
This is the last progress: When trying to join to domain (I am using Win 2000 Pro SP4 and use root) .. I met the following: The user name could not be found .. Please help .. Thanks Regards Winanjaya - Original Message - From: User 1 [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Tuesday, July 18, 2006 3:19 PM Subject: [Samba] Unable to add computer to domain Dear Expert, Pls help, I am in the progress implementing Samba as LDAP as PDC on FC5, I followed the instruction of samba3-ldap-howto, now I am unable to add computer to domain.. Tried to check /var/log/samba and found the following: [2006/07/18 14:55:44, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 [2006/07/18 14:56:01, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 [2006/07/18 14:56:33, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 [2006/07/18 14:59:43, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 [2006/07/18 15:20:36, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 [2006/07/18 15:21:30, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 Thanks a lot in advance Regards Winanjaya *** Our outgoing mail has been scanned by MSS. ***-*** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba *** Your mail has been scanned by MSS. ***-*** *** Our outgoing mail has been scanned by MSS. ***-*** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch
I have upgraded one of my servers from a 3.0.22 implementation using the rfc2307 patch I supplied some months ago to the 3.0.23 release. I am now getting some unexplaned failures and would like some pointers as to where to start looking. I am getting the following logged in the samba logs when trying to start the servers. zebra.log: Sid S-1-5-32-544 - BUILTIN\Administrators(4) zebra.log: create_local_nt_token: Failed to create BUILTIN\Administrators group! I am also getting the following in the log.winbindd-idmap file. [2006/07/18 11:41:33, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(314) ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute 'gidNumber' I have gidNumber defined for all Unix users and all of their groups and this has been working fine until now. I can access the user homedrive OK, but this failure is occuring when I try to access a share protected by the group access declaration ... e.g. [CoherentWebsites] comment = Coherent Technology Website Data valid users = @cohtech writeable = yes path = /var/www/coherent/websites Anybody able to suggest where I should start looking or any additional log information that might help diagnose. -- Howard Wilkinson Phone: +44(20)76907075 Coherent Technology Limited Fax: 23 Northampton Square, Mobile: +44(7980)639379 London, United Kingdom, EC1V 0HL Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd... PANIC: could not fetch our SID, did we join?
Hi, I have installed samba on my freebsd machine which is connected to my router and I am trying to access the harddrive of the freebsd machine with this winxp machine, which is also connected to the router (by wireless connection). I also have swat enabled and I can initiate nmbd and smbd, however winbindd will not run. When I try to run winbindd from the freebsd command line like so: winbindd -d 2 -i It ends after outputing the line: 'PANIC: Could not fetch our SID - did we join? When I try net getlocalsid it produces the SID number, so I'm not sure where the problem is. Thanks for reading. ST -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Howard Wilkinson Sent: 18 July 2006 11:50 To: samba@lists.samba.org Subject: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch I have upgraded one of my servers from a 3.0.22 implementation using the rfc2307 patch I supplied some months ago to the 3.0.23 release. I am now getting some unexplaned failures and would like some pointers as to where to start looking. The rfc2307 schema compatibility in the 'official' 3.0.23 version has to be turned on in smb.conf with winbind nss info = rfc2307 -- that might be something your older code did automatically. Bob G _ This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat. _ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to add computer to domain
User 1 [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] This is the last progress: When trying to join to domain (I am using Win 2000 Pro SP4 and use root) .. I met the following: The user name could not be found .. Please help .. Thanks Regards Winanjaya Make sure that your workstations can authenticate against ldap. When you type getent passwd and getent group do you see the entries from the ldap directory? See Samba by Example for more information. See the chapter on Making users happy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 43, Issue 24
Hello: I'm away on holidays right now! If this is an Urgent ticket please submit a repair ticket herehttp://ts.sd57.bc.ca I will be checking my mail still every few days Or Page #613-4732 Thanks Benny.nerd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch
No I already had this turned on! Gautier, B (Bob) wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Howard Wilkinson Sent: 18 July 2006 11:50 To: samba@lists.samba.org Subject: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch I have upgraded one of my servers from a 3.0.22 implementation using the rfc2307 patch I supplied some months ago to the 3.0.23 release. I am now getting some unexplaned failures and would like some pointers as to where to start looking. The rfc2307 schema compatibility in the 'official' 3.0.23 version has to be turned on in smb.conf with winbind nss info = rfc2307 -- that might be something your older code did automatically. Bob G _ This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat. _ -- Howard Wilkinson Phone: +44(20)76907075 Coherent Technology Limited Fax: 23 Northampton Square, Mobile: +44(7980)639379 London, United Kingdom, EC1V 0HL Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re:Re:Re...Failed to verify incoming ticket!
Hi Jerry, I wrote in my last message that I could connect to Samba Server with different netbios name,not same as the hostname .. Bu now I can't. While I was working on it I saw such a thing . But I don't now how it occured. My problem is still same as before. This problem stays on my way as a huge rock :( From: Linefeed Feed [EMAIL PROTECTED] ATo: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] Failed to verify incoming ticket! Sent: Monday, July 17, 2006 1:43 PM Hi Gerald, That I want to know, what causes that problem. Because when I connect from Start\Run with IP Address of the Samba box I don't have any problem, but with netbios name I do. Another thing (as I send to samba list) if I change the parameter,netbios name = Diferent_from_SambaHostName, I can connect to Samba Server with netbios name without any problem. What is the wrong? Misconfigured smb.conf,krb5.conf or other. Thanks for your response,, Linefeed Feed wrote: Hi all, I have configured Samba 3.0.10 to act as a file server(RHEL4) in Windows 2000 AD domain. I have also configured Kerberos 1.3.4 for authentication between W2K PDC and Samba box. wbinfo -u and -g works fine. My problem is that I cannot connect Samba Server via Windows Browser, Network Neighborhood, Windows Explorer etc. When I try to connect I prompted User/Password dialog box which says Incorrect password or unknown username for: \\SambaFileServer Failed to verify incoming ticket! There is some krb5 failure, but you don't give enough information to know what. If I go to Start/Run and write Samba Server's IP adress I can connect to shares on that without any problem. The client is falling back to NTLM authentication in this case. cheers, jerry _ Sohbet ve eglence, web kamera ve sesli sohbet Messenger'de. http://messenger.msn.com/?mkt=trDI=3490XAPID=2584 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch
I have managed to isolate where the problem is, now I need to work out what the problem is? I have a group cohtech:*:16777225:lesley,howard,ecbull in which I am a member - howard. I have a valid users = +cohtech entry in smb.conf for the share I am trying to connect to, I get the following reported in the machine.log file - zebra.log: string_to_sid: Sid +cohtech does not start with 'S-'. and the users get rejected. If I declare the user directly then access is allowed. This server gets its group database from the AD controllers via RFC2307. Anybody know why group expansion may be broken in 3.0.23? Howard Wilkinson wrote: No I already had this turned on! Gautier, B (Bob) wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Howard Wilkinson Sent: 18 July 2006 11:50 To: samba@lists.samba.org Subject: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch I have upgraded one of my servers from a 3.0.22 implementation using the rfc2307 patch I supplied some months ago to the 3.0.23 release. I am now getting some unexplaned failures and would like some pointers as to where to start looking. The rfc2307 schema compatibility in the 'official' 3.0.23 version has to be turned on in smb.conf with winbind nss info = rfc2307 -- that might be something your older code did automatically. Bob G _ This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat. _ -- Howard Wilkinson Phone: +44(20)76907075 Coherent Technology Limited Fax: 23 Northampton Square, Mobile: +44(7980)639379 London, United Kingdom, EC1V 0HL Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch
Maybe it's because some default values for winbind settings have changed. The relaesenotes say: winbind enum users Changed default No winbind enum groups Changed default No winbind nested groupsChanged default Yes Howard Wilkinson schrieb: I have managed to isolate where the problem is, now I need to work out what the problem is? I have a group cohtech:*:16777225:lesley,howard,ecbull in which I am a member - howard. I have a valid users = +cohtech entry in smb.conf for the share I am trying to connect to, I get the following reported in the machine.log file - zebra.log: string_to_sid: Sid +cohtech does not start with 'S-'. and the users get rejected. If I declare the user directly then access is allowed. This server gets its group database from the AD controllers via RFC2307. Anybody know why group expansion may be broken in 3.0.23? Howard Wilkinson wrote: No I already had this turned on! Gautier, B (Bob) wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Howard Wilkinson Sent: 18 July 2006 11:50 To: samba@lists.samba.org Subject: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch I have upgraded one of my servers from a 3.0.22 implementation using the rfc2307 patch I supplied some months ago to the 3.0.23 release. I am now getting some unexplaned failures and would like some pointers as to where to start looking. The rfc2307 schema compatibility in the 'official' 3.0.23 version has to be turned on in smb.conf with winbind nss info = rfc2307 -- that might be something your older code did automatically. Bob G _ This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat. _ -- Mit freundlichen Grüßen Dietrich Streifert Visionet GmbH -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP No Longer Connects to Samba Server
Fedora Core 4 and Fedora Core 5 (same problem on both machines). Issue has arisen since yum update to upgrade Samba from 3.0.22 to 3.0.23 - i.e. I have made no configuration changes to what was a fully working samba setup, problem appeared immediately following the update. Client PCs running Windows XP fail to connect to the samba share. Persistently prompt for a username /password. I know this isn't much to go on, but I can provide debug logs and more detail if required. From looking at the Fedora forum, this seems to be affecting other users apart from just myself so there may have been other reports aside from this one, or already be a known issue. Geoff Calvert IT Officer Oxford University Centre for the Environment -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to get login name of logged user?
Hello list. Is there any way to get login name of a currently logged user on remote machine using samba? I can get the list of all users with command smbclient -L host, but how do I know who of them logged now? Thanks in advance. Roman Gorohov. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Setting up samba in a mutil-subnet environment
I have a large fileserver located in the server room for our university. Its subnet is different from where the majority of our computers are located, and so the client machines will not be able to see the broadcasts. I'm realativly new to using samba, but my idea is to move our current PDC(using ldap) and put it on the fileserver, and put a domain member local(on same subnet) to our computer lab. I've done this before when the lab next door required that their machines be isolated from the internet. The domain member machine was also a gateway+firewall. Is this idea sound? Currently our PDC is local the our machines and uses autofs to mount the homes, which has caused some problems. Running samba ver 3.0.22 on both RHEL v4 local server and Solaris 10 fileserver. Physics is like sex: sure, it may give some practical results, but that's not why we do it. ~ Richard Feynman __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fw: [Samba] Compiling 3.0.23
I didn't get any answers on this last week. I'm hoping that someone has some thoughts on it. I'm on AIX 5.3 using gcc 4.0.0 and I'm trying to compile samba 3.0.23. I get the following error: smbd/server.c: In function 'main': smbd/server.c:748: error: 'POPT_ARG_VAL' undeclared (first use in this function) smbd/server.c:748: error: (Each undeclared identifier is reported only once smbd/server.c:748: error: for each function it appears in.) smbd/server.c:766: warning: passing argument 3 of 'poptGetContext' from incompat ible pointer type make: 1254-004 The error code from the last command is 1. Any suggestions on how to proceed? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind periodically does 44 extraneous lookups, causing 10-15 second lag
The setting is Debian with winbind v3.0.22. The pertinent bit of winbind configuration is as follows: winbind nss info = sfu idmap backend = ad winbind enum groups = yes winbind cache time = 1800 The problem is that once in a while, typically when either: a) an ls command is given for the 1st time in a login shell session or b) a groups command is given for a username for the 1st time in a login shell session there is a 10 to 15 second delay before the ls(1) or groups(1) command yields any output. If the same command is given again, it returns normally, with no delay. I captured the output of strace -f -T on two such groups(1) commands, the first with the large delay, and the 2nd with no abnormal delay. From the output, the delay seems to be coming from read()'s from a winbind pipe, for 44 different groups. Here is an example snippet from the strace output: 22191 mmap2(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55749000 0.05 22191 select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) 0.05 22191 read(4, frei-group\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0..., 134046) = 134046 0.000212 22191 munmap(0x55749000, 135168)= 0 0.14 you can see the rather large time spent in the read() call. It should be pointed out that the 44 groups that take a long time, are all for groups to which the username used in the groups command does not belong. In other words, there is no apparent reason why the lookup is being done for those groups : the username I ran the groups command for does not belong to these 44 groups. Does anyone know why this is happening, and what I could do to remove or minimize the initial large delay? -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch
Well, I didn't see the last bit you describe, but I don't run RFC2307 (yet). We we bit by very similar behavior when moving from 3.0.22 to the 3.0.23 RC's. Turns out that the use-default-domain option is not being universally applied to groups in 3.0.23. As soon as I changed my valid users = +group statements to the format = +domain\group, then this problem was fixed for us. Maybe it will do the trick for you... Cheers, -D At 07:41 AM 7/18/2006, Howard Wilkinson wrote: I have managed to isolate where the problem is, now I need to work out what the problem is? I have a group cohtech:*:16777225:lesley,howard,ecbull in which I am a member - howard. I have a valid users = +cohtech entry in smb.conf for the share I am trying to connect to, I get the following reported in the machine.log file - zebra.log: string_to_sid: Sid +cohtech does not start with 'S-'. and the users get rejected. If I declare the user directly then access is allowed. This server gets its group database from the AD controllers via RFC2307. Anybody know why group expansion may be broken in 3.0.23? Don Meyer [EMAIL PROTECTED] Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety. -- Benjamin Franklin, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
Rex Dieter wrote: Dietrich Streifert wrote: I found a bug in nsswitch/pam_winbind.c which I reported to https://bugzilla.samba.org/show_bug.cgi?id=3916 I submitted shortly a patch which solves the issue. I can confirm that patch works as advertised, and fixes the issue for me. Many thanks Dietrich. I take it back, after further testing, I'm still seeing wierd winbind/pam behavior. On my first test machine, all seemed well. On another box, with *exactly* same smb.conf (that was working previously with samba-3.0.22), things aren't so rosy: Using log level = 1 winbind:8 authentication/login attempts fail with these filling /var/log/messages: # Jul 18 10:47:59 foo pam_winbind[27236]: read from socket failed! Jul 18 10:47:59 foo pam_winbind[27236]: internal module error (retval = 3, user = `bar1') Hmm... and $ net ads ... commands hang too... with periodic log entries saying: Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] lib/util_sock.c:write_data(564) Jul 18 10:48:30 foo winbindd[27214]: write_data: write failure. Error = Broken pipe Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] nsswitch/winbindd_dual.c:fork_domain_child(825) Jul 18 10:48:30 foo winbindd[27214]: Could not write result Jul 18 10:49:43 foo winbindd[27228]: [2006/07/18 10:49:43, 0] nsswitch/winbindd_dual.c:child_read_request(49) Jul 18 10:49:43 foo winbindd[27228]: Got invalid request length: 0 Wierd, I'll keep looking... -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Setting security = server with differents domains
Hello people. Can I have one machine with parameter security = server and the workgroup different of password server?? Ex: My PDC: [global] netbios name = serv1 wokgroup = dom1 security = user ... ... .. My DMS {global] netbios name = serv2 workgroup = dom2 security = server password server = serv1 ... ... ... This setting can work?? Thanks -- Kalil de A. Carvalho. Setor de Redes. +55-84-3215-1236/8845-9998 Associação Potiguar de Educação e Cultura - APEC Universidade Potiguar - UnP Natal/RN -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 4 Test deployment with SWAT
Hi, We are testing out Samba 4 TP2 release. We have configured Samba4 on an i386 running Linux 2.6.12.6. We are trying to get the SWAT GUI functional in this system, but it refuses login with the message *Login failed: Undetermined error - please try again * Trying as 'root' and root password on the local machine or trying as any another user fails too with this same error message. After configure, make and make install successfully Samba 4 in /usr/local/samba4 we ran the provision command as below and the output is as below. ./setup/provision --adminpass=testpass --domain=testdomain --realm=testrealm Provisioning for testdomain in realm testrealm Using administrator password: testpass Setting up smb.conf Setting up secrets.ldb Setting up keytabs Setting up hklm.ldb Setting up sam.ldb attributes Setting up sam.ldb schema Setting up display specifiers Setting up sam.ldb templates Setting up sam.ldb data Setting up sam.ldb users and groups Setting up DNS zone: testrealm Please install the zone located in /usr/local/samba4/private/testrealm.zone into your DNS server All OK Here the testrealm, testdomain are not present in the environment. ie. We dont have a domain setup in this environment. (#dnsdomainname returns (none)) We have had success in running Samba 3.0.2 successfully in the same environment. (Linux 2.6.12.6 in a different system) So what else need to be done to enable login thro' SWAT GUI. Is SWAT bundled along with 'smbd' in Samba 4 ? Is 'smbpasswd' utility in Samba 3.0.2 removed in Samba 4 or again brought into 'smbd' itself? Is 'nmbd' also now (Samba 4) part of 'smbd' itself? Please let us know what changes have to be effected to login thro' SWAT GUI. Thanks Rainer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0.22 - samba-3.0.23 pam_winbind issue(s)
Rex Dieter wrote: Rex Dieter wrote: Dietrich Streifert wrote: I found a bug in nsswitch/pam_winbind.c which I reported to https://bugzilla.samba.org/show_bug.cgi?id=3916 I submitted shortly a patch which solves the issue. I can confirm that patch works as advertised, and fixes the issue for me. Many thanks Dietrich. I take it back, after further testing, I'm still seeing wierd winbind/pam behavior. On my first test machine, all seemed well. On another box, with *exactly* same smb.conf (that was working previously with samba-3.0.22), things aren't so rosy: Using log level = 1 winbind:8 authentication/login attempts fail with these filling /var/log/messages: # Jul 18 10:47:59 foo pam_winbind[27236]: read from socket failed! Jul 18 10:47:59 foo pam_winbind[27236]: internal module error (retval = 3, user = `bar1') Hmm... and $ net ads ... commands hang too... with periodic log entries saying: Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] lib/util_sock.c:write_data(564) Jul 18 10:48:30 foo winbindd[27214]: write_data: write failure. Error = Broken pipe Jul 18 10:48:30 foo winbindd[27214]: [2006/07/18 10:48:30, 0] nsswitch/winbindd_dual.c:fork_domain_child(825) Jul 18 10:48:30 foo winbindd[27214]: Could not write result Jul 18 10:49:43 foo winbindd[27228]: [2006/07/18 10:49:43, 0] nsswitch/winbindd_dual.c:child_read_request(49) Jul 18 10:49:43 foo winbindd[27228]: Got invalid request length: 0 Wierd, I'll keep looking... OK, this one looks like .tdb table upgrade problems. To get my working samba-3.0.22 box working with samba-3.0.23, I needed to: 1) stop winbind 2) delete everything from /var/cache/samba/, which includes: gencache.tdb messages.tdb netsamlogon_cache.tdb winbindd_cache.tdb winbindd_idmap.tdb winbindd_privileged/ 3) (re)join domain via 'net ads join' 4) (re)start winbind Just tried upgrading yet another working samba-3.0.22 box to 3.0.23, and, [EMAIL PROTECTED], that one worked mostly, except, now local accounts aren't working... (this *is* an ancient rh7 box, so that may have something to do with it). -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] winbind periodically does 44 extraneous lookups, causing 10-15 second lag
winbind enum groups = yes Does anyone know why this is happening, and what I could do to remove or minimize the initial large delay? I see a similar behavior with the Debian 3.0.14a and 3.0.22 packages. My guess is that you won't see this if you don't enumerate groups. See http://samba.org/samba/docs/man/Samba3-HOWTO/idmapper.html If I understand winbind correctly, your setup is asking winbind to refresh all of the groups, not just ask which groups the user may be a member of. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] profile question
hello, i have a profile question here under is my profile definition. it's nothing more than the one from the idealx samba howto. profiles just work fine on my box BUT i want more ... i want a manager to have read/write acces on every users' profile subdirectory for troubleshooting from his windows workstation with invoking \\server\profiles. he's in the domain admins. How to do that Thank you for any help, i tried different scenarios (samba tweaking, acls inheritance and so on) for an afternoon and didnt find one working. ELH [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @Domain Admins -- Éric LE HÉNAFF École normale supérieure - Centre de ressources informatiques Informaticien, Ingénieur développements et systèmes auprès des bibliothèques de l'ENS Préférez firefox! http://www.mozilla-europe.org/fr/ SVP, évitez de m'envoyer des attachements au format Word, Excel ou PowerPoint. Préférez les formats rtf, csv, html ou pdf au lieu des formats word et excel. Voir http://www.gnu.org/philosophy/no-word-attachments.fr.html pour plus d'explications. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch
Don, you are a genius, this fixed it! Anybody know why? Howard. Don Meyer wrote: Well, I didn't see the last bit you describe, but I don't run RFC2307 (yet). We we bit by very similar behavior when moving from 3.0.22 to the 3.0.23 RC's. Turns out that the use-default-domain option is not being universally applied to groups in 3.0.23. As soon as I changed my valid users = +group statements to the format = +domain\group, then this problem was fixed for us. Maybe it will do the trick for you... Cheers, -D At 07:41 AM 7/18/2006, Howard Wilkinson wrote: I have managed to isolate where the problem is, now I need to work out what the problem is? I have a group cohtech:*:16777225:lesley,howard,ecbull in which I am a member - howard. I have a valid users = +cohtech entry in smb.conf for the share I am trying to connect to, I get the following reported in the machine.log file - zebra.log: string_to_sid: Sid +cohtech does not start with 'S-'. and the users get rejected. If I declare the user directly then access is allowed. This server gets its group database from the AD controllers via RFC2307. Anybody know why group expansion may be broken in 3.0.23? Don Meyer [EMAIL PROTECTED] Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety. -- Benjamin Franklin, 1759 -- Howard Wilkinson Phone: +44(20)76907075 Coherent Technology Limited Fax: 23 Northampton Square, Mobile: +44(7980)639379 London, United Kingdom, EC1V 0HL Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbd panic on security = ADS
I have a samba server that was updated to samba v3.0.22 and is not working. It is a fileserver for the network, it's a member of the ADS and it was working perfectly up until saturday. It doesn't panic when I change security = ADS to security = server, unfortunately I need ADS auth. I've tried to down grade back to 3.0.14a with no luck, It looks like it might be samba's interaction with libldap and or libnss_mdns, both of which I've tried to downgrade as well. Thanks for any help, Brian smbd.log: [2006/07/18 09:22:53, 0] lib/fault.c:fault_report(36) === [2006/07/18 09:22:53, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 15071 (3.0.22) Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/07/18 09:22:53, 0] lib/fault.c:fault_report(39) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2006/07/18 09:22:53, 0] lib/fault.c:fault_report(40) === [2006/07/18 09:22:53, 0] lib/util.c:smb_panic2(1554) PANIC: internal error [2006/07/18 09:22:53, 0] lib/util.c:smb_panic2(1562) BACKTRACE: 25 stack frames: #0 /usr/sbin/smbd(smb_panic2+0x78) [0x81ffea8] #1 /usr/sbin/smbd(smb_panic+0x19) [0x82000a5] #2 /usr/sbin/smbd [0x81ee1b5] #3 [0xe420] #4 /lib/libnss_mdns.so.2 [0xb77826d3] #5 /lib/libnss_mdns.so.2 [0xb7782941] #6 /lib/libnss_mdns.so.2(mdns_query_ipv4+0xa7) [0xb7782a24] #7 /lib/libnss_mdns.so.2(_nss_mdns_gethostbyaddr_r+0x134) [0xb77840c0] #8 /lib/tls/i686/cmov/libc.so.6(gethostbyaddr_r+0x156) [0xb7cdb1f6] #9 /lib/tls/i686/cmov/libc.so.6(getnameinfo+0x41c) [0xb7ce328c] #10 /usr/lib/libldap_r.so.2(ldap_pvt_get_hname+0x5a) [0xb7f3af24] #11 /usr/lib/libldap_r.so.2(ldap_host_connected_to+0x132) [0xb7f36bc9] #12 /usr/lib/libldap_r.so.2(ldap_int_open_connection+0x1bb) [0xb7f232a5] #13 /usr/lib/libldap_r.so.2(ldap_new_connection+0x7d) [0xb7f34544] #14 /usr/lib/libldap_r.so.2(ldap_open_defconn+0x3d) [0xb7f22c71] #15 /usr/lib/libldap_r.so.2(ldap_open+0x43) [0xb7f22fa0] #16 /usr/sbin/smbd(ldap_open_with_timeout+0x42) [0x8267e51] #17 /usr/sbin/smbd(ads_try_connect+0x44) [0x8267f8a] #18 /usr/sbin/smbd(ads_connect+0x53d) [0x826dbdf] #19 /usr/sbin/smbd(check_published_printers+0xb2) [0x822918c] #20 /usr/sbin/smbd(nt_printing_init+0x2e0) [0x822960b] #21 /usr/sbin/smbd(print_backend_init+0x148) [0x8218821] #22 /usr/sbin/smbd(main+0x3b4) [0x828afc7] #23 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xd2) [0xb7c11ea2] #24 /usr/sbin/smbd [0x807ebb1] (I've sanitized the smb.conf file but it worked perfectly for the last 6 months to a year as-is.) [global] workgroup = DOMAINGROUP realm = DOMAIN.LOCAL server string = security = ADS password server = 192.168.1.10 log file = /var/log/samba/%m.log max log size = 50 server signing = auto socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 printcap name = /etc/printcap preferred master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 cups options = raw [Documents] comment = Documents path = /home/Documents valid users = @DOMAIN\domain users, @DOMAIN\domain admins admin users = @DOMAIN\domain admins write list = @DOMAIN\domain users, @DOMAIN\domain admins read only = No create mask = 0770 directory mask = 0770 case sensitive = No msdfs proxy = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind periodically does 44 extraneous lookups, causing 10-15 second lag
* James Zuelow [EMAIL PROTECTED] [060718 11:22]: winbind enum groups = yes Does anyone know why this is happening, and what I could do to remove or minimize the initial large delay? I see a similar behavior with the Debian 3.0.14a and 3.0.22 packages. My guess is that you won't see this if you don't enumerate groups. See http://samba.org/samba/docs/man/Samba3-HOWTO/idmapper.html If I understand winbind correctly, your setup is asking winbind to refresh all of the groups, not just ask which groups the user may be a member of. You are correct - after setting 'winbind enum groups = no', I no longer see the initial large delay. Thanks! The other change I notice is that now 'groups username' doesn't show all groups the user belongs to. To know that, I must be logged in as 'username', and simple type 'groups'. Can anyone give a few examples of other programs which depend on getgrent ? I.e. what are the other ramifications of turning off group enum in winbind? -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Kerberos Keytab Code Update in 3.0.23
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Doug, File a bug report if you believe this to be true. I'm not at 3.0.23 right now and don't have the time to try it here. I wouldn't want to lose this. I did see a mention they dropped support of joins from machines where the domain differs from the realm, but haven't had time to check this. There has been a rewrite of the ads join code since 3.0.22. Doug, You should probably review my comments to Scott. Keytab support is being rewritten, not dropped. I was saying dns domain not equal realm dropped and rewrite ads join code Just that windows doesn't guarantee case in names. For example, on my login, the current tickets show up as HOST/[EMAIL PROTECTED] host/[EMAIL PROTECTED] HOST/[EMAIL PROTECTED] HOST/[EMAIL PROTECTED] Your tickets where? From kerbtray.exe? Or on a Unix box? kerbtray klist I just an not seeing this case permutation you claim. NT40 sidhistory migration to 2000 AD then standard 2000 AD upgraded to 2003 standard AD then 2003 standard upgraded to 2003 enterprise. What is the list of SPNs for that Samba account in AD? samba 3.0.23, created account in AD SPN's CIFS/stor CIFS/stor.nt.ldxnet.com HOST/STOR HOST/stor.nt.ldxnet.com klist on 2003 server Server: cifs/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 7/18/2006 18:53:02 Renew Time: 7/25/2006 8:53:02 Can you tell what applications are generating these requests so I can reproduce it? Domain controller browsing to stor's shares. PS: I asked out Apache guy (at Centeris) who is working with mod_auth_kerb and he claims that krb5 authentication to http://SerVer.ExaMple.COM still gets a ticket for HTTP/server.example.com which supports my theory about tickets based on SPN values. Yes, it works with rc4-hmac. But it's been coming back to me. It didn't work with des-cbc-md5 until the permutations were added. How soon we forget. It's really difficult to test des-only now. Have to join with rc4, then hand edit with adsi.exe in the AD, then remove the rc4 from krb5.conf and reboot the machine to purge the caches, because samba set's the des-only on a compile time flag. For information, here's the list of tickets on the domain controller after browsing an older, running samba server joined years ago, and a win2000 workstation: Cached Tickets: (6) Server: krbtgt/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 7/18/2006 18:53:02 Renew Time: 7/25/2006 8:53:02 (win2000 workstation) Server: cifs/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 7/18/2006 18:53:02 Renew Time: 7/25/2006 8:53:02 (FC3 - krb5 1.3.6) Server: cifs/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 7/18/2006 18:53:02 Renew Time: 7/25/2006 8:53:02 (Domain controller) Server: ldap/ranger1.nt.ldxnet.com/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 7/18/2006 18:53:02 Renew Time: 7/25/2006 8:53:02 (FC4 - long running samba currently at 3.0.23pre2-SVN-build-15985) Server: cifs/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 7/18/2006 18:53:02 Renew Time: 7/25/2006 8:53:02 (Domain controller) Server: host/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 7/18/2006 18:53:02 Renew Time: 7/25/2006 8:53:02 Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Weird statup probems TLS SSL openldap and samba 3.0.23
Hello, I am kind of confused with this situation. I am attempting to build a PDC using TLS/SSL with the following version of software. Samba 3.0.23 OpenLDAP 2.3.19 Fedora Core 5 When I startup the Samba server via the service command (service smb start) I get the following errors in my logs. Using SSL: Jul 13 09:52:34 prism smbd[23161]: smbldap_search_suffix: Problem during the LDAP search: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (Time limit exceeded) Jul 13 09:52:34 prism smbd[23161]: [2006/07/13 09:52:34, 0] lib/smbldap.c:smb_ldap_start_tls(546) Jul 13 09:52:34 prism smbd[23161]: Failed to issue the StartTLS instruction: Can't contact LDAP server Using TLS Jul 18 10:32:09 prism smbd[7441]: [2006/07/18 10:32:09, 0] lib/smbldap.c:smb_ldap_start_tls(612) Jul 18 10:32:09 prism smbd[7441]: Failed to issue the StartTLS instruction: Connect error But when I start up Samba issuing this command /etc/init.d/smb start, it works. This this a bug in the service command. Did I mis-configured something? Is there any thing I can try to debug this problem? I've included the configuration files for samba and ldap. I've hid the actual hostname and DIT. Thanks! /etc/openldap/ldap.conf ** URI ldaps://.com - BASE dc=,dc=,dc=com TLS_REQCERT demand TLS_CACERT /etc/openldap/ca.crt TLS_CERT /etc/openldap/server.crt TLS_KEY /etc/openldap/server.key /etc/openldap/slap.conf ** include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd/slapd.args databasebdb suffix dc=,dc=,dc=com rootdn cn=Manager,dc=,dc=,dc=com rootpw {SSHA}xxx directory /var/lib/ldap index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index objectClass eq index memberUid eq,subinitial index mail eq,subinitial index givenname eq,subinitial index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub #Access to read the root DSE (DSA [Directory System Agent] Specific Entry) access to dn.base= by self write by * auth access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by * read by anonymous auth security tls=1 TLSCACertificateFile /etc/openldap/ca.crt TLSCertificateFile /etc/openldap/server.crt TLSCertificateKeyFile /etc/openldap/server.key TLSVerifyClient demand /etc/ldap.conf *** uri ldap://.com host .com port 389 ssl start_tls tls_reqcert demand tls_checkpeer yes tls_cert /etc/openldap/server.crt tls_key /etc/openldap/server.key tls_cacertfile /etc/openldap/ca.crt base dc=,dc=,dc=com binddn cn=Manager,dc=,dc=,dc=com bindpw T nss_base_passwd ou=Users,dc=,dc=,dc=com?one nss_base_passwd ou=Computers,dc=,dc=,dc=com?one nss_base_shadow ou=Users,dc=,dc=,dc=com?one nss_base_groupou=Groups,dc=,dc=,dc=com?one nss_base_hostsou=Hosts,dc=,dc=,dc=com?one pam_password md5 /etc/samba/smb.conf - Just the global portion. *** [global] # Your Workgroup Name workgroup = TEST-PURPLE # Server name netbios name = TEST-PURPLE passdb backend = ldapsam:ldap://.com username map = /etc/samba/smbusers printcap name = cups add user script = /usr/local/sbin/smbldap-useradd -m '%u' delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -w '%u' enable privileges = yes #Domain Controller setup domain logons = Yes os level = 44 preferred master = Yes domain master = Yes show add printer wizard = Yes #OpenLdap ldap suffix = dc=,dc=,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=,dc=,dc=com ldap passwd sync
RE:[Samba] scripting smbpasswd not working..
Hello all, I'm sure I can't be the only person with this question.. but I just didn't see it answered.. how do you script smbpasswd? I've tried echo password | smbpasswd -sa name smbpasswd -sa name password echo password | smbpasswd -D5sa name (this gets me the ability to add a password by hand..) Funny, I was just researching this myself. Found out that this is the correct syntax, and it seems to work fine: (echo $pass;echo $pass)|smbpasswd -s -a $user Thanks, Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to add computer to domain
On Tue, 18 Jul 2006, User 1 wrote: Pls help, I am in the progress implementing Samba as LDAP as PDC on FC5, I followed the instruction of samba3-ldap-howto, now I am unable to add computer to domain.. Tried to check /var/log/samba and found the following: [2006/07/18 14:55:44, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w nb02$' gave 9 Hmm... $ grep -c 'exit.*9' smbldap-useradd 1 Seems like since there is only one way for smbldap-useradd to exit with code 9, maybe that's something you should look into. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] subfolder permission
Hi, Can Anyone help me out with subfolder permissions?.. Searched everywhere for tips on how to setup a system with a main folder shared and subfolders shared to X, Y and Z groups . Its been a very £$^* task and am running out of options We need to separate 2 departments having access to the same folder Eg:- Company Accounts Human Resources Each group should have full access to its group and no access to the other. Ive tried multiple versions of SMB.conf Even tried playing with linux file permission but too much of a novice to get the thing running professionally and smoothly. My Superiors are seriously thinking of moving back to the competition PLEASE HELP! Julien de Luca Integrated Systems Ltd http://integratedsystemsmru.com/ http://www.bitdefender.com http://www.bitdefender.com/ - secure your every bit - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't save 0 size file in samba 2.0.7
Anyone didn't encountered the problem? and someone have suggestion for me ? Well the problem is it works fine with the latest version of Samba (I tested with 3.0.21rc2) so I doubt anyone is interested in fixing a version that nobody should be using any more. It looks like you'll need to track down the bug and fix it yourself if you don't want to upgrade! Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch
Yes, I'm pretty sure Jerry Carter does. ([EMAIL PROTECTED]) He's posted that he expects a patch for this to be included in the 3.0.23a release -- due sometime real soon now... ;-) Cheers, -D At 12:03 PM 7/18/2006, Howard Wilkinson wrote: you are a genius, this fixed it! Anybody know why? Howard. Don Meyer wrote: Well, I didn't see the last bit you describe, but I don't run RFC2307 (yet). We we bit by very similar behavior when moving from 3.0.22 to the 3.0.23 RC's. Turns out that the use-default-domain option is not being universally applied to groups in 3.0.23. As soon as I changed my valid users = +group statements to the format = +domain\group, then this problem was fixed for us. Maybe it will do the trick for you... Don Meyer [EMAIL PROTECTED] Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety. -- Benjamin Franklin, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] New Server: need to transfer PDC to new server
Kevin, You need to provide the list with more information, what backend database are you using - have you read the documentation available on the samba site? In any case you need to set the sid to be the same on the bdc as the pdc; net getlocalsid, then net setlocalsid sidnumberhere. If you are using ldap database, slapcat -v -l database.txt, go to your new server and add the database.txt with slapadd -v -l database.txt. Adrian Sender. From: Kevin Kallsen [EMAIL PROTECTED] To: samba@lists.samba.org Subject: [Samba] New Server: need to transfer PDC to new server Sent: Tuesday, 18 July 2006 6:17:12 AM I have Samba 3.0.22 running as a PDC on a server. We recently bought a new server and I want to transfers the PDC settings to the new server and turn off the old server. What do I need to do? Thanks Kevin Kallsen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd panic on security = ADS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Milco wrote: I've tried to down grade back to 3.0.14a with no luck, It looks like it might be samba's interaction with libldap and or libnss_mdns, both of which I've tried to downgrade as well. This is not our bug. You'll have to contact the /lib/libnss_mdns.so.2 maintainers. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEvXfjIR7qMdg1EfYRAt30AKCe2od4W+YCXmBijfdu5efT1FVE3gCgqG2e WKFpgSs4yMvM7zb8AttsbEs= =9MgN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Speeding up samba
Hi-- My old samba server, running on a RedHat 9.0 eMachines box, ran well. It died this weekend. So I took a new Ubuntu 6.06 box and restored the data files here and turned it into a samba server. My other two Ubuntu boxes (which mount cifs) and my two Win boxes (one XP Pro, one Win95) are all slow on this network now. Are there any tricks for speeding up samba generally? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] archive flag in samba?
Hi-- My previous install of Samba was on a RedHat 9.0 box which just died. I am used to running a backup of the server to a WinXP Pro box, using a batch file with a bunch of xcopy commands to copy just the files which have changed since the last backup. When the old server died, I replaced it with a new Ubuntu 6.06 box. Now when I run this batch file, it copies every one of the files, whether the file was changed or not. Is there a way to get this kind of functionality under the newer version (3.0.22) of samba? (Yes, I do have other backups, this one is just a redundant one.) Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't save 0 size file in samba 2.0.7
I think that samba 2.0.7 is also useful for embeded system. Because smbd ,nmbd files in samba 3 are too big for embeded system. I'm tracking down the bug now,but can you give me some ways? My way is to grab the package by sniffer,find the bug point, and fix it. anyone who is interesting in samba on embeded system,can contact with me. Thanks Jack From: Adam Nielsen [EMAIL PROTECTED] To: liu jack [EMAIL PROTECTED] CC: samba@lists.samba.org Subject: Re: [Samba] can't save 0 size file in samba 2.0.7 Date: Wed, 19 Jul 2006 09:14:50 +1000 Anyone didn't encountered the problem? and someone have suggestion for me ? Well the problem is it works fine with the latest version of Samba (I tested with 3.0.21rc2) so I doubt anyone is interested in fixing a version that nobody should be using any more. It looks like you'll need to track down the bug and fix it yourself if you don't want to upgrade! Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] How to get login name of logged user?
Hello, Huck. I'm sorry I was not clear enough. I don't need login names of users connecting to my shares, I want to get windows account login name of user logged to remote machine. I need this for integration with squid for transparent authentication. You wrote 18 july 2006 , 18:19:00: smbstatus does this for me. Samba version 3.0.10-1.4E.6 PID Username Group Machine --- 24250 dpatchin staff staff10 (192.168.0.104) 24279 jlovenguthstaff staff03 (192.168.0.120) 24307 bgosney officefrontoffice03 (192.168.0.161) 24201 dhuckaby dhuckaby dyno (192.168.0.80) 23994 hfowler hfowler staff01 (192.168.0.163) That's what the output looks like. [EMAIL PROTECTED] wrote: Hello list. Is there any way to get login name of a currently logged user on remote machine using samba? I can get the list of all users with command smbclient -L host, but how do I know who of them logged now? Thanks in advance. Roman Gorohov. Roman Gorohov. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r17109 - in branches/SAMBA_4_0/source/lib/talloc: .
Author: metze Date: 2006-07-18 11:49:43 + (Tue, 18 Jul 2006) New Revision: 17109 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17109 Log: - use AC_SYS_LARGEFILE so that type sizes are the same when talloc is build standalone and inside samba - add configure checks for the some type sizes for debugging metze Modified: branches/SAMBA_4_0/source/lib/talloc/config.m4 branches/SAMBA_4_0/source/lib/talloc/configure.in Changeset: Modified: branches/SAMBA_4_0/source/lib/talloc/config.m4 === --- branches/SAMBA_4_0/source/lib/talloc/config.m4 2006-07-18 01:29:43 UTC (rev 17108) +++ branches/SAMBA_4_0/source/lib/talloc/config.m4 2006-07-18 11:49:43 UTC (rev 17109) @@ -8,3 +8,6 @@ AC_CHECK_TYPE(intptr_t, unsigned long long) AC_CHECK_HEADERS(stdint.h stdarg.h unistd.h sys/types.h) +AC_CHECK_SIZEOF(off_t,cross) +AC_CHECK_SIZEOF(size_t,cross) +AC_CHECK_SIZEOF(ssize_t,cross) Modified: branches/SAMBA_4_0/source/lib/talloc/configure.in === --- branches/SAMBA_4_0/source/lib/talloc/configure.in 2006-07-18 01:29:43 UTC (rev 17108) +++ branches/SAMBA_4_0/source/lib/talloc/configure.in 2006-07-18 11:49:43 UTC (rev 17109) @@ -12,5 +12,6 @@ fi AC_SUBST(DOC_TARGET) AC_CONFIG_HEADER(config.h) +AC_SYS_LARGEFILE sinclude(config.m4) AC_OUTPUT(Makefile talloc.pc)
svn commit: samba r17111 - in branches: SAMBA_3_0/source/sam SAMBA_3_0_23/source/sam
Author: jerry Date: 2006-07-18 11:56:46 + (Tue, 18 Jul 2006) New Revision: 17111 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17111 Log: cleanup the idmap_ad initialization after review by gd Modified: branches/SAMBA_3_0/source/sam/idmap_ad.c branches/SAMBA_3_0_23/source/sam/idmap_ad.c Changeset: Modified: branches/SAMBA_3_0/source/sam/idmap_ad.c === --- branches/SAMBA_3_0/source/sam/idmap_ad.c2006-07-18 11:54:49 UTC (rev 17110) +++ branches/SAMBA_3_0/source/sam/idmap_ad.c2006-07-18 11:56:46 UTC (rev 17111) @@ -139,13 +139,9 @@ return ads; } +/* no op */ static NTSTATUS ad_idmap_init(const char *uri) { - ad_idmap_uri = SMB_STRDUP(uri); - if (ad_idmap_uri == NULL) { - return NT_STATUS_NO_MEMORY; - } - return NT_STATUS_OK; } Modified: branches/SAMBA_3_0_23/source/sam/idmap_ad.c === --- branches/SAMBA_3_0_23/source/sam/idmap_ad.c 2006-07-18 11:54:49 UTC (rev 17110) +++ branches/SAMBA_3_0_23/source/sam/idmap_ad.c 2006-07-18 11:56:46 UTC (rev 17111) @@ -139,13 +139,9 @@ return ads; } +/* no op */ static NTSTATUS ad_idmap_init(char *uri) { - ad_idmap_uri = SMB_STRDUP(uri); - if (ad_idmap_uri == NULL) { - return NT_STATUS_NO_MEMORY; - } - return NT_STATUS_OK; }
svn commit: samba r17112 - in branches/SAMBA_4_0/source/lib/ldb/ldb_ldap: .
Author: metze Date: 2006-07-18 12:11:02 + (Tue, 18 Jul 2006) New Revision: 17112 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17112 Log: - fix the build of the ldap ldb backend with newer openldap header files. - use the correct timeout variable (simo you should do a standalone build before commiting:-) metze Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c 2006-07-18 11:56:46 UTC (rev 17111) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c 2006-07-18 12:11:02 UTC (rev 17112) @@ -42,6 +42,7 @@ #include includes.h #include ldb/include/includes.h +#define LDAP_DEPRECATED 1 #include ldap.h struct lldb_private { @@ -664,7 +665,7 @@ case LDB_WAIT_NONE: if ((ac-timeout != -1) - ((ac-starttime + timeout) time(NULL))) { + ((ac-starttime + ac-timeout) time(NULL))) { return LDB_ERR_TIME_LIMIT_EXCEEDED; }
svn commit: samba r17114 - in branches/SAMBA_4_0/source/lib/tdb: .
Author: metze Date: 2006-07-18 12:21:19 + (Tue, 18 Jul 2006) New Revision: 17114 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17114 Log: print some sizes for debugging metze Modified: branches/SAMBA_4_0/source/lib/tdb/configure.in Changeset: Modified: branches/SAMBA_4_0/source/lib/tdb/configure.in === --- branches/SAMBA_4_0/source/lib/tdb/configure.in 2006-07-18 12:12:28 UTC (rev 17113) +++ branches/SAMBA_4_0/source/lib/tdb/configure.in 2006-07-18 12:21:19 UTC (rev 17114) @@ -5,6 +5,9 @@ AC_CONFIG_HEADER(include/config.h) AC_PROG_CC AC_SYS_LARGEFILE +AC_CHECK_SIZEOF(off_t,cross) +AC_CHECK_SIZEOF(size_t,cross) +AC_CHECK_SIZEOF(ssize_t,cross) AC_FUNC_MMAP sinclude(config.m4) AC_OUTPUT(Makefile tdb.pc)
svn commit: samba r17115 - in branches/tmp/vl-messaging/source: include lib locking nsswitch param rpc_server sam script script/tests smbd
Author: vlendec Date: 2006-07-18 14:16:31 + (Tue, 18 Jul 2006) New Revision: 17115 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17115 Log: svn merge -r17090:17114 Modified: branches/tmp/vl-messaging/source/include/includes.h branches/tmp/vl-messaging/source/include/local.h branches/tmp/vl-messaging/source/include/locking.h branches/tmp/vl-messaging/source/include/messages.h branches/tmp/vl-messaging/source/include/smb.h branches/tmp/vl-messaging/source/lib/dummysmbd.c branches/tmp/vl-messaging/source/lib/sharesec.c branches/tmp/vl-messaging/source/locking/brlock.c branches/tmp/vl-messaging/source/locking/locking.c branches/tmp/vl-messaging/source/nsswitch/wins.c branches/tmp/vl-messaging/source/param/loadparm.c branches/tmp/vl-messaging/source/rpc_server/srv_srvsvc_nt.c branches/tmp/vl-messaging/source/sam/idmap_ad.c branches/tmp/vl-messaging/source/script/mkproto.sh branches/tmp/vl-messaging/source/script/tests/test_posix_s3.sh branches/tmp/vl-messaging/source/smbd/blocking.c branches/tmp/vl-messaging/source/smbd/close.c branches/tmp/vl-messaging/source/smbd/process.c branches/tmp/vl-messaging/source/smbd/reply.c branches/tmp/vl-messaging/source/smbd/service.c branches/tmp/vl-messaging/source/smbd/trans2.c branches/tmp/vl-messaging/source/smbd/uid.c Changeset: Sorry, the patch is too large (1811 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17115
svn commit: samba r17116 - in branches/SAMBA_3_0/source/script: .
Author: vlendec Date: 2006-07-18 14:33:02 + (Tue, 18 Jul 2006) New Revision: 17116 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17116 Log: Jerry, I can't reach you right now, but r17110 broke the build. Please check. Volker Modified: branches/SAMBA_3_0/source/script/mkproto.sh Changeset: Modified: branches/SAMBA_3_0/source/script/mkproto.sh === --- branches/SAMBA_3_0/source/script/mkproto.sh 2006-07-18 14:16:31 UTC (rev 17115) +++ branches/SAMBA_3_0/source/script/mkproto.sh 2006-07-18 14:33:02 UTC (rev 17116) @@ -25,7 +25,7 @@ shift headertmp=$header.$$.tmp~ -proto_src=`echo $@ | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort | uniq | egrep -v 'ubiqx/|wrapped|modules/getdate'` +proto_src=`echo $@ | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort | uniq | egrep -v 'tdb/|wrapped|modules/getdate'` echo creating $header
svn commit: samba r17117 - in branches/tmp/vl-messaging/source/script: .
Author: vlendec Date: 2006-07-18 14:38:39 + (Tue, 18 Jul 2006) New Revision: 17117 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17117 Log: merge -r17115:17116 Modified: branches/tmp/vl-messaging/source/script/mkproto.sh Changeset: Modified: branches/tmp/vl-messaging/source/script/mkproto.sh === --- branches/tmp/vl-messaging/source/script/mkproto.sh 2006-07-18 14:33:02 UTC (rev 17116) +++ branches/tmp/vl-messaging/source/script/mkproto.sh 2006-07-18 14:38:39 UTC (rev 17117) @@ -25,7 +25,7 @@ shift headertmp=$header.$$.tmp~ -proto_src=`echo $@ | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort | uniq | egrep -v 'ubiqx/|wrapped|modules/getdate'` +proto_src=`echo $@ | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort | uniq | egrep -v 'tdb/|wrapped|modules/getdate'` echo creating $header
svn commit: samba r17118 - in branches/tmp/vl-messaging/source/lib: .
Author: vlendec Date: 2006-07-18 15:09:53 + (Tue, 18 Jul 2006) New Revision: 17118 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17118 Log: Simplify nesting a bit, fix some memleaks Modified: branches/tmp/vl-messaging/source/lib/messages_dgram.c Changeset: Modified: branches/tmp/vl-messaging/source/lib/messages_dgram.c === --- branches/tmp/vl-messaging/source/lib/messages_dgram.c 2006-07-18 14:38:39 UTC (rev 17117) +++ branches/tmp/vl-messaging/source/lib/messages_dgram.c 2006-07-18 15:09:53 UTC (rev 17118) @@ -121,30 +121,44 @@ void receive_on_socket_dgram(int socket_fd, struct message_list **queue) { DATA_BLOB dgram = read_from_dgram_socket(socket_fd); - if (dgram.data != NULL) { - struct message_rec *msg = (struct message_rec *)dgram.data; - if (msg-len == dgram.length) { - /* save the received message */ - struct message_list *li, *tmp; + struct message_rec *msg; + struct message_list *li, *tmp; - li = TALLOC_ZERO_P(NULL, struct message_list); - if(li == NULL) { - DEBUG(0, (talloc failed\n)); - return; - } - li-msg = (struct message_rec*)TALLOC_ARRAY(li, uint8_t, msg-len); - if(li-msg == NULL) { - DEBUG(0, (talloc failed\n)); - TALLOC_FREE(li); - return; - } - memcpy(li-msg, msg, msg-len); + if (dgram.data == NULL) { + return; + } - DLIST_ADD_END((*queue), li, tmp); - } else { - DEBUG(5, (Invalid message length received, got %d, - expected %d\n, msg-len, dgram.length)); - } - SAFE_FREE(dgram.data); + msg = (struct message_rec *)dgram.data; + if (dgram.length sizeof(msg-len)) { + DEBUG(5, (Message too short: %d\n, dgram.length)); + data_blob_free(dgram); + return; } + + if (msg-len != dgram.length) { + DEBUG(5, (Invalid message length received, got %d, + expected %d\n, msg-len, dgram.length)); + data_blob_free(dgram); + return; + } + + /* save the received message */ + + if (!(li = TALLOC_ZERO_P(NULL, struct message_list))) { + DEBUG(0, (talloc failed\n)); + data_blob_free(dgram); + return; + } + + if (!(li-msg = (struct message_rec*)TALLOC(li, msg-len))) { + DEBUG(0, (talloc failed\n)); + TALLOC_FREE(li); + data_blob_free(dgram); + return; + } + + memcpy(li-msg, msg, msg-len); + data_blob_free(dgram); + + DLIST_ADD_END((*queue), li, tmp); }
svn commit: samba r17119 - in branches/tmp/vl-messaging/source/lib: .
Author: vlendec Date: 2006-07-18 15:12:49 + (Tue, 18 Jul 2006) New Revision: 17119 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17119 Log: AIX does not have MSG_DONTWAIT, the socket is nonblocking anyway Modified: branches/tmp/vl-messaging/source/lib/messages_dgram.c Changeset: Modified: branches/tmp/vl-messaging/source/lib/messages_dgram.c === --- branches/tmp/vl-messaging/source/lib/messages_dgram.c 2006-07-18 15:09:53 UTC (rev 17118) +++ branches/tmp/vl-messaging/source/lib/messages_dgram.c 2006-07-18 15:12:49 UTC (rev 17119) @@ -94,7 +94,7 @@ goto fail; } - received = recv(fd, result.data, result.length, MSG_DONTWAIT); + received = recv(fd, result.data, result.length, 0); if (received != msglength) { DEBUG(0, (Received different length (%d) than announced (%d)\n, received, msglength));
svn commit: samba r17122 - in branches: SAMBA_3_0/source/sam SAMBA_3_0_23/source/sam
Author: jerry Date: 2006-07-18 20:16:44 + (Tue, 18 Jul 2006) New Revision: 17122 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17122 Log: remove unused global var from idmap_ad Modified: branches/SAMBA_3_0/source/sam/idmap_ad.c branches/SAMBA_3_0_23/source/sam/idmap_ad.c Changeset: Modified: branches/SAMBA_3_0/source/sam/idmap_ad.c === --- branches/SAMBA_3_0/source/sam/idmap_ad.c2006-07-18 20:05:59 UTC (rev 17121) +++ branches/SAMBA_3_0/source/sam/idmap_ad.c2006-07-18 20:16:44 UTC (rev 17122) @@ -35,7 +35,6 @@ NTSTATUS init_module(void); static ADS_STRUCT *ad_idmap_ads = NULL; -static char *ad_idmap_uri = NULL; static char *attr_uidnumber = NULL; static char *attr_gidnumber = NULL; Modified: branches/SAMBA_3_0_23/source/sam/idmap_ad.c === --- branches/SAMBA_3_0_23/source/sam/idmap_ad.c 2006-07-18 20:05:59 UTC (rev 17121) +++ branches/SAMBA_3_0_23/source/sam/idmap_ad.c 2006-07-18 20:16:44 UTC (rev 17122) @@ -35,7 +35,6 @@ NTSTATUS init_module(void); static ADS_STRUCT *ad_idmap_ads = NULL; -static char *ad_idmap_uri = NULL; static char *attr_uidnumber = NULL; static char *attr_gidnumber = NULL; @@ -140,12 +139,12 @@ } /* no op */ -static NTSTATUS ad_idmap_init(char *uri) +static NTSTATUS ad_idmap_init(const char *uri) { return NT_STATUS_OK; } -static NTSTATUS ad_idmap_get_sid_from_id(DOM_SID *sid, unid_t unid, int id_type) +static NTSTATUS ad_idmap_get_sid_from_id(DOM_SID *sid, unid_t unid, enum idmap_type id_type, int flags) { ADS_STATUS rc; NTSTATUS status = NT_STATUS_NONE_MAPPED; @@ -167,7 +166,7 @@ return NT_STATUS_NOT_SUPPORTED; } - switch (id_type ID_TYPEMASK) { + switch (id_type) { case ID_USERID: if (asprintf(expr, ((|(sAMAccountType=%d)(sAMAccountType=%d)(sAMAccountType=%d))(%s=%d)), ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, @@ -227,7 +226,7 @@ return status; } -static NTSTATUS ad_idmap_get_id_from_sid(unid_t *unid, int *id_type, const DOM_SID *sid) +static NTSTATUS ad_idmap_get_id_from_sid(unid_t *unid, enum idmap_type *id_type, const DOM_SID *sid, int flags) { ADS_STATUS rc; NTSTATUS status = NT_STATUS_NONE_MAPPED; @@ -327,7 +326,7 @@ } -static NTSTATUS ad_idmap_set_mapping(const DOM_SID *sid, unid_t id, int id_type) +static NTSTATUS ad_idmap_set_mapping(const DOM_SID *sid, unid_t id, enum idmap_type id_type) { /* Not supported, and probably won't be... */ /* (It's not particularly feasible with a single-master model.) */ @@ -352,7 +351,7 @@ return NT_STATUS_OK; } -static NTSTATUS ad_idmap_allocate_id(unid_t *id, int id_type) +static NTSTATUS ad_idmap_allocate_id(unid_t *id, enum idmap_type id_type) { return NT_STATUS_NOT_IMPLEMENTED; } @@ -374,7 +373,7 @@ /* support for new authentication subsystem */ -NTSTATUS init_module(void) +NTSTATUS idmap_ad_init(void) { return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, ad, ad_methods); }
svn commit: samba r17123 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_23/source/nsswitch
Author: jerry Date: 2006-07-18 20:19:55 + (Tue, 18 Jul 2006) New Revision: 17123 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17123 Log: Fix 32bit/64bit portability issues again. NO NOT change the winbindd response or request structures *unless* you test a 32bit wbinfo against a 64bit winbindd. The structure sizes MUST be the same on 32bit and 64 bit platforms. The way to test is to build a 64bit version of Winbind as normal. Then build a 32bit version using gcc -m32. Now install the 64bit and 32bit versions of libnss_winbindd.so and launch the 64bit winbindd. Make sure that the responses from both 32bit and 64bit versions of wbinfo match. If you don't understand the previous paragraph you don't need to be changing nsswitch/winbindd_nss.h Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h branches/SAMBA_3_0_23/source/nsswitch/winbindd_nss.h Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h === --- branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h 2006-07-18 20:16:44 UTC (rev 17122) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h 2006-07-18 20:19:55 UTC (rev 17123) @@ -4,6 +4,7 @@ Winbind daemon for ntdom nss module Copyright (C) Tim Potter 2000 + Copyright (C) Gerald Carter 2006 You are free to use this interface definition in any way you see fit, including without restriction, using this header in your own @@ -36,6 +37,17 @@ #define WINBIND_INTERFACE_VERSION 16 +/* Have to deal with time_t being 4 or 8 bytes due to structure alignment. + On a 64bit Linux box, we have to support a constant structure size + between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2. + The easiest way to do this is to always use 8byte values for time_t. */ + +#if defined(uint64) +# define SMB_TIME_T uint64 +#else +# define SMB_TIME_t time_t +#endif + /* Socket commands */ enum winbindd_cmd { @@ -186,6 +198,14 @@ /* Winbind request structure */ +/*** + * This structure MUST be the same size in the 32bit and 64bit builds + * for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so + * + * DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST + * A 64BIT WINBINDD--jerry + **/ + struct winbindd_request { uint32 length; enum winbindd_cmd cmd; /* Winbindd command to execute */ @@ -215,9 +235,9 @@ fstring user; fstring domain; fstring lm_resp; -uint16 lm_resp_len; +uint32 lm_resp_len; fstring nt_resp; -uint16 nt_resp_len; +uint32 nt_resp_len; fstring workstation; fstring require_membership_of_sid; } auth_crap; @@ -269,11 +289,15 @@ fstring sid; } dual_idmapset; BOOL list_all_domains; + + /* padding -- needed to fix alignment between 32bit and 64bit libs. + The size if the sizeof the union without the padding aligned on + an 8 byte boundary. --jerry */ + + char padding[1560]; } data; union { -#if defined(uint64) - uint64 z; -#endif + SMB_TIME_T padding; char *data; } extra_data; uint32 extra_len; @@ -290,6 +314,14 @@ /* Winbind response structure */ +/*** + * This structure MUST be the same size in the 32bit and 64bit builds + * for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so + * + * DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST + * A 64BIT WINBINDD--jerry + **/ + struct winbindd_response { /* Header information */ @@ -340,30 +372,32 @@ char user_session_key[16]; char first_8_lm_hash[8]; fstring krb5ccname; + uint32 reject_reason; + uint32 padding; struct policy_settings { - uint16 min_length_password; - uint16 password_history; + uint32 min_length_password; + uint32 password_history; uint32 password_properties; - time_t expire; - time_t min_passwordage; +
Build status as of Wed Jul 19 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-07-18 00:00:08.0 + +++ /home/build/master/cache/broken_results.txt 2006-07-19 00:00:04.0 + @@ -1,18 +1,18 @@ -Build status as of Tue Jul 18 00:00:02 2006 +Build status as of Wed Jul 19 00:00:02 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 -ccache 34 6 0 -distcc 29 2 0 +ccache 33 6 0 +distcc 28 2 0 lorikeet-heimdal 0 0 0 -ppp 18 0 0 -rsync28 0 0 +ppp 17 0 0 +rsync27 0 0 samba28 4 0 samba-docs 0 0 0 -samba4 38 24 4 -samba_3_038 15 0 +samba4 38 23 4 +samba_3_036 26 1 smb-build24 24 0 talloc 31 12 0 -tdb 25 8 0 +tdb 27 9 0
svn commit: samba r17125 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2006-07-19 00:13:28 + (Wed, 19 Jul 2006) New Revision: 17125 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17125 Log: Drastic problems require drastic solutions. There's no way to get all the cases where kernel oplocks are on and we can't open the file and get the correct semantics (think about the open with truncate with an attribute only open - we'd need a vfs change to add the truncate(fname, len) call). So always drop the share mode lock before doing any real fd opens and then re-acquire it afterwards. We're already dealing with the race in the create case, and we deal with any other races in the same way. Volker, please examine *carefully* :-). This should fix the problems people reported with kernel oplocks being on. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/open.c branches/SAMBA_3_0/source/smbd/posix_acls.c Changeset: Sorry, the patch is too large (543 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17125
svn commit: samba r17126 - in branches/SAMBA_3_0_23/source/smbd: .
Author: jra Date: 2006-07-19 00:13:36 + (Wed, 19 Jul 2006) New Revision: 17126 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17126 Log: Drastic problems require drastic solutions. There's no way to get all the cases where kernel oplocks are on and we can't open the file and get the correct semantics (think about the open with truncate with an attribute only open - we'd need a vfs change to add the truncate(fname, len) call). So always drop the share mode lock before doing any real fd opens and then re-acquire it afterwards. We're already dealing with the race in the create case, and we deal with any other races in the same way. Volker, please examine *carefully* :-). This should fix the problems people reported with kernel oplocks being on. Jeremy. Modified: branches/SAMBA_3_0_23/source/smbd/open.c branches/SAMBA_3_0_23/source/smbd/posix_acls.c Changeset: Sorry, the patch is too large (550 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17126
svn commit: samba r17127 - in branches/SAMBA_3_0_23/source/smbd: .
Author: jra Date: 2006-07-19 01:30:21 + (Wed, 19 Jul 2006) New Revision: 17127 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17127 Log: Missed a logic error in my last patch. Ensure we deal with any oplocks that were granted when we had released the lock. Fix strange case where stat open grants a batch oplock on file create, but grants no oplock on file open. Jeremy. Modified: branches/SAMBA_3_0_23/source/smbd/open.c Changeset: Modified: branches/SAMBA_3_0_23/source/smbd/open.c === --- branches/SAMBA_3_0_23/source/smbd/open.c2006-07-19 00:13:36 UTC (rev 17126) +++ branches/SAMBA_3_0_23/source/smbd/open.c2006-07-19 01:30:21 UTC (rev 17127) @@ -619,8 +619,11 @@ BOOL delay_it = False; BOOL have_level2 = False; + if (oplock_request INTERNAL_OPEN_ONLY) { + fsp-oplock_type = NO_OPLOCK; + } + if ((oplock_request INTERNAL_OPEN_ONLY) || is_stat_open(fsp-access_mask)) { - fsp-oplock_type = NO_OPLOCK; return False; } @@ -1579,10 +1582,46 @@ return NULL; } + /* +* The share entry is again *locked*. +*/ + + /* First pass - send break only on batch oplocks. */ + if (delay_for_oplocks(lck, fsp, 1, oplock_request)) { + schedule_defer_open(lck, request_time); + fd_close(conn, fsp); + file_free(fsp); + TALLOC_FREE(lck); + set_saved_ntstatus(NT_STATUS_SHARING_VIOLATION); + return NULL; + } + status = open_mode_check(conn, fname, lck, access_mask, share_access, create_options, file_existed); + if (NT_STATUS_IS_OK(status)) { + /* We might be going to allow this open. Check oplock status again. */ + /* Second pass - send break for both batch or exclusive oplocks. */ + if (delay_for_oplocks(lck, fsp, 2, oplock_request)) { + schedule_defer_open(lck, request_time); + fd_close(conn, fsp); + file_free(fsp); + TALLOC_FREE(lck); + set_saved_ntstatus(NT_STATUS_SHARING_VIOLATION); + return NULL; + } + } + + if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) { + /* DELETE_PENDING is not deferred for a second */ + fd_close(conn, fsp); + file_free(fsp); + TALLOC_FREE(lck); + set_saved_ntstatus(status); + return NULL; + } + if (!NT_STATUS_IS_OK(status)) { struct deferred_open_record state; @@ -1606,10 +1645,6 @@ return NULL; } - /* -* The share entry is again *locked*. -*/ - /* note that we ignore failure for the following. It is basically a hack for NFS, and NFS will never set one of these only read them. Nobody but Samba can ever set a deny @@ -1649,6 +1684,11 @@ fsp-access_mask = access_mask; if (file_existed) { + /* stat opens on existing files don't get oplocks. */ + if (is_stat_open(fsp-access_mask)) { + fsp-oplock_type = NO_OPLOCK; + } + if (!(flags2 O_TRUNC)) { info = FILE_WAS_OPENED; } else {
svn commit: samba r17128 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2006-07-19 01:30:30 + (Wed, 19 Jul 2006) New Revision: 17128 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17128 Log: Missed a logic error in my last patch. Ensure we deal with any oplocks that were granted when we had released the lock. Fix strange case where stat open grants a batch oplock on file create, but grants no oplock on file open. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/open.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/open.c === --- branches/SAMBA_3_0/source/smbd/open.c 2006-07-19 01:30:21 UTC (rev 17127) +++ branches/SAMBA_3_0/source/smbd/open.c 2006-07-19 01:30:30 UTC (rev 17128) @@ -623,8 +623,11 @@ BOOL delay_it = False; BOOL have_level2 = False; + if (oplock_request INTERNAL_OPEN_ONLY) { + fsp-oplock_type = NO_OPLOCK; + } + if ((oplock_request INTERNAL_OPEN_ONLY) || is_stat_open(fsp-access_mask)) { - fsp-oplock_type = NO_OPLOCK; return False; } @@ -1582,10 +1585,43 @@ return NT_STATUS_SHARING_VIOLATION; } + /* +* The share entry is again *locked*. +*/ + + /* First pass - send break only on batch oplocks. */ + if (delay_for_oplocks(lck, fsp, 1, oplock_request)) { + schedule_defer_open(lck, request_time); + fd_close(conn, fsp); + file_free(fsp); + TALLOC_FREE(lck); + return NT_STATUS_SHARING_VIOLATION; + } + status = open_mode_check(conn, fname, lck, access_mask, share_access, create_options, file_existed); + if (NT_STATUS_IS_OK(status)) { + /* We might be going to allow this open. Check oplock status again. */ + /* Second pass - send break for both batch or exclusive oplocks. */ + if (delay_for_oplocks(lck, fsp, 2, oplock_request)) { + schedule_defer_open(lck, request_time); + fd_close(conn, fsp); + file_free(fsp); + TALLOC_FREE(lck); + return NT_STATUS_SHARING_VIOLATION; + } + } + + if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) { + /* DELETE_PENDING is not deferred for a second */ + fd_close(conn, fsp); + file_free(fsp); + TALLOC_FREE(lck); + return status; + } + if (!NT_STATUS_IS_OK(status)) { struct deferred_open_record state; @@ -1609,10 +1645,6 @@ return status; } - /* -* The share entry is again *locked*. -*/ - /* note that we ignore failure for the following. It is basically a hack for NFS, and NFS will never set one of these only read them. Nobody but Samba can ever set a deny @@ -1653,6 +1685,11 @@ fsp-access_mask = access_mask; if (file_existed) { + /* stat opens on existing files don't get oplocks. */ + if (is_stat_open(fsp-access_mask)) { + fsp-oplock_type = NO_OPLOCK; + } + if (!(flags2 O_TRUNC)) { info = FILE_WAS_OPENED; } else {
svn commit: samba r17129 - in branches/SAMBA_3_0_23/source/libsmb: .
Author: jra Date: 2006-07-19 05:12:21 + (Wed, 19 Jul 2006) New Revision: 17129 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17129 Log: Added tridge's fix for resolve_ads(). Original message : fixed a bug which caused resolve_ads() to spin forever if one of the DCs isn't resolvable in DNS. The fix is to leave that DC out of the returned list of DCs. I think the original code intended that anyway, just didn't quite get it right ('i' wasn't incremented in that code path, so the loop didn't terminate) Modified: branches/SAMBA_3_0_23/source/libsmb/namequery.c Changeset: Modified: branches/SAMBA_3_0_23/source/libsmb/namequery.c === --- branches/SAMBA_3_0_23/source/libsmb/namequery.c 2006-07-19 01:30:30 UTC (rev 17128) +++ branches/SAMBA_3_0_23/source/libsmb/namequery.c 2006-07-19 05:12:21 UTC (rev 17129) @@ -1051,16 +1051,18 @@ return False; } - i = 0; - while ( i numdcs ) { + *return_count = 0; + for (i=0;inumdcs;i++) { + struct ip_service *r = (*return_iplist)[*return_count]; + /* use the IP address from the SRV structure if we have one */ if ( is_zero_ip( dcs[i].ip ) ) - (*return_iplist)[i].ip = *interpret_addr2(dcs[i].hostname); + r-ip = *interpret_addr2(dcs[i].hostname); else - (*return_iplist)[i].ip = dcs[i].ip; + r-ip = dcs[i].ip; - (*return_iplist)[i].port = dcs[i].port; + r-port = dcs[i].port; /* make sure it is a valid IP. I considered checking the negative connection cache, but this is the wrong place for it. Maybe only @@ -1069,15 +1071,11 @@ The standard reason for falling back to netbios lookups is that our DNS server doesn't know anything about the DC's -- jerry */ - if ( is_zero_ip((*return_iplist)[i].ip) ) - continue; - - i++; + if ( ! is_zero_ip(r-ip) ) + (*return_count)++; } TALLOC_FREE( dcs ); - - *return_count = i; return True; }
svn commit: samba r17130 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2006-07-19 05:26:51 + (Wed, 19 Jul 2006) New Revision: 17130 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17130 Log: Remove unneeded unlock call. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/open.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/open.c === --- branches/SAMBA_3_0/source/smbd/open.c 2006-07-19 05:12:21 UTC (rev 17129) +++ branches/SAMBA_3_0/source/smbd/open.c 2006-07-19 05:26:51 UTC (rev 17130) @@ -1549,9 +1549,6 @@ access_mask); if (!NT_STATUS_IS_OK(fsp_open)) { - if (lck != NULL) { - TALLOC_FREE(lck); - } file_free(fsp); return fsp_open; }
svn commit: samba r17131 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2006-07-19 05:32:12 + (Wed, 19 Jul 2006) New Revision: 17131 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17131 Log: Optimisation - when doing a stat open don't open the file unless we really have to (ie. O_CREAT and file doesn't exist). Jeremy. Modified: branches/SAMBA_3_0/source/smbd/open.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/open.c === --- branches/SAMBA_3_0/source/smbd/open.c 2006-07-19 05:26:51 UTC (rev 17130) +++ branches/SAMBA_3_0/source/smbd/open.c 2006-07-19 05:32:12 UTC (rev 17131) @@ -245,7 +245,7 @@ } if ((access_mask (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) || - (local_flags O_CREAT) || + (!file_existed (local_flags O_CREAT)) || ((local_flags O_TRUNC) == O_TRUNC) ) { /*
svn commit: samba r17132 - in branches/SAMBA_3_0_23/source/smbd: .
Author: jra Date: 2006-07-19 05:32:41 + (Wed, 19 Jul 2006) New Revision: 17132 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17132 Log: Optimisation - when doing a stat open don't open the file unless we really have to (ie. O_CREAT and file doesn't exist). Jeremy. Modified: branches/SAMBA_3_0_23/source/smbd/open.c Changeset: Modified: branches/SAMBA_3_0_23/source/smbd/open.c === --- branches/SAMBA_3_0_23/source/smbd/open.c2006-07-19 05:32:12 UTC (rev 17131) +++ branches/SAMBA_3_0_23/source/smbd/open.c2006-07-19 05:32:41 UTC (rev 17132) @@ -240,7 +240,7 @@ } if ((access_mask (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) || - (local_flags O_CREAT) || + (!file_existed (local_flags O_CREAT)) || ((local_flags O_TRUNC) == O_TRUNC) ) { /*