Re: [Samba] Identically named users and groups
hi jerry, i thought this would never get fixed, because i think i hit the same problem already last year. [Samba] [Problem] Samba v3 Errors when group and user exists with same name] jerry said: | i have a user called biblio and a group called biblio | normally this is no problem under linux but samba seems to emulate | windows behaviour indirectly. Windows won't allow a user and groupw ith the same name. Not much we can do about that. However, if you establish a group mapping entry and set the ntgroup value to a different string, things will work out ok. so are you talking about a issue on linux side and samba or windows side and samba? greez Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, We have a Linux user and group with the same name (username prox, group name prox) and a Samba share with force user = prox set. Since upgrading from Samba 3.0.21b to Samba 3.0.23a, that share no longer works. smbclient gives the following error when connecting to the share: tree connect failed: NT_STATUS_NO_SUCH_USER The Samba server logs the following error: [2006/08/07 09:38:26, 1] auth/auth_util.c:create_token_from_username(1060) prox is a Domain Group, not a user So Samba no longer likes having a user and group by the same name. Is this an intentional change in Samba 3.0.23, or is it a bug? I don't remember seeing anything about it in the release notes. We think that we have this fixed in the current SAMBA_3_0_RELEASE. Would you mind testing this and letting me know? You can grab it from svn://svnanon.samba.org/samba/branches/SAMBA_3_0_RELEASE or rsync;//rsync.samba.org/ftp/unpacked/samba_3_0_release. I'll hold 3.0.23b until I hear from you. Thanks. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE11PrIR7qMdg1EfYRAjBmAKDkFM5/L1fdGKy97rbzky0y4cvb6gCgtkgM P2F5fJqC/zMD1Ye/lJ355mU= =Y8l/ -END PGP SIGNATURE- -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] need to remove domain from Winbind group entries
Hi, I have server setup as BDC on a subnet different from the PDC. The BDC can auth fine against the PDC and they can browse each other just fine. The problem is on Unix side of the BDC. When I do a 'wbinfo -g' or 'getent group' each group fit the format 'DOMAIN\group_name' and the PDC does not. This is causing problems when synchronizing as the group perm is being set by name, not uid. I have configured both the PDC and BDC with the following entries: winbind trusted domains only = yes winbind use default domain = yes obey pam restrictions = Yes Yet the domain name still show in in the groups on the BDC. I tired every I know but with no luck. What can I do to remove the domain from the group entries on the BDC? Thnaks! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Explorer hangs when clicking on a samba share
[EMAIL PROTECTED] schrieb: Hi Miguel! I set the debug level to 10, and nothing is really jumping out at me. After further investigation, I found out that samba drive comes up fine in Windows 2000. The problem seems to be with Windows XP. I can go to the DOS prompt and pull up files on the samba drive with no problems. The hanging only occurs when I click on the samba drive in Windows Explorer on my XP workstation. Do you have any ideas? Thanks! Tim It seems Windows Explorer is trying to refresh (or something like this) the content of the Samba drive. Try to check the Samba logs to see if there's something useful there. Greetings. Hi, this is normal behavior of XP-Explorer if you have enabled pop-up-information for files and folders in XP, if you open a share the first time, xp explorer looks in each directory and every file in the top level of the share an counts the number of files and bytes in that dir to be able to give you this info on moving the mouse over this file/dir. if there are big dir's/files and/or a slow network, this may take long time... christoph -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble installing applications from samba share using Windows Vista
[EMAIL PROTECTED] schrieb: I am having trouble installing applications onto a Vista machine from a Samba 3.0.23a share. I keep getting a Windows error telling me that the network path could not be found after I double click setup.exe. I can copy the files from the share to my local hard drive and install no problem. I can also copy them to a W2K share and install from there no problem. So, it seems the be Samba related. Everthing else that I have tried with Samba and Vista seems to be working. I can execute other programs from the share, for example. Has anyone else noticed this problem? And have a solution? Hi, yes i have seen this behavior from time to time on win-XP/win2k/win98, especialy for older installers. i guess it is a problem of the installer using a mix of systemcalls to access the files intermixing long filenames and short ones, and confusing samba at this point. AFAIR i have seen this behaviour on w2k-Server-shares too. Christoph -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Out Of office
Ik ben afwezig vanaf 29/07/2006 en ik ben niet eerder terug dan 23/08/2006. Ik ben met verlof van 31 juli tot en met 22 augustus. Voor dringende zaken kan je mailen naar [EMAIL PROTECTED] - DISCLAIMER : De personeelsleden van het agentschap doen hun best om in e-mails betrouwbare informatie te geven. Toch kan niemand rechten doen gelden op basis van deze inhoud. Als in de e-mail een stellingname voorkomt, is dat niet noodzakelijk het standpunt van het agentschap. Rechtsgeldige beslissingen of officiele standpunten worden alleen per brief toegestuurd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OS/2 client crash on Find Close2
Andreas Taegener schrieb: Hello, I have just migrated an old OS/2 file server to a Linux box with Samba 3.0.23a. Now the OS/2 clients crash from time to time. I found a way to reproduce/force the crash using PMMail and did some experiments. The popuplog.os2 on the clients (Warp4 and eComStation) always names a sys3175 in pmshell.exe / doscall1.dll. Using Ethereal and comparing the network traffic between a) a client and the Samba server and b) the same client and an OS/2 server (in this setup the client doesn't crash) I found at least one difference in the SMB protocol. It is the Find Close2 Response SMB message. Here is the packet from the Samba server logged by Ethereal: ---START- No. TimeSourceDestination Protocol Info 153 02:09:53.405713 192.168.1.223 192.168.1.1 SMB Find Close2 Response Frame 153 (97 bytes on wire, 97 bytes captured) Arrival Time: Aug 7, 2006 02:09:53.405713000 Time delta from previous packet: 0.000384000 seconds Time since reference or first frame: 58.338749000 seconds Frame Number: 153 Packet Length: 97 bytes Capture Length: 97 bytes Protocols in frame: eth:ip:tcp:nbss:smb Ethernet II, Src: srv3.taegi.eideltown.de (00:01:af:01:a0:a2), Dst: Intel_3a:01:e1 (00:02:b3:3a:01:e1) Destination: Intel_3a:01:e1 (00:02:b3:3a:01:e1) Source: srv3.taegi.eideltown.de (00:01:af:01:a0:a2) Type: IP (0x0800) Frame check sequence: 0x94bcdc1f [correct] Internet Protocol, Src: 192.168.1.223 (192.168.1.223), Dst: 192.168.1.1 (192.168.1.1) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 00.. = Differentiated Services Codepoint: Default (0x00) ..0. = ECN-Capable Transport (ECT): 0 ...0 = ECN-CE: 0 Total Length: 79 Identification: 0xcd9b (52635) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xe8dc [correct] Good: True Bad : False Source: 192.168.1.223 (192.168.1.223) Destination: 192.168.1.1 (192.168.1.1) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1024 (1024), Seq: 45598, Ack: 1364, Len: 39 Source port: netbios-ssn (139) Destination port: 1024 (1024) Sequence number: 45598(relative sequence number) Next sequence number: 45637(relative sequence number) Acknowledgement number: 1364(relative ack number) Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... = Congestion Window Reduced (CWR): Not set .0.. = ECN-Echo: Not set ..0. = Urgent: Not set ...1 = Acknowledgment: Set 1... = Push: Set .0.. = Reset: Not set ..0. = Syn: Not set ...0 = Fin: Not set Window size: 5360 Checksum: 0x60fa [correct] SEQ/ACK analysis This is an ACK to the segment in frame: 152 The RTT to ACK the segment was: 0.000384000 seconds NetBIOS Session Service Message Type: Session message Flags: 0x00 ...0 = Add 0 to length Length: 35 SMB (Server Message Block Protocol) SMB Header Server Component: SMB Response to: 152 Time from request: 0.000384000 seconds SMB Command: Find Close2 (0x34) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x88 1... = Request/Response: Message is a response to the client/redirector .0.. = Notify: Notify client only on open ..0. = Oplocks: OpLock not requested/granted ...0 = Canonicalized Pathnames: Pathnames are not canonicalized 1... = Case Sensitivity: Path names are caseless ..0. = Receive Buffer Posted: Receive buffer has not been posted ...0 = Lock and Read: LockRead, WriteUnlock are not supported Flags2: 0x0001 0... = Unicode Strings: Strings are ASCII .0.. = Error Code Type: Error codes are DOS error codes ..0. = Execute-only Reads: Don't permit reads if execute-only ...0 = Dfs: Don't resolve pathnames with Dfs 0... = Extended Security Negotiation: Extended security negotiation is not supported .0.. = Long Names Used: Path names in request are not long file names .0.. = Security Signatures: Security signatures are not supported ..0. = Extended Attributes: Extended attributes are not supported ...1 = Long Names
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
hello the passdb backend no longer accepts multiple backends in a chaining configuration since samba 3.0.23a . question: will the following confi still work? passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 ? the idea is to use 2 ldap servers werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba 3.0.23a + ldap as PDC - should work, but why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 éric le hénaff wrote: hello I'd recommend dropping valid users from [profiles] altogether. ah! it's interesting since the valid users line is recommended in idealx's linux samba-openldap howto. could u explain why u'd drop it ? I thought I did. valid users = %U has no affect. If you want to use one, something like valid users = +users makes more sense. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2IIgIR7qMdg1EfYRAqI3AJ9riTYd48I78yNQr60A6V17EPx49wCfRjOw iBeODleP0fp0yAQBrjvl64U= =WYRL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 werner maes wrote: hello the passdb backend no longer accepts multiple backends in a chaining configuration since samba 3.0.23a . question: will the following confi still work? passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 ? the idea is to use 2 ldap servers The syntax is passdb backend = ldapsam:ldap//ldapserver1 ldap://ldapserver2; There's a regression in 3.0.23a that breaks the . It has been fixed in 3.0.23b (which will be available in the next few hours). cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2ISdIR7qMdg1EfYRAqw1AKDkdhpG6+CWA6Saoo+Y+Vwr/6xMNQCfYZNb D/WpMfAIbegz3rAr+8cUkn8= =tsK+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem applying printer drivers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wisu wrote: Hi all, I setting up a new BDC (192.168.2.200 - ubuntu dapper) assisting a PDC(192.168.1.195 - debian sarge) to manage MYDOMAIN a separate Building. The problem I come up with is trying to apply printer drivers, I can upload the driver to \\BDC\print$ but when I apply the driver it returns Printer setting could not be saved. Access is denied ... use client driver = Yes Don't set this if you want to store drivers on the server. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2IVKIR7qMdg1EfYRAtd6AJ9dJhdNrIO0TfPOW74KlKNI6GCX8QCfXCH1 NFuiaQdoxfgMji6am8rXssc= =6JEu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] disabling roaming profiles for some networks only
What about also enabling roaming profiles, but doing folder redirection? I use it and so it take much less time since each machine is configured to mount their my documents, desktop, etc. which makes their profile large rather than include them in the profile. It's included in the official samba howto, the unofficial samba howtos, etc. -Original Message- From: [EMAIL PROTECTED] on behalf of simo Sent: Mon 8/7/2006 5:46 PM To: Logan Shaw Cc: samba@lists.samba.org Subject: Re: [Samba] disabling roaming profiles for some networks only On Mon, 2006-08-07 at 17:23 -0500, Logan Shaw wrote: Hey everyone. We have two offices accessing the same Samba server, which is a PDC and file server. The server is located in one of the offices, but the other office is only connected by a relatively slow link (1.5 megabit/s). I'm looking for a way to turn off roaming profiles only for those users which are at the remote site. (It's a tad inconvenient when it takes an hour or two to login due to a 1 GB roaming profile!) I could turn roaming profiles off for everyone, but we do have some users here at the same site as the server who don't have their own computers and could take advantage of roaming profiles. Obviously, I can do this by running the Group Policy editor on every machine at the remote site, but I'd really like something where this can be controlled by the server. I know I can leave logon path and logon home undefined and that will turn off roaming profiles for everyone, but I only want to turn it off for users on a certain network. So, is there any way to do that? Set the logon home and logon path explicitly in the passdb backend for the users who need it and leave the general ones blank. You must use either the tdbsam or ldapsam backlends to do that. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Identically named users and groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Gasch wrote: i thought this would never get fixed, because i think i hit the same problem already last year. jerry said: Windows won't allow a user and groupw ith the same name. Not much we can do about that. However, if you establish a group mapping entry and set the ntgroup value to a different string, things will work out ok. so are you talking about a issue on linux side and samba or windows side and samba? It's a variant of the same problem but has been exacerbated by the change from string comparisons to token based access checks for smb.conf parameters. First there are two new domains in 3.0.23: Unix User (S-1-22-1) and Unix Group (S-1-22-2). There's am implied order of precedence being applied for unqualified names in smb.conf. * lookup the name as a user in passdb * lookup the name as a group in passdb * lookup the name as a user in Unix User * lookup the name as a group in Unix Group First match wins. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2IfWIR7qMdg1EfYRAqtlAJ9PpSQ5MWinpY9ypzz6GZFCO44YywCgludf TmP3IRehGnRBAxYjC/NCHy8= =8d3j -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
werner maes wrote: the passdb backend no longer accepts multiple backends in a chaining configuration since samba 3.0.23a . question: will the following confi still work? passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 ? the idea is to use 2 ldap servers There are several ways to specify multiple ldap servers. passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 should work as failover solution - when ldap1 is down, ldap2 should be tried. But i found than failed ldap1 do not make smbd to use ldap2 in my installation. I have reported this problem here, but got no answer. // Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Applying security updates
Hi A security update for samba 3.0.1 - 3.0.22 was posted on samba.org on the 10th July. Does anyone know how to apply to update? Everytime I click on the download link I just get the following text Index: source/smbd/service.c === --- source/smbd/service.c(revision 16676) +++ source/smbd/service.c(working copy) @@ -763,6 +763,11 @@ smb_panic(make_connection: PANIC ERROR. Called as nonroot\n); } +if (conn_num_open() 2047) { +*status = NT_STATUS_INSUFF_SERVER_RESOURCES; +return NULL; +} + if(lp_security() != SEC_SHARE) { vuser = get_valid_user_struct(vuid); if (!vuser) { Does anyone know how to apply the update? Many thanks Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] inherit acls not working
To my knowledge the 'inherit acls' option should make new files inherit the default acls from the containing folder... Please correct me if I'm wrong! But when I turn this setting on, it just don't seem to work... In other words, newly created files do not get the default acls from the containing folder... Please advice anyone... (running Samba 3.0.21b-1 on Debian Sarge) = [global] security = ads password server = server01 encrypt passwords = true workgroup = workgroup realm = DOMAIN.LOCAL netbios name = server log file = /var/log/samba/samba.log log level = 2 syslog = 0 nt acl support = yes # map acl inherit = yes max mux = 2048 change notify timeout = 5 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = yes [wwwroot] comment = wwwroot path = /usr/home/ws.old/wws01 read only = no browsable = yes writable = yes dos filemode = yes acl group control = yes inherit acls = yes veto oplock files = /*.mdb/*.MDB/ create mask = 0770 force create mode = 0440 directory mask = 0771 force directory mode = 0771 security mask = 0777 force security mode = 0440 directory security mask = 0777 force directory security mode = 0771 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] This list is a black hole.
Many questions goes in, Very few answers come out. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OS/2 client crash on Find Close2
- Original Message - From: Jeremy Allison [EMAIL PROTECTED] To: Andreas Taegener [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Tuesday, August 08, 2006 4:17 AM Subject: Re: [Samba] OS/2 client crash on Find Close2 On Mon, Aug 07, 2006 at 07:44:12PM +0200, Andreas Taegener wrote: Hello, I have just migrated an old OS/2 file server to a Linux box with Samba 3.0.23a. Now the OS/2 clients crash from time to time. I found a way to reproduce/force the crash using PMMail and did some experiments. The popuplog.os2 on the clients (Warp4 and eComStation) always names a sys3175 in pmshell.exe / doscall1.dll. Using Ethereal and comparing the network traffic between a) a client and the Samba server and b) the same client and an OS/2 server (in this setup the client doesn't crash) I found at least one difference in the SMB protocol. It is the Find Close2 Response SMB message. Kukks - could you please investigate. Sorry, I have to delegate OS/2 fixes as I don't have a client setup that's easy to get to. Thanks, Jeremy. Jeremy, I'll have a look at this later today. Will drop you a note then. Guenter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
At 14:33 8/08/2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 werner maes wrote: hello the passdb backend no longer accepts multiple backends in a chaining configuration since samba 3.0.23a . question: will the following confi still work? passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 ? the idea is to use 2 ldap servers The syntax is passdb backend = ldapsam:ldap//ldapserver1 ldap://ldapserver2; There's a regression in 3.0.23a that breaks the . It has been fixed in 3.0.23b (which will be available in the next few hours). thank you for the information. anyway I still find it regrettable that multiple backends are no longer possible since we have our users stored in LDAP and the machine-accounts on the local PDC. a colleague of mine has some serious issues with 3.0.23a, that's why I'm no upgrading yet. just for information this is what he sees in his logs: dumping core in /usr/local/samba/var/cores/smbd [2006/08/08 14:16:37, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164) pdb_get_group_sid: Failed to find Unix account for s0163566 [2006/08/08 14:16:37, 0] smbd/sec_ctx.c:push_sec_ctx(194) Security context stack overflow! [2006/08/08 14:16:37, 0] lib/util.c:smb_panic(1592) PANIC (pid 27484): Security context stack overflow! [2006/08/08 14:16:37, 0] lib/util.c:log_stack_trace(1699) BACKTRACE: 64 stack frames: #0 /usr/local/samba/sbin/smbd(log_stack_trace+0x22) [0x82128c6] #1 /usr/local/samba/sbin/smbd(smb_panic+0x6f) [0x8212766] #2 /usr/local/samba/sbin/smbd(push_sec_ctx+0x6b) [0x80d49ce] Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] w2k + xp clients password change freezes the client
Hi. I've a problem changing the password of the domain user directly from the windows client by using strg+alt+del. If I try to change the password, the client freezes for several minutes and after this amount of time a popup appears with this error: The DOMAIN isn't available. In the the samba logs I see this error: can't connect to service USERNAME this is the GLOBAL part of my smb.conf: [global] workgroup = ISARLBERG passdb backend = tdbsam passwd program = /usr/bin/passwd %u # passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/smbusers unix password sync = Yes log level = 2 time server = Yes printcap name = cups add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u logon script = scripts\%U.bat logon path = \\%L\%U\profile logon drive = Z: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes idmap uid = 15000-2 idmap gid = 15000-2 printing = cups print command = lpq command = %p lprm command = Thx Josef -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] This list is a black hole.
Seems that many questions get answered... but most to the original requestor... not the list. Plus, many of us watching don't know as much as the esteemed 30 or so experts so we can only help on that which we have tried. Are you having a problem? I'll try to answer it. -Original Message- From: [EMAIL PROTECTED] on behalf of Steven Rice Sent: Tue 8/8/2006 8:12 AM To: samba@lists.samba.org Subject: [Samba] This list is a black hole. Many questions goes in, Very few answers come out. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] This list is a black hole.
It appears that way! On 8/8/06, Steven Rice [EMAIL PROTECTED] wrote: Many questions goes in, Very few answers come out. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Tim Schoenfelder http://timschoenfelder.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] This list is a black hole.
You may try posting on http://www.linuxquestions.org. I don't know if it is any better than this list. Many questions goes in, Very few answers come out. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.23a on AIX
That seems to have fixed it. Thank You On Mon, 7 Aug 2006 20:06:05 -0400 (EDT), William Jojo [EMAIL PROTECTED] wrote: On Mon, 7 Aug 2006, Stephen Boyd wrote: Has anyone managed to compile Samba 3.0.23a on AIX 4.3? I am getting a linker error: Linking libsmbclient shared library bin/libsmbclient.so ld: 0711-781 ERROR: TOC overflow. TOC size: 72976 Maximum size: 65536 make: 1254-004 The error code from the last command is 1. Look at the patch for Bug #3981 I posted yesterday. Cheers, Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] This list is a black hole.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steven Rice wrote: Many questions goes in, Very few answers come out. Maybe it's the ratio of people asking questions vs. people answering them :-) ciao, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2J3NIR7qMdg1EfYRAnT2AJ9V+bMrQeze3efYznCuo0QO2KzAvACeIRaQ /uHPrppfAl+i6PUvLQzvg1g= =jKkX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Applying security updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve1 Boothright wrote: Hi A security update for samba 3.0.1 - 3.0.22 was posted on samba.org on the 10th July. Does anyone know how to apply to update? See http://www.samba.org/samba/patches/ for details. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2J8VIR7qMdg1EfYRAgo9AJ99wLUiaB/Txu5qXG+JRoWe9iCHWACeIbmH gOlDWFuB8ws5HIeKJPL0D04= =Z26Q -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Applying security updates
On Tue, 8 Aug 2006, Steve1 Boothright wrote: A security update for samba 3.0.1 - 3.0.22 was posted on samba.org on the 10th July. Does anyone know how to apply to update? Everytime I click on the download link I just get the following text Index: source/smbd/service.c === --- source/smbd/service.c(revision 16676) +++ source/smbd/service.c(working copy) @@ -763,6 +763,11 @@ smb_panic(make_connection: PANIC ERROR. Called as nonroot\n); } +if (conn_num_open() 2047) { +*status = NT_STATUS_INSUFF_SERVER_RESOURCES; +return NULL; +} + if(lp_security() != SEC_SHARE) { vuser = get_valid_user_struct(vuid); if (!vuser) { That's a patch against the source. Save it into a file, say samba-patch-2006-07-10, then cd to the directory that contains source, then type patch samba-patch-2006-07-10 and the patch program should apply the changes to the file source/smbd/service.c. Then rebuild the binaries. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] This list is a black hole.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Mason schrieb: Seems that many questions get answered... but most to the original requestor... not the list. Plus, many of us watching don't know as much as the esteemed 30 or so experts so we can only help on that which we have tried. Are you having a problem? I'll try to answer it. -Original Message- From: [EMAIL PROTECTED] on behalf of Steven Rice Sent: Tue 8/8/2006 8:12 AM To: samba@lists.samba.org Subject: [Samba] This list is a black hole. Many questions goes in, Very few answers come out. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Hi John, Stefan, maybe most of the questions ar allready answered if using the mail archive or/and read the faqs, i answered a lot in that list but i am not willing to answer same questions every day, in comparing to other lists , this one is very nice - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org https://www.schetterer.com/public-gpg-robert-schetterer.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFE2JjZNxddAhXBw7QRAlmWAJ48Mg8G1veWeb6QYoH5sXZR+GEDEwCfdXJE SkT2yzIaBAg5gXW5lf9jw9k= =9tHh -END PGP SIGNATURE- -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 werner, anyway I still find it regrettable that multiple backends are no longer possible since we have our users stored in LDAP and the machine-accounts on the local PDC. No offense, but it's too late to bring that up now. 3.0.23 was in development for 6 months. The original thread on this was back in February: http://marc.theaimsgroup.com/?t=11395259651r=1w=2 This is a systemic problem with this list. No one seems to pay any attention until the release is done and over. a colleague of mine has some serious issues with 3.0.23a, that's why I'm no upgrading yet. just for information this is what he sees in his logs: dumping core in /usr/local/samba/var/cores/smbd [2006/08/08 14:16:37, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164) pdb_get_group_sid: Failed to find Unix account for s0163566 [2006/08/08 14:16:37, 0] smbd/sec_ctx.c:push_sec_ctx(194) Security context stack overflow! [2006/08/08 14:16:37, 0] lib/util.c:smb_panic(1592) PANIC (pid 27484): Security context stack overflow! [2006/08/08 14:16:37, 0] lib/util.c:log_stack_trace(1699) BACKTRACE: 64 stack frames: #0 /usr/local/samba/sbin/smbd(log_stack_trace+0x22) [0x82128c6] #1 /usr/local/samba/sbin/smbd(smb_panic+0x6f) [0x8212766] #2 /usr/local/samba/sbin/smbd(push_sec_ctx+0x6b) [0x80d49ce] Is there a bug report on this ? It won't get fixed if we don't know about it. And since 3.0.23b has just been released, it may not be fixed in that either. Thanks. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2KIRIR7qMdg1EfYRAiF/AJ4rfQrfRiCtxyFKEmVpDr7VYDxFgQCgy9lZ vD8fly1JPUSKhe515fV6ABo= =uTyq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] disabling roaming profiles for some networks only
On Tue, 8 Aug 2006, John Mason wrote: What about also enabling roaming profiles, but doing folder redirection? I use it and so it take much less time since each machine is configured to mount their my documents, desktop, etc. which makes their profile large rather than include them in the profile. I don't think that would work so well for our environment. The issue isn't the space used in the profile. It's the speed at which it can be copied over and back. Turning folders like the desktop into mounts from the server would prevent slow logons, but in exchange what we'd get is files on the desktop taking minutes to open after someone had logged in. The pipe between the offices is about 1.5 megabit/s bandwidth with a latency of about 70 ms, and this makes access to files over SMB (or CIFS) really slow. I'd *love* to improve responsiveness of the server, but my guess is that the protocol just doesn't deal with latency very well (most file sharing protocols don't), so no amount of tuning is going to make a huge difference. Plus, of course, if you open a 10 megabyte file over a 1.5 megabit/s link, the theoretical best time you're ever going to see is about 53 seconds. And people do put 10 megabyte files on their desktops. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disabling roaming profiles for some networks only
On Mon, 7 Aug 2006, simo wrote: On Mon, 2006-08-07 at 17:23 -0500, Logan Shaw wrote: I'm looking for a way to turn off roaming profiles only for those users which are at the remote site. Set the logon home and logon path explicitly in the passdb backend for the users who need it and leave the general ones blank. You must use either the tdbsam or ldapsam backlends to do that. That's an idea, but I'd really rather have it keyed off what network they're logging in from. It's not uncommon for users from one office to travel to the other. Then, they get there and have only (say) 2 days to get whatever done while they're traveling, and they spend the first 2 hours of their limited time waiting for their machine to finish logging them. It's a bit of a nuisance. :-) In particular, there could even be cases where someone uses the same user account and same machine at the local office and at the one 1000 miles away. This can happen when a user takes their laptop with them. And yeah, I can educate my users about this, but that doesn't completely stop it from happening, because it's not the type of thing people understand well or realize they need to remember when they're traveling. All in all, I guess this is more of a weakness of the design of Windows networking than anything else. Still, if there is a Samba solution to the problem, I'd welcome it... - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] This list is a black hole.
On Tue, 2006-08-08 at 06:12 -0700, Steven Rice wrote: Many questions goes in, Very few answers come out. Concise questions that narrow the scope of the problem are answered most of the time. Questions with large amounts of information that take a lot of time to process and questions that demonstrate that the person hasn't spent much time to narrow the problem or the question are likely to be passed over. There is a treatise on how to ask questions the smart way... http://www.catb.org/~esr/faqs/smart-questions.html Bear in mind that this is entirely volunteer and no one is paid to solve your problems. If you want paid support, SuSE Professional, Red Hat Enterprise Linux and others provide SLA (Service Level Agreements) to solve your issues. If your question doesn't get answered in a day or two, it's likely you need to rephrase your question, hopefully reducing the volume and narrowing the scope with the additional information that you've been able to gather in the interim. Lastly, consider that just about everything is covered in the outstanding documentation available in dead tree, html or pdf form in the publications titled Official Samba 3 HowTo and Samba By Example - see http://www.samba.org/samba/docs Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] This list is a black hole.
Hi John, Stefan, maybe most of the questions ar allready answered if using the mail archive or/and read the faqs, i answered a lot in that list but i am not willing to answer same questions every day, in comparing to other lists , this one is very nice Don't worry, my most recent question is with yours in the black hole. Although, I have read that now they think that some things can actually escape a black hole. So I'm still hopeful. But I just assumed that the non-response to my question meant that what I was asking wasn't possible with Samba, even though it seemed pretty basic. Dan -- Daniel Armbrust Biomedical Informatics Mayo Clinic Rochester daniel.armbrust(at)mayo.edu http://informatics.mayo.edu/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Windows Explorer hangs when clicking on a samba share
FYI: I found out the problem. When I specified the netbios name setting under my global section, the long delay went away. Here is my original E-mail: I am new to samba and Linux. I mapped a drive from my Windows XP workstation to the /opt directory on the Linux box. When I am in Windows Explorer and I am viewing the samba drive, I can click on any directory or file on that drive, and the speed is very fast (like a local drive). If I click on another drive and click on the samba drive again after five minutes or so, my workstation hangs for about 15 seconds until the directories from the samba drive finally show up. It appears to be authenticating my connection. After the waiting period, all is fast again. On other hand if I walk away from my desk for awhile and Window Explorer is already on the samba drive, there is no hanging when I return and click on something on the samba drive. In short, my workstation hangs when initially clicking on the samba drive from Windows Explorer. Does anyone have any ideas? I have also noticed that if I go to DOS and change directory (cd), it comes up quickly, and I can even edit a file on the samba drive from DOS with no problems. If I bring up Windows Explorer immediately after editing the file in DOS, my workstation hangs again. Below is a condensed version of my smb.conf. I have also tried adding SO_KEEPALIVE IPTOS_LOWDELAY to the socket options. That did not help either. [global] server string = Samba server log file = /var/log/samba/%m.log max log size = 50 security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no [opt] comment = opt directory browseable = yes path = /opt public = no valid users = myuserid writable = yes Thanks in advance for any responses! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
At 16:39 8/08/2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 werner, anyway I still find it regrettable that multiple backends are no longer possible since we have our users stored in LDAP and the machine-accounts on the local PDC. No offense, but it's too late to bring that up now. 3.0.23 was in development for 6 months. The original thread on this was back in February: http://marc.theaimsgroup.com/?t=11395259651r=1w=2 This is a systemic problem with this list. No one seems to pay any attention until the release is done and over. off course you're right. but I don't think that one man could change this evolution. to be honest, I've read it but forgot to reply a colleague of mine has some serious issues with 3.0.23a, that's why I'm no upgrading yet. just for information this is what he sees in his logs: dumping core in /usr/local/samba/var/cores/smbd [2006/08/08 14:16:37, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164) pdb_get_group_sid: Failed to find Unix account for s0163566 [2006/08/08 14:16:37, 0] smbd/sec_ctx.c:push_sec_ctx(194) Security context stack overflow! [2006/08/08 14:16:37, 0] lib/util.c:smb_panic(1592) PANIC (pid 27484): Security context stack overflow! [2006/08/08 14:16:37, 0] lib/util.c:log_stack_trace(1699) BACKTRACE: 64 stack frames: #0 /usr/local/samba/sbin/smbd(log_stack_trace+0x22) [0x82128c6] #1 /usr/local/samba/sbin/smbd(smb_panic+0x6f) [0x8212766] #2 /usr/local/samba/sbin/smbd(push_sec_ctx+0x6b) [0x80d49ce] Is there a bug report on this ? It won't get fixed if we don't know about it. And since 3.0.23b has just been released, it may not be fixed in that either. No, it has not been fixed in 3.0.23b. there is no bug report as far as I know. he downgraded his server (since it was a production server) to an earlier version of samba. werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need to remove domain from Winbind group entries
Steven Rice schrieb: Hi, This looks as if your BDC gets its user and group info via winbind. As BDC it should point to the same ldap server as the PDC (or to a replica). Kind regards Hi, I have server setup as BDC on a subnet different from the PDC. The BDC can auth fine against the PDC and they can browse each other just fine. The problem is on Unix side of the BDC. When I do a 'wbinfo -g' or 'getent group' each group fit the format 'DOMAIN\group_name' and the PDC does not. This is causing problems when synchronizing as the group perm is being set by name, not uid. I have configured both the PDC and BDC with the following entries: winbind trusted domains only = yes winbind use default domain = yes obey pam restrictions = Yes Yet the domain name still show in in the groups on the BDC. I tired every I know but with no luck. What can I do to remove the domain from the group entries on the BDC? Thnaks! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 werner maes wrote: This is a systemic problem with this list. No one seems to pay any attention until the release is done and over. off course you're right. but I don't think that one man could change this evolution. to be honest, I've read it but forgot to reply I understand. Maybe it would have changed the thread and maybe not. I had one person that reported a bug after 3.0.23 was released and said, I saw it in all the RCs but assumed it would be fixed in the final release. Funny but sad story. Is there a bug report on this ? It won't get fixed if we don't know about it. And since 3.0.23b has just been released, it may not be fixed in that either. No, it has not been fixed in 3.0.23b. there is no bug report as far as I know. he downgraded his server (since it was a production server) to an earlier version of samba. Any chance of getting a level 10 debug log from smbd for this failure ? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2KqRIR7qMdg1EfYRAqMCAJ4/IZZ9bkow+SupLreHDXGO/HW+cACgnFhx wTJM8331Qtw+sWTMy8jfewI= =cS2d -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] summer of code update?
Jerry, I was hoping to get an update on the SoC projects. Specifically the Administrative Logging system that Michael Krax is working on. I am very excited about the pospects of this for HIPAA, SOX, GLBA, etc. Thanks, Tom Lapp FileEngine -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.23b Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == Where does he get those wonders toys? -- The Joker (Batman 1989) == Release Announcements = This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. Please read the changes in this section and for the original 3.0.23 release regarding new features and difference in behavior from previous releases. Common bugs fixed in 3.0.23b include: o Ambiguity with unqualified names in smb.conf parameters such as force user and valid users. o Errors in 'net ads join' caused by bad IP address in the list of domain controllers. o SMB signing errors in the client and server code. o Domain join failures when using smbpasswd on a Samba PDC. Member servers, domain accounts, and smb.conf = Since Samba 3.0.8, it has been recommended that all domain accounts listed in smb.conf on a member server be fully qualified with the domain name. This is now a requirement. All unqualified names are assumed to be local to the Unix host, either as part of the server's local passdb or in the local system list of accounts (e.g. /etc/passwd or /etc/group). The reason for this change is that smbd has transitioned from access checks based on string comparisons to token based authorization. All names are resolved to a SID and then verified against the logged on user's NT user token. Local names will resolve to a local SID, while qualified domain names will resolve to the appropriate domain SID. If the member server is not running winbindd at all, domain accounts will be implicitly mapped to local accounts and their tokens will be modified appropriately to reflect the local SID and group membership. For example, the following share will restrict access to the domain group Linux Admins and the local group srvadmin. [restricted] path = /data valid users = +DOMAIN\Linux Admins +srvadmin Note that to restrict the [homes] share on a member server to the owner of that directory, it is necessary to prefix the %S value to valid users. [global] security = {domain,ads} workgroup = DOM winbind separator = + [homes] valid users = DOM+%S Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 157BC95E). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/history/samba-3.0.23b.html Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2KnSIR7qMdg1EfYRAt7TAKC7K8yfOHpbD8otgHjrOC+YcNUJXACfXSL0 Nn/7BF1poOib6PXUvQCWoHs= =6Ewu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] disabling roaming profiles for some networks only
Good point. -Original Message- From: [EMAIL PROTECTED] on behalf of Logan Shaw Sent: Tue 8/8/2006 9:40 AM To: samba@lists.samba.org Subject: RE: [Samba] disabling roaming profiles for some networks only On Tue, 8 Aug 2006, John Mason wrote: What about also enabling roaming profiles, but doing folder redirection? I use it and so it take much less time since each machine is configured to mount their my documents, desktop, etc. which makes their profile large rather than include them in the profile. I don't think that would work so well for our environment. The issue isn't the space used in the profile. It's the speed at which it can be copied over and back. Turning folders like the desktop into mounts from the server would prevent slow logons, but in exchange what we'd get is files on the desktop taking minutes to open after someone had logged in. The pipe between the offices is about 1.5 megabit/s bandwidth with a latency of about 70 ms, and this makes access to files over SMB (or CIFS) really slow. I'd *love* to improve responsiveness of the server, but my guess is that the protocol just doesn't deal with latency very well (most file sharing protocols don't), so no amount of tuning is going to make a huge difference. Plus, of course, if you open a 10 megabyte file over a 1.5 megabit/s link, the theoretical best time you're ever going to see is about 53 seconds. And people do put 10 megabyte files on their desktops. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows 2000/xp authentication through samba/ldap?
Mike schrieb: I run the computers in a small shop and want to change my users from using the local accounts on their windows boxes to a central account managed through ldap (openldap). I now have samba working with ldap and using ldap for authenticating shares as windows users ask for those shares to be mounted to their workstations. What I want is for the initial ctl-alt-del login to authenticate through samba to ldap. What you want to do is, set up a domain controller. Look at the Chapter Making Happy Users in the Samba by Example book available on the Samba web site. (This is not for a small shop but covers using LDAP as a password backend.) -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] VFAT filesystem support vs. smbfs
I'll forward your question to the list. -Original Message- From: [EMAIL PROTECTED] on behalf of Tim Schoenfelder Sent: Tue 8/8/2006 10:07 AM To: John Mason Subject: Re: [Samba] This list is a black hole. I'm having a problem with Samba, I cannot connect to my Win98 PC via FC5. It seems that cifs doesn't support vfat from what I've read at the Samba site and smbfs isn't supported in the binary that I've downloaded via Yum. I tried googling and experimenting to make it work, I'm not sure what to do next... Any suggestions as to what I can do? BTW, I posted this following email the other day: I've read that smbfs has been depreciated for cifs for Win2k and WinXP, however, I see that older vfat OSs such as Win98 are not supported via cifs filesystem. I have installed the current samba binary on Fedora Core 5 via yum and noticed that the mount command doesn't recognize smbfs either. I used the following syntax: mount -t cifs //192.168.1.111/C /mnt/htpc -o user=WORKGROUP/Username,nocase The above command entry prompted for a password and then yielded the following error: mount error 112 = Host is down BTW, smbtree finds the hostname and share, however, word on the net is that a person has to use an ip address to make cifs work. Using the following command: mount -t smbfs //HTPC/C /mnt/htpc -o user=WORKGROUP/Username,pass=password,nocase yields the following error: mount: unknown filesystem type 'smbfs' smbtree sees the win98 share correctly as //HTPC/C Does anyone know how I can mount my Win98 share with the new samba? -- Tim Schoenfelder http://timschoenfelder.com On 8/8/06, John Mason [EMAIL PROTECTED] wrote: Seems that many questions get answered... but most to the original requestor... not the list. Plus, many of us watching don't know as much as the esteemed 30 or so experts so we can only help on that which we have tried. Are you having a problem? I'll try to answer it. -Original Message- From: [EMAIL PROTECTED] on behalf of Steven Rice Sent: Tue 8/8/2006 8:12 AM To: samba@lists.samba.org Subject: [Samba] This list is a black hole. Many questions goes in, Very few answers come out. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Tim Schoenfelder http://timschoenfelder.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [HELP] Samba 3.0.23a pam_winbind says password expired
I'm getting the same issue except I can't log in because login only autorise to get a shell after the pass change. Any idea why PAM_WINBIND_NEW_AUTHTOK_REQD is sent ? (I have this problem since upgrading from 200 to 2003 (mixed mode) and samba-3.0.23a, using security=ads and winbind Emmanuel Le mardi 1 août 2006 10:27, Michael Gasch a écrit : hi, i just do some tests with a fresh compiled samba 3.0.23a. trying to authenticate against PAM with pam_winbind gives: Aug 1 09:59:21 humevo36 pam_winbind[27853]: pam_winbind: pam_sm_authenticate (flags: 0x) Aug 1 09:59:23 humevo36 pam_winbind[27853]: Verify user `gasch' Aug 1 09:59:23 humevo36 pam_winbind[27853]: enabling cached login flag Aug 1 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' granted access Aug 1 09:59:23 humevo36 pam_winbind[27853]: Password has expired (Password was last set: 1154074953, the policy says it should expire here 1154074952 (now it's: 1154419163) Aug 1 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' OK Aug 1 09:59:23 humevo36 pam_winbind[27853]: pam_sm_acct_mgmt success but PAM_WINBIND_NEW_AUTHTOK_REQD is set Aug 1 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' needs new password Aug 1 09:59:27 humevo36 su: FAILED SU (to gasch) gasch on /dev/pts/3 there´s no password policy on the domain controller (samba 3.0.14a, debian): [EMAIL PROTECTED]:~# pdbedit -d 0 -P maximum password age account policy value for maximum password age is 4294967295 [EMAIL PROTECTED]:~# pdbedit -d 0 -P password history account policy value for password history is 0 some samba-ldap attributes on PDC for user gasch: sambaLogonTime: 1130931254 sambaPwdMustChange: 2147483647 sambaPasswordHistory: sambaAcctFlags: [UX ] sambaKickoffTime: 1204325940 sambaPwdCanChange: 1154074953 sambaPwdLastSet: 1154074953 i can provide you with a level 10 debug log of winbindd offline (700kb) if requested. btw: it worked fine with 3.0.20b RPM from SuSE. any ideas? thx in advance! smb.conf [global] workgroup = DOMAIN server string = Samba v3 # username map = /etc/samba/username.map time server = yes log level = 2 syslog = 0 log file = /var/log/samba/log.%m max log size = 1 unix extensions = No printcap name = cups os level = 32 interfaces = lo eth0 vmnet1 vmnet8 bind interfaces only = yes wins server = 192.168.x.y preferred master = No local master = No domain master = No dns proxy = No panic action = /usr/share/samba/panic-action %d idmap backend = idmap_rid:DOMAIN=1-1 idmap uid = 1-1 idmap gid = 1-1 winbind offline logon = yes winbind separator = '\' winbind enum users = No winbind enum groups = No winbind use default domain = Yes winbind trusted domains only = no winbind cache time = 60 security = domain allow trusted domains = no template shell = /bin/bash template homedir = /home/%U invalid users = root pam (common-auth) = authrequiredpam_env.so # following also tried without arguments authsufficient pam_winbind.so debug try_first_pass cached_login authrequiredpam_unix2.so use_first_pass -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Samba 3.0.23b RPM packages for all SUSE Linux products (was: [Samba] Samba 3.0.23b Available for Download)
On Tue, Aug 08, 2006 at 10:12:18AM -0500, Gerald Carter wrote: [snip] Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ RPM packages of Samba 3.0.23b for all SUSE Linux products are available at ftp://ftp.suse.com/pub/projects/samba/3.0/ or http://ftp.suse.com/pub/projects/samba/3.0/ Supported SUSE Linux based products are at the moment SUSE Linux 9.2, 9.3, 10.0, 10.1, UnitedLinux 1/ SUSE Linux Enterprise Server (SLES) 8, SLES 9 and 10, and factory (= the currently developed product). For some architectures - like ia64, ppc, s390(x) - you find a limited releases subset. The same packages are also available at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/ Please use a mirror close to your site. A list of Samba.org mirrors is available at http://Samba.org/ There choose a mirror at the right top of the page. There are also a bunch of SUSE mirrors. A list of international mirror sites is at http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html A list of mirrors in Germany is at http://www.novell.com/products/suselinux/downloads/ftp/germ_mirrors.html If you encounter any problem with these packages please don't blame the Samba Team. Instead file a bug to https://bugzilla.Samba.org/, pick product Samba 3.0, then select 'component' Packaging and set 'assign to' to samba-maintainers at suse dot de. Or use http://bugzilla.Novell.com with the same assignee instead. For additional information - how to report bugs and which log files are required - see http://en.openSUSE.org/Samba Our customers, our products, our responsibility. Have a lot of fun... Lars - for the Novell Samba Team -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany pgpx0TTRhQsWL.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Windows Explorer hangs when clicking on a samba share
On Tue, 8 Aug 2006 10:57:09 -0400 [EMAIL PROTECTED] wrote: FYI: I found out the problem. When I specified the netbios name setting under my global section, the long delay went away. Here is my original E-mail: I am new to samba and Linux. I mapped a drive from my Windows XP workstation to the /opt directory on the Linux box. When I am in Windows Explorer and I am viewing the samba drive, I can click on any directory or file on that drive, and the speed is very fast (like a local drive). If I click on another drive and click on the samba drive again after five minutes or so, my workstation hangs for about 15 seconds until the directories from the samba drive finally show up. It appears to be authenticating my connection. After the waiting period, all is fast again. On other hand if I walk away from my desk for awhile and Window Explorer is already on the samba drive, there is no hanging when I return and click on something on the samba drive. In short, my workstation hangs when initially clicking on the samba drive from Windows Explorer. Does anyone have any ideas? I have also noticed that if I go to DOS and change directory (cd), it comes up quickly, and I can even edit a file on the samba drive from DOS with no problems. If I bring up Windows Explorer immediately after editing the file in DOS, my workstation hangs again. Below is a condensed version of my smb.conf. I have also tried adding SO_KEEPALIVE IPTOS_LOWDELAY to the socket options. That did not help either. [global] server string = Samba server log file = /var/log/samba/%m.log max log size = 50 security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no [opt] comment = opt directory browseable = yes path = /opt public = no valid users = myuserid writable = yes Thanks in advance for any responses! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Is the server's hostname different from the DNS entry related with the server's IP number? Greetings. -- Miguel Da Silva. Servicio de Informatica. Facultad de Ciencias. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
Hello, Am Dienstag, den 08.08.2006, 15:16 +0200 schrieb werner maes: anyway I still find it regrettable that multiple backends are no longer possible since we have our users stored in LDAP and the machine-accounts on the local PDC. Have a look at http://pdbsql.sf.net Since multiple backends are no longer supported by samba there are third party modules available. Mario signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SID in Explorer Owner Field using LDAP
Hello! I'd appreciate any help on this as I am stumped. I have 4 servers running Samba. The First is Acting as a PDC with roaming profile logons as well as an LDAP server. I am using the smbldap-tools to administer the two. That works great. I also have 3 other network file servers that are mapped to use LDAP from the PDC for posix account info. I set the smb.conf on each of them to use LDAP for sambaSamAccount info also via below: # Specifying ldapsam backend database passdb backend = ldapsam:ldaps://my.pdc.servername.com username map = /etc/samba/smbusers # OpenLDAP stuff is defined here ### ldap suffix = dc=my,dc=pdc,dc=servername,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Users ldap admin dn = uid=Admin,ou=Users,dc=my,dc=pdc,dc=servername,dc=com ldap ssl = On ldap passwd sync = Yes idmap uid = 15-55 idmap gid = 15-55 Now the accounts can log in fine with single point LDAP user management from all the systems posix, samba or otherwise. The problem I am having is the SID from the PDC box is what is used to generate the data in the users sambaSID LDAP entry. As a result, The Owner field in the Windows file Explorer is correct for the homes share from the PDC in that it displays the workgroup\joeuser posix name. Shares mapped from the file servers show the long S-1-5-21-1234567890-1234567890-1234567890-2308 (with the last four being the rid?) where the first part is the SID from the PDC as the Owner. Is there a way to make these display the right posix name also instead of the long non-useful sambaSID? Thanks!! Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba AD member server and cached credentials?
Hi we are using a recent samba server in an AD W2003 domain. The AD DC's are located at the main location. The samba member servers (file-servers) are located at the outside locations. A User is able to logon to his Workstation, even if the Domaincontroller is not available, if he has already logged on to this workstation earlier (the clients caches the credentials). But the client is anable to acces files on the samba server, it the connection to the AD-DC at the main location is not available. Is there a way that samba can cache credentials as a AD member server to, in order to to allow the clients to access their files without connection to the AD DC? Thank you Hansjörg . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbfs vs. cifs on Win98
I'm not sure is you can mount a VFAT share using cifs. Why don't you try it? In Win98, share something then in your /etc/fstab, create an entry with type as cifs. smbfs is no longer maintained, so don't use it if you don't have to. NOTE that smbfs is not part of Samba. You don't need to be running Samba to mount smbfs or cifs shares. The packages for them are probably not part of Samba in your distribution, so installing Samba won't give you smbfs or cifs either. There error you are getting could be because you don't have cifs installed. As for the ip address vs. hostname, just make sure the host is defined in /etc/hosts. I've read that smbfs has been depreciated for cifs for Win2k and WinXP, however, I see that older vfat OSs such as Win98 are not supported via cifs filesystem. I have installed the current samba binary on Fedora Core 5 via yum and noticed that the mount command doesn't recognize smbfs either. I used the following syntax: mount -t cifs //192.168.1.111/C /mnt/htpc -o user=WORKGROUP/Username,nocase The above command entry prompted for a password and then yielded the following error: mount error 112 = Host is down BTW, smbtree finds the hostname and share, however, word on the net is that a person has to use an ip address to make cifs work. Using the following command: mount -t smbfs //HTPC/C /mnt/htpc -o user=WORKGROUP/Username,pass=password,nocase yields the following error: mount: unknown filesystem type 'smbfs' smbtree sees the win98 share correctly as //HTPC/C Does anyone know how I can mount my Win98 share with the new samba? -- Tim Schoenfelder http://timschoenfelder.com http://timschoenfelder.com/ ...also included in my email to cedarlug: however, smbtree appears to see the win98 share somewhat correctly as //HTPC/C via the following: session request to 192.168.1.111 http://192.168.1.111/ failed (Called name not present) session request to *SMBSERVER failed (Called name not present) WORKGROUP session request to 192.168.1.111 http://192.168.1.101/ failed (Called name not present) session request to *SMBSERVER failed (Called name not present) \\HTPC cli_rpc_pipe_open: cli_nt_create failed on pipe \srvsvc to machine HTPC. Error was ERRSRV - ERRerror (Non-specific error code.) \\HTPC\IPC$ Remote Inter Process Communication \\HTPC\C On 8/8/06, *Gary Dale* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: There is an old saying that a fool can ask more questions than a wise man can answer. :) Posting a question on this list should be the last thing you do after you've read the documentation, checked the howtos and searched the archives. A lot of the questions that come up are answered there. Many of the others would be answered if people would follow normal debugging procedures, such as bumping up the log levels before posting a question. The Samba developers answer the questions that remain. Personally, I'd rather have them working on improving the product than answering the same old questions time after time. That's why I throw in my $0.02 worth when there is an issue I think I can help on. Tim Schoenfelder wrote: It appears that way! On 8/8/06, Steven Rice [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Many questions goes in, Very few answers come out. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Tim Schoenfelder http://timschoenfelder.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbfs vs. cifs on Win98
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gary Dale wrote: There error you are getting could be because you don't have cifs installed. As for the ip address vs. hostname, just make sure the host is defined in /etc/hosts. Just a note According the kernel change log, cifs didn't get support for Win9x server until 2.6.15. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2N6NIR7qMdg1EfYRAmptAJ90iyA9F22JlkLEDm5YYe0Y07lQNwCg8dsg mNNAwrbawWRVAf01OceYdDc= =ggcT -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba AD member server and cached credentials?
Hi, You might take a look at the new option in smb.cong called winbind offline logon (G) Haven't used it myself but I think it would work :) or you have to wait for samba4 :) Cheers, Henrik 8 aug 2006 kl. 19:14 skrev Hansjörg Maurer: Hi we are using a recent samba server in an AD W2003 domain. The AD DC's are located at the main location. The samba member servers (file-servers) are located at the outside locations. A User is able to logon to his Workstation, even if the Domaincontroller is not available, if he has already logged on to this workstation earlier (the clients caches the credentials). But the client is anable to acces files on the samba server, it the connection to the AD-DC at the main location is not available. Is there a way that samba can cache credentials as a AD member server to, in order to to allow the clients to access their files without connection to the AD DC? Thank you Hansjörg . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] printing via samba and NOT point 'n' print
Hi people, I need to print via samba to a cups, but not with the point 'n' print feature. I made this work on the old version of samba, 2.x.x. But in 3.x.x it just dosen't work. Any ideas? Tnxs in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problems with access to share after upgrading to 3.0.23(a)
Anton N. Breusov wrote: It appears that we are experiencing the same problem - after upgrade to 3.0.23 I cannot access any shares on my Linux systems except for the home and printer shares. My configuration has not changed since 3.0.22 - it just stopped working. Have you had any luck with this problem? I'm contacted with Jeremy Allison, sent him directly log level 10 log file (server side) for this connection, and waiting for reply... If you're having problems with a particular share, please send me your smb.conf - I have an idea what the problem might be. OK, just sent all of them. ;-) Also will try to play with *** mask/mode options in my config by commenting them out today later, maybe I oversecured some things before ;-) and only now this broke things. Has there been any progress on this issue? It's a problem to not be able to access my shares! Thanks! Nolan signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password change from win client doesn't work
Hi. If a domain user wants to change his domain password from the windows client, the client pc gets inaccessible for long time. After this time a popup appears with a message like this: Your password could not be changed. The DOMAIN is not available. In the samba logs I get this message: hg-k2 (192.168.0.15) couldn't find service USERNAME According to the example smb.conf on samba.org I have this lines in my smb.conf: passwd program = /usr/bin/passwd %u passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* Thx Josef -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba 3.0.23a + ldap as PDC - should work, but why?
hello I'd recommend dropping valid users from [profiles] altogether. ah! it's interesting since the valid users line is recommended in idealx's linux samba-openldap howto. could u explain why u'd drop it ? thank you ELH Gerald (Jerry) Carter a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Mason wrote: [profiles] # chmod 1777 /home/%U/.msprofile path = /home/%U/.msprofile read only = no profile acls = yes create mask = 0600 directory mask = 0700 browseable = No nt acl support = Yes force user = %U valid users = %U @Domain Admins The %U in force user and valid users has no affect. It says restrict connections to whoever is connecting and force them to be who they already are. I'd recommend dropping valid suers from [profiles] altogether. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE15YWIR7qMdg1EfYRAqzvAKDxCYtNZsha0VTPHhG+JYu5KQ/YdgCgqW9a +exNOTqTnnbKdZ9ZKAiErGE= =rybR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: inherit acls not working
i think your kernel needs EA (extended attributes) for acls inheritance to work. regards S. J. van Harmelen a écrit : To my knowledge the 'inherit acls' option should make new files inherit the default acls from the containing folder... Please correct me if I'm wrong! But when I turn this setting on, it just don't seem to work... In other words, newly created files do not get the default acls from the containing folder... Please advice anyone... (running Samba 3.0.21b-1 on Debian Sarge) = [global] security = ads password server = server01 encrypt passwords = true workgroup = workgroup realm = DOMAIN.LOCAL netbios name = server log file = /var/log/samba/samba.log log level = 2 syslog = 0 nt acl support = yes # map acl inherit = yes max mux = 2048 change notify timeout = 5 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = yes [wwwroot] comment = wwwroot path = /usr/home/ws.old/wws01 read only = no browsable = yes writable = yes dos filemode = yes acl group control = yes inherit acls = yes veto oplock files = /*.mdb/*.MDB/ create mask = 0770 force create mode = 0440 directory mask = 0771 force directory mode = 0771 security mask = 0777 force security mode = 0440 directory security mask = 0777 force directory security mode = 0771 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problems with access to share after upgrading to 3.0.23(a)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nolan Garrett wrote: Anton N. Breusov wrote: It appears that we are experiencing the same problem - after upgrade to 3.0.23 I cannot access any shares on my Linux systems except for the home and printer shares. My configuration has not changed since 3.0.22 - it just stopped working. Have you had any luck with this problem? I'm contacted with Jeremy Allison, sent him directly log level 10 log file (server side) for this connection, and waiting for reply... If you're having problems with a particular share, please send me your smb.conf - I have an idea what the problem might be. OK, just sent all of them. ;-) Also will try to play with *** mask/mode options in my config by commenting them out today later, maybe I oversecured some things before ;-) and only now this broke things. Has there been any progress on this issue? It's a problem to not be able to access my shares! I'm about 80% confident this was fixed in 3.0.23b. Please let me know the outcome of your testing. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE2RIwIR7qMdg1EfYRAl/IAKCeOUmJUkequba0gzk4MYkTVnYTTwCdGt84 pNY53mj0AUZugB11bABh0jI= =g/2D -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password change from win client doesn't work
[EMAIL PROTECTED] wrote: Hi. If a domain user wants to change his domain password from the windows client, the client pc gets inaccessible for long time. After this time a popup appears with a message like this: Your password could not be changed. The DOMAIN is not available. In the samba logs I get this message: hg-k2 (192.168.0.15) couldn't find service USERNAME According to the example smb.conf on samba.org I have this lines in my smb.conf: passwd program = /usr/bin/passwd %u passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* Thx Josef Does the passwd chat match the password change dialogue on your server (* are any character(s))? This is also case sensitive. If the dialogue doesn't match what is expected, you get the problem you described. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] FUTEX_WAIT 3.0.23a [Fwd: Re: amanda-2.5.0p2 hanging on smbclient with configure]
Would anyone have any ideas with smbclient sits at FUTEX_WAIT in below message? Typing: strace smbclient -d 5 shows it sitting at: futex(0x2bdf2dc0, FUTEX_WAIT, 2, NU. SUSE 9.3 x86_64, Samba RPMS from main Samba site rpm -q samba-client samba-client-3.0.23a-0.1.34 -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/ Original Message Subject: Re: amanda-2.5.0p2 hanging on smbclient with configure From:Gavin Henry [EMAIL PROTECTED] Date:Tue, August 8, 2006 4:44 pm To: Paul Bijnens [EMAIL PROTECTED] Cc: amanda-users@amanda.org -- quote who=Gavin Henry quote who=Gavin Henry quote who=Paul Bijnens On 2006-08-08 16:17, Gavin Henry wrote: Currently trying to compile 2.5.0p2 with: ./configure --with-user=amanda --with-group=disk --with-ssh-security --with-config=Suretec --with-changer-device=/dev/sg2 --with-tape-device=/dev/nst0 But configure just sits there at: checking for smbclient... /usr/bin/smbclient Same when adding --with-smbclient=/usr/bin/smbclient If you do not need smbclient support, then you can configure with --without-smbclient and work around this problem. I have tried that, and with --with-smbclient=no. I've been going through configure.in to see what the probs are. If you do need it... then try to investigate what is blocking. It seems like configure is hanging in one of the next steps. Configure tries to find out what version of smbclient you have by running the command: smbclient '\\not.a.host.name\notashare' -U nosuchuser -N -Tx /dev/null Looks like it's this. It just hangs. Must be smbclient, as it is taking forever, even when I jsut run: smblcient with no options. Forget it, will debug smbclient. Nothing wrong with Amanda. Thanks all. strace smbclient -d 5 show it sitting at: futex(0x2bdf2dc0, FUTEX_WAIT, 2, NULL Hmm. I just setup 2 clients on Fedora Core 5 with 2.5.0p2, and they both are fine. The server is on a SUSE 9.3 x86_64 box, that has (Is a Samba PDC too): free -m total used free sharedbuffers cached Mem: 3961296 3665 0 48 154 -/+ buffers/cache: 93 3868 Swap: 2070 0 2070 uname -a Linux nas1 2.6.14.2-smp #2 SMP Thu Nov 17 15:31:40 GMT 2005 x86_64 x86_64 x86_64 GNU/Linux df -h FilesystemSize Used Avail Use% Mounted on /dev/sda1 73G 6.0G 67G 9% / tmpfs 2.0G 0 2.0G 0% /dev/shm /dev/sdb 6.9T 263G 6.6T 4% /storage lsscsi [0:0:0:0]diskATA HTS541080G9SA00 MB4O /dev/sda [4:0:1:0]tapeCERTANCE ULTRIUM 21775 /dev/st0 [4:0:1:1]mediumx QUANTUM UHDL 000E - [6:0:0:0]diskArecaARC-1160-VOL#00 R001 /dev/sdb What happens if you run that manually? Hangs The output of that step does not appear on screen however, so it could be that configure is actually hanging on the step after that. I think it's smbclient that is the problem. The next step is finding out where the gzip program lives. Is does that by looking in several directories. If one of those directories happens to be mounted on a non-responsive NFS-server, you hang here too. The list of directories is: /bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb:/usr/bsd:/etc:/usr/etc /usr/local/sbin:/usr/local/bin:/usr/ccs/bin and the value of $PATH from the user that runs configure. Anything strange when trying test -e /bin/gzip? (Try that for all the above dirs) Nope, looks fine. -- Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/ email: [EMAIL PROTECTED] *** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * * F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, * * stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, * * PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, * * init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... * * ... Are you sure? ... YES ... Phew ... I'm out * *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: printing via samba and NOT point 'n' print
Guido Lorenzutti wrote: Hi people, I need to print via samba to a cups, but not with the point 'n' print feature. I made this work on the old version of samba, 2.x.x. But in 3.x.x it just dosen't work. Any ideas? Tnxs in advance. Well, I will give to the list the answer. stop the samba stop the winbindd (if you have one) delete the /var/lib/samba/ntprinters.tdb (if you have it there) remove all of the printers share, except the: [printers] comment = All Printers path = /tmp read only = No create mask = 0777 guest ok = Yes printable = Yes browseable = No Don't use the cupsaddsmb! And it will work. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] machine add error to samba PDC
I don't fully understand your problem. You can't add the machine to the domain? Do you have a add machine script in the smb.conf? If not, do you add the machine manually? If so, what to the pdbedit -Lv machine_name$ tells you? Pavan wrote: Hi All, I have setup my samba as a PDC and testparm gives me the right result, but when I am trying to add my XP client to SAMBA I receive an error as Logon failure: bad username or password or Username could not be found. I am using root as the domain administrator and have added root account using smbpasswd and can see it using pdbedit -Lv. I can logon successfully from my windows client from run and typing \\servername file:///\\servername . Why do it complain when I am adding the machine that It cannot find the user??? Backend is simple smbpasswd file. Anyhelp is greatly appreciated. Thanks, Pavan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: inherit acls not working
Strange enough it seems the other way around?! When I mount with user_xattr support I get an 'store_inheritable_attributes : Error permission denied' in my samba.log, and see that the default acls aren't inherited. But when I remount without user_xattr, then everything works fine and the default acls are inherited without any errors...?! But I do need the user_xattr for other things. So how can I get this to work? Sander On di, 2006-08-08 at 15:39 +0200, éric le hénaff wrote: i think your kernel needs EA (extended attributes) for acls inheritance to work. regards S. J. van Harmelen a écrit : To my knowledge the 'inherit acls' option should make new files inherit the default acls from the containing folder... Please correct me if I'm wrong! But when I turn this setting on, it just don't seem to work... In other words, newly created files do not get the default acls from the containing folder... Please advice anyone... (running Samba 3.0.21b-1 on Debian Sarge) = [global] security = ads password server = server01 encrypt passwords = true workgroup = workgroup realm = DOMAIN.LOCAL netbios name = server log file = /var/log/samba/samba.log log level = 2 syslog = 0 nt acl support = yes # map acl inherit = yes max mux = 2048 change notify timeout = 5 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = yes [wwwroot] comment = wwwroot path = /usr/home/ws.old/wws01 read only = no browsable = yes writable = yes dos filemode = yes acl group control = yes inherit acls = yes veto oplock files = /*.mdb/*.MDB/ create mask = 0770 force create mode = 0440 directory mask = 0771 force directory mode = 0771 security mask = 0777 force security mode = 0440 directory security mask = 0777 force directory security mode = 0771 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FUTEX_WAIT 3.0.23a [Fwd: Re: amanda-2.5.0p2 hanging on smbclient with configure]
On Tue, Aug 08, 2006 at 04:52:36PM +0100, Gavin Henry wrote: Would anyone have any ideas with smbclient sits at FUTEX_WAIT in below message? Typing: strace smbclient -d 5 shows it sitting at: futex(0x2bdf2dc0, FUTEX_WAIT, 2, NU. We'd need a more complete strace and a sniff of smbclient. Volker pgpy5TVZb6lNB.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r17451 - in branches/SAMBA_3_0/source: groupdb include passdb rpc_server utils
Author: vlendec Date: 2006-08-08 08:26:40 + (Tue, 08 Aug 2006) New Revision: 17451 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17451 Log: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as an argument. Volker Modified: branches/SAMBA_3_0/source/groupdb/mapping.c branches/SAMBA_3_0/source/include/passdb.h branches/SAMBA_3_0/source/passdb/lookup_sid.c branches/SAMBA_3_0/source/passdb/pdb_interface.c branches/SAMBA_3_0/source/passdb/pdb_ldap.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0/source/utils/net_groupmap.c branches/SAMBA_3_0/source/utils/net_rpc_samsync.c branches/SAMBA_3_0/source/utils/net_sam.c Changeset: Modified: branches/SAMBA_3_0/source/groupdb/mapping.c === --- branches/SAMBA_3_0/source/groupdb/mapping.c 2006-08-07 20:43:06 UTC (rev 17450) +++ branches/SAMBA_3_0/source/groupdb/mapping.c 2006-08-08 08:26:40 UTC (rev 17451) @@ -220,7 +220,7 @@ Return the sid and the type of the unix group. / -static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) +static BOOL get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map) { TDB_DATA kbuf, dbuf; pstring key; @@ -234,7 +234,7 @@ /* the key is the SID, retrieving is direct */ - sid_to_string(string_sid, sid); + sid_to_string(string_sid, sid); slprintf(key, sizeof(key), %s%s, GROUP_PREFIX, string_sid); kbuf.dptr = key; @@ -254,7 +254,7 @@ return False; } - sid_copy(map-sid, sid); + sid_copy(map-sid, sid); return True; } @@ -588,7 +588,7 @@ return NT_STATUS_ACCESS_DENIED; } - if (!get_group_map_from_sid(*alias, map)) + if (!get_group_map_from_sid(alias, map)) return NT_STATUS_NO_SUCH_ALIAS; if ( (map.sid_name_use != SID_NAME_ALIAS) @@ -691,7 +691,7 @@ return NT_STATUS_ACCESS_DENIED; } - if (!get_group_map_from_sid(*alias, map)) + if (!get_group_map_from_sid(alias, map)) return NT_STATUS_NO_SUCH_ALIAS; if ( (map.sid_name_use != SID_NAME_ALIAS) @@ -796,7 +796,7 @@ /* get a domain group from it's SID */ -BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) +BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map) { struct group *grp; BOOL ret; @@ -819,12 +819,12 @@ if ( !ret ) { uint32 rid; - sid_peek_rid( sid, rid ); + sid_peek_rid( sid, rid ); if ( rid == DOMAIN_GROUP_RID_USERS ) { fstrcpy( map-nt_name, None ); fstrcpy( map-comment, Ordinary Users ); - sid_copy( map-sid, sid ); + sid_copy( map-sid, sid ); map-sid_name_use = SID_NAME_DOM_GRP; return True; @@ -998,7 +998,7 @@ NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, -DOM_SID sid) + const DOM_SID *sid) { return get_group_map_from_sid(sid, map) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; @@ -1138,7 +1138,7 @@ { GROUP_MAP map; - if (!pdb_getgrsid(map, *sid)) + if (!pdb_getgrsid(map, sid)) return NT_STATUS_NO_SUCH_ALIAS; if ((map.sid_name_use != SID_NAME_ALIAS) @@ -1161,7 +1161,7 @@ { GROUP_MAP map; - if (!pdb_getgrsid(map, *sid)) + if (!pdb_getgrsid(map, sid)) return NT_STATUS_NO_SUCH_ALIAS; fstrcpy(map.nt_name, info-acct_name); @@ -1285,7 +1285,7 @@ BOOL res; become_root(); - res = get_domain_group_from_sid(*sid, map); + res = get_domain_group_from_sid(sid, map); unbecome_root(); if (!res) @@ -1301,7 +1301,7 @@ { GROUP_MAP map; - if (!get_domain_group_from_sid(*sid, map)) + if (!get_domain_group_from_sid(sid, map)) return False; fstrcpy(map.nt_name, info-acct_name); Modified: branches/SAMBA_3_0/source/include/passdb.h === --- branches/SAMBA_3_0/source/include/passdb.h 2006-08-07 20:43:06 UTC (rev 17450) +++ branches/SAMBA_3_0/source/include/passdb.h 2006-08-08 08:26:40 UTC (rev 17451) @@ -244,7 +244,7 @@ * enum SID_NAME_USE rather than uint32. */ -#define PASSDB_INTERFACE_VERSION 14 +#define PASSDB_INTERFACE_VERSION 15 struct pdb_methods { @@ -277,7 +277,8 @@ NTSTATUS (*update_login_attempts)(struct pdb_methods *methods, struct samu *sam_acct,
svn commit: samba r17453 - in branches: SAMBA_3_0/source/include SAMBA_3_0/source/rpc_client SAMBA_3_0/source/rpc_parse SAMBA_3_0/source/rpc_server SAMBA_3_0/source/rpcclient SAMBA_3_0/source/smbd SAM
Author: gd Date: 2006-08-08 11:00:16 + (Tue, 08 Aug 2006) New Revision: 17453 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17453 Log: Fix msdfs RPC management (this broke with the autogenerated dfs rpcs). * Remove unknown from dfs_Enum (samba4 dfs IDL updates to follow). * When encountering an unsupported infolevel the rpc server must reply with a dfs_info_0 structure and WERR_OK (observed from w2k3 when talking to nt4). Guenther Modified: branches/SAMBA_3_0/source/include/msdfs.h branches/SAMBA_3_0/source/include/rpc_dfs.h branches/SAMBA_3_0/source/rpc_client/cli_dfs.c branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c branches/SAMBA_3_0/source/rpc_server/srv_dfs_nt.c branches/SAMBA_3_0/source/rpcclient/cmd_dfs.c branches/SAMBA_3_0/source/smbd/msdfs.c branches/SAMBA_3_0_23/source/include/msdfs.h branches/SAMBA_3_0_23/source/include/rpc_dfs.h branches/SAMBA_3_0_23/source/rpc_client/cli_dfs.c branches/SAMBA_3_0_23/source/rpc_parse/parse_dfs.c branches/SAMBA_3_0_23/source/rpc_server/srv_dfs_nt.c branches/SAMBA_3_0_23/source/rpcclient/cmd_dfs.c branches/SAMBA_3_0_23/source/smbd/msdfs.c Changeset: Modified: branches/SAMBA_3_0/source/include/msdfs.h === --- branches/SAMBA_3_0/source/include/msdfs.h 2006-08-08 09:56:38 UTC (rev 17452) +++ branches/SAMBA_3_0/source/include/msdfs.h 2006-08-08 11:00:16 UTC (rev 17453) @@ -53,6 +53,7 @@ struct junction_map { pstring service_name; pstring volume_name; + pstring comment; int referral_count; struct referral* referral_list; }; Modified: branches/SAMBA_3_0/source/include/rpc_dfs.h === --- branches/SAMBA_3_0/source/include/rpc_dfs.h 2006-08-08 09:56:38 UTC (rev 17452) +++ branches/SAMBA_3_0/source/include/rpc_dfs.h 2006-08-08 11:00:16 UTC (rev 17453) @@ -243,8 +243,6 @@ uint32 bufsize; uint32 ptr0_info; NETDFS_DFS_ENUMSTRUCT info; - uint32 ptr0_unknown; - uint32 unknown; uint32 ptr0_total; uint32 total; } NETDFS_Q_DFS_ENUM; Modified: branches/SAMBA_3_0/source/rpc_client/cli_dfs.c === --- branches/SAMBA_3_0/source/rpc_client/cli_dfs.c 2006-08-08 09:56:38 UTC (rev 17452) +++ branches/SAMBA_3_0/source/rpc_client/cli_dfs.c 2006-08-08 11:00:16 UTC (rev 17453) @@ -142,7 +142,7 @@ return werror_to_ntstatus(r.status); } -NTSTATUS rpccli_dfs_Enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *unknown, uint32 *total) +NTSTATUS rpccli_dfs_Enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *total) { prs_struct qbuf, rbuf; NETDFS_Q_DFS_ENUM q; @@ -153,7 +153,7 @@ /* Marshall data and send request */ - if (!init_netdfs_q_dfs_Enum(q, level, bufsize, info, unknown, total)) + if (!init_netdfs_q_dfs_Enum(q, level, bufsize, info, total)) return NT_STATUS_INVALID_PARAMETER; CLI_DO_RPC(cli, mem_ctx, PI_NETDFS, DFS_ENUM, Modified: branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c 2006-08-08 09:56:38 UTC (rev 17452) +++ branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c 2006-08-08 11:00:16 UTC (rev 17453) @@ -1862,7 +1862,7 @@ return True; } -BOOL init_netdfs_q_dfs_Enum(NETDFS_Q_DFS_ENUM *v, uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *unknown, uint32 *total) +BOOL init_netdfs_q_dfs_Enum(NETDFS_Q_DFS_ENUM *v, uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *total) { DEBUG(5,(init_netdfs_q_dfs_Enum\n)); @@ -1877,13 +1877,6 @@ v-ptr0_info = 0; } - if (unknown) { - v-ptr0_unknown = 1; - v-unknown = *unknown; - } else { - v-ptr0_unknown = 0; - } - if (total) { v-ptr0_total = 1; v-total = *total; @@ -1920,17 +1913,6 @@ if (!prs_align_custom(ps, 4)) return False; - if (!prs_uint32(ptr0_unknown, ps, depth, v-ptr0_unknown)) - return False; - - if (v-ptr0_unknown) { - if (!prs_uint32(unknown, ps, depth, v-unknown)) - return False; - } - - if (!prs_align_custom(ps, 4)) - return False; - if (!prs_uint32(ptr0_total, ps, depth, v-ptr0_total)) return False; Modified: branches/SAMBA_3_0/source/rpc_server/srv_dfs_nt.c === ---
svn commit: samba r17454 - in branches/SAMBA_3_0/source: include rpc_client rpc_parse rpcclient
Author: gd Date: 2006-08-08 11:45:57 + (Tue, 08 Aug 2006) New Revision: 17454 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17454 Log: Adding dfs_EnumEx for rpcclient (Samba4 IDL to follow). Guenther Modified: branches/SAMBA_3_0/source/include/rpc_dfs.h branches/SAMBA_3_0/source/rpc_client/cli_dfs.c branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c branches/SAMBA_3_0/source/rpcclient/cmd_dfs.c Changeset: Modified: branches/SAMBA_3_0/source/include/rpc_dfs.h === --- branches/SAMBA_3_0/source/include/rpc_dfs.h 2006-08-08 11:00:16 UTC (rev 17453) +++ branches/SAMBA_3_0/source/include/rpc_dfs.h 2006-08-08 11:45:57 UTC (rev 17454) @@ -376,10 +376,21 @@ } NETDFS_R_DFS_REMOVE2; typedef struct netdfs_q_dfs_EnumEx { - uint32 dummy; + uint32 ptr0_dfs_name; + UNISTR2 dfs_name; + uint32 level; + uint32 bufsize; + uint32 ptr0_info; + NETDFS_DFS_ENUMSTRUCT info; + uint32 ptr0_total; + uint32 total; } NETDFS_Q_DFS_ENUMEX; typedef struct netdfs_r_dfs_EnumEx { + uint32 ptr0_info; + NETDFS_DFS_ENUMSTRUCT info; + uint32 ptr0_total; + uint32 total; WERROR status; } NETDFS_R_DFS_ENUMEX; Modified: branches/SAMBA_3_0/source/rpc_client/cli_dfs.c === --- branches/SAMBA_3_0/source/rpc_client/cli_dfs.c 2006-08-08 11:00:16 UTC (rev 17453) +++ branches/SAMBA_3_0/source/rpc_client/cli_dfs.c 2006-08-08 11:45:57 UTC (rev 17454) @@ -576,7 +576,7 @@ return werror_to_ntstatus(r.status); } -NTSTATUS rpccli_dfs_EnumEx(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx) +NTSTATUS rpccli_dfs_EnumEx(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *total, const char *dfs_name) { prs_struct qbuf, rbuf; NETDFS_Q_DFS_ENUMEX q; @@ -587,7 +587,7 @@ /* Marshall data and send request */ - if (!init_netdfs_q_dfs_EnumEx(q)) + if (!init_netdfs_q_dfs_EnumEx(q, level, bufsize, info, total, dfs_name)) return NT_STATUS_INVALID_PARAMETER; CLI_DO_RPC(cli, mem_ctx, PI_NETDFS, DFS_ENUMEX, Modified: branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c 2006-08-08 11:00:16 UTC (rev 17453) +++ branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c 2006-08-08 11:45:57 UTC (rev 17454) @@ -2569,10 +2569,33 @@ return True; } -BOOL init_netdfs_q_dfs_EnumEx(NETDFS_Q_DFS_ENUMEX *v) +BOOL init_netdfs_q_dfs_EnumEx(NETDFS_Q_DFS_ENUMEX *v, uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *total, const char *dfs_name) { DEBUG(5,(init_netdfs_q_dfs_EnumEx\n)); + + if (!dfs_name) + return False; + init_unistr2(v-dfs_name, dfs_name, UNI_FLAGS_NONE|UNI_STR_TERMINATE); + + v-level = level; + + v-bufsize = bufsize; + + if (info) { + v-ptr0_info = 1; + v-info = *info; + } else { + v-ptr0_info = 0; + } + + if (total) { + v-ptr0_total = 1; + v-total = *total; + } else { + v-ptr0_total = 0; + } + return True; } @@ -2583,6 +2606,42 @@ prs_debug(ps, depth, desc, netdfs_io_q_dfs_EnumEx); depth++; + if (!prs_align_custom(ps, 4)) + return False; + + if (!smb_io_unistr2(dfs_name, v-dfs_name, 1, ps, depth)) + return False; + + if (!prs_align_custom(ps, 4)) + return False; + + if (!prs_uint32(level, ps, depth, v-level)) + return False; + + if (!prs_uint32(bufsize, ps, depth, v-bufsize)) + return False; + + if (!prs_uint32(ptr0_info, ps, depth, v-ptr0_info)) + return False; + + if (v-ptr0_info) { + if (!netdfs_io_dfs_EnumStruct_p(info, v-info, ps, depth)) + return False; + if (!netdfs_io_dfs_EnumStruct_d(info, v-info, ps, depth)) + return False; + } + + if (!prs_align_custom(ps, 4)) + return False; + + if (!prs_uint32(ptr0_total, ps, depth, v-ptr0_total)) + return False; + + if (v-ptr0_total) { + if (!prs_uint32(total, ps, depth, v-total)) + return False; + } + return True; } @@ -2602,10 +2661,39 @@ prs_debug(ps, depth, desc, netdfs_io_r_dfs_EnumEx); depth++; + if (!prs_uint32(ptr0_info, ps, depth, v-ptr0_info)) + return False; + + if
svn commit: samba r17455 - in tags: .
Author: jerry Date: 2006-08-08 12:42:43 + (Tue, 08 Aug 2006) New Revision: 17455 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17455 Log: tagging 3.0.23b Added: tags/release-3-0-23b/ Changeset: Copied: tags/release-3-0-23b (from rev 17454, branches/SAMBA_3_0_RELEASE)
svn commit: samba-docs r981 - in tags: .
Author: jerry Date: 2006-08-08 12:42:43 + (Tue, 08 Aug 2006) New Revision: 981 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=981 Log: tagging 3.0.23b Added: tags/release-3-0-23b/ Changeset: Copied: tags/release-3-0-23b (from rev 980, trunk)
svn commit: samba r17456 - in branches/SAMBA_3_0_RELEASE: .
Author: jerry Date: 2006-08-08 12:43:39 + (Tue, 08 Aug 2006) New Revision: 17456 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17456 Log: fix typo in release notes Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-08-08 12:42:43 UTC (rev 17455) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-08-08 12:43:39 UTC (rev 17456) @@ -31,7 +31,7 @@ The reason for this change is that smbd has transitioned from access checks based on string comparisons to token based -authorization. All names are resolved to a SID and they verified +authorization. All names are resolved to a SID and then verified against the logged on user's NT user token. Local names will resolve to a local SID, while qualified domain names will resolve to the appropriate domain SID.
svn commit: samba-web r1025 - in trunk: . history patches
Author: jerry Date: 2006-08-08 12:47:59 + (Tue, 08 Aug 2006) New Revision: 1025 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1025 Log: 3.0.23b release Added: trunk/history/samba-3.0.23b.html trunk/patches/series-3.0.23b Modified: trunk/header_columns.html trunk/index.html Changeset: Sorry, the patch is too large (7113 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1025
svn commit: samba r17457 - in branches/SAMBA_3_0/source: . include lib script/tests torture
Author: vlendec Date: 2006-08-08 13:54:43 + (Tue, 08 Aug 2006) New Revision: 17457 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17457 Log: Add a test to do some operations on group mapping. Volker Added: branches/SAMBA_3_0/source/torture/local-groupmap.c branches/SAMBA_3_0/source/torture/local-multikey.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/lib/tdb_multikey.c branches/SAMBA_3_0/source/script/tests/test_smbtorture_s3.sh branches/SAMBA_3_0/source/torture/torture.c Changeset: Sorry, the patch is too large (913 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17457
svn commit: samba r17458 - in branches/SAMBA_3_0_23/source/sam: .
Author: gd Date: 2006-08-08 15:32:15 + (Tue, 08 Aug 2006) New Revision: 17458 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17458 Log: Fix idmap_ad. (align with changed idmap_methods interface) Guenther Modified: branches/SAMBA_3_0_23/source/sam/idmap_ad.c Changeset: Modified: branches/SAMBA_3_0_23/source/sam/idmap_ad.c === --- branches/SAMBA_3_0_23/source/sam/idmap_ad.c 2006-08-08 13:54:43 UTC (rev 17457) +++ branches/SAMBA_3_0_23/source/sam/idmap_ad.c 2006-08-08 15:32:15 UTC (rev 17458) @@ -139,12 +139,12 @@ } /* no op */ -static NTSTATUS ad_idmap_init(const char *uri) +static NTSTATUS ad_idmap_init(char *uri) { return NT_STATUS_OK; } -static NTSTATUS ad_idmap_get_sid_from_id(DOM_SID *sid, unid_t unid, int id_type, int flags) +static NTSTATUS ad_idmap_get_sid_from_id(DOM_SID *sid, unid_t unid, int id_type) { ADS_STATUS rc; NTSTATUS status = NT_STATUS_NONE_MAPPED;
svn commit: samba r17459 - in branches/SAMBA_3_0/source/nsswitch: .
Author: idra Date: 2006-08-08 15:33:09 + (Tue, 08 Aug 2006) New Revision: 17459 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17459 Log: As by Jerry's word commit this without his review. This patch add some missing async functions to solve UID/GID - SID requests not just out of the cache, but down the remote idmap if necessary. This patch solves the problem of servers not showing users/groups names for allocated UID/GIDs when joined to a group of servers that share a prepopulated idmap backend. Also correctly resolve UID/GIDs to SIDs when looking ACLs from the windows security tab on teh same situation. Simo. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c branches/SAMBA_3_0/source/nsswitch/winbindd_group.c branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c branches/SAMBA_3_0/source/nsswitch/winbindd_user.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2006-08-08 15:32:15 UTC (rev 17458) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2006-08-08 15:33:09 UTC (rev 17459) @@ -1524,3 +1524,113 @@ do_async_domain(mem_ctx, domain, request, query_user_recv, (void *)cont, private_data); } + +/* The following uid2sid/gid2sid functions has been contributed by + * Keith Reynolds [EMAIL PROTECTED] */ + +static void winbindd_uid2sid_recv(TALLOC_CTX *mem_ctx, BOOL success, + struct winbindd_response *response, + void *c, void *private_data) +{ + void (*cont)(void *priv, BOOL succ, const char *sid) = c; + + if (!success) { + DEBUG(5, (Could not trigger uid2sid\n)); + cont(private_data, False, NULL); + return; + } + + if (response-result != WINBINDD_OK) { + DEBUG(5, (uid2sid returned an error\n)); + cont(private_data, False, NULL); + return; + } + + cont(private_data, True, response-data.sid.sid); +} + +void winbindd_uid2sid_async(TALLOC_CTX *mem_ctx, uid_t uid, + void (*cont)(void *private_data, BOOL success, const char *sid), + void *private_data) +{ + struct winbindd_request request; + + ZERO_STRUCT(request); + request.cmd = WINBINDD_DUAL_UID2SID; + request.data.uid = uid; + do_async(mem_ctx, idmap_child(), request, winbindd_uid2sid_recv, cont, private_data); +} + +enum winbindd_result winbindd_dual_uid2sid(struct winbindd_domain *domain, + struct winbindd_cli_state *state) +{ + DOM_SID sid; + NTSTATUS result; + + DEBUG(3,([%5lu]: uid to sid %lu\n, +(unsigned long)state-pid, +(unsigned long) state-request.data.uid)); + + /* Find sid for this uid and return it, possibly ask the slow remote idmap */ + result = idmap_uid_to_sid(sid, state-request.data.uid, IDMAP_FLAG_NONE); + + if (NT_STATUS_IS_OK(result)) { + sid_to_string(state-response.data.sid.sid, sid); + state-response.data.sid.type = SID_NAME_USER; + return WINBINDD_OK; + } + + return WINBINDD_ERROR; +} + +static void winbindd_gid2sid_recv(TALLOC_CTX *mem_ctx, BOOL success, + struct winbindd_response *response, + void *c, void *private_data) +{ + void (*cont)(void *priv, BOOL succ, const char *sid) = c; + + if (!success) { + DEBUG(5, (Could not trigger gid2sid\n)); + cont(private_data, False, NULL); + return; + } + + cont(private_data, True, response-data.sid.sid); +} + +void winbindd_gid2sid_async(TALLOC_CTX *mem_ctx, gid_t gid, + void (*cont)(void *private_data, BOOL success, const char *sid), + void *private_data) +{ + struct winbindd_request request; + + ZERO_STRUCT(request); + request.cmd = WINBINDD_DUAL_GID2SID; + request.data.gid = gid; + do_async(mem_ctx, idmap_child(), request, winbindd_gid2sid_recv, cont, private_data); +} + +enum winbindd_result winbindd_dual_gid2sid(struct winbindd_domain *domain, + struct winbindd_cli_state *state) +{ + DOM_SID sid; + NTSTATUS result; + + DEBUG(3,([%5lu]: gid %lu to sid\n, + (unsigned long)state-pid, + (unsigned long) state-request.data.gid)); + + /* Find sid for this gid and return it, possibly ask the slow remote idmap */ + result = idmap_gid_to_sid(sid, state-request.data.gid, IDMAP_FLAG_NONE); + + if
svn commit: samba r17460 - in branches/SAMBA_3_0/source/tdb: .
Author: vlendec Date: 2006-08-08 16:08:22 + (Tue, 08 Aug 2006) New Revision: 17460 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17460 Log: First step at fixing the build breakage with the groupmapping test. On Linux, F_RDLCK is defined to 0, for example NetBSD has it at 1. Still does not work fully though. Still investigating. This might also be interesting to Samba4. Volker Modified: branches/SAMBA_3_0/source/tdb/traverse.c Changeset: Modified: branches/SAMBA_3_0/source/tdb/traverse.c === --- branches/SAMBA_3_0/source/tdb/traverse.c2006-08-08 15:33:09 UTC (rev 17459) +++ branches/SAMBA_3_0/source/tdb/traverse.c2006-08-08 16:08:22 UTC (rev 17460) @@ -261,6 +261,7 @@ if (tdb_unlock_record(tdb, tdb-travlocks.off) != 0) return tdb_null; tdb-travlocks.off = tdb-travlocks.hash = 0; + tdb-travlocks.lock_rw = F_RDLCK; if (tdb_next_lock(tdb, tdb-travlocks, rec) = 0) return tdb_null;
svn commit: samba r17461 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jra Date: 2006-08-08 17:34:51 + (Tue, 08 Aug 2006) New Revision: 17461 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17461 Log: Ensure we never save a NULL SID mapping. || should be . Found by Whitfield school. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-08-08 16:08:22 UTC (rev 17460) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-08-08 17:34:51 UTC (rev 17461) @@ -1241,7 +1241,7 @@ status = domain-backend-name_to_sid(domain, mem_ctx, domain_name, name, sid, type); /* and save it */ - if (domain-online || !is_null_sid(sid)) { + if (domain-online !is_null_sid(sid)) { wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type); }
svn commit: samba r17462 - in branches/SAMBA_3_0/source/nsswitch: .
Author: idra Date: 2006-08-08 18:38:33 + (Tue, 08 Aug 2006) New Revision: 17462 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17462 Log: Fix a cutpaste bug that caused us to return a null SID on some error conditions Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2006-08-08 17:34:51 UTC (rev 17461) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2006-08-08 18:38:33 UTC (rev 17462) @@ -1595,6 +1595,12 @@ return; } + if (response-result != WINBINDD_OK) { + DEBUG(5, (gid2sid returned an error\n)); + cont(private_data, False, NULL); + return; + } + cont(private_data, True, response-data.sid.sid); }
svn commit: samba-docs r982 - in trunk/smbdotconf/security: .
Author: sfrench Date: 2006-08-08 19:04:38 + (Tue, 08 Aug 2006) New Revision: 982 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=982 Log: Fix multiple typos/spelling mistakes Modified: trunk/smbdotconf/security/security.xml Changeset: Modified: trunk/smbdotconf/security/security.xml === --- trunk/smbdotconf/security/security.xml 2006-08-08 12:42:43 UTC (rev 981) +++ trunk/smbdotconf/security/security.xml 2006-08-08 19:04:38 UTC (rev 982) @@ -201,13 +201,13 @@ /para noteparaThis mode of operation has -significant pitfalls, due to the fact that is activly initiates a -man-in-the-middle attack on the remote SMB server. In particular, +significant pitfalls since it is more vulnerable to +man-in-the-middle attacks and server impersonation. In particular, this mode of operation can cause significant resource consuption on the PDC, as it must maintain an active connection for the duration of the user's session. Furthermore, if this connection is lost, -there is no way to reestablish it, and futher authenticaions to the -Samba server may fail. (From a single client, till it disconnects). +there is no way to reestablish it, and futher authentications to the +Samba server may fail (from a single client, till it disconnects). /para/note noteparaFrom the client's point of
svn commit: samba r17464 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jra Date: 2006-08-08 20:35:17 + (Tue, 08 Aug 2006) New Revision: 17464 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17464 Log: Ensure we use a hash16 data type, not a string, for storing offline hashes. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-08-08 19:29:34 UTC (rev 17463) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-08-08 20:35:17 UTC (rev 17464) @@ -269,9 +269,40 @@ return ret; } -/* pull a string from a cache entry, using the supplied +/* pull a hash16 from a cache entry, using the supplied talloc context */ +static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx) +{ + uint32 len; + char *ret; + + len = centry_uint8(centry); + + if (len != 16) { + DEBUG(0,(centry corruption? hash len (%u) != 16\n, + len )); + smb_panic(centry_hash16); + } + + if (centry-len - centry-ofs 16) { + DEBUG(0,(centry corruption? needed 16 bytes, have %d\n, +centry-len - centry-ofs)); + smb_panic(centry_hash16); + } + + ret = TALLOC_ARRAY(mem_ctx, char, 16); + if (!ret) { + smb_panic(centry_hash out of memory\n); + } + memcpy(ret,centry-data + centry-ofs, 16); + centry-ofs += 16; + return ret; +} + +/* pull a sid from a cache entry, using the supplied + talloc context +*/ static BOOL centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx, DOM_SID *sid) { char *sid_string; @@ -630,6 +661,17 @@ centry-ofs += len; } +/* + push a 16 byte hash into a centry - treat as 16 byte string. + */ +static void centry_put_hash16(struct cache_entry *centry, const uint8 val[16]) +{ + centry_put_uint8(centry, 16); + centry_expand(centry, 16); + memcpy(centry-data + centry-ofs, val, 16); + centry-ofs += 16; +} + static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid) { fstring sid_string; @@ -865,7 +907,7 @@ } t = centry_time(centry); - *cached_nt_pass = (const uint8 *)centry_string(centry, mem_ctx); + *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx); #if DEBUG_PASSWORD dump_data(100, (const char *)cached_nt_pass, NT_HASH_LEN); @@ -906,7 +948,7 @@ #endif centry_put_time(centry, time(NULL)); - centry_put_string(centry, (const char *)nt_pass); + centry_put_hash16(centry, nt_pass); centry_end(centry, CRED/%s, sid_to_string(sid_string, sid)); DEBUG(10,(wcache_save_creds: %s\n, sid_string));
svn commit: samba r17465 - in branches/SAMBA_3_0/source: groupdb passdb utils
Author: vlendec Date: 2006-08-08 20:50:35 + (Tue, 08 Aug 2006) New Revision: 17465 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17465 Log: Get rid of add_initial_entry. In the two places it was called in it seemed a bit pointless to me. Volker Modified: branches/SAMBA_3_0/source/groupdb/mapping.c branches/SAMBA_3_0/source/passdb/pdb_interface.c branches/SAMBA_3_0/source/utils/net_groupmap.c Changeset: Modified: branches/SAMBA_3_0/source/groupdb/mapping.c === --- branches/SAMBA_3_0/source/groupdb/mapping.c 2006-08-08 20:35:17 UTC (rev 17464) +++ branches/SAMBA_3_0/source/groupdb/mapping.c 2006-08-08 20:50:35 UTC (rev 17465) @@ -134,31 +134,6 @@ } / -initialise first time the mapping list -/ -NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment) -{ - GROUP_MAP map; - - if(!init_group_mapping()) { - DEBUG(0,(failed to initialize group mapping\n)); - return NT_STATUS_UNSUCCESSFUL; - } - - map.gid=gid; - if (!string_to_sid(map.sid, sid)) { - DEBUG(0, (string_to_sid failed: %s, sid)); - return NT_STATUS_UNSUCCESSFUL; - } - - map.sid_name_use=sid_name_use; - fstrcpy(map.nt_name, nt_name); - fstrcpy(map.comment, comment); - - return pdb_add_group_mapping_entry(map); -} - -/ Map a unix group to a newly created mapping / NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c === --- branches/SAMBA_3_0/source/passdb/pdb_interface.c2006-08-08 20:35:17 UTC (rev 17464) +++ branches/SAMBA_3_0/source/passdb/pdb_interface.c2006-08-08 20:50:35 UTC (rev 17465) @@ -584,7 +584,7 @@ const char *name, uint32 *rid) { - DOM_SID group_sid; + GROUP_MAP map; struct group *grp; grp = getgrnam(name); @@ -611,10 +611,12 @@ } } - sid_compose(group_sid, get_global_sam_sid(), *rid); - - return add_initial_entry(grp-gr_gid, sid_string_static(group_sid), -SID_NAME_DOM_GRP, name, NULL); + map.gid = grp-gr_gid; + map.sid_name_use = SID_NAME_DOM_GRP; + sid_compose(map.sid, get_global_sam_sid(), *rid); + fstrcpy(map.nt_name, name); + map.comment[0] = '\0'; + return pdb_add_group_mapping_entry(map); } NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name, Modified: branches/SAMBA_3_0/source/utils/net_groupmap.c === --- branches/SAMBA_3_0/source/utils/net_groupmap.c 2006-08-08 20:35:17 UTC (rev 17464) +++ branches/SAMBA_3_0/source/utils/net_groupmap.c 2006-08-08 20:50:35 UTC (rev 17465) @@ -182,16 +182,12 @@ static int net_groupmap_add(int argc, const char **argv) { - DOM_SID sid; - fstring ntgroup = ; fstring unixgrp = ; fstring string_sid = ; fstring type = ; - fstring ntcomment = ; - enum SID_NAME_USE sid_type = SID_NAME_DOM_GRP; uint32 rid = 0; - gid_t gid; int i; + GROUP_MAP map; /* get the options */ for ( i=0; iargc; i++ ) { @@ -210,8 +206,8 @@ } } else if ( !StrnCaseCmp(argv[i], ntgroup, strlen(ntgroup)) ) { - fstrcpy( ntgroup, get_string_param( argv[i] ) ); - if ( !ntgroup[0] ) { + fstrcpy( map.nt_name, get_string_param( argv[i] ) ); + if ( !map.nt_name[0] ) { d_fprintf(stderr, must supply a name\n); return -1; } @@ -221,11 +217,16 @@ if ( !string_sid[0] ) { d_fprintf(stderr, must supply a SID\n); return -1; - } + } + if (!string_to_sid(map.sid, string_sid)) { + d_fprintf(stderr, %s is not a valid SID\n, + string_sid); + return -1; + } } else if (
Build status as of Wed Aug 9 00:00:01 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-08-08 00:00:03.0 + +++ /home/build/master/cache/broken_results.txt 2006-08-09 00:00:08.0 + @@ -1,18 +1,18 @@ -Build status as of Tue Aug 8 00:00:02 2006 +Build status as of Wed Aug 9 00:00:01 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 ccache 24 4 0 -distcc 24 2 0 +distcc 25 2 0 lorikeet-heimdal 0 0 0 -ppp 15 0 0 +ppp 14 0 0 rsync24 0 0 samba0 0 0 samba-docs 0 0 0 -samba4 36 22 2 -samba_3_035 6 0 +samba4 36 24 2 +samba_3_034 10 0 smb-build22 22 0 -talloc 27 10 0 -tdb 18 8 0 +talloc 27 11 0 +tdb 18 6 0
svn commit: samba-web r1026 - in trunk: . devel history
Author: deryck Date: 2006-08-09 00:14:52 + (Wed, 09 Aug 2006) New Revision: 1026 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1026 Log: Move old release announcement to history. Update latest release links through out. Modified: trunk/devel/index.html trunk/history/index.html trunk/index.html Changeset: Modified: trunk/devel/index.html === --- trunk/devel/index.html 2006-08-08 12:47:59 UTC (rev 1025) +++ trunk/devel/index.html 2006-08-09 00:14:52 UTC (rev 1026) @@ -14,8 +14,8 @@ pAs of 4 April 2004, the Samba Team converted from CVS to Subversion for maintaining the Samba source code. All current development is done in a Subversion repository. All older code is in the original CVS tree; this would include 2.2.x versions of Samba, which are no longer in active development./p -pThe latest production release is emSamba 3.0.23a/em (a -href=/samba/history/samba-3.0.23a.htmlrelease notes/a and a +pThe latest production release is emSamba 3.0.23b/em (a +href=/samba/history/samba-3.0.23b.htmlrelease notes/a and a href=/samba/download/download/a)./p pOngoing future research is being done for Samba 4.0 Modified: trunk/history/index.html === --- trunk/history/index.html2006-08-08 12:47:59 UTC (rev 1025) +++ trunk/history/index.html2006-08-09 00:14:52 UTC (rev 1026) @@ -6,8 +6,8 @@ div class=latest ul - liLatest Release mdash; a href=/samba/#latestSamba 3.0.23a/a/li - liCurrent Stable Release mdash; a href=/samba/#latestSamba 3.0.23a/a/li + liLatest Release mdash; a href=/samba/#latestSamba 3.0.23b/a/li + liCurrent Stable Release mdash; a href=/samba/#latestSamba 3.0.23b/a/li !-- Second link will point to #stable on this page when current release is a development release -- /ul /div @@ -16,7 +16,26 @@ h2Previous Release Announcments/h2 +h4a21 Jul 2006/a/h4 +p class=headlineSamba 3.0.23a Available for Download/p +pThe Samba Team is pleased to announce the general availability of Samba 3.0.23a. +This is the latest stable release of Samba. This is the version +that production Samba servers should be running for all current +bug-fixes. Please read the changes in the +a href=http://www.samba.org/samba/history/samba-3.0.23a.html;Release Notes/a +for details on new features and difference in behavior +from previous releases./p + +pThe a href=/samba/ftp/samba-3.0.23a.tar.gzSamba 3.0.23a +source code/a can be downloaded now. The a +href=/samba/ftp/samba-3.0.23a.tar.ascGnuPG +signature for the emun/emcompressed tarball/a is also +available. Precompiled packages are available in the +a href=/samba/ftp/Binary_Packages/Binary_Packages +download area/a./p + + h4a10 Jul 2006/a/h4 p class=headlineSamba 3.0.23 Available for Download/p @@ -271,35 +290,4 @@ Packages for other platforms will be available shortly./p -h4a30 Dec 2005/a/h4 -p class=headlineSamba 3.0.21a Available for Download/p - -pThis is the latest stable release of Samba. This is the version -that production Samba servers should be running for all current -bug-fixes. This release is to address a bug in the oplock code -which may cause clients to stall when multiple users are accessing -a share concurrently (a href=https://bugzilla.samba.org/bug/3349;BUG 3349/a). -Please read the a -href=/samba/history/samba-3.0.21a.htmlchanges in this release/a./p - -pThe a href=/samba/ftp/samba-3.0.21a.tar.gzSamba 3.0.21a -source code/a can be downloaded now. The a -href=/samba/ftp/samba-3.0.21a.tar.ascGnuPG -signature for the emun/emcompressed tarball/a is also available. -If you prefer to download just the diff from 3.0.21 to 3.0.21a, the -a href=/samba/ftp/patch-3.0.21-3.0.21a.diffs.gzpatch file/a -(a href=/samba/ftp/patch-3.0.21-3.0.21a.diffs.ascgpg signature/a) is also available. -The single patch for Samba 3.0.21 is available from -a href=http://www.samba.org/samba/patches/;the patches page/a. -Precompiled packages for Fedora Core 4, RedHat 9, AIX, and Solaris are available in the -a href=/samba/ftp/Binary_Packages/Binary_Packages download area/a. -Packages for other platforms will be available shortly./p - -pSamba 3.0.21a is also available via BitTorrent -(a href=http://torrent.samba.org/samba/ftp/samba-3.0.21a.tar.gz.torrent;samba-3.0.21a.tar.gz.torrent/a). -Note that when downloading via BitTorrent, you are encouraged -to verify the resulting uncompressed tarball's -a href=/samba/ftp/samba-3.0.21a.tar.ascGPG signature/a./p - - !--#include virtual=footer_history.html -- Modified: trunk/index.html === --- trunk/index.html2006-08-08 12:47:59 UTC (rev 1025) +++ trunk/index.html2006-08-09 00:14:52 UTC (rev 1026) @@ -15,7 +15,7 @@ h2Current Release/h2 -h4a name=latest7 Aug 2006/a/h4 +h4a name=latest8 Aug 2006/a/h4
svn commit: samba r17466 - in branches/SAMBA_3_0_23/source/nsswitch: .
Author: jra Date: 2006-08-09 02:21:04 + (Wed, 09 Aug 2006) New Revision: 17466 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17466 Log: Merge over winbindd critical fixes : Ensure we never save a NULL SID mapping. || should be . Found by Whitfield school. Ensure we use a hash16 data type, not a string, for storing offline hashes. Jeremy. Modified: branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c 2006-08-08 20:50:35 UTC (rev 17465) +++ branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c 2006-08-09 02:21:04 UTC (rev 17466) @@ -269,9 +269,40 @@ return ret; } -/* pull a string from a cache entry, using the supplied +/* pull a hash16 from a cache entry, using the supplied talloc context */ +static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx) +{ + uint32 len; + char *ret; + + len = centry_uint8(centry); + + if (len != 16) { + DEBUG(0,(centry corruption? hash len (%u) != 16\n, + len )); + smb_panic(centry_hash16); + } + + if (centry-len - centry-ofs 16) { + DEBUG(0,(centry corruption? needed 16 bytes, have %d\n, +centry-len - centry-ofs)); + smb_panic(centry_hash16); + } + + ret = TALLOC_ARRAY(mem_ctx, char, 16); + if (!ret) { + smb_panic(centry_hash out of memory\n); + } + memcpy(ret,centry-data + centry-ofs, 16); + centry-ofs += 16; + return ret; +} + +/* pull a sid from a cache entry, using the supplied + talloc context +*/ static BOOL centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx, DOM_SID *sid) { char *sid_string; @@ -629,6 +660,17 @@ centry-ofs += len; } +/* + push a 16 byte hash into a centry - treat as 16 byte string. + */ +static void centry_put_hash16(struct cache_entry *centry, const uint8 val[16]) +{ + centry_put_uint8(centry, 16); + centry_expand(centry, 16); + memcpy(centry-data + centry-ofs, val, 16); + centry-ofs += 16; +} + static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid) { fstring sid_string; @@ -864,7 +906,7 @@ } t = centry_time(centry); - *cached_nt_pass = (const uint8 *)centry_string(centry, mem_ctx); + *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx); #if DEBUG_PASSWORD dump_data(100, (const char *)cached_nt_pass, NT_HASH_LEN); @@ -905,7 +947,7 @@ #endif centry_put_time(centry, time(NULL)); - centry_put_string(centry, (const char *)nt_pass); + centry_put_hash16(centry, nt_pass); centry_end(centry, CRED/%s, sid_to_string(sid_string, sid)); DEBUG(10,(wcache_save_creds: %s\n, sid_string)); @@ -1240,7 +1282,7 @@ status = domain-backend-name_to_sid(domain, mem_ctx, domain_name, name, sid, type); /* and save it */ - if (domain-online || !is_null_sid(sid)) { + if (domain-online !is_null_sid(sid)) { wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type); }