date:20060808

Re: [Samba] Identically named users and groups

2006-08-08 Thread Michael Gasch


hi jerry,

i thought this would never get fixed, because i think i hit the same 
problem already last year.


[Samba] [Problem] Samba v3 Errors when group and user exists with   same 
name]

jerry said:

| i have a user called biblio and a group called biblio
| normally this is no problem under linux but samba seems to emulate
| windows behaviour indirectly.

Windows won't allow a user and groupw ith the same name.
Not much we can do about that. However, if you establish a
group mapping entry and set the ntgroup value to a
different string, things will work out ok.

so are you talking about a issue on linux side and samba or windows side 
and samba?


greez




Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Josh,

We have a Linux user and group with the same name 
(username prox, group name prox) and a Samba share

with force user = prox set. Since upgrading from Samba
3.0.21b to Samba 3.0.23a, that share no longer works.
smbclient gives the following error when connecting to
the share:

tree connect failed: NT_STATUS_NO_SUCH_USER

The Samba server logs the following error:

[2006/08/07 09:38:26, 1] auth/auth_util.c:create_token_from_username(1060)
 prox is a Domain Group, not a user

So Samba no longer likes having a user and group 
by the same name.  Is this an intentional change

in Samba 3.0.23, or is it a bug?  I don't
remember seeing anything about it in the release 
notes.


We think that we have this fixed in the current
SAMBA_3_0_RELEASE.  Would you mind testing this
and letting me know?  You can grab it from
svn://svnanon.samba.org/samba/branches/SAMBA_3_0_RELEASE
or rsync;//rsync.samba.org/ftp/unpacked/samba_3_0_release.

I'll hold 3.0.23b until I hear from you.  Thanks.






cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE11PrIR7qMdg1EfYRAjBmAKDkFM5/L1fdGKy97rbzky0y4cvb6gCgtkgM
P2F5fJqC/zMD1Ye/lJ355mU=
=Y8l/
-END PGP SIGNATURE-


--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
   49 (0)341 - 3550 374

Fax:   49 (0)341 - 3550 399

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] need to remove domain from Winbind group entries

2006-08-08 Thread Steven Rice

Hi,

I have server setup as BDC on a subnet different from
the PDC.  The BDC can auth fine against the PDC and
they can browse each other just fine.  The problem is
on Unix side of the BDC.  When I do a 'wbinfo -g' or
'getent group' each group fit the format
'DOMAIN\group_name' and the PDC does not.  This is
causing problems when synchronizing as the group perm
is being set by name, not uid.

I have configured both the PDC and BDC with the
following entries:

winbind trusted domains only = yes
winbind use default domain = yes
obey pam restrictions = Yes

Yet the domain name still show in in the groups on the
BDC.  I tired every I know but with no luck.  

What can I do to remove the domain from the group
entries on the BDC?

Thnaks!

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows Explorer hangs when clicking on a samba share

2006-08-08 Thread [EMAIL PROTECTED]


[EMAIL PROTECTED] schrieb:


Hi Miguel!

I set the debug level to 10, and nothing is really jumping out at me. 
After further investigation, I found out that samba drive comes up fine in 
Windows 2000.  The problem seems to be with Windows XP.  I can go to the 
DOS prompt and pull up files on the samba drive with no problems.  The 
hanging only occurs when I click on the samba drive in Windows Explorer on 
my XP workstation.  Do you have any ideas?


Thanks!
Tim

It seems Windows Explorer is trying to refresh (or something like this) 
the content of the Samba drive.


Try to check the Samba logs to see if there's something useful there.

Greetings.

 


Hi,
this is normal behavior of XP-Explorer if you have enabled 
pop-up-information for files and folders in XP,
if you open a share the first time, xp explorer looks in each directory 
and every file in the top level of the
share an counts the number of files and bytes in that dir to be able to 
give you this info on moving the mouse

over this file/dir.
if there are big dir's/files and/or a slow network, this may take long 
time...

christoph
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Trouble installing applications from samba share using Windows Vista

2006-08-08 Thread [EMAIL PROTECTED]


[EMAIL PROTECTED] schrieb:


I am having trouble installing applications onto a Vista machine from
a Samba 3.0.23a share.  I keep getting a Windows error telling me that
the network path could not be found after I double click setup.exe.

I can copy the files from the share to my local hard drive and install
no problem.  I can also copy them to a W2K share and install from
there no problem. So, it seems the be Samba related.

Everthing else that I have tried with Samba and Vista seems to be
working.  I can execute other programs from the share, for example.

Has anyone else noticed this problem?  And have a solution?


 


Hi,
yes i have seen this behavior from time to time on win-XP/win2k/win98, 
especialy

for older installers.
i guess it is a problem of the installer using a mix of systemcalls to 
access the files
intermixing long filenames and short ones, and confusing samba at this 
point.

AFAIR i have seen this behaviour on w2k-Server-shares too.
Christoph
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Out Of office

2006-08-08 Thread eric . vannerum


Ik ben afwezig vanaf  29/07/2006 en ik ben niet eerder terug dan
23/08/2006.

Ik ben met verlof van 31 juli tot en met 22 augustus.
Voor dringende zaken kan je mailen naar [EMAIL PROTECTED]


-
DISCLAIMER :
De personeelsleden van het agentschap doen hun best om in e-mails
betrouwbare informatie te geven. Toch kan niemand rechten doen gelden op
basis van deze inhoud. Als in de e-mail een stellingname voorkomt, is
dat niet noodzakelijk het standpunt van het agentschap. Rechtsgeldige
beslissingen of officiele standpunten worden alleen per brief toegestuurd.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] OS/2 client crash on Find Close2

2006-08-08 Thread Andreas Paulick


Andreas Taegener schrieb:


Hello,

I have just migrated an old OS/2 file server to a Linux box with Samba 
3.0.23a. Now the OS/2 clients crash from time to time. I found a way 
to reproduce/force the crash using PMMail and did some experiments.


The popuplog.os2 on the clients (Warp4 and eComStation) always names a 
sys3175 in pmshell.exe / doscall1.dll.


Using Ethereal and comparing the network traffic between a) a client 
and the Samba server and b) the same client and an OS/2 server (in 
this setup the client doesn't crash) I found at least one difference 
in the SMB protocol. It is the Find Close2 Response SMB message.


Here is the packet from the Samba server logged by Ethereal:

---START-
No. TimeSourceDestination   
Protocol Info
153 02:09:53.405713 192.168.1.223 192.168.1.1   
SMB  Find Close2 Response


Frame 153 (97 bytes on wire, 97 bytes captured)
Arrival Time: Aug  7, 2006 02:09:53.405713000
Time delta from previous packet: 0.000384000 seconds
Time since reference or first frame: 58.338749000 seconds
Frame Number: 153
Packet Length: 97 bytes
Capture Length: 97 bytes
Protocols in frame: eth:ip:tcp:nbss:smb
Ethernet II, Src: srv3.taegi.eideltown.de (00:01:af:01:a0:a2), Dst: 
Intel_3a:01:e1 (00:02:b3:3a:01:e1)

Destination: Intel_3a:01:e1 (00:02:b3:3a:01:e1)
Source: srv3.taegi.eideltown.de (00:01:af:01:a0:a2)
Type: IP (0x0800)
Frame check sequence: 0x94bcdc1f [correct]
Internet Protocol, Src: 192.168.1.223 (192.168.1.223), Dst: 
192.168.1.1 (192.168.1.1)

Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
 00.. = Differentiated Services Codepoint: Default (0x00)
 ..0. = ECN-Capable Transport (ECT): 0
 ...0 = ECN-CE: 0
Total Length: 79
Identification: 0xcd9b (52635)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xe8dc [correct]
Good: True
Bad : False
Source: 192.168.1.223 (192.168.1.223)
Destination: 192.168.1.1 (192.168.1.1)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 
1024 (1024), Seq: 45598, Ack: 1364, Len: 39

Source port: netbios-ssn (139)
Destination port: 1024 (1024)
Sequence number: 45598(relative sequence number)
Next sequence number: 45637(relative sequence number)
Acknowledgement number: 1364(relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0...  = Congestion Window Reduced (CWR): Not set
.0..  = ECN-Echo: Not set
..0.  = Urgent: Not set
...1  = Acknowledgment: Set
 1... = Push: Set
 .0.. = Reset: Not set
 ..0. = Syn: Not set
 ...0 = Fin: Not set
Window size: 5360
Checksum: 0x60fa [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 152
The RTT to ACK the segment was: 0.000384000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
 ...0 = Add 0 to length
Length: 35
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 152
Time from request: 0.000384000 seconds
SMB Command: Find Close2 (0x34)
Error Class: Success (0x00)
Reserved: 00
Error Code: No Error
Flags: 0x88
1...  = Request/Response: Message is a response to the 
client/redirector

.0..  = Notify: Notify client only on open
..0.  = Oplocks: OpLock not requested/granted
...0  = Canonicalized Pathnames: Pathnames are not 
canonicalized

 1... = Case Sensitivity: Path names are caseless
 ..0. = Receive Buffer Posted: Receive buffer has not 
been posted
 ...0 = Lock and Read: LockRead, WriteUnlock are not 
supported

Flags2: 0x0001
0...    = Unicode Strings: Strings are ASCII
.0..    = Error Code Type: Error codes are DOS 
error codes
..0.    = Execute-only Reads: Don't permit 
reads if execute-only

...0    = Dfs: Don't resolve pathnames with Dfs
 0...   = Extended Security Negotiation: 
Extended security negotiation is not supported
  .0..  = Long Names Used: Path names in 
request are not long file names
   .0.. = Security Signatures: Security 
signatures are not supported
   ..0. = Extended Attributes: Extended 
attributes are not supported
   ...1 = Long Names

Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?

2006-08-08 Thread werner maes



hello

the passdb backend no longer accepts multiple backends in a chaining 
configuration since samba 3.0.23a .


question:

will the following confi still work?

passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 ?

the idea is to use 2 ldap servers

werner


Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba 3.0.23a + ldap as PDC - should work, but why?

2006-08-08 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

éric le hénaff wrote:
 hello
 I'd recommend dropping valid users from [profiles]
 altogether.

 ah! it's interesting since the valid users line is 
 recommended in idealx's linux samba-openldap howto.
 could u explain why u'd drop it ?

I thought I did.  valid users = %U has no affect.
If you want to use one, something like valid users = +users
makes more sense.




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2IIgIR7qMdg1EfYRAqI3AJ9riTYd48I78yNQr60A6V17EPx49wCfRjOw
iBeODleP0fp0yAQBrjvl64U=
=WYRL
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?

2006-08-08 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

werner maes wrote:
 
 hello
 
 the passdb backend no longer accepts multiple backends in a chaining
 configuration since samba 3.0.23a .
 
 question:
 
 will the following confi still work?
 
 passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 ?
 
 the idea is to use 2 ldap servers

The syntax is

  passdb backend = ldapsam:ldap//ldapserver1 ldap://ldapserver2;

There's a regression in 3.0.23a that breaks the .
It has been fixed in 3.0.23b (which will be available
in the next few hours).




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2ISdIR7qMdg1EfYRAqw1AKDkdhpG6+CWA6Saoo+Y+Vwr/6xMNQCfYZNb
D/WpMfAIbegz3rAr+8cUkn8=
=tsK+
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem applying printer drivers

2006-08-08 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Wisu wrote:
 Hi all,
 
 I setting up a new BDC (192.168.2.200 - ubuntu dapper) assisting a
 PDC(192.168.1.195 - debian sarge) to manage MYDOMAIN a separate
 Building.
 
 The problem I come up with is trying to apply printer 
 drivers, I can upload the driver to \\BDC\print$ but
 when I apply the driver it returns Printer setting
 could not be saved. Access is denied
...
   use client driver = Yes
   
Don't set this if you want to store drivers on the server.


cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2IVKIR7qMdg1EfYRAtd6AJ9dJhdNrIO0TfPOW74KlKNI6GCX8QCfXCH1
NFuiaQdoxfgMji6am8rXssc=
=6JEu
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] disabling roaming profiles for some networks only

2006-08-08 Thread John Mason


What about also enabling roaming profiles, but doing folder redirection? I use 
it and so it take much less time since each machine is configured to mount 
their my documents, desktop, etc. which makes their profile large rather than 
include them in the profile.

It's included in the official samba howto, the unofficial samba howtos, etc.

-Original Message-
From: [EMAIL PROTECTED] on behalf of simo
Sent: Mon 8/7/2006 5:46 PM
To: Logan Shaw
Cc: samba@lists.samba.org
Subject: Re: [Samba] disabling roaming profiles for some networks only
 
On Mon, 2006-08-07 at 17:23 -0500, Logan Shaw wrote:
 Hey everyone.
 
 We have two offices accessing the same Samba server, which is
 a PDC and file server.  The server is located in one of the
 offices, but the other office is only connected by a relatively
 slow link (1.5 megabit/s).
 
 I'm looking for a way to turn off roaming profiles only
 for those users which are at the remote site.  (It's a tad
 inconvenient when it takes an hour or two to login due to a
 1 GB roaming profile!)  I could turn roaming profiles off for
 everyone, but we do have some users here at the same site as
 the server who don't have their own computers and could take
 advantage of roaming profiles.
 
 Obviously, I can do this by running the Group Policy editor on
 every machine at the remote site, but I'd really like something
 where this can be controlled by the server.  I know I can leave
 logon path and logon home undefined and that will turn off
 roaming profiles for everyone, but I only want to turn it off
 for users on a certain network.
 
 So, is there any way to do that?

Set the logon home and logon path explicitly in the passdb backend for
the users who need it and leave the general ones blank.
You must use either the tdbsam or ldapsam backlends to do that.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: [EMAIL PROTECTED]
http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Identically named users and groups

2006-08-08 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Michael Gasch wrote:

 i thought this would never get fixed, because i think 
 i hit the same problem already last year.
 
 jerry said:
 
 Windows won't allow a user and groupw ith the same name.
 Not much we can do about that. However, if you establish a
 group mapping entry and set the ntgroup value to a
 different string, things will work out ok.
 
 so are you talking about a issue on linux side and 
 samba or windows side and samba?

It's a variant of the same problem but has been
exacerbated by the change from string comparisons
to token based access checks for smb.conf parameters.

First there are two new domains in 3.0.23: Unix User
(S-1-22-1) and Unix Group (S-1-22-2).

There's am implied order of precedence being applied
for unqualified names in smb.conf.

* lookup the name as a user in passdb
* lookup the name as a group in passdb
* lookup the name as a user in Unix User
* lookup the name as a group in Unix Group

First match wins.






cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2IfWIR7qMdg1EfYRAqtlAJ9PpSQ5MWinpY9ypzz6GZFCO44YywCgludf
TmP3IRehGnRBAxYjC/NCHy8=
=8d3j
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?

2006-08-08 Thread [EMAIL PROTECTED]


werner maes wrote:


the passdb backend no longer accepts multiple backends in a chaining 
configuration since samba 3.0.23a .


question:

will the following confi still work?

passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 ?

the idea is to use 2 ldap servers

There are several ways to specify multiple ldap servers.

passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2

should work as failover solution - when ldap1 is down, ldap2 should be 
tried.
But i found than failed ldap1 do not make smbd to use ldap2 in my 
installation.

I have reported this problem here, but got no answer.

// Alex

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Applying security updates

2006-08-08 Thread Steve1 Boothright

Hi

A security update for samba 3.0.1 - 3.0.22 was posted on samba.org on the 
10th July. Does anyone know how to apply to update?

Everytime I click on the download link I just get the following text

Index: source/smbd/service.c
===
--- source/smbd/service.c(revision 16676)
+++ source/smbd/service.c(working copy)
@@ -763,6 +763,11 @@
 smb_panic(make_connection: PANIC ERROR. 
Called as nonroot\n);
 }
 
+if (conn_num_open()  2047) {
+*status = 
NT_STATUS_INSUFF_SERVER_RESOURCES;
+return NULL;
+}
+
 if(lp_security() != SEC_SHARE) {
 vuser = get_valid_user_struct(vuid);
 if (!vuser) {

Does anyone know how to apply the update?

Many thanks

Steve
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] inherit acls not working

2006-08-08 Thread S. J. van Harmelen

To my knowledge the 'inherit acls' option should make new files inherit
the default acls from the containing folder... Please correct me if I'm
wrong!

But when I turn this setting on, it just don't seem to work... In other
words, newly created files do not get the default acls from the
containing folder...

Please advice anyone... (running Samba 3.0.21b-1 on Debian Sarge)

=

[global]
security = ads
password server = server01
encrypt passwords = true
workgroup = workgroup
realm = DOMAIN.LOCAL
netbios name = server

log file = /var/log/samba/samba.log
log level = 2
syslog = 0

nt acl support = yes
#   map acl inherit = yes

max mux = 2048

change notify timeout = 5

idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes

[wwwroot]
comment = wwwroot
path = /usr/home/ws.old/wws01
read only = no
browsable = yes
writable = yes
dos filemode = yes
acl group control = yes
inherit acls = yes
veto oplock files = /*.mdb/*.MDB/
create mask = 0770
force create mode = 0440
directory mask = 0771
force directory mode = 0771
security mask = 0777
force security mode = 0440
directory security mask = 0777
force directory security mode = 0771




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] This list is a black hole.

2006-08-08 Thread Steven Rice

Many questions goes in,
Very few answers come out.

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] OS/2 client crash on Find Close2

2006-08-08 Thread Guenter Kukkukk

- Original Message - 
From: Jeremy Allison [EMAIL PROTECTED]
To: Andreas Taegener [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Sent: Tuesday, August 08, 2006 4:17 AM
Subject: Re: [Samba] OS/2 client crash on Find Close2

 On Mon, Aug 07, 2006 at 07:44:12PM +0200, Andreas Taegener wrote:
  Hello,

  I have just migrated an old OS/2 file server to a Linux box with Samba
  3.0.23a. Now the OS/2 clients crash from time to time. I found a way to
  reproduce/force the crash using PMMail and did some experiments.

  The popuplog.os2 on the clients (Warp4 and eComStation) always names a
  sys3175 in pmshell.exe / doscall1.dll.

  Using Ethereal and comparing the network traffic between a) a client
  and the Samba server and b) the same client and an OS/2 server (in this
  setup the client doesn't crash) I found at least one difference in the
  SMB protocol. It is the Find Close2 Response SMB message.

 Kukks - could you please investigate. Sorry, I have to delegate
 OS/2 fixes as I don't have a client setup that's easy to get
 to.

 Thanks,

 Jeremy.

Jeremy, I'll have a look at this later today.
Will drop you a note then.

Guenter

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?

2006-08-08 Thread werner maes


At 14:33 8/08/2006, Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

werner maes wrote:

 hello

 the passdb backend no longer accepts multiple backends in a chaining
 configuration since samba 3.0.23a .

 question:

 will the following confi still work?

 passdb backend = ldapsam://ldapserver1 ldapsam://ldapserver2 ?

 the idea is to use 2 ldap servers

The syntax is

  passdb backend = ldapsam:ldap//ldapserver1 ldap://ldapserver2;

There's a regression in 3.0.23a that breaks the .
It has been fixed in 3.0.23b (which will be available
in the next few hours).


thank you for the information.

anyway I still find it regrettable that multiple backends are no 
longer possible since we have our users stored in LDAP and the 
machine-accounts on the local PDC.


a colleague of mine has some serious issues with 3.0.23a, that's why 
I'm no upgrading yet.


just for information this is what he sees in his logs:

 dumping core in /usr/local/samba/var/cores/smbd
 [2006/08/08 14:16:37, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164)
   pdb_get_group_sid: Failed to find Unix account for s0163566
 [2006/08/08 14:16:37, 0] smbd/sec_ctx.c:push_sec_ctx(194)
   Security context stack overflow!
 [2006/08/08 14:16:37, 0] lib/util.c:smb_panic(1592)
   PANIC (pid 27484): Security context stack overflow!

 [2006/08/08 14:16:37, 0] lib/util.c:log_stack_trace(1699)
  BACKTRACE: 64 stack frames:
   #0 /usr/local/samba/sbin/smbd(log_stack_trace+0x22) [0x82128c6]
   #1 /usr/local/samba/sbin/smbd(smb_panic+0x6f) [0x8212766]
   #2 /usr/local/samba/sbin/smbd(push_sec_ctx+0x6b) [0x80d49ce]


Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] w2k + xp clients password change freezes the client

2006-08-08 Thread Josef Schauer

Hi.

I've a problem changing the password of the domain user directly from
the windows client by using strg+alt+del.
If I try to change the password, the client freezes for several minutes
and after this amount of time
a popup appears with this error: The DOMAIN isn't available.

In the the samba logs I see this error:

can't connect to service USERNAME

this is the GLOBAL part of my smb.conf:

[global]
workgroup = ISARLBERG
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
#   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n
*Password*changed*
username map = /etc/samba/smbusers
unix password sync = Yes
log level = 2
time server = Yes
printcap name = cups
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/groupmod -A %u %g
delete user from group script = /usr/sbin/groupmod -R %u %g
add machine script = /usr/sbin/useradd -s /bin/false -d
/var/lib/nobody %u
logon script = scripts\%U.bat
logon path = \\%L\%U\profile
logon drive = Z:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
wins support = Yes
idmap uid = 15000-2
idmap gid = 15000-2
printing = cups
print command =
lpq command = %p
lprm command =

Thx Josef
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] This list is a black hole.

2006-08-08 Thread John Mason


Seems that many questions get answered... but most to the original requestor... 
not the list. Plus, many of us watching don't know as much as the esteemed 30 
or so experts so we can only help on that which we have tried.

Are you having a problem? I'll try to answer it.



-Original Message-
From: [EMAIL PROTECTED] on behalf of Steven Rice
Sent: Tue 8/8/2006 8:12 AM
To: samba@lists.samba.org
Subject: [Samba] This list is a black hole.
 
Many questions goes in,
Very few answers come out.

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] This list is a black hole.

2006-08-08 Thread Tim Schoenfelder


It appears that way!

On 8/8/06, Steven Rice [EMAIL PROTECTED] wrote:


Many questions goes in,
Very few answers come out.

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba





--
Tim Schoenfelder
http://timschoenfelder.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] This list is a black hole.

2006-08-08 Thread tacallah

You may try posting on http://www.linuxquestions.org.  I don't know if it 
is any better than this list.

Many questions goes in,
Very few answers come out.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba 3.0.23a on AIX

2006-08-08 Thread Stephen Boyd

That seems to have fixed it.

Thank You

On Mon, 7 Aug 2006 20:06:05 -0400 (EDT), William Jojo
[EMAIL PROTECTED] wrote:



On Mon, 7 Aug 2006, Stephen Boyd wrote:

 Has anyone managed to compile Samba 3.0.23a on AIX  4.3?  I am getting
 a linker error:

 Linking libsmbclient shared library bin/libsmbclient.so ld: 0711-781
 ERROR: TOC overflow. TOC size: 72976   Maximum size: 65536
 make: 1254-004 The error code from the last command is 1.


Look at the patch for Bug #3981 I posted yesterday.


Cheers,

Bill



 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] This list is a black hole.

2006-08-08 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Steven Rice wrote:
 Many questions goes in,
 Very few answers come out.

Maybe it's the ratio of people asking questions
vs. people answering them :-)




ciao, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2J3NIR7qMdg1EfYRAnT2AJ9V+bMrQeze3efYznCuo0QO2KzAvACeIRaQ
/uHPrppfAl+i6PUvLQzvg1g=
=jKkX
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Applying security updates

2006-08-08 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Steve1 Boothright wrote:
 Hi
 
 A security update for samba 3.0.1 - 3.0.22 was 
 posted on samba.org on the  10th July. Does anyone
 know how to apply to update?

See http://www.samba.org/samba/patches/ for details.






cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2J8VIR7qMdg1EfYRAgo9AJ99wLUiaB/Txu5qXG+JRoWe9iCHWACeIbmH
gOlDWFuB8ws5HIeKJPL0D04=
=Z26Q
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Applying security updates

2006-08-08 Thread Logan Shaw


On Tue, 8 Aug 2006, Steve1 Boothright wrote:

A security update for samba 3.0.1 - 3.0.22 was posted on samba.org on the
10th July. Does anyone know how to apply to update?

Everytime I click on the download link I just get the following text

Index: source/smbd/service.c
===
--- source/smbd/service.c(revision 16676)
+++ source/smbd/service.c(working copy)
@@ -763,6 +763,11 @@
smb_panic(make_connection: PANIC ERROR.
Called as nonroot\n);
}

+if (conn_num_open()  2047) {
+*status =
NT_STATUS_INSUFF_SERVER_RESOURCES;
+return NULL;
+}
+
if(lp_security() != SEC_SHARE) {
vuser = get_valid_user_struct(vuid);
if (!vuser) {


That's a patch against the source.  Save it into a file, say
samba-patch-2006-07-10, then cd to the directory that
contains source, then type patch  samba-patch-2006-07-10
and the patch program should apply the changes to the file
source/smbd/service.c.  Then rebuild the binaries.

  - Logan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] This list is a black hole.

2006-08-08 Thread Robert Schetterer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John Mason schrieb:
 Seems that many questions get answered... but most to the original 
 requestor... not the list. Plus, many of us watching don't know as much as 
 the esteemed 30 or so experts so we can only help on that which we have 
 tried.
 
 Are you having a problem? I'll try to answer it.
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED] on behalf of Steven Rice
 Sent: Tue 8/8/2006 8:12 AM
 To: samba@lists.samba.org
 Subject: [Samba] This list is a black hole.
  
 Many questions goes in,
 Very few answers come out.
 
 __
 Do You Yahoo!?
 Tired of spam?  Yahoo! Mail has the best spam protection around 
 http://mail.yahoo.com 
Hi John, Stefan,
maybe most of the questions ar allready answered if using the mail
archive or/and read the faqs, i answered a lot in that list but i am not
willing to answer same questions every day, in comparing
to other lists , this one is very nice

- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
https://www.schetterer.com/public-gpg-robert-schetterer.key
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFE2JjZNxddAhXBw7QRAlmWAJ48Mg8G1veWeb6QYoH5sXZR+GEDEwCfdXJE
SkT2yzIaBAg5gXW5lf9jw9k=
=9tHh
-END PGP SIGNATURE-

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?

2006-08-08 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

werner,

 anyway I still find it regrettable that multiple 
 backends are no longer possible since we have our
 users stored in LDAP and the machine-accounts
 on the local PDC.

No offense, but it's too late to bring that up now.  3.0.23
was in development for 6 months.  The original thread on
this was back in February:
http://marc.theaimsgroup.com/?t=11395259651r=1w=2

This is a systemic problem with this list.  No one seems
to pay any attention until the release is done and over.

 a colleague of mine has some serious issues with 
 3.0.23a, that's why I'm no upgrading yet.
 
 just for information this is what he sees in his logs:
 
  dumping core in /usr/local/samba/var/cores/smbd
  [2006/08/08 14:16:37, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164)
pdb_get_group_sid: Failed to find Unix account for s0163566
  [2006/08/08 14:16:37, 0] smbd/sec_ctx.c:push_sec_ctx(194)
Security context stack overflow!
  [2006/08/08 14:16:37, 0] lib/util.c:smb_panic(1592)
PANIC (pid 27484): Security context stack overflow!
 
  [2006/08/08 14:16:37, 0] lib/util.c:log_stack_trace(1699)
   BACKTRACE: 64 stack frames:
#0 /usr/local/samba/sbin/smbd(log_stack_trace+0x22) [0x82128c6]
#1 /usr/local/samba/sbin/smbd(smb_panic+0x6f) [0x8212766]
#2 /usr/local/samba/sbin/smbd(push_sec_ctx+0x6b) [0x80d49ce]

Is there a bug report on this ?  It won't get fixed if we
don't know about it.  And since 3.0.23b has just been released,
it may not be fixed in that either.

Thanks.



cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2KIRIR7qMdg1EfYRAiF/AJ4rfQrfRiCtxyFKEmVpDr7VYDxFgQCgy9lZ
vD8fly1JPUSKhe515fV6ABo=
=uTyq
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] disabling roaming profiles for some networks only

2006-08-08 Thread Logan Shaw


On Tue, 8 Aug 2006, John Mason wrote:

What about also enabling roaming profiles, but doing folder redirection?
I use it and so it take much less time since each machine is configured
to mount their my documents, desktop, etc. which makes their profile
large rather than include them in the profile.


I don't think that would work so well for our environment.
The issue isn't the space used in the profile.  It's the speed
at which it can be copied over and back.  Turning folders
like the desktop into mounts from the server would prevent
slow logons, but in exchange what we'd get is files on the
desktop taking minutes to open after someone had logged in.

The pipe between the offices is about 1.5 megabit/s bandwidth
with a latency of about 70 ms, and this makes access to
files over SMB (or CIFS) really slow.  I'd *love* to improve
responsiveness of the server, but my guess is that the protocol
just doesn't deal with latency very well (most file sharing
protocols don't), so no amount of tuning is going to make a
huge difference.

Plus, of course, if you open a 10 megabyte file over a 1.5
megabit/s link, the theoretical best time you're ever going
to see is about 53 seconds.  And people do put 10 megabyte
files on their desktops.

  - Logan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] disabling roaming profiles for some networks only

2006-08-08 Thread Logan Shaw


On Mon, 7 Aug 2006, simo wrote:

On Mon, 2006-08-07 at 17:23 -0500, Logan Shaw wrote:

I'm looking for a way to turn off roaming profiles only
for those users which are at the remote site.



Set the logon home and logon path explicitly in the passdb backend for
the users who need it and leave the general ones blank.
You must use either the tdbsam or ldapsam backlends to do that.


That's an idea, but I'd really rather have it keyed off what
network they're logging in from.  It's not uncommon for users
from one office to travel to the other.  Then, they get there
and have only (say) 2 days to get whatever done while they're
traveling, and they spend the first 2 hours of their limited
time waiting for their machine to finish logging them.  It's a
bit of a nuisance.  :-)

In particular, there could even be cases where someone uses
the same user account and same machine at the local office
and at the one 1000 miles away.  This can happen when a user
takes their laptop with them.

And yeah, I can educate my users about this, but that doesn't
completely stop it from happening, because it's not the type of
thing people understand well or realize they need to remember
when they're traveling.

All in all, I guess this is more of a weakness of the design
of Windows networking than anything else.  Still, if there is
a Samba solution to the problem, I'd welcome it...

  - Logan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] This list is a black hole.

2006-08-08 Thread Craig White

On Tue, 2006-08-08 at 06:12 -0700, Steven Rice wrote:
 Many questions goes in,
 Very few answers come out.

Concise questions that narrow the scope of the problem are answered most
of the time.

Questions with large amounts of information that take a lot of time to
process and questions that demonstrate that the person hasn't spent much
time to narrow the problem or the question are likely to be passed over.

There is a treatise on how to ask questions the smart way...
http://www.catb.org/~esr/faqs/smart-questions.html

Bear in mind that this is entirely volunteer and no one is paid to solve
your problems. If you want paid support, SuSE Professional, Red Hat
Enterprise Linux and others provide SLA (Service Level Agreements) to
solve your issues.

If your question doesn't get answered in a day or two, it's likely you
need to rephrase your question, hopefully reducing the volume and
narrowing the scope with the additional information that you've been
able to gather in the interim.

Lastly, consider that just about everything is covered in the
outstanding documentation available in dead tree, html or pdf form in
the publications titled Official Samba 3 HowTo and Samba By Example
- see http://www.samba.org/samba/docs

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] This list is a black hole.

2006-08-08 Thread Dan Armbrust




Hi John, Stefan,
maybe most of the questions ar allready answered if using the mail
archive or/and read the faqs, i answered a lot in that list but i am not
willing to answer same questions every day, in comparing
to other lists , this one is very nice



Don't worry, my most recent question is with yours in the black hole. 
Although, I have read that now they think that some things can actually 
escape a black hole.  So I'm still hopeful.  But I just assumed that the 
non-response to my question meant that what I was asking wasn't possible 
with Samba, even though it seemed pretty basic.


Dan

--

Daniel Armbrust
Biomedical Informatics
Mayo Clinic Rochester
daniel.armbrust(at)mayo.edu
http://informatics.mayo.edu/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Windows Explorer hangs when clicking on a samba share

2006-08-08 Thread tacallah

FYI: I found out the problem.  When I specified the netbios name setting 
under my global section, the long delay went away.

Here is my original E-mail:
I am new to samba and Linux.  I mapped a drive from my Windows XP 
workstation to the /opt directory on the Linux box.  When I am in Windows 
Explorer and I am viewing the samba drive, I can click on any directory or 
file on that drive, and the speed is very fast (like a local drive).  If I 
click on another drive and click on the samba drive again after five 
minutes or so, my workstation hangs for about 15 seconds until the 
directories from the samba drive finally show up.  It appears to be 
authenticating my connection.  After the waiting period, all is fast 
again.  On other hand if I walk away from my desk for awhile and Window 
Explorer is already on the samba drive, there is no hanging when I return 
and click on something on the samba drive.  In short, my workstation hangs 
when initially clicking on the samba drive from Windows Explorer.  Does 
anyone have any ideas?

I have also noticed that if I go to DOS and change directory (cd), it 
comes up quickly, and I can even edit a file on the samba drive from DOS 
with no problems.  If I bring up Windows Explorer immediately after 
editing the file in DOS, my workstation hangs again.

Below is a condensed version of my smb.conf.  I have also tried adding 
SO_KEEPALIVE IPTOS_LOWDELAY to the socket options.  That did not help 
either.

[global]
  server string = Samba server 
  log file = /var/log/samba/%m.log
  max log size = 50
  security = user
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  dns proxy = no 

[opt]
  comment = opt directory
  browseable = yes
  path = /opt
  public = no
  valid users = myuserid
  writable = yes

Thanks in advance for any responses!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?

2006-08-08 Thread werner maes


At 16:39 8/08/2006, Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

werner,

 anyway I still find it regrettable that multiple
 backends are no longer possible since we have our
 users stored in LDAP and the machine-accounts
 on the local PDC.

No offense, but it's too late to bring that up now.  3.0.23
was in development for 6 months.  The original thread on
this was back in February:
http://marc.theaimsgroup.com/?t=11395259651r=1w=2

This is a systemic problem with this list.  No one seems
to pay any attention until the release is done and over.


off course you're right. but I don't think that one man could change 
this evolution.

to be honest, I've read it but forgot to reply


 a colleague of mine has some serious issues with
 3.0.23a, that's why I'm no upgrading yet.

 just for information this is what he sees in his logs:

  dumping core in /usr/local/samba/var/cores/smbd
  [2006/08/08 14:16:37, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164)
pdb_get_group_sid: Failed to find Unix account for s0163566
  [2006/08/08 14:16:37, 0] smbd/sec_ctx.c:push_sec_ctx(194)
Security context stack overflow!
  [2006/08/08 14:16:37, 0] lib/util.c:smb_panic(1592)
PANIC (pid 27484): Security context stack overflow!

  [2006/08/08 14:16:37, 0] lib/util.c:log_stack_trace(1699)
   BACKTRACE: 64 stack frames:
#0 /usr/local/samba/sbin/smbd(log_stack_trace+0x22) [0x82128c6]
#1 /usr/local/samba/sbin/smbd(smb_panic+0x6f) [0x8212766]
#2 /usr/local/samba/sbin/smbd(push_sec_ctx+0x6b) [0x80d49ce]

Is there a bug report on this ?  It won't get fixed if we
don't know about it.  And since 3.0.23b has just been released,
it may not be fixed in that either.


No, it has not been fixed in 3.0.23b. there is no bug report as far as I know.
he downgraded his server (since it was a production server) to an 
earlier version of samba.


werner


Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] need to remove domain from Winbind group entries

2006-08-08 Thread Wolfgang Ratzka

Steven Rice schrieb:
Hi,

This looks as if your BDC gets its user and group info
via winbind. As BDC it should point to the same ldap
server as the PDC (or to a replica).

Kind regards

 Hi,
 
 I have server setup as BDC on a subnet different from
 the PDC.  The BDC can auth fine against the PDC and
 they can browse each other just fine.  The problem is
 on Unix side of the BDC.  When I do a 'wbinfo -g' or
 'getent group' each group fit the format
 'DOMAIN\group_name' and the PDC does not.  This is
 causing problems when synchronizing as the group perm
 is being set by name, not uid.
 
 I have configured both the PDC and BDC with the
 following entries:
 
 winbind trusted domains only = yes
 winbind use default domain = yes
 obey pam restrictions = Yes
 
 Yet the domain name still show in in the groups on the
 BDC.  I tired every I know but with no luck.  
 
 What can I do to remove the domain from the group
 entries on the BDC?
 
 Thnaks!
 
 __
 Do You Yahoo!?
 Tired of spam?  Yahoo! Mail has the best spam protection around 
 http://mail.yahoo.com 


-- 
Wolfgang Ratzka  Phone: +49 6421 2823531  FAX: +49 6421 2826994
Uni Marburg,  HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?

2006-08-08 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

werner maes wrote:

 This is a systemic problem with this list.  No one seems
 to pay any attention until the release is done and over.
 
 off course you're right. but I don't think that one 
 man could change this evolution. to be honest, I've
 read it but forgot to reply

I understand.  Maybe it would have changed the thread
and maybe not.

I had one person that reported a bug after 3.0.23 was
released and said, I saw it in all the RCs but assumed
it would be fixed in the final release.   Funny but sad
story.


 Is there a bug report on this ?  It won't get fixed if we
 don't know about it.  And since 3.0.23b has just been 
 released, it may not be fixed in that either.
 
 No, it has not been fixed in 3.0.23b. there is no bug 
 report as far as I know. he downgraded his server (since
 it was a production server) to an earlier version of samba.

Any chance of getting a level 10 debug log from smbd
for this failure ?




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2KqRIR7qMdg1EfYRAqMCAJ4/IZZ9bkow+SupLreHDXGO/HW+cACgnFhx
wTJM8331Qtw+sWTMy8jfewI=
=cS2d
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] summer of code update?

2006-08-08 Thread cooper


Jerry,

 I was hoping to get an update on the SoC projects.  Specifically the
Administrative Logging system that Michael Krax is working on.  I am very
excited about the pospects of this for HIPAA, SOX, GLBA, etc.

Thanks,

Tom Lapp

FileEngine
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.23b Available for Download

2006-08-08 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

==
   Where does he get those wonders toys?
-- The Joker (Batman 1989)
==
Release Announcements
=

This is the latest stable release of Samba. This is the version
that production Samba servers should be running for all current
bug-fixes.  Please read the changes in this section and for the
original 3.0.23 release regarding new features and difference
in behavior from previous releases.

Common bugs fixed in 3.0.23b include:

  o Ambiguity with unqualified names in smb.conf parameters
such as force user and valid users.
  o Errors in 'net ads join' caused by bad IP address in the list
of domain controllers.
  o SMB signing errors in the client and server code.
  o Domain join failures when using smbpasswd on a Samba PDC.


Member servers, domain accounts, and smb.conf
=

Since Samba 3.0.8, it has been recommended that all domain
accounts listed in smb.conf on a member server be fully
qualified with the domain name.  This is now a requirement.
All unqualified names are assumed to be local to the Unix
host, either as part of the server's local passdb or in the
local system list of accounts (e.g. /etc/passwd or /etc/group).

The reason for this change is that smbd has transitioned from
access checks based on string comparisons to token based
authorization.  All names are resolved to a SID and then
verified against the logged on user's NT user token.  Local
names will resolve to a local SID, while qualified domain
names will resolve to the appropriate domain SID.

If the member server is not running winbindd at all, domain
accounts will be implicitly mapped to local accounts and their
tokens will be modified appropriately to reflect the local
SID and group membership.

For example, the following share will restrict access to the
domain group Linux Admins and the local group srvadmin.

[restricted]
path = /data
valid users = +DOMAIN\Linux Admins +srvadmin

Note that to restrict the [homes] share on a member server to the
owner of that directory, it is necessary to prefix the %S value
to valid users.

[global]
security = {domain,ads}
workgroup = DOM
winbind separator = +
[homes]
valid users = DOM+%S



Download Details


The uncompressed tarballs and patch files have been signed
using GnuPG (ID 157BC95E).  The source code can be
downloaded from:

http://download.samba.org/samba/ftp/

The release notes are available online at:

http://www.samba.org/samba/history/samba-3.0.23b.html

Binary packages are available at

http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

--Enjoy
The Samba Team

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2KnSIR7qMdg1EfYRAt7TAKC7K8yfOHpbD8otgHjrOC+YcNUJXACfXSL0
Nn/7BF1poOib6PXUvQCWoHs=
=6Ewu
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] disabling roaming profiles for some networks only

2006-08-08 Thread John Mason

Good point.

-Original Message-
From: [EMAIL PROTECTED] on behalf of Logan Shaw
Sent: Tue 8/8/2006 9:40 AM
To: samba@lists.samba.org
Subject: RE: [Samba] disabling roaming profiles for some networks only

On Tue, 8 Aug 2006, John Mason wrote:
 What about also enabling roaming profiles, but doing folder redirection?
 I use it and so it take much less time since each machine is configured
 to mount their my documents, desktop, etc. which makes their profile
 large rather than include them in the profile.

I don't think that would work so well for our environment.
The issue isn't the space used in the profile.  It's the speed
at which it can be copied over and back.  Turning folders
like the desktop into mounts from the server would prevent
slow logons, but in exchange what we'd get is files on the
desktop taking minutes to open after someone had logged in.

The pipe between the offices is about 1.5 megabit/s bandwidth
with a latency of about 70 ms, and this makes access to
files over SMB (or CIFS) really slow.  I'd *love* to improve
responsiveness of the server, but my guess is that the protocol
just doesn't deal with latency very well (most file sharing
protocols don't), so no amount of tuning is going to make a
huge difference.

Plus, of course, if you open a 10 megabyte file over a 1.5
megabit/s link, the theoretical best time you're ever going
to see is about 53 seconds.  And people do put 10 megabyte
files on their desktops.

   - Logan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] windows 2000/xp authentication through samba/ldap?

2006-08-08 Thread Wolfgang Ratzka

Mike schrieb:

 I run the computers in a small shop and want to change my users
 from using the local accounts on their windows boxes to a central
 account managed through ldap (openldap). I now have samba working
 with ldap and using ldap for authenticating shares as windows users
 ask for those shares to be mounted to their workstations. What I
 want is for the initial ctl-alt-del login to authenticate through
 samba to ldap. 

What you want to do is, set up a domain controller. Look at the
Chapter Making Happy Users in the Samba by Example book
available on the Samba web site. (This is not for a small shop but
covers using LDAP as a password backend.)

-- 
Wolfgang Ratzka  Phone: +49 6421 2823531  FAX: +49 6421 2826994
Uni Marburg,  HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] VFAT filesystem support vs. smbfs

2006-08-08 Thread John Mason

I'll forward your question to the list.

-Original Message-
From: [EMAIL PROTECTED] on behalf of Tim Schoenfelder
Sent: Tue 8/8/2006 10:07 AM
To: John Mason
Subject: Re: [Samba] This list is a black hole.

I'm having a problem with Samba, I cannot connect to my Win98 PC via FC5.
It seems that cifs doesn't support vfat from what I've read at the Samba
site and smbfs isn't supported in the binary that I've downloaded via Yum.
I tried googling and experimenting to make it work, I'm not sure what to do
next...

Any suggestions as to what I can do?

BTW, I posted this following email the other day:

I've read that smbfs has been depreciated for cifs for Win2k and WinXP,
however, I see that older vfat OSs such as Win98 are not supported via cifs
filesystem.

I have installed the current samba binary on Fedora Core 5 via yum and
noticed that the mount command doesn't recognize smbfs either.

I used the following syntax:
mount -t cifs //192.168.1.111/C /mnt/htpc -o user=WORKGROUP/Username,nocase
The above command entry prompted for a password

and then

yielded the following error:
mount error 112 = Host is down

BTW, smbtree finds the hostname and share, however, word on the net is that
a person has to use an ip address to make cifs work.

Using the following command:
mount -t smbfs //HTPC/C /mnt/htpc -o
user=WORKGROUP/Username,pass=password,nocase

yields the following error:
mount: unknown filesystem type 'smbfs'

smbtree sees the win98 share correctly as //HTPC/C

Does anyone know how I can mount my Win98 share with the new samba?
-- 
Tim Schoenfelder
http://timschoenfelder.com

On 8/8/06, John Mason  [EMAIL PROTECTED] wrote:

 Seems that many questions get answered... but most to the original
 requestor... not the list. Plus, many of us watching don't know as much as
 the esteemed 30 or so experts so we can only help on that which we
 have tried.

 Are you having a problem? I'll try to answer it.

 -Original Message-
 From: [EMAIL PROTECTED] on behalf of Steven
 Rice
 Sent: Tue 8/8/2006 8:12 AM
 To: samba@lists.samba.org
 Subject: [Samba] This list is a black hole.

 Many questions goes in,
 Very few answers come out.

 __
 Do You Yahoo!?
 Tired of spam?  Yahoo! Mail has the best spam protection around
 http://mail.yahoo.com
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:   https://lists.samba.org/mailman/listinfo/samba

-- 
Tim Schoenfelder
http://timschoenfelder.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [HELP] Samba 3.0.23a pam_winbind says password expired

2006-08-08 Thread Blindauer Emmanuel

I'm getting the same issue except I can't log in because login only autorise 
to get a shell after the pass change.
Any idea why PAM_WINBIND_NEW_AUTHTOK_REQD  is sent ?
(I have this problem since upgrading from 200 to 2003 (mixed mode) and 
samba-3.0.23a, using security=ads and winbind 

Emmanuel

Le mardi 1 août 2006 10:27, Michael Gasch a écrit :
 hi,

 i just do some tests with a fresh compiled samba 3.0.23a.
 trying to authenticate against PAM with pam_winbind gives:

 Aug  1 09:59:21 humevo36 pam_winbind[27853]: pam_winbind:
 pam_sm_authenticate (flags: 0x)
 Aug  1 09:59:23 humevo36 pam_winbind[27853]: Verify user `gasch'
 Aug  1 09:59:23 humevo36 pam_winbind[27853]: enabling cached login flag
 Aug  1 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' granted access
 Aug  1 09:59:23 humevo36 pam_winbind[27853]: Password has expired
 (Password was last set: 1154074953, the policy says it should expire
 here 1154074952 (now
 it's: 1154419163)
 Aug  1 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' OK
 Aug  1 09:59:23 humevo36 pam_winbind[27853]: pam_sm_acct_mgmt success
 but PAM_WINBIND_NEW_AUTHTOK_REQD is set
 Aug  1 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' needs new
 password Aug  1 09:59:27 humevo36 su: FAILED SU (to gasch) gasch on
 /dev/pts/3

 there´s no password policy on the domain controller (samba 3.0.14a,
 debian):

 [EMAIL PROTECTED]:~# pdbedit -d 0 -P maximum password age
 account policy value for maximum password age is 4294967295
 [EMAIL PROTECTED]:~# pdbedit -d 0 -P password history
 account policy value for password history is 0

 some samba-ldap attributes on PDC for user gasch:

 sambaLogonTime: 1130931254
 sambaPwdMustChange: 2147483647
 sambaPasswordHistory: sambaAcctFlags: [UX ]
 sambaKickoffTime: 1204325940
 sambaPwdCanChange: 1154074953
 sambaPwdLastSet: 1154074953

 i can provide you with a level 10 debug log of winbindd offline (700kb)
 if requested.

 btw: it worked fine with 3.0.20b RPM from SuSE.
 any ideas?

 thx in advance!


 smb.conf
 
 [global]
  workgroup = DOMAIN
  server string = Samba v3
 #   username map = /etc/samba/username.map
  time server = yes
  log level = 2
  syslog = 0
  log file = /var/log/samba/log.%m
  max log size = 1
  unix extensions = No
  printcap name = cups
  os level = 32

  interfaces = lo eth0 vmnet1 vmnet8
  bind interfaces only = yes
  wins server = 192.168.x.y
  preferred master = No
  local master = No
  domain master = No
  dns proxy = No
  panic action = /usr/share/samba/panic-action %d
  idmap backend = idmap_rid:DOMAIN=1-1
  idmap uid = 1-1
  idmap gid = 1-1
  winbind offline logon = yes
  winbind separator = '\'
  winbind enum users = No
  winbind enum groups = No
  winbind use default domain = Yes
  winbind trusted domains only = no
  winbind cache time = 60
  security = domain
  allow trusted domains = no
  template shell = /bin/bash
  template homedir = /home/%U
  invalid users = root


 pam (common-auth)
 =
 authrequiredpam_env.so
 # following also tried without arguments
 authsufficient  pam_winbind.so debug try_first_pass cached_login
 authrequiredpam_unix2.so use_first_pass
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Samba 3.0.23b RPM packages for all SUSE Linux products (was: [Samba] Samba 3.0.23b Available for Download)

2006-08-08 Thread Lars Müller

On Tue, Aug 08, 2006 at 10:12:18AM -0500, Gerald Carter wrote:
[snip]
 Binary packages are available at
 
   http://download.samba.org/samba/ftp/Binary_Packages/

RPM packages of Samba 3.0.23b for all SUSE Linux products are available
at ftp://ftp.suse.com/pub/projects/samba/3.0/ or
http://ftp.suse.com/pub/projects/samba/3.0/

Supported SUSE Linux based products are at the moment SUSE Linux 9.2,
9.3, 10.0, 10.1, UnitedLinux 1/ SUSE Linux Enterprise Server (SLES)
8, SLES 9 and 10, and factory (= the currently developed product).  For
some architectures - like ia64, ppc, s390(x) - you find a limited
releases subset.

The same packages are also available at
http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/

Please use a mirror close to your site.  A list of Samba.org mirrors is
available at http://Samba.org/  There choose a mirror at the right top
of the page.

There are also a bunch of SUSE mirrors.  A list of international mirror
sites is at
http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html
A list of mirrors in Germany is at
http://www.novell.com/products/suselinux/downloads/ftp/germ_mirrors.html

If you encounter any problem with these packages please don't blame the
Samba Team.  Instead file a bug to https://bugzilla.Samba.org/, pick
product Samba 3.0, then select 'component' Packaging and set 'assign to'
to samba-maintainers at suse dot de.  Or use http://bugzilla.Novell.com
with the same assignee instead.

For additional information - how to report bugs and which log files are
required - see http://en.openSUSE.org/Samba

Our customers, our products, our responsibility.

Have a lot of fun...

Lars - for the Novell Samba Team
-- 
Lars Müller [ˈlaː(r)z ˈmʏlɐ]
Samba Team
SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany


pgpx0TTRhQsWL.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Windows Explorer hangs when clicking on a samba share

2006-08-08 Thread Miguel Da Silva - Servicio de Informática

On Tue, 8 Aug 2006 10:57:09 -0400
[EMAIL PROTECTED] wrote:

 FYI: I found out the problem.  When I specified the netbios name setting 
 under my global section, the long delay went away.
 
 Here is my original E-mail:
 I am new to samba and Linux.  I mapped a drive from my Windows XP 
 workstation to the /opt directory on the Linux box.  When I am in Windows 
 Explorer and I am viewing the samba drive, I can click on any directory or 
 file on that drive, and the speed is very fast (like a local drive).  If I 
 click on another drive and click on the samba drive again after five 
 minutes or so, my workstation hangs for about 15 seconds until the 
 directories from the samba drive finally show up.  It appears to be 
 authenticating my connection.  After the waiting period, all is fast 
 again.  On other hand if I walk away from my desk for awhile and Window 
 Explorer is already on the samba drive, there is no hanging when I return 
 and click on something on the samba drive.  In short, my workstation hangs 
 when initially clicking on the samba drive from Windows Explorer.  Does 
 anyone have any ideas?
 
 I have also noticed that if I go to DOS and change directory (cd), it 
 comes up quickly, and I can even edit a file on the samba drive from DOS 
 with no problems.  If I bring up Windows Explorer immediately after 
 editing the file in DOS, my workstation hangs again.
 
 Below is a condensed version of my smb.conf.  I have also tried adding 
 SO_KEEPALIVE IPTOS_LOWDELAY to the socket options.  That did not help 
 either.
 
 [global]
   server string = Samba server 
   log file = /var/log/samba/%m.log
   max log size = 50
   security = user
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no 
 
 [opt]
   comment = opt directory
   browseable = yes
   path = /opt
   public = no
   valid users = myuserid
   writable = yes
 
 Thanks in advance for any responses!
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba


Is the server's hostname different from the DNS entry related with the server's 
IP number?

Greetings.

-- 
Miguel Da Silva.
Servicio de Informatica.
Facultad de Ciencias.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?

2006-08-08 Thread Mario Lipinski

Hello,

Am Dienstag, den 08.08.2006, 15:16 +0200 schrieb werner maes:
 anyway I still find it regrettable that multiple backends are no 
 longer possible since we have our users stored in LDAP and the 
 machine-accounts on the local PDC.

Have a look at http://pdbsql.sf.net
Since multiple backends are no longer supported by samba there are third
party modules available.

Mario


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SID in Explorer Owner Field using LDAP

2006-08-08 Thread Mike Branda

Hello!  I'd appreciate any help on this as I am stumped.

I have 4 servers running Samba.

The First is Acting as a PDC with roaming profile logons as well as an
LDAP server.  I am using the smbldap-tools to administer the two.

That works great.

I also have 3 other network file servers that are mapped to use LDAP
from the PDC for posix account info.  I set the smb.conf on each of them
to use LDAP for sambaSamAccount info also via below:

# Specifying ldapsam backend database

passdb backend = ldapsam:ldaps://my.pdc.servername.com
username map = /etc/samba/smbusers

# OpenLDAP stuff is defined here
###
ldap suffix = dc=my,dc=pdc,dc=servername,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap admin dn = uid=Admin,ou=Users,dc=my,dc=pdc,dc=servername,dc=com
ldap ssl = On
ldap passwd sync = Yes
idmap uid = 15-55
idmap gid = 15-55

Now the accounts can log in fine with single point LDAP user management
from all the systems posix, samba or otherwise.  The problem I am having
is the SID from the PDC box is what is used to generate the data in the
users sambaSID LDAP entry.  As a result,  The Owner field in the
Windows file Explorer is correct for the homes share from the PDC in
that it displays the workgroup\joeuser posix name.  Shares mapped from
the file servers show the long
S-1-5-21-1234567890-1234567890-1234567890-2308 (with the last four being
the rid?) where the first part is the SID from the PDC as the Owner.
Is there a way to make these display the right posix name also instead
of the long non-useful sambaSID?


Thanks!!

Mike

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba AD member server and cached credentials?

2006-08-08 Thread Hansjörg Maurer


Hi

we are using a recent samba server in an AD W2003 domain.
The AD DC's are located at the main location.
The samba member servers (file-servers) are  located at the
outside locations.

A User is able to logon to his Workstation, even if the
Domaincontroller is not available, if he has already logged on to
this workstation earlier (the clients caches the credentials).

But the client is anable to acces files on the samba server,
it the connection to the AD-DC at the main location is not available.

Is there a way that samba can cache credentials as a AD member server to,
in order to to allow the clients to access their files without 
connection to the

AD DC?

Thank you

Hansjörg

.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbfs vs. cifs on Win98

2006-08-08 Thread Gary Dale

I'm not sure is you can mount a VFAT share using cifs. Why don't you try 
it? In Win98, share something then in your /etc/fstab, create an entry 
with type as cifs.


smbfs is no longer maintained, so don't use it if you don't have to. 
NOTE that smbfs is not part of Samba. You don't need to be running Samba 
to mount smbfs or cifs shares. The packages for them are probably not 
part of Samba in your distribution, so installing Samba won't give you 
smbfs or cifs either.


There error you are getting could be because you don't have cifs 
installed. As for the ip address vs. hostname, just make sure the host 
is defined in /etc/hosts.








I've read that smbfs has been depreciated for cifs for Win2k and 
WinXP, however, I see that older vfat OSs such as Win98 are not 
supported via cifs filesystem. 

I have installed the current samba binary on Fedora Core 5 via yum and 
noticed that the mount command doesn't recognize smbfs either. 


I used the following syntax:
mount -t cifs //192.168.1.111/C /mnt/htpc -o 
user=WORKGROUP/Username,nocase

The above command entry prompted for a password

and then

yielded the following error:
mount error 112 = Host is down

BTW, smbtree finds the hostname and share, however, word on the net is 
that a person has to use an ip address to make cifs work.


Using the following command:
mount -t smbfs //HTPC/C /mnt/htpc -o 
user=WORKGROUP/Username,pass=password,nocase


yields the following error:
mount: unknown filesystem type 'smbfs'

smbtree sees the win98 share correctly as //HTPC/C

Does anyone know how I can mount my Win98 share with the new samba?
--
Tim Schoenfelder
http://timschoenfelder.com http://timschoenfelder.com/

...also included in my email to cedarlug:
however, smbtree appears to see the win98 share somewhat correctly as 
//HTPC/C via the following:
session request to 192.168.1.111 http://192.168.1.111/ failed 
(Called name not present)

session request to *SMBSERVER failed (Called name not present)
WORKGROUP
session request to 192.168.1.111 http://192.168.1.101/ failed 
(Called name not present)

session request to *SMBSERVER failed (Called name not present)
\\HTPC
cli_rpc_pipe_open: cli_nt_create failed on pipe \srvsvc to machine 
HTPC.  Error was ERRSRV - ERRerror (Non-specific error code.)
\\HTPC\IPC$ Remote Inter Process 
Communication

\\HTPC\C




On 8/8/06, *Gary Dale*  [EMAIL PROTECTED] 
mailto:[EMAIL PROTECTED] wrote:


There is an old saying that a fool can ask more questions than a wise
man can answer. :)

Posting a question on this list should be the last thing you do after
you've read the documentation, checked the howtos and searched the
archives. A lot of the questions that come up are answered there. Many
of the others would be answered if people would follow normal
debugging
procedures, such as bumping up the log levels before posting a
question.

The Samba developers answer the questions that remain. Personally, I'd
rather have them working on improving the product than answering the
same old questions time after time. That's why I throw in my $0.02
worth
when there is an issue I think I can help on.



Tim Schoenfelder wrote:
 It appears that way!

 On 8/8/06, Steven Rice  [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:

 Many questions goes in,
 Very few answers come out.

 __
 Do You Yahoo!?
 Tired of spam?  Yahoo! Mail has the best spam protection around
 http://mail.yahoo.com
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:   https://lists.samba.org/mailman/listinfo/samba







--
Tim Schoenfelder
http://timschoenfelder.com 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbfs vs. cifs on Win98

2006-08-08 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Gary Dale wrote:

 There error you are getting could be because you 
 don't have cifs installed. As for the ip address
 vs. hostname, just make sure the host is defined
 in /etc/hosts.

Just a note
According the kernel change log, cifs didn't get support
for Win9x server until 2.6.15.




cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2N6NIR7qMdg1EfYRAmptAJ90iyA9F22JlkLEDm5YYe0Y07lQNwCg8dsg
mNNAwrbawWRVAf01OceYdDc=
=ggcT
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba AD member server and cached credentials?

2006-08-08 Thread Henrik Zagerholm


Hi,
You might take a look at the new option in smb.cong called winbind  
offline logon (G)
Haven't used it myself but I think it would work :) or you have to  
wait for samba4 :)


Cheers,
Henrik
8 aug 2006 kl. 19:14 skrev Hansjörg Maurer:


Hi

we are using a recent samba server in an AD W2003 domain.
The AD DC's are located at the main location.
The samba member servers (file-servers) are  located at the
outside locations.

A User is able to logon to his Workstation, even if the
Domaincontroller is not available, if he has already logged on to
this workstation earlier (the clients caches the credentials).

But the client is anable to acces files on the samba server,
it the connection to the AD-DC at the main location is not available.

Is there a way that samba can cache credentials as a AD member  
server to,
in order to to allow the clients to access their files without  
connection to the

AD DC?

Thank you

Hansjörg

.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] printing via samba and NOT point 'n' print

2006-08-08 Thread Guido Lorenzutti

Hi people, I need to print via samba to a cups, but not with the point
'n' print feature.
I made this work on the old version of samba, 2.x.x. But in 3.x.x it
just dosen't work.
Any ideas?

Tnxs in advance.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Problems with access to share after upgrading to 3.0.23(a)

2006-08-08 Thread Nolan Garrett

Anton N. Breusov wrote:
 It appears that we are experiencing the same problem - after upgrade to
 3.0.23 I cannot access any shares on my Linux systems except for the
 home and printer shares.  My configuration has not changed since 3.0.22
 - it just stopped working.

 Have you had any luck with this problem?
 I'm contacted with Jeremy Allison, sent him directly log level 10
 log file (server side) for this connection, and waiting for reply...

 If you're having problems with a particular share, please send
 me your smb.conf - I have an idea what the problem might be.

 OK, just sent all of them. ;-)
 
 Also will try to play with *** mask/mode options in my config by
 commenting them out today later, maybe I oversecured
 some things before ;-) and only now this broke things.
 
Has there been any progress on this issue?  It's a problem to not be
able to access my shares!

Thanks!

Nolan



signature.asc
Description: OpenPGP digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Password change from win client doesn't work

2006-08-08 Thread office


Hi.

If a domain user wants to change his domain password from the windows
client, the client pc gets inaccessible for long time. After this time a
popup appears with a message like this:

Your password could not be changed. The DOMAIN is not available.

In the samba logs I get this message:

 hg-k2 (192.168.0.15) couldn't find service USERNAME

According to the example smb.conf on samba.org I have this lines in my
smb.conf:

passwd program = /usr/bin/passwd %u
passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n
*Password*changed*

Thx

Josef
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba 3.0.23a + ldap as PDC - should work, but why?

2006-08-08 Thread éric le hénaff


hello
 I'd recommend dropping valid users from [profiles]
 altogether.
ah! it's interesting since the valid users line is recommended in 
idealx's linux samba-openldap howto. could u explain why u'd drop it ?

thank you
ELH

Gerald (Jerry) Carter a écrit :

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John Mason wrote:


[profiles]
# chmod 1777 /home/%U/.msprofile
path = /home/%U/.msprofile
read only = no
profile acls = yes
create mask = 0600
directory mask = 0700
browseable = No
nt acl support = Yes
force user = %U
valid users = %U @Domain Admins


The %U in force user and valid users has no affect.
It says restrict connections to whoever is connecting
and force them to be who they already are.

I'd recommend dropping valid suers from [profiles]
altogether.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE15YWIR7qMdg1EfYRAqzvAKDxCYtNZsha0VTPHhG+JYu5KQ/YdgCgqW9a
+exNOTqTnnbKdZ9ZKAiErGE=
=rybR
-END PGP SIGNATURE-


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: inherit acls not working

2006-08-08 Thread éric le hénaff

i think your kernel needs EA (extended attributes) for acls inheritance 
to work.

regards
S. J. van Harmelen a écrit :

To my knowledge the 'inherit acls' option should make new files inherit
the default acls from the containing folder... Please correct me if I'm
wrong!

But when I turn this setting on, it just don't seem to work... In other
words, newly created files do not get the default acls from the
containing folder...

Please advice anyone... (running Samba 3.0.21b-1 on Debian Sarge)

=

[global]
security = ads
password server = server01
encrypt passwords = true
workgroup = workgroup
realm = DOMAIN.LOCAL
netbios name = server

log file = /var/log/samba/samba.log
log level = 2
syslog = 0

nt acl support = yes
#   map acl inherit = yes

max mux = 2048

change notify timeout = 5

idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes

[wwwroot]
comment = wwwroot
path = /usr/home/ws.old/wws01
read only = no
browsable = yes
writable = yes
dos filemode = yes
acl group control = yes
inherit acls = yes
veto oplock files = /*.mdb/*.MDB/
create mask = 0770
force create mode = 0440
directory mask = 0771
force directory mode = 0771
security mask = 0777
force security mode = 0440
directory security mask = 0777
force directory security mode = 0771






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Problems with access to share after upgrading to 3.0.23(a)

2006-08-08 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Nolan Garrett wrote:
 Anton N. Breusov wrote:
 It appears that we are experiencing the same problem - after upgrade to
 3.0.23 I cannot access any shares on my Linux systems except for the
 home and printer shares.  My configuration has not changed since 3.0.22
 - it just stopped working.

 Have you had any luck with this problem?
 I'm contacted with Jeremy Allison, sent him directly log level 10
 log file (server side) for this connection, and waiting for reply...
 If you're having problems with a particular share, please send
 me your smb.conf - I have an idea what the problem might be.

 OK, just sent all of them. ;-)

 Also will try to play with *** mask/mode options in my config by
 commenting them out today later, maybe I oversecured
 some things before ;-) and only now this broke things.

 Has there been any progress on this issue?  It's a problem to not be
 able to access my shares!

I'm about 80% confident this was fixed in 3.0.23b.
Please let me know the outcome of your testing.



cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2RIwIR7qMdg1EfYRAl/IAKCeOUmJUkequba0gzk4MYkTVnYTTwCdGt84
pNY53mj0AUZugB11bABh0jI=
=g/2D
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Password change from win client doesn't work

2006-08-08 Thread Gary Dale


[EMAIL PROTECTED] wrote:

Hi.

If a domain user wants to change his domain password from the windows
client, the client pc gets inaccessible for long time. After this time a
popup appears with a message like this:

Your password could not be changed. The DOMAIN is not available.

In the samba logs I get this message:

 hg-k2 (192.168.0.15) couldn't find service USERNAME

According to the example smb.conf on samba.org I have this lines in my
smb.conf:

passwd program = /usr/bin/passwd %u
passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n
*Password*changed*

Thx

Josef
  


Does the passwd chat match the password change dialogue on your server 
(* are any character(s))?  This is also case sensitive. If the dialogue 
doesn't match what is expected, you get the problem you described.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] FUTEX_WAIT 3.0.23a [Fwd: Re: amanda-2.5.0p2 hanging on smbclient with configure]

2006-08-08 Thread Gavin Henry

Would anyone have any ideas with smbclient sits at FUTEX_WAIT in below
message?

Typing:

strace smbclient -d 5

shows it sitting at:

futex(0x2bdf2dc0, FUTEX_WAIT, 2, NU.

SUSE 9.3 x86_64, Samba RPMS from main Samba site

rpm -q samba-client
samba-client-3.0.23a-0.1.34

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E [EMAIL PROTECTED]

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/


 Original Message 
Subject: Re: amanda-2.5.0p2 hanging on smbclient with configure
From:Gavin Henry [EMAIL PROTECTED]
Date:Tue, August 8, 2006 4:44 pm
To:  Paul Bijnens [EMAIL PROTECTED]
Cc:  amanda-users@amanda.org
--

quote who=Gavin Henry
 quote who=Gavin Henry
 quote who=Paul Bijnens
 On 2006-08-08 16:17, Gavin Henry wrote:

 Currently trying to compile 2.5.0p2 with:

 ./configure --with-user=amanda --with-group=disk --with-ssh-security
 --with-config=Suretec --with-changer-device=/dev/sg2
 --with-tape-device=/dev/nst0

 But configure just sits there at:

 checking for smbclient... /usr/bin/smbclient

 Same when adding --with-smbclient=/usr/bin/smbclient


 If you do not need smbclient support, then you can configure
 with  --without-smbclient  and work around this problem.

 I have tried that, and with --with-smbclient=no.

 I've been going through configure.in to see what the probs are.


 If you do need it...  then try to investigate what is blocking.
 It seems like configure is hanging in one of the next steps.

 Configure tries to find out what version of smbclient you have
 by running the command:

 smbclient '\\not.a.host.name\notashare' -U nosuchuser -N -Tx /dev/null

 Looks like it's this. It just hangs.


 Must be smbclient, as it is taking forever, even when I jsut run:

 smblcient

 with no options.

 Forget it, will debug smbclient. Nothing wrong with Amanda.

 Thanks all.

strace smbclient -d 5

show it sitting at:

futex(0x2bdf2dc0, FUTEX_WAIT, 2, NULL

Hmm.

 I just setup 2 clients on Fedora Core 5 with 2.5.0p2, and they both are
 fine.

 The server is on a SUSE 9.3 x86_64 box, that has (Is a Samba PDC too):

 free -m
  total   used   free sharedbuffers
 cached
 Mem:  3961296   3665  0 48
 154
 -/+ buffers/cache: 93   3868
 Swap: 2070  0   2070

 uname -a
 Linux nas1 2.6.14.2-smp #2 SMP Thu Nov 17 15:31:40 GMT 2005 x86_64
 x86_64
 x86_64 GNU/Linux

 df -h
 FilesystemSize  Used Avail Use% Mounted on
 /dev/sda1  73G  6.0G   67G   9% /
 tmpfs 2.0G 0  2.0G   0% /dev/shm
 /dev/sdb  6.9T  263G  6.6T   4% /storage

 lsscsi
 [0:0:0:0]diskATA  HTS541080G9SA00  MB4O  /dev/sda
 [4:0:1:0]tapeCERTANCE ULTRIUM 21775  /dev/st0
 [4:0:1:1]mediumx QUANTUM  UHDL 000E  -
 [6:0:0:0]diskArecaARC-1160-VOL#00  R001  /dev/sdb


 What happens if you run that manually?

 Hangs

 The output of that step does not appear on screen however, so it could
 be that configure is actually hanging on the step after that.

 I think it's smbclient that is the problem.


 The next step is finding out where the gzip program lives.
 Is does that by looking in several directories.
 If one of those directories happens to be mounted on a non-responsive
 NFS-server, you hang here too.

 The list of directories is:
 /bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb:/usr/bsd:/etc:/usr/etc
 /usr/local/sbin:/usr/local/bin:/usr/ccs/bin
 and the value of $PATH from the user that runs configure.

 Anything strange when trying test -e /bin/gzip?  (Try that for
 all the above dirs)

 Nope, looks fine.



 --
 Paul Bijnens, xplanation Technology ServicesTel  +32 16 397.511
 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax  +32 16 397.512
 http://www.xplanation.com/  email:  [EMAIL PROTECTED]
 ***
 * I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
 * F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
 * stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt,  abort,  hangup, *
 * PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e,  kill -1 $$,  shutdown, *
 * init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
 * ...  Are you sure?  ...   YES   ...   Phew ...   I'm out  *
 ***








-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: printing via samba and NOT point 'n' print

2006-08-08 Thread Guido Lorenzutti


Guido Lorenzutti wrote:

Hi people, I need to print via samba to a cups, but not with the point
'n' print feature.
I made this work on the old version of samba, 2.x.x. But in 3.x.x it
just dosen't work.
Any ideas?

Tnxs in advance.
  



Well, I will give to the list the answer.

stop the samba
stop the winbindd (if you have one)
delete the /var/lib/samba/ntprinters.tdb (if you have it there)
remove all of the printers share, except the:

[printers]
   comment = All Printers
   path = /tmp
   read only = No
   create mask = 0777
   guest ok = Yes
   printable = Yes
   browseable = No


Don't use the cupsaddsmb! And it will work.

Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] machine add error to samba PDC

2006-08-08 Thread Guido Lorenzutti


I don't fully understand your problem.
You can't add the machine to the domain?
Do you have a add machine script in the smb.conf? If not, do you add the 
machine manually? If so, what to the pdbedit -Lv machine_name$ tells you?





Pavan wrote:

Hi All,
 
I have setup my samba as a PDC and testparm gives me the right

result, but when I am trying to add my XP client to SAMBA I receive an
error as Logon failure: bad username or password or Username could
not be found. I am using root as the domain administrator and have
added root account using smbpasswd and can see it using pdbedit -Lv. I
can logon successfully from my windows client from run and typing
\\servername file:///\\servername .
 
Why do it complain when I am adding the machine that It cannot find the

user??? Backend is simple smbpasswd file.
 
Anyhelp is greatly appreciated.
 
Thanks,

Pavan.
  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: inherit acls not working

2006-08-08 Thread S. J. van Harmelen

Strange enough it seems the other way around?! When I mount with
user_xattr support I get an 'store_inheritable_attributes 
: Error permission denied' in my samba.log, and see that the default
acls aren't inherited.

But when I remount without user_xattr, then everything works fine and
the default acls are inherited without any errors...?!

But I do need the user_xattr for other things. So how can I get this to
work?

Sander


On di, 2006-08-08 at 15:39 +0200, éric le hénaff wrote:
 i think your kernel needs EA (extended attributes) for acls inheritance 
 to work.
 regards
 S. J. van Harmelen a écrit :
  To my knowledge the 'inherit acls' option should make new files inherit
  the default acls from the containing folder... Please correct me if I'm
  wrong!
  
  But when I turn this setting on, it just don't seem to work... In other
  words, newly created files do not get the default acls from the
  containing folder...
  
  Please advice anyone... (running Samba 3.0.21b-1 on Debian Sarge)
  
  =
  
  [global]
  security = ads
  password server = server01
  encrypt passwords = true
  workgroup = workgroup
  realm = DOMAIN.LOCAL
  netbios name = server
  
  log file = /var/log/samba/samba.log
  log level = 2
  syslog = 0
  
  nt acl support = yes
  #   map acl inherit = yes
  
  max mux = 2048
  
  change notify timeout = 5
  
  idmap uid = 1-2
  idmap gid = 1-2
  winbind enum users = yes
  winbind enum groups = yes
  winbind nested groups = yes
  winbind use default domain = yes
  
  [wwwroot]
  comment = wwwroot
  path = /usr/home/ws.old/wws01
  read only = no
  browsable = yes
  writable = yes
  dos filemode = yes
  acl group control = yes
  inherit acls = yes
  veto oplock files = /*.mdb/*.MDB/
  create mask = 0770
  force create mode = 0440
  directory mask = 0771
  force directory mode = 0771
  security mask = 0777
  force security mode = 0440
  directory security mask = 0777
  force directory security mode = 0771
  
  
  
  
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] FUTEX_WAIT 3.0.23a [Fwd: Re: amanda-2.5.0p2 hanging on smbclient with configure]

2006-08-08 Thread Volker Lendecke

On Tue, Aug 08, 2006 at 04:52:36PM +0100, Gavin Henry wrote:
 Would anyone have any ideas with smbclient sits at FUTEX_WAIT in below
 message?
 
 Typing:
 
 strace smbclient -d 5
 
 shows it sitting at:
 
 futex(0x2bdf2dc0, FUTEX_WAIT, 2, NU.

We'd need a more complete strace and a sniff of smbclient.

Volker


pgpy5TVZb6lNB.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

svn commit: samba r17451 - in branches/SAMBA_3_0/source: groupdb include passdb rpc_server utils

2006-08-08 Thread vlendec

Author: vlendec
Date: 2006-08-08 08:26:40 + (Tue, 08 Aug 2006)
New Revision: 17451

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17451

Log:
Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as an
argument.

Volker
Modified:
   branches/SAMBA_3_0/source/groupdb/mapping.c
   branches/SAMBA_3_0/source/include/passdb.h
   branches/SAMBA_3_0/source/passdb/lookup_sid.c
   branches/SAMBA_3_0/source/passdb/pdb_interface.c
   branches/SAMBA_3_0/source/passdb/pdb_ldap.c
   branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
   branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
   branches/SAMBA_3_0/source/utils/net_groupmap.c
   branches/SAMBA_3_0/source/utils/net_rpc_samsync.c
   branches/SAMBA_3_0/source/utils/net_sam.c


Changeset:
Modified: branches/SAMBA_3_0/source/groupdb/mapping.c
===
--- branches/SAMBA_3_0/source/groupdb/mapping.c 2006-08-07 20:43:06 UTC (rev 
17450)
+++ branches/SAMBA_3_0/source/groupdb/mapping.c 2006-08-08 08:26:40 UTC (rev 
17451)
@@ -220,7 +220,7 @@
  Return the sid and the type of the unix group.
 /
 
-static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
+static BOOL get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map)
 {
TDB_DATA kbuf, dbuf;
pstring key;
@@ -234,7 +234,7 @@
 
/* the key is the SID, retrieving is direct */
 
-   sid_to_string(string_sid, sid);
+   sid_to_string(string_sid, sid);
slprintf(key, sizeof(key), %s%s, GROUP_PREFIX, string_sid);
 
kbuf.dptr = key;
@@ -254,7 +254,7 @@
return False;
}

-   sid_copy(map-sid, sid);
+   sid_copy(map-sid, sid);

return True;
 }
@@ -588,7 +588,7 @@
return NT_STATUS_ACCESS_DENIED;
}
 
-   if (!get_group_map_from_sid(*alias, map))
+   if (!get_group_map_from_sid(alias, map))
return NT_STATUS_NO_SUCH_ALIAS;
 
if ( (map.sid_name_use != SID_NAME_ALIAS) 
@@ -691,7 +691,7 @@
return NT_STATUS_ACCESS_DENIED;
}
 
-   if (!get_group_map_from_sid(*alias, map))
+   if (!get_group_map_from_sid(alias, map))
return NT_STATUS_NO_SUCH_ALIAS;
 
if ( (map.sid_name_use != SID_NAME_ALIAS) 
@@ -796,7 +796,7 @@
 
 /* get a domain group from it's SID */
 
-BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
+BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map)
 {
struct group *grp;
BOOL ret;
@@ -819,12 +819,12 @@
if ( !ret ) {
uint32 rid;

-   sid_peek_rid( sid, rid );
+   sid_peek_rid( sid, rid );

if ( rid == DOMAIN_GROUP_RID_USERS ) {
fstrcpy( map-nt_name, None );
fstrcpy( map-comment, Ordinary Users );
-   sid_copy( map-sid, sid );
+   sid_copy( map-sid, sid );
map-sid_name_use = SID_NAME_DOM_GRP;

return True;
@@ -998,7 +998,7 @@
 
 
 NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
-DOM_SID sid)
+ const DOM_SID *sid)
 {
return get_group_map_from_sid(sid, map) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
@@ -1138,7 +1138,7 @@
 {
GROUP_MAP map;
 
-   if (!pdb_getgrsid(map, *sid))
+   if (!pdb_getgrsid(map, sid))
return NT_STATUS_NO_SUCH_ALIAS;
 
if ((map.sid_name_use != SID_NAME_ALIAS) 
@@ -1161,7 +1161,7 @@
 {
GROUP_MAP map;
 
-   if (!pdb_getgrsid(map, *sid))
+   if (!pdb_getgrsid(map, sid))
return NT_STATUS_NO_SUCH_ALIAS;
 
fstrcpy(map.nt_name, info-acct_name);
@@ -1285,7 +1285,7 @@
BOOL res;
 
become_root();
-   res = get_domain_group_from_sid(*sid, map);
+   res = get_domain_group_from_sid(sid, map);
unbecome_root();
 
if (!res)
@@ -1301,7 +1301,7 @@
 {
GROUP_MAP map;
 
-   if (!get_domain_group_from_sid(*sid, map))
+   if (!get_domain_group_from_sid(sid, map))
return False;
 
fstrcpy(map.nt_name, info-acct_name);

Modified: branches/SAMBA_3_0/source/include/passdb.h
===
--- branches/SAMBA_3_0/source/include/passdb.h  2006-08-07 20:43:06 UTC (rev 
17450)
+++ branches/SAMBA_3_0/source/include/passdb.h  2006-08-08 08:26:40 UTC (rev 
17451)
@@ -244,7 +244,7 @@
  * enum SID_NAME_USE rather than uint32.
  */
 
-#define PASSDB_INTERFACE_VERSION 14
+#define PASSDB_INTERFACE_VERSION 15
 
 struct pdb_methods 
 {
@@ -277,7 +277,8 @@

NTSTATUS (*update_login_attempts)(struct pdb_methods *methods, struct 
samu *sam_acct,

svn commit: samba r17453 - in branches: SAMBA_3_0/source/include SAMBA_3_0/source/rpc_client SAMBA_3_0/source/rpc_parse SAMBA_3_0/source/rpc_server SAMBA_3_0/source/rpcclient SAMBA_3_0/source/smbd SAM

2006-08-08 Thread gd

Author: gd
Date: 2006-08-08 11:00:16 + (Tue, 08 Aug 2006)
New Revision: 17453

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17453

Log:
Fix msdfs RPC management (this broke with the autogenerated dfs rpcs).

* Remove unknown from dfs_Enum (samba4 dfs IDL updates to follow).

* When encountering an unsupported infolevel the rpc server must reply
with a dfs_info_0 structure and WERR_OK (observed from w2k3 when talking
to nt4).

Guenther

Modified:
   branches/SAMBA_3_0/source/include/msdfs.h
   branches/SAMBA_3_0/source/include/rpc_dfs.h
   branches/SAMBA_3_0/source/rpc_client/cli_dfs.c
   branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c
   branches/SAMBA_3_0/source/rpc_server/srv_dfs_nt.c
   branches/SAMBA_3_0/source/rpcclient/cmd_dfs.c
   branches/SAMBA_3_0/source/smbd/msdfs.c
   branches/SAMBA_3_0_23/source/include/msdfs.h
   branches/SAMBA_3_0_23/source/include/rpc_dfs.h
   branches/SAMBA_3_0_23/source/rpc_client/cli_dfs.c
   branches/SAMBA_3_0_23/source/rpc_parse/parse_dfs.c
   branches/SAMBA_3_0_23/source/rpc_server/srv_dfs_nt.c
   branches/SAMBA_3_0_23/source/rpcclient/cmd_dfs.c
   branches/SAMBA_3_0_23/source/smbd/msdfs.c


Changeset:
Modified: branches/SAMBA_3_0/source/include/msdfs.h
===
--- branches/SAMBA_3_0/source/include/msdfs.h   2006-08-08 09:56:38 UTC (rev 
17452)
+++ branches/SAMBA_3_0/source/include/msdfs.h   2006-08-08 11:00:16 UTC (rev 
17453)
@@ -53,6 +53,7 @@
 struct junction_map {
pstring service_name;
pstring volume_name;
+   pstring comment;
int referral_count;
struct referral* referral_list;
 };

Modified: branches/SAMBA_3_0/source/include/rpc_dfs.h
===
--- branches/SAMBA_3_0/source/include/rpc_dfs.h 2006-08-08 09:56:38 UTC (rev 
17452)
+++ branches/SAMBA_3_0/source/include/rpc_dfs.h 2006-08-08 11:00:16 UTC (rev 
17453)
@@ -243,8 +243,6 @@
uint32 bufsize;
uint32 ptr0_info;
NETDFS_DFS_ENUMSTRUCT info;
-   uint32 ptr0_unknown;
-   uint32 unknown;
uint32 ptr0_total;
uint32 total;
 } NETDFS_Q_DFS_ENUM;

Modified: branches/SAMBA_3_0/source/rpc_client/cli_dfs.c
===
--- branches/SAMBA_3_0/source/rpc_client/cli_dfs.c  2006-08-08 09:56:38 UTC 
(rev 17452)
+++ branches/SAMBA_3_0/source/rpc_client/cli_dfs.c  2006-08-08 11:00:16 UTC 
(rev 17453)
@@ -142,7 +142,7 @@
return werror_to_ntstatus(r.status);
 }
 
-NTSTATUS rpccli_dfs_Enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *unknown, 
uint32 *total)
+NTSTATUS rpccli_dfs_Enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *total)
 {
prs_struct qbuf, rbuf;
NETDFS_Q_DFS_ENUM q;
@@ -153,7 +153,7 @@

/* Marshall data and send request */

-   if (!init_netdfs_q_dfs_Enum(q, level, bufsize, info, unknown, total))
+   if (!init_netdfs_q_dfs_Enum(q, level, bufsize, info, total))
return NT_STATUS_INVALID_PARAMETER;

CLI_DO_RPC(cli, mem_ctx, PI_NETDFS, DFS_ENUM,

Modified: branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c
===
--- branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c 2006-08-08 09:56:38 UTC 
(rev 17452)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c 2006-08-08 11:00:16 UTC 
(rev 17453)
@@ -1862,7 +1862,7 @@
return True;
 }
 
-BOOL init_netdfs_q_dfs_Enum(NETDFS_Q_DFS_ENUM *v, uint32 level, uint32 
bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *unknown, uint32 *total)
+BOOL init_netdfs_q_dfs_Enum(NETDFS_Q_DFS_ENUM *v, uint32 level, uint32 
bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *total)
 {
DEBUG(5,(init_netdfs_q_dfs_Enum\n));

@@ -1877,13 +1877,6 @@
v-ptr0_info = 0;
}

-   if (unknown) {
-   v-ptr0_unknown = 1;
-   v-unknown = *unknown;
-   } else {
-   v-ptr0_unknown = 0;
-   }
-   
if (total) {
v-ptr0_total = 1;
v-total = *total;
@@ -1920,17 +1913,6 @@
if (!prs_align_custom(ps, 4))
return False;

-   if (!prs_uint32(ptr0_unknown, ps, depth, v-ptr0_unknown))
-   return False;
-   
-   if (v-ptr0_unknown) {
-   if (!prs_uint32(unknown, ps, depth, v-unknown))
-   return False;
-   }
-   
-   if (!prs_align_custom(ps, 4))
-   return False;
-   
if (!prs_uint32(ptr0_total, ps, depth, v-ptr0_total))
return False;


Modified: branches/SAMBA_3_0/source/rpc_server/srv_dfs_nt.c
===
---

svn commit: samba r17454 - in branches/SAMBA_3_0/source: include rpc_client rpc_parse rpcclient

2006-08-08 Thread gd

Author: gd
Date: 2006-08-08 11:45:57 + (Tue, 08 Aug 2006)
New Revision: 17454

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17454

Log:
Adding dfs_EnumEx for rpcclient (Samba4 IDL to follow).

Guenther

Modified:
   branches/SAMBA_3_0/source/include/rpc_dfs.h
   branches/SAMBA_3_0/source/rpc_client/cli_dfs.c
   branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c
   branches/SAMBA_3_0/source/rpcclient/cmd_dfs.c


Changeset:
Modified: branches/SAMBA_3_0/source/include/rpc_dfs.h
===
--- branches/SAMBA_3_0/source/include/rpc_dfs.h 2006-08-08 11:00:16 UTC (rev 
17453)
+++ branches/SAMBA_3_0/source/include/rpc_dfs.h 2006-08-08 11:45:57 UTC (rev 
17454)
@@ -376,10 +376,21 @@
 } NETDFS_R_DFS_REMOVE2;
 
 typedef struct netdfs_q_dfs_EnumEx {
-   uint32 dummy;
+   uint32 ptr0_dfs_name;
+   UNISTR2 dfs_name;
+   uint32 level;
+   uint32 bufsize;
+   uint32 ptr0_info;
+   NETDFS_DFS_ENUMSTRUCT info;
+   uint32 ptr0_total;
+   uint32 total;
 } NETDFS_Q_DFS_ENUMEX;
 
 typedef struct netdfs_r_dfs_EnumEx {
+   uint32 ptr0_info;
+   NETDFS_DFS_ENUMSTRUCT info;
+   uint32 ptr0_total;
+   uint32 total;
WERROR status;
 } NETDFS_R_DFS_ENUMEX;
 

Modified: branches/SAMBA_3_0/source/rpc_client/cli_dfs.c
===
--- branches/SAMBA_3_0/source/rpc_client/cli_dfs.c  2006-08-08 11:00:16 UTC 
(rev 17453)
+++ branches/SAMBA_3_0/source/rpc_client/cli_dfs.c  2006-08-08 11:45:57 UTC 
(rev 17454)
@@ -576,7 +576,7 @@
return werror_to_ntstatus(r.status);
 }
 
-NTSTATUS rpccli_dfs_EnumEx(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx)
+NTSTATUS rpccli_dfs_EnumEx(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
uint32 level, uint32 bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *total, const 
char *dfs_name)
 {
prs_struct qbuf, rbuf;
NETDFS_Q_DFS_ENUMEX q;
@@ -587,7 +587,7 @@

/* Marshall data and send request */

-   if (!init_netdfs_q_dfs_EnumEx(q))
+   if (!init_netdfs_q_dfs_EnumEx(q, level, bufsize, info, total, 
dfs_name))
return NT_STATUS_INVALID_PARAMETER;

CLI_DO_RPC(cli, mem_ctx, PI_NETDFS, DFS_ENUMEX,

Modified: branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c
===
--- branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c 2006-08-08 11:00:16 UTC 
(rev 17453)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c 2006-08-08 11:45:57 UTC 
(rev 17454)
@@ -2569,10 +2569,33 @@
return True;
 }
 
-BOOL init_netdfs_q_dfs_EnumEx(NETDFS_Q_DFS_ENUMEX *v)
+BOOL init_netdfs_q_dfs_EnumEx(NETDFS_Q_DFS_ENUMEX *v, uint32 level, uint32 
bufsize, NETDFS_DFS_ENUMSTRUCT *info, uint32 *total, const char *dfs_name)
 {
DEBUG(5,(init_netdfs_q_dfs_EnumEx\n));
+
+   if (!dfs_name)
+   return False;

+   init_unistr2(v-dfs_name, dfs_name, UNI_FLAGS_NONE|UNI_STR_TERMINATE);
+
+   v-level = level;
+   
+   v-bufsize = bufsize;
+   
+   if (info) {
+   v-ptr0_info = 1;
+   v-info = *info;
+   } else {
+   v-ptr0_info = 0;
+   }
+   
+   if (total) {
+   v-ptr0_total = 1;
+   v-total = *total;
+   } else {
+   v-ptr0_total = 0;
+   }
+   
return True;
 }
 
@@ -2583,6 +2606,42 @@

prs_debug(ps, depth, desc, netdfs_io_q_dfs_EnumEx);
depth++;
+   if (!prs_align_custom(ps, 4))
+   return False;
+   
+   if (!smb_io_unistr2(dfs_name, v-dfs_name, 1, ps, depth))
+   return False;
+   
+   if (!prs_align_custom(ps, 4))
+   return False;
+   
+   if (!prs_uint32(level, ps, depth, v-level))
+   return False;
+   
+   if (!prs_uint32(bufsize, ps, depth, v-bufsize))
+   return False;
+   
+   if (!prs_uint32(ptr0_info, ps, depth, v-ptr0_info))
+   return False;
+   
+   if (v-ptr0_info) {
+   if (!netdfs_io_dfs_EnumStruct_p(info, v-info, ps, depth))
+   return False;
+   if (!netdfs_io_dfs_EnumStruct_d(info, v-info, ps, depth))
+   return False;
+   }
+   
+   if (!prs_align_custom(ps, 4))
+   return False;
+   
+   if (!prs_uint32(ptr0_total, ps, depth, v-ptr0_total))
+   return False;
+   
+   if (v-ptr0_total) {
+   if (!prs_uint32(total, ps, depth, v-total))
+   return False;
+   }
+   
return True;
 }
 
@@ -2602,10 +2661,39 @@

prs_debug(ps, depth, desc, netdfs_io_r_dfs_EnumEx);
depth++;
+   if (!prs_uint32(ptr0_info, ps, depth, v-ptr0_info))
+   return False;
+   
+   if

svn commit: samba r17455 - in tags: .

2006-08-08 Thread jerry

Author: jerry
Date: 2006-08-08 12:42:43 + (Tue, 08 Aug 2006)
New Revision: 17455

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17455

Log:
tagging 3.0.23b
Added:
   tags/release-3-0-23b/


Changeset:
Copied: tags/release-3-0-23b (from rev 17454, branches/SAMBA_3_0_RELEASE)

svn commit: samba-docs r981 - in tags: .

2006-08-08 Thread jerry

Author: jerry
Date: 2006-08-08 12:42:43 + (Tue, 08 Aug 2006)
New Revision: 981

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=981

Log:
tagging 3.0.23b
Added:
   tags/release-3-0-23b/


Changeset:
Copied: tags/release-3-0-23b (from rev 980, trunk)

svn commit: samba r17456 - in branches/SAMBA_3_0_RELEASE: .

2006-08-08 Thread jerry

Author: jerry
Date: 2006-08-08 12:43:39 + (Tue, 08 Aug 2006)
New Revision: 17456

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17456

Log:
fix typo in release notes
Modified:
   branches/SAMBA_3_0_RELEASE/WHATSNEW.txt


Changeset:
Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
===
--- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-08-08 12:42:43 UTC (rev 
17455)
+++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-08-08 12:43:39 UTC (rev 
17456)
@@ -31,7 +31,7 @@
 
 The reason for this change is that smbd has transitioned from
 access checks based on string comparisons to token based
-authorization.  All names are resolved to a SID and they verified
+authorization.  All names are resolved to a SID and then verified
 against the logged on user's NT user token.  Local names will
 resolve to a local SID, while qualified domain names will resolve
 to the appropriate domain SID.

svn commit: samba-web r1025 - in trunk: . history patches

2006-08-08 Thread jerry

Author: jerry
Date: 2006-08-08 12:47:59 + (Tue, 08 Aug 2006)
New Revision: 1025

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1025

Log:
3.0.23b release
Added:
   trunk/history/samba-3.0.23b.html
   trunk/patches/series-3.0.23b
Modified:
   trunk/header_columns.html
   trunk/index.html


Changeset:
Sorry, the patch is too large (7113 lines) to include; please use WebSVN to see 
it!
WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1025

svn commit: samba r17457 - in branches/SAMBA_3_0/source: . include lib script/tests torture

2006-08-08 Thread vlendec

Author: vlendec
Date: 2006-08-08 13:54:43 + (Tue, 08 Aug 2006)
New Revision: 17457

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17457

Log:
Add a test to do some operations on group mapping.

Volker
Added:
   branches/SAMBA_3_0/source/torture/local-groupmap.c
   branches/SAMBA_3_0/source/torture/local-multikey.c
Modified:
   branches/SAMBA_3_0/source/Makefile.in
   branches/SAMBA_3_0/source/include/smb.h
   branches/SAMBA_3_0/source/lib/tdb_multikey.c
   branches/SAMBA_3_0/source/script/tests/test_smbtorture_s3.sh
   branches/SAMBA_3_0/source/torture/torture.c


Changeset:
Sorry, the patch is too large (913 lines) to include; please use WebSVN to see 
it!
WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17457

svn commit: samba r17458 - in branches/SAMBA_3_0_23/source/sam: .

2006-08-08 Thread gd

Author: gd
Date: 2006-08-08 15:32:15 + (Tue, 08 Aug 2006)
New Revision: 17458

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17458

Log:
Fix idmap_ad.
(align with changed idmap_methods interface)

Guenther

Modified:
   branches/SAMBA_3_0_23/source/sam/idmap_ad.c


Changeset:
Modified: branches/SAMBA_3_0_23/source/sam/idmap_ad.c
===
--- branches/SAMBA_3_0_23/source/sam/idmap_ad.c 2006-08-08 13:54:43 UTC (rev 
17457)
+++ branches/SAMBA_3_0_23/source/sam/idmap_ad.c 2006-08-08 15:32:15 UTC (rev 
17458)
@@ -139,12 +139,12 @@
 }
 
 /* no op */
-static NTSTATUS ad_idmap_init(const char *uri)
+static NTSTATUS ad_idmap_init(char *uri)
 {
return NT_STATUS_OK;
 }
 
-static NTSTATUS ad_idmap_get_sid_from_id(DOM_SID *sid, unid_t unid, int 
id_type, int flags)
+static NTSTATUS ad_idmap_get_sid_from_id(DOM_SID *sid, unid_t unid, int 
id_type)
 {
ADS_STATUS rc;
NTSTATUS status = NT_STATUS_NONE_MAPPED;

svn commit: samba r17459 - in branches/SAMBA_3_0/source/nsswitch: .

2006-08-08 Thread idra

Author: idra
Date: 2006-08-08 15:33:09 + (Tue, 08 Aug 2006)
New Revision: 17459

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17459

Log:

As by Jerry's word commit this without his review.

This patch add some missing async functions to
solve UID/GID - SID requests not just out of the cache,
but down the remote idmap if necessary.

This patch solves the problem of servers not showing users/groups names
for allocated UID/GIDs when joined to a group of servers that share a
prepopulated idmap backend.

Also correctly resolve UID/GIDs to SIDs when looking ACLs from the
windows security tab on teh same situation.

Simo.


Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_async.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_group.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h
   branches/SAMBA_3_0/source/nsswitch/winbindd_sid.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_user.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2006-08-08 15:32:15 UTC 
(rev 17458)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2006-08-08 15:33:09 UTC 
(rev 17459)
@@ -1524,3 +1524,113 @@
do_async_domain(mem_ctx, domain, request, query_user_recv,
(void *)cont, private_data);
 }
+
+/* The following uid2sid/gid2sid functions has been contributed by
+ * Keith Reynolds [EMAIL PROTECTED] */
+
+static void winbindd_uid2sid_recv(TALLOC_CTX *mem_ctx, BOOL success,
+ struct winbindd_response *response,
+ void *c, void *private_data)
+{
+   void (*cont)(void *priv, BOOL succ, const char *sid) = c;
+
+   if (!success) {
+   DEBUG(5, (Could not trigger uid2sid\n));
+   cont(private_data, False, NULL);
+   return;
+   }
+
+   if (response-result != WINBINDD_OK) {
+   DEBUG(5, (uid2sid returned an error\n));
+   cont(private_data, False, NULL);
+   return;
+   }
+
+   cont(private_data, True, response-data.sid.sid);
+}
+
+void winbindd_uid2sid_async(TALLOC_CTX *mem_ctx, uid_t uid,
+   void (*cont)(void *private_data, BOOL success, 
const char *sid),
+   void *private_data)
+{
+   struct winbindd_request request;
+
+   ZERO_STRUCT(request);
+   request.cmd = WINBINDD_DUAL_UID2SID;
+   request.data.uid = uid;
+   do_async(mem_ctx, idmap_child(), request, winbindd_uid2sid_recv, cont, 
private_data);
+}
+
+enum winbindd_result winbindd_dual_uid2sid(struct winbindd_domain *domain,
+  struct winbindd_cli_state *state)
+{
+   DOM_SID sid;
+   NTSTATUS result;
+
+   DEBUG(3,([%5lu]: uid to sid %lu\n,
+(unsigned long)state-pid,
+(unsigned long) state-request.data.uid));
+
+   /* Find sid for this uid and return it, possibly ask the slow remote 
idmap */
+   result = idmap_uid_to_sid(sid, state-request.data.uid, 
IDMAP_FLAG_NONE);
+
+   if (NT_STATUS_IS_OK(result)) {
+   sid_to_string(state-response.data.sid.sid, sid);
+   state-response.data.sid.type = SID_NAME_USER;
+   return WINBINDD_OK;
+   }
+
+   return WINBINDD_ERROR;
+}
+
+static void winbindd_gid2sid_recv(TALLOC_CTX *mem_ctx, BOOL success,
+ struct winbindd_response *response,
+ void *c, void *private_data)
+{
+   void (*cont)(void *priv, BOOL succ, const char *sid) = c;
+
+   if (!success) {
+   DEBUG(5, (Could not trigger gid2sid\n));
+   cont(private_data, False, NULL);
+   return;
+   }
+
+   cont(private_data, True, response-data.sid.sid);
+}
+
+void winbindd_gid2sid_async(TALLOC_CTX *mem_ctx, gid_t gid,
+   void (*cont)(void *private_data, BOOL success, 
const char *sid),
+   void *private_data)
+{
+   struct winbindd_request request;
+
+   ZERO_STRUCT(request);
+   request.cmd = WINBINDD_DUAL_GID2SID;
+   request.data.gid = gid;
+   do_async(mem_ctx, idmap_child(), request, winbindd_gid2sid_recv, cont, 
private_data);
+}
+
+enum winbindd_result winbindd_dual_gid2sid(struct winbindd_domain *domain,
+  struct winbindd_cli_state *state)
+{
+   DOM_SID sid;
+   NTSTATUS result;
+
+   DEBUG(3,([%5lu]: gid %lu to sid\n,
+   (unsigned long)state-pid,
+   (unsigned long) state-request.data.gid));
+
+   /* Find sid for this gid and return it, possibly ask the slow remote 
idmap */
+   result = idmap_gid_to_sid(sid, state-request.data.gid, 
IDMAP_FLAG_NONE);
+
+   if

svn commit: samba r17460 - in branches/SAMBA_3_0/source/tdb: .

2006-08-08 Thread vlendec

Author: vlendec
Date: 2006-08-08 16:08:22 + (Tue, 08 Aug 2006)
New Revision: 17460

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17460

Log:
First step at fixing the build breakage with the groupmapping test. On Linux,
F_RDLCK is defined to 0, for example NetBSD has it at 1.

Still does not work fully though. Still investigating.

This might also be interesting to Samba4.

Volker
Modified:
   branches/SAMBA_3_0/source/tdb/traverse.c


Changeset:
Modified: branches/SAMBA_3_0/source/tdb/traverse.c
===
--- branches/SAMBA_3_0/source/tdb/traverse.c2006-08-08 15:33:09 UTC (rev 
17459)
+++ branches/SAMBA_3_0/source/tdb/traverse.c2006-08-08 16:08:22 UTC (rev 
17460)
@@ -261,6 +261,7 @@
if (tdb_unlock_record(tdb, tdb-travlocks.off) != 0)
return tdb_null;
tdb-travlocks.off = tdb-travlocks.hash = 0;
+   tdb-travlocks.lock_rw = F_RDLCK;
 
if (tdb_next_lock(tdb, tdb-travlocks, rec) = 0)
return tdb_null;

svn commit: samba r17461 - in branches/SAMBA_3_0/source/nsswitch: .

2006-08-08 Thread jra

Author: jra
Date: 2006-08-08 17:34:51 + (Tue, 08 Aug 2006)
New Revision: 17461

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17461

Log:
Ensure we never save a NULL SID mapping. || should be .
Found by Whitfield school.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-08-08 16:08:22 UTC 
(rev 17460)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-08-08 17:34:51 UTC 
(rev 17461)
@@ -1241,7 +1241,7 @@
status = domain-backend-name_to_sid(domain, mem_ctx, domain_name, 
name, sid, type);
 
/* and save it */
-   if (domain-online || !is_null_sid(sid)) {
+   if (domain-online  !is_null_sid(sid)) {
wcache_save_name_to_sid(domain, status, domain_name, name, sid, 
*type);
}

svn commit: samba r17462 - in branches/SAMBA_3_0/source/nsswitch: .

2006-08-08 Thread idra

Author: idra
Date: 2006-08-08 18:38:33 + (Tue, 08 Aug 2006)
New Revision: 17462

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17462

Log:

Fix a cutpaste bug that caused us to return a null SID on some error conditions


Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_async.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2006-08-08 17:34:51 UTC 
(rev 17461)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2006-08-08 18:38:33 UTC 
(rev 17462)
@@ -1595,6 +1595,12 @@
return;
}
 
+   if (response-result != WINBINDD_OK) {
+   DEBUG(5, (gid2sid returned an error\n));
+   cont(private_data, False, NULL);
+   return;
+   }
+
cont(private_data, True, response-data.sid.sid);
 }

svn commit: samba-docs r982 - in trunk/smbdotconf/security: .

2006-08-08 Thread sfrench

Author: sfrench
Date: 2006-08-08 19:04:38 + (Tue, 08 Aug 2006)
New Revision: 982

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=982

Log:
Fix multiple typos/spelling mistakes

Modified:
   trunk/smbdotconf/security/security.xml


Changeset:
Modified: trunk/smbdotconf/security/security.xml
===
--- trunk/smbdotconf/security/security.xml  2006-08-08 12:42:43 UTC (rev 
981)
+++ trunk/smbdotconf/security/security.xml  2006-08-08 19:04:38 UTC (rev 
982)
@@ -201,13 +201,13 @@
 /para
 
noteparaThis mode of operation has
-significant pitfalls, due to the fact that is activly initiates a
-man-in-the-middle attack on the remote SMB server.  In particular,
+significant pitfalls since it is more vulnerable to
+man-in-the-middle attacks and server impersonation.  In particular,
 this mode of operation can cause significant resource consuption on
 the PDC, as it must maintain an active connection for the duration
 of the user's session.  Furthermore, if this connection is lost,
-there is no way to reestablish it, and futher authenticaions to the
-Samba server may fail.  (From a single client, till it disconnects).
+there is no way to reestablish it, and futher authentications to the
+Samba server may fail (from a single client, till it disconnects).
/para/note
 
noteparaFrom the client's point of

svn commit: samba r17464 - in branches/SAMBA_3_0/source/nsswitch: .

2006-08-08 Thread jra

Author: jra
Date: 2006-08-08 20:35:17 + (Tue, 08 Aug 2006)
New Revision: 17464

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17464

Log:
Ensure we use a hash16 data type, not a string,
for storing offline hashes.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-08-08 19:29:34 UTC 
(rev 17463)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-08-08 20:35:17 UTC 
(rev 17464)
@@ -269,9 +269,40 @@
return ret;
 }
 
-/* pull a string from a cache entry, using the supplied
+/* pull a hash16 from a cache entry, using the supplied
talloc context 
 */
+static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
+{
+   uint32 len;
+   char *ret;
+
+   len = centry_uint8(centry);
+
+   if (len != 16) {
+   DEBUG(0,(centry corruption? hash len (%u) != 16\n, 
+   len ));
+   smb_panic(centry_hash16);
+   }
+
+   if (centry-len - centry-ofs  16) {
+   DEBUG(0,(centry corruption? needed 16 bytes, have %d\n, 
+centry-len - centry-ofs));
+   smb_panic(centry_hash16);
+   }
+
+   ret = TALLOC_ARRAY(mem_ctx, char, 16);
+   if (!ret) {
+   smb_panic(centry_hash out of memory\n);
+   }
+   memcpy(ret,centry-data + centry-ofs, 16);
+   centry-ofs += 16;
+   return ret;
+}
+
+/* pull a sid from a cache entry, using the supplied
+   talloc context 
+*/
 static BOOL centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx, 
DOM_SID *sid)
 {
char *sid_string;
@@ -630,6 +661,17 @@
centry-ofs += len;
 }
 
+/* 
+   push a 16 byte hash into a centry - treat as 16 byte string.
+ */
+static void centry_put_hash16(struct cache_entry *centry, const uint8 val[16])
+{
+   centry_put_uint8(centry, 16);
+   centry_expand(centry, 16);
+   memcpy(centry-data + centry-ofs, val, 16);
+   centry-ofs += 16;
+}
+
 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid) 
 {
fstring sid_string;
@@ -865,7 +907,7 @@
}
 
t = centry_time(centry);
-   *cached_nt_pass = (const uint8 *)centry_string(centry, mem_ctx);
+   *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx);
 
 #if DEBUG_PASSWORD
dump_data(100, (const char *)cached_nt_pass, NT_HASH_LEN);
@@ -906,7 +948,7 @@
 #endif
 
centry_put_time(centry, time(NULL));
-   centry_put_string(centry, (const char *)nt_pass);
+   centry_put_hash16(centry, nt_pass);
centry_end(centry, CRED/%s, sid_to_string(sid_string, sid));
 
DEBUG(10,(wcache_save_creds: %s\n, sid_string));

svn commit: samba r17465 - in branches/SAMBA_3_0/source: groupdb passdb utils

2006-08-08 Thread vlendec

Author: vlendec
Date: 2006-08-08 20:50:35 + (Tue, 08 Aug 2006)
New Revision: 17465

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17465

Log:
Get rid of add_initial_entry. In the two places it was called in it seemed a
bit pointless to me.

Volker
Modified:
   branches/SAMBA_3_0/source/groupdb/mapping.c
   branches/SAMBA_3_0/source/passdb/pdb_interface.c
   branches/SAMBA_3_0/source/utils/net_groupmap.c


Changeset:
Modified: branches/SAMBA_3_0/source/groupdb/mapping.c
===
--- branches/SAMBA_3_0/source/groupdb/mapping.c 2006-08-08 20:35:17 UTC (rev 
17464)
+++ branches/SAMBA_3_0/source/groupdb/mapping.c 2006-08-08 20:50:35 UTC (rev 
17465)
@@ -134,31 +134,6 @@
 }
 
 /
-initialise first time the mapping list
-/
-NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE 
sid_name_use, const char *nt_name, const char *comment)
-{
-   GROUP_MAP map;
-
-   if(!init_group_mapping()) {
-   DEBUG(0,(failed to initialize group mapping\n));
-   return NT_STATUS_UNSUCCESSFUL;
-   }
-   
-   map.gid=gid;
-   if (!string_to_sid(map.sid, sid)) {
-   DEBUG(0, (string_to_sid failed: %s, sid));
-   return NT_STATUS_UNSUCCESSFUL;
-   }
-   
-   map.sid_name_use=sid_name_use;
-   fstrcpy(map.nt_name, nt_name);
-   fstrcpy(map.comment, comment);
-
-   return pdb_add_group_mapping_entry(map);
-}
-
-/
  Map a unix group to a newly created mapping
 /
 NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)

Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c
===
--- branches/SAMBA_3_0/source/passdb/pdb_interface.c2006-08-08 20:35:17 UTC 
(rev 17464)
+++ branches/SAMBA_3_0/source/passdb/pdb_interface.c2006-08-08 20:50:35 UTC 
(rev 17465)
@@ -584,7 +584,7 @@
 const char *name,
 uint32 *rid)
 {
-   DOM_SID group_sid;
+   GROUP_MAP map;
struct group *grp;
 
grp = getgrnam(name);
@@ -611,10 +611,12 @@
}
}
 
-   sid_compose(group_sid, get_global_sam_sid(), *rid);
-   
-   return add_initial_entry(grp-gr_gid, sid_string_static(group_sid),
-SID_NAME_DOM_GRP, name, NULL);
+   map.gid = grp-gr_gid;
+   map.sid_name_use = SID_NAME_DOM_GRP;
+   sid_compose(map.sid, get_global_sam_sid(), *rid);
+   fstrcpy(map.nt_name, name);
+   map.comment[0] = '\0';
+   return pdb_add_group_mapping_entry(map);
 }
 
 NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name,

Modified: branches/SAMBA_3_0/source/utils/net_groupmap.c
===
--- branches/SAMBA_3_0/source/utils/net_groupmap.c  2006-08-08 20:35:17 UTC 
(rev 17464)
+++ branches/SAMBA_3_0/source/utils/net_groupmap.c  2006-08-08 20:50:35 UTC 
(rev 17465)
@@ -182,16 +182,12 @@
 
 static int net_groupmap_add(int argc, const char **argv)
 {
-   DOM_SID sid;
-   fstring ntgroup = ;
fstring unixgrp = ;
fstring string_sid = ;
fstring type = ;
-   fstring ntcomment = ;
-   enum SID_NAME_USE sid_type = SID_NAME_DOM_GRP;
uint32 rid = 0; 
-   gid_t gid;
int i;
+   GROUP_MAP map;

/* get the options */
for ( i=0; iargc; i++ ) {
@@ -210,8 +206,8 @@
}   
}
else if ( !StrnCaseCmp(argv[i], ntgroup, strlen(ntgroup)) ) 
{
-   fstrcpy( ntgroup, get_string_param( argv[i] ) );
-   if ( !ntgroup[0] ) {
+   fstrcpy( map.nt_name, get_string_param( argv[i] ) );
+   if ( !map.nt_name[0] ) {
d_fprintf(stderr, must supply a name\n);
return -1;
}   
@@ -221,11 +217,16 @@
if ( !string_sid[0] ) {
d_fprintf(stderr, must supply a SID\n);
return -1;
-   }   
+   }
+   if (!string_to_sid(map.sid, string_sid)) {
+   d_fprintf(stderr, %s is not a valid SID\n,
+ string_sid);
+   return -1;
+   }
}
else if (

Build status as of Wed Aug 9 00:00:01 2006

2006-08-08 Thread build

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2006-08-08 
00:00:03.0 +
+++ /home/build/master/cache/broken_results.txt 2006-08-09 00:00:08.0 
+
@@ -1,18 +1,18 @@
-Build status as of Tue Aug  8 00:00:02 2006
+Build status as of Wed Aug  9 00:00:01 2006
 
 Build counts:
 Tree Total  Broken Panic 
 SOC  0  0  0 
 ccache   24 4  0 
-distcc   24 2  0 
+distcc   25 2  0 
 lorikeet-heimdal 0  0  0 
-ppp  15 0  0 
+ppp  14 0  0 
 rsync24 0  0 
 samba0  0  0 
 samba-docs   0  0  0 
-samba4   36 22 2 
-samba_3_035 6  0 
+samba4   36 24 2 
+samba_3_034 10 0 
 smb-build22 22 0 
-talloc   27 10 0 
-tdb  18 8  0 
+talloc   27 11 0 
+tdb  18 6  0

svn commit: samba-web r1026 - in trunk: . devel history

2006-08-08 Thread deryck

Author: deryck
Date: 2006-08-09 00:14:52 + (Wed, 09 Aug 2006)
New Revision: 1026

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1026

Log:
Move old release announcement to history.
Update latest release links through out.


Modified:
   trunk/devel/index.html
   trunk/history/index.html
   trunk/index.html


Changeset:
Modified: trunk/devel/index.html
===
--- trunk/devel/index.html  2006-08-08 12:47:59 UTC (rev 1025)
+++ trunk/devel/index.html  2006-08-09 00:14:52 UTC (rev 1026)
@@ -14,8 +14,8 @@
 
 pAs of 4 April 2004, the Samba Team converted from CVS to Subversion for 
maintaining the Samba source code.  All current development is done in a 
Subversion repository.  All older code is in the original CVS tree; this would 
include 2.2.x versions of Samba, which are no longer in active development./p
 
-pThe latest production release is emSamba 3.0.23a/em (a
-href=/samba/history/samba-3.0.23a.htmlrelease notes/a and a
+pThe latest production release is emSamba 3.0.23b/em (a
+href=/samba/history/samba-3.0.23b.htmlrelease notes/a and a
 href=/samba/download/download/a)./p 
 
 pOngoing future research is being done for Samba 4.0

Modified: trunk/history/index.html
===
--- trunk/history/index.html2006-08-08 12:47:59 UTC (rev 1025)
+++ trunk/history/index.html2006-08-09 00:14:52 UTC (rev 1026)
@@ -6,8 +6,8 @@
 
 div class=latest 
   ul
-  liLatest Release mdash; a href=/samba/#latestSamba 3.0.23a/a/li
-  liCurrent Stable Release mdash; a href=/samba/#latestSamba 
3.0.23a/a/li 
+  liLatest Release mdash; a href=/samba/#latestSamba 3.0.23b/a/li
+  liCurrent Stable Release mdash; a href=/samba/#latestSamba 
3.0.23b/a/li 
   !-- Second link will point to #stable on this page when current release is 
a development release --
   /ul
 /div
@@ -16,7 +16,26 @@
 
 
 h2Previous Release Announcments/h2
+h4a21 Jul 2006/a/h4
+p class=headlineSamba 3.0.23a Available for Download/p
 
+pThe Samba Team is pleased to announce the general availability of Samba 
3.0.23a.
+This is the latest stable release of Samba. This is the version 
+that production Samba servers should be running for all current 
+bug-fixes.  Please read the changes in the 
+a href=http://www.samba.org/samba/history/samba-3.0.23a.html;Release 
Notes/a
+for details on new features and difference in behavior 
+from previous releases./p
+
+pThe a href=/samba/ftp/samba-3.0.23a.tar.gzSamba 3.0.23a
+source code/a can be downloaded now.  The a
+href=/samba/ftp/samba-3.0.23a.tar.ascGnuPG
+signature for the emun/emcompressed tarball/a is also 
+available.  Precompiled packages are available in the 
+a href=/samba/ftp/Binary_Packages/Binary_Packages
+download area/a./p
+
+
 h4a10 Jul 2006/a/h4
 p class=headlineSamba 3.0.23 Available for Download/p
 
@@ -271,35 +290,4 @@
 Packages for other platforms will be available shortly./p
 
 
-h4a30 Dec 2005/a/h4
-p class=headlineSamba 3.0.21a Available for Download/p
-
-pThis is the latest stable release of Samba. This is the version
-that production Samba servers should be running for all current
-bug-fixes.  This release is to address a bug in the oplock code 
-which may cause clients to stall when multiple users are accessing 
-a share concurrently (a href=https://bugzilla.samba.org/bug/3349;BUG 
3349/a).
-Please read the a 
-href=/samba/history/samba-3.0.21a.htmlchanges in this release/a./p
-
-pThe a href=/samba/ftp/samba-3.0.21a.tar.gzSamba 3.0.21a
-source code/a can be downloaded now.  The a
-href=/samba/ftp/samba-3.0.21a.tar.ascGnuPG
-signature for the emun/emcompressed tarball/a is also available.
-If you prefer to download just the diff from 3.0.21 to 3.0.21a, the 
-a href=/samba/ftp/patch-3.0.21-3.0.21a.diffs.gzpatch file/a 
-(a href=/samba/ftp/patch-3.0.21-3.0.21a.diffs.ascgpg signature/a) is 
also available.  
-The single patch for Samba 3.0.21 is available from 
-a href=http://www.samba.org/samba/patches/;the patches page/a.
-Precompiled packages for Fedora Core 4, RedHat 9, AIX, and Solaris are 
available in the
-a href=/samba/ftp/Binary_Packages/Binary_Packages download area/a.  
-Packages for other platforms will be available shortly./p
-
-pSamba 3.0.21a is also available via BitTorrent
-(a 
href=http://torrent.samba.org/samba/ftp/samba-3.0.21a.tar.gz.torrent;samba-3.0.21a.tar.gz.torrent/a).
-Note that when downloading via BitTorrent, you are encouraged
-to verify the resulting uncompressed tarball's
-a href=/samba/ftp/samba-3.0.21a.tar.ascGPG signature/a./p
-
-
 !--#include virtual=footer_history.html --

Modified: trunk/index.html
===
--- trunk/index.html2006-08-08 12:47:59 UTC (rev 1025)
+++ trunk/index.html2006-08-09 00:14:52 UTC (rev 1026)
@@ -15,7 +15,7 @@
 
 h2Current Release/h2
 
-h4a name=latest7 Aug 2006/a/h4
+h4a name=latest8 Aug 2006/a/h4

svn commit: samba r17466 - in branches/SAMBA_3_0_23/source/nsswitch: .

2006-08-08 Thread jra

Author: jra
Date: 2006-08-09 02:21:04 + (Wed, 09 Aug 2006)
New Revision: 17466

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17466

Log:
Merge over winbindd critical fixes :

Ensure we never save a NULL SID mapping. || should be .
Found by Whitfield school.

Ensure we use a hash16 data type, not a string,
for storing offline hashes.

Jeremy.

Modified:
   branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c


Changeset:
Modified: branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c
===
--- branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c  2006-08-08 
20:50:35 UTC (rev 17465)
+++ branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c  2006-08-09 
02:21:04 UTC (rev 17466)
@@ -269,9 +269,40 @@
return ret;
 }
 
-/* pull a string from a cache entry, using the supplied
+/* pull a hash16 from a cache entry, using the supplied
talloc context 
 */
+static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
+{
+   uint32 len;
+   char *ret;
+
+   len = centry_uint8(centry);
+
+   if (len != 16) {
+   DEBUG(0,(centry corruption? hash len (%u) != 16\n, 
+   len ));
+   smb_panic(centry_hash16);
+   }
+
+   if (centry-len - centry-ofs  16) {
+   DEBUG(0,(centry corruption? needed 16 bytes, have %d\n, 
+centry-len - centry-ofs));
+   smb_panic(centry_hash16);
+   }
+
+   ret = TALLOC_ARRAY(mem_ctx, char, 16);
+   if (!ret) {
+   smb_panic(centry_hash out of memory\n);
+   }
+   memcpy(ret,centry-data + centry-ofs, 16);
+   centry-ofs += 16;
+   return ret;
+}
+
+/* pull a sid from a cache entry, using the supplied
+   talloc context 
+*/
 static BOOL centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx, 
DOM_SID *sid)
 {
char *sid_string;
@@ -629,6 +660,17 @@
centry-ofs += len;
 }
 
+/* 
+   push a 16 byte hash into a centry - treat as 16 byte string.
+ */
+static void centry_put_hash16(struct cache_entry *centry, const uint8 val[16])
+{
+   centry_put_uint8(centry, 16);
+   centry_expand(centry, 16);
+   memcpy(centry-data + centry-ofs, val, 16);
+   centry-ofs += 16;
+}
+
 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid) 
 {
fstring sid_string;
@@ -864,7 +906,7 @@
}
 
t = centry_time(centry);
-   *cached_nt_pass = (const uint8 *)centry_string(centry, mem_ctx);
+   *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx);
 
 #if DEBUG_PASSWORD
dump_data(100, (const char *)cached_nt_pass, NT_HASH_LEN);
@@ -905,7 +947,7 @@
 #endif
 
centry_put_time(centry, time(NULL));
-   centry_put_string(centry, (const char *)nt_pass);
+   centry_put_hash16(centry, nt_pass);
centry_end(centry, CRED/%s, sid_to_string(sid_string, sid));
 
DEBUG(10,(wcache_save_creds: %s\n, sid_string));
@@ -1240,7 +1282,7 @@
status = domain-backend-name_to_sid(domain, mem_ctx, domain_name, 
name, sid, type);
 
/* and save it */
-   if (domain-online || !is_null_sid(sid)) {
+   if (domain-online  !is_null_sid(sid)) {
wcache_save_name_to_sid(domain, status, domain_name, name, sid, 
*type);
}

81 matches

Mail list logo