Re: [Samba] authenticating NT users with space in username?
On Tuesday 05 December 2006 02:50, poisonpill wrote: I know it's ridiculous, but I have a userbase where every username has a space in it. IE: temp user. Is it possible to use samba to authenticate these users? So far I have been able to accept usernames without spaces flawlessly, but not the ones with spaces. When you'd include it in smb.conf, try: allow users = User with spaces, user_without_spaces, @Group with spaces, @Group_without_spaces -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton OOO ACK telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to set servicePrincipalNames error
On Wednesday 06 December 2006 09:53, Jason Haar wrote: I am trying to add a (CentOS4.4) Samba-3.0.23d server to a AD Win2K3 domain and the following error occurs # /usr/kerberos/bin/kinit [EMAIL PROTECTED] # net join Using short domain name -- SUBDOM Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Disabled account for 'SAMBA-4BCA' in realm 'SUBDOM.DOMAIN' ADS join did not work, falling back to RPC... Unable to find a suitable server Unable to find a suitable server I had have this ugly trap some days ago. As workaround you can join in DCE-RPC mode: net rpc join -U administrator -w DOMAIN (here DOMAIN - is Pre-Windows 2000 domain name!) and next testjoin: net ads testjoin Join is OK :-) Probably, your hostname is not equal your AD full name (i.e. box.hostname.com but AD named hostname.org). Today I'll put a big pile of debug messages to trace problem in source (it is net_ads.c in utils) and try to reach 'natural' solve... -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton OOO ACK telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Incorrect pointers arithmetic in the PRINTER_ENUM_VALUES structure when calling Samba.
On Tue, Dec 05, 2006 at 10:12:42PM +0100, Slava Leizerovich (vleizero) wrote: I try to use Win32API EnumPrinterDataEx to get registry key's values and data from Samba print server (of course I previously connect to the print queue and retrieve keys by EnumPrinterKey). During the function execution (EnumPrinterDataEx) I collect ethereal trace to verify correct data is sent on wire and that Ethereal can correctly represent that info. Can you please send the real trace file, not some text dump? Thanks, Volker pgpnk5lH4Qnvc.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba as file server with more than one account server
Hi, Is it possible to have a samba storage cluster attached to more than one domain? Maybe a virtual server were each viritual server runs different daemons and smb.conf files? Is this possible, and would it be to complicated to manage? Peter Nyberg Institutionen för Biokemi och Biofysik (DBB) Sv.Arrhenius vägen 12 106 91 Stockholm Tel: 08-16 24 69 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd_audit: log_success() failed to get vfs_handle-data!
On Mon, Dec 04, 2006 at 10:17:48PM +0200, Dmitry Panoff wrote: Well, full log of simple creation of one folder and changing ACLs on it is for about 4Mb of text, so I've selected only intresting things (on my point of view =) ). But, IMHO, this log gives nothing intresting... I have test machine, also running freebsd-5.3, samba-3.0.23d and it has same samba config as on working servers. It has share, named ports, which is located in /usr/ports/distfiles/1. Here folder 123 was created, file 2.8.5rel.3.patch.gz was copied, and then ACLs on 123 was changed. Hmmm. Tried to reproduce that message, but failed. I could successfully set an acl here without that message. Without being able to see it live it here it's a bit difficult to fix it, sorry. Volker pgpDKF0J1R2B0.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Incorrect pointers arithmetic in the PRINTER_ENUM_VALUES structure when calling Samba.
I sent you the data on the separate mail. Just to explain myself a bit more: I can see in the trace all relevant data, but once it processed by windows EnumPrinterDataEx, the resulting buffer (I inspect its contents in the MSDEV debugger) contains actual offset values for the pointers variables instead of correct memory addresses. If I do the pointers calculations by myself, the relevant data is in place and valid in the buffer. -Original Message- From: Volker Lendecke [mailto:[EMAIL PROTECTED] On Behalf Of Volker Lendecke Sent: Wednesday, December 06, 2006 11:19 AM To: Slava Leizerovich (vleizero) Cc: samba@lists.samba.org Subject: Re: [Samba] Incorrect pointers arithmetic in the PRINTER_ENUM_VALUES structure when calling Samba. On Tue, Dec 05, 2006 at 10:12:42PM +0100, Slava Leizerovich (vleizero) wrote: I try to use Win32API EnumPrinterDataEx to get registry key's values and data from Samba print server (of course I previously connect to the print queue and retrieve keys by EnumPrinterKey). During the function execution (EnumPrinterDataEx) I collect ethereal trace to verify correct data is sent on wire and that Ethereal can correctly represent that info. Can you please send the real trace file, not some text dump? Thanks, Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Incorrect pointers arithmetic in the PRINTER_ENUM_VALUES structure when calling Samba.
On Wed, Dec 06, 2006 at 11:56:12AM +0100, Slava Leizerovich (vleizero) wrote: Just to explain myself a bit more: I can see in the trace all relevant data, but once it processed by windows EnumPrinterDataEx, the resulting buffer (I inspect its contents in the MSDEV debugger) contains actual offset values for the pointers variables instead of correct memory addresses. If I do the pointers calculations by myself, the relevant data is in place and valid in the buffer. Ok, I'll have to delegate this to Jerry (sorry), this is a bit beyond me at this moment. Jerry, I can send you the capture and screenshots if you need it. Volker pgp6OS5ZKWwVN.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem authenticating user from trusted domain
Hi all, i have a samba-server in domain named WW300 and a user from domain WW002 tries to connect to one of my shares but fail. so i switched on logging and looked what happens: [2006/12/06 10:51:38, 5, pid=14054, effective(0, 0), real(0, 0)] auth/auth_util.c:make_user_info_map(225) make_user_info_map: Mapping user [WW002]\[E0420300] from workstation [E042017C] [2006/12/06 10:51:38, 5, pid=14054, effective(0, 0), real(0, 0)] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain WW002 found. [2006/12/06 10:51:38, 5, pid=14054, effective(0, 0), real(0, 0)] auth/auth_util.c:make_user_info(133) attempting to make a user_info for E0420300 (E0420300) [2006/12/06 10:51:38, 5, pid=14054, effective(0, 0), real(0, 0)] auth/auth_util.c:make_user_info(143) making strings for E0420300's user_info struct [2006/12/06 10:51:38, 5, pid=14054, effective(0, 0), real(0, 0)] auth/auth_util.c:make_user_info(185) making blobs for E0420300's user_info struct [2006/12/06 10:51:38, 3, pid=14054, effective(0, 0), real(0, 0)] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2006/12/06 10:51:38, 3, pid=14054, effective(0, 0), real(0, 0)] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2006/12/06 10:51:38, 5, pid=14054, effective(0, 0), real(0, 0)] lib/util.c:dump_data(1977) [000] 29 FB 09 D0 A0 5C 97 40 )\.@ [2006/12/06 10:51:38, 8, pid=14054, effective(0, 0), real(0, 0)] lib/util.c:is_myname(1797) is_myname(WW300) returns 0 [2006/12/06 10:51:38, 6, pid=14054, effective(0, 0), real(0, 0)] auth/auth_sam.c:check_samstrict_security(358) check_samstrict_security: WW300 is not one of my local names (ROLE_DOMAIN_MEMBER) [2006/12/06 10:51:38, 3, pid=14054, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/12/06 10:51:38, 3, pid=14054, effective(0, 0), real(0, 0)] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/12/06 10:51:38, 3, pid=14054, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/12/06 10:51:38, 5, pid=14054, effective(0, 0), real(0, 0)] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2006/12/06 10:51:38, 5, pid=14054, effective(0, 0), real(0, 0)] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/12/06 10:51:38, 3, pid=14054, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/12/06 10:51:38, 5, pid=14054, effective(0, 0), real(0, 0)] auth/auth.c:check_ntlm_password(271) check_ntlm_password: winbind authentication for user [E0420300] FAILED with error NT_STATUS_NO_SUCH_USER [2006/12/06 10:51:38, 2, pid=14054, effective(0, 0), real(0, 0)] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [E0420300] - [E0420300] FAILED with error NT_STATUS_NO_SUCH_USER [2006/12/06 10:51:38, 5, pid=14054, effective(0, 0), real(0, 0)] auth/auth_util.c:free_user_info(1318) attempting to free (and zero) a user_info structure anyone having an idea what's happening here? why is my user from ww002 mapped to ww300? thanks a lot, christian P.S.: samba is version 3.0.10 (i already tried it with 3.0.23c, same problem) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication and trusted domains
Hi there, This is most likely something very basic which I'm not seeing right now. I have a Samba-server, which is running in security = domain, and it's a member of that domain (DOMAINA). The domain is a Win2003 domain. That domain has established a trust with another domain (DOMAINB). There's a Windows terminal server TERMSRV which is a member of DOMAINA, but a user from DOMAINB logged in (using the trust). The user wants to reach a share on the Samba-server. This is what happens (smbd -i -d 3 output): Got user=[MFABER] domain=[DOMAINB] workstation=[TERMSRV] len1=24 len2=24 check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface check_ntlm_password: mapped user is: [EMAIL PROTECTED] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: Authentication for user [MFABER] - [MFABER] FAILED with error NT_STATUS_WRONG_PASSWORD As you see, smbd sees that MFABER from DOMAINB tries to access a share, but to me it looks like it tries to validate the password in the DOMAINA domain. This fails. (It fails with NT_STATUS_WRONG_PASSWORD because there is also a (different) user named MFABER in DOMAINA) I'd like users from DOMAINB to access resources on the Samba server. Winbindd, smbd and nmbd are all running. Samba version is 3.0.21c. Am I missing something obvious here? [global] workgroup = DOMAINA netbios name = smb-lpar security = domain encrypt passwords = Yes password server = * client use spnego = Yes restrict anonymous = Yes lanman auth = No min protocol = NT1 mangling method = hash2 os level = 0 lm announce = No preferred master = No local master = No domain master = No wins server = 172.17.1.64 172.17.1.65 allow trusted domains = Yes idmap uid = 2000-1 idmap gid = 2000-1 template shell = /bin/ksh template homedir = /home/%U winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes log level = 1 Thanks, -- Jurjen Oskam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authenticating NT users with space in username?
You could also look into the 'username map' parameter in smb.conf and set up an approprite map file. On 12/6/06, Rashid N. Achilov [EMAIL PROTECTED] wrote: On Tuesday 05 December 2006 02:50, poisonpill wrote: I know it's ridiculous, but I have a userbase where every username has a space in it. IE: temp user. Is it possible to use samba to authenticate these users? So far I have been able to accept usernames without spaces flawlessly, but not the ones with spaces. When you'd include it in smb.conf, try: allow users = User with spaces, user_without_spaces, @Group with spaces, @Group_without_spaces -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton OOO ACK telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Bill Uhl GreenLight Networks, LLC [EMAIL PROTECTED] 609-651-5049 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind do not maintains mappings between UIDs, GIDs and SIDs
Hello, I´m trying to use winbind to allow my AD users to logon to our linux computers. I´m using FC6 and Samba 3.0.23c-2. I have several problems: 1. When I start linux machine and immediately ofter logging in I try to check trust secret by running wbinfo -t I receive this error: checking the trust secret via RPC calls failed error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233) could not check secret When I try to run wbinfo -t after a short while it returns: checking the trust secret via RPC calls succeeded. Is this normal behaviour? 2.Winbind do not maintain mappings between UIDs, GIDs and SIDs Winbindd and smbd are running, but when I run getent passwd I receive list of linux local users. And I´m not able to login to my linux machine until I manually add information about user in \etc\paswd. But this is unacceptable for me because I have 600+ users in my domain. Is there way how to make winbind to automaticaly update user mappings? 3. When I manually add informations about user into passwd I´m able to login but after inserting username I have to insert my password twice. Where can be the problem? My configuration files: My smb.conf: [global] workgroup = MYDOMAIN.COM server string = Samba Server security = domain winbind separator = \ idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%U template shell = /bin/bash winbind use default domain = true winbind cache time = 10 encrypt passwords = yes winbind trusted domains only = yes obey pam restrictions = yes password server = server.mydomain.com [homes] comment = Home Directories browseable = no writable = yes My nsswitch.conf: passwd: files winbind shadow: files winbind group: files winbind hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind rpc:files services: files winbind netgroup: files winbind publickey: nisplus automount: files winbind aliases:files nisplus My pam.d configuration: authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_winbind.so authrequired pam_deny.so account required pam_unix.so broken_shadow account sufficientpam_localuser.so account sufficientpam_succeed_if.so uid 500 quiet account sufficientpam_winbind.so account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordsufficientpam_winbind.so use_authtok passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session requiredpam_mkhomedir.so skel=/etc/skel/ umask=0022 Thanks for any help. Jiri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Incorrect pointers arithmetic in the PRINTER_ENUM_VALUES structure when calling Samba.
Thanks. I approached Jerry directly in parallel a couple of days ago and waiting for his answer on this. Will keep you updated on this issue. Slava. -Original Message- From: Volker Lendecke [mailto:[EMAIL PROTECTED] On Behalf Of Volker Lendecke Sent: Wednesday, December 06, 2006 1:22 PM To: Slava Leizerovich (vleizero) Cc: samba@lists.samba.org Subject: Re: [Samba] Incorrect pointers arithmetic in the PRINTER_ENUM_VALUES structure when calling Samba. On Wed, Dec 06, 2006 at 11:56:12AM +0100, Slava Leizerovich (vleizero) wrote: Just to explain myself a bit more: I can see in the trace all relevant data, but once it processed by windows EnumPrinterDataEx, the resulting buffer (I inspect its contents in the MSDEV debugger) contains actual offset values for the pointers variables instead of correct memory addresses. If I do the pointers calculations by myself, the relevant data is in place and valid in the buffer. Ok, I'll have to delegate this to Jerry (sorry), this is a bit beyond me at this moment. Jerry, I can send you the capture and screenshots if you need it. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind do not maintains mappings between UIDs, GIDs and SIDs
Do you have libnss_winbind.so in /lib? There should also be a symbolic link to it in the same directory called libnss_winbind.so.2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authenticating NT users with space in username?
Our usernames don't have spaces but group names do. And this works for me @DOMAIN\My domain group -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind do not maintains mappings between UIDs, GIDs and SIDs
Yes: /usr/lib/libnss_winbind.so /lib/libnss_winbind.so.2 Franz Strebel napsal(a): Do you have libnss_winbind.so in /lib? There should also be a symbolic link to it in the same directory called libnss_winbind.so.2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
James, You are correct--I don't have windbind nested groups = yes set in my smb.conf. Yes, default 3.0.22. I followed the Ubuntu configuration instructions to the letter found in the Ubuntu forums that I've posted before with only the changes you've seen in my smb.conf. Here is the link to the forum post: http://ubuntuforums.org/archive/index.php/t-91510.html If you have a machine you can throw together as a test machine, fire it up as a stock install and follow these instructions to the letter (if you didn't on your production box) and see if you have any success. Here's where the rubber meets the road. If your test machine correctly nests permissions, then there is something wrong with your production config. If it doesn't, then you have something going on in Active Directory. One more thing--I'm using POSIX ACLs for permissions. Are you? James A. Dinkel wrote: -Original Message- From: Matt Skerritt There is an option in smb.conf called winbind nested groups ... and the help text from swat says: winbind nested groups (G) If set to yes, this parameter activates the support for nested groups. Nested groups are also called local groups or aliases. They work like their counterparts in Windows: Nested groups are defined locally on any machine (they are shared between DC's through their SAM) and can contain users and global groups from any trusted SAM. To be able to use nested groups, you need to run nss_winbind. Please note that per 3.0.3 this is a new feature, so handle with care. Default: winbind nested groups = no So I'm guessing that you want to set winbind nested groups = yes in your smb.conf. -- Matt Skerritt [EMAIL PROTECTED] I've put the winbind nested groups = yes in the global section of my samba.conf. (Sorry, I did go over the swat help text, I must have missed this). I went ahead and rebooted the server and tried it again, but it's still a no-go. Aaron, in the smb.conf you showed me, you did not have winbind nested groups = yes ?!? I don't remember if you've told me, but are you using the default Samba 3.0.22 that comes with Ubuntu 6.06? Could there be something wrong with my Winbind setup? Something that has to do with nss_winbind maybe? Is there any way I can test this from the Samba server, using wbinfo maybe? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba file security
I have created the read list and write list, but I want that write list members also can not delete the files once they upload it on samba server. While the read list members can only read the files but can not upload files on the samba server. Thanks for your attention. - Original Message - From: Cleber P. de Souza [EMAIL PROTECTED] To: Naveen C Joshi [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Tuesday, December 05, 2006 10:48 PM Subject: Re: [Samba] Samba file security On the share in smb.conf set 'read list' and 'write list' for that users that you want such permission. On 12/5/06, Naveen C Joshi [EMAIL PROTECTED] wrote: I am newbie for samba configuration at security level. I have read all the documents but could not resolve my problem. My problem is as below and would like your help to resolve it I have installed Samba - 3.0.0-14 on Redhat ES 3 and everthing is working fine. But I want that all the member can read the files and put the file on shared folder but can not delete it. I want to protect it from deletion. Only the super user of the system can delete it but not the samba users. Please guide me on this problem. Thanks - Naveen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authenticating NT users with space in username?
I don't know for shure, if this is related, but when I use kerberos authentication, the username with spaces extracted from the kerberos ticket contains backslash space instead of space only (Domain\ User vs. Domain User). This happens in libads/kerberos_verify.c. Then the user cannot become authenticated. I think the extraction is done by the kerberos library - not samba. In my case it's heimdal-0.6.3. bye, Martin Franz Strebel schrieb: Our usernames don't have spaces but group names do. And this works for me @DOMAIN\My domain group -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba file security
So set 'create mask' and 'directory mask' on the share to the values you want. On 12/6/06, Naveen C Joshi [EMAIL PROTECTED] wrote: I have created the read list and write list, but I want that write list members also can not delete the files once they upload it on samba server. While the read list members can only read the files but can not upload files on the samba server. Thanks for your attention. - Original Message - From: Cleber P. de Souza [EMAIL PROTECTED] To: Naveen C Joshi [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Tuesday, December 05, 2006 10:48 PM Subject: Re: [Samba] Samba file security On the share in smb.conf set 'read list' and 'write list' for that users that you want such permission. On 12/5/06, Naveen C Joshi [EMAIL PROTECTED] wrote: I am newbie for samba configuration at security level. I have read all the documents but could not resolve my problem. My problem is as below and would like your help to resolve it I have installed Samba - 3.0.0-14 on Redhat ES 3 and everthing is working fine. But I want that all the member can read the files and put the file on shared folder but can not delete it. I want to protect it from deletion. Only the super user of the system can delete it but not the samba users. Please guide me on this problem. Thanks - Naveen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba file security
On 07/12/2006, at 12:42 AM, Naveen C Joshi wrote: I have created the read list and write list, but I want that write list members also can not delete the files once they upload it on samba server. While the read list members can only read the files but can not upload files on the samba server. Hmmm ... do you want to them to be able to be able to change the contents of the files, but not delete them? If so then I think it's impossible for a filesystem that uses the posix rwx file permission bits. It may be possible if you're using solaris with zfs, I'm not sure - I'll check on my server later but your initial email said you were using Redhat so I guess it doesn't matter. If you want the users to only be able to add new files (but never change or delete old files) then just set the file create mask to make sure that newly created files don't get write permissions, like Cleber P. de Souza suggested in the other email. -- Matt Skerritt [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
-Original Message- From: Aaron Kincer James, You are correct--I don't have windbind nested groups = yes set in my smb.conf. Yes, default 3.0.22. I followed the Ubuntu configuration instructions to the letter found in the Ubuntu forums that I've posted before with only the changes you've seen in my smb.conf. Here is the link to the forum post: http://ubuntuforums.org/archive/index.php/t-91510.html If you have a machine you can throw together as a test machine, fire it up as a stock install and follow these instructions to the letter (if you didn't on your production box) and see if you have any success. Here's where the rubber meets the road. If your test machine correctly nests permissions, then there is something wrong with your production config. If it doesn't, then you have something going on in Active Directory. One more thing--I'm using POSIX ACLs for permissions. Are you? Yeah, I'm using POSIX ACLs. I did not follow that Ubuntu guide; I used some generic instructions from a couple different places. The biggest difference I see at first glance is the krb5.conf (mine is blank, it gets domain info from DNS) and a lot of the PAM configuration. I'll try another machine with that Ubuntu guide and see what happens. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
http://ubuntuforums.org/archive/index.php/t-91510.html That guide also does not say anything about adding acl and user_xattr to the mount options of the partition containing the share. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
Right. That guide gets you in the door. The additional acl and extended dos attributes stuff is separate. James A. Dinkel wrote: http://ubuntuforums.org/archive/index.php/t-91510.html That guide also does not say anything about adding acl and user_xattr to the mount options of the partition containing the share. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with OpenLDAP/Samba/NSS - ERROR : User xxx in passdb, but getpwnam() fails!
Hi everybody, I have one SAMBA server (with PDC configuration) which is configure to use an OpenLDAP server (on the same local server) where users and computers account are store (I want to have the two Unix/Linux and Samba account attributes stored to use Name Service Switch and Pluggable Authentication Module). My problem is as follow : If I don't put the following line : - user1:x:527:400:Utilisateur 1:/home/user1:/bin/bash in the '/etc/passwd' file, for a user, or : - pc046$:x:1110:582:Compte PC:/dev/null:/bin/false for a computer, I can't connect and I have the following error in the '/var/log/samba/log.pc046' log file : .. [2006/11/28 11:51:48, 1] auth/auth_util.c:make_server_info_sam(840) User farget in passdb, but getpwnam() fails! [2006/11/28 11:51:48, 0] auth/auth_sam.c:check_sam_security(324) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' .. however, on my local server, if I type 'getent passwd|grep user1', I have/can see the following : - user1:x:527:400:Utilisateur 1:/home/user1:/bin/bash and an 'ldapsearch -x -LLL' show me all my directory without any problems I show several other mails from people who have the same 'getpwnam() fails!' error, but I didn't succeed in found the solution !!! So I want to know severals things : -- 1.) What seeks SAMBA precisely when it executes the 'getpwnam()' function ? One or severals specials OpenLDAP attributes ? 2.) In the file '/etc/ldap/slapd.conf', what is 'index' used for ? Actually I have the following index : .. # Indexing options for database #1 index objectClass,uidNumber,gidNumbereq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq .. Is these indexes Ok ? I see that if I add the following line : - index uid eq the 'ldapsearch -x -LLL' output is EMPTY Here is my Debian Sarge server files configuration : - 'slapd' (OpenLDAP) v2.2.23-8, - 'samba' v3.0.14a-3sarge2, - 'samba-doc' v3.0.14a-3sarge2 with 'smbldap-tools' v0.8.7, - 'libnss-ldap' v238-1, = OPENLDAP CONF FILE : /etc/ldap/slapd.conf = allow bind_v2 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/MozillaOrgPerson.schema schemacheck on pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd.args loglevel264 modulepath /usr/lib/ldap moduleload back_bdb backend bdb checkpoint 512 30 databasebdb suffix dc=serveur,dc=domaine,dc=fr rootdn cn=chef,dc=serveur,dc=domaine,dc=fr rootpw {SSHA}xYauMQ5tPSq77v+pF79TJjR73NYBhQwP directory /var/lib/ldap index objectClass,uidNumber,gidNumbereq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq lastmod on access to attrs=userPassword by dn=cn=chef,dc=serveur,dc=domaine,dc=fr write by anonymous auth by self write by * none access to attrs=sambaLMPassword by dn=cn=chef,dc=serveur,dc=domaine,dc=fr write by anonymous auth by self write by * none access to attrs=sambaNTPassword by dn=cn=chef,dc=serveur,dc=domaine,dc=fr write by anonymous auth by self write by * none access to attrs=jpegPhoto,mobile,mobileTelephoneNumber,telephoneNumber,street,streetAddress,facsimileTelephoneNumber,fax,postalCode by dn=cn=chef,dc=serveur,dc=domaine,dc=fr write by anonymous read by self write by * read access to dn.base= by * read access to * by dn=cn=chef,dc=serveur,dc=domaine,dc=fr write by * read = END of OPENLDAP CONF FILE : /etc/ldap/slapd.conf = = SAMBA CONF FILE : /etc/samba/smb.conf = [global] workgroup = DOM netbios name = PDC server string = Serveur Intranet (domaine Domaine) dns proxy = No log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user time server = Yes encrypt passwords = Yes passdb backend = ldapsam:ldap://localhost/ obey pam restrictions = No ldap passwd sync = Yes ldap admin dn = cn=chef,dc=serveur,dc=domaine,dc=fr ldap ssl = Off ldap suffix = dc=serveur,dc=domaine,dc=fr ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap delete dn = Yes ldapsam:trusted = Yes add user script = /usr/local/sbin/smbldap-useradd -m %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script =
[Samba] Samba problem with APS .NET web farm (IIS) - change notify
Hi, i have problems with change notify in my ASP server... problem details in this KB http://support.microsoft.com/kb/810886 but i dont know how fix it in samba? this man have same problem... http://www.nabble.com/Samba-problem-with-web-farm-t2755718.html PS: http://support.microsoft.com/default.aspx?scid=kb;en-us;281253 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + Win2k works, Win2003 fails
Hi all, I've finally almost gotten my desired Samba+AD integration working: I've joined a domain, AD users can login, kerberos works (keytab integration, caching, etc.), etc. However, this is only true as long as I hack my /etc/hosts and /etc/samba/lmhosts files to trick Samba into always using my networks Windows 2000 Active Directory Server. The second a Samba command finds and attempts to use the 2003 server, it fails. Workstation: Debian Sid, Samba 3.0.23d (pam_winbind, MIT kerberos) Domain: TREMONT Realm: tremont.local AD Servers: thsdc1/192.168.100.4 (Windows 2000) thsdc2/192.168.100.6 (Windows 2003) So both my hosts lmhosts files point thsdc2 to thsdc1's IP address which seems to trick Samba into always using thsdc1. thsdc1 is also what I set all the appropriate /etc/krb5.conf settings to. Here's the error message I get when attempting to use thsdc2 from pretty much any Samba command (without hosts file hacks): [EMAIL PROTECTED]:~$ net -U admin%PASSWORD -d8 ads status ...snip charset and parameter debugging info... Netbios name list:- my_netbios_names[0]=SCHURTER3-LINUX [2006/12/06 11:08:39, 2] lib/interface.c:add_interface(81) added interface ip=192.168.101.51 bcast=192.168.103.255 nmask=255.255.252.0 [2006/12/06 11:08:39, 6] libads/ldap.c:ads_find_dc(224) ads_find_dc: looking for realm 'TREMONT.LOCAL' [2006/12/06 11:08:39, 8] libsmb/namequery.c:get_sorted_dc_list(1551) get_sorted_dc_list: attempting lookup using [ads] [2006/12/06 11:08:39, 5] lib/gencache.c:gencache_init(61) Opening cache file at /var/run/samba/gencache.tdb [2006/12/06 11:08:39, 5] tdb/tdbutil.c:tdb_log(783) tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/gencache.tdb: Permission denied [2006/12/06 11:08:39, 5] lib/gencache.c:gencache_init(70) gencache_init: Opening cache file /var/run/samba/gencache.tdb read-only. [2006/12/06 11:08:39, 5] libsmb/namequery.c:saf_fetch(105) saf_fetch: failed to find server for TREMONT.LOCAL domain [2006/12/06 11:08:39, 3] libsmb/namequery.c:get_dc_list(1426) get_dc_list: preferred server list: , * [2006/12/06 11:08:39, 5] libsmb/namecache.c:namecache_fetch(201) name TREMONT.LOCAL#1C found. [2006/12/06 11:08:39, 8] libsmb/namequery.c:get_dc_list(1441) Adding 2 DC's from auto lookup [2006/12/06 11:08:39, 4] libsmb/namequery.c:get_dc_list(1529) get_dc_list: returning 2 ip addresses in an ordered list [2006/12/06 11:08:39, 4] libsmb/namequery.c:get_dc_list(1530) get_dc_list: 192.168.100.6:389 192.168.100.4:389 [2006/12/06 11:08:39, 5] libads/ldap.c:ads_try_connect(127) ads_try_connect: sending CLDAP request to 192.168.100.6 (realm: TREMONT.LOCAL) [2006/12/06 11:08:39, 3] libads/ldap.c:ads_connect(287) Connected to LDAP server 192.168.100.6 [2006/12/06 11:08:54, 0] utils/net_ads.c:ads_startup(289) ads_connect: Operations error [2006/12/06 11:08:54, 2] utils/net.c:main(988) return code = -1 The last few log messages show where the LDAP connection to the Windows 2003 server (thsdc2/192.168.100.6) fails. Here's what it looks like when I force it to use my Windows 2000 Server: $ net -U admin%PASSWORD -d8 -S thsdc1 ads status ...snip parameters charset debugging info... Netbios name list:- my_netbios_names[0]=SCHURTER3-LINUX [2006/12/06 11:09:30, 2] lib/interface.c:add_interface(81) added interface ip=192.168.101.51 bcast=192.168.103.255 nmask=255.255.252.0 [2006/12/06 11:09:30, 5] libads/ldap.c:ads_try_connect(127) ads_try_connect: sending CLDAP request to thsdc1 (realm: TREMONT.LOCAL) [2006/12/06 11:09:30, 5] lib/gencache.c:gencache_init(61) Opening cache file at /var/run/samba/gencache.tdb [2006/12/06 11:09:30, 5] tdb/tdbutil.c:tdb_log(783) tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/gencache.tdb: Permission denied [2006/12/06 11:09:30, 5] lib/gencache.c:gencache_init(70) gencache_init: Opening cache file /var/run/samba/gencache.tdb read-only. [2006/12/06 11:09:30, 3] libads/ldap.c:ads_connect(287) Connected to LDAP server 192.168.100.4 [2006/12/06 11:09:30, 4] libads/ldap.c:ads_current_time(2296) time offset is 2 seconds [2006/12/06 11:09:30, 4] libads/sasl.c:ads_sasl_bind(468) Found SASL mechanism GSS-SPNEGO ...snipped successful kerberos auth data returned... Any ideas on why Win2000 works, but Win2003 fails? Thanks! Michael Schurter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] what OS do you use for Samba?
On Tuesday 28 November 2006 13:59, James A. Dinkel wrote: deb http://us5.samba.org/samba/ftp/Binary_Packages/Debian sarge samba And you'll track the latest stable release. I have a production Debian Sarge server that does just this. Just don't do it with Etch, since in a few days time you'll get the same package from Debian that you got from Samba, except that the Debian packages have a few files moved from samba to samba-common. That confuses apt. So with Etch I'd recommend staying plain vanilla Debian in sources.list until it goes stable and the version number freezes. Then you can move to using the Samba team repository. Ubuntu is cool too, especially the LTS version -- you probably won't go wrong either way. Ubuntu (Edgy Eft) seems to be stuck at 3.0.22. Which is one of the reasons I elected not to move to Ubuntu servers - when I first examined the possibility they were stuck on 3.0.14 for the longest time. Also CUPS, the other major component I need for supporting Windows clients, on Ubuntu is stuck at 1.2.4, whereas I run 1.2.7 on Gentoo. Do the Sarge releases from the Samba team work properly with this (or any) version of Ubuntu? Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] what OS do you use for Samba?
On Wed, 2006-12-06 at 13:06 -0500, Chris Smith wrote: On Tuesday 28 November 2006 13:59, James A. Dinkel wrote: deb http://us5.samba.org/samba/ftp/Binary_Packages/Debian sarge samba And you'll track the latest stable release. I have a production Debian Sarge server that does just this. Just don't do it with Etch, since in a few days time you'll get the same package from Debian that you got from Samba, except that the Debian packages have a few files moved from samba to samba-common. That confuses apt. So with Etch I'd recommend staying plain vanilla Debian in sources.list until it goes stable and the version number freezes. Then you can move to using the Samba team repository. Ubuntu is cool too, especially the LTS version -- you probably won't go wrong either way. Ubuntu (Edgy Eft) seems to be stuck at 3.0.22. Which is one of the reasons I elected not to move to Ubuntu servers - when I first examined the possibility they were stuck on 3.0.14 for the longest time. Also CUPS, the other major component I need for supporting Windows clients, on Ubuntu is stuck at 1.2.4, whereas I run 1.2.7 on Gentoo. Do the Sarge releases from the Samba team work properly with this (or any) version of Ubuntu? I have never tested the sarge releases on ubuntu. Edgy seem to have a lot more updated libraries, you would have to test that everything work as expected. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with OpenLDAP/Samba/NSS - ERROR : User xxx in passdb, but getpwnam() fails!
Vincent Farget wrote: Hi everybody, I have one SAMBA server (with PDC configuration) which is configure to use an OpenLDAP server (on the same local server) where users and computers account are store (I want to have the two Unix/Linux and Samba account attributes stored to use Name Service Switch and Pluggable Authentication Module). My problem is as follow : If I don't put the following line : - user1:x:527:400:Utilisateur 1:/home/user1:/bin/bash in the '/etc/passwd' file, for a user, or : - pc046$:x:1110:582:Compte PC:/dev/null:/bin/false for a computer, I can't connect and I have the following error in the '/var/log/samba/log.pc046' log file : .. [2006/11/28 11:51:48, 1] auth/auth_util.c:make_server_info_sam(840) User farget in passdb, but getpwnam() fails! [2006/11/28 11:51:48, 0] auth/auth_sam.c:check_sam_security(324) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' .. however, on my local server, if I type 'getent passwd|grep user1', I have/can see the following : - user1:x:527:400:Utilisateur 1:/home/user1:/bin/bash and an 'ldapsearch -x -LLL' show me all my directory without any problems I show several other mails from people who have the same 'getpwnam() fails!' error, but I didn't succeed in found the solution !!! So I want to know severals things : -- 1.) What seeks SAMBA precisely when it executes the 'getpwnam()' function ? One or severals specials OpenLDAP attributes ? 2.) In the file '/etc/ldap/slapd.conf', what is 'index' used for ? Actually I have the following index : .. # Indexing options for database #1 index objectClass,uidNumber,gidNumbereq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq .. Is these indexes Ok ? I see that if I add the following line : - index uid eq the 'ldapsearch -x -LLL' output is EMPTY Here is my Debian Sarge server files configuration : - 'slapd' (OpenLDAP) v2.2.23-8, - 'samba' v3.0.14a-3sarge2, - 'samba-doc' v3.0.14a-3sarge2 with 'smbldap-tools' v0.8.7, - 'libnss-ldap' v238-1, = OPENLDAP CONF FILE : /etc/ldap/slapd.conf = allow bind_v2 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/MozillaOrgPerson.schema schemacheck on pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd.args loglevel264 modulepath /usr/lib/ldap moduleload back_bdb backend bdb checkpoint 512 30 databasebdb suffix dc=serveur,dc=domaine,dc=fr rootdn cn=chef,dc=serveur,dc=domaine,dc=fr rootpw {SSHA}xYauMQ5tPSq77v+pF79TJjR73NYBhQwP directory /var/lib/ldap index objectClass,uidNumber,gidNumbereq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq lastmod on access to attrs=userPassword by dn=cn=chef,dc=serveur,dc=domaine,dc=fr write by anonymous auth by self write by * none access to attrs=sambaLMPassword by dn=cn=chef,dc=serveur,dc=domaine,dc=fr write by anonymous auth by self write by * none access to attrs=sambaNTPassword by dn=cn=chef,dc=serveur,dc=domaine,dc=fr write by anonymous auth by self write by * none access to attrs=jpegPhoto,mobile,mobileTelephoneNumber,telephoneNumber,street,streetAddress,facsimileTelephoneNumber,fax,postalCode by dn=cn=chef,dc=serveur,dc=domaine,dc=fr write by anonymous read by self write by * read access to dn.base= by * read access to * by dn=cn=chef,dc=serveur,dc=domaine,dc=fr write by * read = END of OPENLDAP CONF FILE : /etc/ldap/slapd.conf = = SAMBA CONF FILE : /etc/samba/smb.conf = [global] workgroup = DOM netbios name = PDC server string = Serveur Intranet (domaine Domaine) dns proxy = No log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user time server = Yes encrypt passwords = Yes passdb backend = ldapsam:ldap://localhost/ obey pam restrictions = No ldap passwd sync = Yes ldap admin dn = cn=chef,dc=serveur,dc=domaine,dc=fr ldap ssl = Off ldap suffix = dc=serveur,dc=domaine,dc=fr ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap delete dn = Yes ldapsam:trusted = Yes add user script = /usr/local/sbin/smbldap-useradd -m %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add
[Samba] Samba 3 LDAP backend cannot authenticate
I am trying to setup a samba3 pdc using samba 3.0.21b with openldap backend, running freebsd 6.1 release, and openldap server is version 2.2.30. The short of it is: I cannot get any of my windows boxes to join the domain. Also no ldap cn entries can login to the server, but if I attempt to login to say #su user1, where user1 is an entry in the LDAP directory, but does not have a unix account I can see that LDAP gets the search query, but I am still not able to log in. I basically do not know where to trouble shoot? Please any suggestions would be greatly appreciated. Thanks. -- Brad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] prs_mem_get: buffer overrun
Volker Lendecke wrote: Please try the attached patch. I simply forgot to merge this to 3.0.23d in time, sorry. Sorry Volker, what is the suggested fix for the problem? You attached the patch to the poster but not to the list. Can you tell me the svn revision number for that? -- der tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 LDAP backend cannot authenticate
On 12/6/06, Brad Askew [EMAIL PROTECTED] wrote: I am trying to setup a samba3 pdc using samba 3.0.21b with openldap backend, running freebsd 6.1 release, and openldap server is version 2.2.30. The short of it is: I cannot get any of my windows boxes to join the domain. Also no ldap cn entries can login to the server, but if I attempt to login to say #su user1, where user1 is an entry in the LDAP directory, but does not have a unix account I can see that LDAP gets the search query, but I am still not able to log in. I basically do not know where to trouble shoot? Please any suggestions would be greatly appreciated. Thanks. Can you give a brief description on your setup and what you have done as from the description you have given I can only guess. Are you using the smbldap_tools from IDEALX? How did you configure your ldap server? Have you set up users for the machines? ... John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] what OS do you use for Samba?
-Original Message- From: Chris Smith Sent: Wednesday, December 06, 2006 12:06 PM Ubuntu (Edgy Eft) seems to be stuck at 3.0.22. Which is one of the reasons I elected not to move to Ubuntu servers - when I first examined the possibility they were stuck on 3.0.14 for the longest time. Also CUPS, the other major component I need for supporting Windows clients, on Ubuntu is stuck at 1.2.4, whereas I run 1.2.7 on Gentoo. Do the Sarge releases from the Samba team work properly with this (or any) version of Ubuntu? Chris Ubuntu, and Debian, will always be stuck at the version included at the time of release. This is by design, so breakage is not introduced, but it does still get security and bug fixes. Just FYI. I'm having a problem with nested groups (you may have noticed on this mailing list) and I'm also wondering if updating to the latest Samba and Winbind would take care of my issue. Backporting from a newer distro such as Feisty for Ubuntu, or Etch for Debian, would be one way to manually get the newer packages. I believe there is a tool to make backporting easy on Ubuntu, I'm not sure I would trust this approach though. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] howto upgrade/transfer samba domain-user + domain-group data to a new windows 2003 active directory domain?
I much regret in many ways having to ask this question below. But our business needs now demand more than we think we can deliver using open source software exclusively. What is the best way to 'suck up' all of the domain group and user data from a current samba 3.0.21a PDC into a microsoft windows 2003 server? We have two basic needs that demand we now introduce active directory servers to our previously 'windows server free' office. One we want to manage the windows xp sp2 desktops using group policies and secondly we have a need to start using shared calendaring. Alternatively, I would also welcome any suggestions that would allow us to use microsoft outlook shared calendaring and enable us to manage the windows xp workstations using group policies, using any other configuration, preferably open source of course. ;-) Many thanks in advance for any hints or suggestions. PS: Please note there is _no_ active directory already deployed. All of the user and group info is currently on our samba 3.0.21a PDC running on a CentOs 4.x box. -- Urs Rau -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] what OS do you use for Samba?
Since you and I are using the same version of Ubuntu and both have our servers integrated into Active Directory, you would expect similar behavior configurations notwithstanding. As we've discussed earlier, I have no problems with nested groups. I think you're barking up the wrong tree thinking upgrading will solver your problem. I'm unconvinced. Out of curiosity, do you have any explicit group denial settings on the target folder that the user in question might have membership? I believe denies overrule grants, but I'm not positive. James A. Dinkel wrote: -Original Message- From: Chris Smith Sent: Wednesday, December 06, 2006 12:06 PM Ubuntu (Edgy Eft) seems to be stuck at 3.0.22. Which is one of the reasons I elected not to move to Ubuntu servers - when I first examined the possibility they were stuck on 3.0.14 for the longest time. Also CUPS, the other major component I need for supporting Windows clients, on Ubuntu is stuck at 1.2.4, whereas I run 1.2.7 on Gentoo. Do the Sarge releases from the Samba team work properly with this (or any) version of Ubuntu? Chris Ubuntu, and Debian, will always be stuck at the version included at the time of release. This is by design, so breakage is not introduced, but it does still get security and bug fixes. Just FYI. I'm having a problem with nested groups (you may have noticed on this mailing list) and I'm also wondering if updating to the latest Samba and Winbind would take care of my issue. Backporting from a newer distro such as Feisty for Ubuntu, or Etch for Debian, would be one way to manually get the newer packages. I believe there is a tool to make backporting easy on Ubuntu, I'm not sure I would trust this approach though. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 LDAP backend cannot authenticate
John Drescher wrote: On 12/6/06, Brad Askew [EMAIL PROTECTED] wrote: I am trying to setup a samba3 pdc using samba 3.0.21b with openldap backend, running freebsd 6.1 release, and openldap server is version 2.2.30. The short of it is: I cannot get any of my windows boxes to join the domain. Also no ldap cn entries can login to the server, but if I attempt to login to say #su user1, where user1 is an entry in the LDAP directory, but does not have a unix account I can see that LDAP gets the search query, but I am still not able to log in. I basically do not know where to trouble shoot? Please any suggestions would be greatly appreciated. Thanks. Can you give a brief description on your setup and what you have done as from the description you have given I can only guess. Are you using the smbldap_tools from IDEALX? How did you configure your ldap server? Have you set up users for the machines? ... John Sure thing. I am using the idealx smbldap_tools. I used smbldap-populate to populate the directory. I have the following lines in slapd.conf snip include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema snip Aside from using smbldap-populate, the directory is pretty flat, I used smbldap-useradd to add one user to the directory. I have set up the indices as follows. snip index objectClasseq index cnpres,sub,eq index snpres,sub,eq ## required to support pdb_getsampwnam index uid pres,sub,eq ## required to support pdb_getsambapwrid index displayName pres,sub,eq ## uncomment these if you are storing posixAccount ## and posixGroup in the directory as well index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub snip If you need more info on ldap, let me know. I added a machine account for the machines using the smbldaptools using the netbios name of the client machine followed by a $. -- Brad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to set servicePrincipalNames error
Rashid N. Achilov wrote: Probably, your hostname is not equal your AD full name (i.e. box.hostname.com but AD named hostname.org). Today I'll put a big pile of debug messages to trace problem in source (it is net_ads.c in utils) and try to reach 'natural' solve... Exactly right. My netbios name = value reflects a different hostname than the actual server. I didn't realize there was any problem with that... Anyway, once I changed the netbios name entry to netbios aliases = , net join works first time. I'd still say that was a bug in Samba - but the workaround will do for now :-) Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Network drive disconnecting
Hi, I have a network drive where I save development source file. I have been using this network drive for years. Recently, after upgrading to samba-3.0.23c-4 on Centos 4, I have problems where the network drive just become in-accessible for a few seconds. I use a text editor in windows and when saving I get the error that the file could not be saved, I try again after 20seconds and it works. Anyone is having this issue too? I'm using the recicle vfs module. Thanks Oliver -- Oliver Schulze L. | Get my e-mail after a captcha in: Asuncion - Paraguay | http://tinymailto.com/oliver -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] howto upgrade/transfer samba domain-user + domain-group data to a new windows 2003 active directory domain?
Urs Rau wrote: We have two basic needs that demand we now introduce active directory servers to our previously 'windows server free' office. One we want to manage the windows xp sp2 desktops using group policies and secondly we have a need to start using shared calendaring. Alternatively, I would also welcome any suggestions that would allow us to use microsoft outlook shared calendaring and enable us to manage the windows xp workstations using group policies, using any other configuration, preferably open source of course. ;-) Group Policy Management in Samba: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] howto upgrade/transfer samba domain-user + domain-group data to a new windows 2003 active directory domain?
On Wednesday 06 December 2006 16:46, Urs Rau wrote: Alternatively, I would also welcome any suggestions that would allow us to use microsoft outlook shared calendaring Not microsoft outlook shared calendaring but shared calendaring nonetheless: http://www.google.com/calendar/ If you really want microsoft outlook shared calendaring then you need Exchange Server as well, and you get vendor lock-in at no extra charge. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] local user profiles and samba server
Hi group, I know this sounds crazy, but... If I set 'logon path = ' users on windows xp clients can create a local profile (this is what we want). If I set 'logon path = ' users on windows xp clients are not able to create a local profile. Note that the second option is what man smb.conf recommends to disable roaming profiles, which we want to do. Can anyone explain the different results of the different parameters, or have you even seen this before? Thanks, Steve G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r20047 - in branches/SAMBA_4_0/source/rpc_server/remote: .
Author: metze Date: 2006-12-06 09:25:26 + (Wed, 06 Dec 2006) New Revision: 20047 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20047 Log: patch from Julien Kerihuel [EMAIL PROTECTED] to make the remote rpc proxy work for outlook and exchange metze Modified: branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c === --- branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c 2006-12-05 16:20:39 UTC (rev 20046) +++ branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c 2006-12-06 09:25:26 UTC (rev 20047) @@ -30,6 +30,11 @@ struct dcerpc_pipe *c_pipe; }; +static NTSTATUS remote_op_reply(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, void *r) +{ + return NT_STATUS_OK; +} + static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *iface) { NTSTATUS status; @@ -256,6 +261,7 @@ iface-ndr_pull = remote_op_ndr_pull; iface-dispatch = remote_op_dispatch; + iface-reply = remote_op_reply; iface-ndr_push = remote_op_ndr_push; iface-private = if_tabl;
svn commit: samba r20051 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2006-12-06 12:08:32 + (Wed, 06 Dec 2006) New Revision: 20051 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20051 Log: handle the case where the server object exist, but doesn't have a serverReference metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-06 11:45:33 UTC (rev 20050) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-06 12:08:32 UTC (rev 20051) @@ -629,21 +629,22 @@ return NT_STATUS_INVALID_NETWORK_RESPONSE; } - server_reference_dn_str = samdb_result_string(r-msgs[0], serverReference, NULL); - if (!server_reference_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE; - server_reference_dn = ldb_dn_new(r, s-ldap1.ldb, server_reference_dn_str); - NT_STATUS_HAVE_NO_MEMORY(server_reference_dn); + server_reference_dn_str = samdb_result_string(r-msgs[0], serverReference, NULL); + if (server_reference_dn_str) { + server_reference_dn = ldb_dn_new(r, s-ldap1.ldb, server_reference_dn_str); + NT_STATUS_HAVE_NO_MEMORY(server_reference_dn); - computer_dn = ldb_dn_new(r, s-ldap1.ldb, s-dest_dsa.computer_dn_str); - NT_STATUS_HAVE_NO_MEMORY(computer_dn); + computer_dn = ldb_dn_new(r, s-ldap1.ldb, s-dest_dsa.computer_dn_str); + NT_STATUS_HAVE_NO_MEMORY(computer_dn); - /* -* if the server object belongs to another DC in another domain in the forest, -* we should not touch this object! -*/ - if (ldb_dn_compare(computer_dn, server_reference_dn) != 0) { - talloc_free(r); - return NT_STATUS_OBJECT_NAME_COLLISION; + /* +* if the server object belongs to another DC in another domain in the forest, +* we should not touch this object! +*/ + if (ldb_dn_compare(computer_dn, server_reference_dn) != 0) { + talloc_free(r); + return NT_STATUS_OBJECT_NAME_COLLISION; + } } /* if the server object is already for the dest_dsa, then we don't need to create it */ @@ -749,6 +750,56 @@ return NT_STATUS_OK; } +static NTSTATUS becomeDC_ldap1_server_object_modify(struct libnet_BecomeDC_state *s) +{ + int ret; + struct ldb_message *msg; + uint32_t i; + + /* make a 'modify' msg, and only for serverReference */ + msg = ldb_msg_new(s); + NT_STATUS_HAVE_NO_MEMORY(msg); + msg-dn = ldb_dn_new(msg, s-ldap1.ldb, s-dest_dsa.server_dn_str); + NT_STATUS_HAVE_NO_MEMORY(msg-dn); + + ret = ldb_msg_add_string(msg, serverReference, s-dest_dsa.computer_dn_str); + if (ret != 0) { + talloc_free(msg); + return NT_STATUS_NO_MEMORY; + } + + /* mark all the message elements (should be just one) + as LDB_FLAG_MOD_ADD */ + for (i=0;imsg-num_elements;i++) { + msg-elements[i].flags = LDB_FLAG_MOD_ADD; + } + + ret = ldb_modify(s-ldap1.ldb, msg); + if (ret == LDB_SUCCESS) { + talloc_free(msg); + return NT_STATUS_OK; + } else if (ret == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) { + /* retry with LDB_FLAG_MOD_REPLACE */ + } else { + talloc_free(msg); + return NT_STATUS_LDAP(ret); + } + + /* mark all the message elements (should be just one) + as LDB_FLAG_MOD_REPLACE */ + for (i=0;imsg-num_elements;i++) { + msg-elements[i].flags = LDB_FLAG_MOD_REPLACE; + } + + ret = ldb_modify(s-ldap1.ldb, msg); + talloc_free(msg); + if (ret != LDB_SUCCESS) { + return NT_STATUS_LDAP(ret); + } + + return NT_STATUS_OK; +} + static void becomeDC_connect_ldap2(struct libnet_BecomeDC_state *s); static void becomeDC_connect_ldap1(struct libnet_BecomeDC_state *s) @@ -794,6 +845,9 @@ c-status = becomeDC_ldap1_server_object_add(s); if (!composite_is_ok(c)) return; + c-status = becomeDC_ldap1_server_object_modify(s); + if (!composite_is_ok(c)) return; + becomeDC_connect_ldap2(s); }
svn commit: samba r20052 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2006-12-06 12:15:07 + (Wed, 06 Dec 2006) New Revision: 20052 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20052 Log: implement the first drsuapi connection metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-06 12:08:32 UTC (rev 20051) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-06 12:15:07 UTC (rev 20052) @@ -27,6 +27,7 @@ #include lib/db_wrap.h #include dsdb/samdb/samdb.h #include dsdb/common/flags.h +#include librpc/gen_ndr/ndr_drsuapi_c.h struct libnet_BecomeDC_state { struct composite_context *creq; @@ -44,6 +45,15 @@ const struct ldb_message *rootdse; } ldap1, ldap2; + struct becomeDC_drsuapi { + struct libnet_BecomeDC_state *s; + struct dcerpc_binding *binding; + struct dcerpc_pipe *pipe; + struct drsuapi_DsBind bind_r; + struct GUID bind_guid; + struct policy_handle bind_handle; + } drsuapi1; + struct { /* input */ const char *dns_name; @@ -800,6 +810,10 @@ return NT_STATUS_OK; } +static void becomeDC_drsuapi_connect_send(struct libnet_BecomeDC_state *s, + struct becomeDC_drsuapi *drsuapi, + void (*recv_fn)(struct composite_context *req)); +static void becomeDC_drsuapi1_connect_recv(struct composite_context *req); static void becomeDC_connect_ldap2(struct libnet_BecomeDC_state *s); static void becomeDC_connect_ldap1(struct libnet_BecomeDC_state *s) @@ -848,6 +862,40 @@ c-status = becomeDC_ldap1_server_object_modify(s); if (!composite_is_ok(c)) return; + becomeDC_drsuapi_connect_send(s, s-drsuapi1, becomeDC_drsuapi1_connect_recv); +} + +static void becomeDC_drsuapi_connect_send(struct libnet_BecomeDC_state *s, + struct becomeDC_drsuapi *drsuapi, + void (*recv_fn)(struct composite_context *req)) +{ + struct composite_context *c = s-creq; + struct composite_context *creq; + char *binding_str; + + drsuapi-s = s; + + binding_str = talloc_asprintf(s, ncacn_ip_tcp:%s[krb5,seal], s-source_dsa.dns_name); + if (composite_nomem(binding_str, c)) return; + + c-status = dcerpc_parse_binding(s, binding_str, drsuapi-binding); + talloc_free(binding_str); + if (!composite_is_ok(c)) return; + + creq = dcerpc_pipe_connect_b_send(s, drsuapi-binding, dcerpc_table_drsuapi, + s-libnet-cred, s-libnet-event_ctx); + composite_continue(c, creq, recv_fn, s); +} + +static void becomeDC_drsuapi1_connect_recv(struct composite_context *req) +{ + struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private_data, + struct libnet_BecomeDC_state); + struct composite_context *c = s-creq; + + c-status = dcerpc_pipe_connect_b_recv(req, s, s-drsuapi1.pipe); + if (!composite_is_ok(c)) return; + becomeDC_connect_ldap2(s); }
svn commit: samba r20053 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2006-12-06 12:25:41 + (Wed, 06 Dec 2006) New Revision: 20053 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20053 Log: implement the DsBind on the 1st drsuapi connection metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-06 12:15:07 UTC (rev 20052) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-06 12:25:41 UTC (rev 20053) @@ -887,6 +887,11 @@ composite_continue(c, creq, recv_fn, s); } +static void becomeDC_drsuapi_bind_send(struct libnet_BecomeDC_state *s, + struct becomeDC_drsuapi *drsuapi, + void (*recv_fn)(struct rpc_request *req)); +static void becomeDC_drsuapi1_bind_recv(struct rpc_request *req); + static void becomeDC_drsuapi1_connect_recv(struct composite_context *req) { struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private_data, @@ -896,6 +901,40 @@ c-status = dcerpc_pipe_connect_b_recv(req, s, s-drsuapi1.pipe); if (!composite_is_ok(c)) return; + becomeDC_drsuapi_bind_send(s, s-drsuapi1, becomeDC_drsuapi1_bind_recv); +} + +static void becomeDC_drsuapi_bind_send(struct libnet_BecomeDC_state *s, + struct becomeDC_drsuapi *drsuapi, + void (*recv_fn)(struct rpc_request *req)) +{ + struct composite_context *c = s-creq; + struct rpc_request *req; + + GUID_from_string(DRSUAPI_DS_BIND_GUID_W2K3, drsuapi-bind_guid); + + drsuapi-bind_r.in.bind_guid = drsuapi-bind_guid; + drsuapi-bind_r.in.bind_info = NULL; + drsuapi-bind_r.out.bind_handle = drsuapi-bind_handle; + + req = dcerpc_drsuapi_DsBind_send(drsuapi-pipe, s, drsuapi-bind_r); + composite_continue_rpc(c, req, recv_fn, s); +} + +static void becomeDC_drsuapi1_bind_recv(struct rpc_request *req) +{ + struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private, + struct libnet_BecomeDC_state); + struct composite_context *c = s-creq; + + c-status = dcerpc_ndr_request_recv(req); + if (!composite_is_ok(c)) return; + + if (!W_ERROR_IS_OK(s-drsuapi1.bind_r.out.result)) { + composite_error(c, werror_to_ntstatus(s-drsuapi1.bind_r.out.result)); + return; + } + becomeDC_connect_ldap2(s); }
svn commit: samba r20054 - in branches/SAMBA_3_0/source/lib/ldb/ldb_tdb: .
Author: vlendec Date: 2006-12-06 14:40:47 + (Wed, 06 Dec 2006) New Revision: 20054 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20054 Log: Revert my changes, Simo promised to work on it :-) Modified: branches/SAMBA_3_0/source/lib/ldb/ldb_tdb/ldb_index.c Changeset: Modified: branches/SAMBA_3_0/source/lib/ldb/ldb_tdb/ldb_index.c === --- branches/SAMBA_3_0/source/lib/ldb/ldb_tdb/ldb_index.c 2006-12-06 12:25:41 UTC (rev 20053) +++ branches/SAMBA_3_0/source/lib/ldb/ldb_tdb/ldb_index.c 2006-12-06 14:40:47 UTC (rev 20054) @@ -41,8 +41,7 @@ find an element in a list, using the given comparison function and assuming that the list is already sorted using comp_fn - return -1 if not found, or the index of the first occurance of needle if - found + return -1 if not found, or the index of the first occurance of needle if found */ static int ldb_list_find(const void *needle, const void *base, size_t nmemb, size_t size, @@ -129,8 +128,7 @@ if (ldb_should_b64_encode(v)) { char *vstr = ldb_base64_encode(ldb, (char *)v.data, v.length); if (!vstr) return NULL; - dn = talloc_asprintf(ldb, %s:%s::%s, LTDB_INDEX, attr_folded, -vstr); + dn = talloc_asprintf(ldb, %s:%s::%s, LTDB_INDEX, attr_folded, vstr); talloc_free(vstr); if (v.data != value-data) { talloc_free(v.data); @@ -140,8 +138,8 @@ goto done; } - dn = talloc_asprintf(ldb, %s:%s:%.*s, LTDB_INDEX, attr_folded, -(int)v.length, (char *)v.data); + dn = talloc_asprintf(ldb, %s:%s:%.*s, + LTDB_INDEX, attr_folded, (int)v.length, (char *)v.data); if (v.data != value-data) { talloc_free(v.data); @@ -166,8 +164,7 @@ const struct ldb_message_element *el = msg-elements[i]; for (j=0;jel-num_values;j++) { - if (ldb_attr_cmp((char *)el-values[j].data, -attr) == 0) { + if (ldb_attr_cmp((char *)el-values[j].data, attr) == 0) { if (v_idx) { *v_idx = j; } @@ -204,8 +201,7 @@ /* if the attribute isn't in the list of indexed attributes then this node needs a full search */ - if (ldb_msg_find_idx(index_list, tree-u.equality.attr, NULL, -LTDB_IDXATTR) == -1) { + if (ldb_msg_find_idx(index_list, tree-u.equality.attr, NULL, LTDB_IDXATTR) == -1) { return -1; } @@ -241,8 +237,8 @@ } for (j=0;jel-num_values;j++) { - list-dn[list-count] = talloc_strdup( - list-dn, (char *)el-values[j].data); + list-dn[list-count] = + talloc_strdup(list-dn, (char *)el-values[j].data); if (!list-dn[list-count]) { talloc_free(msg); return -1; @@ -254,16 +250,14 @@ talloc_free(msg); if (list-count 1) { - qsort(list-dn, list-count, sizeof(char *), - (comparison_fn_t) list_cmp); + qsort(list-dn, list-count, sizeof(char *), (comparison_fn_t) list_cmp); } return 1; } -static int list_union(struct ldb_context *, struct dn_list *, - const struct dn_list *); +static int list_union(struct ldb_context *, struct dn_list *, const struct dn_list *); /* return a list of dn's that might match a simple indexed search on @@ -296,6 +290,9 @@ struct dn_list *list2; tree2.operation = LDB_OP_EQUALITY; tree2.u.equality.attr = LTDB_OBJECTCLASS; + if (!tree2.u.equality.attr) { + return -1; + } tree2.u.equality.value.data = (uint8_t *)talloc_strdup(list, subclasses[i]); if (tree2.u.equality.value.data == NULL) { @@ -332,8 +329,7 @@ struct dn_list *list) { if (ldb_attr_cmp(tree-u.equality.attr, LTDB_OBJECTCLASS) == 0) { - return ltdb_index_dn_objectclass(module, tree, index_list, -list); + return ltdb_index_dn_objectclass(module, tree, index_list, list); } if (ldb_attr_dn(tree-u.equality.attr) == 0) { list-dn = talloc_array(list, char *, 1); @@ -341,8 +337,7 @@
svn commit: samba r20055 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2006-12-06 15:29:01 + (Wed, 06 Dec 2006) New Revision: 20055 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20055 Log: implement dummy DsAddEntry call (without attributes yet) metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-06 14:40:47 UTC (rev 20054) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-06 15:29:01 UTC (rev 20055) @@ -921,6 +921,8 @@ composite_continue_rpc(c, req, recv_fn, s); } +static void becomeDC_drsuapi1_add_entry_send(struct libnet_BecomeDC_state *s); + static void becomeDC_drsuapi1_bind_recv(struct rpc_request *req) { struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private, @@ -935,6 +937,71 @@ return; } + becomeDC_drsuapi1_add_entry_send(s); +} + +static void becomeDC_drsuapi1_add_entry_recv(struct rpc_request *req); + +static void becomeDC_drsuapi1_add_entry_send(struct libnet_BecomeDC_state *s) +{ + struct composite_context *c = s-creq; + struct rpc_request *req; + struct drsuapi_DsAddEntry *r; + struct drsuapi_DsReplicaObjectIdentifier *identifier; + uint32_t num_attributes; + struct drsuapi_DsReplicaAttribute *attributes; + struct dom_sid zero_sid; + + ZERO_STRUCT(zero_sid); + + r = talloc_zero(s, struct drsuapi_DsAddEntry); + if (composite_nomem(r, c)) return; + + /* setup identifier */ + identifier = talloc(r, struct drsuapi_DsReplicaObjectIdentifier); + if (composite_nomem(identifier, c)) return; + identifier-guid= GUID_zero(); + identifier-sid = zero_sid; + identifier-dn = talloc_asprintf(identifier, CN=NTDS Settings,%s, + s-dest_dsa.server_dn_str); + if (composite_nomem(identifier-dn, c)) return; + + /* allocate attribute array */ + num_attributes = 0; + attributes = talloc_array(r, struct drsuapi_DsReplicaAttribute, num_attributes); + if (composite_nomem(attributes, c)) return; + + /* TODO: set real attributes! */ + + /* setup request structure */ + r-in.bind_handle = s-drsuapi1.bind_handle; + r-in.level = 2; + r-in.req.req2.first_object.next_object = NULL; + r-in.req.req2.first_object.object.identifier = identifier; + r-in.req.req2.first_object.object.unknown1 = 0x; + r-in.req.req2.first_object.object.attribute_ctr.num_attributes = num_attributes; + r-in.req.req2.first_object.object.attribute_ctr.attributes = attributes; + + req = dcerpc_drsuapi_DsAddEntry_send(s-drsuapi1.pipe, r, r); + composite_continue_rpc(c, req, becomeDC_drsuapi1_add_entry_recv, s); +} + +static void becomeDC_drsuapi1_add_entry_recv(struct rpc_request *req) +{ + struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private, + struct libnet_BecomeDC_state); + struct composite_context *c = s-creq; + struct drsuapi_DsAddEntry *r = talloc_get_type(req-ndr.struct_ptr, + struct drsuapi_DsAddEntry); + + c-status = dcerpc_ndr_request_recv(req); + if (!composite_is_ok(c)) return; + + if (!W_ERROR_IS_OK(r-out.result)) { + composite_error(c, werror_to_ntstatus(r-out.result)); + return; + } + becomeDC_connect_ldap2(s); }
Re: svn commit: samba r19993 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_24/source/smbd
On 12/1/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Log: Fix the problem with Linux clients requesting O_WRONLY on write-only files. Jim please check. Should not affect Windows clients - I ensured all the relevent Samba4 torture tests still pass. Sorry, forgot to tell you, this works great now with the cifs client.
Rev 35: Implemented cm usage. in http://samba.org/~tridge/psomogyi/
revno: 35 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Peter Somogyi [EMAIL PROTECTED] branch nick: ctdb timestamp: Wed 2006-12-06 18:49:46 +0100 message: Implemented cm usage. TODO: implement verbs user logic. modified: ib/ibwrapper.c ibwrapper.c-20061204130028-0125b4f5a72f4b11 ib/ibwrapper.h ibwrapper.h-20061204130028-32755c6266dd3c49 ib/ibwrapper_internal.h ibwrapper_internal.h-20061204130028-47f0a7e658b16ca2 === modified file 'ib/ibwrapper.c' --- a/ib/ibwrapper.c2006-12-05 17:48:16 + +++ b/ib/ibwrapper.c2006-12-06 17:49:46 + @@ -51,16 +51,44 @@ ibw_ctx *pctx = talloc_get_type(ctx-internal, ibw_ctx_priv); assert(pctx!=NULL); + /* free memory regions */ + + /* destroy verbs */ + if (pctx-cq) { + ibv_destroy_cq(pctx-cq); + pctx-cq = NULL; + } + + if (pctx-verbs_channel) { + ibv_destroy_comp_channel(pctx-verbs_channel); + pctx-verbs_channel = NULL; + } + + if (pctx-verbs_channel_event) { + /* TODO: do we have to do this here? */ + talloc_free(pctx-verbs_channel_event); + pctx-verbs_channel_event = NULL; + } + + if (pctx-pd) { + ibv_dealloc_pd(pctx-pd); + pctx-pd = NULL; + } + + /* destroy cm */ + if (pctx-cm_channel) { + rdma_destroy_event_channel(pctx-cm_channel); + pctx-cm_channel = NULL; + } + if (pctx-cm_channel_event) { + /* TODO: do we have to do this here? */ + talloc_free(pctx-cm_channel_event); + pctx-cm_channel_event = NULL; + } if (pctx-cm_id) { rdma_destroy_id(pctx-cm_id); pctx-cm_id = NULL; } - if (pctx-cm_channel) { - rdma_destroy_event_channel(pctx-cm_channel); - pctx-cm_channel = NULL; - } - - /* free memory regions */ } static int ibw_ctx_destruct(void *ptr) @@ -97,7 +125,7 @@ return 0; } -static ibw_conn *ibw_new_conn(ibw_ctx *ctx) +static ibw_conn *ibw_conn_new(ibw_ctx *ctx) { ibw_conn *conn; ibw_conn_priv *pconn; @@ -117,7 +145,27 @@ return conn; } -static void ibw_process_cm_event(struct event_context *ev, +static int ibw_manage_connect(struct rdma_cm_id *cma_id) +{ + struct rdma_conn_param conn_param; + int rc; + + /* TODO: setup verbs... */ + + /* cm connect */ + memset(conn_param, 0, sizeof conn_param); + conn_param.responder_resources = 1; + conn_param.initiator_depth = 1; + conn_param.retry_count = 10; + + rc = rdma_connect(cma_id, conn_param); + if (rc) + sprintf(ibw_lasterr, rdma_connect error %d\n, rc); + + return rc; +} + +static void ibw_event_handler_cm(struct event_context *ev, struct fd_event *fde, uint16_t flags, void *private_data) { int rc; @@ -125,8 +173,9 @@ ibw_ctx_priv *pctx = talloc_get_type(ctx-internal, ibw_ctx_priv); ibw_conn *conn = NULL; ibw_conn_priv *pconn = NULL; - struct rdma_cm_id *id = NULL; + struct rdma_cm_id *cma_id = NULL; struct rdma_cm_event *event = NULL; + int error = 0; assert(ctx!=NULL); @@ -137,42 +186,75 @@ DEBUG(0, ibw_lasterr); return; } - id = event-id; - - /* find whose cm_id do we have */ - -// DEBUG(10, cma_event type %d cma_id %p (%s)\n, event-event, event-id, -// (event-id == ctx-cm_id) ? parent : child); + cma_id = event-id; + + DEBUG(10, cma_event type %d cma_id %p (%s)\n, event-event, id, + (cma_id == ctx-cm_id) ? parent : child); switch (event-event) { case RDMA_CM_EVENT_ADDR_RESOLVED: + /* continuing from ibw_connect ... */ assert(pctx-state==IWINT_INIT); pctx-state = IWINT_ADDR_RESOLVED; - rc = rdma_resolve_route(event-id, 2000); + rc = rdma_resolve_route(cma_id, 2000); if (rc) { cb-state = ERROR; sprintf(ibw_lasterr, rdma_resolve_route error %d\n, rc); DEBUG(0, ibw_lasterr); } + /* continued at RDMA_CM_EVENT_ROUTE_RESOLVED */ break; case RDMA_CM_EVENT_ROUTE_RESOLVED: + /* after RDMA_CM_EVENT_ADDR_RESOLVED: */ assert(pctx-state==IWINT_ADDR_RESOLVED); pctx-state = IWINT_ROUTE_RESOLVED; + conn = talloc_get_type(cma_id-context, ibw_conn); + pconn = talloc_get_type(conn-internal, ibw_conn_priv); + + rc = ibw_manage_connect(cma_id); + if (rc) +
Build status as of Thu Dec 7 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-12-06 00:01:02.0 + +++ /home/build/master/cache/broken_results.txt 2006-12-07 00:00:59.0 + @@ -1,22 +1,22 @@ -Build status as of Wed Dec 6 00:00:02 2006 +Build status as of Thu Dec 7 00:00:02 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 build_farm 0 0 0 -ccache 43 8 0 +ccache 44 8 0 ctdb 0 0 0 distcc 2 0 0 -ldb 42 4 0 -libreplace 40 2 0 -lorikeet-heimdal 35 19 0 -ppp 17 0 0 -rsync43 4 0 +ldb 43 4 0 +libreplace 41 2 0 +lorikeet-heimdal 36 20 0 +ppp 18 0 0 +rsync44 4 0 samba0 0 0 samba-docs 0 0 0 -samba4 41 31 0 -samba_3_043 15 0 -smb-build39 2 0 -talloc 43 2 0 -tdb 42 2 0 +samba4 42 32 0 +samba_3_044 14 0 +smb-build41 2 0 +talloc 44 2 0 +tdb 43 2 0
svn commit: samba r20058 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_24/source/nsswitch
Author: jra Date: 2006-12-07 00:08:10 + (Thu, 07 Dec 2006) New Revision: 20058 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20058 Log: Ensure we actually do the increasing time calculation when in offline mode. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-12-06 23:14:15 UTC (rev 20057) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-12-07 00:08:10 UTC (rev 20058) @@ -171,9 +171,7 @@ /* If we're in statup mode, check again in 10 seconds, not in lp_winbind_cache_time() seconds (which is 5 mins by default). */ - if (domain-check_online_timeout == 0) { - calc_new_online_timeout(domain); - } + calc_new_online_timeout(domain); domain-check_online_event = add_timed_event( NULL, timeval_current_ofs(domain-check_online_timeout,0), Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c 2006-12-06 23:14:15 UTC (rev 20057) +++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c 2006-12-07 00:08:10 UTC (rev 20058) @@ -171,9 +171,7 @@ /* If we're in statup mode, check again in 10 seconds, not in lp_winbind_cache_time() seconds (which is 5 mins by default). */ - if (domain-check_online_timeout == 0) { - calc_new_online_timeout(domain); - } + calc_new_online_timeout(domain); domain-check_online_event = add_timed_event( NULL, timeval_current_ofs(domain-check_online_timeout,0),
svn commit: samba r20059 - in branches/SAMBA_4_0/source/torture/raw: .
Author: tridge Date: 2006-12-07 04:02:20 + (Thu, 07 Dec 2006) New Revision: 20059 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20059 Log: james was asking about CAP_LARGE_READX and reads close to the 64k boundary. This test shows that both for Samba4 and w2k3, reads larger than or equal to 64k don't work (return zero bytes). Not that I claim this is very useful behaviour :-) Modified: branches/SAMBA_4_0/source/torture/raw/read.c Changeset: Modified: branches/SAMBA_4_0/source/torture/raw/read.c === --- branches/SAMBA_4_0/source/torture/raw/read.c2006-12-07 00:08:10 UTC (rev 20058) +++ branches/SAMBA_4_0/source/torture/raw/read.c2006-12-07 04:02:20 UTC (rev 20059) @@ -513,6 +513,26 @@ CHECK_VALUE(io.readx.out.nread, io.readx.in.maxcnt); CHECK_BUFFER(buf, seed, io.readx.out.nread); + if (cli-transport-negotiate.capabilities CAP_LARGE_READX) { + printf(Trying large readx\n); + io.readx.in.offset = 0; + io.readx.in.mincnt = 0; + io.readx.in.maxcnt = 0x1 - 1; + status = smb_raw_read(cli-tree, io); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VALUE(io.readx.out.nread, 0x); + + io.readx.in.maxcnt = 0x1; + status = smb_raw_read(cli-tree, io); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VALUE(io.readx.out.nread, 0); + + io.readx.in.maxcnt = 0x10001; + status = smb_raw_read(cli-tree, io); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VALUE(io.readx.out.nread, 0); + } + printf(Trying locked region\n); cli-session-pid++; if (NT_STATUS_IS_ERR(smbcli_lock(cli-tree, fnum, 103, 1, 0, WRITE_LOCK))) {
svn commit: samba r20060 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_24/source/nsswitch
Author: jra Date: 2006-12-07 05:48:01 + (Thu, 07 Dec 2006) New Revision: 20060 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20060 Log: Fix the timout calculation. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-12-07 04:02:20 UTC (rev 20059) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-12-07 05:48:01 UTC (rev 20060) @@ -72,16 +72,18 @@ If we're still offline, exponentially increase the timeout check. / -static void calc_new_online_timeout(struct winbindd_domain *domain) +static void calc_new_online_timeout_check(struct winbindd_domain *domain) { + int wbc = lp_winbind_cache_time(); + if (domain-startup) { domain-check_online_timeout = 10; - } else if (domain-check_online_timeout == 0) { - domain-check_online_timeout = lp_winbind_cache_time(); + } else if (domain-check_online_timeout wbc) { + domain-check_online_timeout = wbc; } else { - uint32 new_to = (domain-check_online_timeout * domain-check_online_timeout); - if (new_to domain-check_online_timeout) { - new_to = 0x7FFF; + uint32 new_to = domain-check_online_timeout * 3; + if (new_to (3*60*60)) { + new_to = 3*60*60; /* 3 hours. */ } domain-check_online_timeout = new_to; } @@ -171,7 +173,7 @@ /* If we're in statup mode, check again in 10 seconds, not in lp_winbind_cache_time() seconds (which is 5 mins by default). */ - calc_new_online_timeout(domain); + calc_new_online_timeout_check(domain); domain-check_online_event = add_timed_event( NULL, timeval_current_ofs(domain-check_online_timeout,0), Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c 2006-12-07 04:02:20 UTC (rev 20059) +++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c 2006-12-07 05:48:01 UTC (rev 20060) @@ -72,16 +72,18 @@ If we're still offline, exponentially increase the timeout check. / -static void calc_new_online_timeout(struct winbindd_domain *domain) +static void calc_new_online_timeout_check(struct winbindd_domain *domain) { + int wbc = lp_winbind_cache_time(); + if (domain-startup) { domain-check_online_timeout = 10; - } else if (domain-check_online_timeout == 0) { - domain-check_online_timeout = lp_winbind_cache_time(); + } else if (domain-check_online_timeout wbc) { + domain-check_online_timeout = wbc; } else { - uint32 new_to = (domain-check_online_timeout * domain-check_online_timeout); - if (new_to domain-check_online_timeout) { - new_to = 0x7FFF; + uint32 new_to = domain-check_online_timeout * 3; + if (new_to (3*60*60)) { + new_to = 3*60*60; /* 3 hours. */ } domain-check_online_timeout = new_to; } @@ -171,7 +173,7 @@ /* If we're in statup mode, check again in 10 seconds, not in lp_winbind_cache_time() seconds (which is 5 mins by default). */ - calc_new_online_timeout(domain); + calc_new_online_timeout_check(domain); domain-check_online_event = add_timed_event( NULL, timeval_current_ofs(domain-check_online_timeout,0),
svn commit: samba r20061 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2006-12-07 06:41:24 + (Thu, 07 Dec 2006) New Revision: 20061 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20061 Log: use a DsBindInfo28 structure metze Modified: branches/SAMBA_4_0/source/libnet/libnet_unbecome_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_unbecome_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_unbecome_dc.c 2006-12-07 05:48:01 UTC (rev 20060) +++ branches/SAMBA_4_0/source/libnet/libnet_unbecome_dc.c 2006-12-07 06:41:24 UTC (rev 20061) @@ -49,6 +49,9 @@ struct dcerpc_pipe *pipe; struct drsuapi_DsBind bind_r; struct GUID bind_guid; + struct drsuapi_DsBindInfoCtr bind_info_ctr; + struct drsuapi_DsBindInfo28 local_info28; + struct drsuapi_DsBindInfo28 remote_info28; struct policy_handle bind_handle; struct drsuapi_DsRemoveDSServer rm_ds_srv_r; } drsuapi; @@ -397,11 +400,21 @@ { struct composite_context *c = s-creq; struct rpc_request *req; + struct drsuapi_DsBindInfo28 *bind_info28; GUID_from_string(DRSUAPI_DS_BIND_GUID, s-drsuapi.bind_guid); + bind_info28 = s-drsuapi.local_info28; + bind_info28-supported_extensions = 0; + bind_info28-site_guid = GUID_zero(); + bind_info28-u1 = 508; + bind_info28-repl_epoch = 0; + + s-drsuapi.bind_info_ctr.length = 28; + s-drsuapi.bind_info_ctr.info.info28= *bind_info28; + s-drsuapi.bind_r.in.bind_guid = s-drsuapi.bind_guid; - s-drsuapi.bind_r.in.bind_info = NULL; + s-drsuapi.bind_r.in.bind_info = s-drsuapi.bind_info_ctr; s-drsuapi.bind_r.out.bind_handle = s-drsuapi.bind_handle; req = dcerpc_drsuapi_DsBind_send(s-drsuapi.pipe, s, s-drsuapi.bind_r); @@ -424,6 +437,24 @@ return; } + ZERO_STRUCT(s-drsuapi.remote_info28); + if (s-drsuapi.bind_r.out.bind_info) { + switch (s-drsuapi.bind_r.out.bind_info-length) { + case 24: { + struct drsuapi_DsBindInfo24 *info24; + info24 = s-drsuapi.bind_r.out.bind_info-info.info24; + s-drsuapi.remote_info28.supported_extensions = info24-supported_extensions; + s-drsuapi.remote_info28.site_guid = info24-site_guid; + s-drsuapi.remote_info28.u1 = info24-u1; + s-drsuapi.remote_info28.repl_epoch = 0; + break; + } + case 28: + s-drsuapi.remote_info28 = s-drsuapi.bind_r.out.bind_info-info.info28; + break; + } + } + unbecomeDC_drsuapi_remove_ds_server_send(s); }