[Samba] using splice system call in smbd
Hi, Linux kernel 2.6.17 introduced new system calls, the splice() and tee(), see http://kerneltrap.org/node/6505. using those system calls supposed to eliminate the copy_to/from_user in when writing files, the same way the sendfile does for reads. so is there any body how tried to use those functions in samba server? saeed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL issue with Samba 2.0.23d + GFS
Hi, as far as I know GFS only supports posix acl. So only user:group:other. Everything else are extended acl which are not supported. Have you tested, if the acl rules are working on the unix side ? Bye, Peer Dex Chen schrieb: I build with ACL support and installed samba 2.0.23d on RedHat EL 2.6.9. It runs fine. But, I ran into an issue with ACL support. Here is the detail: I set up a cifs share (gfs_cifs) which is on Linux GFS (see the smb.conf below), and mount it on a XP box. Then I try to change the permission of the dir through Windows native security tab. When I apply the changes (click on OK/Apply button), Unable to save permission changes ... Access is denied error message is popped up. But, I was able to using setfacl command on linux to modify the acl of dir. In addition, I was able to do exactly same thing for a share (ext_cifs) on ext3 file system. At this point, it seems to me this problem has something to do with combination of samba and GFS. I tried all other options in smb.conf, and nothing is help. Any help on this would be really appreciated. Thanks, Dex -- Mit freundlichem Gruss Peer-Joachim Koch _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Warn users of password expiration
We are running Samba 3.0.10 on CentOs 4 as a PDC/BDC. Is there anyway to warn windows xp users that there password will expire in xxx said number of days? Yes, set the password expiration policy with pdbedit (man pdbedit) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: using splice system call in smbd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 saeed bishara wrote: Hi, Linux kernel 2.6.17 introduced new system calls, the splice() and tee(), see http://kerneltrap.org/node/6505. using those system calls supposed to eliminate the copy_to/from_user in when writing files, the same way the sendfile does for reads. so is there any body how tried to use those functions in samba server? Not that I'm aware of. I'd be interested in performance comparisons against sendfile (in a patched version of Samba). cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgU8FIR7qMdg1EfYRAoOoAKCRR0PHrjYpISEuYjRoiXKryWoJwgCbBWJd P0pjBlTwjgnY2sfDLRfxPks= =2C05 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: using splice system call in smbd
Hi, Linux kernel 2.6.17 introduced new system calls, the splice() and tee(), see http://kerneltrap.org/node/6505. using those system calls supposed to eliminate the copy_to/from_user in when writing files, the same way the sendfile does for reads. so is there any body how tried to use those functions in samba server? Not that I'm aware of. I'd be interested in performance comparisons against sendfile (in a patched version of Samba). The sendfile is actually changed to use the splice see http://lwn.net/Articles/181170/. so I don't expect changes in the read direction. the interesting test will be writing to Samba server, here I'm expecting significant improvement, since with splice, the buffers will not be copied from the kernel socket to the user then copied back to kernel file buffer. I'm I right? saeed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and LVM
I've recently set up an Openfiler 2.2 system, with a few disks under md (RAID6), LVM on top of that, and formatted ext3. When snapshots are in use, large file transfers (transfers of large files, or transfers of many smaller ones) are disconnected - Leaving a Windows 2000 client with an error like 'The network resource is no longer available'. Re-trying works, but cuts out again with the same error. Similar problem here: http://www.mail-archive.com/samba@lists.samba.org/msg79797.html Disabling snapshots eliminates the behavior. If anyone would like to track down the bug / figure out why this happens, I'd be glad to play the part of guinea pig. The relevant portion of my log at level 3 is here: [2006/12/12 18:30:11, 2] smbd/open.c:open_file(245) timothy opened file _JOBDATA/11211/2D/11211L49.SLDDRW read=No write=Yes (numopen=2) [2006/12/12 18:31:18, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/12/12 18:31:18, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/12/12 18:31:19, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [timothy] - [timothy] - [MTD+timothy] succeeded [2006/12/12 18:31:19, 0] lib/access.c:check_access(309) ret is 0 [2006/12/12 18:31:19, 2] lib/access.c:check_access(326) Allowed connection from (192.168.1.44) [2006/12/12 18:31:19, 0] smbd/service.c:make_connection_snum(382) lp_readonly(conn-service) in service.c is 0 [2006/12/12 18:31:19, 0] smbd/service.c:make_connection_snum(383) [2006/12/12 18:31:19, 0] lib/access.c:check_access(309) ret is 1 check_access() in service.c is 1 [2006/12/12 18:31:19, 0] lib/access.c:check_access(309) ret is 1 [2006/12/12 18:31:19, 0] smbd/uid.c:is_share_read_only_for_user(67) lp_readonly(conn-service) in service.c is 0 [2006/12/12 18:31:19, 0] smbd/uid.c:is_share_read_only_for_user(68) [2006/12/12 18:31:19, 0] lib/access.c:check_access(309) ret is 1 check_access() in service.c is 1 [2006/12/12 18:31:20, 0] lib/access.c:check_access(309) ret is 1 [2006/12/12 18:31:20, 1] smbd/service.c:make_connection_snum(655) mtd-kcaf68d (192.168.1.44) connect to service Engineering initially as user MTD+timothy (uid=16777281, gid=16777218) (pid 20660) [2006/12/12 18:33:04, 2] smbd/server.c:exit_server(571) Closing connections [2006/12/12 18:33:04, 2] smbd/close.c:close_normal_file(270) MTD+timothy closed file _JOBDATA/11211/2D/11211L49.SLDDRW (numopen=1) [2006/12/12 18:33:04, 1] smbd/service.c:close_cnum(848) mtd-kcaf68d (192.168.1.44) closed connection to service Engineering [2006/12/13 10:08:32, 0] lib/access.c:check_access(309) ret is 1 [2006/12/13 10:08:32, 0] smbd/service.c:make_connection_snum(382) lp_readonly(conn-service) in service.c is 1 [2006/12/13 10:08:32, 0] smbd/service.c:make_connection_snum(383) [2006/12/13 10:08:32, 0] lib/access.c:check_access(309) ret is 1 check_access() in service.c is 1 [2006/12/13 10:08:32, 0] smbd/uid.c:is_share_read_only_for_user(67) lp_readonly(conn-service) in service.c is 1 [2006/12/13 10:08:32, 0] smbd/uid.c:is_share_read_only_for_user(68) [2006/12/13 10:08:32, 0] lib/access.c:check_access(309) ret is 1 check_access() in service.c is 1 [2006/12/13 10:09:34, 2] smbd/open.c:open_file(245) timothy opened file Cadd Tech Download/386-489-171.zip read=No write=Yes (numopen=2) [2006/12/13 10:09:36, 2] smbd/close.c:close_normal_file(270) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'system error 5 has occured' when mapping printer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Rutherford wrote: Hi all, I have had this issue for a really long time that I had a workaround for, but this workaround has caused more harm than good. The issue is when mapping 'LPT1' Why map lpt1 at all ? Why not use the point-n-print support to establish network printer connections? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgWVoIR7qMdg1EfYRAlFEAJ9hu9XNLUXRvjOTzr+bxiBQD2ygcgCgreGy S9ihj0g1/la2q1p7+FAQnGE= =kEVk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't mount share DFS fron AD on a Linux Box.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: When I try to mount that share with the mount.smbfs command : # mount -t smbfs //IP_ADDRESS/dc /opt -o username=login, password=pass I see all the directories but they are empty so I think I'm on the DFS root. When I try to mount it with the mount.cifs command : # mount -t cifs //IP_ADDRESS/dc /opt -o username=login, password=pass I've got an error mount error 20 = Not a directory . I can navigate through this share with the smbclient command : # smbclient //IP_ADDRESS/dc -o username=user What's wrong ? Neither smbfs nor cifs support DFS currently. Another question: When opening a session with a domain user login, I do not see Kerberos tickets with the klist command (No tickects cached). Is it correct ? yes. But read the release notes for 3.0.23 about the new krb5 support for user logins via pam_winbind. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgWYEIR7qMdg1EfYRAi6IAJwMJ6WEZ/qP80T1T31WyCTJXI6ODQCg3J5X 6k00reKb30W9U91WyX8DReg= =D/i6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] automount and winbind conflict
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jiří Červenka wrote: Hello, I have problem with automount, winbind and nsswitch.conf. When in nsswitch.conf is this line: automount: files winbind winbind has nothing to do with automount cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgWi1IR7qMdg1EfYRAr8DAKDp+nne2fM2D52sGCvbsoLZRjcoewCgxDu7 BAU5ySVIS/OQYquVaAnFlTI= =g5q0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba and cups printing
Dr.Peer-Joachim Koch schrieb: Ok, restart of samba brings up two printers - but both we the same name and the same discription ! Could you post your smbd.conf? I'll tried to install I'll is future, better use I've :-) timbo (being very teacher- like today) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] get errors when doing a tar backup of a windows server with linux smbclient
I resolved the problem by updating to 3.0.23d. To do this using gentoo, I just made a portage overlay and copied the 3.0.23a ebuild to 3.0.23d and ran a digest on it. After emerging it, my errors are gone. On Monday 11 December 2006 11:39, Rick Warner wrote: Anyone? On Thursday 07 December 2006 17:09, Rick Warner wrote: Hello all, We have a script that does a nightly backup of a windows server to a linux fileserver. The linux system uses smbclient to make a tarball of the share. I get this error when running smbclient: Domain=[OURSERVER] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] tar: dumped 56781 files and directories Total bytes written: 9800680960 write_data: write failure. Error = Connection reset by peer write_socket: Error writing 39 bytes to socket 7: ERRNO = Connection reset by peer Error writing 39 bytes to client. -1 (Connection reset by peer) As far as I can tell, the tarball it creates is OK. Doing a file list on the backup with tar lists all the files (at least as far as I can tell) and no errors. Here is the script we use to do the backup: #!/bin/bash # Username and Password for Windows share. export USER=ourusername export PASSWD=ourpassword # Service name of Windows share and sub-directory for backup exclusion. SERVICE='//ourserver/apps' SUBDIR='System Volume Information' # Backup location, basename, and date string. BACK='/home/server-backups/ourserver'; BASE='ourserver'; DATE=`date +%Y-wk%U_%b-%d_%a`; # Misc. variables MSG1=Tarring up $SERVICE Directory: $SUBDIR to: $BACK; if [ -f $BACK/$BASE$DATE.tar.bz2 ]; then echo File exists, command halted: $BACK/$BASE$DATE.tar.bz2 else smbclient $SERVICE -N -TqcX $BACK/$BASE$DATE.tar $SUBDIR example/1.lck example/2.lck example/3.lck example/4.lck example/5.lck example/6.lck example/7.lck example/8.lck bzip2 $BACK/$BASE$DATE.tar fi We are using samba 3.0.22-r3 from a gentoo install. Tar is 1.15.1-r1. How can I eliminate this error message? -- Richard Warner Lead Systems Integrator Microway, Inc (508)732-5517 -- Richard Warner Lead Systems Integrator Microway, Inc (508)732-5517 -- Richard Warner Lead Systems Integrator Microway, Inc (508)732-5517 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with LDAP groups and associated file permissions
Hi folks! Our smb with LDAP PDC now seems to be nearly completed. Just now we found out something very mysterious. We organized some directorys to be used by specific domain groups. If we put a user into a group the user is allowed to access the associated share. So far this works pretty nice. If we remove the user from the domain group the user seems to keep all his rights he got from his group membership we removed - even after loggin off and on again and restarting smb and nmb. This seems to me a very strange behaviour. Any ideas where we have to look? Client OS: XP Pro SP 2 Server: openSuse 10.1 64 bit, Samba 3.0.22-13.18, openldap2 2.3.19-18.10, smbldap-tools 0.9.1-11 Any hint would be nice. Regards Manuel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with LDAP groups and associated file permissions
Have you confirmed that those group memberships have been truly revoked in LDAP? Does OpenLDAP need to be reloaded/restarted? Is the client actually contacting LDAP after you logged them out to find out it's new group memberships? -- Michael Coburn Manuel Graumann wrote: Hi folks! Our smb with LDAP PDC now seems to be nearly completed. Just now we found out something very mysterious. We organized some directorys to be used by specific domain groups. If we put a user into a group the user is allowed to access the associated share. So far this works pretty nice. If we remove the user from the domain group the user seems to keep all his rights he got from his group membership we removed - even after loggin off and on again and restarting smb and nmb. This seems to me a very strange behaviour. Any ideas where we have to look? Client OS: XP Pro SP 2 Server: openSuse 10.1 64 bit, Samba 3.0.22-13.18, openldap2 2.3.19-18.10, smbldap-tools 0.9.1-11 Any hint would be nice. Regards Manuel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ACL issue with Samba 2.0.23d + GFS
Thanks for the response. I tested ACL support on Linux side with setfacl command. I was able to add/modify the ACLs through the command. Here is the example of getfacl output: # file: cdx_gfs_cifs1 # owner: dchen # group: users user::rwx user:cwsupport:rwx group::rwx mask::rwx other::rwx default:user::rwx default:user:dchen:rwx default:group::r-x default:group:users:rwx default:mask::rwx default:other::rwx Thanks, Dex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr.Peer-Joachim Koch Sent: Thursday, December 14, 2006 3:59 AM Cc: samba Subject: Re: [Samba] ACL issue with Samba 2.0.23d + GFS Hi, as far as I know GFS only supports posix acl. So only user:group:other. Everything else are extended acl which are not supported. Have you tested, if the acl rules are working on the unix side ? Bye, Peer Dex Chen schrieb: I build with ACL support and installed samba 2.0.23d on RedHat EL 2.6.9. It runs fine. But, I ran into an issue with ACL support. Here is the detail: I set up a cifs share (gfs_cifs) which is on Linux GFS (see the smb.conf below), and mount it on a XP box. Then I try to change the permission of the dir through Windows native security tab. When I apply the changes (click on OK/Apply button), Unable to save permission changes ... Access is denied error message is popped up. But, I was able to using setfacl command on linux to modify the acl of dir. In addition, I was able to do exactly same thing for a share (ext_cifs) on ext3 file system. At this point, it seems to me this problem has something to do with combination of samba and GFS. I tried all other options in smb.conf, and nothing is help. Any help on this would be really appreciated. Thanks, Dex -- Mit freundlichem Gruss Peer-Joachim Koch _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC with Ldap, problems after restart
Hello, I have installed my Samba as a PDC with LDAP Backend, it worked fine, I was able to join the Domain with a Windows XP Client.But Today when i started the server, i can't join a domain anymore. I also can't add users to ldap anymore with smbldap-tools i always get this failure message: 3444 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 217. 3445 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 218. 3446 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 219. 3447 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 220. 3448 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 221. 3449 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 223. 3450 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 224. 3451 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 225. 3452 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 226. 3453 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 227. Does anyone has an idea of the problem? thx Ernest Aigner -- Ein Herz für Kinder - Ihre Spende hilft! Aktion: www.deutschlandsegelt.de Unser Dankeschön: Ihr Name auf dem Segel der 1. deutschen America's Cup-Yacht! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with LDAP groups and associated file permissions
Are you using some cache service such as nscd? If so, try disable it and after lower the cache time to one more accurate value for your environment. On 12/14/06, Manuel Graumann [EMAIL PROTECTED] wrote: Hi folks! Our smb with LDAP PDC now seems to be nearly completed. Just now we found out something very mysterious. We organized some directorys to be used by specific domain groups. If we put a user into a group the user is allowed to access the associated share. So far this works pretty nice. If we remove the user from the domain group the user seems to keep all his rights he got from his group membership we removed - even after loggin off and on again and restarting smb and nmb. This seems to me a very strange behaviour. Any ideas where we have to look? Client OS: XP Pro SP 2 Server: openSuse 10.1 64 bit, Samba 3.0.22-13.18, openldap2 2.3.19-18.10, smbldap-tools 0.9.1-11 Any hint would be nice. Regards Manuel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd_raw_kerberos_login: kinit failed
Hi, I have set up Samba 3.0.23d on Linux Suse NLD9 with AD idmap backend with security = ads and rfc2307. At every login there is a log message in log.wb-MYDOMAIN : [2006/12/14 17:46:51, 1] nsswitch/winbindd_pam.c:winbindd_raw_kerberos_login(510) winbindd_raw_kerberos_login: kinit failed for '[EMAIL PROTECTED]' with: Invalid argument (22) with debug level 10: winbindd_dual_pam_auth: domain: MYDOMAIN last was online winbindd_dual_pam_auth_kerberos is_myname(MYDOMAIN) returns 0 using ccache: FILE:/tmp/krb5cc_5 winbindd_raw_kerberos_login: uid is 5 kerberos_kinit_password: using FILE:/tmp/krb5cc_5 as ccache winbindd_raw_kerberos_login: kinit failed for '[EMAIL PROTECTED]' with: Invalid argument (22) winbindd_raw_kerberos_login: could not remove ccache winbindd_dual_pam_auth_kerberos failed: NT_STATUS_UNSUCCESSFUL Obviously winbindd_raw_kerberos login fails. I suppose it is some call in kerberos_kinit_password_ext that returns with error , but I have not found which one . The question is what argument is invalid, tcpdump gives some info on Unknown encryption types 0x11 and 0x12, and failed preauthentication. Login succeeds eventually, but this is samlogon. Does anyone have a hint about this or how to troubleshoot it further. /Anders -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error since upgrade to Version 3.0.23a-1.fc4.1 - URGENT
My samba shares aren't working with ACL access since the upgrade. Here is an example of the error from /var/log/messages Dec 14 12:44:17 gfm-atlas smbd[14365]: [2006/12/14 12:44:17, 0] smbd/service.c:make_connection_snum(911) Dec 14 12:44:17 gfm-atlas smbd[14365]: '/usr/GFM_Shares/Users/Receiving' does not exist or permission denied when connecting to [GF_Receiving] Error was Permission denied Here is the detailed ACL on that particular share: [EMAIL PROTECTED] Users]# getfacl Receiving/ # file: Receiving # owner: root # group: AVMAX+domain\040admins user::rwx group::rwx other::--- default:user::rwx default:user:AVMAX+gfreceiving:rwx default:group::rwx default:mask::rwx default:other::--- Interestingly enough, the group Domain Admins can access this share no problem. But the lower level ACL for the user 'avmax+gfreceiving' generates that error in the messages log. Some other errors in my /var/log/messages are: Dec 14 12:20:22 gfm-atlas winbindd[14097]: [2006/12/14 12:20:22, 0] nsswitch/winbindd_dual.c:child_read_request(49) Dec 14 12:20:22 gfm-atlas winbindd[14097]: Got invalid request length: 0 Dec 14 12:20:22 gfm-atlas winbindd[14084]: [2006/12/14 12:20:22, 0] nsswitch/winbindd_dual.c:child_read_request(49) Dec 14 12:20:22 gfm-atlas winbindd[14084]: Got invalid request length: 0 Dec 14 12:21:33 gfm-atlas nmbd[14198]: [2006/12/14 12:21:33, 0] nmbd/asyncdns.c:start_async_dns(151) Dec 14 12:21:33 gfm-atlas nmbd[14198]: started asyncdns process 14199 Dec 14 12:21:35 gfm-atlas winbindd[14196]: [2006/12/14 12:21:35, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) Dec 14 12:21:35 gfm-atlas winbindd[14196]: cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL Please help. Cheers, Travis Bullock Systems Administrator Avmax Group Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error since upgrade to Version 3.0.23a-1.fc4.1 - URGENT
Since it failed at the winbind step, could it be related to your Windows PDC instead? Can you create new shares and define new ACLs and confirm that they work? -- Michael Coburn Travis Bullock wrote: My samba shares aren't working with ACL access since the upgrade. Here is an example of the error from /var/log/messages Dec 14 12:44:17 gfm-atlas smbd[14365]: [2006/12/14 12:44:17, 0] smbd/service.c:make_connection_snum(911) Dec 14 12:44:17 gfm-atlas smbd[14365]: '/usr/GFM_Shares/Users/Receiving' does not exist or permission denied when connecting to [GF_Receiving] Error was Permission denied Here is the detailed ACL on that particular share: [EMAIL PROTECTED] Users]# getfacl Receiving/ # file: Receiving # owner: root # group: AVMAX+domain\040admins user::rwx group::rwx other::--- default:user::rwx default:user:AVMAX+gfreceiving:rwx default:group::rwx default:mask::rwx default:other::--- Interestingly enough, the group Domain Admins can access this share no problem. But the lower level ACL for the user 'avmax+gfreceiving' generates that error in the messages log. Some other errors in my /var/log/messages are: Dec 14 12:20:22 gfm-atlas winbindd[14097]: [2006/12/14 12:20:22, 0] nsswitch/winbindd_dual.c:child_read_request(49) Dec 14 12:20:22 gfm-atlas winbindd[14097]: Got invalid request length: 0 Dec 14 12:20:22 gfm-atlas winbindd[14084]: [2006/12/14 12:20:22, 0] nsswitch/winbindd_dual.c:child_read_request(49) Dec 14 12:20:22 gfm-atlas winbindd[14084]: Got invalid request length: 0 Dec 14 12:21:33 gfm-atlas nmbd[14198]: [2006/12/14 12:21:33, 0] nmbd/asyncdns.c:start_async_dns(151) Dec 14 12:21:33 gfm-atlas nmbd[14198]: started asyncdns process 14199 Dec 14 12:21:35 gfm-atlas winbindd[14196]: [2006/12/14 12:21:35, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) Dec 14 12:21:35 gfm-atlas winbindd[14196]: cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL Please help. Cheers, Travis Bullock Systems Administrator Avmax Group Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PROBLEM JOINING DOMAIN PDC SAMBA+LDAP W/MS MACHINES
hi, i have a problem whe i try to join windows XP or 2000 to my new samba+ldap PDC, i get the error USER COULD NOT BE FOUND,, or something like that (I have it in spanish), but whit the phpmyldapadmin i see that the machine appear, i'm joining in the machines with the user root, that i add with smbldap-populate -a root, and then with smbldap-usermod -u 0 root (i think that make the uid 0). I give u my configs - smb.conf # Global parameters [global] workgroup = SIS netbios name = pdc-linux #interfaces = 192.168.5.11 #username map = /etc/samba/smbusers enable privileges = yes server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No ldap passwd sync = Yes #unix password sync = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n ldap passwd sync = Yes log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 obey pam restrictions = no logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:ldap://127.0.0.1/ ldap://slave.idealx.com; # ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=Admin,dc=PDC,dc=COM ldap suffix = dc=PDC,dc=COM ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users # ldap ssl = start tls add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u # printers configuration printer admin = @Print Operators load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [homes] comment = repertoire de %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = No [netlogon] path = /home/netlogon/ browseable = No read only = yes [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U Domain Admins [printers] comment = Network Printers printer admin = @Print Operators guest ok = yes printable = yes path = /home/spool/ browseable = No read only = Yes printable = Yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j [print$] path = /home/printers guest ok = No browseable = Yes read only = Yes valid users = @Print Operators write list = @Print Operators create mask = 0664 directory mask = 0775 [public] comment = Repertoire public path = /home/public browseable = Yes guest ok = Yes read only = No directory mask = 0775 create mask = 0664 - nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns ldap networks: files protocols: db files services:
[Samba] Is this group mapping good?
Hello, i have a doubt, i'm trying to setup a Samba server using a ldap passdb backend using debian sarge. when i configure /etc/smbldap-tools/smbldap.conf and /etc/smbldap-tools/smbldap-bind.conf right, and do: smbldap-populate ok, it creates default windows group, but when i do a 'net groupmap list' it shows me something like this: Domain Admins (S-1-5-21-1085031214-299502267-1801674531-512) - 512 Domain Users (S-1-5-21-1085031214-299502267-1801674531-513) - 513 Domain Guests (S-1-5-21-1085031214-299502267-1801674531-514) - 514 Domain Computers (S-1-5-21-1085031214-299502267-1801674531-515) - 515 Administrators (S-1-5-32-544) - 544 Print Operators (S-1-5-32-550) - 550 Backup Operators (S-1-5-32-551) - 551 Replicators (S-1-5-32-552) - 552 So i don't know if it's good.. i don't understand why it doesn't put names, but anyway, will this mapping cause me problems when migrating? Thanks and hoping an answer.. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error since upgrade to Version 3.0.23a-1.fc4.1 - URGENT
And here is the contents of /var/log/samba/winbind.log when I click on that folder from a windows client logged in as gtreceiving: [2006/12/14 14:48:55, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn DOMAIN_INFO [2006/12/14 14:48:55, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(369) [0]: domain_info [AVMAX] [2006/12/14 14:48:55, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn AUTH_CRAP [2006/12/14 14:48:55, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1423) [0]: pam auth crap domain: [AVMAX] user: GFReceiving [2006/12/14 14:48:55, 8] lib/util.c:is_myname(2058) is_myname(AVMAX) returns 0 [2006/12/14 14:48:55, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1953) Retrieving response for pid 15026 [2006/12/14 14:48:55, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1975) Retrieving extra data length=512 [2006/12/14 14:48:55, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETPWNAM [2006/12/14 14:48:55, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336) [0]: getpwnam avmax+gfreceiving [2006/12/14 14:48:55, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1953) Retrieving response for pid 15026 [2006/12/14 14:48:55, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1953) Retrieving response for pid 15026 [2006/12/14 14:48:55, 10] sam/idmap_util.c:idmap_sid_to_uid(70) idmap_sid_to_uid: sid = [S-1-5-21-1488804738-1547898658-398547282-1794] [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-1488804738-1547898658-398547282-1794 of type 0x1 [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-1488804738-1547898658-398547282-1794 - UID 10005 [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_id_from_sid(205) internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-1488804738-1547898658-398547282-1794 - UID 10005 [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record UID 10005 [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record UID 10005 - S-1-5-21-1488804738-1547898658-398547282-1794 [2006/12/14 14:48:55, 10] sam/idmap_util.c:idmap_sid_to_uid(77) idmap_sid_to_uid: uid = [10005] [2006/12/14 14:48:55, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-1488804738-1547898658-398547282-513] [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-1488804738-1547898658-398547282-513 of type 0x2 [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-1488804738-1547898658-398547282-513 - GID 1 [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-1488804738-1547898658-398547282-513 - GID 1 [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 1 [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 1 - S-1-5-21-1488804738-1547898658-398547282-513 [2006/12/14 14:48:55, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [1] [2006/12/14 14:48:55, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn PING [2006/12/14 14:48:55, 3] nsswitch/winbindd_misc.c:winbindd_ping(453) [0]: ping [2006/12/14 14:48:55, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETPWNAM [2006/12/14 14:48:55, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336) [0]: getpwnam avmax+gfreceiving [2006/12/14 14:48:55, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1953) Retrieving response for pid 15026 [2006/12/14 14:48:55, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1953) Retrieving response for pid 15026 [2006/12/14 14:48:55, 10] sam/idmap_util.c:idmap_sid_to_uid(70) idmap_sid_to_uid: sid = [S-1-5-21-1488804738-1547898658-398547282-1794] [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-1488804738-1547898658-398547282-1794 of type 0x1 [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-1488804738-1547898658-398547282-1794 - UID 10005 [2006/12/14 14:48:55, 10] sam/idmap_tdb.c:internal_get_id_from_sid(205) internal_get_id_from_sid: ID_USERID fetching record
RE: [Samba] Error since upgrade to Version 3.0.23a-1.fc4.1 - URGENT
Hi Michael, I deleted the folder in question are recreated the ACL: [EMAIL PROTECTED] Users]# getfacl Receiving/ # file: Receiving # owner: root # group: AVMAX+domain\040admins user::rwx group::rwx other::--- default:user::rwx default:user:AVMAX+gfreceiving:rwx default:group::rwx default:mask::rwx default:other::--- That is the newly created ACL, so winbind is having no trouble getting group/user info from the PDC. Here is the log when I try and access it via the 'avmax+gfreceiving' user id: Dec 14 14:39:38 gfm-atlas smbd[15331]: [2006/12/14 14:39:38, 0] smbd/service.c:make_connection_snum(911) Dec 14 14:39:38 gfm-atlas smbd[15331]: '/usr/GFM_Shares/Users/Receiving' does not exist or permission denied when connecting to [GF_Receiving] Error was Permission denied Dec 14 14:40:15 gfm-atlas smbd[15331]: [2006/12/14 14:40:15, 0] smbd/service.c:set_current_service(150) Dec 14 14:40:15 gfm-atlas smbd[15331]: chdir (/usr/GFM_Shares/Users/Receiving) failed Dec 14 14:40:15 gfm-atlas smbd[15331]: [2006/12/14 14:40:15, 0] smbd/service.c:set_current_service(150) Dec 14 14:40:15 gfm-atlas smbd[15331]: chdir (/usr/GFM_Shares/Users/Receiving) failed Dec 14 14:40:15 gfm-atlas smbd[15331]: [2006/12/14 14:40:15, 0] smbd/service.c:set_current_service(150) Dec 14 14:40:15 gfm-atlas smbd[15331]: chdir (/usr/GFM_Shares/Users/Receiving) failed I am stumped. Travis Bullock Systems Administrator Avmax Group Inc. - Original Message - From: Michael Coburn [EMAIL PROTECTED] To: Travis Bullock [EMAIL PROTECTED] Cc: samba samba@lists.samba.org Sent: Thursday, December 14, 2006 12:41:37 PM GMT-0700 US/Mountain Subject: Re: [Samba] Error since upgrade to Version 3.0.23a-1.fc4.1 - URGENT Since it failed at the winbind step, could it be related to your Windows PDC instead? Can you create new shares and define new ACLs and confirm that they work? -- Michael Coburn Travis Bullock wrote: My samba shares aren't working with ACL access since the upgrade. Here is an example of the error from /var/log/messages Dec 14 12:44:17 gfm-atlas smbd[14365]: [2006/12/14 12:44:17, 0] smbd/service.c:make_connection_snum(911) Dec 14 12:44:17 gfm-atlas smbd[14365]: '/usr/GFM_Shares/Users/Receiving' does not exist or permission denied when connecting to [GF_Receiving] Error was Permission denied Here is the detailed ACL on that particular share: [EMAIL PROTECTED] Users]# getfacl Receiving/ # file: Receiving # owner: root # group: AVMAX+domain\040admins user::rwx group::rwx other::--- default:user::rwx default:user:AVMAX+gfreceiving:rwx default:group::rwx default:mask::rwx default:other::--- Interestingly enough, the group Domain Admins can access this share no problem. But the lower level ACL for the user 'avmax+gfreceiving' generates that error in the messages log. Some other errors in my /var/log/messages are: Dec 14 12:20:22 gfm-atlas winbindd[14097]: [2006/12/14 12:20:22, 0] nsswitch/winbindd_dual.c:child_read_request(49) Dec 14 12:20:22 gfm-atlas winbindd[14097]: Got invalid request length: 0 Dec 14 12:20:22 gfm-atlas winbindd[14084]: [2006/12/14 12:20:22, 0] nsswitch/winbindd_dual.c:child_read_request(49) Dec 14 12:20:22 gfm-atlas winbindd[14084]: Got invalid request length: 0 Dec 14 12:21:33 gfm-atlas nmbd[14198]: [2006/12/14 12:21:33, 0] nmbd/asyncdns.c:start_async_dns(151) Dec 14 12:21:33 gfm-atlas nmbd[14198]: started asyncdns process 14199 Dec 14 12:21:35 gfm-atlas winbindd[14196]: [2006/12/14 12:21:35, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) Dec 14 12:21:35 gfm-atlas winbindd[14196]: cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL Please help. Cheers, Travis Bullock Systems Administrator Avmax Group Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Machine account keep expiring
Hi, I've a problem with samba and ldap but it's the first time that samba works so bad. I made a network with samba and a few of windows client. Since four months (the networks was made on january) and every 10/12 days the workstations go out from the domain. The user can't log, and when i try logging with administrator It ask me to change him password. So I must unjoin the workstation from the domain and join again. on log files i found that: auth/auth_sam.c:sam_account_ok(159) sam_account_ok: Account for user 'administrator' password expired!. [2006/10/12 18:00:18, 1] auth/auth_sam.c:sam_account_ok(160) sam_account_ok: Password expired at 'Thu, 27 Apr 2006 13:55:38 GMT' (1146138938) unix time. account expires! Pdbedit writes down: Unix username:administrator NT username: administrator Account Flags:[UX ] User SID: S-1-5-21-1994751369-3554935017-608830866-500 Primary Group SID:S-1-5-21-1994751369-3554935017-608830866-512 Full Name:administrator Home Directory: HomeDir Drive:H: Logon Script: studio.bat Profile Path: Domain: STUDIO Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Fri, 13 Dec 1901 21:45:51 GMT Kickoff time: Fri, 13 Dec 1901 21:45:51 GMT Password last set:Tue, 24 Oct 2006 14:09:22 GMT Password can change: 0 Password must change: Sun, 22 Apr 2007 14:09:22 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF LDIF: dn: uid=administrator,ou=Users,dc=studiopietrobon,dc=it objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount gidNumber: 0 uidNumber: 0 homeDirectory: /dev/null sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaHomeDrive: H: sambaPrimaryGroupSID: S-1-5-21-1994751369-3554935017-608830866-512 sambaSID: S-1-5-21-1994751369-3554935017-608830866-500 loginShell: /bin/false gecos: Netbios Domain Administrator uid: administrator sn: administrator cn: administrator sambaLMPassword: DA799E7A1B55D618AAD3B435B51404EE sambaNTPassword: A28857A34205EF945BD07DD17568DF5C sambaPwdLastSet: 1161691762 sambaPwdMustChange: 1177243762 userPassword:: e1NTSEF9RWV1dyt4a1hTVzRrUDdud3BjQXZMR0JjaDlZeFNtZGw= sambaAcctFlags: [UX ] I had change Account flags but it still doesn't work. samba runs on ubuntu 5.10. Thank you in advance for your assistance. Umberto Zanatta -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, Windows and desktop redirection
Hi, I am having the following problem with desktop redirection and was hoping someone could point me to a solution: I have the registry entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop pointing to %LOGONSERVER%\profiles\%USERNAME%\desktop. When I save files to the desktop it will save them correctly to this directory. But when the user logs out, the files are overwritten when Windows syncs the local desktop under c:\Documents and Settings\%USERNAME%\desktop to the server profile. Synchronization of the folder is not on for the C: drive, so I think this is something Windows does by default. Is there any way to hack the registry to turn syncing the local desktop to the server desktop and therefore replacing any edits done to the redirected desktop? Thanks for your suggestions! -- Thanks, Matthew Crites -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error since upgrade to Version 3.0.23a-1.fc4.1 - URGENT
Thanks Canuck! Travis Bullock Systems Administrator Avmax Group Inc. - Original Message - From: Michael Coburn [EMAIL PROTECTED] To: Travis Bullock [EMAIL PROTECTED] Sent: Thursday, December 14, 2006 1:56:49 PM GMT-0700 US/Mountain Subject: Re: [Samba] Error since upgrade to Version 3.0.23a-1.fc4.1 - URGENT Reply to the list. In regards to this issue I'm stumped too, I'm really sorry. We don't do extended ACLs here, so I'm clueless on this. Just trying to help out a fellow Canadian! :) -- Michael Coburn Travis Bullock wrote: Hi Michael, I deleted the folder in question are recreated the ACL: [EMAIL PROTECTED] Users]# getfacl Receiving/ # file: Receiving # owner: root # group: AVMAX+domain\040admins user::rwx group::rwx other::--- default:user::rwx default:user:AVMAX+gfreceiving:rwx default:group::rwx default:mask::rwx default:other::--- That is the newly created ACL, so winbind is having no trouble getting group/user info from the PDC. Here is the log when I try and access it via the 'avmax+gfreceiving' user id: Dec 14 14:39:38 gfm-atlas smbd[15331]: [2006/12/14 14:39:38, 0] smbd/service.c:make_connection_snum(911) Dec 14 14:39:38 gfm-atlas smbd[15331]: '/usr/GFM_Shares/Users/Receiving' does not exist or permission denied when connecting to [GF_Receiving] Error was Permission denied Dec 14 14:40:15 gfm-atlas smbd[15331]: [2006/12/14 14:40:15, 0] smbd/service.c:set_current_service(150) Dec 14 14:40:15 gfm-atlas smbd[15331]: chdir (/usr/GFM_Shares/Users/Receiving) failed Dec 14 14:40:15 gfm-atlas smbd[15331]: [2006/12/14 14:40:15, 0] smbd/service.c:set_current_service(150) Dec 14 14:40:15 gfm-atlas smbd[15331]: chdir (/usr/GFM_Shares/Users/Receiving) failed Dec 14 14:40:15 gfm-atlas smbd[15331]: [2006/12/14 14:40:15, 0] smbd/service.c:set_current_service(150) Dec 14 14:40:15 gfm-atlas smbd[15331]: chdir (/usr/GFM_Shares/Users/Receiving) failed I am stumped. Travis Bullock Systems Administrator Avmax Group Inc. - Original Message - From: Michael Coburn [EMAIL PROTECTED] To: Travis Bullock [EMAIL PROTECTED] Cc: samba samba@lists.samba.org Sent: Thursday, December 14, 2006 12:41:37 PM GMT-0700 US/Mountain Subject: Re: [Samba] Error since upgrade to Version 3.0.23a-1.fc4.1 - URGENT Since it failed at the winbind step, could it be related to your Windows PDC instead? Can you create new shares and define new ACLs and confirm that they work? -- Michael Coburn Travis Bullock wrote: My samba shares aren't working with ACL access since the upgrade. Here is an example of the error from /var/log/messages Dec 14 12:44:17 gfm-atlas smbd[14365]: [2006/12/14 12:44:17, 0] smbd/service.c:make_connection_snum(911) Dec 14 12:44:17 gfm-atlas smbd[14365]: '/usr/GFM_Shares/Users/Receiving' does not exist or permission denied when connecting to [GF_Receiving] Error was Permission denied Here is the detailed ACL on that particular share: [EMAIL PROTECTED] Users]# getfacl Receiving/ # file: Receiving # owner: root # group: AVMAX+domain\040admins user::rwx group::rwx other::--- default:user::rwx default:user:AVMAX+gfreceiving:rwx default:group::rwx default:mask::rwx default:other::--- Interestingly enough, the group Domain Admins can access this share no problem. But the lower level ACL for the user 'avmax+gfreceiving' generates that error in the messages log. Some other errors in my /var/log/messages are: Dec 14 12:20:22 gfm-atlas winbindd[14097]: [2006/12/14 12:20:22, 0] nsswitch/winbindd_dual.c:child_read_request(49) Dec 14 12:20:22 gfm-atlas winbindd[14097]: Got invalid request length: 0 Dec 14 12:20:22 gfm-atlas winbindd[14084]: [2006/12/14 12:20:22, 0] nsswitch/winbindd_dual.c:child_read_request(49) Dec 14 12:20:22 gfm-atlas winbindd[14084]: Got invalid request length: 0 Dec 14 12:21:33 gfm-atlas nmbd[14198]: [2006/12/14 12:21:33, 0] nmbd/asyncdns.c:start_async_dns(151) Dec 14 12:21:33 gfm-atlas nmbd[14198]: started asyncdns process 14199 Dec 14 12:21:35 gfm-atlas winbindd[14196]: [2006/12/14 12:21:35, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) Dec 14 12:21:35 gfm-atlas winbindd[14196]: cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL Please help. Cheers, Travis Bullock Systems Administrator Avmax Group Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SLES 10 LDAP NSSWITCH
I am trying to run samba as a PDC on SLES10 with ldap backend for samba accounts and local users vi nss_ldap. I can get everything working. ldap backend is populated with smbldap-tools samba talks to ldap (pdbedit -L confirms) nss_ldap (getent passwd|group report correctly) but if i attempt to restart ldap it will not bind to ports to listen. If i remove ldap settings from /etc/nsswitch.conf ldap will happily start as before. As you can see this is a problem. No nss means local accts cant be in ldap. Anyone have this problem too? Thanks cooper. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with LDAP groups and associated file permissions
Check the file permissions on the folder and files in question. If the folder is setup with world execute permissions, anybody can change into it - and any files created by the user in question will probably be owned by them - and so they'll still have access if they can change into the containing directory. At least, that'd be the first thing I would look at. Also try running commands like groups user to make sure that your unix backend agrees that they are no longer in the group. On 15/12/2006, at 2:38 AM, Manuel Graumann wrote: Hi folks! Our smb with LDAP PDC now seems to be nearly completed. Just now we found out something very mysterious. We organized some directorys to be used by specific domain groups. If we put a user into a group the user is allowed to access the associated share. So far this works pretty nice. If we remove the user from the domain group the user seems to keep all his rights he got from his group membership we removed - even after loggin off and on again and restarting smb and nmb. This seems to me a very strange behaviour. Any ideas where we have to look? Client OS: XP Pro SP 2 Server: openSuse 10.1 64 bit, Samba 3.0.22-13.18, openldap2 2.3.19-18.10, smbldap-tools 0.9.1-11 Any hint would be nice. Regards Manuel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Matt Skerritt [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with LDAP groups and associated file permissions
On Fri, 2006-12-15 at 12:15 +1100, Matt Skerritt wrote: Check the file permissions on the folder and files in question. If the folder is setup with world execute permissions, anybody can change into it - and any files created by the user in question will probably be owned by them - and so they'll still have access if they can change into the containing directory. At least, that'd be the first thing I would look at. Also try running commands like groups user to make sure that your unix backend agrees that they are no longer in the group. On 15/12/2006, at 2:38 AM, Manuel Graumann wrote: Hi folks! Our smb with LDAP PDC now seems to be nearly completed. Just now we found out something very mysterious. We organized some directorys to be used by specific domain groups. If we put a user into a group the user is allowed to access the associated share. So far this works pretty nice. If we remove the user from the domain group the user seems to keep all his rights he got from his group membership we removed - even after loggin off and on again and restarting smb and nmb. This seems to me a very strange behaviour. Any ideas where we have to look? Client OS: XP Pro SP 2 Server: openSuse 10.1 64 bit, Samba 3.0.22-13.18, openldap2 2.3.19-18.10, smbldap-tools 0.9.1-11 Any hint would be nice. Regards Manuel Sound like a nscd caching issue - had the same problem with LDAP. You probably need to set the user and group cache time to something low in /etc/nscd.conf. Murray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads info, Failed to get server's current time!
Hi all, I am getting Failed to get server's current time! on net ads info.see below -bash-3.00# net ads info -w rd2k-pdc Failed to get server's current time! LDAP server: 192.168.100.245 LDAP server name: rd2000-as.rd2k-pdc.com Realm: RD2K-PDC.COM Bind Path: dc=RD2K-PDC,dc=COM LDAP port: 389 Server time: Thu, 01 Jan 1970 08:00:00 CST KDC server: 192.168.100.245 Server time offset: 0 this happens on samba version: 3.0.23c 3.0.23d (I'm not sure with 3.0.23a-b) its ok for version: 3.0.22 3.0.21b Is there any changes for these versions? thanks, warren -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can connect to shares via IP but not hostname
Chris Smith wrote: On Friday 08 December 2006 18:39, Scott wrote: I have verified that name resolution is working correctly. From your Windows clients? Yes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC with Ldap, problems after restart
Hello, I have installed my Samba as a PDC with LDAP Backend, it worked fine, I was able to join the Domain with a Windows XP Client.But Today when i started the server, i can't join a domain anymore. I also can't add users to ldap anymore with smbldap-tools i always get this failure message: 3444 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 217. 3445 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 218. 3446 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 219. 3447 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 220. 3448 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 221. 3449 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 223. 3450 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 224. 3451 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 225. 3452 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 226. 3453 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, CONFIGFI LE line 227. Does anyone has an idea of the problem? thx Ernest Aigner -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with acls and dos mode in 3.0.23d
Gerald (Jerry) Carter пишет: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dmitry Melekhov wrote: I'm user dm ;-) I can delete directory from console, but I can't do it from windows. And I see this directory as read-only... I tried to read debug 10 log, but can't find any reasons for such behaviour. Any ideas? See 'map readonly' and possibly dos filemode' in smb.conf(5). I tried map read only = no and = permissions and I always get read-only attribute. As I see in man smb.conf dos filemode= no by default. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: FW: [Samba] Samba problem with APS .NET web farm (IIS) - change notify
Oh, eee :) It works two days, and not crash... Thnx. -- Damien 'zaide' Desmarets, 11 декабря 2006 18:46: Effectively it solves my problem :) thanks :) max mux = 1 is a good value for me and it is the equivalent of a MaxMpxCt value inside the database on a windows server. ?sgeir Halld?rsson a ?crit : Forgot to send to list also Regards, ?sgeir Halld?rsson -Original Message- From: ?sgeir Halld?rsson Sent: 9. desember 2006 04:01 To: 'Damien 'zaide' Desmarets' Subject: RE: [Samba] Samba problem with APS .NET web farm (IIS) - change notify Hi, This might help in samba config [global] max open files = 65536 max mux = 2147483547 smb ports = 445 Regards, ?sgeir Halld?rsson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Damien 'zaide' Desmarets Sent: 7. desember 2006 15:43 To: Alex Orlov Cc: samba@lists.samba.org Subject: Re: [Samba] Samba problem with APS .NET web farm (IIS) - change notify Alex Orlov a ?crit : Hi, Hello i have problems with change notify in my ASP server... problem details in this KB http://support.microsoft.com/kb/810886 but i dont know how fix it in samba? this man have same problem... http://www.nabble.com/Samba-problem-with-web-farm-t2755718.html yep and it steel continue PS: http://support.microsoft.com/default.aspx?scid=kb;en-us;281253 It could bee cool to found the default value of the MaxMpxCt value in samba this could explain something (but i don't think). I think it's more a microsoft bug, cause the value you set in your data base is ignored at the first packet send by the web server to establish a SMB session. You can found this be doing a network capture with wireshark. So the answer must come from microsoft and not samba i think. Thank to give me your advance in the resolution of this problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] using splice system call in smbd
Hi, Linux kernel 2.6.17 introduced new system calls, the splice() and tee(), see http://kerneltrap.org/node/6505. using those system calls supposed to eliminate the copy_to/from_user in when writing files, the same way the sendfile does for reads. so is there any body how tried to use those functions in samba server? saeed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with logging in to domain
Hi, I have windows domain set up on samba and I need to login to this domain on other linux computer. Joining the domain and logging in by users of windows 2k works ok, joining the domain on linux works also, but I cant log in (from linux). When i log in domain+login it reports Bad login, welcome text and ask for login another time. On the monitor screen it writes: winbindd_add_memory_creds_internal: invalid uid for user DOMAIN+login. Could anyone help me, or tell mi where can I find help, please? (My Linux system is Opensuse 10.2) I'm begginer in linux and my english is not very good, sorry if there is something not clear. If so, please tell me, and I will try to explain. -- Natanael :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Need Help in Samba Server
Hello sir/madam, i installed RedHat linux 9.0 and i installed samba package for accessing windows network from my linux system, if once i loggod onto the system the waring occure like below could not lookup internet addredd for MY_system_Name. This will prevent GNOME from operatin correctly. It may be possible to correct the problem by adding MY_system_Name to the file /etc/hosts. i dont know why it is coming, i started the smb services also, if i try to open the network servers it display the error as Couldn't display smb:///, because Nautilus cannot contact the SMB master browser. Check that an SMB server is running in the local network. i hope i will get good response from your side. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbstatus, SWAT, etc. not displaying NetBIOS name for XP SP2 machines
I'm trying to see what computer is accessing certain files through samba, and the SWAT status page is a useful tool for that. Problem is that for some computers, only the IP address shows, not the NetBIOS name. This is only a problem with certain computers. Since we're using DHCP on many computers I don't always know off the top of my head what computer has any given IP address. We're not using DNS or WINS, just good old NetBIOS resolution via broadcast or whatever. I think I've narrowed down the troublemaking computers to 5 or 6 of our 40 computers and they all have one thing in common - they're XP service pack 2. (Ok well one of them is a Fedora 4 box not running a samba service, so I'm not surprised.) I've double checked that the XP boxes are set to hybrid for node type, I've given them static IPs, I've turned on the messaging service (apparently required in order for them to respond to certain types of nmb lookups), and nmblookup -A [ip address] does return the name of the computer from our samba server. What am I doing wrong? If nmblookup can find the name of the computer based on the IP address, what is samba doing differently that it can't find the name of these computers? Thanks in advance for the help! -BJ Quinn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2003 to join Samba PDC
Hello, I just wanted confirmation that Windows 2003 server will not accept old samba (pre 3.0.x) SID format : - I tried to make a 2003 join a Samba 3.0.23d, upgraded from 2.x = failed - Tried to join a Samba 3.0.23d out of the box = ok Here is the SID format on old box : S-1-5-352321536-3979850313-2462592245-811329360-513 On the new one : S-1-5-21-3605046359-4294347824-417408769-513 Now it will really bother me to reinstall all the computers of my company so that the 2003 server can join the domain. Do you know a workaround to make 2003 accept the old format, like manually entering the domain and machine SID ? Thanks - Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PROBLEM WITH SAMBA AS PDC + LDAP joining MS MACHINES
hi, i have a problem whe i try to join windows XP or 2000 to my new samba+ldap PDC, i get the error USER COULD NOT BE FOUND,, or something like that (I have it in spanish), but whit the phpmyldapadmin i see that the machine appear, i'm joining in the machines with the user root, that i add with smbldap-populate -a root, and then with smbldap-usermod -u 0 root (i think that make the uid 0). I give u my configs - smb.conf # Global parameters [global] workgroup = SIS netbios name = pdc-linux #interfaces = 192.168.5.11 #username map = /etc/samba/smbusers enable privileges = yes server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No ldap passwd sync = Yes #unix password sync = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n ldap passwd sync = Yes log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 obey pam restrictions = no logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:ldap://127.0.0.1/ ldap://slave.idealx.com; # ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=Admin,dc=PDC,dc=COM ldap suffix = dc=PDC,dc=COM ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users # ldap ssl = start tls add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u # printers configuration printer admin = @Print Operators load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [homes] comment = repertoire de %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = No [netlogon] path = /home/netlogon/ browseable = No read only = yes [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U Domain Admins [printers] comment = Network Printers printer admin = @Print Operators guest ok = yes printable = yes path = /home/spool/ browseable = No read only = Yes printable = Yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j [print$] path = /home/printers guest ok = No browseable = Yes read only = Yes valid users = @Print Operators write list = @Print Operators create mask = 0664 directory mask = 0775 [public] comment = Repertoire public path = /home/public browseable = Yes guest ok = Yes read only = No directory mask = 0775 create mask = 0664 - nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat ldap group: compat ldap
[Samba] smbstatus, SWAT, etc. not displaying NetBIOS name for XP SP2 machines
Ok so here's something I figured out - if I block port 445 on the XP computers, then they show up correctly in smbstatus. There's a comment in server.c about a set_remote_machine_name call that's needed to get decent entries in smbstatus for port 445 computers. Either that doesn't work, or I'm misunderstanding something. Apparently WinXP sends out two requests for a connection to the samba server on ports 139 and 445, one right after the other, and whichever one responds first is the one it uses. I actually added smb ports = 139 into my smb.conf on a different samba server (samba 3.0.23c) since I was getting all kinds of the following in my /var/log/messages : Dec 3 04:18:42 foxserver3 smbd[3032]: getpeername failed. Error was Transport endpoint is not connected Dec 3 04:18:42 foxserver3 smbd[3032]: [2006/12/03 04:18:42, 0] lib/util_sock.c: get_peer_addr(1229) I saw somewhere that disabling connections from port 445 got rid of these errors, although they may have been benign. I didn't really like having thousands of them filling up my logfiles, benign or not. It in fact did suppress those messages, and my XP and 2000 boxes both seemed to be able to connect fine after setting smb ports = 139. So I imagine that I could do the same for this samba server that isn't correctly reporting NetBIOS names for connections on port 445. What are the downsides disabling port 445 connections in smb.conf? Firewalling port 445 on the XP box seems to create some slowdowns especially on bootup, although my current experience with disabling it on the samba side (on my 3.0.23c server) doesn't seem to cause trouble. I'm sure M$ had their reasons for adding the extra port. Are any of them good? Am I going to cause any problems by ignoring port 445? Or is there a fix for this on the samba side? My current samba version on this server is 3.0.10. -BJ Quinn BJ Quinn wrote: I'm trying to see what computer is accessing certain files through samba, and the SWAT status page is a useful tool for that. Problem is that for some computers, only the IP address shows, not the NetBIOS name. This is only a problem with certain computers. Since we're using DHCP on many computers I don't always know off the top of my head what computer has any given IP address. We're not using DNS or WINS, just good old NetBIOS resolution via broadcast or whatever. I think I've narrowed down the troublemaking computers to 5 or 6 of our 40 computers and they all have one thing in common - they're XP service pack 2. (Ok well one of them is a Fedora 4 box not running a samba service, so I'm not surprised.) I've double checked that the XP boxes are set to hybrid for node type, I've given them static IPs, I've turned on the messaging service (apparently required in order for them to respond to certain types of nmb lookups), and nmblookup -A [ip address] does return the name of the computer from our samba server. What am I doing wrong? If nmblookup can find the name of the computer based on the IP address, what is samba doing differently that it can't find the name of these computers? Thanks in advance for the help! -BJ Quinn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] uidNumbers and gidNumbers for samba multi-domain setup (ldap)
Dear friends, I managed to setup one additional PDC of my LAN, authenticating against the same openldap server. I have this ldap tree: - ou=users (for both domains), ou=computers (for both domains) - ou=groups (for the first domain), ou=groups1 (for the second domain) Please, I have these important doubts: 1. is it ok to have the same gidNumbers for well known groups for both domains? I mean, i.e. is it ok to have cn=Domain Users with gidNumber=513 for both domains? (and the same gidNumber for Domain Computers, etc?). 2. is it better/possible to use one common sambaUnixIdPool? or is it better/needed to have different sources for each domain, to assign let smbldap-tools to assign uidNumbers and gidNumbers? Thank you very much in advance, Pablo Chamorro C. -- Ext. 8705 Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
REPOST-Re: [Samba] Enum groups of a user Samba 3.0.23
Can anyone confirm that is is possible or not possible with current samba? Thanks, Henrik 11 dec 2006 kl. 22:57 skrev Henrik Zagerholm: 8 dec 2006 kl. 22:28 skrev James A. Dinkel: -Original Message- From: Henrik Zagerholm Sent: Friday, December 08, 2006 7:32 AM Hello list, I wonder if I can somehow enumerate all local groups a user is member of? Regards, Henrik I don't get what you mean. You should be able to list all groups with members with: getent group If you want to filter out groups for just one user you can do this: getent group | grep username But it will still list all the users that are also members of the same group. If you are using winbind, you can also try this: Wbinfo -r username Which will return just the gids of all the domain groups a user is a member of, but I don't know if it returns local groups or not. Sorry for not being specific but I want to enumerate the groups a local windows users is member of on his computer. I want to know if he is member of e.g privileged users. I can list users in a group but I also want to list the groups which he is member of. Cheers, Henrik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Samba 2.2.8 for OpenVMS VAX 7.3 Vaxstation 4000/60
Greetings, After installing Samba 2.2.8 for OpenVMS VAX 7.3 on a Vaxstation 4000/60 machine, I noticed that SMBD service remains disable in the TCPIP services (Version 5.1-15). I can overcome this by issuing tcpip enable service smbd from the command line. However it will not remain enabled after a reboot. After a little research I found that the following command would set the flag ENABLE to the service permanently : $ tcpip set configuration enable service smbd But it does not work. I got an error, that is, TCPIP seemingly wont let me save the configuration. I decided to apply the TCPIP ECO patch: DEC-VAXVMS-TCPIP_ECO-V0501-155-4.PCSI Installing patch was a piece of cake, but the problem remains with a new error message: TCPIP set config enable service smbd %TCPIP-E-CONFIGERROR, error processing configuration request -RMS-F-DUP, duplicate key detected (DUP not set) If I do: tcpip set config enable NOservice smbd followed by: tcpip set config enable service smbd no error is displayed but flag remains DISABLED. Does anyone happen to know the correction for this problem ? Is there a special ECO patch in order to fix this in TCPIP services ? TIA, Luiz Regis PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Samba 2.2.8 for OpenVMS VAX 7.3 Vaxstation 4000/60
Hi, On 12/15/06, Luiz Guilherme Regis Emediato [EMAIL PROTECTED] wrote: Vaxstation 4000/60 machine, I noticed that SMBD service remains disable in the TCPIP services (Version 5.1-15). I can overcome this by issuing tcpip enable service smbd from the command line. However it will not remain enabled after a reboot. Add the above command in SYS$MANAGER:SYLOGIN.COM. This is similar to an autoexec.bat on windows that gets executed after a restart. OT: If you want to use Samba on ALPHA or Itanium (IA64) VMS, consider using the OpenVMS CIFS product (kit available on HP site) -dk -- dhruva (dk) Contents reflect my personal views only! PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Samba 2.2.8 for OpenVMS VAX 7.3 Vaxstation 4000/60
From: dhruva [EMAIL PROTECTED] Add the above command in SYS$MANAGER:SYLOGIN.COM. This is similar to an autoexec.bat on windows that gets executed after a restart. SYS$MANAGER:SYSTARTUP_VMS.COM? Or did you want it done every time anyone logs in? Steven M. Schweda [EMAIL PROTECTED] 382 South Warwick Street(+1) 651-699-9818 Saint Paul MN 55105-2547 PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: Samba 2.2.8 for OpenVMS VAX 7.3 Vaxstation 4000/60
N! It should be in SYSTARTUP_VMS ! ___ Miriam Friedman System staff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven M. Schweda Sent: Friday, 15 December, 2006 09:13 To: SAMBA-VMS@lists.samba.org Subject: Re: Samba 2.2.8 for OpenVMS VAX 7.3 Vaxstation 4000/60 From: dhruva [EMAIL PROTECTED] Add the above command in SYS$MANAGER:SYLOGIN.COM. This is similar to an autoexec.bat on windows that gets executed after a restart. SYS$MANAGER:SYSTARTUP_VMS.COM? Or did you want it done every time anyone logs in? Steven M. Schweda [EMAIL PROTECTED] 382 South Warwick Street(+1) 651-699-9818 Saint Paul MN 55105-2547 PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html This e-mail message has been sent by Elbit Systems Ltd. and is for the use of the intended recipients only. The message may contain privileged or commercially sensitive information . If you are not the intended recipient you are hereby notified that any use, distribution or copying of this communication is strictly prohibited, and you are requested to delete the e-mail and any attachments and notify the sender immediately. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r20166 - in branches/SAMBA_4_0/source/libnet: .
Author: metze
Date: 2006-12-14 08:23:55 + (Thu, 14 Dec 2006)
New Revision: 20166
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20166
Log:
we have a dom_sid_add_rid() function that adds the rid after allocating
enough memory for the new sub_auth element.
the old version wrote behind the buffer.
also make the output sid a pointer.
metze
Modified:
branches/SAMBA_4_0/source/libnet/libnet_lookup.c
branches/SAMBA_4_0/source/libnet/libnet_lookup.h
Changeset:
Modified: branches/SAMBA_4_0/source/libnet/libnet_lookup.c
===
--- branches/SAMBA_4_0/source/libnet/libnet_lookup.c2006-12-14 01:00:16 UTC
(rev 20165)
+++ branches/SAMBA_4_0/source/libnet/libnet_lookup.c2006-12-14 08:23:55 UTC
(rev 20166)
@@ -406,13 +406,12 @@
if (NT_STATUS_IS_OK(status)) {
s = talloc_get_type(c-private_data, struct lookup_name_state);
-
- ZERO_STRUCT(io-out.domain_sid);
+
io-out.rid = 0;
+ io-out.sid = NULL;
io-out.sidstr = NULL;
if (*s-lookup.out.count 0) {
- int num_auths;
struct lsa_RefDomainList *domains =
s-lookup.out.domains;
struct lsa_TransSidArray *sids = s-lookup.out.sids;
@@ -421,15 +420,13 @@
if (sids-count 0) {
io-out.rid= sids-sids[0].rid;
io-out.sid_type = sids-sids[0].sid_type;
+ if (domains-count 0) {
+ io-out.sid = dom_sid_add_rid(mem_ctx,
domains-domains[0].sid, io-out.rid);
+ NT_STATUS_HAVE_NO_MEMORY(io-out.sid);
+ io-out.sidstr =
dom_sid_string(mem_ctx, io-out.sid);
+
NT_STATUS_HAVE_NO_MEMORY(io-out.sidstr);
+ }
}
-
- if (domains-count 0) {
- io-out.domain_sid = *domains-domains[0].sid;
- num_auths = io-out.domain_sid.num_auths++;
- io-out.domain_sid.sub_auths[num_auths] =
io-out.rid;
-
- io-out.sidstr = dom_sid_string(mem_ctx,
io-out.domain_sid);
- }
}
io-out.error_string = talloc_strdup(mem_ctx, Success);
@@ -438,6 +435,7 @@
io-out.error_string = talloc_asprintf(mem_ctx, Error: %s,
nt_errstr(status));
}
+ talloc_free(c);
return status;
}
Modified: branches/SAMBA_4_0/source/libnet/libnet_lookup.h
===
--- branches/SAMBA_4_0/source/libnet/libnet_lookup.h2006-12-14 01:00:16 UTC
(rev 20165)
+++ branches/SAMBA_4_0/source/libnet/libnet_lookup.h2006-12-14 08:23:55 UTC
(rev 20166)
@@ -49,7 +49,7 @@
const char *domain_name;
} in;
struct {
- struct dom_sid domain_sid;
+ struct dom_sid *sid;
int rid;
enum lsa_SidType sid_type;
const char *sidstr;
svn commit: samba r20167 - in branches/SAMBA_4_0/source/script/tests: .
Author: metze Date: 2006-12-14 08:25:24 + (Thu, 14 Dec 2006) New Revision: 20167 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20167 Log: reenable the ejsnet tests metze Modified: branches/SAMBA_4_0/source/script/tests/test_ejs.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/test_ejs.sh === --- branches/SAMBA_4_0/source/script/tests/test_ejs.sh 2006-12-14 08:23:55 UTC (rev 20166) +++ branches/SAMBA_4_0/source/script/tests/test_ejs.sh 2006-12-14 08:25:24 UTC (rev 20167) @@ -27,7 +27,7 @@ testit $f $SCRIPTDIR/$f $CONFIGURATION ncalrpc: -U$USERNAME%$PASSWORD || failed=`expr $failed + 1` done -#testit ejsnet.js $SCRIPTDIR/ejsnet.js $CONFIGURATION -U$USERNAME%$PASSWORD $DOMAIN ejstestuser || failed=`expr $failed + 1` +testit ejsnet.js $SCRIPTDIR/ejsnet.js $CONFIGURATION -U$USERNAME%$PASSWORD $DOMAIN ejstestuser || failed=`expr $failed + 1` testit ldb.js $SCRIPTDIR/ldb.js `pwd` $CONFIGURATION || failed=`expr $failed + 1`
svn commit: samba r20168 - in branches/SAMBA_4_0/source/lib/ldb: common include ldb_tdb
Author: metze
Date: 2006-12-14 10:03:21 + (Thu, 14 Dec 2006)
New Revision: 20168
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20168
Log:
start separating attributes and syntaxes
metze
Modified:
branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c
branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c
branches/SAMBA_4_0/source/lib/ldb/include/ldb.h
branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c
===
--- branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c 2006-12-14
08:25:24 UTC (rev 20167)
+++ branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c 2006-12-14
10:03:21 UTC (rev 20168)
@@ -336,50 +336,44 @@
/*
table of standard attribute handlers
*/
-static const struct ldb_attrib_handler ldb_standard_attribs[] = {
+static const struct ldb_schema_syntax ldb_standard_syntaxes[] = {
{
- .attr= LDB_SYNTAX_INTEGER,
- .flags = 0,
+ .name= LDB_SYNTAX_INTEGER,
.ldif_read_fn= ldb_handler_copy,
.ldif_write_fn = ldb_handler_copy,
.canonicalise_fn = ldb_canonicalise_Integer,
.comparison_fn = ldb_comparison_Integer
},
{
- .attr= LDB_SYNTAX_OCTET_STRING,
- .flags = 0,
+ .name= LDB_SYNTAX_OCTET_STRING,
.ldif_read_fn= ldb_handler_copy,
.ldif_write_fn = ldb_handler_copy,
.canonicalise_fn = ldb_handler_copy,
.comparison_fn = ldb_comparison_binary
},
{
- .attr= LDB_SYNTAX_DIRECTORY_STRING,
- .flags = 0,
+ .name= LDB_SYNTAX_DIRECTORY_STRING,
.ldif_read_fn= ldb_handler_copy,
.ldif_write_fn = ldb_handler_copy,
.canonicalise_fn = ldb_handler_fold,
.comparison_fn = ldb_comparison_fold
},
{
- .attr= LDB_SYNTAX_DN,
- .flags = 0,
+ .name= LDB_SYNTAX_DN,
.ldif_read_fn= ldb_handler_copy,
.ldif_write_fn = ldb_handler_copy,
.canonicalise_fn = ldb_canonicalise_dn,
.comparison_fn = ldb_comparison_dn
},
{
- .attr= LDB_SYNTAX_OBJECTCLASS,
- .flags = 0,
+ .name= LDB_SYNTAX_OBJECTCLASS,
.ldif_read_fn= ldb_handler_copy,
.ldif_write_fn = ldb_handler_copy,
.canonicalise_fn = ldb_handler_fold,
.comparison_fn = ldb_comparison_objectclass
},
{
- .attr= LDB_SYNTAX_UTC_TIME,
- .flags = 0,
+ .name= LDB_SYNTAX_UTC_TIME,
.ldif_read_fn= ldb_handler_copy,
.ldif_write_fn = ldb_handler_copy,
.canonicalise_fn = ldb_canonicalise_utctime,
@@ -391,17 +385,16 @@
/*
return the attribute handlers for a given syntax name
*/
-const struct ldb_attrib_handler *ldb_attrib_handler_syntax(struct ldb_context
*ldb,
- const char *syntax)
+const struct ldb_schema_syntax *ldb_standard_syntax_by_name(struct ldb_context
*ldb,
+ const char *syntax)
{
int i;
- unsigned num_handlers =
sizeof(ldb_standard_attribs)/sizeof(ldb_standard_attribs[0]);
+ unsigned num_handlers =
sizeof(ldb_standard_syntaxes)/sizeof(ldb_standard_syntaxes[0]);
/* TODO: should be replaced with a binary search */
for (i=0;inum_handlers;i++) {
- if (strcmp(ldb_standard_attribs[i].attr, syntax) == 0) {
- return ldb_standard_attribs[i];
+ if (strcmp(ldb_standard_syntaxes[i].name, syntax) == 0) {
+ return ldb_standard_syntaxes[i];
}
}
return NULL;
}
-
Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c
===
--- branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c 2006-12-14
08:25:24 UTC (rev 20167)
+++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_attributes.c 2006-12-14
10:03:21 UTC (rev 20168)
@@ -149,15 +149,20 @@
int ldb_set_attrib_handler_syntax(struct ldb_context *ldb,
const char *attr, const char *syntax)
{
- const struct ldb_attrib_handler *h = ldb_attrib_handler_syntax(ldb,
syntax);
-
svn commit: lorikeet r690 - in trunk/heimdal/lib/gssapi/krb5: .
Author: lha
Date: 2006-12-14 11:01:35 + (Thu, 14 Dec 2006)
New Revision: 690
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=690
Log:
(GSS_KRB5_SET_DEFAULT_REALM_X): don't fail on success.
Bug report from Stefan Metzmacher.
Modified:
trunk/heimdal/lib/gssapi/krb5/set_sec_context_option.c
Changeset:
Modified: trunk/heimdal/lib/gssapi/krb5/set_sec_context_option.c
===
--- trunk/heimdal/lib/gssapi/krb5/set_sec_context_option.c 2006-12-12
23:45:23 UTC (rev 689)
+++ trunk/heimdal/lib/gssapi/krb5/set_sec_context_option.c 2006-12-14
11:01:35 UTC (rev 690)
@@ -129,7 +129,7 @@
return GSS_S_CALL_INACCESSIBLE_READ;
}
str = malloc(value-length + 1);
- if (str) {
+ if (str == NULL) {
*minor_status = 0;
return GSS_S_UNAVAILABLE;
}
svn commit: lorikeet r692 - in trunk/heimdal/lib/krb5: .
Author: lha
Date: 2006-12-14 11:03:45 + (Thu, 14 Dec 2006)
New Revision: 692
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=692
Log:
(free_paid): free the krb5_data structure too.
Bug report from Stefan Metzmacher.
Modified:
trunk/heimdal/lib/krb5/init_creds_pw.c
Changeset:
Modified: trunk/heimdal/lib/krb5/init_creds_pw.c
===
--- trunk/heimdal/lib/krb5/init_creds_pw.c 2006-12-14 11:01:49 UTC (rev
691)
+++ trunk/heimdal/lib/krb5/init_creds_pw.c 2006-12-14 11:03:45 UTC (rev
692)
@@ -656,7 +656,7 @@
{
krb5_free_salt(context, ppaid-salt);
if (ppaid-s2kparams)
- krb5_data_free(ppaid-s2kparams);
+ krb5_free_data(context, ppaid-s2kparams);
}
svn commit: samba r20169 - in branches/SAMBA_3_0/source: auth passdb
Author: idra
Date: 2006-12-14 15:30:54 + (Thu, 14 Dec 2006)
New Revision: 20169
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20169
Log:
Support for fallback to legacy mapping code was not completely tested.
Add necessary fixes.
Modified:
branches/SAMBA_3_0/source/auth/auth_util.c
branches/SAMBA_3_0/source/passdb/lookup_sid.c
Changeset:
Modified: branches/SAMBA_3_0/source/auth/auth_util.c
===
--- branches/SAMBA_3_0/source/auth/auth_util.c 2006-12-14 10:03:21 UTC (rev
20168)
+++ branches/SAMBA_3_0/source/auth/auth_util.c 2006-12-14 15:30:54 UTC (rev
20169)
@@ -984,6 +984,7 @@
TALLOC_CTX *mem_ctx;
struct id_map *ids;
NTSTATUS status;
+ BOOL wb = True;
size_t i;
@@ -1037,20 +1038,33 @@
if (!winbind_sids_to_unixids(ids, server_info-ptok-num_sids-1)) {
DEBUG(2, (Query to map secondary SIDs failed!\n));
+ if (!winbind_ping()) {
+ DEBUG(2, (Winbindd is not running, will try to map
SIDs one by one with legacy code\n));
+ wb = False;
+ }
}
for (i = 0; i server_info-ptok-num_sids-1; i++) {
- if ( ! ids[i].mapped) {
- DEBUG(10, (Could not convert SID %s to gid,
- ignoring it\n,
sid_string_static(ids[i].sid)));
- continue;
+ gid_t agid;
+
+ if (wb) {
+ if ( ! ids[i].mapped) {
+ DEBUG(10, (Could not convert SID %s to gid,
+ ignoring it\n,
sid_string_static(ids[i].sid)));
+ continue;
+ }
+ if (ids[i].xid.type == ID_TYPE_UID) {
+ DEBUG(10, (SID %s is a User ID (%u) not a
Group ID,
+ ignoring it\n,
sid_string_static(ids[i].sid), ids[i].xid.id));
+ continue;
+ }
+ agid = (gid_t)ids[i].xid.id;
+ } else {
+ if (! sid_to_gid(ids[i].sid, agid)) {
+ continue;
+ }
}
- if ( ! ids[i].xid.type == ID_TYPE_UID) {
- DEBUG(10, (SID %s is a User ID (%u) not a Group ID,
- ignoring it\n,
sid_string_static(ids[i].sid), ids[i].xid.id));
- continue;
- }
- if (!add_gid_to_array_unique(server_info, (gid_t)ids[i].xid.id,
server_info-groups,
+ if (!add_gid_to_array_unique(server_info, agid,
server_info-groups,
server_info-n_groups)) {
TALLOC_FREE(mem_ctx);
return NT_STATUS_NO_MEMORY;
Modified: branches/SAMBA_3_0/source/passdb/lookup_sid.c
===
--- branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-12-14 10:03:21 UTC
(rev 20168)
+++ branches/SAMBA_3_0/source/passdb/lookup_sid.c 2006-12-14 15:30:54 UTC
(rev 20169)
@@ -1141,6 +1141,7 @@
DEBUG(10,(LEGACY: uid %u - sid %s\n, (unsigned int)uid,
sid_string_static(psid)));
+ store_uid_sid_cache(psid, uid);
return;
}
@@ -1171,6 +1172,7 @@
DEBUG(10,(LEGACY: gid %u - sid %s\n, (unsigned int)gid,
sid_string_static(psid)));
+ store_gid_sid_cache(psid, gid);
return;
}
@@ -1209,16 +1211,16 @@
}
/* This was ours, but it was not mapped. Fail */
-
- return False;
}
+ DEBUG(10,(LEGACY: mapping failed for sid %s\n,
sid_string_static(psid)));
return False;
- done:
+done:
DEBUG(10,(LEGACY: sid %s - uid %u\n, sid_string_static(psid),
(unsigned int)*puid ));
+ store_uid_sid_cache(psid, *puid);
return True;
}
@@ -1252,6 +1254,7 @@
*pgid = map.gid;
goto done;
}
+ DEBUG(10,(LEGACY: mapping failed for sid %s\n,
sid_string_static(psid)));
return False;
}
@@ -1265,7 +1268,7 @@
if (ret) {
if ((type != SID_NAME_DOM_GRP)
(type != SID_NAME_ALIAS)) {
- DEBUG(5, (sid %s is a %s, expected a group\n,
+ DEBUG(5, (LEGACY: sid %s is a %s, expected a
group\n,
sid_string_static(psid),
sid_type_lookup(type)));
return False;
@@ -1273,16 +1276,19 @@
*pgid =
svn commit: samba r20170 - in branches/SAMBA_3_0/source: libaddns utils
Author: jerry
Date: 2006-12-14 16:27:45 + (Thu, 14 Dec 2006)
New Revision: 20170
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20170
Log:
Fix secure DNS updates to work against
Wnidows 2000 DNS which expects the TKEY payload to
be in the answer section and not in the additional
set of records (like Windows 2003 and the RFC).
Modified:
branches/SAMBA_3_0/source/libaddns/dns.h
branches/SAMBA_3_0/source/libaddns/dnsgss.c
branches/SAMBA_3_0/source/libaddns/dnsrecord.c
branches/SAMBA_3_0/source/utils/net_dns.c
Changeset:
Modified: branches/SAMBA_3_0/source/libaddns/dns.h
===
--- branches/SAMBA_3_0/source/libaddns/dns.h2006-12-14 15:30:54 UTC (rev
20169)
+++ branches/SAMBA_3_0/source/libaddns/dns.h2006-12-14 16:27:45 UTC (rev
20170)
@@ -280,6 +280,8 @@
#endif
+enum dns_ServerType { DNS_SRV_ANY, DNS_SRV_WIN2000, DNS_SRV_WIN2003 };
+
struct dns_domain_label {
struct dns_domain_label *next;
char *label;
@@ -405,9 +407,6 @@
const char *name,
const in_addr_t *ip,
struct dns_rrec **prec);
-DNS_ERROR dns_create_name_not_in_use_record(TALLOC_CTX *mem_ctx,
- const char *name, uint32 type,
- struct dns_rrec **prec);
DNS_ERROR dns_create_delete_record(TALLOC_CTX *mem_ctx, const char *name,
uint16 type, uint16 r_class,
struct dns_rrec **prec);
@@ -484,7 +483,8 @@
DNS_ERROR dns_negotiate_sec_ctx( const char *target_realm,
const char *servername,
const char *keyname,
-gss_ctx_id_t *gss_ctx );
+gss_ctx_id_t *gss_ctx,
+enum dns_ServerType srv_type );
DNS_ERROR dns_sign_update(struct dns_update_request *req,
gss_ctx_id_t gss_ctx,
const char *keyname,
@@ -493,7 +493,8 @@
DNS_ERROR dns_create_update_request(TALLOC_CTX *mem_ctx,
const char *domainname,
const char *hostname,
- in_addr_t ip_addr,
+ const in_addr_t *ip_addr,
+ size_t num_adds,
struct dns_update_request **preq);
#endif /* HAVE_GSSAPI_SUPPORT */
Modified: branches/SAMBA_3_0/source/libaddns/dnsgss.c
===
--- branches/SAMBA_3_0/source/libaddns/dnsgss.c 2006-12-14 15:30:54 UTC (rev
20169)
+++ branches/SAMBA_3_0/source/libaddns/dnsgss.c 2006-12-14 16:27:45 UTC (rev
20170)
@@ -45,6 +45,7 @@
return ( 0 );
}
+#if 0
/*
*/
@@ -76,12 +77,14 @@
display_status_1( msg, maj_stat, GSS_C_GSS_CODE );
display_status_1( msg, min_stat, GSS_C_MECH_CODE );
}
+#endif
static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx,
struct dns_connection *conn,
const char *keyname,
const gss_name_t target_name,
- gss_ctx_id_t *ctx )
+ gss_ctx_id_t *ctx,
+ enum dns_ServerType srv_type )
{
struct gss_buffer_desc_struct input_desc, *input_ptr, output_desc;
OM_uint32 major, minor;
@@ -123,11 +126,21 @@
req, keyname, gss.microsoft.com, t,
t + 86400, DNS_TKEY_MODE_GSSAPI, 0,
output_desc.length, (uint8 *)output_desc.value,
- rec);
+ rec );
if (!ERR_DNS_IS_OK(err)) goto error;
- err = dns_add_rrec(req, rec, req-num_additionals,
- req-additionals);
+ /* Windows 2000 DNS is broken and requires the
+ TKEY payload in the Answer section instead
+ of the Additional seciton like Windows 2003 */
+
+ if ( srv_type == DNS_SRV_WIN2000 ) {
+ err = dns_add_rrec(req, rec, req-num_answers,
+ req-answers);
+ } else {
+ err = dns_add_rrec(req, rec,
req-num_additionals,
+
svn commit: samba r20171 - in branches/SAMBA_3_0/source/nsswitch: .
Author: gd
Date: 2006-12-14 16:34:24 + (Thu, 14 Dec 2006)
New Revision: 20171
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20171
Log:
Don't delete the krb5 credential if others still reference to it.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c2006-12-14
16:27:45 UTC (rev 20170)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c2006-12-14
16:34:24 UTC (rev 20171)
@@ -382,9 +382,17 @@
return NT_STATUS_NO_MEMORY;
}
+/***
+ Remove a WINBINDD_CCACHE_ENTRY entry and the krb5 ccache if no longer
referenced.
+***/
+
NTSTATUS remove_ccache(const char *username)
{
struct WINBINDD_CCACHE_ENTRY *entry = get_ccache_by_username(username);
+ NTSTATUS status;
+#ifdef HAVE_KRB5
+ krb5_error_code ret;
+#endif
if (!entry) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@@ -397,17 +405,34 @@
}
entry-ref_count--;
- if (entry-ref_count = 0) {
- DLIST_REMOVE(ccache_list, entry);
- TALLOC_FREE(entry-event); /* unregisters events */
- TALLOC_FREE(entry);
- DEBUG(10,(remove_ccache: removed ccache for user %s\n,
username));
- } else {
+
+ if (entry-ref_count 0) {
DEBUG(10,(remove_ccache: entry %s ref count now %d\n,
username, entry-ref_count ));
+ return NT_STATUS_OK;
}
- return NT_STATUS_OK;
+ /* no references any more */
+
+ DLIST_REMOVE(ccache_list, entry);
+ TALLOC_FREE(entry-event); /* unregisters events */
+
+#ifdef HAVE_KRB5
+ ret = ads_kdestroy(entry-ccname);
+ if (ret) {
+ DEBUG(0,(remove_ccache: failed to destroy user krb5 ccache %s
with: %s\n,
+ entry-ccname, error_message(ret)));
+ } else {
+ DEBUG(10,(remove_ccache: successfully destroyed krb5 ccache %s
for user %s\n,
+ entry-ccname, username));
+ }
+ status = krb5_to_nt_status(ret);
+#endif
+
+ TALLOC_FREE(entry);
+ DEBUG(10,(remove_ccache: removed ccache for user %s\n, username));
+
+ return status;
}
/***
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-12-14 16:27:45 UTC
(rev 20170)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-12-14 16:34:24 UTC
(rev 20171)
@@ -1976,9 +1976,6 @@
struct winbindd_cli_state *state)
{
NTSTATUS result = NT_STATUS_NOT_SUPPORTED;
-#ifdef HAVE_KRB5
- int ret;
-#endif
DEBUG(3, ([%5lu]: pam dual logoff %s\n, (unsigned long)state-pid,
state-request.data.logoff.user));
@@ -2010,19 +2007,13 @@
goto process_result;
}
- ret = ads_kdestroy(state-request.data.logoff.krb5ccname);
-
- if (ret) {
- DEBUG(0,(winbindd_pam_logoff: failed to destroy user ccache %s
with: %s\n,
- state-request.data.logoff.krb5ccname,
error_message(ret)));
- } else {
- DEBUG(10,(winbindd_pam_logoff: successfully destroyed ccache
%s for user %s\n,
- state-request.data.logoff.krb5ccname,
state-request.data.logoff.user));
+ result = remove_ccache(state-request.data.logoff.user);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0,(winbindd_pam_logoff: failed to remove ccache: %s\n,
+ nt_errstr(result)));
+ goto process_result;
}
- remove_ccache(state-request.data.logoff.user);
-
- result = krb5_to_nt_status(ret);
#else
result = NT_STATUS_NOT_SUPPORTED;
#endif
svn commit: samba r20172 - in branches/SAMBA_3_0_24/source/nsswitch: .
Author: gd
Date: 2006-12-14 16:35:07 + (Thu, 14 Dec 2006)
New Revision: 20172
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20172
Log:
Don't delete the krb5 credential if others still reference to it.
Guenther
Modified:
branches/SAMBA_3_0_24/source/nsswitch/winbindd_cred_cache.c
branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_cred_cache.c
===
--- branches/SAMBA_3_0_24/source/nsswitch/winbindd_cred_cache.c 2006-12-14
16:34:24 UTC (rev 20171)
+++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_cred_cache.c 2006-12-14
16:35:07 UTC (rev 20172)
@@ -382,9 +382,17 @@
return NT_STATUS_NO_MEMORY;
}
+/***
+ Remove a WINBINDD_CCACHE_ENTRY entry and the krb5 ccache if no longer
referenced.
+***/
+
NTSTATUS remove_ccache(const char *username)
{
struct WINBINDD_CCACHE_ENTRY *entry = get_ccache_by_username(username);
+ NTSTATUS status;
+#ifdef HAVE_KRB5
+ krb5_error_code ret;
+#endif
if (!entry) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@@ -397,17 +405,34 @@
}
entry-ref_count--;
- if (entry-ref_count = 0) {
- DLIST_REMOVE(ccache_list, entry);
- TALLOC_FREE(entry-event); /* unregisters events */
- TALLOC_FREE(entry);
- DEBUG(10,(remove_ccache: removed ccache for user %s\n,
username));
- } else {
+
+ if (entry-ref_count 0) {
DEBUG(10,(remove_ccache: entry %s ref count now %d\n,
username, entry-ref_count ));
+ return NT_STATUS_OK;
}
- return NT_STATUS_OK;
+ /* no references any more */
+
+ DLIST_REMOVE(ccache_list, entry);
+ TALLOC_FREE(entry-event); /* unregisters events */
+
+#ifdef HAVE_KRB5
+ ret = ads_kdestroy(entry-ccname);
+ if (ret) {
+ DEBUG(0,(remove_ccache: failed to destroy user krb5 ccache %s
with: %s\n,
+ entry-ccname, error_message(ret)));
+ } else {
+ DEBUG(10,(remove_ccache: successfully destroyed krb5 ccache %s
for user %s\n,
+ entry-ccname, username));
+ }
+ status = krb5_to_nt_status(ret);
+#endif
+
+ TALLOC_FREE(entry);
+ DEBUG(10,(remove_ccache: removed ccache for user %s\n, username));
+
+ return status;
}
/***
Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c
===
--- branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c2006-12-14
16:34:24 UTC (rev 20171)
+++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c2006-12-14
16:35:07 UTC (rev 20172)
@@ -1976,9 +1976,6 @@
struct winbindd_cli_state *state)
{
NTSTATUS result = NT_STATUS_NOT_SUPPORTED;
-#ifdef HAVE_KRB5
- int ret;
-#endif
DEBUG(3, ([%5lu]: pam dual logoff %s\n, (unsigned long)state-pid,
state-request.data.logoff.user));
@@ -2010,19 +2007,13 @@
goto process_result;
}
- ret = ads_kdestroy(state-request.data.logoff.krb5ccname);
-
- if (ret) {
- DEBUG(0,(winbindd_pam_logoff: failed to destroy user ccache %s
with: %s\n,
- state-request.data.logoff.krb5ccname,
error_message(ret)));
- } else {
- DEBUG(10,(winbindd_pam_logoff: successfully destroyed ccache
%s for user %s\n,
- state-request.data.logoff.krb5ccname,
state-request.data.logoff.user));
+ result = remove_ccache(state-request.data.logoff.user);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0,(winbindd_pam_logoff: failed to remove ccache: %s\n,
+ nt_errstr(result)));
+ goto process_result;
}
- remove_ccache(state-request.data.logoff.user);
-
- result = krb5_to_nt_status(ret);
#else
result = NT_STATUS_NOT_SUPPORTED;
#endif
svn commit: samba r20173 - in branches/SAMBA_3_0/source: libaddns libads utils
Author: jerry
Date: 2006-12-14 17:00:10 + (Thu, 14 Dec 2006)
New Revision: 20173
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20173
Log:
DNS update fixes:
* Fix DNS updates for multi-homed hosts
* Child domains often don't have an NS record in
DNS so we have to fall back to looking up the the NS
records for the forest root.
* Fix compile warning caused by mismatched 'struct in_addr'
and 'in_addr_t' parameters called to DoDNSUpdate()
Modified:
branches/SAMBA_3_0/source/libaddns/dns.h
branches/SAMBA_3_0/source/libaddns/dnsrecord.c
branches/SAMBA_3_0/source/libads/ads_struct.c
branches/SAMBA_3_0/source/utils/net_ads.c
branches/SAMBA_3_0/source/utils/net_dns.c
Changeset:
Modified: branches/SAMBA_3_0/source/libaddns/dns.h
===
--- branches/SAMBA_3_0/source/libaddns/dns.h2006-12-14 16:35:07 UTC (rev
20172)
+++ branches/SAMBA_3_0/source/libaddns/dns.h2006-12-14 17:00:10 UTC (rev
20173)
@@ -493,7 +493,7 @@
DNS_ERROR dns_create_update_request(TALLOC_CTX *mem_ctx,
const char *domainname,
const char *hostname,
- const in_addr_t *ip_addr,
+ const struct in_addr *ip_addr,
size_t num_adds,
struct dns_update_request **preq);
Modified: branches/SAMBA_3_0/source/libaddns/dnsrecord.c
===
--- branches/SAMBA_3_0/source/libaddns/dnsrecord.c 2006-12-14 16:35:07 UTC
(rev 20172)
+++ branches/SAMBA_3_0/source/libaddns/dnsrecord.c 2006-12-14 17:00:10 UTC
(rev 20173)
@@ -356,7 +356,7 @@
DNS_ERROR dns_create_update_request(TALLOC_CTX *mem_ctx,
const char *domainname,
const char *hostname,
- const in_addr_t *ip_addr,
+ const struct in_addr *ip_addrs,
size_t num_addrs,
struct dns_update_request **preq)
{
@@ -395,7 +395,7 @@
*/
for ( i=0; inum_addrs; i++ ) {
- err = dns_create_a_record(req, hostname, 3600, ip_addr[i],
rec);
+ err = dns_create_a_record(req, hostname, 3600,
ip_addrs[i].s_addr, rec);
if (!ERR_DNS_IS_OK(err))
goto error;
Modified: branches/SAMBA_3_0/source/libads/ads_struct.c
===
--- branches/SAMBA_3_0/source/libads/ads_struct.c 2006-12-14 16:35:07 UTC
(rev 20172)
+++ branches/SAMBA_3_0/source/libads/ads_struct.c 2006-12-14 17:00:10 UTC
(rev 20173)
@@ -75,7 +75,29 @@
return ads_build_path(realm, ., dc=, 0);
}
+/* return a DNS name in the for aa.bb.cc from the DN
+ dc=AA,dc=BB,dc=CC. caller must free
+*/
+char *ads_build_domain(const char *dn)
+{
+ char *dnsdomain = NULL;
+
+ /* result should always be shorter than the DN */
+ if ( (dnsdomain = SMB_STRDUP( dn )) == NULL ) {
+ DEBUG(0,(ads_build_domain: malloc() failed!\n));
+ return NULL;
+ }
+
+ strlower_m( dnsdomain );
+ all_string_sub( dnsdomain, dc=, , 0);
+ all_string_sub( dnsdomain, ,, ., 0 );
+
+ return dnsdomain;
+}
+
+
+
#ifndef LDAP_PORT
#define LDAP_PORT 389
#endif
Modified: branches/SAMBA_3_0/source/utils/net_ads.c
===
--- branches/SAMBA_3_0/source/utils/net_ads.c 2006-12-14 16:35:07 UTC (rev
20172)
+++ branches/SAMBA_3_0/source/utils/net_ads.c 2006-12-14 17:00:10 UTC (rev
20173)
@@ -1221,7 +1221,7 @@
#if defined(WITH_DNS_UPDATES)
#include dns.h
-DNS_ERROR DoDNSUpdate(ADS_STRUCT *ads, char *pszServerName,
+DNS_ERROR DoDNSUpdate(char *pszServerName,
const char *pszDomainName,
const char *pszHostName,
const struct in_addr *iplist, int num_addrs );
@@ -1237,7 +1237,8 @@
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
DNS_ERROR dns_err;
fstring dns_server;
- const char *dnsdomain;
+ const char *dnsdomain = NULL;
+ char *root_domain = NULL;
if ( (dnsdomain = strchr_m( machine_name, '.')) == NULL ) {
d_printf(No DNS domain configured for %s.
@@ -1249,9 +1250,52 @@
status = ads_dns_lookup_ns( ctx, dnsdomain, nameservers, ns_count );
if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) {
- DEBUG(3,(net_ads_join: Failed to find name server for the %s
+ /* Child domains often do not have NS records. Look
+ for the NS record for the forest root
Re: svn commit: samba r20173 - in branches/SAMBA_3_0/source: libaddns libads utils
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Author: jerry Date: 2006-12-14 17:00:10 + (Thu, 14 Dec 2006) New Revision: 20173 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20173 Log: DNS update fixes: * Fix DNS updates for multi-homed hosts * Child domains often don't have an NS record in DNS so we have to fall back to looking up the the NS records for the forest root. * Fix compile warning caused by mismatched 'struct in_addr' and 'in_addr_t' parameters called to DoDNSUpdate() This also has two other changes in the patch. (a) Removed an unnecessary kinit() using the machine creds from the dns update code. We should have already done that before calling into DoDNSUpdate(). (b) add get_dc_name() to net_ads_join() in order to initialize the server affinity cache before joining the domain. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgYU9IR7qMdg1EfYRAsHTAJ9bLuz699aZwKaiq6sIKS1gv96xnACgqqi2 MP9xZomcDG5aYny1Z/N9kDE= =nFfW -END PGP SIGNATURE-
Rev 40: Raw impl. of ibwrapper test tool. in http://samba.org/~tridge/psomogyi/
revno: 40
revision-id: [EMAIL PROTECTED]
parent: [EMAIL PROTECTED]
committer: Peter Somogyi [EMAIL PROTECTED]
branch nick: ctdb
timestamp: Thu 2006-12-14 18:21:39 +0100
message:
Raw impl. of ibwrapper test tool.
(basic functional test, compilable, untested)
Adjusted makefile and ibwrapper state checking.
added:
tests/ibwrapper_test.c
ibwrapper_test.c-20061214171730-h11a2z5ed6pt66hj-1
modified:
Makefile.inmakefile.in-20061117234101-o3qt14umlg9en8z0-1
ib/ibwrapper.c ibwrapper.c-20061204130028-0125b4f5a72f4b11
=== added file 'tests/ibwrapper_test.c'
--- a/tests/ibwrapper_test.c1970-01-01 00:00:00 +
+++ b/tests/ibwrapper_test.c2006-12-14 17:21:39 +
@@ -0,0 +1,427 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Test the infiniband wrapper.
+ *
+ * Copyright (C) Sven Oehme [EMAIL PROTECTED] 2006
+ *
+ * Major code contributions by Peter Somogyi [EMAIL PROTECTED]
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include stdlib.h
+#include string.h
+#include stdio.h
+#include errno.h
+#include sys/types.h
+#include netinet/in.h
+#include sys/socket.h
+#include netdb.h
+#include arpa/inet.h
+#include malloc.h
+#include assert.h
+#include unistd.h
+#include signal.h
+
+#include includes.h
+#include lib/events/events.h
+#include ib/ibwrapper.h
+
+struct ibwtest_ctx {
+ int is_server;
+ char*id; /* my id */
+
+ struct ibw_initattr *attrs;
+ int nattrs;
+ char*opts; /* option string */
+
+ struct sockaddr_in *addrs; /* dynamic array of dest addrs */
+ int naddrs;
+
+ int max_msg_size;
+ unsigned intnsec; /* nanosleep between messages */
+
+ int cnt;
+
+ int kill_me;
+ struct ibw_ctx *ibwctx;
+};
+
+struct ibwtest_conn {
+ char*id;
+};
+
+enum testopcode {
+ TESTOP_SEND_ID = 1,
+ TESTOP_SEND_DATA = 2
+};
+
+int ibwtest_connect_everybody(struct ibwtest_ctx *tcx)
+{
+ struct ibwtest_conn *pconn = talloc_zero(tcx, struct ibwtest_conn);
+ int i;
+
+ for(i=0; itcx-naddrs; i++) {
+ if (ibw_connect(tcx-ibwctx, tcx-addrs[i], pconn)) {
+ fprintf(stderr, ibw_connect error at %d\n, i);
+ return -1;
+ }
+ }
+ DEBUG(10, (sent %d connect request...\n, tcx-naddrs));
+
+ return 0;
+}
+
+int ibwtest_send_id(struct ibw_conn *conn)
+{
+ char *buf;
+ void *key;
+ struct ibwtest_ctx *tcx = talloc_get_type(conn-ctx-ctx_userdata,
struct ibwtest_ctx);
+
+ DEBUG(10, (test IBWC_CONNECTED\n));
+ if (ibw_alloc_send_buf(conn, (void **)buf, key)) {
+ DEBUG(0, (send_id: ibw_alloc_send_buf failed\n));
+ return -1;
+ }
+
+ buf[0] = (char)TESTOP_SEND_ID;
+ strcpy(buf+1, tcx-id);
+
+ if (ibw_send(conn, buf, key, strlen(buf+1))) {
+ DEBUG(0, (send_id: ibw_send error\n));
+ return -1;
+ }
+ return 0;
+}
+
+int ibwtest_send_test_msg(struct ibwtest_ctx *tcx, struct ibw_conn *conn,
const char *msg)
+{
+ char *buf;
+ void *key;
+
+ if (ibw_alloc_send_buf(conn, (void **)buf, key)) {
+ fprintf(stderr, send_test_msg: ibw_alloc_send_buf failed\n);
+ return -1;
+ }
+
+ buf[0] = (char)TESTOP_SEND_DATA;
+ assert(strlen(msg)tcx-max_msg_size-1);
+ strcpy(buf+1, msg);
+
+ if (ibw_send(conn, buf, key, strlen(buf+1))) {
+ DEBUG(0, (send_test_msg: ibw_send error\n));
+ return -1;
+ }
+ return 0;
+}
+
+int ibwtest_connstate_handler(struct ibw_ctx *ctx, struct ibw_conn *conn)
+{
+ struct ibwtest_ctx *tcx = NULL; /* userdata */
+ struct ibwtest_conn *pconn = NULL; /* userdata */
+
+ if (ctx) {
+ tcx = talloc_get_type(ctx-ctx_userdata, struct ibwtest_ctx);
+
+ switch(ctx-state) {
+ case IBWS_INIT:
+ DEBUG(10, (test IBWS_INIT\n));
+ break;
+ case IBWS_READY:
+ DEBUG(10, (test IBWS_READY\n));
+ break;
+ case
Re: svn commit: samba r20166 - in branches/SAMBA_4_0/source/libnet: .
On Thu, Dec 14, 2006 at 08:23:56AM +, [EMAIL PROTECTED] wrote: Author: metze Date: 2006-12-14 08:23:55 + (Thu, 14 Dec 2006) New Revision: 20166 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20166 Log: we have a dom_sid_add_rid() function that adds the rid after allocating enough memory for the new sub_auth element. the old version wrote behind the buffer. also make the output sid a pointer. Hey! I was supposed to fix that tonight :) Thanks anyway :) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
svn commit: samba r20174 - in branches: SAMBA_3_0/source/lib SAMBA_3_0_24/source/lib
Author: jra
Date: 2006-12-14 22:11:17 + (Thu, 14 Dec 2006)
New Revision: 20174
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20174
Log:
If we're only going to call one handler per message
then terminate the traversal once we've done that.
Jeremy.
Modified:
branches/SAMBA_3_0/source/lib/messages.c
branches/SAMBA_3_0_24/source/lib/messages.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/messages.c
===
--- branches/SAMBA_3_0/source/lib/messages.c2006-12-14 17:00:10 UTC (rev
20173)
+++ branches/SAMBA_3_0/source/lib/messages.c2006-12-14 22:11:17 UTC (rev
20174)
@@ -483,23 +483,23 @@
return;
for (buf = msgs_buf; message_recv(msgs_buf, total_len, msg_type, src,
buf, len); buf += len) {
- struct dispatch_fns *dfn, *next;
+ struct dispatch_fns *dfn;
DEBUG(10,(message_dispatch: received msg_type=%d
src_pid=%u\n, msg_type,
(unsigned int) procid_to_pid(src)));
n_handled = 0;
- for (dfn = dispatch_fns; dfn; dfn = next) {
- next = dfn-next;
+ for (dfn = dispatch_fns; dfn; dfn = dfn-next) {
if (dfn-msg_type == msg_type) {
DEBUG(10,(message_dispatch: processing message
of type %d.\n, msg_type));
dfn-fn(msg_type, src, len ? (void *)buf :
NULL, len);
n_handled++;
+ break;
}
}
if (!n_handled) {
- DEBUG(5,(message_dispatch: warning: no handlers
registed for
+ DEBUG(5,(message_dispatch: warning: no handler
registed for
msg_type %d in pid %u\n,
msg_type, (unsigned int)sys_getpid()));
}
Modified: branches/SAMBA_3_0_24/source/lib/messages.c
===
--- branches/SAMBA_3_0_24/source/lib/messages.c 2006-12-14 17:00:10 UTC (rev
20173)
+++ branches/SAMBA_3_0_24/source/lib/messages.c 2006-12-14 22:11:17 UTC (rev
20174)
@@ -483,23 +483,23 @@
return;
for (buf = msgs_buf; message_recv(msgs_buf, total_len, msg_type, src,
buf, len); buf += len) {
- struct dispatch_fns *dfn, *next;
+ struct dispatch_fns *dfn;
DEBUG(10,(message_dispatch: received msg_type=%d
src_pid=%u\n, msg_type,
(unsigned int) procid_to_pid(src)));
n_handled = 0;
- for (dfn = dispatch_fns; dfn; dfn = next) {
- next = dfn-next;
+ for (dfn = dispatch_fns; dfn; dfn = dfn-next) {
if (dfn-msg_type == msg_type) {
DEBUG(10,(message_dispatch: processing message
of type %d.\n, msg_type));
dfn-fn(msg_type, src, len ? (void *)buf :
NULL, len);
n_handled++;
+ break;
}
}
if (!n_handled) {
- DEBUG(5,(message_dispatch: warning: no handlers
registed for
+ DEBUG(5,(message_dispatch: warning: no handler
registed for
msg_type %d in pid %u\n,
msg_type, (unsigned int)sys_getpid()));
}
svn commit: samba r20175 - in branches/SAMBA_4_0/source/scripting/ejs: .
Author: mimir Date: 2006-12-14 22:12:53 + (Thu, 14 Dec 2006) New Revision: 20175 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20175 Log: use libnet context instead mem_ctx as the latter gets freed just before the function returns. rafal Modified: branches/SAMBA_4_0/source/scripting/ejs/ejsnet.c Changeset: Modified: branches/SAMBA_4_0/source/scripting/ejs/ejsnet.c === --- branches/SAMBA_4_0/source/scripting/ejs/ejsnet.c2006-12-14 22:11:17 UTC (rev 20174) +++ branches/SAMBA_4_0/source/scripting/ejs/ejsnet.c2006-12-14 22:12:53 UTC (rev 20175) @@ -375,7 +375,7 @@ /* create UserInfo object */ mprUserInfo = mprObject(UserInfo); - + mprAccountName = mprString(req.out.account_name); mprFullName = mprString(req.out.full_name); mprDescription = mprString(req.out.description); @@ -384,8 +384,8 @@ mprComment = mprString(req.out.comment); mprLogonScript = mprString(req.out.logon_script); mprAcctExpiry = mprString(timestring(mem_ctx, req.out.acct_expiry-tv_sec)); - mprAllowPassChange = mprString(timestring(mem_ctx, req.out.allow_password_change-tv_sec)); - mprForcePassChange = mprString(timestring(mem_ctx, req.out.force_password_change-tv_sec)); + mprAllowPassChange = mprString(timestring(ctx, req.out.allow_password_change-tv_sec)); + mprForcePassChange = mprString(timestring(ctx, req.out.force_password_change-tv_sec)); status = mprSetVar(mprUserInfo, AccountName, mprAccountName); if (!NT_STATUS_IS_OK(status)) goto done; @@ -407,7 +407,6 @@ if (!NT_STATUS_IS_OK(status)) goto done; status = mprSetVar(mprUserInfo, ForcePasswordChange, mprForcePassChange); if (!NT_STATUS_IS_OK(status)) goto done; - done: talloc_free(mem_ctx); mpr_Return(eid, mprUserInfo);
svn commit: samba r20176 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: mimir
Date: 2006-12-14 22:14:07 + (Thu, 14 Dec 2006)
New Revision: 20176
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20176
Log:
Info method returns null object if the user is not found.
rafal
Modified:
branches/SAMBA_4_0/testprogs/ejs/ejsnet.js
Changeset:
Modified: branches/SAMBA_4_0/testprogs/ejs/ejsnet.js
===
--- branches/SAMBA_4_0/testprogs/ejs/ejsnet.js 2006-12-14 22:12:53 UTC (rev
20175)
+++ branches/SAMBA_4_0/testprogs/ejs/ejsnet.js 2006-12-14 22:14:07 UTC (rev
20176)
@@ -30,12 +30,18 @@
return -1;
}
+
var info = usr_ctx.Info(options.ARGV[1]);
-println(UserInfo.AccountName = + info.AccountName);
-println(UserInfo.Description = + info.Description);
-println(UserInfo.FullName = + info.FullName);
-println(UserInfo.AcctExpiry = + info.AcctExpiry);
+if (info != null) {
+ println(UserInfo.AccountName = + info.AccountName);
+ println(UserInfo.Description = + info.Description);
+ println(UserInfo.FullName = + info.FullName);
+ println(UserInfo.AcctExpiry = + info.AcctExpiry);
+} else {
+ println(Null UserInfo returned - account unknown);
+}
+
var status = usr_ctx.Delete(options.ARGV[1]);
if (status.is_ok != true) {
println(Failed to delete user account + options.ARGV[1] + : +
status.errstr);
svn commit: samba r20177 - in branches/SAMBA_4_0/source/libnet: .
Author: mimir Date: 2006-12-14 22:45:12 + (Thu, 14 Dec 2006) New Revision: 20177 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20177 Log: return the actual function status code. rafal Modified: branches/SAMBA_4_0/source/libnet/libnet_lookup.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_lookup.c === --- branches/SAMBA_4_0/source/libnet/libnet_lookup.c2006-12-14 22:14:07 UTC (rev 20176) +++ branches/SAMBA_4_0/source/libnet/libnet_lookup.c2006-12-14 22:45:12 UTC (rev 20177) @@ -392,6 +392,8 @@ c-status = dcerpc_ndr_request_recv(req); if (!composite_is_ok(c)) return; + c-status = s-lookup.out.result; + composite_done(c); }
Build status as of Fri Dec 15 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-12-14 00:01:45.0 + +++ /home/build/master/cache/broken_results.txt 2006-12-15 00:00:58.0 + @@ -1,4 +1,4 @@ -Build status as of Thu Dec 14 00:00:02 2006 +Build status as of Fri Dec 15 00:00:02 2006 Build counts: Tree Total Broken Panic @@ -7,15 +7,15 @@ ccache 43 7 0 ctdb 0 0 0 distcc 2 0 0 -ldb 41 4 0 +ldb 42 4 0 libreplace 40 2 0 -lorikeet-heimdal 35 17 0 +lorikeet-heimdal 35 18 0 ppp 18 0 0 rsync43 3 0 samba0 0 0 samba-docs 0 0 0 -samba4 41 34 16 -samba_3_043 33 0 +samba4 41 28 0 +samba_3_043 20 0 smb-build40 1 0 talloc 43 1 0 tdb 42 2 0
svn commit: samba r20178 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_24/source/smbd
Author: jra
Date: 2006-12-15 00:49:12 + (Fri, 15 Dec 2006)
New Revision: 20178
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20178
Log:
Ensure we allocate the intermediate trans structs
off conn-mem_ctx, not the null context so we can
safefy free everything on conn close. Should fix
possible memleak.
Jeremy.
Modified:
branches/SAMBA_3_0/source/smbd/conn.c
branches/SAMBA_3_0/source/smbd/ipc.c
branches/SAMBA_3_0/source/smbd/nttrans.c
branches/SAMBA_3_0/source/smbd/trans2.c
branches/SAMBA_3_0_24/source/smbd/conn.c
branches/SAMBA_3_0_24/source/smbd/ipc.c
branches/SAMBA_3_0_24/source/smbd/nttrans.c
branches/SAMBA_3_0_24/source/smbd/trans2.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/conn.c
===
--- branches/SAMBA_3_0/source/smbd/conn.c 2006-12-14 22:45:12 UTC (rev
20177)
+++ branches/SAMBA_3_0/source/smbd/conn.c 2006-12-15 00:49:12 UTC (rev
20178)
@@ -257,6 +257,7 @@
{
vfs_handle_struct *handle = NULL, *thandle = NULL;
TALLOC_CTX *mem_ctx = NULL;
+ struct trans_state *state = NULL;
/* Free vfs_connection_struct */
handle = conn-vfs_handles;
@@ -268,6 +269,13 @@
handle = thandle;
}
+ /* Free any pending transactions stored on this conn. */
+ for (state = conn-pending_trans; state; state = state-next) {
+ /* state-setup is a talloc child of state. */
+ SAFE_FREE(state-param);
+ SAFE_FREE(state-data);
+ }
+
free_namearray(conn-veto_list);
free_namearray(conn-hide_list);
free_namearray(conn-veto_oplock_list);
Modified: branches/SAMBA_3_0/source/smbd/ipc.c
===
--- branches/SAMBA_3_0/source/smbd/ipc.c2006-12-14 22:45:12 UTC (rev
20177)
+++ branches/SAMBA_3_0/source/smbd/ipc.c2006-12-15 00:49:12 UTC (rev
20178)
@@ -447,7 +447,7 @@
return ERROR_NT(result);
}
- if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+ if ((state = TALLOC_P(conn-mem_ctx, struct trans_state)) == NULL) {
DEBUG(0, (talloc failed\n));
END_PROFILE(SMBtrans);
return ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -458,6 +458,7 @@
state-mid = SVAL(inbuf, smb_mid);
state-vuid = SVAL(inbuf, smb_uid);
state-setup_count = CVAL(inbuf, smb_suwcnt);
+ state-setup = NULL;
state-total_param = SVAL(inbuf, smb_tpscnt);
state-param = NULL;
state-total_data = SVAL(inbuf, smb_tdscnt);
Modified: branches/SAMBA_3_0/source/smbd/nttrans.c
===
--- branches/SAMBA_3_0/source/smbd/nttrans.c2006-12-14 22:45:12 UTC (rev
20177)
+++ branches/SAMBA_3_0/source/smbd/nttrans.c2006-12-15 00:49:12 UTC (rev
20178)
@@ -2845,7 +2845,7 @@
return ERROR_NT(result);
}
- if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+ if ((state = TALLOC_P(conn-mem_ctx, struct trans_state)) == NULL) {
END_PROFILE(SMBnttrans);
return ERROR_DOS(ERRSRV,ERRaccess);
}
@@ -2862,6 +2862,7 @@
/* setup count is in *words* */
state-setup_count = 2*CVAL(inbuf,smb_nt_SetupCount);
+ state-setup = NULL;
state-call = function_code;
/*
Modified: branches/SAMBA_3_0/source/smbd/trans2.c
===
--- branches/SAMBA_3_0/source/smbd/trans2.c 2006-12-14 22:45:12 UTC (rev
20177)
+++ branches/SAMBA_3_0/source/smbd/trans2.c 2006-12-15 00:49:12 UTC (rev
20178)
@@ -5265,7 +5265,7 @@
return ERROR_DOS(ERRSRV,ERRaccess);
}
- if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+ if ((state = TALLOC_P(conn-mem_ctx, struct trans_state)) == NULL) {
DEBUG(0, (talloc failed\n));
END_PROFILE(SMBtrans2);
return ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -5276,6 +5276,7 @@
state-mid = SVAL(inbuf, smb_mid);
state-vuid = SVAL(inbuf, smb_uid);
state-setup_count = SVAL(inbuf, smb_suwcnt);
+ state-setup = NULL;
state-total_param = SVAL(inbuf, smb_tpscnt);
state-param = NULL;
state-total_data = SVAL(inbuf, smb_tdscnt);
Modified: branches/SAMBA_3_0_24/source/smbd/conn.c
===
--- branches/SAMBA_3_0_24/source/smbd/conn.c2006-12-14 22:45:12 UTC (rev
20177)
+++ branches/SAMBA_3_0_24/source/smbd/conn.c2006-12-15 00:49:12 UTC (rev
20178)
@@ -257,6 +257,7 @@
{
vfs_handle_struct *handle = NULL, *thandle = NULL;
TALLOC_CTX *mem_ctx = NULL;
+ struct trans_state *state = NULL;
/* Free vfs_connection_struct */
handle =
svn commit: samba r20179 - in branches: SAMBA_3_0/source/lib SAMBA_3_0_24/source/lib
Author: jra
Date: 2006-12-15 01:50:04 + (Fri, 15 Dec 2006)
New Revision: 20179
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20179
Log:
Sync up with Samba4 - remove blank lines at the
end parsing a file.
Jeremy.
Modified:
branches/SAMBA_3_0/source/lib/util_file.c
branches/SAMBA_3_0_24/source/lib/util_file.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/util_file.c
===
--- branches/SAMBA_3_0/source/lib/util_file.c 2006-12-15 00:49:12 UTC (rev
20178)
+++ branches/SAMBA_3_0/source/lib/util_file.c 2006-12-15 01:50:04 UTC (rev
20179)
@@ -285,9 +285,6 @@
return NULL;
}
memset(ret, 0, sizeof(ret[0])*(i+2));
- if (numlines) {
- *numlines = i;
- }
ret[0] = p;
for (s = p, i=0; s p+size; s++) {
@@ -301,6 +298,15 @@
}
}
+ /* remove any blank lines at the end */
+ while (i 0 ret[i-1][0] == 0) {
+ i--;
+ }
+
+ if (numlines) {
+ *numlines = i;
+ }
+
return ret;
}
Modified: branches/SAMBA_3_0_24/source/lib/util_file.c
===
--- branches/SAMBA_3_0_24/source/lib/util_file.c2006-12-15 00:49:12 UTC
(rev 20178)
+++ branches/SAMBA_3_0_24/source/lib/util_file.c2006-12-15 01:50:04 UTC
(rev 20179)
@@ -285,9 +285,6 @@
return NULL;
}
memset(ret, 0, sizeof(ret[0])*(i+2));
- if (numlines) {
- *numlines = i;
- }
ret[0] = p;
for (s = p, i=0; s p+size; s++) {
@@ -301,6 +298,15 @@
}
}
+ /* remove any blank lines at the end */
+ while (i 0 ret[i-1][0] == 0) {
+ i--;
+ }
+
+ if (numlines) {
+ *numlines = i;
+ }
+
return ret;
}
Rev 1: first version in http://samba.org/~tridge/ctdb/
svn commit: samba r20180 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_24/source/nsswitch
Author: jra Date: 2006-12-15 06:06:15 + (Fri, 15 Dec 2006) New Revision: 20180 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20180 Log: Ensure that pam returns the correct error messages when offline and or doing password changes. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_24/source/nsswitch/pam_winbind.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c Changeset: Sorry, the patch is too large (643 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20180
svn commit: samba r20181 - in branches: SAMBA_3_0/source/lib SAMBA_3_0_24/source/lib
Author: jra
Date: 2006-12-15 06:44:16 + (Fri, 15 Dec 2006)
New Revision: 20181
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20181
Log:
Improve NT status to pam error mapping.
Jeremy.
Modified:
branches/SAMBA_3_0/source/lib/pam_errors.c
branches/SAMBA_3_0_24/source/lib/pam_errors.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/pam_errors.c
===
--- branches/SAMBA_3_0/source/lib/pam_errors.c 2006-12-15 06:06:15 UTC (rev
20180)
+++ branches/SAMBA_3_0/source/lib/pam_errors.c 2006-12-15 06:44:16 UTC (rev
20181)
@@ -72,6 +72,13 @@
{NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES},
{NT_STATUS_NO_MEMORY, PAM_BUF_ERR},
{NT_STATUS_PASSWORD_RESTRICTION, PAM_PERM_DENIED},
+ {NT_STATUS_BACKUP_CONTROLLER, PAM_AUTHINFO_UNAVAIL};
+ {NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, PAM_AUTHINFO_UNAVAIL};
+ {NT_STATUS_NO_LOGON_SERVERS, PAM_AUTHINFO_UNAVAIL};
+ {NT_STATUS_INVALID_WORKSTATION, PAM_PERM_DENIED},
+ {NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL};
+ {NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL};
+ {NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL};
{NT_STATUS_OK, PAM_SUCCESS}
};
Modified: branches/SAMBA_3_0_24/source/lib/pam_errors.c
===
--- branches/SAMBA_3_0_24/source/lib/pam_errors.c 2006-12-15 06:06:15 UTC
(rev 20180)
+++ branches/SAMBA_3_0_24/source/lib/pam_errors.c 2006-12-15 06:44:16 UTC
(rev 20181)
@@ -72,6 +72,13 @@
{NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES},
{NT_STATUS_NO_MEMORY, PAM_BUF_ERR},
{NT_STATUS_PASSWORD_RESTRICTION, PAM_PERM_DENIED},
+ {NT_STATUS_BACKUP_CONTROLLER, PAM_AUTHINFO_UNAVAIL};
+ {NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, PAM_AUTHINFO_UNAVAIL};
+ {NT_STATUS_NO_LOGON_SERVERS, PAM_AUTHINFO_UNAVAIL};
+ {NT_STATUS_INVALID_WORKSTATION, PAM_PERM_DENIED},
+ {NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL};
+ {NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL};
+ {NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT, PAM_AUTHINFO_UNAVAIL};
{NT_STATUS_OK, PAM_SUCCESS}
};
