Re: [Samba] Serving MS Access Databases, with ACL
Hi Dale. Thanks for this, would you guys be able to send me a complete example, that would allow read/write access for two users (you can call them user1, and user2) Alternatively, you can comment on this one: -- Creating the directories, and set permissions: #mkdir /srv/samba/file-server/studies/databases #setfacl -R -m u:user1:rwx,u:user2:rwx /srv/samba/file-server/studies/databases #getfacl /srv/samba/file-server/studies/databases # file: # owner: root # group: root user::rwx user:user1:rwx user:user2:rwx group::r-x mask::rwx other::r-x The share entry in smb.conf: [databases] path = /srv/samba/file-server/studies/databases create mode = 0777 writeable = yes browseable = yes valid users = user1 user2 root writelist = user1 user2 root veto oplock files = /*.mdb/*.MDB nt acl support = yes nt pipe support = yes nt status support = yes inherit permissions = yes inherit acls = yes #smbcontrol smbd reload-config Global parameter acl compatibility found in service section! -- Nick/Nico, we must look at moving access databases to SQL/MySQL backends, soon. (See message from Dale/David below) God bless. Dale Schroeder wrote: jayendren anand maduray wrote: Hi All. Greetings from South Africa. I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10 Its serving about 200 users, with profiles, and domain logons. I want to start serving MS Access Databases on it, with the best speed performance as possible. At the moment, the back ends for these databases, are about 200+ MB, and will grow over the next few years. Basically, the share should serve about 4 users, with read/write access. I am using the XFS file system, with ACL support. Has anyone setup such shares in smb.conf? I would really like to see an example. Lastly, I do not think I want to use oplocks. That's a wise choice. In the share, use: veto oplock files = /*.mdb/*.MDB/ David's suggestion about splitting the databases into Access frontend and MySQL backend is also wise. It has been my experience that large Access databases corrupt quite easily. That no longer happens in the setup David mentioned. Dale Any help, will be greatly appreciated. God bless. *Ellison, David* david.ellison at atkinsglobal.com mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20Serving%20MS%20Access%20Databases%2C%20with%20ACLIn-Reply-To=47288B56.2010206%40hivsa.com /Wed Oct 31 15:03:52 GMT 2007/ Greetings, This is a little off topic, but may be usefull to you. If the DB is going to grow much more than that, I would use a real SQL backend to the database. The MS Access DB backend is ok, however starts to suffer when they become huge, by the sounds of things they may. I am sure there are people with 700mb, 900mb etc Access databases, but its best to split the front end from the database and use a SQL database like MySQl for the backend. Just food for thought :) Cheers. Dave -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: [EMAIL PROTECTED] Fax Number: 0866857317 ...There are 10 types of people, those who understand binary and those who do not... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't remove groups in AD
I can see, change and set any permissions with getfacl/setfacl. I can see these permissions in Windows but cannot change some of the properties. For example I cannot set full access rights for other groups even if I am the owner of the directory/file. The changes are being silently ignored. I can (un)check the properties and accept the changes, but these changes do not take place when I review the properties in windows or getfacl. Martin Jordan Keyes schrieb: Martin, What command exactly are you trying to run to remove the permissions for the group Everyone? Jordan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Hauptmann Sent: Tuesday, October 30, 2007 12:03 PM To: samba@lists.samba.org Subject: Re: [Samba] can't remove groups in AD This problem is really annoying, I cannot use security groups but I need to do that. Please tell me if you need more information. I am using Samba since 2001 and never had that kind of trouble. The system is an ubuntu 7.10 server with an amd64-kernel. I am ready to offer any available information, including log (I do not see error/failure/warning-messages when using log level 4) and any configurations. Thank you in advance! Martin Martin Hauptmann schrieb: Hi, I set up a samba 3.0.26a as an ads-member of a windows 2003 Small Business Server. Every windows user in the domain can read and write their files, everyone's happy. My Problem is, that I cannot set up security groups in the AD. When I try, I do not get an error message, but my changes are being silently ignored. I cannot set rights exceeding read,write, execute and owner. E.g. I cannot remove the group 'everyone' from the file access list. When I do and confirm I do not get an error message, but when I review the settings, nothing has changed, 'everyone' is still in the list. It is the same when I try to set or unset full access to files - no error message, but no success. I tried different settings concerning heritage, but that did not help. There are some other postings in the mailing list that sound quite similar, related to versions 3.0.25. Maybe there is a bug in these versions? My smb.conf: http://www.pastebin.ca/753491 Regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba in ADS problem
Hi all I have two samba server on the network a week woring fine, then yesterday morning they just stopped. In the log I get the following any ideas whats going on ? [2007/11/01 10:23:30, 3] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5671) conn 0x0 [2007/11/01 10:23:30, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/11/01 10:23:30, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 1510 [2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_keytab_verify_ticket(172) ads_keytab_verify_ticket: krb5_rd_req failed for all 24 matched keytab principals [2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(279) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_verify_ticket(427) ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check failed) [2007/11/01 10:23:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2007/11/01 10:23:30, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2007/11/01 10:23:30, 3] smbd/process.c:process_smb(1068) Transaction 9 of length 1644 [2007/11/01 10:23:30, 3] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5671) conn 0x0 [2007/11/01 10:23:30, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/11/01 10:23:30, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 1510 [2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_keytab_verify_ticket(172) ads_keytab_verify_ticket: krb5_rd_req failed for all 24 matched keytab principals [2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(279) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_verify_ticket(427) ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check failed) [2007/11/01 10:23:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2007/11/01 10:23:30, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2007/11/01 10:23:30, 3] smbd/process.c:process_smb(1068) Transaction 10 of length 1644 [2007/11/01 10:23:30, 3] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5671) conn 0x0 [2007/11/01 10:23:30, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/11/01 10:23:30, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 1510 [2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_keytab_verify_ticket(172) ads_keytab_verify_ticket: krb5_rd_req failed for all 24 matched keytab principals [2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(279) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_verify_ticket(427) ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check failed) [2007/11/01 10:23:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to
Re: [Samba] Samba+LDAP problems
Marcelo Mogrovejo escreveu: Hi (...) I read this documents and i begin again with samba+ldap... This time i have not problems, except when i try to create an user for testing. I create a testuser and i add a password for his but when i try to login with this user, hi doesn't login... for exameple with command su testuser as root it show me Id desconocido: testuser or Unknown Id: testuser. i don't know why happen it... (...) Have you configured NSS? gentent passwd shows the user? If I remember right, smbldap-tools creates users with a null shell by default too. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to make Add permission for folder in system with ntacl support?
Georgy Goshin wrote: Definitely possible in Samba. Start with the correct POSIX permissions on the directories, then follow the references below. This chapter, in general http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html and this section, in particular http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id374339 with or without POSIX acl's should explain how to do what you want. Please please please. I've tried already combinations this weekend, spen two days and lost any understanding of logic of file permissions and gived up! Please make someone for me small sample please! Thanks in advance, Georgy I believe your original message said you wanted a directory that users could only write to but not read? On samba server: sudo mkdir test sudo chown root.root test sudo chmod 733 test Now anyone should be able to copy a file to test directory, but not read it. Note - this will only work if you use copy in a cmd prompt. GUI file explorer tools typically want to read dir content first - not possible with these permissions. Perhaps you should explain what you're trying to achieve - there may be better ways to do it. -- Toby Bluhm Midwest Instruments Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Serving MS Access Databases, with ACL
Hi Dale. Thank you for this. I will try some tests. Can you elaborate on why you do not like ACLs? Had some bad experiences? God bless. Dale Schroeder wrote: Jayendren, Rather than acls, my preference (and it's only a preference) would be to create a group for the database users. Add user1 and user2 to that group. Then == chown root.database_group /srv/samba/file-server/studies/databases For security, let the permissions of this directory be no greater than 775. (It looks like that is what you already have.) If you go with MySQL, you can customize the access levels on a user-by-user basis on global settings, database settings, table settings, etc. The security options list is quite extensive. If you prefer GUI administration of MySQL (I do), Navicat is the program of choice. http://www.navicat.com/ It's not free, but is an affordable extension to a free database server. The only things I would say need changing in your smb.conf are: create mode = 0775 veto oplock files = /*.mdb/*.MDB*/* #don't forget the trailing slash (/) Good luck to you, Nick, and Nico. Dale jayendren anand maduray wrote: Hi Dale. Thanks for this, would you guys be able to send me a complete example, that would allow read/write access for two users (you can call them user1, and user2) Alternatively, you can comment on this one: -- Creating the directories, and set permissions: #mkdir /srv/samba/file-server/studies/databases #setfacl -R -m u:user1:rwx,u:user2:rwx /srv/samba/file-server/studies/databases #getfacl /srv/samba/file-server/studies/databases # file: # owner: root # group: root user::rwx user:user1:rwx user:user2:rwx group::r-x mask::rwx other::r-x The share entry in smb.conf: [databases] path = /srv/samba/file-server/studies/databases create mode = 0777 writeable = yes browseable = yes valid users = user1 user2 root writelist = user1 user2 root veto oplock files = /*.mdb/*.MDB nt acl support = yes nt pipe support = yes nt status support = yes inherit permissions = yes inherit acls = yes #smbcontrol smbd reload-config Global parameter acl compatibility found in service section! -- Nick/Nico, we must look at moving access databases to SQL/MySQL backends, soon. (See message from Dale/David below) God bless. Dale Schroeder wrote: jayendren anand maduray wrote: Hi All. Greetings from South Africa. I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10 Its serving about 200 users, with profiles, and domain logons. I want to start serving MS Access Databases on it, with the best speed performance as possible. At the moment, the back ends for these databases, are about 200+ MB, and will grow over the next few years. Basically, the share should serve about 4 users, with read/write access. I am using the XFS file system, with ACL support. Has anyone setup such shares in smb.conf? I would really like to see an example. Lastly, I do not think I want to use oplocks. That's a wise choice. In the share, use: veto oplock files = /*.mdb/*.MDB/ David's suggestion about splitting the databases into Access frontend and MySQL backend is also wise. It has been my experience that large Access databases corrupt quite easily. That no longer happens in the setup David mentioned. Dale Any help, will be greatly appreciated. God bless. *Ellison, David* david.ellison at atkinsglobal.com mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20Serving%20MS%20Access%20Databases%2C%20with%20ACLIn-Reply-To=47288B56.2010206%40hivsa.com /Wed Oct 31 15:03:52 GMT 2007/ Greetings, This is a little off topic, but may be usefull to you. If the DB is going to grow much more than that, I would use a real SQL backend to the database. The MS Access DB backend is ok, however starts to suffer when they become huge, by the sounds of things they may. I am sure there are people with 700mb, 900mb etc Access databases, but its best to split the front end from the database and use a SQL database like MySQl for the backend. Just food for thought :) Cheers. Dave -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: [EMAIL PROTECTED] Fax Number: 0866857317 ...There are 10 types of people, those who understand binary and those who do not... No virus found in this incoming message. Checked by AVG. Version: 7.5.503 / Virus Database: 269.15.15/1101 - Release Date: 10/31/2007 10:06 AM -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: [EMAIL PROTECTED] Fax Number: 0866857317 ...There are 10 types of people, those who
[Samba] Accessing usershares on Redhat EL 5
I have enabled user shares and have the following entries in /etc/samba/smb.conf usershare allow guests = Yes usershare max shares = 32 usershare owner only = No usershare path = /var/lib/samba/usershares usershare prefix allow list = /usr/alcoa/mesif/mes_data usershare prefix deny list = usershare template share = template I have created two shares using the redhat samba configuration script. These shares show up in the smb.conf file and on the network with no problems. I have created several shares using the net usershare add function. The files for these shares are located in /var/lib/samba/usershares. I am providing the contents for one of these files below. #VERSION 2 path=/usr/alcoa/mesif/mes_data/AN comment=guest_ok=y usershare_acl=S-1-1-0:R guest_ok=y I am unable to see these shares on the network. I am certain that I must be missing a step or that I have misconstrued the use of the usershares facility. Can someone point me in the right direction? I am trying to use the net usershare facility because the application I am developing must programmatically create shares based on the contents of a configuration file and the application does not have root access. If usershares is not the answer, is there another way to programmatically create and export a share? Thanks, in advance for your help. Mike Wehrer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] BUILTIN groups mapping via winbind!!
Hi Herman. This is really a helpful information, but i am not able to understand why in built group we cant see a mapping for a normal user, as if we look Builtin is also a OU and we have some Builtin users and groups in it. If i create a OU and groups or users in it than i can see all those but just not with Buitin. Feel free to correct me, if you find i am wrong. Thanks for your interest in this. Regards, Kaustubh. herman wrote: Kaustubh Chaudhari wrote: Hi all, When i create a group in AD and adds users in the same than with #getent group i can see the group and its members properly. But if i add a user to BUILTIN say BUILTIN Guests group than i dont see its members. == kktest:x:10026:kk,Administrator BUILTIN+Guests:x:10019: == Here i have added kk user to both kktest and BUILTIN+Guests group. But i cant see kk associated with BUILTIN Guests. I know that BUILTIN groups have pre defined sid by microsoft, and its mapping is done separately.(I found this in idmap.c) Is this a normal behavior? Would appreciate if someone can explain the reasons for this. Regards, Kaustubh. In general you need to define an Organizational Unit (OU), then define your groups and users inside that OU. It should then show up with Samba winbind. Some don'ts: Don't rename anything. Don't drag and drop anything from one OU to another OU. Don't make a user in one OU a member of a group in another OU. It is even not a good idea to delete anything. If you need to fix a typing mistake, define a new record - don't try to edit the mistake. Make frequent backups of ADS. Some dos: Apply security policies to OUs, not to users. Run ADS on VMware, so that you can take snapshots as backups. The reason for the above cautions is that ADS (mostly) work using the GUIDs, while Samba uses the text strings. So you don't want to get in a situation where ADS re-use an old GUID and changes to text strings are applied inconsistently, which confuses winbind, so changing any text string after it has been defined can also screw things up. 'Hope that helps! Herman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Jonathan Parr presents www.libeldefense.com
www.libeldefense.com Yahoo! has immense reach. Without doubt, you must be in Yahoo. It can bring you up to 50% of your traffic or more! Fortunately, you can now get listed in Yahoo! in seven days for a cost of just $199 - often worthwhile. You should get back your investment in a matter of days. The most important thing is to have a domain name that is high on the alphabetic order (starts with a number or an 'a') and also to include your primary keyword phrase - the one most people use to find your site - in your Web site name (title) and its description. Once you get listed, you should also sign up to have your site become a sponsored site within Yahoo! It costs $25 to $300 or more a month at the time of writing, depending on the category. Sponsored sites appear in a separate, clearly demarcated listing box, located on appropriate category pages in the Directory at the top - which means more traffic. http://libeldefense.studioathome.com/ http://libeldefense.blogspirit.com/ http://libeldefense.blogster.com/jonathan_parr_presents.html http://libeldefense.livejournal.com/723.html http://libeldefense.blogspot.com/ http://www.bloglines.com/blog/libeldefense http://libeldefense.bloghi.com/ http://libeldefense.tripod.com/libeldefense/ http://www.yasvs.com/ http://www.greatestjournal.com/users/libeldefense http://www.greatestjournal.com/users/libeldefense/362.html http://www.naymz.com/search/jonathan/parr/1314951 http://www.xanga.com/libeldefense http://libeldefense.multiply.com/journal/ http://20six.co.uk/libeldefense/ http://libeldefense.blogsome.com/ http://www.freewebs.com/libeldefense/ http://dangerell.googlepages.com/home http://www.opendiary.com/entrylist.asp?authorcode=D736464 http://libeldefense.bravehost.com/index.html http://www.my-diary.org/users/296432 http://www.my-diary.org/edit/?action=viewentryentryid=541256338 http://libeldefense.blog.co.uk/ http://clearblogs.com/libeldefense/78969/Jonathan+Parr+presents+www.libeldefense.com.html http://libeldefense.bloggerteam.com/entry.php?u=libeldefensee_id=293138 http://www.ebloggy.com/blog.php?username=libeldefenseid=1 http://libeldefense.blogs.ie/ http://www.teenblog.org/libeldefense/ http://libeldefense.myweblog.com/2007/10/27/jonathan-parr-presents-wwwlibeldefensecom/ http://libeldefense.egoweblog.com/ http://www.bahraichblogs.com/libeldefense/5952/ http://libeldefense.blogbeee.com/ http://portal.blogfusion.com/blogs/libeldefense/ http://noss123network.ning.com/profile/JonathanParr __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Serving MS Access Databases, with ACL
Hi Dale, thanks for the explanation. I understand were you are coming from now. I certainly hope to be of help to you someday. God bless. Dale Schroeder wrote: I have nothing against posix acl's. In fact, I make sure I install the acl package on every Debian system I build. It's just a preference. I like the way things behave with group permissions. I prefer to administer through permissions. If I use posix acl's, it is usually to remove a permission rather than add. If it is your preference to set controls via acl's, then do what is most comfortable for you. Conversely, I use Windows acl's quite a bit to fine tune access on shares _from_ Windows systems. The flexibility is much greater in Windows acl's, and do much more for me than posix acl's. That being said, I still prefer the power of posix systems for servers, and use them whenever feasible. More info here: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id376593 I am not the world's foremost expert on nix; just someone like you, learning new things, using that which I've experienced to try to help someone else. I hope I've done some of that for you! :-\ Dale jayendren anand maduray wrote: Hi Dale. Thank you for this. I will try some tests. Can you elaborate on why you do not like ACLs? Had some bad experiences? God bless. Dale Schroeder wrote: Jayendren, Rather than acls, my preference (and it's only a preference) would be to create a group for the database users. Add user1 and user2 to that group. Then == chown root.database_group /srv/samba/file-server/studies/databases For security, let the permissions of this directory be no greater than 775. (It looks like that is what you already have.) If you go with MySQL, you can customize the access levels on a user-by-user basis on global settings, database settings, table settings, etc. The security options list is quite extensive. If you prefer GUI administration of MySQL (I do), Navicat is the program of choice. http://www.navicat.com/ It's not free, but is an affordable extension to a free database server. The only things I would say need changing in your smb.conf are: create mode = 0775 veto oplock files = /*.mdb/*.MDB*/* #don't forget the trailing slash (/) Good luck to you, Nick, and Nico. Dale jayendren anand maduray wrote: Hi Dale. Thanks for this, would you guys be able to send me a complete example, that would allow read/write access for two users (you can call them user1, and user2) Alternatively, you can comment on this one: -- Creating the directories, and set permissions: #mkdir /srv/samba/file-server/studies/databases #setfacl -R -m u:user1:rwx,u:user2:rwx /srv/samba/file-server/studies/databases #getfacl /srv/samba/file-server/studies/databases # file: # owner: root # group: root user::rwx user:user1:rwx user:user2:rwx group::r-x mask::rwx other::r-x The share entry in smb.conf: [databases] path = /srv/samba/file-server/studies/databases create mode = 0777 writeable = yes browseable = yes valid users = user1 user2 root writelist = user1 user2 root veto oplock files = /*.mdb/*.MDB nt acl support = yes nt pipe support = yes nt status support = yes inherit permissions = yes inherit acls = yes #smbcontrol smbd reload-config Global parameter acl compatibility found in service section! -- Nick/Nico, we must look at moving access databases to SQL/MySQL backends, soon. (See message from Dale/David below) God bless. Dale Schroeder wrote: jayendren anand maduray wrote: Hi All. Greetings from South Africa. I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10 Its serving about 200 users, with profiles, and domain logons. I want to start serving MS Access Databases on it, with the best speed performance as possible. At the moment, the back ends for these databases, are about 200+ MB, and will grow over the next few years. Basically, the share should serve about 4 users, with read/write access. I am using the XFS file system, with ACL support. Has anyone setup such shares in smb.conf? I would really like to see an example. Lastly, I do not think I want to use oplocks. That's a wise choice. In the share, use: veto oplock files = /*.mdb/*.MDB/ David's suggestion about splitting the databases into Access frontend and MySQL backend is also wise. It has been my experience that large Access databases corrupt quite easily. That no longer happens in the setup David mentioned. Dale Any help, will be greatly appreciated. God bless. *Ellison, David* david.ellison at atkinsglobal.com mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20Serving%20MS%20Access%20Databases%2C%20with%20ACLIn-Reply-To=47288B56.2010206%40hivsa.com /Wed Oct 31 15:03:52 GMT 2007/ Greetings, This is a little off topic, but may be usefull to you. If the DB is going to grow much more than that, I
Re: [Samba] Samba+LDAP problems
Have you configured NSS? gentent passwd shows the user? Its getent. Edmundo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Accumulating smbd processes and sockets in CLOSE_WAIT state
Hello list The below mentionned problem just occured again. We had about 673 smbd Processes running and 1746 Locks (as reported by smbstatus) when it happened. Again, the only unusual thing smbd.log said was: 8 [2007/11/01 15:44:14, 0] lib/util_tdb.c:tdb_chainlock_with_timeout_internal(84) tdb_chainlock_with_timeout_internal: alarm (10) timed out for key replay cache mutex in tdb /etc/samba/private/secrets.tdb 8 Restarting samba helped for the moment but when will the problem occur again? What could trigger such a problem? And what can I do to better diagnose it? Thanks Chris On 25.10-21:48, Christoph Kaegi wrote: Our central fileserver is a Samba 3.0.25b on Solaris 9 and has 10'000 users (several hundreds at the same time). This week it died on us and when I inspected the machine, it was out of 8GB Memory and 16GB Swap because thousands of smbd processes were running. netstat -na showed that many hundreds of connections to port 445 were in CLOSE_WAIT state. We first thought it could be some sort of DoS Attack, but now I also discovered a lot of the following entries in smbd.log at the times the server became unresponsive: 8 [2007/10/25 15:40:30, 0] lib/util_tdb.c:tdb_chainlock_with_timeout_internal(84) tdb_chainlock_with_timeout_internal: alarm (10) timed out for key replay cache mutex in tdb /etc/samba/private/secrets.tdb 8 The same thing happened three times now, all of them at a time when presumably a peak of users (around 600-900) tried to use the server. Every time the number of network connections in CLOSE_WAIT state and the number of smbd processes was massively increasing. Others seem to have similar problems (like http://marc.info/?l=sambam=119263114612187w=2). The fileserver has been performing OK now for several months with this Samba Release. I'd be grateful if anybody could give me some insight about how we can solve this. Loosing fileservice for all of staff and students several times a week builds some considerable pressure on me... -- -- Christoph Kaegi [EMAIL PROTECTED] -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File permissions issue: different behavior between samba and unix
I'm seeing behavior that I was hoping somebody could explain. I have a share set up that will be a repository for company-wide data. There are three classes of people who can access it, readers, read/writers, and admins. Readers and read/writers are self explanatory, admins have read/write access, and can change the permissions/ownership of files. Read and write access is controlled by ACLs on the filesystem (see below), admin access is controlled by smb.conf. Read and admin access works as expected. Reader/Writer access is behaving unexpectedly. A writer can create a file in the share, the ownerships, permissions, and ACLs are inherited as I expect them to be. Now it gets strange. Once I've created a file, I can't rename it and get the error permission denied. I can write to the file itself, but not change its name or delete it. Yes I'm aware that rename/delete permission is a function of the parent directory perms, not the file perms. As I understand, file creation requires exactly the same permissions (rwx) as rename and delete. Hence the unexpectedness of this. Now it gets *REALLY* strange: I can create, rename, and remove directories without difficulty. I don't get errors either renaming or deleting them. One last bit of strangeness: If I change the group ownership of the directory to the writer's group, the unexpected behavior goes away. This seems to suggest to me that something strange is happening with the ACLs in samba in the case of file rename or delete. Samba version is 3.0.24, the issue is reproducible on Solaris and CentOS. I hesitate to call this a bug, because there could be a reason for this, but this behavior is not consistent with how this works under unix at the shell. I duplicated the reader/writer permissions and acls with a non-domain user and group, and observed the behavior I expected, namely that I could rename and remove the file I had created. If you want logs or further information, I can send them to you. Thanks, ~Eric Here are the perms and acls I've set up on the directory. Note that the setgid bit is set so that files created in the diretory inherit root group ownership: bash-3.00# ls -ld afiles drwxrws---+ 2 root root 512 Nov 1 10:21 afiles bash-3.00# getfacl afiles # file: afiles # owner: root # group: root user::rwx user:afile:rwx #effective:rwx group::rwx #effective:rwx group:afile:rwx #effective:rwx group:W2K3TEST+areaders:r-x #effective:r-x group:W2K3TEST+awriters:rwx #effective:rwx group:W2K3TEST+admins:rwx #effective:rwx mask:rwx other:--- default:user::rwx default:group::rwx default:group:W2K3TEST+areaders:r-x default:group:W2K3TEST+awriters:rwx default:group:W2K3TEST+admins:rwx default:mask:rwx default:other:--- bash-3.00# Here is the share definition as spat back out from testparm [afiles] path = /honda/afiles admin users = W2K3TEST+bobadmin, @W2K3TEST+admins read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACL changes on Samba NT 4.0 Member Server
I have a Samba 3.0.24-7 on Fedora 6 as a member of an Windows NT 4.0 domain, with a simple share setup with ACLs. The permissions on the share from Windows XP Pro Security tab shows Everyone, and root (Unix Group\root) without any Permissions. When trying to add permissions from XP while logged on as CPDOM+admin the error is display Unable to save permission changes on share name on server name Access is denied. Files can be copied to the share but can't be opened. Below is the smb.conf. I believe ACLs would work if I add access. I tried setting the ACLs using setfacl and then the permissions show full control from XP, but I'm still unable to change permissions or open files. [global] winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = no security = domain workgroup = CPDOM netbios name = FILE_SRV password server = XSERVER server string = [data] comment = FILES path = /files guest ok = yes create mask = 0777 writeable = yes nt acl support = yes oplocks = no browseable = yes dos filemode = yes admin users = CPDOM+admin Hans -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL changes on Samba NT 4.0 Member Server
On 11/1/07, Hans-Wilhelm Heisinger [EMAIL PROTECTED] wrote: I have a Samba 3.0.24-7 on Fedora 6 as a member of an Windows NT 4.0 domain, with a simple share setup with ACLs. The permissions on the share from Windows XP Pro Security tab shows Everyone, and root (Unix Group\root) without any Permissions. When trying to add permissions from XP while logged on as CPDOM+admin the error is display Unable to save permission changes on share name on server name Access is denied. Files can be copied to the share but can't be opened. Below is the smb.conf. I believe ACLs would work if I add access. I tried setting the ACLs using setfacl and then the permissions show full control from XP, but I'm still unable to change permissions or open files. [global] winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = no security = domain workgroup = CPDOM netbios name = FILE_SRV password server = XSERVER server string = [data] comment = FILES path = /files guest ok = yes create mask = 0777 writeable = yes nt acl support = yes oplocks = no browseable = yes dos filemode = yes admin users = Your smb.conf file looks fine. Can CPDOM+admin log into the unix system and create files? You are mounting your unix filesystem with acls enabled? Also can you post an ls -al on /files -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Promoting Samba BDC to PDC
Hi, Our domain is setup with one Primary Domain Controller and two Backup Domain Controllers, and a member server. All domain controllers (PDC and BDCs) are running Gentoo Linux with Samba and LDAP. The member server (fileserver) is a SUNS machine running Solaris. We do everything (add, edit, modify groups and accounts) on the PDC and it will then sync all the changes to the BDC by way of SLURPD, then from the BDC to another BDC. To access the shared file on the member server (Solaris), the user will authenticate using the PDC which is the password server on smb.conf file of the member server. What we want to do in the coming days is to turn off and upgrade the PDC and promote one of the BDC to PDC and don't miss a beat. I first stop slapd, slurpd and samba service on the PDC. I then edit the smb.conf file of one of the BDC and make it a PDC. I also added a new line which is security = user. I run a testparm command after making changes to BDC's smb.conf file and it showed that it is now the Primary Domain Controller. I edit the member server's smb.conf file and change the password server line to match the new PDC. password server = IP of the new PDC I login to one of the test machine and see if I can login and it worked, but when I tried to map to one of our shared drive, it ask for username and password. Somehow the member server doesn't know that the password server has now been changed. There is not much error on the logs that are helpful. I made sure that I restarted the samba service every time I made changes. Please help. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ADS WINBIND WIN2K3 usernames with dots
I am new to this list and fairly new to samba. I am running samba 3.0.24 on debian etch with winbind and krb5 in ads security mode. Everything appears to be working perfectly. I can see users and groups with wbinfo and getent. I can even access shares I setup using the domain admin account from the w2k3 ad infrastructure. The problem is all our username in ad have dots (except the admin). So the usernames are [EMAIL PROTECTED] When I try and set valid users = WORKGROUP\firstname.lastname in smb.conf, I am unable to connect to the share from another machine. If I use a username without dots (and I created a few test ones to try) and set valid users = WORKGROUP\username in smb.conf then I can get into the share no problem. How can I get my usernames with dots to work correctly with samba? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL changes on Samba NT 4.0 Member Server
John, Thank you for the reply. Below is the output from mount and ls -al. Yes I can login as CPDOM+admin and create files, but connecting to the share as CPDOM+admin doesn't work. Hans [EMAIL PROTECTED] ~]# mount /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/hda1 on /boot type ext3 (rw,acl) tmpfs on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) [EMAIL PROTECTED] ~]# ls -al /files total 5196 drwxrwxrwx 3 root root4096 Nov 1 10:17 . drwxr-xr-x 26 root root4096 Nov 1 05:25 .. -rwxrw-rw- 1 root root 413 Feb 24 2006 AS400.WS -rwxrw-rw- 1 root root 398 Jul 27 14:13 dnsb.txt -rwxrw-rw- 1 root root 3100432 May 22 2006 Dsclient.exe drwxrwxrwx 2 root root4096 Apr 7 2005 Fonts -rwxrw-rw- 1 root root1411 Aug 15 08:09 hans.txt -rwxrw-rw- 1 root root 61440 Sep 14 08:57 IDTag.exe -rwxrw-rw- 1 root root 262727 Apr 21 2003 keyfinder.exe -rwxrw-rw- 1 root root 25088 Mar 22 2007 Label6x4 layout with text.doc -rwxrw-rw- 1 root root 60416 Jun 6 09:41 Label proposal II.xls -rwxrw-rw- 1 root root 90112 May 9 2006 OfficeTime.exe -rwxrw-rw- 1 root root 317 Jul 3 07:51 OutputsLisec.txt -rwxrw-rw- 1 root root 173231 May 4 1999 REPLICA.HLP -rwxrw-rw- 1 root root1101 Apr 25 2005 Salesreport.dtf -rw-rw-rw- 1 root root 481 Nov 1 08:42 smb.conf -rwxrw-rw- 1 root root 69632 Mar 4 2004 system.mdw -rwxrw-rw- 1 root root 491008 May 10 13:20 TSClient.doc -rwxrw-rw- 1 root root 782848 Jun 30 2006 WIP LOCATIONS.xls -rwxrw-rw- 1 root root5632 Aug 4 2004 wmi.dll -rwxrw-rw- 1 root root 16930 May 31 1994 XCOPY.EXE John Drescher wrote: On 11/1/07, Hans-Wilhelm Heisinger [EMAIL PROTECTED] wrote: I have a Samba 3.0.24-7 on Fedora 6 as a member of an Windows NT 4.0 domain, with a simple share setup with ACLs. The permissions on the share from Windows XP Pro Security tab shows Everyone, and root (Unix Group\root) without any Permissions. When trying to add permissions from XP while logged on as CPDOM+admin the error is display Unable to save permission changes on share name on server name Access is denied. Files can be copied to the share but can't be opened. Below is the smb.conf. I believe ACLs would work if I add access. I tried setting the ACLs using setfacl and then the permissions show full control from XP, but I'm still unable to change permissions or open files. [global] winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = no security = domain workgroup = CPDOM netbios name = FILE_SRV password server = XSERVER server string = [data] comment = FILES path = /files guest ok = yes create mask = 0777 writeable = yes nt acl support = yes oplocks = no browseable = yes dos filemode = yes admin users = Your smb.conf file looks fine. Can CPDOM+admin log into the unix system and create files? You are mounting your unix filesystem with acls enabled? Also can you post an ls -al on /files -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Member server - group and user mapping with winbind
Hi all I am still unsure of the correct way to configure member servers. I have one PDC (Samba 3.026a on Solaris 9) and several member servers (including Samba 3.026a on Solaris 9 and 10, and Samba 3.024 on Fedora core 6.) Each machine uses NIS for unix accounts. The Samba by Examble Book indicates that even if I am using NIS for user accounts, and not using LDAP for a idmap backend, I still need to use winbindd to map SID's. It isn't clear to me if I do need to update nsswitch.conf to use winbindd. I don't think I want to update nsswitch.conf to use winbindd- after all I still want my unix level logins (e.g. ssh ) to be done against NIS and not windows accounts. If I start smbd and nmbd on a member server, I can connect to a share from a windows 2000 or XP client. If I look at the permissions on a folder, if shows Unix Account/someuser or UnixGroup/somegroup instead of Domain/someuser or domain/someaccount. If I want to add users, I can browser users or groups from the domain but the permissions don't hold. If, after I have already connected to a share, and then start winbindd, the file permissions will show the domain component, and I can set permissions. However, if I start winbindd before I connect to the share, I just get prompted for a user name and password- and I am unable to connect. It doesn't matter how I have configured nsswitch.conf so it it seems that smbd will attempt to use winbindd directly, if available, and not via the name service switch mechanism. Member server smb.conf includes the following: idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind use default domain = yes winbind trusted domains only = no winbind enum users = Yes winbind enum groups = Yes Workgroup = MYDOMAIN security = domain Password server = MYPDC Running wbinfo -u and wbinfo -g on a mamber server (with winbindd running) will list my domain user and groups. I appreciate if any one can share some light on either what the problem is or at least can clarify how winbindd should be working. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Promoting Samba BDC to PDC
On Thu, 2007-11-01 at 10:04 -0700, Ivan Ordonez wrote: What we want to do in the coming days is to turn off and upgrade the PDC and promote one of the BDC to PDC and don't miss a beat. I first stop slapd, slurpd and samba service on the PDC. I then edit the smb.conf file of one of the BDC and make it a PDC. I also added a new line which is security = user. What does it mean you change security ?? What was it before? Are you sure your Domain SIDs are aligned on all DCs ? Simo. -- Simo Sorce Samba Team GPL Compliance Officer [EMAIL PROTECTED] Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP problems
Edmundo Valle Neto wrote: Marcelo Mogrovejo escreveu: Hi (...) I read this documents and i begin again with samba+ldap... This time i have not problems, except when i try to create an user for testing. I create a testuser and i add a password for his but when i try to login with this user, hi doesn't login... for exameple with command su testuser as root it show me Id desconocido: testuser or Unknown Id: testuser. i don't know why happen it... (...) Have you configured NSS? gentent passwd shows the user? NSS is the same of /etc/nsswitch.conf ?? No, getent passwd doesn't show me the users i created... regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC promotion and getlocalsid errror
I relatively recently implemented Samba 3.026a (Solaris PDC)I then moved the PDC role to another machine. On the new pdc I 1st grabbed the domain SID newpdc# net rpc getsid -S oldpdc Storing SID --for Domain MYDOMAIN in secrets.tdb newpdc# and then updated the smb.conf file on each machine to convert the PDC to member server and vice versa. If I ran the net getlocalsid command on the old PDC prior to the migration, it would return the SID for the domain. oldpdc # net getlocalsid MYDOMAIN SID for domain MYDOMAIN is: S-1--99 oldpdc# If I run get getlocalsid on the new PDC I get newpdc# net getlocalsid [2007/11/01 14:52:55, 0] utils/net.c:net_getlocalsid(622) Can't fetch domain SID for name: NEWPDC newpdc # However explicity specifying the domain name seems OK newpdc# net getlocalsid MYDOMAIN SID for domain MYDOMAIN is: S-1--99 As far as I can tell everything is working OK. But did I mis a step in the change over? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hosts Disappearing
I find having all clients point to a WINS server (whether Samba is the WINS client or WINS server) avoids most browsing issues. On 10/25/07, Shawn Everett [EMAIL PROTECTED] wrote: I have a problem with my long-running Samba workgroup where hosts will stop coming up in View Network Computers. Only the UNIX system with Samba running shows up. If I restart Samba on the UNIX system then the hosts start showing up again in a few minutes. Any thoughts out there? Thanks, Rick Past experience with this is that it's a browser service issue. Programs like browmon and browstat can be downloaded to figure out which machine thinks it's the master browser on the network. An easy fix is to disable/stop the computer browser service on all machines except the server. Shawn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compile samba to ARM cross compiler
On 31/10/07 05:26, herman [EMAIL PROTECTED] wrote: hce wrote: Hi, Can the samba be compiled by ARM cross compiler (arm/3.4.1/arm-linux)? I am currently downloaded samba-3.0.26a tar ball. I guess I have following two choices, please advice which one make sense. 1. Run configurate under a linux pc distribution such as FC6, then modify Makefile to the cross compiler path and lib. 2. Modify configurate to directly run under ARM cross compiler. Thank you. Jim 1 and 2 amounts to the same thing. I have compiled Samba for the Arm about 5 years ago, so it can probably still be done. Please don't ask me anything about it though... :) It was also how the Linux-based ARM PDA Sharp Zaurus exported local data to the PC it was syncing with. Latest version of the OS for that must be about four years now, so the unit is just old enough that I _think_ it must have run Samba 2.X. If Samba 3.X fails you may want to try that, at least it's known to have been run on ARM. Bjørn -- Bjørn Tore Sund Phone: 555-84894 Email: [EMAIL PROTECTED] IT department VIP: 81724 Support: http://bs.uib.no Univ. of Bergen When in fear and when in doubt, run in circles, scream and shout. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] several users with several printers
Ok but I have 2000 users and 600 printers. Do you have something working to map the printers to the users, or group of users, in the build time of the netlogon? How do you setup permissions in the samba to allow or deny access to the printers? Do you set individual printers like shares in the samba? Tnxs in advance. Roel van Meer wrote: Guido Lorenzutti writes: Hi people. I have a Samba PDC with Microsoft Clients. My printserver is a CUPS and I would like to know how do you handle if you have more than 2000 users and you have to set up the printers for each one. Do you use a netlogon script to map the printers? Do you set individual permissions for each printer in the samba? Do you setup every printer by hand? We use automatically generated login scripts from which the printers are added. For this, we use the following command: RUNDLL32 PRINTUI.DLL,PrintUIEntry /in /q /n\\SERVERNAME\PRINTERNAME The precise grokking of this has been excellently described in my dead-tree version of the official samba-3 howto and reference guide. Regards, roel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticates on lan but not through VPN
Hi We have a samba server which has been working fine for four years, SAMBA is configured as an Active directory domain member (SECURITY=ADS in the conf file), using Kerberos tickets to allow it to authenticate users. SAMBA is not however performing in pure native ADS mode as it is using WINBIND TRUSTED DOMAINS ONLY=YES Local and VPN connected users have worked fine. About a week ago we added a Windows 2003r2 server as a domain controller this involved upgrading the schema on the w2000 server to let it work with the 2003 server. Things seemed to be working Ok until four days later when we restarted the samba server (after making all the servers use the same time server). We were getting error rec_free read bad magic messages in /var/log/messages saying the tdb files are corrupt, Though this has now stopped. It now no longer authenticates users who access the samba server through the VPN, though local users are fine. VPN users are asked to type in a username and password, repeatedly even if they enter the correct ones. No firewall, samba.conf or VPN settings have been changed. Any ideas what we can do to allow the external VPN users connect again. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] BUILTIN groups mapping via winbind!!
Kaustubh Chaudhari wrote: Hi Herman. This is really a helpful information, but i am not able to understand why in built group we cant see a mapping for a normal user, as if we look Builtin is also a OU and we have some Builtin users and groups in it. If i create a OU and groups or users in it than i can see all those but just not with Buitin. Feel free to correct me, if you find i am wrong. Thanks for your interest in this. Regards, Kaustubh. Well, I have found that Winbind can get confused when you do things in ADS that you should not do - for example cross linked users and groups after you dragged records around. WinXP clients may still work, but the only way to fix Winbind is to delete the offending records in ADS. The problem is that how you are supposed to find the offending records is impossible to say. Sometimes you can fix it by trying to remember when it last worked and deleting everything that was changed since. Sometimes, the only way to fix things is to give up and re-install ADS. Sooo, try to roll back till you get to a working situation, then make your changes very carefully and with frequent backups. I run ADS on VMware and take a snapshot before every change I make to it, so I can roll back without too much hassle as soon as things stop working. Unfortunately, Winbind is still immature and not as robust as one may like it to be. Cheers, Herman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL changes on Samba NT 4.0 Member Server
On 11/1/07, Hans-Wilhelm Heisinger [EMAIL PROTECTED] wrote: John, Thank you for the reply. Below is the output from mount and ls -al. Yes I can login as CPDOM+admin and create files, but connecting to the share as CPDOM+admin doesn't work. Hans [EMAIL PROTECTED] ~]# mount /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/hda1 on /boot type ext3 (rw,acl) tmpfs on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) [EMAIL PROTECTED] ~]# ls -al /files total 5196 drwxrwxrwx 3 root root4096 Nov 1 10:17 . drwxr-xr-x 26 root root4096 Nov 1 05:25 .. -rwxrw-rw- 1 root root 413 Feb 24 2006 AS400.WS -rwxrw-rw- 1 root root 398 Jul 27 14:13 dnsb.txt -rwxrw-rw- 1 root root 3100432 May 22 2006 Dsclient.exe drwxrwxrwx 2 root root4096 Apr 7 2005 Fonts -rwxrw-rw- 1 root root1411 Aug 15 08:09 hans.txt -rwxrw-rw- 1 root root 61440 Sep 14 08:57 IDTag.exe -rwxrw-rw- 1 root root 262727 Apr 21 2003 keyfinder.exe -rwxrw-rw- 1 root root 25088 Mar 22 2007 Label6x4 layout with text.doc -rwxrw-rw- 1 root root 60416 Jun 6 09:41 Label proposal II.xls -rwxrw-rw- 1 root root 90112 May 9 2006 OfficeTime.exe -rwxrw-rw- 1 root root 317 Jul 3 07:51 OutputsLisec.txt -rwxrw-rw- 1 root root 173231 May 4 1999 REPLICA.HLP -rwxrw-rw- 1 root root1101 Apr 25 2005 Salesreport.dtf -rw-rw-rw- 1 root root 481 Nov 1 08:42 smb.conf -rwxrw-rw- 1 root root 69632 Mar 4 2004 system.mdw -rwxrw-rw- 1 root root 491008 May 10 13:20 TSClient.doc -rwxrw-rw- 1 root root 782848 Jun 30 2006 WIP LOCATIONS.xls -rwxrw-rw- 1 root root5632 Aug 4 2004 wmi.dll -rwxrw-rw- 1 root root 16930 May 31 1994 XCOPY.EXE It is possible the problem is that the owner and group of the share are both root. I never do that for any of my working samba shares. The owner can be a user or possibly root but the group is always a group that the users I want to change acls. I see from the docs that dos filemode is supposed to fix that so maybe this is not the case. Can you set a log level of 10 and see if there are any errors caused when you try to change the acls? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] BUILTIN groups mapping via winbind!!
Hi Herman, Ok, i got an idea, thanks a lot for putting your time in this and helping me out. :) Regards, Kaustubh herman wrote: Kaustubh Chaudhari wrote: Hi Herman. This is really a helpful information, but i am not able to understand why in built group we cant see a mapping for a normal user, as if we look Builtin is also a OU and we have some Builtin users and groups in it. If i create a OU and groups or users in it than i can see all those but just not with Buitin. Feel free to correct me, if you find i am wrong. Thanks for your interest in this. Regards, Kaustubh. Well, I have found that Winbind can get confused when you do things in ADS that you should not do - for example cross linked users and groups after you dragged records around. WinXP clients may still work, but the only way to fix Winbind is to delete the offending records in ADS. The problem is that how you are supposed to find the offending records is impossible to say. Sometimes you can fix it by trying to remember when it last worked and deleting everything that was changed since. Sometimes, the only way to fix things is to give up and re-install ADS. Sooo, try to roll back till you get to a working situation, then make your changes very carefully and with frequent backups. I run ADS on VMware and take a snapshot before every change I make to it, so I can roll back without too much hassle as soon as things stop working. Unfortunately, Winbind is still immature and not as robust as one may like it to be. Cheers, Herman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Jonathan Parr presents www.libeldefense.com
www.libeldefense.com Costs are widely varying at this level of service. Some charge a basic setup fee then charge you for 'click-throughs'. Paying a fee each time someone visits your site is unpredictable and can get very costly. Others charge setup fees then have a 'pay on results' system where you pay an agreed commission when one of your pages reaches a top 10 or 20 position on a targeted search engine. This approach is incentive driven and provides you with a 'maximum cost exposure' at the start of the job. Others charge based on an hourly rate and provide 'best endeavors' to achieve the rankings you require, without any guarantees. Developing a better understanding of how it all works will help you decide the best approach for your web site, and will help you make an informed decision based on realistic expectations. http://libeldefense.studioathome.com/ http://libeldefense.blogspirit.com/ http://libeldefense.blogster.com/jonathan_parr_presents.html http://libeldefense.livejournal.com/723.html http://libeldefense.blogspot.com/ http://www.bloglines.com/blog/libeldefense http://libeldefense.bloghi.com/ http://libeldefense.tripod.com/libeldefense/ http://www.yasvs.com/ http://www.greatestjournal.com/users/libeldefense http://www.greatestjournal.com/users/libeldefense/362.html http://www.naymz.com/search/jonathan/parr/1314951 http://www.xanga.com/libeldefense http://libeldefense.multiply.com/journal/ http://20six.co.uk/libeldefense/ http://libeldefense.blogsome.com/ http://www.freewebs.com/libeldefense/ http://dangerell.googlepages.com/home http://www.opendiary.com/entrylist.asp?authorcode=D736464 http://libeldefense.bravehost.com/index.html http://www.my-diary.org/users/296432 http://www.my-diary.org/edit/?action=viewentryentryid=541256338 http://libeldefense.blog.co.uk/ http://clearblogs.com/libeldefense/78969/Jonathan+Parr+presents+www.libeldefense.com.html http://libeldefense.bloggerteam.com/entry.php?u=libeldefensee_id=293138 http://www.ebloggy.com/blog.php?username=libeldefenseid=1 http://libeldefense.blogs.ie/ http://www.teenblog.org/libeldefense/ http://libeldefense.myweblog.com/2007/10/27/jonathan-parr-presents-wwwlibeldefensecom/ http://libeldefense.egoweblog.com/ http://www.bahraichblogs.com/libeldefense/5952/ http://libeldefense.blogbeee.com/ http://portal.blogfusion.com/blogs/libeldefense/ http://noss123network.ning.com/profile/JonathanParr PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r25773 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: sahlberg Date: 2007-11-01 08:00:36 + (Thu, 01 Nov 2007) New Revision: 25773 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25773 Log: update frsrpc.idl and add some more comments Modified: branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl === --- branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl 2007-11-01 04:00:05 UTC (rev 25772) +++ branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl 2007-11-01 08:00:36 UTC (rev 25773) @@ -13,7 +13,25 @@ { /*/ /* Function 0x00 */ + + /* TAG:3 this TLV contains a GUID and the name of the server sending +* the call +*/ typedef struct { + [subcontext(4)] GUID unknown1; + [subcontext(4)] nstring source_server; + } frsrpc_FrsSendCommPktChunkDataSSRV; + + /* TAG:4 this TLV contains a GUID and the name of the destination +* server the PDU is sent to +*/ + typedef struct { + [subcontext(4)] GUID unknown1; + [subcontext(4)] nstring dest_server; + } frsrpc_FrsSendCommPktChunkDataDSRV; + + + typedef struct { uint32 unknown1; } frsrpc_FrsSendCommPktChunkDataA; @@ -36,8 +54,8 @@ [default,flag(NDR_REMAINING)] DATA_BLOB blob; [case(1)] frsrpc_FrsSendCommPktChunkDataA A; [case(2)] frsrpc_FrsSendCommPktChunkDataA A; - [case(3)] frsrpc_FrsSendCommPktChunkDataB B; - [case(4)] frsrpc_FrsSendCommPktChunkDataB B; + [case(3)] frsrpc_FrsSendCommPktChunkDataSSRV SSRV; + [case(4)] frsrpc_FrsSendCommPktChunkDataDSRV DSRV; [case(5)] frsrpc_FrsSendCommPktChunkDataB B; [case(8)] frsrpc_FrsSendCommPktChunkDataB B; [case(6)] frsrpc_FrsSendCommPktChunkDataC C; @@ -73,10 +91,10 @@ uint32 unknown8; uint32 unknown9; /* -* the format of this blob is this: +* The format of this blob is this a concatenation +* of TLVs which are not really NDR encoded. * -* some of the folloeing chunks are concatenated: -* +* The individual TLVs are encoded as : * struct { * uint16 type; * [subcontext(4),switch_is(type)] chunk_data data; @@ -89,6 +107,12 @@ * struct GUID guid; * lstring string; * } ...; +* +* +* The tags are (might be) : +* 3: Source server sending the PDU +* 4: Destination server the PDU is sent to +* */ [subcontext(4)/*,size_is(tlv_size)*/] frsrpc_FrsSendCommPktChunkCtr *chunks; uint32 unknown10;
svn commit: samba r25775 - in branches/SAMBA_4_0/source/libcli/cldap: .
Author: metze Date: 2007-11-01 08:15:41 + (Thu, 01 Nov 2007) New Revision: 25775 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25775 Log: use ndr_pull_union_blob_all() in CLDAP code metze Modified: branches/SAMBA_4_0/source/libcli/cldap/cldap.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/cldap/cldap.c === --- branches/SAMBA_4_0/source/libcli/cldap/cldap.c 2007-11-01 08:10:54 UTC (rev 25774) +++ branches/SAMBA_4_0/source/libcli/cldap/cldap.c 2007-11-01 08:15:41 UTC (rev 25775) @@ -614,16 +614,16 @@ } data = search.out.response-attributes[0].values; - status = ndr_pull_union_blob(data, mem_ctx, io-out.netlogon, -io-in.version 0xF, - (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); + status = ndr_pull_union_blob_all(data, mem_ctx, io-out.netlogon, +io-in.version 0xF, + (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); if (!NT_STATUS_IS_OK(status)) { DEBUG(2,(cldap failed to parse netlogon response of type 0x%02x\n, SVAL(data-data, 0))); dump_data(10, data-data, data-length); } - return status; + return NT_STATUS_OK; } /*
svn commit: samba r25776 - in branches/SAMBA_4_0/source/librpc/ndr: .
Author: metze Date: 2007-11-01 09:48:42 + (Thu, 01 Nov 2007) New Revision: 25776 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25776 Log: ndr compression: make use of NDR_CHECK() and not use NTSTATUS directly metze Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c === --- branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c 2007-11-01 08:15:41 UTC (rev 25775) +++ branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c 2007-11-01 09:48:42 UTC (rev 25776) @@ -26,7 +26,8 @@ static NTSTATUS ndr_pull_compression_mszip_chunk(struct ndr_pull *ndrpull, struct ndr_push *ndrpush, -struct decomp_state *decomp_state) +struct decomp_state *decomp_state, +bool *last) { DATA_BLOB comp_chunk; uint32_t comp_chunk_offset; @@ -65,17 +66,16 @@ if ((plain_chunk_size 0x8000) || (ndrpull-offset+4 = ndrpull-data_size)) { /* this is the last chunk */ - return NT_STATUS_OK; + *last = true; } - return NT_STATUS_MORE_PROCESSING_REQUIRED; + return NT_STATUS_OK; } static NTSTATUS ndr_pull_compression_mszip(struct ndr_pull *subndr, struct ndr_pull **_comndr, ssize_t decompressed_len) { - NTSTATUS status = NT_STATUS_MORE_PROCESSING_REQUIRED; struct ndr_push *ndrpush; struct ndr_pull *comndr; DATA_BLOB uncompressed; @@ -84,6 +84,7 @@ uint32_t payload_offset; uint8_t *payload; struct decomp_state *decomp_state; + bool last = false; ndrpush = ndr_push_init_ctx(subndr); NT_STATUS_HAVE_NO_MEMORY(ndrpush); @@ -91,10 +92,9 @@ decomp_state = ZIPdecomp_state(subndr); NT_STATUS_HAVE_NO_MEMORY(decomp_state); - while (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) { - status = ndr_pull_compression_mszip_chunk(subndr, ndrpush, decomp_state); + while (!last) { + NDR_CHECK(ndr_pull_compression_mszip_chunk(subndr, ndrpush, decomp_state, last)); } - NT_STATUS_NOT_OK_RETURN(status); uncompressed = ndr_push_blob(ndrpush); @@ -152,7 +152,8 @@ } static NTSTATUS ndr_pull_compression_xpress_chunk(struct ndr_pull *ndrpull, - struct ndr_push *ndrpush) + struct ndr_push *ndrpush, + bool *last) { DATA_BLOB comp_chunk; uint32_t comp_chunk_offset; @@ -181,28 +182,27 @@ if ((plain_chunk_size 0x0001) || (ndrpull-offset+4 = ndrpull-data_size)) { /* this is the last chunk */ - return NT_STATUS_OK; + *last = true; } - return NT_STATUS_MORE_PROCESSING_REQUIRED; + return NT_STATUS_OK; } static NTSTATUS ndr_pull_compression_xpress(struct ndr_pull *subndr, struct ndr_pull **_comndr, ssize_t decompressed_len) { - NTSTATUS status = NT_STATUS_MORE_PROCESSING_REQUIRED; struct ndr_push *ndrpush; struct ndr_pull *comndr; DATA_BLOB uncompressed; + bool last = false; ndrpush = ndr_push_init_ctx(subndr); NT_STATUS_HAVE_NO_MEMORY(ndrpush); - while (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) { - status = ndr_pull_compression_xpress_chunk(subndr, ndrpush); + while (!last) { + NDR_CHECK(ndr_pull_compression_xpress_chunk(subndr, ndrpush, last)); } - NT_STATUS_NOT_OK_RETURN(status); uncompressed = ndr_push_blob(ndrpush);
svn commit: samba r25778 - in branches/SAMBA_4_0/source/librpc/ndr: .
Author: metze Date: 2007-11-01 10:13:36 + (Thu, 01 Nov 2007) New Revision: 25778 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25778 Log: use NT_STATUS_HAVE_NO_MEMORY() and NDR_CHECK() macros metze Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c === --- branches/SAMBA_4_0/source/librpc/ndr/ndr.c 2007-11-01 09:50:24 UTC (rev 25777) +++ branches/SAMBA_4_0/source/librpc/ndr/ndr.c 2007-11-01 10:13:36 UTC (rev 25778) @@ -728,10 +728,9 @@ { struct ndr_pull *ndr; ndr = ndr_pull_init_blob(blob, mem_ctx); - if (!ndr) { - return NT_STATUS_NO_MEMORY; - } - return fn(ndr, NDR_SCALARS|NDR_BUFFERS, p); + NT_STATUS_HAVE_NO_MEMORY(ndr); + NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p)); + return NT_STATUS_OK; } /* @@ -741,14 +740,9 @@ ndr_pull_flags_fn_t fn) { struct ndr_pull *ndr; - NTSTATUS status; - ndr = ndr_pull_init_blob(blob, mem_ctx); - if (!ndr) { - return NT_STATUS_NO_MEMORY; - } - status = fn(ndr, NDR_SCALARS|NDR_BUFFERS, p); - if (!NT_STATUS_IS_OK(status)) return status; + NT_STATUS_HAVE_NO_MEMORY(ndr); + NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p)); if (ndr-offset ndr-data_size) { return ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES, not all bytes consumed ofs[%u] size[%u], @@ -765,11 +759,10 @@ { struct ndr_pull *ndr; ndr = ndr_pull_init_blob(blob, mem_ctx); - if (!ndr) { - return NT_STATUS_NO_MEMORY; - } + NT_STATUS_HAVE_NO_MEMORY(ndr); ndr_pull_set_switch_value(ndr, p, level); - return fn(ndr, NDR_SCALARS|NDR_BUFFERS, p); + NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p)); + return NT_STATUS_OK; } /* @@ -780,15 +773,10 @@ uint32_t level, ndr_pull_flags_fn_t fn) { struct ndr_pull *ndr; - NTSTATUS status; - ndr = ndr_pull_init_blob(blob, mem_ctx); - if (!ndr) { - return NT_STATUS_NO_MEMORY; - } + NT_STATUS_HAVE_NO_MEMORY(ndr); ndr_pull_set_switch_value(ndr, p, level); - status = fn(ndr, NDR_SCALARS|NDR_BUFFERS, p); - if (!NT_STATUS_IS_OK(status)) return status; + NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p)); if (ndr-offset ndr-data_size) { return ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES, not all bytes consumed ofs[%u] size[%u],
svn commit: samba r25779 - in branches/SAMBA_4_0/source/librpc/ndr: .
Author: metze Date: 2007-11-01 10:15:13 + (Thu, 01 Nov 2007) New Revision: 25779 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25779 Log: the return value of ndr_pull_set_switch_value() should be checked metze Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c === --- branches/SAMBA_4_0/source/librpc/ndr/ndr.c 2007-11-01 10:13:36 UTC (rev 25778) +++ branches/SAMBA_4_0/source/librpc/ndr/ndr.c 2007-11-01 10:15:13 UTC (rev 25779) @@ -760,7 +760,7 @@ struct ndr_pull *ndr; ndr = ndr_pull_init_blob(blob, mem_ctx); NT_STATUS_HAVE_NO_MEMORY(ndr); - ndr_pull_set_switch_value(ndr, p, level); + NDR_CHECK(ndr_pull_set_switch_value(ndr, p, level)); NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p)); return NT_STATUS_OK; } @@ -775,7 +775,7 @@ struct ndr_pull *ndr; ndr = ndr_pull_init_blob(blob, mem_ctx); NT_STATUS_HAVE_NO_MEMORY(ndr); - ndr_pull_set_switch_value(ndr, p, level); + NDR_CHECK(ndr_pull_set_switch_value(ndr, p, level)); NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p)); if (ndr-offset ndr-data_size) { return ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES,
svn commit: samba r25780 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: metze Date: 2007-11-01 11:43:00 + (Thu, 01 Nov 2007) New Revision: 25780 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25780 Log: fix bool return metze Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2007-11-01 10:15:13 UTC (rev 25779) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2007-11-01 11:43:00 UTC (rev 25780) @@ -51,7 +51,7 @@ status = ndr_push_struct_blob(v, msg, sid, (ndr_push_flags_fn_t)ndr_push_dom_sid); if (!NT_STATUS_IS_OK(status)) { - return -1; + return false; } return (ldb_msg_add_value(msg, name, v, NULL) == 0); }
svn commit: samba r25781 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs
Author: abartlet Date: 2007-11-01 12:34:06 + (Thu, 01 Nov 2007) New Revision: 25781 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25781 Log: Handle and test linked attribute renames. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c 2007-11-01 11:43:00 UTC (rev 25780) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c 2007-11-01 12:34:06 UTC (rev 25781) @@ -41,6 +41,8 @@ struct ldb_request **down_req; int num_requests; int finished_requests; + + const char **linked_attrs; }; static struct linked_attributes_context *linked_attributes_init_handle(struct ldb_request *req, @@ -369,22 +371,323 @@ return ret; } -/* delete */ -static int linked_attributes_delete(struct ldb_module *module, struct ldb_request *req) +static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, + struct linked_attributes_context *ac, + struct ldb_message *msg, + struct ldb_dn *olddn, struct ldb_dn *newdn) { - /* Look up list of linked attributes */ - /* Search to see if any linked attributes are in this entry */ - return ldb_next_request(module, req); + int i, j, ret = LDB_SUCCESS; + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + /* Look up each of the returned attributes */ + /* Find their schema */ + /* And it is an actual entry: now create a series of modify requests */ + for (i=0; i msg-num_elements; i++) { + int otherid; + const struct dsdb_attribute *target_attr; + const struct ldb_message_element *el = msg-elements[i]; + const struct dsdb_attribute *schema_attr + = dsdb_attribute_by_lDAPDisplayName(schema, el-name); + if (!schema_attr) { + ldb_asprintf_errstring(ldb, + attribute %s is not a valid attribute in schema, el-name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + /* We have a valid attribute, but if it's not linked they maybe we just got an extra return on our search... */ + if (schema_attr-linkID == 0) { + continue; + } + + /* Depending on which direction this link is in, we need to find it's partner */ + if ((schema_attr-linkID 1) == 1) { + otherid = schema_attr-linkID - 1; + } else { + otherid = schema_attr-linkID + 1; + } + + /* Now find the target attribute */ + target_attr = dsdb_attribute_by_linkID(schema, otherid); + if (!target_attr) { + ldb_asprintf_errstring(ldb, + attribute %s does not have valid link target, el-name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + + /* For each value being moded, we need to setup the modify */ + for (j=0; j el-num_values; j++) { + struct ldb_message_element *ret_el; + struct ldb_request *new_req; + /* Create the modify request */ + struct ldb_message *new_msg = ldb_msg_new(ac-down_req); + if (!new_msg) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + new_msg-dn = ldb_dn_new(new_msg, ldb, (char *)el-values[j].data); + if (!new_msg-dn) { + ldb_asprintf_errstring(ldb, + attribute %s value %s was not a valid DN, msg-elements[i].name, + el-values[j].data); + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + + if (olddn) { + ret = ldb_msg_add_empty(new_msg, target_attr-lDAPDisplayName, + LDB_FLAG_MOD_DELETE, ret_el); + if (ret != LDB_SUCCESS) { + return ret; + } + ret_el-values =
svn commit: samba r25782 - in branches/SAMBA_4_0/source/librpc/ndr: .
Author: metze Date: 2007-11-01 12:39:12 + (Thu, 01 Nov 2007) New Revision: 25782 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25782 Log: use NT_STATUS_HAVE_NO_MEMORY() metze Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_spoolss_buf.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_spoolss_buf.c === --- branches/SAMBA_4_0/source/librpc/ndr/ndr_spoolss_buf.c 2007-11-01 12:34:06 UTC (rev 25781) +++ branches/SAMBA_4_0/source/librpc/ndr/ndr_spoolss_buf.c 2007-11-01 12:39:12 UTC (rev 25782) @@ -56,7 +56,7 @@ if (r-in.buffer) {\ DATA_BLOB _data_blob_info;\ _ndr_info = ndr_push_init_ctx(ndr);\ - if (!_ndr_info) return NT_STATUS_NO_MEMORY;\ + NT_STATUS_HAVE_NO_MEMORY(_ndr_info);\ _ndr_info-flags= ndr-flags;\ if (r-out.info) {\ struct __##fn __r;\ @@ -121,7 +121,7 @@ r-out.result = _r.out.result;\ if (_r.out.info) {\ struct ndr_pull *_ndr_info = ndr_pull_init_blob(_r.out.info, ndr);\ - if (!_ndr_info) return NT_STATUS_NO_MEMORY;\ + NT_STATUS_HAVE_NO_MEMORY(_ndr_info);\ _ndr_info-flags= ndr-flags;\ if (r-in.offered != _ndr_info-data_size) {\ return ndr_pull_error(ndr, NDR_ERR_BUFSIZE,\ @@ -415,7 +415,7 @@ { struct __spoolss_GetPrinterData __r; _ndr_info = ndr_push_init_ctx(ndr); - if (!_ndr_info) return NT_STATUS_NO_MEMORY; + NT_STATUS_HAVE_NO_MEMORY(_ndr_info); _ndr_info-flags= ndr-flags; __r.in.type = r-out.type; __r.out.data= r-out.data; @@ -470,7 +470,7 @@ if (_r.out.data.length 0 r-out.needed = _r.out.data.length) { struct __spoolss_GetPrinterData __r; struct ndr_pull *_ndr_data = ndr_pull_init_blob(_r.out.data, ndr); - if (!_ndr_data) return NT_STATUS_NO_MEMORY; + NT_STATUS_HAVE_NO_MEMORY(_ndr_data); _ndr_data-flags= ndr-flags; __r.in.type = r-out.type; __r.out.data= r-out.data; @@ -495,7 +495,7 @@ DATA_BLOB _data_blob_data; _ndr_data = ndr_push_init_ctx(ndr);\ - if (!_ndr_data) return NT_STATUS_NO_MEMORY;\ + NT_STATUS_HAVE_NO_MEMORY(_ndr_data);\ _ndr_data-flags= ndr-flags;\ __r.in.type = r-in.type;
svn commit: samba r25783 - in branches/SAMBA_4_0/source/lib/socket_wrapper: .
Author: metze Date: 2007-11-01 13:10:59 + (Thu, 01 Nov 2007) New Revision: 25783 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25783 Log: socket_wrapper: don't include includes.h metze Modified: branches/SAMBA_4_0/source/lib/socket_wrapper/socket_wrapper.c Changeset: Modified: branches/SAMBA_4_0/source/lib/socket_wrapper/socket_wrapper.c === --- branches/SAMBA_4_0/source/lib/socket_wrapper/socket_wrapper.c 2007-11-01 12:39:12 UTC (rev 25782) +++ branches/SAMBA_4_0/source/lib/socket_wrapper/socket_wrapper.c 2007-11-01 13:10:59 UTC (rev 25783) @@ -42,20 +42,11 @@ #ifdef _SAMBA_BUILD_ #define SOCKET_WRAPPER_NOT_REPLACE -#include includes.h +#include lib/replace/replace.h #include system/network.h #include system/filesys.h +#include system/time.h -#ifdef malloc -#undef malloc -#endif -#ifdef calloc -#undef calloc -#endif -#ifdef strdup -#undef strdup -#endif - #else /* _SAMBA_BUILD_ */ #include sys/types.h @@ -74,8 +65,10 @@ #include string.h #include stdio.h -#define _PUBLIC_ +#endif +#ifndef _PUBLIC_ +#define _PUBLIC_ #endif #define SWRAP_DLIST_ADD(list,item) do { \
Re: svn commit: samba r25781 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25781 Log: Handle and test linked attribute renames. Hi Andrew, please also commit dsdb_linked_attribute_lDAPDisplayName_list() metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHKdB3m70gjA5TCD8RAvFSAKCr4NH831xbf8GpwIkvNYMuXjAa9QCgmOQq 7m5caqhs02Dx76343G4DcLY= =vmP7 -END PGP SIGNATURE-
svn commit: samba r25784 - in branches/SAMBA_4_0/source/librpc/ndr: .
Author: metze Date: 2007-11-01 13:22:20 + (Thu, 01 Nov 2007) New Revision: 25784 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25784 Log: fix compiler warning metze Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c === --- branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c 2007-11-01 13:10:59 UTC (rev 25783) +++ branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c 2007-11-01 13:22:20 UTC (rev 25784) @@ -143,7 +143,7 @@ _oid = data_blob_hex_string(ndr, _oid_array); NT_STATUS_HAVE_NO_MEMORY(_oid); } else { - _OID_PULL_CHECK(ber_read_OID_String(r-oid, _oid_array, _oid)); + _OID_PULL_CHECK(ber_read_OID_String(ndr, _oid_array, _oid)); } data_blob_free(_oid_array); talloc_steal(r-oid, _oid);
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-149-g6913536
The branch, v3-2-test has been updated via 69135360648e395eda29b15625b20a877e38bdd8 (commit) from 8a77f520fa03afa60eac2aaeab4babe7dd8db4f0 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 69135360648e395eda29b15625b20a877e38bdd8 Author: Michael Adam [EMAIL PROTECTED] Date: Thu Nov 1 14:24:27 2007 +0100 Enable building the zfsacl VFS module by specifying --with-shared-modules=vfs_zfsacl on the configure command line. Michael --- Summary of changes: source/configure.in |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/configure.in b/source/configure.in index 80e57f8..9e1ebef 100644 --- a/source/configure.in +++ b/source/configure.in @@ -6295,6 +6295,7 @@ SMB_MODULE(vfs_gpfs, \$(VFS_GPFS_OBJ), bin/gpfs.$SHLIBEXT, VFS) SMB_MODULE(vfs_readahead, \$(VFS_READAHEAD_OBJ), bin/readahead.$SHLIBEXT, VFS) SMB_MODULE(vfs_fileid, \$(VFS_FILEID_OBJ), bin/fileid.$SHLIBEXT, VFS) SMB_MODULE(vfs_syncops, \$(VFS_SYNCOPS_OBJ), bin/syncops.$SHLIBEXT, VFS) +SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), bin/zfsacl.$SHLIBEXT, VFS) SMB_SUBSYSTEM(VFS,smbd/vfs.o) -- Samba Shared Repository
svn commit: samba-docs r1201 - in trunk/manpages-3: .
Author: lmuelle Date: 2007-11-01 13:45:31 + (Thu, 01 Nov 2007) New Revision: 1201 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1201 Log: Fix type in SAM SET PWDMUSTCHANGENOW reported by Frederik Teichert of zmnh.uni-hamburg.de. Modified: trunk/manpages-3/net.8.xml Changeset: Modified: trunk/manpages-3/net.8.xml === --- trunk/manpages-3/net.8.xml 2007-10-30 14:04:26 UTC (rev 1200) +++ trunk/manpages-3/net.8.xml 2007-11-01 13:45:31 UTC (rev 1201) @@ -1122,7 +1122,7 @@ /refsect2 refsect2 -titleSAM SET PWMUSTCHANGENOW lt;NAMEgt; [yes|no]/title +titleSAM SET PWDMUSTCHANGENOW lt;NAMEgt; [yes|no]/title para Set or unset the password must change flag for a user account.
Jonathan Parr presents www.libeldefense.com
www.libeldefense.com Most people have limited knowledge when it comes to search engine ranking and the various types of services on offer. We all know that having top 10 positions on some of the leading engines can bring all the traffic we can handle, and then some. But how do we get those top 10 listings and what should we expect to pay to get them? September 6, 2000 A simple way to approach this is to look at your competition. Do a quick search on one of the leading engines like What U Seek, Google or AltaVista, using a search phrase that people might use when looking for your products or services, and check the number on the first results page that shows how many pages have been found. http://libeldefense.studioathome.com/ http://libeldefense.blogspirit.com/ http://libeldefense.blogster.com/jonathan_parr_presents.html http://libeldefense.livejournal.com/723.html http://libeldefense.blogspot.com/ http://www.bloglines.com/blog/libeldefense http://libeldefense.bloghi.com/ http://libeldefense.tripod.com/libeldefense/ http://www.yasvs.com/ http://www.greatestjournal.com/users/libeldefense http://www.greatestjournal.com/users/libeldefense/362.html http://www.naymz.com/search/jonathan/parr/1314951 http://www.xanga.com/libeldefense http://libeldefense.multiply.com/journal/ http://20six.co.uk/libeldefense/ http://libeldefense.blogsome.com/ http://www.freewebs.com/libeldefense/ http://dangerell.googlepages.com/home http://www.opendiary.com/entrylist.asp?authorcode=D736464 http://libeldefense.bravehost.com/index.html http://www.my-diary.org/users/296432 http://www.my-diary.org/edit/?action=viewentryentryid=541256338 http://libeldefense.blog.co.uk/ http://clearblogs.com/libeldefense/78969/Jonathan+Parr+presents+www.libeldefense.com.html http://libeldefense.bloggerteam.com/entry.php?u=libeldefensee_id=293138 http://www.ebloggy.com/blog.php?username=libeldefenseid=1 http://libeldefense.blogs.ie/ http://www.teenblog.org/libeldefense/ http://libeldefense.myweblog.com/2007/10/27/jonathan-parr-presents-wwwlibeldefensecom/ http://libeldefense.egoweblog.com/ http://www.bahraichblogs.com/libeldefense/5952/ http://libeldefense.blogbeee.com/ http://portal.blogfusion.com/blogs/libeldefense/ http://noss123network.ning.com/profile/JonathanParr
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-150-g5cf2811
The branch, v3-2-test has been updated via 5cf2811e8e1d9e6a1114bbdff89c333d5b374282 (commit) from 69135360648e395eda29b15625b20a877e38bdd8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 5cf2811e8e1d9e6a1114bbdff89c333d5b374282 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Nov 1 10:21:27 2007 -0700 Add missing recvfile_bytes element - noticed by Kukks. Jeremy. --- Summary of changes: source/include/smbprofile.h |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/smbprofile.h b/source/include/smbprofile.h index acd8460..864f2bf 100644 --- a/source/include/smbprofile.h +++ b/source/include/smbprofile.h @@ -741,6 +741,7 @@ struct profile_stats { unsigned syscall_read_bytes; unsigned syscall_write_bytes; unsigned syscall_sendfile_bytes; + unsigned syscall_recvfile_bytes; /* stat cache counters */ unsigned statcache_lookups; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-151-g94f2c35
The branch, v3-2-test has been updated via 94f2c35a683eace7f9f3dad9748aaec93f7c534f (commit) from 5cf2811e8e1d9e6a1114bbdff89c333d5b374282 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 94f2c35a683eace7f9f3dad9748aaec93f7c534f Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Oct 31 15:06:22 2007 +0100 save memory Hi! Attached find a patch that I've wanted to check in for ages. The whole area probably needs a major rewrite, but this is a minimal patch that on a 32-bit box saves 1.5k per smbd per defined share, twice as much on a 64-bit box. Volker From ebb80e664ecc49eb597a45cb57e1067fbae49e62 Mon Sep 17 00:00:00 2001 From: Volker Lendecke [EMAIL PROTECTED] Date: Wed, 31 Oct 2007 15:04:34 +0100 Subject: [PATCH] Change global-copymap from bool* to a bitmap We right now have 401 parameters, so with bool being represented as a 64-bit integer this saves about 3k of memory per smbd per share that is defined in smb.conf. --- Summary of changes: source/param/loadparm.c | 27 +++ 1 files changed, 15 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source/param/loadparm.c b/source/param/loadparm.c index a5b2647..163f417 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -441,7 +441,7 @@ typedef struct { bool bStrictAllocate; bool bStrictSync; char magic_char; - bool *copymap; + struct bitmap *copymap; bool bDeleteReadonly; bool bFakeOplocks; bool bDeleteVetoFiles; @@ -2181,7 +2181,8 @@ static const char *get_boolean(bool bool_value); static int getservicebyname(const char *pszServiceName, service * pserviceDest); static void copy_service(service * pserviceDest, -service * pserviceSource, bool *pcopymapDest); +service * pserviceSource, +struct bitmap *pcopymapDest); static bool do_parameter(const char *pszParmName, const char *pszParmValue); static bool do_section(const char *pszSectionName); static void init_copymap(service * pservice); @@ -2455,7 +2456,7 @@ static void free_service(service *pservice) pservice-szService)); string_free(pservice-szService); - SAFE_FREE(pservice-copymap); + bitmap_free(pservice-copymap); for (i = 0; parm_table[i].label; i++) { if ((parm_table[i].type == P_STRING || @@ -3188,7 +3189,8 @@ static int getservicebyname(const char *pszServiceName, service * pserviceDest) If pcopymapDest is NULL then copy all fields ***/ -static void copy_service(service * pserviceDest, service * pserviceSource, bool *pcopymapDest) +static void copy_service(service * pserviceDest, service * pserviceSource, +struct bitmap *pcopymapDest) { int i; bool bcopyall = (pcopymapDest == NULL); @@ -3197,7 +3199,7 @@ static void copy_service(service * pserviceDest, service * pserviceSource, bool for (i = 0; parm_table[i].label; i++) if (parm_table[i].ptr parm_table[i].p_class == P_LOCAL - (bcopyall || pcopymapDest[i])) { + (bcopyall || bitmap_query(pcopymapDest,i))) { void *def_ptr = parm_table[i].ptr; void *src_ptr = ((char *)pserviceSource) + PTR_DIFF(def_ptr, @@ -3244,9 +3246,8 @@ static void copy_service(service * pserviceDest, service * pserviceSource, bool if (bcopyall) { init_copymap(pserviceDest); if (pserviceSource-copymap) - memcpy((void *)pserviceDest-copymap, - (void *)pserviceSource-copymap, - sizeof(bool) * NUMPARAMETERS); + bitmap_copy(pserviceDest-copymap, + pserviceSource-copymap); } data = pserviceSource-param_opt; @@ -3985,15 +3986,17 @@ static bool handle_printing(int snum, const char *pszParmValue, char **ptr) static void init_copymap(service * pservice) { int i; - SAFE_FREE(pservice-copymap); - pservice-copymap = SMB_MALLOC_ARRAY(bool,NUMPARAMETERS); + if (pservice-copymap) { + bitmap_free(pservice-copymap); + } + pservice-copymap = bitmap_allocate(NUMPARAMETERS); if (!pservice-copymap) DEBUG(0, (Couldn't allocate copymap!! (size %d)\n, (int)NUMPARAMETERS)); else for (i = 0; i NUMPARAMETERS; i++) -
svn commit: samba r25785 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: sahlberg Date: 2007-11-01 20:30:55 + (Thu, 01 Nov 2007) New Revision: 25785 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25785 Log: more small updates to frsrpc tag 18 contains a timestamp Modified: branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl === --- branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl 2007-11-01 13:22:20 UTC (rev 25784) +++ branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl 2007-11-01 20:30:55 UTC (rev 25785) @@ -30,7 +30,13 @@ [subcontext(4)] nstring dest_server; } frsrpc_FrsSendCommPktChunkDataDSRV; + /* TAG:18 this TLV contains a timestamp + */ + typedef struct { + [subcontext(4)] NTTIME time; + } frsrpc_FrsSendCommPktChunkDataTS; + typedef struct { uint32 unknown1; } frsrpc_FrsSendCommPktChunkDataA; @@ -46,10 +52,6 @@ GUID unknown2; } frsrpc_FrsSendCommPktChunkDataC; - typedef struct { - NTTIME time; - } frsrpc_FrsSendCommPktChunkDataD; - typedef [nodiscriminant] union { [default,flag(NDR_REMAINING)] DATA_BLOB blob; [case(1)] frsrpc_FrsSendCommPktChunkDataA A; @@ -59,7 +61,7 @@ [case(5)] frsrpc_FrsSendCommPktChunkDataB B; [case(8)] frsrpc_FrsSendCommPktChunkDataB B; [case(6)] frsrpc_FrsSendCommPktChunkDataC C; - [case(18)] frsrpc_FrsSendCommPktChunkDataD D; + [case(18)] frsrpc_FrsSendCommPktChunkDataTS TS; [case(19)] frsrpc_FrsSendCommPktChunkDataA A; } frsrpc_FrsSendCommPktChunkData; @@ -110,8 +112,9 @@ * * * The tags are (might be) : -* 3: Source server sending the PDU -* 4: Destination server the PDU is sent to +* 3: Source server sending the PDU +* 4: Destination server the PDU is sent to +* 18: Timestamp * */ [subcontext(4)/*,size_is(tlv_size)*/] frsrpc_FrsSendCommPktChunkCtr *chunks;
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-152-gb481abf
The branch, v3-2-test has been updated via b481abf5914dcafe5642c4d9394d02603e905bbb (commit) from 94f2c35a683eace7f9f3dad9748aaec93f7c534f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit b481abf5914dcafe5642c4d9394d02603e905bbb Author: Volker Lendecke [EMAIL PROTECTED] Date: Sat Oct 20 11:12:11 2007 +0200 Fix for bug 5021 This is a different fix than the bug reporter (Evgeniy Dushistov dushistov at mail.ru, thanks!) created, but it lives without the boolean status variable. Untested so far, but I can not add attachments to bugs right now. But to me this looks really obvious. --- Summary of changes: source/libsmb/libsmbclient.c |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/libsmbclient.c b/source/libsmb/libsmbclient.c index 0b45cad..ff434d2 100644 --- a/source/libsmb/libsmbclient.c +++ b/source/libsmb/libsmbclient.c @@ -2671,7 +2671,11 @@ smbc_opendir_ctx(SMBCCTX *context, return NULL; } -ip_list = server_addr; + ip_list = memdup(server_addr, sizeof(server_addr)); + if (ip_list == NULL) { + errno = ENOMEM; + return NULL; + } count = 1; } -- Samba Shared Repository
svn commit: samba r25786 - in branches/SAMBA_4_0/source/dsdb/schema: .
Author: abartlet Date: 2007-11-01 22:01:48 + (Thu, 01 Nov 2007) New Revision: 25786 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25786 Log: Add function required by linked_attributes module (We need a list of all linked attributes in the schema, so we can try and find them). Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/schema/schema_init.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/schema/schema_init.c === --- branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2007-11-01 20:30:55 UTC (rev 25785) +++ branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2007-11-01 22:01:48 UTC (rev 25786) @@ -1014,6 +1014,26 @@ return NULL; } +WERROR dsdb_linked_attribute_lDAPDisplayName_list(const struct dsdb_schema *schema, TALLOC_CTX *mem_ctx, const char ***attr_list_ret) +{ + const char **attr_list = NULL; + struct dsdb_attribute *cur; + int i = 0; + for (cur = schema-attributes; cur; cur = cur-next) { + if (cur-linkID == 0) continue; + + attr_list = talloc_realloc(mem_ctx, attr_list, const char *, i+2); + if (!attr_list) { + return WERR_NOMEM; + } + attr_list[i] = cur-lDAPDisplayName; + i++; + } + attr_list[i] = NULL; + *attr_list_ret = attr_list; + return WERR_OK; +} + int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema) { int ret;
Build status as of Fri Nov 2 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-11-01 00:01:56.0 + +++ /home/build/master/cache/broken_results.txt 2007-11-02 00:00:34.0 + @@ -1,4 +1,4 @@ -Build status as of Thu Nov 1 00:00:02 2007 +Build status as of Fri Nov 2 00:00:02 2007 Build counts: Tree Total Broken Panic @@ -16,9 +16,9 @@ rsync29 13 0 samba-docs 0 0 0 samba-gtk2 2 0 -samba4 26 18 5 +samba4 25 20 1 samba_3_20 0 0 -samba_3_2_test 28 18 0 +samba_3_2_test 28 19 0 smb-build28 28 0 talloc 29 2 0 tdb 29 3 0
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-153-g47dbddc
The branch, v3-2-test has been updated via 47dbddcb5361caa30ee60cf4e15bb50d557d1191 (commit) from b481abf5914dcafe5642c4d9394d02603e905bbb (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 47dbddcb5361caa30ee60cf4e15bb50d557d1191 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Nov 1 18:30:02 2007 -0700 Add brackets so as not to break the POSIX caps return. Jeremy. --- Summary of changes: source/smbd/trans2.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index 09a8fcc..c9ea029 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -2738,8 +2738,8 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n, (unsigned int)bsize, (unsigned CIFS_UNIX_EXTATTR_CAP| CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP| CIFS_UNIX_LARGE_READ_CAP| - large_write ? - CIFS_UNIX_LARGE_WRITE_CAP : 0))); + (large_write ? + CIFS_UNIX_LARGE_WRITE_CAP : 0; break; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-156-g779353b
The branch, v3-2-test has been updated via 779353b86d1699324149896f1ffa237c6ebe46ec (commit) via d6cdbfd875bb2653e831d314726c3240beb0a96b (commit) via b7d2fadbef044a89920da613b1aafc74a3d94e24 (commit) from 47dbddcb5361caa30ee60cf4e15bb50d557d1191 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 779353b86d1699324149896f1ffa237c6ebe46ec Merge: d6cdbfd875bb2653e831d314726c3240beb0a96b 47dbddcb5361caa30ee60cf4e15bb50d557d1191 Author: Gerald (Jerry) Carter [EMAIL PROTECTED] Date: Thu Nov 1 21:30:43 2007 -0400 Merge branch 'v3-2-test' of git://git.samba.org/samba into v3-2-test commit d6cdbfd875bb2653e831d314726c3240beb0a96b Author: Gerald (Jerry) Carter [EMAIL PROTECTED] Date: Thu Nov 1 15:53:44 2007 -0400 Patch 2 of 3 from Debian Samba packagers: The point is doing the following associations: - non discardable state data (all TDB files that may need to be backed up) go to statedir - shared data (codepage stuff) go to codepagedir The patch *does not change* the default location for these directories. So, there is no behaviour change when applying it. The main change is for samba developers who have to think when dealing with files that previously pertained to libdir whether they: - go in statedir - go in codepagedir - stay in libdir commit b7d2fadbef044a89920da613b1aafc74a3d94e24 Author: Gerald (Jerry) Carter [EMAIL PROTECTED] Date: Thu Nov 1 13:00:10 2007 -0400 Patch from Debian Samba package maintainers: Patch 1 of 3: - Patch 1 adds the new variables - Patch 2 makes uses of them for files belonging to the state path and the code pages path This patch seemed more easily acceptable, which explains why we separated it from patch 3 - Patch 3 reassigns files to the cache path. Indeed all debatable changes have been moved to that one The point is adding: - a path for non discardable state data: basically all TDB files that may need to be backed up - a path for shared data: mostly codepage stuff - a path for cache data to host files such as browse.dat, printers.tbd, printer.tdb All these are currently mixed in libdir (${prefix}/lib/samba by default). The patch keeps these new paths to point to ${prefix}/lib/samba by default and does therefore not change the software behaviour. Used alone, it just adds unused variables...so it can safely be used in sources without any behaviour change and no impact on Samba developers work. --- Summary of changes: source/Makefile.in | 16 +--- source/configure.in |7 +++ source/dynconfig.c | 31 +++ source/groupdb/mapping_ldb.c |8 source/groupdb/mapping_tdb.c |2 +- source/include/dynconfig.h |4 source/intl/lang_tdb.c |2 +- source/lib/account_pol.c |4 ++-- source/lib/sharesec.c|4 ++-- source/lib/util.c| 33 + source/lib/util_unistr.c |6 +++--- source/nmbd/nmbd_winsserver.c|4 ++-- source/param/loadparm.c |8 source/passdb/pdb_tdb.c |4 ++-- source/printing/nt_printing.c| 12 ++-- source/registry/reg_db.c | 10 +- source/registry/reg_perfcount.c |4 ++-- source/rpc_server/srv_eventlog_lib.c |4 ++-- source/winbindd/idmap_tdb.c |2 +- 19 files changed, 125 insertions(+), 40 deletions(-) Changeset truncated at 500 lines: diff --git a/source/Makefile.in b/source/Makefile.in index a1da65a..baa1828 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -127,6 +127,13 @@ SWATDIR = @swatdir@ # the directory where lock files go LOCKDIR = @lockdir@ +# FHS directories; equal to LOCKDIR if not using --with-fhs +CACHEDIR = @cachedir@ +STATEDIR = @statedir@ + +# Where to look for (and install) codepage databases. +CODEPAGEDIR = @codepagedir@ + # the directory where pid files go PIDDIR = @piddir@ @@ -154,7 +161,10 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\$(SMB_PASSWD_FILE)\ \ -DLOGFILEBASE=\$(LOGFILEBASE)\ \ -DSHLIBEXT=\@[EMAIL PROTECTED] \ -DCTDBDIR=\$(CTDBDIR)\ \ - -DCONFIGDIR=\$(CONFIGDIR)\ + -DCONFIGDIR=\$(CONFIGDIR)\ \ + -DCODEPAGEDIR=\$(CODEPAGEDIR)\ \ + -DCACHEDIR=\$(CACHEDIR)\ \ + -DSTATEDIR=\$(STATEDIR)\ # Note that all executable programs now provide for an optional executable suffix. @@ -1761,10 +1771,10 @@ installscripts: installdirs @$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS_BIN)
Rev 675: patch from michael adam in http://samba.org/~tridge/ctdb
revno: 675 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Fri 2007-11-02 13:20:29 +1100 message: patch from michael adam modified: web/download.html getting_the_code.htm-20070608005948-wn5ag3uowh6dbnwr-1 === modified file 'web/download.html' --- a/web/download.html 2007-06-12 04:43:26 + +++ b/web/download.html 2007-11-02 02:20:29 + @@ -29,7 +29,7 @@ /pre -h2Samba3 ctdb verion/h2 +h2Samba3 ctdb version/h2 The fastest way to checkout an initial copy of the Samba3 tree with clustering patches is: pre rsync -avz samba.org::ftp/unpacked/samba_3_0_ctdb . @@ -49,7 +49,7 @@ h2Binary Packages/h2 -Note that packages are so far only available for RHEL4. Other packages +Note that packages are so far only available for RHEL5. Other packages will come later. p See a href=packages/packages/a directory for package
svn commit: samba r25787 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet Date: 2007-11-02 02:51:54 + (Fri, 02 Nov 2007) New Revision: 25787 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25787 Log: Assert that we handle the group membership updating correctly, including when we delete members from the DB. Andrew Bartlett Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js === --- branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-01 22:01:48 UTC (rev 25786) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-02 02:51:54 UTC (rev 25787) @@ -509,6 +509,7 @@ assert(res.msgs[0].primaryGroupID == 513); // assert(res.msgs[0].sAMAccountType == 805306368); // assert(res.msgs[0].userAccountControl == 546); + assert(res.msgs[0].memberOf[0] == (CN=ldaptestgroup2,CN=Users, + base_dn)); println(Testing ldb.search for ((cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration, + base_dn + ))); var res2 = ldb.search(((cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration, + base_dn + ))); @@ -640,7 +641,26 @@ assert(res.msgs[0].nTSecurityDescriptor != undefined); assert(res.msgs[0].memberOf[0] == (CN=ldaptestgroup2,CN=Users, + base_dn)); - ok = ldb.del(res.msgs[0].dn); +var attrs = new Array(cn, name, objectClass, objectGUID, whenCreated, nTSecurityDescriptor, member); + println(Testing ldb.search for ((cn=ldaptestgroup2)(objectClass=group))); + var res = ldb.search(((cn=ldaptestgroup2)(objectClass=group)), base_dn, ldb.SCOPE_SUBTREE, attrs); + if (res.error != 0 || res.msgs.length != 1) { + println(Could not find ((cn=ldaptestgroup2)(objectClass=group))); + assert(res.error == 0); + assert(res.msgs.length == 1); + } + + assert(res.msgs[0].dn == (CN=ldaptestgroup2,CN=Users, + base_dn)); + assert(res.msgs[0].cn == ldaptestgroup2); + assert(res.msgs[0].name == ldaptestgroup2); + assert(res.msgs[0].objectClass[0] == top); + assert(res.msgs[0].objectClass[1] == group); + assert(res.msgs[0].objectGUID != undefined); + assert(res.msgs[0].whenCreated != undefined); + assert(res.msgs[0].nTSecurityDescriptor != undefined); + assert(res.msgs[0].member[0] == (CN=ldaptestuser2,CN=Users, + base_dn)); + + ok = ldb.del((CN=ldaptestuser2,CN=Users, + base_dn)); if (ok.error != 0) { println(ok.errstr); assert(ok.error == 0);
svn commit: samba r25788 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs
Author: abartlet Date: 2007-11-02 03:39:24 + (Fri, 02 Nov 2007) New Revision: 25788 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25788 Log: Use a single routine to handle the creation of modify requests in the linked_attributs code. This drasticly reduces the code duplication here. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c 2007-11-02 02:51:54 UTC (rev 25787) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c 2007-11-02 03:39:24 UTC (rev 25788) @@ -77,10 +77,135 @@ return ac; } +/* Common routine to handle reading the attributes and creating a + * series of modify requests */ + +static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, + struct linked_attributes_context *ac, + struct ldb_message *msg, + struct ldb_dn *olddn, struct ldb_dn *newdn) +{ + int i, j, ret = LDB_SUCCESS; + const struct dsdb_schema *schema = dsdb_get_schema(ldb); + /* Look up each of the returned attributes */ + /* Find their schema */ + /* And it is an actual entry: now create a series of modify requests */ + for (i=0; i msg-num_elements; i++) { + int otherid; + const struct dsdb_attribute *target_attr; + const struct ldb_message_element *el = msg-elements[i]; + const struct dsdb_attribute *schema_attr + = dsdb_attribute_by_lDAPDisplayName(schema, el-name); + if (!schema_attr) { + ldb_asprintf_errstring(ldb, + attribute %s is not a valid attribute in schema, el-name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + /* We have a valid attribute, but if it's not linked they maybe we just got an extra return on our search... */ + if (schema_attr-linkID == 0) { + continue; + } + + /* Depending on which direction this link is in, we need to find it's partner */ + if ((schema_attr-linkID 1) == 1) { + otherid = schema_attr-linkID - 1; + } else { + otherid = schema_attr-linkID + 1; + } + + /* Now find the target attribute */ + target_attr = dsdb_attribute_by_linkID(schema, otherid); + if (!target_attr) { + ldb_asprintf_errstring(ldb, + attribute %s does not have valid link target, el-name); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } + + /* For each value being moded, we need to setup the modify */ + for (j=0; j el-num_values; j++) { + struct ldb_message_element *ret_el; + struct ldb_request *new_req; + /* Create the modify request */ + struct ldb_message *new_msg = ldb_msg_new(ac-down_req); + if (!new_msg) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + new_msg-dn = ldb_dn_new(new_msg, ldb, (char *)el-values[j].data); + if (!new_msg-dn) { + ldb_asprintf_errstring(ldb, + attribute %s value %s was not a valid DN, msg-elements[i].name, + el-values[j].data); + return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; + } + + if (olddn) { + ret = ldb_msg_add_empty(new_msg, target_attr-lDAPDisplayName, + LDB_FLAG_MOD_DELETE, ret_el); + if (ret != LDB_SUCCESS) { + return ret; + } + ret_el-values = talloc_array(new_msg, struct ldb_val, 1); + if (!ret_el-values) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret_el-values[0] =
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-157-g1c71546
The branch, v3-2-test has been updated via 1c71546b6152d2930b98f766311bbd161ee0ee4e (commit) from 779353b86d1699324149896f1ffa237c6ebe46ec (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 1c71546b6152d2930b98f766311bbd161ee0ee4e Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Nov 1 21:51:45 2007 -0700 Ensure we detect a large writeX when using recvfile. More changes needed to make the UNIX_LARGE_WRITEX_CAP writes work (I'll add these tomorrow). Jeremy. --- Summary of changes: source/smbd/reply.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/reply.c b/source/smbd/reply.c index d2aa6c6..d4f3f1f 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -3926,7 +3926,8 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req) numtowrite = SVAL(req-inbuf,smb_vwv10); smb_doff = SVAL(req-inbuf,smb_vwv11); smblen = smb_len(req-inbuf); - large_writeX = ((req-wct == 14) (smblen 0x)); + large_writeX = (req-wct == 14 + (smblen 0x || req-unread_bytes 0x)); /* Deal with possible LARGE_WRITEX */ if (large_writeX) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-158-g2d3ff9c
The branch, v3-2-test has been updated via 2d3ff9c502105f92720131355b41e48be8d656c2 (commit) from 1c71546b6152d2930b98f766311bbd161ee0ee4e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 2d3ff9c502105f92720131355b41e48be8d656c2 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Nov 1 22:24:39 2007 -0700 Be careful and take care of the correct lengths in large writeX calls. Jeremy. --- Summary of changes: source/smbd/reply.c | 16 +++- 1 files changed, 7 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/reply.c b/source/smbd/reply.c index d4f3f1f..c83066d 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -3912,7 +3912,6 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req) unsigned int smb_doff; unsigned int smblen; char *data; - bool large_writeX; NTSTATUS status; START_PROFILE(SMBwriteX); @@ -3926,12 +3925,11 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req) numtowrite = SVAL(req-inbuf,smb_vwv10); smb_doff = SVAL(req-inbuf,smb_vwv11); smblen = smb_len(req-inbuf); - large_writeX = (req-wct == 14 - (smblen 0x || req-unread_bytes 0x)); - /* Deal with possible LARGE_WRITEX */ - if (large_writeX) { - numtowrite |= size_t)SVAL(req-inbuf,smb_vwv9)) 1 )16); + if (req-unread_bytes 0x || + (smblen smb_doff + 4 + smblen - smb_doff + 4 0x)) { + numtowrite |= (((size_t)SVAL(req-inbuf,smb_vwv9))16); } if (req-unread_bytes) { @@ -3941,7 +3939,8 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req) return; } } else { - if (smb_doff smblen || smb_doff + numtowrite smblen) { + if (smb_doff + 4 smblen || smb_doff + 4 + numtowrite numtowrite || + smb_doff + 4 + numtowrite smblen) { reply_doserror(req, ERRDOS, ERRbadmem); END_PROFILE(SMBwriteX); return; @@ -4032,8 +4031,7 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req) reply_outbuf(req, 6, 0); SSVAL(req-outbuf,smb_vwv2,nwritten); - if (large_writeX) - SSVAL(req-outbuf,smb_vwv4,(nwritten16)1); + SSVAL(req-outbuf,smb_vwv4,nwritten16); if (nwritten (ssize_t)numtowrite) { SCVAL(req-outbuf,smb_rcls,ERRHRD); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-159-g84d22f7
The branch, v3-2-test has been updated via 84d22f7747126608b9460f9591bb5967d871b82d (commit) from 2d3ff9c502105f92720131355b41e48be8d656c2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 84d22f7747126608b9460f9591bb5967d871b82d Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Nov 1 22:42:21 2007 -0700 Ensure we can't accidently do a pipe write with unread bytes in the socket buffer. Jeremy --- Summary of changes: source/smbd/reply.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/reply.c b/source/smbd/reply.c index c83066d..de0e852 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -3949,6 +3949,11 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req) /* If it's an IPC, pass off the pipe handler. */ if (IS_IPC(conn)) { + if (req-unread_bytes) { + reply_doserror(req, ERRDOS, ERRbadmem); + END_PROFILE(SMBwriteX); + return; + } reply_pipe_write_and_X(req); END_PROFILE(SMBwriteX); return; -- Samba Shared Repository