Re: [Samba] optimizing samba for 2000 users
On Thu, Dec 27, 2007 at 04:28:55PM +0530, Ankush Grover wrote: Dec 27 15:28:49 fs1-3 smbd[17377]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Does it help if you start winbindd? Volker pgprfgemsoPCr.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] optimizing samba for 2000 users
Hi Friends, I am running samba on RHEL 4.4 64 bit server on HP Proliant AMD Opteron(tm) Processor 254 with 4GB RAM.There are about 2000 users who access samba shares for ex their home directories through ldap authentication. Most of the users are using Windows XP SP2 For last few days we are seeing some errors in the logs file and samba shares have become difficult to access. fs1-3 smbd[4540]: [2007/12/27 15:00:32, 0] auth/auth_domain.c:domain_client_validate(199) fs1-3 smbd[4540]: domain_client_validate: unable to validate password for user ankush in domain testing to Domain controller \\DC. Error was NT_STATUS_WRONG_PASSWORD. Dec 27 15:28:49 fs1-3 smbd[17243]: Error writing 4 bytes to client. -1. (Connection reset by peer) Dec 27 15:28:49 fs1-3 smbd[17420]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17421]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17541]: [2007/12/27 15:28:49, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:49 fs1-3 smbd[17422]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17423]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17424]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17217]: [2007/12/27 15:28:49, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:49 fs1-3 smbd[17538]: [2007/12/27 15:28:49, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:49 fs1-3 smbd[17377]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:29:01 fs1-3 smbd[17563]: [2007/12/27 15:29:01, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:49 fs1-3 smbd[17207]: [2007/12/27 15:28:49, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17220]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17380]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17381]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17222]: [2007/12/27 15:28:50, 0] lib/util_sock.c:send_smb(647) Dec 27 15:28:50 fs1-3 smbd[17383]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17219]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17504]: getpeername failed. Error was Transport endpoint is not connected Dec 27 15:28:50 fs1-3 smbd[17384]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17428]: [2007/12/27 15:28:50, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:50 fs1-3 smbd[17509]: getpeername failed. Error was Transport endpoint is not connected Dec 27 15:28:50 fs1-3 smbd[17448]: [2007/12/27 15:28:50, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:50 fs1-3 smbd[17386]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17223]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:29:01 fs1-3 smbd[17223]: write_socket: Error writing 122 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:29:01 fs1-3 smbd[17223]: [2007/12/27 15:29:01, 0] lib/util_sock.c:send_smb(647) Dec 27 15:28:50 fs1-3 smbd[17481]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17429]: [2007/12/27 15:28:50, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:50 fs1-3 smbd[17483]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17435]: write_socket: Error writing 171 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:50 fs1-3 smbd[17486]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket_data(430) Dec 27 15:28:50 fs1-3 smbd[17485]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17436]: write_socket: Error writing 171 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:50 fs1-3 smbd[17430]: [2007/12/27 15:28:50, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:50 fs1-3 smbd[17547]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket_data(430) Dec 27 15:28:50 fs1-3 smbd[17261]: write_socket_data: write failure. Error = Connection reset by peer Dec 27 15:28:51 fs1-3 smbd[17431]: [2007/12/27 15:28:51, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:51 fs1-3 smbd[17432]: [2007/12/27 15:28:51, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:51 fs1-3 smbd[17224]: [2007/12/27 15:28:51, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:51 fs1-3 smbd[17439]: getpeername failed. Error was
Re: [Samba] optimizing samba for 2000 users
Ankush You may wish to use tdbbackup to check, clean and repair your tdb files in case they are corrupt. You should also make sure that smbd, nmbd, and winbindd have all been restarted (Redhat has been known to separate winbindd from the restart process.) You should also check to make sure any samba libraries being used (nss_winbind.so) match the same version as your install base. If you have upgraded samba, but not libnss_wins.so or pam_smbpass.so that can cause issues. -- Aaron Ankush Grover wrote: Hi Friends, I am running samba on RHEL 4.4 64 bit server on HP Proliant AMD Opteron(tm) Processor 254 with 4GB RAM.There are about 2000 users who access samba shares for ex their home directories through ldap authentication. Most of the users are using Windows XP SP2 For last few days we are seeing some errors in the logs file and samba shares have become difficult to access. fs1-3 smbd[4540]: [2007/12/27 15:00:32, 0] auth/auth_domain.c:domain_client_validate(199) fs1-3 smbd[4540]: domain_client_validate: unable to validate password for user ankush in domain testing to Domain controller \\DC. Error was NT_STATUS_WRONG_PASSWORD. Dec 27 15:28:49 fs1-3 smbd[17243]: Error writing 4 bytes to client. -1. (Connection reset by peer) Dec 27 15:28:49 fs1-3 smbd[17420]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17421]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17541]: [2007/12/27 15:28:49, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:49 fs1-3 smbd[17422]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17423]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17424]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17217]: [2007/12/27 15:28:49, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:49 fs1-3 smbd[17538]: [2007/12/27 15:28:49, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:49 fs1-3 smbd[17377]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:29:01 fs1-3 smbd[17563]: [2007/12/27 15:29:01, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:49 fs1-3 smbd[17207]: [2007/12/27 15:28:49, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17220]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17380]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17381]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17222]: [2007/12/27 15:28:50, 0] lib/util_sock.c:send_smb(647) Dec 27 15:28:50 fs1-3 smbd[17383]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17219]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17504]: getpeername failed. Error was Transport endpoint is not connected Dec 27 15:28:50 fs1-3 smbd[17384]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17428]: [2007/12/27 15:28:50, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:50 fs1-3 smbd[17509]: getpeername failed. Error was Transport endpoint is not connected Dec 27 15:28:50 fs1-3 smbd[17448]: [2007/12/27 15:28:50, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:50 fs1-3 smbd[17386]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17223]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:29:01 fs1-3 smbd[17223]: write_socket: Error writing 122 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:29:01 fs1-3 smbd[17223]: [2007/12/27 15:29:01, 0] lib/util_sock.c:send_smb(647) Dec 27 15:28:50 fs1-3 smbd[17481]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17429]: [2007/12/27 15:28:50, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:50 fs1-3 smbd[17483]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17435]: write_socket: Error writing 171 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:50 fs1-3 smbd[17486]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket_data(430) Dec 27 15:28:50 fs1-3 smbd[17485]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17436]: write_socket: Error writing 171 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:50 fs1-3 smbd[17430]: [2007/12/27 15:28:50,
Re: [Samba] Single Sign On, authentication, and Windows XP Home
To the best of my knowledge, you can't join XP Home machines to a domain. Which would be a major argument against ever using XP Home in a work environment. (I realize many businesses buy this because they think it is cheaper.) If you don't use a domain setup, if you have a user account for each user on the server at set the password to be the same user's account on his or her own machine, the file access should be pretty transparent. My experience is that once you have more than 3 machines in a workgroup, switching to the domain model is well worth the effort. (And I would suspect less effort then going with an LDAP or NIS client.) just my 2c. On Dec 21, 2007 3:11 PM, Matt Lozier [EMAIL PROTECTED] wrote: Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Not sure why you didn't use Google (apparently, as this didn't take me very long), but I did: http://www.ntcompatible.com/story8718.html Take a gander. Matt Lozier wrote: Yes, this is all correct and I fully agree with everything that Gaiseric has said. However, the problem I'm dealing with is that I *still* have XP Home machines that I need to work with. Until these are phased out, and replaced with Pro Ed., I'm stuck if I want to implement SSO -- I think, unless I run an LDAP server and install pGina with the LDAP plugin. I didn't want to have to go this route, but I think that it may be the only option available! Thank you to everyone for their input -- --- Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gaiseric Vandal Sent: Thursday, December 27, 2007 8:46 AM To: samba@lists.samba.org Subject: Re: [Samba] Single Sign On, authentication, and Windows XP Home To the best of my knowledge, you can't join XP Home machines to a domain. Which would be a major argument against ever using XP Home in a work environment. (I realize many businesses buy this because they think it is cheaper.) If you don't use a domain setup, if you have a user account for each user on the server at set the password to be the same user's account on his or her own machine, the file access should be pretty transparent. My experience is that once you have more than 3 machines in a workgroup, switching to the domain model is well worth the effort. (And I would suspect less effort then going with an LDAP or NIS client.) just my 2c. On Dec 21, 2007 3:11 PM, Matt Lozier [EMAIL PROTECTED] wrote: Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHc75Kmb+gadEcsb4RArn6AJ9Z0LLsWVwuVi9ceByzaJoEH7xLrQCgjr71 gfzwXbN2XaSP+manZcolCp4= =rFmW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with Windows 2000 share.
I've been running Samba at a client for about 6 years now. Recently (last 2 years or so) we've been having a problem that I could not fix. Up till now it is still a problem. We mount a Windows 2000 Professional share. Sometimes the share becomes very slow (freezes) for a couple of seconds. It then continues on it's own. This could be short or long. The reason that I have not tried to fix this up is that I could not reliably duplicate this and assumed the problem was something with my setup. In any case eventually we where able to find a reliable way to duplicate the problem. If I do a find on the directory that is mounted to the Windows 2000 Professional box this causes the problem after about 30 seconds. The windows 2000 box also runs applications that process the data that is pushed onto it by the linux box. Any ideas would be appreciated. BTW. The speed at which I connect the windows 2000 professional box is not critical but we do have anything from 20-80 users concurrently connecting to the linux box via FTP that gets dumped onto the Windows 2000 box. Any settings I can play with that could solve this problem. I have done the same test on a Samba-Samba system without any problems. Regards Jacobus Erasmus [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] upgrade from 3.0.26a to 3.0.27 fails
Hi list, im new here, i come because i have a problem with recent samba versions. I am a system administrator, our system has openLDAP + MIT-KRB5 backend for samba (with smbldap-tools). But after the upgrade from 3.0.26a to 3.0.27 our users cannot authenticate well. I mean they can go into the folders they allowed, but cannot get folder write privileges (file create, rename and delete). What files should i show, or what other information u need to help me? ty for help, tsabi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Single Sign On, authentication, and Windows XP Home
Yes, this is all correct and I fully agree with everything that Gaiseric has said. However, the problem I'm dealing with is that I *still* have XP Home machines that I need to work with. Until these are phased out, and replaced with Pro Ed., I'm stuck if I want to implement SSO -- I think, unless I run an LDAP server and install pGina with the LDAP plugin. I didn't want to have to go this route, but I think that it may be the only option available! Thank you to everyone for their input -- --- Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gaiseric Vandal Sent: Thursday, December 27, 2007 8:46 AM To: samba@lists.samba.org Subject: Re: [Samba] Single Sign On, authentication, and Windows XP Home To the best of my knowledge, you can't join XP Home machines to a domain. Which would be a major argument against ever using XP Home in a work environment. (I realize many businesses buy this because they think it is cheaper.) If you don't use a domain setup, if you have a user account for each user on the server at set the password to be the same user's account on his or her own machine, the file access should be pretty transparent. My experience is that once you have more than 3 machines in a workgroup, switching to the domain model is well worth the effort. (And I would suspect less effort then going with an LDAP or NIS client.) just my 2c. On Dec 21, 2007 3:11 PM, Matt Lozier [EMAIL PROTECTED] wrote: Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
On 12/26/2007, Matt Lozier ([EMAIL PROTECTED]) wrote: I just want to provide a means to allow all users who use the machines on the LAN to be able to login to *any* machine and have access to their Samba share. This kind of functionality is one of the many features of running a Windows Domain. With a DC in the mix, and every user a member of the domain, you only need to add the 'Domain Users' group to the 'Power Users' group on each workstation to accomplish this... then you can control which user can access which machine (by default, all users can access all mnachines). Unfortunatley I know of no way to provide this functionality without using Samba as a full blown PDC... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
On Thursday 27 December 2007, Ryan Novosielski wrote: Not sure why you didn't use Google (apparently, as this didn't take me very long), but I did: http://www.ntcompatible.com/story8718.html My experience is that that hack is relatively useless for this purpose. The app may have improved but what I found: the user still needs a local account and all it does is persistently apply a set of credentials that will allow access to domain resources. Which can easily be done with a persistent share, albeit the domain credentials will need to be entered on startup unless the local credentials are identical. XP Home simply sucks, even DOS with the Workgroup Add-On can interface with an MS Domain better. The Vista Home editions are probably just as sucky in this regard although I haven't seen them yet. Businesses that license the home editions are making an expensive mistake. -- Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Smith wrote: On Thursday 27 December 2007, Ryan Novosielski wrote: Not sure why you didn't use Google (apparently, as this didn't take me very long), but I did: http://www.ntcompatible.com/story8718.html My experience is that that hack is relatively useless for this purpose. The app may have improved but what I found: the user still needs a local account and all it does is persistently apply a set of credentials that will allow access to domain resources. Which can easily be done with a persistent share, albeit the domain credentials will need to be entered on startup unless the local credentials are identical. XP Home simply sucks, even DOS with the Workgroup Add-On can interface with an MS Domain better. The Vista Home editions are probably just as sucky in this regard although I haven't seen them yet. Businesses that license the home editions are making an expensive mistake. There's one thing we can agree on. :) - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHc88fmb+gadEcsb4RAosTAJ9b5g0W+HigQJmrdn/W54a0UbFpCACginW4 wAZEW7oKNuqyxDpAkX0uINg= =Ovkv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP cannot get account from NT4
Hello, I do a Migration from NT4 to Samba + LDAP, I already join Samba to NT4, when I type net rpc vampire -S NT -U Administrator%nt, the following error occur, [2007/12/28 00:13:16, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2673) cli_rpc_pipe_open_schannel: failed to get schannel session key from server NT for domain SFA.[2007/12/28 00:13:16, 0] utils/net_rpc.c:run_rpc_command(151) Could not initialise schannel netlogon pipe. Error was NT_STATUS_INVALID_NETWORK_RESPONSE Thx _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
On Thursday 27 December 2007, Gary Dale wrote: Not necessarily. If you have a business where each person only logs onto one computer, then Home is probably all you need. For example, a small business with only one computer in a department/section or one with multiple computers but each staff member only uses the computer assigned to them. This latter case covers a lot of businesses - but many larger businesses in this class still should prefer Pro over Home for domain policy setting. There's always the exception but in most cases I find centralized authentication invaluable. No need to have local accounts whatsoever. Plus it's not just the system being used for login purposes, there's all of the other shared resources that need to be managed. IMO any business with 5 or more systems (and sometimes even fewer) can save lots of time and trouble by implementing domain control. Surprisingly, the place where probably Home shouldn't be used is at home. At home you are quite likely to have different people using any given computer and keeping passwords sync'ed is a problem. However, home users put up with it because they usually aren't running a server. I agree, but not for your reasons, only because Home has too many other limitations (only safe mode for acl editing). The expensive mistake both home and business users are making is using Windows in the first place. That we can agree on. -- Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
Chris Smith wrote: On Thursday 27 December 2007, Ryan Novosielski wrote: Not sure why you didn't use Google (apparently, as this didn't take me very long), but I did: http://www.ntcompatible.com/story8718.html My experience is that that hack is relatively useless for this purpose. The app may have improved but what I found: the user still needs a local account and all it does is persistently apply a set of credentials that will allow access to domain resources. Which can easily be done with a persistent share, albeit the domain credentials will need to be entered on startup unless the local credentials are identical. XP Home simply sucks, even DOS with the Workgroup Add-On can interface with an MS Domain better. The Vista Home editions are probably just as sucky in this regard although I haven't seen them yet. Businesses that license the home editions are making an expensive mistake. Not necessarily. If you have a business where each person only logs onto one computer, then Home is probably all you need. For example, a small business with only one computer in a department/section or one with multiple computers but each staff member only uses the computer assigned to them. This latter case covers a lot of businesses - but many larger businesses in this class still should prefer Pro over Home for domain policy setting. Surprisingly, the place where probably Home shouldn't be used is at home. At home you are quite likely to have different people using any given computer and keeping passwords sync'ed is a problem. However, home users put up with it because they usually aren't running a server. The expensive mistake both home and business users are making is using Windows in the first place. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.22 and SUSE Linux 10.1
Hello, This has recently happened a couple of times on our network: A user is working on a file stored on the Samba share, and when they go to save it, a pop-up comes to their screen saying: The file 'FileNameGoesHere.xls' may have been changed by another user since you last saved it. In that case, what do you want to do? There are two options: o Save a copy o Overwrite changes I did a Google search for this and found in the archives of this list that the problem was corrected in Samba 3.0.11 (http://lists.samba.org/archive/samba/2005-January/098341.html), but we're using 3.0.22 - granted the version that comes with SUSE Linux 10.1, but 3.0.22 none the less. Anyone else run into this problem? Microsoft has put out a KB article acknowledging this problem, but they recommend not making any registry changes until one is certain of the underlying cause - I don't know what's causing this! Any help is appreciated. Thank you, --- Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How can I remove these log entries 'Failed to create Users' and 'Failed to create Administrators'
Hi, I have a very small setup, one XP/clinet and one Vista/client and a Ubuntu/samba server. I like to cleanup my log.smbd but I can't figure out how! I have everything up and running and I can access the share's from the XP client. I googled around and it seems that I should bind some Windows group/user against Unix group/users with something like 'net groupmap add rid=2512 ntgroup='Domain Admins' unixgroup='Domain Admins'' Do I relay need all this stuff? It seems like it's overkill, can shut down somthing and get rid of the error. /Pelle log.smbd 2007/12/27 19:46:49, 0] smbd/server.c:main(944) smbd version 3.0.26a started. Copyright Andrew Tridgell and the Samba Team 1992-2007 [2007/12/27 19:46:49, 0] printing/pcap.c:pcap_cache_reload(159) Unable to open printcap file /etc/printcap for read! [2007/12/27 19:46:49, 0] printing/pcap.c:pcap_cache_reload(159) Unable to open printcap file /etc/printcap for read! [2007/12/27 19:46:51, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/12/27 19:46:51, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2007/12/27 19:46:51, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/12/27 19:46:51, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users smb.conf [global] socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 workgroup = WORKGROUP server string = Samba %v %h dns proxy = yes name resolve order = lmhosts host interfaces = eth0 127.0.0.1/8 disable netbios = no invalid users = root guest ok = no browseable = No bind interfaces only = true log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam:/etc/samba/private/passdb.tdb obey pam restrictions = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *passwd:*password\supdated\ssuccessfully* . idmap uid = 1-2 idmap gid = 1-2 include = /etc/samba/include/smb.conf.per-machine.%m [Test] comment = Test disk 1GB browseable = Yes writable = yes locking = no path = /srv/disk-003 create mask = 0777 directory mask = 0777 [homes] comment = %u's Home Directory browseable = No writable = yes create mask = 0700 directory mask = 0777 _ Trött på krångliga mejladresser? Skaffa en live.se-adress här! http://get.live.com/mail/options-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printer admin option replacement on stand alone (not domain) print server running version 3.0.25
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Since 3.0.11, privileges have been the way to assign print operator abilities. You need enable privileges = yes in your smb.conf (a funny anecdote -- this one bit me about a week ago and I went searching on Google; I found myself providing this very answer to someone two years ago). At any rate, I don't know that those work on workgroups and domains alike. You could probably find out in the manual, though. Vickie L. Kidder wrote: I'm trying to upload print drivers to a stand-alone samba server running version 3.0.25. The server is part of a workgroup (not domain). My log files show messages that it cannot update the driver. Before I had the printer admin option set in my smb.conf file to allow a non-root user to do the printer admin and everything worked fine. I have read the Samba How To Notes section on important changes since 3.x, it says the following. Group mappings are essential only if the Samba server is running as a PDC/BDC. Stand-alone servers do not require these group mappings.. Can anyone help me to understand what I need to do to allow a non-root user to perform printer admin functions on a stand-alone server? - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdBJcmb+gadEcsb4RAowyAJ9ZC54wbPgrWtt/+8YF3wM9tH9/iwCfQDxd Pzqgd4by2EdK1zHmvC/aA7I= =kUdl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How can I remove these log entries 'Failed to create Users' and 'Failed to create Admini
No I don't think I need winbind. As I understand it's for maintaining users and passwords from one administrative point. I can live without that. Is it only to find where the winbind daemon is started and disable that or? /Pelle Date: Thu, 27 Dec 2007 14:08:41 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Samba] How can I remove these log entries 'Failed to create Users' and 'Failed to create Administrators' Pelle, I believe that error message derives from winbind. Do you need winbind for your setup? If you are able to do away with winbind, you also will not need the two idmap parameters in your conf file. Dale Pelle Svensson wrote: Hi, I have a very small setup, one XP/clinet and one Vista/client and a Ubuntu/samba server. I like to cleanup my log.smbd but I can't figure out how! I have everything up and running and I can access the share's from the XP client. I googled around and it seems that I should bind some Windows group/user against Unix group/users with something like 'net groupmap add rid=2512 ntgroup='Domain Admins' unixgroup='Domain Admins'' Do I relay need all this stuff? It seems like it's overkill, can shut down somthing and get rid of the error. /Pelle log.smbd 2007/12/27 19:46:49, 0] smbd/server.c:main(944) smbd version 3.0.26a started. Copyright Andrew Tridgell and the Samba Team 1992-2007 [2007/12/27 19:46:49, 0] printing/pcap.c:pcap_cache_reload(159) Unable to open printcap file /etc/printcap for read! [2007/12/27 19:46:49, 0] printing/pcap.c:pcap_cache_reload(159) Unable to open printcap file /etc/printcap for read! [2007/12/27 19:46:51, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/12/27 19:46:51, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2007/12/27 19:46:51, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/12/27 19:46:51, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users smb.conf [global] socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 workgroup = WORKGROUP server string = Samba %v %h dns proxy = yes name resolve order = lmhosts host interfaces = eth0 127.0.0.1/8 disable netbios = no invalid users = root guest ok = no browseable = No bind interfaces only = true log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam:/etc/samba/private/passdb.tdb obey pam restrictions = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *passwd:*password\supdated\ssuccessfully* . idmap uid = 1-2 idmap gid = 1-2 include = /etc/samba/include/smb.conf.per-machine.%m [Test] comment = Test disk 1GB browseable = Yes writable = yes locking = no path = /srv/disk-003 create mask = 0777 directory mask = 0777 [homes] comment = %u's Home Directory browseable = No writable = yes create mask = 0700 directory mask = 0777 _ Trött på krångliga mejladresser? Skaffa en live.se-adress här! http://get.live.com/mail/options-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba _ Ladda ner hela Windows Live gratis och upptäck fördelarna! http://get.live.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] printer admin option replacement on stand alone (not domain) print server running version 3.0.25
I'm trying to upload print drivers to a stand-alone samba server running version 3.0.25. The server is part of a workgroup (not domain). My log files show messages that it cannot update the driver. Before I had the printer admin option set in my smb.conf file to allow a non-root user to do the printer admin and everything worked fine. I have read the Samba How To Notes section on important changes since 3.x, it says the following. Group mappings are essential only if the Samba server is running as a PDC/BDC. Stand-alone servers do not require these group mappings.. Can anyone help me to understand what I need to do to allow a non-root user to perform printer admin functions on a stand-alone server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fw: [Samba] printer admin option replacement on stand alone (not domain) print server running version 3.0.25
Thanks to those who responded to my original question. I ran this command and it accepted it after I provided the root password. # net rpc rights grant 'vlkidder' SePrintOperatorPrivilege Checked to see if 'vlkidder' had printer admin privilege and it seems ok. # net rpc rights list accounts Password: BUILTIN\Print Operators No privileges assigned SMBTEST\vlkidder SePrintOperatorPrivilege BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Everyone No privileges assigned After using the Printer Wizard from Windows to upload the driver, it goes through the process of copying the driver files to the [print$] directory, but there is still an error in my log file. _spoolss_addprinterdriver: Failed to send message about upgrading driver []! [2007/12/27 15:59:26, 1] smbd/service.c:close_cnum(1230) vlkidder-06212 (10.1.3.8) closed connection to service print$ I'm trying to upload print drivers to a stand-alone samba server running version 3.0.25. The server is part of a workgroup (not domain). My log files show messages that it cannot update the driver. Before I had the printer admin option set in my smb.conf file to allow a non-root user to do the printer admin and everything worked fine. I have read the Samba How To Notes section on important changes since 3.x, it says the following. Group mappings are essential only if the Samba server is running as a PDC/BDC. Stand-alone servers do not require these group mappings.. Can anyone help me to understand what I need to do to allow a non-root user to perform printer admin functions on a stand-alone server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] print command is ignored after upgrade
I use to have a working custom print command = in my smb.conf until an upgrade to 3.0.28. OS: Suse 10.2 Samba: 3.0.28 Cups: 1.2.7 relevant smb.conf snippet [global] lpq command = lpstat -o%p ldap ssl = no name resolve order = host lmhosts bcast idmap gid = 15000-2 include = /etc/samba/dhcp.conf logon drive = P: map to guest = Bad User public = yes winbind use default domain = Yes realm = CANWEST.IBIGROUP.COM lprm command = cancel %p-%j printer admin = CANWEST\mvanderleest, mvanderleest, admin, administrator, root logon home = \\%L\%U\.9xprofile cups options = raw lpresume command = lp -i %p-%j -H resume print command = /usr/local/bin/printaccountserver.py '%f' '%p' '%m' '%I' '%U' '%u' '%s' '%J' '%z' '%a' printing = sysv server string = SCA040002PS01 password server = 10.120.80.4 idmap uid = 15000-2 queuepause command = disable %p workgroup = CANWEST logon path = \\%L\profiles\.msprofile os level = 65 queueresume command = enable %p lppause command = lp -i %p-%j -H hold printcap name = cups security = ADS usershare allow guests = Yes winbind enum users = yes winbind enum groups = yes [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No #browseable = Yes guest ok = Yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = CANWEST\mvanderleest, mvanderleest, admin, administrator, @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 now testparm reveals: SCA040002PS01:~ # testparm Load smb config files from /etc/samba/smb.conf Can't find include file /etc/samba/dhcp.conf WARNING: The printer admin option is deprecated Processing section [profiles] Processing section [users] Processing section [groups] Processing section [printers] Processing section [print$] Processing section [printclient] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = CANWEST realm = CANWEST.IBIGROUP.COM server string = SCA040002PS01 security = ADS map to guest = Bad User password server = 10.120.80.4 name resolve order = host lmhosts bcast printcap name = cups logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile os level = 65 ldap ssl = no usershare allow guests = Yes idmap uid = 15000-2 idmap gid = 15000-2 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes printer admin = CANWEST\mvanderleest, mvanderleest, admin, administrator, root guest ok = Yes printing = sysv cups options = raw print command = lp -c -d%p %s; rm %s lpq command = lpstat -o%p lprm command = cancel %p-%j lppause command = lp -i %p-%j -H hold lpresume command = lp -i %p-%j -H resume queuepause command = disable %p queueresume command = enable %p include = /etc/samba/dhcp.conf Restared samba, the works and still can't figure out why print command = lp -c -d%p %s; rm %s is showing up as my print command instead of the one specified in the smb.conf file. Any help would be appreciated. Thanks! Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't get users from AD tree
I'm running Samba version Version 3.0.25b-1.el5_1.2 on RH Enterprise Linux 5. I've configured the SMB server to get users from a Windows 2003 Server Active Directory tree. I was able to join the machine to the domain with no problem. Here's the smb.conf [global] idmap gid = 6-9 winbind trusted domains only = yes encrypt passwords = yes show add printer wizard = No winbind use default domain = Yes realm = domain; netbios name = servername; printing = cups idmap uid = 1-5 password server = dcname; workgroup = domain; os level = 20 printcap name = cups security = domain winbind separator = disable spoolss = Yes winbind enum groups = yes winbind enum users = yes My nsswitch.conf has the following; passwd: files winbind shadow: files group: files winbind wbinfo -u and wbinfo-g work well, returning a list of users and groups. However, when I issue 'getent passwd' my winbind log (/var/log/samba/winbindd.log) shows a long list of the following and no users are added to the passwd db; [2007/12/04 12:11:03, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 Also if I run PDBedit -L, I get a long list of the following; build_sam_account: smbpasswd database is corrupt! username joeuser with uid 10350 is not in unix passwd database! Not sure where to go from here. Any help would be appreciated. Jamie Gordon QA Manager WideOrbit [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] You can't make what you can't measure, 'cause you don't know when you've got it made. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] optimizing samba for 2000 users
On Dec 27, 2007 8:39 PM, Aaron J. Zirbes [EMAIL PROTECTED] wrote: Ankush You may wish to use tdbbackup to check, clean and repair your tdb files in case they are corrupt. You should also make sure that smbd, nmbd, and winbindd have all been restarted (Redhat has been known to separate winbindd from the restart process.) You should also check to make sure any samba libraries being used (nss_winbind.so) match the same version as your install base. If you have upgraded samba, but not libnss_wins.so or pam_smbpass.so that can cause issues. Hi, I am not using winbind, users are getting autheticated through ldap server which is running on windows. Regards Ankush -- Aaron Ankush Grover wrote: Hi Friends, I am running samba on RHEL 4.4 64 bit server on HP Proliant AMD Opteron(tm) Processor 254 with 4GB RAM.There are about 2000 users who access samba shares for ex their home directories through ldap authentication. Most of the users are using Windows XP SP2 For last few days we are seeing some errors in the logs file and samba shares have become difficult to access. fs1-3 smbd[4540]: [2007/12/27 15:00:32, 0] auth/auth_domain.c:domain_client_validate(199) fs1-3 smbd[4540]: domain_client_validate: unable to validate password for user ankush in domain testing to Domain controller \\DC. Error was NT_STATUS_WRONG_PASSWORD. Dec 27 15:28:49 fs1-3 smbd[17243]: Error writing 4 bytes to client. -1. (Connection reset by peer) Dec 27 15:28:49 fs1-3 smbd[17420]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17421]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17541]: [2007/12/27 15:28:49, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:49 fs1-3 smbd[17422]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17423]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17424]: write_socket: Error writing 322 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:49 fs1-3 smbd[17217]: [2007/12/27 15:28:49, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:49 fs1-3 smbd[17538]: [2007/12/27 15:28:49, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:49 fs1-3 smbd[17377]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:29:01 fs1-3 smbd[17563]: [2007/12/27 15:29:01, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:49 fs1-3 smbd[17207]: [2007/12/27 15:28:49, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17220]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17380]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17381]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17222]: [2007/12/27 15:28:50, 0] lib/util_sock.c:send_smb(647) Dec 27 15:28:50 fs1-3 smbd[17383]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17219]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17504]: getpeername failed. Error was Transport endpoint is not connected Dec 27 15:28:50 fs1-3 smbd[17384]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17428]: [2007/12/27 15:28:50, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:50 fs1-3 smbd[17509]: getpeername failed. Error was Transport endpoint is not connected Dec 27 15:28:50 fs1-3 smbd[17448]: [2007/12/27 15:28:50, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:50 fs1-3 smbd[17386]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb Dec 27 15:28:50 fs1-3 smbd[17223]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:29:01 fs1-3 smbd[17223]: write_socket: Error writing 122 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:29:01 fs1-3 smbd[17223]: [2007/12/27 15:29:01, 0] lib/util_sock.c:send_smb(647) Dec 27 15:28:50 fs1-3 smbd[17481]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17429]: [2007/12/27 15:28:50, 0] lib/util_sock.c:get_peer_addr(1000) Dec 27 15:28:50 fs1-3 smbd[17483]: [2007/12/27 15:28:50, 0] lib/util_sock.c:write_socket(455) Dec 27 15:28:50 fs1-3 smbd[17435]: write_socket: Error writing 171 bytes to socket 5: ERRNO = Connection reset by peer Dec 27 15:28:50 fs1-3 smbd[17486]: [2007/12/27 15:28:50, 0]
[Samba] auditing changes in shares
Hello All, Just wanna ask: is there any way to track the changes made to a certain file on a samba share? e.g. Dec. 1 -- file.txt created by user Dec. 2 -- file.txt read by user : Dec. 10 -- file.txt modified by user : Dec. 30 -- file.txt deleted by user ... Is there some sort of parser that can analyze the samba logs, and come up with a report like this? tia Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auditing changes in shares
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 plug bert wrote: Hello All, Just wanna ask: is there any way to track the changes made to a certain file on a samba share? e.g. Dec. 1 -- file.txt created by user Dec. 2 -- file.txt read by user : Dec. 10 -- file.txt modified by user : Dec. 30 -- file.txt deleted by user ... Is there some sort of parser that can analyze the samba logs, and come up with a report like this? Look for docs on the audit vfs module. - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdJZYmb+gadEcsb4RAiyRAJ9qtlmIGXQL+rp99IlItVwJ8vbXMACdGko6 /pghMTIkpUAJvG20eL+mxDE= =CZnn -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Auditing files on samba shares
Hello All, Just wanna ask: is there any way to track the changes made to a certain file on a samba share? e.g. Dec. 1 -- file.txt created by user Dec. 2 -- file.txt read by user : Dec. 10 -- file.txt modified by user : Dec. 30 -- file.txt deleted by user ... Is there some sort of parser that can analyze the samba logs, and come up with a report like this? tia Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-919-ge86d027
The branch, v3-2-test has been updated via e86d027823c85173c64e7b85406e98f6f7345b10 (commit) from d67b2634068be9c69082a2b8c22c831aba371cd9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit e86d027823c85173c64e7b85406e98f6f7345b10 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Dec 27 10:18:22 2007 -0800 Add CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP capability to our reported caps. Jeremy. --- Summary of changes: source/include/trans2.h |3 ++- source/smbd/trans2.c|6 +- 2 files changed, 7 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/trans2.h b/source/include/trans2.h index 8ed075d..3759d59 100644 --- a/source/include/trans2.h +++ b/source/include/trans2.h @@ -530,7 +530,8 @@ findfirst/findnext is SMB_FIND_FILE_UNIX_INFO2. #define CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP 0x20 /* We can cope with POSIX open/mkdir/unlink etc. */ #define CIFS_UNIX_LARGE_READ_CAP 0x40 /* We can cope with 24 bit reads in readX. */ #define CIFS_UNIX_LARGE_WRITE_CAP 0x80 /* We can cope with 24 bit writes in writeX. */ - +#define CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP 0x100 /* We can do SPNEGO negotiations for encryption. */ +#define CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP0x200 /* We *must* SPNEGO negotiations for encryption. */ #define SMB_QUERY_POSIX_FS_INFO 0x201 diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index 0e34284..5a8fe41 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -2737,7 +2737,10 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n, (unsigned int)bsize, (unsigned data_len = 12; SSVAL(pdata,0,CIFS_UNIX_MAJOR_VERSION); SSVAL(pdata,2,CIFS_UNIX_MINOR_VERSION); - /* We have POSIX ACLs, pathname and locking capability. */ + + /* We have POSIX ACLs, pathname, encryption, +* large read/write, and locking capability. */ + SBIG_UINT(pdata,4,((SMB_BIG_UINT)( CIFS_UNIX_POSIX_ACLS_CAP| CIFS_UNIX_POSIX_PATHNAMES_CAP| @@ -2745,6 +2748,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n, (unsigned int)bsize, (unsigned CIFS_UNIX_EXTATTR_CAP| CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP| CIFS_UNIX_LARGE_READ_CAP| + CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP| (large_write ? CIFS_UNIX_LARGE_WRITE_CAP : 0; break; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-920-g51448a9
The branch, v3-2-test has been updated via 51448a9dca95de9d35dd8eea68fde2554cb69921 (commit) from e86d027823c85173c64e7b85406e98f6f7345b10 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 51448a9dca95de9d35dd8eea68fde2554cb69921 Author: Volker Lendecke [EMAIL PROTECTED] Date: Thu Dec 27 17:41:19 2007 +0100 Wrap the DEBUG checks in a unlikely On my Laptop with some limited netbench runs this gains about 1.5% of performance. When looking at the assembler output I would suspect the biggest gain is by the fact that with this in place the calls to the debug functions is moved to the function end, out of the way of the normal code paths. valgrind tests pending I would suspect this to be much more cache friendly. Comments? Volker --- Summary of changes: source/include/debug.h | 27 +-- 1 files changed, 21 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/debug.h b/source/include/debug.h index 46e5620..41d1c82 100644 --- a/source/include/debug.h +++ b/source/include/debug.h @@ -161,9 +161,24 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; * will remove the extra conditional test. */ +/* + * From talloc.c: + */ + +/* these macros gain us a few percent of speed on gcc */ +#if (__GNUC__ = 3) +/* the strange !! is to ensure that __builtin_expect() takes either 0 or 1 + as its first argument */ +#define likely(x) __builtin_expect(!!(x), 1) +#define unlikely(x) __builtin_expect(!!(x), 0) +#else +#define likely(x) x +#define unlikely(x) x +#endif + #define DEBUGLVL( level ) \ ( ((level) = MAX_DEBUG_LEVEL) \ - ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] = (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ DBGC_CLASS ] = (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] \ DEBUGLEVEL_CLASS[ DBGC_ALL ] = (level)) ) \ dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) ) ) @@ -171,7 +186,7 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; #define DEBUGLVLC( dbgc_class, level ) \ ( ((level) = MAX_DEBUG_LEVEL) \ - ((DEBUGLEVEL_CLASS[ dbgc_class ] = (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ dbgc_class ] = (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] \ DEBUGLEVEL_CLASS[ DBGC_ALL ] = (level)) ) \ dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) ) ) @@ -179,7 +194,7 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; #define DEBUG( level, body ) \ (void)( ((level) = MAX_DEBUG_LEVEL) \ - ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] = (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ DBGC_CLASS ] = (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] \ DEBUGLEVEL_CLASS[ DBGC_ALL ] = (level)) ) \ (dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) )) \ @@ -187,7 +202,7 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; #define DEBUGC( dbgc_class, level, body ) \ (void)( ((level) = MAX_DEBUG_LEVEL) \ - ((DEBUGLEVEL_CLASS[ dbgc_class ] = (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ dbgc_class ] = (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] \ DEBUGLEVEL_CLASS[ DBGC_ALL ] = (level)) ) \ (dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) )) \ @@ -195,14 +210,14 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; #define DEBUGADD( level, body ) \ (void)( ((level) = MAX_DEBUG_LEVEL) \ - ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] = (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ DBGC_CLASS ] = (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] \ DEBUGLEVEL_CLASS[ DBGC_ALL ] = (level)) ) \ (dbgtext body) ) #define DEBUGADDC( dbgc_class, level, body ) \ (void)( ((level) = MAX_DEBUG_LEVEL) \ - ((DEBUGLEVEL_CLASS[ dbgc_class ] = (level))|| \ + unlikely((DEBUGLEVEL_CLASS[ dbgc_class ] = (level))|| \ (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] \ DEBUGLEVEL_CLASS[ DBGC_ALL ] = (level)) ) \ (dbgtext body) ) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-922-gef75dcc
The branch, v3-2-test has been updated via ef75dcc9ffda85d77c8f22d0db702efbf8e642ed (commit) via 7fb858b350856d626fed6f062029fcf09b8251e2 (commit) from 51448a9dca95de9d35dd8eea68fde2554cb69921 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit ef75dcc9ffda85d77c8f22d0db702efbf8e642ed Author: Volker Lendecke [EMAIL PROTECTED] Date: Thu Dec 27 21:30:15 2007 +0100 Remove a silly static commit 7fb858b350856d626fed6f062029fcf09b8251e2 Author: Volker Lendecke [EMAIL PROTECTED] Date: Thu Dec 27 19:56:44 2007 +0100 Fix the build --- Summary of changes: source/rpc_server/srv_srvsvc_nt.c | 12 ++-- source/smbd/aio.c |5 +++-- 2 files changed, 9 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_server/srv_srvsvc_nt.c b/source/rpc_server/srv_srvsvc_nt.c index 3cc2472..842a28c 100644 --- a/source/rpc_server/srv_srvsvc_nt.c +++ b/source/rpc_server/srv_srvsvc_nt.c @@ -870,13 +870,11 @@ static void init_srv_sess_info_0(pipes_struct *p, SRV_SESS_INFO_0 *ss0, uint32 * /*** / -/* global needed to make use of the share_mode_forall() callback */ -static struct sess_file_count s_file_cnt; - static void sess_file_fn( const struct share_mode_entry *e, - const char *sharepath, const char *fname, void *state ) + const char *sharepath, const char *fname, + void *data ) { - struct sess_file_count *sess = s_file_cnt; + struct sess_file_count *sess = (struct sess_file_count *)data; if ( procid_equal(e-pid, sess-pid) (sess-uid == e-uid) ) { sess-count++; @@ -890,11 +888,13 @@ static void sess_file_fn( const struct share_mode_entry *e, static int net_count_files( uid_t uid, struct server_id pid ) { + struct sess_file_count s_file_cnt; + s_file_cnt.count = 0; s_file_cnt.uid = uid; s_file_cnt.pid = pid; - share_mode_forall( sess_file_fn, NULL ); + share_mode_forall( sess_file_fn, s_file_cnt ); return s_file_cnt.count; } diff --git a/source/smbd/aio.c b/source/smbd/aio.c index f13393b..a439c3a 100644 --- a/source/smbd/aio.c +++ b/source/smbd/aio.c @@ -496,7 +496,7 @@ static int handle_aio_write_complete(struct aio_extra *aio_ex) } ret = errno; - ERROR_BOTH(ERRHRD, ERRdiskfull, map_nt_error_from_unix(ret)); + ERROR_BOTH(map_nt_error_from_unix(ret), ERRHRD, ERRdiskfull); srv_set_message(inbuf,outbuf,0,0,true); } else { bool write_through = BITSETW(aio_ex-inbuf+smb_vwv7,0); @@ -514,7 +514,8 @@ static int handle_aio_write_complete(struct aio_extra *aio_ex) status = sync_file(fsp-conn,fsp, write_through); if (!NT_STATUS_IS_OK(status)) { ret = errno; - ERROR_BOTH(ERRHRD, ERRdiskfull, map_nt_error_from_unix(ret)); + ERROR_BOTH(map_nt_error_from_unix(ret), + ERRHRD, ERRdiskfull); srv_set_message(inbuf,outbuf,0,0,true); DEBUG(5,(handle_aio_write: sync_file for %s returned %s\n, fsp-fsp_name, nt_errstr(status) )); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-923-g1e07368
The branch, v3-2-test has been updated via 1e07368b5f96e4ada622682e38d260eb0c6185f2 (commit) from ef75dcc9ffda85d77c8f22d0db702efbf8e642ed (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 1e07368b5f96e4ada622682e38d260eb0c6185f2 Author: Volker Lendecke [EMAIL PROTECTED] Date: Fri Dec 28 00:12:14 2007 +0100 Fix the non-gcc branch of likely --- Summary of changes: source/include/debug.h |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/debug.h b/source/include/debug.h index 41d1c82..284671c 100644 --- a/source/include/debug.h +++ b/source/include/debug.h @@ -172,8 +172,8 @@ extern bool *DEBUGLEVEL_CLASS_ISSET; #define likely(x) __builtin_expect(!!(x), 1) #define unlikely(x) __builtin_expect(!!(x), 0) #else -#define likely(x) x -#define unlikely(x) x +#define likely(x) (x) +#define unlikely(x) (x) #endif #define DEBUGLVL( level ) \ -- Samba Shared Repository
svn commit: samba r26614 - in branches/SAMBA_4_0: . source/scripting/python/samba
Author: jelmer Date: 2007-12-27 23:31:42 + (Thu, 27 Dec 2007) New Revision: 26614 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26614 Log: Fix options parsing for credentials in Python. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/scripting/python/samba/getopt.py Changeset: Property changes on: branches/SAMBA_4_0 ___ Name: bzr:revision-info ...skipped... Name: bzr:revision-id:v3-trunk0 ...skipped... Modified: branches/SAMBA_4_0/source/scripting/python/samba/getopt.py === --- branches/SAMBA_4_0/source/scripting/python/samba/getopt.py 2007-12-27 07:47:11 UTC (rev 26613) +++ branches/SAMBA_4_0/source/scripting/python/samba/getopt.py 2007-12-27 23:31:42 UTC (rev 26614) @@ -35,12 +35,24 @@ class CredentialsOptions(optparse.OptionGroup): def __init__(self, parser): optparse.OptionGroup.__init__(self, parser, Credentials Options) -self.add_option(--simple-bind-dn, type=string, metavar=DN, +self.add_option(--simple-bind-dn, metavar=DN, action=callback, +callback=self.set_simple_bind_dn, type=str, help=DN to use for a simple bind) -self.add_option(--password, type=string, metavar=PASSWORD, -help=Password) +self.add_option(--password, metavar=PASSWORD, action=callback, +help=Password, type=str, callback=self.set_password) +self.add_option(-U, --username, metavar=USERNAME, +action=callback, type=str, +help=username, callback=self.parse_username) +self.creds = Credentials() +def parse_username(self, option, opt_str, arg, parser): +self.creds.parse_string(arg) + +def set_password(self, option, opt_str, arg, parser): +self.creds.set_password(arg) + +def set_simple_bind_dn(self, option, opt_str, arg, parser): +self.creds.set_simple_bind_dn(arg) + def get_credentials(self): -creds = Credentials() -# FIXME: Update -return creds +return self.creds
svn commit: samba r26615 - in branches/SAMBA_4_0: . source/lib/ldb/tests/python
Author: jelmer Date: 2007-12-27 23:31:54 + (Thu, 27 Dec 2007) New Revision: 26615 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26615 Log: Fix Python syntax Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/lib/ldb/tests/python/ldap.py Changeset: Sorry, the patch is too large (1988 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26615
Build status as of Fri Dec 28 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-12-27 00:00:32.0 + +++ /home/build/master/cache/broken_results.txt 2007-12-28 00:01:02.0 + @@ -1,4 +1,4 @@ -Build status as of Thu Dec 27 00:00:02 2007 +Build status as of Fri Dec 28 00:00:02 2007 Build counts: Tree Total Broken Panic @@ -16,7 +16,7 @@ rsync27 9 0 samba-docs 0 0 0 samba-gtk4 4 0 -samba4 24 18 2 +samba4 24 14 2 samba_3_21 0 0 samba_3_2_test 25 14 0 smb-build25 5 0
svn commit: samba r26616 - in branches/SAMBA_4_0: . source/scripting/python/samba source/scripting/python/samba/tests
Author: jelmer Date: 2007-12-27 23:31:59 + (Thu, 27 Dec 2007) New Revision: 26616 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26616 Log: Support parsing of user data in SAmba 3 tdbsam. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/scripting/python/samba/getopt.py branches/SAMBA_4_0/source/scripting/python/samba/samba3.py branches/SAMBA_4_0/source/scripting/python/samba/tests/samba3.py branches/SAMBA_4_0/source/scripting/python/samba/upgrade.py Changeset: Property changes on: branches/SAMBA_4_0 ___ Name: bzr:revision-info ...skipped... Name: bzr:revision-id:v3-trunk0 ...skipped... Modified: branches/SAMBA_4_0/source/scripting/python/samba/getopt.py === --- branches/SAMBA_4_0/source/scripting/python/samba/getopt.py 2007-12-27 23:31:54 UTC (rev 26615) +++ branches/SAMBA_4_0/source/scripting/python/samba/getopt.py 2007-12-27 23:31:59 UTC (rev 26616) @@ -23,7 +23,7 @@ class SambaOptions(optparse.OptionGroup): def __init__(self, parser): optparse.OptionGroup.__init__(self, parser, Samba Common Options) -self.add_option(--configfile, type=string, metavar=FILE, +self.add_option(-s, --configfile, type=string, metavar=FILE, help=Configuration file) Modified: branches/SAMBA_4_0/source/scripting/python/samba/samba3.py === --- branches/SAMBA_4_0/source/scripting/python/samba/samba3.py 2007-12-27 23:31:54 UTC (rev 26615) +++ branches/SAMBA_4_0/source/scripting/python/samba/samba3.py 2007-12-27 23:31:59 UTC (rev 26616) @@ -324,7 +324,8 @@ domain=None, dir_drive=None, munged_dial=None, homedir=None, logon_script=None, profile_path=None, workstations=None, kickoff_time=None, bad_password_time=None, pass_last_set_time=None, pass_can_change_time=None, pass_must_change_time=None, - user_rid=None): + user_rid=None, unknown_6=None, nt_password_history=None, + unknown_str=None, hours=None, logon_divs=None): self.username = name self.uid = uid self.lm_password = lm_password @@ -351,38 +352,17 @@ self.pass_can_change_time = pass_can_change_time self.pass_must_change_time = pass_must_change_time self.user_rid = user_rid +self.unknown_6 = unknown_6 +self.nt_password_history = nt_password_history +self.unknown_str = unknown_str +self.hours = hours +self.logon_divs = logon_divs def __eq__(self, other): if not isinstance(other, SAMUser): return False -return (self.username == other.username and -self.uid == other.uid and -self.lm_password == other.lm_password and -self.nt_password == other.nt_password and -self.acct_ctrl == other.acct_ctrl and -self.pass_last_set_time == other.pass_last_set_time and -self.nt_username == other.nt_username and -self.fullname == other.fullname and -self.logon_time == other.logon_time and -self.logoff_time == other.logoff_time and -self.acct_desc == other.acct_desc and -self.group_rid == other.group_rid and -self.bad_password_count == other.bad_password_count and -self.logon_count == other.logon_count and -self.domain == other.domain and -self.dir_drive == other.dir_drive and -self.munged_dial == other.munged_dial and -self.homedir == other.homedir and -self.logon_script == other.logon_script and -self.profile_path == other.profile_path and -self.workstations == other.workstations and -self.kickoff_time == other.kickoff_time and -self.bad_password_time == other.bad_password_time and -self.pass_can_change_time == other.pass_can_change_time and -self.pass_must_change_time == other.pass_must_change_time and -self.user_rid == other.user_rid) +return self.__dict__ == other.__dict__ - class SmbpasswdFile: def __init__(self, file): self.users = {} @@ -451,7 +431,7 @@ class TdbSam: def __init__(self, file): self.tdb = tdb.Tdb(file, flags=os.O_RDONLY) -self.version = self.tdb.fetch_uint32(INFO/version) or 0 +self.version = self.tdb.fetch_uint32(INFO/version\0) or 0 assert self.version in (0, 1, 2) def usernames(self): @@ -463,41 +443,82 @@ def __getitem__(self, name): data = self.tdb[%s%s\0 % (TDBSAM_USER_PREFIX, name)] +user = SAMUser(name)
svn commit: samba r26617 - in branches/SAMBA_4_0: . source/lib/ldb/tests/python
Author: jelmer Date: 2007-12-27 23:32:05 + (Thu, 27 Dec 2007) New Revision: 26617 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26617 Log: Load smb.conf. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/lib/ldb/tests/python/ldap.py Changeset: Property changes on: branches/SAMBA_4_0 ___ Name: bzr:revision-info ...skipped... Name: bzr:revision-id:v3-trunk0 ...skipped... Modified: branches/SAMBA_4_0/source/lib/ldb/tests/python/ldap.py === --- branches/SAMBA_4_0/source/lib/ldb/tests/python/ldap.py 2007-12-27 23:31:59 UTC (rev 26616) +++ branches/SAMBA_4_0/source/lib/ldb/tests/python/ldap.py 2007-12-27 23:32:05 UTC (rev 26617) @@ -12,6 +12,7 @@ from auth import system_session from samba import Ldb +import param parser = optparse.OptionParser(ldap [options] host) parser.add_option_group(options.SambaOptions(parser)) @@ -28,6 +29,10 @@ host = args[0] +lp = param.LoadParm() +if opts.configfile: +lp.load(opts.configfile) + def assertEquals(a1, a2): assert a1 == a2 @@ -951,7 +956,8 @@ return res[0].schemaNamingContext -ldb = Ldb(ldap://%s; % host, credentials=creds, session_info=system_session()) +ldb = Ldb(ldap://%s; % host, credentials=creds, session_info=system_session(), + lp=lp) base_dn = find_basedn(ldb) configuration_dn = find_configurationdn(ldb) @@ -960,7 +966,7 @@ print baseDN: %s\n % base_dn gc_ldb = Ldb(ldap://%s:3268; % host, credentials=creds, - session_info=system_session()) + session_info=system_session(), lp=lp) basic_tests(ldb, gc_ldb, base_dn, configuration_dn, schema_dn) basedn_tests(ldb, gc_ldb)
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-924-gdf7e447
The branch, v3-2-test has been updated via df7e447623ac03d81bec384f5cfe83c3976cf7b2 (commit) from 1e07368b5f96e4ada622682e38d260eb0c6185f2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit df7e447623ac03d81bec384f5cfe83c3976cf7b2 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Dec 27 16:54:07 2007 -0800 Add smb encrypt parameter. Can be set to no, yes, required. Currently if set required this is not enforced. I'll be adding that soon. Jeremy. --- Summary of changes: source/param/loadparm.c |4 source/smbd/trans2.c| 25 - 2 files changed, 28 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/param/loadparm.c b/source/param/loadparm.c index 7186d4f..16e9372 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -472,6 +472,7 @@ typedef struct { int iAioWriteSize; int iMap_readonly; int iDirectoryNameCacheSize; + int ismb_encrypt; param_opt_struct *param_opt; char dummy[3]; /* for alignment */ @@ -617,6 +618,7 @@ static service sDefault = { #else 100,/* iDirectoryNameCacheSize */ #endif + Auto, /* ismb_encrypt */ NULL, /* Parametric options */ /* dummy */ @@ -1027,6 +1029,7 @@ static struct parm_struct parm_table[] = { {use spnego, P_BOOL, P_GLOBAL, Globals.bUseSpnego, NULL, NULL, FLAG_ADVANCED}, {client signing, P_ENUM, P_GLOBAL, Globals.client_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, {server signing, P_ENUM, P_GLOBAL, Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, + {smb encrypt, P_ENUM, P_LOCAL, sDefault.ismb_encrypt, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, {client use spnego, P_BOOL, P_GLOBAL, Globals.bClientUseSpnego, NULL, NULL, FLAG_ADVANCED}, {client ldap sasl wrapping, P_ENUM, P_GLOBAL, Globals.client_ldap_sasl_wrapping, NULL, enum_ldap_sasl_wrapping, FLAG_ADVANCED}, {enable asu support, P_BOOL, P_GLOBAL, Globals.bASUSupport, NULL, NULL, FLAG_ADVANCED}, @@ -2173,6 +2176,7 @@ FN_LOCAL_INTEGER(lp_aio_read_size, iAioReadSize) FN_LOCAL_INTEGER(lp_aio_write_size, iAioWriteSize) FN_LOCAL_INTEGER(lp_map_readonly, iMap_readonly) FN_LOCAL_INTEGER(lp_directory_name_cache_size, iDirectoryNameCacheSize) +FN_LOCAL_INTEGER(lp_smb_encrypt, ismb_encrypt) FN_LOCAL_CHAR(lp_magicchar, magic_char) FN_GLOBAL_INTEGER(lp_winbind_cache_time, Globals.winbind_cache_time) FN_GLOBAL_LIST(lp_winbind_nss_info, Globals.szWinbindNssInfo) diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index 5a8fe41..ee47871 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -2729,11 +2729,27 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n, (unsigned int)bsize, (unsigned { bool large_write = lp_min_receive_file_size() !srv_is_signing_active(); + int encrypt_caps = 0; if (!lp_unix_extensions()) { reply_nterror(req, NT_STATUS_INVALID_LEVEL); return; } + + switch (lp_smb_encrypt(SNUM(conn))) { + case 0: + encrypt_caps = 0; + break; + case 1: + case Auto: + encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP; + break; + case Required: + encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP| + CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP; + break; + } + data_len = 12; SSVAL(pdata,0,CIFS_UNIX_MAJOR_VERSION); SSVAL(pdata,2,CIFS_UNIX_MINOR_VERSION); @@ -2748,7 +2764,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n, (unsigned int)bsize, (unsigned CIFS_UNIX_EXTATTR_CAP| CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP| CIFS_UNIX_LARGE_READ_CAP| - CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP| + encrypt_caps| (large_write ? CIFS_UNIX_LARGE_WRITE_CAP : 0; break; @@ -3016,6 +3032,13 @@ cap_low = 0x%x, cap_high = 0x%x\n,
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-925-g2135dfe
The branch, v3-2-test has been updated via 2135dfe91bf1ae114a18c15286b535662200677d (commit) from df7e447623ac03d81bec384f5cfe83c3976cf7b2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 2135dfe91bf1ae114a18c15286b535662200677d Author: Volker Lendecke [EMAIL PROTECTED] Date: Thu Dec 27 21:31:08 2007 +0100 Fix setting the initial permission bits This fixes a make test failure on Solaris. When creating a new file, file_set_dosmode() called from open_file_ntcreate calculates a new permission mask, very likely different from what had been calculated in open_file_ntcreate. Further down we overwrote the newly calculated value with SMB_FCHMOD_ACL, ignoring what file_set_dosmode had calculated. Why did Linux not see this? fchmod_acl on a newly created file without acls would not retrieve an acl at all, whereas under Solaris acl(2) returns something even for files with just posix permissions returns something. Jeremy, given that we have very similar code in 3.0.28 this might also explain some of the bug reports that people have concerning ACLs on new files. Volker P.S: This one took a while to find... --- Summary of changes: source/smbd/dosmode.c | 18 -- source/smbd/open.c| 13 + 2 files changed, 25 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/dosmode.c b/source/smbd/dosmode.c index 8e3c9b4..a96f80e 100644 --- a/source/smbd/dosmode.c +++ b/source/smbd/dosmode.c @@ -438,12 +438,19 @@ int file_set_dosmode(connection_struct *conn, const char *fname, dosmode = SAMBA_ATTRIBUTES_MASK; DEBUG(10,(file_set_dosmode: setting dos mode 0x%x on file %s\n, dosmode, fname)); - if (!st || (st !VALID_STAT(*st))) { + + if (st == NULL) { + SET_STAT_INVALID(st1); st = st1; + } + + if (!VALID_STAT(*st)) { if (SMB_VFS_STAT(conn,fname,st)) return(-1); } + unixmode = st-st_mode; + get_acl_group_bits(conn, fname, st-st_mode); if (S_ISDIR(st-st_mode)) @@ -451,8 +458,10 @@ int file_set_dosmode(connection_struct *conn, const char *fname, else dosmode = ~aDIR; - if (dos_mode(conn,fname,st) == dosmode) + if (dos_mode(conn,fname,st) == dosmode) { + st-st_mode = unixmode; return(0); + } /* Store the DOS attributes in an EA by preference. */ if (set_ea_dos_attribute(conn, fname, st, dosmode)) { @@ -460,6 +469,7 @@ int file_set_dosmode(connection_struct *conn, const char *fname, notify_fname(conn, NOTIFY_ACTION_MODIFIED, FILE_NOTIFY_CHANGE_ATTRIBUTES, fname); } + st-st_mode = unixmode; return 0; } @@ -500,6 +510,7 @@ int file_set_dosmode(connection_struct *conn, const char *fname, notify_fname(conn, NOTIFY_ACTION_MODIFIED, FILE_NOTIFY_CHANGE_ATTRIBUTES, fname); } + st-st_mode = unixmode; return 0; } @@ -534,6 +545,9 @@ int file_set_dosmode(connection_struct *conn, const char *fname, notify_fname(conn, NOTIFY_ACTION_MODIFIED, FILE_NOTIFY_CHANGE_ATTRIBUTES, fname); } + if (ret == 0) { + st-st_mode = unixmode; + } } return( ret ); diff --git a/source/smbd/open.c b/source/smbd/open.c index f30808b..d3ba9e0 100644 --- a/source/smbd/open.c +++ b/source/smbd/open.c @@ -1864,10 +1864,15 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, if (lp_map_archive(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) { if (!posix_open) { - file_set_dosmode(conn, fname, -new_dos_attributes | aARCH, NULL, -parent_dir, -true); + SMB_STRUCT_STAT tmp_sbuf; + SET_STAT_INVALID(tmp_sbuf); + if (file_set_dosmode( + conn, fname, + new_dos_attributes | aARCH, + tmp_sbuf, parent_dir, + true) == 0) { + unx_mode = tmp_sbuf.st_mode; + } } } } -- Samba