RE: [Samba] Urgent... winbind and keytab file creation
Hi again and I really apreciate all your help. Thanks. By the way I was just reading a book called Using Samba yesterday. While looking at the book cover I fell over the name Gerarld Carter what a small world. :) It's a great book. Couldn't stop reading. I found that with the command net ads keytab add NFS. maybe that will solve the problem? I will give it a try and also append the prefered enctypes to krb5.conf. Regards, Oli -Original Message- From: simo [mailto:[EMAIL PROTECTED] Sent: 02 April 2008 17:47 To: Gerald (Jerry) Carter Cc: Oliver Weinmann; samba@lists.samba.org Subject: Re: [Samba] Urgent... winbind and keytab file creation On Wed, 2008-04-02 at 10:39 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: Ok. i got it. I had to change the parameter for: krb5_ccache_type = FILE now the users get a cached ticket at login. COOL :) but when the automount daemon tries to mount their home it fails: Apr 2 16:41:09 rhel4wbtest2 rpc.gssd[1793]: WARNING: Failed to create krb5 context for user with uid 82967 for server ds-san-02.vegagroup.net Apr 2 16:41:12 rhel4wbtest2 rpc.gssd[1793]: rpcsec_gss: gss_init_sec_context: (major) Miscellaneous failure - (minor) No credentials found with supported encryption types I expect the nfsv4 service is trying to use 3des or aes. I always set these enc types in /etc/krb5.conf [libdefaults] default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC Currently linux nfs server requires that both server and client use ONLY des keys Any other combination will simply fail. There are kernel patches reaching upstream that are adding 3des and aes but not yet rc4-hmac IIRC. Simo. -- Simo Sorce Samba Team GPL Compliance Officer [EMAIL PROTECTED] Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Urgent... winbind and keytab file creation
Hi, the server is not linux. It's a NETAPP Filer. Regards, Oli -Original Message- From: simo [mailto:[EMAIL PROTECTED] Sent: 02 April 2008 17:47 To: Gerald (Jerry) Carter Cc: Oliver Weinmann; samba@lists.samba.org Subject: Re: [Samba] Urgent... winbind and keytab file creation On Wed, 2008-04-02 at 10:39 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: Ok. i got it. I had to change the parameter for: krb5_ccache_type = FILE now the users get a cached ticket at login. COOL :) but when the automount daemon tries to mount their home it fails: Apr 2 16:41:09 rhel4wbtest2 rpc.gssd[1793]: WARNING: Failed to create krb5 context for user with uid 82967 for server ds-san-02.vegagroup.net Apr 2 16:41:12 rhel4wbtest2 rpc.gssd[1793]: rpcsec_gss: gss_init_sec_context: (major) Miscellaneous failure - (minor) No credentials found with supported encryption types I expect the nfsv4 service is trying to use 3des or aes. I always set these enc types in /etc/krb5.conf [libdefaults] default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC Currently linux nfs server requires that both server and client use ONLY des keys Any other combination will simply fail. There are kernel patches reaching upstream that are adding 3des and aes but not yet rc4-hmac IIRC. Simo. -- Simo Sorce Samba Team GPL Compliance Officer [EMAIL PROTECTED] Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] what is the meaning of number in make_connection_snum() ?
On Thu, Apr 03, 2008 at 11:25:32AM +0200, [EMAIL PROTECTED] wrote: I would like to know the meaning of the number 648 in string make_connection_snum and the number 836 in the service.c:close_cnum. Those are line numbers in the source code. Volker pgpUl1n15sz0X.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbpasswd help101
Hi Cao, Minh, *, Cao, Minh schrieb: Hi, I am using samba 3 came with redhat 5.1 , samba-3.0.25b-0.el5.4 Please help to answer these questions 1/ How can I can smb.conf to use /etc/samba/smbpasswd file ? 2/ What is the default 'security' on samba 3 user ? 3/ Does the lines start with a ; (semi-colo) are default configuration ? example ; security = user The answers You will get calling man smb.conf on Your shell prompt This email contains confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. really?? Then a public mailing list might not be a good place for it. :o)) -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] what is the meaning of number in make_connection_snum() ?
I would like to know the meaning of the number 648 in string make_connection_snum and the number 836 in the service.c:close_cnum. Many thanks. [2008/04/02 18:13:31, 1] smbd/service.c:close_cnum(836) 192.168.16.51 (192.168.16.51) closed connection to service storage [2008/04/03 08:44:14, 1] smbd/service.c:make_connection_snum(648) 192.168.16.51 (192.168.16.51) connect to service storage initially as user tomcat (uid=500, gid=500) (pid 25534) Antonino Sanacori -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Facing the problem while cloning the samba repository
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Koti Gaddam wrote: | Hi, | |I am trying to clone the samba repository using git and I get the | following error. | | $ git-clone git://git.samba.org/samba.git samba | Initialized empty Git repository in /data/koteswar/samba/.git/ | git.samba.org[0: 131.204.22.100]: errno=Connection refused | fatal: unable to connect a socket (Connection refused) | fetch-pack from 'git://git.samba.org/samba.git' failed. | | Can you please help me out what is causing the error...? I'm not having any problems with it. Just cloned the samba repo without any failures. Are you still having problems? What version of git are you using? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH9MwbIR7qMdg1EfYRArE0AKDnkrO7GUs83WkLP7jveUOJoz2jOgCgg4sY Q58ylEgMtustw+g8P6pPSF4= =gd0K -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] workgroup questions
Hi, I was wondering what does the following do if only using workgroups, not PDC? domain logons = yes Also, does the LDAP attribute SambaGroupType matter in this case? I am using LDAP as the backend. Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] issue with 3.0.28a
greetings folks, i just upgraded to 3.0.28a on a secondary server (not live) and am now unable to connect to my trusted domain. here's the setup: NT4 PDC/BDC for my domain my domain trusts a central domain for the accounts the central domain is running AD in mixed mode my samba servers are members of my domain and use winbind after getting my daemons running, i check with winbind. - wbinfo -g does not return any groups from the central domain - wbinfo --sequence shows that i am disconnected from the central domain everything works as it should when i revert to 3.0.28 any ideas? regards, franz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] issue with 3.0.28a
On Thu, Apr 03, 2008 at 02:46:45PM +0200, Franz Strebel wrote: greetings folks, i just upgraded to 3.0.28a on a secondary server (not live) and am now unable to connect to my trusted domain. here's the setup: We have some known issues with trusts in 3.0.28a. We're working on it, very likely we will see a 3.0.28b. Sorry, Volker pgpauYO6GozwC.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] issue with 3.0.28a
Hello Volker, Thanks for your message. No worries, that's what testing is for before going live. :) Thanks for all the great work the Samba team are doing. Regards, Franz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba users as local workstation admins?
Hi All, We have a problem, which is that several of our users are local admins on their own workstations. We'd like to let them retain these rights, but we're switching to a PDC. Is there a way to have them authenticate to the domain, and as a regular user, but on the Windows workstation have full control? What's the best solution for this? I obviously don't want to make them domain Admins. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba users as local workstation admins?
After you set up those users on the PDC, you should be able to add them to the Administrators group on the Windows workstation. I have done that with a few users and it is working properly as far as I can tell. The important thing is that you must add the DOMAIN user to the Administrators group, not the current local user. Hope this helps! Bob We have a problem, which is that several of our users are local admins on their own workstations. We'd like to let them retain these rights, but we're switching to a PDC. Is there a way to have them authenticate to the domain, and as a regular user, but on the Windows workstation have full control? What's the best solution for this? I obviously don't want to make them domain Admins. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Vista, %H, booting up
I have a RHEL 5 server using Samba (but not Winbind, reporting the version as 3.0.25b-1.el5_1.4) serving profiles via: [profile] comment = Profile directory - special share invalid users = nobody browseable = yes guest ok = no read only = no force directory mode = 0700 csc policy = disable force create mode = 0600 create mask = 0600 directory mask = 0700 locking = no profile acls = yes path = %H/profile Vista workstations can map the share *after* they are fully logged in. However, during the login process, normal logging reports: [2008/04/03 06:51:26, 0] smbd/service.c:make_connection(1191) c-vista (131.247.112.205) couldn't find service profile.v2 [2008/04/03 06:51:27, 0] smbd/service.c:make_connection(1191) c-vista (131.247.112.205) couldn't find service profile.v2 And the station reports that the profile was not loaded. The Windows error log on the client reports something along the lines of file not found. If you'd like to see additional logging, let me know. XP workstations have no problem getting profiles, nor does the Vista station have any problems (now, after forcing NTLMv2 and switching to ADS security from Domain - I had had problems getting ADS to work originally) mapping shares once it's up and running. Just hoping someone has a quick add this line to the share config suggestion. Winbind is not used on this station for legacy reasons - and because (though I haven't seen it recently) Winbind used to occasionally lose its mappings and give everyone new IDs. Thanks! Eric Stewart Network Administrator, Tampa Library University of South Florida Email: [EMAIL PROTECTED] http://www.lib.usf.edu/ http://www.lib.usf.edu/ SCUBA Diving since 1999 - http://ericdives.com/ http://ericdives.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba users as local workstation admins?
On Thursday 03 April 2008 15:13, Christopher Perry wrote: We have a problem, which is that several of our users are local admins on their own workstations. We'd like to let them retain these rights, but we're switching to a PDC. Is there a way to have them authenticate to the domain, and as a regular user, but on the Windows workstation have full control? What's the best solution for this? I obviously don't want to make them domain Admins. we had the same requirement and just locally added Domain Users to the local Administrators group on all clients. hth :) -- best rgds, armin walland focus market research IT :: development, administration http://www.focusmr.com maculangasse 8 1220 wien please try not to send me HTML emails! pgpYHmz77UmD9.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba users as local workstation admins?
On 4/3/2008 9:19 AM, armin walland wrote: On Thursday 03 April 2008 15:13, Christopher Perry wrote: We have a problem, which is that several of our users are local admins on their own workstations. We'd like to let them retain these rights, but we're switching to a PDC. Is there a way to have them authenticate to the domain, and as a regular user, but on the Windows workstation have full control? What's the best solution for this? I obviously don't want to make them domain Admins. we had the same requirement and just locally added Domain Users to the local Administrators group on all clients. Gack! I created a new group 'Local Admins', and only added *that* group to the local 'Administrators' group on each workstation... Most people not only don't *need* local admin privs, most people *should* *not* have local admin privs... I do add the 'Domain Users' group to the local 'Power Users' group though, which is almost as bad, but some of our apps just won't work right without Power User privs... :( -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] list all samba accounts
Hi, Is there a way to list all the samba accounts from the backend ? Thanks Minh This email contains confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] list all samba accounts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 man pdbedit -- I suspect it's in there somewhere. Cao, Minh wrote: Hi, Is there a way to list all the samba accounts from the backend ? Thanks Minh This email contains confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH9Q1Nmb+gadEcsb4RAgyBAKCQyT/qc9HDAdUXfFCob2RxePChzQCgpBVi n8O4fGjVxxzjm/qTl4xncC8= =F4/U -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] list all samba accounts
Thank you ! I found it ... pdbedit -L -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Novosielski Sent: Thursday, April 03, 2008 10:01 AM To: samba@lists.samba.org Subject: Re: [Samba] list all samba accounts -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 man pdbedit -- I suspect it's in there somewhere. Cao, Minh wrote: Hi, Is there a way to list all the samba accounts from the backend ? Thanks Minh This email contains confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH9Q1Nmb+gadEcsb4RAgyBAKCQyT/qc9HDAdUXfFCob2RxePChzQCgpBVi n8O4fGjVxxzjm/qTl4xncC8= =F4/U -END PGP SIGNATURE- This email contains confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Strong(er) authentication required when joining Active Directory (Samba 3.0.28)
Problem solved. The AD admin turned off server signing and samba is able to join the domain. -Original Message- From: Naadir Jeewa Sent: 01 April 2008 16:07 To: 'samba@lists.samba.org' Subject: Strong(er) authentication required when joining Active Directory (Samba 3.0.28) Hello all, I'm having problems getting Samba to join a Windows AD. I am delegated OU admin, and have no direct access to the domain controller. We have 3 DCs in one domain where my OU exists. The users I wish to authenticate are in a different domain. I have set up Kerberos and can receive tickets correctly. I run net -d 4 ads join createcomputer=[Delegated OU] -U [account with join permissions] After filling in a password, I get the following: [2008/04/01 16:06:01, 4] libsmb/namequery_dc.c:ads_dc_name(139) ads_dc_name: using server= dc_server' IP=dc_ip ccspmed's password: [2008/04/01 16:06:03, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: , * [2008/04/01 16:06:03, 4] libsmb/namequery.c:get_dc_list(1599) get_dc_list: returning 3 ip addresses in an ordered list [2008/04/01 16:06:03, 4] libsmb/namequery.c:get_dc_list(1600) get_dc_list: 10.10.250.17:389 10.10.250.3:389 10.10.250.1:389 [2008/04/01 16:06:03, 3] libads/ldap.c:ads_connect(394) Connected to LDAP server 10.10.250.17 [2008/04/01 16:06:03, 4] libads/ldap.c:ads_current_time(2414) time offset is -5 seconds [2008/04/01 16:06:03, 4] libads/sasl.c:ads_sasl_bind(521) Found SASL mechanism GSS-SPNEGO [2008/04/01 16:06:03, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/04/01 16:06:03, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/04/01 16:06:03, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/04/01 16:06:03, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/04/01 16:06:03, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = dc_server [2008/04/01 16:06:03, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2008/04/01 16:06:03, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Wed, 02 Apr 2008 02:05:58 BST [2008/04/01 16:06:03, 1] utils/net_ads.c:net_ads_join(1470) error on ads_startup: Strong(er) authentication required Failed to join domain: Strong(er) authentication required [2008/04/01 16:06:03, 2] utils/net.c:main(1036) return code = -1 Any help appreciated. Yours, Naadir Jeewa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind ignores idmap configuration (3.0.28a)
Hullo, After having my Samba server joined to a domain, I'm now having difficulties configuring winbind. I want to use the idmap_rid backend, and have recompiled Samba from scratch with the requisite rid.so module. However, no matter how idmap domains / idmap config is set up, it seems to get totally ignored. Here is my smb.conf: [global] workgroup = DEPARTMENTDOMAIN server string = NAS Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 security = ads realm = DEPARTMENTDOMAIN use kerberos keytab = true load printers = no local master = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 445 disable netbios = yes idmap domains = ORGUSERDOMAIN # Winbind RID idmap config ORGUSERDOMAIN: backend = rid idmap config ORGUSERDOMAIN: base_rid = 1000 idmap config ORGUSERDOMAIN: range = 1-2 Here is output from winbind: [ 7677]: lookupsid bleh get_cache: Setting MS-RPC methods for domain ORGUSERDOMAIN rpc: query_user sid=bleh error getting user info for sid bleh query_user returned an error Could not query domain ORGUSERDOMAIN SID bleh Thanks in advance, Naadir Jeewa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind ignores idmap configuration (3.0.28a)
No joy. Still seems to look in AD for a uid instead of calculating using rid. Naadir -Original Message- From: Justin Payne [mailto:[EMAIL PROTECTED] Sent: 03 April 2008 20:31 To: Naadir Jeewa Cc: samba@lists.samba.org Subject: Re: [Samba] Winbind ignores idmap configuration (3.0.28a) Naadir Jeewa wrote: Hullo, After having my Samba server joined to a domain, I'm now having difficulties configuring winbind. I want to use the idmap_rid backend, and have recompiled Samba from scratch with the requisite rid.so module. However, no matter how idmap domains / idmap config is set up, it seems to get totally ignored. Here is my smb.conf: [global] workgroup = DEPARTMENTDOMAIN server string = NAS Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 security = ads realm = DEPARTMENTDOMAIN use kerberos keytab = true load printers = no local master = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 445 disable netbios = yes idmap domains = ORGUSERDOMAIN # Winbind RID idmap config ORGUSERDOMAIN: backend = rid idmap config ORGUSERDOMAIN: base_rid = 1000 idmap config ORGUSERDOMAIN: range = 1-2 Here is output from winbind: [ 7677]: lookupsid bleh get_cache: Setting MS-RPC methods for domain ORGUSERDOMAIN rpc: query_user sid=bleh error getting user info for sid bleh query_user returned an error Could not query domain ORGUSERDOMAIN SID bleh Thanks in advance, Naadir Jeewa Try setting your base_rid to 513. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind ignores idmap configuration (3.0.28a)
Naadir Jeewa wrote: Hullo, After having my Samba server joined to a domain, I'm now having difficulties configuring winbind. I want to use the idmap_rid backend, and have recompiled Samba from scratch with the requisite rid.so module. However, no matter how idmap domains / idmap config is set up, it seems to get totally ignored. Here is my smb.conf: [global] workgroup = DEPARTMENTDOMAIN server string = NAS Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 security = ads realm = DEPARTMENTDOMAIN use kerberos keytab = true load printers = no local master = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 445 disable netbios = yes idmap domains = ORGUSERDOMAIN # Winbind RID idmap config ORGUSERDOMAIN: backend = rid idmap config ORGUSERDOMAIN: base_rid = 1000 idmap config ORGUSERDOMAIN: range = 1-2 Here is output from winbind: [ 7677]: lookupsid bleh get_cache: Setting MS-RPC methods for domain ORGUSERDOMAIN rpc: query_user sid=bleh error getting user info for sid bleh query_user returned an error Could not query domain ORGUSERDOMAIN SID bleh Thanks in advance, Naadir Jeewa Try setting your base_rid to 513. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind ignores idmap configuration (3.0.28a)
Naadir Jeewa wrote: No joy. Still seems to look in AD for a uid instead of calculating using rid. Naadir Does adding the following help idmap backend = rid -Original Message- From: Justin Payne [mailto:[EMAIL PROTECTED] Sent: 03 April 2008 20:31 To: Naadir Jeewa Cc: samba@lists.samba.org Subject: Re: [Samba] Winbind ignores idmap configuration (3.0.28a) Naadir Jeewa wrote: Hullo, After having my Samba server joined to a domain, I'm now having difficulties configuring winbind. I want to use the idmap_rid backend, and have recompiled Samba from scratch with the requisite rid.so module. However, no matter how idmap domains / idmap config is set up, it seems to get totally ignored. Here is my smb.conf: [global] workgroup = DEPARTMENTDOMAIN server string = NAS Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 security = ads realm = DEPARTMENTDOMAIN use kerberos keytab = true load printers = no local master = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 445 disable netbios = yes idmap domains = ORGUSERDOMAIN # Winbind RID idmap config ORGUSERDOMAIN: backend = rid idmap config ORGUSERDOMAIN: base_rid = 1000 idmap config ORGUSERDOMAIN: range = 1-2 Here is output from winbind: [ 7677]: lookupsid bleh get_cache: Setting MS-RPC methods for domain ORGUSERDOMAIN rpc: query_user sid=bleh error getting user info for sid bleh query_user returned an error Could not query domain ORGUSERDOMAIN SID bleh Thanks in advance, Naadir Jeewa Try setting your base_rid to 513. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba authentication to Kerberos via OpenLDAP, third and last try
On Thu, Apr 03, 2008 at 01:34:30PM -0700, Wes Modes wrote: The question and the challenge: Any leads on how I might convince Samba to pass the input password on to OpenLDAP so that OpenLDAP can authenticate it against Kerberos? The only chance is that you modify each client's registry to send plain text passwords to the server over the network, downgrading your security to what telnet provided ages ago. You can guess that this is ABSOLUTELY NOT recommended. If you go with standard Windows authentication schemes, the SMB server never sees the user's plain text password which would be required to authenticate against Kerberos. Volker pgpSq2xFwlWvo.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba authentication to Kerberos via OpenLDAP, third and last try
So far answers I've received on this list have been inconsistent at best and downright inaccurate at worst. I'm going to try one more time and see if, at the very least, someone can give me a lead. I ask you to consider what I'm asking remotely possible, and then seek a solution. (Particularly before one blasts off an ill-thought out message that says simple, Can't be done, simple because you've never done it or haven't heard of it being done.) So consider this a challenge or a riddle. 1. I have an OpenLDAP directory server that I am using for user and group information. I would like to use it also to authenticate against. This way, whatever I hook up to it (Samba, webstuff, PHP apps, CMS) can both authenticate and authorize from one source. 2. There is a separate Kerberos server that has users' campus-wide passwords. I have access to it, but do not control it. 3. I have a separate linux file server running Samba. PCs and Macs will connect to it. I know I can do Kerberos authentication directly from Samba, but I'd prefer OpenLDAP do the Kerberos connection. Here's why: a) I can solve the problem once, rather than have to work out BOTH LDAP and Kerberos connections for every new authenticated service I add, and b) LDAP hooks are more common than Kerberos hooks for other services for which I will eventually want authentication and authroization. And yes, I know it breaks the Kerberos model. The question and the challenge: Any leads on how I might convince Samba to pass the input password on to OpenLDAP so that OpenLDAP can authenticate it against Kerberos? Wes -- Wes Modes Server Administrator Programmer Analyst McHenry Library Computing Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind ignores idmap configuration (3.0.28a)
Ok, That didn't work either. I did however change the config to idmap DOMAIN:default=yes and got it to work for the briefest of moments. So, it appears that the underlying fault is that the DC cannot be found for the user. If server signing requirements were turned off for the domain that the server had joined to, does the same setting need to be changed on DCs on the domains to which the user will be authenticating? Naadir -Original Message- From: Justin Payne [mailto:[EMAIL PROTECTED] Sent: 03 April 2008 21:15 To: Naadir Jeewa Cc: samba@lists.samba.org Subject: Re: [Samba] Winbind ignores idmap configuration (3.0.28a) Naadir Jeewa wrote: No joy. Still seems to look in AD for a uid instead of calculating using rid. Naadir Does adding the following help idmap backend = rid -Original Message- From: Justin Payne [mailto:[EMAIL PROTECTED] Sent: 03 April 2008 20:31 To: Naadir Jeewa Cc: samba@lists.samba.org Subject: Re: [Samba] Winbind ignores idmap configuration (3.0.28a) Naadir Jeewa wrote: Hullo, After having my Samba server joined to a domain, I'm now having difficulties configuring winbind. I want to use the idmap_rid backend, and have recompiled Samba from scratch with the requisite rid.so module. However, no matter how idmap domains / idmap config is set up, it seems to get totally ignored. Here is my smb.conf: [global] workgroup = DEPARTMENTDOMAIN server string = NAS Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 security = ads realm = DEPARTMENTDOMAIN use kerberos keytab = true load printers = no local master = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 445 disable netbios = yes idmap domains = ORGUSERDOMAIN # Winbind RID idmap config ORGUSERDOMAIN: backend = rid idmap config ORGUSERDOMAIN: base_rid = 1000 idmap config ORGUSERDOMAIN: range = 1-2 Here is output from winbind: [ 7677]: lookupsid bleh get_cache: Setting MS-RPC methods for domain ORGUSERDOMAIN rpc: query_user sid=bleh error getting user info for sid bleh query_user returned an error Could not query domain ORGUSERDOMAIN SID bleh Thanks in advance, Naadir Jeewa Try setting your base_rid to 513. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba authentication to Kerberos via OpenLDAP, third and last try
On Thu, Apr 03, 2008 at 02:00:36PM -0700, Wes Modes wrote: It is already moderately-well documented how to connect Samba up to use Kerberos authentication. And my guess is that the Kerberos model would not allow passwords to be sent plaintext. More likely an encrypted hash gets passed? I don't know the precise mechanism, but would like to. http://davenport.sourceforge.net/ntlm.html Enjoy. Volker pgpHv41tjZXZt.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba authentication to Kerberos via OpenLDAP, third and last try
Volker Lendecke wrote: On Thu, Apr 03, 2008 at 01:34:30PM -0700, Wes Modes wrote: The question and the challenge: Any leads on how I might convince Samba to pass the input password on to OpenLDAP so that OpenLDAP can authenticate it against Kerberos? The only chance is that you modify each client's registry to send plain text passwords to the server over the network, downgrading your security to what telnet provided ages ago. You can guess that this is ABSOLUTELY NOT recommended. If you go with standard Windows authentication schemes, the SMB server never sees the user's plain text password which would be required to authenticate against Kerberos. Volker Yeah, I'm not so keen on sending plaintext passwords anywhere. It is already moderately-well documented how to connect Samba up to use Kerberos authentication. And my guess is that the Kerberos model would not allow passwords to be sent plaintext. More likely an encrypted hash gets passed? I don't know the precise mechanism, but would like to. But beyond that, how could one use Samba to pass that encrypted password to LDAP to pass on to Kerberos to authenticate? W. -- Wes Modes Server Administrator Programmer Analyst McHenry Library Computing Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind ignores idmap configuration (3.0.28a)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Naadir Jeewa wrote: | Hullo, | | After having my Samba server joined to a domain, I'm now having | difficulties configuring winbind. I want to use the idmap_rid backend, | and have recompiled Samba from scratch with the requisite rid.so module. | | However, no matter how idmap domains / idmap config is set up, it | seems to get totally ignored. Here is my smb.conf: | | [global] | | workgroup = DEPARTMENTDOMAIN | | server string = NAS Samba Server Version %v | | log file = /var/log/samba/log.%m | max log size = 50 | | security = ads | realm = DEPARTMENTDOMAIN Unless you munged this for the list, it should be the REALM which is (at least in windows) usually the DNS domain. If you set it to the workgroup name, that would be a reason it can't find the DC. Regards, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFH9VX7FqWysr/jOHMRAt0qAJ9JXPCuyhblrhzcgGnCP6L4NSlNCQCffbMm +1gShQrurnUegKX7gZ25N9U= =97G2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple IP addresses
Robert Pollard wrote: Hi, I have been trying to connect to Samba over the Internet as I have static IP that is publicly available for connection. I can use this IP to connect to our Intranet web site but Samba doesn't work correctly when trying to connect to it from outside. Our internal network addresses work fine. Even a VPN connection, which gets our internal address scheme works. But, when trying to use the publicly available IP address to connect to Samba it can't find it. Is there something I have to do other than tell it to use an alternate interface to make the Samba services available over the Internet with a different IP? Thanks! Do you have a wireshark sniff? It could be a number of things. Are your firewalls configured properly with your routing table? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple IP addresses
Hi, I have been trying to connect to Samba over the Internet as I have static IP that is publicly available for connection. I can use this IP to connect to our Intranet web site but Samba doesn't work correctly when trying to connect to it from outside. Our internal network addresses work fine. Even a VPN connection, which gets our internal address scheme works. But, when trying to use the publicly available IP address to connect to Samba it can't find it. Is there something I have to do other than tell it to use an alternate interface to make the Samba services available over the Internet with a different IP? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple IP addresses
I have been trying to connect to Samba over the Internet as I have static IP that is publicly available for connection. I can use this IP to connect to our Intranet web site but Samba doesn't work correctly when trying to connect to it from outside. Our internal network addresses work fine. Even a VPN connection, which gets our internal address scheme works. But, when trying to use the publicly available IP address to connect to Samba it can't find it. There are likely a couple things preventing access: 1. Did you open the Samba ports on your firewall? Most firewalls have these ports closed by default. 2. Hosts allow/Hosts deny parameter. Is this set so that Samba will actually respond to the subnet that you are trying to access Samba from? IMO, opening Samba up to the internet is an inherently bad thing to do and something that very rarely really needs to be done. Instead, you should look at an ssh tunnel or an IPSec VPN. I use IPsec VPN routers to connect my two offices, which are both on different subnets and in different Citys. The routers I used are fairly inexpensive, but work wonderfully and are very easy to setup: http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS114.aspx Greg --- Greg J. Zartman, P.E. President, Principal Engineer LEI Engineering Surveying 2468 West 11th Avenue Eugene, Oregon 97402 Voice 541-683-8383Fax 541-683-8144 www.leiinc.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.22 - net setlocalsid with no effect
Hi Doug, *, again for whatever reason the listmail did not arrive in my mailbox. The private copy did! Hmmm. Doug VanLeuven schrieb: Friedrich Strohmaier wrote: Douglas VanLeuven schrieb: [..] I can't tell what you're trying to do from what you've described. It looks like you set the local machine sid and it worked. It was the SID of the machine acting as PDC .. [..] root# net setlocalsid SID_WANTED root# root# net getlocalsid SID for domain DOMAIN is: SID_WANTED here I read wrong: DOMAIN was'nt the Name of the domain but the pdc's hostname (and netbios name). Might try ~ net rpc getsid Which is supposed to fetch the domain sid into the local secrets.tdb Tried this but it fetched SID_NOT_WANTED into secrets.tdb I've never used these commands. I've always viewed them as either useful for recovery from crash without backup, or setting the SID of a backup samba PDC. Exactly what I want to do.. For a workstation, even if you manage to get the SID's to agree with a prior install, the machine password on the PDC and on the workstation wouldn't agree. If it's new workstation name, there won't be an account for the workstation on the PDC. Oh, aparently I did not explain well the configuration. All workstations are Win2k boxes. The one I tried to login with is one of about twenty waiting for the day they meet again a well prepaired samba PDC offering a domain with the same (SID) as it's father(+) did. All of them hold meanwhile locally one or more daily updated profiles which will be lost, if I don't succeed. Why not simply ~ net rpc join Join the PDC to the new domain with old name? and allow the normal mechanisms to work? Accidently two workstations where joined to the new domain (with old name) wich caused unwanted results. I called paid support which mentioned command net setdomainsid which sounds good. I got net getdomainsid to work which shows the difference between pdc's machine SID and domain's SID. Both commands aren't listed in man net of samba 3.0.22 and the first one is not recognized. :o(( I'll report further. Your help is highly apreciated. -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdb already open
[2008/04/04 10:03:08, 1] lib/util_tdb.c:tdb_log(664) tdb(unnamed): tdb_open_ex: /home/samba/samba3/var/locks/unexpected.tdb (35651598,532262) is already open in this process I did a google around for this log, and apparently it's been a don't worry about it issue for at least 4 years now. Maybe I'm old fashioned, but surely this is something that should have been tidied up in one of the myriad releases since? My logs are getting mighty full of what apparently is an unimportant message. Daniel Albers and Jancio Wodnik also posted about this (Thu, 17 Jan 2008 16:04:47 -0800) asking for a way to suppress this message, and got no response. -- Curtis Maloney [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain logons w/ LDAP backend
Hi, I have multiple Samba servers working very well using the tdbsam backend. The number of servers is becoming harder to manage now so I began testing an LDAP-based Samba server. Everything works great except when a workstation tries to login to the domain... All users are able to login just fine when accessing network shares. Workstation are able to join the domain. But upon reboot, they're not able to login to the domain. Here's what I'm using: CentOS 4 Samba 3.0.10 OpenLDAP 2.2.13 smbldap-tools-0.9.4 Windows XP Pro The error message I get on the client is: Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found. This happens on every computer. My server logs are filled with these messages: [2008/04/01 13:48:22, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected I've been trying to find a solution to this for (literally) months. I really, really, really need to get this working--I currently have four office that need to be connected under the same Samba domain, the all already have Samba servers installed but under different domains. And we're gearing up for another growth spurt in the next six to twelve months that will add to this number, which makes it even that more important. Any advice or pointers for resolving this will be very much appreciated! ~Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain logons w/ LDAP backend
On Thu, Apr 3, 2008 at 8:28 PM, Tom Smith [EMAIL PROTECTED] wrote: Hi, I have multiple Samba servers working very well using the tdbsam backend. The number of servers is becoming harder to manage now so I began testing an LDAP-based Samba server. Everything works great except when a workstation tries to login to the domain... All users are able to login just fine when accessing network shares. Workstation are able to join the domain. But upon reboot, they're not able to login to the domain. Here's what I'm using: CentOS 4 Samba 3.0.10 OpenLDAP 2.2.13 smbldap-tools-0.9.4 Windows XP Pro The error message I get on the client is: Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found. This happens on every computer. My server logs are filled with these messages: [2008/04/01 13:48:22, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected I've been trying to find a solution to this for (literally) months. I really, really, really need to get this working--I currently have four office that need to be connected under the same Samba domain, the all already have Samba servers installed but under different domains. And we're gearing up for another growth spurt in the next six to twelve months that will add to this number, which makes it even that more important. Any advice or pointers for resolving this will be very much appreciated! Can you please update your samba? That version is 3 years old. The current samba is 3.0.28a. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] UNNAMED PROJECT - branch master updated - 401fb01f8cb06886e2c5c277a9a70512a9b68579
The branch, master has been updated
via 401fb01f8cb06886e2c5c277a9a70512a9b68579 (commit)
from 10e585413c217d9b9c32ff3d2fb3d8f24183c458 (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit 401fb01f8cb06886e2c5c277a9a70512a9b68579
Author: Ronnie Sahlberg [EMAIL PROTECTED]
Date: Thu Apr 3 17:07:00 2008 +1100
add a ctdb command to print the ctdb version
---
Summary of changes:
packaging/RPM/ctdb.spec |2 +-
tools/ctdb.c| 13 +
2 files changed, 14 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/packaging/RPM/ctdb.spec b/packaging/RPM/ctdb.spec
index d51f170..991c6fc 100644
--- a/packaging/RPM/ctdb.spec
+++ b/packaging/RPM/ctdb.spec
@@ -39,7 +39,7 @@ CC=gcc
## always run autogen.sh
./autogen.sh
-CFLAGS=$RPM_OPT_FLAGS $EXTRA -O0 -D_GNU_SOURCE ./configure \
+CFLAGS=$RPM_OPT_FLAGS $EXTRA -O0 -D_GNU_SOURCE
-DCTDB_VERS=\%{version}-%{release}\ ./configure \
--prefix=%{_prefix} \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
diff --git a/tools/ctdb.c b/tools/ctdb.c
index 397e67a..94e681f 100644
--- a/tools/ctdb.c
+++ b/tools/ctdb.c
@@ -40,6 +40,16 @@ static struct {
#define TIMELIMIT() timeval_current_ofs(options.timelimit, 0)
+#ifdef CTDB_VERS
+static int control_version(struct ctdb_context *ctdb, int argc, const char
**argv)
+{
+#define STR(x) #x
+#define XSTR(x) STR(x)
+ printf(CTDB version: %s\n, XSTR(CTDB_VERS));
+ return 0;
+}
+#endif
+
/*
see if a process exists
*/
@@ -1561,6 +1571,9 @@ static const struct {
const char *msg;
const char *args;
} ctdb_commands[] = {
+#ifdef CTDB_VERS
+ { version, control_version, true, show version of
ctdb },
+#endif
{ status, control_status,true, show node
status },
{ uptime, control_uptime,true, show node
uptime },
{ ping,control_ping, true, ping all nodes
},
--
UNNAMED PROJECT
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0pre2-402-gf9cb81c
The branch, v3-2-stable has been updated
via f9cb81c1615d5cc34981dc3b483bbf6f36847a41 (commit)
via ec2928e65e0053c188a68b665a01fbc130a35a9e (commit)
via 856c6b41de4a3ae4fa9dcb2ba54f7916586f986b (commit)
via 69e1f41228b59e8c31d3da7ea5c285dae6cf7387 (commit)
via 2d186f175ed4a0942145f2c97557b17f15e95ce2 (commit)
via 0fb5b3282d50520f857f584126a33acbf866b774 (commit)
via 4b40a23233a745ea80246d896d408f1e947995aa (commit)
via 87ed31c9c67c2d2a9dcc84fda17cfc048778803d (commit)
from 2ba0037a3bb1e0692e5c35b11dd632590735d869 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -
commit f9cb81c1615d5cc34981dc3b483bbf6f36847a41
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Tue Apr 1 12:29:12 2008 +0200
smbd: ignore nttrans renames as w2k3 does
This lets us pass the RAW-RENAME test.
metze
Signed-off-by: Michael Adam [EMAIL PROTECTED]
(cherry picked from commit 2d50a1fef022023588e9963131951f8f3e4c7c23)
commit ec2928e65e0053c188a68b665a01fbc130a35a9e
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Tue Apr 1 18:18:38 2008 +0200
smbd: always close the base_fsp even if the real close returned an error
Otherwise we may end up with share mode entry without an open file.
Volker, Jeremy: please check...
metze
(cherry picked from commit 547eacf6058d2bc5b41b266b70f8f4747aca4eae)
commit 856c6b41de4a3ae4fa9dcb2ba54f7916586f986b
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Mon Mar 31 17:01:27 2008 -0700
Ok, final move of this code :-). I think I've found the correct
place for it now where it will cause minimal disruption (only
call the extra message_dispatch just before reading the next
smb off the wire).
Jeremy.
(cherry picked from commit da2c19c481d0041872b4ce2f5105052077f3d3b8)
commit 69e1f41228b59e8c31d3da7ea5c285dae6cf7387
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Mon Mar 31 16:56:21 2008 -0700
Move the message_dispatch() call after the check for errno on
the select return. We don't want the call to message_dispatch
to mess up the errno value.
Jeremy.
(cherry picked from commit 26a74d01bb2b53ffa5d296ff1c7d8b2b0d17831a)
commit 2d186f175ed4a0942145f2c97557b17f15e95ce2
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Tue Mar 11 15:26:02 2008 -0700
Using Metze's S4 nttrans rename test, the nttrans rename
behaves the same as the trans2 one.
Jeremy.
(cherry picked from commit c4fa4917dad97c5047f7336c6675739b44da256b)
commit 0fb5b3282d50520f857f584126a33acbf866b774
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Mon Mar 31 16:46:20 2008 -0700
Reduce the race condition in Samba4 in RAW-RENAME test. We rename a file
using trans2 setfileinfo on one connection, and then check the
file name has changed on the other. In Samba we achieve this by
sending a local message to the other process. This change causes
us to re-scan for incoming messages after we've woken up from the
select (which is cheap if there are no pending messages). This reduces
the race significantly. Volker please review.
Jeremy.
(cherry picked from commit a7499e994aef743ea9c443f9a1618b262f6eda93)
commit 4b40a23233a745ea80246d896d408f1e947995aa
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Tue Mar 11 13:38:25 2008 -0700
Allow us to pass RAW-RENAME by testing that the connection struct
connection paths are equal, not just the conn structs themselves.
Jeremy.
(cherry picked from commit 632f3fe66fbcbe3cc25d070c3885177264f5ad65)
commit 87ed31c9c67c2d2a9dcc84fda17cfc048778803d
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Tue Mar 11 13:27:33 2008 -0700
Try and fix bug #5315, as well as S4 torture tests RAW-OPLOCK BATCH19,
BATCH20 and RAW-RENAME.
Jeremy.
(cherry picked from commit 9065792d4bc42522f12f9732de3c0ad82c72a2d3)
---
Summary of changes:
source/smbd/close.c |4
source/smbd/nttrans.c | 28
source/smbd/process.c | 13 +++--
source/smbd/reply.c | 17 +
source/smbd/trans2.c |3 ++-
5 files changed, 26 insertions(+), 39 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/smbd/close.c b/source/smbd/close.c
index 4bd23a3..b06c0d1 100644
--- a/source/smbd/close.c
+++ b/source/smbd/close.c
@@ -665,10 +665,6 @@ NTSTATUS close_file(files_struct *fsp, enum
file_close_type close_type)
status = close_normal_file(fsp, close_type);
}
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
if ((base_fsp != NULL) (close_type != SHUTDOWN_CLOSE)) {
/*
diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index 5293ca5..60e5464 100644
---
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-628-g118cf38
The branch, v3-2-test has been updated
via 118cf3813336122a060916848e37d2d5d25bff92 (commit)
via 2a8029985f9bde4da8ca20bc24d937150eab444c (commit)
from ea3cfadc2504c891b4784719bd8e6debcc38c879 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -
commit 118cf3813336122a060916848e37d2d5d25bff92
Author: Michael Adam [EMAIL PROTECTED]
Date: Thu Apr 3 15:29:25 2008 +0200
registry: remove parameter checks from smbconf backend: they are in
libsmbconf.
Michael
commit 2a8029985f9bde4da8ca20bc24d937150eab444c
Author: Michael Adam [EMAIL PROTECTED]
Date: Thu Apr 3 15:16:01 2008 +0200
libsmbconf: move initialization of registry value down after error checks.
Michael
---
Summary of changes:
source/lib/smbconf/smbconf_reg.c | 12 +-
source/registry/reg_backend_smbconf.c | 192 +
2 files changed, 7 insertions(+), 197 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/lib/smbconf/smbconf_reg.c b/source/lib/smbconf/smbconf_reg.c
index 77e6233..b40c37e 100644
--- a/source/lib/smbconf/smbconf_reg.c
+++ b/source/lib/smbconf/smbconf_reg.c
@@ -220,12 +220,6 @@ static WERROR smbconf_reg_set_value(struct registry_key
*key,
goto done;
}
- ZERO_STRUCT(val);
-
- val.type = REG_SZ;
- val.v.sz.str = CONST_DISCARD(char *, canon_valstr);
- val.v.sz.len = strlen(canon_valstr) + 1;
-
if (registry_smbconf_valname_forbidden(canon_valname)) {
DEBUG(5, (Parameter '%s' not allowed in registry.\n,
canon_valname));
@@ -251,6 +245,12 @@ static WERROR smbconf_reg_set_value(struct registry_key
*key,
goto done;
}
+ ZERO_STRUCT(val);
+
+ val.type = REG_SZ;
+ val.v.sz.str = CONST_DISCARD(char *, canon_valstr);
+ val.v.sz.len = strlen(canon_valstr) + 1;
+
werr = reg_setvalue(key, canon_valname, val);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(5, (Error adding value '%s' to
diff --git a/source/registry/reg_backend_smbconf.c
b/source/registry/reg_backend_smbconf.c
index a6e4782..2e4a5f1 100644
--- a/source/registry/reg_backend_smbconf.c
+++ b/source/registry/reg_backend_smbconf.c
@@ -40,199 +40,9 @@ static int smbconf_fetch_values( const char *key,
REGVAL_CTR *val )
return regdb_ops.fetch_values(key, val);
}
-static WERROR regval_hilvl_to_lolvl(TALLOC_CTX *mem_ctx, const char *valname,
- struct registry_value *src,
- REGISTRY_VALUE **dst)
-{
- WERROR err;
- DATA_BLOB value_data;
- REGISTRY_VALUE *newval = NULL;
-
- if (dst == NULL) {
- return WERR_INVALID_PARAM;
- }
-
- err = registry_push_value(mem_ctx, src, value_data);
- if (!W_ERROR_IS_OK(err)) {
- DEBUG(10, (error calling registry_push_value.\n));
- return err;
- }
-
- newval = regval_compose(mem_ctx, valname, src-type,
- (char *)value_data.data, value_data.length);
- if (newval == NULL) {
- DEBUG(10, (error composing registry value. (no memory?)\n));
- return WERR_NOMEM;
- }
-
- *dst = newval;
- return WERR_OK;
-}
-
-static WERROR regval_lolvl_to_hilvl(TALLOC_CTX *mem_ctx, REGISTRY_VALUE *src,
- struct registry_value **dst)
-{
- if (dst == NULL) {
- return WERR_INVALID_PARAM;
- }
-
- return registry_pull_value(mem_ctx, dst, regval_type(src),
- regval_data_p(src), regval_size(src),
- regval_size(src));
-}
-
-/*
- * Utility function used by smbconf_store_values to canonicalize
- * a registry value.
- * registry_pull_value / registry_push_value are used for (un)marshalling.
- */
-static REGISTRY_VALUE *smbconf_canonicalize_regval(TALLOC_CTX *mem_ctx,
- REGISTRY_VALUE *theval)
-{
- char *valstr;
- size_t len;
- const char *canon_valname;
- const char *canon_valstr;
- bool inverse;
- struct registry_value *value;
- WERROR err;
- TALLOC_CTX *tmp_ctx;
- REGISTRY_VALUE *newval = NULL;
-
- if (!lp_parameter_is_valid(regval_name(theval)) ||
- lp_parameter_is_canonical(regval_name(theval)))
- {
- return theval;
- }
-
- tmp_ctx = talloc_stackframe();
- if (tmp_ctx == NULL) {
- DEBUG(1, (out of memory...\n));
- goto done;
- }
-
- err = regval_lolvl_to_hilvl(tmp_ctx, theval, value);
- if (!W_ERROR_IS_OK(err)) {
- goto done;
- }
-
- /* we need the
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-632-g9d0e5a1
The branch, v3-2-test has been updated
via 9d0e5a13215d4904084e81fde6098c70ee4d4636 (commit)
via 046b26b763b16362dd662a77b2434641bf583bc2 (commit)
via b917be4986bd55aeffae03b08cf476ea6302fa26 (commit)
via ff4611832a0b498b83590279a7153e606a4720f5 (commit)
from 118cf3813336122a060916848e37d2d5d25bff92 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -
commit 9d0e5a13215d4904084e81fde6098c70ee4d4636
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Wed Apr 2 06:10:04 2008 +0200
wbinfo: use wbcLookupNames()
metze
commit 046b26b763b16362dd662a77b2434641bf583bc2
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Wed Apr 2 06:03:48 2008 +0200
wbinfo: use wbcLookupRids()
metze
commit b917be4986bd55aeffae03b08cf476ea6302fa26
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Wed Apr 2 05:26:36 2008 +0200
wbinfo: use wbcLookupSid()
metze
commit ff4611832a0b498b83590279a7153e606a4720f5
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Wed Apr 2 06:02:45 2008 +0200
wbinfo: catch NULL domain string as in other places
metze
---
Summary of changes:
source/nsswitch/wbinfo.c | 132 ++---
1 files changed, 76 insertions(+), 56 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/wbinfo.c b/source/nsswitch/wbinfo.c
index 6707f9d..d3988ca 100644
--- a/source/nsswitch/wbinfo.c
+++ b/source/nsswitch/wbinfo.c
@@ -508,7 +508,7 @@ static bool wbinfo_domain_info(const char *domain)
struct wbcDomainInfo *dinfo = NULL;
char *sid_str = NULL;
- if (strcmp(domain, .) == 0 || domain[0] == '\0') {
+ if ((domain == NULL) || (strequal(domain, .)) || (domain[0] == '\0'))
{
domain = get_winbind_domain();
}
@@ -773,73 +773,68 @@ static bool wbinfo_allocate_gid(void)
/* Convert sid to string */
-static bool wbinfo_lookupsid(char *sid)
+static bool wbinfo_lookupsid(const char *sid_str)
{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcDomainSid sid;
+ char *domain;
+ char *name;
+ enum wbcSidType type;
/* Send off request */
- fstrcpy(request.data.sid, sid);
+ wbc_status = wbcStringToSid(sid_str, sid);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ return false;
+ }
- if (winbindd_request_response(WINBINDD_LOOKUPSID, request, response)
!=
- NSS_STATUS_SUCCESS)
+ wbc_status = wbcLookupSid(sid, domain, name, type);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
return false;
+ }
/* Display response */
- d_printf(%s%c%s %d\n, response.data.name.dom_name,
-winbind_separator(), response.data.name.name,
-response.data.name.type);
+ d_printf(%s%c%s %d\n,
+domain, winbind_separator(), name, type);
return true;
}
/* Lookup a list of RIDs */
-static bool wbinfo_lookuprids(char *domain, char *arg)
+static bool wbinfo_lookuprids(const char *domain, const char *arg)
{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcDomainInfo *dinfo = NULL;
+ char *domain_name = NULL;
+ const char **names = NULL;
+ enum wbcSidType *types = NULL;
size_t i;
- DOM_SID sid;
int num_rids;
- uint32 *rids;
+ uint32 *rids = NULL;
const char *p;
char *ridstr;
- const char **names;
- enum lsa_SidType *types;
- const char *domain_name;
TALLOC_CTX *mem_ctx;
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
+ bool ret = false;
- if ((domain == NULL) || (strequal(domain, .)) || (domain[0] == '\0'))
- fstrcpy(request.domain_name, get_winbind_domain());
- else
- fstrcpy(request.domain_name, domain);
+ if ((domain == NULL) || (strequal(domain, .)) || (domain[0] == '\0'))
{
+ domain = get_winbind_domain();
+ }
/* Send request */
- if (winbindd_request_response(WINBINDD_DOMAIN_INFO, request,
response) !=
- NSS_STATUS_SUCCESS) {
- d_printf(Could not get domain sid for %s\n,
request.domain_name);
- return false;
- }
-
- if (!string_to_sid(sid, response.data.domain_info.sid)) {
- d_printf(Could not convert %s to sid\n,
response.data.domain_info.sid);
- return false;
+ wbc_status = wbcDomainInfo(domain, dinfo);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-636-gbf960f5
The branch, v3-2-test has been updated
via bf960f57e7adf09cdf096f2c72065ea1ff8b0daa (commit)
via d62676cf886d910334b3d6f7ce0147b75ef53aec (commit)
via fe8acb064433b286938e0b572ca1faa8a54414b7 (commit)
via ea2175ee0e6288ccb132e86b9dd0bf8a0e4169c9 (commit)
from 9d0e5a13215d4904084e81fde6098c70ee4d4636 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -
commit bf960f57e7adf09cdf096f2c72065ea1ff8b0daa
Author: Günther Deschner [EMAIL PROTECTED]
Date: Thu Apr 3 15:41:26 2008 +0200
Use pwb_context in pam_winbind.
Guenther
commit d62676cf886d910334b3d6f7ce0147b75ef53aec
Author: Günther Deschner [EMAIL PROTECTED]
Date: Thu Apr 3 13:23:34 2008 +0200
Add _pam_winbind_init/free_context.
Guenther
commit fe8acb064433b286938e0b572ca1faa8a54414b7
Author: Günther Deschner [EMAIL PROTECTED]
Date: Thu Apr 3 13:19:46 2008 +0200
Add pwb_context to pam_winbind.h.
Guenther
commit ea2175ee0e6288ccb132e86b9dd0bf8a0e4169c9
Author: Günther Deschner [EMAIL PROTECTED]
Date: Thu Apr 3 13:06:14 2008 +0200
Make more functions in pam_winbind static.
Guenther
---
Summary of changes:
source/nsswitch/pam_winbind.c | 781 -
source/nsswitch/pam_winbind.h |9 +
2 files changed, 395 insertions(+), 395 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index d2aea66..9a9bce7 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -12,18 +12,18 @@
#include pam_winbind.h
-#define _PAM_LOG_FUNCTION_ENTER(function, pamh, ctrl, flags) \
+#define _PAM_LOG_FUNCTION_ENTER(function, ctx) \
do { \
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, [pamh: %p] ENTER: \
- function (flags: 0x%04x), pamh, flags); \
- _pam_log_state(pamh, ctrl); \
+ _pam_log_debug(ctx, LOG_DEBUG, [pamh: %p] ENTER: \
+ function (flags: 0x%04x), ctx-pamh,
ctx-flags); \
+ _pam_log_state(ctx); \
} while (0)
-#define _PAM_LOG_FUNCTION_LEAVE(function, pamh, ctrl, retval) \
+#define _PAM_LOG_FUNCTION_LEAVE(function, ctx, retval) \
do { \
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, [pamh: %p] LEAVE: \
- function returning %d, pamh, retval); \
- _pam_log_state(pamh, ctrl); \
+ _pam_log_debug(ctx, LOG_DEBUG, [pamh: %p] LEAVE: \
+ function returning %d, ctx-pamh, retval); \
+ _pam_log_state(ctx); \
} while (0)
/* data tokens */
@@ -88,8 +88,21 @@ static bool _pam_log_is_silent(int ctrl)
return on(ctrl, WINBIND_SILENT);
}
-static void _pam_log(const pam_handle_t *pamh, int ctrl, int err, const char
*format, ...) PRINTF_ATTRIBUTE(4,5);
-static void _pam_log(const pam_handle_t *pamh, int ctrl, int err, const char
*format, ...)
+static void _pam_log(struct pwb_context *r, int err, const char *format, ...)
PRINTF_ATTRIBUTE(3,4);
+static void _pam_log(struct pwb_context *r, int err, const char *format, ...)
+{
+ va_list args;
+
+ if (_pam_log_is_silent(r-ctrl)) {
+ return;
+ }
+
+ va_start(args, format);
+ _pam_log_int(r-pamh, err, format, args);
+ va_end(args);
+}
+static void __pam_log(const pam_handle_t *pamh, int ctrl, int err, const char
*format, ...) PRINTF_ATTRIBUTE(4,5);
+static void __pam_log(const pam_handle_t *pamh, int ctrl, int err, const char
*format, ...)
{
va_list args;
@@ -128,8 +141,21 @@ static bool _pam_log_is_debug_state_enabled(int ctrl)
return _pam_log_is_debug_enabled(ctrl);
}
-static void _pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const
char *format, ...) PRINTF_ATTRIBUTE(4,5);
-static void _pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const
char *format, ...)
+static void _pam_log_debug(struct pwb_context *r, int err, const char *format,
...) PRINTF_ATTRIBUTE(3,4);
+static void _pam_log_debug(struct pwb_context *r, int err, const char *format,
...)
+{
+ va_list args;
+
+ if (!_pam_log_is_debug_enabled(r-ctrl)) {
+ return;
+ }
+
+ va_start(args, format);
+ _pam_log_int(r-pamh, err, format, args);
+ va_end(args);
+}
+static void __pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const
char *format, ...) PRINTF_ATTRIBUTE(4,5);
+static void __pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const
char *format, ...)
{
va_list args;
@@ -142,44 +168,43 @@ static void _pam_log_debug(const pam_handle_t *pamh, int
ctrl, int err, const ch
va_end(args);
}
-static void _pam_log_state_datum(const
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-637-g3709185
The branch, v3-2-test has been updated
via 37091859126167e84e55afe8a32025ac0f65065e (commit)
from bf960f57e7adf09cdf096f2c72065ea1ff8b0daa (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -
commit 37091859126167e84e55afe8a32025ac0f65065e
Author: Günther Deschner [EMAIL PROTECTED]
Date: Thu Apr 3 17:23:22 2008 +0200
Fix pam_winbind macros.
Guenther
---
Summary of changes:
source/nsswitch/pam_winbind.c |4 ++--
source/nsswitch/pam_winbind.h | 24
2 files changed, 14 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index 9a9bce7..47e0e3c 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -3,7 +3,7 @@
Copyright Andrew Tridgell [EMAIL PROTECTED] 2000
Copyright Tim Potter [EMAIL PROTECTED] 2000
Copyright Andrew Bartlett [EMAIL PROTECTED] 2002
- Copyright Guenther Deschner [EMAIL PROTECTED] 2005-2007
+ Copyright Guenther Deschner [EMAIL PROTECTED] 2005-2008
largely based on pam_userdb by Cristian Gafton [EMAIL PROTECTED] also
contains large slabs of code from pam_unix by Elliot Lee
@@ -2690,7 +2690,7 @@ struct pam_module _pam_winbind_modstruct = {
* Copyright (c) Andrew Tridgell [EMAIL PROTECTED] 2000
* Copyright (c) Tim Potter [EMAIL PROTECTED] 2000
* Copyright (c) Andrew Bartlettt [EMAIL PROTECTED] 2002
- * Copyright (c) Guenther Deschner [EMAIL PROTECTED] 2005-2007
+ * Copyright (c) Guenther Deschner [EMAIL PROTECTED] 2005-2008
* Copyright (c) Jan Rêkorajski 1999.
* Copyright (c) Andrew G. Morgan 1996-8.
* Copyright (c) Alex O. Yuriev, 1996.
diff --git a/source/nsswitch/pam_winbind.h b/source/nsswitch/pam_winbind.h
index 1725a89..be17a6f 100644
--- a/source/nsswitch/pam_winbind.h
+++ b/source/nsswitch/pam_winbind.h
@@ -122,14 +122,14 @@ do { \
#include winbind_client.h
-#define PAM_WB_REMARK_DIRECT(h,f,x)\
+#define PAM_WB_REMARK_DIRECT(c,x)\
{\
const char *error_string = NULL; \
error_string = _get_ntstatus_error_string(x);\
if (error_string != NULL) {\
- _make_remark(h, f, PAM_ERROR_MSG, error_string);\
+ _make_remark(c, PAM_ERROR_MSG, error_string);\
} else {\
- _make_remark(h, f, PAM_ERROR_MSG, x);\
+ _make_remark(c, PAM_ERROR_MSG, x);\
};\
};
@@ -145,37 +145,37 @@ do { \
return ret;\
};
-#define PAM_WB_REMARK_CHECK_RESPONSE(h,f,x,y)\
+#define PAM_WB_REMARK_CHECK_RESPONSE(c,x,y)\
{\
const char *ntstatus = x.data.auth.nt_status_string; \
const char *error_string = NULL; \
if (!strcasecmp(ntstatus,y)) {\
error_string = _get_ntstatus_error_string(y);\
if (error_string != NULL) {\
- _make_remark(h, f, PAM_ERROR_MSG, error_string);\
+ _make_remark(c, PAM_ERROR_MSG, error_string);\
};\
if (x.data.auth.error_string[0] != '\0') {\
- _make_remark(h, f, PAM_ERROR_MSG,
x.data.auth.error_string);\
+ _make_remark(c, PAM_ERROR_MSG,
x.data.auth.error_string);\
};\
- _make_remark(h, f, PAM_ERROR_MSG, y);\
+ _make_remark(c, PAM_ERROR_MSG, y);\
};\
};
-#define PAM_WB_REMARK_CHECK_RESPONSE_RET(h,f,x,y)\
+#define PAM_WB_REMARK_CHECK_RESPONSE_RET(c,x,y)\
{\
const char *ntstatus = x.data.auth.nt_status_string; \
const char *error_string = NULL; \
if (!strcasecmp(ntstatus,y)) {\
error_string = _get_ntstatus_error_string(y);\
if (error_string != NULL) {\
- _make_remark(h, f, PAM_ERROR_MSG, error_string);\
+ _make_remark(c, PAM_ERROR_MSG, error_string);\
return ret;\
};\
if (x.data.auth.error_string[0] != '\0') {\
- _make_remark(h, f, PAM_ERROR_MSG,
x.data.auth.error_string);\
+ _make_remark(c, PAM_ERROR_MSG,
x.data.auth.error_string);\
return ret;\
};\
- _make_remark(h, f, PAM_ERROR_MSG, y);\
+ _make_remark(c, PAM_ERROR_MSG, y);\
return ret;\
};\
};
@@ -202,7 +202,7 @@ do { \
#define PAM_WB_GRACE_LOGON(x) ((NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON)
== ( x (NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON)))
struct pwb_context {
- const pam_handle_t *pamh;
+ pam_handle_t *pamh;
int flags;
int argc;
const char **argv;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28a-17-ga3b5ba1
The branch, v3-0-test has been updated
via a3b5ba12ccff9184af348148c6e9fb73218aa1bb (commit)
from cd6d910c4dd44a07dd7b8f197d6ea5a441fbefa1 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -
commit a3b5ba12ccff9184af348148c6e9fb73218aa1bb
Author: Simo Sorce [EMAIL PROTECTED]
Date: Tue Apr 1 18:25:47 2008 -0400
Fix trusted users on a DC that uses the old idmap syntax. There was no
default backend therefore on IDs were mapped by default.
---
Summary of changes:
source/nsswitch/idmap.c | 70 +++
1 files changed, 70 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/idmap.c b/source/nsswitch/idmap.c
index 49ed62b..96c90c3 100644
--- a/source/nsswitch/idmap.c
+++ b/source/nsswitch/idmap.c
@@ -511,6 +511,76 @@ NTSTATUS idmap_init(void)
talloc_free(config_option);
}
+ /* on DCs we need to add idmap_tdb as the default backend if compat is
+* defined (when the old implicit configuration is used)
+* This is not done in the previous loop a on member server we exclude
+* the local domain. But on a DC the local domain is the only domain
+* available therefore we are left with no default domain */
+ if (((lp_server_role() == ROLE_DOMAIN_PDC) ||
+(lp_server_role() == ROLE_DOMAIN_BDC))
+((num_domains == 0) (compat == 1))) {
+
+ dom = TALLOC_ZERO_P(idmap_ctx, struct idmap_domain);
+ IDMAP_CHECK_ALLOC(dom);
+
+ dom-name = talloc_strdup(dom, __default__);
+ IDMAP_CHECK_ALLOC(dom-name);
+
+ dom-default_domain = True;
+ dom-readonly = False;
+
+ /* get the backend methods for this domain */
+ dom-methods = get_methods(backends, compat_backend);
+
+ if ( ! dom-methods) {
+ ret = smb_probe_module(idmap, compat_backend);
+ if (NT_STATUS_IS_OK(ret)) {
+ dom-methods = get_methods(backends,
+ compat_backend);
+ }
+ }
+ if ( ! dom-methods) {
+ DEBUG(0, (ERROR: Could not get methods for
+ backend %s\n, compat_backend));
+ ret = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ /* now that we have methods,
+* set the destructor for this domain */
+ talloc_set_destructor(dom, close_domain_destructor);
+
+ dom-params = talloc_strdup(dom, compat_params);
+ IDMAP_CHECK_ALLOC(dom-params);
+
+ /* Finally instance a backend copy for this domain */
+ ret = dom-methods-init(dom);
+ if ( ! NT_STATUS_IS_OK(ret)) {
+ DEBUG(0, (ERROR: Initialization failed for backend
+ %s (domain %s), deferred!\n,
+ compat_backend, dom-name));
+ }
+ idmap_domains = talloc_realloc(idmap_ctx, idmap_domains,
+ struct idmap_domain *, 2);
+ if ( ! idmap_domains) {
+ DEBUG(0, (Out of memory!\n));
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ idmap_domains[num_domains] = dom;
+
+ def_dom_num = num_domains;
+
+ /* Bump counter to next available slot */
+
+ num_domains++;
+
+ DEBUG(10, (Domain %s - Backend %s - %sdefault - %sreadonly\n,
+ dom-name, compat_backend,
+ dom-default_domain?:not ,
+ dom-readonly?:not ));
+ }
+
/* automatically add idmap_nss backend if needed */
if ((lp_server_role() == ROLE_DOMAIN_MEMBER)
( ! pri_dom_is_in_list)
--
Samba Shared Repository
Build status as of Fri Apr 4 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-04-03 00:00:49.0 + +++ /home/build/master/cache/broken_results.txt 2008-04-04 00:00:30.0 + @@ -1,4 +1,4 @@ -Build status as of Thu Apr 3 00:00:02 2008 +Build status as of Fri Apr 4 00:00:02 2008 Build counts: Tree Total Broken Panic @@ -14,8 +14,8 @@ rsync29 13 0 samba-docs 0 0 0 samba-gtk4 4 0 -samba_3_2_test 28 16 0 -samba_4_0_test 27 22 0 +samba_3_2_test 29 15 0 +samba_4_0_test 26 22 0 smb-build27 3 0 talloc 29 7 0 tdb 29 13 0
