Re: [Samba] PDA-Logon: mal formed packet
Am Dienstag, 28. Oktober 2008 schrieb James Kosin: - Original Message - From: Bernd Kloss [EMAIL PROTECTED] To: James Kosin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, October 26, 2008 2:15 PM Subject: Re: [Samba] PDA-Logon: mal formed packet Am Sonntag, 26. Oktober 2008 schrieben Sie: - Original Message - From: Bernd Kloss [EMAIL PROTECTED] To: James Kosin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, October 25, 2008 4:12 AM Subject: Re: [Samba] PDA-Logon: mal formed packet Am Samstag, 25. Oktober 2008 schrieben Sie: - Original Message - From: Bernd Kloss [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, October 24, 2008 9:41 AM Subject: Re: [Samba] PDA-Logon: mal formed packet Am Freitag, 24. Oktober 2008 schrieb James Kosin: - Original Message - From: Bernd Kloss [EMAIL PROTECTED] Newsgroups: linux.samba Sent: Thursday, October 23, 2008 3:40 PM Subject: Re: [Samba] PDA-Logon: mal formed packet Am Donnerstag, 23. Oktober 2008 schrieb Bernd Kloss: Can you send the full trace, not just this error message? Thanks, Volker I can only attach the file exported by wireshark, but don't know whether this will pass through to the list. What else could I do? Thanks Bernd Okay, the attachment did not pass through. How can I publish the information? Reply Bernd, Copy and paste the relavent packets to the email. They don't need to be large attachments. Just need to see the packets... especially the malformed one. Try to highlight the one that is malformed if possible. James Hello, unfortunately I could not CP from wiresharks GUI, but I did set the loglevel in smb.conf to 10 and found something maybe relevant: The name of the domain is azimmer and the user is bk and the PDA is wm_bk with it's machineaccount wm_bk$ Whereas in the logfile the last letters are missing: azimme\b The login-mask of the PDA says correctly bk at azimmer. EXCERPT FROM LOGFILE: [2008/10/24 15:00:01, 5] auth/auth_util.c:make_user_info_map(206) make_user_info_map: Mapping user [azimme]\[b] from workstation [] READ LINE ABOVE . [2008/10/24 15:00:01, 5] auth/auth_util.c:is_trusted_domain(2055) is_trusted_domain: Checking for domain trust with [azimme] .. [2008/10/24 15:00:01, 5] auth/auth_util.c:is_trusted_domain(2055) is_trusted_domain: Checking for domain trust with [azimme] [2008/10/24 15:00:01, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(644) secrets_fetch failed! [2008/10/24 15:00:01, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/10/24 15:00:01, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/AZIMME couldn't be found [2008/10/24 15:00:01, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain azimme found. .. Primary group is 0 and contains 0 supplementary groups [2008/10/24 15:00:01, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1283) getsampwnam (smbpasswd): search by name: b [2008/10/24 15:00:01, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(229) startsmbfilepwent_internal: opening file /etc/samba/smbpasswd [2008/10/24 15:00:01, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(527) getsmbfilepwent: returning passwd entry for user bmx$, uid 9010 [2008/10/24 15:00:01, 10] passdb/pdb_smbpasswd.c:getsmbfilepwent(501) getsmbfilepwent: LM password for user bk invalidated [2008/10/24 15:00:01, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(527) getsmbfilepwent: returning passwd entry for user bk, uid 9011 [2008/10/24 15:00:01, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(527) getsmbfilepwent: returning passwd entry for user mk, uid 9012 [2008/10/24 15:00:01, 10] passdb/pdb_smbpasswd.c:getsmbfilepwent(501) getsmbfilepwent: LM password for user iserver$ invalidated [2008/10/24 15:00:01, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(527) getsmbfilepwent: returning passwd entry for user iserver$, uid 9021 [2008/10/24 15:00:01, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(527) getsmbfilepwent: returning passwd entry for user admin, uid 1000 [2008/10/24 15:00:01, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(527) getsmbfilepwent: returning passwd entry for user Absinthe87$, uid 9022 [2008/10/24 15:00:01, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(527) getsmbfilepwent: returning passwd entry for user wm_bk$, uid 9023 [2008/10/24 15:00:01, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(578) getsmbfilepwent: end of file reached.
Re: [Samba] Join AD: no logon server
Thanks. I can't figure out why the Windows server is not answering. What information should I gather from the Windows folk regarding the AD configuration that may help? From looking at the debug info, it doesn't seem that 10.191.2.29 is answering properly. Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Failed to set servicePrincipalNames join ADS issue.
Hello all,
I am trying to make one of my solaris server member of our w2k3 ads
domain. ldap and kerberos packages are installed.
* when I try to get a ticket granting ticket, no problem ... kinit klist
are all running fine .. below my krb5 config file
# cat /etc/krb5/krb5.conf
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
# admin_server = FILE:/var/log/krb5/kadmind.log
default = FILE:/var/log/krb5/krb5libs.log
[libdefaults]
default_realm = XXX.XXX
default_keytab_name = /etc/krb5/krb5.keytab
dns_lookup_realm = false
dns_lookup_kdc = false
forwardable = true
ticket_lifetime = 24000
[realms]
XXX.XXX = {
kdc = server1.xxx.xxx:88
kdc = server2.xxx.xxx:88
default_domain = XXX.XXX
}
[domain_realm]
.xxx.xxx = XXX.XXX
xxx.xxx = XXX.XXX
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
* when I try to run an ldap query through the sasl/gssapi api,
everything is also working fine. I get the answer to my ldap query
without giving any password. sasl api takes my kerberos ticket to
authentify myself on the ads. Just after receiving answer to my query, I
see I also no get a ldap service ticket ... below my ldap config file
# cat /etc/ldap/ldap.conf
BASEdc=xxx, dc=xxx
URI ldap://server1.xxx.xxx:389 ldap://server2.xxx.xxx:389
so this is okay but ... now comes the time to join my server to this ad.
I become root
kinit myuser
net ads join createcomputer=BE/Server .. first of all I get a prompt
for password .. why ? I do not know why my kerberos ticket is not used
??
so I try another way to do it net ads join createcomputer=BE/Server -U
admin ... and I get this error message
Using short domain name -- X
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'SERVER' in realm 'XXX.XXX'
Failed to join domain: Type or value exists
this is my samba comfig file ..
[global]
security = ADS
workgroup = XXX
realm = XXX.XXX
winbind separator = +
encrypt passwords = true
I do not really understand the error message. I always get 20 machines
defined in my ads and uses the same procedure as before. the only
difference is I added option createcomputer. this one did not exist
before ( my previous version was 3.0.20 ).
this is the first time I create an account with this version (3.0.32).
my server is correctly defined in the dns with fqdn
myserver.srv.domain.tlddomain.. I checked dns A and PTR, everything is
coherent.
many thanks to help me going further in this job.
thanks
Vincent
-
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.
Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Interdomain trust between Samba and W2003 ADS in native mode
The setup is working on both side, the only difference between what is written in Samba HOWTO is, as i said in a previous message: - configure DNS on the Samba server so that the Samba server can resolv Active Directory special DNS names (i had to install a local correctly configured bind caching nameserver cause the guy who is using the Active Directory server didn't used our company global DNS) - configure Kerberos client on the Samba server (the same way you do it when Samba is an Active Directory member server) Now i can see Active Directory users and groups on the Samba server (with wbinfo) and Active Directory see the Samba users and groups. 2008/10/27 Steven Geerts [EMAIL PROTECTED]: Can you share us some more information on how you configured everyting. Did you try trusting a 2003 AD domain to your samba domain? Should be great if this was possible? Best regards steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sébastien Prud'homme Sent: maandag 27 oktober 2008 13:16 To: Gerald Carter Cc: samba@lists.samba.org Subject: Re: [Samba] Re: Interdomain trust between Samba and W2003 ADS in native mode Thanks. FYI i have set up my Samba system to use the ADS DNS and i've configured /etc/krb5.conf with the ADS realm and now i can see ADS users and groups with wbinfo :-) I also changed some Samba conf as read in Red Hat Knowlegde Base (my distro is RHEL5.2): client schannel = No client use spnego = No server signing = Auto 2008/10/25 Gerald Carter [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Ryan, Samba3 cannot act as an AD domain controller and therefore cannot operate in a trust with a native mode AD domain. Samba4 will be able to do this but it is still under heavy development. If you put your AD domain in mixed mode, you should be able to create the trust although I'm not sure if you can convert a native to mixed mode or not... This is incorrect. Native mode AD can have trusts with NT4 domains (and therefore with Sambas as well). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJA2CAIR7qMdg1EfYRAgozAKDC8+hK93zGK0NTA6U1WGrCqV88/gCg2Z/I PPW3rEqIWTlJiAUVTTMmtT8= =+V6v -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to set servicePrincipalNames join ADS issue.
[EMAIL PROTECTED] wrote:
Hello all,
I am trying to make one of my solaris server member of our w2k3 ads
domain. ldap and kerberos packages are installed.
* when I try to get a ticket granting ticket, no problem ... kinit klist
are all running fine .. below my krb5 config file
# cat /etc/krb5/krb5.conf
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
# admin_server = FILE:/var/log/krb5/kadmind.log
default = FILE:/var/log/krb5/krb5libs.log
[libdefaults]
default_realm = XXX.XXX
default_keytab_name = /etc/krb5/krb5.keytab
dns_lookup_realm = false
dns_lookup_kdc = false
forwardable = true
ticket_lifetime = 24000
[realms]
XXX.XXX = {
kdc = server1.xxx.xxx:88
kdc = server2.xxx.xxx:88
default_domain = XXX.XXX
}
[domain_realm]
.xxx.xxx = XXX.XXX
xxx.xxx = XXX.XXX
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
* when I try to run an ldap query through the sasl/gssapi api,
everything is also working fine. I get the answer to my ldap query
without giving any password. sasl api takes my kerberos ticket to
authentify myself on the ads. Just after receiving answer to my query, I
see I also no get a ldap service ticket ... below my ldap config file
# cat /etc/ldap/ldap.conf
BASEdc=xxx, dc=xxx
URI ldap://server1.xxx.xxx:389 ldap://server2.xxx.xxx:389
so this is okay but ... now comes the time to join my server to this ad.
I become root
kinit myuser
net ads join createcomputer=BE/Server .. first of all I get a prompt
for password .. why ? I do not know why my kerberos ticket is not used
??
so I try another way to do it net ads join createcomputer=BE/Server -U
admin ... and I get this error message
Using short domain name -- X
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'SERVER' in realm 'XXX.XXX'
Failed to join domain: Type or value exists
this is my samba comfig file ..
[global]
security = ADS
workgroup = XXX
realm = XXX.XXX
winbind separator = +
encrypt passwords = true
I do not really understand the error message. I always get 20 machines
defined in my ads and uses the same procedure as before. the only
difference is I added option createcomputer. this one did not exist
before ( my previous version was 3.0.20 ).
this is the first time I create an account with this version (3.0.32).
my server is correctly defined in the dns with fqdn
myserver.srv.domain.tlddomain.. I checked dns A and PTR, everything is
coherent.
many thanks to help me going further in this job.
thanks
Vincent
-
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.
Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-
Usually this error is something to do with hostname or domain name.
When you do hostname, what is the output?
Add -d 10 to net join command see what is failing or post the output.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.2.4 - Problem with Security ADS
Hi people... I´m trying to use samba 3.2.4 on CentOS 5.2, but the winbindd process dont go to memory when I run it with -D option. I saw that *security=ads *in smb.conf is the problem. When I cutt off security=ads from smb.conf, then winbindd goes to memory but i cant access the SQUID+Samba+ADS. Is it a bug? Sorry my english!!! # # SMB.CONF # [global] workgroup = DOMAIN_NAME server string = SQUID PROXY SERVER netbios name = nebiosname realm = DOMAIN_NAME.NET log file = /var/log/samba/smbd.log max log size = 50 client ntlmv2 auth = yes ntlm auth = no security = ads password server = domain_controler_IP encrypt passwords = yes ; smb passwd file = /etc/samba/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no ; name resolve order = wins lmhosts bcast dns proxy = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind offline logon = yes winbind cache time = 150 idmap negative cache time = 60 winbind separator = \\ # Elder Souza (71) 9972-7573 / (71) 8801-5734 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The network path was not found
This is my first attempt at creating a samba pdc. I am receiving the following error when I try joining the samba pdc. The following error occurred attempting to join the domain MAGABOOKS.ORG: The network path was not found. I am using SuSE 11.0 with: samba-3.2.3-0.1 smbldap-tools 0.9.5-1 openldap-2.4.9-7.4 bind-9.4.2-39.2 dhcp-server-3.0.6-86.1 My config files are as follows: *smb.conf* [global] unix charset = LOCALE workgroup = MAGABOOKS.ORG netbios name = arizona passdb backend =ldapsam:ldap://arizona.magabooks.org; username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 0 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u' delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = logon.bat logon path = \\arizona\profiles\%u logon drive = Z: domain logons = Yes domain master = Yes wins support = Yes ldapsam:trusted = yes ldap suffix = dc=magabooks,dc=org ldap machine suffix = ou=Computers,ou=Users ldap user suffix = ou=People,ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=sambaadmin,dc=magabooks,dc=org idmap backend = ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 printing = cups [homes] comment = Home Directories valid users = %S browseable = yes writable = yes create mask = 0600 directory mask = 0700 [sysvol] path = /var/lib/samba/sysvol read only = no [netlogon] comment = Network Logon Service path = /var/lib/samba/sysvol/magabooks.org/scripts writeable = yes browseable = yes read only = no [profiles] path = /var/lib/samba/profiles writeable = yes browseable = no read only = no create mode = 0777 directory mode = 0777 [Documents] comment = share to test samba path = /var/lib/samba/documents writeable = yes browseable = yes read only = no valid users = @Domain Users *slapd.conf* #slapd.conf Master Openldap2.3 #path: /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba3.schema modulepath /usr/lib/openldap/modules/ pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd/slapd.args loglevel 0 databasebdb suffix dc=magabooks,dc=org directory /var/lib/ldap rootdn cn=Manager,dc=magabooks,dc=org rootpw tiger123 index entryCSN eq index entryUUID eq access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by dn=cn=sambaadmin,dc=magabooks,dc=org write by * auth access to * by dn=cn=sambaadmin,dc=magabooks,dc=org write by * read index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq index default sub *ldap.conf* #/etc/ldap.conf # LDAP Master hostarizona.magabooks.org basedc=magabooks,dc=org binddn cn=Manager,dc=magabooks,dc=org bindpw tiger123 bind_policy soft pam_password exop nss_initgroups_ignoreusers root, ldap, named, avahi, haldaemon, dbus nss_base_passwd ou=People,ou=Users,dc=magabooks,dc=org?one nss_base_shadow ou=People,ou=Users,dc=magabooks,dc=org?one nss_base_passwd ou=Computers,ou=Users,dc=magabooks,dc=org?one nss_base_shadow ou=Computers,ou=Users,dc=magabooks,dc=org?one nss_base_group ou=Groups,dc=magabooks,dc=org?one ssl no nsswitch.conf # # /etc/nsswitch.conf # passwd:files ldap shadow:files ldap group:files ldap hosts:files dns wins networks:files dns services:files ldap protocols:files rpc:files ethers:files netmasks:files netgroup:files ldap publickey:files bootparams:files automount:files nis aliases:files ldap passwd_compat:ldap *magabooks.ldif* # SAMBA LDAP PRELOAD # SID S-1-5-21-1974889685-1473824107-2886557780. dn: dc=magabooks,dc=org objectClass: dcObject objectClass: organization dc: magabooks o: MAGABOOKS description: Posix and Samba LDAP Identity Database dn: cn=Manager,dc=magabooks,dc=org objectClass: organizationalRole cn: Manager description: Directory Manager dn: cn=syncuser,dc=magabooks,dc=org objectClass: person cn: syncuser sn: syncuser userPassword: tiger123 dn:
Re: [Samba] The network path was not found
On Tuesday 28 October 2008 15:49:28 mimagabooks wrote: This is my first attempt at creating a samba pdc. I am receiving the following error when I try joining the samba pdc. The following error occurred attempting to join the domain MAGABOOKS.ORG: The network path was not found. I am using SuSE 11.0 with: samba-3.2.3-0.1 smbldap-tools 0.9.5-1 openldap-2.4.9-7.4 bind-9.4.2-39.2 dhcp-server-3.0.6-86.1 My config files are as follows: *smb.conf* [global] unix charset = LOCALE workgroup = MAGABOOKS.ORG netbios name = arizona passdb backend =ldapsam:ldap://arizona.magabooks.org; Have you tried it w/out the .ORG (both client server side) ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mac os 10.5.5 and symbolic link to www
We have a new server running Red Hat 5.2EL. Windows machines can samba to the linux server with no problems, including symbolic links to the www directory. Our Mac OS 10.5.5 machines have a problem with symbolic links to the www directory. On the Mac computers, the symbolic links show up as an alias that cannot be followed. These same MAC computers can samba to the www directory via a symbolic link on our Fedora Core 5 server. Since the www symbolic link works on a PC that sambas to the Red Hat server, is this strictly a problem on the macs or is there a setting I need to change in a conf file on the Red Hat server, since the same Macs can use the symbolic link to the www directory on the Fedora server? Thanks Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mac os 10.5.5 and symbolic link to www
2008/10/28 Marc Fromm [EMAIL PROTECTED]: We have a new server running Red Hat 5.2EL. Windows machines can samba to the linux server with no problems, including symbolic links to the www directory. Our Mac OS 10.5.5 machines have a problem with symbolic links to the www directory. On the Mac computers, the symbolic links show up as an alias that cannot be followed. These same MAC computers can samba to the www directory via a symbolic link on our Fedora Core 5 server. The Mac is almost certainly using the unix extensions to follow the symlink on the client side. If you want the server to follow the symlink instead, you have to turn off unix extension support (unix extensions = no). Since the www symbolic link works on a PC that sambas to the Red Hat server, is this strictly a problem on the macs or is there a setting I need to change in a conf file on the Red Hat server, since the same Macs can use the symbolic link to the www directory on the Fedora server? Thanks Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.2.3: win2k join fails, xp join works
Hi, I recently upgraded my pdc server(samba3.0.x+ldap) to debian lenny( samba 3.2.3). After the upgrade, the win2k join is no longer working and returns Logon failure: the User Name unknown or bad password. The Xp join works properly. The same thing seems to be happen to other users; same problem and same logs: http://www.nabble.com/Problem-on-Update-Samba-3.0.31-to-Samba-3.2.3-to19797123.html#a19797123 I also tried upgrading to samba 3.2.4 ( i read that it fixes some bug..) but the problem still remains :( I would not to downgrade to 3.0.x but at the moment it seems to be the only solution :-/ any idea ? TIA, Simone ps. below my packages version / configuration. Packages version: samba 2:3.2.3-3 samba-common 2:3.2.3-3 smbclient 2:3.2.3-3 smbldap-tools 0.9.4-1 libcrypt-smbhash-perl 0.12-2 /etc/samba/smb.conf:: ---cut--- [global] workgroup = DOMINIO netbios name = srv-dominio server string = %h dns proxy = No bind interfaces only = Yes interfaces = lo, eth1 smb ports = 139 ### registra i logon via samba utmp = Yes utmp directory = /var/log/samba/utmp wtmp directory = /var/log/samba/wtmp ### evita l'apertura di notepad con un file desktop.ini hide files = /desktop.ini/ntuser.ini/NTUSER.*/ ### conserva i permessi e i privilegi dei file dell'utente inherit acls = yes inherit owner = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 log level = 4 security = user encrypt passwords = true passdb backend = ldapsam:ldap://127.0.0.1/ obey pam restrictions = no deadtime = 15 browseable = no wins support = Yes name resolve order = lmhosts host wins bcast local master = yes domain master = Yes preferred master = Yes os level = 254 domain logons = Yes unix password sync = no enable privileges = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n socket options = TCP_NODELAY, SO_KEEPALIVE ldap ssl = no ldap passwd sync = yes ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmaps ldap group suffix = ou=Groups ldap user suffix = ou=People ldap suffix = dc=isi,dc=lan ldap delete dn = Yes ldap admin dn = cn=admin,dc=isi,dc=lan logon home = \\%N\%U\.\\.profili\%a logon drive = H: logon path = \\%N\%U\.profili\%a logon script = logon.bat add machine script = /usr/sbin/smbldap-useradd -w %m set primary group script = /usr/sbin/smbldap-usermod -g %g %u delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete group script = /usr/sbin/smbldap-groupdel %g add group script = /usr/sbin/smbldap-groupadd -p %g delete user script = /usr/sbin/smbldap-userdel %u add user script = /usr/sbin/smbldap-useradd -m %u check password script = /usr/bin/crackcheck -s panic action = /usr/share/samba/panic-action %d [homes] comment = ISI-homes (NON MODIFICARE QUESTA RIGA) browseable = no writable = yes guest ok = no veto files = /public_html/ [perl] path = /usr/share/WinActivePerl comment = Per Windows Binaries public = yes writable = no guest ok = yes browseable = no [netlogon] comment = ISI-NetLogon (NON MODIFICARE QUESTA RIGA) path = /home/samba/netlogon guest ok = yes browseable = no create mask = 0644 directory mask = 0755 writable = yes root preexec=/usr/sbin/setlogonvar '%U' '%G' '%m' root postexec=/usr/sbin/rmlogonvar '%m' ---cut--- /etc/smbldap-tools/smbldap.conf: ---cut--- SID=S-1-5-21-1479175027-3375466229-471917732 slaveLDAP=127.0.0.1 slavePort=389 masterLDAP=127.0.0.1 masterPort=389 ldapTLS=0 suffix=dc=isi,dc=lan usersdn=ou=People,dc=isi,dc=lan computersdn=ou=Computers,dc=isi,dc=lan groupsdn=ou=Groups,dc=isi,dc=lan idmapdn=ou=Idmap,dc=isi,dc=lan sambaUnixIdPooldn=sambaDomainName=DOMINIO,dc=isi,dc=lan scope=sub hash_encrypt=SSHA crypt_salt_format=%s userLoginShell=/bin/bash userHome=/home/%U userGecos=System User defaultUserGid=513 defaultComputerGid=515 skeletonDir=/etc/skel defaultMaxPasswordAge=99 userSmbHome= userProfile= userHomeDrive= mailDomain=isi.lan with_smbpasswd=0 smbpasswd=/usr/bin/smbpasswd defaultComputerGid0=515 ---cut--- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Installing windows drivers into print$ on OS X 10.5 Leopard
2008/10/26 Chris [EMAIL PROTECTED]: Has anyone had any success installing windows printer drivers onto a leopard-hosted print$ share? If I use the Add Printer Wizard method, if copies the driver files to \\SERVER\print$\W32X86 then fails with an Operation cannot be completed. If I use the rpcclient method I get a WERR_INVALID_PARAM error. Using the Adobe Generic PostScript driver as an example. osxserver:W32X86 root# ls -l total 2832 drwxrwxr-x 2 root domainadmins 68 Oct 25 23:16 0 drwxrwxr-x 2 root domainadmins 68 Oct 25 23:16 2 drwxrwxr-x 2 root domainadmins 68 Oct 26 00:00 3 -rw-r--r-- 1 fred domainadmins 13492 Oct 26 01:43 DEFPRTR2.PPD -rw-r--r-- 1 fred domainadmins 135248 Oct 26 01:43 PS5UI.DLL -rw-r--r-- 1 fred domainadmins 26056 Oct 26 01:43 PSCRIPT.HLP -rw-r--r-- 1 fred domainadmins 792644 Oct 26 01:43 PSCRIPT.NTF -rw-r--r-- 1 fred domainadmins 470608 Oct 26 01:43 PSCRIPT5.DLL osxserver:W32X86 root# rpcclient localhost -d3 -Ufred%password -c 'adddriver Windows NT x86 genericps:PSCRIPT5.DLL:DEFPRTR2.PPD:PS5UI.DLL:PSCRIPT.HLP:NULL:RAW:PSCRIPT.NTF' added interface ip=192.168.223.13 bcast=192.168.223.255 nmask=255.255.255.0 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /private/etc/smb.conf Processing section [global] params.c:pm_process() - Processing configuration file /var/db/smb.conf Processing section [global] Processing section [global] Connecting to host=localhost Connecting to 127.0.0.1 at port 445 Doing spnego session setup (blob length=126) got OID=1 2 840 113554 1 2 2 got OID=1 2 840 48018 1 2 2 got OID=1 3 6 1 4 1 311 2 2 10 got principal=cifs/[EMAIL PROTECTED] Got challenge flags: Got NTLMSSP neg_flags=0x40898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x40088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x40088215 rpc_pipe_bind: Remote machine localhost pipe \lsarpc fnum 0x7400 bind request returned ok. lsa_io_sec_qos: length c does not match size 8 rpc_pipe_bind: Remote machine localhost pipe \spoolss fnum 0x7401 bind request returned ok. result was WERR_INVALID_PARAM I believe that this problem is because the Darwin VFS doesn't implement the read operation, only the pread operation. You should be able to work around this by temporarily commenting out the vfs objects line in /etc/smb.conf while you do the printer setup. smb.log shows this: osxserver (127.0.0.1) connect to service print$ initially as user fred (uid=1025, gid=20) (pid 36350) [2008/10/26 02:01:50, 2, pid=36350] /SourceCache/samba/samba-187.8/samba/source/smbd/open.c:open_file(391) fred opened file W32X86/PSCRIPT5.DLL read=Yes write=No (numopen=1) [2008/10/26 02:01:50, 2, pid=36350] /SourceCache/samba/samba-187.8/samba/source/smbd/close.c:close_normal_file(399) fred closed file W32X86/PSCRIPT5.DLL (numopen=0) NT_STATUS_OK [2008/10/26 02:01:50, 1, pid=36350] /SourceCache/samba/samba-187.8/samba/source/smbd/service.c:close_cnum(1284) osxserver (127.0.0.1) closed connection to service print$ User fred is a member of Admins and Domain Admins and I have explicitly added SePrintOperatorPrivilege to EXAMPLE\Domain Admins (it didn't help.) This used to work great on 10.4... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDA-Logon: mal formed packet
On Tue, Oct 28, 2008 at 07:56:30AM +0100, Bernd Kloss wrote: Hello, James and Volker, first of all thank you very much for your engagement. Let me just point out one thing: Until september 2008 I had Debian Etch running on my server and the PDA was working fine. While upgrading from Etch to Lenny I did not change the smb.conf nor the configuration of the LOOX N560 PDA (there is nothing to change. I can tell it to make DHCP, configure WPA2. That's it.) From then on the PDA could not log on to the server, but still works fine with the XP-Clients. I am wondering why it is looking for a user and a workgroup both missing the last letter as Lenny-SAMBA is showing it in the log. In order to track this down I'm going to need debug level 10 logs from the system when it works, and from when it doesn't. wireshark traces from between the two would also help. Please open a bug @ bugzilla.samba.org and attach this information. Note we're going to need the entire logs and also the binary wireshark traces, not the text versions. It's possible that this is a bug I've just fixed in the non-unicode character handling (checked into the samba-3-2-test git branch). If you could test that version that would be very helpful. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Basic server role question
I have a samba 3.2.3-0.1-1882 server running on Suse SL11.0. It's out of the box, just the way YAST builds it. Pardon the extremely basic level questions here. The intent for this server is basically just file and print services. (It's defined as a BDC, I think, because I didn't do that on a previous install and I couldn't get name service (wins) to work right. Wins works great now, but I don't know if being a domain controller is the reason. ) I also want it to do DHCP and maybe DNS for a small network, but those two will come later. It works now for offering shares and printers, in my limited testing. I want to define what shares people can access based on who they log in as-- if they never get prompted for username/password until they attempt to access a resource on this Samba server, that's fine. First basic question: I get a complaint when I run testparm: Server's Role (logon server) NOT ADVISED with domain-level security So I'm wondering if my choice of security model is ill-advised, or if it's my choice of role I should be questioning. Actually, I don't remember specifying a server role. Please advise. -Tom My configuration is below. # Date: 2008-06-06 [global] workgroup = RIVENDELL printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = L: usershare allow guests = No add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ domain logons = Yes domain master = Yes local master = Yes netbios name = ASIMOV os level = 65 passdb backend = smbpasswd:/etc/samba/smbpasswd preferred master = Yes security = domain [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [profiles] comment = Network Profiles Service path = %H read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root - 268. [Philosophy] People can and will do things that no one could possibly believe anyone would do. For examples look at most of human history or the alt.sex.* hierarchy. --Ken Boucher on human stupidity in sci.nanotech --... ...-- -.. . -. . --.- --.- -... [EMAIL PROTECTED] (remove nospam) N9QQB (amateur radio) HEY YOU (loud shouting)WEB: http://www.mixweb.com/tpeters 43° 7' 17.2 N by 88° 6' 28.9 W, Elevation 815', Grid Square EN53wc WAN/LAN/Telcom Analyst, Tech Writer, MCP, CCNA, Registered Linux User 385531 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mac os 10.5.5 and symbolic link to www
Can some one clarify that statement a little more for the hard at learning please? Do you mean the MAC is using the SAMBA symlink and attempting to follow it to a location on its local disk? The Mac is almost certainly using the unix extensions to follow the symlink on the client side. If you want the server to follow the symlink instead, you have to turn off unix extension support (unix extensions = no). Kind Regards Kyle James Peach wrote: 2008/10/28 Marc Fromm [EMAIL PROTECTED]: We have a new server running Red Hat 5.2EL. Windows machines can samba to the linux server with no problems, including symbolic links to the www directory. Our Mac OS 10.5.5 machines have a problem with symbolic links to the www directory. On the Mac computers, the symbolic links show up as an alias that cannot be followed. These same MAC computers can samba to the www directory via a symbolic link on our Fedora Core 5 server. The Mac is almost certainly using the unix extensions to follow the symlink on the client side. If you want the server to follow the symlink instead, you have to turn off unix extension support (unix extensions = no). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mac os 10.5.5 and symbolic link to www
2008/10/28 Kyle [EMAIL PROTECTED]: Can some one clarify that statement a little more for the hard at learning please? Do you mean the MAC is using the SAMBA symlink and attempting to follow it to a location on its local disk? Yes. Because Windows clients do not understand the SMB protocol extension the Mac uses in this case, the server follows the symlink on their behalf (to a location on the server's disk). The Mac is almost certainly using the unix extensions to follow the symlink on the client side. If you want the server to follow the symlink instead, you have to turn off unix extension support (unix extensions = no). Kind Regards Kyle James Peach wrote: 2008/10/28 Marc Fromm [EMAIL PROTECTED]: We have a new server running Red Hat 5.2EL. Windows machines can samba to the linux server with no problems, including symbolic links to the www directory. Our Mac OS 10.5.5 machines have a problem with symbolic links to the www directory. On the Mac computers, the symbolic links show up as an alias that cannot be followed. These same MAC computers can samba to the www directory via a symbolic link on our Fedora Core 5 server. The Mac is almost certainly using the unix extensions to follow the symlink on the client side. If you want the server to follow the symlink instead, you have to turn off unix extension support (unix extensions = no). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch master updated - 2b29b7186459d945ec448694164bfe4239b30d72
The branch, master has been updated via 2b29b7186459d945ec448694164bfe4239b30d72 (commit) from 698b7fd43658d9e96d28f26c9e1dae5e770bb57f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2b29b7186459d945ec448694164bfe4239b30d72 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon Oct 27 11:35:07 2008 +0100 s4: import lorikeet-heimdal-200810271034 metze --- Summary of changes: source4/heimdal/kdc/524.c | 94 ++-- source4/heimdal/kdc/default_config.c | 150 ++-- source4/heimdal/kdc/digest.c | 220 +++--- source4/heimdal/kdc/headers.h | 54 +- source4/heimdal/kdc/kaserver.c | 86 ++-- source4/heimdal/kdc/kdc.h | 58 +- source4/heimdal/kdc/kdc_locl.h | 54 +- source4/heimdal/kdc/kerberos4.c| 132 ++-- source4/heimdal/kdc/kerberos5.c| 340 +- source4/heimdal/kdc/krb5tgs.c | 50 +- source4/heimdal/kdc/kx509.c| 92 ++-- source4/heimdal/kdc/log.c | 58 +- source4/heimdal/kdc/misc.c | 56 +- source4/heimdal/kdc/pkinit.c | 218 +++--- source4/heimdal/kdc/process.c | 72 +- source4/heimdal/kdc/rx.h | 50 +- source4/heimdal/kdc/windc.c| 60 +- source4/heimdal/kdc/windc_plugin.h | 58 +- source4/heimdal/kpasswd/kpasswd.c | 60 +- source4/heimdal/kpasswd/kpasswd_locl.h | 52 +- source4/heimdal/kuser/kinit.c | 252 --- source4/heimdal/kuser/kuser_locl.h | 70 ++- source4/heimdal/lib/asn1/asn1_gen.c| 64 +- source4/heimdal/lib/asn1/der.c | 50 +- source4/heimdal/lib/asn1/der.h | 50 +- source4/heimdal/lib/asn1/der_cmp.c | 56 +- source4/heimdal/lib/asn1/der_copy.c| 58 +- source4/heimdal/lib/asn1/der_format.c | 56 +- source4/heimdal/lib/asn1/der_free.c| 50 +- source4/heimdal/lib/asn1/der_get.c | 84 +- source4/heimdal/lib/asn1/der_length.c | 52 +- source4/heimdal/lib/asn1/der_locl.h| 50 +- source4/heimdal/lib/asn1/der_put.c | 88 ++-- source4/heimdal/lib/asn1/extra.c | 58 +- source4/heimdal/lib/asn1/gen.c | 78 +- source4/heimdal/lib/asn1/gen_copy.c| 64 +- source4/heimdal/lib/asn1/gen_decode.c | 110 ++-- source4/heimdal/lib/asn1/gen_encode.c | 68 +- source4/heimdal/lib/asn1/gen_free.c| 58 +- source4/heimdal/lib/asn1/gen_glue.c| 52 +- source4/heimdal/lib/asn1/gen_length.c | 68 +- source4/heimdal/lib/asn1/gen_locl.h| 50 +- source4/heimdal/lib/asn1/gen_seq.c | 58 +- source4/heimdal/lib/asn1/hash.c| 50 +- source4/heimdal/lib/asn1/hash.h| 52 +- source4/heimdal/lib/asn1/heim_asn1.h | 50 +- source4/heimdal/lib/asn1/lex.c | 68 +- source4/heimdal/lib/asn1/lex.h | 50 +- source4/heimdal/lib/asn1/lex.l | 68 +- source4/heimdal/lib/asn1/main.c| 50 +- source4/heimdal/lib/asn1/parse.c | 34 +- source4/heimdal/lib/asn1/parse.y | 86 ++-- source4/heimdal/lib/asn1/symbol.c |2 +- source4/heimdal/lib/asn1/symbol.h | 82 +- source4/heimdal/lib/asn1/timegm.c | 62 +- source4/heimdal/lib/com_err/com_err.c | 68 +- source4/heimdal/lib/com_err/com_err.h | 50 +- source4/heimdal/lib/com_err/com_right.h| 50 +- source4/heimdal/lib/com_err/compile_et.c | 87 ++- source4/heimdal/lib/com_err/compile_et.h | 50 +- source4/heimdal/lib/com_err/error.c| 71 +- source4/heimdal/lib/com_err/lex.c | 52 +- source4/heimdal/lib/com_err/lex.h | 50 +- source4/heimdal/lib/com_err/lex.l | 52 +- source4/heimdal/lib/com_err/parse.c| 52 +- source4/heimdal/lib/com_err/parse.y| 56 +- source4/heimdal/lib/gssapi/gssapi/gssapi.h | 56 +- source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h| 77 ++- source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h | 50 +- source4/heimdal/lib/gssapi/krb5/8003.c | 78 +-
[SCM] Samba Shared Repository - branch master updated - 7a4d937fd9e80e27d58584bc1a4d3dddc88ba74d
The branch, master has been updated
via 7a4d937fd9e80e27d58584bc1a4d3dddc88ba74d (commit)
via 6bc9fb887fa685a595b019c5ad6fc77f2fa3e914 (commit)
from 2b29b7186459d945ec448694164bfe4239b30d72 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7a4d937fd9e80e27d58584bc1a4d3dddc88ba74d
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Tue Oct 28 12:21:44 2008 +0100
s4: lsa-server: fix crash bugs related to [out,ref] ** changes
metze
commit 6bc9fb887fa685a595b019c5ad6fc77f2fa3e914
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Tue Oct 28 12:20:59 2008 +0100
selftest: move gdb_* and valgrind_* scripts to selftest/
metze
---
Summary of changes:
selftest/gdb_backtrace | 87 +++
selftest/gdb_backtrace_test.c | 42 +
selftest/gdb_run| 20
selftest/selftest.pl|2 +-
selftest/target/Samba4.pm |2 +-
selftest/valgrind_run |9
source4/rpc_server/lsa/dcesrv_lsa.c |8 ++--
source4/script/gdb_backtrace| 87 ---
source4/script/gdb_backtrace_test.c | 42 -
source4/script/gdb_run | 20
source4/script/valgrind_run |9
source4/selftest/config.mk | 13 +++--
12 files changed, 171 insertions(+), 170 deletions(-)
create mode 100755 selftest/gdb_backtrace
create mode 100644 selftest/gdb_backtrace_test.c
create mode 100755 selftest/gdb_run
create mode 100755 selftest/valgrind_run
delete mode 100755 source4/script/gdb_backtrace
delete mode 100644 source4/script/gdb_backtrace_test.c
delete mode 100755 source4/script/gdb_run
delete mode 100755 source4/script/valgrind_run
Changeset truncated at 500 lines:
diff --git a/selftest/gdb_backtrace b/selftest/gdb_backtrace
new file mode 100755
index 000..826381e
--- /dev/null
+++ b/selftest/gdb_backtrace
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+BASENAME=`basename $0`
+
+if [ -n $VALGRIND -o -n $SMBD_VALGRIND ]; then
+ echo ${BASENAME}: Not running debugger under valgrind
+ exit 1
+fi
+
+# we want everything on stderr, so the program is not disturbed
+exec 12
+
+BASENAME=`basename $0`
+UNAME=`uname`
+
+PID=$1
+BINARY=$2
+
+test x${PID} = x {
+ echo Usage: ${BASENAME} pid [binary]
+ exit 1
+}
+
+DB_LIST=gdb
+case ${UNAME} in
+ #
+ # on Tru64 we need to try ladebug first
+ # because gdb crashes itself...
+ #
+ OSF1)
+ DB_LIST=ladebug ${DB_LIST}
+ ;;
+esac
+
+for DB in ${DB_LIST}; do
+ DB_BIN=`which ${DB} 2/dev/null | grep '^/'`
+ test x${DB_BIN} != x {
+ break
+ }
+done
+
+test x${DB_BIN} = x {
+ echo ${BASENAME}: ERROR: No debugger found.
+ exit 1
+}
+
+#
+# we first try to use /proc/${PID}/exe
+# then fallback to the binary from the commandline
+# then we search for the commandline argument with
+# 'which'
+#
+test -f /proc/${PID}/exe BINARY=/proc/${PID}/exe
+test x${BINARY} = x BINARY=/proc/${PID}/exe
+test -f ${BINARY} || BINARY=`which ${BINARY}`
+
+test -f ${BINARY} || {
+ echo ${BASENAME}: ERROR: Cannot find binary '${BINARY}'.
+ exit 1
+}
+
+echo ${BASENAME}: Trying to use ${DB_BIN} on ${BINARY} on PID ${PID}
+
+BATCHFILE_PRE=/tmp/gdb_backtrace_pre.$$
+BATCHFILE_MAIN=/tmp/gdb_backtrace_main.$$
+case ${DB} in
+ ladebug)
+cat EOF ${BATCHFILE_PRE}
+set \$stoponattach
+EOF
+
+cat EOF ${BATCHFILE_MAIN}
+where
+quit
+EOF
+ ${DB_BIN} -c ${BATCHFILE_MAIN} -i ${BATCHFILE_PRE} -pid ${PID}
${BINARY}
+ ;;
+ gdb)
+cat EOF ${BATCHFILE_MAIN}
+set height 1000
+bt full
+quit
+EOF
+ ${DB_BIN} -x ${BATCHFILE_MAIN} ${BINARY} ${PID}
+ ;;
+esac
+/bin/rm -f ${BATCHFILE_PRE} ${BATCHFILE_MAIN}
diff --git a/selftest/gdb_backtrace_test.c b/selftest/gdb_backtrace_test.c
new file mode 100644
index 000..506784f
--- /dev/null
+++ b/selftest/gdb_backtrace_test.c
@@ -0,0 +1,42 @@
+/*
+
+add a usefull tool to test the gdb_backtrace script
+
+just compile it with
+cc -g -o gdb_backtrace_test gdb_backtrace_test.c
+
+and run it in the same directory where your gdb_backtrace script is.
+
+2006 - Stefan Metzmacher [EMAIL PROTECTED]
+
+*/
+#include stdio.h
+#include string.h
+#include stdlib.h
+#include unistd.h
+#include signal.h
+
+static const char *prog;
+
+static void sig_fault(int sig)
+{
+ int ret;
+ char cmdstr[200];
+
+ snprintf(cmdstr, sizeof(cmdstr),
+./gdb_backtrace %u %s,
+getpid(), prog);
+ printf(sig_fault start: %s\n, cmdstr);
+ ret = system(cmdstr);
+ printf(sig_fault end: %d\n, ret);
+}
+
+int main(int argc, const char **argv)
+{
+ prog = argv[0];
+
+
[SCM] Samba Shared Repository - branch master updated - 67c5aca1e871ccd3675a0cc586753134f76239e9
The branch, master has been updated
via 67c5aca1e871ccd3675a0cc586753134f76239e9 (commit)
via b99926ca5e3791f578a833de5ca3ed7bd4bab443 (commit)
via 8160cd1595520719268d20f2a17fd25c72bed4c9 (commit)
from 7a4d937fd9e80e27d58584bc1a4d3dddc88ba74d (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 67c5aca1e871ccd3675a0cc586753134f76239e9
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Tue Oct 28 17:14:53 2008 +0100
RAW-ACLS: test the behavior of NULL DACL vs. empty DACL
This is based on the torture test attached to bug 4284
by Matthias Dieter Wallnöfer [EMAIL PROTECTED].
metze
commit b99926ca5e3791f578a833de5ca3ed7bd4bab443
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Tue Oct 28 17:13:21 2008 +0100
s4: ntvfs/posix: to set a DACL at open time SEC_DESC_DACL_PRESENT must be
set
metze
commit 8160cd1595520719268d20f2a17fd25c72bed4c9
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Tue Oct 28 17:10:51 2008 +0100
s4: libcli/security: a NULL DACL allows access
This fixes bug 4284.
metze
---
Summary of changes:
source4/libcli/security/access_check.c | 13 +--
source4/ntvfs/posix/pvfs_open.c|6 +-
source4/torture/raw/acls.c | 244
3 files changed, 250 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/libcli/security/access_check.c
b/source4/libcli/security/access_check.c
index d5a0a13..af6a3d6 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -99,21 +99,12 @@ NTSTATUS sec_access_check(const struct security_descriptor
*sd,
}
}
- /* dacl not present allows access */
- if (!(sd-type SEC_DESC_DACL_PRESENT)) {
+ /* a NULL dacl allows access */
+ if ((sd-type SEC_DESC_DACL_PRESENT) sd-dacl == NULL) {
*access_granted = access_desired;
return NT_STATUS_OK;
}
-#if 0
- /* tridge: previously we had empty dacl denying access, but
- that can lead to undeletable directories, where
- nobody can change the ACL on a directory */
- if (sd-dacl == NULL || sd-dacl-num_aces == 0) {
- return NT_STATUS_ACCESS_DENIED;
- }
-#endif
-
/* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and
SEC_STD_DELETE */
if ((bits_remaining
(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE))
security_token_has_sid(token, sd-owner_sid)) {
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 8a32f01..fe3c915 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -106,6 +106,7 @@ static NTSTATUS pvfs_open_setup_eas_acl(struct pvfs_state
*pvfs,
union smb_open *io)
{
NTSTATUS status;
+ struct security_descriptor *sd;
/* setup any EAs that were asked for */
if (io-ntcreatex.in.ea_list) {
@@ -117,8 +118,9 @@ static NTSTATUS pvfs_open_setup_eas_acl(struct pvfs_state
*pvfs,
}
}
+ sd = io-ntcreatex.in.sec_desc;
/* setup an initial sec_desc if requested */
- if (io-ntcreatex.in.sec_desc) {
+ if (sd (sd-type SEC_DESC_DACL_PRESENT)) {
union smb_setfileinfo set;
/*
* TODO: set the full ACL!
@@ -129,7 +131,7 @@ static NTSTATUS pvfs_open_setup_eas_acl(struct pvfs_state
*pvfs,
*/
set.set_secdesc.in.file.ntvfs = f-ntvfs;
set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
- set.set_secdesc.in.sd = io-ntcreatex.in.sec_desc;
+ set.set_secdesc.in.sd = sd;
status = pvfs_acl_set(pvfs, req, name, fd, SEC_STD_WRITE_DAC,
set);
} else {
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c
index 95e7282..a07da8a 100644
--- a/source4/torture/raw/acls.c
+++ b/source4/torture/raw/acls.c
@@ -248,6 +248,249 @@ done:
} \
} while (0)
+/*
+ test using NTTRANS CREATE to create a file with a null ACL set
+*/
+static bool test_nttrans_create_null_dacl(struct torture_context *tctx,
+ struct smbcli_state *cli)
+{
+ NTSTATUS status;
+ union smb_open io;
+ const char *fname = BASEDIR \\acl3.txt;
+ bool ret = true;
+ int fnum = -1;
+ union smb_fileinfo q;
+ union smb_setfileinfo s;
+ struct security_descriptor *sd = security_descriptor_initialise(tctx);
+ struct security_acl dacl;
+
+ printf(TESTING SEC_DESC WITH A NULL DACL\n);
+
+ io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+ io.ntcreatex.in.root_fid = 0;
+ io.ntcreatex.in.flags = 0;
+
Build status as of Wed Oct 29 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-10-28 00:00:49.0 + +++ /home/build/master/cache/broken_results.txt 2008-10-29 00:00:36.0 + @@ -1,4 +1,4 @@ -Build status as of Tue Oct 28 00:00:02 2008 +Build status as of Wed Oct 29 00:00:02 2008 Build counts: Tree Total Broken Panic @@ -14,9 +14,9 @@ rsync34 10 0 samba-docs 0 0 0 samba-gtk8 8 0 -samba_3_X_devel 31 18 0 -samba_3_X_test 30 17 0 -samba_4_0_test 33 26 5 +samba_3_X_devel 30 19 0 +samba_3_X_test 29 17 0 +samba_4_0_test 32 29 0 smb-build32 7 0 talloc 34 33 0 tdb 34 12 0
