RE: [Samba] file locking options in smb.conf
Hi list, Any body implemented cross protocol file locking before? Any pointer will help me a lot Hi Volker, CIFS - CIFS locking is not working as expected. It failed for me in following scenario. 1. Opened a share using browser in Win XP machine. 2. Copied a word document (*.doc) to share. 3. Mounted CIFS share in a Ubuntu (8.04 LTS desktop). 4. Opened word document from Ubuntu using openoffice 2.4 5. Tried to open same file in Win XP but it didn't open and got error message No proper file permission (I expect word document to open in read only mode). However if I open document first in Win XP and then using Open office working as expected i.e. Document getting opened in read only mode. Thanks Anoop -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: Tuesday, May 05, 2009 5:19 PM To: Anoop P.A. Cc: samba@lists.samba.org Subject: Re: [Samba] file locking options in smb.conf On Tue, May 05, 2009 at 04:27:30AM -0700, Anoop P.A. wrote: Hi Volker, Thanks for the reply. I want basic file locking work as expected. ( i.e. I want to prevent files from getting corrupted while shared across multiple platforms). If some file is opened writing in one client, other clients should not be able to write in to it. My server failing in many scenarios, I could explain one of the scenario as follows. 1. Opened a share using browser in Win XP machine. 2. Mounted same share in a Linux machine through nfs. 3. Initiated a 1 GB file transfer to share in windows 4. Same time tried to copy a file with same name in nfs share.It asked to overwrite existing file( I expect it not to start copy as write lock of that file is being obtained by CIFS client) 5. After a while both the transfers finished. MD5SUM showed resultant file got corrupted. No way you will achieve this cross-protocol. Unix just does not know how to lock a complete file like Windows/CIFS does using share modes. Your only chance is to only use Samba and a cifs client file system and ditch NFS and local file access. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file locking options in smb.conf
On Tue, May 05, 2009 at 11:35:54PM -0700, Anoop P.A. wrote: Hi list, Any body implemented cross protocol file locking before? Any pointer will help me a lot Hi Volker, CIFS - CIFS locking is not working as expected. It failed for me in following scenario. 1. Opened a share using browser in Win XP machine. 2. Copied a word document (*.doc) to share. 3. Mounted CIFS share in a Ubuntu (8.04 LTS desktop). 4. Opened word document from Ubuntu using openoffice 2.4 5. Tried to open same file in Win XP but it didn't open and got error message No proper file permission (I expect word document to open in read only mode). However if I open document first in Win XP and then using Open office working as expected i.e. Document getting opened in read only mode. Well, that's because Unix does not know about so-called share modes that Microsoft Office uses. OpenOffice 3 will solve this cross-platform using a lock file, so if you are using that on both Windows and Linux it should work fine. Volker pgpQWcUIyniyD.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Domain Server Problem
Pete Clapham peteclap...@sbcglobal.net wrote in message news:850942.27310...@web80503.mail.mud.yahoo.com... Hi -- I am trying to set up an additional domain server (not PDC or BDC), so that students can get to the material on the server. When I type net use w: \\water\archive (where water is the domain server and archive is a share), I invariably get the message that I need to input a user ID and password. If I put in my own ID/Password for the server (even though it's identical with the ID/password on the PDC) it goes through fine. However, if I am logged on to the network as another user and put in his/her ID/Password it doesn't work. My User ID/Password are the only combination on both the PDC and the additional server. If I try to log onto the additional server with a User ID/Password that's valid on the domain it doesn't work; If I try to log onto the additional server with a User ID/Password that's valid on the additional server it doesn't work. It would seem that SAMBA is looking at the Unix ID/Password on the PDC and the SMBPasswd on the additional so far that's mine. Does this make sense to anybody? And what do I need to do? I do have authentication set on the Additional Domain server to DOMAIN. Doesn't this mean that SAMBA should be reading both the Unix and SMBPasswd files on the PDC? Perhaps I can shed some light on this. Samba runs as a service on a Linux box. In this way it is different from Windows which is the underlying operating system. For a user to access a Linux machine and its services, he must have a username and password on that machine. One option is to use the /etc/passwd file and another is to use LDAP. Either way, the Linux box will have to authenticate the user before he can access the box or its services. Samba gets around this by mapping the Samba account to the underlying Linux account. When you create a Samba user, the corresponding Linux account is created with the same name. If LDAP is not being used, the user exists in the smbpasswd and passwd files. If LDAP is being used, the Samba and Linux account information are both stored in a single LDAP record. This is easy to understand on a PDC since Samba creates both accounts on the machine. If you want to access an additional Linux machine, you must add the users to the file/database against which the machine is authenticating users. If you are using LDAP it is easy. Simply configure the additional machine to authenticate users against the same LDAP directory that the PDC uses. As far as the Linux box is concerned, the user is authorized for access since his account can be authenticated against a user/password source. If LDAP is not being used, one needs to find a way to automatically add the users to the additional Linux box. One can create add user scripts to achieve this. Chapter 7 of Samba by Example explains your options. Read the entire chapter. Pay special attention to the section entitled NT4/Samba Domain with Samba Domain Member Server without NSS Support It explains how the add user script automatically creates the Linux user acccounts when the users try to gain access to the additional machine. The following steps may be followed to implement Samba with support for local accounts. In this configuration Samba is made a domain member server. All incoming connections to the Samba server will cause the look-up of the incoming username. If the account is found, it is used. If the account is not found, one will be automatically created on the local machine so that it can then be used for all access controls. We used this approach in the Samba 2.x days when LDAP support was not as extensive as it is today. I would recommend using LDAP for authenticating against multiple Samba servers. It is a much cleaner solution since only a single username/password source is required. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] password change not working after OS update
Hi, I have problem with client password chat with Samba (3.0.24) PDC on Suse after updating OS to service pack 1. The problem prevents client from changing own password in Windows, plus other things to do with password, like adding user with Windows User manager. Samba password is to be synced with unix password in my configuration. Following errors are found in log.smbd when trying to add new user: new account added - account=testuser, uid=1046, gid=100, home=/home/testuser, shell=/bin/false, by=0 account added to group - account=testuser, group=users, gid=100, by=0 home directory created - account=testuser, uid=1046, home=/home/testuser, by=0 running USERADD_CMD command - script=/usr/sbin/useradd.local, account=testuser, uid=1046, gid=100, home=/home/testuser, by=0 pam_pwcheck(samba:chauthtok): conversation failed [2009/05/06 09:54:55, 0] auth/pampass.c:smb_pam_chauthtok(692) PAM: UNKNOWN PAM ERROR (19) for User: testuser [2009/05/06 09:54:55, 0] auth/pampass.c:smb_pam_passchange(848) smb_pam_passchange: PAM: Password Change Failed for user testuser! running USERDEL_PRECMD command - script=/usr/sbin/userdel-pre.local, account=testuser, uid=1046, gid=100, home=/home/testuser, by=0 relevant lines in smb.conf: unix password sync = yes pam password change = yes encrypt passwords = yes and pam_pwcheck.conf: password: minlen=6 no_obscure_checks use_cracklib nullok Configuration hasn't been changed since OS update, and password change worked fine before that. Thanks in advance, Elias -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Error when subscribing to list
jamrock wrote: Is this normal? It's a self-signed certificate as the samba project likely does not want to pay several hundred USD per year for an official certificate. So yes, this is normal. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
AW: [Samba] file locking options in smb.conf
Dear all, It is the same problem with me. I run samba 3.2.8 on suse 10.2 . Now and then we have trouble concerning the home directories writing Word and Excel files. My smb.conf for homes: [homes] ##mit dem preexec befehl wird das userverzeichnis erstellt root preexec=/windows/./userverzeichnis %U root postexec=/windows/./bshares %U comment=Heimatverzeichnis %U msdfs root=yes path= /windows/winuser/%U valid users=%S inherit permissions=yes inherit owner=yes force group= Domain Users read only=no create mask= 0750 directory mask=0775 browseable=no hide files=/Desktop.ini/Thumbs.db/lost+found/desktop.ini veto oplock files=/*.pdf/*.PST/*.pst/*.doc/*.xls/*.docx/*.mdb/*.MDB/*.dbf/*.DBF/*.ppt/*. xlsx/ #vfs objects=extd_audit,recycle vfs objects=recycle recycle:exclude= *.tmp,*.temp,*.log,*.ldb,*.TMP,?~$*,~$* recycle:keeptree=Yes recycle:exclude_dir=tmp,temp,profile,.profile recycle:touch_mtime=yes recycle:versions=Yes When the error occurs the word or excel file is suddenly owned mask administrators. And the user changed it cannot save it any more. There are from this moment on many temp files around this files. Only after deleting the admins mask ownership, and the temp files by hand the word, excel files will be Writeable again. On our old samba 2.2.7 still running we do not have this trouble (the same windows versions, the same office versions!!!). --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-bounces+mueller=tropenklinik...@lists.samba.org [mailto:samba-bounces+mueller=tropenklinik...@lists.samba.org] Im Auftrag von Anoop P.A. Gesendet: Mittwoch, 6. Mai 2009 08:36 An: volker.lende...@sernet.de Cc: samba@lists.samba.org Betreff: RE: [Samba] file locking options in smb.conf Hi list, Any body implemented cross protocol file locking before? Any pointer will help me a lot Hi Volker, CIFS - CIFS locking is not working as expected. It failed for me in following scenario. 1. Opened a share using browser in Win XP machine. 2. Copied a word document (*.doc) to share. 3. Mounted CIFS share in a Ubuntu (8.04 LTS desktop). 4. Opened word document from Ubuntu using openoffice 2.4 5. Tried to open same file in Win XP but it didn't open and got error message No proper file permission (I expect word document to open in read only mode). However if I open document first in Win XP and then using Open office working as expected i.e. Document getting opened in read only mode. Thanks Anoop -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: Tuesday, May 05, 2009 5:19 PM To: Anoop P.A. Cc: samba@lists.samba.org Subject: Re: [Samba] file locking options in smb.conf On Tue, May 05, 2009 at 04:27:30AM -0700, Anoop P.A. wrote: Hi Volker, Thanks for the reply. I want basic file locking work as expected. ( i.e. I want to prevent files from getting corrupted while shared across multiple platforms). If some file is opened writing in one client, other clients should not be able to write in to it. My server failing in many scenarios, I could explain one of the scenario as follows. 1. Opened a share using browser in Win XP machine. 2. Mounted same share in a Linux machine through nfs. 3. Initiated a 1 GB file transfer to share in windows 4. Same time tried to copy a file with same name in nfs share.It asked to overwrite existing file( I expect it not to start copy as write lock of that file is being obtained by CIFS client) 5. After a while both the transfers finished. MD5SUM showed resultant file got corrupted. No way you will achieve this cross-protocol. Unix just does not know how to lock a complete file like Windows/CIFS does using share modes. Your only chance is to only use Samba and a cifs client file system and ditch NFS and local file access. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NTFS Attributes
Hi There, Debian squeeze, samba 3.3.3-1 I am currently trying to use a samba partition to backup windows machines to, and am always warned that the destination does not support NTFS attributes, hidden attributes and system attributes. Are there any config options to enable these in samba? or does samba not support mapping these to something on the linux side? Any help or links to documentation would be appreciated. Best Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NTFS Attributes
On Wed, May 06, 2009 at 09:52:35AM +0100, Mark Adams wrote: Hi There, Debian squeeze, samba 3.3.3-1 I am currently trying to use a samba partition to backup windows machines to, and am always warned that the destination does not support NTFS attributes, hidden attributes and system attributes. Are there any config options to enable these in samba? or does samba not support mapping these to something on the linux side? Any help or links to documentation would be appreciated. store dos attributes = yes Volker pgp69AlZBz4nK.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba group management understanding
Hello all, I want to set up a share for a project (enseign) First thing I did is to create a group for that project (with smbldap-groupadd) and add project members to that group. Then I created a test_smb directory on my linux server with the following access rights: drwxrwx--- 2 gbayard enseign 4096 avr 29 15:03 /test_smb Note: the idea is that only group members should be able to create/destroy files in this share (the user value should not be used) Then I added the following to smb.conf: [test] path = /test_smb writable = yes # browseable = no # create mask = 0770 # valid users = @enseign # directory mask = 0775 # force group = enseign Commented values work fine but are not required to expose my problem so I use very basic share settings Under linux I create the following file in /test_smb: -rwxrw 1 gbayard enseign 8 avr 29 15:03 truc.txt After I restart smb with /etc/init.d/smb restart I switch to XP and go to my share \\server\test and here is what's happening: - if I connect with user gbayard (who is the share user) everything is right. I can create/edit/destroy files - if I connect with user javerage who belongs to group enseign then I can modify the content of truc.txt (so group membership seems acknowledged by windows) but I can't destroy the file (seems like directory 'write' right to the group enseign is ignored). If I want to create a new file it works but I can't rename or destroy it (I end up with a new document.txt file that I can edit but not rename or destroy)... Mmm. I'm puzzled! I've check access to the share from a linux client (through gvfs on ubuntu) and it works as expected. So it seems like a windows XP client problem. I've checked all smb.conf options and could not find any workaround option. As additionnal info I'm attaching samba log for file deletion trial from XP (failure) and from linux (success). And also my server's options (testparm -sv) Any ideas? Gildas Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [projects] Processing section [test] Processing section [web] Processing section [netlogon] Loaded services file OK. Server role: ROLE_DOMAIN_PDC [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = HDS realm = netbios name = NEO netbios aliases = netbios scope = server string = storage interfaces = 172.17.1.42/16 bind interfaces only = Yes security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = ldapsam:ldap://ldap.gi.utc:983 algorithmic rid base = 1000 root directory = guest account = ftp enable privileges = Yes pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = /etc/samba/smbusers password level = 8 username level = 8 unix password sync = No restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = use kerberos keytab = No log level = 4 syslog = 1 syslog only = No log file = /var/log/samba/%m.log max log size = 50 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = No debug pid = No debug uid = No enable core files = Yes smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No acl compatibility = auto defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = host wins lmhosts max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes enable asu support = No svcctl list = deadtime = 60 getwd cache = Yes keepalive = 300 lpq cache time = 30 max smbd processes = 0 paranoid
Re: [Samba] Re: Error when subscribing to list
On 5/6/2009 4:57 AM, Richard Foltyn wrote: Is this normal? It's a self-signed certificate as the samba project likely does not want to pay several hundred USD per year for an official certificate. So yes, this is normal. Yeah... this was a really dumb decision by the firefox developers to provide such a scary warning for self-signed certs, and there was a lot of complaints about it... to exacerbate the problem, they made it way too complicated (think 'Grandma') to add an exception... I haven't checked, but hopefully they mellowed this warning out a LOT and provided a single-click way to add the cert... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] password change not working after OS update
On 5/6/2009, Elias Knuutila (el...@elekno.fi) wrote: I have problem with client password chat with Samba (3.0.24) PDC on Suse after updating OS to service pack 1. Problems like this are usually better answered on the SuSE (or whatever distro) list, as it is more often than not a distro/packaging problem as opposed to a general samba bug... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Error when subscribing to list
On 5/6/2009, Charles Marcus (cmar...@media-brokers.com) wrote: I haven't checked, but hopefully they mellowed this warning out a LOT and provided a single-click way to add the cert... I clicked send too soon... of course, that should have ended with 'in the upcoming 3.5 version'... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE [Samba] Samba group management understanding
bad rights -rwxrw 1 gbayard enseign 8 avr 29 15:03 truc.txt must be -rwxrwx--- 1 gbayard enseign 8 avr 29 15:03 truc.txt --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 06/05/2009 12:50:51 : Hello all, I want to set up a share for a project (enseign) First thing I did is to create a group for that project (with smbldap-groupadd) and add project members to that group. Then I created a test_smb directory on my linux server with the following access rights: drwxrwx--- 2 gbayard enseign 4096 avr 29 15:03 /test_smb Note: the idea is that only group members should be able to create/destroy files in this share (the user value should not be used) Then I added the following to smb.conf: [test] path = /test_smb writable = yes # browseable = no # create mask = 0770 # valid users = @enseign # directory mask = 0775 # force group = enseign Commented values work fine but are not required to expose my problem so I use very basic share settings Under linux I create the following file in /test_smb: -rwxrw 1 gbayard enseign 8 avr 29 15:03 truc.txt After I restart smb with /etc/init.d/smb restart I switch to XP and go to my share \\server\test and here is what's happening: - if I connect with user gbayard (who is the share user) everything is right. I can create/edit/destroy files - if I connect with user javerage who belongs to group enseign then I can modify the content of truc.txt (so group membership seems acknowledged by windows) but I can't destroy the file (seems like directory 'write' right to the group enseign is ignored). If I want to create a new file it works but I can't rename or destroy it (I end up with a new document.txt file that I can edit but not rename or destroy)... Mmm. I'm puzzled! I've check access to the share from a linux client (through gvfs on ubuntu) and it works as expected. So it seems like a windows XP client problem. I've checked all smb.conf options and could not find any workaround option. As additionnal info I'm attaching samba log for file deletion trial from XP (failure) and from linux (success). And also my server's options (testparm -sv) Any ideas? Gildas Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [projects] Processing section [test] Processing section [web] Processing section [netlogon] Loaded services file OK. Server role: ROLE_DOMAIN_PDC [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = HDS realm = netbios name = NEO netbios aliases = netbios scope = server string = storage interfaces = 172.17.1.42/16 bind interfaces only = Yes security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = ldapsam:ldap://ldap.gi.utc:983 algorithmic rid base = 1000 root directory = guest account = ftp enable privileges = Yes pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = /etc/samba/smbusers password level = 8 username level = 8 unix password sync = No restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = use kerberos keytab = No log level = 4 syslog = 1 syslog only = No log file = /var/log/samba/%m.log max log size = 50 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = No debug pid = No debug uid = No enable core files = Yes smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No acl compatibility = auto defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = host wins lmhosts max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes enable asu support = No svcctl list = deadtime = 60
[Samba] Groups are not recognized any more
Hello, I've just posted about a group management problem (mail was Samba group management understanding) While waiting for an answer I updated samba to the last version I could find for centos 4 which is 3.3.4. Now group membership seems not to work anymore I export this directory: drwxrws---2 root mt23 4096 mai 6 12:34 test_smb with this smb.conf extract: [test] path = /test_smb writable = yes valid users = @mt23 create mask = 0770 force group = mt23 then I try to access the test share from windows with user gbayard which belongs to group mt23 (result of command id gbayard follows) uid=1217(gbayard) gid=14(sysadmin) groupes=14(sysadmin),2000(enseign),2015(mt23) and I got the following in the logs: [2009/05/06 13:56:50, 2] lib/smbldap.c:smbldap_open_connection(800) smbldap_open_connection: connection opened [2009/05/06 13:56:50, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348) init_group_from_ldap: Entry found for group: 544 [2009/05/06 13:56:50, 2] lib/access.c:check_access(406) Allowed connection from pcgbayard-gi-2.utc (172.17.131.11) [2009/05/06 13:56:50, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [Heudiasyc] - [Heudiasyc] FAILED with error NT_STATUS_NO_SUCH_USER [2009/05/06 13:56:50, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [Heudiasyc] - [Heudiasyc] FAILED with error NT_STATUS_NO_SUCH_USER [2009/05/06 13:56:50, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [Heudiasyc] - [Heudiasyc] FAILED with error NT_STATUS_NO_SUCH_USER [2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: gbayard [2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348) init_group_from_ldap: Entry found for group: 14 [2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348) init_group_from_ldap: Entry found for group: 14 [2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348) init_group_from_ldap: Entry found for group: 2000 [2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348) init_group_from_ldap: Entry found for group: 2015 [2009/05/06 13:56:55, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [gbayard] - [gbayard] - [gbayard] succeeded [2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348) init_group_from_ldap: Entry found for group: 544 [2009/05/06 13:56:55, 2] lib/access.c:check_access(406) Allowed connection from 172.17.131.11 (172.17.131.11) [2009/05/06 13:56:55, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348) init_group_from_ldap: Entry found for group: 2015 [2009/05/06 13:56:55, 2] smbd/service.c:create_connection_server_info(659) user 'gbayard' (from session setup) not permitted to access this share (test) [2009/05/06 13:56:55, 0] smbd/service.c:make_connection_snum(740) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED So it seems like mt23 group membership is detected but access is denied anyway. Any hint? Gildas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 RC
Hi. Is there any option to join Windows 7 RC to domain? Message from windows is : The specified domain either does not exist or could not be contacted. Samba is 3.0.28a. -- Vladimir Psenicka IT system engineer Prodeco a.s. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
Is there any option to join Windows 7 RC to domain? Message from windows is : The specified domain either does not exist or could not be contacted. Samba is 3.0.28a. I believe you need at minimum 3.0.33 John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
Vladimir Psenicka wrote: Is there any option to join Windows 7 RC to domain? Message from windows is : The specified domain either does not exist or could not be contacted. Sounds like it's the same as the Beta... Same error message suggests same problem still present. See this blog I found via Google: http://triso.me/Win7SambaPDC TB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (assunto em branco)
-- Giovanni Antonio Mantelli Adm. de Redes Departamento de TCI PROSUL - Projetos, Supervisão e Planejamento Ltda. +55 (48)3027-2730 ou +55 (48)3027-2760 Ramal 408 giova...@prosul.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Using kerberos authentication without AD
Here's the scenario we often run into; we have machines with multiple user accounts, which all authenticate to our kerberos servers. Depending on the group, these accounts could be local, nis, ldap, etc. They often want to provide samba services, but binding the machine to AD isn't always feasible, so they have to manually create the samba users and password database. Is there any way for samba to use our kerberos servers directly for authentication, without having an AD domain controller as the middleman, and without using plaintext authentication? Thanks -jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Forcing Windows Kerberos tickets be used for authentication to a samba share
Hello, I used net ads join createcomputer=OU=Computer,OU=ErlF,OU=UNIX,OU=_CentralServices,DC=ww004,DC=glanzmann,DC=net -W WW004 -U adglth0a to join a samba machine to an active directory. Now I would like to configure in a way that windows clients use a cifs/hostname kerberos ticket to authenticate to the machine. I tried the following settings: [global] workgroup = WW004 netbios name = ad027088pc server string = SMB Server ; security = DOMAIN security = ADS encrypt passwords = true ; use kerberos keytab = true realm = WW004.SIEMENS.NET ldap suffix = dc=ww004,dc=glanzmann,dc=net ldap ssl = No client lanman auth = no client ntlmv2 auth = no client use spnego = yes restrict anonymous = 2 log level = 2 preferred master = No local master = No domain master = No os level = 0 directory mask = 0775 oplocks = No kernel oplocks = No level2 oplocks = No invalid users = root, broot veto files = /*.eml/*.nws/riched20.dll/*.{*}/ create mask = 0775 browseable = No [homes] comment = All UNIX Home Directories browseable = No public = No writable = Yes But that didn't help. What is interesting though that when I unjoin the machine from AD and try to connect I see when I list the windows kerberos tickets using ,,klist tickets'' a ticket for the service principal cifs/hostname even if that service principal is not registered to any account in the active directory at that time. This is with samba version 2:3.2.5-4lenny2 running on Debian Lenny. Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
On Wed, May 06, 2009 at 02:44:34PM +0200, Vladimir Psenicka wrote: Is there any option to join Windows 7 RC to domain? Message from windows is : The specified domain either does not exist or could not be contacted. Samba is 3.0.28a. That won't work. Your only chance is Samba 3.3.4 with HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOnSeal = 0 DWORD RequireStrongKey = 0 Haven't tested that yet, but you should get some steps further. Volker pgpXAbGriTkmQ.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Kerberos and 2008 AD troubles
I've been trying to get Kerberos to work for the last couple of days so that we can use SSO. I can't seem to get past a roadblock and Google doesn't seem to provide any answers. I've got Samba connected to the AD and running. I can wbinfo everything and can login to the machine using PAM with the pam_winbind modules just fine. I can get user tickets just fine. When I try to get ssh between two AD joined machines to use Kerberos, I get a Server not found in Kerberos database error. I've noticed that /var/log/samba/log.winbinds shows: 2009/05/06 09:22:31, 1] libsmb/clikrb5.c:ads_krb5_mk_req(686) ads_krb5_mk_req: krb5_get_credentials failed for ca...@byu (Cannot resolve network address for KDC in requested realm) [2009/05/06 09:22:31, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(624) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve network address for KDC in requested realm I can't run `kinit host/vi4deba...@byu.local` mailto:host/vi4deba...@byu.local%60 or anything like it, all I get is kinit(v5): Client not found in Kerberos database while getting initial credentials, I've tried all sorts of conbinations of the kinit command, I've tried to create a winbind keytab file, but from what I've read that is only used if using LDAP and not winbind. I've tweaked the /etc/krb.conf file. I can't get rid of the error in log.winbindd to see if that fixes the problem. Summary: /etc/resolve.conf: Specified AD domain and DCs as DNS servers /etc/hosts: Specified the FQDN of the machine with the AD DNS name /etc/krb5.conf: Added AD realm info /etc/samba/smb.conf: All AD info entered correctly Net ads join: OK Wbinfo -u/g: Shows all users and groups in the domain Pam_winbind: Allows users to login to the console or through SSH (password) /etc/ssh/sshd_conf: GSSAPIAuthentication yes /etc/ssh/ssh_conf (on remote machine configured exactly the same): GSSAPIAuthentication yes and GSSAPIDelegateCredentials no Same error on Debain Lenny using Samba 3.2.5 and Debain Squeeze using Samba 3.3.3 /etc/samba/smb.conf: [global] workgroup = BYU realm = BYU.LOCAL preferred master = no server string = %h server dns proxy = no debug level = 10 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 allow trusted domains = No idmap backend = idmap_rid:BYU=1-1 idmap uid = 1-1 idmap gid = 1-1 winbind use default domain = yes winbind separator = + winbind enum groups = no winbind enum users = no winbind nested groups = yes template homedir = /home/%U template shell = /bin/bash winbind refresh tickets = yes get quota command = /root/sambaquota.sh [users] comment = Life Sciences user share browseable = yes path = /ls/users guest ok = no read only = no admin users = @lfsci-csr create mask = 0770 directory mask = 0770 force user = %S veto files = /.htaccess/ /.DAV/ [groups] comment = Life Sciences groups share browseable = yes path = /ls/groups guest ok = no read only = no admin users = lfsci-csr create mask = 0770 directory mask = 0770 veto files = /.htaccess/ /.DAV/ dos filemode = yes posix locking = no relevant part of /var/log/samba/log.winbindd: [2009/05/06 09:22:31, 5] winbindd/winbindd_cm.c:cm_prepare_connection(852) connecting to CAD1.byu.local from VI4DEBIAN with kerberos principal [vi4debi...@byu.local] and realm [BYU.LOCAL] [2009/05/06 09:22:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(823) Doing spnego session setup (blob length=124) [2009/05/06 09:22:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 2 840 48018 1 2 2 [2009/05/06 09:22:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 2 840 113554 1 2 2 [2009/05/06 09:22:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 2 840 113554 1 2 2 3 [2009/05/06 09:22:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 3 6 1 4 1 311 2 2 10 [2009/05/06 09:22:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(858) got principal=not_defined_in_rfc4...@please_ignore [2009/05/06 09:22:31, 10] libads/kerberos.c:kerberos_kinit_password_ext(217)
[Samba] Kerberos tickets problem
I'm setting up a Solaris 10 server as a test samba server with AD authentication. I'm running into a little bit of issue with Kerberos tickets. The setup is as follows Solaris-10, Windows AD-2003/R2, native Solaris (sparc) samba, Kerberos, LDAP (shipped with the distro) and IMU on windows. My LDAP client is working good and validates getent passwd user and can run ldaplist -l passwd user and ldapsearch, no issues. My ldap autnetication is set to simple, with proxyDnuser. On Solaris I'm very sure I setup the krb5.conf, smb.conf, pam.conf, nsswitch.conf, ntp.conf perfectly. The nsswitch is set to use 'files ldap' for both passwd and group and dns files for hosts. On windows the IMU, UNIX attributes are set to the correct NIS domain. I ran net ads join to successfully join the Solaris server into the AD, however net ads keytab create simply returns a new line without any errors. When I checked on windows, after net ADS join command, I see two service principals (SPN), the capitalization is intentional as this is how they appear when I run spnset hostname HOST/HOSTNAME HOST/hostname.domain.com (FQDN) I also setup a service account name (user object) on Windows whose name is same as the hostname (computer object). I generated the keytab file with ktpass -princ host/f...@realm -mapuser DOMAIN\SERVICEACCT$ -pass password -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -out c:\temp\krb5.keytab I then ftped this file over to Solaris host and try to authenticate a user login via AD, I get PAM-KRB5 (auth): krb5_verify_init_creds failed: Server not found in Kerberos database So, just for the heck of it I generated another krb5.keytab with the following ktpass -princ HOST/f...@realm -mapuser DOMAIN\SERVICEACCT$ -pass password -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -out c:\temp\krb5.keytab Please note the HOST in capitals. Now, I get this error testing with this keytab PAM-KRB5 (auth): krb5_verify_init_creds failed: Key table entry not found Running PAM in debug mode didn't reveal anything specific other than the obvious. I have my DNS setup correctly and the nslookup for DCs, GCs and LDAP servers return properly. I can add the SPNs forcibly with host/hostname.domain.com and host/hostname and try different combinations. But..first I need to understand this behavior, anyone??? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDC and group question
Hi All, I just upgraded a workstation server to a PDC server. I am using tbdsam as my user database. Question 1: As a workgroup server, I created my groups in /etc/group (groupadd). Is this still the case? Do I also need to tell Samba about a different database for groups? Question 2: occasionally I get asked for the user with administrator's privileges. Do I need to create a group called administrators (with an s) and populate it with root, todd (me), etc.? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Win2008 TS and Samba question
Hi All, I have a Samba PDC, a Win 2008 Terminal Server (TS), and a bunch of XP workstations. Supposedly, all I have to do to enable certain users on my PDC to use my TS from their XP workstations is to create a group on my PDC, populate it with users, then go to the Security tab on my TS and add the group from my PDC. When I do this, I get asked for the user on the PDC with administrators privileges. I put in root. It waits a bit and then tells me it can not find the object. If you are using TS with Samba, who did you get yours to work? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain Server Problem, continued
i think you should be using security = user, read up on the samba howto about the different security = settings and what they do, but if you want your students to access a share to get a work document why not just create a guest share? or do students need to copy their completed work assignment back to your server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] WinXP user password not accepted - very strange !!!
Dear friends, I have an Ubuntu 8.04 server fully updated running Samba 3.0.28a. Currently the ubuntu machine acts as a PDC and all clients have joined the domain successfully (clients are all WinXP SP2). The strange thing is only with one user where: If the user logs in with his password all works well. If he restarts or shutdown his machine and tries to relogin the system tells him that his username/password is not correct. If I reset his password @ Ubuntu with smbpasswd username and renter the exactly same password, the user logs in successfully! This is the oddest thing. It appears as if this user's password is canceled every time despite the fact that the user has never changed his password during this period of time. Does anyone have any ideas? All WinXP SP2 clients have requiresignorseal = 0 and they have all joined the network in the exactly same way. All machines have machine-trust-accounts which have been created in the exactly same way. All users are working perfectly and all processes are running smoothly with not a single problem except the before mentioned. Your help is greatly appreciated. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] problems with samba as pdc.
This is a really weird one. To the ( XP Pro ) client, I can join the domain, but can never log in. I've looked all over for a troubleshooting guide, but none have found the problem. Help!!! System: samba 3.3.4 on 64 bit debian lenny patched to current. Gigabit lan environment. When Joining the domain ( over an openvpn connection ), the client log shows: [2009/05/07 09:52:08, 0] lib/util_sock.c:read_socket_with_timeout(939) [2009/05/07 09:52:08, 0] lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2009/05/07 09:52:08, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [administrator] - [root] - [root] succeeded [2009/05/07 09:52:19, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [administrator] - [root] - [root] succeeded [2009/05/07 09:52:23, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3479) Returning domain sid for domain DOMAIN - S-1-5-21-3667122653-3695686155-1601600535 [2009/05/07 09:52:31, 0] smbd/service.c:make_connection_snum(897) make_connection: connection to IPC$ denied due to security descriptor. [2009/05/07 09:52:31, 0] smbd/service.c:make_connection_snum(897) make_connection: connection to IPC$ denied due to security descriptor. Error messages seen: log.winbindd: ( my gut feeling is that if I sort this one, it'll all start working! ) [2009/05/07 09:36:22, 1] winbindd/winbindd_cm.c:cm_prepare_connection(967) failed tcon_X with NT_STATUS_ACCESS_DENIED log.nmbd: [2009/05/07 09:34:31, 2] nmbd/nmbd_browsesync.c:sync_with_dmb(151) sync_with_dmb: Initiating sync with domain master browser SERVER20 at IP 192.168.xx.yyy for workgroup DOMAIN [2009/05/07 09:49:33, 2] nmbd/nmbd_browsesync.c:announce_local_master_browser_to_domain_master_browser(107) announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup DOMAIN. Do not announce to ourselves. log.smbd shows nothing except printcap warnings. When I attempt to log in to the domain I get the windows error message Windows cannot connect you to the domain, either because the domain controller is down or otherwise unavailable, or because youe computer account was not found. Please try again later. If this message continues to appear, contact your systems administrator for assistance. log.winbindd: [2009/05/07 09:59:41, 1] winbindd/winbindd_cm.c:cm_prepare_connection(967) failed tcon_X with NT_STATUS_ACCESS_DENIED log.winbindd-idmap: [2009/05/07 09:59:38, 1] winbindd/winbindd_cm.c:cm_prepare_connection(967) failed tcon_X with NT_STATUS_ACCESS_DENIED log.wb-DOMAIN: [2009/05/07 09:59:41, 1] winbindd/winbindd_cm.c:cm_prepare_connection(967) failed tcon_X with NT_STATUS_ACCESS_DENIED log.nmbd: [2009/05/07 09:59:41, 2] nmbd/nmbd_browsesync.c:sync_with_lmb(60) sync_with_lmb: Initiating sync with local master browser CLIENT0x20 at IP 192.168.aaa.bbb for workgroup DOMAIN [2009/05/07 09:59:41, 2] nmbd/nmbd_synclists.c:sync_browse_lists(186) Initiating browse sync for DOMAIN to CLIENT(192.168.aaa.bbb) [2009/05/07 09:59:42, 2] nmbd/nmbd_synclists.c:complete_sync(304) sync with CLIENT(192.168.aaa.bbb) for workgroup DOMAIN completed (2 records) log.smbd - nothing relevant again: -- Steve Holdoway st...@greengecko.co.nz http://www.greengecko.co.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] CTDB repository - annotated tag ctdb-1.0.80 created - ctdb-1.0.80
The annotated tag, ctdb-1.0.80 has been created at 83ba99b7451c85ff890b88a9652ba6e6a08f (tag) tagging bf1b76955db6ba00ec64686b53084268573ba6a0 (commit) replaces ctdb-1.0.79 tagged by Ronnie Sahlberg on Wed May 6 16:27:09 2009 +1000 - Log - tag for 1.0.80 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBKAS3J2aJ36aon/y8RApSeAJwM+NvoJfY9aw06afhraEdpk8PCQgCdEFsg vUN8/OJ0qiojIPTMS3hIM0g= =8K37 -END PGP SIGNATURE- Andrew Tridgell (5): Merge commit 'ronnie/master' Merge commit 'ronnie/master' Merge commit 'ronnie/master' Merge commit 'ronnie/master' change shutdown level for ctdb to be 01 Ronnie Sahlberg (8): If we can not pull a database from a node during recovery, mark this node as a culprit so that it will eventually become banned. tweak some timeouts so that we do trigger a banning even if the control hangs/timesout increase the loglevel for the message we print when we automatically release all ips when we have been in recovery for too long add a tuneable RecoveryDropAllIPs so it is possible to control after how long a node that has been stuck in recovery will wait until it will yield all public addresses. add TDB_NO_NESTING. When this flag is set tdb will not allow any nested transactions and tdb_transaction_start() will implicitely _cancel() any pending transactions before starting any new ones. set the TDB_NO_NESTING flag for the tdb before we start a transaction from within recovery we only need to have transaction nesting disabled when we start the new transaction for the recovery dont unconditionally kill/restart ctdb when given service ctdb start only start ctdb if it is not already running, and print an error message othervise root (3): Add a new variable VerifyRecoveryLock which can be used to disable the test that the recovery daemon holds the lock properly when performing a recovery when tracking the ctdb statistics,only decrement num_clients and pending_calls IFF the counter is 0 new version 1.0.80 --- -- CTDB repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1454-g9966541
The branch, master has been updated via 9966541f89b45834cdf63060202621f885bf9f5c (commit) from 4cbd0c77e42627c76dda88af5326ef91415a652d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9966541f89b45834cdf63060202621f885bf9f5c Author: Günther Deschner g...@samba.org Date: Wed May 6 01:10:33 2009 +0200 s3-printing: simplify print_queue helper functions and return WERROR. Guenther --- Summary of changes: source3/include/proto.h |9 +++-- source3/printing/printing.c | 27 ++- source3/rpc_server/srv_spoolss_nt.c | 12 +++- source3/smbd/lanman.c | 17 +++-- 4 files changed, 23 insertions(+), 42 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 194d74d..6b1febb 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4799,12 +4799,9 @@ bool print_job_end(int snum, uint32 jobid, enum file_close_type close_type); int print_queue_status(int snum, print_queue_struct **ppqueue, print_status_struct *status); -bool print_queue_pause(struct auth_serversupplied_info *server_info, int snum, - WERROR *errcode); -bool print_queue_resume(struct auth_serversupplied_info *server_info, int snum, - WERROR *errcode); -bool print_queue_purge(struct auth_serversupplied_info *server_info, int snum, - WERROR *errcode); +WERROR print_queue_pause(struct auth_serversupplied_info *server_info, int snum); +WERROR print_queue_resume(struct auth_serversupplied_info *server_info, int snum); +WERROR print_queue_purge(struct auth_serversupplied_info *server_info, int snum); /* The following definitions come from printing/printing_db.c */ diff --git a/source3/printing/printing.c b/source3/printing/printing.c index a661d3d..83b5ac8 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -2797,16 +2797,14 @@ int print_queue_status(int snum, Pause a queue. / -bool print_queue_pause(struct auth_serversupplied_info *server_info, int snum, - WERROR *errcode) +WERROR print_queue_pause(struct auth_serversupplied_info *server_info, int snum) { int ret; struct printif *current_printif = get_printer_fns( snum ); if (!print_access_check(server_info, snum, PRINTER_ACCESS_ADMINISTER)) { - *errcode = WERR_ACCESS_DENIED; - return False; + return WERR_ACCESS_DENIED; } @@ -2817,8 +2815,7 @@ bool print_queue_pause(struct auth_serversupplied_info *server_info, int snum, unbecome_root(); if (ret != 0) { - *errcode = WERR_INVALID_PARAM; - return False; + return WERR_INVALID_PARAM; } /* force update the database */ @@ -2828,23 +2825,21 @@ bool print_queue_pause(struct auth_serversupplied_info *server_info, int snum, notify_printer_status(snum, PRINTER_STATUS_PAUSED); - return True; + return WERR_OK; } / Resume a queue. / -bool print_queue_resume(struct auth_serversupplied_info *server_info, int snum, - WERROR *errcode) +WERROR print_queue_resume(struct auth_serversupplied_info *server_info, int snum) { int ret; struct printif *current_printif = get_printer_fns( snum ); if (!print_access_check(server_info, snum, PRINTER_ACCESS_ADMINISTER)) { - *errcode = WERR_ACCESS_DENIED; - return False; + return WERR_ACCESS_DENIED; } become_root(); @@ -2854,8 +2849,7 @@ bool print_queue_resume(struct auth_serversupplied_info *server_info, int snum, unbecome_root(); if (ret != 0) { - *errcode = WERR_INVALID_PARAM; - return False; + return WERR_INVALID_PARAM; } /* make sure the database is up to date */ @@ -2866,15 +2860,14 @@ bool print_queue_resume(struct auth_serversupplied_info *server_info, int snum, notify_printer_status(snum, PRINTER_STATUS_OK); - return True; + return WERR_OK; } / Purge a queue - implemented by deleting all jobs that we can delete. / -bool print_queue_purge(struct
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1456-gd77c456
The branch, master has been updated via d77c45675744895b01d905f7f27ae55e64264c26 (commit) via 7ac1ae8d1c3bcf4d001e29fdc1ee314dcbe3df76 (commit) from 9966541f89b45834cdf63060202621f885bf9f5c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d77c45675744895b01d905f7f27ae55e64264c26 Author: Günther Deschner g...@samba.org Date: Mon May 4 17:25:41 2009 +0200 s3-rpcclient: print more infolevels in printer and driver info levels. Guenther commit 7ac1ae8d1c3bcf4d001e29fdc1ee314dcbe3df76 Author: Günther Deschner g...@samba.org Date: Wed May 6 10:20:52 2009 +0200 s3-printing: fix debug statement in virtual registry layer (key_driver_fetch_keys). Guenther --- Summary of changes: source3/registry/reg_backend_printing.c |2 +- source3/rpcclient/cmd_spoolss.c | 245 ++- 2 files changed, 239 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/registry/reg_backend_printing.c b/source3/registry/reg_backend_printing.c index 4465d2e..8c6f673 100644 --- a/source3/registry/reg_backend_printing.c +++ b/source3/registry/reg_backend_printing.c @@ -878,7 +878,7 @@ static int key_driver_fetch_keys( const char *key, struct regsubkey_ctr *subkeys /* if anything else left, just say if has no subkeys */ - DEBUG(1,(key_driver_fetch_keys unhandled key [%s] (subkey == %s\n, + DEBUG(1,(key_driver_fetch_keys unhandled key [%s] (subkey == %s)\n, key, subkeypath )); return 0; diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index aefaa04..d4234b0 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -238,13 +238,46 @@ static void display_print_info3(struct spoolss_PrinterInfo3 *r) / / +static void display_print_info4(struct spoolss_PrinterInfo4 *r) +{ + printf(\tservername:[%s]\n, r-servername); + printf(\tprintername:[%s]\n, r-printername); + printf(\tattributes:[0x%x]\n, r-attributes); + printf(\n); +} + +/ +/ + +static void display_print_info5(struct spoolss_PrinterInfo5 *r) +{ + printf(\tprintername:[%s]\n, r-printername); + printf(\tportname:[%s]\n, r-portname); + printf(\tattributes:[0x%x]\n, r-attributes); + printf(\tdevice_not_selected_timeout:[0x%x]\n, r-device_not_selected_timeout); + printf(\ttransmission_retry_timeout:[0x%x]\n, r-transmission_retry_timeout); + printf(\n); +} + +/ +/ + +static void display_print_info6(struct spoolss_PrinterInfo6 *r) +{ + printf(\tstatus:[0x%x]\n, r-status); + printf(\n); +} + +/ +/ + static void display_print_info7(struct spoolss_PrinterInfo7 *r) { printf(\tguid:[%s]\n, r-guid); printf(\taction:[0x%x]\n, r-action); + printf(\n); } - / / @@ -306,6 +339,15 @@ static WERROR cmd_spoolss_enum_printers(struct rpc_pipe_client *cli, case 3: display_print_info3(info[i].info3); break; + case 4: + display_print_info4(info[i].info4); + break; + case 5: + display_print_info5(info[i].info5); + break; + case 6: + display_print_info6(info[i].info6); + break; default: printf(unknown info level %d\n, level); goto done; @@ -624,6 +666,15 @@ static WERROR cmd_spoolss_getprinter(struct rpc_pipe_client *cli, case 3: display_print_info3(info.info3); break; + case 4: + display_print_info4(info.info4); + break; + case 5: + display_print_info5(info.info5); + break; + case 6: + display_print_info6(info.info6); +
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1457-ged88ff1
The branch, master has been updated via ed88ff18ddd4267eaecd11140ebcb5a59163c53f (commit) from d77c45675744895b01d905f7f27ae55e64264c26 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ed88ff18ddd4267eaecd11140ebcb5a59163c53f Author: Volker Lendecke v...@samba.org Date: Wed May 6 12:00:49 2009 +0200 Fix Coverity ID 897: REVERSE_INULL --- Summary of changes: source3/locking/locking.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 7084122..dd735be 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -1397,11 +1397,11 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USE if (fsp-conn-admin_user) { tok_copy = copy_unix_token(lck, tok); - tok_copy-uid = (uid_t)0; if (tok_copy == NULL) { TALLOC_FREE(lck); return false; } + tok_copy-uid = (uid_t)0; tok = tok_copy; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-882-gc4a15b7
The branch, v3-4-test has been updated via c4a15b70b894e413ac76f4c8d7c04d8eedeba723 (commit) from e4628c6fc7348f5adc69722809ea539c4fe7 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit c4a15b70b894e413ac76f4c8d7c04d8eedeba723 Author: Volker Lendecke v...@samba.org Date: Wed May 6 12:00:49 2009 +0200 Fix Coverity ID 897: REVERSE_INULL --- Summary of changes: source3/locking/locking.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 7084122..dd735be 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -1397,11 +1397,11 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USE if (fsp-conn-admin_user) { tok_copy = copy_unix_token(lck, tok); - tok_copy-uid = (uid_t)0; if (tok_copy == NULL) { TALLOC_FREE(lck); return false; } + tok_copy-uid = (uid_t)0; tok = tok_copy; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-883-ga2c023c
The branch, v3-4-test has been updated via a2c023c5511d5f07def53da7e72cc32c52434ccf (commit) from c4a15b70b894e413ac76f4c8d7c04d8eedeba723 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit a2c023c5511d5f07def53da7e72cc32c52434ccf Author: Michael Adam ob...@samba.org Date: Wed May 6 02:08:33 2009 +0200 s3:loadparm: handle registry config source in file_list - fixes bug #6320 Michael (cherry picked from commit 4842e45d59dbd6c9ac138e796d30fcf747807d1c) --- Summary of changes: source3/param/loadparm.c | 78 ++ 1 files changed, 44 insertions(+), 34 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 26f3214..991b653 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -677,6 +677,8 @@ static void set_allowed_client_auth(void); static void *lp_local_ptr(struct service *service, void *ptr); +static void add_to_file_list(const char *fname, const char *subfname); + static const struct enum_list enum_protocol[] = { {PROTOCOL_NT1, NT1}, {PROTOCOL_LANMAN2, LANMAN2}, @@ -6841,6 +6843,8 @@ static bool process_registry_globals(void) { bool ret; + add_to_file_list(INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME); + ret = do_parameter(registry shares, yes, NULL); if (!ret) { return ret; @@ -6964,45 +6968,51 @@ bool lp_file_list_changed(void) DEBUG(6, (lp_file_list_changed()\n)); - if (lp_config_backend_is_registry()) { - struct smbconf_ctx *conf_ctx = lp_smbconf_ctx(); - - if (conf_ctx == NULL) { - return false; - } - if (smbconf_changed(conf_ctx, conf_last_csn, NULL, NULL)) { - DEBUGADD(6, (registry config changed\n)); - return true; - } - } - while (f) { char *n2 = NULL; time_t mod_time; - n2 = alloc_sub_basic(get_current_username(), - current_user_info.domain, - f-name); - if (!n2) { - return false; - } - DEBUGADD(6, (file %s - %s last mod_time: %s\n, -f-name, n2, ctime(f-modtime))); - - mod_time = file_modtime(n2); - - if (mod_time ((f-modtime != mod_time) || (f-subfname == NULL) || (strcmp(n2, f-subfname) != 0))) { - DEBUGADD(6, -(file %s modified: %s\n, n2, - ctime(mod_time))); - f-modtime = mod_time; - SAFE_FREE(f-subfname); - f-subfname = n2; /* Passing ownership of -return from alloc_sub_basic -above. */ - return true; + if (strequal(f-name, INCLUDE_REGISTRY_NAME)) { + struct smbconf_ctx *conf_ctx = lp_smbconf_ctx(); + + if (conf_ctx == NULL) { + return false; + } + if (smbconf_changed(conf_ctx, conf_last_csn, NULL, + NULL)) + { + DEBUGADD(6, (registry config changed\n)); + return true; + } + } else { + n2 = alloc_sub_basic(get_current_username(), + current_user_info.domain, + f-name); + if (!n2) { + return false; + } + DEBUGADD(6, (file %s - %s last mod_time: %s\n, +f-name, n2, ctime(f-modtime))); + + mod_time = file_modtime(n2); + + if (mod_time + ((f-modtime != mod_time) || +(f-subfname == NULL) || +(strcmp(n2, f-subfname) != 0))) + { + DEBUGADD(6, +(file %s modified: %s\n, n2, + ctime(mod_time))); + f-modtime = mod_time; + SAFE_FREE(f-subfname); + f-subfname = n2; /* Passing ownership of +return from alloc_sub_basic +
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - build_3.2.11_ctdb.59-9-gf246f1e
The branch, v3-2-ctdb has been updated via f246f1e45374ef3a499f6322faee35c3e8489583 (commit) from 8a75176ef775b0222189ad29d19f43488f412d3b (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit f246f1e45374ef3a499f6322faee35c3e8489583 Author: Michael Adam ob...@samba.org Date: Wed May 6 02:08:33 2009 +0200 s3:loadparm: handle registry config source in file_list - fixes bug #6320 I.e. does not require smbd restart after changing share default options in the global registry section with include = registry. Michael --- Summary of changes: source/param/loadparm.c | 78 ++ 1 files changed, 44 insertions(+), 34 deletions(-) Changeset truncated at 500 lines: diff --git a/source/param/loadparm.c b/source/param/loadparm.c index bbdb52c..d711489 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -665,6 +665,8 @@ static void set_server_role(void); static void set_default_server_announce_type(void); static void set_allowed_client_auth(void); +static void add_to_file_list(const char *fname, const char *subfname); + static const struct enum_list enum_protocol[] = { {PROTOCOL_NT1, NT1}, {PROTOCOL_LANMAN2, LANMAN2}, @@ -6586,6 +6588,8 @@ static bool process_registry_globals(void) { bool ret; + add_to_file_list(INCLUDE_REGISTRY_NAME, INCLUDE_REGISTRY_NAME); + ret = do_parameter(registry shares, yes, NULL); if (!ret) { return ret; @@ -6709,45 +6713,51 @@ bool lp_file_list_changed(void) DEBUG(6, (lp_file_list_changed()\n)); - if (lp_config_backend_is_registry()) { - struct smbconf_ctx *conf_ctx = lp_smbconf_ctx(); - - if (conf_ctx == NULL) { - return false; - } - if (smbconf_changed(conf_ctx, conf_last_csn, NULL, NULL)) { - DEBUGADD(6, (registry config changed\n)); - return true; - } - } - while (f) { char *n2 = NULL; time_t mod_time; - n2 = alloc_sub_basic(get_current_username(), - current_user_info.domain, - f-name); - if (!n2) { - return false; - } - DEBUGADD(6, (file %s - %s last mod_time: %s\n, -f-name, n2, ctime(f-modtime))); - - mod_time = file_modtime(n2); - - if (mod_time ((f-modtime != mod_time) || (f-subfname == NULL) || (strcmp(n2, f-subfname) != 0))) { - DEBUGADD(6, -(file %s modified: %s\n, n2, - ctime(mod_time))); - f-modtime = mod_time; - SAFE_FREE(f-subfname); - f-subfname = n2; /* Passing ownership of -return from alloc_sub_basic -above. */ - return true; + if (strequal(f-name, INCLUDE_REGISTRY_NAME)) { + struct smbconf_ctx *conf_ctx = lp_smbconf_ctx(); + + if (conf_ctx == NULL) { + return false; + } + if (smbconf_changed(conf_ctx, conf_last_csn, NULL, + NULL)) + { + DEBUGADD(6, (registry config changed\n)); + return true; + } + } else { + n2 = alloc_sub_basic(get_current_username(), + current_user_info.domain, + f-name); + if (!n2) { + return false; + } + DEBUGADD(6, (file %s - %s last mod_time: %s\n, +f-name, n2, ctime(f-modtime))); + + mod_time = file_modtime(n2); + + if (mod_time + ((f-modtime != mod_time) || +(f-subfname == NULL) || +(strcmp(n2, f-subfname) != 0))) + { + DEBUGADD(6, +(file %s modified: %s\n, n2, + ctime(mod_time))); + f-modtime = mod_time; + SAFE_FREE(f-subfname); + f-subfname = n2; /* Passing ownership of +
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - build_3.2.11_ctdb.59-11-gaae05b5
The branch, v3-2-ctdb has been updated via aae05b591ffcd4365a151ae9acee5f626b7cdf75 (commit) via 442a6a79dd249e202beba1ca4a1ea4b4f0e20564 (commit) from f246f1e45374ef3a499f6322faee35c3e8489583 (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit aae05b591ffcd4365a151ae9acee5f626b7cdf75 Author: Volker Lendecke v...@samba.org Date: Wed Apr 15 13:01:09 2009 +0200 Do not use the file system GET_REAL_FILENAME for mangled names commit 442a6a79dd249e202beba1ca4a1ea4b4f0e20564 Author: Volker Lendecke v...@samba.org Date: Mon Apr 27 16:59:01 2009 +0200 Revert Do not use the file system GET_REAL_FILENAME for mangled names This reverts commit 5589d41d4ca1ad7db0227a1ee59c965b6c7c. --- Summary of changes: source/smbd/filename.c | 42 -- 1 files changed, 36 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/filename.c b/source/smbd/filename.c index c9d4963..697f7a8 100644 --- a/source/smbd/filename.c +++ b/source/smbd/filename.c @@ -36,6 +36,10 @@ static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx, static int get_real_filename_mangled(connection_struct *conn, const char *path, const char *name, TALLOC_CTX *mem_ctx, char **found_name); +static int get_real_filename_internal(connection_struct *conn, + const char *path, const char *name, + bool mangled, + TALLOC_CTX *mem_ctx, char **found_name); / Mangle the 2nd name and check if it is then equal to the first name. @@ -815,22 +819,34 @@ static int get_real_filename_mangled(connection_struct *conn, const char *path, if (!mangled) { /* Name is now unmangled. */ name = unmangled_name; + } else { + /* +* If we have mangled names, do not ask the VFS'es +* GET_REAL_FILENAME. The Unix file system below does +* not know about Samba's style of mangling. +* +* Boolean flags passed down are evil, the alternative +* would be to pass a comparison function down into +* the loop in get_real_filename_internal(). For now, +* do the quickdirty boolean flag approach. +*/ + return get_real_filename_internal(conn, path, name, + true, + mem_ctx, found_name); } - return get_real_filename(conn, path, name, mem_ctx, -found_name); } return SMB_VFS_GET_REAL_FILENAME(conn, path, name, mem_ctx, found_name); } -int get_real_filename(connection_struct *conn, const char *path, - const char *name, TALLOC_CTX *mem_ctx, - char **found_name) +static int get_real_filename_internal(connection_struct *conn, + const char *path, const char *name, + bool mangled, + TALLOC_CTX *mem_ctx, char **found_name) { struct smb_Dir *cur_dir; const char *dname; - bool mangled; char *unmangled_name = NULL; long curpos; @@ -881,6 +897,20 @@ int get_real_filename(connection_struct *conn, const char *path, return -1; } + + +int get_real_filename(connection_struct *conn, + const char *path, const char *name, + TALLOC_CTX *mem_ctx, char **found_name) +{ + /* +* This is the default VFS function. If we end up here, we know we +* don't have mangled names around. +*/ + return get_real_filename_internal(conn, path, name, false, + mem_ctx, found_name); +} + static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx, connection_struct *conn, const char *orig_path, -- SAMBA-CTDB repository
[SCM] CTDB repository - branch master updated - ctdb-1.0.80-14-gf7f64f9
The branch, master has been updated via f7f64f92e26a0757af210d33288162eefcd07d79 (commit) from a87ef6a9206820d5110a7117240f743af010ff19 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit f7f64f92e26a0757af210d33288162eefcd07d79 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed May 6 20:32:39 2009 +1000 From: Sumit Bose sb...@redhat.com fix handling of AC_INIT and read version from ctdb.spec --- Summary of changes: configure.ac |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/configure.ac b/configure.ac index 0e8f150..2074546 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,5 @@ AC_PREREQ(2.50) +AC_INIT(ctdb, m4_esyscmd([grep 'Version:' ./packaging/RPM/ctdb.spec 2/dev/null | head -1 | sed -e 's/[ \t]*Version:[ \t]*\([^ \t]*\)[ \t].*/\1/' | tr -d '\n'])) AC_DEFUN([AC_CHECK_LIB_EXT], [ AC_CHECK_LIB([$1],[$3],[$4],[$5],[$7]) ac_cv_lib_ext_$1_$3=$ac_cv_lib_$1_$3 @@ -11,7 +12,6 @@ AC_DEFUN([SMB_MODULE_DEFAULT], [echo -n ]) AC_DEFUN([SMB_LIBRARY_ENABLE], [echo -n ]) AC_DEFUN([SMB_EXT_LIB], [echo -n ]) AC_DEFUN([SMB_ENABLE], [echo -n ]) -AC_INIT(ctdb.h) AC_CONFIG_SRCDIR([server/ctdbd.c]) if test ${libdir} = '${exec_prefix}/lib'; then -- CTDB repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1458-gbf197a9
The branch, master has been updated via bf197a9c0ab8a58a775277896d40617d36279288 (commit) from ed88ff18ddd4267eaecd11140ebcb5a59163c53f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bf197a9c0ab8a58a775277896d40617d36279288 Author: Günther Deschner g...@samba.org Date: Wed May 6 15:43:00 2009 +0200 s3-docs: Fix net eventlog dump syntax in manpage. Guenther --- Summary of changes: docs-xml/manpages-3/net.8.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 4860fe8..8fea603 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -1605,7 +1605,7 @@ of eventlogs into an eventlog *.evt file./member /para refsect3 -titleEVENTLOG DUMP/title +titleEVENTLOG DUMP replaceablefilename/replaceable/title para Prints a eventlog *.evt file to standard output. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1459-ge398f1e
The branch, master has been updated via e398f1e91575909d2a90fab1e6f00804815a0b2f (commit) from bf197a9c0ab8a58a775277896d40617d36279288 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e398f1e91575909d2a90fab1e6f00804815a0b2f Author: Günther Deschner g...@samba.org Date: Wed May 6 15:43:23 2009 +0200 s3-docs: Fix Bug #6331. Document net dom join/net dom unjoin. Guenther --- Summary of changes: docs-xml/manpages-3/net.8.xml | 81 + 1 files changed, 81 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 8fea603..82e3bac 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -1641,6 +1641,87 @@ See the citerefentryrefentrytitlesmb.conf/refentrytitle manvolnum5/manv /refsect2 refsect2 +titleDOM/title + +paraStarting with version 3.2.0 Samba has support for remote join and unjoin APIs, both client and server-side. Windows supports remote join capabilities since Windows 2000. +/para +paraIn order for Samba to be joined or unjoined remotely an account must be used that is either member of the Domain Admins group, a member of the local Administrators group or a user that is granted the SeMachineAccountPrivilege privilege. +/para + +paraThe client side support for remote join is implemented in the net dom commands which are: +simplelist +membernet dom join - Join a remote computer into a domain./member +membernet dom unjoin - Unjoin a remote computer from a domain./member +/simplelist +/para + +refsect3 +titleDOM JOINreplaceabledomain=DOMAIN/replaceable replaceableou=OU/replaceable replaceableaccount=ACCOUNT/replaceable replaceablepassword=PASSWORD/replaceable replaceablereboot/replaceable/title + +para +Joins a computer into a domain. This command supports the following additional parameters: + +itemizedlist + +listitemreplaceableDOMAIN/replaceable can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The replaceableDOMAIN/replaceable parameter cannot be NULL./listitem + +listitemreplaceableOU/replaceable can be set to a RFC 1779 LDAP DN, like emphasisou=mymachines,cn=Users,dc=example,dc=com/emphasis in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains./listitem + +listitemreplaceableACCOUNT/replaceable defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines./listitem + +listitemreplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./listitem + +listitemreplaceableREBOOT/replaceable is an optional parameter that can be set to reboot the remote machine after successful join to the domain./listitem + +/itemizedlist +/para + +para +Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user. +/para +para + Example: + net dom join -S xp -U XP\\administrator%secret domain=MYDOM account=MYDOM\\administrator password=topsecret reboot. +/para +para +This example would connect to a computer named XP as the local administrator using password secret, and join the computer into a domain called MYDOM using the MYDOM domain administrator account and password topsecret. After successful join, the computer would reboot. +/para + +/refsect3 + +refsect3 +titleDOM UNJOIN replaceableaccount=ACCOUNT/replaceable replaceablepassword=PASSWORD/replaceable replaceablereboot/replaceable/title + +para +Unjoins a computer from a domain. This command supports the following additional parameters: + +itemizedlist + +listitemreplaceableACCOUNT/replaceable defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines./listitem + +listitemreplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./listitem + +listitemreplaceableREBOOT/replaceable is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain./listitem + +/itemizedlist +/para + +para +Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to unjoin. These additional parameters
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-888-g80d32b8
The branch, v3-4-test has been updated via 80d32b8bfcc9a7805d864bd60d89d747bbe9ad0d (commit) via 163d0699e83c43f136449a16f539c99320a3eeaa (commit) via 133a98abd58ccecb15f493bf74f6e3e076b87dcd (commit) via 5ebe6755699fb970368580d4394289f9028ce9a8 (commit) via 4d67491ef558c96fd57a959bb58df9efa5e83ceb (commit) from a2c023c5511d5f07def53da7e72cc32c52434ccf (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 80d32b8bfcc9a7805d864bd60d89d747bbe9ad0d Author: Günther Deschner g...@samba.org Date: Wed May 6 15:43:23 2009 +0200 s3-docs: Fix Bug #6331. Document net dom join/net dom unjoin. Guenther (cherry picked from commit e398f1e91575909d2a90fab1e6f00804815a0b2f) commit 163d0699e83c43f136449a16f539c99320a3eeaa Author: Günther Deschner g...@samba.org Date: Wed May 6 15:43:00 2009 +0200 s3-docs: Fix net eventlog dump syntax in manpage. Guenther (cherry picked from commit bf197a9c0ab8a58a775277896d40617d36279288) commit 133a98abd58ccecb15f493bf74f6e3e076b87dcd Author: Günther Deschner g...@samba.org Date: Mon May 4 17:25:41 2009 +0200 s3-rpcclient: print more infolevels in printer and driver info levels. Guenther (cherry picked from commit d77c45675744895b01d905f7f27ae55e64264c26) commit 5ebe6755699fb970368580d4394289f9028ce9a8 Author: Günther Deschner g...@samba.org Date: Wed May 6 10:20:52 2009 +0200 s3-printing: fix debug statement in virtual registry layer (key_driver_fetch_keys). Guenther (cherry picked from commit 7ac1ae8d1c3bcf4d001e29fdc1ee314dcbe3df76) commit 4d67491ef558c96fd57a959bb58df9efa5e83ceb Author: Günther Deschner g...@samba.org Date: Wed May 6 01:10:33 2009 +0200 s3-printing: simplify print_queue helper functions and return WERROR. Guenther (cherry picked from commit 9966541f89b45834cdf63060202621f885bf9f5c) --- Summary of changes: docs-xml/manpages-3/net.8.xml | 83 ++- source3/include/proto.h |9 +- source3/printing/printing.c | 27 ++-- source3/registry/reg_backend_printing.c |2 +- source3/rpc_server/srv_spoolss_nt.c | 12 +- source3/rpcclient/cmd_spoolss.c | 245 ++- source3/smbd/lanman.c | 17 +-- 7 files changed, 344 insertions(+), 51 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 477c3d8..995f28b 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -1605,7 +1605,7 @@ of eventlogs into an eventlog *.evt file./member /para refsect3 -titleEVENTLOG DUMP/title +titleEVENTLOG DUMP replaceablefilename/replaceable/title para Prints a eventlog *.evt file to standard output. @@ -1641,6 +1641,87 @@ See the citerefentryrefentrytitlesmb.conf/refentrytitle manvolnum5/manv /refsect2 refsect2 +titleDOM/title + +paraStarting with version 3.2.0 Samba has support for remote join and unjoin APIs, both client and server-side. Windows supports remote join capabilities since Windows 2000. +/para +paraIn order for Samba to be joined or unjoined remotely an account must be used that is either member of the Domain Admins group, a member of the local Administrators group or a user that is granted the SeMachineAccountPrivilege privilege. +/para + +paraThe client side support for remote join is implemented in the net dom commands which are: +simplelist +membernet dom join - Join a remote computer into a domain./member +membernet dom unjoin - Unjoin a remote computer from a domain./member +/simplelist +/para + +refsect3 +titleDOM JOINreplaceabledomain=DOMAIN/replaceable replaceableou=OU/replaceable replaceableaccount=ACCOUNT/replaceable replaceablepassword=PASSWORD/replaceable replaceablereboot/replaceable/title + +para +Joins a computer into a domain. This command supports the following additional parameters: + +itemizedlist + +listitemreplaceableDOMAIN/replaceable can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The replaceableDOMAIN/replaceable parameter cannot be NULL./listitem + +listitemreplaceableOU/replaceable can be set to a RFC 1779 LDAP DN, like emphasisou=mymachines,cn=Users,dc=example,dc=com/emphasis in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains./listitem + +listitemreplaceableACCOUNT/replaceable defines a domain account that will be used to join the machine to the
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1460-g4a4dc77
The branch, master has been updated via 4a4dc776b2f0ca813abcf4f47f0d5721f75f3e6a (commit) from e398f1e91575909d2a90fab1e6f00804815a0b2f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4a4dc776b2f0ca813abcf4f47f0d5721f75f3e6a Author: Karolin Seeger ksee...@samba.org Date: Wed May 6 16:06:59 2009 +0200 s3/docs: Remove unnecessary .sp. Karolin --- Summary of changes: docs-xml/manpages-3/net.8.xml | 20 ++-- 1 files changed, 10 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 82e3bac..debcea6 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -1660,21 +1660,21 @@ See the citerefentryrefentrytitlesmb.conf/refentrytitle manvolnum5/manv para Joins a computer into a domain. This command supports the following additional parameters: +/para itemizedlist -listitemreplaceableDOMAIN/replaceable can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The replaceableDOMAIN/replaceable parameter cannot be NULL./listitem +listitemparareplaceableDOMAIN/replaceable can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The replaceableDOMAIN/replaceable parameter cannot be NULL./para/listitem -listitemreplaceableOU/replaceable can be set to a RFC 1779 LDAP DN, like emphasisou=mymachines,cn=Users,dc=example,dc=com/emphasis in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains./listitem +listitemparareplaceableOU/replaceable can be set to a RFC 1779 LDAP DN, like emphasisou=mymachines,cn=Users,dc=example,dc=com/emphasis in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains./para/listitem -listitemreplaceableACCOUNT/replaceable defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines./listitem +listitemparareplaceableACCOUNT/replaceable defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines./para/listitem -listitemreplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./listitem +listitemparareplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./para/listitem -listitemreplaceableREBOOT/replaceable is an optional parameter that can be set to reboot the remote machine after successful join to the domain./listitem +listitemparareplaceableREBOOT/replaceable is an optional parameter that can be set to reboot the remote machine after successful join to the domain./para/listitem /itemizedlist -/para para Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user. @@ -1694,17 +1694,17 @@ This example would connect to a computer named XP as the local administrator usi para Unjoins a computer from a domain. This command supports the following additional parameters: +/para itemizedlist -listitemreplaceableACCOUNT/replaceable defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines./listitem +listitemparareplaceableACCOUNT/replaceable defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines./para/listitem -listitemreplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./listitem +listitemparareplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./para/listitem -listitemreplaceableREBOOT/replaceable is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain./listitem +listitemparareplaceableREBOOT/replaceable is an optional parameter that can be
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-889-g6a617a9
The branch, v3-4-test has been updated via 6a617a9677da9df8f70cf2039245cfb5ce3d94c3 (commit) from 80d32b8bfcc9a7805d864bd60d89d747bbe9ad0d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 6a617a9677da9df8f70cf2039245cfb5ce3d94c3 Author: Karolin Seeger ksee...@samba.org Date: Wed May 6 16:06:59 2009 +0200 s3/docs: Remove unnecessary .sp. Karolin (cherry picked from commit 4a4dc776b2f0ca813abcf4f47f0d5721f75f3e6a) --- Summary of changes: docs-xml/manpages-3/net.8.xml | 20 ++-- 1 files changed, 10 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 995f28b..2504727 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -1660,21 +1660,21 @@ See the citerefentryrefentrytitlesmb.conf/refentrytitle manvolnum5/manv para Joins a computer into a domain. This command supports the following additional parameters: +/para itemizedlist -listitemreplaceableDOMAIN/replaceable can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The replaceableDOMAIN/replaceable parameter cannot be NULL./listitem +listitemparareplaceableDOMAIN/replaceable can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The replaceableDOMAIN/replaceable parameter cannot be NULL./para/listitem -listitemreplaceableOU/replaceable can be set to a RFC 1779 LDAP DN, like emphasisou=mymachines,cn=Users,dc=example,dc=com/emphasis in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains./listitem +listitemparareplaceableOU/replaceable can be set to a RFC 1779 LDAP DN, like emphasisou=mymachines,cn=Users,dc=example,dc=com/emphasis in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains./para/listitem -listitemreplaceableACCOUNT/replaceable defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines./listitem +listitemparareplaceableACCOUNT/replaceable defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines./para/listitem -listitemreplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./listitem +listitemparareplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./para/listitem -listitemreplaceableREBOOT/replaceable is an optional parameter that can be set to reboot the remote machine after successful join to the domain./listitem +listitemparareplaceableREBOOT/replaceable is an optional parameter that can be set to reboot the remote machine after successful join to the domain./para/listitem /itemizedlist -/para para Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user. @@ -1694,17 +1694,17 @@ This example would connect to a computer named XP as the local administrator usi para Unjoins a computer from a domain. This command supports the following additional parameters: +/para itemizedlist -listitemreplaceableACCOUNT/replaceable defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines./listitem +listitemparareplaceableACCOUNT/replaceable defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines./para/listitem -listitemreplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./listitem +listitemparareplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./para/listitem -listitemreplaceableREBOOT/replaceable is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain./listitem
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5252-g8c57714
The branch, v3-3-test has been updated via 8c5771422bf25dba0638c3419ac14f0841b94293 (commit) via e19dddb2b438b75dcd995aaa763fcbe55d7de5cc (commit) from e5f0f6b7fb428e4cc8e5e782a0038a847d74edcc (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 8c5771422bf25dba0638c3419ac14f0841b94293 Author: Karolin Seeger ksee...@samba.org Date: Wed May 6 16:06:59 2009 +0200 s3/docs: Remove unnecessary .sp. Karolin (cherry picked from commit 4a4dc776b2f0ca813abcf4f47f0d5721f75f3e6a) (cherry picked from commit 6a617a9677da9df8f70cf2039245cfb5ce3d94c3) commit e19dddb2b438b75dcd995aaa763fcbe55d7de5cc Author: Günther Deschner g...@samba.org Date: Wed May 6 15:43:23 2009 +0200 s3-docs: Fix Bug #6331. Document net dom join/net dom unjoin. Guenther (cherry picked from commit e398f1e91575909d2a90fab1e6f00804815a0b2f) --- Summary of changes: docs-xml/manpages-3/net.8.xml | 82 + 1 files changed, 82 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 78f798c..9206cb8 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -1582,6 +1582,88 @@ Delete the list of includes from the provided section (global or share). /refsect2 refsect2 +titleDOM/title + +paraStarting with version 3.2.0 Samba has support for remote join and unjoin APIs, both client and server-side. Windows supports remote join capabilities since Windows 2000. +/para +paraIn order for Samba to be joined or unjoined remotely an account must be used that is either member of the Domain Admins group, a member of the local Administrators group or a user that is granted the SeMachineAccountPrivilege privilege. +/para + +paraThe client side support for remote join is implemented in the net dom commands which are: +simplelist +membernet dom join - Join a remote computer into a domain./member +membernet dom unjoin - Unjoin a remote computer from a domain./member +/simplelist +/para + +refsect3 +titleDOM JOINreplaceabledomain=DOMAIN/replaceable replaceableou=OU/replaceable replaceableaccount=ACCOUNT/replaceable replaceablepassword=PASSWORD/replaceable replaceablereboot/replaceable/title + +para +Joins a computer into a domain. This command supports the following additional parameters: +/para + +itemizedlist + +listitemparareplaceableDOMAIN/replaceable can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The replaceableDOMAIN/replaceable parameter cannot be NULL./para/listitem + +listitemparareplaceableOU/replaceable can be set to a RFC 1779 LDAP DN, like emphasisou=mymachines,cn=Users,dc=example,dc=com/emphasis in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains./para/listitem + +listitemparareplaceableACCOUNT/replaceable defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines./para/listitem + +listitemparareplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./para/listitem + +listitemparareplaceableREBOOT/replaceable is an optional parameter that can be set to reboot the remote machine after successful join to the domain./para/listitem + +/itemizedlist + +para +Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user. +/para +para + Example: + net dom join -S xp -U XP\\administrator%secret domain=MYDOM account=MYDOM\\administrator password=topsecret reboot. +/para +para +This example would connect to a computer named XP as the local administrator using password secret, and join the computer into a domain called MYDOM using the MYDOM domain administrator account and password topsecret. After successful join, the computer would reboot. +/para + +/refsect3 + +refsect3 +titleDOM UNJOIN replaceableaccount=ACCOUNT/replaceable replaceablepassword=PASSWORD/replaceable replaceablereboot/replaceable/title + +para +Unjoins a computer from a domain. This command supports the following additional parameters: +/para + +itemizedlist + +listitemparareplaceableACCOUNT/replaceable defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3575-gfe7c528
The branch, v3-2-test has been updated via fe7c528089815a533402b5a3b247db94a2c70d6d (commit) via 457313c37904246fb0628ab0f2ef207dc38b2f85 (commit) from 437136465e52a893a3f866bda40d4c9d812693d9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit fe7c528089815a533402b5a3b247db94a2c70d6d Author: Karolin Seeger ksee...@samba.org Date: Wed May 6 16:06:59 2009 +0200 s3/docs: Remove unnecessary .sp. Karolin (cherry picked from commit 4a4dc776b2f0ca813abcf4f47f0d5721f75f3e6a) (cherry picked from commit 6a617a9677da9df8f70cf2039245cfb5ce3d94c3) (cherry picked from commit 8c5771422bf25dba0638c3419ac14f0841b94293) commit 457313c37904246fb0628ab0f2ef207dc38b2f85 Author: Günther Deschner g...@samba.org Date: Wed May 6 15:43:23 2009 +0200 s3-docs: Fix Bug #6331. Document net dom join/net dom unjoin. Guenther (cherry picked from commit e398f1e91575909d2a90fab1e6f00804815a0b2f) (cherry picked from commit e19dddb2b438b75dcd995aaa763fcbe55d7de5cc) --- Summary of changes: docs-xml/manpages-3/net.8.xml | 82 + 1 files changed, 82 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 8947bc1..97c6c86 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -1569,6 +1569,88 @@ Delete the list of includes from the provided section (global or share). /refsect2 refsect2 +titleDOM/title + +paraStarting with version 3.2.0 Samba has support for remote join and unjoin APIs, both client and server-side. Windows supports remote join capabilities since Windows 2000. +/para +paraIn order for Samba to be joined or unjoined remotely an account must be used that is either member of the Domain Admins group, a member of the local Administrators group or a user that is granted the SeMachineAccountPrivilege privilege. +/para + +paraThe client side support for remote join is implemented in the net dom commands which are: +simplelist +membernet dom join - Join a remote computer into a domain./member +membernet dom unjoin - Unjoin a remote computer from a domain./member +/simplelist +/para + +refsect3 +titleDOM JOINreplaceabledomain=DOMAIN/replaceable replaceableou=OU/replaceable replaceableaccount=ACCOUNT/replaceable replaceablepassword=PASSWORD/replaceable replaceablereboot/replaceable/title + +para +Joins a computer into a domain. This command supports the following additional parameters: +/para + +itemizedlist + +listitemparareplaceableDOMAIN/replaceable can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The replaceableDOMAIN/replaceable parameter cannot be NULL./para/listitem + +listitemparareplaceableOU/replaceable can be set to a RFC 1779 LDAP DN, like emphasisou=mymachines,cn=Users,dc=example,dc=com/emphasis in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains./para/listitem + +listitemparareplaceableACCOUNT/replaceable defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines./para/listitem + +listitemparareplaceablePASSWORD/replaceable defines the password for the domain account defined with replaceableACCOUNT/replaceable./para/listitem + +listitemparareplaceableREBOOT/replaceable is an optional parameter that can be set to reboot the remote machine after successful join to the domain./para/listitem + +/itemizedlist + +para +Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user. +/para +para + Example: + net dom join -S xp -U XP\\administrator%secret domain=MYDOM account=MYDOM\\administrator password=topsecret reboot. +/para +para +This example would connect to a computer named XP as the local administrator using password secret, and join the computer into a domain called MYDOM using the MYDOM domain administrator account and password topsecret. After successful join, the computer would reboot. +/para + +/refsect3 + +refsect3 +titleDOM UNJOIN replaceableaccount=ACCOUNT/replaceable replaceablepassword=PASSWORD/replaceable replaceablereboot/replaceable/title + +para +Unjoins a computer from a domain. This command supports the following additional parameters: +/para + +itemizedlist +
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1461-g730c91a
The branch, master has been updated via 730c91d42c68fdb44bc51fee6c89e0c22910 (commit) from 4a4dc776b2f0ca813abcf4f47f0d5721f75f3e6a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 730c91d42c68fdb44bc51fee6c89e0c22910 Author: Jelmer Vernooij jel...@samba.org Date: Wed May 6 17:48:01 2009 +0200 Avoid --nonet when building manpages; xsltproc will already prefer local stylesheets if they are installed. --- Summary of changes: lib/talloc/rules.mk |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/talloc/rules.mk b/lib/talloc/rules.mk index 6cee126..1c83e7b 100644 --- a/lib/talloc/rules.mk +++ b/lib/talloc/rules.mk @@ -9,10 +9,10 @@ showflags:: $(CC) $(PICFLAG) -o $@ -c $ $(CFLAGS) .3.xml.3: - -test -z $(XSLTPROC) || $(XSLTPROC) --nonet -o $@ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $ + -test -z $(XSLTPROC) || $(XSLTPROC) -o $@ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $ .xml.html: - -test -z $(XSLTPROC) || $(XSLTPROC) --nonet -o $@ http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $ + -test -z $(XSLTPROC) || $(XSLTPROC) -o $@ http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $ distclean:: rm -f *~ */*~ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1462-g78754ab
The branch, master has been updated via 78754ab2c9b28ea8ab09d3fd1f5450abe721a2c1 (commit) from 730c91d42c68fdb44bc51fee6c89e0c22910 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 78754ab2c9b28ea8ab09d3fd1f5450abe721a2c1 Author: Günther Deschner g...@samba.org Date: Wed May 6 19:29:01 2009 +0200 s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 joining Samba3) and probably many, many more. Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate flags (which are a pointer to the out negotiate flags assigned in the generated netlogon server code). So, while you wanted to just set the *out* negflags, you did in fact reset the *in* negflags, effectively eliminating the NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then caused creds_server_init() to generate 64bit creds instead of 128bit, causing the whole chain to break. *Please* check. Guenther --- Summary of changes: source3/rpc_server/srv_netlog_nt.c |8 ++-- 1 files changed, 6 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index c5e2ca7..edd1321 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -535,8 +535,6 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, srv_flgs |= NETLOGON_NEG_SCHANNEL; } - *r-out.negotiate_flags = srv_flgs; - switch (p-hdr_req.opnum) { case NDR_NETR_SERVERAUTHENTICATE2: fn = _netr_ServerAuthenticate2; @@ -554,6 +552,7 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, if (!p-dc || !p-dc-challenge_sent) { DEBUG(0,(%s: no challenge sent to client %s\n, fn, r-in.computer_name)); + *r-out.negotiate_flags = srv_flgs; return NT_STATUS_ACCESS_DENIED; } @@ -564,6 +563,7 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, DEBUG(0,(%s: schannel required but client failed to offer it. Client was %s\n, fn, r-in.account_name)); + *r-out.negotiate_flags = srv_flgs; return NT_STATUS_ACCESS_DENIED; } @@ -576,6 +576,7 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, account %s: %s\n, fn, r-in.account_name, nt_errstr(status) )); /* always return NT_STATUS_ACCESS_DENIED */ + *r-out.negotiate_flags = srv_flgs; return NT_STATUS_ACCESS_DENIED; } @@ -593,6 +594,7 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, request from client %s machine account %s\n, fn, r-in.computer_name, r-in.account_name)); + *r-out.negotiate_flags = srv_flgs; return NT_STATUS_ACCESS_DENIED; } /* set up the LSA AUTH 2 response */ @@ -612,6 +614,8 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, p-dc); unbecome_root(); + *r-out.negotiate_flags = srv_flgs; + return NT_STATUS_OK; } -- Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1462-g78754ab
On Wed, May 06, 2009 at 12:39:36PM -0500, Günther Deschner wrote: The branch, master has been updated via 78754ab2c9b28ea8ab09d3fd1f5450abe721a2c1 (commit) from 730c91d42c68fdb44bc51fee6c89e0c22910 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 78754ab2c9b28ea8ab09d3fd1f5450abe721a2c1 Author: Günther Deschner g...@samba.org Date: Wed May 6 19:29:01 2009 +0200 s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 joining Samba3) and probably many, many more. Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate flags (which are a pointer to the out negotiate flags assigned in the generated netlogon server code). So, while you wanted to just set the *out* negflags, you did in fact reset the *in* negflags, effectively eliminating the NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then caused creds_server_init() to generate 64bit creds instead of 128bit, causing the whole chain to break. *Please* check. Wow - great catch ! Great work Guenther. I'm looking at it now. I think we probably need some comments here also to explain the details. Looks like I got caught by badly named auto-generated variable names (r-out.negotiate_flags actually being the in flags is not very obvious :-). Thanks ! Jeremy.
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1463-g512879a
The branch, master has been updated via 512879a69b6e94c323c37a6c0e56824c097b7f70 (commit) from 78754ab2c9b28ea8ab09d3fd1f5450abe721a2c1 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 512879a69b6e94c323c37a6c0e56824c097b7f70 Author: Jeremy Allison j...@samba.org Date: Wed May 6 15:07:05 2009 -0700 Make cli_setattrE async. Jeremy. --- Summary of changes: source3/include/proto.h | 17 - source3/libsmb/clifile.c| 120 +++ source3/libsmb/libsmb_file.c|4 +- source3/utils/net_rpc_printer.c |2 +- 4 files changed, 112 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 6b1febb..9a8b6a8 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2460,10 +2460,19 @@ NTSTATUS cli_getattrE(struct cli_state *cli, time_t *change_time, time_t *access_time, time_t *write_time); -bool cli_setattrE(struct cli_state *cli, int fd, - time_t change_time, - time_t access_time, - time_t write_time); +struct tevent_req *cli_setattrE_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct cli_state *cli, + uint16_t fnum, + time_t change_time, + time_t access_time, + time_t write_time); +NTSTATUS cli_setattrE_recv(struct tevent_req *req); +NTSTATUS cli_setattrE(struct cli_state *cli, + uint16_t fnum, + time_t change_time, + time_t access_time, + time_t write_time); struct tevent_req *cli_getatr_send(TALLOC_CTX *mem_ctx, struct event_context *ev, struct cli_state *cli, diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index 357923a..7983516 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -2391,43 +2391,115 @@ NTSTATUS cli_getatr(struct cli_state *cli, Do a SMBsetattrE call. / -bool cli_setattrE(struct cli_state *cli, int fd, - time_t change_time, - time_t access_time, - time_t write_time) +static void cli_setattrE_done(struct tevent_req *subreq); +struct cli_setattrE_state { + int dummy; +}; + +struct tevent_req *cli_setattrE_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct cli_state *cli, + uint16_t fnum, + time_t change_time, + time_t access_time, + time_t write_time) { - char *p; + struct tevent_req *req = NULL, *subreq = NULL; + struct cli_setattrE_state *state = NULL; + uint8_t additional_flags = 0; + uint16_t vwv[7]; - memset(cli-outbuf,'\0',smb_size); - memset(cli-inbuf,'\0',smb_size); + req = tevent_req_create(mem_ctx, state, struct cli_setattrE_state); + if (req == NULL) { + return NULL; + } - cli_set_message(cli-outbuf,7,0,True); + memset(vwv, '\0', sizeof(vwv)); + SSVAL(vwv+0, 0, fnum); + cli_put_dos_date2(cli, (char *)vwv[1], 0, change_time); + cli_put_dos_date2(cli, (char *)vwv[3], 0, access_time); + cli_put_dos_date2(cli, (char *)vwv[5], 0, write_time); - SCVAL(cli-outbuf,smb_com,SMBsetattrE); - SSVAL(cli-outbuf,smb_tid,cli-cnum); - cli_setup_packet(cli); + subreq = cli_smb_send(state, ev, cli, SMBsetattrE, additional_flags, + 7, vwv, 0, NULL); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, cli_setattrE_done, req); + return req; +} - SSVAL(cli-outbuf,smb_vwv0, fd); - cli_put_dos_date2(cli, cli-outbuf,smb_vwv1, change_time); - cli_put_dos_date2(cli, cli-outbuf,smb_vwv3, access_time); - cli_put_dos_date2(cli, cli-outbuf,smb_vwv5, write_time); +static void cli_setattrE_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + NTSTATUS status; - p = smb_buf(cli-outbuf); - *p++ = 4; + status = cli_smb_recv(subreq, 0, NULL, NULL, NULL, NULL); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req,
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1464-g78fb479
The branch, master has been updated via 78fb479325ce7073ab8383ada3903080d12aef91 (commit) from 512879a69b6e94c323c37a6c0e56824c097b7f70 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 78fb479325ce7073ab8383ada3903080d12aef91 Author: Jeremy Allison j...@samba.org Date: Wed May 6 16:10:20 2009 -0700 After getting confirmation from Guenther, add 3 changes we'll ultimately need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r-in.negotiate_flags is an aliased pointer to r-out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy. --- Summary of changes: source3/rpc_server/srv_netlog_nt.c | 36 +++- 1 files changed, 23 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index edd1321..333eabe 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -508,13 +508,16 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, { NTSTATUS status; uint32_t srv_flgs; + /* r-in.negotiate_flags is an aliased pointer to r-out.negotiate_flags, +* so use a copy to avoid destroying the client values. */ + uint32_t in_neg_flags = *r-in.negotiate_flags; struct netr_Credential srv_chal_out; const char *fn; /* According to Microsoft (see bugid #6099) * Windows 7 looks at the negotiate_flags * returned in this structure *even if the -* call fails with access denied ! So in order +* call fails with access denied* ! So in order * to allow Win7 to connect to a Samba NT style * PDC we set the flags before we know if it's * an error or not. @@ -531,6 +534,11 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, NETLOGON_NEG_REDO | NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; + /* Ensure we support strong (128-bit) keys. */ + if (in_neg_flags NETLOGON_NEG_STRONG_KEYS) { + srv_flgs |= NETLOGON_NEG_STRONG_KEYS; + } + if (lp_server_schannel() != false) { srv_flgs |= NETLOGON_NEG_SCHANNEL; } @@ -552,19 +560,19 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, if (!p-dc || !p-dc-challenge_sent) { DEBUG(0,(%s: no challenge sent to client %s\n, fn, r-in.computer_name)); - *r-out.negotiate_flags = srv_flgs; - return NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_ACCESS_DENIED; + goto out; } if ( (lp_server_schannel() == true) -((*r-in.negotiate_flags NETLOGON_NEG_SCHANNEL) == 0) ) { +((in_neg_flags NETLOGON_NEG_SCHANNEL) == 0) ) { /* schannel must be used, but client did not offer it. */ DEBUG(0,(%s: schannel required but client failed to offer it. Client was %s\n, fn, r-in.account_name)); - *r-out.negotiate_flags = srv_flgs; - return NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_ACCESS_DENIED; + goto out; } status = get_md4pw((char *)p-dc-mach_pw, @@ -576,12 +584,12 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, account %s: %s\n, fn, r-in.account_name, nt_errstr(status) )); /* always return NT_STATUS_ACCESS_DENIED */ - *r-out.negotiate_flags = srv_flgs; - return NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_ACCESS_DENIED; + goto out; } /* From the client / server challenges and md4 password, generate sess key */ - creds_server_init(*r-in.negotiate_flags, + creds_server_init(in_neg_flags, p-dc, p-dc-clnt_chal, /* Stored client chal. */ p-dc-srv_chal, /* Stored server chal. */ @@ -594,8 +602,8 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, request from client %s machine account %s\n, fn, r-in.computer_name, r-in.account_name)); - *r-out.negotiate_flags = srv_flgs; - return NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_ACCESS_DENIED; + goto out; } /* set up the LSA AUTH 2 response */ memcpy(r-out.return_credentials-data, srv_chal_out.data, @@
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1465-g606edf0
The branch, master has been updated via 606edf0f35978a437ddfb7c23525a16d9854 (commit) from 78fb479325ce7073ab8383ada3903080d12aef91 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 606edf0f35978a437ddfb7c23525a16d9854 Author: Jeremy Allison j...@samba.org Date: Wed May 6 16:13:42 2009 -0700 Make cli_setatr async. Jeremy. --- Summary of changes: source3/client/clitar.c |4 +- source3/include/proto.h | 12 - source3/libsmb/clifile.c| 127 +++ source3/libsmb/libsmb_dir.c |2 +- source3/libsmb/libsmb_file.c|2 +- source3/torture/torture.c |4 +- source3/utils/net_rpc_printer.c |2 +- 7 files changed, 145 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/client/clitar.c b/source3/client/clitar.c index 80f6c81..ff71924 100644 --- a/source3/client/clitar.c +++ b/source3/client/clitar.c @@ -604,7 +604,7 @@ static void do_setrattr(char *name, uint16 attr, int set) attr = oldattr ~attr; } - if (!cli_setatr(cli, name, attr, 0)) { + if (!NT_STATUS_IS_OK(cli_setatr(cli, name, attr, 0))) { DEBUG(1,(setatr failed: %s\n, cli_errstr(cli))); } } @@ -1078,7 +1078,7 @@ static int get_file(file_info2 finfo) /* Now we update the creation date ... */ DEBUG(5, (Updating creation date on %s\n, finfo.name)); - if (!cli_setatr(cli, finfo.name, finfo.mode, finfo.mtime_ts.tv_sec)) { + if (!NT_STATUS_IS_OK(cli_setatr(cli, finfo.name, finfo.mode, finfo.mtime_ts.tv_sec))) { if (tar_real_noisy) { DEBUG(0, (Could not set time on file: %s\n, finfo.name)); /*return(False); */ /* Ignore, as Win95 does not allow changes */ diff --git a/source3/include/proto.h b/source3/include/proto.h index 9a8b6a8..c8b7927 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2486,7 +2486,17 @@ NTSTATUS cli_getatr(struct cli_state *cli, uint16_t *attr, SMB_OFF_T *size, time_t *write_time); -bool cli_setatr(struct cli_state *cli, const char *fname, uint16_t attr, time_t t); +struct tevent_req *cli_setatr_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct cli_state *cli, + const char *fname, + uint16_t attr, + time_t mtime); +NTSTATUS cli_setatr_recv(struct tevent_req *req); +NTSTATUS cli_setatr(struct cli_state *cli, +const char *fname, +uint16_t attr, +time_t mtime); struct tevent_req *cli_chkpath_send(TALLOC_CTX *mem_ctx, struct event_context *ev, struct cli_state *cli, diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index 7983516..e210d76 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -2506,6 +2506,132 @@ NTSTATUS cli_setattrE(struct cli_state *cli, Do a SMBsetatr call. / +static void cli_setatr_done(struct tevent_req *subreq); + +struct cli_setatr_state { + int dummy; +}; + +struct tevent_req *cli_setatr_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct cli_state *cli, + const char *fname, + uint16_t attr, + time_t mtime) +{ + struct tevent_req *req = NULL, *subreq = NULL; + struct cli_setatr_state *state = NULL; + uint8_t additional_flags = 0; + uint16_t vwv[8]; + uint8_t *bytes = NULL; + + req = tevent_req_create(mem_ctx, state, struct cli_setatr_state); + if (req == NULL) { + return NULL; + } + + memset(vwv, '\0', sizeof(vwv)); + SSVAL(vwv+0, 0, attr); + cli_put_dos_date3(cli, (char *)vwv[1], 0, mtime); + + bytes = talloc_array(state, uint8_t, 1); + if (tevent_req_nomem(bytes, req)) { + return tevent_req_post(req, ev); + } + bytes[0] = 4; + bytes = smb_bytes_push_str(bytes, cli_ucs2(cli), fname, + strlen(fname)+1, NULL); + if (tevent_req_nomem(bytes, req)) { + return tevent_req_post(req, ev); + } + bytes = TALLOC_REALLOC_ARRAY(state, bytes, uint8_t, + talloc_get_size(bytes)+1); + if (tevent_req_nomem(bytes, req)) { + return tevent_req_post(req, ev); + } + +
Build status as of Thu May 7 00:00:02 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-05-06 00:00:33.0 + +++ /home/build/master/cache/broken_results.txt 2009-05-07 00:00:07.0 + @@ -1,4 +1,4 @@ -Build status as of Wed May 6 00:00:02 2009 +Build status as of Thu May 7 00:00:02 2009 Build counts: Tree Total Broken Panic @@ -10,12 +10,12 @@ lorikeet 0 0 0 pidl 22 3 0 ppp 15 0 0 -rsync32 10 0 +rsync31 10 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 30 20 0 +samba_3_current 30 19 0 samba_3_master 31 30 0 -samba_3_next 31 30 1 +samba_3_next 31 30 0 samba_4_0_test 32 31 1 talloc 32 32 0 tdb 30 11 0