date:20090902


willem.bo...@adticket.de wrote:

Greetings all,

I have a VERY basic fileserver in my network, that works well for my
needs, and have run into a problem that I can't solve. I am sure that the
more eperienced users here will be able to help me in less than 5 minutes,
so please, if you have some time.

My smb.conf
[global]
workgroup = msheimnetz
server string = Samba Server Version %v
netbios name = fileserver
log file = /var/log/samba/%m.log
max log size = 50
wins support = yes
printcap name = CUPS
printing = CUPS
map to guest = nobody
security = user
passdb backend = tdbsam
# Share Definitions
[sharefiles]
comment = Server Files
path = /var/samba/public/sharefiles
public = Yes
readonly = No
writeable = Yes
follow symlinks = Yes
wide links = Yes
create mask = 0775
force user = fileserver
force group = fileserver
guest ok = Yes
valid users = fileserver
nt acl support = No

My windows clients all connect to this share 100% and read/write to it :)

My Linux clients seems to map the remote uid to the local uid.

Now if your current local uid is the same as the remote uid, then you also
can write perfectly to the fileserver, but if your local uid is not...
Well then you have permission problem.

I connect my Linux clients with a fstab entry:
//192.168.1.127/sharefiles   /mnt/fileserver  cifs   
credentials=/home/.auth,rw,soft  0 0


The connection works fine on boot.

How do I map this remote uid to the local uid?

  
In the credentials section of the entry in /etc/fstab, put in 
username=whatever,domain=whatever.


Otherwise, change your authentication system to use Samba for your Linux 
clients as well.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] several domain

2009-09-02 Thread azzouz


Hi !

Is it possible for one samba server to manage several domain ( seral 
instance) ?


I want to connecte tow diffent network to my server ( with tow interface 
) and get one different domain for each network manage par the same server.


Thanks !


Y.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.4 is unable to list users with getent and id (idmap_ad backend)

2009-09-02 Thread Oliver Weinmann

Dear All,

I'm using Samba Version 3.2.6 under Solaris 8 with the following config:

netbios name = pegasus
realm = REALM.NET
workgroup = REALM
security = ADS
encrypt passwords = yes
password server = *
os level = 20
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap backend = ad
idmap config REALM:schema_mode = sfu
winbind nss info = sfu
allow trusted domains = no
winbind enum users = no
winbind enum groups = no
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
max log size = 50
log file = /var/log/samba/log.%m
dns proxy = no
wins server = 172.20.200.18 172.18.200.20
allow trusted domains = No
client use spnego = Yes
use kerberos keytab = true
winbind refresh tickets = yes

This is working fine. 

Recently I compiled Samba 3.4 for Solaris 10 and I just can't  get it to
work with the idmap backend ad.

Wbinfo -u and wbinfo -g show all my AD users but id  username and getent
passwd username shows nothing. The logs don't show anything suspicious
except this error:

lib/C.msg: No such file or directory

I checked on the Solaris 8 box and this file doesn't exist either. So I
suspect it not the be the cause of the problem.

I noticed that the smb.conf needed some adjustment in samba 3.3.2. I got
this working using:

idmap config REALM : backend = ad
idmap config REALM : schema_mode = sfu 
idmap config REALM : range = 0-

Instead of idmap backend = ad

But with 3.4 I had no luck.

This is what my current config on Samba 3.4 looks like:

[global]
netbios name = Phobos
realm = REALM.NET
workgroup = REALM
security = ADS
encrypt passwords = yes
password server = *
os level = 20
#idmap backend = ad
idmap config REALM : backend = ad
idmap config REALM:schema_mode = sfu
idmap config REALM : range = 0-
winbind nss info = sfu
winbind enum users = yes
winbind enum groups = yes
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
max log size = 50
log file = /var/log/samba/log.%m
log level = 10
dns proxy = no
wins server = 172.20.200.18 172.18.200.20
allow trusted domains = no
client use spnego = Yes
#use kerberos keytab = true
winbind refresh tickets = yes

Any help would be appreciated. If I can't get it working I might need to
get back using an older Version like 3.2.6.

Regards,
Oliver
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Simple CIFS Linux permission

2009-09-02 Thread Willem P. Botha

Willem  wrote:
 I connect my Linux clients with a fstab entry:
 //192.168.1.127/sharefiles   /mnt/fileserver  cifs   
 credentials=/home/.auth,rw,soft  0 0

 The connection works fine on boot.

 How do I map this remote uid to the local uid?

Gary wrote:
In the credentials section of the entry in /etc/fstab, put in 
username=whatever,domain=whatever.

Otherwise, change your authentication system to use Samba for your
Linux clients as well.

Gary, I tried adding the username=fileserver,domain=msheimnetz but it
has no effect. 

I am a bit confused, as the credentials=/home/.auth file already
contains this info, and it connect 100% with no username password
request. 

If I can explain it better: 
I can connect to the share, read the files, and even copy them, but can
not save them. If I view the permissions the files are listed as
belonging to admin(UID 501 on local machine) and it should say
fileserver(UID 501 on remote machine). The current user in this case is
user5(UID 507 on local machine) 

Thus no matter what I do I keep getting the problem that the users can't
save the files, cause the UID mapping is not made. 

Is there not a way to tell Samba that files belong to the remote UID
rather than the local UID. And if I authenticate as the remote user, why
is the local UID being used when writing? 

All I actually need is a common shared fileserver. No fancy rights, or
anything, just a shared network drive that everyone can use to save
documents, no permissions required really. Maybe I am going about this
the wrong way. 

Thanks for the reply :)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] several domain

2009-09-02 Thread azzouz


Clément VERET wrote:

2009/9/2 azzouz azz...@hymedia.univ-paris8.fr:
  

Hi !

Is it possible for one samba server to manage several domain ( seral
instance) ?



Just run multiple smbd process with different config file and log dir :
smbd -s=$CONFIG_FILE -l=$LOG_PATH -D

You need to specify a different interface for each samba server as
well. Then, all you have to do is copying the original /etc/init.d/smb
file and modify the parameters for your second domain.
  

Great!

Thanks!

Are there some who test this sort of configuration ?
Don't this cause problems of load and availability  ?

Y.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] several domain

2009-09-02 Thread Sven Bettscheider

In this context, I wonder what the response of the winbind daemon looks. 
If it possible to run multiple smbd with multiple winbind daemons. One 
reason could be authenticate to various domains.


azzouz wrote:

Clément VERET wrote:

2009/9/2 azzouz azz...@hymedia.univ-paris8.fr:
 

Hi !

Is it possible for one samba server to manage several domain ( seral
instance) ?



Just run multiple smbd process with different config file and log dir :
smbd -s=$CONFIG_FILE -l=$LOG_PATH -D

You need to specify a different interface for each samba server as
well. Then, all you have to do is copying the original /etc/init.d/smb
file and modify the parameters for your second domain.
  

Great!

Thanks!

Are there some who test this sort of configuration ?
Don't this cause problems of load and availability  ?

Y.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cannot connect from Windows 2000 to Samba 3.4 .0 on Li nux ....

2009-09-02 Thread Jochen Roderburg

Hoover, Tony hoover at sal.ksu.edu writes:

 
 Some default setting have changed.  Use: testparm -v  from your various
 versions of samba to detect which parameters may be causing you issues.
 
 
 Tony Hoover, Network Administrator
 KSU - Salina, College of Technology and Aviation
 (785) 826-2660

Yes, that was a possibility I also thought of, but I could not find anything
suspicious in this area.

The only documented default changes in 3.4 among the parameters are 
passdb backend, which I have set explicitely to smbpasswd now
and map untrusted to domain, which is not for a standalone server.

For the sake of completeness a diff of the testparm -v outputs from samba
version 3.3.7 and 3.4.0:

1a2
 access based share enum = No
30a32
 browsable = Yes
32a35
 cache directory = /var/log/samba3/locks
47,48d49
 config backend = file
 config file = 
62a64
 dedicated keytab file = 
132d133
 include = 
141a143
 kerberos method = default
194a197
 map untrusted to domain = No
199c202
 max open files = 1
---
 max open files = 1024
244a248
 perfcount module = 
262c266
 private dir = /usr/local/samba3/private
---
 private dir = /usr/local/private
283c287
 server string = Samba 3.3.7
---
 server string = Samba 3.4.0
292c296
 smb passwd file = /usr/local/samba3/private/smbpasswd
---
 smb passwd file = /usr/local/private/smbpasswd
296a301
 state directory = /var/log/samba3/locks
314d318
 use kerberos keytab = No



Jochen Roderburg
RRZK
University of Cologne
Robert-Koch-Str. 10Tel.:   +49-221/478-7024
D-50931 Koeln  E-Mail: Roderburg at Uni-Koeln.DE
Germany 





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Vista + samba 3.4 member server problem

2009-09-02 Thread Hannu Tikka

Hi!

I have samba4 domain controller + samba 3.4 member server.
On XP login to domain and connection to member server works ok.
Vista can login to domain but can't get connected to member server.

Member servers log.smbd is following error with Vista client:

---
[2009/09/02 14:12:02,  3] smbd/process.c:1259(switch_message)
  switch message SMBsesssetupX (pid 30541) conn 0x0
[2009/09/02 14:12:02,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/09/02 14:12:02,  3] smbd/sesssetup.c:1406(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2009/09/02 14:12:02,  2] smbd/sesssetup.c:1361(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2009/09/02 14:12:02,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2009/09/02 14:12:02,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2009/09/02 14:12:02,  3] smbd/sesssetup.c:776(reply_spnego_negotiate)
  reply_spnego_negotiate: Got secblob of size 1301
[2009/09/02 14:12:02,  3]
libads/kerberos_verify.c:377(ads_secrets_verify_ticket)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2009/09/02 14:12:02,  3]
libads/kerberos_verify.c:377(ads_secrets_verify_ticket)
  ads_secrets_verify_ticket: enc type [1] failed to decrypt with error
Message size is incompatible with encryption type
[2009/09/02 14:12:02,  3]
libads/kerberos_verify.c:377(ads_secrets_verify_ticket)
  ads_secrets_verify_ticket: enc type [3] failed to decrypt with error
Message size is incompatible with encryption type
[2009/09/02 14:12:02,  3] libads/kerberos_verify.c:567(ads_verify_ticket)
  ads_verify_ticket: krb5_rd_req with auth failed (Message size is
incompatible with encryption type)
[2009/09/02 14:12:02,  1] smbd/sesssetup.c:333(reply_spnego_kerberos)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2009/09/02 14:12:02,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/sesssetup.c(335) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE


Any clues are very welcome

regards
Hannu

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] preexec BATCH FILE

2009-09-02 Thread Terry ( 1stKMH )

Terry  wrote:
 Can I use the preexec option to run a batch file when a share is accessed ?
 This would not be a domain logon though
 
 
 for example
 
 [san]
 path=/tank/samba
 guest ok=yes
 readonly=no
 preexec = /tank/samba/MENU.CMD
 
 Thanks
 Terry
 

Ah preexec tries to run it on the server its self of course bit of a blonde 
moment there
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba+cups printing. drivers on clients.

2009-09-02 Thread Sergey Karapetyan

Hello Guys!
Need help

myprintserver:
CentOS 5.3;
Samba 3.0.33-3.7.el5;
Cups 1.3.7 (LPD / socket) RAW printing mode;

Windows clients:
2000 SP1-4;
XP SP1-2;
*has no administrative rights

I have already installed printer from myprintserver on clients:
name: printer_01
model: HP LJ 3050 (drivers automaticly downloaded then installing printer on 
windows clients at first time.)
works fine.

Sometimes printers need replace and replace drivers:
I replace printer_01 and now it Kyocera 4020DN

And i set correct driver to printer_01 on the myprintserver:
rpcclient -U'user%password' -csetdriver printer_01 4020DN myprintserver
Now all _new_ windows clients will get correct driver;
problem:
1)Old clients who has printer_01 will use old driver (HP). Update not occur.
If i remove printer_01 on windows client, driver not removes.
and if i try connect \\myprintserver\printer_01 windows client will use HP 
driver!
How can i completely remove printer+driver on windows client(without 
administrative rights) or another way to solve problem?

2)Some clients need Administrative Rights to first install printer driver? Or 
will be exception then try printer options page?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] preexec BATCH FILE

2009-09-02 Thread Terry ( 1stKMH )

Can I use the preexec option to run a batch file when a share is accessed ?
This would not be a domain logon though


for example

[san]
path=/tank/samba
guest ok=yes
readonly=no
preexec = /tank/samba/MENU.CMD

Thanks
Terry
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Simple CIFS Linux permission

Willem P. Botha wrote:

Willem wrote:
I connect my Linux clients with a fstab entry:
//192.168.1.127/sharefiles /mnt/fileserver cifs
credentials=/home/.auth,rw,soft 0 0

The connection works fine on boot.

How do I map this remote uid to the local uid?

Gary wrote:
In the credentials section of the entry in /etc/fstab, put in
username=whatever,domain=whatever.

Otherwise, change your authentication system to use Samba for your
Linux clients as well.

Gary, I tried adding the username=fileserver,domain=msheimnetz but it
has no effect.

I am a bit confused, as the credentials=/home/.auth file already
contains this info, and it connect 100% with no username password
request.

If I can explain it better:
I can connect to the share, read the files, and even copy them, but can

not save them. If I view the permissions the files are listed as
belonging to admin(UID 501 on local machine) and it should say
fileserver(UID 501 on remote machine). The current user in this case is
user5(UID 507 on local machine)

Thus no matter what I do I keep getting the problem that the users can't
save the files, cause the UID mappiWillem P. Botha willem.bo...@adticket.deng is not made.

Is there not a way to tell Samba that files belong to the remote UID
rather than the local UID. And if I authenticate as the remote user, why
is the local UID being used when writing?

All I actually need is a common shared fileserver. No fancy rights, or
anything, just a shared network drive that everyone can use to save
documents, no permissions required really. Maybe I am going about this
the wrong way.

Thanks for the reply :)

Your situation is very confusing. Your server name is, according to your
smb.conf line:
netbios name = fileserver
and you are also forcing all users to connect as username group
force user = fileserver
force group = fileserver

The force user tells Samba to connect as user fileserver no matter
what id the user connects with. However, if your .auth file already is
telling Samba that you are connecting as fileserver, this should have no
affect.

I note that you also have guest ok = yes in your smb.conf. It is
possible that you are not connecting as user fileserver, possibly due to
a .auth file error. You may be connecting as guest which may still have
read access but probably not write. Try manually connecting without
specifying a password in the .auth file. See if you get an error message.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

[Samba] Problem to join Win20900 ADS realm

2009-09-02 Thread JAP


Dear samba team:

I've some troubles to join a GNU/Linux Debian “squeeze” machine to a 
Windows 2000 ADS realm. I've studied everything about samba, but this 
problem cause that I cant print in the Windows servers and I've other 
problems.
I've joined machines in this domain before ( I made a recipe at 
http://wiki.debian.org/SAMBAclienteWindows)
But in the last days, I've a problem with the disk, and was necessary to 
set up all the system again.

And it's impossible to me join the domain!
I'd tracked everything in the web about this problem, but I did not find 
the solution.
Attaches all the information about the net / samba configuration and the 
errors.


Please, if you can help me.

Javier

-

My host: station91
My user: win-user5
My password: win-pass
My domain: company
My realm: local.company
My KDC administrative server: serverpdc1
My KDC secondary server: serverbdc7

-


# /etc/network/interfaces
#
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# LOCAL
 allow-hotplug eth0
 auto eth0
 iface eth0 inet dhcp
 post-up route del default gw 10.111.1.254
 post-up route del -net 10.111.1.0 netmask 255.255.255.0 dev eth0
 post-up route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0
 post-up net time set -S serverpdc1

-

# /etc/krb5.conf

[libdefaults]
default_realm = LOCAL.COMPANY

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

[realms]
LOCAL.COMPANY = {
kdc = serverbdc7
kdc = serverpdc1
kdc = serverbdc2
kdc = serverbdc5
admin_server = serverpdc1
}

[domain_realm]
 .local.company = LOCAL.COMPANY
 local.company = LOCAL.COMPANY

[login]
krb4_convert = true
krb4_get_tickets = false

-


# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc Name Service Switch' for information about this file.

passwd:  files winbind ldap
group:   files winbind ldap
shadow:  files

hosts:   files wins mdns4_minimal [NOTFOUND=return] dns mdns4
networks:files

protocols:   db files
services:db files
ethers:  db files
rpc: db files

netgroup:nis

-


# /etc/samba/smb.conf
# Samba config file created using SWAT
# from UNKNOWN (��t)
# Date: 2009/09/02 08:30:38

[global]
ldap ssl ads = Yes
idmap gid = 1-2
	passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

obey pam restrictions = Yes
browse list = No
dns proxy = No
idmap uid = 1-2
local master = No
workgroup = COMPANY
os level = 0
winbind refresh tickets = Yes
update encrypted = Yes
printcap name = cups
security = ADS
winbind separator = +
max log size = 1000
lanman auth = Yes
log file = /var/log/samba/log.%m
include = /etc/samba/dhcp.conf
wins server = eth0:10.111.1.201
auth methods = winbind, krb5, ldap, guest, sam
interfaces = eth0
username map = /etc/samba/smbusers
domain master = No
winbind trusted domains only = yes
realm = LOCAL.COMPANY
winbind use default domain = Yes
server string = %h - Jefe Almacenaje (13-6922)
password server = serverbdc7, serverpdc1, *
unix password sync = Yes
template homedir = /home/%U
syslog = 0
panic action = /usr/share/samba/panic-action %d
pam password change = Yes

[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No

-



station91:~# wbinfo -m --verbose
Domain Name DNS Domain  Trust Type  Transitive  In   Out

Re: [Samba] Simple CIFS Linux permission

2009-09-02 Thread Willem P. Botha


 Your situation is very confusing. Your server name is, according to your
 smb.conf line:
 netbios name = fileserver
 and you are also forcing all users to connect as username  group
 force user = fileserver
 force group = fileserver
 
 The force user tells Samba to connect as user fileserver no matter
 what id the user connects with. However, if your .auth file already is
 telling Samba that you are connecting as fileserver, this should have no
 affect.
 
 I note that you also have guest ok = yes in your smb.conf. It is
 possible that you are not connecting as user fileserver, possibly due to
 a .auth file error.  You may be connecting as guest which may still have
 read access but probably not write. Try manually connecting without
 specifying a password in the .auth file. See if you get an error message.
 
A test with no password in my .auth file proved NOT to work, so this
means I can't connect to the server without the right
username/password..

I did this force user and group to enable everybody in the company to
read and write to the shared folder... 

I am just completely unhappy that the Windows works 100% and the Linux
not... This is just wrong :( 

Be that as it may...If you don't feel like breaking your head on this,
could you maybe help me with creating a samba conf that would require no
authentication, and have read/write access for all... This was the
original ideaJust a simple shared folder for all on the network.

Sorry for messing up your head with my confusing configurations :D

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] sambaPwdMustChange not synced on PDC from BDC

2009-09-02 Thread David Markey

This caught me out too.

sambaPwdMustChange has been phased out since late in the 3.0 series. It is
ignored.

The password expiry is calculated on the fly from sambaPwdLastChange +
sambaMaxPwdAge(Domain entry)


You will have to run the same version of samba on both PDC and BDC.





On Tue, 01 Sep 2009 22:34:41 +0200, Michael Ströder mich...@stroeder.com
wrote:
 nogenetics nogenetics wrote:
 On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics 
 nnogenet...@gmail.com wrote:
 I have a PDC/BDC samba/ldap environment.
 PDC:
 samba 3.0.24
 slapd 2.3.30

 BDC:
 samba 3.2.5
 slapd 2.4.11

 Ldap replication is working fine, but I have noticed two issues

 1- when a windows user change password on BDC, sambaPwdMustChange and
 sambaPwdCanChange is not synced on PDC
 (using ldap passwd sync = yes and unix password sync = no)

 2- when using 'net sam set pwdmustchange'  on PDC, sambaPwdMustChange
is
 not synced on BDC

 Anyone can point me what's wrong?

 About issue 1-  , I can use unix password sync = yes and ldap passwd
 sync =
 no (using smbldap-passwd) as workaround, but windows user get that
 annoying
 warning message (decode_pw_buffer-incorrect-password-length topic).  Is
 there a way to avoid this warning message?
 This is a issue many users are experiencing.

 Thanks in advance for your time


 Bump!
 No hints?
 
 How are you sure you don't run into OpenLDAP replication problems? The
 OpenLDAP versions you're running are quite old. slapd 2.3.x is not
actively
 supported anymore. There also were interop issues fixed regarding
 replication
 between 2.3.x and 2.4.x and numerous syncrepl fixes for 2.4.x. You should
 definitely upgrade your OpenLDAP installations.
 
 Ciao, Michael.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Simple CIFS Linux permission


Willem P. Botha wrote:
  
  

Your situation is very confusing. Your server name is, according to your
smb.conf line:
netbios name = fileserver
and you are also forcing all users to connect as username  group
force user = fileserver
force group = fileserver

The force user tells Samba to connect as user fileserver no matter
what id the user connects with. However, if your .auth file already is
telling Samba that you are connecting as fileserver, this should have no
affect.

I note that you also have guest ok = yes in your smb.conf. It is
possible that you are not connecting as user fileserver, possibly due to
a .auth file error.  You may be connecting as guest which may still have
read access but probably not write. Try manually connecting without
specifying a password in the .auth file. See if you get an error message.



A test with no password in my .auth file proved NOT to work, so this
means I can't connect to the server without the right
username/password..

I did this force user and group to enable everybody in the company to
read and write to the shared folder... 


I am just completely unhappy that the Windows works 100% and the Linux
not... This is just wrong :( 


Be that as it may...If you don't feel like breaking your head on this,
could you maybe help me with creating a samba conf that would require no
authentication, and have read/write access for all... This was the
original ideaJust a simple shared folder for all on the network.

Sorry for messing up your head with my confusing configurations :D

  
OK. So now try removing the credentials entirely. Also, set the log 
level in smb.conf to 10 and restart it. Then connect from the command 
line (as root) using -o username=fileserver,domain=


See if you get an error message and also check the logs.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Simple CIFS Linux permission

2009-09-02 Thread Willem P. Botha

 OK. So now try removing the credentials entirely. Also, set the log 
 level in smb.conf to 10 and restart it. Then connect from the command 
 line (as root) using -o username=fileserver,domain=
 
 See if you get an error message and also check the logs.
 
OK, first off, no matter what I do, I have to provide a password... or
else I can't connect. Regardless if I add a domain or not. The security
is set to user level, so this is what I think should happen...or am I
wrong?  

Log level 10 is Crazy man... :-O

If I give the password, then it connects fine. The log file said :
connecting to service initially as fileserver(gid uid pid) 

if I unmount the service the log file also response with a connection
closed.. 

So it is allowing me to connect no problem, but still the problem is
that the files on the share, is mapped to my local user-list, so Samba
is not actually giving me any error.
When I try to copy a file on this share, the log file does nothing !

It seems my local machine is preventing this from happening, not samba.
It seems to figure out that the uid and gid for the remote folder is set
to something else than the current user, and thus preventing me from
writing to this service.

The remote machine provides me a folder with write access for uid=501
and gid=501

The local machine sees a folder with write access for uid=501,gid=501
My current user is uid=503, hence the permission denied.

My problem is not the connection.. it's writing files. Still I am lost
at how to map the remote uid to the local uid, or the authenticated
user..?? 
 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Cached password updates with Winbind

2009-09-02 Thread Schneider, Craig-P65851

If a user changes their password and the client looses network
connectivity prior to them logging in again their local/cached password
is not updated; they have to use their old password to authenticate. Is
there a way to change this behavior so that the cached password gets
updated upon a successful password change?

Thx,
Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Upgrade from 3.0.31 to 3.3.7 now has incredibly large printer tdb files

2009-09-02 Thread William Jojo



Sorry for the cross-post, but curious if this is a known issue.

After upgrading our printer server from 3.0.31 to 3.3.7, the tdb files 
for the specific queues are growing out of control with old job data in 
the tdb file. In addition the queue from the windows view can show 
hundreds of old jobs that have long since printed.


How can we:

a) reduce the tdb file size and
b) stop samba from recording this info in the first place (as no one 
really cares from the windows side as long as their job prints :-) :-) )


Setting lpq cache = 0 was no help and max reported print jobs does not 
help either.



Cheers,
Bill

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] default profile

2009-09-02 Thread Tamás Pisch

I turned on profile debugging. When I logged in first time, I changed the
password.
Here is a part of the log (username is t8):

USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: Entering, hToken = 0x3d8,
lpProfileInfo = 0x80f698
USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: lpProfileInfo-dwFlags =
0x9
USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: lpProfileInfo-lpUserName =
LocalService
USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL central profile path
USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL default profile path
USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL server name
USERENV(2f0.3a0) 19:15:51:078 GetInterface: Returning rpc binding handle
USERENV(2c4.3f4) 19:15:51:078 IProfileSecurityCallBack: client
authenticated.
USERENV(2c4.3f4) 19:15:51:078 DropClientContext: Got client token 04EC,
sid = S-1-5-18
USERENV(2c4.3f4) 19:15:51:093 MIDL_user_allocate enter
USERENV(2c4.3f4) 19:15:51:093 DropClientContext: load profile object
successfully made
USERENV(2c4.3f4) 19:15:51:093 DropClientContext: Returning 0
USERENV(2f0.3a0) 19:15:51:093 LoadUserProfile: Calling DropClientToken (as
self) succeeded
USERENV(2c4.2dc) 19:15:51:093 IProfileSecurityCallBack: client
authenticated.
USERENV(2c4.2dc) 19:15:51:093 In LoadUserProfileP
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Running as client
USERENV(2c4.2dc) 19:15:51:093
=
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Entering, hToken = 0x4f8,
lpProfileInfo = 0xef0800
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: lpProfileInfo-dwFlags =
0x9
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: lpProfileInfo-lpUserName =
LocalService
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL central profile path
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL default profile path
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL server name
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: User sid: S-1-5-19
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock S-1-5-19
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock: No existing entry
found
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock: New entry created
USERENV(2c4.2dc) 19:15:51:093 CHashTable::HashAdd: S-1-5-19 added in bucket
12
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(2c4.2dc) 19:15:51:093 TestIfUserProfileLoaded:  Profile already
loaded.
USERENV(2c4.2dc) 19:15:51:093 Profile Ref Count is 2
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Leaving critical Section.
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock S-1-5-19
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock: Lock released
USERENV(2c4.2dc) 19:15:51:093 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock: Lock deleted
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Impersonated user: 04f8,
0118
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Reverted to user: 
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Reverted back to user

USERENV(2c4.2dc) 19:15:51:109 LoadUserProfile: Leaving with a value of 1.
USERENV(2c4.2dc) 19:15:51:109
=
USERENV(2c4.2dc) 19:15:51:109 LoadUserProfileI: returning 0
USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Running as self
USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Calling LoadUserProfileI (as
user) succeeded
USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile:  Returning success.  Final
Information follows:
USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-UserName = LocalService
USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-lpProfilePath = 
USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-dwFlags = 0x9
USERENV(2c4.3f4) 19:15:51:109 IProfileSecurityCallBack: client
authenticated.
USERENV(2c4.3f4) 19:15:51:109 ReleaseClientContext: Releasing context
USERENV(2c4.3f4) 19:15:51:109 ReleaseClientContext_s: Releasing context
USERENV(2c4.3f4) 19:15:51:109 MIDL_user_free enter
USERENV(2f0.3a0) 19:15:51:109 ReleaseInterface: Releasing rpc binding handle
USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Returning TRUE. hProfile =
0x43c
USERENV(2f0.3a0) 19:15:51:109 GetUserDNSDomainName:  Domain name is NT
Authority.  No DNS domain name available.
USERENV(f4.f8) 19:15:51:171 LibMain: Process Name:
C:\WINDOWS\System32\alg.exe
USERENV(47c.770) 19:15:51:281 GetProfileType:  Profile already loaded.
USERENV(47c.770) 19:15:51:281 LoadProfileInfo:  Failed to query central
profile with error 2
USERENV(47c.770) 19:15:51:281 GetProfileType: ProfileFlags is 0
USERENV(2fc.368) 19:16:06:656 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(2fc.368) 19:16:06:656
=
USERENV(2fc.368) 19:16:06:656 LoadUserProfile: Entering, hToken = 0x644,
lpProfileInfo = 0xb2fa0c
USERENV(2fc.368) 19:16:06:656 LoadUserProfile: lpProfileInfo-dwFlags =
0x1
USERENV(2fc.368) 19:16:06:656 LoadUserProfile: lpProfileInfo-lpUserName =
t8

Re: [Samba] Simple CIFS Linux permission

2009-09-02 Thread Mark Nienberg


willem.bo...@adticket.de wrote:


I connect my Linux clients with a fstab entry:
//192.168.1.127/sharefiles   /mnt/fileserver  cifs   
credentials=/home/.auth,rw,soft  0 0


Here is an example from my server:
//192.168.254.35/projects  /mnt/engin  cifs 
noperm,uid=enginuser,gid=Engineers,credentials=/root/creds  0 0


Does that help?
--
Mark Nienberg
Sent from an invalid address. Please reply to the group.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cached password updates with Winbind

2009-09-02 Thread Schneider, Craig-P65851

I have set that to various times, as small as 10, but I don't see any
network traffic in tcpdump indicating the updates are occuring. In
addition, I modified a user account on the PDC, wbinfo showed a sequence
change, I waited well over 5 minutes just make sure the default cache
timeout wasn't being used, and the cache still wasn't updated. Here is
my config. maybe there is something wrong there?

[global]

log level = 5 ads:10 auth:10 sam:10 rpc:10

winbind offline logon = true
winbind cache time = 30
winbind normalize names = yes
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = false
workgroup = TEST
server string = Samba Server Version %v
realm = TEST.LOCAL
security = ads
password server = win2k 
passdb backend = tdbsam

idmap uid = 16777216-33554431
idmap gid = 16777216-33554431

template shell = /bin/bash
template homedir = /home/network/%U

load printers = no
cups options = raw


[homes]
comment = Home Directories
browseable = no
writable = yes

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes


Thanks,
Craig

-Original Message-
From: Max Leon [mailto:maxleo...@gmail.com] 
Sent: Wednesday, September 02, 2009 9:34 AM
To: Schneider, Craig-P65851
Cc: samba@lists.samba.org
Subject: Re: [Samba] Cached password updates with Winbind

On the smb.conf there is a parameter on the Global section called
winbind cache time I think that is your answer.

Schneider, Craig-P65851 wrote:
 If a user changes their password and the client looses network 
 connectivity prior to them logging in again their local/cached 
 password is not updated; they have to use their old password to 
 authenticate. Is there a way to change this behavior so that the 
 cached password gets updated upon a successful password change?

 Thx,
 Craig

   
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] default profile

2009-09-02 Thread Adam Williams

you can copy it manually form c:\docs and settings\username to 
\\server\profiles\username and then delete the local user and have them 
login and it should load their profile as a roaming user.


Tamás Pisch wrote:

2009/9/1 Adam Williams awill...@mdah.state.ms.us

  

Tamás Pisch wrote:

2009/8/31 Adam Williams awill...@mdah.state.ms.us awill...@mdah.state.ms.us

   my computer properties, advanced tab, user profiles.  is user set to local
and not roaming? does it only happen to certain


 local profile




change local profile to roaming in the my computer properties, advanced,
user profiles section.




I cannot, because it is inactive (grayed).
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] default profile

2009-09-02 Thread Volker Lendecke

Hi!

On Wed, Sep 02, 2009 at 07:54:11PM +0200, Tamás Pisch wrote:

 USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: User sid: S-1-5-19

Sorry, but I haven't followed this thread. But *this* looks
wrong. A user should never have S-1-5-19 as SID. It must be
of the form S-1-5-21-a-b-c-d where a,b,c and d are 32-bit
numbers.

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] User permissions on other users home directory

2009-09-02 Thread Adam Del Vecchio

Hello,

I have 5 users that need to be able to read and write from each others
home directorys. How I have done this is by creating a group office,
adding these 5 users to the office group, and then changing ownership
of users home directorys to user1:office

However, when user1 edits a file in his home directory, user2 can no
longer edit it, even though both users are in the office group.

My smb.conf:

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = VENTURE

# server string is the equivalent of the NT Description field
   server string = Server

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
#   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# What naming service and in what order should we use to resolve host names
# to IP addresses
;   name resolve order = lmhosts host wins bcast

 Networking 

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = yes



 Debugging/Accounting 

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/%m/%u.log

# Cap the size of the individual log files (in KiB).
   max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
#   syslog only = no

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d


### Authentication ###

# security = user is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.
  security = user

# You may wish to use password encryption.  See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
   encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
   passdb backend = tdbsam

   obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan
ka...@informatik.tu-muenchen.de for
# sending the correct chat script for the passwd program in Debian Sarge).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
   pam password change = yes

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
#   map to guest = bad user

## Domains ###

# Is this machine able to authenticate users. Both PDC and BDC
# must have this setting enabled. If you are the BDC you must
# change the 'domain master' setting to no
#
 domain logons = yes
 admin users = adamdv angeladv
 domain admin = adamdv
#
# The following setting only takes effect if 'domain logons' is set
# It specifies the location of the user's profile directory
# from the client point of view)
# The following required a [profiles] share to be setup on the
# samba server (see below)
   logon path = \\server1\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
#   logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
  logon drive = H:
   logon home = \\server1\%U

# The following setting only takes effect if 'domain logons' is set

Re: [Samba] default profile

2009-09-02 Thread Masao Garcia

There is a bug in Windows SP3 where if you change your password the first
time logging into the domain on a computer, it will not copy down the
Default User profile stored in the netlogon folder.  I believe there is a
problem with roaming profiles as well, where changes are not saved back to
the server where the profile is being saved.

http://social.technet.microsoft.com/Forums/en-US/itproxpsp/thread/29d8987a-6
017-48bc-9972-dc8f8f80532c

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Tamás Pisch
Sent: Wednesday, September 02, 2009 12:54 PM
To: samba@lists.samba.org
Subject: Re: [Samba] default profile

I turned on profile debugging. When I logged in first time, I changed the
password.
Here is a part of the log (username is t8):

USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: Entering, hToken = 0x3d8,
lpProfileInfo = 0x80f698
USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: lpProfileInfo-dwFlags =
0x9
USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: lpProfileInfo-lpUserName =
LocalService
USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL central profile path
USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL default profile path
USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL server name
USERENV(2f0.3a0) 19:15:51:078 GetInterface: Returning rpc binding handle
USERENV(2c4.3f4) 19:15:51:078 IProfileSecurityCallBack: client
authenticated.
USERENV(2c4.3f4) 19:15:51:078 DropClientContext: Got client token 04EC,
sid = S-1-5-18
USERENV(2c4.3f4) 19:15:51:093 MIDL_user_allocate enter
USERENV(2c4.3f4) 19:15:51:093 DropClientContext: load profile object
successfully made
USERENV(2c4.3f4) 19:15:51:093 DropClientContext: Returning 0
USERENV(2f0.3a0) 19:15:51:093 LoadUserProfile: Calling DropClientToken (as
self) succeeded
USERENV(2c4.2dc) 19:15:51:093 IProfileSecurityCallBack: client
authenticated.
USERENV(2c4.2dc) 19:15:51:093 In LoadUserProfileP
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Running as client
USERENV(2c4.2dc) 19:15:51:093
=
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Entering, hToken = 0x4f8,
lpProfileInfo = 0xef0800
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: lpProfileInfo-dwFlags =
0x9
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: lpProfileInfo-lpUserName =
LocalService
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL central profile path
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL default profile path
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL server name
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: User sid: S-1-5-19
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock S-1-5-19
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock: No existing entry
found
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock: New entry created
USERENV(2c4.2dc) 19:15:51:093 CHashTable::HashAdd: S-1-5-19 added in bucket
12
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(2c4.2dc) 19:15:51:093 TestIfUserProfileLoaded:  Profile already
loaded.
USERENV(2c4.2dc) 19:15:51:093 Profile Ref Count is 2
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Leaving critical Section.
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock S-1-5-19
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock: Lock released
USERENV(2c4.2dc) 19:15:51:093 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock: Lock deleted
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Impersonated user: 04f8,
0118
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Reverted to user: 
USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Reverted back to user

USERENV(2c4.2dc) 19:15:51:109 LoadUserProfile: Leaving with a value of 1.
USERENV(2c4.2dc) 19:15:51:109
=
USERENV(2c4.2dc) 19:15:51:109 LoadUserProfileI: returning 0
USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Running as self
USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Calling LoadUserProfileI (as
user) succeeded
USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile:  Returning success.  Final
Information follows:
USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-UserName = LocalService
USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-lpProfilePath = 
USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-dwFlags = 0x9
USERENV(2c4.3f4) 19:15:51:109 IProfileSecurityCallBack: client
authenticated.
USERENV(2c4.3f4) 19:15:51:109 ReleaseClientContext: Releasing context
USERENV(2c4.3f4) 19:15:51:109 ReleaseClientContext_s: Releasing context
USERENV(2c4.3f4) 19:15:51:109 MIDL_user_free enter
USERENV(2f0.3a0) 19:15:51:109 ReleaseInterface: Releasing rpc binding handle
USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Returning TRUE. hProfile =
0x43c
USERENV(2f0.3a0) 19:15:51:109 GetUserDNSDomainName:  Domain name is NT
Authority.  No DNS domain name available.
USERENV(f4.f8) 19:15:51:171 LibMain: Process Name:

[Samba] Password-less share, for certain users.

2009-09-02 Thread JDE

Is it possible to have a password-less share available to only
certain users? I've been searching all over and could not find
anything.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password-less share, for certain users.

2009-09-02 Thread Miguel Medalha




Is it possible to have a password-less share available to only
certain users?


From the smb.conf man page:

guest ok (S)

If this parameter is yes for a service, then no password is required to 
connect to the service. Privileges will be those of the guest account.


This parameter nullifies the benefits of setting restrict anonymous = 2

See the section below on security for more information about this option.

Default: guest ok = no

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password-less share, for certain users.

2009-09-02 Thread JDE

Here's what I got. I want to allow a 'password-less' log-in that will
allow only user1 and user2 to access share_zero, can this be done? I
know that I can make it public, but that's not really an option as I
need to restrict access to just a hand full of users. Can this be
done? I've searched everywhere and all I can find is setting share to
public, or something similar.

[share_zero]
path = /path/to/dir
writeable = yes
browseable = yes
valid users = user1 user2
guest ok = yes
create mask = 0666
directory mask = 0777
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] User permissions on other users home directory


On 3/09/2009 3:58 AM, Adam Del Vecchio wrote:

However, when user1 edits a file in his home directory, user2 can no
longer edit it, even though both users are in the office group.
...
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
   

Change those.

*Michael Heydon - IT Administrator *
micha...@jaswin.com.au mailto:micha...@jaswin.com.au


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password-less share, for certain users.

2009-09-02 Thread Miguel Medalha




Is it possible to have a password-less share available to only
certain users?



Ooops! I suppose the key expression for you here is only certain users.

Perhaps a combination of the guest account and guest ok parameters 
in the share definition?


Make those users part of the group defined with guest account and then 
use guest ok = yes.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password-less share, for certain users.


On 3/09/2009 8:24 AM, JDE wrote:

Here's what I got. I want to allow a 'password-less' log-in that will
allow only user1 and user2 to access share_zero, can this be done? I
know that I can make it public, but that's not really an option as I
need to restrict access to just a hand full of users. Can this be
done? I've searched everywhere and all I can find is setting share to
public, or something similar.
   
If a user is connecting without a password then they are a guest and 
they do not have a username.


What you are trying to do isn't possible because it is pointless. 
Usernames aren't private, if I can guess (or ask for) someones username 
then I could bypass your restrictions.


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au mailto:micha...@jaswin.com.au

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password-less share, for certain users.


On 3/09/2009 7:44 AM, Miguel Medalha wrote:
Make those users part of the group defined with guest account and 
then use guest ok = yes. 
guest account defines the unix account that is used to access the file 
system when a guest connection is used. It doesn't determine who can use 
the guest account.


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au mailto:micha...@jaswin.com.au

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password-less share, for certain users.

2009-09-02 Thread Miguel Medalha



guest account defines the unix account that is used to access the 
file system when a guest connection is used. It doesn't determine who 
can use the guest account.


Huuummm

From the smb.conf man page:

guest account (G)
This is a username which will be used for access to services which are 
specified as guest ok (see below). Whatever privileges this user has 
will be available to any client connecting to the guest service. This 
user must exist in the password file, but does not require a valid 
login. The user account ftp is often a good choice for this parameter.


On some systems the default guest account nobody may not be able to 
print. Use another account in this case. You should test this by trying 
to log in as your guest user (perhaps by using the su - command) and 
trying to print using the system print command such as lpr(1) or lp(1).


This parameter does not accept % macros, because many parts of the 
system require this value to be constant for correct operation.


Default: guest account = nobody # default can be changed at compile-time

Example: guest account = ftp


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password-less share, for certain users.

2009-09-02 Thread JDE

Thank you both, it doesn't sound like samba supports this behaviour
natively. Guess one other option would be to use pass-through
authentication via Active Directory, which, unfortunately, is not an
option in this scenario. Might have to go with a batch script that'll
just map this share to the users drive, not elegant but probably the
best solution I have this time.

Thanks again.

2009/9/2 Miguel Medalha miguelmeda...@sapo.pt:

 guest account defines the unix account that is used to access the file
 system when a guest connection is used. It doesn't determine who can use the
 guest account.

 Huuummm

 From the smb.conf man page:

 guest account (G)
 This is a username which will be used for access to services which are
 specified as guest ok (see below). Whatever privileges this user has will be
 available to any client connecting to the guest service. This user must
 exist in the password file, but does not require a valid login. The user
 account ftp is often a good choice for this parameter.

 On some systems the default guest account nobody may not be able to print.
 Use another account in this case. You should test this by trying to log in
 as your guest user (perhaps by using the su - command) and trying to print
 using the system print command such as lpr(1) or lp(1).

 This parameter does not accept % macros, because many parts of the system
 require this value to be constant for correct operation.

 Default: guest account = nobody # default can be changed at compile-time

 Example: guest account = ftp
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Simple CIFS Linux permission


Willem P. Botha wrote:
OK. So now try removing the credentials entirely. Also, set the log 
level in smb.conf to 10 and restart it. Then connect from the command 
line (as root) using -o username=fileserver,domain=


See if you get an error message and also check the logs.



OK, first off, no matter what I do, I have to provide a password... or
else I can't connect. Regardless if I add a domain or not. The security
is set to user level, so this is what I think should happen...or am I
wrong?  
  
Yes. I just don't enter passwords in a command. Let the program prompt 
you for it.



Log level 10 is Crazy man... :-O

If I give the password, then it connects fine. The log file said :
connecting to service initially as fileserver(gid uid pid) 


if I unmount the service the log file also response with a connection
closed.. 


So it is allowing me to connect no problem, but still the problem is
that the files on the share, is mapped to my local user-list, so Samba
is not actually giving me any error.
When I try to copy a file on this share, the log file does nothing !

It seems my local machine is preventing this from happening, not samba.
It seems to figure out that the uid and gid for the remote folder is set
to something else than the current user, and thus preventing me from
writing to this service.

The remote machine provides me a folder with write access for uid=501
and gid=501

The local machine sees a folder with write access for uid=501,gid=501
My current user is uid=503, hence the permission denied.

My problem is not the connection.. it's writing files. Still I am lost
at how to map the remote uid to the local uid, or the authenticated
user..??
Have you tried connecting as your user account and letting the force 
user in smb.conf do its work? When your Windows clients connect, they 
are using their own ids and that is working. Why are you doing it 
differently for Linux?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password-less share, for certain users.

2009-09-02 Thread Jamrock


JDE soc...@gmail.com wrote in message
news:7378bb590909021452g60ffb721o5b21d1bd38fb...@mail.gmail.com...
 Is it possible to have a password-less share available to only
 certain users? I've been searching all over and could not find
 anything.
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

Try the valid users option in the smb.conf.  If I remember correctly, you
can set this to a group.  That way only the members of the group should have
access to the share.

valid users = @accounts



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Question regarding access to shares from LOCAL administrator account

2009-09-02 Thread Jobst Schmalenbach


Hi.

How do I give access to shares from the LOCAL administrator account to a 
share(s) on the samba server?
(workstation is domain member, without the need to specify a password).

-- smb.conf
  domain logons = Yes
  os level = 200
  domain master = Yes
  security = user
--

I have read chapters 12,13,15 but there seems to be no way I can put the
local administrator into /etc/group nor mapping it via net groupmap.
I can do it the other way around i.e. mapping a local group to a group
on the server, but for one share only I need to have access for the local
administrator to the share on the server.


Jobst




-- 
This message represents the official view of the voices in my head!

  | |0| |   Jobst Schmalenbach, jo...@barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L  The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password-less share, for certain users.


On 3/09/2009 11:04 AM, Jamrock wrote:

Try the valid users option in the smb.conf.  If I remember correctly, you
can set this to a group.  That way only the members of the group should have
access to the share.

valid users = @accounts
   
If they connect as a guest, then there is nothing to compare against the 
valid users setting.


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au mailto:micha...@jaswin.com.au
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Password-less share, for certain users.


On 3/09/2009 8:43 AM, Miguel Medalha wrote:

guest account defines the unix account

This user must exist in the password file



that is used to access the file system

This is a username which will be used for access to services...



when a guest connection is used.

...which are specified as guest ok


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au mailto:micha...@jaswin.com.au

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Question regarding access to shares from LOCAL administrator account


On 3/09/2009 11:26 AM, Jobst Schmalenbach wrote:

How do I give access to shares from the LOCAL administrator account to a 
share(s) on the samba server?
(workstation is domain member, without the need to specify a password).
   
I don't believe this is possible. The local administrator does not 
necessarily have a fixed username or password and I don't think the 
domain controller can see the SIDs used on the client for local users.

I can do it the other way around i.e. mapping a local group to a group
on the server, but for one share only I need to have access for the local
administrator to the share on the server.
   
Are you sure you can't do it the normal way? Create a domain user and 
add them to the local administrators group on each PC? They wouldn't 
have to be domain admins if you didn't want to.


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au mailto:micha...@jaswin.com.au

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba+cups printing. drivers on clients.

2009-09-02 Thread Sergey Karapetyan

Any help?
May be samba or windows clients can forcefully serve\takes drivers always then 
printer installing?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Build status as of Wed Sep 2 06:00:01 2009

2009-09-02 Thread build

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2009-09-01 
00:00:03.0 -0600
+++ /home/build/master/cache/broken_results.txt 2009-09-02 00:00:07.0 
-0600
@@ -1,4 +1,4 @@
-Build status as of Tue Sep  1 06:00:01 2009
+Build status as of Wed Sep  2 06:00:01 2009
 
 Build counts:
 Tree Total  Broken Panic 
@@ -13,10 +13,10 @@
 rsync26 11 0 
 samba-docs   0  0  0 
 samba-web0  0  0 
-samba_3_current 23 22 0 
+samba_3_current 22 21 0 
 samba_3_master 24 23 2 
-samba_3_next 24 23 0 
-samba_4_0_test 26 26 3 
+samba_3_next 24 23 1 
+samba_4_0_test 26 26 2 
 talloc   26 26 0 
 tdb  24 24 0

[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1321-gaec03ed

The branch, master has been updated
   via  aec03eda93d3db8723c79f062c80db0267ac2e59 (commit)
  from  9264f4891484b0316e8e574e256ca0b0a5e9f007 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit aec03eda93d3db8723c79f062c80db0267ac2e59
Author: Simo Sorce i...@samba.org
Date:   Sat Aug 29 19:31:02 2009 -0400

s3-smbpasswd: Fix Bug #6584: allow DOM\user when changing passwords 
remotely.

Signed-off-by: GÃ¼nther Deschner g...@samba.org

---

Summary of changes:
 source3/libsmb/passchange.c |   19 ---
 1 files changed, 16 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index bb70386..c83247a 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -31,10 +31,24 @@ NTSTATUS remote_password_change(const char *remote_machine, 
const char *user_nam
struct cli_state *cli;
struct rpc_pipe_client *pipe_hnd;
struct sockaddr_storage ss;
+   char *user, *domain, *p;
 
NTSTATUS result;
bool pass_must_change = False;
 
+   user = talloc_strdup(talloc_tos(), user_name);
+   SMB_ASSERT(user != NULL);
+   domain = talloc_strdup(talloc_tos(), );
+   SMB_ASSERT(domain != NULL);
+
+   /* allow usernames of the form domain\\user or domain/user */
+   if ((p = strchr_m(user,'\\')) || (p = strchr_m(user,'/')) ||
+   (p = strchr_m(user,*lp_winbind_separator( {
+   *p = 0;
+   domain = user;
+   user = p+1;
+   }
+
*err_str = NULL;
 
if(!resolve_name( remote_machine, ss, 0x20, false)) {
@@ -139,7 +153,7 @@ NTSTATUS remote_password_change(const char *remote_machine, 
const char *user_nam
return result;
}
} else {
-   result = cli_init_creds(cli, user_name, , old_passwd);
+   result = cli_init_creds(cli, user, domain, old_passwd);
if (!NT_STATUS_IS_OK(result)) {
cli_shutdown(cli);
return result;
@@ -163,8 +177,7 @@ NTSTATUS remote_password_change(const char *remote_machine, 
const char *user_nam
result = cli_rpc_pipe_open_ntlmssp(cli,
   ndr_table_samr.syntax_id,
   PIPE_AUTH_LEVEL_PRIVACY,
-  , /* what domain... ? */
-  user_name,
+  domain, user,
   old_passwd,
   pipe_hnd);
} else {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1336-g9f03135

2009-09-02 Thread Andrew Tridgell

The branch, master has been updated
   via  9f031352c6e9439922284fc853611964b33ea4af (commit)
   via  b5f63160d474b1fc8484a1a9112aa4f248d1e814 (commit)
   via  ca45847edab3a5897c0e0d3b4c486ad9ae0848c6 (commit)
   via  199be936d8920fce31e18d6663f8ba36f573d26f (commit)
   via  69802b3a3b934407d898088c8b3fbee64919b668 (commit)
   via  10bd56b34a51cb10f48646584d58f0fdffe85e94 (commit)
   via  1e552770ee25fb34b680ef01bc64e21dc9803782 (commit)
   via  29320bc6e0f364047686b76f26dbd8135ab87377 (commit)
   via  79255a9384e16a37602028fb0960acf9fc1eb257 (commit)
   via  67bf17598bd755ac07952fc44ce27031478d5503 (commit)
   via  4b336fed94b953cd78087a1ffcf75b65cb846c0f (commit)
   via  a19ad210332008c25e24dd6aba6a3479ba9ffe3f (commit)
   via  132242fe7ebbf7bba9fb5a361788b0157cc704ac (commit)
   via  90b694bc6114cbb652b11a136a8fc3657861d790 (commit)
   via  b5bf4400659a59b6508ede2e9d1b7fbd253c0b07 (commit)
  from  aec03eda93d3db8723c79f062c80db0267ac2e59 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 9f031352c6e9439922284fc853611964b33ea4af
Author: Andrew Tridgell tri...@samba.org
Date:   Wed Sep 2 18:18:33 2009 +1000

traverse the ac list in reverse order

items are added to the linked attribute list using DLIST_ADD(), which
means to commit them to the database in the same order they came from
the server we need to walk the list backwards when we traverse it

commit b5f63160d474b1fc8484a1a9112aa4f248d1e814
Author: Andrew Tridgell tri...@samba.org
Date:   Wed Sep 2 17:08:52 2009 +1000

repl_meta_data should only be included when we are a DC

commit ca45847edab3a5897c0e0d3b4c486ad9ae0848c6
Author: Andrew Tridgell tri...@samba.org
Date:   Wed Sep 2 17:02:56 2009 +1000

s4:dsdb rewrite the linked_atrributes code to commit in the end_transaction 
hook

linked attribute changes can come in any order. This means it is
possible for a forward link to come over the wire in DRS before the
target even exists. To make this work this patch changed the linked
attributes module to gather up all the changes it needs to make in a
linked list, then execute the changes in the end_transaction hook for
the module.

During that commit phase we also fix up all the DNs that we got by
searching for their GUID, as the objects may have moved after the
linked attribute was sent, but before the end of the transaction

commit 199be936d8920fce31e18d6663f8ba36f573d26f
Author: Andrew Tridgell tri...@samba.org
Date:   Wed Sep 2 16:58:04 2009 +1000

move the repl_meta_data module up the ldb module stack

The repl_meta_data module needs to be above the linked_attributes
module, to allow linked_attributes to do its magic

commit 69802b3a3b934407d898088c8b3fbee64919b668
Author: Andrew Tridgell tri...@samba.org
Date:   Wed Sep 2 16:57:25 2009 +1000

wrap the entire vampire operation in a transaction

We want to grab the whole database, or none of it.
This is also needed to get linked attributes right

commit 10bd56b34a51cb10f48646584d58f0fdffe85e94
Author: Andrew Tridgell tri...@samba.org
Date:   Wed Sep 2 16:56:39 2009 +1000

use ldb_cmdline_help() in ldbsearch

commit 1e552770ee25fb34b680ef01bc64e21dc9803782
Author: Andrew Tridgell tri...@samba.org
Date:   Wed Sep 2 16:56:20 2009 +1000

added ldb_cmdline_help()

This allows the ldb tools to show their full command line options

commit 29320bc6e0f364047686b76f26dbd8135ab87377
Author: Andrew Tridgell tri...@samba.org
Date:   Wed Sep 2 16:55:57 2009 +1000

add the partition_control control to replication requests

We know the partition DN from the DRS objects, we need to pass this
down the modules below us to ensure they operate on the right
partition

commit 79255a9384e16a37602028fb0960acf9fc1eb257
Author: Andrew Tridgell tri...@samba.org
Date:   Wed Sep 2 13:36:54 2009 +1000

change the dsdb_control_current_partition to not include internal variables

This structures was used in two ways. In one way it held variables
that are logically internal to the partition module, and in the other
way it was used to pass the partition DN down to other modules. This
change makes the structure contain just the dn which is being passed
down.

This change is part of the support for linked attributes. We will be
passing this control down from above the partition module to force
which partition a request acts upon. The partition module now only
adds this control if it isn't already there.

commit 67bf17598bd755ac07952fc44ce27031478d5503
Author: Andrew Tridgell tri...@samba.org
Date:   Wed Sep 2 13:33:37 2009 +1000

don't allow two controls to be added with the same OID

Two controls with the same OID makes no sense, as they may
have different data attached

[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1337-g9317711

The branch, master has been updated
   via  931771138a52a3385afb2d3966509a57def3ece5 (commit)
  from  9f031352c6e9439922284fc853611964b33ea4af (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 931771138a52a3385afb2d3966509a57def3ece5
Author: GÃ¼nther Deschner g...@samba.org
Date:   Mon Aug 31 17:13:05 2009 +0200

s3-netlogon: implement _netr_LogonSamLogonWithFlags().

Guenther

---

Summary of changes:
 source3/rpc_server/srv_netlog_nt.c |   58 ---
 1 files changed, 40 insertions(+), 18 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_netlog_nt.c 
b/source3/rpc_server/srv_netlog_nt.c
index 9a3c8c2..3daf45b 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -807,6 +807,10 @@ static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p,
process_creds = true;
fn = _netr_LogonSamLogon;
break;
+   case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
+   process_creds = true;
+   fn = _netr_LogonSamLogonWithFlags;
+   break;
case NDR_NETR_LOGONSAMLOGONEX:
process_creds = false;
fn = _netr_LogonSamLogonEx;
@@ -993,18 +997,17 @@ static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p,
return status;
 }
 
-/*
- _netr_LogonSamLogon
- */
+/
+ _netr_LogonSamLogonWithFlags
+/
 
-NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
-struct netr_LogonSamLogon *r)
+NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
+ struct netr_LogonSamLogonWithFlags *r)
 {
NTSTATUS status;
struct netlogon_creds_CredentialState *creds;
struct netr_LogonSamLogonEx r2;
struct netr_Authenticator return_authenticator;
-   uint32_t flags = 0;
 
become_root();
status = netr_creds_server_step_check(p, p-mem_ctx,
@@ -1022,10 +1025,10 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
r2.in.logon_level   = r-in.logon_level;
r2.in.logon = r-in.logon;
r2.in.validation_level  = r-in.validation_level;
-   r2.in.flags = flags;
+   r2.in.flags = r-in.flags;
r2.out.validation   = r-out.validation;
r2.out.authoritative= r-out.authoritative;
-   r2.out.flags= flags;
+   r2.out.flags= r-out.flags;
 
status = _netr_LogonSamLogon_base(p, r2, creds);
 
@@ -1035,6 +1038,35 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
 }
 
 /*
+ _netr_LogonSamLogon
+ */
+
+NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
+struct netr_LogonSamLogon *r)
+{
+   NTSTATUS status;
+   struct netr_LogonSamLogonWithFlags r2;
+   uint32_t flags = 0;
+
+   r2.in.server_name   = r-in.server_name;
+   r2.in.computer_name = r-in.computer_name;
+   r2.in.credential= r-in.credential;
+   r2.in.logon_level   = r-in.logon_level;
+   r2.in.logon = r-in.logon;
+   r2.in.validation_level  = r-in.validation_level;
+   r2.in.return_authenticator  = r-in.return_authenticator;
+   r2.in.flags = flags;
+   r2.out.validation   = r-out.validation;
+   r2.out.authoritative= r-out.authoritative;
+   r2.out.flags= flags;
+   r2.out.return_authenticator = r-out.return_authenticator;
+
+   status = _netr_LogonSamLogonWithFlags(p, r2);
+
+   return status;
+}
+
+/*
  _netr_LogonSamLogonEx
  - no credential chaining. Map into net sam logon.
  */
@@ -1417,16 +1449,6 @@ WERROR _netr_GetForestTrustInformation(pipes_struct *p,
 /
 /
 
-NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
- struct netr_LogonSamLogonWithFlags *r)
-{
-   p-rng_fault_state = true;
-   return NT_STATUS_NOT_IMPLEMENTED;
-}
-

[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1338-gbde679e

2009-09-02 Thread Andrew Tridgell

The branch, master has been updated
   via  bde679e6f84b16d63a8007fe48789ee7951b9f34 (commit)
  from  931771138a52a3385afb2d3966509a57def3ece5 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit bde679e6f84b16d63a8007fe48789ee7951b9f34
Author: Andrew Tridgell tri...@samba.org
Date:   Wed Sep 2 18:31:22 2009 +1000

show the full set of command line options for ldb tools

I always found it hard to remember some of the options. We might as
well use popt to give us the full list

---

Summary of changes:
 source4/lib/ldb/tools/ldbadd.c|8 ++--
 source4/lib/ldb/tools/ldbdel.c|7 +--
 source4/lib/ldb/tools/ldbedit.c   |8 +---
 source4/lib/ldb/tools/ldbmodify.c |6 +-
 source4/lib/ldb/tools/ldbrename.c |6 +-
 5 files changed, 6 insertions(+), 29 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/ldb/tools/ldbadd.c b/source4/lib/ldb/tools/ldbadd.c
index be02334..086540d 100644
--- a/source4/lib/ldb/tools/ldbadd.c
+++ b/source4/lib/ldb/tools/ldbadd.c
@@ -38,13 +38,9 @@ static int failures;
 
 static void usage(void)
 {
-   printf(Usage: ldbadd options ldif...\n);
-   printf(Options:\n);
-   printf(  -H ldb_url   choose the database (or $LDB_URL)\n);
-   printf(  -o options   pass options like modules to activate\n);
-   printf(  e.g: -o modules:timestamps\n);
-   printf(\n);
+   printf(Usage: ldbadd options ldif...\n);  
printf(Adds records to a ldb, reading ldif the specified list of 
files\n\n);
+   ldb_cmdline_help(ldbadd, stdout);
exit(1);
 }
 
diff --git a/source4/lib/ldb/tools/ldbdel.c b/source4/lib/ldb/tools/ldbdel.c
index 232f516..ddf168d 100644
--- a/source4/lib/ldb/tools/ldbdel.c
+++ b/source4/lib/ldb/tools/ldbdel.c
@@ -61,13 +61,8 @@ static int ldb_delete_recursive(struct ldb_context *ldb, 
struct ldb_dn *dn)
 static void usage(void)
 {
printf(Usage: ldbdel options DN...\n);
-   printf(Options:\n);
-   printf(  -r   recursively delete the given subtree\n);
-   printf(  -H ldb_url   choose the database (or $LDB_URL)\n);
-   printf(  -o options   pass options like modules to activate\n);
-   printf(  e.g: -o modules:timestamps\n);
-   printf(\n);
printf(Deletes records from a ldb\n\n);
+   ldb_cmdline_help(ldbdel, stdout);
exit(1);
 }
 
diff --git a/source4/lib/ldb/tools/ldbedit.c b/source4/lib/ldb/tools/ldbedit.c
index 9d3bd27..9653eab 100644
--- a/source4/lib/ldb/tools/ldbedit.c
+++ b/source4/lib/ldb/tools/ldbedit.c
@@ -270,13 +270,7 @@ static int do_edit(struct ldb_context *ldb, struct 
ldb_message **msgs1, int coun
 static void usage(void)
 {
printf(Usage: ldbedit options expression attributes ...\n);
-   printf(Options:\n);
-   printf(  -H ldb_url   choose the database (or $LDB_URL)\n);
-   printf(  -s base|sub|one  choose search scope\n);
-   printf(  -b basednchoose baseDN\n);
-   printf(  -a   edit all records (expression 
'objectclass=*')\n);
-   printf(  -e editorchoose editor (or $VISUAL or $EDITOR)\n);
-   printf(  -v   verbose mode\n);
+   ldb_cmdline_help(ldbedit, stdout);
exit(1);
 }
 
diff --git a/source4/lib/ldb/tools/ldbmodify.c 
b/source4/lib/ldb/tools/ldbmodify.c
index 23a96a3..d0bca04 100644
--- a/source4/lib/ldb/tools/ldbmodify.c
+++ b/source4/lib/ldb/tools/ldbmodify.c
@@ -39,12 +39,8 @@ static int failures;
 static void usage(void)
 {
printf(Usage: ldbmodify options ldif...\n);
-   printf(Options:\n);
-   printf(  -H ldb_url   choose the database (or $LDB_URL)\n);
-   printf(  -o options   pass options like modules to activate\n);
-   printf(  e.g: -o modules:timestamps\n);
-   printf(\n);
printf(Modifies a ldb based upon ldif change records\n\n);
+   ldb_cmdline_help(ldbmodify, stdout);
exit(1);
 }
 
diff --git a/source4/lib/ldb/tools/ldbrename.c 
b/source4/lib/ldb/tools/ldbrename.c
index 01ed3d9..fcae766 100644
--- a/source4/lib/ldb/tools/ldbrename.c
+++ b/source4/lib/ldb/tools/ldbrename.c
@@ -39,12 +39,8 @@
 static void usage(void)
 {
printf(Usage: ldbrename [options] olddn newdn\n);
-   printf(Options:\n);
-   printf(  -H ldb_url   choose the database (or $LDB_URL)\n);
-   printf(  -o options   pass options like modules to activate\n);
-   printf(  e.g: -o modules:timestamps\n);
-   printf(\n);
printf(Renames records in a ldb\n\n);
+   ldb_cmdline_help(ldbmodify, stdout);
exit(1);
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1232-gdadc57b

The branch, v3-4-test has been updated
   via  dadc57b140b4379f9f2f6fafe40332061df4d5a5 (commit)
  from  ea0f119e7b671f3566b8eecdd0013e9c57079566 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -
commit dadc57b140b4379f9f2f6fafe40332061df4d5a5
Author: GÃ¼nther Deschner g...@samba.org
Date:   Tue Sep 1 11:58:05 2009 +0200

wbclient: Fix Bug #6680: always activate handling of large ( 256 byte) 
ntlmv2 blobs in wbcAuthenticateUserEx().

Guenther

---

Summary of changes:
 nsswitch/libwbclient/wbc_pam.c |   19 +++
 1 files changed, 15 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 61ce2a1..422665a 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -423,15 +423,24 @@ wbcErr wbcAuthenticateUserEx(const struct 
wbcAuthUserParams *params,
request.data.auth_crap.lm_resp_len =
MIN(params-password.response.lm_length,
sizeof(request.data.auth_crap.lm_resp));
-   request.data.auth_crap.nt_resp_len =
-   MIN(params-password.response.nt_length,
-   sizeof(request.data.auth_crap.nt_resp));
if (params-password.response.lm_data) {
memcpy(request.data.auth_crap.lm_resp,
   params-password.response.lm_data,
   request.data.auth_crap.lm_resp_len);
}
-   if (params-password.response.nt_data) {
+   request.data.auth_crap.nt_resp_len = 
params-password.response.nt_length;
+   if (params-password.response.nt_length  
sizeof(request.data.auth_crap.nt_resp)) {
+   request.flags |= WBFLAG_BIG_NTLMV2_BLOB;
+   request.extra_len = params-password.response.nt_length;
+   request.extra_data.data = talloc_zero_array(NULL, char, 
request.extra_len);
+   if (request.extra_data.data == NULL) {
+   wbc_status = WBC_ERR_NO_MEMORY;
+   BAIL_ON_WBC_ERROR(wbc_status);
+   }
+   memcpy(request.extra_data.data,
+  params-password.response.nt_data,
+  request.data.auth_crap.nt_resp_len);
+   } else if (params-password.response.nt_data) {
memcpy(request.data.auth_crap.nt_resp,
   params-password.response.nt_data,
   request.data.auth_crap.nt_resp_len);
@@ -477,6 +486,8 @@ done:
if (response.extra_data.data)
free(response.extra_data.data);
 
+   talloc_free(request.extra_data.data);
+
return wbc_status;
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5346-g7253d96

The branch, v3-3-test has been updated
   via  7253d96fc205717d9fed973bbcad2884ce656fd9 (commit)
  from  983c6f22f411aab2488fe41b5b06174c55108868 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 7253d96fc205717d9fed973bbcad2884ce656fd9
Author: GÃ¼nther Deschner g...@samba.org
Date:   Tue Sep 1 11:58:05 2009 +0200

wbclient: Fix Bug #6680: always activate handling of large ( 256 byte) 
ntlmv2 blobs in wbcAuthenticateUserEx().

Guenther

---

Summary of changes:
 source/nsswitch/libwbclient/wbc_pam.c |   19 +++
 1 files changed, 15 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/nsswitch/libwbclient/wbc_pam.c 
b/source/nsswitch/libwbclient/wbc_pam.c
index 401d2ad..3f44681 100644
--- a/source/nsswitch/libwbclient/wbc_pam.c
+++ b/source/nsswitch/libwbclient/wbc_pam.c
@@ -439,15 +439,24 @@ wbcErr wbcAuthenticateUserEx(const struct 
wbcAuthUserParams *params,
request.data.auth_crap.lm_resp_len =
MIN(params-password.response.lm_length,
sizeof(request.data.auth_crap.lm_resp));
-   request.data.auth_crap.nt_resp_len =
-   MIN(params-password.response.nt_length,
-   sizeof(request.data.auth_crap.nt_resp));
if (params-password.response.lm_data) {
memcpy(request.data.auth_crap.lm_resp,
   params-password.response.lm_data,
   request.data.auth_crap.lm_resp_len);
}
-   if (params-password.response.nt_data) {
+   request.data.auth_crap.nt_resp_len = 
params-password.response.nt_length;
+   if (params-password.response.nt_length  
sizeof(request.data.auth_crap.nt_resp)) {
+   request.flags |= WBFLAG_BIG_NTLMV2_BLOB;
+   request.extra_len = params-password.response.nt_length;
+   request.extra_data.data = talloc_zero_array(NULL, char, 
request.extra_len);
+   if (request.extra_data.data == NULL) {
+   wbc_status = WBC_ERR_NO_MEMORY;
+   BAIL_ON_WBC_ERROR(wbc_status);
+   }
+   memcpy(request.extra_data.data,
+  params-password.response.nt_data,
+  request.data.auth_crap.nt_resp_len);
+   } else if (params-password.response.nt_data) {
memcpy(request.data.auth_crap.nt_resp,
   params-password.response.nt_data,
   request.data.auth_crap.nt_resp_len);
@@ -493,6 +502,8 @@ done:
if (response.extra_data.data)
free(response.extra_data.data);
 
+   talloc_free(request.extra_data.data);
+
return wbc_status;
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1341-g9bf74d0

The branch, master has been updated
   via  9bf74d0ed9c7496bb133e5108ba297abb1b00747 (commit)
   via  2b8afd2257d8c9886f785929ca8dfcd04eb45755 (commit)
   via  71e9dfc0cd7d054dd52508faa4c07db9205b541a (commit)
  from  bde679e6f84b16d63a8007fe48789ee7951b9f34 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 9bf74d0ed9c7496bb133e5108ba297abb1b00747
Author: GÃ¼nther Deschner g...@samba.org
Date:   Fri Aug 28 16:04:08 2009 +0200

s4-smbtorture: test netr_ServerSetPassword2 against Samba3.

Guenther

commit 2b8afd2257d8c9886f785929ca8dfcd04eb45755
Author: GÃ¼nther Deschner g...@samba.org
Date:   Thu Aug 27 23:30:50 2009 +0200

s3-netlogon: implement _netr_ServerPasswordSet2.

Guenther

commit 71e9dfc0cd7d054dd52508faa4c07db9205b541a
Author: GÃ¼nther Deschner g...@samba.org
Date:   Thu Aug 27 23:30:14 2009 +0200

s3-netlogon: rework _netr_ServerPasswordSet.

Guenther

---

Summary of changes:
 source3/rpc_server/srv_netlog_nt.c |  241 ++--
 source4/torture/rpc/netlogon.c |1 +
 2 files changed, 174 insertions(+), 68 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_netlog_nt.c 
b/source3/rpc_server/srv_netlog_nt.c
index 3daf45b..0b476e1 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -491,7 +491,8 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
   NETLOGON_NEG_FULL_SYNC_REPL |
   NETLOGON_NEG_MULTIPLE_SIDS |
   NETLOGON_NEG_REDO |
-  NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
+  NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+  NETLOGON_NEG_PASSWORD_SET2;
 
/* Ensure we support strong (128-bit) keys. */
if (in_neg_flags  NETLOGON_NEG_STRONG_KEYS) {
@@ -655,6 +656,120 @@ static NTSTATUS netr_creds_server_step_check(pipes_struct 
*p,
 }
 
 /*
+ */
+
+static NTSTATUS netr_find_machine_account(TALLOC_CTX *mem_ctx,
+ const char *account_name,
+ struct samu **sampassp)
+{
+   struct samu *sampass;
+   bool ret = false;
+   uint32_t acct_ctrl;
+
+   sampass = samu_new(mem_ctx);
+   if (!sampass) {
+   return NT_STATUS_NO_MEMORY;
+   }
+
+   become_root();
+   ret = pdb_getsampwnam(sampass, account_name);
+   unbecome_root();
+
+   if (!ret) {
+   TALLOC_FREE(sampass);
+   return NT_STATUS_ACCESS_DENIED;
+   }
+
+   /* Ensure the account exists and is a machine account. */
+
+   acct_ctrl = pdb_get_acct_ctrl(sampass);
+
+   if (!(acct_ctrl  ACB_WSTRUST ||
+ acct_ctrl  ACB_SVRTRUST ||
+ acct_ctrl  ACB_DOMTRUST)) {
+   TALLOC_FREE(sampass);
+   return NT_STATUS_NO_SUCH_USER;
+   }
+
+   if (acct_ctrl  ACB_DISABLED) {
+   TALLOC_FREE(sampass);
+   return NT_STATUS_ACCOUNT_DISABLED;
+   }
+
+   *sampassp = sampass;
+
+   return NT_STATUS_OK;
+}
+
+/*
+ */
+
+static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
+ struct samu *sampass,
+ DATA_BLOB *plaintext_blob,
+ struct samr_Password *nt_hash,
+ struct samr_Password *lm_hash)
+{
+   NTSTATUS status;
+   const uchar *old_pw;
+   const char *plaintext = NULL;
+   size_t plaintext_len;
+   struct samr_Password nt_hash_local;
+
+   if (!sampass) {
+   return NT_STATUS_INVALID_PARAMETER;
+   }
+
+   if (plaintext_blob) {
+   if (!convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
+  plaintext_blob-data, 
plaintext_blob-length,
+  plaintext, plaintext_len, false))
+   {
+   plaintext = NULL;
+   mdfour(nt_hash_local.hash, plaintext_blob-data, 
plaintext_blob-length);
+   nt_hash = nt_hash_local;
+   }
+   }
+
+   if (plaintext) {
+   if (!pdb_set_plaintext_passwd(sampass, plaintext)) {
+   return NT_STATUS_ACCESS_DENIED;
+   }
+
+   goto done;
+   }
+
+   if (nt_hash) {
+   old_pw =

[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1233-g8cb1033

The branch, v3-4-test has been updated
   via  8cb103372be4eb3232e5e13b67f63562e5506c7e (commit)
  from  dadc57b140b4379f9f2f6fafe40332061df4d5a5 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -
commit 8cb103372be4eb3232e5e13b67f63562e5506c7e
Author: Simo Sorce i...@samba.org
Date:   Sat Aug 29 19:31:02 2009 -0400

s3-smbpasswd: Fix Bug #6584: allow DOM\user when changing passwords 
remotely.

Signed-off-by: GÃ¼nther Deschner g...@samba.org

---

Summary of changes:
 source3/libsmb/passchange.c |   19 ---
 1 files changed, 16 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 7f0389f..f3cb9d6 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -31,10 +31,24 @@ NTSTATUS remote_password_change(const char *remote_machine, 
const char *user_nam
struct cli_state *cli;
struct rpc_pipe_client *pipe_hnd;
struct sockaddr_storage ss;
+   char *user, *domain, *p;
 
NTSTATUS result;
bool pass_must_change = False;
 
+   user = talloc_strdup(talloc_tos(), user_name);
+   SMB_ASSERT(user != NULL);
+   domain = talloc_strdup(talloc_tos(), );
+   SMB_ASSERT(domain != NULL);
+
+   /* allow usernames of the form domain\\user or domain/user */
+   if ((p = strchr_m(user,'\\')) || (p = strchr_m(user,'/')) ||
+   (p = strchr_m(user,*lp_winbind_separator( {
+   *p = 0;
+   domain = user;
+   user = p+1;
+   }
+
*err_str = NULL;
 
if(!resolve_name( remote_machine, ss, 0x20)) {
@@ -139,7 +153,7 @@ NTSTATUS remote_password_change(const char *remote_machine, 
const char *user_nam
return result;
}
} else {
-   result = cli_init_creds(cli, user_name, , old_passwd);
+   result = cli_init_creds(cli, user, domain, old_passwd);
if (!NT_STATUS_IS_OK(result)) {
cli_shutdown(cli);
return result;
@@ -163,8 +177,7 @@ NTSTATUS remote_password_change(const char *remote_machine, 
const char *user_nam
result = cli_rpc_pipe_open_ntlmssp(cli,
   ndr_table_samr.syntax_id,
   PIPE_AUTH_LEVEL_PRIVACY,
-  , /* what domain... ? */
-  user_name,
+  domain, user,
   old_passwd,
   pipe_hnd);
} else {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1234-ge1a5099

The branch, v3-4-test has been updated
   via  e1a50994800ce311925214254c0a471a9f32c1f7 (commit)
  from  8cb103372be4eb3232e5e13b67f63562e5506c7e (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -
commit e1a50994800ce311925214254c0a471a9f32c1f7
Author: Volker Lendecke v...@samba.org
Date:   Sun Aug 30 11:39:41 2009 +0200

s3:libwbclient: Fix bug 6349, initialize domain info struct

---

Summary of changes:
 nsswitch/libwbclient/wbc_util.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c
index 5c5034e..c39023f 100644
--- a/nsswitch/libwbclient/wbc_util.c
+++ b/nsswitch/libwbclient/wbc_util.c
@@ -262,6 +262,8 @@ static wbcErr process_domain_info_string(TALLOC_CTX *ctx,
BAIL_ON_WBC_ERROR(wbc_status);
}
 
+   ZERO_STRUCTP(info);
+
r = info_string;
 
/* Short Name */


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5347-g39a7cc3

The branch, v3-3-test has been updated
   via  39a7cc3c1fd6a3fbb56c8030b6e12962d9fb7181 (commit)
  from  7253d96fc205717d9fed973bbcad2884ce656fd9 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 39a7cc3c1fd6a3fbb56c8030b6e12962d9fb7181
Author: Volker Lendecke v...@samba.org
Date:   Sun Aug 30 11:39:41 2009 +0200

s3:libwbclient: Fix bug 6349, initialize domain info struct

---

Summary of changes:
 source/nsswitch/libwbclient/wbc_util.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/nsswitch/libwbclient/wbc_util.c 
b/source/nsswitch/libwbclient/wbc_util.c
index b486874..77613e0 100644
--- a/source/nsswitch/libwbclient/wbc_util.c
+++ b/source/nsswitch/libwbclient/wbc_util.c
@@ -285,6 +285,8 @@ static wbcErr process_domain_info_string(TALLOC_CTX *ctx,
BAIL_ON_WBC_ERROR(wbc_status);
}
 
+   ZERO_STRUCTP(info);
+
r = info_string;
 
/* Short Name */


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1235-g050ded0

The branch, v3-4-test has been updated
   via  050ded0624a49f2ffb53dcd88a93fd1d8c17595e (commit)
  from  e1a50994800ce311925214254c0a471a9f32c1f7 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -
commit 050ded0624a49f2ffb53dcd88a93fd1d8c17595e
Author: Volker Lendecke v...@samba.org
Date:   Thu Apr 23 14:23:23 2009 +0200

Fix an uninitialized variable

Fix bug #6684.

(cherry picked from commit b8cd1cff2dfad726cf6dab368dfcc31a29952889)

---

Summary of changes:
 source3/libnet/libnet_dssync.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c
index 746b096..ce6ad58 100644
--- a/source3/libnet/libnet_dssync.c
+++ b/source3/libnet/libnet_dssync.c
@@ -667,6 +667,8 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx,
dn_count = 1;
}
 
+   status = NT_STATUS_OK;
+
for (count=0; count  dn_count; count++) {
status = libnet_dssync_build_request(mem_ctx, ctx,
 dns[count],


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1236-g272e389

The branch, v3-4-test has been updated
   via  272e389ff63d929fc6b06305e00fa042d71dbec0 (commit)
  from  050ded0624a49f2ffb53dcd88a93fd1d8c17595e (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -
commit 272e389ff63d929fc6b06305e00fa042d71dbec0
Author: GÃ¼nther Deschner g...@samba.org
Date:   Wed Jun 24 00:33:44 2009 +0200

s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.

Note that this only is tried with editposix=yes.

Guenther

---

Summary of changes:
 source3/passdb/pdb_ldap.c |   46 +
 1 files changed, 46 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index cf4889b..71d4030 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -5187,6 +5187,18 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods 
*my_methods,
return NT_STATUS_OK;
 }
 
+static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods,
+TALLOC_CTX *tmp_ctx,
+uint32 group_rid,
+uint32 member_rid);
+
+static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
+  TALLOC_CTX *mem_ctx,
+  struct samu *user,
+  DOM_SID **pp_sids,
+  gid_t **pp_gids,
+  size_t *p_num_groups);
+
 static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX 
*tmp_ctx, struct samu *sam_acct)
 {
struct ldapsam_privates *ldap_state = (struct ldapsam_privates 
*)my_methods-private_data;
@@ -5241,6 +5253,40 @@ static NTSTATUS ldapsam_delete_user(struct pdb_methods 
*my_methods, TALLOC_CTX *
return NT_STATUS_NO_MEMORY;
}
 
+   /* try to remove memberships first */
+   {
+   NTSTATUS status;
+   struct dom_sid *sids = NULL;
+   gid_t *gids = NULL;
+   size_t num_groups = 0;
+   int i;
+   uint32_t user_rid = pdb_get_user_rid(sam_acct);
+
+   status = ldapsam_enum_group_memberships(my_methods,
+   tmp_ctx,
+   sam_acct,
+   sids,
+   gids,
+   num_groups);
+   if (!NT_STATUS_IS_OK(status)) {
+   goto delete_dn;
+   }
+
+   for (i=0; i  num_groups; i++) {
+
+   uint32_t group_rid;
+
+   sid_peek_rid(sids[i], group_rid);
+
+   ldapsam_del_groupmem(my_methods,
+tmp_ctx,
+group_rid,
+user_rid);
+   }
+   }
+
+ delete_dn:
+
rc = smbldap_delete(ldap_state-smbldap_state, dn);
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1342-gf092d68

The branch, master has been updated
   via  f092d689c577293d011912be5ded5ebf8aa49fc9 (commit)
  from  9bf74d0ed9c7496bb133e5108ba297abb1b00747 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f092d689c577293d011912be5ded5ebf8aa49fc9
Author: GÃ¼nther Deschner g...@samba.org
Date:   Wed Jun 24 00:33:44 2009 +0200

s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.

Note that this only is tried with editposix=yes.

Guenther

---

Summary of changes:
 source3/passdb/pdb_ldap.c |   46 +
 1 files changed, 46 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index fc736c2..2c8d051 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1986,6 +1986,18 @@ static NTSTATUS ldapsam_update_sam_account(struct 
pdb_methods *my_methods, struc
  - The rename user script has full responsibility for changing everything
 ***/
 
+static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods,
+TALLOC_CTX *tmp_ctx,
+uint32 group_rid,
+uint32 member_rid);
+
+static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
+  TALLOC_CTX *mem_ctx,
+  struct samu *user,
+  DOM_SID **pp_sids,
+  gid_t **pp_gids,
+  size_t *p_num_groups);
+
 static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods,
   struct samu *old_acct,
   const char *newname)
@@ -5255,6 +5267,40 @@ static NTSTATUS ldapsam_delete_user(struct pdb_methods 
*my_methods, TALLOC_CTX *
return NT_STATUS_NO_MEMORY;
}
 
+   /* try to remove memberships first */
+   {
+   NTSTATUS status;
+   struct dom_sid *sids = NULL;
+   gid_t *gids = NULL;
+   size_t num_groups = 0;
+   int i;
+   uint32_t user_rid = pdb_get_user_rid(sam_acct);
+
+   status = ldapsam_enum_group_memberships(my_methods,
+   tmp_ctx,
+   sam_acct,
+   sids,
+   gids,
+   num_groups);
+   if (!NT_STATUS_IS_OK(status)) {
+   goto delete_dn;
+   }
+
+   for (i=0; i  num_groups; i++) {
+
+   uint32_t group_rid;
+
+   sid_peek_rid(sids[i], group_rid);
+
+   ldapsam_del_groupmem(my_methods,
+tmp_ctx,
+group_rid,
+user_rid);
+   }
+   }
+
+ delete_dn:
+
rc = smbldap_delete(ldap_state-smbldap_state, dn);
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1343-g6657598

The branch, master has been updated
   via  6657598168724d4fe076f9014c2b5c16a034fe52 (commit)
  from  f092d689c577293d011912be5ded5ebf8aa49fc9 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 6657598168724d4fe076f9014c2b5c16a034fe52
Author: Matt Kraai mkr...@beckman.com
Date:   Wed Aug 26 14:50:28 2009 -0700

Do not redefine strupr

Signed-off-by: GÃ¼nther Deschner g...@samba.org

---

Summary of changes:
 source3/configure.in  |1 +
 source3/libaddns/dnsgss.c |2 ++
 2 files changed, 3 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/configure.in b/source3/configure.in
index 34e923d..3255751 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -1016,6 +1016,7 @@ AC_CHECK_HEADERS(sys/mman.h)
 AC_CHECK_FUNCS(shmget shm_open)
 AC_CHECK_FUNCS(gettext dgettext)
 AC_CHECK_FUNCS(bindtextdomain textdomain)
+AC_CHECK_FUNCS(strupr)
 
 # Find a method of generating a stack trace
 AC_CHECK_HEADERS(execinfo.h libexc.h libunwind.h)
diff --git a/source3/libaddns/dnsgss.c b/source3/libaddns/dnsgss.c
index e7ea041..1e3d464 100644
--- a/source3/libaddns/dnsgss.c
+++ b/source3/libaddns/dnsgss.c
@@ -31,6 +31,7 @@
 /*
 */
 
+#ifndef HAVE_STRUPR
 static int strupr( char *szDomainName )
 {
if ( !szDomainName ) {
@@ -42,6 +43,7 @@ static int strupr( char *szDomainName )
}
return ( 0 );
 }
+#endif
 
 #if 0
 /*


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1344-ga0b1968

The branch, master has been updated
   via  a0b1968167c36c345711a98c65c3974590b1ce6a (commit)
  from  6657598168724d4fe076f9014c2b5c16a034fe52 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a0b1968167c36c345711a98c65c3974590b1ce6a
Author: GÃ¼nther Deschner g...@samba.org
Date:   Wed Sep 2 15:29:44 2009 +0200

s3-netlogon: use WERRORs in NETLOGON_INFO structures.

Guenther

---

Summary of changes:
 librpc/gen_ndr/ndr_netlogon.c  |   18 
 librpc/gen_ndr/netlogon.h  |6 +-
 librpc/idl/netlogon.idl|6 +-
 source3/rpc_server/srv_netlog_nt.c |   80 +---
 4 files changed, 35 insertions(+), 75 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c
index 46247b4..7337d26 100644
--- a/librpc/gen_ndr/ndr_netlogon.c
+++ b/librpc/gen_ndr/ndr_netlogon.c
@@ -5627,7 +5627,7 @@ static enum ndr_err_code 
ndr_push_netr_NETLOGON_INFO_1(struct ndr_push *ndr, int
if (ndr_flags  NDR_SCALARS) {
NDR_CHECK(ndr_push_align(ndr, 4));
NDR_CHECK(ndr_push_netr_InfoFlags(ndr, NDR_SCALARS, r-flags));
-   NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 
r-pdc_connection_status));
+   NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, 
r-pdc_connection_status));
}
if (ndr_flags  NDR_BUFFERS) {
}
@@ -5639,7 +5639,7 @@ static enum ndr_err_code 
ndr_pull_netr_NETLOGON_INFO_1(struct ndr_pull *ndr, int
if (ndr_flags  NDR_SCALARS) {
NDR_CHECK(ndr_pull_align(ndr, 4));
NDR_CHECK(ndr_pull_netr_InfoFlags(ndr, NDR_SCALARS, r-flags));
-   NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, 
r-pdc_connection_status));
+   NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, 
r-pdc_connection_status));
}
if (ndr_flags  NDR_BUFFERS) {
}
@@ -5651,7 +5651,7 @@ _PUBLIC_ void ndr_print_netr_NETLOGON_INFO_1(struct 
ndr_print *ndr, const char *
ndr_print_struct(ndr, name, netr_NETLOGON_INFO_1);
ndr-depth++;
ndr_print_netr_InfoFlags(ndr, flags, r-flags);
-   ndr_print_uint32(ndr, pdc_connection_status, 
r-pdc_connection_status);
+   ndr_print_WERROR(ndr, pdc_connection_status, 
r-pdc_connection_status);
ndr-depth--;
 }
 
@@ -5660,9 +5660,9 @@ static enum ndr_err_code 
ndr_push_netr_NETLOGON_INFO_2(struct ndr_push *ndr, int
if (ndr_flags  NDR_SCALARS) {
NDR_CHECK(ndr_push_align(ndr, 4));
NDR_CHECK(ndr_push_netr_InfoFlags(ndr, NDR_SCALARS, r-flags));
-   NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 
r-pdc_connection_status));
+   NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, 
r-pdc_connection_status));
NDR_CHECK(ndr_push_unique_ptr(ndr, r-trusted_dc_name));
-   NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 
r-tc_connection_status));
+   NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, 
r-tc_connection_status));
}
if (ndr_flags  NDR_BUFFERS) {
if (r-trusted_dc_name) {
@@ -5682,14 +5682,14 @@ static enum ndr_err_code 
ndr_pull_netr_NETLOGON_INFO_2(struct ndr_pull *ndr, int
if (ndr_flags  NDR_SCALARS) {
NDR_CHECK(ndr_pull_align(ndr, 4));
NDR_CHECK(ndr_pull_netr_InfoFlags(ndr, NDR_SCALARS, r-flags));
-   NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, 
r-pdc_connection_status));
+   NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, 
r-pdc_connection_status));
NDR_CHECK(ndr_pull_generic_ptr(ndr, _ptr_trusted_dc_name));
if (_ptr_trusted_dc_name) {
NDR_PULL_ALLOC(ndr, r-trusted_dc_name);
} else {
r-trusted_dc_name = NULL;
}
-   NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, 
r-tc_connection_status));
+   NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, 
r-tc_connection_status));
}
if (ndr_flags  NDR_BUFFERS) {
if (r-trusted_dc_name) {
@@ -5713,14 +5713,14 @@ _PUBLIC_ void ndr_print_netr_NETLOGON_INFO_2(struct 
ndr_print *ndr, const char *
ndr_print_struct(ndr, name, netr_NETLOGON_INFO_2);
ndr-depth++;
ndr_print_netr_InfoFlags(ndr, flags, r-flags);
-   ndr_print_uint32(ndr, pdc_connection_status, 
r-pdc_connection_status);
+   ndr_print_WERROR(ndr, pdc_connection_status, 
r-pdc_connection_status);
ndr_print_ptr(ndr, trusted_dc_name, r-trusted_dc_name);
ndr-depth++;
if (r-trusted_dc_name) {
ndr_print_string(ndr, trusted_dc_name, r-trusted_dc_name);
}
ndr-depth--;
-   ndr_print_uint32(ndr, tc_connection_status, r-tc_connection_status);
+

[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1345-g5268783