Re: [Samba] Password policy under Samba 4?
2009/9/1 Michael Wood esiot...@gmail.com: How does one set a password policy using Samba 4? I've set up Samba 4 as a domain controller with one Windows 2003 server joined to the domain. I've seen mention of the check password script option, but I think that's not available in Samba 4, right? I've also seen mention of Group Policies, but I am not sure if this is correct or not because I haven't been able to find anything in the Group Policy management tool on Windows that seems applicable. Basically I just want to know where to set the user must change password after 30 days and password must be at least X characters long settings and have these apply to users logging into the Windows machine. I'd appreciate it if someone could point me at the relevant documentation. I've now found dompol.msc on a Windows 2003 Server AD domain controller. This seems to be what I'm looking for, but if I try running dompol.msc on a Windows 2003 Server joined to the Samba 4 domain as a member server I get an error saying: Failed to open the Group Policy Object. You may not have appropriate rights. Details: The specified domain either does not exist or could not be contacted. This is while logged in to the Windows machine as administra...@example.org (where example.org is the domain I'm using for testing.) Also, dsa.msc works fine for adding users/groups etc. I'm running samba with -d100 and nothing appears to be logged when I start dompol.msc. I can start dompol.msc, acknowledge the error and close it down again without anything at all being added to the log. Group Policy Management shows a Default Domain Policy and I can create a new test policy object, but dompol.msc still gives the same error with no evidence of having contacted Samba at all. Even tcpdump on the Samba box and wireshark on the Windows box show nothing happening when I start, acknowledge and stop dompol.msc. Any ideas? Thanks. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Simple CIFS Linux permission
Greetings all, I have a VERY basic fileserver in my network, that works well for my needs, and have run into a problem that I can't solve. I am sure that the more eperienced users here will be able to help me in less than 5 minutes, so please, if you have some time. My smb.conf [global] workgroup = msheimnetz server string = Samba Server Version %v netbios name = fileserver log file = /var/log/samba/%m.log max log size = 50 wins support = yes printcap name = CUPS printing = CUPS map to guest = nobody security = user passdb backend = tdbsam # Share Definitions [sharefiles] comment = Server Files path = /var/samba/public/sharefiles public = Yes readonly = No writeable = Yes follow symlinks = Yes wide links = Yes create mask = 0775 force user = fileserver force group = fileserver guest ok = Yes valid users = fileserver nt acl support = No My windows clients all connect to this share 100% and read/write to it :) My Linux clients seems to map the remote uid to the local uid. Now if your current local uid is the same as the remote uid, then you also can write perfectly to the fileserver, but if your local uid is not... Well then you have permission problem. I connect my Linux clients with a fstab entry: //192.168.1.127/sharefiles /mnt/fileserver cifs credentials=/home/.auth,rw,soft 0 0 The connection works fine on boot. How do I map this remote uid to the local uid? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple CIFS Linux permission
willem.bo...@adticket.de wrote: Greetings all, I have a VERY basic fileserver in my network, that works well for my needs, and have run into a problem that I can't solve. I am sure that the more eperienced users here will be able to help me in less than 5 minutes, so please, if you have some time. My smb.conf [global] workgroup = msheimnetz server string = Samba Server Version %v netbios name = fileserver log file = /var/log/samba/%m.log max log size = 50 wins support = yes printcap name = CUPS printing = CUPS map to guest = nobody security = user passdb backend = tdbsam # Share Definitions [sharefiles] comment = Server Files path = /var/samba/public/sharefiles public = Yes readonly = No writeable = Yes follow symlinks = Yes wide links = Yes create mask = 0775 force user = fileserver force group = fileserver guest ok = Yes valid users = fileserver nt acl support = No My windows clients all connect to this share 100% and read/write to it :) My Linux clients seems to map the remote uid to the local uid. Now if your current local uid is the same as the remote uid, then you also can write perfectly to the fileserver, but if your local uid is not... Well then you have permission problem. I connect my Linux clients with a fstab entry: //192.168.1.127/sharefiles /mnt/fileserver cifs credentials=/home/.auth,rw,soft 0 0 The connection works fine on boot. How do I map this remote uid to the local uid? In the credentials section of the entry in /etc/fstab, put in username=whatever,domain=whatever. Otherwise, change your authentication system to use Samba for your Linux clients as well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] several domain
Hi ! Is it possible for one samba server to manage several domain ( seral instance) ? I want to connecte tow diffent network to my server ( with tow interface ) and get one different domain for each network manage par the same server. Thanks ! Y. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.4 is unable to list users with getent and id (idmap_ad backend)
Dear All, I'm using Samba Version 3.2.6 under Solaris 8 with the following config: netbios name = pegasus realm = REALM.NET workgroup = REALM security = ADS encrypt passwords = yes password server = * os level = 20 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap backend = ad idmap config REALM:schema_mode = sfu winbind nss info = sfu allow trusted domains = no winbind enum users = no winbind enum groups = no preferred master = no winbind nested groups = Yes winbind use default domain = Yes max log size = 50 log file = /var/log/samba/log.%m dns proxy = no wins server = 172.20.200.18 172.18.200.20 allow trusted domains = No client use spnego = Yes use kerberos keytab = true winbind refresh tickets = yes This is working fine. Recently I compiled Samba 3.4 for Solaris 10 and I just can't get it to work with the idmap backend ad. Wbinfo -u and wbinfo -g show all my AD users but id username and getent passwd username shows nothing. The logs don't show anything suspicious except this error: lib/C.msg: No such file or directory I checked on the Solaris 8 box and this file doesn't exist either. So I suspect it not the be the cause of the problem. I noticed that the smb.conf needed some adjustment in samba 3.3.2. I got this working using: idmap config REALM : backend = ad idmap config REALM : schema_mode = sfu idmap config REALM : range = 0- Instead of idmap backend = ad But with 3.4 I had no luck. This is what my current config on Samba 3.4 looks like: [global] netbios name = Phobos realm = REALM.NET workgroup = REALM security = ADS encrypt passwords = yes password server = * os level = 20 #idmap backend = ad idmap config REALM : backend = ad idmap config REALM:schema_mode = sfu idmap config REALM : range = 0- winbind nss info = sfu winbind enum users = yes winbind enum groups = yes preferred master = no winbind nested groups = Yes winbind use default domain = Yes max log size = 50 log file = /var/log/samba/log.%m log level = 10 dns proxy = no wins server = 172.20.200.18 172.18.200.20 allow trusted domains = no client use spnego = Yes #use kerberos keytab = true winbind refresh tickets = yes Any help would be appreciated. If I can't get it working I might need to get back using an older Version like 3.2.6. Regards, Oliver -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple CIFS Linux permission
Willem wrote: I connect my Linux clients with a fstab entry: //192.168.1.127/sharefiles /mnt/fileserver cifs credentials=/home/.auth,rw,soft 0 0 The connection works fine on boot. How do I map this remote uid to the local uid? Gary wrote: In the credentials section of the entry in /etc/fstab, put in username=whatever,domain=whatever. Otherwise, change your authentication system to use Samba for your Linux clients as well. Gary, I tried adding the username=fileserver,domain=msheimnetz but it has no effect. I am a bit confused, as the credentials=/home/.auth file already contains this info, and it connect 100% with no username password request. If I can explain it better: I can connect to the share, read the files, and even copy them, but can not save them. If I view the permissions the files are listed as belonging to admin(UID 501 on local machine) and it should say fileserver(UID 501 on remote machine). The current user in this case is user5(UID 507 on local machine) Thus no matter what I do I keep getting the problem that the users can't save the files, cause the UID mapping is not made. Is there not a way to tell Samba that files belong to the remote UID rather than the local UID. And if I authenticate as the remote user, why is the local UID being used when writing? All I actually need is a common shared fileserver. No fancy rights, or anything, just a shared network drive that everyone can use to save documents, no permissions required really. Maybe I am going about this the wrong way. Thanks for the reply :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] several domain
Clément VERET wrote: 2009/9/2 azzouz azz...@hymedia.univ-paris8.fr: Hi ! Is it possible for one samba server to manage several domain ( seral instance) ? Just run multiple smbd process with different config file and log dir : smbd -s=$CONFIG_FILE -l=$LOG_PATH -D You need to specify a different interface for each samba server as well. Then, all you have to do is copying the original /etc/init.d/smb file and modify the parameters for your second domain. Great! Thanks! Are there some who test this sort of configuration ? Don't this cause problems of load and availability ? Y. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] several domain
In this context, I wonder what the response of the winbind daemon looks. If it possible to run multiple smbd with multiple winbind daemons. One reason could be authenticate to various domains. azzouz wrote: Clément VERET wrote: 2009/9/2 azzouz azz...@hymedia.univ-paris8.fr: Hi ! Is it possible for one samba server to manage several domain ( seral instance) ? Just run multiple smbd process with different config file and log dir : smbd -s=$CONFIG_FILE -l=$LOG_PATH -D You need to specify a different interface for each samba server as well. Then, all you have to do is copying the original /etc/init.d/smb file and modify the parameters for your second domain. Great! Thanks! Are there some who test this sort of configuration ? Don't this cause problems of load and availability ? Y. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot connect from Windows 2000 to Samba 3.4 .0 on Li nux ....
Hoover, Tony hoover at sal.ksu.edu writes: Some default setting have changed. Use: testparm -v from your various versions of samba to detect which parameters may be causing you issues. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Yes, that was a possibility I also thought of, but I could not find anything suspicious in this area. The only documented default changes in 3.4 among the parameters are passdb backend, which I have set explicitely to smbpasswd now and map untrusted to domain, which is not for a standalone server. For the sake of completeness a diff of the testparm -v outputs from samba version 3.3.7 and 3.4.0: 1a2 access based share enum = No 30a32 browsable = Yes 32a35 cache directory = /var/log/samba3/locks 47,48d49 config backend = file config file = 62a64 dedicated keytab file = 132d133 include = 141a143 kerberos method = default 194a197 map untrusted to domain = No 199c202 max open files = 1 --- max open files = 1024 244a248 perfcount module = 262c266 private dir = /usr/local/samba3/private --- private dir = /usr/local/private 283c287 server string = Samba 3.3.7 --- server string = Samba 3.4.0 292c296 smb passwd file = /usr/local/samba3/private/smbpasswd --- smb passwd file = /usr/local/private/smbpasswd 296a301 state directory = /var/log/samba3/locks 314d318 use kerberos keytab = No Jochen Roderburg RRZK University of Cologne Robert-Koch-Str. 10Tel.: +49-221/478-7024 D-50931 Koeln E-Mail: Roderburg at Uni-Koeln.DE Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Vista + samba 3.4 member server problem
Hi! I have samba4 domain controller + samba 3.4 member server. On XP login to domain and connection to member server works ok. Vista can login to domain but can't get connected to member server. Member servers log.smbd is following error with Vista client: --- [2009/09/02 14:12:02, 3] smbd/process.c:1259(switch_message) switch message SMBsesssetupX (pid 30541) conn 0x0 [2009/09/02 14:12:02, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/09/02 14:12:02, 3] smbd/sesssetup.c:1406(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2009/09/02 14:12:02, 2] smbd/sesssetup.c:1361(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/02 14:12:02, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2009/09/02 14:12:02, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2009/09/02 14:12:02, 3] smbd/sesssetup.c:776(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1301 [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:377(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:377(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Message size is incompatible with encryption type [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:377(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Message size is incompatible with encryption type [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:567(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Message size is incompatible with encryption type) [2009/09/02 14:12:02, 1] smbd/sesssetup.c:333(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2009/09/02 14:12:02, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(335) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Any clues are very welcome regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] preexec BATCH FILE
Terry wrote: Can I use the preexec option to run a batch file when a share is accessed ? This would not be a domain logon though for example [san] path=/tank/samba guest ok=yes readonly=no preexec = /tank/samba/MENU.CMD Thanks Terry Ah preexec tries to run it on the server its self of course bit of a blonde moment there -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba+cups printing. drivers on clients.
Hello Guys! Need help myprintserver: CentOS 5.3; Samba 3.0.33-3.7.el5; Cups 1.3.7 (LPD / socket) RAW printing mode; Windows clients: 2000 SP1-4; XP SP1-2; *has no administrative rights I have already installed printer from myprintserver on clients: name: printer_01 model: HP LJ 3050 (drivers automaticly downloaded then installing printer on windows clients at first time.) works fine. Sometimes printers need replace and replace drivers: I replace printer_01 and now it Kyocera 4020DN And i set correct driver to printer_01 on the myprintserver: rpcclient -U'user%password' -csetdriver printer_01 4020DN myprintserver Now all _new_ windows clients will get correct driver; problem: 1)Old clients who has printer_01 will use old driver (HP). Update not occur. If i remove printer_01 on windows client, driver not removes. and if i try connect \\myprintserver\printer_01 windows client will use HP driver! How can i completely remove printer+driver on windows client(without administrative rights) or another way to solve problem? 2)Some clients need Administrative Rights to first install printer driver? Or will be exception then try printer options page? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] preexec BATCH FILE
Can I use the preexec option to run a batch file when a share is accessed ? This would not be a domain logon though for example [san] path=/tank/samba guest ok=yes readonly=no preexec = /tank/samba/MENU.CMD Thanks Terry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple CIFS Linux permission
Willem P. Botha wrote: Willem wrote: I connect my Linux clients with a fstab entry: //192.168.1.127/sharefiles /mnt/fileserver cifs credentials=/home/.auth,rw,soft 0 0 The connection works fine on boot. How do I map this remote uid to the local uid? Gary wrote: In the credentials section of the entry in /etc/fstab, put in username=whatever,domain=whatever. Otherwise, change your authentication system to use Samba for your Linux clients as well. Gary, I tried adding the username=fileserver,domain=msheimnetz but it has no effect. I am a bit confused, as the credentials=/home/.auth file already contains this info, and it connect 100% with no username password request. If I can explain it better: I can connect to the share, read the files, and even copy them, but can not save them. If I view the permissions the files are listed as belonging to admin(UID 501 on local machine) and it should say fileserver(UID 501 on remote machine). The current user in this case is user5(UID 507 on local machine) Thus no matter what I do I keep getting the problem that the users can't save the files, cause the UID mappiWillem P. Botha willem.bo...@adticket.deng is not made. Is there not a way to tell Samba that files belong to the remote UID rather than the local UID. And if I authenticate as the remote user, why is the local UID being used when writing? All I actually need is a common shared fileserver. No fancy rights, or anything, just a shared network drive that everyone can use to save documents, no permissions required really. Maybe I am going about this the wrong way. Thanks for the reply :) Your situation is very confusing. Your server name is, according to your smb.conf line: netbios name = fileserver and you are also forcing all users to connect as username group force user = fileserver force group = fileserver The force user tells Samba to connect as user fileserver no matter what id the user connects with. However, if your .auth file already is telling Samba that you are connecting as fileserver, this should have no affect. I note that you also have guest ok = yes in your smb.conf. It is possible that you are not connecting as user fileserver, possibly due to a .auth file error. You may be connecting as guest which may still have read access but probably not write. Try manually connecting without specifying a password in the .auth file. See if you get an error message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem to join Win20900 ADS realm
Dear samba team: I've some troubles to join a GNU/Linux Debian “squeeze” machine to a Windows 2000 ADS realm. I've studied everything about samba, but this problem cause that I cant print in the Windows servers and I've other problems. I've joined machines in this domain before ( I made a recipe at http://wiki.debian.org/SAMBAclienteWindows) But in the last days, I've a problem with the disk, and was necessary to set up all the system again. And it's impossible to me join the domain! I'd tracked everything in the web about this problem, but I did not find the solution. Attaches all the information about the net / samba configuration and the errors. Please, if you can help me. Javier - My host: station91 My user: win-user5 My password: win-pass My domain: company My realm: local.company My KDC administrative server: serverpdc1 My KDC secondary server: serverbdc7 - # /etc/network/interfaces # # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # LOCAL allow-hotplug eth0 auto eth0 iface eth0 inet dhcp post-up route del default gw 10.111.1.254 post-up route del -net 10.111.1.0 netmask 255.255.255.0 dev eth0 post-up route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0 post-up net time set -S serverpdc1 - # /etc/krb5.conf [libdefaults] default_realm = LOCAL.COMPANY # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] LOCAL.COMPANY = { kdc = serverbdc7 kdc = serverpdc1 kdc = serverbdc2 kdc = serverbdc5 admin_server = serverpdc1 } [domain_realm] .local.company = LOCAL.COMPANY local.company = LOCAL.COMPANY [login] krb4_convert = true krb4_get_tickets = false - # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: files winbind ldap group: files winbind ldap shadow: files hosts: files wins mdns4_minimal [NOTFOUND=return] dns mdns4 networks:files protocols: db files services:db files ethers: db files rpc: db files netgroup:nis - # /etc/samba/smb.conf # Samba config file created using SWAT # from UNKNOWN (��t) # Date: 2009/09/02 08:30:38 [global] ldap ssl ads = Yes idmap gid = 1-2 passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . obey pam restrictions = Yes browse list = No dns proxy = No idmap uid = 1-2 local master = No workgroup = COMPANY os level = 0 winbind refresh tickets = Yes update encrypted = Yes printcap name = cups security = ADS winbind separator = + max log size = 1000 lanman auth = Yes log file = /var/log/samba/log.%m include = /etc/samba/dhcp.conf wins server = eth0:10.111.1.201 auth methods = winbind, krb5, ldap, guest, sam interfaces = eth0 username map = /etc/samba/smbusers domain master = No winbind trusted domains only = yes realm = LOCAL.COMPANY winbind use default domain = Yes server string = %h - Jefe Almacenaje (13-6922) password server = serverbdc7, serverpdc1, * unix password sync = Yes template homedir = /home/%U syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No - station91:~# wbinfo -m --verbose Domain Name DNS Domain Trust Type Transitive In Out
Re: [Samba] Simple CIFS Linux permission
Your situation is very confusing. Your server name is, according to your smb.conf line: netbios name = fileserver and you are also forcing all users to connect as username group force user = fileserver force group = fileserver The force user tells Samba to connect as user fileserver no matter what id the user connects with. However, if your .auth file already is telling Samba that you are connecting as fileserver, this should have no affect. I note that you also have guest ok = yes in your smb.conf. It is possible that you are not connecting as user fileserver, possibly due to a .auth file error. You may be connecting as guest which may still have read access but probably not write. Try manually connecting without specifying a password in the .auth file. See if you get an error message. A test with no password in my .auth file proved NOT to work, so this means I can't connect to the server without the right username/password.. I did this force user and group to enable everybody in the company to read and write to the shared folder... I am just completely unhappy that the Windows works 100% and the Linux not... This is just wrong :( Be that as it may...If you don't feel like breaking your head on this, could you maybe help me with creating a samba conf that would require no authentication, and have read/write access for all... This was the original ideaJust a simple shared folder for all on the network. Sorry for messing up your head with my confusing configurations :D -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaPwdMustChange not synced on PDC from BDC
This caught me out too. sambaPwdMustChange has been phased out since late in the 3.0 series. It is ignored. The password expiry is calculated on the fly from sambaPwdLastChange + sambaMaxPwdAge(Domain entry) You will have to run the same version of samba on both PDC and BDC. On Tue, 01 Sep 2009 22:34:41 +0200, Michael Ströder mich...@stroeder.com wrote: nogenetics nogenetics wrote: On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics nnogenet...@gmail.com wrote: I have a PDC/BDC samba/ldap environment. PDC: samba 3.0.24 slapd 2.3.30 BDC: samba 3.2.5 slapd 2.4.11 Ldap replication is working fine, but I have noticed two issues 1- when a windows user change password on BDC, sambaPwdMustChange and sambaPwdCanChange is not synced on PDC (using ldap passwd sync = yes and unix password sync = no) 2- when using 'net sam set pwdmustchange' on PDC, sambaPwdMustChange is not synced on BDC Anyone can point me what's wrong? About issue 1- , I can use unix password sync = yes and ldap passwd sync = no (using smbldap-passwd) as workaround, but windows user get that annoying warning message (decode_pw_buffer-incorrect-password-length topic). Is there a way to avoid this warning message? This is a issue many users are experiencing. Thanks in advance for your time Bump! No hints? How are you sure you don't run into OpenLDAP replication problems? The OpenLDAP versions you're running are quite old. slapd 2.3.x is not actively supported anymore. There also were interop issues fixed regarding replication between 2.3.x and 2.4.x and numerous syncrepl fixes for 2.4.x. You should definitely upgrade your OpenLDAP installations. Ciao, Michael. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple CIFS Linux permission
Willem P. Botha wrote: Your situation is very confusing. Your server name is, according to your smb.conf line: netbios name = fileserver and you are also forcing all users to connect as username group force user = fileserver force group = fileserver The force user tells Samba to connect as user fileserver no matter what id the user connects with. However, if your .auth file already is telling Samba that you are connecting as fileserver, this should have no affect. I note that you also have guest ok = yes in your smb.conf. It is possible that you are not connecting as user fileserver, possibly due to a .auth file error. You may be connecting as guest which may still have read access but probably not write. Try manually connecting without specifying a password in the .auth file. See if you get an error message. A test with no password in my .auth file proved NOT to work, so this means I can't connect to the server without the right username/password.. I did this force user and group to enable everybody in the company to read and write to the shared folder... I am just completely unhappy that the Windows works 100% and the Linux not... This is just wrong :( Be that as it may...If you don't feel like breaking your head on this, could you maybe help me with creating a samba conf that would require no authentication, and have read/write access for all... This was the original ideaJust a simple shared folder for all on the network. Sorry for messing up your head with my confusing configurations :D OK. So now try removing the credentials entirely. Also, set the log level in smb.conf to 10 and restart it. Then connect from the command line (as root) using -o username=fileserver,domain= See if you get an error message and also check the logs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple CIFS Linux permission
OK. So now try removing the credentials entirely. Also, set the log level in smb.conf to 10 and restart it. Then connect from the command line (as root) using -o username=fileserver,domain= See if you get an error message and also check the logs. OK, first off, no matter what I do, I have to provide a password... or else I can't connect. Regardless if I add a domain or not. The security is set to user level, so this is what I think should happen...or am I wrong? Log level 10 is Crazy man... :-O If I give the password, then it connects fine. The log file said : connecting to service initially as fileserver(gid uid pid) if I unmount the service the log file also response with a connection closed.. So it is allowing me to connect no problem, but still the problem is that the files on the share, is mapped to my local user-list, so Samba is not actually giving me any error. When I try to copy a file on this share, the log file does nothing ! It seems my local machine is preventing this from happening, not samba. It seems to figure out that the uid and gid for the remote folder is set to something else than the current user, and thus preventing me from writing to this service. The remote machine provides me a folder with write access for uid=501 and gid=501 The local machine sees a folder with write access for uid=501,gid=501 My current user is uid=503, hence the permission denied. My problem is not the connection.. it's writing files. Still I am lost at how to map the remote uid to the local uid, or the authenticated user..?? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cached password updates with Winbind
If a user changes their password and the client looses network connectivity prior to them logging in again their local/cached password is not updated; they have to use their old password to authenticate. Is there a way to change this behavior so that the cached password gets updated upon a successful password change? Thx, Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade from 3.0.31 to 3.3.7 now has incredibly large printer tdb files
Sorry for the cross-post, but curious if this is a known issue. After upgrading our printer server from 3.0.31 to 3.3.7, the tdb files for the specific queues are growing out of control with old job data in the tdb file. In addition the queue from the windows view can show hundreds of old jobs that have long since printed. How can we: a) reduce the tdb file size and b) stop samba from recording this info in the first place (as no one really cares from the windows side as long as their job prints :-) :-) ) Setting lpq cache = 0 was no help and max reported print jobs does not help either. Cheers, Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] default profile
I turned on profile debugging. When I logged in first time, I changed the password. Here is a part of the log (username is t8): USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: Entering, hToken = 0x3d8, lpProfileInfo = 0x80f698 USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: lpProfileInfo-dwFlags = 0x9 USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: lpProfileInfo-lpUserName = LocalService USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL central profile path USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL default profile path USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL server name USERENV(2f0.3a0) 19:15:51:078 GetInterface: Returning rpc binding handle USERENV(2c4.3f4) 19:15:51:078 IProfileSecurityCallBack: client authenticated. USERENV(2c4.3f4) 19:15:51:078 DropClientContext: Got client token 04EC, sid = S-1-5-18 USERENV(2c4.3f4) 19:15:51:093 MIDL_user_allocate enter USERENV(2c4.3f4) 19:15:51:093 DropClientContext: load profile object successfully made USERENV(2c4.3f4) 19:15:51:093 DropClientContext: Returning 0 USERENV(2f0.3a0) 19:15:51:093 LoadUserProfile: Calling DropClientToken (as self) succeeded USERENV(2c4.2dc) 19:15:51:093 IProfileSecurityCallBack: client authenticated. USERENV(2c4.2dc) 19:15:51:093 In LoadUserProfileP USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Running as client USERENV(2c4.2dc) 19:15:51:093 = USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Entering, hToken = 0x4f8, lpProfileInfo = 0xef0800 USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: lpProfileInfo-dwFlags = 0x9 USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: lpProfileInfo-lpUserName = LocalService USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL central profile path USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL default profile path USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL server name USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: User sid: S-1-5-19 USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock S-1-5-19 USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock: No existing entry found USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock: New entry created USERENV(2c4.2dc) 19:15:51:093 CHashTable::HashAdd: S-1-5-19 added in bucket 12 USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Wait succeeded. In critical section. USERENV(2c4.2dc) 19:15:51:093 TestIfUserProfileLoaded: Profile already loaded. USERENV(2c4.2dc) 19:15:51:093 Profile Ref Count is 2 USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Leaving critical Section. USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock S-1-5-19 USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock: Lock released USERENV(2c4.2dc) 19:15:51:093 CHashTable::HashDelete: S-1-5-19 deleted USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock: Lock deleted USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Impersonated user: 04f8, 0118 USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Reverted to user: USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Reverted back to user USERENV(2c4.2dc) 19:15:51:109 LoadUserProfile: Leaving with a value of 1. USERENV(2c4.2dc) 19:15:51:109 = USERENV(2c4.2dc) 19:15:51:109 LoadUserProfileI: returning 0 USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Running as self USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Returning success. Final Information follows: USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-UserName = LocalService USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-lpProfilePath = USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-dwFlags = 0x9 USERENV(2c4.3f4) 19:15:51:109 IProfileSecurityCallBack: client authenticated. USERENV(2c4.3f4) 19:15:51:109 ReleaseClientContext: Releasing context USERENV(2c4.3f4) 19:15:51:109 ReleaseClientContext_s: Releasing context USERENV(2c4.3f4) 19:15:51:109 MIDL_user_free enter USERENV(2f0.3a0) 19:15:51:109 ReleaseInterface: Releasing rpc binding handle USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Returning TRUE. hProfile = 0x43c USERENV(2f0.3a0) 19:15:51:109 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(f4.f8) 19:15:51:171 LibMain: Process Name: C:\WINDOWS\System32\alg.exe USERENV(47c.770) 19:15:51:281 GetProfileType: Profile already loaded. USERENV(47c.770) 19:15:51:281 LoadProfileInfo: Failed to query central profile with error 2 USERENV(47c.770) 19:15:51:281 GetProfileType: ProfileFlags is 0 USERENV(2fc.368) 19:16:06:656 LoadUserProfile: Yes, we can impersonate the user. Running as self USERENV(2fc.368) 19:16:06:656 = USERENV(2fc.368) 19:16:06:656 LoadUserProfile: Entering, hToken = 0x644, lpProfileInfo = 0xb2fa0c USERENV(2fc.368) 19:16:06:656 LoadUserProfile: lpProfileInfo-dwFlags = 0x1 USERENV(2fc.368) 19:16:06:656 LoadUserProfile: lpProfileInfo-lpUserName = t8
Re: [Samba] Simple CIFS Linux permission
willem.bo...@adticket.de wrote: I connect my Linux clients with a fstab entry: //192.168.1.127/sharefiles /mnt/fileserver cifs credentials=/home/.auth,rw,soft 0 0 Here is an example from my server: //192.168.254.35/projects /mnt/engin cifs noperm,uid=enginuser,gid=Engineers,credentials=/root/creds 0 0 Does that help? -- Mark Nienberg Sent from an invalid address. Please reply to the group. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cached password updates with Winbind
I have set that to various times, as small as 10, but I don't see any network traffic in tcpdump indicating the updates are occuring. In addition, I modified a user account on the PDC, wbinfo showed a sequence change, I waited well over 5 minutes just make sure the default cache timeout wasn't being used, and the cache still wasn't updated. Here is my config. maybe there is something wrong there? [global] log level = 5 ads:10 auth:10 sam:10 rpc:10 winbind offline logon = true winbind cache time = 30 winbind normalize names = yes winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = false workgroup = TEST server string = Samba Server Version %v realm = TEST.LOCAL security = ads password server = win2k passdb backend = tdbsam idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /home/network/%U load printers = no cups options = raw [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes Thanks, Craig -Original Message- From: Max Leon [mailto:maxleo...@gmail.com] Sent: Wednesday, September 02, 2009 9:34 AM To: Schneider, Craig-P65851 Cc: samba@lists.samba.org Subject: Re: [Samba] Cached password updates with Winbind On the smb.conf there is a parameter on the Global section called winbind cache time I think that is your answer. Schneider, Craig-P65851 wrote: If a user changes their password and the client looses network connectivity prior to them logging in again their local/cached password is not updated; they have to use their old password to authenticate. Is there a way to change this behavior so that the cached password gets updated upon a successful password change? Thx, Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] default profile
you can copy it manually form c:\docs and settings\username to \\server\profiles\username and then delete the local user and have them login and it should load their profile as a roaming user. Tamás Pisch wrote: 2009/9/1 Adam Williams awill...@mdah.state.ms.us Tamás Pisch wrote: 2009/8/31 Adam Williams awill...@mdah.state.ms.us awill...@mdah.state.ms.us my computer properties, advanced tab, user profiles. is user set to local and not roaming? does it only happen to certain local profile change local profile to roaming in the my computer properties, advanced, user profiles section. I cannot, because it is inactive (grayed). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] default profile
Hi! On Wed, Sep 02, 2009 at 07:54:11PM +0200, Tamás Pisch wrote: USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: User sid: S-1-5-19 Sorry, but I haven't followed this thread. But *this* looks wrong. A user should never have S-1-5-19 as SID. It must be of the form S-1-5-21-a-b-c-d where a,b,c and d are 32-bit numbers. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] User permissions on other users home directory
Hello, I have 5 users that need to be able to read and write from each others home directorys. How I have done this is by creating a group office, adding these 5 users to the office group, and then changing ownership of users home directorys to user1:office However, when user1 edits a file in his home directory, user2 can no longer edit it, even though both users are in the office group. My smb.conf: [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = VENTURE # server string is the equivalent of the NT Description field server string = Server # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server # wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no # What naming service and in what order should we use to resolve host names # to IP addresses ; name resolve order = lmhosts host wins bcast Networking # The specific set of interfaces / networks to bind to # This can be either the interface name or an IP address/netmask; # interface names are normally preferred ; interfaces = 127.0.0.0/8 eth0 # Only bind to the named interfaces and/or networks; you must use the # 'interfaces' option above to use this. # It is recommended that you enable this feature if your Samba machine is # not protected by a firewall or is a firewall itself. However, this # option cannot handle dynamic or non-broadcast interfaces correctly. ; bind interfaces only = yes Debugging/Accounting # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m/%u.log # Cap the size of the individual log files (in KiB). max log size = 1000 # If you want Samba to only log through syslog then set the following # parameter to 'yes'. # syslog only = no # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log # through syslog you should set the following parameter to something higher. syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d ### Authentication ### # security = user is always a good idea. This will require a Unix account # in this server for every user accessing the server. See # /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html # in the samba-doc package for details. security = user # You may wish to use password encryption. See the section on # 'encrypt passwords' in the smb.conf(5) manpage before enabling. encrypt passwords = true # If you are using encrypted passwords, Samba will need to know what # password database type you are using. passdb backend = tdbsam obey pam restrictions = yes # This boolean parameter controls whether Samba attempts to sync the Unix # password with the SMB password when the encrypted SMB password in the # passdb is changed. unix password sync = yes # For Unix password sync to work on a Debian GNU/Linux system, the following # parameters must be set (thanks to Ian Kahan ka...@informatik.tu-muenchen.de for # sending the correct chat script for the passwd program in Debian Sarge). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . # This boolean controls whether PAM will be used for password changes # when requested by an SMB client instead of the program listed in # 'passwd program'. The default is 'no'. pam password change = yes # This option controls how unsuccessful authentication attempts are mapped # to anonymous connections # map to guest = bad user ## Domains ### # Is this machine able to authenticate users. Both PDC and BDC # must have this setting enabled. If you are the BDC you must # change the 'domain master' setting to no # domain logons = yes admin users = adamdv angeladv domain admin = adamdv # # The following setting only takes effect if 'domain logons' is set # It specifies the location of the user's profile directory # from the client point of view) # The following required a [profiles] share to be setup on the # samba server (see below) logon path = \\server1\profiles\%U # Another common choice is storing the profile in the user's home directory # (this is Samba's default) # logon path = \\%N\%U\profile # The following setting only takes effect if 'domain logons' is set # It specifies the location of a user's home directory (from the client # point of view) logon drive = H: logon home = \\server1\%U # The following setting only takes effect if 'domain logons' is set
Re: [Samba] default profile
There is a bug in Windows SP3 where if you change your password the first time logging into the domain on a computer, it will not copy down the Default User profile stored in the netlogon folder. I believe there is a problem with roaming profiles as well, where changes are not saved back to the server where the profile is being saved. http://social.technet.microsoft.com/Forums/en-US/itproxpsp/thread/29d8987a-6 017-48bc-9972-dc8f8f80532c -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Tamás Pisch Sent: Wednesday, September 02, 2009 12:54 PM To: samba@lists.samba.org Subject: Re: [Samba] default profile I turned on profile debugging. When I logged in first time, I changed the password. Here is a part of the log (username is t8): USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: Entering, hToken = 0x3d8, lpProfileInfo = 0x80f698 USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: lpProfileInfo-dwFlags = 0x9 USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: lpProfileInfo-lpUserName = LocalService USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL central profile path USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL default profile path USERENV(2f0.3a0) 19:15:51:078 LoadUserProfile: NULL server name USERENV(2f0.3a0) 19:15:51:078 GetInterface: Returning rpc binding handle USERENV(2c4.3f4) 19:15:51:078 IProfileSecurityCallBack: client authenticated. USERENV(2c4.3f4) 19:15:51:078 DropClientContext: Got client token 04EC, sid = S-1-5-18 USERENV(2c4.3f4) 19:15:51:093 MIDL_user_allocate enter USERENV(2c4.3f4) 19:15:51:093 DropClientContext: load profile object successfully made USERENV(2c4.3f4) 19:15:51:093 DropClientContext: Returning 0 USERENV(2f0.3a0) 19:15:51:093 LoadUserProfile: Calling DropClientToken (as self) succeeded USERENV(2c4.2dc) 19:15:51:093 IProfileSecurityCallBack: client authenticated. USERENV(2c4.2dc) 19:15:51:093 In LoadUserProfileP USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Running as client USERENV(2c4.2dc) 19:15:51:093 = USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Entering, hToken = 0x4f8, lpProfileInfo = 0xef0800 USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: lpProfileInfo-dwFlags = 0x9 USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: lpProfileInfo-lpUserName = LocalService USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL central profile path USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL default profile path USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: NULL server name USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: User sid: S-1-5-19 USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock S-1-5-19 USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock: No existing entry found USERENV(2c4.2dc) 19:15:51:093 CSyncManager::EnterLock: New entry created USERENV(2c4.2dc) 19:15:51:093 CHashTable::HashAdd: S-1-5-19 added in bucket 12 USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Wait succeeded. In critical section. USERENV(2c4.2dc) 19:15:51:093 TestIfUserProfileLoaded: Profile already loaded. USERENV(2c4.2dc) 19:15:51:093 Profile Ref Count is 2 USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Leaving critical Section. USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock S-1-5-19 USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock: Lock released USERENV(2c4.2dc) 19:15:51:093 CHashTable::HashDelete: S-1-5-19 deleted USERENV(2c4.2dc) 19:15:51:093 CSyncManager::LeaveLock: Lock deleted USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Impersonated user: 04f8, 0118 USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Reverted to user: USERENV(2c4.2dc) 19:15:51:093 LoadUserProfile: Reverted back to user USERENV(2c4.2dc) 19:15:51:109 LoadUserProfile: Leaving with a value of 1. USERENV(2c4.2dc) 19:15:51:109 = USERENV(2c4.2dc) 19:15:51:109 LoadUserProfileI: returning 0 USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Running as self USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Returning success. Final Information follows: USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-UserName = LocalService USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-lpProfilePath = USERENV(2f0.3a0) 19:15:51:109 lpProfileInfo-dwFlags = 0x9 USERENV(2c4.3f4) 19:15:51:109 IProfileSecurityCallBack: client authenticated. USERENV(2c4.3f4) 19:15:51:109 ReleaseClientContext: Releasing context USERENV(2c4.3f4) 19:15:51:109 ReleaseClientContext_s: Releasing context USERENV(2c4.3f4) 19:15:51:109 MIDL_user_free enter USERENV(2f0.3a0) 19:15:51:109 ReleaseInterface: Releasing rpc binding handle USERENV(2f0.3a0) 19:15:51:109 LoadUserProfile: Returning TRUE. hProfile = 0x43c USERENV(2f0.3a0) 19:15:51:109 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(f4.f8) 19:15:51:171 LibMain: Process Name:
[Samba] Password-less share, for certain users.
Is it possible to have a password-less share available to only certain users? I've been searching all over and could not find anything. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password-less share, for certain users.
Is it possible to have a password-less share available to only certain users? From the smb.conf man page: guest ok (S) If this parameter is yes for a service, then no password is required to connect to the service. Privileges will be those of the guest account. This parameter nullifies the benefits of setting restrict anonymous = 2 See the section below on security for more information about this option. Default: guest ok = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password-less share, for certain users.
Here's what I got. I want to allow a 'password-less' log-in that will allow only user1 and user2 to access share_zero, can this be done? I know that I can make it public, but that's not really an option as I need to restrict access to just a hand full of users. Can this be done? I've searched everywhere and all I can find is setting share to public, or something similar. [share_zero] path = /path/to/dir writeable = yes browseable = yes valid users = user1 user2 guest ok = yes create mask = 0666 directory mask = 0777 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User permissions on other users home directory
On 3/09/2009 3:58 AM, Adam Del Vecchio wrote: However, when user1 edits a file in his home directory, user2 can no longer edit it, even though both users are in the office group. ... # File creation mask is set to 0700 for security reasons. If you want to # create files with group=rw permissions, set next parameter to 0775. create mask = 0700 # Directory creation mask is set to 0700 for security reasons. If you want to # create dirs. with group=rw permissions, set next parameter to 0775. directory mask = 0700 Change those. *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password-less share, for certain users.
Is it possible to have a password-less share available to only certain users? Ooops! I suppose the key expression for you here is only certain users. Perhaps a combination of the guest account and guest ok parameters in the share definition? Make those users part of the group defined with guest account and then use guest ok = yes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password-less share, for certain users.
On 3/09/2009 8:24 AM, JDE wrote: Here's what I got. I want to allow a 'password-less' log-in that will allow only user1 and user2 to access share_zero, can this be done? I know that I can make it public, but that's not really an option as I need to restrict access to just a hand full of users. Can this be done? I've searched everywhere and all I can find is setting share to public, or something similar. If a user is connecting without a password then they are a guest and they do not have a username. What you are trying to do isn't possible because it is pointless. Usernames aren't private, if I can guess (or ask for) someones username then I could bypass your restrictions. *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password-less share, for certain users.
On 3/09/2009 7:44 AM, Miguel Medalha wrote: Make those users part of the group defined with guest account and then use guest ok = yes. guest account defines the unix account that is used to access the file system when a guest connection is used. It doesn't determine who can use the guest account. *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password-less share, for certain users.
guest account defines the unix account that is used to access the file system when a guest connection is used. It doesn't determine who can use the guest account. Huuummm From the smb.conf man page: guest account (G) This is a username which will be used for access to services which are specified as guest ok (see below). Whatever privileges this user has will be available to any client connecting to the guest service. This user must exist in the password file, but does not require a valid login. The user account ftp is often a good choice for this parameter. On some systems the default guest account nobody may not be able to print. Use another account in this case. You should test this by trying to log in as your guest user (perhaps by using the su - command) and trying to print using the system print command such as lpr(1) or lp(1). This parameter does not accept % macros, because many parts of the system require this value to be constant for correct operation. Default: guest account = nobody # default can be changed at compile-time Example: guest account = ftp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password-less share, for certain users.
Thank you both, it doesn't sound like samba supports this behaviour natively. Guess one other option would be to use pass-through authentication via Active Directory, which, unfortunately, is not an option in this scenario. Might have to go with a batch script that'll just map this share to the users drive, not elegant but probably the best solution I have this time. Thanks again. 2009/9/2 Miguel Medalha miguelmeda...@sapo.pt: guest account defines the unix account that is used to access the file system when a guest connection is used. It doesn't determine who can use the guest account. Huuummm From the smb.conf man page: guest account (G) This is a username which will be used for access to services which are specified as guest ok (see below). Whatever privileges this user has will be available to any client connecting to the guest service. This user must exist in the password file, but does not require a valid login. The user account ftp is often a good choice for this parameter. On some systems the default guest account nobody may not be able to print. Use another account in this case. You should test this by trying to log in as your guest user (perhaps by using the su - command) and trying to print using the system print command such as lpr(1) or lp(1). This parameter does not accept % macros, because many parts of the system require this value to be constant for correct operation. Default: guest account = nobody # default can be changed at compile-time Example: guest account = ftp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple CIFS Linux permission
Willem P. Botha wrote: OK. So now try removing the credentials entirely. Also, set the log level in smb.conf to 10 and restart it. Then connect from the command line (as root) using -o username=fileserver,domain= See if you get an error message and also check the logs. OK, first off, no matter what I do, I have to provide a password... or else I can't connect. Regardless if I add a domain or not. The security is set to user level, so this is what I think should happen...or am I wrong? Yes. I just don't enter passwords in a command. Let the program prompt you for it. Log level 10 is Crazy man... :-O If I give the password, then it connects fine. The log file said : connecting to service initially as fileserver(gid uid pid) if I unmount the service the log file also response with a connection closed.. So it is allowing me to connect no problem, but still the problem is that the files on the share, is mapped to my local user-list, so Samba is not actually giving me any error. When I try to copy a file on this share, the log file does nothing ! It seems my local machine is preventing this from happening, not samba. It seems to figure out that the uid and gid for the remote folder is set to something else than the current user, and thus preventing me from writing to this service. The remote machine provides me a folder with write access for uid=501 and gid=501 The local machine sees a folder with write access for uid=501,gid=501 My current user is uid=503, hence the permission denied. My problem is not the connection.. it's writing files. Still I am lost at how to map the remote uid to the local uid, or the authenticated user..?? Have you tried connecting as your user account and letting the force user in smb.conf do its work? When your Windows clients connect, they are using their own ids and that is working. Why are you doing it differently for Linux? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password-less share, for certain users.
JDE soc...@gmail.com wrote in message news:7378bb590909021452g60ffb721o5b21d1bd38fb...@mail.gmail.com... Is it possible to have a password-less share available to only certain users? I've been searching all over and could not find anything. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Try the valid users option in the smb.conf. If I remember correctly, you can set this to a group. That way only the members of the group should have access to the share. valid users = @accounts -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Question regarding access to shares from LOCAL administrator account
Hi. How do I give access to shares from the LOCAL administrator account to a share(s) on the samba server? (workstation is domain member, without the need to specify a password). -- smb.conf domain logons = Yes os level = 200 domain master = Yes security = user -- I have read chapters 12,13,15 but there seems to be no way I can put the local administrator into /etc/group nor mapping it via net groupmap. I can do it the other way around i.e. mapping a local group to a group on the server, but for one share only I need to have access for the local administrator to the share on the server. Jobst -- This message represents the official view of the voices in my head! | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password-less share, for certain users.
On 3/09/2009 11:04 AM, Jamrock wrote: Try the valid users option in the smb.conf. If I remember correctly, you can set this to a group. That way only the members of the group should have access to the share. valid users = @accounts If they connect as a guest, then there is nothing to compare against the valid users setting. *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password-less share, for certain users.
On 3/09/2009 8:43 AM, Miguel Medalha wrote: guest account defines the unix account This user must exist in the password file that is used to access the file system This is a username which will be used for access to services... when a guest connection is used. ...which are specified as guest ok *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question regarding access to shares from LOCAL administrator account
On 3/09/2009 11:26 AM, Jobst Schmalenbach wrote: How do I give access to shares from the LOCAL administrator account to a share(s) on the samba server? (workstation is domain member, without the need to specify a password). I don't believe this is possible. The local administrator does not necessarily have a fixed username or password and I don't think the domain controller can see the SIDs used on the client for local users. I can do it the other way around i.e. mapping a local group to a group on the server, but for one share only I need to have access for the local administrator to the share on the server. Are you sure you can't do it the normal way? Create a domain user and add them to the local administrators group on each PC? They wouldn't have to be domain admins if you didn't want to. *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba+cups printing. drivers on clients.
Any help? May be samba or windows clients can forcefully serve\takes drivers always then printer installing? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Wed Sep 2 06:00:01 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-09-01 00:00:03.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-09-02 00:00:07.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Tue Sep 1 06:00:01 2009 +Build status as of Wed Sep 2 06:00:01 2009 Build counts: Tree Total Broken Panic @@ -13,10 +13,10 @@ rsync26 11 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 23 22 0 +samba_3_current 22 21 0 samba_3_master 24 23 2 -samba_3_next 24 23 0 -samba_4_0_test 26 26 3 +samba_3_next 24 23 1 +samba_4_0_test 26 26 2 talloc 26 26 0 tdb 24 24 0
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1321-gaec03ed
The branch, master has been updated via aec03eda93d3db8723c79f062c80db0267ac2e59 (commit) from 9264f4891484b0316e8e574e256ca0b0a5e9f007 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit aec03eda93d3db8723c79f062c80db0267ac2e59 Author: Simo Sorce i...@samba.org Date: Sat Aug 29 19:31:02 2009 -0400 s3-smbpasswd: Fix Bug #6584: allow DOM\user when changing passwords remotely. Signed-off-by: Günther Deschner g...@samba.org --- Summary of changes: source3/libsmb/passchange.c | 19 --- 1 files changed, 16 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index bb70386..c83247a 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -31,10 +31,24 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam struct cli_state *cli; struct rpc_pipe_client *pipe_hnd; struct sockaddr_storage ss; + char *user, *domain, *p; NTSTATUS result; bool pass_must_change = False; + user = talloc_strdup(talloc_tos(), user_name); + SMB_ASSERT(user != NULL); + domain = talloc_strdup(talloc_tos(), ); + SMB_ASSERT(domain != NULL); + + /* allow usernames of the form domain\\user or domain/user */ + if ((p = strchr_m(user,'\\')) || (p = strchr_m(user,'/')) || + (p = strchr_m(user,*lp_winbind_separator( { + *p = 0; + domain = user; + user = p+1; + } + *err_str = NULL; if(!resolve_name( remote_machine, ss, 0x20, false)) { @@ -139,7 +153,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam return result; } } else { - result = cli_init_creds(cli, user_name, , old_passwd); + result = cli_init_creds(cli, user, domain, old_passwd); if (!NT_STATUS_IS_OK(result)) { cli_shutdown(cli); return result; @@ -163,8 +177,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam result = cli_rpc_pipe_open_ntlmssp(cli, ndr_table_samr.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, - , /* what domain... ? */ - user_name, + domain, user, old_passwd, pipe_hnd); } else { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1336-g9f03135
The branch, master has been updated via 9f031352c6e9439922284fc853611964b33ea4af (commit) via b5f63160d474b1fc8484a1a9112aa4f248d1e814 (commit) via ca45847edab3a5897c0e0d3b4c486ad9ae0848c6 (commit) via 199be936d8920fce31e18d6663f8ba36f573d26f (commit) via 69802b3a3b934407d898088c8b3fbee64919b668 (commit) via 10bd56b34a51cb10f48646584d58f0fdffe85e94 (commit) via 1e552770ee25fb34b680ef01bc64e21dc9803782 (commit) via 29320bc6e0f364047686b76f26dbd8135ab87377 (commit) via 79255a9384e16a37602028fb0960acf9fc1eb257 (commit) via 67bf17598bd755ac07952fc44ce27031478d5503 (commit) via 4b336fed94b953cd78087a1ffcf75b65cb846c0f (commit) via a19ad210332008c25e24dd6aba6a3479ba9ffe3f (commit) via 132242fe7ebbf7bba9fb5a361788b0157cc704ac (commit) via 90b694bc6114cbb652b11a136a8fc3657861d790 (commit) via b5bf4400659a59b6508ede2e9d1b7fbd253c0b07 (commit) from aec03eda93d3db8723c79f062c80db0267ac2e59 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9f031352c6e9439922284fc853611964b33ea4af Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 2 18:18:33 2009 +1000 traverse the ac list in reverse order items are added to the linked attribute list using DLIST_ADD(), which means to commit them to the database in the same order they came from the server we need to walk the list backwards when we traverse it commit b5f63160d474b1fc8484a1a9112aa4f248d1e814 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 2 17:08:52 2009 +1000 repl_meta_data should only be included when we are a DC commit ca45847edab3a5897c0e0d3b4c486ad9ae0848c6 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 2 17:02:56 2009 +1000 s4:dsdb rewrite the linked_atrributes code to commit in the end_transaction hook linked attribute changes can come in any order. This means it is possible for a forward link to come over the wire in DRS before the target even exists. To make this work this patch changed the linked attributes module to gather up all the changes it needs to make in a linked list, then execute the changes in the end_transaction hook for the module. During that commit phase we also fix up all the DNs that we got by searching for their GUID, as the objects may have moved after the linked attribute was sent, but before the end of the transaction commit 199be936d8920fce31e18d6663f8ba36f573d26f Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 2 16:58:04 2009 +1000 move the repl_meta_data module up the ldb module stack The repl_meta_data module needs to be above the linked_attributes module, to allow linked_attributes to do its magic commit 69802b3a3b934407d898088c8b3fbee64919b668 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 2 16:57:25 2009 +1000 wrap the entire vampire operation in a transaction We want to grab the whole database, or none of it. This is also needed to get linked attributes right commit 10bd56b34a51cb10f48646584d58f0fdffe85e94 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 2 16:56:39 2009 +1000 use ldb_cmdline_help() in ldbsearch commit 1e552770ee25fb34b680ef01bc64e21dc9803782 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 2 16:56:20 2009 +1000 added ldb_cmdline_help() This allows the ldb tools to show their full command line options commit 29320bc6e0f364047686b76f26dbd8135ab87377 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 2 16:55:57 2009 +1000 add the partition_control control to replication requests We know the partition DN from the DRS objects, we need to pass this down the modules below us to ensure they operate on the right partition commit 79255a9384e16a37602028fb0960acf9fc1eb257 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 2 13:36:54 2009 +1000 change the dsdb_control_current_partition to not include internal variables This structures was used in two ways. In one way it held variables that are logically internal to the partition module, and in the other way it was used to pass the partition DN down to other modules. This change makes the structure contain just the dn which is being passed down. This change is part of the support for linked attributes. We will be passing this control down from above the partition module to force which partition a request acts upon. The partition module now only adds this control if it isn't already there. commit 67bf17598bd755ac07952fc44ce27031478d5503 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 2 13:33:37 2009 +1000 don't allow two controls to be added with the same OID Two controls with the same OID makes no sense, as they may have different data attached
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1337-g9317711
The branch, master has been updated via 931771138a52a3385afb2d3966509a57def3ece5 (commit) from 9f031352c6e9439922284fc853611964b33ea4af (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 931771138a52a3385afb2d3966509a57def3ece5 Author: Günther Deschner g...@samba.org Date: Mon Aug 31 17:13:05 2009 +0200 s3-netlogon: implement _netr_LogonSamLogonWithFlags(). Guenther --- Summary of changes: source3/rpc_server/srv_netlog_nt.c | 58 --- 1 files changed, 40 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 9a3c8c2..3daf45b 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -807,6 +807,10 @@ static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p, process_creds = true; fn = _netr_LogonSamLogon; break; + case NDR_NETR_LOGONSAMLOGONWITHFLAGS: + process_creds = true; + fn = _netr_LogonSamLogonWithFlags; + break; case NDR_NETR_LOGONSAMLOGONEX: process_creds = false; fn = _netr_LogonSamLogonEx; @@ -993,18 +997,17 @@ static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p, return status; } -/* - _netr_LogonSamLogon - */ +/ + _netr_LogonSamLogonWithFlags +/ -NTSTATUS _netr_LogonSamLogon(pipes_struct *p, -struct netr_LogonSamLogon *r) +NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, + struct netr_LogonSamLogonWithFlags *r) { NTSTATUS status; struct netlogon_creds_CredentialState *creds; struct netr_LogonSamLogonEx r2; struct netr_Authenticator return_authenticator; - uint32_t flags = 0; become_root(); status = netr_creds_server_step_check(p, p-mem_ctx, @@ -1022,10 +1025,10 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p, r2.in.logon_level = r-in.logon_level; r2.in.logon = r-in.logon; r2.in.validation_level = r-in.validation_level; - r2.in.flags = flags; + r2.in.flags = r-in.flags; r2.out.validation = r-out.validation; r2.out.authoritative= r-out.authoritative; - r2.out.flags= flags; + r2.out.flags= r-out.flags; status = _netr_LogonSamLogon_base(p, r2, creds); @@ -1035,6 +1038,35 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p, } /* + _netr_LogonSamLogon + */ + +NTSTATUS _netr_LogonSamLogon(pipes_struct *p, +struct netr_LogonSamLogon *r) +{ + NTSTATUS status; + struct netr_LogonSamLogonWithFlags r2; + uint32_t flags = 0; + + r2.in.server_name = r-in.server_name; + r2.in.computer_name = r-in.computer_name; + r2.in.credential= r-in.credential; + r2.in.logon_level = r-in.logon_level; + r2.in.logon = r-in.logon; + r2.in.validation_level = r-in.validation_level; + r2.in.return_authenticator = r-in.return_authenticator; + r2.in.flags = flags; + r2.out.validation = r-out.validation; + r2.out.authoritative= r-out.authoritative; + r2.out.flags= flags; + r2.out.return_authenticator = r-out.return_authenticator; + + status = _netr_LogonSamLogonWithFlags(p, r2); + + return status; +} + +/* _netr_LogonSamLogonEx - no credential chaining. Map into net sam logon. */ @@ -1417,16 +1449,6 @@ WERROR _netr_GetForestTrustInformation(pipes_struct *p, / / -NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, - struct netr_LogonSamLogonWithFlags *r) -{ - p-rng_fault_state = true; - return NT_STATUS_NOT_IMPLEMENTED; -} -
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1338-gbde679e
The branch, master has been updated via bde679e6f84b16d63a8007fe48789ee7951b9f34 (commit) from 931771138a52a3385afb2d3966509a57def3ece5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bde679e6f84b16d63a8007fe48789ee7951b9f34 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 2 18:31:22 2009 +1000 show the full set of command line options for ldb tools I always found it hard to remember some of the options. We might as well use popt to give us the full list --- Summary of changes: source4/lib/ldb/tools/ldbadd.c|8 ++-- source4/lib/ldb/tools/ldbdel.c|7 +-- source4/lib/ldb/tools/ldbedit.c |8 +--- source4/lib/ldb/tools/ldbmodify.c |6 +- source4/lib/ldb/tools/ldbrename.c |6 +- 5 files changed, 6 insertions(+), 29 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/ldb/tools/ldbadd.c b/source4/lib/ldb/tools/ldbadd.c index be02334..086540d 100644 --- a/source4/lib/ldb/tools/ldbadd.c +++ b/source4/lib/ldb/tools/ldbadd.c @@ -38,13 +38,9 @@ static int failures; static void usage(void) { - printf(Usage: ldbadd options ldif...\n); - printf(Options:\n); - printf( -H ldb_url choose the database (or $LDB_URL)\n); - printf( -o options pass options like modules to activate\n); - printf( e.g: -o modules:timestamps\n); - printf(\n); + printf(Usage: ldbadd options ldif...\n); printf(Adds records to a ldb, reading ldif the specified list of files\n\n); + ldb_cmdline_help(ldbadd, stdout); exit(1); } diff --git a/source4/lib/ldb/tools/ldbdel.c b/source4/lib/ldb/tools/ldbdel.c index 232f516..ddf168d 100644 --- a/source4/lib/ldb/tools/ldbdel.c +++ b/source4/lib/ldb/tools/ldbdel.c @@ -61,13 +61,8 @@ static int ldb_delete_recursive(struct ldb_context *ldb, struct ldb_dn *dn) static void usage(void) { printf(Usage: ldbdel options DN...\n); - printf(Options:\n); - printf( -r recursively delete the given subtree\n); - printf( -H ldb_url choose the database (or $LDB_URL)\n); - printf( -o options pass options like modules to activate\n); - printf( e.g: -o modules:timestamps\n); - printf(\n); printf(Deletes records from a ldb\n\n); + ldb_cmdline_help(ldbdel, stdout); exit(1); } diff --git a/source4/lib/ldb/tools/ldbedit.c b/source4/lib/ldb/tools/ldbedit.c index 9d3bd27..9653eab 100644 --- a/source4/lib/ldb/tools/ldbedit.c +++ b/source4/lib/ldb/tools/ldbedit.c @@ -270,13 +270,7 @@ static int do_edit(struct ldb_context *ldb, struct ldb_message **msgs1, int coun static void usage(void) { printf(Usage: ldbedit options expression attributes ...\n); - printf(Options:\n); - printf( -H ldb_url choose the database (or $LDB_URL)\n); - printf( -s base|sub|one choose search scope\n); - printf( -b basednchoose baseDN\n); - printf( -a edit all records (expression 'objectclass=*')\n); - printf( -e editorchoose editor (or $VISUAL or $EDITOR)\n); - printf( -v verbose mode\n); + ldb_cmdline_help(ldbedit, stdout); exit(1); } diff --git a/source4/lib/ldb/tools/ldbmodify.c b/source4/lib/ldb/tools/ldbmodify.c index 23a96a3..d0bca04 100644 --- a/source4/lib/ldb/tools/ldbmodify.c +++ b/source4/lib/ldb/tools/ldbmodify.c @@ -39,12 +39,8 @@ static int failures; static void usage(void) { printf(Usage: ldbmodify options ldif...\n); - printf(Options:\n); - printf( -H ldb_url choose the database (or $LDB_URL)\n); - printf( -o options pass options like modules to activate\n); - printf( e.g: -o modules:timestamps\n); - printf(\n); printf(Modifies a ldb based upon ldif change records\n\n); + ldb_cmdline_help(ldbmodify, stdout); exit(1); } diff --git a/source4/lib/ldb/tools/ldbrename.c b/source4/lib/ldb/tools/ldbrename.c index 01ed3d9..fcae766 100644 --- a/source4/lib/ldb/tools/ldbrename.c +++ b/source4/lib/ldb/tools/ldbrename.c @@ -39,12 +39,8 @@ static void usage(void) { printf(Usage: ldbrename [options] olddn newdn\n); - printf(Options:\n); - printf( -H ldb_url choose the database (or $LDB_URL)\n); - printf( -o options pass options like modules to activate\n); - printf( e.g: -o modules:timestamps\n); - printf(\n); printf(Renames records in a ldb\n\n); + ldb_cmdline_help(ldbmodify, stdout); exit(1); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1232-gdadc57b
The branch, v3-4-test has been updated via dadc57b140b4379f9f2f6fafe40332061df4d5a5 (commit) from ea0f119e7b671f3566b8eecdd0013e9c57079566 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit dadc57b140b4379f9f2f6fafe40332061df4d5a5 Author: Günther Deschner g...@samba.org Date: Tue Sep 1 11:58:05 2009 +0200 wbclient: Fix Bug #6680: always activate handling of large ( 256 byte) ntlmv2 blobs in wbcAuthenticateUserEx(). Guenther --- Summary of changes: nsswitch/libwbclient/wbc_pam.c | 19 +++ 1 files changed, 15 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index 61ce2a1..422665a 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -423,15 +423,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.data.auth_crap.lm_resp_len = MIN(params-password.response.lm_length, sizeof(request.data.auth_crap.lm_resp)); - request.data.auth_crap.nt_resp_len = - MIN(params-password.response.nt_length, - sizeof(request.data.auth_crap.nt_resp)); if (params-password.response.lm_data) { memcpy(request.data.auth_crap.lm_resp, params-password.response.lm_data, request.data.auth_crap.lm_resp_len); } - if (params-password.response.nt_data) { + request.data.auth_crap.nt_resp_len = params-password.response.nt_length; + if (params-password.response.nt_length sizeof(request.data.auth_crap.nt_resp)) { + request.flags |= WBFLAG_BIG_NTLMV2_BLOB; + request.extra_len = params-password.response.nt_length; + request.extra_data.data = talloc_zero_array(NULL, char, request.extra_len); + if (request.extra_data.data == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + memcpy(request.extra_data.data, + params-password.response.nt_data, + request.data.auth_crap.nt_resp_len); + } else if (params-password.response.nt_data) { memcpy(request.data.auth_crap.nt_resp, params-password.response.nt_data, request.data.auth_crap.nt_resp_len); @@ -477,6 +486,8 @@ done: if (response.extra_data.data) free(response.extra_data.data); + talloc_free(request.extra_data.data); + return wbc_status; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5346-g7253d96
The branch, v3-3-test has been updated via 7253d96fc205717d9fed973bbcad2884ce656fd9 (commit) from 983c6f22f411aab2488fe41b5b06174c55108868 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 7253d96fc205717d9fed973bbcad2884ce656fd9 Author: Günther Deschner g...@samba.org Date: Tue Sep 1 11:58:05 2009 +0200 wbclient: Fix Bug #6680: always activate handling of large ( 256 byte) ntlmv2 blobs in wbcAuthenticateUserEx(). Guenther --- Summary of changes: source/nsswitch/libwbclient/wbc_pam.c | 19 +++ 1 files changed, 15 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c index 401d2ad..3f44681 100644 --- a/source/nsswitch/libwbclient/wbc_pam.c +++ b/source/nsswitch/libwbclient/wbc_pam.c @@ -439,15 +439,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.data.auth_crap.lm_resp_len = MIN(params-password.response.lm_length, sizeof(request.data.auth_crap.lm_resp)); - request.data.auth_crap.nt_resp_len = - MIN(params-password.response.nt_length, - sizeof(request.data.auth_crap.nt_resp)); if (params-password.response.lm_data) { memcpy(request.data.auth_crap.lm_resp, params-password.response.lm_data, request.data.auth_crap.lm_resp_len); } - if (params-password.response.nt_data) { + request.data.auth_crap.nt_resp_len = params-password.response.nt_length; + if (params-password.response.nt_length sizeof(request.data.auth_crap.nt_resp)) { + request.flags |= WBFLAG_BIG_NTLMV2_BLOB; + request.extra_len = params-password.response.nt_length; + request.extra_data.data = talloc_zero_array(NULL, char, request.extra_len); + if (request.extra_data.data == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + memcpy(request.extra_data.data, + params-password.response.nt_data, + request.data.auth_crap.nt_resp_len); + } else if (params-password.response.nt_data) { memcpy(request.data.auth_crap.nt_resp, params-password.response.nt_data, request.data.auth_crap.nt_resp_len); @@ -493,6 +502,8 @@ done: if (response.extra_data.data) free(response.extra_data.data); + talloc_free(request.extra_data.data); + return wbc_status; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1341-g9bf74d0
The branch, master has been updated via 9bf74d0ed9c7496bb133e5108ba297abb1b00747 (commit) via 2b8afd2257d8c9886f785929ca8dfcd04eb45755 (commit) via 71e9dfc0cd7d054dd52508faa4c07db9205b541a (commit) from bde679e6f84b16d63a8007fe48789ee7951b9f34 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9bf74d0ed9c7496bb133e5108ba297abb1b00747 Author: Günther Deschner g...@samba.org Date: Fri Aug 28 16:04:08 2009 +0200 s4-smbtorture: test netr_ServerSetPassword2 against Samba3. Guenther commit 2b8afd2257d8c9886f785929ca8dfcd04eb45755 Author: Günther Deschner g...@samba.org Date: Thu Aug 27 23:30:50 2009 +0200 s3-netlogon: implement _netr_ServerPasswordSet2. Guenther commit 71e9dfc0cd7d054dd52508faa4c07db9205b541a Author: Günther Deschner g...@samba.org Date: Thu Aug 27 23:30:14 2009 +0200 s3-netlogon: rework _netr_ServerPasswordSet. Guenther --- Summary of changes: source3/rpc_server/srv_netlog_nt.c | 241 ++-- source4/torture/rpc/netlogon.c |1 + 2 files changed, 174 insertions(+), 68 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 3daf45b..0b476e1 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -491,7 +491,8 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, NETLOGON_NEG_FULL_SYNC_REPL | NETLOGON_NEG_MULTIPLE_SIDS | NETLOGON_NEG_REDO | - NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | + NETLOGON_NEG_PASSWORD_SET2; /* Ensure we support strong (128-bit) keys. */ if (in_neg_flags NETLOGON_NEG_STRONG_KEYS) { @@ -655,6 +656,120 @@ static NTSTATUS netr_creds_server_step_check(pipes_struct *p, } /* + */ + +static NTSTATUS netr_find_machine_account(TALLOC_CTX *mem_ctx, + const char *account_name, + struct samu **sampassp) +{ + struct samu *sampass; + bool ret = false; + uint32_t acct_ctrl; + + sampass = samu_new(mem_ctx); + if (!sampass) { + return NT_STATUS_NO_MEMORY; + } + + become_root(); + ret = pdb_getsampwnam(sampass, account_name); + unbecome_root(); + + if (!ret) { + TALLOC_FREE(sampass); + return NT_STATUS_ACCESS_DENIED; + } + + /* Ensure the account exists and is a machine account. */ + + acct_ctrl = pdb_get_acct_ctrl(sampass); + + if (!(acct_ctrl ACB_WSTRUST || + acct_ctrl ACB_SVRTRUST || + acct_ctrl ACB_DOMTRUST)) { + TALLOC_FREE(sampass); + return NT_STATUS_NO_SUCH_USER; + } + + if (acct_ctrl ACB_DISABLED) { + TALLOC_FREE(sampass); + return NT_STATUS_ACCOUNT_DISABLED; + } + + *sampassp = sampass; + + return NT_STATUS_OK; +} + +/* + */ + +static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx, + struct samu *sampass, + DATA_BLOB *plaintext_blob, + struct samr_Password *nt_hash, + struct samr_Password *lm_hash) +{ + NTSTATUS status; + const uchar *old_pw; + const char *plaintext = NULL; + size_t plaintext_len; + struct samr_Password nt_hash_local; + + if (!sampass) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (plaintext_blob) { + if (!convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, + plaintext_blob-data, plaintext_blob-length, + plaintext, plaintext_len, false)) + { + plaintext = NULL; + mdfour(nt_hash_local.hash, plaintext_blob-data, plaintext_blob-length); + nt_hash = nt_hash_local; + } + } + + if (plaintext) { + if (!pdb_set_plaintext_passwd(sampass, plaintext)) { + return NT_STATUS_ACCESS_DENIED; + } + + goto done; + } + + if (nt_hash) { + old_pw =
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1233-g8cb1033
The branch, v3-4-test has been updated via 8cb103372be4eb3232e5e13b67f63562e5506c7e (commit) from dadc57b140b4379f9f2f6fafe40332061df4d5a5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 8cb103372be4eb3232e5e13b67f63562e5506c7e Author: Simo Sorce i...@samba.org Date: Sat Aug 29 19:31:02 2009 -0400 s3-smbpasswd: Fix Bug #6584: allow DOM\user when changing passwords remotely. Signed-off-by: Günther Deschner g...@samba.org --- Summary of changes: source3/libsmb/passchange.c | 19 --- 1 files changed, 16 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index 7f0389f..f3cb9d6 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -31,10 +31,24 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam struct cli_state *cli; struct rpc_pipe_client *pipe_hnd; struct sockaddr_storage ss; + char *user, *domain, *p; NTSTATUS result; bool pass_must_change = False; + user = talloc_strdup(talloc_tos(), user_name); + SMB_ASSERT(user != NULL); + domain = talloc_strdup(talloc_tos(), ); + SMB_ASSERT(domain != NULL); + + /* allow usernames of the form domain\\user or domain/user */ + if ((p = strchr_m(user,'\\')) || (p = strchr_m(user,'/')) || + (p = strchr_m(user,*lp_winbind_separator( { + *p = 0; + domain = user; + user = p+1; + } + *err_str = NULL; if(!resolve_name( remote_machine, ss, 0x20)) { @@ -139,7 +153,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam return result; } } else { - result = cli_init_creds(cli, user_name, , old_passwd); + result = cli_init_creds(cli, user, domain, old_passwd); if (!NT_STATUS_IS_OK(result)) { cli_shutdown(cli); return result; @@ -163,8 +177,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam result = cli_rpc_pipe_open_ntlmssp(cli, ndr_table_samr.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, - , /* what domain... ? */ - user_name, + domain, user, old_passwd, pipe_hnd); } else { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1234-ge1a5099
The branch, v3-4-test has been updated via e1a50994800ce311925214254c0a471a9f32c1f7 (commit) from 8cb103372be4eb3232e5e13b67f63562e5506c7e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit e1a50994800ce311925214254c0a471a9f32c1f7 Author: Volker Lendecke v...@samba.org Date: Sun Aug 30 11:39:41 2009 +0200 s3:libwbclient: Fix bug 6349, initialize domain info struct --- Summary of changes: nsswitch/libwbclient/wbc_util.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c index 5c5034e..c39023f 100644 --- a/nsswitch/libwbclient/wbc_util.c +++ b/nsswitch/libwbclient/wbc_util.c @@ -262,6 +262,8 @@ static wbcErr process_domain_info_string(TALLOC_CTX *ctx, BAIL_ON_WBC_ERROR(wbc_status); } + ZERO_STRUCTP(info); + r = info_string; /* Short Name */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5347-g39a7cc3
The branch, v3-3-test has been updated via 39a7cc3c1fd6a3fbb56c8030b6e12962d9fb7181 (commit) from 7253d96fc205717d9fed973bbcad2884ce656fd9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 39a7cc3c1fd6a3fbb56c8030b6e12962d9fb7181 Author: Volker Lendecke v...@samba.org Date: Sun Aug 30 11:39:41 2009 +0200 s3:libwbclient: Fix bug 6349, initialize domain info struct --- Summary of changes: source/nsswitch/libwbclient/wbc_util.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/nsswitch/libwbclient/wbc_util.c b/source/nsswitch/libwbclient/wbc_util.c index b486874..77613e0 100644 --- a/source/nsswitch/libwbclient/wbc_util.c +++ b/source/nsswitch/libwbclient/wbc_util.c @@ -285,6 +285,8 @@ static wbcErr process_domain_info_string(TALLOC_CTX *ctx, BAIL_ON_WBC_ERROR(wbc_status); } + ZERO_STRUCTP(info); + r = info_string; /* Short Name */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1235-g050ded0
The branch, v3-4-test has been updated via 050ded0624a49f2ffb53dcd88a93fd1d8c17595e (commit) from e1a50994800ce311925214254c0a471a9f32c1f7 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 050ded0624a49f2ffb53dcd88a93fd1d8c17595e Author: Volker Lendecke v...@samba.org Date: Thu Apr 23 14:23:23 2009 +0200 Fix an uninitialized variable Fix bug #6684. (cherry picked from commit b8cd1cff2dfad726cf6dab368dfcc31a29952889) --- Summary of changes: source3/libnet/libnet_dssync.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 746b096..ce6ad58 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -667,6 +667,8 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, dn_count = 1; } + status = NT_STATUS_OK; + for (count=0; count dn_count; count++) { status = libnet_dssync_build_request(mem_ctx, ctx, dns[count], -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1236-g272e389
The branch, v3-4-test has been updated via 272e389ff63d929fc6b06305e00fa042d71dbec0 (commit) from 050ded0624a49f2ffb53dcd88a93fd1d8c17595e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 272e389ff63d929fc6b06305e00fa042d71dbec0 Author: Günther Deschner g...@samba.org Date: Wed Jun 24 00:33:44 2009 +0200 s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user. Note that this only is tried with editposix=yes. Guenther --- Summary of changes: source3/passdb/pdb_ldap.c | 46 + 1 files changed, 46 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index cf4889b..71d4030 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -5187,6 +5187,18 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods, return NT_STATUS_OK; } +static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods, +TALLOC_CTX *tmp_ctx, +uint32 group_rid, +uint32 member_rid); + +static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + struct samu *user, + DOM_SID **pp_sids, + gid_t **pp_gids, + size_t *p_num_groups); + static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, struct samu *sam_acct) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods-private_data; @@ -5241,6 +5253,40 @@ static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX * return NT_STATUS_NO_MEMORY; } + /* try to remove memberships first */ + { + NTSTATUS status; + struct dom_sid *sids = NULL; + gid_t *gids = NULL; + size_t num_groups = 0; + int i; + uint32_t user_rid = pdb_get_user_rid(sam_acct); + + status = ldapsam_enum_group_memberships(my_methods, + tmp_ctx, + sam_acct, + sids, + gids, + num_groups); + if (!NT_STATUS_IS_OK(status)) { + goto delete_dn; + } + + for (i=0; i num_groups; i++) { + + uint32_t group_rid; + + sid_peek_rid(sids[i], group_rid); + + ldapsam_del_groupmem(my_methods, +tmp_ctx, +group_rid, +user_rid); + } + } + + delete_dn: + rc = smbldap_delete(ldap_state-smbldap_state, dn); if (rc != LDAP_SUCCESS) { return NT_STATUS_UNSUCCESSFUL; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1342-gf092d68
The branch, master has been updated via f092d689c577293d011912be5ded5ebf8aa49fc9 (commit) from 9bf74d0ed9c7496bb133e5108ba297abb1b00747 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f092d689c577293d011912be5ded5ebf8aa49fc9 Author: Günther Deschner g...@samba.org Date: Wed Jun 24 00:33:44 2009 +0200 s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user. Note that this only is tried with editposix=yes. Guenther --- Summary of changes: source3/passdb/pdb_ldap.c | 46 + 1 files changed, 46 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index fc736c2..2c8d051 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1986,6 +1986,18 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, struc - The rename user script has full responsibility for changing everything ***/ +static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods, +TALLOC_CTX *tmp_ctx, +uint32 group_rid, +uint32 member_rid); + +static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + struct samu *user, + DOM_SID **pp_sids, + gid_t **pp_gids, + size_t *p_num_groups); + static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods, struct samu *old_acct, const char *newname) @@ -5255,6 +5267,40 @@ static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX * return NT_STATUS_NO_MEMORY; } + /* try to remove memberships first */ + { + NTSTATUS status; + struct dom_sid *sids = NULL; + gid_t *gids = NULL; + size_t num_groups = 0; + int i; + uint32_t user_rid = pdb_get_user_rid(sam_acct); + + status = ldapsam_enum_group_memberships(my_methods, + tmp_ctx, + sam_acct, + sids, + gids, + num_groups); + if (!NT_STATUS_IS_OK(status)) { + goto delete_dn; + } + + for (i=0; i num_groups; i++) { + + uint32_t group_rid; + + sid_peek_rid(sids[i], group_rid); + + ldapsam_del_groupmem(my_methods, +tmp_ctx, +group_rid, +user_rid); + } + } + + delete_dn: + rc = smbldap_delete(ldap_state-smbldap_state, dn); if (rc != LDAP_SUCCESS) { return NT_STATUS_UNSUCCESSFUL; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1343-g6657598
The branch, master has been updated via 6657598168724d4fe076f9014c2b5c16a034fe52 (commit) from f092d689c577293d011912be5ded5ebf8aa49fc9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6657598168724d4fe076f9014c2b5c16a034fe52 Author: Matt Kraai mkr...@beckman.com Date: Wed Aug 26 14:50:28 2009 -0700 Do not redefine strupr Signed-off-by: Günther Deschner g...@samba.org --- Summary of changes: source3/configure.in |1 + source3/libaddns/dnsgss.c |2 ++ 2 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 34e923d..3255751 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1016,6 +1016,7 @@ AC_CHECK_HEADERS(sys/mman.h) AC_CHECK_FUNCS(shmget shm_open) AC_CHECK_FUNCS(gettext dgettext) AC_CHECK_FUNCS(bindtextdomain textdomain) +AC_CHECK_FUNCS(strupr) # Find a method of generating a stack trace AC_CHECK_HEADERS(execinfo.h libexc.h libunwind.h) diff --git a/source3/libaddns/dnsgss.c b/source3/libaddns/dnsgss.c index e7ea041..1e3d464 100644 --- a/source3/libaddns/dnsgss.c +++ b/source3/libaddns/dnsgss.c @@ -31,6 +31,7 @@ /* */ +#ifndef HAVE_STRUPR static int strupr( char *szDomainName ) { if ( !szDomainName ) { @@ -42,6 +43,7 @@ static int strupr( char *szDomainName ) } return ( 0 ); } +#endif #if 0 /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1344-ga0b1968
The branch, master has been updated via a0b1968167c36c345711a98c65c3974590b1ce6a (commit) from 6657598168724d4fe076f9014c2b5c16a034fe52 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a0b1968167c36c345711a98c65c3974590b1ce6a Author: Günther Deschner g...@samba.org Date: Wed Sep 2 15:29:44 2009 +0200 s3-netlogon: use WERRORs in NETLOGON_INFO structures. Guenther --- Summary of changes: librpc/gen_ndr/ndr_netlogon.c | 18 librpc/gen_ndr/netlogon.h |6 +- librpc/idl/netlogon.idl|6 +- source3/rpc_server/srv_netlog_nt.c | 80 +--- 4 files changed, 35 insertions(+), 75 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c index 46247b4..7337d26 100644 --- a/librpc/gen_ndr/ndr_netlogon.c +++ b/librpc/gen_ndr/ndr_netlogon.c @@ -5627,7 +5627,7 @@ static enum ndr_err_code ndr_push_netr_NETLOGON_INFO_1(struct ndr_push *ndr, int if (ndr_flags NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); NDR_CHECK(ndr_push_netr_InfoFlags(ndr, NDR_SCALARS, r-flags)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r-pdc_connection_status)); + NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r-pdc_connection_status)); } if (ndr_flags NDR_BUFFERS) { } @@ -5639,7 +5639,7 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_1(struct ndr_pull *ndr, int if (ndr_flags NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_netr_InfoFlags(ndr, NDR_SCALARS, r-flags)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r-pdc_connection_status)); + NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, r-pdc_connection_status)); } if (ndr_flags NDR_BUFFERS) { } @@ -5651,7 +5651,7 @@ _PUBLIC_ void ndr_print_netr_NETLOGON_INFO_1(struct ndr_print *ndr, const char * ndr_print_struct(ndr, name, netr_NETLOGON_INFO_1); ndr-depth++; ndr_print_netr_InfoFlags(ndr, flags, r-flags); - ndr_print_uint32(ndr, pdc_connection_status, r-pdc_connection_status); + ndr_print_WERROR(ndr, pdc_connection_status, r-pdc_connection_status); ndr-depth--; } @@ -5660,9 +5660,9 @@ static enum ndr_err_code ndr_push_netr_NETLOGON_INFO_2(struct ndr_push *ndr, int if (ndr_flags NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); NDR_CHECK(ndr_push_netr_InfoFlags(ndr, NDR_SCALARS, r-flags)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r-pdc_connection_status)); + NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r-pdc_connection_status)); NDR_CHECK(ndr_push_unique_ptr(ndr, r-trusted_dc_name)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r-tc_connection_status)); + NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r-tc_connection_status)); } if (ndr_flags NDR_BUFFERS) { if (r-trusted_dc_name) { @@ -5682,14 +5682,14 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_2(struct ndr_pull *ndr, int if (ndr_flags NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_netr_InfoFlags(ndr, NDR_SCALARS, r-flags)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r-pdc_connection_status)); + NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, r-pdc_connection_status)); NDR_CHECK(ndr_pull_generic_ptr(ndr, _ptr_trusted_dc_name)); if (_ptr_trusted_dc_name) { NDR_PULL_ALLOC(ndr, r-trusted_dc_name); } else { r-trusted_dc_name = NULL; } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r-tc_connection_status)); + NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, r-tc_connection_status)); } if (ndr_flags NDR_BUFFERS) { if (r-trusted_dc_name) { @@ -5713,14 +5713,14 @@ _PUBLIC_ void ndr_print_netr_NETLOGON_INFO_2(struct ndr_print *ndr, const char * ndr_print_struct(ndr, name, netr_NETLOGON_INFO_2); ndr-depth++; ndr_print_netr_InfoFlags(ndr, flags, r-flags); - ndr_print_uint32(ndr, pdc_connection_status, r-pdc_connection_status); + ndr_print_WERROR(ndr, pdc_connection_status, r-pdc_connection_status); ndr_print_ptr(ndr, trusted_dc_name, r-trusted_dc_name); ndr-depth++; if (r-trusted_dc_name) { ndr_print_string(ndr, trusted_dc_name, r-trusted_dc_name); } ndr-depth--; - ndr_print_uint32(ndr, tc_connection_status, r-tc_connection_status); +
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1345-g5268783
The branch, master has been updated via 5268783e5cb5d77b3fa016d1da6ddf197d7bd8a8 (commit) from a0b1968167c36c345711a98c65c3974590b1ce6a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5268783e5cb5d77b3fa016d1da6ddf197d7bd8a8 Author: Günther Deschner g...@samba.org Date: Wed Sep 2 21:09:13 2009 +0200 s3-net: allow to exit net rpc sh with q as well. Guenther --- Summary of changes: source3/utils/net_rpc_shell.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c index e78af14..5e0f150 100644 --- a/source3/utils/net_rpc_shell.c +++ b/source3/utils/net_rpc_shell.c @@ -119,7 +119,9 @@ static bool net_sh_process(struct net_context *c, } } - if (strequal(argv[0], exit) || strequal(argv[0], quit)) { + if (strequal(argv[0], exit) || + strequal(argv[0], quit) || + strequal(argv[0], q)) { return false; } -- Samba Shared Repository