Re: [Samba] samab unable to contact ldap or something else
vishesh kumar wrote: [global] ldap suffix = dc=abp=,dc=del There is an extra = sign in there. I'd say this should be ldap suffix = dc=abp,dc=del Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Share level vs other ways
I read an email in here where Volker replied to a person saying that share level was really weird these days, etc. Here's the full context: I have a server that contains share level users , but would like to be in AD domain for any new users. Not on the same IP. You are sure that you mean share level? This is really, really weird these days. If you want no-password access for certain shares, for a certain group of hosts or so, there are other ways to achieve that. Volker *** Okay, so fair enough. Now, I've got a pretty simple setup, a linux based printserver using cups to handle about 540 printers. It's all share level. I'm using samba 3.2.x and getting ready to upgrade into the 3.4 mix. Since there are better ways, I'm very interested in this... here are the boundaries I need to work within. This system is replacing a windows 2003 printserver which keeps choking on the various mix of drivers. Linux doesn't have this issue, so cool So, one advantage to using linux outside the AD auth system is that I can keep the printers available for anyone. In our environment, that's actually kind of important as we have clinics who print stuff to us who are not on our network. Used to be rather painful before. So, I need to keep my anonymous auth in place. Here's my current smb.conf This does work, I'm pretty happy with it's peformance overall, and just need to know - is moving to 3.4 going to make stuff worse? What should I be reading about for all the other ways to accomplish the same things? thanks, Jack # Samba config file created using SWAT # from UNKNOWN () # Date: 2009/09/09 13:52:14 [global] workgroup = KRH server string = printserver security = SHARE obey pam restrictions = Yes passdb backend = tdbsam guest account = samba pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 local master = No domain master = No dns proxy = No wins server = 10.6.1.69 ldap ssl = no panic action = /usr/share/samba/panic-action %d acl check permissions = No acl map full control = No hosts deny = 10.17.1.0/24, 10.6.0.20 [printers] comment = Cupsys based printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/KRH_drivers valid users = @wheel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NTConfig.POL ignored
Why would NTConfig.POL be ignored? I've got an Ubuntu server running a Samba (3.3.2) PDC. I've created NTConfig.POL as per www.pcc-services.com (on a Windows XP Pro machine, for a Windows XP Pro machine), and stuck it in the netlogon share, but it doesn't go. The XP machine can get at the netlogon share and is part of the domain. It can access other shares as well. I get nothing in the logs on the Samba machine that makes me think that the XP machine is trying to grab NTConfig.POL, but haven't yet raised the logging levels or sniffed the network. The permissions on the netlogon share and NTConfig.POL are readable to all. The XP machine is pretty virginal. I've disabled the anti-virus software. Looking at the registry, the UpdateMode in HKLMSYSTEMCurrentControlSetControlUpdate is set to automatic (2). Here's the NETLOGON stuff from smb.conf: --- [netlogon] comment = Network Logon Service path = /home/samba/netlogon browseable = no guest ok = yes read only = yes write list = admin share modes = no # This makes my spider-senses tingle. --- I'm not yet very strong with Windows networking, so my guess is it's an obvious problem on the Windows side. In any case, I've just about scratched a hole in my head. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap
On Fri 23/10/09 4:31 PM , Adam Williams wrote: Paras pradhan wrote: On Fri, Oct 23, 2009 at 2:07 PM, wrote: Most mainstream Linux distros are compiling in LDAP support these days, noproblem. Debian, Ubuntu, Fedora and SuSE are all compiling in LDAP in theirstandard packages, AFAIK. I'm not sure what BSDs are doing these days, butI'd bet they're the same way. I am under solaris 9 (ancient) platform. Now my compilation seems to be OK, now need to find ways to connect this to the sun ldap server. Any info on this will be a great help Thanks Paras. in CentOS/Fedora you use nss_ldap, i'm not sure what solaris uses, maybe you can compile nss_ldap from source and setup /etc/ldap.conf and /etc/nsswitch.conf See this link for excellent info: http://aput.net/~jheiss/krbldap/howto.html#ldapclient [2] - Message sent via Atmail Open - http://atmail.org/ Links: -- [2] http://aput.net/~jheiss/krbldap/howto.html#ldapclient -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] TDB files and moving them
On 21/10/2009 3:11 AM, MikeSch wrote: Is it possible to place my tdb files on another partition different from the one that samba is installed on? Can I do that from the .conf file? If so how? As you know the locking.tdb file can get rather large and I'd like to place that on a partition that has some more space then where my / is mounted. Thanks for your help! Can't you just move it and then create a symbolic link? Or is there some technical reason not to do that? TB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] New issue with a New Vista Client - couldn't find service
OK, Since we last spoke I built a new server, installed FBSD 7.2 and installed the samba package 3.3.3 and the results were the same. The new server is still being flooded with: Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Oct 24 11:00:14 oldjunk smbd[84681]: [2009/10/24 11:00:14, 0] smbd/service.c:make_connection(1292) Oct 24 11:00:14 oldjunk smbd[84681]: dadsdesktop (10.0.2.123) couldn't find service roo Literally 500K log files in a few seconds. Its modern hardware with a intel Atom processor and so forth and its spending 24% processor time filling out logs. John suggest 3.3.8 and I realized I was at 3.3.3 so I upgraded samba to 3.3.8 and got the same result! So I have had version 3.0.something (older FBSD implementation) through 3.3.8 running (7.2 FBSD implementation) and all of them are being flooded by vista. Ya ya I know...blame Gates, but there must be a fix here some place? thanks for your help in advance. Brian -Original Message- From: John H Terpstra - Samba Team [mailto:j...@samba.org] Sent: Saturday, October 17, 2009 9:10 AM To: Brian Subject: Re: [Samba] New issue with a New Vista Client - couldn't find service On 10/17/2009 08:59 AM, Brian wrote: Sorry if this a duplicate, previous post was with a disfunctional email address. Running a samba server version 3.0.7 on a FreeBSD box Please update your version of Samba to at 3.3.8 or later (preferably 3.4.2 or later). Samba-3.4.2 is a whole different animal from 3.0.7 - life has moved on. Vista is also a whole different animal than XP and requires the later Samba releases for smooth interoperability. cheers, John T. Life has been fine with XP and so forth I added a new vista workstation to my small network Vista found my shares and I am able to access them with no jerking around with authentication types or such as I use appropriate pw and user name to log into the vista box. Problem is vista is spamming my server, taking up 50% cpu time and creating a 500K log file every 2 min it is filling the log file with [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo [2009/10/17 08:11:28, 0] smbd/service.c:make_connection(800) dads-pc (10.0.2.124) couldn't find service roo the service name is truncated also by on letter thanks in advance for your help Brian -- John H Terpstra If at first you don't succeed, don't go sky-diving! -- To unsubscribe from this list go to the following URL and read the
Build status as of Sat Oct 24 06:00:04 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-10-23 00:00:05.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-10-24 00:00:26.0 -0600 @@ -1,22 +1,22 @@ -Build status as of Fri Oct 23 06:00:04 2009 +Build status as of Sat Oct 24 06:00:04 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 3 1 0 +ccache 2 1 0 distcc 0 0 0 -ldb 26 26 0 +ldb 24 24 0 libreplace 1 1 0 lorikeet 0 0 0 pidl 1 1 0 -ppp 0 0 0 +ppp 7 0 0 rsync26 9 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 20 19 0 -samba_3_master 23 22 0 -samba_3_next 23 22 0 +samba_3_current 21 20 0 +samba_3_master 24 23 0 +samba_3_next 24 24 0 samba_4_0_test 24 24 0 talloc 1 1 0 -tdb 24 24 0 +tdb 22 22 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a07eb08... s4:dcesrv_samr: always use mem_ctx as initial parent for samr_*_state via 4ab83fb... s4:loadparm: don't leak the names of all shares in each lp_service() call via 69e96f0... s4:dsdb/partition_init: don't leak a talloc_new() in case we have no data yet via dc8e681... libcli/auth: initialize creds in netlogon_creds_client_init_session_key() via fab9aff... s4:gensec/schannel: remove unused talloc_reference() in schannel_update() via f2da9c8... libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb() via 5ae1d70... libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb() from 3054fe4... Fix bug 6802 - A created folder does not properly inherit permissions from parent. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a07eb08870823fa443911d3b857724bde1e3021b Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 23 17:30:47 2009 +0200 s4:dcesrv_samr: always use mem_ctx as initial parent for samr_*_state We always steal the state to the policy handle on success, but untill then keep it on the short term context. metze commit 4ab83fb1b7d2929c6ae454f3f073d4baf3510ca3 Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 23 15:12:01 2009 +0200 s4:loadparm: don't leak the names of all shares in each lp_service() call metze commit 69e96f08f1def1c28abe928ccbb0717566e49c8c Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 23 15:11:08 2009 +0200 s4:dsdb/partition_init: don't leak a talloc_new() in case we have no data yet metze commit dc8e681755242b21bfb0e2d0cade633542ba7c81 Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 23 17:26:58 2009 +0200 libcli/auth: initialize creds in netlogon_creds_client_init_session_key() metze commit fab9aff6a20b7dcb5a570fd2a103b5e5da6fea93 Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 23 17:25:19 2009 +0200 s4:gensec/schannel: remove unused talloc_reference() in schannel_update() We never expose creds to the caller in schannel_update(). metze commit f2da9c8c1a2f7a4b805f43fd643f877c9274799a Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 23 17:23:56 2009 +0200 libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb() metze commit 5ae1d700ebf4b6bb63128f50c01ce4365b4e8d94 Author: Stefan Metzmacher me...@samba.org Date: Fri Oct 23 15:10:20 2009 +0200 libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb() metze --- Summary of changes: libcli/auth/credentials.c |5 +- libcli/auth/schannel_state_ldb.c| 63 ++- source4/auth/gensec/schannel.c |2 +- source4/dsdb/samdb/ldb_modules/partition_init.c |7 ++- source4/param/loadparm.c|5 ++- source4/rpc_server/samr/dcesrv_samr.c | 14 +++--- 6 files changed, 58 insertions(+), 38 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 87d1866..667a2fa 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -248,8 +248,9 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx, const uint8_t session_key[16]) { - struct netlogon_creds_CredentialState *creds = talloc(mem_ctx, struct netlogon_creds_CredentialState); - + struct netlogon_creds_CredentialState *creds; + + creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState); if (!creds) { return NULL; } diff --git a/libcli/auth/schannel_state_ldb.c b/libcli/auth/schannel_state_ldb.c index 62873a4..ba3d96f 100644 --- a/libcli/auth/schannel_state_ldb.c +++ b/libcli/auth/schannel_state_ldb.c @@ -95,7 +95,7 @@ NTSTATUS schannel_store_session_key_ldb(struct ldb_context *ldb, return NT_STATUS_NO_MEMORY; } - msg = ldb_msg_new(ldb); + msg = ldb_msg_new(mem_ctx); if (msg == NULL) { return NT_STATUS_NO_MEMORY; } @@ -270,10 +270,21 @@ NTSTATUS schannel_creds_server_step_check_ldb(struct ldb_context *ldb, struct netr_Authenticator *return_authenticator, struct netlogon_creds_CredentialState **creds_out) { - struct netlogon_creds_CredentialState *creds; + struct netlogon_creds_CredentialState *creds = NULL; NTSTATUS nt_status; int ret; +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b55a5ad... s4-ldb: ensure DNs pass validity tests in indexing via 2eca02a... s4-ldb: fixed string length handling on index records via c34e45a... s4-dsdb: ensure that new partitions inherit any transaction via d4c0e8f... tdb: detect tdb store of identical records and skip via dffb572... s4-ldb: don't allow modifies outside a transaction. via 5002cdd... s4-ldb: fixed re-index during a complex transaction via e7d9f5e... s4-python: fixed annoyance where control-C doesn't kill our python scripts from a07eb08... s4:dcesrv_samr: always use mem_ctx as initial parent for samr_*_state http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b55a5adab99f535bb392662d54afbabed116a3b6 Author: Andrew Tridgell tri...@samba.org Date: Sun Oct 25 13:13:41 2009 +1100 s4-ldb: ensure DNs pass validity tests in indexing commit 2eca02a4080b68fbb2dacb659b1733224cfa462e Author: Andrew Tridgell tri...@samba.org Date: Sun Oct 25 13:12:32 2009 +1100 s4-ldb: fixed string length handling on index records commit c34e45a8e2880eb06be6425fa6be15246db03197 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 23 22:46:09 2009 +1100 s4-dsdb: ensure that new partitions inherit any transaction commit d4c0e8fdf063f88032c32de7ece60d502b322089 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 23 22:45:03 2009 +1100 tdb: detect tdb store of identical records and skip This can help with ldb where we rewrite the index records commit dffb572ce0b350bf42549c882275b627d9b36e59 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 23 22:43:24 2009 +1100 s4-ldb: don't allow modifies outside a transaction. commit 5002cddcb0d9e539ded949bcc805c035e038362d Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 23 22:42:26 2009 +1100 s4-ldb: fixed re-index during a complex transaction We may have modified index objects in the in-memory index tdb commit e7d9f5eea52403f576b636a35fb9889ed82cbf0b Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 23 17:12:48 2009 +1100 s4-python: fixed annoyance where control-C doesn't kill our python scripts We want our scripts to die immediately when a user hits control-C. Otherwise we not only annoy the hell out of the user, we also risk db corruption as the control-C could get delivered as an exception which gets mis-interpreted (eg. as a missing db object). We use transactions for all our databases, so the right thing to do in all our command line tools is to die immediately. --- Summary of changes: lib/tdb/common/tdb.c| 20 ++ source4/dsdb/samdb/ldb_modules/partition.c | 15 +++ source4/dsdb/samdb/ldb_modules/partition.h |1 + source4/dsdb/samdb/ldb_modules/partition_init.c | 21 +- source4/lib/ldb/ldb_tdb/ldb_index.c | 47 +- source4/lib/ldb/ldb_tdb/ldb_tdb.c |8 source4/scripting/python/pyglue.c | 10 + 7 files changed, 100 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tdb/common/tdb.c b/lib/tdb/common/tdb.c index 0389d3c..564c5fe 100644 --- a/lib/tdb/common/tdb.c +++ b/lib/tdb/common/tdb.c @@ -121,6 +121,7 @@ tdb_off_t tdb_find_lock_hash(struct tdb_context *tdb, TDB_DATA key, uint32_t has return rec_ptr; } +static TDB_DATA _tdb_fetch(struct tdb_context *tdb, TDB_DATA key); /* update an entry in place - this only works if the new data size is = the old data size and the key exists. @@ -135,6 +136,25 @@ static int tdb_update_hash(struct tdb_context *tdb, TDB_DATA key, uint32_t hash, if (!(rec_ptr = tdb_find(tdb, key, hash, rec))) return -1; + /* it could be an exact duplicate of what is there - this is +* surprisingly common (eg. with a ldb re-index). */ + if (rec.key_len == key.dsize + rec.data_len == dbuf.dsize + rec.full_hash == hash) { + TDB_DATA data = _tdb_fetch(tdb, key); + if (data.dsize == dbuf.dsize + memcmp(data.dptr, dbuf.dptr, data.dsize) == 0) { + if (data.dptr) { + free(data.dptr); + } + return 0; + } + if (data.dptr) { + free(data.dptr); + } + } + + /* must be long enough key, data and tailer */ if (rec.rec_len key.dsize + dbuf.dsize + sizeof(tdb_off_t)) { tdb-ecode = TDB_SUCCESS; /* Not really an error */ diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index