[Samba] Password Change from Windows machines (You do not have permission to change your password)
Hello, I just wasted several hours trying to figure out why I could not change Samba passwords from Windows XP computers. I'm posting here so that there is some form of documentation about this on the web. My setup is basically this: - Samba 3.3.2 (running under Ubuntu 9.04) - OpenLDAP user database - Full O.S. support for OpenLDAP auth, using nsswitch and PAM. (My client LDAP config was installed using *auth-client-config *as per https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html, plus some tweaking in /etc/smbldap-tools/. ) I can ssh into the box as a system user that exists only in LDAP (and not in /etc/passwd). I can also change my LDAP password at the bash prompt by typing passwd (via PAM), or smbldap-passwd, or smbpasswd. That all works as per the documentation. The problem: I could not change my password from Windows boxen. They kept giving me You do not have permission to change your password. I found the solution by cranking up the log level to 10. I eventually found this golden snippet in all the noise: [2009/11/30 23:23:37, 4] auth/pampass.c:smb_pam_chauthtok(670) smb_pam_chauthtok: PAM: Password Change for User: dereks [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(284) smb_pam_passchange_conv: starting converstation for 1 messages [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(312) smb_pam_passchange_conv: Processing message 0 [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(346) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: PAM said: New password: [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |*enter new * password:*| to |New password:| [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |*retype new * password:*| to |New password:| [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |*password updated successfully*| to |New password:| [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match || to |New password:| [2009/11/30 23:23:37, 3] auth/pampass.c:smb_pam_passchange_conv(370) smb_pam_passchange_conv: Could not find reply for PAM prompt: New password: [2009/11/30 23:23:37, 0] auth/pampass.c:smb_pam_chauthtok(699) PAM: User not known to PAM [2009/11/30 23:23:37, 2] auth/pampass.c:smb_pam_error_handler(77) smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module [2009/11/30 23:23:37, 0] auth/pampass.c:smb_pam_passchange(861) smb_pam_passchange: PAM: Password Change Failed for user dereks! [2009/11/30 23:23:37, 4] auth/pampass.c:smb_pam_end(450) smb_pam_end: PAM: PAM_END OK. [2009/11/30 23:23:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/11/30 23:23:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (4202, 513) - sec_ctx_stack_ndx = 1 [2009/11/30 23:23:37, 5] rpc_server/srv_samr_nt.c:_samr_ChangePasswordUser2(1907) _samr_ChangePasswordUser2: 1907 samr_ChangePasswordUser2: struct samr_ChangePasswordUser2 out: struct samr_ChangePasswordUser2 result : NT_STATUS_ACCESS_DENIED Here you can see that the password chat was attempting to communicate with PAM in a fashion similar to 'expect'. My passwd chat setting in /etc/samba/smb.conf was not correct, so the password change failed. The resulting error code NT_STATUS_ACCESS_DENIED caused Windows to print that useless You do not have permission to change your password dialog box, and sent me on a wild goose chase. The comments in the smb.conf that come with Ubuntu say this: # For Unix password sync to work on a Debian GNU/Linux system, the following # parameters must be set (thanks to Ian Kahan ka...@informatik.tu-muenchen.de for # sending the correct chat script for the passwd program in Debian Sarge). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . # This boolean controls whether PAM will be used for password changes # when requested by an SMB client instead of the program listed in # 'passwd program'. The default is 'no'. pam password change = yes My reading of these comments is that either passwd program with matching passwd chat will be used, or else pam password change = yes will be used. In my troubleshooting, I commented out either the first one (to use PAM), or else the latter one (to use /usr/bin/passwd with the chat setting). That interpretation was also consistent with all the Samba docs and forum postings I found online. But, as shown in the logs above, the correct answer was pam password
Re: [Samba] domain printer issues
On Mon, 2009-11-30 at 09:14 +1100, Brian May wrote: Daniel Sheridan wrote: FWIW, I have the same problem here with Samba 3.4.2 and Windows XP clients. In fact, one printer driver works via point'n'print, but the others do not, so for now I've set all printers to use that one driver (the PPDs are similar enough that it's not a problem). Ok, so maybe it was the upgrade from 3.2.5 to 3.4.2 (required for Windows 7) that broke things. The first few days seemed fine, so I thought it was OK, but maybe that is because nobody reported problems... I'm currently blaming 3.4.x. Downgrading to 3.3.2 (the most recent 3.3 easily available as an Ubuntu package) makes the driver installation work perfectly. Upgrading to 3.4.x breaks it again. Clean /var/lib/samba and /var/cache/samba each time. Dan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Mapping 'emails' to realms
Hello all. Still no luck with UPN logon. I think there's something missing in my krb5.conf, but can't find WHAT. Our UPNs are in the form of email addresses (name.surna...@unibo.it for people in PERSONALE and name.surna...@studio.unibo.it for people in STUDENTI domain). I never could make logon-by-upn work, but SOMETIMES wbinfo -n UPN resolves to the right SID (stopped working after an upgrade). I usually only keep winbindd running, no smbd/nmbd (the PCs are in a lab and only need samba to authenticate users on AD keeping consistent UID/GID, and grant access to shared resources via Kerberos). Is there something obvious I'm missing? TIA. -- Diego Zuccato Servizi Informatici Dip. di Astronomia - Università di Bologna Via Ranzani, 1 - 40126 Bologna - Italy tel.: +39 051 20 95786 mail: diego.zucc...@unibo.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Authenticate Samba with an LDAP w/o the schema
Hi, Kevin Keane wrote: There are a few ways you could do it, but none of them are good. I asked it because I do it with other tools like Plone. And they just need to use use the LDAP bind service. Basically, the principle has to be that because you can't touch the LDAP server, you have to use user name/passwords for authentication. The situation is fundamentally the same as if you had your users listed in /etc/passwd, so all the same techniques should still work (albeit with modifications). Here are the options. Sorry I can't provide details, only outlines to get you started. - Turn off CHAP and use plain text passwords. VERY bad idea, but it should work. You will probably have to configure PAM to authenticate against the LDAP server - I'm not quite sure exactly how to do that. - Use smbpasswd to store the Samba passwords, and use Samba's various mechanisms to keep the passwords in sync between LDAP and smbpasswd. - What kind of LDAP server is it? It may offer some other mechanism that you can use. For instance, Active Directory would work easily by having your Samba server join the AD domain. It is the LDAP of a Zimbra groupware. I'd like to simply verify that the user is real (bind to the LDAP) and then I can use a fake linux user for the UID and the permissions. Thank you, Fabrizio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Authenticate Samba with an LDAP w/o the schema
-Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Fabrizio Reale Sent: Tuesday, December 01, 2009 5:37 AM To: samba@lists.samba.org Subject: Re: [Samba] Authenticate Samba with an LDAP w/o the schema Hi, Kevin Keane wrote: There are a few ways you could do it, but none of them are good. I asked it because I do it with other tools like Plone. And they just need to use use the LDAP bind service. The reason Samba can't use the LDAP bind approach is that Samba doesn't have access to the plain-text passwords because by default Windows no longer sends it over the network. That is, unless you follow my first suggestion and turn off CHAP. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] domain printer issues
Daniel, The printing changes in 3.4.x seem to have affected numerous Debian users, but not all in the same manner. For me, the upgrade caused some pcl5 drivers to cease functioning. Newer drivers helped in some cases, but for one printer where there was no newer driver, I resorted to using the postscript driver instead. Dale Daniel Sheridan wrote: On Mon, 2009-11-30 at 09:14 +1100, Brian May wrote: Daniel Sheridan wrote: FWIW, I have the same problem here with Samba 3.4.2 and Windows XP clients. In fact, one printer driver works via point'n'print, but the others do not, so for now I've set all printers to use that one driver (the PPDs are similar enough that it's not a problem). Ok, so maybe it was the upgrade from 3.2.5 to 3.4.2 (required for Windows 7) that broke things. The first few days seemed fine, so I thought it was OK, but maybe that is because nobody reported problems... I'm currently blaming 3.4.x. Downgrading to 3.3.2 (the most recent 3.3 easily available as an Ubuntu package) makes the driver installation work perfectly. Upgrading to 3.4.x breaks it again. Clean /var/lib/samba and /var/cache/samba each time. Dan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] nmbd startup fails
Dear all, I regret that I am very new to this tool from the install side. I have so far altered shares on a running machine only. I have (thanks to Joss for some help already) installed version 3.4.3 under AIX 6.1 giving it our preferred base directory of /opt/freeware/samba/3.4.3 I have copied over the smb.conf file from the source machine (AIX 5.2 / Samba 2.0.7) and tweaked the content of .../sbin so that a shell script intercepts the call to the real swat, smbd and nmbd to ensure that the correct PATH LIBPATH are set and this seems to work fine for swat smbd, but nmbd always fails with the following in .../var/log.nmbd:- [2009/12/01 14:27:07, 0] nmbd/nmbd.c:854(main) nmbd version 3.4.3 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2009/12/01 14:27:07, 0] lib/util_sock.c:938(open_socket_in) bind failed on port 137 socket_addr = 0.0.0.0. Error = The socket name is already in use. It is true that the port 137 is in use as inetd has the entries:- netbios-ssn stream tcp nowait root/opt/freeware/samba/3.4.3/bin/smbd smbd netbios-ns dgram udp waitroot/opt/freeware/samba/3.4.3/bin/nmbd nmbd This is how we have it on the old server. Oddly, smbd starts just fine and swat allows me to manage the smb.conf file - not that I understand most of the options. I still have no users being able to access the server, but I haven't even begun to look at security. The old server has a pointer to a Windows domain controller, so I'm hoping that it is all contained in there and I just have to refer to it. Sorry about the question. The project manager is being a project manager and I have a go-live date of next weekend - and I have the DR server to build yet (racking the server, firmware, disk allocation etc) Robin Battersby-Cornmell | IS Service Delivery Technical Support Analyst Unisys Insurance Services Limited | Level 6, New Hall Place | Liverpool, Merseyside, L3 9UE | 0151 239 2825 (Net pending) Registered in England Company No. 04087012 Registered Office: Bakers Court, Bakers Road, Uxbridge, UB8 1RG THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. *** This email is sent in confidence for the addressee only. Unauthorised recipients must preserve this confidentiality and should please advise the sender immediately by returning the original email to us without reading it, taking a copy or disclosing it to anyone else. Please also destroy and delete the email from your computer. We have taken reasonable precautions to ensure that no viruses are transmitted to any third party. Unisys Insurance Services Limited does not accept any responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Unisys Insurance Services Limited is authorised and regulated by the Financial Services Authority, is a member of the UNISYS group of companies and provides outsourcing services to the Financial Services Industry Unisys Insurance Services Limited Registered in England No. 4087012 Registered Office: Bakers Court, Bakers Road, Uxbridge, UB8 1RG -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading to Vista with Samba 3.0.28a
I've been running a samba 3.0.28a PDC with XP clients for a while now. The setup has been working flawlessly. I'm considering upgrading some of the clients to Vista. Are there any known issues to Vista using this version of Samba that I should know about. I all need to do is join the Samba domain and connect to a few network shares. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fetching DOMAIN database Failed
On Wed, Nov 25, 2009 at 11:36:35AM +0100, Nobody ist perfect wrote: I am trying to migrate our Windows NT 4 Domain to Samba 3.4.3 and got the error message below when I run the command: net join -S myPDC -I 172.30.1.1 -U administrator%mypasswd worked ok net rpc vampire -S myPDC -U administrator%mypasswd Fetching DOMAIN database Failed to fetch domain database: NT_STATUS_ACCESS_DENIED What I want to accomplish is to remove Windows NT 4.0 server as PDC and make Samba our Primary Domain Controller. Looking at Chapter 9 Migrating NT 4 Domain to Samba 3 on Samba-3 By Example book that it is possible to merge or migrate NT domain to Samba using ldap smbldap-tools Can someone please point me to the right direction. For vampire of a NT4 PDC you need to join as a BDC first (you did join as a member workstation/server). net join BDC -S myPDC -I 172.30.1.1 -U administrator%mypasswd should do the trick. Hope that helps, Guenther -- Günther DeschnerGPG-ID: 8EE11688 Red Hat gdesch...@redhat.com Samba Team g...@samba.org pgpkt9Vozr056.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] domain printer issues
On Tue, Dec 01, 2009 at 12:36:51PM +, Daniel Sheridan wrote: On Mon, 2009-11-30 at 09:14 +1100, Brian May wrote: Daniel Sheridan wrote: FWIW, I have the same problem here with Samba 3.4.2 and Windows XP clients. In fact, one printer driver works via point'n'print, but the others do not, so for now I've set all printers to use that one driver (the PPDs are similar enough that it's not a problem). Ok, so maybe it was the upgrade from 3.2.5 to 3.4.2 (required for Windows 7) that broke things. The first few days seemed fine, so I thought it was OK, but maybe that is because nobody reported problems... I'm currently blaming 3.4.x. Downgrading to 3.3.2 (the most recent 3.3 easily available as an Ubuntu package) makes the driver installation work perfectly. Upgrading to 3.4.x breaks it again. Clean /var/lib/samba and /var/cache/samba each time. This is unfortunately a known issue and we are actively working on resolving this; if you have a chance to test, the 3-4-test git branch should have the necessary fixes (unless you are running sparc). For Samba 3.4.4 these issues will be resolved. Thanks, Guenther -- Günther DeschnerGPG-ID: 8EE11688 Red Hat gdesch...@redhat.com Samba Team g...@samba.org pgpCrGkbLzGcy.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrading to Vista with Samba 3.0.28a
Leandro Tracchia wrote: I've been running a samba 3.0.28a PDC with XP clients for a while now. The setup has been working flawlessly. I'm considering upgrading some of the clients to Vista. Are there any known issues to Vista using this version of Samba that I should know about. I all need to do is join the Samba domain and connect to a few network shares. I think most people are skipping Vista and upgrading directly to Windows 7 these days - and for Windows 7 you would definitely need to upgrade Samba (see http://wiki.samba.org/index.php/Windows7). I'm not actually sure about Vista on 3.0.28a, but it does seem to work on 3.0.30 and up. We just use tdbsam authentication to access a few network shares, and so far have had no difficulty upgrading from the 3.0 to the 3.3 series. Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Encryption
What are the prospects for smb transport encryption? Where can I learn more? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Change network interface from wlan0 to eth0
Hi to all:), I have a desktop with Ubuntu 9.10 and a laptop with Win 7. They're both connected to Internet with their WIFI interface. I use Samba to send files between these computers and it works fine but I'd like to use Samba with a crossover cable. I connected them with this cable and modified the /etc/samba/smb.conf writing in [Networking] section: interfaces = eth0 bind interfaces only = yes and, after that, sudo /etc/init.d/samba restart but Samba continues to use wifi interface to connect my computers. Can you help me? Thank you so much for your attention. Gabriele -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] strange issue with xerox printer: unable to configure driver
Hi, I've been having the same problem on a 7328 if I remember well. The problem is that the Xerox driver uses some proprietary print processor. Under windows, the print server is expected to run the print processor (which is not possible with samba as the print processor is a w32 exec). You have (as far as I know) 2 options here : - Setup the printer in samba without specifying the driver (samba will then only be used as a spooler for win clients). Point and print can then no more be used - Buy the postscript option from Xerox and use the print driver from cups for the win clients François On Fri, 27 Nov 2009 18:32:58 +0100, Guillaume Rousse guillaume.rou...@inria.fr wrote: Hello list. I've a strange issue with a samba 3.4.3 print server. Everything is fine with most printers, meaning drivers are assigned on server side and automatically distributed to the clients as expected. However, I fail to configure a Xerox document center 7435 the same way. When I attempt to assign a driver to the printer, from a windows client with admin privileges, I get an 'unexpected error occured in the print driver, close this windows and retry' error message, twice. More precisely, I can see initial renaming of the printer according to the driver name, then the error occurs, then the printer get renamed to '' (which is a bit painful :P) I previously had a slightly different model (document center pro c2636) which was working fine. The other working printers are not xerox ones. The driver is OK: it works fine when accessing the printer directly, and also when used from a windows print server. Also, I tried other variants (such as PCL driver instead of PS one), without success. When configuring the same printer from a Windows system, I had to configure it with raw socket connection, because IPP connection didn't allowed me to share it at all, and CIFS connection to the print queue caused me some troubles (the printer didn't appeared in the 'fax and printers list' of the server from remote hosts). The underlying printing system, cups, works perfectly. I've tried to switch from IPP to raw socket connection, because of the behaviour changes found with windows server, it didn't change anything. I performed a network capture both on server and client side while triggering the error. The result is available as: http://www.zarb.org/~guillomovitch/server.pcap http://www.zarb.org/~guillomovitch/client.pcap I can see some suspicious messages such as: WINREGOpenKey response, Error: WERR_BADFILE SPOOLSS GetPrinterData response, PrintProcCaps_NT EMF 1.008, File not found (pathname error) SPOOLSS SetPrinterDataEx response, Access denied But nothing really useful. I'm joining my samba configuration file. I'm using mandriva 2009.0 as server, and windows XP enterprise as client. Any hint appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP: Changing user's group
Hi, thanks for answering. I have only 1 Samba server. When I mentioned changes on groups, I meant on LDAP server. LDAP is used on both system and samba environments. When changing groups on users, those changes are instant on the system environment, but not on Samba. - I create a new Folder A, with full permissions for Group A - User B (belonging to group B), logs via SSH to the server, and can't access the Folder A. - User B logs via Samba using his Windows desktop machine, and can't access the Folder A (previously configured inside a Samba Resource). - Now I add User B to Group A via LDAP. He belongs now to Group A and Group B. - Getent group | grep User B shows correctly both groups on the user. - User B correctly access Folder A, write files, etc via console, ssh, or any kind of regular system authentication (since system is using pam libraries, configured to use LDAP as backend). - User B still can't access Folder A in any way. Samba has cached User B credentials, and haven't checked LDAP again for a while. The only option is to restart Samba, or wait randomly until Samba refreshes / syncs LDAP info about that user again. Hope this little story explains my problem better. Sorry for my english. Thanks! However, sato x wrote: On Thu, Nov 19, 2009 at 7:28 PM, davefu davef...@gmail.com wrote: Hello fellas. I'm facing this problem today: My Samba PDC is using LDAP as a backend, and its working really good. The problem comes when I change the groups on one of the users. System shows the change correctly by using 'getent group' and if I log as that user the behavior correct when trying the new group permissions. OK. Samba, however, doesn't seem to get those changes immediately (it syncs hours later, totally random amount of time). I've tried disabling NSCD but no luck. I've read somewhere that restarting Samba service forces Samba to refresh the users credentials, but thats not possible to do everytime a user needs a change in his groups. I'm wondering if there is some way to refresh Samba cached credentials. Do you mean that you have other samba server (as file server) running and uses LDAP as its backend? When you change the group(s), the changing doesn't affect this file server immediately? If this is the case, I used to reload nscd to refresh its cache, since start-stop or restart nscd brings no effect at all. Hope it can help - and pardon my language. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- View this message in context: http://old.nabble.com/Samba-%2B-LDAP%3A-Changing-user%27s-group-tp26421317p26573907.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Multiple parallel LDAP server
Hi, I'm a postgraduate student, and I'm currently working on the federated access management for PCs. I just wondering does samba support multiple LDAP servers, not as master and slave, but parallels? What I'm trying to achieve is letting a user from example1.com to use the PC at example2.com campus. User should enter their username followed by example1.com and the domain controller should choose the correspondent LDAP server for authentication. Thanks Chen -- Chen Liang Mr Bsc School of Computing Graduate *Dublin Institute of Technology* Kevin Street, Dublin 8 Dublin Mobile: +353(0) 85-7187268 Email: chen.li...@dit.ie mailto:chen.li...@dit.ie Email: chen.li...@student.dit.ie mailto:chen.li...@student.dit.ie This message has been scanned for content and viruses by the DIT Information Services E-Mail Scanning Service, and is believed to be clean. http://www.dit.ie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Logon script will not run in Samba 3.3.4 PDC
Greetings, all. I have a Samba 3.3.4 PDC up and running on my small home network, having migrated from an older 2.2.8 configuration. My XP Pro and Vista clients have remained as members of this migrated domain, logging with no problem. Client logins have worked precisely as expected. All seems to be happy - with one exception. My only problem, which I've spent the last two or three days Googling and even trying to read through the Samba sources to resolve, is that the logon script I have defined will not run. I even hardcoded the script name to eliminate any issues arising from variable substitution, to no avail, eg [global] .. .. logon script = logon.bat .. The testparm file shows no errors in the configuration file. I have researched this issue myself, and have seen various causes of this problem. I have checked the following so far, but to no avail in my circumstance: * The path parameter of the [netlogon] service points to a directory with r-x privs. * The logon.bat file specified in the logon script parameter of smb.conf has r-x privs. * The file specified in the logon script parameter of smb.conf has been created from a DOS-style client with CR/LF's. * The batch file can be executed *manually* from any client after logging in, and can even be opened in a tool like Notepad. * The batch file's location is located in the directory indicated in the [netlogon] path parameter. The log files show absolutely no attempt to access the file. They do show a (failed) attempt to access NTConfig.pol (which didn't exist), and to that end I created a simple policy file and placed it in the netlogon share. The logs confirm that the policy file is accessed. (The Policy file defines only a machine policy not to check for slow connections, because I had also read that a slow net connection check would inhibit logon script execution). This made no difference, either. Despite my research, I'm sure I have overlooked something simple, and I've just been staring at things so long I just can't see it. If anyone could offer any suggestions, I'd be most appreciative. I'm running Slackware 13.0, but compiled and installed Samba 3.3.4 in the hopes of supporting future WIndows 7 clients, which other research has said is the proper version of Samba for that goal. But that's a next step in the process Many thanks in advance, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3/4 - Franky - AD
Hello I had exactly the same problem. However, I downloaded and installed GIT (apt-get install git-core in Debian / Ubuntu). I then did: git clone git://git.samba.org/samba.git samba cd samba git checkout v3-5-stable cd source3 ./configure --enable-merged-build make make install If you haven't already done so, you need lots of development libraries, for example http://wiki.samba.org/index.php/Samba4/HOWTO/Ubuntu_Server_9.04 is a good source. If you are getting messages saying that libraries are missing after the install, you may need to edit ld.so.conf and then run ldconfig. You may also need to add /usr/local/samba/sbin and /usr/local/samba/bin to your path as well so that you don't have to cd into the directory or type it all out. I am still yet to explore Samba 3.5 properly and haven't got past this stage yet. Regards _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 on samba 3.4.2 slow
Hello Assuming that you have Windows 7 Professional / Enterprise or Ultimate, try going into Policy Editor (gpedit.msc), navigate to Computer Configuration, Administrative Templates, System and then User Profiles. Open the setting in the list Set maximum wait time for the network if a user has a roaming user profile or remote home directory, change it to enabled and set wait for network for maximum to 0 and then OK. I use Windows Vista where I had exactly the same problem, even when I disable and never use roaming profiles. Regards _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Auto-configure Samba to offer same shares as Windows on dual-boot machine
Does anyone know of either a standalone tool or a distribution's installsetup procedure which can set up samba shares by looking at what a windows installation on the same computer does- say, by checking HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares, figuring where the directories being shared are mounted, matching printers to those configured in Linux/etc, and offering all of these with the same share names used in the Windows install? If not, why not? Has it just not been tried? It seems to me that something along these lines would be a major advantage in easing people's transitions from Windows to Linux or other platforms. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ? AD user autherntication ?
We have a small Ubuntu 9.10 file server in a large Win 2003/2008 domain. There is no X nor web browser in the server. I have rights to join machines to the domain, but I'm not an Administrator There is about 10 users in this server, who want to authenticate with domain passwords when they mount their home directories to WindowsXP workstations. The ssh passwords should be local and separated from domain passwords. The server should not try to play any master roles. Just deliver directories to windows. We have tried this for about a month and gone through many books, web pages and forums. After reading Samba documentation we don't even understand what programs we need. in some documents we are told to use PAM, LDAP, krb or winbind. In some documents you are advised NOT to use this if you are using that. It is a total chaos. Is there any example of a working case like this ? Is there any script which takes care of the configuration ? -- View this message in context: http://old.nabble.com/--AD-user-autherntication---tp26510351p26510351.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] password expiration problem
Greetings. I have problem with password expiration problem i cannot
handle myself, so i wrote in this list.
Recently i discovered that a newly created samba account has already
expired password.
smbldap-useradd -a -d /home/tommy -G education -s /bin/bash -M tommy -c
Tommy T. tommy
smbldap-passwd tommy
getent shadow
user:*:::0
user2:*:::0
user3:*:::3650
tommy:*:::3650
su tommy
pam_mount password:
Password aged
Enter login(LDAP) password:
auth.log
/dev/pts/5 user:tommy
Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:auth): authentication
failure; logname= uid=1001 euid=0 tty=/dev/pts/5 ruser=user rhost=
user=tommy
Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:account): expired
password for user tommy (password aged)
Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:chauthtok): user tommy
does not exist in /etc/passwd
Nov 26 16:48:12 it-chief su[5638]: pam_chauthtok: Authentication token
manipulation error
Nov 26 16:48:12 it-chief su[5638]: FAILED su for tommy by user
smb.conf
[global]
workgroup = WORKGROUP
server string = %h server
; wins server = w.x.y.z
dns proxy = no
; name resolve order = lmhosts host wins bcast
; interfaces = 127.0.0.0/8 eth0
; bind interfaces only = yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = yes
syslog = 0
panic action = /usr/share/samba/panic-action %d
log level = 3 vfs:2
security = user
encrypt passwords = true
obey pam restrictions = no
; unix password sync = no
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated
pam password change = no
passdb backend = ldapsam:ldap://auth.workgroup
ldap ssl = no
ldap admin dn = cn=admin,dc=workgroup
ldap suffix = dc=workgroup
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
unix extensions = no
; domain logons = yes
; logon path = \\%N\profiles\%U
; logon drive = H:
; logon script = logon.cmd
add user script = /usr/sbin/smbldap-useradd -m %u
add machine script = /usr/sbin/smbldap-useradd -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
ldap delete dn = yes
delete user script = /usr/sbin/smbldap-userdel %u
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
smbldap.conf
SID=S-1-5-21-482339686-3080510186-2817641028
sambaDomain=WORKGROUP
slaveLDAP=auth.workgroup
slavePort=389
masterLDAP=auth.workgroup
masterPort=389
ldapTLS=0
verify=none
suffix=dc=workgroup
usersdn=ou=Users,${suffix}
computersdn=ou=Computers,${suffix}
groupsdn=ou=Groups,${suffix}
idmapdn=ou=Users,${suffix}
sambaUnixIdPooldn=sambaDomainName=WORKGROUP,${suffix}
scope=sub
hash_encrypt=SSHA
crypt_salt_format=%s
userLoginShell=/bin/bash
userHome=/home/%U
userHomeDirectoryMode=700
userGecos=System User
defaultUserGid=513
defaultComputerGid=515
skeletonDir=/etc/skel
defaultMaxPasswordAge=365
userSmbHome=\\NAS\%U
userProfile=\\NAS\profiles\%U
userHomeDrive=H:
userScript=%U.cmd
mailDomain=workgroup
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
slapd.conf
include/etc/ldap/schema/core.schema
include/etc/ldap/schema/cosine.schema
include/etc/ldap/schema/inetorgperson.schema
include/etc/ldap/schema/misc.schema
include/etc/ldap/schema/nis.schema
include/etc/ldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args
loglevel256
modulepath/usr/lib/ldap
moduleloadback_bdb
sizelimit 500
tool-threads 1
backendbdb
databasebdb
suffix dc=workgroup
directory /var/lib/ldap
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
indexobjectClasseq
indexcnpres,sub,eq
indexsnpres,sub,eq
indexuidpres,sub,eq
indexdisplayNamepres,sub,eq
indexdefaultsub
indexuidNumbereq
indexgidNumbereq
indexmail,givenNameeq,subinitial
indexdceq
indexmemberUideq
indexsambaSIDeq
indexsambaPrimaryGroupSIDeq
indexsambaDomainNameeq
indexsambaGroupTypeeq
indexsambaSIDListeq
indexuniqueMembereq
lastmod on
checkpoint 512 30
access to
attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
by dn=cn=admin,dc=workgroup write
by anonymous auth
by self write
by * none
access to dn.base= by * read
access to
[Samba] Kinit problems with WS2008r2
Hello world, I have serious problems with samba and WS2008r2 DC using native mode ??. I can join the domain and winbind is working well. I have no domain administrator rights and machine account was pre-created with modified rights documented http://docs.hp.com/en/7212/ADSJoinMinimumPerms.pdf#search=%22samba%20join%20ads%20user%20propert%22 Now I am trying to get ticket with kinit -k (keytab created with net ads keytab create) with no success. I get error 'Client not found in Kerberos database while getting initial credentials' or ' Key table entry not found while getting initial credentials'. My goal kerberize nfs and cups with net ads keytab crete nfs ipp Is there any hope to get it running? I put my config files and logs with full debug enabled to http://www.helsinki.fi/~masse/samba/ I am using ubuntu 9.10 and default samba 2:3.4.0-3ubuntu5.1. r...@kakkosmasse:~# net ads testjoin -U masse Join is OK ma...@kakkosmasse:/$ klist Ticket cache: FILE:/tmp/krb5cc_1030118_LhjGfN3125 Default principal: ma...@hytest.helsinki.fi Valid starting ExpiresService principal 11/26/09 10:49:56 11/26/09 20:49:56 krbtgt/hytest.helsinki...@hytest.helsinki.fi renew until 11/27/09 10:49:56 ma...@kakkosmasse:/$ smbclient -k -L localhost ads_krb5_mk_req: krb5_get_credentials failed for cifs/kakkosma...@hytest.helsinki.fi (Server not found in Kerberos database) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Server not found in Kerberos database session setup failed: SUCCESS - 0 -- Mikko Hirvonen mikko.v.hirvo...@helsinki.fi HY/Tietos/Verkkopalvelut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] password expiration
Greetings. I have problem with password expiration problem i cannot
handle myself, so i wrote in this list.
Recently i discovered that a newly created samba account has already
expired password.
smbldap-useradd -a -d /home/tommy -G education -s /bin/bash -M tommy -c
Tommy T. tommy
smbldap-passwd tommy
getent shadow
user:*:::0
user2:*:::0
user3:*:::3650
tommy:*:::3650
su tommy
pam_mount password:
Password aged
Enter login(LDAP) password:
auth.log
/dev/pts/5 user:tommy
Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:auth): authentication
failure; logname= uid=1001 euid=0 tty=/dev/pts/5 ruser=user rhost=
user=tommy
Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:account): expired
password for user tommy (password aged)
Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:chauthtok): user tommy
does not exist in /etc/passwd
Nov 26 16:48:12 it-chief su[5638]: pam_chauthtok: Authentication token
manipulation error
Nov 26 16:48:12 it-chief su[5638]: FAILED su for tommy by user
smb.conf
[global]
workgroup = WORKGROUP
server string = %h server
; wins server = w.x.y.z
dns proxy = no
; name resolve order = lmhosts host wins bcast
; interfaces = 127.0.0.0/8 eth0
; bind interfaces only = yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = yes
syslog = 0
panic action = /usr/share/samba/panic-action %d
log level = 3 vfs:2
security = user
encrypt passwords = true
obey pam restrictions = no
; unix password sync = no
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated
pam password change = no
passdb backend = ldapsam:ldap://auth.workgroup
ldap ssl = no
ldap admin dn = cn=admin,dc=workgroup
ldap suffix = dc=workgroup
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
unix extensions = no
; domain logons = yes
; logon path = \\%N\profiles\%U
; logon drive = H:
; logon script = logon.cmd
add user script = /usr/sbin/smbldap-useradd -m %u
add machine script = /usr/sbin/smbldap-useradd -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
ldap delete dn = yes
delete user script = /usr/sbin/smbldap-userdel %u
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
smbldap.conf
SID=S-1-5-21-482339686-3080510186-2817641028
sambaDomain=WORKGROUP
slaveLDAP=auth.workgroup
slavePort=389
masterLDAP=auth.workgroup
masterPort=389
ldapTLS=0
verify=none
suffix=dc=workgroup
usersdn=ou=Users,${suffix}
computersdn=ou=Computers,${suffix}
groupsdn=ou=Groups,${suffix}
idmapdn=ou=Users,${suffix}
sambaUnixIdPooldn=sambaDomainName=WORKGROUP,${suffix}
scope=sub
hash_encrypt=SSHA
crypt_salt_format=%s
userLoginShell=/bin/bash
userHome=/home/%U
userHomeDirectoryMode=700
userGecos=System User
defaultUserGid=513
defaultComputerGid=515
skeletonDir=/etc/skel
defaultMaxPasswordAge=365
userSmbHome=\\NAS\%U
userProfile=\\NAS\profiles\%U
userHomeDrive=H:
userScript=%U.cmd
mailDomain=workgroup
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
slapd.conf
include/etc/ldap/schema/core.schema
include/etc/ldap/schema/cosine.schema
include/etc/ldap/schema/inetorgperson.schema
include/etc/ldap/schema/misc.schema
include/etc/ldap/schema/nis.schema
include/etc/ldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args
loglevel256
modulepath/usr/lib/ldap
moduleloadback_bdb
sizelimit 500
tool-threads 1
backendbdb
databasebdb
suffix dc=workgroup
directory /var/lib/ldap
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
indexobjectClasseq
indexcnpres,sub,eq
indexsnpres,sub,eq
indexuidpres,sub,eq
indexdisplayNamepres,sub,eq
indexdefaultsub
indexuidNumbereq
indexgidNumbereq
indexmail,givenNameeq,subinitial
indexdceq
indexmemberUideq
indexsambaSIDeq
indexsambaPrimaryGroupSIDeq
indexsambaDomainNameeq
indexsambaGroupTypeeq
indexsambaSIDListeq
indexuniqueMembereq
lastmod on
checkpoint 512 30
access to
attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
by dn=cn=admin,dc=workgroup write
by anonymous auth
by self write
by * none
access to dn.base= by * read
access to *
by
Re: [Samba] Encryption
On Tue, Dec 01, 2009 at 10:01:57AM -0600, Cameron Laird wrote: What are the prospects for smb transport encryption? Where can I learn more? It's implemented via the UNIX extension mechanism between smbclient and smbd for versions of Samba 3.2.x and greater. Not yet implemented in the Linux CIFSFS client or MacOSX client. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password Change from Windows machines (You do not have permission to change your password)
For anyone else trying to get this to work, I should also add that a problem in the Ubuntu auth-client-config package was also giving me the same (misleading) error message. In /etc/pam.d/common-password, you must remove the use_authtok option on the pam_ldap.so line: _Wrong:_ password[success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass _Correct:_ password[success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass This problem also resulted in the misleading You do not have permission to change your password error message. Between this and the problem below, I was pulling my hair out... Thanks, Derek On 12/01/2009 12:26 AM, Derek Simkowiak wrote: Hello, I just wasted several hours trying to figure out why I could not change Samba passwords from Windows XP computers. I'm posting here so that there is some form of documentation about this on the web. My setup is basically this: - Samba 3.3.2 (running under Ubuntu 9.04) - OpenLDAP user database - Full O.S. support for OpenLDAP auth, using nsswitch and PAM.(My client LDAP config was installed using *auth-client-config *as per https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html, plus some tweaking in /etc/smbldap-tools/. ) I can ssh into the box as a system user that exists only in LDAP (and not in /etc/passwd). I can also change my LDAP password at the bash prompt by typing passwd (via PAM), or smbldap-passwd, or smbpasswd. That all works as per the documentation. The problem: I could not change my password from Windows boxen. They kept giving me You do not have permission to change your password. I found the solution by cranking up the log level to 10. I eventually found this golden snippet in all the noise: [2009/11/30 23:23:37, 4] auth/pampass.c:smb_pam_chauthtok(670) smb_pam_chauthtok: PAM: Password Change for User: dereks [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(284) smb_pam_passchange_conv: starting converstation for 1 messages [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(312) smb_pam_passchange_conv: Processing message 0 [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(346) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: PAM said: New password: [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |*enter new * password:*| to |New password:| [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |*retype new * password:*| to |New password:| [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |*password updated successfully*| to |New password:| [2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352) smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match || to |New password:| [2009/11/30 23:23:37, 3] auth/pampass.c:smb_pam_passchange_conv(370) smb_pam_passchange_conv: Could not find reply for PAM prompt: New password: [2009/11/30 23:23:37, 0] auth/pampass.c:smb_pam_chauthtok(699) PAM: User not known to PAM [2009/11/30 23:23:37, 2] auth/pampass.c:smb_pam_error_handler(77) smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module [2009/11/30 23:23:37, 0] auth/pampass.c:smb_pam_passchange(861) smb_pam_passchange: PAM: Password Change Failed for user dereks! [2009/11/30 23:23:37, 4] auth/pampass.c:smb_pam_end(450) smb_pam_end: PAM: PAM_END OK. [2009/11/30 23:23:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/11/30 23:23:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (4202, 513) - sec_ctx_stack_ndx = 1 [2009/11/30 23:23:37, 5] rpc_server/srv_samr_nt.c:_samr_ChangePasswordUser2(1907) _samr_ChangePasswordUser2: 1907 samr_ChangePasswordUser2: struct samr_ChangePasswordUser2 out: struct samr_ChangePasswordUser2 result : NT_STATUS_ACCESS_DENIED Here you can see that the password chat was attempting to communicate with PAM in a fashion similar to 'expect'. My passwd chat setting in /etc/samba/smb.conf was not correct, so the password change failed. The resulting error code NT_STATUS_ACCESS_DENIED caused Windows to print that useless You do not have permission to change your password dialog box, and sent me on a wild goose chase. The comments in the smb.conf that come with Ubuntu say this: # For Unix password sync to work on a Debian GNU/Linux system, the following # parameters must be set (thanks to Ian Kahan ka...@informatik.tu-muenchen.de for # sending the correct chat script for the passwd program in Debian Sarge). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n
Re: [Samba] Window can't see Linux share
Kevin - Thanks so much for your attentiveness; with your suggestion my window boxes can see the Linux server and visa versa. The Linux box can mount and access the shared directories from all the Window machines, But there is still one glitch and I can't seem to resolve using the Samba documentation. It is : While the Samba file and Print server shows up in all the Mnet workgroups on each of the windows boxes, the directories (named Book and Photos in the new smb.conf shown below). Are you aware of an easy fix for that. Much appreciation in advance. Jon [global] netbios name = Mercury1 server string = Samba file and print server workgroup = MNET security = user hosts allow = 127. 192.77.0. interfaces = 127.0.0.1/8 192.168.77.0/24 bind interfaces only = yes remote announce = 192.168.77.255 remote browse sync = 192.168.77.255 printcap name = cups load printers = yes cups options = raw printing = cups guest account = smbguest log file = /var/log/samba/samba.log max log size = 1000 null passwords = no username level = 6 password level = 6 encrypt passwords = yes unix password sync = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no domain logons = no os level = 33 logon drive = m: logon home = \\%L\homes\%u logon path = \\%L\profiles\%u logon script = %G.bat time server = no name resolve order = wins lmhosts bcast wins support = yes wins proxy = no dns proxy = no preserve case = yes short preserve case = yes client use spnego = no client signing = no client schannel = no server signing = no server schannel = no nt pipe support = yes nt status support = yes allow trusted domains = no obey pam restrictions = yes enable spoolss = yes client plaintext auth = no disable netbios = no follow symlinks = no update encrypted = yes pam password change = no passwd chat timeout = 120 hostname lookups = no username map = /etc/samba/smbusers smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd '%u' passwd chat = *New*password* %n\n *ReType*new*password* %n\n *passwd*changed*\n add user script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null '%u' add user to group script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null -g '%g' '%u' add group script = /usr/sbin/groupadd '%g' delete user script = /usr/sbin/userdel '%u' delete user from group script = /usr/sbin/userdel '%u' '%g' delete group script = /usr/sbin/groupdel '%g' add machine script = /usr/sbin/useradd -d /dev/null -g sambamachines -c 'Samba Machine Account' -s /dev/null -M '%u' machine password timeout = 120 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind use default domain = yes winbind separator = @ winbind cache time = 360 winbind trusted domains only = yes winbind nested groups = no winbind nss info = no winbind refresh tickets = no winbind offline logon = no [homes] comment = Home Directories path = /home read only = no available = yes browseable = yes writable = yes guest ok = no public = no printable = no share modes = no locking = no [netlogon] comment = Network Logon Service path = /home/netlogon read only = no available = yes browseable = yes writable = no guest ok = no public = no printable = no share modes = no locking = no [profiles] comment = User Profiles path = /var/samba/profiles read only = no available = yes browseable = no writable = yes guest ok = no public = no printable = no locking = no create mode = 0600 directory mask = 0700 [printers] comment = All Printers path = /var/spool/samba browseable = yes writable = no guest ok = no public = no printable = yes share modes = no locking = no [pdf-documents] path = /home/pdf-documents comment = Converted PDF Documents available = yes browseable = yes writeable = yes guest ok = yes [pdf-printer] path = /tmp comment = PDF Printer Service printable = yes guest ok = yes use client driver = yes printing = bsd print command = /usr/bin/gadmin-samba-pdf %s %u lpq command = lprm command = [Book] path = /media/FreeAgent/Drive/Book comment = Book Chapters valid users = jon admin users = jon read only = no available = yes browseable = yes writable = yes guest ok = no public = no printable = no share modes = no locking = no [Photos] path = /media/FreeAgent/Drive/Photos comment = All Photos valid users = jon admin users = jon read only = no available = yes browseable = yes writable = yes guest ok = no public = no printable = no share modes = no locking = no Thanks for including your whole smb.conf and IP address configuration - that helped! I notice that your global hosts allow statement (and several others) only allows for a subnet of 192.168.0, but the IP addresses you list below is in a different subnet. Basically, you are telling Samba reject everything from the 192.168.77 subnet. -- View this message in context: http://old.nabble.com/Window-can%27t-see-Linux-share-tp26555010p26594248.html Sent from the Samba - General
Re: [Samba] password expiration problem
Greetings. I have problem with password expiration problem i cannot
handle myself, so i wrote in this list.
Recently i discovered that a newly created samba account has already
expired password.
smbldap-useradd -a -d /home/tommy -G education -s /bin/bash -M tommy
-c Tommy T. tommy
smbldap-passwd tommy
getent shadow
user:*:::0
user2:*:::0
user3:*:::3650
tommy:*:::3650
su tommy
pam_mount password:
Password aged
Enter login(LDAP) password:
auth.log
/dev/pts/5 user:tommy
Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:auth): authentication
failure; logname= uid=1001 euid=0 tty=/dev/pts/5 ruser=user rhost=
user=tommy
Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:account): expired
password for user tommy (password aged)
Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:chauthtok): user
tommy does not exist in /etc/passwd
Nov 26 16:48:12 it-chief su[5638]: pam_chauthtok: Authentication token
manipulation error
Nov 26 16:48:12 it-chief su[5638]: FAILED su for tommy by user
smb.conf
[global]
workgroup = WORKGROUP
server string = %h server
; wins server = w.x.y.z
dns proxy = no
; name resolve order = lmhosts host wins bcast
; interfaces = 127.0.0.0/8 eth0
; bind interfaces only = yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = yes
syslog = 0
panic action = /usr/share/samba/panic-action %d
log level = 3 vfs:2
security = user
encrypt passwords = true
obey pam restrictions = no
; unix password sync = no
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated
pam password change = no
passdb backend = ldapsam:ldap://auth.workgroup
ldap ssl = no
ldap admin dn = cn=admin,dc=workgroup
ldap suffix = dc=workgroup
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
unix extensions = no
; domain logons = yes
; logon path = \\%N\profiles\%U
; logon drive = H:
; logon script = logon.cmd
add user script = /usr/sbin/smbldap-useradd -m %u
add machine script = /usr/sbin/smbldap-useradd -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
ldap delete dn = yes
delete user script = /usr/sbin/smbldap-userdel %u
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
smbldap.conf
SID=S-1-5-21-482339686-3080510186-2817641028
sambaDomain=WORKGROUP
slaveLDAP=auth.workgroup
slavePort=389
masterLDAP=auth.workgroup
masterPort=389
ldapTLS=0
verify=none
suffix=dc=workgroup
usersdn=ou=Users,${suffix}
computersdn=ou=Computers,${suffix}
groupsdn=ou=Groups,${suffix}
idmapdn=ou=Users,${suffix}
sambaUnixIdPooldn=sambaDomainName=WORKGROUP,${suffix}
scope=sub
hash_encrypt=SSHA
crypt_salt_format=%s
userLoginShell=/bin/bash
userHome=/home/%U
userHomeDirectoryMode=700
userGecos=System User
defaultUserGid=513
defaultComputerGid=515
skeletonDir=/etc/skel
defaultMaxPasswordAge=365
userSmbHome=\\NAS\%U
userProfile=\\NAS\profiles\%U
userHomeDrive=H:
userScript=%U.cmd
mailDomain=workgroup
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
slapd.conf
include/etc/ldap/schema/core.schema
include/etc/ldap/schema/cosine.schema
include/etc/ldap/schema/inetorgperson.schema
include/etc/ldap/schema/misc.schema
include/etc/ldap/schema/nis.schema
include/etc/ldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args
loglevel256
modulepath/usr/lib/ldap
moduleloadback_bdb
sizelimit 500
tool-threads 1
backendbdb
databasebdb
suffix dc=workgroup
directory /var/lib/ldap
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
indexobjectClasseq
indexcnpres,sub,eq
indexsnpres,sub,eq
indexuidpres,sub,eq
indexdisplayNamepres,sub,eq
indexdefaultsub
indexuidNumbereq
indexgidNumbereq
indexmail,givenNameeq,subinitial
indexdceq
indexmemberUideq
indexsambaSIDeq
indexsambaPrimaryGroupSIDeq
indexsambaDomainNameeq
indexsambaGroupTypeeq
indexsambaSIDListeq
indexuniqueMembereq
lastmod on
checkpoint 512 30
access to
attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
by dn=cn=admin,dc=workgroup write
by anonymous auth
by self write
by * none
access to dn.base= by * read
access to
Re: [Samba] autogen.sh failing over samba share
On Tue, Dec 01, 2009 at 03:44:12AM +0200, George Sapountzis wrote: On Sun, Nov 29, 2009 at 11:45 AM, Volker Lendecke volker.lende...@sernet.de wrote: On Sun, Nov 29, 2009 at 03:22:26AM +0200, George Sapountzis wrote: - configure is not created with +x permission Could that be the create mask setting? Yes, using 0744 (default value) for create mask sets the x bit for configure bit. However, it also sets the x bit for all(?) new/modified files. This creates other problems. For example the source code is in a mercurial repo, so whenever I do an update/checkout, files are checked out with the x bit set and mercurial spuriously thinks that the files are modified. So, I guess the question is how do I configure samba so that permission bits from the client are set the same as if the operation was performed at the server ? create mask = 0777 directory create mask = 0777 security mask = 0777 directory security mask = 0777 Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] autogen.sh failing over samba share
On Wed, Dec 2, 2009 at 3:11 AM, Jeremy Allison j...@samba.org wrote: On Tue, Dec 01, 2009 at 03:44:12AM +0200, George Sapountzis wrote: On Sun, Nov 29, 2009 at 11:45 AM, Volker Lendecke volker.lende...@sernet.de wrote: On Sun, Nov 29, 2009 at 03:22:26AM +0200, George Sapountzis wrote: - configure is not created with +x permission Could that be the create mask setting? Yes, using 0744 (default value) for create mask sets the x bit for configure bit. However, it also sets the x bit for all(?) new/modified files. This creates other problems. For example the source code is in a mercurial repo, so whenever I do an update/checkout, files are checked out with the x bit set and mercurial spuriously thinks that the files are modified. So, I guess the question is how do I configure samba so that permission bits from the client are set the same as if the operation was performed at the server ? create mask = 0777 directory create mask = 0777 security mask = 0777 directory security mask = 0777 Jeremy. Unfortunately, this does not work either. For mercurial repo: rm -rf * hg checkout -C hg status similar for git: rm -rf * git checkout -f git status -a The status commands show all files changing permissions. regards, George. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.2 with Solaris ZFS Snaphots
Hi, Sorry for the lack of proper threading, but I wasn't subscribed to the list at the time. On Nov 26, 2009, Jeremy Allison wrote: On Wed, Nov 18, 2009 at 08:09:16PM +0100, Volker Lendecke wrote: On Wed, Nov 18, 2009 at 11:05:07AM -0800, Jeremy Allison wrote: We are extensively using ZFS snapshots with samba, it works like a charm. We use the patches from http://www.edplese.com/samba-with-zfs.html this give us freedom in naming convention they still can be applied (manuallly) to samba-3.4.x/source3/modules/vfs_shadow_copy.c Hmmm - these patches look really interesting ! I wonder how they didn't get added into mainline source code Maybe because nobody wants to touch the shadow_copy module? shadow_copy2 is the one that has seen fixes lately, I have some patches for shadow_copy2 that are still pending to be merged upstream. What patches are currently pending? Do any of them eliminate the need for some of the ZFS patches? Ah ok, didn't realize the difference between the two. Maybe we should remove the vfs_shadow_copy and concentrate everything on vfs_shadow_copy2 (and look at merging these patches). Has anyone else started merging these patches to the shadow_copy2 module? If not, I'll get started with it. Ed Plese -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Ldap replication
Hi all, i have a setup where by there is a PDC thats authenticating users through ldap. i have several other BDCs' that are doing the replication of the main server. am trying to setup the users to be authenticated by the BDC but am not able to. Any suggestions will be quite helpful Regards kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Optimizing Samba to stream movies
On Thu, Nov 05, 2009 at 10:50:47PM -0500, Brett Alton wrote: I'm wondering if the problem is my 802.11g router or my samba install. I'am sure that the problem is your 802.11g router. As a matter of fact, all 802.11g router is too slow to transfer HD video. For HD video, you need 802.11n router at least. -- Shaochun Wang scw...@ios.ac.cn Jabber: fung...@jabber.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-3-test updated
The branch, v3-3-test has been updated via dc3d1f2... s3: Fix shadow copy display on Windows 7 from 04fa292... s3:docs: Fix typo in man mount.cifs. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit dc3d1f2f073f135bf48a08163010465ba88b9d37 Author: Volker Lendecke v...@samba.org Date: Thu Oct 8 14:02:39 2009 +0200 s3: Fix shadow copy display on Windows 7 Windows 7 is a bit more picky on our NT_STATUS_BUFFER_TOO_SMALL. Announce the right buffer size, the same amount we later check for. Fix bug #6850 (Shadow Copy Support for VISTA / Windows 7). --- Summary of changes: source/smbd/nttrans.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index 0bd37a5..c392380 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -1904,7 +1904,7 @@ static void call_nt_transact_ioctl(connection_struct *conn, } /* needed_data_count 4 bytes */ - SIVAL(pdata,8,labels_data_count); + SIVAL(pdata, 8, labels_data_count+4); cur_pdata+=12; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via b1243ff... s3: Fix shadow copy display on Windows 7 from ab9e7e9... s3-spoolss: simplify _spoolss_EnumPrinterKey a little more. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit b1243ff12d4f4b948dc7bbd85795f8ee8f7621d9 Author: Volker Lendecke v...@samba.org Date: Thu Oct 8 14:02:39 2009 +0200 s3: Fix shadow copy display on Windows 7 Windows 7 is a bit more picky on our NT_STATUS_BUFFER_TOO_SMALL. Announce the right buffer size, the same amount we later check for. Fix bug #6850 (Shadow Copy Support for VISTA / Windows 7). --- Summary of changes: source3/smbd/nttrans.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 9f30f06..dfe59f0 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1991,7 +1991,7 @@ static void call_nt_transact_ioctl(connection_struct *conn, } /* needed_data_count 4 bytes */ - SIVAL(pdata,8,labels_data_count); + SIVAL(pdata, 8, labels_data_count+4); cur_pdata+=12; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via 57c9911... Conditional install of the cifs.upcall man page
via 0b83d6a... Adjust regex to match variable names including
underscores
from 8e77a75... Fix DEBUG 0 - DEBUG 10 (left over code). Fix opendir
status return if access denied. Jeremy. (cherry picked from commit
48f40793ae4190ebc9eec83924aeda9e3f16bf0d)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit 57c99111408e38cb68a7d194bdfd31fc0864600d
Author: Lars Müller l...@samba.org
Date: Mon Feb 2 21:12:52 2009 +0100
Conditional install of the cifs.upcall man page
Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while
configure.
(cherry picked from commit 789963de23d46eba41cdd29c7b50100ec47e4361)
Fix bug #6710 (cifs.upcall: Commits e9e2414e and 64982295 are missing in
3.4.1).
commit 0b83d6a1d8dfffc0e9f95c67afbeb0d7125060a1
Author: Lars Müller l...@samba.org
Date: Mon Feb 2 21:38:38 2009 +0100
Adjust regex to match variable names including underscores
This is required to get the CIFSUPCALL_PROGS setting extracted from
config.log.
(cherry picked from commit 5148eefe1ea6e215dcbf4ffaa642860bd8dab45f)
---
Summary of changes:
source3/script/installman.sh |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/script/installman.sh b/source3/script/installman.sh
index ab9bfe5..085e862 100755
--- a/source3/script/installman.sh
+++ b/source3/script/installman.sh
@@ -20,7 +20,7 @@ fi
# Get the configured feature set
test -f ${SRCDIR}/config.log \
- eval `grep ^[[:alnum:]]*=.* ${SRCDIR}/config.log`
+ eval `grep ^[[:alnum:]_]*=.* ${SRCDIR}/config.log`
for lang in $langs; do
if [ X$lang = XC ]; then
@@ -48,6 +48,7 @@ for lang in $langs; do
# Check if this man page if required by the configured feature set
case ${MP_BASENAME} in
+ cifs.upcall.8) test -z ${CIFSUPCALL_PROGS} continue ;;
smbsh.1) test -z ${SMBWRAPPER} continue ;;
*) ;;
esac
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via e1f19bc... correct mail address from 57c9911... Conditional install of the cifs.upcall man page http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit e1f19bc357e9df2f61c19d6f260433c91bf01665 Author: Björn Jacke b...@sernet.de Date: Tue Dec 1 11:48:26 2009 +0100 correct mail address --- Summary of changes: WHATSNEW.txt |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 764f545..441845d 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -82,7 +82,7 @@ New configure options Commit Highlights = -o Björn Jacke bja...@sernet.de +o Björn Jacke b...@sernet.de * Add support for full Windows timestamp resolution. * Add encryption support for connections to a CUPS server. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9d8867f... s3:build: fix detection of CTDB headers on systems without system-libtalloc via 51b6e23... s3:build: fix the build when no external talloc and tdb are installed. from 2d1bd87... s4:torture/raw/lock - Fix discard const warnings by introducing discard_const_ps http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9d8867f67626ccd93260e83a50aa978d3e12ad1e Author: Michael Adam ob...@samba.org Date: Tue Dec 1 15:22:20 2009 +0100 s3:build: fix detection of CTDB headers on systems without system-libtalloc Michael commit 51b6e23f9a88f1c8fabb67d5e6d9b81aa562623a Author: Michael Adam ob...@samba.org Date: Tue Dec 1 14:55:02 2009 +0100 s3:build: fix the build when no external talloc and tdb are installed. The check for the external libs and the addition of the include paths to the CPPFLAGS was too late in configure. This patch moves the whole subsystem/library section up right below the detection of BLDSHARED. And it updates not only SAMBA_CPPFLAGS but also SAMBA_CONFIGURE_CPPFLAGS so that many tests that use these flags can now succeed. Michael --- Summary of changes: source3/configure.in | 347 ++ 1 files changed, 179 insertions(+), 168 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 01dcd9f..fc62fc2 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1837,6 +1837,184 @@ AC_DEFINE_UNQUOTED(SHLIBEXT, $SHLIBEXT, [Shared library extension]) AC_LIBREPLACE_RUNTIME_LIB_PATH_VAR + +### +# +# Configuration of subsystems / libraries +# +### + +INSTALLLIBCMD_SH=: +INSTALLLIBCMD_A=: +UNINSTALLLIBCMD_SH=: +UNINSTALLLIBCMD_A=: + +if test $BLDSHARED = true; then + INSTALLLIBCMD_SH=\$(INSTALLCMD) + UNINSTALLLIBCMD_SH=rm -f +fi +if test $enable_static = yes; then + INSTALLLIBCMD_A=\$(INSTALLCMD) + UNINSTALLLIBCMD_A=rm -f +fi + +# +# --disable-shared-libs +# can be used to disable the internal use of shared libs altogether +# (this only has an effect when building shared libs is enabled) +# +USESHARED=false +AC_SUBST(USESHARED) + +AC_MSG_CHECKING(whether to use shared libraries internally) +AC_ARG_ENABLE([shared-libs], + AS_HELP_STRING([--enable-shared-libs], + [Use shared libraries internally (default=yes)]), + [enable_shared_libs=$enableval], + [enable_shared_libs=yes]) + +if test x$enable_shared_libs != xno ; then + USESHARED=$BLDSHARED +fi + +AC_MSG_RESULT([$USESHARED]) + +if test x$enable_shared_libs = xyes -a x$BLDSHARED != xtrue ; then + AC_MSG_WARN([--enable-shared-libs: no support for shared libraries]) +fi + +# +# --with-static-libs=LIBS: +# link (internal) libs dynamically or statically? +# +# If a subsystem is built as a library then this controls whether they are +# linked into Samba targets statically or dynamically: +# +# * If we build the shared library at all, we link dynamically by default. +# +# * We only link statically if we don't build shared or if the library +# appears in the --with-static-libs configure option. +# +# Example: +# --with-static-libs=libtalloc makes use of libtalloc.a instead +# of linking the dynamic variant with -ltalloc. +# +# NOTE: This option only affects libraries that we do not only build +# but that samba also links against as libraries (as opposed to linking +# the plain object files. - This has to be configured in Makefile.in. +# So in particular it does not harm to give invalid or unknown names here. +# + +AC_ARG_WITH([static-libs], + [AS_HELP_STRING([--with-static-libs=LIBS], + [Comma-separated list of names of (internal) libraries to link statically (instead of dynamically)])], + [AS_IF([test $withval], + [for lib in `echo $withval | sed -e 's/,/ /g'` ; do + [lib=`echo $lib | tr '[a-z]' '[A-Z]'`] + eval LINK_$lib=STATIC + done], [])], + []) + +# +# WORKAROUND: +# until we have organized other internal subsystems (as util, registry +# and smbconf) into shared libraries, we CAN NOT link libnetapi +# dynamically to samba programs. +# +LINK_LIBNETAPI=STATIC + +LINK_LIBSMBCLIENT=STATIC + +# +# The library versions are hardcoded here +# and filled into the LIBFOO_SOVER variable. +# +# TODO: for talloc and tdb (at least), these should +# be extracted from their respective source directories +# +AC_ARG_ENABLE(external_libtalloc,
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 86de664... s3:build: fix detection of CTDB headers on systems without system-libtalloc via 06618b5... s3:build: fix the build when no external talloc and tdb are installed. from e1f19bc... correct mail address http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 86de6647bb6f71cd43363b1be0a9f15a750024fc Author: Michael Adam ob...@samba.org Date: Tue Dec 1 15:22:20 2009 +0100 s3:build: fix detection of CTDB headers on systems without system-libtalloc Michael commit 06618b55e3e9d17cb7802aeed4769166118af373 Author: Michael Adam ob...@samba.org Date: Tue Dec 1 15:03:35 2009 +0100 s3:build: fix the build when no external talloc and tdb are installed. The check for the external libs and the addition of the include paths to the CPPFLAGS was too late in configure. This patch moves the whole subsystem/library section up right below the detection of BLDSHARED. And it updates not only SAMBA_CPPFLAGS but also SAMBA_CONFIGURE_CPPFLAGS so that many tests that use these flags can now succeed. Michael --- Summary of changes: source3/configure.in | 347 ++ 1 files changed, 179 insertions(+), 168 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index bc9e10b..2f92a02 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1787,6 +1787,184 @@ AC_DEFINE_UNQUOTED(SHLIBEXT, $SHLIBEXT, [Shared library extension]) AC_LIBREPLACE_RUNTIME_LIB_PATH_VAR + +### +# +# Configuration of subsystem / libraries +# +### + +INSTALLLIBCMD_SH=: +INSTALLLIBCMD_A=: +UNINSTALLLIBCMD_SH=: +UNINSTALLLIBCMD_A=: + +if test $BLDSHARED = true; then + INSTALLLIBCMD_SH=\$(INSTALLCMD) + UNINSTALLLIBCMD_SH=rm -f +fi +if test $enable_static = yes; then + INSTALLLIBCMD_A=\$(INSTALLCMD) + UNINSTALLLIBCMD_A=rm -f +fi + +# +# --disable-shared-libs +# can be used to disable the internal use of shared libs altogether +# (this only has an effect when building shared libs is enabled) +# +USESHARED=false +AC_SUBST(USESHARED) + +AC_MSG_CHECKING(whether to use shared libraries internally) +AC_ARG_ENABLE([shared-libs], + AS_HELP_STRING([--enable-shared-libs], + [Use shared libraries internally (default=yes)]), + [enable_shared_libs=$enableval], + [enable_shared_libs=yes]) + +if test x$enable_shared_libs != xno ; then + USESHARED=$BLDSHARED +fi + +AC_MSG_RESULT([$USESHARED]) + +if test x$enable_shared_libs = xyes -a x$BLDSHARED != xtrue ; then + AC_MSG_WARN([--enable-shared-libs: no support for shared libraries]) +fi + +# +# --with-static-libs=LIBS: +# link (internal) libs dynamically or statically? +# +# If a subsystem is built as a library then this controls whether they are +# linked into Samba targets statically or dynamically: +# +# * If we build the shared library at all, we link dynamically by default. +# +# * We only link statically if we don't build shared or if the library +# appears in the --with-static-libs configure option. +# +# Example: +# --with-static-libs=libtalloc makes use of libtalloc.a instead +# of linking the dynamic variant with -ltalloc. +# +# NOTE: This option only affects libraries that we do not only build +# but that samba also links against as libraries (as opposed to linking +# the plain object files. - This has to be configured in Makefile.in. +# So in particular it does not harm to give invalid or unknown names here. +# + +AC_ARG_WITH([static-libs], + [AS_HELP_STRING([--with-static-libs=LIBS], + [Comma-separated list of names of (internal) libraries to link statically (instead of dynamically)])], + [AS_IF([test $withval], + [for lib in `echo $withval | sed -e 's/,/ /g'` ; do + [lib=`echo $lib | tr '[a-z]' '[A-Z]'`] + eval LINK_$lib=STATIC + done], [])], + []) + +# +# WORKAROUND: +# until we have organized other internal subsystems (as util, registry +# and smbconf) into shared libraries, we CAN NOT link libnetapi +# dynamically to samba programs. +# +LINK_LIBNETAPI=STATIC + +LINK_LIBSMBCLIENT=STATIC + +# +# The library versions are hardcoded here +# and filled into the LIBFOO_SOVER variable. +# +# TODO: for talloc and tdb (at least), these should +# be extracted from their respective source directories +# +AC_ARG_ENABLE(external_libtalloc, [AS_HELP_STRING([--enable-external-libtalloc], [Enable external talloc [default=auto]])], +[
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via ae64978... s3: Fix smbd to correctly return INVALID_LEVEL on
set_file_end_of_file_info for paths
via 4e8b6c5... s4 torture: Change oplock to use passthrough for
exclusive3/batch11
via 5035a90... s4 torture: Update RAW-SFILEINFO-END-OF-FILE to test
some additional corner cases
via 5a934fd... Revert s4 torture: Allow onefs to be checked like
samba3 and samba4
via 66bf780... s4 torture: Change RAW-SFILEINFO-END-OF-FILE to check
for share modes by default
via 2738e31... s4 torture: Move target macros to a common header
instead of redefining them in multiple files
from 9d8867f... s3:build: fix detection of CTDB headers on systems
without system-libtalloc
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ae649782df6e22c8e1922aaa03c248e5af68a036
Author: Tim Prouty tpro...@samba.org
Date: Tue Dec 1 10:47:08 2009 -0800
s3: Fix smbd to correctly return INVALID_LEVEL on set_file_end_of_file_info
for paths
This allows smbd to pass the freshly updated RAW-SFILEINFO-END-OF-FILE
torture test.
commit 4e8b6c5992494e1177cd98e47d96498a259b9056
Author: Tim Prouty tpro...@samba.org
Date: Mon Nov 30 16:43:00 2009 -0800
s4 torture: Change oplock to use passthrough for exclusive3/batch11
In light of the INVALID_LEVEL that is seen for
RAW_SFILEINFO_END_OF_FILE_INFO
requests on a path, I'm changing these back to using the passthrough
RAW_SFILEINFO_END_OF_FILE_INFORMATION to test the oplock break behavior as
originally intended
commit 5035a900051c7946346d4e8b32e8f13f802ce5be
Author: Tim Prouty tpro...@samba.org
Date: Mon Nov 30 11:59:19 2009 -0800
s4 torture: Update RAW-SFILEINFO-END-OF-FILE to test some additional corner
cases
It turns out setting the end-of-file with Trans2SetPathInfo using the
snia spec's info level will attempt to open the file, enforcing share
modes, but then subsequentlys fail the setpathinfo with a dos error of
INVALID_LEVEL. Doing a Trans2SetFileInfo with either end-of-file info
level succeeds as expected.
commit 5a934fd8da61196d829a601a85b9871b226239d4
Author: Tim Prouty tpro...@samba.org
Date: Wed Nov 25 14:26:18 2009 -0800
Revert s4 torture: Allow onefs to be checked like samba3 and samba4
This reverts commit 98f595036e196dd61340fef0faf63ca762a25307.
No longer necessary
commit 66bf780e6edac110b85d2a0d08d01274fe7417bd
Author: Tim Prouty tpro...@samba.org
Date: Wed Nov 25 14:40:54 2009 -0800
s4 torture: Change RAW-SFILEINFO-END-OF-FILE to check for share modes by
default
Since the windows behavior appears to be a bug, only check for
the windows-style share mode bug if target=windows variant is
specified
commit 2738e316746b078899dd30e07665d8e7b515581e
Author: Tim Prouty tpro...@samba.org
Date: Wed Nov 25 14:38:55 2009 -0800
s4 torture: Move target macros to a common header instead of redefining
them in multiple files
---
Summary of changes:
source3/smbd/trans2.c | 31 --
source4/torture/raw/lock.c|5 --
source4/torture/raw/oplock.c |4 +-
source4/torture/raw/setfileinfo.c | 129 ++---
source4/torture/smb2/create.c |2 -
source4/torture/smbtorture.c |1 -
source4/torture/util.h|8 ++
7 files changed, 142 insertions(+), 38 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 2892e26..5f50b64 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -5538,7 +5538,8 @@ static NTSTATUS smb_set_file_size(connection_struct *conn,
files_struct *fsp,
const struct smb_filename *smb_fname,
const SMB_STRUCT_STAT *psbuf,
- SMB_OFF_T size)
+ SMB_OFF_T size,
+ bool fail_after_createfile)
{
NTSTATUS status = NT_STATUS_OK;
struct smb_filename *smb_fname_tmp = NULL;
@@ -5598,6 +5599,12 @@ static NTSTATUS smb_set_file_size(connection_struct
*conn,
return status;
}
+ /* See RAW-SFILEINFO-END-OF-FILE */
+ if (fail_after_createfile) {
+ close_file(req, new_fsp,NORMAL_CLOSE);
+ return NT_STATUS_INVALID_LEVEL;
+ }
+
if (vfs_set_filelen(new_fsp, size) == -1) {
status = map_nt_error_from_unix(errno);
close_file(req, new_fsp,NORMAL_CLOSE);
@@ -6474,7 +6481,8 @@ static NTSTATUS
smb_set_file_end_of_file_info(connection_struct *conn,
const char *pdata,
int
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via d09fd7e... Ensure we don't see the xattr used to store NT security
(visible when xattr_tdb is used). Allows make test to pass with acl_xattr.so
prepended to the vfs modules. Jeremy. (cherry picked from commit
8dda4cea660639190c1c7e84355186d07a6e064f)
via 81e22af... s3: Fix smbd to correctly return INVALID_LEVEL on
set_file_end_of_file_info for paths
from 86de664... s3:build: fix detection of CTDB headers on systems
without system-libtalloc
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit d09fd7e6039fad1ec2c7e1a3730ef304eab308d5
Author: Jeremy Allison j...@samba.org
Date: Tue Dec 1 14:08:16 2009 -0800
Ensure we don't see the xattr used to store NT security (visible when
xattr_tdb
is used). Allows make test to pass with acl_xattr.so prepended to the vfs
modules.
Jeremy.
(cherry picked from commit 8dda4cea660639190c1c7e84355186d07a6e064f)
commit 81e22afd9e4cb7b26cdb95b5dfdaf5dac877e147
Author: Tim Prouty tpro...@samba.org
Date: Tue Dec 1 10:47:08 2009 -0800
s3: Fix smbd to correctly return INVALID_LEVEL on set_file_end_of_file_info
for paths
This allows smbd to pass the freshly updated RAW-SFILEINFO-END-OF-FILE
torture test.
(cherry picked from commit ae649782df6e22c8e1922aaa03c248e5af68a036)
---
Summary of changes:
source3/include/smb.h |2 --
source3/smbd/trans2.c | 33 +++--
2 files changed, 27 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 0968984..4affd4a 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1895,8 +1895,6 @@ struct ea_list {
#define SAMBA_XATTR_DOS_ATTRIB user.DOSATTRIB
/* Prefix for DosStreams in the vfs_streams_xattr module */
#define SAMBA_XATTR_DOSSTREAM_PREFIX user.DosStream.
-/* Prefix for DOS timestamps. */
-#define SAMBA_XATTR_DOSTIMESTAMPS user.DosTimestamps
/* Prefix for xattrs storing streams. */
#define SAMBA_XATTR_MARKER user.SAMBA_STREAMS
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 17ebd81..3b4a4b7 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -70,8 +70,8 @@ static bool samba_private_attr_name(const char *unix_ea_name)
static const char * const prohibited_ea_names[] = {
SAMBA_POSIX_INHERITANCE_EA_NAME,
SAMBA_XATTR_DOS_ATTRIB,
- SAMBA_XATTR_DOSTIMESTAMPS,
SAMBA_XATTR_MARKER,
+ XATTR_NTACL_NAME,
NULL
};
@@ -5538,7 +5538,8 @@ static NTSTATUS smb_set_file_size(connection_struct *conn,
files_struct *fsp,
const struct smb_filename *smb_fname,
const SMB_STRUCT_STAT *psbuf,
- SMB_OFF_T size)
+ SMB_OFF_T size,
+ bool fail_after_createfile)
{
NTSTATUS status = NT_STATUS_OK;
struct smb_filename *smb_fname_tmp = NULL;
@@ -5598,6 +5599,12 @@ static NTSTATUS smb_set_file_size(connection_struct
*conn,
return status;
}
+ /* See RAW-SFILEINFO-END-OF-FILE */
+ if (fail_after_createfile) {
+ close_file(req, new_fsp,NORMAL_CLOSE);
+ return NT_STATUS_INVALID_LEVEL;
+ }
+
if (vfs_set_filelen(new_fsp, size) == -1) {
status = map_nt_error_from_unix(errno);
close_file(req, new_fsp,NORMAL_CLOSE);
@@ -6474,7 +6481,8 @@ static NTSTATUS
smb_set_file_end_of_file_info(connection_struct *conn,
const char *pdata,
int total_data,
files_struct *fsp,
- const struct smb_filename *smb_fname)
+ const struct smb_filename *smb_fname,
+ bool fail_after_createfile)
{
SMB_OFF_T size;
@@ -6499,7 +6507,8 @@ static NTSTATUS
smb_set_file_end_of_file_info(connection_struct *conn,
fsp,
smb_fname,
smb_fname-st,
- size);
+ size,
+ fail_after_createfile);
}
/
@@ -6785,7 +6794,8 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct
*conn,
fsp,
smb_fname,
sbuf,
- size);
+
[SCM] CTDB repository - branch master updated - ctdb-1.0.105-57-g157807a
The branch, master has been updated
via 157807af72ed4f7314afbc9c19756f9787b92c15 (commit)
via f75d379377f5d4abbff2576ddc5d58d91dc53bf4 (commit)
from b4a7efa7e53e060a91dea0e8e57b116e2aeacebf (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit 157807af72ed4f7314afbc9c19756f9787b92c15
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Wed Dec 2 13:58:27 2009 +1100
Add a proper function to process a process-exist control in the daemon.
This controls is only used by samba when samba wants to check if a
subrecord held by a node-id:smbd-pid is still valid or if it can be
reclaimed.
If the node is banned or stopped, we kill the smbd process and return that
the process does not exist to the caller. This allows us to recover subrecords
from stopped/banned nodes where smbd is hung waiting for the databases to thaw.
bz58185
commit f75d379377f5d4abbff2576ddc5d58d91dc53bf4
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Wed Dec 2 13:41:04 2009 +1100
Add a double linked list to the ctdb_context to store a mapping between
client pids and client structures.
Add the mapping to the list everytime we accept() a new client connection
and set it up to remove in the destructor when the client structure is
freed.
---
Summary of changes:
include/ctdb_private.h |6
server/ctdb_control.c |2 +-
server/ctdb_daemon.c | 72 +++-
3 files changed, 78 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/include/ctdb_private.h b/include/ctdb_private.h
index 9a3c3e8..c074afa 100644
--- a/include/ctdb_private.h
+++ b/include/ctdb_private.h
@@ -459,6 +459,9 @@ struct ctdb_context {
struct ctdb_monitor_script_status_ctx *last_monitor_status_ctx;
TALLOC_CTX *banning_ctx;
+
+ /* mapping from pid to ctdb_client * */
+ struct ctdb_client_pid_list *client_pids;
};
struct ctdb_db_context {
@@ -1552,4 +1555,7 @@ struct ctdb_get_log_addr {
int32_t ctdb_control_get_log(struct ctdb_context *ctdb, TDB_DATA addr);
int32_t ctdb_control_clear_log(struct ctdb_context *ctdb);
+int32_t ctdb_control_process_exists(struct ctdb_context *ctdb, pid_t pid);
+struct ctdb_client *ctdb_find_client_by_pid(struct ctdb_context *ctdb, pid_t
pid);
+
#endif
diff --git a/server/ctdb_control.c b/server/ctdb_control.c
index 9a9b712..73853e3 100644
--- a/server/ctdb_control.c
+++ b/server/ctdb_control.c
@@ -81,7 +81,7 @@ static int32_t ctdb_control_dispatch(struct ctdb_context
*ctdb,
switch (opcode) {
case CTDB_CONTROL_PROCESS_EXISTS: {
CHECK_CONTROL_DATA_SIZE(sizeof(pid_t));
- return kill(*(pid_t *)indata.dptr, 0);
+ return ctdb_control_process_exists(ctdb, *(pid_t *)indata.dptr);
}
case CTDB_CONTROL_SET_DEBUG: {
diff --git a/server/ctdb_daemon.c b/server/ctdb_daemon.c
index 8d85e76..e5bdad0 100644
--- a/server/ctdb_daemon.c
+++ b/server/ctdb_daemon.c
@@ -29,6 +29,13 @@
#include ../include/ctdb_private.h
#include sys/socket.h
+struct ctdb_client_pid_list {
+ struct ctdb_client_pid_list *next, *prev;
+ struct ctdb_context *ctdb;
+ pid_t pid;
+ struct ctdb_client *client;
+};
+
static void daemon_incoming_packet(void *, struct ctdb_req_header *);
static void print_exit_message(void)
@@ -530,6 +537,17 @@ static void ctdb_daemon_read_cb(uint8_t *data, size_t cnt,
void *args)
daemon_incoming_packet(client, hdr);
}
+
+static int ctdb_clientpid_destructor(struct ctdb_client_pid_list *client_pid)
+{
+ if (client_pid-ctdb-client_pids != NULL) {
+ DLIST_REMOVE(client_pid-ctdb-client_pids, client_pid);
+ }
+
+ return 0;
+}
+
+
static void ctdb_accept_client(struct event_context *ev, struct fd_event *fde,
uint16_t flags, void *private_data)
{
@@ -538,6 +556,7 @@ static void ctdb_accept_client(struct event_context *ev,
struct fd_event *fde,
int fd;
struct ctdb_context *ctdb = talloc_get_type(private_data, struct
ctdb_context);
struct ctdb_client *client;
+ struct ctdb_client_pid_list *client_pid;
#ifdef _AIX
struct peercred_struct cr;
socklen_t crl = sizeof(struct peercred_struct);
@@ -571,12 +590,26 @@ static void ctdb_accept_client(struct event_context *ev,
struct fd_event *fde,
client-fd = fd;
client-client_id = ctdb_reqid_new(ctdb, client);
client-pid = cr.pid;
- ctdb-statistics.num_clients++;
+
+ client_pid = talloc(client, struct ctdb_client_pid_list);
+ if (client_pid == NULL) {
+ DEBUG(DEBUG_ERR,(Failed to allocate client pid structure\n));
+ close(fd);
+ talloc_free(client);
+
[SCM] CTDB repository - branch master updated - ctdb-1.0.105-59-g2027cf3
The branch, master has been updated
via 2027cf3881ba890648c543bacbfd5b06464efc10 (commit)
via de9e5236b20d70eac5ed29991703d6d25a103963 (commit)
from 157807af72ed4f7314afbc9c19756f9787b92c15 (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit 2027cf3881ba890648c543bacbfd5b06464efc10
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Wed Dec 2 14:53:21 2009 +1100
lower the loglevel for the message that a client has attached to a
persistent database
commit de9e5236b20d70eac5ed29991703d6d25a103963
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Wed Dec 2 14:51:57 2009 +1100
lower the loglevel for the message that a client has attached through a
domian socket
---
Summary of changes:
server/ctdb_daemon.c |2 +-
server/ctdb_ltdb_server.c |2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/server/ctdb_daemon.c b/server/ctdb_daemon.c
index e5bdad0..0abea44 100644
--- a/server/ctdb_daemon.c
+++ b/server/ctdb_daemon.c
@@ -583,7 +583,7 @@ static void ctdb_accept_client(struct event_context *ev,
struct fd_event *fde,
#else
if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, cr, crl) == 0) {
#endif
- DEBUG(DEBUG_ERR,(Connected client with pid:%u\n,
(unsigned)cr.pid));
+ DEBUG(DEBUG_INFO,(Connected client with pid:%u\n,
(unsigned)cr.pid));
}
client-ctdb = ctdb;
diff --git a/server/ctdb_ltdb_server.c b/server/ctdb_ltdb_server.c
index 9a58c23..c0d5d90 100644
--- a/server/ctdb_ltdb_server.c
+++ b/server/ctdb_ltdb_server.c
@@ -423,7 +423,7 @@ int ctdb_attach_persistent(struct ctdb_context *ctdb)
talloc_free(s);
return -1;
}
- DEBUG(DEBUG_NOTICE,(Attached to persistent database %s\n, s));
+ DEBUG(DEBUG_INFO,(Attached to persistent database %s\n, s));
talloc_free(s);
}
--
CTDB repository
Build status as of Wed Dec 2 07:00:02 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-12-01 00:00:03.0 -0700 +++ /home/build/master/cache/broken_results.txt 2009-12-02 00:00:03.0 -0700 @@ -1,22 +1,22 @@ -Build status as of Tue Dec 1 07:00:02 2009 +Build status as of Wed Dec 2 07:00:02 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 32 6 0 +ccache 33 6 0 distcc 0 0 0 -ldb 32 32 0 -libreplace 1 0 0 +ldb 33 33 0 +libreplace 2 0 0 lorikeet 0 0 0 -pidl 22 21 0 -ppp 15 0 0 -rsync32 12 0 +pidl 2 2 0 +ppp 16 0 0 +rsync33 12 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 30 28 0 -samba_3_master 30 22 3 -samba_3_next 30 29 2 -samba_4_0_test 32 29 1 -talloc 2 1 0 -tdb 2 1 0 +samba_3_current 31 28 0 +samba_3_master 31 24 4 +samba_3_next 31 29 2 +samba_4_0_test 33 33 1 +talloc 3 1 0 +tdb 3 1 0
