[Samba] Cannot connect from XP to Samba: Password prompt repeated
Fellow samba folk, This one's making me want to tear out what little hair I have left. THE *NIX PLATFORM: FreeBSD 7.0-RELEASE, Samba 3.3.8. THE ENVIRONMENT: Small domain, Windows 2003 servers and XP-pro based workstations. The FreeBSD server is a member server in the domain, so at least that works. THE SYMPTOMS: This is bizarre. I can, using mount_smbfs on the FreeBSD side, easily connect to shares on the Windows server. No hassle, no pain. It Just Works. HOWEVER -- When I try to connect to a share on the Samba side from any Windows system, I get repeated requests for the username and password, and no combination of such (not even one which I know to be valid) wants to work. Here's the paste from my smb.conf file. To save space, I have removed the sections I'm not using (as in the ones which I left commented out). #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = BFT-INT # server string is the equivalent of the NT Description field server string = BFT Web Server # Security mode. Defines in which mode Samba will operate. Possible # values are share, user, server, domain and ads. Most people will want # user level security. See the Samba-HOWTO-Collection for details. security = ads password server = haku2.int.bluefeathertech.com client use spnego = yes # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.168.42. 127. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = no # Put a capping on the size of the log files (in Kb). max log size = 50 # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of realm = int.bluefeathertech.com # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. passdb backend = tdbsam # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. interfaces = 192.168.42.130/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = no # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = no # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = no # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = no # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both wins server = 192.168.42.90 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The default is NO. dns proxy = no # Share Definitions == [webstuff] comment = Featherweb doc directories path = /usr/local/www/htdocs browseable = yes writable = yes valid users = kyrrin jlanfri kathy write list = @www @wheel create mask = 0755 [logging] comment = Featherweb logging path = /var/log browseable = yes writable = no valid users = kyrrin jlanfri kathy featherweb# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- What puzzles me is this was working just fine for months, and then it failed for no apparent reason. Any guesses? Thanks much. -=-=-=-=-=-=-=-=-=-=-=- Bruce Lane, Owner Head Hardware Heavy, Blue Feather Technologies -- http://www.bluefeathertech.com kyrrin (at) bluefeathertech do/t c=o=m Quid Malmborg in Plano... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ubuntu packaging vs Debian packaging
Christian PERRIER wrote: Samba packages in Ubuntu are directly derived from Debian packages. So, telling that Debian packages are bad while Ubuntu packages are good is justsilly. They're basically the same..:-) When Etch originally shipped, the Samba packages maintainers for Debian acknowledged that the state of Samba was less perfect than they desired. After the conference, for which I ended up using an Ubuntu server to present on, I again tested Etch (another clean load) and by that time the Samba packages were working properly. Just that the OP on this thread sounded very much like the reason I ended up switching from Debian to Ubuntu. Thus my comment... and the rest is history... Sincerely, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba, and NFS. lag?
On Fri, Jan 15, 2010 at 03:20:36PM -0500, Nathan Lager wrote: Any suggestions? Anything i can check? Am i perhaps looking an an NFS performance issue? I'm able to modify files over the nfs mount from the smb server without an issue. No, this is probably not a NFS performance thing, NFS is not *that* slow. Next try after kernel oplocks = no would be posix locking = no. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Regularly being asked for username/password
I'm a bit of a noob w/ samba and I set up a small samba shar (v. 3.4.0) on my ubuntu machine which hosts a shared drive for a single vista laptop (my wife's machine). My question is .. is it normal for her to regularly be asked to enter her username and password or is it something that I've done in my configuration. Note: I used the configuration guide from Linux Journal (Nov/Dec/Jan). Many thanks in advance! J -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Regularly being asked for username/password
I'm a bit of a noob w/ samba and I set up a small samba shar (v. 3.4.0) on my ubuntu machine which hosts a shared drive for a single vista laptop (my wife's machine). My question is .. is it normal for her to regularly be asked to enter her username and password or is it something that I've done in my configuration. This is not normal. You should only be asked this once or at most 1 time per share if shares are on different servers. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Regularly being asked for username/password
Ok thanks .. so where can i begin to look for the prob? John Drescher wrote: I'm a bit of a noob w/ samba and I set up a small samba shar (v. 3.4.0) on my ubuntu machine which hosts a shared drive for a single vista laptop (my wife's machine). My question is .. is it normal for her to regularly be asked to enter her username and password or is it something that I've done in my configuration. This is not normal. You should only be asked this once or at most 1 time per share if shares are on different servers. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Regularly being asked for username/password
My question is .. is it normal for her to regularly be asked to enter her username and password or is it something that I've done in my configuration. This is not normal. You should only be asked this once or at most 1 time per share if shares are on different servers. Ok thanks .. so where can i begin to look for the prob? Take a look at the samba logs in /var/log/samba and post your smb.conf John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Regularly being asked for username/password
Ok .. I logged into swat and restarted all services. winbindd is not running and does not start up. After restarting all services I logged into the share from the vista laptop. == log.smbd == [2010/01/16 11:17:57, 0] smbd/server.c:1068(main) smbd version 3.4.0 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 == log.nmbd == [2010/01/16 11:18:20, 0] nmbd/nmbd_become_lmb.c:395(become_local_master_stage2) * Samba name server ALTALOMA is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.100 * == log.babopc == [2010/01/16 11:21:59, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:21:59, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:27, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:27, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:28, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:28, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:28, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/01/16 11:22:43, 1] smbd/service.c:1047(make_connection_snum) babopc (192.168.1.103) connect to service Sambis initially as user mother (uid=0, gid=100) (pid 12126) ^C Here is my smb.conf: # Samba config file created using SWAT # from UNKNOWN (127.0.0.) # Date: 2010/01/16 11:27:11 [global] netbios name = ALTALOMA server string = %h server (Samba, Ubuntu) client schannel = Yes server schannel = Yes map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d valid users = Mother, nobody admin users = Mother write list = Mother [Sambis] path = /home/jason/data/sambis hosts allow = 192.168.1. hosts deny = ALL [print$] comment = Printer Drivers path = /var/lib/samba/printers [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No browsable = No One more thing .. I tell the laptop to save the username and password and it never does. Many thanks! John Drescher wrote: My question is .. is it normal for her to regularly be asked to enter her username and password or is it something that I've done in my configuration. This is not normal. You should only be asked this once or at most 1 time per share if shares are on different servers. Ok thanks .. so where can i begin to look for the prob? Take a look at the samba logs in /var/log/samba and post your smb.conf John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Regularly being asked for username/password
One more thing .. I tell the laptop to save the username and password and it never does. So you are not running pdc? Use same password and account name on windows vista and it works without asking password anymore. -- Eero -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Regularly being asked for username/password
Will that work even if she doesn't have a password on her laptop? Eero Volotinen wrote: One more thing .. I tell the laptop to save the username and password and it never does. So you are not running pdc? Use same password and account name on windows vista and it works without asking password anymore. -- Eero -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Regularly being asked for username/password
On 1/16/10 6:49 PM, JBornhoft wrote: Will that work even if she doesn't have a password on her laptop? Well, just set password on laptop or remove from samba account? -- Eero -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain trusts and samba member servers
Below is something I posted a while ago and got no responses... Maybe it was too convoluted for anyone to bother with, so let me try and put it more simply. I have a Win Server 2008 AD box (NEWDOMAIN) which is trusted by my samba DC (OLDDOMAIN). Users on NEWDOMAIN can access resources on the OLDDOMAIN DC just fine. But the trust relationship is not recognized or respected by my samba member servers in OLDDOMAIN. So, very simply put, even if nobody has the specific howto: Do samba member servers understand interdomain trusts? Thanks for any and all input -- I am at a standstill with a fairly major project and any help at all would be greatly appreciated. I have a suspicion it has something to do with winbind on the member servers, but I'm having no luck. On Thu, 6 Aug 2009 08:39:51 -0400 Steve Chupack steve.chup...@dealer.com wrote: I'm in the process of migrating from a Samba PDC to a Win2k3 PDC (all member servers will remain as Samba boxes). NEWDOMAIN = new Win2k3 PDC OLDDOMAIN = current samba PDC OLDDOMAIN_MEMBER = a current samba box that's a member of OLDDOMAIN I've successfully established a trust relationship between OLDOMAIN and NEWDOMAIN where OLDDOMAIN trusts NEWDOMAIN. Users in NEWDOMAIN have full access to resources on the OLDDOMAIN PDC. Where I'm stuck is granting access to OLDDOMAIN_MEMBER to users in NEWDOMAIN. OLDDOMAIN_MEMBER is joined to OLDDOMAIN and works as expected (Users in OLDDOMAIN can access resources on OLDDOMAIN_MEMBER. But users in NEWDOMAIN do not. Can someone help with the general concept here? Should it work as I've configured it? Does OLDDOMAIN_MEMBER need to be running winbind against OLDDOMAIN PDC, or even NEWDOMAIN? (although I don't see how the latter would work without moving OLDDOMAIN_MEMBER to NEWDOMAIN). Sorry if this is confusing -- tried to make it as clear as possible. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 3.5.0rc1 Available for Download
Quoting Karolin Seeger (ksee...@samba.org): Release Announcements = This is the first release candidate of Samba 3.5. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.5.0 include: This release candidate version was uploaded today to Debian experimental (I wasn't fast enough to have the prereleases...), so that brave hearts can try it on Debian systems -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Regularly being asked for username/password
Not a Samba problem, ;) http://forums.techarena.in/windows-vista-network/717695.htm The same occurs with Windows XP Home. LiPi. 2010/1/16 JBornhoft bsdadmin2...@gmail.com I'm a bit of a noob w/ samba and I set up a small samba shar (v. 3.4.0) on my ubuntu machine which hosts a shared drive for a single vista laptop (my wife's machine). My question is .. is it normal for her to regularly be asked to enter her username and password or is it something that I've done in my configuration. Note: I used the configuration guide from Linux Journal (Nov/Dec/Jan). Many thanks in advance! J -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain trusts and samba member servers
As a thought, can you put the Samba box in as a member server of the Server 2008 AD ? Run the 2008 Server in 2003 AD mode and it will work perfectly. I have done this successfully. 2008 AD Server (DNS/AD/WINS) Suse 11.0 Member server (Samba version 3.4.4-1.1-2267-SUSE-CODE11) (FP, Postfix Mail) You won't have to worry about your trust issues this way. Cheers Mal -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Steve Chupack Sent: Sunday, 17 January 2010 2:44 AM To: samba@lists.samba.org Subject: [Samba] Domain trusts and samba member servers Below is something I posted a while ago and got no responses... Maybe it was too convoluted for anyone to bother with, so let me try and put it more simply. I have a Win Server 2008 AD box (NEWDOMAIN) which is trusted by my samba DC (OLDDOMAIN). Users on NEWDOMAIN can access resources on the OLDDOMAIN DC just fine. But the trust relationship is not recognized or respected by my samba member servers in OLDDOMAIN. So, very simply put, even if nobody has the specific howto: Do samba member servers understand interdomain trusts? Thanks for any and all input -- I am at a standstill with a fairly major project and any help at all would be greatly appreciated. I have a suspicion it has something to do with winbind on the member servers, but I'm having no luck. On Thu, 6 Aug 2009 08:39:51 -0400 Steve Chupack steve.chup...@dealer.com wrote: I'm in the process of migrating from a Samba PDC to a Win2k3 PDC (all member servers will remain as Samba boxes). NEWDOMAIN = new Win2k3 PDC OLDDOMAIN = current samba PDC OLDDOMAIN_MEMBER = a current samba box that's a member of OLDDOMAIN I've successfully established a trust relationship between OLDOMAIN and NEWDOMAIN where OLDDOMAIN trusts NEWDOMAIN. Users in NEWDOMAIN have full access to resources on the OLDDOMAIN PDC. Where I'm stuck is granting access to OLDDOMAIN_MEMBER to users in NEWDOMAIN. OLDDOMAIN_MEMBER is joined to OLDDOMAIN and works as expected (Users in OLDDOMAIN can access resources on OLDDOMAIN_MEMBER. But users in NEWDOMAIN do not. Can someone help with the general concept here? Should it work as I've configured it? Does OLDDOMAIN_MEMBER need to be running winbind against OLDDOMAIN PDC, or even NEWDOMAIN? (although I don't see how the latter would work without moving OLDDOMAIN_MEMBER to NEWDOMAIN). Sorry if this is confusing -- tried to make it as clear as possible. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 29d08bf... s4-kerberos: raise the general kerberos debug level to 3 from 2ec5792... subunit/testtools: Include newer version. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 29d08bfe267836073ace454f467ed591d33f9d82 Author: Andrew Tridgell tri...@samba.org Date: Sat Jan 16 17:57:17 2010 +1100 s4-kerberos: raise the general kerberos debug level to 3 level 2 for every krb request is a bit much --- Summary of changes: source4/auth/kerberos/krb5_init_context.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index c00d7b1..2ca3640 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -71,7 +71,7 @@ static void smb_krb5_debug_close(void *private_data) { static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private_data) { - DEBUG(2, (Kerberos: %s\n, msg)); + DEBUG(3, (Kerberos: %s\n, msg)); } /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 791a2df... s4 selftest: Fix and reenable WINBIND-STRUCT.NETBIOS_NAME test from 29d08bf... s4-kerberos: raise the general kerberos debug level to 3 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 791a2df656a1af81d3c016902ae4b4ceb1c732f0 Author: Kai Blin k...@samba.org Date: Sat Jan 16 12:37:30 2010 +0100 s4 selftest: Fix and reenable WINBIND-STRUCT.NETBIOS_NAME test --- Summary of changes: source4/selftest/knownfail |1 - source4/selftest/tests.sh |6 +++--- source4/torture/winbind/struct_based.c |9 + 3 files changed, 8 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail index df9eb72..a891f03 100644 --- a/source4/selftest/knownfail +++ b/source4/selftest/knownfail @@ -51,7 +51,6 @@ samba4.winbind.struct.*.SHOW_SEQUENCE # Not yet working in winbind samba4.winbind.struct.*.GETPWENT # Not yet working in winbind samba4.winbind.struct.*.SETPWENT # Not yet working in winbind samba4.winbind.struct.*.LOOKUP_NAME_SID # Not yet working in winbind -samba4.winbind.struct.*.NETBIOS_NAME samba4.winbind.struct.*.LIST_GROUPS ^samba4.*base.delaywrite.*update of write time and SMBwrite truncate$ ^samba4.*base.delaywrite.*update of write time and SMBwrite truncate expand$ diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh index 0737b61..12e9b16 100755 --- a/source4/selftest/tests.sh +++ b/source4/selftest/tests.sh @@ -413,9 +413,9 @@ done WB_OPTS=--option=\torture:strict mode=no\ WB_OPTS=${WB_OPTS} --option=\torture:timelimit=1\ -WB_OPTS=${WB_OPTS} --option=\torture:winbindd separator=/\ -WB_OPTS=${WB_OPTS} --option=\torture:winbindd netbios name=\$SERVER\ -WB_OPTS=${WB_OPTS} --option=\torture:winbindd netbios domain=\$DOMAIN\ +WB_OPTS=${WB_OPTS} --option=\torture:winbindd_separator=/\ +WB_OPTS=${WB_OPTS} --option=\torture:winbindd_netbios_name=\$SERVER\ +WB_OPTS=${WB_OPTS} --option=\torture:winbindd_netbios_domain=\$DOMAIN\ WINBIND_STRUCT_TESTS=`$smb4torture --list | grep ^WINBIND-STRUCT | xargs` WINBIND_NDR_TESTS=`$smb4torture --list | grep ^WINBIND-NDR | xargs` diff --git a/source4/torture/winbind/struct_based.c b/source4/torture/winbind/struct_based.c index 560fa43..872e17b 100644 --- a/source4/torture/winbind/struct_based.c +++ b/source4/torture/winbind/struct_based.c @@ -122,8 +122,9 @@ static bool torture_winbind_struct_info(struct torture_context *torture) DO_STRUCT_REQ_REP(WINBINDD_INFO, NULL, rep); separator = torture_setting_string(torture, - winbindd separator, + winbindd_separator, lp_winbind_separator(torture-lp_ctx)); + torture_assert_int_equal(torture, rep.data.info.winbind_separator, *separator, @@ -199,7 +200,7 @@ static bool torture_winbind_struct_domain_name(struct torture_context *torture) torture_comment(torture, Running WINBINDD_DOMAIN_NAME (struct based)\n); expected = torture_setting_string(torture, - winbindd netbios domain, + winbindd_netbios_domain, lp_workgroup(torture-lp_ctx)); get_winbind_domain(torture, domain); @@ -474,7 +475,7 @@ static bool torture_winbind_struct_getdcname(struct torture_context *torture) bool ok; bool strict = torture_setting_bool(torture, strict mode, false); const char *domain_name = torture_setting_string(torture, - winbindd netbios domain, + winbindd_netbios_domain, lp_workgroup(torture-lp_ctx)); struct torture_trust_domain *listd = NULL; uint32_t i, count = 0; @@ -915,7 +916,7 @@ static bool lookup_name_sid_list(struct torture_context *torture, char **list) char *sid; char *name; const char *domain_name = torture_setting_string(torture, - winbindd netbios domain, + winbindd_netbios_domain, lp_workgroup(torture-lp_ctx)); ZERO_STRUCT(req); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4dd0c55... s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS server from 791a2df... s4 selftest: Fix and reenable WINBIND-STRUCT.NETBIOS_NAME test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4dd0c5516aa0ff27093f9fc436f7817d048c0922 Author: Volker Lendecke v...@samba.org Date: Sat Jan 16 13:31:44 2010 +0100 s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS server A user has sent me a sniff where the OpenSolaris CIFS server returns 32 in totalentries, but the array in ctr only contains 15 entries. Look at the right delimiter for walking the array. --- Summary of changes: source3/libsmb/libsmb_dir.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c index 6c0b1b4..de637a8 100644 --- a/source3/libsmb/libsmb_dir.c +++ b/source3/libsmb/libsmb_dir.c @@ -303,7 +303,7 @@ net_share_enum_rpc(struct cli_state *cli, } /* For each returned entry... */ -for (i = 0; i total_entries; i++) { +for (i = 0; i info_ctr.ctr.ctr1-count; i++) { /* pull out the share name */ fstrcpy(name, info_ctr.ctr.ctr1-array[i].name); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via aa1fce6... ldap: Fix test failure that seemed to go unreported previously. via a18889f... ldap.py: Remove unused imports. from 4dd0c55... s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS server http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit aa1fce645aed8be48c2fc09c86c2b5844114e93b Author: Jelmer Vernooij jel...@samba.org Date: Sun Jan 17 12:35:26 2010 +1300 ldap: Fix test failure that seemed to go unreported previously. commit a18889fd77a5db582f32fd563b28d1e4185233a9 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jan 17 12:26:53 2010 +1300 ldap.py: Remove unused imports. --- Summary of changes: source4/lib/ldb/tests/python/ldap.py | 25 + 1 files changed, 5 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 603e192..798047c 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -2,11 +2,9 @@ # -*- coding: utf-8 -*- # This is a port of the original in testprogs/ejs/ldap.js -import getopt import optparse import sys import time -import random import base64 import os @@ -19,29 +17,17 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX -from ldb import ERR_NO_SUCH_ATTRIBUTE, ERR_INSUFFICIENT_ACCESS_RIGHTS +from ldb import ERR_NO_SUCH_ATTRIBUTE from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN from ldb import ERR_NAMING_VIOLATION, ERR_CONSTRAINT_VIOLATION from ldb import ERR_UNDEFINED_ATTRIBUTE_TYPE from ldb import Message, MessageElement, Dn from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE -from samba import Ldb, param -from samba import UF_NORMAL_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT -from samba import UF_SERVER_TRUST_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT -from samba import UF_INTERDOMAIN_TRUST_ACCOUNT +from samba import Ldb +from samba import UF_NORMAL_ACCOUNT +from samba import UF_WORKSTATION_TRUST_ACCOUNT from samba import UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE -from samba import GTYPE_SECURITY_BUILTIN_LOCAL_GROUP -from samba import GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP -from samba import GTYPE_SECURITY_UNIVERSAL_GROUP -from samba import GTYPE_DISTRIBUTION_GLOBAL_GROUP -from samba import GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP -from samba import GTYPE_DISTRIBUTION_UNIVERSAL_GROUP from samba import ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST -from samba import ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP -from samba import ATYPE_SECURITY_UNIVERSAL_GROUP -from samba import ATYPE_DISTRIBUTION_GLOBAL_GROUP -from samba import ATYPE_DISTRIBUTION_LOCAL_GROUP -from samba import ATYPE_DISTRIBUTION_UNIVERSAL_GROUP from subunit.run import SubunitTestRunner import unittest @@ -1827,8 +1813,7 @@ objectclass: user sAMAccountName: + user_name + nTSecurityDescriptor:: + desc_base64) res = self.ldb.search(base=user_dn, attrs=[nTSecurityDescriptor]) -print res -self.assertRaises(KeyError, lambda: res[0][nTSecurityDescriptor]) +self.assertTrue(nTSecurityDescriptor in res[0]) finally: self.delete_force(self.ldb, user_dn) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dde836a... s4-drs: allow for security bypass for DsReplicaGetInfo via 2985aeb... s4-dsdb: isGlobalCatalogReady should be shown by default from aa1fce6... ldap: Fix test failure that seemed to go unreported previously. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dde836adbdb5c04cb43774c65fa1af713d9cdb7a Author: Andrew Tridgell tri...@samba.org Date: Sun Jan 17 06:52:14 2010 +1100 s4-drs: allow for security bypass for DsReplicaGetInfo Use --option=drs:disable_sec_check=true until the group membership bug with the PAC is fixed. commit 2985aeb8c930b3b2e4d4bba080b3d6ec0722c7d3 Author: Andrew Tridgell tri...@samba.org Date: Sun Jan 17 06:48:09 2010 +1100 s4-dsdb: isGlobalCatalogReady should be shown by default This caused repadmin.exe to crash. Thanks to Hongwei for tracking this down for us. --- Summary of changes: source4/dsdb/samdb/ldb_modules/rootdse.c|2 +- source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 14 +- 2 files changed, 10 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 4ce379b..9d2b8cd 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -364,7 +364,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } - if (do_attribute_explicit(attrs, isGlobalCatalogReady)) { + if (do_attribute(attrs, isGlobalCatalogReady)) { /* MS-ADTS 3.1.1.3.2.10 Note, we should only return true here is we have completed at least one synchronisation. As both diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index ae70fbc..b5088bb 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -28,6 +28,7 @@ #include rpc_server/drsuapi/dcesrv_drsuapi.h #include libcli/security/security.h #include auth/auth.h +#include param/param.h #define DRSUAPI_UNSUPPORTED(fname) do { \ DEBUG(1,(__location__ : Unsupported DRS call %s\n, #fname)); \ @@ -745,11 +746,14 @@ static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call { enum security_user_level level; - level = security_session_user_level(dce_call-conn-auth_state.session_info); - if (level SECURITY_ADMINISTRATOR) { - DEBUG(1,(__location__ : Administrator access required for DsReplicaGetInfo\n)); - security_token_debug(2, dce_call-conn-auth_state.session_info-security_token); - return WERR_DS_DRA_ACCESS_DENIED; + if (!lp_parm_bool(dce_call-conn-dce_ctx-lp_ctx, NULL, +drs, disable_sec_check, false)) { + level = security_session_user_level(dce_call-conn-auth_state.session_info); + if (level SECURITY_ADMINISTRATOR) { + DEBUG(1,(__location__ : Administrator access required for DsReplicaGetInfo\n)); + security_token_debug(2, dce_call-conn-auth_state.session_info-security_token); + return WERR_DS_DRA_ACCESS_DENIED; + } } dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSREPLICAGETINFO, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 98a495f... Modification of fix for bug 6876 - Delete of an object whose parent folder does not have delete rights fails even if the delete right is set on the object from dde836a... s4-drs: allow for security bypass for DsReplicaGetInfo http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 98a495f1e674b7562a3d8b5dfc958ee95d256896 Author: Jeremy Allison j...@samba.org Date: Sat Jan 16 17:03:06 2010 -0800 Modification of fix for bug 6876 - Delete of an object whose parent folder does not have delete rights fails even if the delete right is set on the object Suggested by Volker. Reduce the surface area of the become_root() unbecome_root() code to reduce the chance of errors. Jeremy. --- Summary of changes: source3/modules/vfs_acl_common.c | 13 + 1 files changed, 5 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index aeb9ce3..30a59e2 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -821,11 +821,14 @@ static int acl_common_remove_object(vfs_handle_struct *handle, goto out; } + become_root(); if (is_directory) { ret = SMB_VFS_NEXT_RMDIR(handle, final_component); } else { ret = SMB_VFS_NEXT_UNLINK(handle, local_fname); } + unbecome_root(); + if (ret == -1) { saved_errno = errno; } @@ -854,12 +857,9 @@ static int rmdir_acl_common(struct vfs_handle_struct *handle, return ret; } - become_root(); - ret = acl_common_remove_object(handle, + return acl_common_remove_object(handle, path, true); - unbecome_root(); - return ret; } static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle, @@ -977,10 +977,7 @@ static int unlink_acl_common(struct vfs_handle_struct *handle, return ret; } - become_root(); - ret = acl_common_remove_object(handle, + return acl_common_remove_object(handle, smb_fname-base_name, false); - unbecome_root(); - return ret; } -- Samba Shared Repository
Build status as of Sun Jan 17 07:00:04 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-01-16 00:00:51.0 -0700 +++ /home/build/master/cache/broken_results.txt 2010-01-17 00:00:05.0 -0700 @@ -1,4 +1,4 @@ -Build status as of Sat Jan 16 07:00:04 2010 +Build status as of Sun Jan 17 07:00:04 2010 Build counts: Tree Total Broken Panic @@ -15,8 +15,8 @@ samba-web0 0 0 samba_3_current 28 28 2 samba_3_master 28 27 5 -samba_3_next 28 27 6 +samba_3_next 28 28 6 samba_4_0_test 30 29 0 -talloc 1 0 0 -tdb 1 0 0 +talloc 2 0 0 +tdb 2 0 0