Re: [Samba] Tracking down rogue workgroup
Ray Van Dolson wrote: On Thu, Jan 21, 2010 at 09:18:13AM -0800, Moray Henderson wrote: Ray Van Dolson wrote: This seems to be a decent way to tell right when the workgroup shows up, but I don't think it helps us track down which IP address is responsible for generating it, or helping us narrow down the subnet its on even... (if I'm wrong, please correct me on that). Right now we're sifting through traffic to the domain controller looking for announcement packets including the workgroup name, and, presumably an IP of a Local Master Browser or subnet... Ray It should do. The nmblookup command should return an IP address; if you add a -S option as well it should give you the node status: $ nmblookup -M MSHOME -S querying MSHOME on 66.255.255.255 66.102.9.104 MSHOME1d Looking up status of 66.102.9.104 MEDIACENTER 00 - B ACTIVE MEDIACENTER 03 - B ACTIVE MEDIACENTER 20 - B ACTIVE ..__MSBROWSE__. 01 - GROUP B ACTIVE MSHOME 1d - B ACTIVE MSHOME 1e - GROUP B ACTIVE MSHOME 00 - GROUP B ACTIVE MAC Address = 00-00-00-00-00-00 Well, will give it a try. A tcpdump seems to indicate that when I run the above command, my workstation is merely sending out a Name query broadcast on my local subnet for the workgroup in question. Does this query (it does appear to have the recursion bit set) propagate to other subnets via the local master browsers or DC's (assuming my packet reaches them)? Just curious... Thanks! Ray I'm not sure exactly how it propagates, but if you run it on a subnet that can see the rogue workgroup you ought to get an answer. Unfortunately, Linux clients can't see it (at least not with nbmlookup -M -- -), but Windows clients can. The Windows clients emit a unicast LANMAN NetServerEnum2 request to their browse master, and the browse master returns a response with a list of workgroups many of which are not on the local subnet... It's not clear to me if the browse master is getting the out of subnet workgroups in its list from the domain browser (or domain controller, whatever), or elsewhere... Right now we're going to set up a port span on our domain controller and look for workgroup announcement messages or WINS updates containing the workgroup name from local master browsers Good times :) nmblookup can use a unicast query too, with the -U option: -U unicast address Do a unicast query to the specified address or host unicast address. This option (along with the -R option) is needed to query a WINS server. Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows 7 share and smbclient
Hi, I've tested that samba (smbclient 3.4) cannot connect to a windows 7 share but however it is possible to mount such share with smbmount. When I try to connect specifying username and password I got a success but nothing happens: smbclient //s28/backupinfook -U backup Enter backup's password: session setup failed: SUCCESS - 0 while from another windows machine I can connect to the share. When I mount the share with smbmount I can browse its content. So there is something working different between an smbmount and an smbclient. What can I do if I don't want to mount the share? Thanks, Luca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 2.2.7
Hi, When we first installed SAMBA on our IBM AIX 5.3 server, we created 6 shares. For some reason we have discovered that to access a Samba share we always had to assign one share ahead of all others to a user for that user to gain access. ( i.e. If a user requires access to the extracts share, we have to assign the reports share first in the user login, and then assign the extracts share to gain access to the extracts share. We always have to assign the reports share first for everyone that will be using SAMBA) Any ideas what we have done wrong in the setup? Thanks Dave -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 2.2.7
Wagg, Dave wrote: Hi, When we first installed SAMBA on our IBM AIX 5.3 server, we created 6 shares. For some reason we have discovered that to access a Samba share we always had to assign one share ahead of all others to a user for that user to gain access. ( i.e. If a user requires access to the extracts share, we have to assign the reports share first in the user login, and then assign the extracts share to gain access to the extracts share. We always have to assign the reports share first for everyone that will be using SAMBA) Hi Dave, Version 2.2.7 is very old. Is this the IBM provided version from the AIX toolbox? You may want to consider: http://pware.hvcc.edu/downloads.html and download something more recent in the 3.3 (3.3.10) or 3.4 (3.4.5) series. Also, it is helpful to include your smb.conf (minus any security related stuff) so we can view your setup and offer advice. Cheers, Bill Any ideas what we have done wrong in the setup? Thanks Dave -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 2.2.7
Hi Bill, Yes, I know it's old. I think at the time of the install, 2.2.7 was the current version. I think the IBM rep downloaded it from the SAMBA site and installed it. Here is my smb.conf file as it stands now. My SWAT output is below that. # Date: 2010/01/06 14:12:53 # Global parameters [global] workgroup = FLINX security = SHARE encrypt passwords = Yes min passwd length = 4 log file = /var/samba/log.%m max log size = 50 local master = No dns proxy = No wins support = Yes hosts allow = 99.999 999.99.99. [homes] comment = Home Directories read only = No create mask = 0750 browseable = No [extracts] comment = Extracts Access path = /opt/info/extracts/flinx username = smbextrt browseable = No [extracts_x] comment = Extracts access with update path = /opt/info/extracts/flinx username = smbappxs read only = No force create mode = 0664 force directory mode = 0775 browseable = No [user_input] comment = Users can drop files onto the server path = /opt/info/extracts/flinx/user_input username = smbinput read only = No force create mode = 0666 force directory mode = 0775 inherit permissions = Yes browseable = No [root_level] comment = User can view the whole system path = / username = smbrootl browseable = No [reports] comment = reports directory path = /opt/info/extracts/flinx/reports username = smbrprts browseable = No This is from SWAT: # Samba config file created using SWAT # from # Date: 2010/01/22 10:08:27 # Global parameters [global] coding system = client code page = 850 code page directory = /etc/codepages workgroup = FLINX netbios name = netbios aliases = netbios scope = server string = Samba 2.2.7 interfaces = bind interfaces only = No security = SHARE encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 4 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 1 syslog only = No log file = /var/samba/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts host wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 name cache timeout = 660 read size = 16384 socket options = TCP_NODELAY stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = /etc/qconfig disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = Auto local master = No domain master = Auto browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy =
Re: [Samba] Samba 2.2.7
On Fri, Jan 22, 2010 at 10:38:59AM -0500, Wagg, Dave wrote: # Global parameters [global] workgroup = FLINX security = SHARE security=share is most definitely your problem. You should switch to security=user and provide smbpasswd for every user. Volker pgpJSbS1vwgDE.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 2.2.7
Hi Volker, Thanks for the info!! Do I have to stop and start Samba for this change to take effect? I made the change thru SWAT and committed the change. Dave -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: Friday, January 22, 2010 10:43 AM To: Wagg, Dave Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 2.2.7 On Fri, Jan 22, 2010 at 10:38:59AM -0500, Wagg, Dave wrote: # Global parameters [global] workgroup = FLINX security = SHARE security=share is most definitely your problem. You should switch to security=user and provide smbpasswd for every user. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 2.2.7
On Fri, Jan 22, 2010 at 10:54:05AM -0500, Wagg, Dave wrote: Hi Volker, Thanks for the info!! Do I have to stop and start Samba for this change to take effect? I made the change thru SWAT and committed the change. Yes, a restart is required, and you have to provide passwords for all the users. Please make sure that you do understand the difference between SHARE and USER security, this is a significant change. Volker pgpkMqxEJL0Pn.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.4 Windows 7 offline folders
Just to let you know, I tested this feature with a Windows 7 Ultimate 32 bits and samba 3.4.3 and didn't found any problems :) Nelson Vale On Friday 22 January 2010 06:54:00 Martin Hochreiter wrote: Am 2010-01-21 23:42, schrieb Jeremy Allison: On Thu, Jan 21, 2010 at 07:50:53PM +, nf-vale wrote: Is this issue only related with Windows 7 clients or does it affect other Windows versions too (I'm using Samba 3.4.3 version)? The offline files bug was only reported against a specific version of Windows Vista, but I wouldn't be surprised if it affected other versions too. Jeremy. Hi to all! I can only tell report the issue on Windows 7 32 bit only. We don't use vista and Windows XP is still working without problems. As I told you - with 3.4.5 we didn't had any issues yet. regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba (problem with password server = 192.168.0.20 192.168.0.30 line in smb.conf)
Hello, dear developers! We have the several problems with interaction between our Linux and Windows servers. Description of problem: There are three servers in our network: 1). Red Hat Enterprise Linux 5.2 (64-bit) with shared folders for users of network (192.168.0.10); 2). Windows Server 2003 R2 (primary domain controller of AD) (192.168.0.20); 3). Windows Server 2003 R2 (secondary domain controller of AD) (192.168.0.30); Configuration of /etc/samba/smb.conf-file: -- [global] workgroup = AAA server string = srv-db netbios name = srv-db hosts allow = 192.168.0. security = server password server = 192.168.0.20 192.168.0.30 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 --- When both of Windows domain controllers work successfully Samba-service on RHEL-server work good. If 192.168.0.30 (second server in configuration-file) is failed - Samba-service work good, but when 192.168.0.20 (first server in configuration-file) is failed then the shared directories on RHEL-server will be unavailable for users. There is information in Samba documentation that a password server line may be with several servers names or ips. Couldn't you help us with this problem. Thanks very much. Alex. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] write list for share is ignored
Andrew Masterson wrote: -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Jon Trauntvein Sent: Friday, January 22, 2010 10:00 AM To: samba@lists.samba.org Subject: [Samba] write list for share is ignored I recently updated a Samba server from Fedora Core 4 to CentOs 4.5. The old server had samba version 3.0.11 installed while the newer has samba version 3.0.33 installed. The following file is a simplified version of my smb.conf file: [global] debug level = 5 security = domain workgroup = CSI-INTRANET auth methods = guest, sam, winbind server string = Software Engineering Workgroup Server load printers = yes guest account = nobody log file = /var/log/samba/log.%m max log size = 1024 encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no map to guest = bad user winbind separator = \\ idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes [cora] available = yes browseable = yes path = /home/group/cora public = yes guest ok = yes read only = yes write list = @cora force create mode = 0775 --- Why do you have this set? read only = yes http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html If this parameter is yes, then users of a service may not create or modify files in the service's directory. The share needs to be read-only for all but authorised users. My understanding of the write list setting is that it accomplishes exactly that: This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#READONLY option is set to. The list can include group names using the @group syntax. I have, by the way, attempted to remove and/or change the value of the read only setting and this has had no effect. __ Information from ESET NOD32 Antivirus, version of virus signature database 4797 (20100122) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] write list for share is ignored
-Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Jon Trauntvein Sent: Friday, January 22, 2010 10:00 AM To: samba@lists.samba.org Subject: [Samba] write list for share is ignored I recently updated a Samba server from Fedora Core 4 to CentOs 4.5. The old server had samba version 3.0.11 installed while the newer has samba version 3.0.33 installed. The following file is a simplified version of my smb.conf file: [global] debug level = 5 security = domain workgroup = CSI-INTRANET auth methods = guest, sam, winbind server string = Software Engineering Workgroup Server load printers = yes guest account = nobody log file = /var/log/samba/log.%m max log size = 1024 encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no map to guest = bad user winbind separator = \\ idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes [cora] available = yes browseable = yes path = /home/group/cora public = yes guest ok = yes read only = yes write list = @cora force create mode = 0775 --- Why do you have this set? read only = yes http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html If this parameter is yes, then users of a service may not create or modify files in the service's directory. -=Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 2.2.7
Hi Volker, My initial test with my own id worked great!! Thank you so much for this fix. Hope you have a great weekend! Dave -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: Friday, January 22, 2010 10:58 AM To: Wagg, Dave Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 2.2.7 On Fri, Jan 22, 2010 at 10:54:05AM -0500, Wagg, Dave wrote: Hi Volker, Thanks for the info!! Do I have to stop and start Samba for this change to take effect? I made the change thru SWAT and committed the change. Yes, a restart is required, and you have to provide passwords for all the users. Please make sure that you do understand the difference between SHARE and USER security, this is a significant change. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SigmaPlot and Windows Vista
Dear Colleagues, I've tried to run my SigmaPlot 6.0 in a computer with Windows Vista but have got the message Cannot open or create 'C:\PROGRAM FILES\SPW6\LOCKFILE.SYS' every time I try to start the software. Does anybody know what I should do to overcome this problem? Thank you all in advance. Best regards, Eduardo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] write list for share is ignored
On 01/22/2010 11:00 AM, Jon Trauntvein wrote: I recently updated a Samba server from Fedora Core 4 to CentOs 4.5. The old server had samba version 3.0.11 installed while the newer has samba version 3.0.33 installed. The following file is a simplified version of my smb.conf file: [global] debug level = 5 security = domain workgroup = CSI-INTRANET auth methods = guest, sam, winbind server string = Software Engineering Workgroup Server load printers = yes guest account = nobody log file = /var/log/samba/log.%m max log size = 1024 encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no map to guest = bad user winbind separator = \\ idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes [cora] available = yes browseable = yes path = /home/group/cora public = yes guest ok = yes read only = yes write list = @cora force create mode = 0775 Assuming cora is a domain group and using your separator \\, try write list = @CSI-INTRANET\\cora Somewhere around 3.0.23 or so, winbind started requiring the domain name be prefixed to domain users and groups Dale As can be seen here, I am using domain based security. With this configuration, my windows XP based machine can connect to the share and can access the files and directories on that share. However, any attempt to add a file or directory gets rebuffed with an access denied. The following is the log from my windows machine's attempt to create a new directory: I'm sorry for the length of the above but I am not sure what might be relevant to understanding the problem. As I interpret the problem, Samba has determined that the share is read only for my client. The unix file permissions are correct in that I can perform the needed operations while logged on under that account and, further, I can see that, at one point, samba had determined to use the correct account and group IDs. I have tried various combinations of options both within smb.conf and within nsswitch.conf. I have tried changing nsswitch.conf so that winbind is used as an option after the files are tried. I have also replaced the @cora group specification with references to my specific unix and domain user names. Each time that I have made these changes, I have faithfully restarted the samba service. However, at no time have I been able to access this share in any but a read-only fashion. If anyone has some suggestions or troubleshooting tips, I would be most grateful. Regards, Jon Trauntvein -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot join domain
What message do you get when attempting to connect to the domain? On Fri, Jan 22, 2010 at 9:56 AM, Claudia Rodriguez Brasicott claudia...@gmail.com wrote: Hello, I just configured a computer on my local network to work as a PDC with Samba, although I'm not able to join the Domain from the windows computer I want to add. I though it was that the server was unreachable, but I can ping the server from the computer and viceversa. If someone please can help me, I'll appreciate it. The smb.conf file is here: --- [global] workgroup = LGD netbios name = LGD-SERVER server string = %h server (Samba, Ubuntu) passdb backend = tdbsam security = user username map = /etc/samba/smbusers name resolve order = wins bcast hosts domain logons = yes prefered master = yes wins support = yes # Set CUPS for printing printcap name = CUPS printing = CUPS # Default logon logon drive = H: # logon script = scripts/logon.bat logon path = \\%N\profile\%U # Useradd scripts add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u idmap uid = 15000-2 idmap gid = 15000-2 # sync smb passwords woth linux passwords passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . passwd chat debug = yes unix password sync = yes # set the loglevel log level = 3 [homes] comment = Home valid users = %S read only = no browsable = no [printers] comment = All Printers path = /var/spool/samba printable = yes guest ok = yes browsable = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = Administrator valid users = %U read only = no [profile] comment = User profiles path = /home/samba/profiles valid users = %U create mode = 0600 directory mode = 0700 writable = yes browsable = no - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Permissions Problem
On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote: I need help understanding what is happening and trouble shooting. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I have two shares on the member server and as far as I can tell they are identical. [Projects] works as expected but [Windows] always asks for a login name even though the smb.conf entries for both are are the same. If I comment out the force group in [Windows] users can access the share but there are errors writing and creating files. If I create a new share it acts as the [Windows] share. Here are the share definitions and a list of the files in the directory; [Projects] Comment = Project Files path = /files/Lucretia/Projects writeable = yes browseable = yes create mask = 0764 directory mask = 0775 force group = ATLANTA\domain users [Windows] comment = Atlanta Windows Files path = /files/Lucretia/Windows browseable = yes writeable = yes create mask = 0764 directory mask = 0775 force group = ATLANTA\domain users r...@louise:/files/Lucretia# ls -l total 66 drwxrwsr-x 2 root 1000148 2008-07-17 03:17 Arris -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows Testparm shows no problems although it does rearrange the share definitions somewhat. The problem must be in windows permissions but I don't know how to check them, especially since I have only ssh access because the site is remote. I have to rely on local users for testing. How can I get a list of ATLANTA\domain admin group users? How can I change the permissions? Any possibility of acl's, especially default acl's? getfacl /files/Lucretia/Projects getfacl /files/Lucretia/Windows -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] write list for share is ignored
Dale Schroeder wrote: On 01/22/2010 11:00 AM, Jon Trauntvein wrote: I recently updated a Samba server from Fedora Core 4 to CentOs 4.5. The old server had samba version 3.0.11 installed while the newer has samba version 3.0.33 installed. The following file is a simplified version of my smb.conf file: [global] debug level = 5 security = domain workgroup = CSI-INTRANET auth methods = guest, sam, winbind server string = Software Engineering Workgroup Server load printers = yes guest account = nobody log file = /var/log/samba/log.%m max log size = 1024 encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no map to guest = bad user winbind separator = \\ idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes [cora] available = yes browseable = yes path = /home/group/cora public = yes guest ok = yes read only = yes write list = @cora force create mode = 0775 Assuming cora is a domain group and using your separator \\, try write list = @CSI-INTRANET\\cora Somewhere around 3.0.23 or so, winbind started requiring the domain name be prefixed to domain users and groups cora is actually a unix group. My preferred relationship with the domain controller is that it take care of account authentication and that everything else be local. In order to accomplish this, I create unix accounts on the machine whose names match those of the domain logins. Apparently, version 3.0.11 no longer supports this. Further, if I change the write list to match the specific domain account (CSI-INTRANET\\jon) that I am using for tests, the share is still reported as read-only. __ Information from ESET NOD32 Antivirus, version of virus signature database 4797 (20100122) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] force all connections that come from a windows group to be a specific user and problems with net groupmap add
Does anyone know of a simple (share) mechanism that doesn't require setting up a complex ldap, winbind, pdc, etc samba configuration that will allow users connecting to a samba share to always be forced to be a specific unix UID? The idea is to have the linux data owned by a particular linux user, and be able to control write access to that data by adding any arbitrary windows user to a specified windows user group. The reason why ldap, winbind, etc is not a desirable config is that this could be deployed at sites that have stand alone workgroups with a single user to very complex ads or ldap configurations with many thousands of users, and we would like to have a simplistic one size fits all access control method. Note that this doesn't have to conform to ideal security protocols, or what a zealot would consider ideal configurations or IT practices - functional simplicity is preferred. Also - on another related, but separate note, I cannot seem to get the net groupmap add command to work correctly. I have a stand alone samba server, and a windows box that I have local admin permissions to - I add a new windows group and new unix group on the unix side - run the command net group add ntgroup=windows_grp_name_here unixgroup=unix_group_name_here, but when I try to actually write to the share with a windows user that is in the supposedly mapped group, I only receive a permission denied error. a net groupmap list shows that the mapping did take, but again, it doesn't appear to actually function as I would have expected. Any hep would be great on either or both of these questions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot join domain
Try LGD :D On Sat, Jan 23, 2010 at 7:10 AM, Claudia Rodriguez Brasicott claudia...@gmail.com wrote: I got the following error message: - The domain name LGD-SERVER might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS. If you are certain that the name is not a NetBIOS domain name, then the following information can you troubleshoot your DNS configuration. The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain US3: The error was: DNS name does not exist. (error code 0x232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.LGD-SERVER - I though the server was unreachable, or there was a problem with the server name, but when I do ping LGD-SERVER from the client, I receive answer. On Fri, Jan 22, 2010 at 2:59 PM, Andy thea...@gmail.com wrote: What message do you get when attempting to connect to the domain? On Fri, Jan 22, 2010 at 9:56 AM, Claudia Rodriguez Brasicott claudia...@gmail.com wrote: Hello, I just configured a computer on my local network to work as a PDC with Samba, although I'm not able to join the Domain from the windows computer I want to add. I though it was that the server was unreachable, but I can ping the server from the computer and viceversa. If someone please can help me, I'll appreciate it. The smb.conf file is here: --- [global] workgroup = LGD netbios name = LGD-SERVER server string = %h server (Samba, Ubuntu) passdb backend = tdbsam security = user username map = /etc/samba/smbusers name resolve order = wins bcast hosts domain logons = yes prefered master = yes wins support = yes # Set CUPS for printing printcap name = CUPS printing = CUPS # Default logon logon drive = H: # logon script = scripts/logon.bat logon path = \\%N\profile\%U # Useradd scripts add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u idmap uid = 15000-2 idmap gid = 15000-2 # sync smb passwords woth linux passwords passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . passwd chat debug = yes unix password sync = yes # set the loglevel log level = 3 [homes] comment = Home valid users = %S read only = no browsable = no [printers] comment = All Printers path = /var/spool/samba printable = yes guest ok = yes browsable = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = Administrator valid users = %U read only = no [profile] comment = User profiles path = /home/samba/profiles valid users = %U create mode = 0600 directory mode = 0700 writable = yes browsable = no - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- REGARDS, Andy Z -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] wbinfo, net, getent and groups
I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I am don't understand the results. As far as I can tell I have everything configured as it should be. The basic globals for the DC [global] workgroup = ATLANTA time server = Yes hostname lookups = Yes domain logons = Yes preferred master = Yes domain master = Yes wins support = Yes idmap uid = 1-2 idmap gid = 1-2 winbind enum users = Yes winbind enum groups = Yes hide dot files = No The glbals for the Member Server [global] workgroup = ATLANTA security = DOMAIN password server = 192.168.1.24 name resolve order = wins bcast hosts wins proxy = Yes wins server = 192.168.1.24 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes hosts allow = 192.168.1.0/255.255.255.0 getent does not return the names on any domain groups or users. wbinfo does return the names on domains groups and users. BUILTIN\administrators BUILTIN\users ATLANTA\domain users ATLANTA\domain guests ATLANTA\domain admins net groupmap list on the DC shows mapping to groups Backup Operators (S-1-5-32-551) - backup Power Users (S-1-5-32-547) - atlanta Replicators (S-1-5-32-552) - staff Domain Users (S-1-5-21-4166445610-3302986456-3838465043-513) - samba Domain Guests (S-1-5-21-4166445610-3302986456-3838465043-514) - nogroup Administrators (S-1-5-32-544) - staff Account Operators (S-1-5-32-548) - account Users (S-1-5-32-545) - samba Print Operators (S-1-5-32-550) - print Guests (S-1-5-32-546) - nogroup System Operators (S-1-5-32-549) - operator Domain Admins (S-1-5-21-4166445610-3302986456-3838465043-512) - staff net groupmap list on the Member Server shows only the builtin in groups Administrators (S-1-5-32-544) - BUILTIN\administrators Users (S-1-5-32-545) - BUILTIN\users -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SigmaPlot and Windows Vista
Dear Colleagues, I've tried to run my SigmaPlot 6.0 in a computer with Windows Vista but have got the message Cannot open or create 'C:\PROGRAM FILES\SPW6\LOCKFILE.SYS' every time I try to start the software. Does anybody know what I should do to overcome this problem? Thank you all in advance. Best regards, Eduardo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 3.4.5 compile problem on solaris 10
hi, I found some older posts with this issues but no solution for me :( Seems to be a krb related issue: Compiling libsmb/clikrb5.c libsmb/clikrb5.c: In function 'get_krb5_smb_session_key': libsmb/clikrb5.c:886: warning: 'krb5_auth_con_getremotesubkey' is deprecated (declared at /global/spool/krb5-1.7/include/krb5/krb5.h:2167) libsmb/clikrb5.c:888: warning: 'krb5_auth_con_getlocalsubkey' is deprecated (declared at /global/spool/krb5-1.7/include/krb5/krb5.h:2162) libsmb/clikrb5.c:1623:2: error: #error UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION The following command failed: /opt/gcc/bin/gcc -I/global/spool/krb5-1.7/include -Wl,-R/global/spool/openssl-0.9.8l/lib -Wl,-R/global/spool/krb5-1.7/lib -Wl,-R/opt/csw/lib -I. -I/global/spool/src/samba/samba-3.4.5/source3 -I/global/spool/src/samba/samba-3.4.5/source3/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/talloc -I./../lib/tevent -I./../lib/tdb/include -I./libaddns -I./librpc -I./.. -DHAVE_CONFIG_H -I/global/spool/krb5-1.7/include -I/global/spool/openssl-0.9.8l/include -I/global/spool/krb5-1.7/include -I/opt/csw/include -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED -DSUNOS5 -I/global/spool/src/samba/samba-3.4.5/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 -fPIC -c libsmb/clikrb5.c -o libsmb/clikrb5.o gmake: *** [libsmb/clikrb5.o] Error 1 I use a build script it looks like this: PATH=/usr/bin:/usr/local/bin:/usr/sfw/bin:/opt/sfw/bin:/usr/ccs/bin:/global/spool/openssl-0.9.8l/bin:/global/spool/krb5-1.7/bin export PATH HOSTNAME=`/usr/bin/hostname` DIRPATH=/global/spool/openssl-0.9.8l /global/spool/krb5-1.7 /opt/csw for dir in $DIRPATH ; do CPPFLAGS=$CPPFLAGS -I$dir/include CFLAGS=$CFLAGS -Wl,-R$dir/lib LDFLAGS=$LDFLAGS -L$dir/lib done LDFLAGS=$LDFLAGS -L$dir/lib -Wl,-R/global/spool/$HOSTNAME/samba-3.4.1/lib export CPPFLAGS CFLAGS LDFLAGS CC echo CPPFLAGS=$CPPFLAGS echo CFLAGS=$CFLAGS echo LDFLAGS=$LDFLAGS echo CC=$CC ## configure build #./autogen.sh ./configure --prefix=/global/spool/$HOSTNAME/samba-3.4.5 \ --with-ads \ --with-ldap \ --with-krb5=/global/spool/krb5-1.7 if [ $? -ne 0 ]; then echo configure failed. Exiting exit 1 fi make showlayout make Any hints are very much appreciate, if possible also via e-mail to my address as I am not currently on the list THANKS ~christoph -- /* Christoph Beyer | Office: Building 2b / 23 *\ * DESY|Phone: 040-8998-2317* * - IT - | Fax: 040-8998-4060* \* 22603 Hamburg | http://www.desy.de */ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Permissions Problem
Dale Schroeder wrote: On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote: I need help understanding what is happening and trouble shooting. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I have two shares on the member server and as far as I can tell they are identical. [Projects] works as expected but [Windows] always asks for a login name even though the smb.conf entries for both are are the same. If I comment out the force group in [Windows] users can access the share but there are errors writing and creating files. If I create a new share it acts as the [Windows] share. Here are the share definitions and a list of the files in the directory; [Projects] Comment = Project Files path = /files/Lucretia/Projects writeable = yes browseable = yes create mask = 0764 directory mask = 0775 force group = ATLANTA\domain users [Windows] comment = Atlanta Windows Files path = /files/Lucretia/Windows browseable = yes writeable = yes create mask = 0764 directory mask = 0775 force group = ATLANTA\domain users r...@louise:/files/Lucretia# ls -l total 66 drwxrwsr-x 2 root 1000148 2008-07-17 03:17 Arris -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows Testparm shows no problems although it does rearrange the share definitions somewhat. The problem must be in windows permissions but I don't know how to check them, especially since I have only ssh access because the site is remote. I have to rely on local users for testing. How can I get a list of ATLANTA\domain admin group users? How can I change the permissions? Any possibility of acl's, especially default acl's? getfacl /files/Lucretia/Projects getfacl /files/Lucretia/Windows Looks like not; r...@louise:/etc/samba# getfacl /files/Lucretia/Projects getfacl: Removing leading '/' from absolute path names # file: files/Lucretia/Projects # owner: ATLANTA\134trish # group: 10001 user::rwx group::rwx other::r-x r...@louise:/etc/samba# getfacl /files/Lucretia/Windows getfacl: Removing leading '/' from absolute path names # file: files/Lucretia/Windows # owner: ATLANTA\134trish # group: 10001 user::rwx group::rwx other::rwx -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Serving NFS Mounted Directories
I have a Sun 7310 storage server. This is running Solaris 10 but it's self-contained and I can't login to it or run Samba on it. I manage it with a web interface. I have a CentOS 5.3 machine that mounts a bunch of file systems via NFS from the Sun server. This works fine. I installed Samba 3.4.5 on the CentOS machine and configured it to share some of the directories that are actually NFS mounts from the Sun server. I'm able to map these directories from both Windows XP and Windows 7. I'm seeing several problems: 1) Accessing the mapped directories from Windows when running Microsoft Office apps is extremely slow. I don't have any exact numbers but let's say the speed is unusable. Ironically, other programs, such as 'vim' and 'notepad' don't have this speed problem when accessing the same shares. 2) Again, using Microsoft Office apps, Windows XP machines see files as read-only. Windows 7 works fine on the same files. The Sun has a non-Samba CIFS implementation but it's non-intuitive to set up so I haven't tried it. I'm wondering if what I describe should work. Here's the smb.conf configuration for the share: [bgroup] valid users = bgroup path = /home/bgroup public = no writeable = yes browseable = no create mask = 012 create mode = 0660 directory mode = 0770 Any comments or suggestions? Cordially, -- Jon Forrest Research Computing Support College of Chemistry 173 Tan Hall University of California Berkeley Berkeley, CA 94720-1460 510-643-1032 jlforr...@berkeley.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Serving NFS Mounted Directories
On Fri, Jan 22, 2010 at 04:49:33PM -0800, Jon Forrest wrote: I have a Sun 7310 storage server. This is running Solaris 10 but it's self-contained and I can't login to it or run Samba on it. I manage it with a web interface. I have a CentOS 5.3 machine that mounts a bunch of file systems via NFS from the Sun server. This works fine. I installed Samba 3.4.5 on the CentOS machine and configured it to share some of the directories that are actually NFS mounts from the Sun server. I'm able to map these directories from both Windows XP and Windows 7. I'm seeing several problems: 1) Accessing the mapped directories from Windows when running Microsoft Office apps is extremely slow. I don't have any exact numbers but let's say the speed is unusable. Ironically, other programs, such as 'vim' and 'notepad' don't have this speed problem when accessing the same shares. 2) Again, using Microsoft Office apps, Windows XP machines see files as read-only. Windows 7 works fine on the same files. The Sun has a non-Samba CIFS implementation but it's non-intuitive to set up so I haven't tried it. I'm wondering if what I describe should work. Here's the smb.conf configuration for the share: [bgroup] valid users = bgroup path = /home/bgroup public = no writeable = yes browseable = no create mask = 012 create mode = 0660 directory mode = 0770 Any comments or suggestions? Cordially, First of all, you really don't want to re-export NFS mounts via Samba. Secondly, if you absolutely must do it, I recommend the following settings: [global] # your other options here... oplocks = No level2 oplocks = No On certain shares, you may want to set: posix locking = No Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via f217969... s3: Fix bug 7052: DFS broken on AIX (maybe others) (cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6) from 155fb98... s3:pdb_ldap: Fix large paged search. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit f21796955e7aa2e84a1c810612f2fdee2bde611c Author: William Jojo w.j...@hvcc.edu Date: Thu Jan 21 14:21:03 2010 +0100 s3: Fix bug 7052: DFS broken on AIX (maybe others) (cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6) --- Summary of changes: tests/readlink.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/tests/readlink.c b/tests/readlink.c index a07e62a..3784288 100644 --- a/tests/readlink.c +++ b/tests/readlink.c @@ -13,7 +13,7 @@ main() { - int buf[7]; + char buf[7]; int ret; ssize_t rl_ret; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via 28b3cf3... s3: Fix bug 7052: DFS broken on AIX (maybe others) (cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6) (cherry picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c) from 436e136... s3-docs: Fix typos. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 28b3cf328312a26cd72bbc54f3283bc46b51bc32 Author: William Jojo w.j...@hvcc.edu Date: Thu Jan 21 14:21:03 2010 +0100 s3: Fix bug 7052: DFS broken on AIX (maybe others) (cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6) (cherry picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c) --- Summary of changes: tests/readlink.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/tests/readlink.c b/tests/readlink.c index a07e62a..3784288 100644 --- a/tests/readlink.c +++ b/tests/readlink.c @@ -13,7 +13,7 @@ main() { - int buf[7]; + char buf[7]; int ret; ssize_t rl_ret; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated
The branch, v3-3-test has been updated via e66e5cb... s3: Fix bug 7052: DFS broken on AIX (maybe others) (cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6) (cherry picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c) (cherry picked from commit 28b3cf328312a26cd72bbc54f3283bc46b51bc32) from c2cdd4d... s3-docs: Fix typos. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit e66e5cb6324800d20f5f091a7fb2eba2d751241a Author: William Jojo w.j...@hvcc.edu Date: Thu Jan 21 14:21:03 2010 +0100 s3: Fix bug 7052: DFS broken on AIX (maybe others) (cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6) (cherry picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c) (cherry picked from commit 28b3cf328312a26cd72bbc54f3283bc46b51bc32) --- Summary of changes: tests/readlink.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/tests/readlink.c b/tests/readlink.c index a07e62a..3784288 100644 --- a/tests/readlink.c +++ b/tests/readlink.c @@ -13,7 +13,7 @@ main() { - int buf[7]; + char buf[7]; int ret; ssize_t rl_ret; -- Samba Shared Repository
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - 3.2.11-ctdb-69-4-g221c557
The branch, v3-2-ctdb has been updated via 221c557f1fa0709cb5fc0c46ca5abcc480553a23 (commit) via 4c58bbfd8488bfe88be8a304182c2e02b2f39dc1 (commit) via 51d5d9e6f75e64b0947d47a91f07861be5b1e126 (commit) from f957e56ae7b041abc15e5fadc3847da6ca80aece (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit 221c557f1fa0709cb5fc0c46ca5abcc480553a23 Author: Jeff Layton jlay...@redhat.com Date: Fri Sep 25 07:03:44 2009 -0400 mount.cifs: don't leak passwords with verbose option When running mount.cifs with the --verbose option, it'll print out the option string that it passes to the kernel...including the mount password if there is one. Print a placeholder string instead to help ensure that this info can't be used for nefarious purposes. Also, the --verbose option printed the option string before it was completely assembled anyway. This patch should also make sure that the complete option string is printed out. Finally, strndup passwords passed in on the command line to ensure that they aren't shown by --verbose as well. Passwords used this way can never be truly kept private from other users on the machine of course, but it's simple enough to do it this way for completeness sake. Reported-by: Ronald Volgers r.c.volg...@student.utwente.nl Signed-off-by: Jeff Layton jlay...@redhat.com Acked-by: Steve French sfre...@us.ibm.com Signed-off-by: Christian Ambach christian.amb...@de.ibm.com commit 4c58bbfd8488bfe88be8a304182c2e02b2f39dc1 Author: Jeff Layton jlay...@redhat.com Date: Fri Sep 25 07:03:44 2009 -0400 mount.cifs: check access of credential files before opening It's possible for an unprivileged user to pass a setuid mount.cifs a credential or password file to which he does not have access. This can cause mount.cifs to open the file on his behalf and possibly leak the info in the first few lines of the file. Check the access permissions of the file before opening it. Reported-by: Ronald Volgers r.c.volg...@student.utwente.nl Signed-off-by: Jeff Layton jlay...@redhat.com Acked-by: Steve French sfre...@us.ibm.com Signed-off-by: Christian Ambach christian.amb...@de.ibm.com commit 51d5d9e6f75e64b0947d47a91f07861be5b1e126 Author: Jeremy Allison j...@samba.org Date: Wed Sep 30 14:24:50 2009 +0200 Fix for CVE-2009-2906. Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server. Signed-off-by: Christian Ambach christian.amb...@de.ibm.com --- Summary of changes: source/client/mount.cifs.c | 65 ++- source/include/smb.h |1 + source/smbd/process.c | 28 +-- 3 files changed, 71 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c index d05115b..a947dd1 100644 --- a/source/client/mount.cifs.c +++ b/source/client/mount.cifs.c @@ -199,6 +199,11 @@ static int open_cred_file(char * file_name) char * temp_val; FILE * fs; int i, length; + + i = access(file_name, R_OK); + if (i) + return i; + fs = fopen(file_name,r); if(fs == NULL) return errno; @@ -321,6 +326,12 @@ static int get_password_from_file(int file_descript, char * filename) } if(filename != NULL) { + rc = access(filename, R_OK); + if (rc) { + fprintf(stderr, mount.cifs failed: access check of %s failed: %s\n, + filename, strerror(errno)); + exit(EX_SYSERR); + } file_descript = open(filename, O_RDONLY); if(file_descript 0) { printf(mount.cifs failed. %s attempting to open password file %s\n, @@ -380,9 +391,6 @@ static int parse_options(char ** optionsp, int * filesys_flags) return 1; data = *optionsp; - if(verboseflag) - printf(parsing options: %s\n, data); - /* BB fixme check for separator override BB */ if (getuid()) { @@ -471,18 +479,27 @@ static int parse_options(char ** optionsp, int * filesys_flags) } else if (strncmp(data, pass, 4) == 0) { if (!value || !*value) { if(got_password) { - printf(\npassword specified twice, ignoring second\n); + fprintf(stderr, \npassword specified twice, ignoring second\n); } else
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9acbed1... s3: Fix some nonempty blank lines via ee4a360... s3: Fix a typo in a comment from 2534654... s3:pdb_ldap: Fix large paged search. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9acbed13e877cb4cf69c93598d89cb865aa7f194 Author: Volker Lendecke v...@samba.org Date: Fri Jan 22 13:31:44 2010 +0100 s3: Fix some nonempty blank lines commit ee4a3606e606da5803d6e1ebac0c839c7a8a2a55 Author: Volker Lendecke v...@samba.org Date: Fri Jan 22 13:31:30 2010 +0100 s3: Fix a typo in a comment --- Summary of changes: source3/registry/reg_backend_shares.c | 43 - 1 files changed, 21 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/registry/reg_backend_shares.c b/source3/registry/reg_backend_shares.c index 1977406..22b8fd7 100644 --- a/source3/registry/reg_backend_shares.c +++ b/source3/registry/reg_backend_shares.c @@ -26,7 +26,7 @@ /** It is safe to assume that every registry path passed into on of - the exported functions here begins with KEY_PRINTING else + the exported functions here begins with KEY_SHARES else these functions would have never been called. This is a small utility function to strip the beginning of the path and make a copy that the caller can modify. Note that the caller is responsible for releasing @@ -37,24 +37,23 @@ static char* trim_reg_path( const char *path ) { const char *p; uint16 key_len = strlen(KEY_SHARES); - + /* * sanity check...this really should never be True. * It is only here to prevent us from accessing outside * the path buffer in the extreme case. */ - + if ( strlen(path) key_len ) { DEBUG(0,(trim_reg_path: Registry path too short! [%s]\n, path)); return NULL; } - - + p = path + strlen( KEY_SHARES ); - + if ( *p == '\\' ) p++; - + if ( *p ) return SMB_STRDUP(p); else @@ -65,22 +64,22 @@ static char* trim_reg_path( const char *path ) Enumerate registry subkey names given a registry path. Caller is responsible for freeing memory to **subkeys */ - + static int shares_subkey_info( const char *key, struct regsubkey_ctr *subkey_ctr ) { char*path; booltop_level = False; int num_subkeys = 0; - + DEBUG(10,(printing_subkey_info: key=[%s]\n, key)); - + path = trim_reg_path( key ); - + /* check to see if we are dealing with the top level key */ - + if ( !path ) top_level = True; - + if ( top_level ) { num_subkeys = 1; regsubkey_ctr_addkey( subkey_ctr, Security ); @@ -89,9 +88,9 @@ static int shares_subkey_info( const char *key, struct regsubkey_ctr *subkey_ctr else num_subkeys = handle_share_subpath( path, subkey_ctr, NULL ); #endif - + SAFE_FREE( path ); - + return num_subkeys; } @@ -105,16 +104,16 @@ static int shares_value_info(const char *key, struct regval_ctr *val) char*path; booltop_level = False; int num_values = 0; - + DEBUG(10,(printing_value_info: key=[%s]\n, key)); - + path = trim_reg_path( key ); - + /* check to see if we are dealing with the top level key */ - + if ( !path ) top_level = True; - + /* fill in values from the getprinterdata_printer_server() */ if ( top_level ) num_values = 0; @@ -122,9 +121,9 @@ static int shares_value_info(const char *key, struct regval_ctr *val) else num_values = handle_printing_subpath( path, NULL, val ); #endif - + SAFE_FREE(path); - + return num_values; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4c54804... s4:kdc Simplify header files from 9acbed1... s3: Fix some nonempty blank lines http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4c548048c55ab3b7c79f5317281988b446c7fbf2 Author: Simo Sorce i...@samba.org Date: Thu Jan 21 09:57:41 2010 -0500 s4:kdc Simplify header files --- Summary of changes: source4/kdc/config.mk|1 - source4/kdc/hdb-samba4.c | 14 -- source4/kdc/kdc.h|8 ++-- source4/kdc/pac-glue.h | 30 -- 4 files changed, 14 insertions(+), 39 deletions(-) delete mode 100644 source4/kdc/pac-glue.h Changeset truncated at 500 lines: diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk index 3ae5fe5..1659941 100644 --- a/source4/kdc/config.mk +++ b/source4/kdc/config.mk @@ -36,4 +36,3 @@ PRIVATE_DEPENDENCIES = \ ### PAC_GLUE_OBJ_FILES = $(addprefix $(kdcsrcdir)/, pac-glue.o) -$(eval $(call proto_header_template,$(kdcsrcdir)/pac-glue_proto.h,$(HDB_SAMBA4_OBJ_FILES:.o=.c))) diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index f7a72b4..eb7edeb 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -1451,9 +1451,10 @@ static krb5_error_code hdb_samba4_destroy(krb5_context context, HDB *db) * * This is currently a very nasty hack - allowing only delegation to itself. */ -krb5_error_code hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db, - hdb_entry_ex *entry, - krb5_const_principal target_principal) +static krb5_error_code +hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db, + hdb_entry_ex *entry, + krb5_const_principal target_principal) { struct ldb_context *ldb_ctx = (struct ldb_context *)db-hdb_db; struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb_ctx, loadparm), @@ -1525,9 +1526,10 @@ krb5_error_code hdb_samba4_check_constrained_delegation(krb5_context context, HD * database. Allow a mismatch where they both refer to the same * SID */ -krb5_error_code hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db, -hdb_entry_ex *entry, -krb5_const_principal certificate_principal) +static krb5_error_code +hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db, +hdb_entry_ex *entry, +krb5_const_principal certificate_principal) { struct ldb_context *ldb_ctx = (struct ldb_context *)db-hdb_db; struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb_ctx, loadparm), diff --git a/source4/kdc/kdc.h b/source4/kdc/kdc.h index b9cf621..becef93 100644 --- a/source4/kdc/kdc.h +++ b/source4/kdc/kdc.h @@ -25,12 +25,12 @@ #include hdb.h #include kdc.h #include krb5/windc_plugin.h -#include kdc/pac-glue.h #include kdc/hdb-samba4.h struct kdc_server; struct tsocket_address; +extern struct krb5plugin_windc_ftable windc_plugin_table; bool kpasswdd_process(struct kdc_server *kdc, TALLOC_CTX *mem_ctx, @@ -50,4 +50,8 @@ struct kdc_server { struct hdb_samba4_context *hdb_samba4_context; }; - +/* from hdb-samba4.c */ +NTSTATUS hdb_samba4_create_kdc(TALLOC_CTX *mem_ctx, + struct tevent_context *ev_ctx, + struct loadparm_context *lp_ctx, + krb5_context context, struct HDB **db); diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h deleted file mode 100644 index f838ec3..000 --- a/source4/kdc/pac-glue.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - KDC Server startup - - Copyright (C) Andrew Bartlett abart...@samba.org 2005-2009 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see http://www.gnu.org/licenses/. -*/ - -#ifndef __KDC_PAC_GLUE_H__ -#define __KDC_PAC_GLUE_H__ - -#include kdc/pac-glue_proto.h - -extern struct krb5plugin_windc_ftable
Build status as of Sat Jan 23 07:00:05 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-01-22 00:00:05.0 -0700 +++ /home/build/master/cache/broken_results.txt 2010-01-23 00:00:11.0 -0700 @@ -1,22 +1,22 @@ -Build status as of Fri Jan 22 07:00:04 2010 +Build status as of Sat Jan 23 07:00:05 2010 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 2 0 0 +ccache 0 0 0 distcc 0 0 0 ldb 30 30 0 -libreplace 29 12 0 +libreplace 2 0 0 lorikeet 0 0 0 pidl 19 19 0 ppp 1 1 0 -rsync1 0 0 +rsync0 0 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 28 28 0 +samba_3_current 27 27 0 samba_3_master 27 27 3 -samba_3_next 28 28 2 +samba_3_next 28 28 3 samba_4_0_test 30 29 0 talloc 30 10 0 -tdb 27 17 0 +tdb 3 1 0