Re: [Samba] Tracking down rogue workgroup

2010-01-22 Thread Moray Henderson 
Ray Van Dolson wrote:
On Thu, Jan 21, 2010 at 09:18:13AM -0800, Moray Henderson wrote:
 Ray Van Dolson wrote:
  This seems to be a decent way to tell right when the workgroup
shows
  up, but I don't think it helps us track down which IP address is
  responsible for generating it, or helping us narrow down the
subnet
 its
  on even... (if I'm wrong, please correct me on that).
  
  Right now we're sifting through traffic to the domain controller
  looking for announcement packets including the workgroup name,
and,
  presumably an IP of a Local Master Browser or subnet...
  
  Ray
 
  It should do.  The nmblookup command should return an IP address;
if
 you
  add a -S option as well it should give you the node status:
 
  $ nmblookup -M MSHOME -S
  querying MSHOME on 66.255.255.255
  66.102.9.104 MSHOME1d
  Looking up status of 66.102.9.104
  MEDIACENTER 00 - B ACTIVE
  MEDIACENTER 03 - B ACTIVE
  MEDIACENTER 20 - B ACTIVE
  ..__MSBROWSE__. 01 - GROUP B ACTIVE
  MSHOME  1d - B ACTIVE
  MSHOME  1e - GROUP B ACTIVE
  MSHOME  00 - GROUP B ACTIVE
 
  MAC Address = 00-00-00-00-00-00
 
 Well, will give it a try.  A tcpdump seems to indicate that when I
run
 the above command, my workstation is merely sending out a Name query
 broadcast on my local subnet for the workgroup in question.
 
 Does this query (it does appear to have the recursion bit set)
 propagate to other subnets via the local master browsers or DC's
 (assuming my packet reaches them)?
 
 Just curious...
 
 Thanks!
 Ray

 I'm not sure exactly how it propagates, but if you run it on a subnet
 that can see the rogue workgroup you ought to get an answer.

Unfortunately, Linux clients can't see it (at least not with nbmlookup
-M -- -), but Windows clients can.  The Windows clients emit a unicast
LANMAN NetServerEnum2 request to their browse master, and the browse
master returns a response with a list of workgroups many of which are
not on the local subnet...

It's not clear to me if the browse master is getting the out of subnet
workgroups in its list from the domain browser (or domain controller,
whatever), or elsewhere...

Right now we're going to set up a port span on our domain controller
and look for workgroup announcement messages or WINS updates containing
the workgroup name from local master browsers

Good times :)

nmblookup can use a unicast query too, with the -U option:

-U unicast address
Do a unicast query to the specified address or host unicast
address. This option (along with the -R option) is needed 
to query a WINS server.


Moray.
To err is human.  To purr, feline




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] windows 7 share and smbclient

2010-01-22 Thread Luca Ferrari 
Hi,
I've tested that samba (smbclient 3.4) cannot connect to a windows 7 share but 
however it is possible to mount such share with smbmount.
When I try to connect specifying username and password I got a success but 
nothing happens:

smbclient //s28/backupinfook -U backup
Enter backup's password:   
session setup failed: SUCCESS - 0   

while from another windows machine I can connect to the share. When I mount 
the share with smbmount I can browse its content. So there is something 
working different between an smbmount and an smbclient. What can I do if I 
don't want to mount the share?

Thanks,
Luca
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 2.2.7

2010-01-22 Thread Wagg, Dave 
Hi,

When we first installed SAMBA on our IBM AIX 5.3 server, we created 6
shares.  For some reason we have discovered that to access a Samba share
we always had to assign one share ahead of all others to a user for that
user to gain access. ( i.e. If a user requires access to the extracts
share, we have to assign the reports share first in the user login,
and then assign the extracts share to gain access to the extracts
share.  We always have to assign the reports share first for everyone
that will be using SAMBA)

Any ideas what we have done wrong in the setup?

Thanks
Dave

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 2.2.7

2010-01-22 Thread William Jojo 

Wagg, Dave wrote:

Hi,

When we first installed SAMBA on our IBM AIX 5.3 server, we created 6
shares.  For some reason we have discovered that to access a Samba share
we always had to assign one share ahead of all others to a user for that
user to gain access. ( i.e. If a user requires access to the extracts
share, we have to assign the reports share first in the user login,
and then assign the extracts share to gain access to the extracts
share.  We always have to assign the reports share first for everyone
that will be using SAMBA)

  


Hi Dave,

Version 2.2.7 is very old. Is this the IBM provided version from the AIX 
toolbox? You may want to consider:


http://pware.hvcc.edu/downloads.html

and download something more recent in the 3.3 (3.3.10) or 3.4 (3.4.5) 
series.


Also, it is helpful to include your smb.conf (minus any security related 
stuff) so we can view your setup and offer advice.



Cheers,
Bill



Any ideas what we have done wrong in the setup?

Thanks
Dave

  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 2.2.7

2010-01-22 Thread Wagg, Dave 
Hi Bill,

Yes, I know it's old.  I think at the time of the install, 2.2.7 was the
current version.  I think the IBM rep downloaded it from the SAMBA site
and installed it.

Here is my smb.conf file as it stands now.  My SWAT output is below
that.

# Date: 2010/01/06 14:12:53

# Global parameters
[global]
workgroup = FLINX
security = SHARE
encrypt passwords = Yes
min passwd length = 4
log file = /var/samba/log.%m
max log size = 50
local master = No
dns proxy = No
wins support = Yes
hosts allow = 99.999 999.99.99.

[homes]
comment = Home Directories
read only = No
create mask = 0750
browseable = No

[extracts]
comment = Extracts Access
path = /opt/info/extracts/flinx
username = smbextrt
browseable = No

[extracts_x]
comment = Extracts access with update
path = /opt/info/extracts/flinx
username = smbappxs
read only = No
force create mode = 0664
force directory mode = 0775
browseable = No

[user_input]
comment = Users can drop files onto the server
path = /opt/info/extracts/flinx/user_input
username = smbinput
read only = No
force create mode = 0666
force directory mode = 0775
inherit permissions = Yes
browseable = No

[root_level]
comment = User can view the whole system
path = /
username = smbrootl
browseable = No

[reports]
comment = reports directory
path = /opt/info/extracts/flinx/reports
username = smbrprts
browseable = No





This is from SWAT:


# Samba config file created using SWAT
# from 
# Date: 2010/01/22 10:08:27

# Global parameters
[global]
coding system = 
client code page = 850
code page directory = /etc/codepages
workgroup = FLINX
netbios name = 
netbios aliases = 
netbios scope = 
server string = Samba 2.2.7
interfaces = 
bind interfaces only = No
security = SHARE
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv = 
min passwd length = 4
map to guest = Never
null passwords = No
obey pam restrictions = No
password server = 
smb passwd file = /etc/smbpasswd
root directory = 
pam password change = No
passwd program = /usr/bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map = 
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
admin log = No
log level = 0
syslog = 1
syslog only = No
log file = /var/samba/log.%m
max log size = 50
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts host wins bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 1
name cache timeout = 660
read size = 16384
socket options = TCP_NODELAY
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = Yes
printcap name = /etc/qconfig
disable spoolss = No
enumports command = 
addprinter command = 
deleteprinter command = 
show add printer wizard = Yes
os2 driver map = 
strip dot = No
mangling method = hash
character set = 
mangled stack = 50
stat cache = Yes
domain admin group = 
domain guest group = 
machine password timeout = 604800
add user script = 
delete user script = 
logon script = 
logon path = \\%N\%U\profile
logon drive = 
logon home = \\%N\%U
domain logons = No
os level = 20
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = No
domain master = Auto
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy =

Re: [Samba] Samba 2.2.7

2010-01-22 Thread Volker Lendecke 
On Fri, Jan 22, 2010 at 10:38:59AM -0500, Wagg, Dave wrote:
 # Global parameters
 [global]
   workgroup = FLINX
   security = SHARE

security=share is most definitely your problem. You should
switch to security=user and provide smbpasswd for every
user.

Volker


pgpJSbS1vwgDE.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 2.2.7

2010-01-22 Thread Wagg, Dave 
Hi Volker,

Thanks for the info!!

Do I have to stop and start Samba for this change to take effect?  I
made the change thru SWAT and committed the change.

Dave

-Original Message-
From: Volker Lendecke [mailto:volker.lende...@sernet.de] 
Sent: Friday, January 22, 2010 10:43 AM
To: Wagg, Dave
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba 2.2.7


On Fri, Jan 22, 2010 at 10:38:59AM -0500, Wagg, Dave wrote:
 # Global parameters
 [global]
   workgroup = FLINX
   security = SHARE

security=share is most definitely your problem. You should switch to
security=user and provide smbpasswd for every user.

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 2.2.7

2010-01-22 Thread Volker Lendecke 
On Fri, Jan 22, 2010 at 10:54:05AM -0500, Wagg, Dave wrote:
 Hi Volker,
 
 Thanks for the info!!
 
 Do I have to stop and start Samba for this change to take effect?  I
 made the change thru SWAT and committed the change.

Yes, a restart is required, and you have to provide
passwords for all the users. Please make sure that you do
understand the difference between SHARE and USER security,
this is a significant change.

Volker


pgpkMqxEJL0Pn.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.4.4 Windows 7 offline folders

2010-01-22 Thread nf-vale 
Just to let you know, I tested this feature with a Windows 7 Ultimate 32 bits 
and samba 3.4.3 and didn't found any problems :)


Nelson Vale

On Friday 22 January 2010 06:54:00 Martin Hochreiter wrote:
 Am 2010-01-21 23:42, schrieb Jeremy Allison:
  On Thu, Jan 21, 2010 at 07:50:53PM +, nf-vale wrote:
  Is this issue only related with Windows 7 clients or does it affect
  other Windows versions too (I'm using Samba 3.4.3 version)?
 
  The offline files bug was only reported against
  a specific version of Windows Vista, but I wouldn't
  be surprised if it affected other versions too.
 
  Jeremy.
 
 Hi to all!
 
 I can only tell report the issue on Windows 7 32 bit only. We don't use
 vista and
 Windows XP is still working without problems.
 
 As I told you - with 3.4.5 we didn't had any issues yet.
 
 regards
 Martin
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba (problem with password server = 192.168.0.20 192.168.0.30 line in smb.conf)

2010-01-22 Thread Акулов Алексей 
Hello, dear developers!

We have the several problems with interaction between our Linux and Windows 
servers.

Description of problem:

There are three servers in our network:
 1). Red Hat Enterprise Linux 5.2 (64-bit) with shared folders for users of 
network (192.168.0.10);
 2). Windows Server 2003 R2 (primary domain controller of AD) (192.168.0.20);
 3). Windows Server 2003 R2 (secondary domain controller of AD) (192.168.0.30);

 Configuration of /etc/samba/smb.conf-file:
--
[global]
 workgroup = AAA
 server string = srv-db
 netbios name = srv-db
 hosts allow = 192.168.0.
 security = server
 password server = 192.168.0.20 192.168.0.30
 encrypt passwords = yes
 smb passwd file = /etc/samba/smbpasswd
 username map = /etc/samba/smbusers
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

---
When both of Windows domain controllers work successfully Samba-service on 
RHEL-server work good.
If 192.168.0.30 (second server in configuration-file) is failed - Samba-service 
work good, 
but when 192.168.0.20 (first server in configuration-file) is failed 
then the shared directories on RHEL-server will be unavailable for users.

There is information in Samba documentation that a password server line may 
be with several servers names or ips.

Couldn't you help us with this problem.

Thanks very much.


 Alex.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] write list for share is ignored

2010-01-22 Thread Jon Trauntvein 

Andrew Masterson wrote:

-Original Message-
From: samba-boun...@lists.samba.org
[mailto:samba-boun...@lists.samba.org] On Behalf Of Jon Trauntvein
Sent: Friday, January 22, 2010 10:00 AM
To: samba@lists.samba.org
Subject: [Samba] write list for share is ignored

I recently updated a Samba server from Fedora Core 4 to CentOs 4.5.  The
old server had samba version 3.0.11 installed while the newer has samba
version 3.0.33 installed.  The following file is a simplified version of
my smb.conf file:

[global]
  debug level = 5
  security = domain
  workgroup = CSI-INTRANET
  auth methods = guest, sam, winbind
  server string = Software Engineering Workgroup Server
  load printers = yes
  guest account = nobody
  log file = /var/log/samba/log.%m
  max log size = 1024
  encrypt passwords = yes
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  dns proxy = no
  map to guest = bad user

  winbind separator = \\
  idmap uid = 1-2
  idmap gid = 1-2
  winbind enum users = yes
  winbind enum groups = yes


[cora]
  available = yes
  browseable = yes
  path = /home/group/cora
  public = yes
  guest ok = yes
  read only = yes
  write list = @cora
  force create mode = 0775

---

Why do you have this set?

read only = yes

http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html

If this parameter is yes, then users of a service may not create or
modify files in the service's directory.

  


The share needs to be read-only for all but authorised users.  My 
understanding of the write list setting is that it accomplishes 
exactly that:


This is a list of users that are given read-write access to a service. 
If the connecting user is in this list then they will be given write 
access, no matter what the read only 
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#READONLY 
option is set to. The list can include group names using the @group 
syntax. 


I have, by the way, attempted to remove and/or change the value of the 
read only setting and this has had no effect.




__ Information from ESET NOD32 Antivirus, version of virus signature 
database 4797 (20100122) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] write list for share is ignored

2010-01-22 Thread Andrew Masterson 
-Original Message-
From: samba-boun...@lists.samba.org
[mailto:samba-boun...@lists.samba.org] On Behalf Of Jon Trauntvein
Sent: Friday, January 22, 2010 10:00 AM
To: samba@lists.samba.org
Subject: [Samba] write list for share is ignored

I recently updated a Samba server from Fedora Core 4 to CentOs 4.5.  The
old server had samba version 3.0.11 installed while the newer has samba
version 3.0.33 installed.  The following file is a simplified version of
my smb.conf file:

[global]
  debug level = 5
  security = domain
  workgroup = CSI-INTRANET
  auth methods = guest, sam, winbind
  server string = Software Engineering Workgroup Server
  load printers = yes
  guest account = nobody
  log file = /var/log/samba/log.%m
  max log size = 1024
  encrypt passwords = yes
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  dns proxy = no
  map to guest = bad user

  winbind separator = \\
  idmap uid = 1-2
  idmap gid = 1-2
  winbind enum users = yes
  winbind enum groups = yes


[cora]
  available = yes
  browseable = yes
  path = /home/group/cora
  public = yes
  guest ok = yes
  read only = yes
  write list = @cora
  force create mode = 0775

---

Why do you have this set?

read only = yes

http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html

If this parameter is yes, then users of a service may not create or
modify files in the service's directory.

-=Andrew

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 2.2.7

2010-01-22 Thread Wagg, Dave 
Hi Volker,

My initial test with my own id worked great!!  

Thank you so much for this fix.

Hope you have a great weekend!

Dave

-Original Message-
From: Volker Lendecke [mailto:volker.lende...@sernet.de] 
Sent: Friday, January 22, 2010 10:58 AM
To: Wagg, Dave
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba 2.2.7


On Fri, Jan 22, 2010 at 10:54:05AM -0500, Wagg, Dave wrote:
 Hi Volker,
 
 Thanks for the info!!
 
 Do I have to stop and start Samba for this change to take effect?  I 
 made the change thru SWAT and committed the change.

Yes, a restart is required, and you have to provide
passwords for all the users. Please make sure that you do understand the
difference between SHARE and USER security, this is a significant
change.

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] SigmaPlot and Windows Vista

2010-01-22 Thread Eduardo D. Mariano 
Dear Colleagues,

I've tried to run my SigmaPlot 6.0 in a computer with Windows Vista
but have got the message

Cannot open or create 'C:\PROGRAM FILES\SPW6\LOCKFILE.SYS'

every time I try to start the software.

Does anybody know what I should do to overcome this problem?

Thank you all in advance.

Best regards,
Eduardo
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] write list for share is ignored

2010-01-22 Thread Dale Schroeder 

On 01/22/2010 11:00 AM, Jon Trauntvein wrote:

I recently updated a Samba server from Fedora Core 4 to CentOs 4.5.  The
old server had samba version 3.0.11 installed while the newer has samba
version 3.0.33 installed.  The following file is a simplified version of
my smb.conf file:

[global]
 debug level = 5
 security = domain
 workgroup = CSI-INTRANET
 auth methods = guest, sam, winbind
 server string = Software Engineering Workgroup Server
 load printers = yes
 guest account = nobody
 log file = /var/log/samba/log.%m
 max log size = 1024
 encrypt passwords = yes
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 dns proxy = no
 map to guest = bad user

 winbind separator = \\
 idmap uid = 1-2
 idmap gid = 1-2
 winbind enum users = yes
 winbind enum groups = yes


[cora]
 available = yes
 browseable = yes
 path = /home/group/cora
 public = yes
 guest ok = yes
 read only = yes
 write list = @cora
 force create mode = 0775

Assuming cora is a domain group and using your separator \\, try
write list = @CSI-INTRANET\\cora

Somewhere around 3.0.23 or so, winbind started requiring the domain name 
be prefixed to domain users and groups


Dale



As can be seen here, I am using domain based security.  With this
configuration, my windows XP based machine can connect to the share and
can access the files and directories on that share.  However, any
attempt to add a file or directory gets rebuffed with an access denied.
The following is the log from my windows machine's attempt to create a
new directory:

I'm sorry for the length of the above but I am not sure what might be
relevant to understanding the problem.  As I interpret the problem,
Samba has determined that the share is read only for my client.  The
unix file permissions are correct in that I can perform the needed
operations while logged on under that account and, further, I can see
that, at one point, samba had determined to use the correct account and
group IDs.

I have tried various combinations of options both within smb.conf and 
within
nsswitch.conf.  I have tried changing nsswitch.conf so that winbind is 
used as
an option after the files are tried.  I have also replaced the @cora 
group
specification with references to my specific unix and domain user 
names.  Each
time that I have made these changes, I have faithfully restarted the 
samba service.
However, at no time have I been able to access this share in any but a 
read-only
fashion.  If anyone has some suggestions or troubleshooting tips, I 
would be most

grateful.

Regards,

Jon Trauntvein

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cannot join domain

2010-01-22 Thread Andy 
What message do you get when attempting to connect to the domain?



On Fri, Jan 22, 2010 at 9:56 AM, Claudia Rodriguez Brasicott
claudia...@gmail.com wrote:
 Hello, I just configured a computer on my local network to work as a PDC
 with Samba, although I'm not able to join the Domain from the windows
 computer I want to add. I though it was that the server was unreachable, but
 I can ping the server from the computer and viceversa. If someone please can
 help me, I'll appreciate it.

 The smb.conf file is here:

 ---
 [global]
   workgroup = LGD
   netbios name = LGD-SERVER
   server string = %h server (Samba, Ubuntu)

   passdb backend = tdbsam
   security = user
   username map = /etc/samba/smbusers
   name resolve order = wins bcast hosts
   domain logons = yes
   prefered master = yes
   wins support = yes

   # Set CUPS for printing
   printcap name = CUPS
   printing = CUPS

   # Default logon
   logon drive = H:
   # logon script = scripts/logon.bat
   logon path = \\%N\profile\%U

   # Useradd scripts
   add user script = /usr/sbin/useradd -m %u
   delete user script = /usr/sbin/userdel -r %u
   add group script = /usr/sbin/groupadd %g
   delete group script = /usr/sbin/groupdel %g
   add user to group script = /usr/sbin/usermod -G %g %u
   add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody
 %u
   idmap uid = 15000-2
   idmap gid = 15000-2


   # sync smb passwords woth linux passwords
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
 *Retype\snew\sUNIX\spassword:* %n\n .
   passwd chat debug = yes
   unix password sync = yes

   # set the loglevel
   log level = 3


 [homes]
   comment = Home
   valid users = %S
   read only = no
   browsable = no


 [printers]
   comment = All Printers
   path = /var/spool/samba
   printable = yes
   guest ok = yes
   browsable = no


 [netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   admin users = Administrator
   valid users = %U
   read only = no


 [profile]
   comment = User profiles
   path = /home/samba/profiles
   valid users = %U
   create mode = 0600
   directory mode = 0700
   writable = yes
   browsable = no
 -
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Permissions Problem

2010-01-22 Thread Dale Schroeder 

On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote:

I need help understanding what is happening and trouble shooting.

I have two servers running Samba 2.3.3, one as a Domain Controller one 
as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and 
winbindd using the tdb back end are running on both.


I have two shares on the member server and as far as I can tell they 
are identical. [Projects] works as expected but [Windows] always asks 
for a login name even though the smb.conf entries for both are are the 
same. If I comment out the force group in [Windows] users can access 
the share but there are errors writing and creating files. If I create 
a new share it acts as the [Windows] share.


Here are the share definitions and a list of the files in the directory;

[Projects]
   Comment = Project Files
   path = /files/Lucretia/Projects
   writeable = yes
   browseable = yes
   create mask = 0764
   directory mask = 0775
   force group = ATLANTA\domain users

[Windows]
   comment = Atlanta Windows Files
   path = /files/Lucretia/Windows
   browseable = yes
   writeable = yes
   create mask = 0764
   directory mask = 0775
   force group = ATLANTA\domain users


r...@louise:/files/Lucretia# ls -l
total 66
drwxrwsr-x   2 root  1000148 2008-07-17 03:17 Arris
-rw-r-Sr--   1 root  10001  5952 2008-07-17 04:25 list
drwxrwsr-x  74 ATLANTA\rob   10001 17040 2009-12-17 15:25 Office
drwxrwsr-x  67 rob   10001 14456 1969-12-31 19:00 Office.orig
drwxrwsr-x  51 ATLANTA\trish 10001  4528 2010-01-14 14:26 Projects
drwxrwsr-x   8 ATLANTA\rob   10001   400 2009-07-10 15:52 Sigma
drwxrwsr-x   6 rob   10001   304 2008-07-17 02:50 Sigma.old
drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows

Testparm shows no problems although it does rearrange the share 
definitions somewhat.


The problem must be in windows permissions but I don't know how to 
check them, especially since I have only ssh access because the site 
is remote. I have to rely on local users for testing.


How can I get a list of ATLANTA\domain admin group users?

How can I change the permissions?


Any possibility of acl's, especially default acl's?

getfacl /files/Lucretia/Projects
getfacl /files/Lucretia/Windows
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] write list for share is ignored

2010-01-22 Thread Jon Trauntvein 

Dale Schroeder wrote:

On 01/22/2010 11:00 AM, Jon Trauntvein wrote:

I recently updated a Samba server from Fedora Core 4 to CentOs 4.5.  The
old server had samba version 3.0.11 installed while the newer has samba
version 3.0.33 installed.  The following file is a simplified version of
my smb.conf file:

[global]
 debug level = 5
 security = domain
 workgroup = CSI-INTRANET
 auth methods = guest, sam, winbind
 server string = Software Engineering Workgroup Server
 load printers = yes
 guest account = nobody
 log file = /var/log/samba/log.%m
 max log size = 1024
 encrypt passwords = yes
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 dns proxy = no
 map to guest = bad user

 winbind separator = \\
 idmap uid = 1-2
 idmap gid = 1-2
 winbind enum users = yes
 winbind enum groups = yes


[cora]
 available = yes
 browseable = yes
 path = /home/group/cora
 public = yes
 guest ok = yes
 read only = yes
 write list = @cora
 force create mode = 0775

Assuming cora is a domain group and using your separator \\, try
write list = @CSI-INTRANET\\cora

Somewhere around 3.0.23 or so, winbind started requiring the domain 
name be prefixed to domain users and groups




cora is actually a unix group.  My preferred relationship with the 
domain controller is that it
take care of account authentication and that everything else be local.  
In order to accomplish this, I create
unix accounts on the machine whose names match those of the domain 
logins.  Apparently, version 3.0.11
no longer supports this.  Further, if I change the write list to match 
the specific domain account
(CSI-INTRANET\\jon) that I am using for tests, the share is still 
reported as read-only.




__ Information from ESET NOD32 Antivirus, version of virus signature 
database 4797 (20100122) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] force all connections that come from a windows group to be a specific user and problems with net groupmap add

2010-01-22 Thread g p 
Does anyone know of a simple (share) mechanism that doesn't require setting
up a complex ldap, winbind, pdc, etc samba configuration
that will allow users connecting to a samba share to always be forced to be
a specific unix UID?  The idea is to have
the linux data owned by a particular linux user, and be able to control
write access to that data by adding any arbitrary
windows user to a specified windows user group.  The reason why ldap,
winbind, etc is not a desirable config is that
this could be deployed at sites that have stand alone workgroups with a
single user to very complex ads or ldap
configurations with many thousands of users, and we would like to have a
simplistic one size fits all access control
method.  Note that this doesn't have to conform to ideal security protocols,
or what a zealot would consider ideal configurations
or IT practices - functional simplicity is preferred.

Also - on another related, but separate note, I cannot seem to get the net
groupmap add command to work correctly.
I have a stand alone samba server, and a windows box that I have local admin
permissions to - I add a new windows group
and new unix group on the unix side - run the command net group add
ntgroup=windows_grp_name_here unixgroup=unix_group_name_here,
but when I try to actually write to the share with a windows user that is in
the supposedly mapped group, I only receive a permission denied error.
a net groupmap list shows that the mapping did take, but again, it doesn't
appear to actually function as I would have expected.

Any hep would be great on either or both of these questions.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cannot join domain

2010-01-22 Thread Andy 
Try LGD  :D

On Sat, Jan 23, 2010 at 7:10 AM, Claudia Rodriguez Brasicott
claudia...@gmail.com wrote:
 I got the following error message:

 -
 The domain name LGD-SERVER might be a NetBIOS domain name. If this is the
 case, verify that the domain name is properly registered with WINS.

 If you are certain that the name is not a NetBIOS domain name, then
 the following information can you troubleshoot your DNS
 configuration.

 The following error occurred when DNS was queried for the service
 location (SRV) resource record used to locate an Active Directory
 Domain Controller for domain US3:

 The error was: DNS name does not exist.
 (error code 0x232B RCODE_NAME_ERROR)

 The query was for the SRV record for _ldap._tcp.dc._msdcs.LGD-SERVER
 -

 I though the server was unreachable, or there was a problem with the server
 name, but when I do ping LGD-SERVER from the client, I receive answer.



 On Fri, Jan 22, 2010 at 2:59 PM, Andy thea...@gmail.com wrote:

 What message do you get when attempting to connect to the domain?



 On Fri, Jan 22, 2010 at 9:56 AM, Claudia Rodriguez Brasicott
 claudia...@gmail.com wrote:
  Hello, I just configured a computer on my local network to work as a PDC
  with Samba, although I'm not able to join the Domain from the windows
  computer I want to add. I though it was that the server was unreachable,
  but
  I can ping the server from the computer and viceversa. If someone please
  can
  help me, I'll appreciate it.
 
  The smb.conf file is here:
 
  ---
  [global]
    workgroup = LGD
    netbios name = LGD-SERVER
    server string = %h server (Samba, Ubuntu)
 
    passdb backend = tdbsam
    security = user
    username map = /etc/samba/smbusers
    name resolve order = wins bcast hosts
    domain logons = yes
    prefered master = yes
    wins support = yes
 
    # Set CUPS for printing
    printcap name = CUPS
    printing = CUPS
 
    # Default logon
    logon drive = H:
    # logon script = scripts/logon.bat
    logon path = \\%N\profile\%U
 
    # Useradd scripts
    add user script = /usr/sbin/useradd -m %u
    delete user script = /usr/sbin/userdel -r %u
    add group script = /usr/sbin/groupadd %g
    delete group script = /usr/sbin/groupdel %g
    add user to group script = /usr/sbin/usermod -G %g %u
    add machine script = /usr/sbin/useradd -s /bin/false/ -d
  /var/lib/nobody
  %u
    idmap uid = 15000-2
    idmap gid = 15000-2
 
 
    # sync smb passwords woth linux passwords
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
  *Retype\snew\sUNIX\spassword:* %n\n .
    passwd chat debug = yes
    unix password sync = yes
 
    # set the loglevel
    log level = 3
 
 
  [homes]
    comment = Home
    valid users = %S
    read only = no
    browsable = no
 
 
  [printers]
    comment = All Printers
    path = /var/spool/samba
    printable = yes
    guest ok = yes
    browsable = no
 
 
  [netlogon]
    comment = Network Logon Service
    path = /home/samba/netlogon
    admin users = Administrator
    valid users = %U
    read only = no
 
 
  [profile]
    comment = User profiles
    path = /home/samba/profiles
    valid users = %U
    create mode = 0600
    directory mode = 0700
    writable = yes
    browsable = no
  -
  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/options/samba
 





-- 
REGARDS,
Andy Z
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] wbinfo, net, getent and groups

2010-01-22 Thread Robert Steinmetz AIA 
I have two servers running Samba 2.3.3, one as a Domain Controller one 
as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and 
winbindd using the tdb back end are running on both.


I am don't understand the results. As far as I can tell I have 
everything configured as it should be.


The basic globals for the DC

[global]
workgroup = ATLANTA
time server = Yes
hostname lookups = Yes
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = Yes
winbind enum groups = Yes
hide dot files = No


The glbals for the Member Server

[global]
workgroup = ATLANTA
security = DOMAIN
password server = 192.168.1.24
name resolve order = wins bcast hosts
wins proxy = Yes
wins server = 192.168.1.24
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
hosts allow = 192.168.1.0/255.255.255.0

getent does not return the names on any domain groups or users.

wbinfo does return the names on domains groups and users.

BUILTIN\administrators
BUILTIN\users
ATLANTA\domain users
ATLANTA\domain guests
ATLANTA\domain admins

net groupmap list  on the DC shows mapping to groups

Backup Operators (S-1-5-32-551) - backup
Power Users (S-1-5-32-547) - atlanta
Replicators (S-1-5-32-552) - staff
Domain Users (S-1-5-21-4166445610-3302986456-3838465043-513) - samba
Domain Guests (S-1-5-21-4166445610-3302986456-3838465043-514) - nogroup
Administrators (S-1-5-32-544) - staff
Account Operators (S-1-5-32-548) - account
Users (S-1-5-32-545) - samba
Print Operators (S-1-5-32-550) - print
Guests (S-1-5-32-546) - nogroup
System Operators (S-1-5-32-549) - operator
Domain Admins (S-1-5-21-4166445610-3302986456-3838465043-512) - staff

net groupmap list on the Member Server shows only the builtin in groups

Administrators (S-1-5-32-544) - BUILTIN\administrators
Users (S-1-5-32-545) - BUILTIN\users

--
Robert Steinmetz, AIA
Principal
Steinmetz  Associates
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] SigmaPlot and Windows Vista

2010-01-22 Thread Eduardo D. Mariano 
Dear Colleagues,

I've tried to run my SigmaPlot 6.0 in a computer with Windows Vista
but have got the message

Cannot open or create 'C:\PROGRAM FILES\SPW6\LOCKFILE.SYS'

every time I try to start the software.

Does anybody know what I should do to overcome this problem?

Thank you all in advance.

Best regards,
Eduardo
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] 3.4.5 compile problem on solaris 10

2010-01-22 Thread christoph . beyer 

hi,

I found some older posts with this issues but no solution for me :(

Seems to be a krb related issue:

Compiling libsmb/clikrb5.c
libsmb/clikrb5.c: In function 'get_krb5_smb_session_key':
libsmb/clikrb5.c:886: warning: 'krb5_auth_con_getremotesubkey' is 
deprecated (declared at /global/spool/krb5-1.7/include/krb5/krb5.h:2167)
libsmb/clikrb5.c:888: warning: 'krb5_auth_con_getlocalsubkey' is 
deprecated (declared at /global/spool/krb5-1.7/include/krb5/krb5.h:2162)
libsmb/clikrb5.c:1623:2: error: #error 
UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION

The following command failed:
/opt/gcc/bin/gcc -I/global/spool/krb5-1.7/include 
-Wl,-R/global/spool/openssl-0.9.8l/lib -Wl,-R/global/spool/krb5-1.7/lib 
-Wl,-R/opt/csw/lib -I. -I/global/spool/src/samba/samba-3.4.5/source3 
-I/global/spool/src/samba/samba-3.4.5/source3/iniparser/src -Iinclude 
-I./include  -I. -I. -I./../lib/replace -I./../lib/talloc 
-I./../lib/tevent -I./../lib/tdb/include -I./libaddns -I./librpc -I./.. 
-DHAVE_CONFIG_H  -I/global/spool/krb5-1.7/include 
-I/global/spool/openssl-0.9.8l/include -I/global/spool/krb5-1.7/include 
-I/opt/csw/include -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 
-DLDAP_DEPRECATED -DSUNOS5 
-I/global/spool/src/samba/samba-3.4.5/source3/lib -I.. -I../source4 
-D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 -fPIC -c libsmb/clikrb5.c -o 
libsmb/clikrb5.o

gmake: *** [libsmb/clikrb5.o] Error 1

I use a build script it looks like this:

PATH=/usr/bin:/usr/local/bin:/usr/sfw/bin:/opt/sfw/bin:/usr/ccs/bin:/global/spool/openssl-0.9.8l/bin:/global/spool/krb5-1.7/bin
export PATH
HOSTNAME=`/usr/bin/hostname`

DIRPATH=/global/spool/openssl-0.9.8l /global/spool/krb5-1.7 /opt/csw
for dir in $DIRPATH ; do
CPPFLAGS=$CPPFLAGS -I$dir/include
CFLAGS=$CFLAGS -Wl,-R$dir/lib
LDFLAGS=$LDFLAGS -L$dir/lib
done
LDFLAGS=$LDFLAGS -L$dir/lib 
-Wl,-R/global/spool/$HOSTNAME/samba-3.4.1/lib


export CPPFLAGS CFLAGS LDFLAGS CC

echo CPPFLAGS=$CPPFLAGS
echo CFLAGS=$CFLAGS
echo LDFLAGS=$LDFLAGS
echo CC=$CC

## configure  build
#./autogen.sh
./configure --prefix=/global/spool/$HOSTNAME/samba-3.4.5 \
--with-ads \
--with-ldap \
--with-krb5=/global/spool/krb5-1.7

if [ $? -ne 0 ]; then
echo configure failed.  Exiting
exit 1
fi

make showlayout
make

Any hints are very much appreciate, if possible also via e-mail to my 
address as I am not currently on the list


THANKS
~christoph


--
/*   Christoph Beyer |   Office: Building 2b / 23 *\
 *   DESY|Phone: 040-8998-2317*
 *   - IT -  |  Fax: 040-8998-4060*
\*   22603 Hamburg   | http://www.desy.de */


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Permissions Problem

2010-01-22 Thread Robert Steinmetz AIA 

Dale Schroeder wrote:

On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote:

I need help understanding what is happening and trouble shooting.

I have two servers running Samba 2.3.3, one as a Domain Controller 
one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and 
winbindd using the tdb back end are running on both.


I have two shares on the member server and as far as I can tell they 
are identical. [Projects] works as expected but [Windows] always asks 
for a login name even though the smb.conf entries for both are are 
the same. If I comment out the force group in [Windows] users can 
access the share but there are errors writing and creating files. If 
I create a new share it acts as the [Windows] share.


Here are the share definitions and a list of the files in the directory;

[Projects]
   Comment = Project Files
   path = /files/Lucretia/Projects
   writeable = yes
   browseable = yes
   create mask = 0764
   directory mask = 0775
   force group = ATLANTA\domain users

[Windows]
   comment = Atlanta Windows Files
   path = /files/Lucretia/Windows
   browseable = yes
   writeable = yes
   create mask = 0764
   directory mask = 0775
   force group = ATLANTA\domain users


r...@louise:/files/Lucretia# ls -l
total 66
drwxrwsr-x   2 root  1000148 2008-07-17 03:17 Arris
-rw-r-Sr--   1 root  10001  5952 2008-07-17 04:25 list
drwxrwsr-x  74 ATLANTA\rob   10001 17040 2009-12-17 15:25 Office
drwxrwsr-x  67 rob   10001 14456 1969-12-31 19:00 Office.orig
drwxrwsr-x  51 ATLANTA\trish 10001  4528 2010-01-14 14:26 Projects
drwxrwsr-x   8 ATLANTA\rob   10001   400 2009-07-10 15:52 Sigma
drwxrwsr-x   6 rob   10001   304 2008-07-17 02:50 Sigma.old
drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows

Testparm shows no problems although it does rearrange the share 
definitions somewhat.


The problem must be in windows permissions but I don't know how to 
check them, especially since I have only ssh access because the site 
is remote. I have to rely on local users for testing.


How can I get a list of ATLANTA\domain admin group users?

How can I change the permissions?


Any possibility of acl's, especially default acl's?

getfacl /files/Lucretia/Projects
getfacl /files/Lucretia/Windows


Looks like not;

r...@louise:/etc/samba# getfacl /files/Lucretia/Projects
getfacl: Removing leading '/' from absolute path names
# file: files/Lucretia/Projects
# owner: ATLANTA\134trish
# group: 10001
user::rwx
group::rwx
other::r-x

r...@louise:/etc/samba# getfacl /files/Lucretia/Windows
getfacl: Removing leading '/' from absolute path names
# file: files/Lucretia/Windows
# owner: ATLANTA\134trish
# group: 10001
user::rwx
group::rwx
other::rwx



--
Robert Steinmetz, AIA
Principal
Steinmetz  Associates
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba Serving NFS Mounted Directories

2010-01-22 Thread Jon Forrest 

I have a Sun 7310 storage server. This is
running Solaris 10 but it's self-contained
and I can't login to it or run Samba on it.
I manage it with a web interface.

I have a CentOS 5.3 machine that mounts
a bunch of file systems via NFS from the
Sun server. This works fine. I installed
Samba 3.4.5 on the CentOS machine and
configured it to share some of the directories
that are actually NFS mounts from the Sun
server. I'm able to map these directories
from both Windows XP and Windows 7.

I'm seeing several problems:

1) Accessing the mapped directories from
Windows when running Microsoft Office apps is
extremely slow. I don't have any exact numbers
but let's say the speed is unusable. Ironically,
other programs, such as 'vim' and 'notepad'
don't have this speed problem when accessing
the same shares.

2) Again, using Microsoft Office apps, Windows XP
machines see files as read-only. Windows 7 works
fine on the same files.

The Sun has a non-Samba CIFS implementation
but it's non-intuitive to set up so I haven't
tried it. I'm wondering if what I describe
should work.

Here's the smb.conf configuration for the share:

[bgroup]

valid users = bgroup
path = /home/bgroup
public = no
writeable = yes
browseable = no
create mask = 012
create mode = 0660
directory mode = 0770

Any comments or suggestions?

Cordially,

--
Jon Forrest
Research Computing Support
College of Chemistry
173 Tan Hall
University of California Berkeley
Berkeley, CA
94720-1460
510-643-1032
jlforr...@berkeley.edu

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Serving NFS Mounted Directories

2010-01-22 Thread Ray Van Dolson 
On Fri, Jan 22, 2010 at 04:49:33PM -0800, Jon Forrest wrote:
 I have a Sun 7310 storage server. This is
 running Solaris 10 but it's self-contained
 and I can't login to it or run Samba on it.
 I manage it with a web interface.
 
 I have a CentOS 5.3 machine that mounts
 a bunch of file systems via NFS from the
 Sun server. This works fine. I installed
 Samba 3.4.5 on the CentOS machine and
 configured it to share some of the directories
 that are actually NFS mounts from the Sun
 server. I'm able to map these directories
 from both Windows XP and Windows 7.
 
 I'm seeing several problems:
 
 1) Accessing the mapped directories from
 Windows when running Microsoft Office apps is
 extremely slow. I don't have any exact numbers
 but let's say the speed is unusable. Ironically,
 other programs, such as 'vim' and 'notepad'
 don't have this speed problem when accessing
 the same shares.
 
 2) Again, using Microsoft Office apps, Windows XP
 machines see files as read-only. Windows 7 works
 fine on the same files.
 
 The Sun has a non-Samba CIFS implementation
 but it's non-intuitive to set up so I haven't
 tried it. I'm wondering if what I describe
 should work.
 
 Here's the smb.conf configuration for the share:
 
 [bgroup]
 
  valid users = bgroup
  path = /home/bgroup
  public = no
  writeable = yes
  browseable = no
  create mask = 012
  create mode = 0660
  directory mode = 0770
 
 Any comments or suggestions?
 
 Cordially,

First of all, you really don't want to re-export NFS mounts via Samba.

Secondly, if you absolutely must do it, I recommend the following
settings:

[global]
# your other options here...
oplocks = No
level2 oplocks = No

On certain shares, you may want to set:

posix locking = No

Ray
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch v3-5-test updated

2010-01-22 Thread Karolin Seeger 
The branch, v3-5-test has been updated
   via  f217969... s3: Fix bug 7052: DFS broken on AIX (maybe others) 
(cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6)
  from  155fb98... s3:pdb_ldap: Fix large paged search.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit f21796955e7aa2e84a1c810612f2fdee2bde611c
Author: William Jojo w.j...@hvcc.edu
Date:   Thu Jan 21 14:21:03 2010 +0100

s3: Fix bug 7052: DFS broken on AIX (maybe others)
(cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6)

---

Summary of changes:
 tests/readlink.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/tests/readlink.c b/tests/readlink.c
index a07e62a..3784288 100644
--- a/tests/readlink.c
+++ b/tests/readlink.c
@@ -13,7 +13,7 @@
 
 main()
 {
-   int buf[7];
+   char buf[7];
int ret;
ssize_t rl_ret;
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-4-test updated

2010-01-22 Thread Karolin Seeger 
The branch, v3-4-test has been updated
   via  28b3cf3... s3: Fix bug 7052: DFS broken on AIX (maybe others) 
(cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6) (cherry 
picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c)
  from  436e136... s3-docs: Fix typos.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -
commit 28b3cf328312a26cd72bbc54f3283bc46b51bc32
Author: William Jojo w.j...@hvcc.edu
Date:   Thu Jan 21 14:21:03 2010 +0100

s3: Fix bug 7052: DFS broken on AIX (maybe others)
(cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6)
(cherry picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c)

---

Summary of changes:
 tests/readlink.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/tests/readlink.c b/tests/readlink.c
index a07e62a..3784288 100644
--- a/tests/readlink.c
+++ b/tests/readlink.c
@@ -13,7 +13,7 @@
 
 main()
 {
-   int buf[7];
+   char buf[7];
int ret;
ssize_t rl_ret;
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-test updated

2010-01-22 Thread Karolin Seeger 
The branch, v3-3-test has been updated
   via  e66e5cb... s3: Fix bug 7052: DFS broken on AIX (maybe others) 
(cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6) (cherry 
picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c) (cherry picked 
from commit 28b3cf328312a26cd72bbc54f3283bc46b51bc32)
  from  c2cdd4d... s3-docs: Fix typos.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit e66e5cb6324800d20f5f091a7fb2eba2d751241a
Author: William Jojo w.j...@hvcc.edu
Date:   Thu Jan 21 14:21:03 2010 +0100

s3: Fix bug 7052: DFS broken on AIX (maybe others)
(cherry picked from commit c531d00abdb19ff6ba4c60ebdcc8319949c6)
(cherry picked from commit f21796955e7aa2e84a1c810612f2fdee2bde611c)
(cherry picked from commit 28b3cf328312a26cd72bbc54f3283bc46b51bc32)

---

Summary of changes:
 tests/readlink.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/tests/readlink.c b/tests/readlink.c
index a07e62a..3784288 100644
--- a/tests/readlink.c
+++ b/tests/readlink.c
@@ -13,7 +13,7 @@
 
 main()
 {
-   int buf[7];
+   char buf[7];
int ret;
ssize_t rl_ret;
 


-- 
Samba Shared Repository

[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - 3.2.11-ctdb-69-4-g221c557

2010-01-22 Thread Michael Adam 
The branch, v3-2-ctdb has been updated
   via  221c557f1fa0709cb5fc0c46ca5abcc480553a23 (commit)
   via  4c58bbfd8488bfe88be8a304182c2e02b2f39dc1 (commit)
   via  51d5d9e6f75e64b0947d47a91f07861be5b1e126 (commit)
  from  f957e56ae7b041abc15e5fadc3847da6ca80aece (commit)

http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb


- Log -
commit 221c557f1fa0709cb5fc0c46ca5abcc480553a23
Author: Jeff Layton jlay...@redhat.com
Date:   Fri Sep 25 07:03:44 2009 -0400

mount.cifs: don't leak passwords with verbose option

When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.

Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.

Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.

Reported-by: Ronald Volgers r.c.volg...@student.utwente.nl
Signed-off-by: Jeff Layton jlay...@redhat.com
Acked-by: Steve French sfre...@us.ibm.com
Signed-off-by: Christian Ambach christian.amb...@de.ibm.com

commit 4c58bbfd8488bfe88be8a304182c2e02b2f39dc1
Author: Jeff Layton jlay...@redhat.com
Date:   Fri Sep 25 07:03:44 2009 -0400

mount.cifs: check access of credential files before opening

It's possible for an unprivileged user to pass a setuid mount.cifs a
credential or password file to which he does not have access. This can cause
mount.cifs to open the file on his behalf and possibly leak the info in the
first few lines of the file.

Check the access permissions of the file before opening it.

Reported-by: Ronald Volgers r.c.volg...@student.utwente.nl
Signed-off-by: Jeff Layton jlay...@redhat.com
Acked-by: Steve French sfre...@us.ibm.com
Signed-off-by: Christian Ambach christian.amb...@de.ibm.com

commit 51d5d9e6f75e64b0947d47a91f07861be5b1e126
Author: Jeremy Allison j...@samba.org
Date:   Wed Sep 30 14:24:50 2009 +0200

Fix for CVE-2009-2906.

Summary:
Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.

Signed-off-by: Christian Ambach christian.amb...@de.ibm.com

---

Summary of changes:
 source/client/mount.cifs.c |   65 ++-
 source/include/smb.h   |1 +
 source/smbd/process.c  |   28 +--
 3 files changed, 71 insertions(+), 23 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c
index d05115b..a947dd1 100644
--- a/source/client/mount.cifs.c
+++ b/source/client/mount.cifs.c
@@ -199,6 +199,11 @@ static int open_cred_file(char * file_name)
char * temp_val;
FILE * fs;
int i, length;
+
+   i = access(file_name, R_OK);
+   if (i)
+   return i;
+
fs = fopen(file_name,r);
if(fs == NULL)
return errno;
@@ -321,6 +326,12 @@ static int get_password_from_file(int file_descript, char 
* filename)
}
 
if(filename != NULL) {
+   rc = access(filename, R_OK);
+   if (rc) {
+   fprintf(stderr, mount.cifs failed: access check of %s 
failed: %s\n,
+   filename, strerror(errno));
+   exit(EX_SYSERR);
+   }
file_descript = open(filename, O_RDONLY);
if(file_descript  0) {
printf(mount.cifs failed. %s attempting to open 
password file %s\n,
@@ -380,9 +391,6 @@ static int parse_options(char ** optionsp, int * 
filesys_flags)
return 1;
data = *optionsp;
 
-   if(verboseflag)
-   printf(parsing options: %s\n, data);
-
/* BB fixme check for separator override BB */
 
if (getuid()) {
@@ -471,18 +479,27 @@ static int parse_options(char ** optionsp, int * 
filesys_flags)
} else if (strncmp(data, pass, 4) == 0) {
if (!value || !*value) {
if(got_password) {
-   printf(\npassword specified twice, 
ignoring second\n);
+   fprintf(stderr, \npassword specified 
twice, ignoring second\n);
} else

[SCM] Samba Shared Repository - branch master updated

2010-01-22 Thread Volker Lendecke 
The branch, master has been updated
   via  9acbed1... s3: Fix some nonempty blank lines
   via  ee4a360... s3: Fix a typo in a comment
  from  2534654... s3:pdb_ldap: Fix large paged search.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 9acbed13e877cb4cf69c93598d89cb865aa7f194
Author: Volker Lendecke v...@samba.org
Date:   Fri Jan 22 13:31:44 2010 +0100

s3: Fix some nonempty blank lines

commit ee4a3606e606da5803d6e1ebac0c839c7a8a2a55
Author: Volker Lendecke v...@samba.org
Date:   Fri Jan 22 13:31:30 2010 +0100

s3: Fix a typo in a comment

---

Summary of changes:
 source3/registry/reg_backend_shares.c |   43 -
 1 files changed, 21 insertions(+), 22 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/registry/reg_backend_shares.c 
b/source3/registry/reg_backend_shares.c
index 1977406..22b8fd7 100644
--- a/source3/registry/reg_backend_shares.c
+++ b/source3/registry/reg_backend_shares.c
@@ -26,7 +26,7 @@
 
 /**
  It is safe to assume that every registry path passed into on of 
- the exported functions here begins with KEY_PRINTING else
+ the exported functions here begins with KEY_SHARES else
  these functions would have never been called.  This is a small utility
  function to strip the beginning of the path and make a copy that the 
  caller can modify.  Note that the caller is responsible for releasing
@@ -37,24 +37,23 @@ static char* trim_reg_path( const char *path )
 {
const char *p;
uint16 key_len = strlen(KEY_SHARES);
-   
+
/* 
 * sanity check...this really should never be True.
 * It is only here to prevent us from accessing outside
 * the path buffer in the extreme case.
 */
-   
+
if ( strlen(path)  key_len ) {
DEBUG(0,(trim_reg_path: Registry path too short! [%s]\n, 
path));
return NULL;
}
-   
-   
+
p = path + strlen( KEY_SHARES );
-   
+
if ( *p == '\\' )
p++;
-   
+
if ( *p )
return SMB_STRDUP(p);
else
@@ -65,22 +64,22 @@ static char* trim_reg_path( const char *path )
  Enumerate registry subkey names given a registry path.  
  Caller is responsible for freeing memory to **subkeys
  */
- 
+
 static int shares_subkey_info( const char *key, struct regsubkey_ctr 
*subkey_ctr )
 {
char*path;
booltop_level = False;
int num_subkeys = 0;
-   
+
DEBUG(10,(printing_subkey_info: key=[%s]\n, key));
-   
+
path = trim_reg_path( key );
-   
+
/* check to see if we are dealing with the top level key */
-   
+
if ( !path )
top_level = True;
-   
+
if ( top_level ) {
num_subkeys = 1;
regsubkey_ctr_addkey( subkey_ctr, Security );
@@ -89,9 +88,9 @@ static int shares_subkey_info( const char *key, struct 
regsubkey_ctr *subkey_ctr
else
num_subkeys = handle_share_subpath( path, subkey_ctr, NULL );
 #endif
-   
+
SAFE_FREE( path );
-   
+
return num_subkeys;
 }
 
@@ -105,16 +104,16 @@ static int shares_value_info(const char *key, struct 
regval_ctr *val)
char*path;
booltop_level = False;
int num_values = 0;
-   
+
DEBUG(10,(printing_value_info: key=[%s]\n, key));
-   
+
path = trim_reg_path( key );
-   
+
/* check to see if we are dealing with the top level key */
-   
+
if ( !path )
top_level = True;
-   
+
/* fill in values from the getprinterdata_printer_server() */
if ( top_level )
num_values = 0;
@@ -122,9 +121,9 @@ static int shares_value_info(const char *key, struct 
regval_ctr *val)
else
num_values = handle_printing_subpath( path, NULL, val );
 #endif
-   
+
SAFE_FREE(path);
-   
+
return num_values;
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2010-01-22 Thread Simo Sorce 
The branch, master has been updated
   via  4c54804... s4:kdc Simplify header files
  from  9acbed1... s3: Fix some nonempty blank lines

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 4c548048c55ab3b7c79f5317281988b446c7fbf2
Author: Simo Sorce i...@samba.org
Date:   Thu Jan 21 09:57:41 2010 -0500

s4:kdc Simplify header files

---

Summary of changes:
 source4/kdc/config.mk|1 -
 source4/kdc/hdb-samba4.c |   14 --
 source4/kdc/kdc.h|8 ++--
 source4/kdc/pac-glue.h   |   30 --
 4 files changed, 14 insertions(+), 39 deletions(-)
 delete mode 100644 source4/kdc/pac-glue.h


Changeset truncated at 500 lines:

diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk
index 3ae5fe5..1659941 100644
--- a/source4/kdc/config.mk
+++ b/source4/kdc/config.mk
@@ -36,4 +36,3 @@ PRIVATE_DEPENDENCIES = \
 ###
 
 PAC_GLUE_OBJ_FILES = $(addprefix $(kdcsrcdir)/, pac-glue.o)
-$(eval $(call 
proto_header_template,$(kdcsrcdir)/pac-glue_proto.h,$(HDB_SAMBA4_OBJ_FILES:.o=.c)))
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index f7a72b4..eb7edeb 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -1451,9 +1451,10 @@ static krb5_error_code hdb_samba4_destroy(krb5_context 
context, HDB *db)
  *
  * This is currently a very nasty hack - allowing only delegation to itself.
  */
-krb5_error_code hdb_samba4_check_constrained_delegation(krb5_context context, 
HDB *db,
-   hdb_entry_ex *entry,
-   krb5_const_principal 
target_principal)
+static krb5_error_code
+hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db,
+   hdb_entry_ex *entry,
+   krb5_const_principal target_principal)
 {
struct ldb_context *ldb_ctx = (struct ldb_context *)db-hdb_db;
struct loadparm_context *lp_ctx = 
talloc_get_type(ldb_get_opaque(ldb_ctx, loadparm),
@@ -1525,9 +1526,10 @@ krb5_error_code 
hdb_samba4_check_constrained_delegation(krb5_context context, HD
  * database.  Allow a mismatch where they both refer to the same
  * SID */
 
-krb5_error_code hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB 
*db,
-hdb_entry_ex *entry,
-krb5_const_principal 
certificate_principal)
+static krb5_error_code
+hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db,
+hdb_entry_ex *entry,
+krb5_const_principal certificate_principal)
 {
struct ldb_context *ldb_ctx = (struct ldb_context *)db-hdb_db;
struct loadparm_context *lp_ctx = 
talloc_get_type(ldb_get_opaque(ldb_ctx, loadparm),
diff --git a/source4/kdc/kdc.h b/source4/kdc/kdc.h
index b9cf621..becef93 100644
--- a/source4/kdc/kdc.h
+++ b/source4/kdc/kdc.h
@@ -25,12 +25,12 @@
 #include hdb.h
 #include kdc.h
 #include krb5/windc_plugin.h
-#include kdc/pac-glue.h
 #include kdc/hdb-samba4.h
 
 struct kdc_server;
 struct tsocket_address;
 
+extern struct krb5plugin_windc_ftable windc_plugin_table;
 
 bool kpasswdd_process(struct kdc_server *kdc,
  TALLOC_CTX *mem_ctx,
@@ -50,4 +50,8 @@ struct kdc_server {
struct hdb_samba4_context *hdb_samba4_context;
 };
 
-
+/* from hdb-samba4.c */
+NTSTATUS hdb_samba4_create_kdc(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev_ctx,
+ struct loadparm_context *lp_ctx,
+ krb5_context context, struct HDB **db);
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h
deleted file mode 100644
index f838ec3..000
--- a/source4/kdc/pac-glue.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-   Unix SMB/CIFS implementation.
-
-   KDC Server startup
-
-   Copyright (C) Andrew Bartlett abart...@samba.org 2005-2009
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see http://www.gnu.org/licenses/.
-*/
-
-#ifndef __KDC_PAC_GLUE_H__
-#define __KDC_PAC_GLUE_H__
-
-#include kdc/pac-glue_proto.h
-
-extern struct krb5plugin_windc_ftable

Build status as of Sat Jan 23 07:00:05 2010

2010-01-22 Thread build 
URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2010-01-22 
00:00:05.0 -0700
+++ /home/build/master/cache/broken_results.txt 2010-01-23 00:00:11.0 
-0700
@@ -1,22 +1,22 @@
-Build status as of Fri Jan 22 07:00:04 2010
+Build status as of Sat Jan 23 07:00:05 2010
 
 Build counts:
 Tree Total  Broken Panic 
 build_farm   0  0  0 
-ccache   2  0  0 
+ccache   0  0  0 
 distcc   0  0  0 
 ldb  30 30 0 
-libreplace   29 12 0 
+libreplace   2  0  0 
 lorikeet 0  0  0 
 pidl 19 19 0 
 ppp  1  1  0 
-rsync1  0  0 
+rsync0  0  0 
 samba-docs   0  0  0 
 samba-web0  0  0 
-samba_3_current 28 28 0 
+samba_3_current 27 27 0 
 samba_3_master 27 27 3 
-samba_3_next 28 28 2 
+samba_3_next 28 28 3 
 samba_4_0_test 30 29 0 
 talloc   30 10 0 
-tdb  27 17 0 
+tdb  3  1  0