Re: [Samba] Restricting samba subfolder acl changes to admin users
Thanks Volker. Adding Jeremy, as my manager told me that let samba team know that I am part of EMC lifeline team .. and some of team members discussed with Jeremy regarding some other samba problems. Volker , if you don't mind can you elaborate this , if we make share offline , how the setting of acls goes through the samba source code.? However, I think this might cause quite a few problems. For example, if you make such a share available offline, disallowing setting of ACLs will cause severe problems when clients synchronize their data. Moreover, some applications like for example Microsoft Excel explicitly set the ACL when saving files. You need to check if disallowing this does not cause you trouble. - Thanks Suresh -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Volker Lendecke Sent: Thursday, October 14, 2010 5:43 PM To: Kandukuru, Suresh Cc: samba@lists.samba.org Subject: Re: [Samba] Restricting samba subfolder acl changes to admin users On Thu, Oct 14, 2010 at 08:05:38AM -0400, suresh.kanduk...@emc.com wrote: I am talking about users who has write access on the share, not necessarily owners of the file/sub folders in it. can we disallow the (some) users who has write access on the share to change subfolder ACL's in it?. I want to give this ACL change permission only to specific set of users . I think this is valid requirement in general use case. Yes, I think this might be a valid use case, although Samba does not right now do this. It would require a patch to add this capability along the lines of valid users etc. However, I think this might cause quite a few problems. For example, if you make such a share available offline, disallowing setting of ACLs will cause severe problems when clients synchronize their data. Moreover, some applications like for example Microsoft Excel explicitly set the ACL when saving files. You need to check if disallowing this does not cause you trouble. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting samba subfolder acl changes to admin users
On Fri, Oct 15, 2010 at 02:07:55AM -0400, suresh.kanduk...@emc.com wrote: Thanks Volker. Adding Jeremy, as my manager told me that let samba team know that I am part of EMC lifeline team .. and some of team members discussed with Jeremy regarding some other samba problems. Volker , if you don't mind can you elaborate this , if we make share offline , how the setting of acls goes through the samba source code.? When you make a folder available offline, then when a user comes back and re-synchronizes his data, then the client will set ACLs. I'm not sure how it reacts when you deny that. The setting of ACLs goes comes into the Samba source code in source3/smbd/nttrans.c, there we have the function called call_nt_transact_set_security_desc. From there we end up in set_sd and via the VFS we call SMB_VFS_FSET_NT_ACL, which is by default the function set_nt_acl() in smbd/posix_acls.c. Hope that helps, Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting samba subfolder acl changes to admin users
Got it Volker . Thanks . once final Q is ,I have admin user in NAS . for a share test , he has given write access to user user1 and read access for a subfolder - testsubdir in share test . when user1 logged into share test, he could not write into testsubdir. obviously it is because he has read access on the folder an most restrictive access will be effective. and the problem is since the user1 has write access to share , he is able to change the read access on the sub folder by himself. why samba is allowing this ? since effectively user1 has read access on the sub folder testsubdir it should deny acl changes on that right?. Thanks Suresh -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Volker Lendecke Sent: Friday, October 15, 2010 2:27 PM To: Kandukuru, Suresh Cc: samba@lists.samba.org; j...@samba.org Subject: Re: [Samba] Restricting samba subfolder acl changes to admin users On Fri, Oct 15, 2010 at 02:07:55AM -0400, suresh.kanduk...@emc.com wrote: Thanks Volker. Adding Jeremy, as my manager told me that let samba team know that I am part of EMC lifeline team .. and some of team members discussed with Jeremy regarding some other samba problems. Volker , if you don't mind can you elaborate this , if we make share offline , how the setting of acls goes through the samba source code.? When you make a folder available offline, then when a user comes back and re-synchronizes his data, then the client will set ACLs. I'm not sure how it reacts when you deny that. The setting of ACLs goes comes into the Samba source code in source3/smbd/nttrans.c, there we have the function called call_nt_transact_set_security_desc. From there we end up in set_sd and via the VFS we call SMB_VFS_FSET_NT_ACL, which is by default the function set_nt_acl() in smbd/posix_acls.c. Hope that helps, Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error was Transport endpoint is not connected
Nice try. The backup fails exactly the moment the message appears in the log. So I would say it is something to worry about. Has really no one any ideas why this all of a sudden comes up. Thanks for any hints Rob On Tue, 2010-10-12 at 08:41 +0200, Daniel Müller wrote: This message only says: I established to one of the ports 139 or 445 and dropped the other. It is nothing to trouble about. --- EDV Daniel Mller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tbingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Montag, 11. Oktober 2010 16:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error was Transport endpoint is not connected By default samba listens on two TCP ports- 445 and 139. You can specify this in smb.conf smb ports = 445 139 445 is the newer smb over tcp.139 is the older smb over netbios over tcp/ip. 445 was for Windows 2000 and newer clients.. I am not sure why samba enables 445 by default since as far as I know it does not support smb-over-tcp (without the NBT/netbios over tcp stuff.)If you set smb ports = 139 in your smb.conf you should see endpoint messages disappear. I think what happens is Win 2000 (and newer) clients will initially try to connect on port 445, find it isn't really compatible, and then dump down to NBT on port 139. So your NAS may be occasionally connecting on port 139 without problems and occasionally connecting on port 445, and which point it fails. OR- the endpoint errors may be completely unrelated, but you just don't look for when when the NAS is working. Is the NAS part of the domain? Is it a windows or linux/samba based device? My samba server is a PDC. XP clients in the domain connect with no problems regardless of if smb ports is 139 only or 139 + 445. XP/Win7 clients NOT in the domain can't connect to shares if 445 is disabled, which indicates they are connecting to 445 1st. On 10/11/2010 08:57 AM, robert.gehr wrote: Hello All I used to back up a Mssql database (about 55GB) to a samba share without any problems. The samba server Server-A was running version 3.4.7 We just got one of those Netgear ReadyNas3200 things and I tried to backup up to a share there which sometimes works and sometimes not in wich case I get the following error: snip--- [2010/10/08 21:32:26.937834, 0] lib/util_sock.c:474(read_fd_with_timeout) [2010/10/08 21:32:26.966404, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. ---snap- The samba version on the ReadyNas is 3.5.4 On the windows side nothing has changed apart form the destination to the new share. The ReadyNas performs pretty well and I do not get any network errors or otherwise. To rule out some network problem I exported a nfs share on the ReadyNas which I mounted on Server-A, created a share on Server-A that points to the nfs-mount and ran a backup. No problems and no errors. Any ideas which buttons to push in order to get a reliable backup going again? From what I read this usually points to a problem on the client side but nothing has changed there. I could of course use the Server-A:smb-nfs-mount:ReadyNas solution but this is not what I want. Thanks Rob -- Everything should be made as simple as possible, but not simpler. ~ Albert Einstein -- baumann GmbH Oskar-von-Miller-Str. 7 92224 Amberg - Deutschland / Germany GF / CEO: Dr. Georg Baumann, Rudi Neumann, Josef Konrad HR: Amberg HRB 1067 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting samba subfolder acl changes to admin users
On Fri, Oct 15, 2010 at 07:09:02AM -0400, suresh.kanduk...@emc.com wrote: once final Q is ,I have admin user in NAS . for a share test , he has given write access to user user1 and read access for a subfolder - testsubdir in share test . when user1 logged into share test, he could not write into testsubdir. obviously it is because he has read access on the folder an most restrictive access will be effective. and the problem is since the user1 has write access to share , he is able to change the read access on the sub folder by himself. why samba is allowing this ? since effectively user1 has read access on the sub folder testsubdir it should deny acl changes on that right?. Who is the file owner of testsubdir? You can find out who is the owner with the command ls -ld testsubdir. If user1 is the owner, then it does not matter if user1 has only read access. If user1 is not the owner, then we might have a bug in Samba. Please send us your smb.conf configuration file and a debug level 10 log of the smbd allowing this operation. Thanks in advance, Volker Lendecke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error was Transport endpoint is not connected
Did you try changing smb.conf on the NAS to be port 139 only? Also, it seems that 55 GB should not take one hour to copy (55 GBytes is 440 Gbit, and at 1 Gbit/sec and 60 secs / min, the transfer sohuld take about minutes- at least in theory.) I am guessing it is dropping because it tries to reestablish a connection part way through the transfer. On 10/15/2010 07:12 AM, robert.gehr wrote: Nice try. The backup fails exactly the moment the message appears in the log. So I would say it is something to worry about. Has really no one any ideas why this all of a sudden comes up. Thanks for any hints Rob On Tue, 2010-10-12 at 08:41 +0200, Daniel Müller wrote: This message only says: I established to one of the ports 139 or 445 and dropped the other. It is nothing to trouble about. --- EDV Daniel Mller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tbingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Montag, 11. Oktober 2010 16:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error was Transport endpoint is not connected By default samba listens on two TCP ports- 445 and 139. You can specify this in smb.conf smb ports = 445 139 445 is the newer smb over tcp.139 is the older smb over netbios over tcp/ip. 445 was for Windows 2000 and newer clients.. I am not sure why samba enables 445 by default since as far as I know it does not support smb-over-tcp (without the NBT/netbios over tcp stuff.)If you set smb ports = 139 in your smb.conf you should see endpoint messages disappear. I think what happens is Win 2000 (and newer) clients will initially try to connect on port 445, find it isn't really compatible, and then dump down to NBT on port 139. So your NAS may be occasionally connecting on port 139 without problems and occasionally connecting on port 445, and which point it fails. OR- the endpoint errors may be completely unrelated, but you just don't look for when when the NAS is working. Is the NAS part of the domain? Is it a windows or linux/samba based device? My samba server is a PDC. XP clients in the domain connect with no problems regardless of if smb ports is 139 only or 139 + 445. XP/Win7 clients NOT in the domain can't connect to shares if 445 is disabled, which indicates they are connecting to 445 1st. On 10/11/2010 08:57 AM, robert.gehr wrote: Hello All I used to back up a Mssql database (about 55GB) to a samba share without any problems. The samba server Server-A was running version 3.4.7 We just got one of those Netgear ReadyNas3200 things and I tried to backup up to a share there which sometimes works and sometimes not in wich case I get the following error: snip--- [2010/10/08 21:32:26.937834, 0] lib/util_sock.c:474(read_fd_with_timeout) [2010/10/08 21:32:26.966404, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. ---snap- The samba version on the ReadyNas is 3.5.4 On the windows side nothing has changed apart form the destination to the new share. The ReadyNas performs pretty well and I do not get any network errors or otherwise. To rule out some network problem I exported a nfs share on the ReadyNas which I mounted on Server-A, created a share on Server-A that points to the nfs-mount and ran a backup. No problems and no errors. Any ideas which buttons to push in order to get a reliable backup going again? From what I read this usually points to a problem on the client side but nothing has changed there. I could of course use the Server-A:smb-nfs-mount:ReadyNas solution but this is not what I want. Thanks Rob -- Everything should be made as simple as possible, but not simpler. ~ Albert Einstein -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] IDMAP SID to UID problem
Hi All I have Samba server 3.4.3.0 from pware which is integrated to AD users. I can list down the user from wbinfo e.g foo:/opt/samba/varwbinfo -n USER1 S-1-5-21-2072526652-XX-945835055-315051 User (1) foo:/opt/samba/varwbinfo -s S-1-5-21-2072526652-XX-945835055-315051 DOMAIN1\USER1 1 But when I check the mapping into the winbindd_idmap.tdb, I can't see the mapping there. picchu:/opt/samba/var/lockstdbdump winbindd_idmap.tdb|grep 315051 which results nothing Now, if I create the wbinfo --set-uid-mapping=UID,SID the samba works OK, means that the SID to UID mapping is not working.. I can see many error in the log file -- Fatal Error: GID range full!! (max: 199) Fatal Error: UID range full!! (max: 99) I'm quite sure we don't have that many user which might fill such a large range for UID and GID we have provided. Can anyone let me know how I can get this mapping corrected? Thanks in advance Yash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting samba subfolder acl changes to admin users
Volker I will send the log, why it does not matter here if user1 is owner of the subfolder and has read only access on it?. my Q is though user1 has read only access on subfolder testsubfldr, he is able to change it to the write , since user1 has write access on the share. cannot samba disallow acl changes on the subfolder testsufldr for the user user1 since has read access for it , though he has write access on the share?. Thanks Suresh -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: Friday, October 15, 2010 4:51 PM To: Kandukuru, Suresh Cc: samba@lists.samba.org; j...@samba.org Subject: Re: [Samba] Restricting samba subfolder acl changes to admin users On Fri, Oct 15, 2010 at 07:09:02AM -0400, suresh.kanduk...@emc.com wrote: once final Q is ,I have admin user in NAS . for a share test , he has given write access to user user1 and read access for a subfolder - testsubdir in share test . when user1 logged into share test, he could not write into testsubdir. obviously it is because he has read access on the folder an most restrictive access will be effective. and the problem is since the user1 has write access to share , he is able to change the read access on the sub folder by himself. why samba is allowing this ? since effectively user1 has read access on the sub folder testsubdir it should deny acl changes on that right?. Who is the file owner of testsubdir? You can find out who is the owner with the command ls -ld testsubdir. If user1 is the owner, then it does not matter if user1 has only read access. If user1 is not the owner, then we might have a bug in Samba. Please send us your smb.conf configuration file and a debug level 10 log of the smbd allowing this operation. Thanks in advance, Volker Lendecke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting samba subfolder acl changes to admin users
On Fri, Oct 15, 2010 at 09:28:30AM -0400, suresh.kanduk...@emc.com wrote: why it does not matter here if user1 is owner of the subfolder and has read only access on it?. my Q is though user1 has read only access on subfolder testsubfldr, he is able to change it to the write , since user1 has write access on the share. cannot samba disallow acl changes on the subfolder testsufldr for the user user1 since has read access for it , though he has write access on the share?. Sorry, I'm lost here. Samba passes the Posix semantics of chmod and setfacl 1:1 to the client. This means if you are owner of the file and have general write access to the share (not necessarily the file itself), chmod and getfacl are allowed. This is just what Posix does. Quoting the susv3 definition for chmod: The application shall ensure that the effective user ID of the process matches the owner of the file or the process has appropriate privileges in order to do this. This means that both the file owner or root can change an ACL. To really understand what you mean, would it be possible that you send your smb.conf file, an ls -la of all subdirectories that participate? If you really only want to allow setting ACLs for a very limited set of users, one possibility would be to export the same share twice. Once for administrators with an appropriate valid users = @administrators (or so) line, and another share with exactly the same path setting, but with nt acl support = no. This is a very brute-force way of denying all ACL setting. As I tried to point out in previous mails, I would however recommend to thoroughly test this setting with the applications you want to support. Jeremy, maybe you can be of more help? My English is probably just too limited to really give a precise enough description of how smbd does what it does. Thanks, Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] New to Linux and Samba
I tried this and it did not help. I also disabled the firewall as well. I believe my issue for some reason is deeper then the user login permissions. Because I don't even get the login request, when I try to connect from my windows p.c. Just the standard windows error pop-up window, with the message the host that I want to connect to. //host Not accessible. You might not have permission to use The account is not authorized to log in from this station Thanks Michael On Thu, 2010-10-14 at 08:13 +0200, Daniel Müller wrote: Change available = No to available= YES --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michael Schmid Gesendet: Donnerstag, 14. Oktober 2010 03:17 An: samba@lists.samba.org Betreff: [Samba] New to Linux and Samba I can't seem to get Samba working correctly, when I set it up with SWAT I am able to see the server from my windows p.c. but when I try to connect, I just get the following error message. I attached my config file. Hopefully someone can help. It seems pretty simple but I just don't understand enough about this to figure it out on my own. Some basic info: I'm using Fedora 13, I installed samba-3.5.2-60.fc13(x86_64) using the package manager. Thanks Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with Windows 7 on domain, Samba server not
On Wednesday 13 October 2010, Gaiseric Vandal elucidated thus: Do you have an account (or accounts) for on the samba server for the Windows user(s)? Are the passwords the same? Does the samba server workgroup name match the domain name on the windows clients? Can you use the username map option in smb.conf and have a username map file that maps DOMAIN/user to user ? Here is the debug level 10 log for trying to connect via Start-Run-hostname. http://pastebin.org/213949 Again, it works without issue from the command line via 'net use...' j -- Joshua Kugler Part-Time System Admin/Programmer http://www.eeinternet.com - Fairbanks, AK PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with Windows 7 on domain, Samba server not
[Accidentally sent this to Gaiseric. Oops] On Wednesday 13 October 2010, Gaiseric Vandal elucidated thus: Do you have an account (or accounts) for on the samba server for the Windows user(s)? The account names are the same on the server and in the domain. Are the passwords the same? No. Their domain password is not the same as their system password. Does the samba server workgroup name match the domain name on the windows clients? No. Can you use the username map option in smb.conf and have a username map file that maps DOMAIN/user to user ? Had not tried that, But neither OUR_DOMAIN\jkugler nor OUR_DOMAIN/jkugler allows me to log in from the Windows 7 system, so I'm not sure what's up there. As I mentioned, using net use w: \\server_name * /USER:user_name works just fine. j On 10/12/2010 06:45 PM, Joshua J. Kugler wrote: I've googled and read, and haven't run across any solutions to this problem. Yes, I know about the Network Security: LAN Manager authentication level change, but, as you will see, this isn't the issue. Samba 3.4.7 Windows 7 Windows machine is on a domain. Samba box is *not* on a domain. Windows insists on adding the domain to the user name when browsing to Samba machine. Saving credentials and editing in Credential Manager kind of works, and the Samba share will open once the password is entered yet another time (don't know why)but it only saves it until logout. Adding the samba host/user/pass in Generic Credentials doesn't seem to make windows use that user/pass for that host. Ideas? Oh, and using 'net use...' with the Samba system's user/pass works just GREAT, and we may resort to that, but were trying to avoid it. Any other tricks I can do? So users can easily log in from the GUI? j -- Joshua Kugler Part-Time System Admin/Programmer http://www.eeinternet.com - Fairbanks, AK PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permitting guest printer access with ADS security
I forgot to add that the file server is working fine. On Thu, Oct 14, 2010 at 4:57 PM, Madhusudan Singh singh.madhusu...@gmail.com wrote: I am using security = ads to authenticate users to my Samba server. I want to allow guest access to Samba print server at the same time. This is my smb.conf: [global] workgroup = workgroup name realm = realm name server string = %h server (Samba, Ubuntu) security = ADS map to guest = Bad User obey pam restrictions = Yes password server = password server pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 printcap name = cups disable spoolss = Yes show add printer wizard = No domain master = No dns proxy = No panic action = /usr/share/samba/panic-action %d idmap uid = 500-100 idmap gid = 500-100 template shell = /bin/bash winbind separator = + winbind use default domain = Yes hosts allow = 10.0.0.0/8, 127.0.0.1 hosts deny = ALL [homes] comment = Home Directories invalid users = root, bin, daemon, nobody, named, sys, tty, disk, users valid users = %U write list = @fileusers read only = No create mask = 0700 directory mask = 0700 browseable = No browsable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes use client driver = Yes browseable = No browsable = No [hpprinter] comment = HP Printer path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No browsable = No However, I keep getting requests for authentication when I try to print to smb://servername/hpprinter. Cups printing on the server works perfectly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with Windows 7 on domain, Samba server not
Can you try setting one of the user's samba password to match the system password? Do you have an XP machines?I read somewhere that Win 7 and XP handle caching credentials for network shares differently. I don't know if that will help anything - it may just indicate that your issue is a feature of Windows 7 and not an actual bug. On 10/15/2010 04:09 PM, Joshua J. Kugler wrote: [Accidentally sent this to Gaiseric. Oops] On Wednesday 13 October 2010, Gaiseric Vandal elucidated thus: Do you have an account (or accounts) for on the samba server for the Windows user(s)? The account names are the same on the server and in the domain. Are the passwords the same? No. Their domain password is not the same as their system password. Does the samba server workgroup name match the domain name on the windows clients? No. Can you use the username map option in smb.conf and have a username map file that maps DOMAIN/user to user ? Had not tried that, But neither OUR_DOMAIN\jkugler nor OUR_DOMAIN/jkugler allows me to log in from the Windows 7 system, so I'm not sure what's up there. As I mentioned, using net use w: \\server_name * /USER:user_name works just fine. j On 10/12/2010 06:45 PM, Joshua J. Kugler wrote: I've googled and read, and haven't run across any solutions to this problem. Yes, I know about the Network Security: LAN Manager authentication level change, but, as you will see, this isn't the issue. Samba 3.4.7 Windows 7 Windows machine is on a domain. Samba box is *not* on a domain. Windows insists on adding the domain to the user name when browsing to Samba machine. Saving credentials and editing in Credential Manager kind of works, and the Samba share will open once the password is entered yet another time (don't know why)but it only saves it until logout. Adding the samba host/user/pass in Generic Credentials doesn't seem to make windows use that user/pass for that host. Ideas? Oh, and using 'net use...' with the Samba system's user/pass works just GREAT, and we may resort to that, but were trying to avoid it. Any other tricks I can do? So users can easily log in from the GUI? j -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Network Browsing
Hello, We use a Ricoh Aficio 3035 copier which has multiple functions- one of them is to scan to a folder via SMB/FTP/NFS. We've chosen to scan documents into PDF documents via SMB to user's shared folders on a Windows NT server for several years with no issues. About a year ago the user's folders location was changed to one on Windows 2003 Server also with no problems. Last week I attempted to change the location of the folders to a Samba server and ran into problems. Working through this problem, I eventually discovered that while I could see all Windows and Samba servers from the copier, I could not browse into any of our Samba servers' shares. I can see shares under all Windows servers but not on any of the Samba servers. Now, all of our Windows and Mac clients can browse through all shared on both Windows and Samba servers on the network just fine. When using the SMB method, the copier uses a workgroup name of the old NT domain name and also the username and password of an administrator. The network is currently in mixed mode. Haven't upgraded to pure AD mode just yet. All of the Samba servers are using the AD realm method and appear to serve successfully. Is it the copier misconfigured or are the Samba servers misconfigured? Our smb.conf for all of the servers are generally like this: #=== Global Settings = [global] security = ads realm = DAWNSIGN.COM workgroup = nt domain name password server = 192.168.xxx.xxx 192.168.xxx.xxx server string = CETUS netbios name = Cetus encrypt passwords = yes ldap ssl = no unix extensions = no name resolve order = hosts wins dns lmhosts bcast wins server = 192.168.xxx.xxx socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE load printers = no disable spoolss = yes # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used #guest account = nobody guest account = nt domain name-admin # Log settings log level = 1 log file = /var/log/samba34/log.%m max log size = 50 syslog = 1 # Browser settings local master = no domain master = no preferred master = no # ACL settings #inherit acls = yes acl compatibility = auto acl check permissions = yes acl map full control = yes dos filemode = yes # Use inherited ACLs for directories nt acl support = yes #inherit acls = yes #map acl inherit = yes # Config domain security ;idmap backend = ad ;idmap alloc config: range = 50001 - 10 idmap uid = 50001 - 10 idmap gid = 50001 - 10 ;idmap config MYDOMAIN:default = yes ;idmap config MYDOMAIN:backend = ad ;idmap config MYDOMAIN:range= 1 - 5 ;idmap config MYDOMAIN:schema-mode = sfu hosts allow = 192.168.xxx., 192.168.xxx., 127., 10.8.xxx. # Winbind settings # Enable offline logon support winbind offline logon = yes winbind enum users = yes winbind enum groups = yes ;winbind nss info = sfu winbind nested groups = yes winbind separator = - winbind use default domain = no allow trusted domains = no ;client schannel = no # client settings template homedir = /home/%D/%U admin users = nt domain name-doug nt domain name-admin @nt domain name-domain admins # Share Definitions == # [homes] # comment = Home Directories # browseable = no # writable = yes ; File creation mask is set to 0700 for security reasons. If you want to ; create files with group=rw permissions, set next parameter to 0775. # create mask = 700 ; Directory creation mask is set to 0700 for security reasons. If you want to ; create dirs. with group=rw permissions, set next parameter to 0775 # directory mask = 700 [shared] comment = Shared Folders browseable = yes path = /home/nt domain name/shared public = yes writeable = yes create mask = 2774 directory mask = 2774 delete veto files = Yes veto files = /lost+found/Network Trash Folder/TheFindByContentFolder/TheVolumeSettingsFolder/._.DS_Store/ hide files = /_*/:*/.*/.AppleDB/.AppleDouble/.bin/.AppleDesktop/Temporary Items/.DS_Store/*.gmon The scanned documents go to the shared share. I use the nt domain name-admin username to authenticate the transfer of the scanned documents from the copier into the shared share. When switching from the Windows server to the Samba server, I get an error message on the copier as follows: Authentication with the destination has failed. Check settings. I tried the public = yes statement and specified the guest account = nt domain name-admin in conjunction with public = yes but no dice. This share should be available to anyone. I tried the valid users = nt domain name-admin statement to no effect. What am I doing wrong? Or is it the Ricoh copier? Using Samba 3.4 on FreeBSD 7.3/8.1 servers. ~Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting samba subfolder acl changes to admin users
On Fri, Oct 15, 2010 at 07:09:02AM -0400, suresh.kanduk...@emc.com wrote: Got it Volker . Thanks . once final Q is ,I have admin user in NAS . for a share test , he has given write access to user user1 and read access for a subfolder - testsubdir in share test . when user1 logged into share test, he could not write into testsubdir. obviously it is because he has read access on the folder an most restrictive access will be effective. and the problem is since the user1 has write access to share , he is able to change the read access on the sub folder by himself. why samba is allowing this ? since effectively user1 has read access on the sub folder testsubdir it should deny acl changes on that right?. You are confusing write access on a share ACL, with write access on a directory. If a user only has read access on a share ACL, he will only be able to read data on that share, no modifications to any files/folders or ACLs will be allowed. If a user has write access on a share ACL, then he can modify anything inside that share that the underlying filesystem gives him rights to do so (if you're using POSIX ACLs/permissions, not Windows ACLs). So, when you complain that user1 can change the permissions on a sub folder, look at the owner and permissions on that sub folder. If user1 has permission to write into the containing directory, he can modify anything within it (according to the POSIX specs.). Samba will override the POSIX permissions if dos filemode is set: See the smb.conf man page: dos filemode (S) The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter allows a user who has write access to the file (by whatever means, including an ACL permission) to modify the permissions (including ACL) on it. Note that a user belonging to the group owning the file will not be allowed to change permissions if the group is only granted read access. Ownership of the file/directory may also be changed. Note that using the VFS modules acl_xattr or acl_tdb which store native Windows as meta-data will automatically turn this option on for any share for which they are loaded, as they require this option to emulate Windows ACLs correctly. This might be what you're seeing. If you want the client to only see Windows ACLs, look into the vfs objects = acl_xattr option. There are a few bugs in it, which I've currently fixed for 3.6.0 (and am preparing a back port for the next 3.5.x release). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Fri Oct 15 06:00:01 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-10-14 00:00:02.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-10-15 00:00:03.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Thu Oct 14 06:00:01 2010 +Build status as of Fri Oct 15 06:00:01 2010 Build counts: Tree Total Broken Panic @@ -15,7 +15,7 @@ samba-web0 0 0 samba_3_current 32 32 5 samba_3_master 32 24 0 -samba_3_next 32 29 0 +samba_3_next 32 30 0 samba_4_0_test 36 31 0 talloc 32 8 0 tdb 30 11 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f794563 s4:lib/registry/util.c - cosmetic - fix indentation, trailing whitespaces via 7be36a0 s4:lib/registry/util.c - strtoll call - better say explicitly that data is in hex format via 8055074 s4:ntptr/ntptr_simple_ldb.c - use LDB result constants via c362ce3 s4:libnet_samsync_ldb.c - use LDB result constants via ace4378 s4:lsa RPC server - use LDB result constant via b647b2d s4:samldb LDB module - cosmetic - use ldb variable rather than ldb_module_get_ctx via 9310da1 s4:samdb_create_foreign_security_principal - proof error code of samdb_msg_add_string via 9e69b22 s4:dsdb/common/util.c - samdb_msg_add_* calls - proof for more OOM conditions via 06ec5d0 s4:dsdb/common/util.c - samdb_msg_add_string - the attribute name doesn't need to be duplicated via d099f86 s4:libds/common/flags.h - fix typo from 9bc57e1 s4:dsdb - remove samdb_msg_add_value http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f794563267ca26b62d844d87b5a4fa3668fb803c Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Oct 14 10:54:50 2010 +0200 s4:lib/registry/util.c - cosmetic - fix indentation, trailing whitespaces Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org Autobuild-Date: Fri Oct 15 07:27:07 UTC 2010 on sn-devel-104 commit 7be36a0bd99ce7f6391ea49b66ca809380189c36 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Oct 14 10:50:19 2010 +0200 s4:lib/registry/util.c - strtoll call - better say explicitly that data is in hex format Template is commit deebc934edb9a0a70e7615b1161d7a60fcb1d78f from Wilco. commit 80550746ffbb09658ce19520e853e218d793635e Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Oct 14 22:38:10 2010 +0200 s4:ntptr/ntptr_simple_ldb.c - use LDB result constants commit c362ce36b36937571cf0d4ac8d015f09848a9780 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Oct 14 22:25:40 2010 +0200 s4:libnet_samsync_ldb.c - use LDB result constants commit ace4378de19371994e8e4c0d1a2d61bb9c039ea7 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Oct 14 21:54:26 2010 +0200 s4:lsa RPC server - use LDB result constant commit b647b2d5b366a6720adc88918c2bd3d6b16bcd13 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Oct 14 17:00:19 2010 +0200 s4:samldb LDB module - cosmetic - use ldb variable rather than ldb_module_get_ctx commit 9310da1e2b483cbf9899ad1ebcdfd07f7c0eeac0 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Oct 14 22:36:07 2010 +0200 s4:samdb_create_foreign_security_principal - proof error code of samdb_msg_add_string commit 9e69b22e70a6e119255e8e3d37964e6ae16ade09 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Oct 14 22:43:33 2010 +0200 s4:dsdb/common/util.c - samdb_msg_add_* calls - proof for more OOM conditions commit 06ec5d0177ac3bcd2b12f6279b23bc0a02f93bf9 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Oct 14 22:41:06 2010 +0200 s4:dsdb/common/util.c - samdb_msg_add_string - the attribute name doesn't need to be duplicated This is done internally by the LDB library - look at ldb_msg_add_empty. commit d099f86a373e4e8dd11c7736ffbce177a910db9f Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Oct 14 11:31:44 2010 +0200 s4:libds/common/flags.h - fix typo --- Summary of changes: libds/common/flags.h|2 +- source4/dsdb/common/util.c | 22 +-- source4/dsdb/samdb/ldb_modules/samldb.c |2 +- source4/lib/registry/util.c | 23 ++- source4/libnet/libnet_samsync_ldb.c | 30 +- source4/ntptr/simple_ldb/ntptr_simple_ldb.c |4 +- source4/rpc_server/lsa/dcesrv_lsa.c |2 +- 7 files changed, 47 insertions(+), 38 deletions(-) Changeset truncated at 500 lines: diff --git a/libds/common/flags.h b/libds/common/flags.h index 44a5014..a10fa48 100644 --- a/libds/common/flags.h +++ b/libds/common/flags.h @@ -208,7 +208,7 @@ /* wellknown GUIDs for optional directory features */ #define DS_GUID_FEATURE_RECYCLE_BIN 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a -/* dsHeurisrics character indexes see MS-ADTS 7.1.1.2.4.1.2 */ +/* dsHeuristics character indexes see MS-ADTS 7.1.1.2.4.1.2 */ #define DS_HR_SUPFIRSTLASTANR 0x0001 #define DS_HR_SUPLASTFIRSTANR 0x0002 diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 18a8669..d0fc3b1 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -770,12 +770,11 @@ int samdb_find_or_add_attribute(struct ldb_context *ldb, struct ldb_message *msg
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 666e0c3 s4 param: change messaging directory name from messaging to msg via 34f12d5 s4 dsdb: fix sign problem on PPC and x86 from f794563 s4:lib/registry/util.c - cosmetic - fix indentation, trailing whitespaces http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 666e0c3cce32c259dfaaf03383fac58940994dbc Author: Matthieu Patou m...@matws.net Date: Fri Oct 15 10:16:46 2010 +0400 s4 param: change messaging directory name from messaging to msg This saves 6 chars and as in some installation users tends to install samba in directory with very long name they have a problem with the sockets. It will also ease the pain on buildfarms as we tend to have very long environnement name (ie. vampire_dc) in path that are already quite long leading also to errors on unix socket manipulation. Autobuild-User: Matthieu Patou m...@samba.org Autobuild-Date: Fri Oct 15 08:15:56 UTC 2010 on sn-devel-104 commit 34f12d541b0bb2e7d931968b2079dfb7ba84d692 Author: Matthieu Patou m...@matws.net Date: Thu Oct 14 17:56:23 2010 +0400 s4 dsdb: fix sign problem on PPC and x86 In LDAP we used signed intege and groups have the highest bit set (ie. 0x8002). So it will result with values that are 2^31 when these value are used on some plateforms (x86 and PPC 64bits in this case) it causes problem with strtol. --- Summary of changes: source4/dsdb/samdb/ldb_modules/samldb.c |4 ++-- source4/param/util.c|2 +- 2 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 400ae81..ff110b7 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -793,7 +793,7 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac) /* Step 1.2: Default values */ ret = samdb_find_or_add_attribute(ldb, ac-msg, userAccountControl, - talloc_asprintf(ac-msg, %u, UF_NORMAL_ACCOUNT)); + talloc_asprintf(ac-msg, %d, UF_NORMAL_ACCOUNT)); if (ret != LDB_SUCCESS) return ret; ret = samdb_find_or_add_attribute(ldb, ac-msg, badPwdCount, 0); @@ -896,7 +896,7 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac) /* Step 2.2: Default values */ ret = samdb_find_or_add_attribute(ldb, ac-msg, groupType, - talloc_asprintf(ac-msg, %u, GTYPE_SECURITY_GLOBAL_GROUP)); + talloc_asprintf(ac-msg, %d, GTYPE_SECURITY_GLOBAL_GROUP)); if (ret != LDB_SUCCESS) return ret; /* Step 2.3: groupType - sAMAccountType */ diff --git a/source4/param/util.c b/source4/param/util.c index dd1d319..6953857 100644 --- a/source4/param/util.c +++ b/source4/param/util.c @@ -296,7 +296,7 @@ init_module_fn *load_samba_modules(TALLOC_CTX *mem_ctx, struct loadparm_context const char *lpcfg_messaging_path(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) { - return smbd_tmp_path(mem_ctx, lp_ctx, messaging); + return smbd_tmp_path(mem_ctx, lp_ctx, msg); } struct smb_iconv_convenience *smb_iconv_convenience_reinit_lp(TALLOC_CTX *mem_ctx, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 10e1de3 s4:samdb_msg_add_int* - use ldb_msg_add_string rather than samdb_msg_add_string from 666e0c3 s4 param: change messaging directory name from messaging to msg http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 10e1de3e06cf6b8a524f50685d6a675a2d49c9a9 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Fri Oct 15 10:27:51 2010 +0200 s4:samdb_msg_add_int* - use ldb_msg_add_string rather than samdb_msg_add_string ldb_msg_add_string is safe here since the integer has already been converted to a string which is talloced on mem_ctx. Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org Autobuild-Date: Fri Oct 15 09:11:49 UTC 2010 on sn-devel-104 --- Summary of changes: source4/dsdb/common/util.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index d0fc3b1..1d28771 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -929,7 +929,7 @@ int samdb_msg_add_int(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct l if (s == NULL) { return ldb_oom(sam_ldb); } - return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s); + return ldb_msg_add_string(msg, attr_name, s); } /* @@ -951,7 +951,7 @@ int samdb_msg_add_int64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct if (s == NULL) { return ldb_oom(sam_ldb); } - return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s); + return ldb_msg_add_string(msg, attr_name, s); } /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0061116 s4-test: fixed a typo in test_kinit.sh via d59a342 s4-test: fixed test_kinit.sh time command test via 918d864 s4-net: exit with a failure when a command is unknown via add7ddb script: the --tests option has been replaced by --test-command via bda626d s4-finddcs: better debug messages to help track down DNS problems via 77a16bf s4-net: fix the dependence on command line ordering from 10e1de3 s4:samdb_msg_add_int* - use ldb_msg_add_string rather than samdb_msg_add_string http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 006111646c0a032cc8d76cf54adfd55a79e18761 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 15 20:32:09 2010 +1100 s4-test: fixed a typo in test_kinit.sh too many Ts Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Fri Oct 15 10:14:27 UTC 2010 on sn-devel-104 commit d59a342c7120fb5d997591ec7425d1560e947416 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 15 20:31:06 2010 +1100 s4-test: fixed test_kinit.sh time command test passing -W breaks -k yes commit 918d864a67fc4b94abe2d36dec32160a17eaa259 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 15 20:30:03 2010 +1100 s4-net: exit with a failure when a command is unknown this ensures we don't pass bad tests in 'make test' if they call unknown net commands commit add7ddb2e01ff4000513e0136aa2bc305228e561 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 15 17:43:44 2010 +1100 script: the --tests option has been replaced by --test-command commit bda626da8149d58b82c16015e30f22681e06a962 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 15 17:40:53 2010 +1100 s4-finddcs: better debug messages to help track down DNS problems Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 77a16bf5046e6026cc8ed8b96c15623c84a17ef7 Author: Andrew Tridgell tri...@samba.org Date: Fri Oct 15 12:10:02 2010 +1100 s4-net: fix the dependence on command line ordering this fixes python net commands where you use a '-' option before the command name Pair-Programmed-With: Andrew Bartlett abart...@samba.org --- Summary of changes: script/bisect-test.py|1 - source4/libcli/finddcs_cldap.c | 13 - source4/utils/net/net.c | 20 +++- testprogs/blackbox/test_kinit.sh |4 ++-- 4 files changed, 25 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/script/bisect-test.py b/script/bisect-test.py index accee7a..e4daa8c 100755 --- a/script/bisect-test.py +++ b/script/bisect-test.py @@ -9,7 +9,6 @@ import os, tempfile, sys from optparse import OptionParser parser = OptionParser() -parser.add_option(, --tests, help=list of tests to run, default='*') parser.add_option(, --good, help=known good revision (default HEAD~100), default='HEAD~100') parser.add_option(, --bad, help=known bad revision (default HEAD), default='HEAD') parser.add_option(, --skip-build-errors, help=skip revision where make fails, diff --git a/source4/libcli/finddcs_cldap.c b/source4/libcli/finddcs_cldap.c index 011d35d..4c21f00 100644 --- a/source4/libcli/finddcs_cldap.c +++ b/source4/libcli/finddcs_cldap.c @@ -94,15 +94,18 @@ struct tevent_req *finddcs_cldap_send(TALLOC_CTX *mem_ctx, } if (io-in.server_address) { + DEBUG(4,(finddcs: searching for a DC by IP %s\n, io-in.server_address)); if (!finddcs_cldap_ipaddress(state, io)) { return tevent_req_post(req, event_ctx); } } else if (strchr(state-domain_name, '.')) { /* looks like a DNS name */ + DEBUG(4,(finddcs: searching for a DC by DNS domain %s\n, state-domain_name)); if (!finddcs_cldap_srv_lookup(state, io, resolve_ctx, event_ctx)) { return tevent_req_post(req, event_ctx); } } else { + DEBUG(4,(finddcs: searching for a DC by NBT lookup %s\n, state-domain_name)); if (!finddcs_cldap_nbt_lookup(state, io, resolve_ctx, event_ctx)) { return tevent_req_post(req, event_ctx); } @@ -157,6 +160,8 @@ static bool finddcs_cldap_srv_lookup(struct finddcs_cldap_state *state, state-srv_name = talloc_asprintf(state, _ldap._tcp.%s, io-in.domain_name); } + DEBUG(4,(finddcs: looking for SRV records for %s\n, state-srv_name)); + make_nbt_name(name, state-srv_name, 0); creq = resolve_name_ex_send(resolve_ctx, state, @@ -229,6 +234,8 @@ static void finddcs_cldap_next_server(struct finddcs_cldap_state *state)
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a8f26f6 s3-rpc_server: Normalize rpc_pipe_open_interface pipe name. via f22e6cf s3-rpc_server: Make auth_serversupplied_info const. via 0195f35 s3-winbind: Fixed the build of idmap_rid. from 0061116 s4-test: fixed a typo in test_kinit.sh http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a8f26f60ec97d23f9c0496797237ead8cc3feff1 Author: Andreas Schneider a...@samba.org Date: Thu Sep 16 10:49:39 2010 +0200 s3-rpc_server: Normalize rpc_pipe_open_interface pipe name. Autobuild-User: Andreas Schneider a...@samba.org Autobuild-Date: Fri Oct 15 12:15:45 UTC 2010 on sn-devel-104 commit f22e6cf3b73c04e8fada3b163567285b14840a16 Author: Andreas Schneider a...@samba.org Date: Wed Sep 15 17:24:08 2010 +0200 s3-rpc_server: Make auth_serversupplied_info const. commit 0195f35ce1aaa5733e006b0b703ce29b6f080b57 Author: Andreas Schneider a...@samba.org Date: Fri Oct 15 13:32:08 2010 +0200 s3-winbind: Fixed the build of idmap_rid. --- Summary of changes: source3/auth/server_info.c|2 +- source3/include/proto.h |6 +++--- source3/rpc_server/rpc_ncacn_np.c | 15 ++- source3/rpc_server/rpc_ncacn_np.h |6 +++--- source3/winbindd/idmap_rid.c |1 + 5 files changed, 18 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index 344e8e9..c08c284 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -107,7 +107,7 @@ NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info, already be initialized and is used as the talloc parent for its members. */ -NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, +NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info, uint8_t *pipe_session_key, size_t pipe_session_key_len, struct netr_SamInfo3 *sam3) diff --git a/source3/include/proto.h b/source3/include/proto.h index 3725ea3..650d431 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -199,7 +199,7 @@ NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info, uint8_t *pipe_session_key, size_t pipe_session_key_len, struct netr_SamInfo2 *sam2); -NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, +NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info, uint8_t *pipe_session_key, size_t pipe_session_key_len, struct netr_SamInfo3 *sam3); @@ -4083,13 +4083,13 @@ NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx, struct dcerpc_binding_handle **binding_handle); NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *abstract_syntax, - struct auth_serversupplied_info *serversupplied_info, + const struct auth_serversupplied_info *serversupplied_info, struct client_address *client_id, struct messaging_context *msg_ctx, struct rpc_pipe_client **presult); NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax, -struct auth_serversupplied_info *server_info, +const struct auth_serversupplied_info *server_info, struct client_address *client_id, struct messaging_context *msg_ctx, struct rpc_pipe_client **cli_pipe); diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c index b6cf58b..f4c47fc 100644 --- a/source3/rpc_server/rpc_ncacn_np.c +++ b/source3/rpc_server/rpc_ncacn_np.c @@ -536,7 +536,7 @@ NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx, */ NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *abstract_syntax, - struct auth_serversupplied_info *serversupplied_info, + const struct auth_serversupplied_info *serversupplied_info, struct client_address *client_id, struct messaging_context *msg_ctx,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5339bad s4:torture/local/dbspeed.c - use LDB result constant from a8f26f6 s3-rpc_server: Normalize rpc_pipe_open_interface pipe name. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5339bad942759f8daa4ff04b0c204247478ed579 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Fri Oct 15 20:18:22 2010 +0200 s4:torture/local/dbspeed.c - use LDB result constant Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org Autobuild-Date: Fri Oct 15 19:11:32 UTC 2010 on sn-devel-104 --- Summary of changes: source4/torture/local/dbspeed.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/local/dbspeed.c b/source4/torture/local/dbspeed.c index f66688d..62c1384 100644 --- a/source4/torture/local/dbspeed.c +++ b/source4/torture/local/dbspeed.c @@ -145,7 +145,8 @@ static bool ldb_add_record(struct ldb_context *ldb, unsigned rid) return false; } - if (ldb_msg_add_fmt(msg, UID, %u, rid) != 0) { + ret = ldb_msg_add_fmt(msg, UID, %u, rid); + if (ret != LDB_SUCCESS) { talloc_free(msg); return false; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 68d1b3b heimdal Add missing dependencies on wind. via 613e03f heimdal_build: Allow using system wind. from 5339bad s4:torture/local/dbspeed.c - use LDB result constant http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 68d1b3b5052f20bfd9ac8771c917b07a854d8fd3 Author: Jelmer Vernooij jel...@samba.org Date: Sat Oct 16 00:38:29 2010 +0200 heimdal Add missing dependencies on wind. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Fri Oct 15 23:20:22 UTC 2010 on sn-devel-104 commit 613e03f908bc0ff9e877f0eaf5fbcff0adbaf742 Author: Jelmer Vernooij jel...@samba.org Date: Sat Oct 16 00:31:10 2010 +0200 heimdal_build: Allow using system wind. Please note that to use the system wind library the user explicitly has to specify --bundled-library=!wind . Without that option we will always use the included wind library. --- Summary of changes: source4/heimdal_build/wscript_build | 98 +++--- source4/heimdal_build/wscript_configure | 20 ++ 2 files changed, 69 insertions(+), 49 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build index ac6575a..86e6aa9 100644 --- a/source4/heimdal_build/wscript_build +++ b/source4/heimdal_build/wscript_build @@ -323,44 +323,6 @@ def HEIMDAL_BINARY(binname, source, ) -HEIMDAL_GENERATOR( -name=HEIMDAL_ERRORLIST, -rule=${PYTHON} ${SRC[0].abspath()} ${SRC[1].abspath()} ${SRC[1].parent.abspath(env)}, -source = '../heimdal/lib/wind/gen-errorlist.py ../heimdal/lib/wind/rfc3454.txt ../heimdal/lib/wind/stringprep.py', -target = '../heimdal/lib/wind/errorlist_table.c ../heimdal/lib/wind/errorlist_table.h' -) - - -HEIMDAL_GENERATOR( -name = 'HEIMDAL_NORMALIZE_TABLE', -rule=${PYTHON} ${SRC[0].abspath()} ${SRC[1].abspath()} ${SRC[2].abspath()} ${SRC[1].parent.abspath(env)}, -source = '../heimdal/lib/wind/gen-normalize.py ../heimdal/lib/wind/UnicodeData.txt ../heimdal/lib/wind/CompositionExclusions-3.2.0.txt', -target = '../heimdal/lib/wind/normalize_table.h ../heimdal/lib/wind/normalize_table.c' -) - -HEIMDAL_GENERATOR( -name = 'HEIMDAL_COMBINING_TABLE', -rule=${PYTHON} ${SRC[0].abspath()} ${SRC[1].abspath()} ${SRC[1].parent.abspath(env)}, -source = '../heimdal/lib/wind/gen-combining.py ../heimdal/lib/wind/UnicodeData.txt', -target = '../heimdal/lib/wind/combining_table.h ../heimdal/lib/wind/combining_table.c' -) - -HEIMDAL_GENERATOR( -name = 'HEIMDAL_BIDI_TABLE', -rule=${PYTHON} ${SRC[0].abspath()} ${SRC[1].abspath()} ${SRC[1].parent.abspath(env)}, -source = '../heimdal/lib/wind/gen-bidi.py ../heimdal/lib/wind/rfc3454.txt', -target = '../heimdal/lib/wind/bidi_table.h ../heimdal/lib/wind/bidi_table.c' -) - - -HEIMDAL_GENERATOR( -name = 'HEIMDAL_MAP_TABLE', -rule=${PYTHON} ${SRC[0].abspath()} ${SRC[2].abspath()} ${SRC[2].parent.abspath(env)}, -source = '../heimdal/lib/wind/gen-map.py ../heimdal/lib/wind/stringprep.py ../heimdal/lib/wind/rfc3454.txt', -target = '../heimdal/lib/wind/map_table.h ../heimdal/lib/wind/map_table.c' -) - - HEIMDAL_ASN1('HEIMDAL_SPNEGO_ASN1', source='../heimdal/lib/gssapi/spnego/spnego.asn1', options='--sequence=MechTypeList', @@ -485,9 +447,6 @@ HEIMDAL_ERRTABLE('HEIMDAL_HX509_ERR_ET', '../heimdal/lib/hx509/hx509_err.et') -HEIMDAL_ERRTABLE('WIND_ERR_ET', -'../heimdal/lib/wind/wind_err.et') - ROKEN_HOSTCC_SOURCE = ''' ../heimdal/lib/roken/base64.c ../heimdal/lib/roken/ct.c @@ -552,7 +511,7 @@ HEIMDAL_LIBRARY('kdc', includes='../heimdal/kdc', autoproto='../heimdal/kdc/kdc-protos.h', autoproto_private='../heimdal/kdc/kdc-private.h', -deps='roken krb5 hdb HEIMDAL_HEIM_ASN1 HEIMDAL_DIGEST_ASN1 HEIMDAL_KX509_ASN1 heimntlm HEIMDAL_HCRYPTO com_err', +deps='roken krb5 hdb HEIMDAL_HEIM_ASN1 HEIMDAL_DIGEST_ASN1 HEIMDAL_KX509_ASN1 heimntlm HEIMDAL_HCRYPTO com_err wind', vnum='2.0.0', ) @@ -581,7 +540,7 @@ HEIMDAL_LIBRARY('hdb', includes='../heimdal/lib/hdb', autoproto='../heimdal/lib/hdb/hdb-protos.h', autoproto_private='../heimdal/lib/hdb/hdb-private.h', -deps='HDB_LDB krb5 HEIMDAL_HDB_KEYS roken HEIMDAL_HCRYPTO com_err HEIMDAL_HDB_ASN1', +deps='HDB_LDB krb5 HEIMDAL_HDB_KEYS roken HEIMDAL_HCRYPTO com_err HEIMDAL_HDB_ASN1 wind', vnum='11.0.2', ) @@ -628,7 +587,7 @@ HEIMDAL_LIBRARY('gssapi', ../heimdal/lib/gssapi/mech/gss_export_sec_context.c
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 06fc79f Add acl_xattr:ignore system acls boolean (normally false) to allow Samba ACL module to ignore mapping to lower POSIX layer. With this fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set). via cf45581 Add make_default_filesystem_acl() function to be used in following change to acl_xattr and acl_tdb module. via 1904c44 Fix handling of NULL DACL. Map to u/g/w - rwx. via e031f8a Fix force unknown ACL user to strip out foreign SIDs from POSIX ACLs if they can't be mapped. via f4a9d25 Add debug message to get_nt_acl_internal() to see what we got. via 625126d Fix valgrind uninitialized read error on info when returning !NT_STATUS_OK. via 8cad5e2 Fix bug #7734 - When creating files with inherit ACLs set to true, we neglect to apply appropriate create masks. via 92adb68 Fix bug #7733 - Invalid client DOS attributes on create can cause incorrect unix mode_t to be generated. from 68d1b3b heimdal Add missing dependencies on wind. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 06fc79f1fde5963ef89027e2cd297e866aa8c204 Author: Jeremy Allison j...@samba.org Date: Fri Oct 15 15:56:09 2010 -0700 Add acl_xattr:ignore system acls boolean (normally false) to allow Samba ACL module to ignore mapping to lower POSIX layer. With this fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set). Jeremy. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Sat Oct 16 01:26:31 UTC 2010 on sn-devel-104 commit cf45581cdfbe60815c5b278f2c4cbceeb7ca1407 Author: Jeremy Allison j...@samba.org Date: Fri Oct 15 15:53:51 2010 -0700 Add make_default_filesystem_acl() function to be used in following change to acl_xattr and acl_tdb module. commit 1904c44ec84fe5d706a4e07f73bad17d0948535a Author: Jeremy Allison j...@samba.org Date: Fri Oct 15 15:42:44 2010 -0700 Fix handling of NULL DACL. Map to u/g/w - rwx. Jeremy. commit e031f8ae6aee266c0ebf0b53465906e215ac9561 Author: Jeremy Allison j...@samba.org Date: Fri Oct 15 15:28:23 2010 -0700 Fix force unknown ACL user to strip out foreign SIDs from POSIX ACLs if they can't be mapped. commit f4a9d25cfc70e79f476d01ae3234f2155bbcf39e Author: Jeremy Allison j...@samba.org Date: Fri Oct 15 14:18:22 2010 -0700 Add debug message to get_nt_acl_internal() to see what we got. commit 625126dc8dec1198b94bda0643222f0b046587d8 Author: Jeremy Allison j...@samba.org Date: Fri Oct 15 14:16:30 2010 -0700 Fix valgrind uninitialized read error on info when returning !NT_STATUS_OK. Jeremy. commit 8cad5e23b6e2440a566def6fb138d484e3b47643 Author: Jeremy Allison j...@samba.org Date: Fri Oct 15 14:12:04 2010 -0700 Fix bug #7734 - When creating files with inherit ACLs set to true, we neglect to apply appropriate create masks. Jeremy. commit 92adb686372a9b67e47efb5b051bc351212f1780 Author: Jeremy Allison j...@samba.org Date: Fri Oct 15 13:30:07 2010 -0700 Fix bug #7733 - Invalid client DOS attributes on create can cause incorrect unix mode_t to be generated. It turns out a client can send an NTCreateX call for a new file, but specify FILE_ATTRIBUTE_DIRECTORY in the attribute list. Windows silently strips this, but we don't - causing the unix_mode() function to go through the mode bits for new directory codepath, instead of the mode bits for new file codepath. Jeremy. --- Summary of changes: source3/include/proto.h |4 + source3/modules/vfs_acl_common.c | 59 ++--- source3/modules/vfs_acl_tdb.c|1 + source3/modules/vfs_acl_xattr.c |2 + source3/modules/vfs_default.c|2 +- source3/smbd/open.c | 11 ++- source3/smbd/posix_acls.c| 174 +- 7 files changed, 216 insertions(+), 37 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 650d431..9a8cf67 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5123,6 +5123,10 @@ bool set_unix_posix_default_acl(connection_struct *conn, const char *fname, uint16 num_def_acls, const char *pdata); bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata); struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname); +NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, + const char *name, + SMB_STRUCT_STAT *psbuf, + struct security_descriptor **ppdesc); /* The following definitions come
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 50d3baff heimdal_build: Support using system asn1 library. via 12fa110 heimdal_build: Skip some hx509 code when using system hx509. via 8db6453 heimdal_build: Add comment with stub for finding the system libtommath. via b244383 heimdal_build: Initial work on supporting an external heimdal library. via 471e57e heimdal_build: Support using system hx509 library when explicitly requested. via 3fe2bfd heimdal_build: Fix build with system roken. via 6852cc4 heimdal_build: Put version objects in a separate subsystem. via 2e038a7 heimdal: Support using system roken. via 7af5687 heimdal_build: Use existing functions for finding system libraries. from 06fc79f Add acl_xattr:ignore system acls boolean (normally false) to allow Samba ACL module to ignore mapping to lower POSIX layer. With this fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 50d3baffb223999bd264cfa957003cd6189d9a8c Author: Jelmer Vernooij jel...@samba.org Date: Sat Oct 16 03:27:02 2010 +0200 heimdal_build: Support using system asn1 library. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Sat Oct 16 02:14:32 UTC 2010 on sn-devel-104 commit 12fa11021916e32899fd4607be78d5cc7418fa04 Author: Jelmer Vernooij jel...@samba.org Date: Sat Oct 16 03:07:40 2010 +0200 heimdal_build: Skip some hx509 code when using system hx509. commit 8db6453ae2b8ebb2dda06f5970a1bd5512632e3c Author: Jelmer Vernooij jel...@samba.org Date: Sat Oct 16 02:57:57 2010 +0200 heimdal_build: Add comment with stub for finding the system libtommath. commit b244383e75a5d9a6dab4c3fb0595a703a7c762e7 Author: Jelmer Vernooij jel...@samba.org Date: Sat Oct 16 02:48:06 2010 +0200 heimdal_build: Initial work on supporting an external heimdal library. commit 471e57edf87373a352aca1d7b006360068b18274 Author: Jelmer Vernooij jel...@samba.org Date: Sat Oct 16 02:25:40 2010 +0200 heimdal_build: Support using system hx509 library when explicitly requested. commit 3fe2bfddda6149f6bf7402720226e9285f479fef Author: Jelmer Vernooij jel...@samba.org Date: Sat Oct 16 02:15:36 2010 +0200 heimdal_build: Fix build with system roken. commit 6852cc4a7a5601261ba31ee05388a4078e69c77c Author: Jelmer Vernooij jel...@samba.org Date: Sat Oct 16 01:49:41 2010 +0200 heimdal_build: Put version objects in a separate subsystem. commit 2e038a78fdcc9dc8a9f65de48176323ad68a3420 Author: Jelmer Vernooij jel...@samba.org Date: Sat Oct 16 00:58:56 2010 +0200 heimdal: Support using system roken. commit 7af56875040c0d170d3313bb0e0c126d3f19aed8 Author: Jelmer Vernooij jel...@samba.org Date: Sat Oct 16 00:41:34 2010 +0200 heimdal_build: Use existing functions for finding system libraries. --- Summary of changes: buildtools/wafsamba/samba_bundled.py |2 +- source4/heimdal_build/replace.c|4 - source4/heimdal_build/{gssapi-glue.c = version.c} | 21 +- source4/heimdal_build/wscript_build| 462 ++-- source4/heimdal_build/wscript_configure| 30 +- 5 files changed, 266 insertions(+), 253 deletions(-) copy source4/heimdal_build/{gssapi-glue.c = version.c} (74%) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_bundled.py b/buildtools/wafsamba/samba_bundled.py index 29b0a50..822e49c 100644 --- a/buildtools/wafsamba/samba_bundled.py +++ b/buildtools/wafsamba/samba_bundled.py @@ -104,7 +104,7 @@ def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0', '''helper function for CHECK_BUNDLED_SYSTEM''' if checkfunctions is None: return True -if require_headers and headers and not conf.CHECK_HEADERS(headers): +if require_headers and headers and not conf.CHECK_HEADERS(headers, lib=libname): return False return conf.CHECK_FUNCS_IN(checkfunctions, libname, headers=headers, empty_decl=False, set_target=False) diff --git a/source4/heimdal_build/replace.c b/source4/heimdal_build/replace.c index 8c3def7..51393f6 100644 --- a/source4/heimdal_build/replace.c +++ b/source4/heimdal_build/replace.c @@ -83,7 +83,3 @@ return -1; } #endif - -const char *heimdal_version = samba-internal-heimdal; -const char *heimdal_long_version = samba-interal-heimdal; - diff --git a/source4/heimdal_build/gssapi-glue.c b/source4/heimdal_build/version.c similarity index 74% copy from source4/heimdal_build/gssapi-glue.c copy to source4/heimdal_build/version.c index 0c27f51..8cceff1 100644 --- a/source4/heimdal_build/gssapi-glue.c +++ b/source4/heimdal_build/version.c @@ -1,28 +1,27 @@ -/* +/*
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bcdf781 Ensure we have correct parameters to use Windows ACL modules. from 50d3baff heimdal_build: Support using system asn1 library. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bcdf781545ae31f9ec7caf2c60f74d27a962de6d Author: Jeremy Allison j...@samba.org Date: Fri Oct 15 19:54:51 2010 -0700 Ensure we have correct parameters to use Windows ACL modules. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Sat Oct 16 03:36:04 UTC 2010 on sn-devel-104 --- Summary of changes: source3/modules/vfs_acl_tdb.c |7 +-- source3/modules/vfs_acl_xattr.c |6 -- 2 files changed, 9 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index 6364b7b..5fc1bc0 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -316,13 +316,16 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle, return -1; } - /* Ensure we have inherit acls = yes if we're + /* Ensure we have the parameters correct if we're * using this module. */ DEBUG(2,(connect_acl_tdb: setting 'inherit acls = true' - and 'dos filemode = true' for service %s\n, + 'dos filemode = true' and + 'force unknown acl user = true' for service %s\n, service )); + lp_do_parameter(SNUM(handle-conn), inherit acls, true); lp_do_parameter(SNUM(handle-conn), dos filemode, true); + lp_do_parameter(SNUM(handle-conn), force unknown acl user, true); return 0; } diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index e486e20..aa7aeae 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -185,14 +185,16 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle, return ret; } - /* Ensure we have inherit acls = yes if we're + /* Ensure we have the parameters correct if we're * using this module. */ DEBUG(2,(connect_acl_xattr: setting 'inherit acls = true' - and 'dos filemode = true' for service %s\n, + 'dos filemode = true' and + 'force unknown acl user = true' for service %s\n, service )); lp_do_parameter(SNUM(handle-conn), inherit acls, true); lp_do_parameter(SNUM(handle-conn), dos filemode, true); +lp_do_parameter(SNUM(handle-conn), force unknown acl user, true); return 0; } -- Samba Shared Repository