[Samba] Windows printer drivers
Hello everyone. My name is Bruno and I'm setting up a CentOS-based print server. This is the only GNU/Linux machine on our network, which serves something like 30 Windows XP/7 clients. I've already installed and configured CUPS and Samba. Very basic configuration. Also, I have already added our printers to CUPS. But now I don't know how to download Windows printer drivers to my print server and share it to Windows users, although I have read a lot of documentation. May you please help me? This is the content of my smb.conf file: http://pastebin.com/ueipkrL2 And this, of cupsd.conf file: http://pastebin.com/YedSasSB Best regards, Bruno Martins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] filesystem of choice?
On 6/27/2011 12:42 AM, Christ Schlacta wrote: just requires some special consideration. I still install through apt-get install, and it works flawlessly. it's much like a lot of driver packages where you still have to compile them to make them work, it just does it auto-magically. If these instructions are current http://zfsonlinux.org/spl-building-deb.html then you are portraying the process as being much simpler than it really is. The real power of ZFS is with very large JBODs, or multiples of same. When you state it works flawlessly, how many disks are you talking about? What features have you actually tested? Or do you simply have a single disk formatted with ZFS? I'm guessing most folks here actually interested in ZFS aren't the single disk crowd, and want to know if ZFS Linux is working flawlessly with real storage. -- Stan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Howto Backup Domain Controller (BDC) for the Primary Domain Controller (PDC) in Centos Openldap+samba 3.3 Please send to...
-- Forwarded message -- From: Muqtadir Kamal smkamal2...@gmail.com Date: Sat, Jun 25, 2011 at 5:57 PM Subject: Howto Backup Domain Controller (BDC) for the Primary Domain Controller (PDC) in Centos Openldap+samba 3.3 Please send to... To: Samba samba@lists.samba.org Dear All, Please help me in this regards, Howto Backup Domain Controller (BDC) or Secondary domain controller for the Primary Domain Controller (PDC) in Centos 5.6 Openldap+samba 3.3 Please give the step by step. Regards kamal -- Regards, S.Muqtadir Kamal System Administrator mail.smka...@gmail.com MOB No - 91 9948694665 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Oplocks offline files win 7
Hi to all! We experience problems with offline files - especially with xls or xlsx files - between samba 3.5.9 and win 7 smb.conf for the network share [homes] comment = Home Directories browseable = no writable = yes guest ok = no create mask = 0611 directory mask = 0700 follow symlinks = no wide links = no oplocks = yes level2 oplocks = yes map archive = yes map system = yes map hidden = yes Can somebody give me a hint here please? regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: Howto Backup Domain Controller (BDC) for the Primary Domain Controller (PDC) in Centos Openldap+samba 3.3 Please send to...
On Mon, Jun 27, 2011 at 7:14 AM, Muqtadir Kamal smkamal2...@gmail.com wrote: -- Forwarded message -- From: Muqtadir Kamal smkamal2...@gmail.com Date: Sat, Jun 25, 2011 at 5:57 PM Subject: Howto Backup Domain Controller (BDC) for the Primary Domain Controller (PDC) in Centos Openldap+samba 3.3 Please send to... To: Samba samba@lists.samba.org Dear All, Please help me in this regards, Howto Backup Domain Controller (BDC) or Secondary domain controller for the Primary Domain Controller (PDC) in Centos 5.6 Openldap+samba 3.3 Please give the step by step. I backup the PDC and BDCs just like any other linux machine using bacula. If you want you can add an extra step you can slapcat to a compressed file on the master ldap server (assuming you are using openldap-2.3.X) before you run the backup. As for shares my PDC and BDCs do not share files directly so there is not much to backup for these. The domain member servers is where all the 30 TB+ of samba data is on my network at work. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Oplocks offline files win 7
On Mon, Jun 27, 2011 at 14:22, Martin Hochreiter linux...@wavenet.atwrote: We experience problems with offline files - especially with xls or xlsx files - between samba 3.5.9 and win 7 Disable offline files in Windows 7 group policies. -- Sent from my PC. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] filesystem of choice?
On Mon, Jun 27, 2011 at 5:10 AM, Stan Hoeppner s...@hardwarefreak.com wrote: On 6/27/2011 12:42 AM, Christ Schlacta wrote: just requires some special consideration. I still install through apt-get install, and it works flawlessly. it's much like a lot of driver packages where you still have to compile them to make them work, it just does it auto-magically. If these instructions are current http://zfsonlinux.org/spl-building-deb.html then you are portraying the process as being much simpler than it really is. The real power of ZFS is with very large JBODs, or multiples of same. When you state it works flawlessly, how many disks are you talking about? What features have you actually tested? Or do you simply have a single disk formatted with ZFS? I'm guessing most folks here actually interested in ZFS aren't the single disk crowd, and want to know if ZFS Linux is working flawlessly with real storage. I have been watching and testing zfs for a few years on linux. I have not used the kernel module yet (still worried that development will slow down at some time forcing me to be stuck on some old kernel version) however the fuse module is now to a state that it is usable. I am not using it in production at work however. Besides the experimental nature of this project I believe there are still are a few unacceptable design problems with zfs. One such problem is the inability to move a dead drive out of a zpool without having to recreate the pool. And then also the inability to expand a zfs raid without having to add a new raid. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Oplocks offline files win 7
Am 2011-06-27 14:02, schrieb Ander Punnar: On Mon, Jun 27, 2011 at 14:22, Martin Hochreiter linux...@wavenet.at mailto:linux...@wavenet.at wrote: We experience problems with offline files - especially with xls or xlsx files - between samba 3.5.9 and win 7 Disable offline files in Windows 7 group policies. -- Sent from my PC. mhmm ... we want to use that shares offline, if I disable them in the group policies then the sync would not be working any more or has this an other effect? regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows printer drivers
First you have to install a Printer in Cups, then reload samba. Verify you can see the shared printer through windows.. You'll need to use the net rpc command to grant the rights to add the print drivers to the $print share. Read the following section for print rights.. Administering User Rights and Privileges http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html On 06/27/2011 05:09 AM, Bruno Martins wrote: Hello everyone. My name is Bruno and I'm setting up a CentOS-based print server. This is the only GNU/Linux machine on our network, which serves something like 30 Windows XP/7 clients. I've already installed and configured CUPS and Samba. Very basic configuration. Also, I have already added our printers to CUPS. But now I don't know how to download Windows printer drivers to my print server and share it to Windows users, although I have read a lot of documentation. May you please help me? This is the content of my smb.conf file: http://pastebin.com/ueipkrL2 And this, of cupsd.conf file: http://pastebin.com/YedSasSB Best regards, Bruno Martins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Oplocks offline files win 7
On 06/27/2011 08:18 AM, Martin Hochreiter wrote: Am 2011-06-27 14:02, schrieb Ander Punnar: On Mon, Jun 27, 2011 at 14:22, Martin Hochreiter linux...@wavenet.at mailto:linux...@wavenet.at wrote: We experience problems with offline files - especially with xls or xlsx files - between samba 3.5.9 and win 7 Disable offline files in Windows 7 group policies. -- Sent from my PC. mhmm ... we want to use that shares offline, if I disable them in the group policies then the sync would not be working any more or has this an other effect? regards Is your samba server a DC or a member server? Our server is a DC (Samba 3.5.8 on Solaris 10.) If we enable offline files on a Windows 7 laptop, cached credentials are broken and users cannot login offline at all. I think Windows XP is OK. It looks something changes with Windows Vista.I don't know what is going wrong, but I suspect there is the same underlying cause as your problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Oplocks offline files win 7 excel
Is your samba server a DC or a member server? Our server is a DC (Samba 3.5.8 on Solaris 10.) If we enable offline files on a Windows 7 laptop, cached credentials are broken and users cannot login offline at all. I think Windows XP is OK. It looks something changes with Windows Vista.I don't know what is going wrong, but I suspect there is the same underlying cause as your problem. Hi! That server is a DC (Samba 3.5.9 on CentOS 5.5). We dont have the problem with offline logins with windows 7 while offline sync is on, the only problem we see is curiously with that win7 samba 3.5.9 can't sync excel files ... regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem getting Samba fully working
On 06/26/2011 7:14 PM, Moe, John wrote: -Original Message- From: Linda Walsh [mailto:sa...@tlinx.org] Sent: Saturday, 25 June 2011 8:02 PM To: Moe, John Cc: Samba mailing list Subject: Re: Problem getting Samba fully working Moe, John wrote: Hello all, Relevant info up front: Gentoo PC, using 2.6.38 kernel and Samba 3.4.12. I'm trying to get a FreeRadius instance working for our Windows network. To do so, I need a Linux box running Samba. I've installed and configured Kerberos, Samba and FreeRadius, and can get most things to work. I can get a Kerberos key using kinit, and sudo net ads keytab list shows me tickets. I can use things like net ads user myuser - U myuser to get info about my user account. I can use sudo wbinfo - t to show the secret trust is OK, and sudo net ads testjoin works as well. I can even log on to my switch using RADIUS authentication to my AD account (using ntlm_auth). So a lot of the pieces are working correctly. [2011/06/21 07:12:21, 1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_ACCESS_DENIED received from host MYGC.my.domain.name! I am not sure the above messages are from your ssh... And I know nothing about configuration with Free Radius or Kerberos, so your problems may be completely different from ones I've had but... I take it you are running ssh on the Win7 workstation and trying to login to the linux samba server. if your username in the domain is 'user' (i.e. you are 'domain\user'), and your linux account is 'user', then on the ssh line, you might try 'ssh user@linux-server' instead of the normal 'ssh linux-server' If that works, then your 'sshd' server on your linux server is probably receiving 'domain\user' as the username, (not just 'user') and doesn't know what to do with that. Theoretically should be resolvable via proper pam and config files (all the file ops map my 'domain\user' = 'user' on the PDC), but, a _*hack*_ I use (but would find a better solution in a production environment) is to create a 2nd /etc/passwd /etc/shadow entry that dups my 'user' but has the username field changed to 'DOMAIN\user'. (getting the capitalization to agree with what the workstation think's it is, is important in this case; upper case is norm, so unless you've customized things in the win registry, shouldn't be a prob (not that I would have any knowledge of this, of course...) But I'd try to get 'winbind' config'ed with pam to map the username properly for a best fix (on my 'todo list') ... just hasn't been that important ... Best short term: specify the username with the hostname when using the 'ssh' (or scp, i.e. 'scp file user@remote:/tmp' ) ... In any event, using kerberos/freeradius, there should be some way to make sure that a 'domain\user' is mapped to 'user' on a PDC... Or it might be the 'ssh' client that shouldn't be prepending the windows domainname not sure. But hopefully gives you some ideas where to look... Thanks for the reply. Maybe I haven't made myself clear in the first post. I'm not asking for any help relating to FreeRadius; I just want to get basic Samba working properly. Share browsing via guest access works, and I get a number of other successes from other tests, but I can't seem to get login using AD username working, neither locally nor via SSH. To get integration with a native Windows 2003 AD domain, I was to understand I needed Kerberos; was that wrong? Maybe I've complicated things a bit here. As to the login problem: I'm using OpenSSH on Cygwin on my Win7 PC, and it doesn't matter if I try: ssh servername ssh user@servername ssh domain\user@servername ssh 'u...@my.domain.name'@servername They all return the same things in /var/log/messages: Jun 27 09:58:05 servername sshd[27461]: SSH: Server;Ltype: Version;Remote: 10.73.24.60-18606;Protocol: 2.0;Client: OpenSSH_5.8 Jun 27 09:58:05 servername sshd[27461]: Invalid user usern...@my.domain.name from 10.73.24.60 Jun 27 09:58:05 servername sshd[27463]: pam_tally2(sshd:auth): pam_get_uid; no such user Jun 27 09:58:08 servername sshd[27463]: pam_unix(sshd:auth): check pass; user unknown Jun 27 09:58:08 servername sshd[27463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= mypcname.my.domain.name Jun 27 09:58:08 servername sshd[27463]: pam_winbind(sshd:auth): getting password (0x0090) Jun 27 09:58:08 servername sshd[27463]: pam_winbind(sshd:auth): pam_get_item returned a password Jun 27 09:58:09 servername sshd[27461]: error: PAM: Authentication failure for illegal userusername OR DOMAIN\\username OR usern...@my.domain.name from mypcname.my.domain.name Jun 27 09:58:09 servername sshd[27461]: Failed keyboard-interactive/pam for invalid userusername OR DOMAIN\\username OR usern...@my.domain.name from 10.73.24.60 port 18606 ssh2 Jun 27 09:58:09 servername sshd[27464]: pam_tally2(sshd:auth): pam_get_uid; no
[Samba] heimdal config and files
I need to create a few principals in the heimdal kerberos that comes with samba but do not know where its files are (so I can tell kadmin where to look for them). Could anyone gimme a pointer? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba process throttled back?
If I'm having oplock problems (i.e. poor performance), then would turning off oplocks altogether bring the performance back up? Richard G. Lang Sr. Software Engineer la...@specsensors.commailto:la...@specsensors.com (330) 659-3312 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba process throttled back?
On Mon, Jun 27, 2011 at 03:22:10PM -0400, Lang, Rich wrote: If I'm having oplock problems (i.e. poor performance), then would turning off oplocks altogether bring the performance back up? No, that would make it bad right from the start. If you have pure read only files (and ONLY then), you might try fake oplocks = yes. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem getting Samba fully working
-Original Message- From: Dale Schroeder [mailto:d...@briannassaladdressing.com] Sent: Tuesday, 28 June 2011 4:42 AM To: Moe, John Cc: Samba mailing list Subject: Re: [Samba] Problem getting Samba fully working On 06/26/2011 7:14 PM, Moe, John wrote: -Original Message- From: Linda Walsh [mailto:sa...@tlinx.org] Sent: Saturday, 25 June 2011 8:02 PM To: Moe, John Cc: Samba mailing list Subject: Re: Problem getting Samba fully working Moe, John wrote: Hello all, Relevant info up front: Gentoo PC, using 2.6.38 kernel and Samba 3.4.12. I'm trying to get a FreeRadius instance working for our Windows network. To do so, I need a Linux box running Samba. I've installed and configured Kerberos, Samba and FreeRadius, and can get most things to work. I can get a Kerberos key using kinit, and sudo net ads keytab list shows me tickets. I can use things like net ads user myuser - U myuser to get info about my user account. I can use sudo wbinfo - t to show the secret trust is OK, and sudo net ads testjoin works as well. I can even log on to my switch using RADIUS authentication to my AD account (using ntlm_auth). So a lot of the pieces are working correctly. [2011/06/21 07:12:21, 1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_ACCESS_DENIED received from host MYGC.my.domain.name! I am not sure the above messages are from your ssh... And I know nothing about configuration with Free Radius or Kerberos, so your problems may be completely different from ones I've had but... I take it you are running ssh on the Win7 workstation and trying to login to the linux samba server. if your username in the domain is 'user' (i.e. you are 'domain\user'), and your linux account is 'user', then on the ssh line, you might try 'ssh user@linux-server' instead of the normal 'ssh linux-server' If that works, then your 'sshd' server on your linux server is probably receiving 'domain\user' as the username, (not just 'user') and doesn't know what to do with that. Theoretically should be resolvable via proper pam and config files (all the file ops map my 'domain\user' = 'user' on the PDC), but, a _*hack*_ I use (but would find a better solution in a production environment) is to create a 2nd /etc/passwd /etc/shadow entry that dups my 'user' but has the username field changed to 'DOMAIN\user'. (getting the capitalization to agree with what the workstation think's it is, is important in this case; upper case is norm, so unless you've customized things in the win registry, shouldn't be a prob (not that I would have any knowledge of this, of course...) But I'd try to get 'winbind' config'ed with pam to map the username properly for a best fix (on my 'todo list') ... just hasn't been that important ... Best short term: specify the username with the hostname when using the 'ssh' (or scp, i.e. 'scp file user@remote:/tmp' ) ... In any event, using kerberos/freeradius, there should be some way to make sure that a 'domain\user' is mapped to 'user' on a PDC... Or it might be the 'ssh' client that shouldn't be prepending the windows domainname not sure. But hopefully gives you some ideas where to look... Thanks for the reply. Maybe I haven't made myself clear in the first post. I'm not asking for any help relating to FreeRadius; I just want to get basic Samba working properly. Share browsing via guest access works, and I get a number of other successes from other tests, but I can't seem to get login using AD username working, neither locally nor via SSH. To get integration with a native Windows 2003 AD domain, I was to understand I needed Kerberos; was that wrong? Maybe I've complicated things a bit here. As to the login problem: I'm using OpenSSH on Cygwin on my Win7 PC, and it doesn't matter if I try: ssh servername ssh user@servername ssh domain\user@servername ssh 'u...@my.domain.name'@servername They all return the same things in /var/log/messages: Jun 27 09:58:05 servername sshd[27461]: SSH: Server;Ltype: Version;Remote: 10.73.24.60-18606;Protocol: 2.0;Client: OpenSSH_5.8 Jun 27 09:58:05 servername sshd[27461]: Invalid user usern...@my.domain.name from 10.73.24.60 Jun 27 09:58:05 servername sshd[27463]: pam_tally2(sshd:auth): pam_get_uid; no such user Jun 27 09:58:08 servername sshd[27463]: pam_unix(sshd:auth): check pass; user unknown Jun 27 09:58:08 servername sshd[27463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= mypcname.my.domain.name Jun 27 09:58:08 servername sshd[27463]: pam_winbind(sshd:auth): getting password (0x0090) Jun 27 09:58:08 servername sshd[27463]: pam_winbind(sshd:auth): pam_get_item returned a password
[Samba] Porting CTDB to Solaris
We wanted to try out clustered Samba on a pair of small OpenSolaris/ Intel boxes. But after downloading the CTDB source from the Samba git repository, I discovered that it won't build on Solaris -- the configure script supports only Linux and AIX. Is there a Solaris port for CTDB, or is somebody working on one? (If not, I might take a crack at it; would it be a straightforward port?) -- Kai Lanz Stanford University School of Earth Sciences -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] cygwin 'QueryUserInfo' fails dueto samba error. Wazup?
I made progress in tracking down a problem on cygwin that's been bothering me for a while since Win7 and domain. when I do: mkpasswd -D mkpasswd (434): [31] A device attached to the system is not functioning. A network trace shows that it's trying to get the home dir information from my main user. Wwhen it queries the info Samba returns STATUS UNSUCCESSFUL (indicated in network status of trace). in the log, I see : [2011/06/27 17:41:16.099526, 3] smbd/service.c:845(make_connection_snum) Connect path is '/var/tmp' for service [IPC$] [2011/06/27 17:41:16.099526, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2011/06/27 17:41:16.099526, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2011/06/27 17:41:16.099526, 3] smbd/service.c:1095(make_connection_snum) athenae (192.168.3.140) connect to service IPC$ initially as user lindaw (uid=5013, gid=201) (pid 18720) [2011/06/27 17:41:16.099526, 3] smbd/msdfs.c:870(get_referred_path) get_referred_path: |home| in dfs path \Bliss\home is not a dfs root. Um...what does that mean? I'm trying to check what wbinfo thinks -- and that might hold a clue to the problem, as it's got it's own confusion. It lists the expected users and groups (with no Domain prefix in front of them -- this is right? right, for running on the DC?), it also shows: # wbinfo -p Ping to winbindd succeeded # wbinfo --all-domains BUILTIN BLISS # wbinfo --own-domain BLISS # wbinfo --trusted-domains BUILTIN BLISS # wbinfo --online-status BLISS BUILTIN : online BLISS : online # wbinfo -P checking the NETLOGON dc connection succeeded # wbinfo --getdcname BLISS Could not get dc name for BLISS ^ ^ --This is the first indication of a problemalso when I try wbinfo --dsgetdcname it just goes off and thinks about it. (don't know if it ever would come back...waited about 30 seconds, but gave up) I can map a uid to a sid: # wbinfo --uid-to-sid=5013 S-1-5-21-3-7-3-80026 but I can't ask about a user (w/ or w/o the domainname in front of it): # wbinfo -i [domain\\]username failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Ideals? about any of these? Conceivably all my bases are belong to idiot, but, 'most things work'... I've been trying some changes, but have made things worse (and then better again)...and now am a bit better than when I started, but am stumped on how to proceed... *sigh* help? Linda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cygwin 'QueryUserInfo' fails dueto samba error. Wazup?
I'm also seeing messages from nmbd saying (msgs reformatted/truncated for readability). wins...request: Name refresh for name BLISS00 IP 192.168.3.12 wins...request: Name BLISS00 group bit = True does not match group \ bit in WINS for this name. wins...request: Name refresh for name BLISS00 IP 192.168.3.140 wins...request: Name BLISS00 group bit = True does not match group \ bit in WINS for this name. In monitoring logs, saw that the browse list was dumped into /var/lib/samba/browse.dat, so decided to check it out. For my server/DC, I see the following entries: BLISS c0001000 ISHTAR BLISS ISHTAR 408d9b2b Bliss on Ishtar running Samba 3.6.0rc2 BLISS BLISS 40809a2b Bliss on Ishtar running Samba 3.6.0rc2 BLISS --- --- May not be related to original problem (may be something completely different, but thought I would mention it if pertinent). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2ff0d58 s3:g_lock: g_lock.tdb should not be executable from ebd70d8 s3: Fix winbindd_wins_byname http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2ff0d5882fe5df0113eaaa4728bab4057a3f324b Author: Christian Ambach a...@samba.org Date: Mon Jun 27 15:44:10 2011 +0200 s3:g_lock: g_lock.tdb should not be executable TDBs are not executable, so do not create the file with the execution bit set Autobuild-User: Christian Ambach a...@samba.org Autobuild-Date: Mon Jun 27 17:09:12 CEST 2011 on sn-devel-104 --- Summary of changes: source3/lib/g_lock.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/g_lock.c b/source3/lib/g_lock.c index 006ee36..4bda7c8 100644 --- a/source3/lib/g_lock.c +++ b/source3/lib/g_lock.c @@ -57,7 +57,8 @@ struct g_lock_ctx *g_lock_ctx_init(TALLOC_CTX *mem_ctx, result-msg = msg; result-db = db_open(result, lock_path(g_lock.tdb), 0, -TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, O_RDWR|O_CREAT, 0700); +TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, +O_RDWR|O_CREAT, 0600); if (result-db == NULL) { DEBUG(1, (g_lock_init: Could not open g_lock.tdb)); TALLOC_FREE(result); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0a74caa s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841) from 2ff0d58 s3:g_lock: g_lock.tdb should not be executable http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0a74caa473f491050bc5f64b6d6956c00088c5cd Author: Volker Lendecke v...@samba.org Date: Mon Jun 27 14:34:39 2011 +0200 s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841) Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Mon Jun 27 18:21:30 CEST 2011 on sn-devel-104 --- Summary of changes: source3/librpc/idl/wbint.idl |1 + source3/winbindd/wb_lookupsids.c |2 +- source3/winbindd/winbindd_dual_srv.c |5 +++-- source3/winbindd/winbindd_lookuprids.c | 12 ++-- 4 files changed, 11 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/librpc/idl/wbint.idl b/source3/librpc/idl/wbint.idl index 5f7e9bf..cb8a4e4 100644 --- a/source3/librpc/idl/wbint.idl +++ b/source3/librpc/idl/wbint.idl @@ -164,6 +164,7 @@ interface wbint ); NTSTATUS wbint_LookupRids( + [in] dom_sid *domain_sid, [in] wbint_RidArray *rids, [out,string,charset(UTF8)] char **domain_name, [out] wbint_Principals *names diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c index 03b2ca9..b4b7b9c 100644 --- a/source3/winbindd/wb_lookupsids.c +++ b/source3/winbindd/wb_lookupsids.c @@ -198,7 +198,7 @@ static bool wb_lookupsids_next(struct tevent_req *req, } subreq = dcerpc_wbint_LookupRids_send( state, state-ev, dom_child_handle(d-domain), - state-rids, state-domain_name, + d-sid, state-rids, state-domain_name, state-rid_names); if (tevent_req_nomem(subreq, req)) { return false; diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index c2510bc..a52951e 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -494,7 +494,7 @@ NTSTATUS _wbint_LookupRids(struct pipes_struct *p, struct wbint_LookupRids *r) } status = domain-methods-rids_to_names( - domain, talloc_tos(), domain-sid, r-in.rids-rids, + domain, talloc_tos(), r-in.domain_sid, r-in.rids-rids, r-in.rids-num_rids, domain_name, names, types); if (!NT_STATUS_IS_OK(status)) { return status; @@ -509,7 +509,8 @@ NTSTATUS _wbint_LookupRids(struct pipes_struct *p, struct wbint_LookupRids *r) } for (i=0; ir-in.rids-num_rids; i++) { - sid_compose(result[i].sid, domain-sid, r-in.rids-rids[i]); + sid_compose(result[i].sid, r-in.domain_sid, + r-in.rids-rids[i]); result[i].type = types[i]; result[i].name = talloc_move(result, names[i]); } diff --git a/source3/winbindd/winbindd_lookuprids.c b/source3/winbindd/winbindd_lookuprids.c index 738adba..e1d7d18 100644 --- a/source3/winbindd/winbindd_lookuprids.c +++ b/source3/winbindd/winbindd_lookuprids.c @@ -24,6 +24,7 @@ struct winbindd_lookuprids_state { struct tevent_context *ev; + struct dom_sid domain_sid; const char *domain_name; struct wbint_RidArray rids; struct wbint_Principals names; @@ -42,7 +43,6 @@ struct tevent_req *winbindd_lookuprids_send(TALLOC_CTX *mem_ctx, struct tevent_req *req, *subreq; struct winbindd_lookuprids_state *state; struct winbindd_domain *domain; - struct dom_sid sid; req = tevent_req_create(mem_ctx, state, struct winbindd_lookuprids_state); @@ -56,16 +56,16 @@ struct tevent_req *winbindd_lookuprids_send(TALLOC_CTX *mem_ctx, DEBUG(3, (lookuprids (%s)\n, request-data.sid)); - if (!string_to_sid(sid, request-data.sid)) { + if (!string_to_sid(state-domain_sid, request-data.sid)) { DEBUG(5, (%s not a SID\n, request-data.sid)); tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); return tevent_req_post(req, ev); } - domain = find_lookup_domain_from_sid(sid); + domain = find_lookup_domain_from_sid(state-domain_sid); if (domain == NULL) { DEBUG(5, (Domain for sid %s not found\n, - sid_string_dbg(sid))); + sid_string_dbg(state-domain_sid))); tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN); return tevent_req_post(req, ev); } @@ -84,8 +84,8 @@ struct
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via ba118ac s3: increase the log level for missing PIDs on SIGCHLD from efd437e WHATSNEW: Formatting. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit ba118ac287d49267dd2f346d4ddd2e590ebbe653 Author: David Disseldorp dd...@suse.de Date: Wed Feb 16 17:23:25 2011 +0100 s3: increase the log level for missing PIDs on SIGCHLD Since the fix for bso#7836, the parent smbd is responsible for maintaining an up-to-date printcap cache. It does this by forking a child process to asynchronously fetch printcap data from CUPS. When the child process exits after fetching all printcap data, the parent smbd is sent SIGCHLD. This triggers smbd_sig_chld_handler() which looks for the exited process PID on a children list. Child smbd process PIDs are added to the children list to ensure cleanup on unclean shutdown and log level change notification messages. Printcap update process PIDs are not added to the list as they do not maintain any state that requires cleanup, nor do they wait on tevent for messages. Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Thu Feb 17 11:11:45 CET 2011 on sn-devel-104 (cherry picked from commit 9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c) Fix bug #8269 (smbd spams log with Could not find child X -- ignoring messages). --- Summary of changes: source3/smbd/server.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 11040bc..201e301 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -278,7 +278,8 @@ static void remove_child_pid(pid_t pid, bool unclean_shutdown) } } - DEBUG(0, (Could not find child %d -- ignoring\n, (int)pid)); + /* not all forked child processes are added to the children list */ + DEBUG(1, (Could not find child %d -- ignoring\n, (int)pid)); } / -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via c943af7 s3: increase the log level for missing PIDs on SIGCHLD from 9a172dc s3-libnet: fix bug #6364: Pull realm from supplied username on libnet join http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit c943af7ff13c64343e5246b27a7416627bffd365 Author: David Disseldorp dd...@suse.de Date: Wed Feb 16 17:23:25 2011 +0100 s3: increase the log level for missing PIDs on SIGCHLD Since the fix for bso#7836, the parent smbd is responsible for maintaining an up-to-date printcap cache. It does this by forking a child process to asynchronously fetch printcap data from CUPS. When the child process exits after fetching all printcap data, the parent smbd is sent SIGCHLD. This triggers smbd_sig_chld_handler() which looks for the exited process PID on a children list. Child smbd process PIDs are added to the children list to ensure cleanup on unclean shutdown and log level change notification messages. Printcap update process PIDs are not added to the list as they do not maintain any state that requires cleanup, nor do they wait on tevent for messages. Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Thu Feb 17 11:11:45 CET 2011 on sn-devel-104 (cherry picked from commit 9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c) Fix bug #8269 (smbd spams log with Could not find child X -- ignoring messages). (cherry picked from commit ba118ac287d49267dd2f346d4ddd2e590ebbe653) --- Summary of changes: source3/smbd/server.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 9c2709c..dbcf5fd 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -235,7 +235,8 @@ static void remove_child_pid(pid_t pid, bool unclean_shutdown) } } - DEBUG(0, (Could not find child %d -- ignoring\n, (int)pid)); + /* not all forked child processes are added to the children list */ + DEBUG(1, (Could not find child %d -- ignoring\n, (int)pid)); } / -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 83357ec Fix bug #8254 - acl check permissions = no does not work in all cases from ba118ac s3: increase the log level for missing PIDs on SIGCHLD http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 83357ecf6adafe3d23ada705e79c3af25ad4e734 Author: Jeremy Allison j...@samba.org Date: Thu Jun 23 14:42:27 2011 -0700 Fix bug #8254 - acl check permissions = no does not work in all cases Move lp_acl_check_permissions() into can_delete_file_in_directory() where it makes sense. Remove ACL check when requesting DELETE_ACCESS when lp_acl_check_permissions is false. Thanks to John Janosik @ IBM for noticing this. --- Summary of changes: source3/smbd/file_access.c |5 + source3/smbd/open.c| 13 +++-- 2 files changed, 16 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 7d0a552..8b669fe 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -77,6 +77,11 @@ bool can_delete_file_in_directory(connection_struct *conn, return False; } + if (!lp_acl_check_permissions(SNUM(conn))) { + /* This option means don't check. */ + return true; + } + /* Get the parent directory permission mask and owners. */ if (!parent_dirname(ctx, smb_fname-base_name, dname, NULL)) { return False; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index aac6e9c..f0b9271 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -86,6 +86,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, NTSTATUS status; struct security_descriptor *sd = NULL; + if ((access_mask DELETE_ACCESS) !lp_acl_check_permissions(SNUM(conn))) { + *access_granted = access_mask; + + DEBUG(10,(smbd_check_open_rights: not checking ACL + on DELETE_ACCESS on file %s. Granting 0x%x\n, + smb_fname_str_dbg(smb_fname), + (unsigned int)*access_granted )); + return NT_STATUS_OK; + } + status = SMB_VFS_GET_NT_ACL(conn, smb_fname-base_name, (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | @@ -2967,8 +2977,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, /* Setting FILE_SHARE_DELETE is the hint. */ - if (lp_acl_check_permissions(SNUM(conn)) -(create_disposition != FILE_CREATE) + if ((create_disposition != FILE_CREATE) (access_mask DELETE_ACCESS) (!(can_delete_file_in_directory(conn, smb_fname) || can_access_file_acl(conn, smb_fname, DELETE_ACCESS { -- Samba Shared Repository