[Samba] Python UCS2 vs UCS4 issue on latest git: ImportError: ....undefined symbol: PyUnicodeUCS2_Decode [SOLVED]
I'm getting the following error attempting to run samba-tool after installing the latest git using the install_with_python script to use Python 2.6: [root@Server1 dcerpc]# samba-tool Traceback (most recent call last): File /usr/local/samba/bin/samba-tool, line 33, in module from samba.netcmd.main import cmd_sambatool File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 20, in module from samba import getopt as options File /usr/local/samba/lib/python2.6/site-packages/samba/getopt.py, line 30, in module from samba.hostconfig import Hostconfig File /usr/local/samba/lib/python2.6/site-packages/samba/hostconfig.py, line 20, in module from samdb import SamDB File /usr/local/samba/lib/python2.6/site-packages/samba/samdb.py, line 32, in module from samba.dcerpc import drsblobs, misc ImportError: /usr/local/samba/lib/python2.6/site-packages/samba/dcerpc/drsblobs.so: undefined symbol: PyUnicodeUCS2_Decode Samba-tool was working with the previous git, so I'm not certain if this is a problem with the latest build or a problem with Python in my environment. If I understand this correctly, Samba was compiled with a Python version using 2-byte Unicode characters but my Python version is using 4-byte Unicode characters. If that is indeed the case, why was it changed and what would be the best way to go about fixing this problem? I tried adding -enable-unicode=ucs2 to the configure options in the 'install_with_python' script but that had no effect so now I wonder if somehow a different version of Python on the system is being referenced instead of the one included with Samba. Any suggestions here would be greatly appreciated, even if it's only to tell me whether or not I'm on the right track. Thanks! Version is 4.0.5-GIT-20b0adc. CentOS 5.9. Regards, Phil Quesinberry Q Systems Engineering, Inc. Electronic Controls and Embedded Systems Development (410) 969-8002 http://www.qsystemsengineering.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SaMBa 4 - password complexity
On 04/03/2013 06:37 PM, Andrew Bartlett wrote: On Wed, 2013-04-03 at 13:51 -0300, Celso Viana wrote: Hi all, I have installed the Samba 4, i execute the domain provision command, and also have disabled the password complexity and decreases the minimum password length to 3, then I joined a Windows Server 2008 as a DC for the domain samba. After a few minutes the password complexity and minimum values are reset to default. Anyone know why? Very interesting! My guess is that the Windows DC examined the group policy objects for the domain (perhaps some it provided itself) and found that the password policy was set. Samba doesn't know about group policy as a DC, so can't use that as the authoritative source, but it reads the setting in the directory that Windows would update. Very likely, By default you have 2 GPO created, one that concerns everybody and one that concerns DCs. I advise you to edit the second one from Windows 2008 and set the complexity as you expect it to be then it should be replicated on the Samba DC as well soon. Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SaMBa 4 - DC to new domain
On 04/02/2013 09:49 AM, Celso Viana wrote: Hi all, I can put the samba as DC for a child domain in an existing domain tree? I tried: samba-tool domain join test.local SUBDOMAIN -Uadministrator --realm=test.local --parent-domain=smb.test.local No, support for subdomain is incomplete. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] classicupgrade from LDAP - failed to find Unix account for machine account
Hi all, We have a somewhat crufty Samba 3 PDC NT-style domain backed on to an OpenLDAP server that we use for both Linux and Windows 7 authentication, thanks to the magic of ldapsam and smbk5pwd. I am investigating the feasability of moving to Samba 4 and have tried upgrading with the classicupgrade tool in both the Samba 4.0.0 packages in Debian unstable and also with GIT v4-0-stable (b341371). The current roadblock is that a machine account produces an error in the migration: init_sam_from_ldap: Failed to find Unix account for CICHLID$ ldapsam_getsampwnam: init_sam_from_ldap failed for user 'CICHLID$'! ERROR(class 'passdb.error'): uncaught exception - Unable to get user information for 'CICHLID$', (-1073741724,No such user) Notably all of our Linux machines joined to the domain have posixAccount credentials, but the Windows machines do not. The LDAP entry for this machine is: dn: uid=CICHLID$,ou=Computers,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au objectClass: sambaSamAccount objectClass: account displayName: CICHLID$ sambaAcctFlags: [W ] sambaNTPassword: {elided} sambaPwdLastSet: 1364267120 sambaSID: S-1-5-21-3342141748-1574249315-1264630062-1075 uid: CICHLID$ The entries for all our Windows 7 machines look similar. The Linux machines all also have a posixAccount objectClass with the appropriate attributes. Importantly, we have ldapsam:trusted set in our Samba 3 config, and with the add machine script set to: /usr/sbin/cpu -C /etc/cpu/cpu-samba.conf useradd -d /dev/null -o %u (where cpu-samba.conf sets the default container to the Computers OU, disables the home directory and shell, and sets the GID to the computers group). Any suggestions? I am particularly curious as to why the add machine script doesn't appear to be doing anything for Windows machines joined to the domain, and why the classicupgrade script is trying to look for user account details for machine accounts. Thanks, David Adam zanc...@ucc.gu.uwa.edu.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 migration
I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF file. Its works. But convert to (AD ldif) with oLschema2ldif don't work. S. message: sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I /home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif malformed entry on line 1265 Converted 0 records with 1 failures Any Idea? (The line 1265 is empty) Can I use ldbadd? Thanks, Alex -- View this message in context: http://samba.2283325.n4.nabble.com/Samba4-migration-tp4646168p4646272.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] classicupgrade from LDAP - failed to find Unix account for machine account
On Thu, 2013-04-04 at 15:30 +0800, David Adam wrote: Hi all, We have a somewhat crufty Samba 3 PDC NT-style domain backed on to an OpenLDAP server that we use for both Linux and Windows 7 authentication, thanks to the magic of ldapsam and smbk5pwd. I am investigating the feasability of moving to Samba 4 and have tried upgrading with the classicupgrade tool in both the Samba 4.0.0 packages in Debian unstable and also with GIT v4-0-stable (b341371). The current roadblock is that a machine account produces an error in the migration: init_sam_from_ldap: Failed to find Unix account for CICHLID$ ldapsam_getsampwnam: init_sam_from_ldap failed for user 'CICHLID$'! ERROR(class 'passdb.error'): uncaught exception - Unable to get user information for 'CICHLID$', (-1073741724,No such user) Notably all of our Linux machines joined to the domain have posixAccount credentials, but the Windows machines do not. The LDAP entry for this machine is: dn: uid=CICHLID$,ou=Computers,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au objectClass: sambaSamAccount objectClass: account displayName: CICHLID$ sambaAcctFlags: [W ] sambaNTPassword: {elided} sambaPwdLastSet: 1364267120 sambaSID: S-1-5-21-3342141748-1574249315-1264630062-1075 uid: CICHLID$ The entries for all our Windows 7 machines look similar. The Linux machines all also have a posixAccount objectClass with the appropriate attributes. Importantly, we have ldapsam:trusted set in our Samba 3 config, and with the add machine script set to: /usr/sbin/cpu -C /etc/cpu/cpu-samba.conf useradd -d /dev/null -o %u (where cpu-samba.conf sets the default container to the Computers OU, disables the home directory and shell, and sets the GID to the computers group). Any suggestions? I am particularly curious as to why the add machine script doesn't appear to be doing anything for Windows machines joined to the domain, and why the classicupgrade script is trying to look for user account details for machine accounts. So, what has happened is that I've forced on the 'ldapsam:trusted' in our classicupgrade script, as it makes it much, much easier to set up a migration, as you don't have to set up nss_ldap and then tear it down again. I had assumed that almost all installations of Samba as a DC on LDAP would store the unix account with the Samba account. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF file. Its works. But convert to (AD ldif) with oLschema2ldif don't work. S. message: sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I /home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif malformed entry on line 1265 Converted 0 records with 1 failures Any Idea? (The line 1265 is empty) Can I use ldbadd? Thanks, Alex -- View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646274.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] sernet samba4 appliance
Hai, Just a question before im going for a lot of work. Is there, of will there be a new release of the sernet samba 4 appliance. and if so, wil there also amd64 packages. I really like the total solution, with the zarafa schema option etc, its a nice package and easy to install. Or are you people waiting for wheezy to release, i can understand that. Is there is some guideline to follow for rebuilding this to amd64, please tell me. Or some tips are also fine. Greetz, Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Removing and recreating DNS from scratch.
Hi all! I want to recreate my DNS records from scratch and I am unable to find a way to do so. I have tried removing the DC=FORESTDNSZONES and DC=DOMAINDNSZONES ldb files and recreating them with samba_upgradedns but I get the following error: Creating DNS partitions Traceback (most recent call last): File /usr/sbin/samba_upgradedns, line 356, in module dnsadmins_sid) File /usr/lib/python2.7/site-packages/samba/provision/sambadns.py, line 947, in create_dns_partitions names.configdn, names.serverdn) File /usr/lib/python2.7/site-packages/samba/provision/sambadns.py, line 239, in setup_dns_partitions SECDESC : b64encode(descriptor) File /usr/lib/python2.7/site-packages/samba/provision/common.py, line 50, in setup_add_ldif ldb.add_ldif(data, controls) File /usr/lib/python2.7/site-packages/samba/__init__.py, line 224, in add_ldif self.add(msg, controls) _ldb.LdbError: (68, 'ldb_wait: Entry already exists (68)') I have tried with both SAMBA_INTERNAL and BIND9_DLZ both give me the same error. Is there any known method to achieve this? Thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] member server and groups
I have a samba 3 member server joined to a samba pdc using ldap. Join is OK. Version is from debian wheezy: 3.6.6 With servers that are bdc's I have no problems with authentication, with the member server I cannot get group file permissions to work. User file permissions work fine Samba share user and group permissions work fine getent group shows expected groups with correct gid, which is an improvement on the 3.5.4 that I tried before. Only thing interesting the logs show is access denied. BUT if I change the dir/file permission to domain users group THEN it works. So I think samba is only looking up the primary group. I know there was bug like this somewhere around 3.6.0 Is net idmap secret alloc no longer needed? It responds with The only currently supported backend is LDAP. smbpasswd -w seemed to do all I needed. Critical parts of my smb.conf I'm using the nss_ldap method with nss-ldapd security = domain workgroup = DOMAIN ldap admin dn = cn=System Administrator,ou=people,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=people ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=winstations,ou=systems ldap ssl = Off idmap config DOMAIN : backend = ldap idmap config DOMAIN : range= 8-99000 idmap config DOMAIN : ldap_url = ldap://my.ldap.serverl/ winbind use default domain = yes [comp] path = /home/shares/comp inherit permissions = yes public = no browsable = yes writeable = yes valid users = @computer Directory perms drwxrwx--- 19 root computer 4096 Jan 18 15:25 comp nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns wins networks: files /etc/nslcd.conf # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://my.ldap.server/ # The search base that will be used for all queries. base dc=domain,dc=com # The LDAP protocol version to use. #ldap_version 3 # SSL options #ssl off #tls_reqcert never # The search scope. #scope sub -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Packaging Issues
Jelmer- Unfortunately not, I am still unable to get the 4.0.3 package to build successfully due to the aforementioned error. I have yet to try a different version as I think this to be a problem with my packaging attempts, not with anything within that version of samba. As I'm new to this, I've been poking around for even just beginner tutorials on the whole 'debianization' of packages in the hopes that maybe I made an obvious slip-up. This has also not yielded anything particularly helpful. I think the problem probably has to do with me attempting to use the --bundled-libraries option in the rules. As I understand it, --bundled-libraries incorporates libraries into the package itself so that the package need not rely on system libraries. This seemed like a safe way to ensure that (even if for however unlikely) once the package built successfully, it would *always* be functional. If I've gone astray in that thinking or you have some advice for me, I would greatly appreciate it. Thanks for responding, Mike Ray - Original Message - From: Jelmer Vernooij jel...@samba.org To: Mike Ray m...@xes-inc.com Sent: Thursday, April 4, 2013 7:11:14 AM Subject: Re: Fwd: Samba 4 Packaging Issues Hi Mike, Did you manage to get an updated version of the Samba package built in the mean time? If not, let me know. Cheers, Jelmer -- Forwarded message -- From: Mike Ray m...@xes-inc.com Date: Wed, Mar 27, 2013 at 10:44 AM Subject: Samba 4 Packaging Issues To: debian-ment...@lists.debian.org Hello all- (After posting in -user, it was suggested I try this mailing list instead) Long story short, I am trying to package up a current version of Samba4 for Ubuntu Precise 12.04 so that I can easily and reliably deploy it to hardware from a PPA. I'm very new to debian packaging so I'll just start out by stating that anyone who can offer help on this is encouraged to *not* make assumptions about what I have or haven't done -- I'm new and bad at this. In any case, the samba 4.0.3 package (available in the experimental branch of debian packages http://packages.debian.org/source/experimental/samba4) is my base package and the provided debian folder was my starting point. I didn't use the samba packages for Precise because they are woefully old. I've tried to modify the files to meet my needs but am currently hitting an error on dpkg-shlibdeps. It spits out a lot of warnings about not being able to extract the name and version from certain libraries, but it is actually erroring out because it can't find certain libraries. dpkg-shlibdeps: error: couldn't find library libkrb5-samba4.so.26 needed by debian/libsamdb0/usr/lib/x86_64-linux-gnu/libsamdb.so.0.0.1 (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/x86_64-linux-gnu/samba'). dpkg-shlibdeps: error: couldn't find library libgssapi-samba4.so.2 needed by debian/libsamdb0/usr/lib/x86_64-linux-gnu/libsamdb.so.0.0.1 (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/x86_64-linux-gnu/samba'). And also: dpkg-shlibdeps: error: no dependency information found for /home/USER/samba4_4.0.4/samba4-4.0.4/debian/tmp/usr/lib/x86_64-linux-gnu/samba/libldb.so.1 (used by debian/libsamdb0/usr/lib/x86_64-linux-gnu/samba/libsamdb-common.so). dh_shlibdeps says this: dh_shlibdeps: dpkg-shlibdeps -Tdebian/libsamdb0.substvars debian/libsamdb0/usr/lib/x86_64-linux-gnu/samba/libldbsamba.so debian/libsamdb0/usr/lib/x86_64-linux-gnu/samba/libsamdb-common.so debian/libsamdb0/usr/lib/x86_64-linux-gnu/samba/libldb-cmdline.so debian/libsamdb0/usr/lib/x86_64-linux-gnu/libsamdb.so.0.0.1 returned exit code 2 make[1]: *** [override_dh_shlibdeps] Error 2 However, LD_LIBRARY_PATH, which to my understanding is what shlib uses to find libraries it needs to resolve dependencies, is set to a parent directory of where that library is: LD_LIBRARY_PATH evaluates to /home/USER/samba4_4.0.4/samba4-4.0.4/debian/tmp/usr/lib/x86_64-linux-gnu/samba. /home/USER/samba4_4.0.4/samba4-4.0.4/debian/tmp/usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26 So how can't dpkg-shlibdeps find the library? Also, the only dependency listed for libsamdb0 in the subtvars file is: libsamdb 0 libsamdb0 So why is it getting mad about libldb not having dependencies? Here are pastebin links to the debian/rules and debian/control. rules: http://pastebin.com/dmVcyr0Y control: http://pastebin.com/QMdhWn3Z And insight/help would be much appreciated. -Mike Ray -- :wq -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] getent group and net ads user info differs
Hello I have a samba 4.0.3 pdc and a samba 3.5.10 as a fileserver and i am having an issue that i like to share with you. I have a share son the samba 3 setup like this [Comercial] browsable = Yes comment = Comercial path = /shares2/Comercial valid users = @Ingenieria, @Mercadeo, @Comercial, @SIIF, @Costos, administrador, backup write list = @Comercial, @Mercadeo, @Ingenieria, administrador, claudiavillegas, manuelaparicio read list = @Comercial, @SIIF, ,@Almacen, @Costos, @Uruguay, @Ingenieria, backup force create mode = 666 force directory mode = 777 veto files = /*.exe/*.com/*.dll/*.mp3/*.bat/ As you can see the Comercial group is authorized to read and write, so i have this user lisanyurimicolta she is on the Comercial group: [root@srvfs audit]# net ads user info lisanyurimicolta Domain Users TerminalServer politicas3 SIIF Comercial [root@srvfs audit]# srvfs is my samba 3.x server, but then she can't write on the share, so i'm executing a getent group to validate that she is on that group for the winbind, but i get this [root@srvfs audit]# getent group comercial comercial:*:16777233:claralibreros,christiancano,danilocampo,anabedoya,guillerminagarcia,humbertocardona,marthamurillo,pruebas,yoancanabal,andreasaa,adrianazapata,jhonrealpe,maryamgamboa,jassonaperador,adolfotrullo,christhianjimenez,mariaguerrero,mariomunera,mauricioperdomo,melbaorejuela,paolagomez,richardordonez,ginagarces,juanagudelo,adrianalopez,andrespossu,dianaolano,yulymejia,edwinyepes,jenniferbazantes,ronaldduque,maribelgomez,linabanol,lauramulcue,johncastillo,luzgallego,giovannysotomayor,andresgutierrez,arlexcardona,jonathangaviria,victorianavia,andrescampino Why is this happening? any suggestions? Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] member server and groups
When running a samba 3 member server joined to a samba AD with winbind, we were having some issues with ACLs over CIFS mounts. If you are noticing issues with CIFS mounts, then something to keep in mind that I only found out after quite some time, is that permissions over mounts work as the logical AND of basic unix permissions and ACLs. That is if your user would be denied by the basic unix permissions, ACLs are never checked. However, if you get the greenlight from basic permissions, it then contacts the server and does the ACL checks. The reason that you are noticing no issue when you chgrp it to Domain Users is that at that point your domain users pass on the unix permissions. Without them owning (say the file/dir is root/root) then they fall to the last octal, the 'other' portion of file permissions. So what I'd try is chmod 777 the file/dir and then adding ACLs on top of that to restrict access. Hope that helps, Mike Ray - Original Message - From: Neil Price npr...@gibb.co.za To: samba@lists.samba.org Sent: Thursday, April 4, 2013 8:42:06 AM Subject: [Samba] member server and groups I have a samba 3 member server joined to a samba pdc using ldap. Join is OK. Version is from debian wheezy: 3.6.6 With servers that are bdc's I have no problems with authentication, with the member server I cannot get group file permissions to work. User file permissions work fine Samba share user and group permissions work fine getent group shows expected groups with correct gid, which is an improvement on the 3.5.4 that I tried before. Only thing interesting the logs show is access denied. BUT if I change the dir/file permission to domain users group THEN it works. So I think samba is only looking up the primary group. I know there was bug like this somewhere around 3.6.0 Is net idmap secret alloc no longer needed? It responds with The only currently supported backend is LDAP. smbpasswd -w seemed to do all I needed. Critical parts of my smb.conf I'm using the nss_ldap method with nss-ldapd security = domain workgroup = DOMAIN ldap admin dn = cn=System Administrator,ou=people,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=people ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=winstations,ou=systems ldap ssl = Off idmap config DOMAIN : backend = ldap idmap config DOMAIN : range = 8-99000 idmap config DOMAIN : ldap_url = ldap://my.ldap.serverl/ winbind use default domain = yes [comp] path = /home/shares/comp inherit permissions = yes public = no browsable = yes writeable = yes valid users = @computer Directory perms drwxrwx--- 19 root computer 4096 Jan 18 15:25 comp nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns wins networks: files /etc/nslcd.conf # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://my.ldap.server/ # The search base that will be used for all queries. base dc=domain,dc=com # The LDAP protocol version to use. #ldap_version 3 # SSL options #ssl off #tls_reqcert never # The search scope. #scope sub -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Please help: classicupgrade not importing users
Does anyone have any ideas what I might have done wrong or why this is not working? Simon On Tue, 2 Apr 2013, simon+sa...@matthews.eu wrote: I have tried everything that I can think of, but the users are still not being imported. I deleted and re-created the /usr/local/samba directory (using make install), I added users to the local passwd file (ypcat passwd /etc/passwd) and then stopped ypbind. Still the same. The users are not imported while the groups are. I would really appreciate some help in getting past this step. The transcript of my last attempt at classicupgrade can be found here: http://pastebin.com/tP8bG5Yb I changed the realm that I used to a.b and made edits to the file to make it consistent. Simon On Mon, 1 Apr 2013, simon+sa...@matthews.eu wrote: On Tue, 2 Apr 2013, Ricky Nance wrote: http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTOhttps://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO should help. I have been following those instructions. I have a tdb backend, I am working on a VM that does not have SAMBA3 installed. The command: # samba-tool user list does not show my users. Interestingly, the groups seem to be there. If I use # samba-tool group list I see the expected groups. Simon Ricky On Tue, Apr 2, 2013 at 12:06 AM, Gémes Géza g...@kzsdabas.hu wrote: 2013-04-02 05:35 keltezéssel, simon+sa...@matthews.eu írta: On Mon, 1 Apr 2013, simon+sa...@matthews.eu wrote: On Tue, 2 Apr 2013, Andrew Bartlett wrote: On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote: 2013-04-01 02:36 keltezéssel, simon+sa...@matthews.eu írta: Since I don't seem to be having any luck with the classicupgrade, I decided to try starting from scratch and then adding I users. I ran the command: /usr/local/samba/bin/samba-**tool domain provision --realm=my realm \ --domain=mydomain --adminpass 'mypass' realm --server-role=dc \ --dns-backend=BIND9_DLZ Then I tried both adding and changing users. In neither case can I change the SID with pdbedit. It seems to be added with a system-defined SID, irrespective of what I specify. pdbedit -v is able to list the user's parameters, including the SID. Any suggestions? I am pretty much stuck here trying to figure out how to migrate from an existing SAMBA3 domain to SAMBA4. Hi, Trying to add users one by one (preserving SID) is IMHO a lot harder(you would probably need to ldbmodify the user record of each one) todo, than fixing your samba3 install to have it classicupgraded. Indeed. The only way to safely import a list of users who already have SIDs is to migrate them to Samba 4.0's AD DC using one of the supported migration tools. These are 'samba-tool domain join dc' and 'samba-tool domain classicupgrade'. Perhaps I need to address why the classicupgrade did not work. I see now that I did not pass the --dbdir option when running it before. I'll try again. I went back to trying to get the classicupgrade to work: /usr/local/samba/bin/samba-**tool domain classicupgrade \ --dbdir=/var/lib/samba/ --dbdir=/var/lib/samba/ --realm=a.b \ /etc/samba/smb.conf --use-xattrs=yes For the realm, I used a subdomain of one of the two existing dns domains in the LAN. It appears to be processing the information from the old domain tdb files, although I see some errors: Cannot open idmap database, Ignoring: [Errno 2] No such file or directory Importing groups Could not add group name=Remote Desktop Users ((68, samldb: Account name (sAMAccountName) 'Remote Desktop Users' already in use!)) Could not modify AD idmap entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555, id=5077, type=ID_TYPE_GID ((32, Base-DN 'SID=S-1-5-21-4254857281-**3346836279-4152649156-555' not found)) Could not add posix attrs for AD entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555, ((32, Base-DN 'SID=S-1-5-21-4254857281-**3346836279-4152649156-555' not found)) Group already exists sid=S-1-5-21-4254857281-**3346836279-4152649156-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring. However, after this, all I get from pdbedit -L is: # pdbedit -L RAIDSERVER$:4294967295: Administrator:4294967295: [root@samba ~]# pdbedit -L RAIDSERVER$:4294967295: Administrator:4294967295:
Re: [Samba] getent group and net ads user info differs
Hello Kevin The group is on the samba AD and i don't have nis installed on this server, the nsswitch.conf is this. passwd: files winbind shadow: files winbind group: files winbind My OS is Centos 6.3 El 4/04/2013, a las 10:42, Shaw, Kevin kevin.s...@xerox.com escribió: Cristian, The group commercial is in /etc/group or NIS group? cat /etc/group | grep lisanyurimicolta ypcat -k group | grep lisanyurimicolta If group is configured correctly I would look at /etc/nsswitch.conf. I don't know what OS you are running, this is where name switching is configured in Solaris. HTH, -Kevin -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Cristian Saavedra Sent: Thursday, April 04, 2013 7:45 AM To: samba@lists.samba.org Subject: [Samba] getent group and net ads user info differs Hello I have a samba 4.0.3 pdc and a samba 3.5.10 as a fileserver and i am having an issue that i like to share with you. I have a share son the samba 3 setup like this [Comercial] browsable = Yes comment = Comercial path = /shares2/Comercial valid users = @Ingenieria, @Mercadeo, @Comercial, @SIIF, @Costos, administrador, backup write list = @Comercial, @Mercadeo, @Ingenieria, administrador, claudiavillegas, manuelaparicio read list = @Comercial, @SIIF, ,@Almacen, @Costos, @Uruguay, @Ingenieria, backup force create mode = 666 force directory mode = 777 veto files = /*.exe/*.com/*.dll/*.mp3/*.bat/ As you can see the Comercial group is authorized to read and write, so i have this user lisanyurimicolta she is on the Comercial group: [root@srvfs audit]# net ads user info lisanyurimicolta Domain Users TerminalServer politicas3 SIIF Comercial [root@srvfs audit]# srvfs is my samba 3.x server, but then she can't write on the share, so i'm executing a getent group to validate that she is on that group for the winbind, but i get this [root@srvfs audit]# getent group comercial comercial:*:16777233:claralibreros,christiancano,danilocampo,anabedoya,guillerminagarcia,humbertocardona,marthamurillo,pruebas,yoancanabal,andreasaa,adrianazapata,jhonrealpe,maryamgamboa,jassonaperador,adolfotrullo,christhianjimenez,mariaguerrero,mariomunera,mauricioperdomo,melbaorejuela,paolagomez,richardordonez,ginagarces,juanagudelo,adrianalopez,andrespossu,dianaolano,yulymejia,edwinyepes,jenniferbazantes,ronaldduque,maribelgomez,linabanol,lauramulcue,johncastillo,luzgallego,giovannysotomayor,andresgutierrez,arlexcardona,jonathangaviria,victorianavia,andrescampino Why is this happening? any suggestions? Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] determining Samba version
Is there a way to determine (or at least get close) what version of Samba an embedded client may be running (or based on) via packet sniffing (tcpdump, wireshark)? Thanks. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] determining Samba version
On Thu, Apr 4, 2013 at 2:00 PM, Richard Sharpe realrichardsha...@gmail.com wrote: If they have not changed the version string to obscure the version, then the following will work: cc1# smbclient //some-node/some-share -U[some-dom/]some-user%some-password Failed to load upcase.dat, will use lame ASCII-only case sensitivity rules Failed to load lowcase.dat, will use lame ASCII-only case sensitivity rules Domain=[some-dom] OS=[Unix] Server=[Samba 3.6.12] It's not a server, just a client, so I cannot connect to it as such. You can also look at the Session Setup X Responses for SMB1 only and will see something like: Samba 3.6.6 in something like the Native Lanmanager Version field. That gives something: == Native OS: Linux version 2.6.35 Native LAN Manager: CIFS VFS Client for Linux == Doesn't seem to be any detail about what CIFS version they're using. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] determining Samba version
On Thu, Apr 4, 2013 at 2:21 PM, Chris Smith smb...@chrissmith.org wrote: == Native OS: Linux version 2.6.35 Native LAN Manager: CIFS VFS Client for Linux == It advertises these protocols: === Dialect: PC NETWORK PROGRAM 1.0 Dialect: MICROSOFT NETWORKS 1.03 Dialect: MICROSOFT NETWORKS 3.0 Dialect: LANMAN1.0 Dialect: LM1.2X002 Dialect: DOS LANMAN2.1 Dialect: LANMAN2.1 Dialect: Samba Dialect: NT LANMAN 1.0 Dialect: NT LM 0.12 === and has issues with later OSX and Windows 8 SMB. Didn't know there was a specific Samba dialect. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] wbinfo, wbinfo_group.pl, user missing from AD group
I'm not exactly sure how the mapping of uid, sid, maps to unix gid. We're using the wbinfo_group.pl script for our squid deployment. The issue I see is if I run the script, or a valid and a user that isn't working. On my system it returns a GID. Got 3kll Hardware from squid Username 3kll Groups Hardware User: -3kll- Group: -Hardware- SID: -S-1-5-21-1607859618-1323328405-3834754132-2828- GID: -16777237- Sending OK to squid OK Here's a failing one. Got 3lsr Hardware from squid Username 3lsr Groups Hardware User: -3lsr- Group: -Hardware- SID: -S-1-5-21-1607859618-1323328405-3834754132-2828- GID: -16777237- Sending ERR to squid ERR So, I run a wbinfo -r on 3lsr wbinfo -r 3lsr 16777217 16777221 16777222 16777277 16777279 16777230 16777232 16777267 GID 16777237 isn't listed. It is listed in 3kll. So, how do I get user 3lsr to report back that it's in group 16777237? Thanks -- Kevin Blackwell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] classicupgrade from LDAP - failed to find Unix account for machine account
On Thu, 4 Apr 2013, Andrew Bartlett wrote: On Thu, 2013-04-04 at 15:30 +0800, David Adam wrote: Hi all, We have a somewhat crufty Samba 3 PDC NT-style domain backed on to an OpenLDAP server that we use for both Linux and Windows 7 authentication, thanks to the magic of ldapsam and smbk5pwd. So, what has happened is that I've forced on the 'ldapsam:trusted' in our classicupgrade script, as it makes it much, much easier to set up a migration, as you don't have to set up nss_ldap and then tear it down again. I had assumed that almost all installations of Samba as a DC on LDAP would store the unix account with the Samba account. Your psychic powers were accurate; for some reason we still have a few machine accounts in /etc/passwd on the PDC and not in LDAP, even though we have ldapsam:trusted set. (I'm surprised that works.) Deleting the entries in /etc/passwd and rejoining the machines to the domain helps immensely. Thanks David zanc...@ucc.gu.uwa.edu.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group and net ads user info differs
Fixed! [root@dominio Policies]# samba-tool dbcheck Checking 1394 objects ERROR: orphaned backlink attribute 'memberOf' in CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co for link member in CN=SIIF,CN=Users,DC=forsa,DC=com,DC=co Not removing orphaned backlink member ERROR: orphaned backlink attribute 'memberOf' in CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co for link member in CN=Comercial,CN=Users,DC=forsa,DC=com,DC=co Not removing orphaned backlink member ERROR: incorrect DN string component for member in object CN=SIIF,CN=Users,DC=forsa,DC=com,DC=co - GUID=7ba58aea-6479-41a6-9e7c-cf69e62aad35;CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co Not fixing incorrect string version of DN ERROR: incorrect DN string component for member in object CN=Comercial,CN=Users,DC=forsa,DC=com,DC=co - GUID=7ba58aea-6479-41a6-9e7c-cf69e62aad35;CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co Not fixing incorrect string version of DN Please use --fix to fix these errors Checked 1394 objects (4 errors) So i re ran the process with --fix and now i can see the user. El 4/04/2013, a las 12:24, Cristian Saavedra c...@asualcance.com escribió: Hello Kevin The group is on the samba AD and i don't have nis installed on this server, the nsswitch.conf is this. passwd: files winbind shadow: files winbind group: files winbind My OS is Centos 6.3 El 4/04/2013, a las 10:42, Shaw, Kevin kevin.s...@xerox.com escribió: Cristian, The group commercial is in /etc/group or NIS group? cat /etc/group | grep lisanyurimicolta ypcat -k group | grep lisanyurimicolta If group is configured correctly I would look at /etc/nsswitch.conf. I don't know what OS you are running, this is where name switching is configured in Solaris. HTH, -Kevin -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Cristian Saavedra Sent: Thursday, April 04, 2013 7:45 AM To: samba@lists.samba.org Subject: [Samba] getent group and net ads user info differs Hello I have a samba 4.0.3 pdc and a samba 3.5.10 as a fileserver and i am having an issue that i like to share with you. I have a share son the samba 3 setup like this [Comercial] browsable = Yes comment = Comercial path = /shares2/Comercial valid users = @Ingenieria, @Mercadeo, @Comercial, @SIIF, @Costos, administrador, backup write list = @Comercial, @Mercadeo, @Ingenieria, administrador, claudiavillegas, manuelaparicio read list = @Comercial, @SIIF, ,@Almacen, @Costos, @Uruguay, @Ingenieria, backup force create mode = 666 force directory mode = 777 veto files = /*.exe/*.com/*.dll/*.mp3/*.bat/ As you can see the Comercial group is authorized to read and write, so i have this user lisanyurimicolta she is on the Comercial group: [root@srvfs audit]# net ads user info lisanyurimicolta Domain Users TerminalServer politicas3 SIIF Comercial [root@srvfs audit]# srvfs is my samba 3.x server, but then she can't write on the share, so i'm executing a getent group to validate that she is on that group for the winbind, but i get this [root@srvfs audit]# getent group comercial comercial:*:16777233:claralibreros,christiancano,danilocampo,anabedoya,guillerminagarcia,humbertocardona,marthamurillo,pruebas,yoancanabal,andreasaa,adrianazapata,jhonrealpe,maryamgamboa,jassonaperador,adolfotrullo,christhianjimenez,mariaguerrero,mariomunera,mauricioperdomo,melbaorejuela,paolagomez,richardordonez,ginagarces,juanagudelo,adrianalopez,andrespossu,dianaolano,yulymejia,edwinyepes,jenniferbazantes,ronaldduque,maribelgomez,linabanol,lauramulcue,johncastillo,luzgallego,giovannysotomayor,andresgutierrez,arlexcardona,jonathangaviria,victorianavia,andrescampino Why is this happening? any suggestions? Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [4.0] Inter-realm trust
On Thu, 2013-03-28 at 13:16 +0100, Kaito Kumashiro wrote: Hello I know that inter-domain trust is not supported in Samba, but is it possible to create an inter-realm trust on Kerberos level? I have a kerberized service in realm X (Samba 4.0 as DC) and I want to allow users from realm Y (also Samba 4.0, but different domain) to access it using SPNEGO GSSAPI. If it is possible, how can I accomplish this? You can try and set up such a trust with the windows tools. The pure kerberos level should work (because it is a natrual part of kerberos, which we didn't cripple, but instead did the small work to enable and the FreeIPA project added the RPC calls for), but not much else will. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
On Thu, 2013-04-04 at 01:15 -0700, alxgrb wrote: I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF file. Its works. But convert to (AD ldif) with oLschema2ldif don't work. S. message: sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I /home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif malformed entry on line 1265 Converted 0 records with 1 failures Any Idea? (The line 1265 is empty) Can I use ldbadd? We really need to drop this tool, it has never really worked well, the parsing text schema with a C tool was always a bad idea. It would be faster and more effective to have someone rewrite it in python. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Python UCS2 vs UCS4 issue on latest git: ImportError: ....undefined symbol: PyUnicodeUCS2_Decode (NOT SOLVED)
I forgot to remove 'solved' from the title after the fix I thought I had discovered didn't work. I was going to post anyway in hopes of helping someone else but that didn't quite work out the way I'd planned. I'll use the lateness of the hour as an excuse. Ok, so after digging further into this problem, it's getting weird: I decided to manually do the configuremakemake install on Samba's private Python build that's normally done in the 'install_with_python' shell script and configure it with --enable-unicode=ucs2 but even though it built successfully, executing /usr/local/samba/python/bin/python and doing an import sys followed by print sys.maxunicode gives a value of 1114111. So either my config command was ignored completely or there's something else going on that I just don't understand. If that's the case and someone in here knows enough to enlighten the new guy on what's happening or at least direct me to some relevant info, I'd really appreciate it. Also, if there's a way to un-provision Samba in order to join an existing domain as a DC without wiping it out and re-installing, I'd like to know how to do that too. I see where others have asked the same question but each time it has gone unanswered so I'm assuming that there's no practical way to do it at the moment. That's actually what got me into this mess. I'll try reverting to the latest stable version, this last pull from v4-0-test appears to be broken, at least for my environment. - Phil -- From: Phil Quesinberry Sent: Thursday, April 04, 2013 1:48 AM To: 'samba@lists.samba.org' Subject: Python UCS2 vs UCS4 issue on latest git: ImportError: undefined symbol: PyUnicodeUCS2_Decode [SOLVED] I'm getting the following error attempting to run samba-tool after installing the latest git using the install_with_python script to use Python 2.6: [root@Server1 dcerpc]# samba-tool Traceback (most recent call last): File /usr/local/samba/bin/samba-tool, line 33, in module from samba.netcmd.main import cmd_sambatool File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 20, in module from samba import getopt as options File /usr/local/samba/lib/python2.6/site-packages/samba/getopt.py, line 30, in module from samba.hostconfig import Hostconfig File /usr/local/samba/lib/python2.6/site-packages/samba/hostconfig.py, line 20, in module from samdb import SamDB File /usr/local/samba/lib/python2.6/site-packages/samba/samdb.py, line 32, in module from samba.dcerpc import drsblobs, misc ImportError: /usr/local/samba/lib/python2.6/site-packages/samba/dcerpc/drsblobs.so: undefined symbol: PyUnicodeUCS2_Decode Samba-tool was working with the previous git, so I'm not certain if this is a problem with the latest build or a problem with Python in my environment. If I understand this correctly, Samba was compiled with a Python version using 2-byte Unicode characters but my Python version is using 4-byte Unicode characters. If that is indeed the case, why was it changed and what would be the best way to go about fixing this problem? I tried adding -enable-unicode=ucs2 to the configure options in the 'install_with_python' script but that had no effect so now I wonder if somehow a different version of Python on the system is being referenced instead of the one included with Samba. Any suggestions here would be greatly appreciated, even if it's only to tell me whether or not I'm on the right track. Thanks! Version is 4.0.5-GIT-20b0adc. CentOS 5.9. Regards, Phil Quesinberry Q Systems Engineering, Inc. Electronic Controls and Embedded Systems Development (410) 969-8002 http://www.qsystemsengineering.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Python UCS2 vs UCS4 issue on latest git: ImportError: ....undefined symbol: PyUnicodeUCS2_Decode (NOT SOLVED)
On Thu, 2013-04-04 at 21:16 -0400, Phil Quesinberry wrote: I forgot to remove 'solved' from the title after the fix I thought I had discovered didn't work. I was going to post anyway in hopes of helping someone else but that didn't quite work out the way I'd planned. I'll use the lateness of the hour as an excuse. I was about to ask exactly how it was solved... Ok, so after digging further into this problem, it's getting weird: I decided to manually do the configuremakemake install on Samba's private Python build that's normally done in the 'install_with_python' shell script and configure it with --enable-unicode=ucs2 but even though it built successfully, executing /usr/local/samba/python/bin/python and doing an import sys followed by print sys.maxunicode gives a value of 1114111. So either my config command was ignored completely or there's something else going on that I just don't understand. If that's the case and someone in here knows enough to enlighten the new guy on what's happening or at least direct me to some relevant info, I'd really appreciate it. Also, if there's a way to un-provision Samba in order to join an existing domain as a DC without wiping it out and re-installing, I'd like to know how to do that too. I see where others have asked the same question but each time it has gone unanswered so I'm assuming that there's no practical way to do it at the moment. That's actually what got me into this mess. There is no need to 'un-provision'. Joining the existing domain as a DC already wipes the data from the previous join. I'll try reverting to the latest stable version, this last pull from v4-0-test appears to be broken, at least for my environment. I would like to understand better what is failing for you, as nothing related to his has intentionally changed since 4.0.0, in either master of v4-0-test. (Frankly, the changes in this area of the code in total have been quite limited, as we work to address issues raised by the 4.0 release rather than embark on massive new features). Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7f366d7 tevent: Only set poll_ev-delete=false if it was true from a7f067c BUG 9699: Fix adding case sensitive spn. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7f366d745c1d4e833470d853ec484459157616e7 Author: Volker Lendecke v...@samba.org Date: Thu Apr 4 10:23:02 2013 +0200 tevent: Only set poll_ev-delete=false if it was true Might not be noticable, but I thought it would be an obvious tiny optimization. Possibly the compiler already does this. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Apr 4 18:32:39 CEST 2013 on sn-devel-104 --- Summary of changes: lib/tevent/tevent_poll.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tevent/tevent_poll.c b/lib/tevent/tevent_poll.c index 92fcc44..c6e2a00 100644 --- a/lib/tevent/tevent_poll.c +++ b/lib/tevent/tevent_poll.c @@ -419,8 +419,8 @@ static bool poll_event_setup_fresh(struct tevent_context *ev, poll_ev-fdes[i]-additional_flags = i; } } + poll_ev-deleted = false; } - poll_ev-deleted = false; if (poll_ev-fresh == NULL) { return true; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ca0d385 getpass: Don't fail if stdin is not a tty from 7f366d7 tevent: Only set poll_ev-delete=false if it was true http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ca0d38596d711e70a1d58657024aabd8c131512b Author: Stef Walter st...@gnome.org Date: Thu Apr 4 15:55:10 2013 +0200 getpass: Don't fail if stdin is not a tty We don't need to manipulate the tty state (such as turning off echo) when prompting for passwords if we're not reading from a tty. Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Alexander Bokovoy a...@samba.org Autobuild-User(master): Alexander Bokovoy a...@samba.org Autobuild-Date(master): Fri Apr 5 07:34:37 CEST 2013 on sn-devel-104 --- Summary of changes: lib/util/getpass.c | 52 +--- 1 files changed, 29 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/getpass.c b/lib/util/getpass.c index 480bd56..0cbc7dd 100644 --- a/lib/util/getpass.c +++ b/lib/util/getpass.c @@ -170,31 +170,34 @@ int samba_getpass(const char *prompt, return -1; } - ZERO_STRUCT(attr); - ZERO_STRUCT(old_attr); + if (isatty (STDIN_FILENO)) { - /* get local terminal attributes */ - if (tcgetattr(STDIN_FILENO, attr) 0) { - perror(tcgetattr); - return -1; - } + ZERO_STRUCT(attr); + ZERO_STRUCT(old_attr); - /* save terminal attributes */ - memcpy(old_attr, attr, sizeof(attr)); - if((fd = fcntl(0, F_GETFL, 0)) 0) { - perror(fcntl); - return -1; - } + /* get local terminal attributes */ + if (tcgetattr(STDIN_FILENO, attr) 0) { + perror(tcgetattr); + return -1; + } - /* disable echo */ - if (!echo) { - attr.c_lflag = ~(ECHO); - } + /* save terminal attributes */ + memcpy(old_attr, attr, sizeof(attr)); + if((fd = fcntl(0, F_GETFL, 0)) 0) { + perror(fcntl); + return -1; + } - /* write attributes to terminal */ - if (tcsetattr(STDIN_FILENO, TCSAFLUSH, attr) 0) { - perror(tcsetattr); - return -1; + /* disable echo */ + if (!echo) { + attr.c_lflag = ~(ECHO); + } + + /* write attributes to terminal */ + if (tcsetattr(STDIN_FILENO, TCSAFLUSH, attr) 0) { + perror(tcsetattr); + return -1; + } } /* disable nonblocking I/O */ @@ -204,8 +207,11 @@ int samba_getpass(const char *prompt, ok = samba_gets(prompt, buf, len, verify); - /* reset terminal */ - tcsetattr(STDIN_FILENO, TCSANOW, old_attr); + if (isatty (STDIN_FILENO)) { + + /* reset terminal */ + tcsetattr(STDIN_FILENO, TCSANOW, old_attr); + } /* close fd */ if (fd O_NDELAY) { -- Samba Shared Repository