Re: [Samba] Joining a NetApp filer to a Samba PDC ?
Hi, Does anyone succeded in joining a Samba PDC with a NetApp filer ? I tried many times but never succeded ... Yes, I did succeed a while ago. What's your problem? Volker hello here is the problem Wed Apr 7 16:29:05 MEST [cifs.server.infoMsg:info]: CIFS: Warning for server \\PDC-SRV: Unable to create NETLOGON pipe. Which version are you using? If you are using between 3.2.8 from samba 3.2.0, it fails. Because samba has a bug. https://bugzilla.samba.org/show_bug.cgi?id=5920 Please check your samba version. Best Regards, Yasuma Takeda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
Hi all, That won't work. Your only chance is Samba 3.3.4 with HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOnSeal = 0 DWORD RequireStrongKey = 0 Haven't tested that yet, but you should get some steps further. Volker I succeeded to join Windows 7(RC) to Samba 3.3.4 domain. 1. I installed Windows 7. 2. I changed above 4 parameters by regedit on Windows 7. 3. Windows 7 can join to the domain which is provided by Samba 3.3.4. Great! Yasuma Takeda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and NetAPP filers, the PDC problem...
Hi, On Thu, Feb 12, 2009 at 05:08:14PM +0100, Frank Bonnet wrote: Volker Lendecke wrote: On Thu, Feb 12, 2009 at 10:22:23AM +0100, Frank Bonnet wrote: Well not much success even after creating the account by hand You might want to take a look at bug 5920 for the trick. Because I don't have a NetApp box to test, I can't really fix this. Volker this does not help me my installed version is 3.2.25 Then you need to find someone to fix what broke between 3.0.30 and later versions :-) Volker I got same problem on Samba 3.2.7. I found a problem on Samba 3.2. I filed a patch for samba 3.2.8 to bug 5920. Would you check it? Thanks, Yasuma Takeda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and NetAPP filers, the PDC problem...
Hi, Volker Lendecke wrote: Ah, that one. There was some discussion on the list recently iirc. What you definitely have to do is precreate the machine account with smbpasswd -a -m XFILER The fact that NetApp filers are not able to create the workstation account on their own should be documented in the NetApp docs somewhere. Volker OK I'll try this tomorrow but I use an OpenLDAP backend with samba and I tried to create the account with smb-tools and it failed please try this. # smbldap-useradd -w netapp # pdbedit -m -a netapp$ And try to join. Best Regards, Yasuma Takeda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
bug in masked_match function
Hello, I heard a following problem in Samba-JP. The masked_match function in lib/access.c is wrong.(CVS HEAD and 2_2) mask = (uint32)((ALLONES atoi(slash + 1)) ^ ALLONES); Example: hosts allow = 10.0.0.0/23 This produces following result. This isn't mask. mask = 0111 Therefore 'hosts allow' and 'hosts deny' doesn't match. I don't know why this change was made. http://cvs.samba.org/cgi-bin/cvsweb/samba/source/lib/access.c.diff?r1=1.19.4.12r2=1.19.4.13 Please check. Thanks, Yasuma Takeda [EMAIL PROTECTED]
patch collection for 2.2.5
Hi, I added a patch for 2.2.5, which was reported in Samba-JP. This patch includes following corrections. - more appropriate use of cast and const word - more appropriate use of macro - fixed some problems of multibyte characters - fixed prototype definition - fixed some typo, etc This patch does not include following files. Please remake these files. 1. configure made by autoconf. 2. config.h.in made by autoheader. 3. proto.h, rpc_client_proto.h, winbindd_proto.h made by make proto. Best Regards, Yasuma Takeda diff -uNr samba-2.2.5.org/source/Makefile.in samba-2.2.5/source/Makefile.in --- samba-2.2.5.org/source/Makefile.in Wed Jun 19 10:13:24 2002 +++ samba-2.2.5/source/Makefile.in Tue Jul 16 13:46:42 2002 @@ -96,12 +96,12 @@ SPROGS = bin/smbd bin/nmbd bin/swat PROGS1 = bin/smbclient bin/smbspool bin/testparm bin/testprns bin/smbstatus bin/smbcontrol bin/tdbbackup bin/make_printerdef @RUNPROG@ -PROGS2 = bin/smbpasswd bin/make_smbcodepage bin/rpcclient bin/make_unicodemap bin/smbcacls @WRAPPROG@ @WRAP@ @WRAP32@ @PAM_MOD@ @PDBEDIT@ @LIBSMBCLIENT@ +PROGS2 = bin/smbpasswd bin/make_smbcodepage bin/rpcclient bin/make_unicodemap +bin/smbcacls @WRAPPROG@ @WRAP@ @WRAP32@ @PAM_MOD@ @PDBEDIT@ MPROGS = @MPROGS@ LPROGS = $(WINBIND_PAM_PROGS) $(WINBIND_LPROGS) PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup TORTURE_PROGS = bin/smbtorture bin/msgtest bin/masktest bin/locktest bin/locktest2 -SHLIBS = libsmbclient +SHLIBS = @LIBSMBCLIENT@ SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/findsmb @@ -422,13 +422,13 @@ all : CHECK $(SPROGS) $(PROGS) $(WINBIND_PROGS) $(WINBIND_SPROGS) $(LPROGS) # The following everything is NOT needed except by Samba developers - so do not use this! -everything : CHECK $(SPROGS) $(PROGS) $(SHLIBS) nsswitch smbwrapper smbtorture debug2html smbfilter nsswitch/libnss_wins.so +everything : CHECK $(SPROGS) $(PROGS) $(SHLIBS) nsswitch smbwrapper smbtorture +debug2html smbfilter nsswitch/libnss_wins.@SHLIBEXT@ pam_smbpass : CHECK bin/pam_smbpass.@SHLIBEXT@ smbwrapper : CHECK @WRAPPROG@ @WRAP@ @WRAP32@ -libsmbclient : CHECK bin/libsmbclient.@SHLIBEXT@ bin/libsmbclient.a +libsmbclient : CHECK @LIBSMBCLIENT_SHARED@ @LIBSMBCLIENT_NON_SHARED@ torture : CHECK $(TORTURE_PROGS) @@ -631,7 +631,7 @@ bin/smbwrapper.@SHLIBEXT@: $(PICOBJS) bin/.dummy @echo Linking shared library $@ - @$(SHLD) @LDSHFLAGS@ -o $@ $(PICOBJS) $(LIBS) \ + @$(SHLD) @LDSHFLAGS@ -o $@ $(PICOBJS) $(LDFLAGS) $(LIBS) \ @SONAMEFLAG@`basename $@` bin/smbwrapper.32.@SHLIBEXT@: $(PICOBJS32) bin/.dummy @@ -641,19 +641,19 @@ bin/libsmbclient.@SHLIBEXT@: $(LIBSMBCLIENT_PICOBJS) bin/.dummy @echo Linking libsmbclient shared library $@ - @$(SHLD) @LDSHFLAGS@ -o $@ $(LIBSMBCLIENT_PICOBJS) $(LIBS) \ + @$(SHLD) @LDSHFLAGS@ -o $@ $(LIBSMBCLIENT_PICOBJS) $(LDFLAGS) $(LIBS) \ @SONAMEFLAG@`basename $@`.$(LIBSMBCLIENT_MAJOR) bin/libsmbclient.a: $(LIBSMBCLIENT_PICOBJS) bin/.dummy @echo Linking libsmbclient non-shared library $@ - @-$(AR) -rc $@ $(LIBSMBCLIENT_PICOBJS) + @-$(AR) rc $@ $(LIBSMBCLIENT_PICOBJS) bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_OBJ) bin/.dummy @echo Linking shared library $@ $(SHLD) @LDSHFLAGS@ -o $@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) -lc \ @SONAMEFLAG@`basename $@` -nsswitch/libnss_wins.so: $(NSS_OBJ) +nsswitch/libnss_wins.@SHLIBEXT@: $(NSS_OBJ) @echo Linking $@ @$(SHLD) @LDSHFLAGS@ -o $@ $(NSS_OBJ) -lc \ @SONAMEFLAG@`basename $@` @@ -662,17 +662,17 @@ @echo Linking $@ @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) $(LDAPLIBS) -nsswitch/libns_winbind.so: $(WINBIND_NSS_PICOBJS) +nsswitch/libns_winbind.@SHLIBEXT@: $(WINBIND_NSS_PICOBJS) @echo Linking $@ @$(SHLD) @LDSHFLAGS@ -o $@ $(WINBIND_NSS_PICOBJS) @WINBIND_NSS_EXTRA_LIBS@ \ @SONAMEFLAG@`basename $@` -nsswitch/libnss_winbind.so: $(WINBIND_NSS_PICOBJS) +nsswitch/libnss_winbind.@SHLIBEXT@: $(WINBIND_NSS_PICOBJS) @echo Linking $@ @$(SHLD) @LDSHFLAGS@ -o $@ $(WINBIND_NSS_PICOBJS) @WINBIND_NSS_EXTRA_LIBS@ \ @SONAMEFLAG@`basename $@` -nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ) +nsswitch/pam_winbind.@SHLIBEXT@: $(PAM_WINBIND_OBJ) @echo Linking $@ @$(SHLD) @LDSHFLAGS@ -o $@ $(PAM_WINBIND_OBJ) \ @SONAMEFLAG@`basename $@` @@ -697,6 +697,7 @@ $(SHELL) $(srcdir)/install-sh -d -m $(INSTALLPERMS) $(VARDIR) $(SHELL) $(srcdir)/install-sh -d -m $(INSTALLPERMS) $(PIDDIR) $(SHELL) $(srcdir)/install-sh -d -m $(INSTALLPERMS) $(CODEPAGEDIR) + $(SHELL) $(srcdir)/install-sh -d -m $(INSTALLPERMS) $(SWATDIR) installservers: all installdirs @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(SPROGS) @@ -714,9 +715,11 @@ installswat: installdirs
[Security Problem] --with-tdbsam
In Samba-JP, buffer overflow problem was reported.
If samba is configured with --with-tdbsam, init_sam_from_buffer function
contains a buffer overflow vulnerability.
In a certain case, user can use this vulnerability by changing his password.
Please examine this security problem and take measures to be necessary.
vulnerable version
2.2.3, 2.2.3a, 2.2.4, 2.2.5
-- CUT HERE ---
diff -uNr samba-2.2.5.orig/source/passdb/pdb_tdb.c samba-2.2.5/source/passdb/pdb_tdb.c
--- samba-2.2.5.orig/source/passdb/pdb_tdb.cFri May 3 10:03:27 2002
+++ samba-2.2.5/source/passdb/pdb_tdb.c Mon Jul 1 18:58:05 2002
-81,6 +81,7
static uint8*lm_pw_ptr, *nt_pw_ptr;
uint32 len = 0;
uint32 lmpwlen, ntpwlen, hourslen;
+ pstring cvt_buf;
BOOL ret = True;
BOOL setflag;
struct passwd *pw;
-160,9 +161,10
if (homedir) setflag = True;
else {
setflag = False;
- homedir = strdup(lp_logon_home());
+ pstrcpy(cvt_buf, lp_logon_home());
+ standard_sub_advanced(-1, username, , gid, cvt_buf);
+ homedir = strdup(cvt_buf);
if(!homedir) { ret = False; goto done; }
- standard_sub_advanced(-1, username, , gid, homedir);
DEBUG(5,(Home directory set back to %s\n, homedir));
}
pdb_set_homedir(sampass, homedir, setflag);
-170,9 +172,10
if (dir_drive) setflag = True;
else {
setflag = False;
- dir_drive = strdup(lp_logon_drive());
+ pstrcpy(cvt_buf, lp_logon_drive());
+ standard_sub_advanced(-1, username, , gid, cvt_buf);
+ dir_drive = strdup(cvt_buf);
if(!dir_drive) { ret = False; goto done; }
- standard_sub_advanced(-1, username, , gid, dir_drive);
DEBUG(5,(Home directory set back to %s\n, dir_drive));
}
pdb_set_dir_drive(sampass, dir_drive, setflag);
-180,9 +183,10
if (logon_script) setflag = True;
else {
setflag = False;
- logon_script = strdup(lp_logon_script());
+ pstrcpy(cvt_buf, lp_logon_script());
+ standard_sub_advanced(-1, username, , gid, cvt_buf);
+ logon_script = strdup(cvt_buf);
if(!logon_script) { ret = False; goto done; }
- standard_sub_advanced(-1, username, , gid, logon_script);
DEBUG(5,(Home directory set back to %s\n, logon_script));
}
pdb_set_logon_script(sampass, logon_script, setflag);
-190,9 +194,10
if (profile_path) setflag = True;
else {
setflag = False;
- profile_path = strdup(lp_logon_path());
+ pstrcpy(cvt_buf, lp_logon_path());
+ standard_sub_advanced(-1, username, , gid, cvt_buf);
+ profile_path = strdup(cvt_buf);
if(!profile_path) { ret = False; goto done; }
- standard_sub_advanced(-1, username, , gid, profile_path);
DEBUG(5,(Home directory set back to %s\n, profile_path));
}
pdb_set_profile_path(sampass, profile_path, setflag);
- END
Regards,
Yasuma Takeda
struct enum_csc_policy isn't terminated
In Samba-JP, a following problem was reported.
Since the enum_csc_policy struct doesn't terminate appropriately,
it may occur buffer overflow.
I confirmed this problem using by SWAT.
The csc policy entry includes enum_map_to_guest struct entry.
This problem exists in 2.2.4 and HEAD.
Please fix.
--- param/loadparm.c.020614 Mon Jun 3 20:23:28 2002
+++ param/loadparm.cFri Jun 14 11:16:59 2002
-670,7 +670,8
{CSC_POLICY_MANUAL, manual},
{CSC_POLICY_DOCUMENTS, documents},
{CSC_POLICY_PROGRAMS, programs},
- {CSC_POLICY_DISABLE, disable}
+ {CSC_POLICY_DISABLE, disable},
+ {-1, NULL}
};
/*
Thanks,
Yasuma Takeda
