¬°¦ó¥L¦b¦b¨â¦~¤º±q¤E¤G¤@¨ü¨a¤áÅܦ¨¤ë¤J¤¤Q¸U?????
Title: ¤@Óȱo¤F¸Ñªº¨Æ·~ ³o¬O©e°U¥Ñ±M·~¼s§i¤½¥q¥Nµo¤Åª½±µ¦^«HµLªk±µ¦¬ Ëç ~ ! ¡@ ¤@Óȱo¤F¸Ñªº¨Æ·~¬°¤°»ò¤@Ó¦]¤E¤G¤@¨ü¨a¦Ó°h¥îªº¦~»´¤H¡A¥L¨S¦³¯S§Oªº®a«ÇI´º¡A¨S¦³¶¯«pªº¸ê¥»¡A§ó¨S¦³°ª¤H¤@µ¥ªº¾Ç¾ú¡C¦Ó¥L«o¯à¦b2¦~¤º¡A§â¤ë¦¬¤J±q3¸UÅܦ¨60¸U¡C ¶Ç²Î¤u§@¾aÀV³¡¥H¤UÁÈ¿úµù©w¬¡¨ì¦Ñ¡A°µ¨ì¦Ñ¡A ·Q¶U´Ú§ë¸ê¶}¤½¥q¥¢±Ñ¤@¦¸´N½¤£¤F¨¡A¦ý¦¬¤J¦pªG¤@½ú¤lªº¦¬¤J¥u¬O3¸U5¸U¡A°£¤F¹L¥Í¬¡¡A§ÚÌÁٯ঳¹Ú·Q¶Ü??¤F¸Ñ¤£¦YÁ«¡A§@¹Ú¤£½Òµ|¡Aµ¹¦Û¤v¤@Ó¾÷·|¡A¤U¤@Ó¥¿½T¨M©w!! ¹w¬ù¤F¸Ñ¤@ÓÅý§A«¬B¹Ú·Qªº¦æ·~! ±zªº©m¦W¡G¡@ Ápµ¸¹q¸Ü¡G¡@ ±zªº¦a§}¡G¡@ ¹q¤l«H½c¡G¡@ ²`¤J¤F¸Ñ¡G¡@ §Ú·Q¨£³o¨Ç¤ë¤J¤Q¸Uªº¤H §Ú·Q¤F¸Ñ¨t²Îµ¹§Úªº¤ä´© ¥J²Ó¤F¸Ñ¬°¦ó¥¤Z¤H¤]¯à°÷¦¨¥\ §Ú·Q°Ñ¥[¥[·ù»¡©ú·| ³o¤£¬O¤@Ó¤£³Ò¦ÓÀò©Î§ë¾÷¨ú¥©ªº¥Í·N¡A¦Ó¬OÅý¨S¦³°]¤OI´º«oÄ@·N§V¤O¥I¥X¡A§ïÅܦۤv«D¤Z¦¨¥\ªº¦a¤è¡A§Ú̦b³o¸Ì§ïÅܦۤv¨Ã¾Ç²ß¦¨¥\ªº²ßºD¡A¥Î¹ïªº¤èªk§@¹ïªº¨Æ¡A¤£®ö¶OºN¯Áªº®É¶¡¸òµÛ¨t²Î±Ð¨|§Ö³t¦¨ªø¡A¦pªG§A¬O·Qn¤£³Ò¦ÓÀò©Î°½Ãi¨ú¥©¥ç©Î¬O¤£¯à±µ¨ü¬°¤F¦¨¥\¦Ó§ïÅܦۤvªºÃa²ßºDªº¤H¡A½Ð¤£n¯d¤U¸ê®Æ¥H§K®ö¶O©¼¦¹ªº®É¶¡¡C ¦p¦³¥´ÂZ½Ð¨£½Ì¡A¤£·Q¦A¦¬¨ì¦¹«H½Ð«ö - (©Ú¦¬¼s§i)
SMBClient - Messenger service
Hi. When I use "net send ..." command in windows to send a Winpopup message to other host, theSMB Command associate to this message is single block message (0xD0). To do this, it is only necessary sends oneSMB "frame" to theother host. When I use SMBClient(samba), the SMB Commandassociate is multi-block message (fist it is necessary sends the start comand 0xD5, then a text comand 0xD7 and finallythe end 0xD6). To do this, It is necessary sends 3 SMB"frames". Why SMBClient sends winpopup messages with multi-block message, and not single block message Where I use multi and where I use single message block??? Nuno Cardoso.
Re: CVS update: samba/packaging/RedHat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 22 Oct 2002, Stefan (metze) Metzmacher wrote: Tag: SAMBA_3_0 samba2.spec.tmpl shouldn't this move to samba3.spec.tmpl Details, Details, Details, . Eventually i will rename it, but just getting it working was the first step. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9tUVtIR7qMdg1EfYRAvkGAJ9iH75TAdjVaiWV5gVafiv9yVEPgQCgscJl UDxIJw+OzStuJvtX6aYDj9g= =yU/l -END PGP SIGNATURE-
Re: SMBClient - Messenger service
On Tue, 22 Oct 2002, Nuno Cardoso wrote: When I use net send ... command in windows to send a Winpopup message to other host, the SMB Command associate to this message is single block message (0xD0). To do this, it is only necessary sends one SMB frame to the other host. When I use SMBClient (samba), the SMB Command associate is multi-block message (fist it is necessary sends the start comand 0xD5, then a text comand 0xD7 and finally the end 0xD6). To do this, It is necessary sends 3 SMB frames. Why SMBClient sends winpopup messages with multi-block message, and not single block message Where I use multi and where I use single message block??? The single-frame version can only send a short message (less than 128 bytes), whereas the multi-frame version allows up to 1600 bytes total. See the description of the File Sharing Protocol. (Use Google to search for INTEL Part Number 138446.) Over the last couple of years I have looked at generalising this code in Samba, and made some progress. (In a test implementation, I was able to use UNIX commands such as wall and write to produce WinPopup messages on the client PCs.) This required extracting, and altering, some code from smbclient, but this can be done in a re-useable way. If someone of the Samba Team is willing to facilitate this, I'll willingly submit the changes I made as a possible starting-point. -- : David LeeI.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/South Road: : Durham: : Phone: +44 191 374 2882 U.K. :
Re: SMBClient - Messenger service
We are always interested in things that add functionality into samba. If you wish to send some patches we can look at, you are welcome. Simo. On Tue, 2002-10-22 at 16:56, David Lee wrote: Why SMBClient sends winpopup messages with multi-block message, and not single block message Where I use multi and where I use single message block??? The single-frame version can only send a short message (less than 128 bytes), whereas the multi-frame version allows up to 1600 bytes total. See the description of the File Sharing Protocol. (Use Google to search for INTEL Part Number 138446.) Over the last couple of years I have looked at generalising this code in Samba, and made some progress. (In a test implementation, I was able to use UNIX commands such as wall and write to produce WinPopup messages on the client PCs.) This required extracting, and altering, some code from smbclient, but this can be done in a re-useable way. If someone of the Samba Team is willing to facilitate this, I'll willingly submit the changes I made as a possible starting-point. -- : David LeeI.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/South Road: : Durham: : Phone: +44 191 374 2882 U.K. : -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: SMBClient - Messenger service
On Tue, Oct 22, 2002 at 03:56:31PM +0100, David Lee wrote: : The single-frame version can only send a short message (less than 128 bytes), whereas the multi-frame version allows up to 1600 bytes total. See the description of the File Sharing Protocol. (Use Google to search for INTEL Part Number 138446.) Cool. Thanks for the pointer! Over the last couple of years I have looked at generalising this code in Samba, and made some progress. (In a test implementation, I was able to use UNIX commands such as wall and write to produce WinPopup messages on the client PCs.) This required extracting, and altering, some code from smbclient, but this can be done in a re-useable way. If someone of the Samba Team is willing to facilitate this, I'll willingly submit the changes I made as a possible starting-point. I might be able to do that. What do you have in mind. Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Domain users listing - speed
I have about 700 users in smbpasswd. When I view properties of a file from Win2000, after Security - Add - I see the list of all users in the domain. However, the scrollbar scrolls about 30 seconds, before all users are shown in the list! Slow! Is there a way to speed it up? Samba 2.2.5, FreeBSD 4.4-Release. smb.conf: [global] workgroup = VSERV netbios name = serv1 server string = File server guest account = guest guest ok = yes null passwords = yes log file = /var/log/samba/log.%m lock dir = /var/log/samba/locks max log size = 50 security = user encrypt passwords = yes socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 IPTOS_LOWDELAY local master = yes domain master = yes preferred master = yes domain logons = yes os level = 64 logon script = start.bat logon path = \\%L\%U\files\profiles logon drive = T: logon home = \\%N\%U wins support = yes wins proxy = yes dns proxy = no character set = KOI8-R client code page = 866 time server = True domain admin group = wheel domain guest group = guest admin users = adm add user script = /usr/local/samba/bin/addhost.sh %u delete user script = /usr/local/samba/bin/deletehost.sh %u printing = bsd printcap name = /etc/printcap print command = /usr/bin/lpr -r -P%p %s lpq command = /usr/bin/lpq -P%p %s lppause command = /usr/bin/lp -i %p-%j -H hold lpresume command = /usr/bin/lp -i %p-%j -H resume lprm command = /usr/bin/lprm -P%p %j queuepause command = /usr/sbin/lpc -P%p stop queuepause command = /usr/sbin/lpc -P%p start load printers = yes printer admin = wheel syslog = 1 # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon writable = no write list = adm [info] comment = Distributives path = /mnt/info public = yes writable = yes printable = no create mask = 0664 directory mask = 0775
Re: libsmbclient fails after some time
Just curious... If you are using Java why are you using libsmbclient instead of jCIFS? Is there some functionality in libsmbclient that is missing from the jCIFS client? Chris -)- On Mon, Oct 21, 2002 at 10:27:10AM +0530, Abhijeet Paturkar wrote: Hi, I am using libsmbclient on Linux Red Hat 7.2 We have developed C++ wrapper around libsmbclient 2.2.5. This wrapper is integrated with Java using JNI. And this Java class is used in Application server in JSP The stat for libsmbclient works properly for some time and then fails when the link for the JSP is tried after say 3-4 hours. The perror on stat prints Success. We are using following compiler options for building the wrapper. g++3 -c -pipe -fPIC -Wall -W -O2 -DUSE_GETTIMEOFDAY -DINTEL_LINUX_70 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DUSE_GETTIMEOFDAY -DINTEL_LINUX_70 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -D_XOPEN_SOURCE=500 -D_LARGEFILE64_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_POSIX_PTHREAD_SEMANTICS -D_BSD_SOURCE -D__UNIX__ -DUNIX -D_REENTRANT. Does any one encountered such an error ? Regards Abhijeet -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: SMBClient - Messenger service
On Tue, Oct 22, 2002 at 11:13:34AM -0500, Christopher R. Hertel wrote: : Oh, by the way, I'm getting SEGV when I try to test this using smbclient from 2.2.6. Anyone else see this? Skip that. I cleaned up my build environment, removed config.cache and proto.h, rebuilt things, and the problem went away. I should know better by now. Chridz -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Printing with Samba and Intel Inbusiness printstation?
Hello folks,
Regarding the story below, has there ever been done some effort to acomplish
this?
We use several of these so called windows print stations at work, but
whatever I have tried with samba, cups, etc, I can't get it to work.
Perhaps this is an issue that has allready been solved in the past, but I
couldn't find anything in this direction.
Any help would be appreciated.
Eddie.
---
From: Wim Verhoogt
Subject: Printing on printers connected to Intel InBusiness print
stations
Date: Tue, 17 Jul 2001 18:44:39 +0200
L.S.,
I've been struggling to print with Intel InBusiness print stations. These
stations are labeled as for use with Windows only by Intel.
I found out that they emulate a Windows machine exporting two printer
shares, one for each connector. The NetBIOS name of the stations is the
Device ID, and the shares are //device_id/Printer1 and //device_id/Printer2
I tried to print to these shares with smbclient's print command, but
received various errors.
Some reverse-engineering (tcpdump is your friend :-) ) showed that you have
to specify a remote filename of DEV\LPT1 (or DEV\LPT2 for the 2nd share -
haven't tested that), and that SMB_COM_WRITE (0x0B) must be used to write
to the share. Smbclient uses WRITE_COM_ANDX (0x2F). This doesn't return an
error, but garbles the print data.
I've patched smbclient to support this. I implemented a new option (-H)
which will direct smbclient to write using SMB_COM_WRITE. The put command
can now be used to print to the InBusiness stations. The print command won't
work because it doesn't support specifying a remote filename.With this hack
and a CUPS backend script, my server now exports 3 printers, connected to
these stations, and I'm happy :-)
I was wondering if this new feature of smbclient can be incorporated in the
official SAMBA distribution, so that I don't need to patch smbclient for
each new release. I doubt that the new -H option is the best way to do that,
it just happened to be a quick and easy way to solve my problem.
The patch used was:
--- client.c Fri Jul 6 04:01:20 2001
+++ /home/wim/cvs/samba/source/client/client.c Mon Jul 9 16:33:41 2001
-79,6 +79,7
BOOL prompt = True;
int printmode = 1;
+BOOL inBusiness_hack = False;
static BOOL recurse = False;
BOOL lowercase = False;
-1031,8 +1032,10
DEBUG(0,(Error reading local file: %s\n, strerror(errno) ));
break;
}
-
- ret = cli_write(cli, fnum, 0, buf, nread, n);
+ if (inBusiness_hack)
+ ret = cli_smbwrite(cli, fnum, buf, nread, n);
+ else
+ ret = cli_write(cli, fnum, 0, buf, nread, n);
if (n != ret) {
DEBUG(0,(Error writing file: %s\n, cli_errstr(cli)));
-2415,7 +2418,7
}
while ((opt =
- getopt(argc, argv,s:O:R:M:i:Nn:d:Pp:l:hI:EU:L:t:m:W:T:D:c:b:A:)) !=
EOF) {
+ getopt(argc, argv,s:O:R:M:i:Nn:d:Pp:l:hI:EU:L:t:m:W:T:D:c:b:A:H)) !=
EOF) {
switch (opt) {
case 's':
pstrcpy(servicesf, optarg);
-2571,6 +2574,9
break;
case 'b':
io_bufsize = MAX(1, atoi(optarg));
+ break;
+ case 'H':
+ inBusiness_hack = True;
break;
default:
usage(pname);
--__--__--
Re: Domain users listing - speed
On Tue, Oct 22, 2002 at 08:43:52PM +0400, Michael Smirnov wrote: I have about 700 users in smbpasswd. When I view properties of a file from Win2000, after Security - Add - I see the list of all users in the domain. However, the scrollbar scrolls about 30 seconds, before all users are shown in the list! Slow! Is there a way to speed it up? Samba 2.2.5, FreeBSD 4.4-Release. smb.conf: Setup nscd, or it's equivalent on FreeBSD. Jeremy.
Re: Printing with Samba and Intel Inbusiness printstation?
It would be interesting to see the Negotiate Protocol exchange. It sounds
as though the print station is using an older dialect.
Chris -)-
On Tue, Oct 22, 2002 at 08:00:42PM +0200, Eddie Lania wrote:
Hello folks,
Regarding the story below, has there ever been done some effort to acomplish
this?
We use several of these so called windows print stations at work, but
whatever I have tried with samba, cups, etc, I can't get it to work.
Perhaps this is an issue that has allready been solved in the past, but I
couldn't find anything in this direction.
Any help would be appreciated.
Eddie.
---
From: Wim Verhoogt
Subject: Printing on printers connected to Intel InBusiness print
stations
Date: Tue, 17 Jul 2001 18:44:39 +0200
L.S.,
I've been struggling to print with Intel InBusiness print stations. These
stations are labeled as for use with Windows only by Intel.
I found out that they emulate a Windows machine exporting two printer
shares, one for each connector. The NetBIOS name of the stations is the
Device ID, and the shares are //device_id/Printer1 and //device_id/Printer2
I tried to print to these shares with smbclient's print command, but
received various errors.
Some reverse-engineering (tcpdump is your friend :-) ) showed that you have
to specify a remote filename of DEV\LPT1 (or DEV\LPT2 for the 2nd share -
haven't tested that), and that SMB_COM_WRITE (0x0B) must be used to write
to the share. Smbclient uses WRITE_COM_ANDX (0x2F). This doesn't return an
error, but garbles the print data.
I've patched smbclient to support this. I implemented a new option (-H)
which will direct smbclient to write using SMB_COM_WRITE. The put command
can now be used to print to the InBusiness stations. The print command won't
work because it doesn't support specifying a remote filename.With this hack
and a CUPS backend script, my server now exports 3 printers, connected to
these stations, and I'm happy :-)
I was wondering if this new feature of smbclient can be incorporated in the
official SAMBA distribution, so that I don't need to patch smbclient for
each new release. I doubt that the new -H option is the best way to do that,
it just happened to be a quick and easy way to solve my problem.
The patch used was:
--- client.c Fri Jul 6 04:01:20 2001
+++ /home/wim/cvs/samba/source/client/client.c Mon Jul 9 16:33:41 2001
@@ -79,6 +79,7 @@
BOOL prompt = True;
int printmode = 1;
+BOOL inBusiness_hack = False;
static BOOL recurse = False;
BOOL lowercase = False;
@@ -1031,8 +1032,10 @@
DEBUG(0,(Error reading local file: %s\n, strerror(errno) ));
break;
}
-
- ret = cli_write(cli, fnum, 0, buf, nread, n);
+ if (inBusiness_hack)
+ ret = cli_smbwrite(cli, fnum, buf, nread, n);
+ else
+ ret = cli_write(cli, fnum, 0, buf, nread, n);
if (n != ret) {
DEBUG(0,(Error writing file: %s\n, cli_errstr(cli)));
@@ -2415,7 +2418,7 @@
}
while ((opt =
- getopt(argc, argv,s:O:R:M:i:Nn:d:Pp:l:hI:EU:L:t:m:W:T:D:c:b:A:)) !=
EOF) {
+ getopt(argc, argv,s:O:R:M:i:Nn:d:Pp:l:hI:EU:L:t:m:W:T:D:c:b:A:H)) !=
EOF) {
switch (opt) {
case 's':
pstrcpy(servicesf, optarg);
@@ -2571,6 +2574,9 @@
break;
case 'b':
io_bufsize = MAX(1, atoi(optarg));
+ break;
+ case 'H':
+ inBusiness_hack = True;
break;
default:
usage(pname);
--__--__--
--
Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED]
OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: Printing with Samba and Intel Inbusiness printstation?
That's propably why Intel has stopped there support on this product :-)))
But hey, who can blame them since Microsoft invented NT (Neanderthaler
Technology).
Eddie.
- Original Message -
From: Christopher R. Hertel [EMAIL PROTECTED]
To: Eddie Lania [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, October 22, 2002 8:16 PM
Subject: Re: Printing with Samba and Intel Inbusiness printstation?
It would be interesting to see the Negotiate Protocol exchange. It sounds
as though the print station is using an older dialect.
Chris -)-
On Tue, Oct 22, 2002 at 08:00:42PM +0200, Eddie Lania wrote:
Hello folks,
Regarding the story below, has there ever been done some effort to
acomplish
this?
We use several of these so called windows print stations at work, but
whatever I have tried with samba, cups, etc, I can't get it to work.
Perhaps this is an issue that has allready been solved in the past, but
I
couldn't find anything in this direction.
Any help would be appreciated.
Eddie.
---
From: Wim Verhoogt
Subject: Printing on printers connected to Intel InBusiness print
stations
Date: Tue, 17 Jul 2001 18:44:39 +0200
L.S.,
I've been struggling to print with Intel InBusiness print stations.
These
stations are labeled as for use with Windows only by Intel.
I found out that they emulate a Windows machine exporting two printer
shares, one for each connector. The NetBIOS name of the stations is the
Device ID, and the shares are //device_id/Printer1 and
//device_id/Printer2
I tried to print to these shares with smbclient's print command, but
received various errors.
Some reverse-engineering (tcpdump is your friend :-) ) showed that you
have
to specify a remote filename of DEV\LPT1 (or DEV\LPT2 for the 2nd
share -
haven't tested that), and that SMB_COM_WRITE (0x0B) must be used to
write
to the share. Smbclient uses WRITE_COM_ANDX (0x2F). This doesn't return
an
error, but garbles the print data.
I've patched smbclient to support this. I implemented a new option (-H)
which will direct smbclient to write using SMB_COM_WRITE. The put
command
can now be used to print to the InBusiness stations. The print command
won't
work because it doesn't support specifying a remote filename.With this
hack
and a CUPS backend script, my server now exports 3 printers, connected
to
these stations, and I'm happy :-)
I was wondering if this new feature of smbclient can be incorporated in
the
official SAMBA distribution, so that I don't need to patch smbclient for
each new release. I doubt that the new -H option is the best way to do
that,
it just happened to be a quick and easy way to solve my problem.
The patch used was:
--- client.c Fri Jul 6 04:01:20 2001
+++ /home/wim/cvs/samba/source/client/client.c Mon Jul 9 16:33:41 2001
@@ -79,6 +79,7 @@
BOOL prompt = True;
int printmode = 1;
+BOOL inBusiness_hack = False;
static BOOL recurse = False;
BOOL lowercase = False;
@@ -1031,8 +1032,10 @@
DEBUG(0,(Error reading local file: %s\n, strerror(errno) ));
break;
}
-
- ret = cli_write(cli, fnum, 0, buf, nread, n);
+ if (inBusiness_hack)
+ ret = cli_smbwrite(cli, fnum, buf, nread, n);
+ else
+ ret = cli_write(cli, fnum, 0, buf, nread, n);
if (n != ret) {
DEBUG(0,(Error writing file: %s\n, cli_errstr(cli)));
@@ -2415,7 +2418,7 @@
}
while ((opt =
- getopt(argc, argv,s:O:R:M:i:Nn:d:Pp:l:hI:EU:L:t:m:W:T:D:c:b:A:)) !=
EOF) {
+ getopt(argc, argv,s:O:R:M:i:Nn:d:Pp:l:hI:EU:L:t:m:W:T:D:c:b:A:H))
!=
EOF) {
switch (opt) {
case 's':
pstrcpy(servicesf, optarg);
@@ -2571,6 +2574,9 @@
break;
case 'b':
io_bufsize = MAX(1, atoi(optarg));
+ break;
+ case 'H':
+ inBusiness_hack = True;
break;
default:
usage(pname);
--__--__--
--
Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development,
uninq.
ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED]
OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: libsmbclient fails after some time
On Mon, 21 Oct 2002, Abhijeet Paturkar wrote: Hi, I am using libsmbclient on Linux Red Hat 7.2 We have developed C++ wrapper around libsmbclient 2.2.5. This wrapper is integrated with Java using JNI. And this Java class is used in Application server in JSP The stat for libsmbclient works properly for some time and then fails when the link for the JSP is tried after say 3-4 hours. The perror on stat prints Success. We are using following compiler options for building the wrapper. g++3 -c -pipe -fPIC -Wall -W -O2 -DUSE_GETTIMEOFDAY -DINTEL_LINUX_70 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DUSE_GETTIMEOFDAY -DINTEL_LINUX_70 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -D_XOPEN_SOURCE=500 -D_LARGEFILE64_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_POSIX_PTHREAD_SEMANTICS -D_BSD_SOURCE -D__UNIX__ -DUNIX -D_REENTRANT. Does any one encountered such an error ? Can you get a network trace of the activity? That will help pinpoint what the problem is. It could be that the TCP connection to the server has dropped and the client library is not dealing with it correctly. Regards --- [EMAIL PROTECTED], www.richardsharpe.com, [EMAIL PROTECTED], [EMAIL PROTECTED]
idmap api
Hi,
here's a proposal for the idmap api;
we'll have a cache that will be asked first, if this fails we ask the
central idmap and add the result to our cache.
the idmap_central_* functions should be plugable/selectable (different
backends should be allowed here)
and the backend should decide how to handle unmapped id's.
comments please
/* idmap api */
NT_STATUS idmap_sid_to_id(DOM_SID *sid, int *id, BOOL *group);
{
if (NT_STATUS_IS_OK(idmap_cache_sid_to_id(sid,id,group)))
{
return NT_STATUS_OK;
}
if (!NT_STATUS_IS_OK(idmap_central_sid_to_id(sid,id,group)))
{
return NT_STATUS_UNSUCCESFUL;
}
idmap_cache_update(sid,id,group);
return NT_STATUS_OK;
}
NT_STATUS idmap_uid_to_sid(uid_t uid, DOM_SID **sid);
{
if (NT_STATUS_IS_OK(idmap_cache_uid_to_sid(uid,sid)))
{
return NT_STATUS_OK;
}
if (!NT_STATUS_IS_OK(idmap_central_uid_to_sid(uid,sid)))
{
return NT_STATUS_UNSUCCESFUL;
}
idmap_cache_update(sid,uid,False);
return NT_STATUS_OK;
}
NT_STATUS idmap_gid_to_sid(gid_t gid, DOM_SID **sid);
{
if (NT_STATUS_IS_OK(idmap_cache_gid_to_sid(gid,sid)))
{
return NT_STATUS_OK;
}
if (!NT_STATUS_IS_OK(idmap_central_gid_to_sid(gid,sid)))
{
return NT_STATUS_UNSUCCESFUL;
}
idmap_cache_update(sid,gid,True);
return NT_STATUS_OK;
}
metze
-
Stefan metze Metzmacher [EMAIL PROTECTED]
Re: Coming round to SURS...
On Tue, Oct 22, 2002 at 06:02:35PM +, Luke Kenneth Casson Leighton wrote: i have a question for the people who sponsor the samba team. Rantings and dribble deleted i'm specifically referring to you - andrew - and you - jeremy. here's a proposal for the idmap api; I take it by this message you didn't actually read or understand what this API is meant to do :-). Never mind, wouldn't be the first time (and sadly, probably not the last... :-). Luke, please just go away :-). Jeremy.
Re: Coming round to SURS...
On Tue, 2002-10-22 at 20:02, Luke Kenneth Casson Leighton wrote: i have a question for the people who sponsor the samba team. when are you going to realise that your money is being wasted by not sponsoring me as a design architect on NT compatibility software suites for unix? Probably you should understand that people may be interested in other features and not sponsoring this particular part of the code. here - yet again, another demonstration of how much money you have been wasting. Well let's look at the TNG printing code status ... hopefully this time this really new proposal - i.e. yet ANOTHER idea and proposal introduced by me almost three years ago - will actually get done, and done properly. This is NOTHING new Luke, we know the SID-[g,u]id mapping problems since a lot of time, the fact that you formalized the problem does not change the problem. I just double checked your draft, and it is just nice useless wording that show the problem but does never even propose an implementation, you always write that implementation is not in the scope of the document. We have not implemented what you call SURS part because of lack of time being busy implementing other more important parts of samba, and part because we wanted to get it right (and we tought your implementation was not). The api proposed by metze is just an api proposal to finally start coding it having found a way to implement it the right way as we finally have found what seem the right way to do it, taking in account all limits and trying to find out the best compromise. This is the part the ask for more hard work. Plus we have not limited ourselves to solve the problem locally, but to solve the problem in a distributed environment. You may claim you have told there was a problem 3 years ago. Well that's true nobody say it different. Problem is that solving it 3 years ago was not possible to do properly, too many pieces of code were missing or were not stable and usable at a point that implementing it 3 years ago would have simply be a waste of time. with sincere esteem, Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
[PATCH] security hole in Samba 3.0 start tls handling
It appears that in Samba 3.0, the meaning of ldap ssl = start tls is
somewhat diluted. First, the start tls command is only ever issued if
the given ldapsam URI has a protocol string of ldaps://, which is
definitely an issue -- TLS is quite a different protocol from SSL, and
the whole point of TLS is to NOT use a separate port for SSL
connections. Second, the STARTTLS support is completely disabled if
using newer versions of the OpenLDAP client libs, resulting in the
ldap ssl option being *silently* ignored to the detriment of SAM
security.
A workaround for existing systems is to use ldaps instead of tls. The
attached patch against SAMBA_3_0 will add support for STARTTLS when
using OpenLDAP libs. The muddled interaction between TLS and SSL is
not addressed.
Steve Langasek
postmodern programmer
Index: passdb/pdb_ldap.c
===
RCS file: /cvsroot/samba/source/passdb/pdb_ldap.c,v
retrieving revision 1.28.2.5
diff -u -w -r1.28.2.5 pdb_ldap.c
--- passdb/pdb_ldap.c 1 Oct 2002 13:10:57 - 1.28.2.5
+++ passdb/pdb_ldap.c 23 Oct 2002 02:13:41 -
-184,6 +184,17
}
}
+ if (lp_ldap_ssl() == LDAP_SSL_START_TLS) {
+ int rc;
+
+ if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS)
+ {
+ DEBUG(0,(Failed to issue the StartTLS instruction: %s\n,
+ldap_err2string(rc)));
+ return False;
+ }
+ DEBUG (2, (StartTLS issued: using a TLS connection\n));
+ }
#else
/* Parse the string manually */
msg03889/pgp0.pgp
Description: PGP signature
Re: [PATCH] ldap connection caching (not ready!!!)
Stefan (metze) Metzmacher wrote: Hi Andrew, here's the working version of my ldap connection chaching patch with looping (we retry after 0.5, 2, 4.5, 8, 12.5, 18, 24.5 seconds) Been very busy with assignments, but this patch looks good - but can you move the common code into a helper? That is, every loop has a 10 line chunk, can you put that into a helper? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: [PATCH] ldap connection caching (not ready!!!)
[EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 But we want to add one - and I want it for non-unix accounts. What I propose is that we get the nextrid idea bedded down in non-unix accounts, then expand it from there when we figure out the other issues. I still do not really get the idea of non-unix accounts. What do I use them for? Is it only for machine accounts? Everyone who wants to access a share needs a valid unix uid. Mainly that, but I've also used it for a user that can domain logon, but must never session setup. (Only used for logon to squid-NTLM) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: Coming round to SURS...
On Tue, Oct 22, 2002 at 06:07:21PM +, [EMAIL PROTECTED] wrote: On Tue, Oct 22, 2002 at 06:02:35PM +, Luke Kenneth Casson Leighton wrote: i have a question for the people who sponsor the samba team. Rantings and dribble deleted i'm specifically referring to you - andrew - and you - jeremy. here's a proposal for the idmap api; I take it by this message you didn't actually read or understand what this API is meant to do :-). 1) if you could kindly include in your message a convenient url reference to such discussions, i would be happy to correct your incorrect assumption that i do not understand this API. 2) the API, from what arguments it takes and returns, is pretty indicative of a couple of things: one is that the SURS issue, even after you still think for three years that you know better than i, _still_ hasn't been resolved let alone correctly resolved; the other is that it's pretty much identical to the SURS api i proposed over three years ago. 3) reviewing the samba technical archives, i cannot find any clear subject lines outlining this issue, and there is only one message under a subject idmap api. finding a subject line by volker of [PATCH] rid allocator in passdb backend i conclude the following: a) the idapi _is_ SURS, the patch by volker does less than SURS, is what i added into TNG well over four years ago, found to be problematic, and devised and designed SURS as a result, to replace and centralise the mess that such patches result in. b) careful consideration and thought demonstrates that the only place where SURS is required is in fact in any location where access to files is needed. i.e. in smbd for file read/write access etc. and likely in _some_ implementations of a spoolss server. therefore, placing the idmap API, or any equivalent that is not SURS, into the passdb backend, is TOTALLY the wrong location, and demonstrates a lack of understanding of the issues involved. Never mind, wouldn't be the first time (and sadly, probably not the last... :-). yet again you demonstrate your ignorance, arrogance and pride. you just don't get it, do you? you just _never_ give up trying to make yourself always in the right. you are so proud that you just cannot even look at what i have achieved, cannot admit that i achieved it, cannot bring yourself to consider that i might beright. the sad fact is that you and andrew just simply couldn't - and still can't - cope with my being able to understand things much faster than you. the sooner you are able to admit - even just once - that you might be wrong, and that someone else might be right, the better off you are going to be. l.
Re: Coming round to SURS...
On Tue, Oct 22, 2002 at 11:56:46PM +0200, Simo Sorce wrote: ask for more hard work. Plus we have not limited ourselves to solve the problem locally, but to solve the problem in a distributed environment. yes: that was - and is - the whole point of sursswitch. having done the surs draft RFC, and outlining the issues in it, and specifically defining the problem and very specifically leaving the decisions up to the implementors, i then turned my focus onto possible implementations. the first actual successful SURS-compliant implementation, with definite limitations, is hard-coded into winbindd. The Plan was always to write sursswitch, with a complementary /etc/sursswitch.conf file, with features similar to nsswitch, but only offering one-to-one and onto SID - uid and SID - gid management. and making the winbindd code then be the first program to actually use sursswitch, followed by the second key point being smbd to use sursswitch, followed by the third one being smbrun, which spoolssd uses (or used to use). i hope that this both addresses your concerns and also hints at the scope of the work i intended (and still feel is necessary). l.
How Samba let us down
Before you read this, I want to state (for reasons listed below) that I don't expect an answer (advice is welcomed, but please read this email carefully before answering). I'm sharing this with the community with the hope that better software results from our sad experience... BACKGROUND I've been using NT for 4 years, Netware and Linux for 3 years, and Samba for almost 2. I work in the IT department of a medium-sized unit of a global advertising company. We have a Netware and NT environment with a bit of Linux. We installed a 280GB IDE Samba archive server (rare usage) and a 15GB SCSI Mac/Samba file server (medium usage). We also use Samba for more menial tasks like smbmounts and file transfers. We thought we were comfortable with Samba. We knew we were comfortable with other types of file servers. OUR SETUP Going from my tired memory: Athlon MP 1.8GHz (mem=nopentium) 2GB ECC SDRAM Tyan S2460(I think?) Antec 450W PS Lots of cooling 5 IBM DeskStar 120GB drives with 8MB caches in RAID 5 3ware 7580(I think?) 8-port hardware RAID 3ware hot-swappable drive cages Intel e1000 Gigabit NIC, full duplex, 1000MBit, autonegotiation off 3com Gigabit switch, autonegotiation off RedHat 7.3 Kernel 2.4.19 with ACL support ext3 with ACL support Samba 2.2.5 with ACL support installed from a recompiled SRPM from the samba.org FTP site. Winbind NO nfs daemon (I hear it's buggy w/ ACLs) We have a variety of clients, from DOS and OS/2 to Windows (9x-2000) and Linux. The server acts as a print spooling area (the actual queues are on an NT server) and scratch area for database programmers to manipulate their flat database files. As far as I know, these files are not commonly accessed by more than one user at a time. THE PROBLEM For the past year, our heaviest-used Netware server has been under more and more stress.. filling up, running out of licenses, slowing down, etc. Preliminary tests using Samba on a fast Linux box showed anywhere from 70% to 1000% speed improvements, depending on the task. The decision was made to switch it to Linux; the whole company is migrating away from Netware and we (as a unit, not speaking for the company) don't want to be completely trapped into Windows if we can help it. The new hardware arrived and more preliminary tests indicated all looked good. We were set to switch last Saturday night. We turned off logins to the Netware box, backed it up, restored it to the new Linux box, set permissions, then made sure the various computers in the building could log in. Yesterday, our first day, was rough. For most of the day we fought random slow browsing with no explanation. Clients would appear to lock up for several seconds. We found some misconfigurations in smb.conf but the problems reappeared. No errors were seen in any machines' logs on debug level 2. I trimmed the smb.conf to a minimal number of options and that seemed to help with the slowness. Today, however, the problem reappeared a few times with no errors in the logs that we could see. The printers were missing some of the records sent to them to print, something that had never happened with Netware. Every time the missing records were different. Occasionally, it would work right. Oplocks (kernel, level I and II) were left to defaults (turned on). THE OUTCOME Sadly, tonight we are installing a Windows NT server. Installing a brand new server is actually cheaper for us than the 8 or so hours of downtime to back up the server, install NT on it, and restore the data to it. We don't want to revert to Netware because so many clients have been reconfigured to log on only to the domain (DOS, OS/2, etc.) and that would require many more hours reversing those changes. Also, some files have been added since leaving Netware. We also decided to proceed to use NT because is more proven in this capacity. CONCLUSION To be fair, the problems could be related to some misconfiguration. I have pasted the smb.conf below. I fear it might just be an oplock problem, but it is not clear what would result if more than one user happened to try to write to a file with them disabled. Every advice we found said to leave them on to prevent corruption and to improve performance. We ran out of time to test it, and feared what failure would bring. Running this: grep -r -B5 -A5 oplock /var/log/samba/ | grep -B5 -A5 error produced only 5 of these errors oplock_break: receive_smb error (Connection reset by peer) from the same DOS machine from 2 days worth of all machines' logs running at debuglevel 1 (some at level 2). I don't know if that is a good indicator of an oplock problem. I can do other greps on request. Unfortunately, we can't test out your suggestions in production, and our off-production testing apparently can't stress it well enough. So please just take this email as input - I'm not looking for answers here, though advice is appreciated. The problem could also have been environment or hardware. We should know soon,
