Patch for Smbldap-tools and problems on Samba3.0 a20
Hi, During our test on the the migration from the AS/U /Advanced Server for Unix) based domain to a Samba-ldap based domain, we have found and fixed some bugs on the smbldap tools of Idealx. In attachment you would find the improved tools package. The main changes are: - smbldap-migrate-accounts.pl : the user's rid was added. - smbldap-useradd.pl : improved the PrimaryGroupID setting, added the option for trusting domain add. - smbldap-usermod.pl : fixed the bug on acctFlags setting. - smbldap-groupdel.pl : fixed the problem for group names that included the blank. - smbldap_tools.pm : for all listed above. We are using Samba 3.0 Alpha20 on a RedHat 7.3 system to test our migration and we found that the Samba has some problems to enumerate the domain group´s members. Following were what happened during our test: We logged onto the domain, where the PDC was Samba 3.0 Alpha20, from a NT machine with a normal user samba20, then we connected to a share directory of the PDC using net use After that, we used the windows explorer to access that share directory and tried to view the members of a domain group Gruppo from the security permissions of a directory or a file following the step: Proprieties - Security - Permissions - Add - On the group Gruppo - Members, we got the Access is denied. The user Samba20 is the member of Domain Users group that was mapped also to the unix group. From the debug logs we have seen that the function se_access_check that was called from the _samr_open_group failed due to the mismatch between the access_desired and access_requested, but I think that the user has the right to show the group´s members. Jianliang LU TieSse s.p.a Jianliang Lu E-mail: [EMAIL PROTECTED] Phone: 0125 757061 Mobile: 0333 2839559 smbldap-tools-0.7-2.i386.rpm Description: Binary data
Re: SMBClient - Messenger service
Simo Sorce wrote: We are always interested in things that add functionality into samba. If you wish to send some patches we can look at, you are welcome. I was originally bouncing ideas back and forth on this (and sitting on patches etc :-), but if you want to case it up you are more than welcome to it... I already have my fingers in too many pies... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
[PATCH] ldap connection caching
Hi Andrew, here's the newest version of my connection caching patch. I used it for a few days without problems... metze - Stefan metze Metzmacher [EMAIL PROTECTED] diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_ldap.c HEAD-pdb2/source/passdb/pdb_ldap.c --- HEAD/source/passdb/pdb_ldap.c Tue Oct 22 07:35:11 2002 +++ HEAD-pdb2/source/passdb/pdb_ldap.c Fri Oct 25 07:58:39 2002 @@ -64,6 +64,7 @@ struct ldapsam_privates { LDAPMessage *entry; int index; + time_t last_ping; /* retrive-once info */ const char *uri; @@ -76,6 +77,7 @@ struct ldapsam_privates { char *bind_secret; }; +#define LDAPSAM_DONT_PING_TIME 10 /* ping only all 10 seconds */ static struct ldapsam_privates *static_ldap_state; @@ -152,7 +154,7 @@ static const char *attr[] = {uid, pwd userWorkstations, rid, primaryGroupID, lmPassword, ntPassword, acctFlags, - domain, description, NULL }; + domain, NULL }; /*** open a connection to the ldap server. @@ -422,17 +424,220 @@ static BOOL ldapsam_connect_system(struc return True; } +/** +Connect to LDAP server +*/ +static NTSTATUS ldapsam_open(struct ldapsam_privates *ldap_state) +{ + if (!ldap_state) + return NT_STATUS_INVALID_PARAMETER; + + if ((ldap_state-ldap_struct != NULL) ((ldap_state-last_ping + +LDAPSAM_DONT_PING_TIME) time(NULL))) { + struct sockaddr_un addr; + socklen_t len; + int sd; + if (ldap_get_option(ldap_state-ldap_struct, LDAP_OPT_DESC, sd) == 0 + + getpeername(sd, (struct sockaddr *) addr, len) 0) { + /* the other end has died. reopen. */ + ldap_unbind_ext(ldap_state-ldap_struct, NULL, NULL); + ldap_state-ldap_struct = NULL; + ldap_state-last_ping = (time_t)0; + } else { + ldap_state-last_ping = time(NULL); + } + } + + if (ldap_state-ldap_struct != NULL) { + DEBUG(5,(ldapsam_open: allready connected to the LDAP server\n)); + return NT_STATUS_OK; + } + + if (!ldapsam_open_connection(ldap_state, ldap_state-ldap_struct)) { + return NT_STATUS_UNSUCCESSFUL; + } + if (!ldapsam_connect_system(ldap_state, ldap_state-ldap_struct)) { + ldap_unbind_ext(ldap_state-ldap_struct, NULL, NULL); + ldap_state-ldap_struct = NULL; + return NT_STATUS_UNSUCCESSFUL; + } + + + ldap_state-last_ping = time(NULL); + DEBUG(4,(The LDAP server is succesful connected\n)); + + return NT_STATUS_OK; +} + +/** +Disconnect from LDAP server +*/ +static NTSTATUS ldapsam_close(struct ldapsam_privates *ldap_state) +{ + if (!ldap_state) + return NT_STATUS_INVALID_PARAMETER; + + if (ldap_state-ldap_struct != NULL) { + ldap_unbind_ext(ldap_state-ldap_struct, NULL, NULL); + ldap_state-ldap_struct = NULL; + } + + DEBUG(5,(The connection to the LDAP server was closed\n)); + /* maybe free the results here --metze */ + + return NT_STATUS_OK; +} + +static int ldapsam_retry_open(struct ldapsam_privates *ldap_state, int *attempts) +{ + if (!ldap_state || !attempts) + return (-1); + + if (*attempts != 0) { + /* we retry after 0.5, 2, 4.5, 8, 12.5, 18, 24.5 seconds */ + msleep*attempts)*(*attempts))/2)*1000); + } + (*attempts)++; + + if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){ + DEBUG(0,(Connection to LDAP Server failed for the %d +try!\n,*attempts)); + return LDAP_SERVER_DOWN; + } + + return LDAP_SUCCESS; +} + + +static int ldapsam_search(struct ldapsam_privates *ldap_state, char *base, int scope, +char *filter, char *attrs[], int attrsonly, LDAPMessage **res) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + + if (!ldap_state) + return (-1); + + while ((rc == LDAP_SERVER_DOWN) (attempts 8)) { + + if ((rc = ldapsam_retry_open(ldap_state,attempts)) != LDAP_SUCCESS) + continue; + + rc =
Winbind doesnt enumerate more than one group from an AD domain
Hi all, I have been having some problems with winbind not seeing all the groups that users on my AD domain are in. Upon further investigation, it seems that winbind only enumerates one group. Doing a 'wbinfo -r $AD_USER' only shows one group (even if the AD user belongs to many groups, doesnt matter what type of AD groups they are either), but if I do a 'wbinfo -r $NT4_USER', winbind will show all the groups that the NT4 user is in, where $NT4_USER is a user on the NT4 domain and $AD_USER is a user on the AD domain. The odd thing is, the users show up in the groups fine if I do 'getent group' for example. I am running Debian unstable with Samba 2.999+3.0.alpha20-3. Why am I posting here? I logged a bug, but I was advised to post here for stuff to do with Samba 3.0... Any pointers or suggestions on how to debug this further and or fix it would be greatly appreciated. Let me know if more details are needed. Thanks, James
RE: Winbind doesnt enumerate more than one group from an AD domain
Sorry about this, but this email address seems to be a bit dodgy. Please reply to [EMAIL PROTECTED] Thanks, James
Re: Winbind doesnt enumerate more than one group from an AD domain
- Original Message - From: James Braid [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 25, 2002 1:45 PM Subject: Winbind doesnt enumerate more than one group from an AD domain Hi all, I have been having some problems with winbind not seeing all the groups that users on my AD domain are in. Upon further investigation, it seems that winbind only enumerates one group. Doing a 'wbinfo -r $AD_USER' only shows one group (even if the AD user belongs to many groups, doesnt matter what type of AD groups they are either), but if I do a 'wbinfo -r $NT4_USER', winbind will show all the groups that the NT4 user is in, where $NT4_USER is a user on the NT4 domain and $AD_USER is a user on the AD domain. The odd thing is, the users show up in the groups fine if I do 'getent group' for example. I am running Debian unstable with Samba 2.999+3.0.alpha20-3. Why am I posting here? I logged a bug, but I was advised to post here for stuff to do with Samba 3.0... Any pointers or suggestions on how to debug this further and or fix it would be greatly appreciated. Let me know if more details are needed. Thanks, James I had the same problem aswell.. I found it was due to the fact the groups weren't 'Global' groups only 'Local' groups... Apparently they need to be Global or Universal to be shown by Winbind. I haven't tried 3 yet though so I'm not really sure. HTH Shaolin - IT Systems WB Ltd. .: http://www.security-forums.com :.
Re: [PATCH] ldap connection caching
Stefan (metze) Metzmacher wrote: Hi Andrew, here's the newest version of my connection caching patch. I used it for a few days without problems... This looks like a very well done patch, nice work! I'll see what I can do in applying this sometime soon... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: Fixed: OpLocks caused the corruptions/slowness (Was: How Sambalet us down)
On Thu, 24 Oct 2002, Chris de Vidal wrote: I'd be happy to let the group know. I'm not positive we'll reenable anything but kernel oplocks, though. We have work to do. The kernel oplocks parameter affects how Unix processes accessing the file interact with SMB oplocks. Enabling kernel oplocks on a share which doesn't have SMB oplocks turned on shouldn't make any difference, I'd have thought. If I understand your description correctly you don't have Unix processes interacting with the stored files; your Linux box is acting purely as an SMB file server for Windows clients? All the file accesses come in from the net, via Samba? In this case you probably want to leave kernel oplocks off ('cos they buy you nothing, functionally, and there have been suggestions that Linux kernel bugs causing problems with them). The interesting test is whether either of: oplocks = yes level2 oplocks = no or oplocks = yes level2 oplocks = yes work. If your corruption returns *and you can show that your network and clients are working properly* (ie. no oplock break messages are getting lost or being ignored by client machines - which probably requires Ethernet packet captures) then it's probably Red Alert time. Also: don't think that if you establish the existence of a priority 1 bug then it is all over - if you're experiencing a bug that the team can't reproduce themselves then it doesn't mean that there isn't a bug, but it does mean that they're going to need a lot of help characterizing and finding it. Regards, -- Neil Hoggarth Departmental Computer Officer [EMAIL PROTECTED] Laboratory of Physiology http://www.physiol.ox.ac.uk/~njh/ University of Oxford, UK
Re: Running smb without nmb?
Christopher R. Hertel wrote: I've been known to do things the other way, with nmbd running on a system that isn't running smbd. I set nmbd to act as a WINS server and Domain Master Browser to handle the namespace issues, but I don't offer any file services. Doesn't that break browse sync? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: Winbind doesnt enumerate more than one group from an AD domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Oct 2002, Gareth Davies wrote: Apparently they need to be Global or Universal to be shown by Winbind. Local groups are supported by winbindd using rpc. The LDAP backends for winbindd needs this support added (it's a no-op function right now). I'll have to work on it some more. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9uVmQIR7qMdg1EfYRApiEAJ0fDW9sk0arQ1w5wg5mfn/3Rc1U7gCeKBtZ WowaVuKMYEj+9rUigKT+tQQ= =S3dt -END PGP SIGNATURE-
Re: Unable to access a Solaris 8 drive from 2000 box
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please post general use questions to the [EMAIL PROTECTED] list (see http://lists.samba.org/listinfo/samba for details). The samba-technical mailing is for discussions of Samba internals and development issues. Thanks. cheers, jerry On Wed, 23 Oct 2002, Randy Thomas wrote: Hello everyone, let me start by asking you all to forgive my ignorance on this subject, I am new to Samba and am not sure how it works. I have installed Samba 2.2 on my Solaris 8 box and am trying to map a drive to it from my 2000 server. I keep getting this message: This account is not authorized to log in from this station I have created a very simple config file: [global] workgroup=nima username map=/usr/local/samba/lib/users.map security=user [Vign_Share] path=/opt/Vign_Share writeable=yes public=yes guest ok=yes I have a user on both ends with the same username and password for simplicity. I have worked on this for a while and do not seem to be getting anywhere with it. Please help. _ Internet access plans that fit your lifestyle -- join MSN. http://resourcecenter.msn.com/access/plans/default.asp - -- - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9uVpeIR7qMdg1EfYRAre3AKCyp6SXN0xgp/xOqoE0ewWo08cdcwCguwmC trizCGCbTJBZPWVUBheEV90= =YH8Q -END PGP SIGNATURE-
Re: Lost connection after first packet :(
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 23 Oct 2002 [EMAIL PROTECTED] wrote: Hi... I still have a hope that you can help me... I have to write a program that send text messages over SMB (AKA winpopup messages), but have trouble. I do following things: 1) Resolving machine name through node status query on port 137 2) Connecting to port 139 3) Establishing NetBios session After that SMB packets can be send, but server reset connection after I send first such packet :( This happens only on Windows, Samba on Unix responds normally and don't drop connection... Why is that? This makes me believe that Windows doesn't like something about the packet (i.e. malformed). I would recheck the packet format. Compare it with a traced packet from a winpop client on windows. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9uVrNIR7qMdg1EfYRAsH0AKDM4Tnolvu4h9H5iodnYbBYuf20gACfZ7Ni yiYeegUvKHaPoayHq/YK7vo= =9WWE -END PGP SIGNATURE-
Re: idmap api
Stefan (metze) Metzmacher wrote: Hi, here's a proposal for the idmap api; we'll have a cache that will be asked first, if this fails we ask the central idmap and add the result to our cache. the idmap_central_* functions should be plugable/selectable (different backends should be allowed here) and the backend should decide how to handle unmapped id's. comments please /* idmap api */ NT_STATUS idmap_sid_to_id(DOM_SID *sid, int *id, BOOL *group); I don't like this bit. I would prefer it returned somthing that was typesafe - say use two paramaters or return a struct or somthing. The size of a uid_t is probably the same as a gid_t, but may not be the same as int. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: Bug in samba 2.2 + kernel 2.4?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The original thread for this starts here in case anyone needs it http://lists.samba.org/pipermail/samba-technical/2002-October/040119.html John, Does this look like your bug ? http://lists.samba.org/pipermail/samba/2002-October/083160.html I'm trying to correlate reports and I think this is a match. Did you ever find out any more inforamtion? cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9uWn/IR7qMdg1EfYRAnA7AJ9I1wwMQ4PHd+3tgM7NzsNngTmdjwCfbhue OfZfdkRIBSAmSxrO7/FDOhE= =0UwQ -END PGP SIGNATURE-
Re: idmap api
At 21:09 25.10.2002 +1000, Andrew Bartlett wrote: Stefan (metze) Metzmacher wrote: Hi, here's a proposal for the idmap api; we'll have a cache that will be asked first, if this fails we ask the central idmap and add the result to our cache. the idmap_central_* functions should be plugable/selectable (different backends should be allowed here) and the backend should decide how to handle unmapped id's. comments please /* idmap api */ NT_STATUS idmap_sid_to_id(DOM_SID *sid, int *id, BOOL *group); I don't like this bit. I would prefer it returned somthing that was typesafe - say use two paramaters or return a struct or somthing. The size of a uid_t is probably the same as a gid_t, but may not be the same as int. yes, I thought of a struct with a union in it. struct unix_id { BOOL group; union { uit_t uid; gid_t gid; } unix; } Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Re: Bug in samba 2.2 + kernel 2.4?
Hi Jerry, That looks exactly like my problem -- tons of open FDs but only on directories, not files. Unfortunately I haven't made any further progress in troubleshooting this. I walked through the debugging messages and matched them to whats in the source. It seems like it should be working. But, I don't do much C/C++ coding, so probably not worth much. I did verify it only happened on kernel 2.4 (well, least 2.4.18 2.4.19). And, I'm seeing it in Samba 2.2.x and the 3.x alpha. I didn't try the 2.0 stuff...but, I would guess it occurs there too. I think I remember seeing the owner change from the windows user to root. Other than that, I can't think of anything else that might help. Let me know there is anything I can do to help fix this! Thanks again! Jon Quoting Gerald (Jerry) Carter [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The original thread for this starts here in case anyone needs it http://lists.samba.org/pipermail/samba-technical/2002-October/040119.html John, Does this look like your bug ? http://lists.samba.org/pipermail/samba/2002-October/083160.html I'm trying to correlate reports and I think this is a match. Did you ever find out any more inforamtion? cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9uWn/IR7qMdg1EfYRAnA7AJ9I1wwMQ4PHd+3tgM7NzsNngTmdjwCfbhue OfZfdkRIBSAmSxrO7/FDOhE= =0UwQ -END PGP SIGNATURE-
Re: Planning 3.0alpha21 for Friday (10/25)
At 10:29 23.10.2002 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 23 Oct 2002, Jelmer Vernooij wrote: On Wed, Oct 23, 2002 at 09:54:49AM -0500, Gerald (Jerry) Carter wrote about 'Planning 3.0alpha21 for Friday (10/25)': FYI... Just giving everyone a heads up. I will also roll RPMS for the various RedHat versions on this release. Also i will be examining the growing diff's between HEAD and SAMBA_3_0 tomorrow probably. So beware if you have not been merging appropriate changes into both branches. Hi Jerry,Volker,Andrew,Jelmer, for me usrmgr with 3_0 is broken. I got an error 'local group doesn't exists' ... HEAD works fine. I would loke Volker to merge the group mapp fixes he have done to HEAD to be merged. and the group_map move to pdb would also be nice (there're no changes only renaming of the callers ...), it makes it esier for later patches to be merged when we merged it to 3_0 now, I think. together with my PDB_SET/PDB_CHANGED patch (I've heard of no bug since it's in HEAD and it's much more robust for ldapsam because we doesn't eleminate multivalued attributes!!!) and the ldap connection caching patch ( if Andrew agree) (this work quite well for me for a few days...) metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Comparing SAMBA_3_0 to HEAD
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 After exluding these files from the diff configure CVS *proto.h The diff is still rather large. NMow I'm a little skeptical to think that all the changes in HEAD are not meant for 3.0. My other conclusion is that people have not been merging in the appropriate fixes into SAMBA_3_0. $ diff -ub --recursive --new-file \ --exclude-from=../../cvs-trees.exclude source \ ../../samba/source /tmp/3-0.diff $ wc -l /tmp/3-0.diff 21816 /tmp/3-0.diff $ grep '^+++ ' /tmp/3-0.diff | wc -l 89 btw...I'm postponing the 3.0-alpha21 release until this is resolved to some degree of satisifaction (and the fact that I've not gotten the RedHat specfile up to snuff like I promised). We also have a report of User Manager not working with 3.0 (but does with HEAD). Volker is on this one. I will also get the local groups issue fixed in winbindd's ldap backend before releasgin alpha21 into the wild. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9uWYLIR7qMdg1EfYRAoywAKCkf18asr30Bk3ZxEbgTDP/EubmVQCgi9GS FMF8DRf4RHZK4gQLcZG9o8Q= =vRVc -END PGP SIGNATURE-
'deldriver' doesn't work
Hi, I am facing problem with deleting drivers from the server. I am using rpcclient tool to delete drivers. 'deldriver' is implemented in cmd_spoolss.c. Kindly let me know if anything can be done. Thanx Harish
Re: Winbind doesnt enumerate more than one group from an AD domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Oct 2002, Jean Francois Micouleau wrote: you mean local groups within the S-1-5-32 sid sub tree or the local domain groups under the PDC SID ? If that's the first case, winbind shouldn't even read them, they have no meaning outside the machine they are defined. In a Windows 2000 native mode domain, domain local groups are available for use by any domain member. These are the ones I thought we were referring to. Did I misread the original post? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9uaFEIR7qMdg1EfYRAtmPAJ91xGFcPi/Qz31HGzK9JT+q8CX8hACg2NJw qVHzgBDu31wmqobbuoZMUEo= =L1fV -END PGP SIGNATURE-
Re: Winbind doesnt enumerate more than one group from an AD domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25 Oct 2002, Simo Sorce wrote: JF is totally right winbind should never ask for PDCs local group. But there is a third option, MS has defined an obscure (to me) new type of group in w2k, the global local group do you mean this one jerry? Domain local groups existed under Windows NT 4.0. They were just available among DC's of the domain. See my other post in response to JF. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9uaGkIR7qMdg1EfYRAkhvAKCOgi13lDpJQ5G9pRWmt4MElOOkpACeMab+ waFKMnVGDJsQBj/seu0OuB8= =SzRU -END PGP SIGNATURE-
Re: Running smb without nmb?
On Fri, Oct 25, 2002 at 08:33:32PM +1000, Andrew Bartlett wrote: Christopher R. Hertel wrote: I've been known to do things the other way, with nmbd running on a system that isn't running smbd. I set nmbd to act as a WINS server and Domain Master Browser to handle the namespace issues, but I don't offer any file services. Doesn't that break browse sync? It might. I'm still digging into the inner workings of browse sync. I've heard (on IRC the other day) that W/9x browse sync doesn't work reliably anyway. I need to do a lot more digging. Unearthing things that others already know and have moved beyond. Anyway, setting up without smbd works okay if you're just doing NBNS (WINS). I need to verify the DMB claim. Thanks for checking. Chris -)-
Re: Comparing SAMBA_3_0 to HEAD
On Fri, Oct 25, 2002 at 10:40:59AM -0500, Gerald (Jerry) Carter wrote about 'Comparing SAMBA_3_0 to HEAD': After exluding these files from the diff configure CVS *proto.h The diff is still rather large. NMow I'm a little skeptical to think that all the changes in HEAD are not meant for 3.0. My other conclusion is that people have not been merging in the appropriate fixes into SAMBA_3_0. I should take some blame for this :-/ I'll try to figure out which of my bits should be in 3_0 as well... Btw. Thanks for merging the docs! I'll try to keep them synced somewhat more in the future... Jelmer -- Jelmer Vernooij [EMAIL PROTECTED] Pending (unfinished) patches http://samba.org/~jelmer/diffs.php
Re: Winbind doesnt enumerate more than one group from an AD domain
On Fri, 25 Oct 2002, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Oct 2002, Jean Francois Micouleau wrote: you mean local groups within the S-1-5-32 sid sub tree or the local domain groups under the PDC SID ? If that's the first case, winbind shouldn't even read them, they have no meaning outside the machine they are defined. In a Windows 2000 native mode domain, domain local groups are available for use by any domain member. These are the ones I thought we were referring to. Did I misread the original post? ok then it's still a problem of vocabulary :) Can we settle on a definitive wording ? local groups, domain groups, domain local groups, universal groups. J.F.
Re: Winbind doesnt enumerate more than one group from an AD domain
On Fri, 2002-10-25 at 21:55, Gerald (Jerry) Carter wrote: Domain local groups existed under Windows NT 4.0. They were just available among DC's of the domain. See my other post in response to JF. To my knowledge (derived from some doc on msdn) they are a different thing. local groups (same as NT) does exist in w2k and are different from domain local groups. I'm sorry I'm not able anymore to find the article on msdn :-( Simo. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Re: Winbind doesnt enumerate more than one group from an AD domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Oct 2002, Jean Francois Micouleau wrote: ok then it's still a problem of vocabulary :) Can we settle on a definitive wording ? local groups, domain groups, domain local groups, universal groups. Fine by me :-) cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9uboIIR7qMdg1EfYRAvaRAJoC5pFrW1qVq+Y5JRpl1zaW9AiubQCfQpVz cit8mIQX/UXMr9LENnVbapo= =U1J8 -END PGP SIGNATURE-
Re: 'deldriver' doesn't work
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Oct 2002 [EMAIL PROTECTED] wrote: I am facing problem with deleting drivers from the server. I am using rpcclient tool to delete drivers. 'deldriver' is implemented in cmd_spoolss.c. Kindly let me know if anything can be done. What fails? What version of Samba ? It is a samba server right? cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9ubrbIR7qMdg1EfYRAla0AJ49dSOc/JEQVyZS2oifw9YqS7wxPQCfaew9 hGnWtMkDSBdFZSMMieDtld4= =Q1l4 -END PGP SIGNATURE-
Re: [Samba] Re: How Samba let us down
David Collier-Brown -- Customer Engineering wrote: There are also some sharable filesystems that could result in two sambae sharing the same files: supposedy my employer sells one (:-)) :-) Yes, I considered NFS, but only as as way to allow the two Sambae to be on separate machines and so not have to fight over the right to listen on the localhost interface. I think that adding another layer of locking would add to my locking problems, not lessen them. Matt
Re: Comparing SAMBA_3_0 to HEAD
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 After exluding these files from the diff configure CVS *proto.h The diff is still rather large. NMow I'm a little skeptical to think that all the changes in HEAD are not meant for 3.0. My other conclusion is that people have not been merging in the appropriate fixes into SAMBA_3_0. $ diff -ub --recursive --new-file \ --exclude-from=../../cvs-trees.exclude source \ ../../samba/source /tmp/3-0.diff $ wc -l /tmp/3-0.diff 21816 /tmp/3-0.diff $ grep '^+++ ' /tmp/3-0.diff | wc -l 89 btw...I'm postponing the 3.0-alpha21 release until this is resolved to some degree of satisifaction (and the fact that I've not gotten the RedHat specfile up to snuff like I promised). OK - how do you want some of this handled: I am committing patches that I think belong in 3.0 eventually, but I would like some external confirmation that I haven't stuffed something silly up. Should I merge to both immediately, or let it sit in HEAD for a few days? The latter is what has produced this problem, because then other changes are getting applied on top (which makes doing the later merge harder) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: Planning 3.0alpha21 for Friday (10/25)
Stefan (metze) Metzmacher wrote: At 10:29 23.10.2002 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 23 Oct 2002, Jelmer Vernooij wrote: On Wed, Oct 23, 2002 at 09:54:49AM -0500, Gerald (Jerry) Carter wrote about 'Planning 3.0alpha21 for Friday (10/25)': FYI... Just giving everyone a heads up. I will also roll RPMS for the various RedHat versions on this release. Also i will be examining the growing diff's between HEAD and SAMBA_3_0 tomorrow probably. So beware if you have not been merging appropriate changes into both branches. Hi Jerry,Volker,Andrew,Jelmer, for me usrmgr with 3_0 is broken. I got an error 'local group doesn't exists' ... HEAD works fine. I would loke Volker to merge the group mapp fixes he have done to HEAD to be merged. and the group_map move to pdb would also be nice (there're no changes only renaming of the callers ...), it makes it esier for later patches to be merged when we merged it to 3_0 now, I think. together with my PDB_SET/PDB_CHANGED patch (I've heard of no bug since it's in HEAD and it's much more robust for ldapsam because we doesn't eleminate multivalued attributes!!!) and the ldap connection caching patch ( if Andrew agree) (this work quite well for me for a few days...) The latter patch is in - can people test is out a bit and I'll look at how hard it is to merge into 3.0. (I might just have to pick up volker's change at the same time). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: Planning 3.0alpha21 for Friday (10/25)
Urban Widmark wrote: On Wed, 23 Oct 2002, Gerald (Jerry) Carter wrote: Just giving everyone a heads up. I will also roll RPMS for the various RedHat versions on this release. Any chance of someone reviewing and possibly adding these changes before then? I first posted this on the 19th. 3 changes smbmount wants in samba: 1) Allow an application to control if CAP_LARGE_FILES is set in the client capabilities. 2) Make strchr_m and strrchr_m efficient for the common case of searching for an ascii character, using the same reasoning as in strlower_m. The conversions done in strchr_m are kind of expensive ... 3) strchr_w(ws, UCS2_CHAR('\0')) doesn't find the end of the string, and that makes strchr_m(string, '\0') fail. (2) fixes that, but I'm guessing strchar_w is also supposed to work like strchr does. /Urban diff -urN -X exclude samba-3_0.old/source/libsmb/cliconnect.c samba-3_0/source/libsmb/cliconnect.c --- samba-3_0.old/source/libsmb/cliconnect.cThu Oct 17 19:10:24 2002 +++ samba-3_0/source/libsmb/cliconnect.cSat Oct 19 12:13:30 2002 @@ -124,6 +124,9 @@ if (cli-capabilities CAP_UNICODE) capabilities |= CAP_UNICODE; + if (cli-capabilities CAP_LARGE_FILES) + capabilities |= CAP_LARGE_FILES; + return capabilities; } I assume this just adds a capability bit? That shouldn't be a problem. diff -urN -X exclude samba-3_0.old/source/lib/util_str.c samba-3_0/source/lib/util_str.c --- samba-3_0.old/source/lib/util_str.c Wed Oct 2 21:12:14 2002 +++ samba-3_0/source/lib/util_str.c Sat Oct 19 16:46:34 2002 @@ -990,6 +990,9 @@ pstring s2; smb_ucs2_t *p; + if (!(c 0x80)) + return strchr(s, c);/* ascii */ + push_ucs2(NULL, ws, s, sizeof(ws), STR_TERMINATE); p = strchr_w(ws, UCS2_CHAR(c)); if (!p) @@ -1005,6 +1008,9 @@ pstring s2; smb_ucs2_t *p; + if (!(c 0x80)) + return strchr(s, c);/* ascii */ + push_ucs2(NULL, ws, s, sizeof(ws), STR_TERMINATE); p = strrchr_w(ws, UCS2_CHAR(c)); if (!p) This looks wrong... You need to check that every char in the string doesn't have 0x80, not just the first char. My understanding is that once the 0x80 escape is set, we might have 'legitimate' characters following that have their meaning altered. Does that sound right? diff -urN -X exclude samba-3_0.old/source/lib/util_unistr.c samba-3_0/source/lib/util_unistr.c --- samba-3_0.old/source/lib/util_unistr.c Wed Sep 25 17:18:52 2002 +++ samba-3_0/sourcelib/util_unistr.c/ Sat Oct 19 20:45:34 2002 @@ -335,6 +335,7 @@ if (c == *s) return (smb_ucs2_t *)s; s++; } + if (c == *s) return (smb_ucs2_t *)s; return NULL; } -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: [Samba] libsmbclient in Mac OS X / Darwin
Luis Muñoz wrote: Dear folks: First of all, thanks for a great product and please do keep up your fine job with samba. As a humble contribution to your project, below is a patch to configure.in that allows libsmbclient.so to be correctly built in my system (Mac with Mac OS X). I hope this to be useful. Yes, it looks useful, but see below... I also noted that the generated Makefile, did not correctly install the library as the 'install' command lacks a target directory. Seeing that some other things seem to ignore the --with-prefix, I prefer to just report this instead of producing patches. Regards. -lem lem@dC8541540 source uname -a Darwin dC8541540.dslam-06-2-1-03-01-02.tdd.dsl.cantv.net 5.5 Darwin Kernel Version 5.5: Thu May 30 14:51:26 PDT 2002; root:xnu/xnu-201.42.3.obj~1/RELEASE_PPC Power Macintosh powerpc *** configure.in-orig Fri Oct 25 23:50:47 2002 --- configure.inSat Oct 26 01:04:43 2002 *** *** 855,860 --- 855,868 SONAMEFLAG=-Wl,-soname= AC_DEFINE(STAT_ST_BLOCKSIZE,512) ;; + *darwin*) AC_DEFINE(DARWIN) + BLDSHARED=true + LDSHFLAGS=-dynamic + PICFLAG=-fPIC + SHLD=libtool I was about to apply this, but why do we need to involve libtool here? (Yes, there is a long history to this issue... ) + LIBS=${LIBS} -lc -lcc_dynamic + CFLAGS=-dynamic -fno-common ${CFLAGS} + ;; *solaris*) AC_DEFINE(SUNOS5) BLDSHARED=true LDSHFLAGS=-G Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: [Samba] Re: How Samba let us down
Steve Langasek wrote: If oplock support is disabled, yes, you can expect two Samba installations to play nicely with locks on the same set of files. If oplocking is enabled, it might also be possible to make them behave, though this would at least require some symlink magic. There are also some sharable filesystems that could result in two sambae sharing the same files: supposedy my employer sells one (:-)) --dave -- David Collier-Brown, | Always do right. This will gratify DMCO's MTEC team in Toronto| some people and astonish the rest. Formerly Opcom, ACE and SIS. | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
RE: [Samba] Re: How Samba let us down
Reading through Jeremy's eagerly awaited discourse on oplocks/share modes/locking, I read this bit : ... if you need simultaneous file access from a Windows and UNIX client you *must* have an application that is written to lock records correctly on both sides. Few applications are written like this, and even fewer are cross platform (UNIX and Windows) so in practice this isn't much of a problem. but my brain kept stumbling over isn't much of a problem (;-) surely that should say isn't much of a solution ? I only mention it in the interests of honing the discourse as it heads towards the docs. Cheers Nick Boyce EDS Southwest Solution Centre, Bristol, UK