samba pam_ldap password syncing pam
Forgive the subject line, I wanted it to turn up if someone was googling. I have found that the following combination works well for password syncing using pam when the system is configured to use ldap for user authentication ( pam_ldap ). I hope this is of use to someone. /etc/pam.d/samba #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so use_first_pass accountsufficient /lib/security/pam_ldap.so accountrequired /lib/security/pam_unix_acct.so password sufficient /lib/security/pam_ldap.so password required /lib/security/pam_pwdb.so try_first_pass Kind Regards Bryan -- Bryan Hunt Systems Enginering Manager Ossidian Technologies Ltd Blackrock Co Dublin IRELAND Tel +353-1-2787111 Fax +353-1-2787136 See us at :- 18-21 February 2003 Palais des Festivals Cannes, France Ireland Stand No: B22, Hall 1
Problem with browse lists under Samba3.0a21
BDY.RTF Description: RTF file
compile problem 2.2.7a on HP-UX 11
Hi, I'm having problems in compiling recent SAMBA versions on HP-UX 11.00 using GCC 3.2 or GCC 2.95.3. The error I get is: Compiling lib/crc32.c Compiling lib/snprintf.c lib/snprintf.c:790: conflicting types for `snprintf' /usr/local/lib/gcc-lib/hppa2.0n-hp-hpux11.00/3.2/include/stdio.h:493: previous declaration of `snprintf' *** Error exit code 1 Stop. Anybody have a work around or patch for this? Regards, Danny
Re: A humble request for help
On Thu, 2003-01-09 at 02:42, Stefan Görling wrote: Hi Everyone, I'm currently working on a thesis investigating how Open Source is affected by the influence of money and the interests of commercial companies. As the SAMBA Server efforts is the foundation of many companies it is interesting to study how their entrance to the scene have affected the community. I'm not sure about how it has affected the community, but my general impression is that they have had a *massive* positive impact on code quality. In particular, the application of professional QA to the products Samba is used in has resulted in many bugfixes back into the code-base. They have also swayed the direction of Samba development - Samba's current level of printing support is due to the fact that Samba is used in a HP printing product. Likewise, our file-server and domain member code has improved markedly with support from the NAS vendors. The interesting comparison is the development of Samba's PDC end, which is largely supported by individuals, or spin-off work from other areas. Without the same degree of 'company with product to ship' support, it hasn't moved as fast. However, this isn't a complaint - I certainly don't feel that developer time is being 'stolen' or anything. We have to walk before we can run, and getting a world-class CIFS server gives us a much better basis for the PDC. The thesis as well as research papers surrounding it will be released under the GNU Free Documentation License and as soon as the first drafts are available they will be published so that the community may comment upon it. In order to improve the research, it would be great if you guys could spend a few minutes on this one. I have included below a list of the most active persons on this mailinglist during the year 2002. I have tried to establish their employer as far as e-mail adresses and google could help me out, but there are lots of unknowns, and probably some errors too. So please, send me patches. Also, if you belive that there are others who should be on this list, or someone who shouldn't please let me know. I'm missing Andrew Tridgell from this list, anybody who can tell me why? I think it's mainly that a few of us inhabit the list, and the rest get on and actually get work done :-) If there are someone out there who would be willing to answer some more detailed questions, such as how long they've been doing Open Source development as a source of income and how they think it have affected them and their efforts, please drop me a line. I'd be forever grateful. I am also very interested in interviewing developers who are major contributors on their free-time. I don't mind answering a few questions. Andrew Bartlett,Unknown / Self-financed Most of my interesting work on Samba has been Self-financed, but I've done various consulting/contracting jobs related to Samba, and use it extensively as a sysadmin. Other than that, I'm a full time student... Gerald Carter,VA Linux Jerry is now HP, along with the rest of the former VA team. Richard Sharpe,Pansas Jeremy Allison,VA Linux Simo Sorce,Xsec Stefan Metzmacher,Unknown / Self-financed Tim Potter,VA Linux Christopher R. Hertel,Unknown / Self-financed Jelmer Vernooij,Unknown / Self-financed Steve Langasek,Unknown / Self-financed Andrew Esh,TriCord ? David Collier-Brown,SUN Microsystems Volker Lendecke,Service Network GmbH Rafal Szczesniak,Unknown / Self-financed Jim McDonough,IBM Alexander Bokovoy,Sam-Solutions Luke Kenneth Casson Leighton,Unknown / Self-financed Bradley W. Langhorst,Unknown / Self-financed Don McCall,HP Ulf Bertilsson,Unknown / Self-financed Urban Widmark,Enlight Mike Gerdts,Alcatel Luke Howard,PADL Software Pty Ltd David Lee,University of Durham Juergen Hasch,Unknown / Self-financed Steven French,IBM Andreas Moroder,Unknown / Self-financed Best Regards, Stefan Görling -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
wbinfo -r with w2k AD
Hi all, while testing to integrate some samba servers in an w2k AD Domain we found a couple of issues, i try to summarize it: W2K Server using SP3 samba versions: debian unstable package 3.0.alpha21-3 cvs version 08.01.2003 build on debian unstable all domains set up as standalone domain building forest root and schema root smb.conf workgroup = TEST realm = TEST.LOC #realm = TEST.TEST.LOC security = ads ads server = w.x.y.z password server = w.x.y.z encrypt passwords = yes passdb backend = tdbsam unixsam wins server = w.x.y.z # PasswordChat Section ;unix password sync = false passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spasswor ;pam password change = no obey pam restrictions = yes # WinBind Settings winbind uid = 1-2 winbind gid = 1-2 template shell = /bin/bash winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes # Other panic action = /usr/share/samba/panic-action %d ;message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' w2k AD native mode workgroup: TEST Domain: test.test.loc wbinfo -r administrator gives back all groups wbinfo -r user gives back only the primary group w2k AD native mode workgroup: TEST Domain: test.loc wbinfo -r administrator gives back all groups wbinfo -r user gives back only the primary group w2k AD mixed mode workgroup: TEST Domain: test.loc wbinfo -r administrator gives back all groups wbinfo -r user gives back all groups w2k AD mixed mode workgroup: TEST Domain: test.test.loc wbinfo -r administrator gives back all groups wbinfo -r user gives back all groups in any setting the getent group gives back all users in the goups exept users in the format aa.bb irc-nic: flu mit freundlichem Gruß Ulf Händel -- DV IDEE GmbH Tel.: 0511 8483281 Adelheidstraße 4-5 Fax.: 0511 8483233 30171 Hannover Mobil. 0170 5400369 e-mail.: [EMAIL PROTECTED]
[PATCH] trans2 querypathinfo alt name
Hi Jerry,
I noticed that if I'm using MS Access 97 on a NT4 machine I can't access to
database files witch are in directories 12 chars, but if I do the same
thing on an w2k or NT4 server is works.
I see that the respond to the query alt file name call send a mangle name
in unicode with termination.
but the windows servers didn't send the termination
I also wonder why we set the LONG FILE NAMES are in use flag in the SMB
HEADER flags2
this is also different to windows...
I attache a small patch and a view sniffs
metze
-
Stefan metze Metzmacher [EMAIL PROTECTED]diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#*
HEAD/source/smbd/trans2.c HEAD-fix/source/smbd/trans2.c
--- HEAD/source/smbd/trans2.c Thu Dec 5 09:43:44 2002
+++ HEAD-fix/source/smbd/trans2.c Thu Jan 9 17:04:50 2003
@@ -1794,7 +1794,9 @@ static int call_trans2qfilepathinfo(conn
if(!mangle_is_8_3(short_name, True)) {
mangle_map(short_name,True,True,SNUM(conn));
}
- len = srvstr_push(outbuf, pdata+4, short_name, -1,
STR_TERMINATE|STR_UPPER);
+
+ len = srvstr_push(outbuf, pdata+4, short_name, -1, STR_UPPER);
+
data_size = 4 + len;
SIVAL(pdata,0,len);
break;
msaccess-failed.cap
Description: Binary data
msaccess-fine.cap
Description: Binary data
msaccess-file-fine2.cap
Description: Binary data
Re: [PATCH] audit handling of waitpid() status codes
On Thu, Jan 09, 2003 at 05:12:15PM +1100, Martin Pool wrote:
I found a data-corruption bug in ccache a few weeks ago relating to
incorrect handling of wait() status codes, so I thought I would do a
quick check for similar things in Samba.
Part of this (the smbd/chgpasswd.c patch) is incorrect I think.
You have changed the line :
if (WIFEXITED(wstat) == 0) {
...
return False;
}
to
if (WIFEXITED(wstat)) {
...
return False;
}
The man page states :
WIFEXITED(status)
is non-zero if the child exited normally.
This particular clause is meant to catch an error condition
(not a normal exit). I agree it's not good code and could be cleaned
up but this change reverses the return code on password change
success.
Jermy.
Windows 2003 server rc2
Hi all, just a short hint if anybody wants to download the win 2003 server rc2, it's maybe usefull if someone would test it against samba... metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Re: Windows 2003 server rc2
At 12:07 09.01.2003 -0500, you wrote: Stefan (metze) Metzmacher wrote: Hi all, just a short hint if anybody wants to download the win 2003 server rc2, it's maybe usefull if someone would test it against samba... Do have a copy that I could use to test. I haven't read anything about it yet. Though I have done some testing with Tahoe, it still is just WindowsXP running the WinFS service. -DR you can register and download here http://www.microsoft.com/windows.netserver/preview/obtaining.mspx --- Stefan Metzmacher [EMAIL PROTECTED]
Re: Building a custom auth back-end.
I may be wrong, but... If you really can't install PAM on some systems, I think making a library that masquerades as PAM might be the easiest way. The interface PAM exports to PAM clients is not very complicated, so making a pretend PAM would be a lot easier than making PAM from scratch. make your pretend PAM connect directly to your authentication server and you're done. - Ben
Re: [PATCH] audit handling of waitpid() status codes
On 9 Jan 2003, [EMAIL PROTECTED] wrote:
Thanks for checking it.
Part of this (the smbd/chgpasswd.c patch) is incorrect I think.
You have changed the line :
if (WIFEXITED(wstat) == 0) {
...
return False;
}
to
if (WIFEXITED(wstat)) {
...
return False;
}
The man page states :
WIFEXITED(status)
is non-zero if the child exited normally.
exited normally in this context means called _exit(), rather than
being terminated by a signal. It doesn't necessarily mean exited 0.
To determine that you need to evaluate WIFEXITED(s) (WEXITSTATUS(s)
== 0).
This particular clause is meant to catch an error condition
(not a normal exit). I agree it's not good code and could be cleaned
up but this change reverses the return code on password change
success.
You're right, I misunderstood what it was trying to do, because the
process exited while we were waiting message is printed only when
it's not true. Here's an updated patch which corrects the messages
and returns the same values.
Index: client/smbmount.c
===
RCS file: /data/cvs/samba/source/client/smbmount.c,v
retrieving revision 1.57
diff -u -u -r1.57 smbmount.c
--- client/smbmount.c 13 Nov 2002 02:21:55 - 1.57
+++ client/smbmount.c 9 Jan 2003 23:11:13 -
@@ -79,7 +79,11 @@
break;
}
/* If we get here - the child exited with some error status */
- exit(status);
+ if (WIFSIGNALLED(status)) {
+ exit(128 + WTERMSIG(status));
+ } else {
+ exit(WEXITSTATUS(status));
+ }
}
signal( SIGTERM, SIG_DFL );
@@ -499,6 +503,9 @@
if (WIFEXITED(status) WEXITSTATUS(status) != 0) {
fprintf(stderr,smbmnt failed: %d\n, WEXITSTATUS(status));
/* FIXME: do some proper error handling */
+ exit(1);
+ } else if (WIFSIGNALLED(status)) {
+ fprintf(stderr, smbmnt killed by signal %d\n, WTERMSIG(status));
exit(1);
}
Index: lib/smbrun.c
===
RCS file: /data/cvs/samba/source/lib/smbrun.c,v
retrieving revision 1.20
diff -u -u -r1.20 smbrun.c
--- lib/smbrun.c28 Jul 2002 02:20:15 - 1.20
+++ lib/smbrun.c9 Jan 2003 23:11:13 -
@@ -130,6 +130,11 @@
return WEXITSTATUS(status);
}
#endif
+#if defined(WIFSIGNALLED) defined(WTERMSIG)
+ if (WIFSIGNALLED(status)) {
+ return 128 + WTERMSIG(status);
+ }
+#endif
return status;
}
Index: lib/util_file.c
===
RCS file: /data/cvs/samba/source/lib/util_file.c,v
retrieving revision 1.36
diff -u -u -r1.36 util_file.c
--- lib/util_file.c 28 Jun 2002 03:19:20 - 1.36
+++ lib/util_file.c 9 Jan 2003 23:11:13 -
@@ -362,7 +362,7 @@
while ((n = read(fd, buf, sizeof(buf))) 0) {
tp = Realloc(p, total + n + 1);
if (!tp) {
- DEBUG(0,(file_pload: failed to exand buffer!\n));
+ DEBUG(0,(file_pload: failed to expand buffer!\n));
close(fd);
SAFE_FREE(p);
return NULL;
@@ -372,6 +372,8 @@
}
if (p) p[total] = 0;
+ /* FIXME: Perhaps ought to check that the command completed
+* successfully; if not the data may be truncated. */
sys_pclose(fd);
if (size) *size = total;
Index: smbd/chgpasswd.c
===
RCS file: /data/cvs/samba/source/smbd/chgpasswd.c,v
retrieving revision 1.98
diff -u -u -r1.98 chgpasswd.c
--- smbd/chgpasswd.c9 Jan 2003 06:58:07 - 1.98
+++ smbd/chgpasswd.c9 Jan 2003 23:11:14 -
@@ -408,20 +408,22 @@
(We were waiting for the wrong process ID\n));
return (False);
}
- if (WIFEXITED(wstat) == 0)
+
+ if (WIFEXITED(wstat) WEXITSTATUS(wstat) != 0)
{
DEBUG(3,
- (The process exited while we were waiting\n));
+ (The process exited with code %d while we were
+waiting\n,
+ WEXITSTATUS(wstat)));
return (False);
}
- if (WEXITSTATUS(wstat) != 0)
+ else if (WIFSIGNALED(wstat))
{
DEBUG(3,
- (The status of the process exiting was %d\n,
- wstat));
+ (The process was killed by
recursive mutexes in appl_head winbindd_cm.c?
I'm looking at jra's 1.33.2.16 change to winbindd_cmd.c in relation to
hp CR1501.
I think there are some problems with the way the mutex reference count
is handled. I'm not sure what is the cleanest way to fix it.
The mutexes are implemented on top of fcntl locks, which cannot be
nested. Therefore winbindd holds an in-memory reference count for
each lock. When this increments from zero, the OS lock is taken; when
it decreases to zero the OS lock is released. So far so good.
jra, can you explain what the recursion thing in this patch is for?
Tim says the point of the mutex is to protect against an NT bug that
causes failures if more than one connection tries to authenticate at
the same time.
In cm_open_connection:
for (i = 0; retry (i NUM_CLI_AUTH_CONNECT_RETRIES); i++) {
if (!secrets_named_mutex(new_conn-controller,
WINBIND_SERVER_MUTEX_WAIT_TIME, new_conn-mutex_ref_count)) {
DEBUG(0,(cm_open_connection: mutex grab failed for %s\n,
new_conn-controller));
continue;
}
result = cli_full_connection(new_conn-cli, global_myname_unix(),
new_conn-controller,
dc_ip, 0, CLI_AUTH_TIMEOUT, IPC$,
IPC, ipc_username, ipc_domain,
ipc_password, strlen(ipc_password), retry);
if (NT_STATUS_IS_OK(result))
break;
}
If we fail to acquire the mutex, then we continue trying a few times,
which is probably OK. However, if we never get the mutex after three
times, then the loop terminates and we proceed on through the function
with 'result' uninitialized, which would cause trouble.
In another case, suppose that our first attempt to call
cli_full_connection() fails. (I think this is the case I'm seeing --
because of something to do with restrict anonymous, we can't get in
to the PDC.) We therefore end up with 3 acquisitions of the mutex,
and one of them is released when we exit the function, so the fctnl
lock is never freed, which presumably causes trouble with other things
later -- we have leaked two mutex reservations.
One way to cope better would be for the function to fail if it doesn't
get the mutex after the timeout. However, since the mutex is only a
safeguard against an NT bug, we might be better off taking our chances
and proceeding anyhow -- this is what the code does at the moment.
However, it still tries to release the mutex even though it was not
actually acquired. This causes panic()s in secrets.c.
cm_open_connection and get_connection_from_cache in appliance_head
both have a keep_mutex flag that is used by cm_get_netlogon_cli to
hold onto the mutex for a longer period so that it can also guard the
NetLogon phase. There seem to be two problems with this.
If the connection is returned from cache, then the mutex count is in
fact not acquired, and it is incorrect for cm_get_netlogon_cli() to
release it:
if (conn-mutex_ref_count)
secrets_named_mutex_release(conn-controller, conn-mutex_ref_count);
Examining the refcount seems to me not to be a safe protection against
this: it might already be 1 because some other caller has acquired
it, but that doesn't mean we have the right to release it. We're
giving up somebody else's lock. This happens in a couple of places.
Also, as noted above, sometimes cm_open_connection() completes without
acquiring the mutex, but cm_get_netlogon_cli() assumes that it's
always taken.
--
Martin
Re: Building a custom auth back-end.
On Fri, 2003-01-10 at 08:41, Christopher R. Hertel wrote: Abartlet, et. al., I've been asked to check on something. I haven't been working with this aspect of the authentication code in Samba so I need a little guidance. Question: How hard is it, if we're *not* using PAM, to build a custom authentication back-end for Samba? Not too hard, for Samba 3.0 The reason that we (the University, where I work) are not using PAM is that there are a lot of servers out there on all sorts of platforms. Some use PAM, some don't. A general solution would need to work without. The authentication database is a big central system. It can do RADIUS and LDAP and a few other schemes, but RADIUS is preferred. It already stores NTLMv1 hashes. To give you an idea of scale (and why this is an interesting project), the central database has on the order of 130,000 user entries. We're a big shop, in some ways, a lot of little shops in others. Anyway, the goal is to let Windows users connect to Samba servers, authenticating against the central database. I think it should be easy to do, if we have the hooks to do it. I think I remember someone saying we have such hooks. As you know, my head has been burried in my book so I'm a little lost with regard to such things. You really should just use the 'normal' pdb_ldap stuff, unless you have a *really* good reason not to. Because there is much more involved than just getting the auth - we need the user in the SAM anyway. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Building a custom auth back-end.
Abartlet, et. al., I've been asked to check on something. I haven't been working with this aspect of the authentication code in Samba so I need a little guidance. Question: How hard is it, if we're *not* using PAM, to build a custom authentication back-end for Samba? The reason that we (the University, where I work) are not using PAM is that there are a lot of servers out there on all sorts of platforms. Some use PAM, some don't. A general solution would need to work without. The authentication database is a big central system. It can do RADIUS and LDAP and a few other schemes, but RADIUS is preferred. It already stores NTLMv1 hashes. To give you an idea of scale (and why this is an interesting project), the central database has on the order of 130,000 user entries. We're a big shop, in some ways, a lot of little shops in others. Anyway, the goal is to let Windows users connect to Samba servers, authenticating against the central database. I think it should be easy to do, if we have the hooks to do it. I think I remember someone saying we have such hooks. As you know, my head has been burried in my book so I'm a little lost with regard to such things. Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
[patch] HEAD winbindd_cm.c mutex bug
This patch is meant to fix the case where we repeatedly fail to
acquire the mutex for opening the connection. At the moment the code
proceeds with neither the new_conn- or result variables initialized,
which I'm pretty sure is a bug.
I don't know if this is the most appropriate status code but it should
be set to something.
--- winbindd_cm.c.~1.59.~ 2003-01-09 12:11:32.0 +1100
+++ winbindd_cm.c 2003-01-10 15:55:53.0 +1100
@@ -369,9 +369,11 @@ static NTSTATUS cm_open_connection(const
new_conn-controller, global_myname(), ipc_domain, ipc_username));
for (i = 0; retry (i 3); i++) {
-
if (!secrets_named_mutex(new_conn-controller, 10)) {
DEBUG(0,(cm_open_connection: mutex grab failed for %s\n,
new_conn-controller));
+ /* try again, but if we never succeed in getting a connection
+then this
+* is the result */
+ result = NT_STATUS_POSSIBLE_DEADLOCK;
continue;
}
--
Martin
oplock breaks
In implementing oplock code in the Linux cifs vfs I noticed that Win2K sends a UID of zero (but non-zero FID and TID) on the oplock break from the server ... this implies that the space of valid fids is not related to the UID. Thus if I thought that it were possible to do more than 64K open instances to a particular Windows server the fids it generates are either unique across a particular tid or unique across a particular tid across a particular TCP connection? and the tids that the server generates are also unrelated to the UID ... Steve French Senior Software Engineer Linux Technology Center - IBM Austin phone: 512-838-2294 email: [EMAIL PROTECTED]
Re: recursive mutexes in appl_head winbindd_cm.c?
Here's my idea for fixing this in appliance-head, without reworking
the mutex reference count.
Basically it tries to
- avoid undefined behaviour in the case where we fail to acquire the
mutex
- avoid leaking locks in the case where we fail to connect to the
server
- avoid releasing the mutex more times than it has been acquired,
because this causes a panic
I haven't tested this in place yet, but I thought I'd send it in the
hope that jra could tell me if I'm on the right track.
Index: winbindd_cm.c
===
RCS file: /data/cvs/samba/source/nsswitch/winbindd_cm.c,v
retrieving revision 1.33.2.19
diff -u -u -p -r1.33.2.19 winbindd_cm.c
--- winbindd_cm.c 10 Dec 2002 00:50:28 - 1.33.2.19
+++ winbindd_cm.c 10 Jan 2003 06:27:09 -
@@ -45,6 +45,22 @@
*/
/*
+ The per-server mutex on opening server connections is required to
+ work around a suspected bug in NT, which causes failures if the same
+ client host tries to authenticate on two connections at the same
+ time.
+
+ In addition, the mutex is still held after opening the connection
+ when trying to do a NetLogon.
+
+ If we fail to acquire the mutex because somebody else is hogging it,
+ then we can still proceed to open the connection and we take our
+ chances with NT. However we must then be careful not to release it.
+
+ This whole mechanism is quite different in HEAD.
+*/
+
+/*
TODO:
- I'm pretty annoyed by all the make_nmb_name() stuff. It should be
@@ -68,7 +84,12 @@ struct winbindd_cm_conn {
fstring domain;
fstring controller;
fstring pipe_name;
+
+ /** Tells how many callers inside this process are using the
+* lock on connections to this server. When 0, the
+* system-wide mutex in the tdb is released. **/
size_t mutex_ref_count;
+
struct cli_state *cli;
POLICY_HND pol;
};
@@ -163,10 +184,16 @@ static void add_failed_connection_entry(
-/* Open a connction to the remote server, cache failures for 30 seconds */
-
+/**
+ * Open a connection to the remote server, cache failures for 30 seconds
+ *
+ * @param keep_mutex If true, a reservation on the server mutex is
+ * still held on successful return, so that the caller can use it and
+ * release it later.
+ **/
static NTSTATUS cm_open_connection(const char *domain, const int pipe_index,
- struct winbindd_cm_conn *new_conn, BOOL keep_mutex)
+ struct winbindd_cm_conn *new_conn,
+ BOOL keep_mutex)
{
struct failed_connection_cache *fcc;
NTSTATUS result;
@@ -228,13 +255,15 @@ static NTSTATUS cm_open_connection(const
DEBUG(5, (connecting to %s from %s with username [%s]\\[%s]\n,
new_conn-controller, global_myname_unix(), ipc_domain, ipc_username));
+ if (!secrets_named_mutex(new_conn-controller, WINBIND_SERVER_MUTEX_WAIT_TIME,
+new_conn-mutex_ref_count)) {
+ DEBUG(0,(cm_open_connection: mutex grab failed for %s\n,
+new_conn-controller));
+ /* continue anyway; note that the mutex may not actually be
+* held during the rest of this function. */
+ }
+
for (i = 0; retry (i NUM_CLI_AUTH_CONNECT_RETRIES); i++) {
-
- if (!secrets_named_mutex(new_conn-controller,
WINBIND_SERVER_MUTEX_WAIT_TIME, new_conn-mutex_ref_count)) {
- DEBUG(0,(cm_open_connection: mutex grab failed for %s\n,
new_conn-controller));
- continue;
- }
-
result = cli_full_connection(new_conn-cli, global_myname_unix(),
new_conn-controller,
dc_ip, 0, CLI_AUTH_TIMEOUT, IPC$,
IPC, ipc_username, ipc_domain,
@@ -249,7 +278,8 @@ static NTSTATUS cm_open_connection(const
SAFE_FREE(ipc_password);
if (!NT_STATUS_IS_OK(result)) {
- secrets_named_mutex_release(new_conn-controller,
new_conn-mutex_ref_count);
+ if (new_conn-mutex_ref_count 0)
+ secrets_named_mutex_release(new_conn-controller,
+new_conn-mutex_ref_count);
add_failed_connection_entry(new_conn, result);
return result;
}
@@ -264,15 +294,19 @@ static NTSTATUS cm_open_connection(const
* if the PDC is an NT4 box. but since there is only one 2k
* specific UUID right now, i'm not going to bother. --jerry
*/
- secrets_named_mutex_release(new_conn-controller,
new_conn-mutex_ref_count);
+ if (new_conn-mutex_ref_count 0)
+ secrets_named_mutex_release(new_conn-controller,
+new_conn-mutex_ref_count);
if ( !is_win2k_pipe(pipe_index) )
Re: oplock breaks
On Thu, Jan 09, 2003 at 06:08:01PM -0600, Steven French wrote: In implementing oplock code in the Linux cifs vfs I noticed that Win2K sends a UID of zero (but non-zero FID and TID) on the oplock break from the server ... this implies that the space of valid fids is not related to the UID. Thus if I thought that it were possible to do more than 64K open instances to a particular Windows server the fids it generates are either unique across a particular tid or unique across a particular tid across a particular TCP connection? and the tids that the server generates are also unrelated to the UID ... I'm not sure you can infer that. Surely it just means that the only thing the Windows client checks on an oplock break request is the FID and TID. Jeremy.
Of interest: PDA Samba
About a year back I mentioned that Samba had been ported to the Sharp Zaurus Palmtop. It seems it's now part of the official build: http://www.dynamism.com/zaurus/index.shtml Scan down to the heading Synchronization. Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
RE: [Samba] Re: Fwd: Samba Referrals
Please put the samba email address in the 'TO' field instead of the 'CC' field. It would get sorted in my inbox when it came in posted in the CC field. Your kind response is very much appreciated. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stefan (metze) Metzmacher Sent: Sunday, December 29, 2002 9:05 PM To: Lionel Porcheron Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Samba] Re: Fwd: Samba Referrals At 12:54 29.12.2002 +0100, Lionel Porcheron wrote: Ups...I forgot to ask witch samba version you're using 2.2.* doesn't support referrals at all :-( It is on a production server, so it is 2.2.7a. if you take the patch from here http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#patches it should work with 2.2.7a too... but in the 3.0alpha21 and in HEAD/CVS it should work :-) Ok. But you told that the user admin should be valid on all the servers. But that implies that i have the same admin on each database which limits the interest of the referal (and the delegation of the administration) you need to know witch password is for witch server (if you know an application that handles that on top of openldap please tell me) then you can extend the above patch if you want (I didn't have the time for it now, sorry) but please mail it to [EMAIL PROTECTED], if you have a solution metze - Stefan metze Metzmacher [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
SetPrinter call failed
SetPrinter call failed Hi, I'm trying to add printer drivers to samba using cupsaddsmb (CUPS1.1.18). This fails on samba3-alpha21 which comes with Debian/unstable. I installed the samba cvs version from today but with the same result. The problem is a rpcclient call: ~#rpcclient localhost -U root -c 'setdriver pp1 pp1' -d3 lp_load: refreshing parameters Initialising global parameters Password: Connecting to host=localhost share=IPC$ Connecting to 127.0.0.1 at port 445 Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE lsa_io_sec_qos: length c does not match size 8 SetPrinter call failed! result was NT_STATUS_UNSUCCESSFUL This is independent of whether printers/drivers named pp1 really exist, you can use arbitrary strings instead of pp1, so you should be able to reproduce this without cups or printer drivers. I can provide more debug info and try anything needed to help. Any help is greatly appreciated. Thanks! Meik -- Meik Hellmund Institut fuer Mathematik, Uni Leipzig e-mail: [EMAIL PROTECTED] http://www.math.uni-leipzig.de/~hellmund
