Re: Machine Account Passwords are changed on the WRONG server!!
Brian M Hoy wrote: Summary The second point happens, because the PC will _occasionally_ use a different DC to authenticate against (it's secure channel partner in MS parlance). If it just so happens to change its machine account password with this SCP, then the machine's domain membership is broken next time it uses its normal SCP. My Workaround I have a written a Perl script which fetches the machine account details from every LDAP server on our network and then figures out which one has the most recent machine account password, and then submits the change to the LDAP master so that it is replicated everywhere, thereby getting around these problems. It works, but is not ideal A quick look at the Samba source suggests that it would not handle LDAP referrals. Am I right here? If it did, then LDAP could be configured to give a referral to the LDAP master for changes, solving the problem (at least for LDAP users). samba 2.2.8 may help: 16) Fixes for --with-ldapsam * Default to port 389 when ldap ssl != on * add support for rebinding to the master directory server for password changes when ldap server points to a read-only slave -- Ignacio Coupeau, Ph.D. [EMAIL PROTECTED] CTI, Director [EMAIL PROTECTED] University of Navarra [EMAIL PROTECTED] Pamplona, SPAINhttp://www.unav.es/cti/
Re: Fw: About passwd changin
On Mon, Dec 30, 2002 at 10:56:19AM +0800, David wrote: Hi, Thanks for your kindly reply. So, you mean I should add a guest account to my unix system? Such as: pcguest? You probably already have one. It is called 'guest' or 'nobody' in Linux distributions. Commonly, leaving 'guest account' parameter unset is enough to get things working. cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Urgent! XP SP1 Profiles troubles
Help, please I have a several WinXP (w/o any SP, Russian) in Samba domain. Trouble: WinXP cann't load roaming profile. Workaround: add current user to local group Administrators. Working fine. Yesterday several WinXP SP1 Eng was installed. Trouble: WinXP cann't load roaming profile. Message: Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator. After that: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Unsuccessful loading profile due any operations with profile storage directory, managing permissions, adding user in local group, rejoining domain, full deleting profile, etc. Are there known troubles with SP1 ? I need change all XP Rus to Eng+SP1 due licensing change - several my machines are stalled until any workaround. Help!!! Sergey Zhukov. PS Sorry for my English. --- ___
Re: Samba 3.0alpha21, Windows XP SP1 and Kerberos authentication
Check the sPNMappings attribute: looks like the Windows 2000 KDC maps a number of things to HOST: dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=xad-0,d c=padl,dc=com sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicat or,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,i as,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstora ge,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclog on,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,ww w,http,w3svc,iisadmin -- Luke -- Luke Howard | PADL Software Pty Ltd | www.padl.com
Re: Samba 3.0alpha21, Windows XP SP1 and Kerberos authentication
On Fri, 14 Feb 2003, Luke Howard wrote: Check the sPNMappings attribute: looks like the Windows 2000 KDC maps a number of things to HOST: dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=xad-0,d c=padl,dc=com sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicat or,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,i as,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstora ge,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclog on,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,ww w,http,w3svc,iisadmin Hi, Good note, this is probably the cause. The only question is, if I do not add a CIFS/sambaserver.example.com SPN explicitly for my Samba server computer account, why do things fail? That is, why does this mapping not apply then? For normal Windows 2000 Servers this seems to work. Antti -- [EMAIL PROTECTED] Helsinki University of Technology Computing Centre
Re: LDAP machine accounts
On Fri, 2003-02-14 at 01:24, Stefan (metze) Metzmacher wrote: witch samba version are you using? 2.2.7a BTW: there are no files attached to your mail... They were attached, I will attach them again metze - Stefan metze Metzmacher [EMAIL PROTECTED] -- --- Daniel T. Gynn RHCE #806200978201621 Essential Systems, Inc. 412-931-5403 ext. 1 fax: 412-931-5425 [EMAIL PROTECTED] GnuPG Key http://www.essensys.com/~dan/gpgring.asc Fingerprint: 1341 3132 FDAC C415 8F5F 03D7 FD4E 166B FA90 58E1
Re: LDAP machine accounts
Daniel T. Gynn wrote: On Fri, 2003-02-14 at 01:24, Stefan (metze) Metzmacher wrote: BTW: there are no files attached to your mail... They were attached, I will attach them again Nope. None again. But looking in the headers: X-Content-Filtered-By: Mailman/MimeDel 2.1 The mailing list stripped the attachments (as it should, IMHO!). Can't you send diff patches for the changes you made? -- Illtud Daniel [EMAIL PROTECTED] Uwch Ddadansoddwr Systemau Senior Systems Analyst Llyfrgell Genedlaethol Cymru National Library of Wales Yn siarad drosof fy hun, nid LlGC - Speaking personally, not for NLW
Re: LDAP machine accounts
On Fri, 2003-02-14 at 10:37, Illtud Daniel wrote:
Nope. None again. But looking in the headers:
X-Content-Filtered-By: Mailman/MimeDel 2.1
The mailing list stripped the attachments (as it should, IMHO!).
Can't you send diff patches for the changes you made?
The diff for pdb_ldap.c is:
--- samba-2.2.7a/source/passdb/pdb_ldap.c 2002-12-10
09:58:15.0 -0500
+++ ../samba-2.2.7a/source/passdb/pdb_ldap.c2003-02-13
15:49:18.0 -0500
@@ -2,6 +2,7 @@
Unix SMB/Netbios implementation.
Version 2.9.
LDAP protocol helper functions for SAMBA
+ Copyright (C) Daniel T Gynn 2003
Copyright (C) Gerald Carter 2001
Copyright (C) Shahms King 2001
Copyright (C) Jean Fran�is Micouleau 1998
@@ -590,8 +591,12 @@
*/
sys_user = sys_getpwnam(username);
if (sys_user == NULL) {
- DEBUG (2,(init_sam_from_ldap: User [%s] does not ave a
uid!\n, username));
- return False;
+ DEBUG (2,(init_sam_from_ldap: User [%s] does not have a
uid!\n, username));
+
+ /* If we aren't looking for a machine then return false
+*/
+ if ( username[strlen(username) - 1] != '$' )
+ return False;
}
@@ -625,8 +630,10 @@
pdb_set_hours_len(sampass, hours_len);
pdb_set_logon_divs(sampass, logon_divs);
- pdb_set_uid(sampass, sys_user-pw_uid);
- pdb_set_gid(sampass, sys_user-pw_gid);
+ if (sys_user != NULL) {
+ pdb_set_uid(sampass, sys_user-pw_uid);
+ pdb_set_gid(sampass, sys_user-pw_gid);
+ }
pdb_set_user_rid(sampass, user_rid);
pdb_set_group_rid(sampass, group_rid);
@@ -641,10 +648,12 @@
pdb_set_workstations(sampass, workstations);
pdb_set_munged_dial(sampass, munged_dial);
- if (!pdb_set_nt_passwd(sampass, smbntpwd))
- return False;
- if (!pdb_set_lanman_passwd(sampass, smblmpwd))
- return False;
+ if (!pdb_set_nt_passwd(sampass, smbntpwd)) {
+ return False;
+ }
+ if (!pdb_set_lanman_passwd(sampass, smblmpwd)) {
+ return False;
+ }
/* pdb_set_unknown_3(sampass, unknown3); */
/* pdb_set_unknown_5(sampass, unknown5); */
@@ -839,6 +848,7 @@
if (!ldap_open_connection(ldap_struct))
return False;
+
if (!ldap_connect_system(ldap_struct))
{
ldap_unbind(ldap_struct);
@@ -877,6 +887,16 @@
}
/**
+DTG. Get SAM_ACCOUNT entry from LDAP by username
+ Added to make sure get_md4pw in src_netlog_nt.c calls
+ the correct function
+*/
+BOOL pdb_getldapsampwnam(SAM_ACCOUNT * user, char *sname)
+{
+ return pdb_getsampwnam ( user, sname ) ;
+}
+
+/**
Get SAM_ACCOUNT entry from LDAP by rid
*/
BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid)
The diff for srv_netlog_nt.c:
--- samba-2.2.7a/source/rpc_server/srv_netlog_nt.c 2002-05-18
09:40:44.0 -0400
+++ ../samba-2.2.7a/source/rpc_server/srv_netlog_nt.c 2003-02-13
15:45:52.0 -0500
@@ -7,6 +7,7 @@
* Copyright (C) Paul Ashton 1997.
* Copyright (C) Jeremy Allison 1998-2001.
* Copyirht (C) Andrew Bartlett 2001.
+ * Copyright (C) Daniel T Gynn 2003.
*
* This program is free software; you can redistribute it and/or
modify
* it under the terms of the GNU General Public License as published
by
@@ -173,7 +174,7 @@
unbecome_root();
if (ret==False) {
- DEBUG(0,(get_md4pw: Workstation %s: no account in
domain\n, mach_acct));
+ DEBUG(0,(get_md4pw: Workstation %s: no account in
domain via pdb_getsampwnam()\n, mach_acct));
pdb_free_sam(sampass);
return False;
}
@@ -185,8 +186,32 @@
return True;
}
- DEBUG(0,(get_md4pw: Workstation %s: no account in domain\n,
mach_acct));
- pdb_free_sam(sampass);
+ /* DTG. Added to check if workstation is in LDAP since it
+ isn't in the passwd file
+*/
+ DEBUG(1,(get_md4pw: Checking if workstation %s exists in
LDAP\n, mach_acct));
+ become_root();
+ /* DTG. This just calls the pdb_getsampwnam in pdb_ldap.c
+ instead of the other functions with the same name
+*/
+ ret=pdb_getldapsampwnam(sampass, mach_acct);
+ unbecome_root();
+
+ if (ret==False) {
+ DEBUG(0,(get_md4pw: Workstation %s: no account in
domain via pdb_getsampwnam()\n, mach_acct));
+ pdb_free_sam(sampass);
+ return False;
+ }
+
+ if
Re: LDAP machine accounts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13 Feb 2003, Daniel T. Gynn wrote: Hi all. I have been implementing a Windows Domain using Samba and LDAP and noticed that when validating a workstation, Samba would only check the /etc/passwd file and not LDAP. I changed the pdb_ldap.c and srv_netlog_nt.c code so that if a workstation isn't in the /etc/passwd file, it will check LDAP. I am attaching the two files. Please respond to my email address with any comments, as I haven't subscribed to this mailing list. This should be done via the nss_ldap layer in 2.2. What server OS are you using? People have already commented on 3.0 so i'll leave it at that. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+TS+oIR7qMdg1EfYRAqwwAJ47x5sVnaLQZ3QtOstqWokvLjI4uQCg6u1e vNogZ6jilejs0loT7FMgsk8= =H7S2 -END PGP SIGNATURE-
Re: Machine Account Passwords are changed on the WRONG server!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14 Feb 2003, Brian M Hoy wrote: If you believe the MS document, then the Samba BDC should pass the machine account password change request to the PDC. That would be nice! If you are using read-only replicas for Samba BDCs then the password change should be passed onto the master LDAP server via a referral. Did you say you were using samba 2.2? This is one fix that will be in 2.2.8 (was already in HEAD/SAMBA_3_0) cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+TTAqIR7qMdg1EfYRAvPKAKDV9MejCUe/+snpESKVgpgZ3n0h+wCgxJq4 H/+DjNJdM7EY/y5YXPVHVLU= =tbMS -END PGP SIGNATURE-
limits question
what do the following values in local.h do with respect to a single smbd or are they absolute limits? please explain... #define MAX_DIRECTORY_HANDLES 2048 #define MAX_OPEN_DIRECTORIES 256 #define MAX_OPEN_PIPES 2048 Thank you! Bill
Re: [PATCH] file change notification
Hello Hal,
thanks for coding this patch, unfortunately it doesn't work for me.
Checking the generated network packets with ethereal shows that the
NT_NOTIFY packet I receive on the Windwows side
is invalid. The packet (frame size as shown in ethereal) is much too
short, it's size is 93 bytes, it should be 162.
Below is the hex dump of a defect packet:
00 04 e2 1c 6f c0 00 04 e2 1c 6f 55 08 00 45 10 ..â.oÀ.. â.oU..E.
0010 00 4f 18 e6 40 00 40 06 a0 56 c0 a8 00 04 c0 a8 .O.æ@.@. VÀ¨..À¨
0020 00 08 00 8b 04 c8 0e 6a 4a aa d4 2d f3 f9 50 18 .È.j JªÔ-óùP.
0030 16 d0 01 12 00 00 00 00 00 23 ff 53 4d 42 a0 00 .Ð.. .#ÿSMB .
0040 00 00 00 88 01 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 01 00 9c 05 64 00 c0 6f 40 20 00..d. Ào@ .
This is what a W2K generated packet looks like:
00 04 e2 1c 6f c0 00 50 56 4b 85 6f 08 00 45 10 ..â.oÀ.P VK.o..E.
0010 00 94 da 29 40 00 40 06 de bf c0 a8 00 12 c0 a8 ..Ú)@.@. Þ¿À¨..À¨
0020 00 08 00 8b 04 ba 92 f9 13 50 b8 db b8 fd 50 18 .º.ù .P¸Û¸ýP.
0030 2e 10 9a 20 00 00 00 00 00 68 ff 53 4d 42 a0 00 ... .hÿSMB .
0040 00 00 00 88 01 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 01 00 c0 03 64 00 c1 ac 12 00 00 00 1e 00 À.d. Á¬..
0060 00 00 00 00 00 00 1e 00 00 00 48 00 00 00 00 00 ..H.
0070 00 00 00 00 00 00 68 00 00 00 00 00 00 00 00 21 ..h. ...!
0080 00 00 00 00 00 00 03 00 00 00 12 00 00 00 66 00 ..f.
0090 69 00 6c 00 65 00 32 00 2e 00 74 00 78 00 74 00 i.l.e.2. ..t.x.t.
00a0 00 00 ..
I attached my own hack which creates a reply packet identical to Windows
(see the change_notify_reply_packet function).
It only replies one single file name per reply packet, because you don't
get more than one file change per signal using dnotify.
Another thing I noticed is that you don't return an unicode filename,
you simply return the filename with the unix charset
and pad it with zeroes. Please convert the filename to Unicode when you
assemble the packet.
...Juergen
--- smbd/notify_kernel.orig 2003-01-14 21:57:16.0 +0100
+++ smbd/notify_kernel.c2003-02-02 00:01:24.0 +0100
@@ -37,7 +37,6 @@
#define DN_MULTISHOT0x8000 /* Don't remove notifier */
#endif
-
#ifndef RT_SIGNAL_NOTIFY
#define RT_SIGNAL_NOTIFY 34
#endif
@@ -50,6 +49,14 @@
#define F_NOTIFY 1026
#endif
+#define F_NOTIFY_FN1027
+
+/* this gets returned from the kernel */
+struct dnotify_info_struct {
+ unsigned long event;
+ char filename[NAME_MAX+1];
+};
+
/
This is the structure to keep the information needed to
determine if a directory has changed.
@@ -57,6 +64,8 @@
struct change_data {
int directory_handle;
+// uint32 Action;
+ struct dnotify_info_struct fi;
};
/
@@ -95,9 +104,10 @@
BlockSignals(True, RT_SIGNAL_NOTIFY);
for (i = 0; i signals_received; i++) {
if (data-directory_handle == (int)fd_pending_array[i]) {
- DEBUG(3,(kernel_check_notify: kernel change notify on %s
fd[%d]=%d (signals_received=%d)\n,
- path, i, (int)fd_pending_array[i],
(int)signals_received ));
-
+ data-fi.event=0;
+ fcntl((int)fd_pending_array[i],F_NOTIFY_FN,(data-fi.event));
+ DEBUG(0,(kernel_check_notify: kernel change notify on %s in
+file %s, event %d, fd[%d]=%d (signals_received=%d)\n,
+ path,
+data-fi.filename,data-fi.event, i, (int)fd_pending_array[i], (int)signals_received
+));
close((int)fd_pending_array[i]);
fd_pending_array[i] = (SIG_ATOMIC_T)-1;
if (signals_received - i - 1) {
@@ -166,7 +176,7 @@
return NULL;
}
- kernel_flags = DN_CREATE|DN_DELETE|DN_RENAME; /* creation/deletion changes
everything! */
+ kernel_flags = DN_CREATE|DN_DELETE|DN_RENAME|DN_MULTISHOT; /*
+creation/deletion changes everything! */
if (flags FILE_NOTIFY_CHANGE_FILE)kernel_flags |= DN_MODIFY;
if (flags FILE_NOTIFY_CHANGE_DIR_NAME)kernel_flags |=
DN_RENAME|DN_DELETE;
if (flags FILE_NOTIFY_CHANGE_ATTRIBUTES) kernel_flags |= DN_ATTRIB;
--- smbd/notify.orig2003-01-14 21:57:29.0 +0100
+++ smbd/notify.c 2003-02-02 00:40:54.0 +0100
@@ -45,20 +45,54 @@
/
Setup the common parts of the return packet and send it.
*/
-static void
Re: 3.0Alpha21 and W2K AD 'dorking' Samba machine acct?
On Thu, 2003-02-13 at 01:30, Nik Conwell wrote: On Thu, 30 Jan 2003, Andrew Bartlett wrote: On Thu, 2003-01-30 at 23:32, Nik Conwell wrote: Anybody seeing a scenario like this? net ads join adds our machine entry to AD just fine. The machine entry object in the AD database has: OperatingSystemSamba OperatingSystemVersion post3.0-HEAD dnsHostnameourhost Some time later something happened, and AD now has: OperatingSystemWindows OperatingSystemVersion NT 4 dnsHostnameis empty. and then authentication to ourhost fails. Something is doing a NT4 password change. This can occur if 'security=domain' is set, rather than 'security=ads'. Or if 'net rpc changetrustpw' is run. Interesting - security=ads is set in the config, and neither of the two of us who have privs to do the net cmds have run changetrustpw (or knew what it was before you wrote about it ;-)) I have an unverified pet theory that under some circumstances the smbd may think it's running as security=domain (unable to read the config file due to it being unmounted - it's on NFS disk - or since the file doesn't have o=r). I'll put some DEBUG logging statements near change_trust_account_password() to see if we're somehow getting there. Thanks for your help. -nik I since looked into this myself - and it's werid! If you make even a single connection to the NETLOGON pipe, to verify an NTLM password with the PDC, your OS gets reset! This occurs during the credentials setup for that pipe - the interesting thing will be to see what Win2k does for that pipe, and to see if we can emulate it. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: Pushing Samba functions into the kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 13 Feb 2003, Richard Sharpe wrote: On Thu, 13 Feb 2003 [EMAIL PROTECTED] wrote: Ok, my feelings on Samba in the kernel are the following. 1). We need to be able to de-multiplex incoming SMB's at the kernel level to get over the W2K Terminal Server problem. OK, I am not familiar with this problem. Can you say more please. Win2k TSE uses a single TCP session to the file server and multiplexes all of the SMB sessions over that. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+TTB4IR7qMdg1EfYRAuv8AJ0W6QB1YHZCGvGRL/7CynmLMB0tNACgi3yQ troxuc585ZsbywGxNz36N/E= =/umr -END PGP SIGNATURE-
Re: init_unistr2 length calculation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 13 Feb 2003, Shirish Kalele wrote: In init_unistr2, the string length for the UNISTR2 structure seems to be set equal to the number of bytes occupied by the string when encoded in the Unix charset (i.e. the value returned by strlen()). This is not necessarily the number of characters in the string (given UTF-8 and other variable-byte charsets). Shouldn't this actually be set to half the number of bytes occupied by the string after encoding it in UCS2? Here's a patch that does this. I think you might get into trouble here due to difference in the MS unicode marshalling flexibility. I don't understand. Could you elaborate? i guess if (length_of_bytes_in_orig_string != num_character_in_string) then we would have a problem. Had to think though this a bit. I think I misunderstood you to start with. I thought we were talking about UNISTR2 length == num_characters. My point was that sometimes this is actually == num_characters*2 (as you mentioned). Ignore me. My memory deteriates as I get older. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+TTZMIR7qMdg1EfYRAgOwAKC4fw6AgaMBIQNKO8HgfPDhYG31nACfToeG DhQ+TtLtswfK/U2Th0X5XK4= =8I/J -END PGP SIGNATURE-
Re: init_unistr2 length calculation
Thanks for clearing that up. I took a look at the log for the file and saw that tridge expected the 'len' argument to init_unistr2() to be the character length, not the byte length of the string. So it appears the callers will have to be fixed, not the function as I thought. Would be good to have a function that calculated the character length after conversion to UCS2 since it's much more efficient to calculate (/2) than that of a multi-byte charset. Maybe there is.. need to take a look. Thanks, Shirish On Fri, 14 Feb 2003, Gerald (Jerry) Carter wrote: On Thu, 13 Feb 2003, Shirish Kalele wrote: In init_unistr2, the string length for the UNISTR2 structure seems to be set equal to the number of bytes occupied by the string when encoded in the Unix charset (i.e. the value returned by strlen()). This is not necessarily the number of characters in the string (given UTF-8 and other variable-byte charsets). Shouldn't this actually be set to half the number of bytes occupied by the string after encoding it in UCS2? Here's a patch that does this. I think you might get into trouble here due to difference in the MS unicode marshalling flexibility. I don't understand. Could you elaborate? i guess if (length_of_bytes_in_orig_string != num_character_in_string) then we would have a problem. Had to think though this a bit. I think I misunderstood you to start with. I thought we were talking about UNISTR2 length == num_characters. My point was that sometimes this is actually == num_characters*2 (as you mentioned).
Re: [PATCH] file change notification
Hi Tim, Am Freitag, 14. Februar 2003 21:52 schrieb Tim Potter: On Fri, Feb 14, 2003 at 08:28:55PM +0100, Juergen Hasch wrote: Hello Hal, thanks for coding this patch, unfortunately it doesn't work for me. Checking the generated network packets with ethereal shows that the NT_NOTIFY packet I receive on the Windwows side is invalid. The packet (frame size as shown in ethereal) is much too short, it's size is 93 bytes, it should be 162. How well does ethereal handle SMB change notify? I can honestly say that I've never seen it happen. (-: actually it looks quite good :-) Attached is a capture from two W2K machines talking to each other. Packet No. 19 shows the NT NOTIFY response packet. This capture was made using the Windows version of ethereal, the Linux version crashes on my machine when opening the capture file. Maybe you can fix that ;-) If you send me a bunch of captures I can fix any misdissections or any other problems with ethereal in this regard. Tim. ...Juergen
Question about smbtorture
When I run OPLOCK2 smbtorture test against a CIFS server, I don't see smbtorture responding to oplock break request from CIFS server, any idea about this problem? Sri
Re: Question about smbtorture
On Fri, 14 Feb 2003, Srikanta Shivanna wrote: When I run OPLOCK2 smbtorture test against a CIFS server, I don't see smbtorture responding to oplock break request from CIFS server, any idea about this problem? So, are you observing this on the wire? Which version of smbtorture are you using? The one in Samba head has code to ack oplocks if they are enabled, and also allows smbtorture to install its own oplock handler when it needs to. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: cross compiling samba-2.2.7a
On Fri, 2003-02-14 at 02:22, Vincent Sanders wrote: Hi I have recently had cause to cross compile samba 2.2.7a from x86 to arm uclibc linux. During the make i have come across a problem with the int32 macro definition in /include/includes.h (line 459) the check works out everything to do with getting a int32 defined then defines *u*int32 Thought you might like to know It was already fine in HEAD, but I've fixed it in 2.2. Thanks! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: [PATCH] file change notification
On Fri, Feb 14, 2003 at 10:21:04PM +0100, Juergen Hasch wrote: actually it looks quite good :-) That's good to hear! Attached is a capture from two W2K machines talking to each other. Packet No. 19 shows the NT NOTIFY response packet. This capture was made using the Windows version of ethereal, the Linux version crashes on my machine when opening the capture file. Maybe you can fix that ;-) OK that's definitely something worth doing. Thanks, Tim.
Error in libsmb/clispnego.c
Hi, In libsmb/clispnego.c, in spnego_gen_krb5_wrap, there is the following piece of code: asn1_push_tag(data, ASN1_APPLICATION(0)); asn1_write_OID(data, OID_KERBEROS5); asn1_write_BOOLEAN(data, 0); asn1_write(data, ticket.data, ticket.length); asn1_pop_tag(data); The asn1_write_BOOLEAN is wrong. According to RFC1964, the two-byte field that the asn1_write_BOOLEAN writes is actually a token-id, which can have the values: #define KRB_TOKEN_AP_REQ0x0001 #define KRB_TOKEN_AP_REP0x0002 #define KRB_TOKEN_AP_ERR0x0003 #define KRB_TOKEN_GETMIC0x0101 #define KRB_TOKEN_WRAP 0x0102 #define KRB_TOKEN_DELETE_SEC_CONTEXT0x0201 A similar mistake is made in the spnego_parse_krb5_wrap. We should fix it, but that involves returning error codes from parse if it is not what we expect, and handing an extra parameter to the gen routine. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
