Trouble with Printing from samba-2.2.6 (linux) To Canon LBP-810(Win98)
Diar Sir, first of all I am sorry for my English. My torouble discribed in Subject. So some additional Info: OS: Slackware Linux 8.0, samba-2.2.6, lpr.tgz (from distributive). OS: Windows 98 SE2, Canon LBP-810. /etc/printcap have this string: lp:sd=/var/spool/lpd/smb:sh:if=/usr/local/samba/bin/smbprint in /var/spool/lpd/smb/.config: server = ALTAIR service = CANON password = "" Comand : $ lpr lpr: connect: No such file or directory jobs queued, but cannot start daemon. Command: $ps -ax | grep lpd 49 ? S 0:00 /usr/sbin/lpd 153 pts/0 S 0:00 grep lpd And Now smbclient //altair/canon -N smb: \> print FileName.txt putting file FileName.txt as FileName.txt (0.7 kb/s) (average 0.7 kb/s) But nothing printing Best Regards Pavel Kolevatyh mail to: [EMAIL PROTECTED] - Получите бесплатный почтовый ящик @ukr.net на http://freemail.ukr.net - Получите бесплатный почтовый ящик @ukr.net на http://freemail.ukr.net
RE: (fwd) amigasamba?
CL! On Thu, 2003-03-13 at 23:08, Ulf Bertilsson wrote: > I look into this in a few days. > > Use www.birrabrothers.com/tiger/data/samba as mirror > > I'm on vacation and don't have the info here. -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. - http://www.xsec.it via Durando 10 Ed. G - 20158 - Milano mobile: +39 329 328 7702 tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
[PATCH] better finding of clobber_region() bugs
Hi Andrew, here's the clobber patch... metze - Stefan "metze" Metzmacher <[EMAIL PROTECTED]> clobber-01.diff Description: Binary data
Re: Error messages generated by passdb/pdb_smbpasswd.c are(almost) useless
It seem very clear to me Richard.
An smbpasswd entry has a single UID field, if there you find something
that's not a number then the entry is malformed.
What's unclear?
Printing the line may clobber the logs, as a malformed entry may contain
just anything like control chars, I agree that telling the entry line
number could be a good idea.
Simo.
On Fri, 2003-03-14 at 07:55, Richard Sharpe wrote:
> Hi,
>
> Someone asked me what some messages like "getsmbfilepwent: malformed
> password entry (uid not number)" meant when using the smbpasswd command.
> Not knowing, I went searching the source code to find:
>
> if (!isdigit(*p)) {
> DEBUG(0, ("getsmbfilepwent: malformed password entry (uid not
> number)\n"));
> continue;
>
> This is very little help in pinpointing the problems, as it does not tell
> us what the routine was looking at that caused the problem. Perhaps
> including the string it was processing would have been more useful!
>
> Regards
> -
> Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
> sharpe[at]ethereal.com, http://www.richardsharpe.com
--
Simo Sorce - [EMAIL PROTECTED]
Xsec s.r.l. - http://www.xsec.it
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
signature.asc
Description: This is a digitally signed message part
printer name not returned correctly
Hi, still messing about with printers. If I create a printer like so: [TestP] printer name = Test_Printer printable = yes and then do rpcclient enumprinters 2 against the server, I get: servername:[\\server] printername:[\\server\TestP] sharename:[TestP] portname:[HPLaserJet4050Series] drivername:[HP LaserJet 4050 Series PCL 5e] comment:[Created by rpcclient] location:[] sepfile:[] printprocessor:[winprint] datatype:[RAW] parameters:[] attributes:[0x1018] priority:[0x0] defaultpriority:[0x0] starttime:[0x0] untiltime:[0x0] status:[0x0] cjobs:[0x0] averageppm:[0x0] I would have expected printername to be \\server\Test_Printer, since that's what my NT4 box is returning for a similar setup. I've traced through the server code and it looks okay where it's retrieving the info from the tdb file, so that would suggest that the information is incorrect in the tdb file. And sure enough, ntprinters.tdb has TestP in it several times, but no sign of Test_Printer. The default info2 structure assumes a printer name of \\server\share, so maybe that would be a good place to start. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. "Crying for sympathy / crocodile cries / for the love of the crowd and the three cheers from everyone" - The Cure, _Disintegration_
Re: Error messages generated by passdb/pdb_smbpasswd.c are (almost)useless
On Fri, 2003-03-14 at 21:17, Simo Sorce wrote: > It seem very clear to me Richard. > > An smbpasswd entry has a single UID field, if there you find something > that's not a number then the entry is malformed. > > What's unclear? > > Printing the line may clobber the logs, as a malformed entry may contain > just anything like control chars, I agree that telling the entry line > number could be a good idea. More particularly it might contain the passwords... (our logs are often world-readable) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: bug in masked_match function
I found this suspisious case (and described shortly in
Samba-JP), so I'll explain more.
In <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>> The masked_match function in lib/access.c is wrong.(CVS HEAD and 2_2)
This case matches if CIDR-like notation specified in hosts
allow/deny (ex. '10.0.0.0/23') only. This is not case if
specified with /. (ex. '10.0.0.0/255.255.254.0')
I cite more lines in lib/access.c:
33 if (strlen(slash + 1) > 2) {
34 mask = interpret_addr(slash + 1);
35 } else {
36 mask = (uint32)((ALLONES << atoi(slash + 1)) ^ ALLONES);
37 }
>> Example: hosts allow = 10.0.0.0/23
>>
>> This produces following result. This isn't mask.
>> mask = 0111
In case '10.0.0.0/255.255.254.0', program execute line 34
and returns:
mask = 1110
>> I don't know why this change was made.
>> http://cvs.samba.org/cgi-bin/cvsweb/samba/source/lib/access.c.diff?r1=1.19.4.12&r2=1.19.4.13
I think reverting change in line 36 (reverse shift
direction) or replacing '^'(XOR) to '&'(AND) would solve
this case. Am I right?
Patch (I prefer replacing '^' to '&') follows:
Index: lib/access.c
===
RCS file: /cvsroot/samba/source/lib/access.c,v
retrieving revision 1.35
diff -u -u -w -r1.35 access.c
--- lib/access.c12 Nov 2002 23:15:49 - 1.35
+++ lib/access.c14 Mar 2003 10:43:09 -
@@ -33,7 +33,7 @@
if (strlen(slash + 1) > 2) {
mask = interpret_addr(slash + 1);
} else {
- mask = (uint32)((ALLONES << atoi(slash + 1)) ^ ALLONES);
+ mask = (uint32)((ALLONES << atoi(slash + 1)) & ALLONES);
}
if (net == INADDR_NONE || mask == INADDR_NONE) {
Tomoki AONO ([EMAIL PROTECTED])
[PATCH] Joining domains specifying auth realm
Let's try this again. The previous patch I submitted didn't work in
some configurations. (ads->auth.realm needs to be preserved over the
ads_connect call.)
This patch is for SAMBA_3_0.
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
RCS file: /cvsroot/samba/source/utils/net_ads.c,v
retrieving revision 1.37.2.12
diff -p -u -r1.37.2.12 net_ads.c
--- utils/net_ads.c 24 Feb 2003 03:06:45 - 1.37.2.12
+++ utils/net_ads.c 14 Mar 2003 15:55:45 -
@@ -122,6 +125,7 @@ static ADS_STRUCT *ads_startup(void)
ADS_STATUS status;
BOOL need_password = False;
BOOL second_time = False;
+ char *cp, *realm_save = NULL;
ads = ads_init(NULL, NULL, opt_host);
@@ -147,7 +151,29 @@ retry:
ads->auth.user_name = strdup(opt_user_name);
+ /*
+* If the username is of the form "[EMAIL PROTECTED]",
+* extract the realm and convert to upper case.
+* This is only used to establish the connection.
+*/
+ realm_save = ads->auth.realm;
+ if (cp = strchr(ads->auth.user_name, '@')) {
+ *cp++ = '\0';
+ ads->auth.realm = cp;
+ strupper(ads->auth.realm);
+ }
+
status = ads_connect(ads);
+
+ /*
+* Restore the realm name. If there wasn't one,
+* default to the configuration realm.
+*/
+ if( realm_save == NULL )
+ realm_save = strdup(ads->config.realm);
+
+ ads->auth.realm = realm_save;
+
if (!ADS_ERR_OK(status)) {
if (!need_password && !second_time) {
need_password = True;
rpcclient: return real WERROR values to user
This patch allows WERROR-based RPC calls to return their real value to
the user instead of NT_STATUS_OK/NT_STATUS_UNSUCCESSFUL. Basically
I've extended the cmd_set type to include a return type field and
instead of the NTSTATUS (*fn)() definition there's a NTSTATUS
(*ntfn)() and a WERROR (*wfn)(); the code chooses one based on the
setting of the type field, and invokes the correct errstr function on
the return value if it's not OK.
Cheers,
Waider.
Index: rpcclient/cmd_dfs.c
===
RCS file: /cvsroot/samba/source/rpcclient/cmd_dfs.c,v
retrieving revision 1.12
diff -u -r1.12 cmd_dfs.c
--- rpcclient/cmd_dfs.c 25 Feb 2003 23:34:56 - 1.12
+++ rpcclient/cmd_dfs.c 15 Mar 2003 00:07:14 -
@@ -227,11 +227,11 @@
{ "DFS" },
- { "dfsexist", cmd_dfs_exist, PI_NETDFS, "Query DFS support","" },
- { "dfsadd", cmd_dfs_add, PI_NETDFS, "Add a DFS share", "" },
- { "dfsremove", cmd_dfs_remove, PI_NETDFS, "Remove a DFS share", "" },
- { "dfsgetinfo", cmd_dfs_getinfo, PI_NETDFS, "Query DFS share info", "" },
- { "dfsenum",cmd_dfs_enum,PI_NETDFS, "Enumerate dfs shares", "" },
+ { "dfsexist", RPC_RTYPE_NTSTATUS, cmd_dfs_exist, NULL, PI_NETDFS, "Query
DFS support","" },
+ { "dfsadd",RPC_RTYPE_NTSTATUS, cmd_dfs_add, NULL, PI_NETDFS, "Add a
DFS share", "" },
+ { "dfsremove", RPC_RTYPE_NTSTATUS, cmd_dfs_remove, NULL, PI_NETDFS, "Remove a
DFS share", "" },
+ { "dfsgetinfo",RPC_RTYPE_NTSTATUS, cmd_dfs_getinfo, NULL, PI_NETDFS, "Query
DFS share info", "" },
+ { "dfsenum", RPC_RTYPE_NTSTATUS, cmd_dfs_enum,NULL, PI_NETDFS,
"Enumerate dfs shares", "" },
{ NULL }
};
Index: rpcclient/cmd_ds.c
===
RCS file: /cvsroot/samba/source/rpcclient/cmd_ds.c,v
retrieving revision 1.4
diff -u -r1.4 cmd_ds.c
--- rpcclient/cmd_ds.c 25 Feb 2003 23:34:56 - 1.4
+++ rpcclient/cmd_ds.c 15 Mar 2003 00:07:14 -
@@ -53,7 +53,7 @@
{ "LSARPC-DS" },
- { "dsroledominfo", cmd_ds_dsrole_getprimarydominfo, PI_LSARPC_DS,
"Get Primary Domain Information", "" },
+ { "dsroledominfo", RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL,
PI_LSARPC_DS, "Get Primary Domain Information", "" },
{ NULL }
};
Index: rpcclient/cmd_lsarpc.c
===
RCS file: /cvsroot/samba/source/rpcclient/cmd_lsarpc.c,v
retrieving revision 1.74
diff -u -r1.74 cmd_lsarpc.c
--- rpcclient/cmd_lsarpc.c 25 Feb 2003 06:24:13 - 1.74
+++ rpcclient/cmd_lsarpc.c 15 Mar 2003 00:07:14 -
@@ -741,20 +741,20 @@
{ "LSARPC" },
- { "lsaquery",cmd_lsa_query_info_policy, PI_LSARPC, "Query info
policy","" },
- { "lookupsids", cmd_lsa_lookup_sids,PI_LSARPC, "Convert SIDs
to names","" },
- { "lookupnames", cmd_lsa_lookup_names, PI_LSARPC, "Convert names
to SIDs","" },
- { "enumtrust", cmd_lsa_enum_trust_dom, PI_LSARPC, "Enumerate
trusted domains","Usage: [preferred max number] [enum context (0)]" },
- { "enumprivs", cmd_lsa_enum_privilege, PI_LSARPC, "Enumerate
privileges", "" },
- { "getdispname", cmd_lsa_get_dispname, PI_LSARPC, "Get the
privilege name", "" },
- { "lsaenumsid", cmd_lsa_enum_sids, PI_LSARPC, "Enumerate the
LSA SIDS", "" },
- { "lsaenumprivsaccount", cmd_lsa_enum_privsaccounts, PI_LSARPC, "Enumerate the
privileges of an SID", "" },
- { "lsaenumacctrights", cmd_lsa_enum_acct_rights, PI_LSARPC, "Enumerate the
rights of an SID", "" },
- { "lsaenumacctwithright",cmd_lsa_enum_acct_with_right,PI_LSARPC,"Enumerate
accounts with a right", "" },
- { "lsaaddacctrights",cmd_lsa_add_acct_rights,PI_LSARPC, "Add rights to
an account", "" },
- { "lsaremoveacctrights", cmd_lsa_remove_acct_rights, PI_LSARPC, "Remove rights
from an account", "" },
- { "lsalookupprivvalue", cmd_lsa_lookupprivvalue,PI_LSARPC, "Get a
privilege value given its name", "" },
- { "lsaquerysecobj", cmd_lsa_query_secobj, PI_LSARPC, "Query LSA
security object", "" },
+ { "lsaquery",RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL,
PI_LSARPC, "Query info policy","" },
+ { "lookupsids", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids,NULL,
PI_LSARPC, "Convert SIDs to names","" },
+ { "lookupnames", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL,
PI_LSARPC, "Convert names to SIDs","" },
+ { "enumtrust", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_do
RE: FW: encrypt passwords = no, security=user, samba 3.0a22
On Tue, 11 Mar 2003, Nir Soffer wrote: > > FWIW turning off unicode with unicode=no helps somewhat, and both > ethereal and Samba parse the session request correctly: Hmmm, I fixed a problem in Ethereal around Unicode handling last week at Connectathon. I would be very interested in a trace that shows the problem. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: FW: encrypt passwords = no, security=user, samba 3.0a22
Richard Sharpe wrote: > > On Tue, 11 Mar 2003, Nir Soffer wrote: > > > > > FWIW turning off unicode with unicode=no helps somewhat, and both > > ethereal and Samba parse the session request correctly: > > Hmmm, I fixed a problem in Ethereal around Unicode handling last week at > Connectathon. I would be very interested in a trace that shows the > problem. Run Samba 3.0 with plaintext passwords. Then log on from both a W2K and a W/XP system. Make sure the Windows clients have been registry-hacked to allow plaintext. Piece of cake. I'm pretty sure I've sent you a capture on this before. I also sent one that showed that WindowsNT4SP3 adds extra nul bytes following some Unicode strings, and that Window2000 will sometime drop one nul byte at the end of the PrimaryDomain field (such that the PrimaryDomain Unicode string isn't properly terminated). See also the !Alert box in section 2.7.2 of my book. ;l file:///home/crh/work/docs/cifsdocs/SMB.html#SMB.7.2 Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
[PATCH] auto-generate smbd/build_options.c
Attached is a patch to automatically generate smbd/build_options.c from
the contents of include/config.h.in . I'm really not too sure about how
the stuff I've done to the Makefile - could someone who understands
Makefiles better than me take a look and comment? And of course,
comments on the awk too!
I was also a little unsure about what the output should look like, so
I've included all three of my ideas.
1) Just the define:
Build Options:
COMPILER_SUPPORTS_LL
LDAP_SET_REBIND_PROC_ARGS
2) The define and the comment on different lines:
Build Options:
/* Whether the compiler supports the LL prefix on long long integers
*/
COMPILER_SUPPORTS_LL
/* Number of arguments to ldap_set_rebind_proc */
LDAP_SET_REBIND_PROC_ARGS
3) the define and the comment on one line:
Build Options:
COMPILER_SUPPORTS_LL /* Whether the compiler
supports the LL prefix on long long integers */
LDAP_SET_REBIND_PROC_ARGS /* Number of arguments to
ldap_set_rebind_proc */
Personally, I prefer the third option, but the lines are long, which
probably isn't to everyone's likings.
To try out the various options, comment/uncomment lines 215-217 of
script/mkbuildoptions.awk as necessary.
Vance Lankhaar
Index: Makefile.in
===
RCS file: /cvsroot/samba/source/Makefile.in,v
retrieving revision 1.628
diff -u -r1.628 Makefile.in
--- Makefile.in 14 Mar 2003 23:11:18 - 1.628
+++ Makefile.in 15 Mar 2003 04:37:11 -
@@ -697,6 +697,13 @@
@BROKEN_CC@ -mv `echo $@ | sed -e 's%^.*/%%g' -e 's%\.po$$%.o%'` $@
@POBAD_CC@ @mv $*.po.o $@
+smbd/build_options.o: smbd/build_options.c Makefile include/config.h
+ @echo Compiling $*.c
+ @$(CC) $(FLAGS) $(PATH_FLAGS) -c $< -o $@
+
+smbd/build_options.c: include/config.h.in script/mkbuildoptions.awk
+ @echo Generating $@
+ @$(AWK) -f $(srcdir)/script/mkbuildoptions.awk > $(builddir)/smbd/build_options.c < $(srcdir)/include/config.h.in
.c.po:
@if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \
dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi
@@ -1145,7 +1152,7 @@
proto_exists: include/proto.h include/wrepld_proto.h include/build_env.h \
nsswitch/winbindd_proto.h web/swat_proto.h \
client/client_proto.h utils/net_proto.h \
- include/tdbsam2_parse_info.h
+ include/tdbsam2_parse_info.h smbd/build_options.c
delheaders:
@echo Removing prototype headers
@@ -1154,13 +1161,14 @@
@/bin/rm -f $(srcdir)/web/swat_proto.h
@/bin/rm -f $(srcdir)/client/client_proto.h $(srcdir)/utils/net_proto.h
@/bin/rm -f $(srcdir)/include/tdbsam2_parse_info.h
+ @/bin/rm -f $(srcdir)/smbd/build_options.c
@/bin/rm -f include/proto.h include/build_env.h include/wrepld_proto.h \
nsswitch/winbindd_proto.h web/swat_proto.h \
client/client_proto.h utils/net_proto.h \
- include/tdbsam2_parse_info.h
+ include/tdbsam2_parse_info.h smbd/build_options.c
-include/proto.h:
+include/proto.h: smbd/build_options.c
@echo Building include/proto.h
@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
-h _PROTO_H_ $(builddir)/include/proto.h \
@@ -1206,6 +1214,7 @@
# parallel make.
headers:
$(MAKE) delheaders; \
+ $(MAKE) smbd/build_options.c \
$(MAKE) include/proto.h; \
$(MAKE) include/build_env.h; \
$(MAKE) include/wrepld_proto.h; \
--- /dev/null 2003-01-27 19:23:49.0 -0700
+++ script/mkbuildoptions.awk 2003-03-14 21:37:00.0 -0700
@@ -0,0 +1,249 @@
+BEGIN {
+ print "/* ";
+ print " Unix SMB/CIFS implementation.";
+ print " Build Options for Samba Suite";
+ print " Copyright (C) Vance Lankhaar <[EMAIL PROTECTED]> 2003";
+ print " Copyright (C) Andrew Bartlett <[EMAIL PROTECTED]> 2001";
+ print " ";
+ print " This program is free software; you can redistribute it and/or modify";
+ print " it under the terms of the GNU General Public License as published by";
+ print " the Free Software Foundation; either version 2 of the License, or";
+ print " (at your option) any later version.";
+ print " ";
+ print " This program is distributed in the hope that it will be useful,";
+ print " but WITHOUT ANY WARRANTY; without even the implied warranty of";
+ print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the";
+ print " GNU General Public License for more details.";
+ print " ";
+ print " You should have received a copy of the GNU General Public License";
+ print " along with this program; if not, write to the Free Software";
+ print " Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.";
+ print "*/";
+ print "";
+ print "#include \"includes.h\"";
+ print "#include \"build_env.h\"";
+ print "#include \"dynconfig.h\"";
+ print "";
+ print "static void output(BOOL screen, const char *format, ...) PRINTF_ATTRIBUTE(2,3);";
+ print "";
+ print "";
+ print "/";
+ print "helper function for build_optio
Re: Samba and PAM patches for PDC configuration
On Sat, 2003-03-15 at 13:47, Bikram wrote: > Hello, > > I wanted to share with you all this patch for Samba > and PAM for configuring SAMBA as the PDC > authenticating Windows 98 users. > As a part of our project, I had worked on configuring > Samba as the primary domain controller and customizing > PAM authentication modules. > > I had recompiled Samba version 2.2.2 and PAM version > 0.75 installed on Redhat version 7.1. Well, where to start... Firstly, you would be highly advised to look at Samba HEAD - the authentication interface provides all the hooks you need already. Similarly, both 2.2 and 3.0 provide a passdb interface, that allows (with differing degrees of difficulty) a full and proper implementation of this concept, for all client OSes. Indeed, if you are working with plaintext passwords (Win9X domain logons will do that, if not much more...), I don't see why you needed to modify Samba at all... You open files in /tmp without regard for where they point, you have specifically disabled the tests that prevent the dangerous use of sprintf() an strcpy() and you haven't read the diff before posting (because you would have cleaned it up if you had). You copy files without their copyright headers, and you add extra includes to the files directly (I don't even know why you need them..) Any interface that allows the plaintext password out of the oracle server should be carefully considered - if you have the plaintext passwords so easily accessible, why not just write a perl script to export to smbpasswd? I say this only to save some poor sole finding your patch in the mailing list archive uncommented. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Samba and PAM patches
First of all, I would express all my apologies. I only intended to express some ideas or ask for any suggestions by posting this patch on the Samba mailing list. Since this is my first time doing modification, I might have done overlooked some points. --- Andrew Bartlett <[EMAIL PROTECTED]> wrote: > Indeed, if you are working with plaintext passwords > (Win9X domain logons > will do that, if not much more...), I don't see why > you needed to modify > Samba at all... > Actually we were not working with plain-text passwords. We didnt want to use plain-text passwords. As we read some time back and that was 1 year ago that if we were to use emcrypted passwords, Samba would use smbpasswd file to match the passwords. In our case, since we wanted to use encrypted passwords and since all the accounts are maintained on Oracle database server, we didnt want to export all the user details into smbpasswd file on the local Linux Server since doing that would not keep synchronization as and when users change their passwords plus anytime any new student joins the school we would have to then manually run the script to export new usernames and passwords locally. So, to work around that we thought of bypassing the smbpasswd file lookup by Samba and get user account information from remote Oracle Server. > You open files in /tmp without regard for where they > point, you have > specifically disabled the tests that prevent the > dangerous use of > sprintf() an strcpy() and you haven't read the diff > before posting > (because you would have cleaned it up if you had). > Opening a file in /tmp location was intended only for the purpose of debugging. That was supposed to be temporary. I agree that I could have done a better work had I read more on how to clean the patch. > Any interface that allows the plaintext password out > of the oracle > server should be carefully considered - if you have > the plaintext > passwords so easily accessible, why not just write a > perl script to > export to smbpasswd? > The same reason. By exporting to smbpasswd we would have to make sure that accounts are synchronized between remote Oracle server and the local Linux Server that would run Samba Server. That was not advisable. Anytime a new account is created we would have to then export it.. So, to achieve custom authentication, we modified the PAM authentication routines to suit our needs. And to bypass the smbpasswd file lookup by Samba server and to get the challenge text used by Samba, we modified the Samba Server source code. Again, my whole intention was to share some views and ideas with the Samba mailing list just to have your suggestions and criticisms at the same time :) . Being a rookie I guess I did mistakes I agree. anyways, thanks a lot for your mail Andrew. Bikram. __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com
Re: Samba and PAM patches
On Sat, 2003-03-15 at 18:15, Bikram Assal wrote: > > > First of all, I would express all my apologies. > I only intended to express some ideas or ask for any > suggestions by posting this patch on the Samba mailing > list. > Since this is my first time doing modification, I > might have done overlooked some points. > > --- Andrew Bartlett <[EMAIL PROTECTED]> wrote: > > > Indeed, if you are working with plaintext passwords > > (Win9X domain logons > > will do that, if not much more...), I don't see why > > you needed to modify > > Samba at all... > > > > Actually we were not working with plain-text > passwords. > We didnt want to use plain-text passwords. > As we read some time back and that was 1 year ago that > if we were to use emcrypted passwords, Samba would use > smbpasswd file to match the passwords. > > In our case, since we wanted to use encrypted > passwords and since all the accounts are maintained on > Oracle database server, we didnt want to export all > the user details into smbpasswd file on the local > Linux Server since doing that would not keep > synchronization as and when users change their > passwords plus anytime any new student joins the > school we would have to then manually run the script > to export new usernames and passwords locally. > So, to work around that we thought of bypassing the > smbpasswd file lookup by Samba and get user account > information from remote Oracle Server. Good answer. And more importantly the correct answer - the problem is you picked the wrong layer. See the code in source/passdb, particularly in HEAD. If you have ready access to the DB server, then this is the idea place to implement your module. Look on the net for jelmer's pdb_sql module, as it will probably do most of what you want already. > > You open files in /tmp without regard for where they > > point, you have > > specifically disabled the tests that prevent the > > dangerous use of > > sprintf() an strcpy() and you haven't read the diff > > before posting > > (because you would have cleaned it up if you had). > > > > Opening a file in /tmp location was intended only for > the purpose of debugging. > That was supposed to be temporary. > I agree that I could have done a better work had I > read more on how to clean the patch. > > > > Any interface that allows the plaintext password out > > of the oracle > > server should be carefully considered - if you have > > the plaintext > > passwords so easily accessible, why not just write a > > perl script to > > export to smbpasswd? > > > > The same reason. By exporting to smbpasswd we would > have to make sure that accounts are synchronized > between remote Oracle server and the local Linux > Server that would run Samba Server. That was not > advisable. > Anytime a new account is created we would have to then > export it.. Cronjobs work well, but you have to take care of nsswtich anyway, so you should try and integrate your solution. Indeed, live lookups have many properties that make them highly advisable. > So, to achieve custom authentication, we modified the > PAM authentication routines to suit our needs. Why force this into PAM? PAM may be good for some things, but this is one thing it's not good at... Anyway, look into creating a passdb module for 2.2 or 3.0 (3.0 recommended). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
[SAMBA] User Manager for Domains?
Does anyone know if User Manager for Domains is compatible with Samba (and if so what version). I am running it but am noticing alot of anomolies, that I am wondering if they are fixable.
