[PATCH]SAMR_LOOKUP_DOMAIN functionality in rpcclient
Hi All,
I wanted to test the server SAMR_LOOOKUP_DOMAIN functionality in samba3.0 which made
me add the client functionality for the same in rpcclient which was not present(also I
cudnt think abt any scenarios where it wud be genearted ). This is a _trivial_ patch
to adding the client side functioning using two functions :
cli_samr_lookup_domain
cmd_samr_lookup_domain
Could u pls comment( /apply it :-) ?
Cheers,
Amber.
P.S. Use: patch -p0
_
free webspace email - http://www.nu3.net
_
Select your own custom email address for FREE! Get [EMAIL PROTECTED] w/No Ads, 6MB,
POP more! http://www.everyone.net/selectmail?campaign=tag
*** /home/apalekar/tmp/source/rpc_client/cli_samr.c Thu Mar 6 13:59:58 2003
--- rpc_client/cli_samr.c Fri Mar 28 00:47:56 2003
***
*** 1449,1451
--- 1449,1498
return result;
}
+
+ /* Lookup Domain Name */
+
+ NTSTATUS cli_samr_lookup_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *user_pol, fstring domain_name,
+ DOM_SID *sid)
+ {
+ prs_struct qbuf, rbuf;
+ SAMR_Q_LOOKUP_DOMAIN q;
+ SAMR_R_LOOKUP_DOMAIN r;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+
+ init_samr_q_lookup_domain(q, user_pol, domain_name);
+
+ if (!samr_io_q_lookup_domain(, q, qbuf, 0) ||
+ !rpc_api_pipe_req(cli, SAMR_LOOKUP_DOMAIN, qbuf, rbuf))
+ goto done;
+
+ /* Unmarshall response */
+
+ if (!samr_io_r_lookup_domain(, r, rbuf, 0))
+ goto done;
+
+ /* Return output parameters */
+
+ result = r.status;
+ sid_copy(sid,(r.dom_sid.sid));
+
+ done:
+ prs_mem_free(qbuf);
+ prs_mem_free(rbuf);
+
+ return result;
+ }
+
+ /* Lookup Domain Name */
+
*** /home/apalekar/tmp/source/rpcclient/cmd_samr.c Thu Mar 6 13:59:58 2003
--- rpcclient/cmd_samr.cFri Mar 28 00:49:04 2003
***
*** 1399,1404
--- 1399,1454
return result;
}
+ /**
+ *
+ */
+ static NTSTATUS cmd_samr_lookup_domain(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
+ {
+ POLICY_HND connect_pol, domain_pol, user_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ fstring domain_name,sid_string;
+ DOM_SID sid;
+
+ #if 0
+ if ((argc 2) || (argc 4)) {
+ printf(Usage: %s rid [info level] [access mask] \n, argv[0]);
+ return NT_STATUS_OK;
+ }
+ #endif
+
+ sscanf(argv[1], %s, domain_name);
+
+
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ connect_pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ result = cli_samr_open_domain(cli, mem_ctx, connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ domain_sid, domain_pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ result = cli_samr_lookup_domain(cli,mem_ctx,connect_pol,domain_name,sid);
+
+ sid_to_string(sid_string,sid);
+
+ if (NT_STATUS_IS_OK(result)) {
+ DEBUG(0,(SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID:
%s\n,domain_name,sid_string));
+ goto done;
+ }
+
+
+ done:
+ return result;
+ }
+
/* List of commands exported by this module */
***
*** 1424,1428
--- 1474,1479
{ samquerysecobj, cmd_samr_query_sec_obj, PI_SAMR, Query SAMR
security object,},
{ getdompwinfo, cmd_samr_get_dom_pwinfo,PI_SAMR, Retrieve
domain password info, },
+ { lookupdomain, cmd_samr_lookup_domain, PI_SAMR, Lookup
Domain Name, },
{ NULL }
};
Re: [PATCH]SAMR_LOOKUP_DOMAIN functionality in rpcclient
Ooops, wrong patch in the earlier mail.
Please find the correct patch here.
Cheers,
Amber.
--- message from amber palekar [EMAIL PROTECTED] attached:
_
free webspace email - http://www.nu3.net
_
Select your own custom email address for FREE! Get [EMAIL PROTECTED] w/No Ads, 6MB,
POP more! http://www.everyone.net/selectmail?campaign=tag
*** /home/apalekar/tmp/source/rpcclient/cmd_samr.c Thu Mar 6 13:59:58 2003
--- rpcclient/cmd_samr.cFri Mar 28 01:21:08 2003
***
*** 1399,1404
--- 1399,1450
return result;
}
+ /**
+ *
+ */
+ static NTSTATUS cmd_samr_lookup_domain(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
+ {
+ POLICY_HND connect_pol, domain_pol, user_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ fstring domain_name,sid_string;
+ DOM_SID sid;
+
+
+ if (argc != 2) {
+ printf(Usage: %s domain_name\n, argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ sscanf(argv[1], %s, domain_name);
+
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ connect_pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ result = cli_samr_open_domain(cli, mem_ctx, connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ domain_sid, domain_pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ result = cli_samr_lookup_domain(cli,mem_ctx,connect_pol,domain_name,sid);
+
+ sid_to_string(sid_string,sid);
+
+ if (NT_STATUS_IS_OK(result))
+ printf(SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID:
%s\n,domain_name,sid_string);
+
+
+ done:
+ return result;
+ }
+
/* List of commands exported by this module */
***
*** 1424,1428
--- 1470,1475
{ samquerysecobj, cmd_samr_query_sec_obj, PI_SAMR, Query SAMR
security object,},
{ getdompwinfo, cmd_samr_get_dom_pwinfo,PI_SAMR, Retrieve
domain password info, },
+ { lookupdomain, cmd_samr_lookup_domain, PI_SAMR, Lookup
Domain Name, },
{ NULL }
};
*** /home/apalekar/tmp/source/rpc_client/cli_samr.c Thu Mar 6 13:59:58 2003
--- rpc_client/cli_samr.c Fri Mar 28 00:52:55 2003
***
*** 1449,1451
--- 1449,1498
return result;
}
+
+ /* Lookup Domain Name */
+
+ NTSTATUS cli_samr_lookup_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *user_pol, fstring domain_name,
+ DOM_SID *sid)
+ {
+ prs_struct qbuf, rbuf;
+ SAMR_Q_LOOKUP_DOMAIN q;
+ SAMR_R_LOOKUP_DOMAIN r;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+
+ init_samr_q_lookup_domain(q, user_pol, domain_name);
+
+ if (!samr_io_q_lookup_domain(, q, qbuf, 0) ||
+ !rpc_api_pipe_req(cli, SAMR_LOOKUP_DOMAIN, qbuf, rbuf))
+ goto done;
+
+ /* Unmarshall response */
+
+ if (!samr_io_r_lookup_domain(, r, rbuf, 0))
+ goto done;
+
+ /* Return output parameters */
+
+ result = r.status;
+ sid_copy(sid,(r.dom_sid.sid));
+
+ done:
+ prs_mem_free(qbuf);
+ prs_mem_free(rbuf);
+
+ return result;
+ }
+
+ /* Lookup Domain Name */
+
---BeginMessage---
Hi All,
I wanted to test the server SAMR_LOOOKUP_DOMAIN functionality in samba3.0 which made
me add the client functionality for the same in rpcclient which was not present(also I
cudnt think abt any scenarios where it wud be genearted ). This is a _trivial_ patch
to adding the client side functioning using two functions :
cli_samr_lookup_domain
cmd_samr_lookup_domain
Could u pls comment( /apply it :-) ?
Cheers,
Amber.
P.S. Use: patch -p0
_
free webspace email - http://www.nu3.net
_
Select your own custom email address for FREE! Get [EMAIL PROTECTED] w/No Ads, 6MB,
POP more! http://www.everyone.net/selectmail?campaign=tag
*** /home/apalekar/tmp/source/rpc_client/cli_samr.c Thu Mar 6 13:59:58
W2K Explorer security propagation prob in 2.2.8 and Samba-3's andHEAD
I've have an NT4 PDC with Samba-2.2.8 joined as a domain member. When using Explorer in W2K to change security settings on Samba shares, the security settings are not propagted down the the directory tree - yes I have ticked the Reset perms on all child.. I also see CREATOR OWNER and CREATOR GROUP as accounts defined to all directories. 2.2.7a exhibits none of these issues, but 3 (Alpha 21) and HEAD both do. BTW, I've tested on different Linux distribs (RedHat, SuSE and Debian) on s390 and I686 arcs. One important point is that Samba is running with-acl-support enabled on POSIX ACL enabled Kernels at 2.4.19 and 2.4.20. Any help would be greatly appreciated. Cheers, Grant
Re: Patch for Bad Password Attempt Lockout, samba3.0a22.
On Fri, 2003-03-28 at 23:55, Jianliang Lu wrote: Now the users of admin users will not be locked. admin users not the appropriate choice here. Better would be the members of the 'domain admins' group. The interesting bit is finding this out at the right point in time... In attach is the new patch file. About lockout duration, I will implement next time. I think that we should extend another attribute to record the lockout time. We also need to check that the account policy has been set, and that it's not 0 (which I assume is the 'don't lock out' value). Also, I'm worried about the writes this will cause on the backend. An LDAP write can be quite expensive, and for the LDAP case this means that the master ldap server will be hit for every logon attempt. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
NMBD crashing in 2.2.7a (and 2.2.6, 2.2.5)
Hi all,
I've been having a problem with nmbd crashing multiple times per day.
I suspect that the problem is caused by a shell script that tries to
lookup the name for ws to ws4000 to build a DNS reverse table.
It look something like this:
#!/bin/ksh
typeset -Z4 i=0
while (( $i 4000 )); do
host=ws$i
nmblookup $host | awk -v host=$host '
/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ {
printf(%s IN A %s\n, host, $1)
}
'
(( i = i + 1 ))
done
I have a level 10 debug log which I could send if it would be useful.
Let me know if there is any more information I can provide.
Bob
[EMAIL PROTECTED]:16]- uname -a
SunOS salt 5.7 Generic_106541-19 sun4u sparc SUNW,Ultra-60
[EMAIL PROTECTED]:02]- gdb /usr/local/samba/bin/nmbd 5051
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type show copying to see the conditions.
There is absolutely no warranty for GDB. Type show warranty for details.
This GDB was configured as sparc-sun-solaris2.7...(no debugging symbols
found)...
/usr/proc/bin/5051: No such file or directory.
Attaching to program `/usr/local/samba/bin/nmbd', process 5051
Reading symbols from /usr/lib/libsec.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libsec.so.1
Reading symbols from /usr/lib/libgen.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libgen.so.1
Reading symbols from /usr/lib/libsocket.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libnsl.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libdl.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/dt/lib/libpam.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/dt/lib/libpam.so.1
Reading symbols from /usr/lib/libc.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libmp.so.2...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1...(no
debugging symbols found)...done.
Loaded symbols for /usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1
Retry #1:
Retry #2:
Retry #3:
Retry #4:
[New LWP 1]
Symbols already loaded for /usr/lib/libsec.so.1
Symbols already loaded for /usr/lib/libgen.so.1
Symbols already loaded for /usr/lib/libsocket.so.1
Symbols already loaded for /usr/lib/libnsl.so.1
Symbols already loaded for /usr/lib/libdl.so.1
Symbols already loaded for /usr/dt/lib/libpam.so.1
Symbols already loaded for /usr/lib/libc.so.1
Symbols already loaded for /usr/lib/libmp.so.2
Symbols already loaded for /usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1
0xff21a374 in _waitid () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff21a374 in _waitid () from /usr/lib/libc.so.1
#1 0xff1d8374 in _waitpid () from /usr/lib/libc.so.1
#2 0xff20ffd0 in system () from /usr/lib/libc.so.1
#3 0x7d1d0 in smb_panic ()
#4 0x641ac in fault_report ()
#5 signal handler called
#6 0xff1506bc in memcpy () from
/usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1
#7 0x2bc10 in query_name_response ()
#8 0x30ac0 in process_nmb_response ()
#9 0x30b44 in run_packet_queue ()
#10 0x21b0c in process ()
#11 0x22c10 in main ()
(gdb)
[EMAIL PROTECTED]:55]- ./pstack 5051
5051: /usr/local/sbin/nmbd -d 10 -D
ff21a374 waitid (0, 268, ffbeebc8, 103)
ff1d836c _waitpid (268, ffbeecb0, 100, 0, c, 0) + 54
ff20ffc8 system (112690, da000, 70d98, 7, d3db0, d3dc4) + 230
0007d1c8 smb_panic (d3e0c, d3db0, d3dc4, 29, 0, ee800) + 28
000641a4 fault_report (b, 0, ffbeefa8, 0, 0, 0) + 164
ff219650 sigacthandler (b, 0, ffbeefa8, 68, 0, ffbef2dc) + 28
--- called from signal handler with signal 11 (SIGSEGV) ---
ff1506bc memcpy (1122f0, 33f8d8, 33d618, 89, 0, ee800) + 1c
00030ab8 process_nmb_response (33d618, 33d618, 9fc00, 0, ffbef320,
ffbef328) + d0
00030b3c run_packet_queue (0, 0, 0, 7, ff235e10, 69e24) + 74
00021b04 process (1, f, bb8dc, 370, 9fc00, ee800) + 54
00022c08 main (4, d8c00, 9fc00, a6800, 0, 0) + 8e8
00020920 _start (0, 0, 0, 0, 0, 0) + 108
[EMAIL PROTECTED]:56]- ./pmap 5051
5051: /usr/local/sbin/nmbd -d 10 -D
0001512K read/exec /usr/local/samba/bin/nmbd
0009E000240K read/write/exec /usr/local/samba/bin/nmbd
000DA000 2528K read/write/exec [ heap ]
FF14 8K read/write/shared dev:85,2 ino:115369
FF15 16K read/exec /usr/platform/sun4u/lib/libc_psr.so.1
FF16 16K read/exec /usr/lib/libmp.so.2
FF172000 8K read/write/exec /usr/lib/libmp.so.2
FF18664K read/exec /usr/lib/libc.so.1
FF234000 40K read/write/exec /usr/lib/libc.so.1
FF25 24K
RE: NMBD crashing in 2.2.7a (and 2.2.6, 2.2.5)
Sorry, I forgot to include smb.conf. I am building the 2.2.8 release now
and will install it in the next couple of hours (assuming all builds
cleanly)
so any testing can be done against that release.
The current (2.2.7a) release we built with the following:
CC=/opt/SUNWspro/bin/cc ../../configure \
--with-automount \
--with-msdfs \
--with-nisplus-home \
--with-readline \
--with-pam \
--with-syslog \
--with-utmp \
--with-tdbsam \
--with-libsmbclient \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba/private \
--with-codepagedir='${prefix}/codepages' \
--with-lockdir=/var/samba/locks \
--localstatedir=/var/samba \
--mandir=/usr/local/share/man
#
# Global parameters
#
[global]
comment = %h.fra.ib.commerzbank.com
server string = Spicenet administrative server
max log size = 51200
debug timestamp = Yes
debug uid = Yes
debuglevel = 1
panic action = /bin/sleep 9
# When nmbd dies you will find a sleep process left on the machine.
# Using ps, find the parent of this process (it will be an nmbd
process),
# then attach to it using gdb.
# Type 'bt' to get a backtrace of the problem and mail it to the list
# [EMAIL PROTECTED]
workgroup = FRAIB
security = DOMAIN
encrypt passwords = Yes
#
# password server= * works but broke when the network melted down.
#
password server = pdcfraib dfsfraib sms1fraib
name resolve order = host, wins
load printers = No
printcap name = /etc/printcap
character set = ISO8859-1
wins proxy = Yes
wins server = pdcfraib.fra.ib.commerzbank.com
valid chars = 159 176 177 178 179 180 185 186 187 188 191 192 193 194 \
195 196 197 200 201 202 203 204 205 206 217 218 219 220 223 242 254
remote announce = pdclonib
NIS homedir = Yes
print command = /usr/bin/lp -c -s -d %p -o nobanner %s; rm %s
lpq command = /usr/bin/lpstat -o %p
lprm command = /usr/bin/cancel %p-%j
lppause command = /usr/bin/lp -H hold %p-%j
lpresume command = /usr/bin/lp -H resume %p-%j
oplocks = No
kernel oplocks = No
level2 oplocks = No
case sensitive = No
preserve case = Yes
username map = /etc/samba/username.map
[homes]
admin users = edgarb
comment = Home Directory
path = %H
writeable = Yes
create mask = 0755
browseable = No
[Clearcase]
comment = Clearcase software
path = /export/share/clearcase/v4.1
force user = root
force group = root
writeable = Yes
create mask = 0755
directory mask = 0755
[Clearcase42]
comment = Clearcase software
path = /export/share/clearcase/v4.2
force user = root
force group = root
writeable = Yes
create mask = 0755
directory mask = 0755
[CCData]
comment = Clearcase Data Store
path = /export/var/clearcase
write list = @ccaccess
create mask = 0775
directory mask = 0775
read only = yes
-Original Message-
From: Edgar, Bob [mailto:[EMAIL PROTECTED]
Sent: Freitag, 28. März 2003 14:20
To: '[EMAIL PROTECTED]'
Subject: NMBD crashing in 2.2.7a (and 2.2.6, 2.2.5)
Hi all,
I've been having a problem with nmbd crashing multiple times per day.
I suspect that the problem is caused by a shell script that tries to
lookup the name for ws to ws4000 to build a DNS reverse table.
It look something like this:
#!/bin/ksh
typeset -Z4 i=0
while (( $i 4000 )); do
host=ws$i
nmblookup $host | awk -v host=$host '
/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ {
printf(%s IN A %s\n, host, $1)
}
'
(( i = i + 1 ))
done
I have a level 10 debug log which I could send if it would be useful.
Let me know if there is any more information I can provide.
Bob
[EMAIL PROTECTED]:16]- uname -a
SunOS salt 5.7 Generic_106541-19 sun4u sparc SUNW,Ultra-60
[EMAIL PROTECTED]:02]- gdb /usr/local/samba/bin/nmbd 5051
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type show copying to see the conditions.
There is absolutely no warranty for GDB. Type show warranty for details.
This GDB was configured as sparc-sun-solaris2.7...(no debugging symbols
found)...
/usr/proc/bin/5051: No such file or directory.
Attaching to program `/usr/local/samba/bin/nmbd', process 5051
Reading symbols from /usr/lib/libsec.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libsec.so.1
Reading symbols from /usr/lib/libgen.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libgen.so.1
Reading symbols from /usr/lib/libsocket.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libnsl.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libnsl.so.1
2.2.8 fcntl F_SETLKW64 failing on Solaris 8
Hi! I am running into a problem with Samba 2.2.8 on Solaris 8. I didn't have this problem with 2.2.7a and my config file didn't change. What I notice is smbd process running iwth a high CPU usage. Normally they are below 1%. PID USERNAME THR PRI NICE SIZE RES STATETIMECPU COMMAND 11193 root 1 200 4800K 3256K cpu/3 929:36 23.25% smbd Sometimes I see two to three smbd process - each chewing up 20-25% each of the CPU, when I kill them they reappear after 2-3 days. If I do a truss on the process ID I see the following: fcntl(11, F_SETLKW64, 0xFFBEEF38) = 0 fcntl(11, F_SETLKW64, 0xFFBEEF38) = 0 fcntl(11, F_SETLKW64, 0xFFBEEF38) = 0 going on forever and ever. I saw similar posting on samba-technical and the fix was for Samaba 2.2.3a was an updated brlock.c Here are the details: SunOS 5.8 Generic_108528-18 sun4u sparc SUNW,Ultra-4 and our smb.conf file ; CS Samba Configuration ; (run though testparm after changing to verify no errors) [global] dfree command = /cs/local/lib/samba/dfree netbios name = xxx netbios aliases = xxx xxx username map = /cs/local/share/samba/usermap debug level = 1 max log size = 0 max connections = 0 server string = CS Samba %v Server workgroup = CSYORKUCA encrypt passwords = yes security = user hosts allow = guest account = nobody invalid users = root printing = bsd printcap name = /cs/local/share/LPRng/printcap load printers = yes interfaces = wins support = yes domain master = yes local master = yes nt acl support = yes preferred master = yes os level = 65 domain logons = yes print command = /cs/local/bin/lpr -b -P%p %s ; rm -f %s lpq command = /cs/local/bin/lpq -P%p lprm command = /cs/local/bin/lprm -P%p %j ; create mask = 0700 unix password sync = true passwd chat = . %n\n passwd program = /cs/local/lib/udb/smbchange %u logon script = default.bat ; disable roaming profiles ; win2k clients didn't run default.bat when it was in a directory below netlogon. ; default.bat now is in netlogon directory. ;logon script = scripts/default.bat ;logon path = \\%N\profiles\%U ;logon drive = h: ;logon home = \\%L\%U logon path = logon drive = logon home = inherit permissions = yes ;use client driver = yes ;disable spoolss = yes [netlogon] path = /cs/local/share/samba/netlogon writeable = no guest ok = no mangle case = yes ; The 'valid users' line means that users can only access their own ; home directory and not the home directories of others. [homes] comment = Home Directories browseable = yes read only = no valid users = %S [printers] comment = All Printers browseable = yes printable = yes public = no writable = no create mode = 0700 path = /tmp
bug in masked_match function
Tomoki
I think the right solution is to revert the patch - i've knocked up
the following test program.
testbox$ ./a.out
255.255.254.0 == addr/23
1110
Reverting old change - correct
(ALLONES atoi(slash + 1)) ^ ALLONES
1110
changing XOR to AND is incorrect
(ALLONES atoi(slash + 1)) ALLONES
1000
Best Regards
Andrew Bird (Unix Consultant)
#define ALLONES ((uint32)0x)
typedef unsigned int uint32;
print_uint32(uint32 val) {
int i;
for (i = 31 ; i = 0 ;i--) {
printf(%c, val (1 i) ? '1' : '0');
if( (i % 4) == 0 )
printf( );
}
printf(\n\n);
}
int main() {
char *string=10.0.0.0/23;
char *slash=/23;
uint32 mask;
mask =(25524) + (25516) + (2548) + 0;
printf(255.255.254.0 == addr/23\n);
print_uint32(mask);
mask = (uint32)((ALLONES atoi(slash + 1)) ^ ALLONES);
printf(Reverting old change - correct\n);
printf((ALLONES atoi(slash + 1)) ^ ALLONES\n);
print_uint32(mask);
mask = (uint32)((ALLONES atoi(slash + 1)) ALLONES);
printf(changing XOR to AND is incorrect\n);
printf((ALLONES atoi(slash + 1)) ALLONES\n);
print_uint32(mask);
}
Re: 2.2.8 fcntl F_SETLKW64 failing on Solaris 8
Here are the details: SunOS 5.8 Generic_108528-18 sun4u sparc SUNW,Ultra-4 I have noticed some additional F_SETLKW64 problems with Solaris 8 and 2.2.8. I still think that this problem is more closely related to the Sun implementation of fcntl. I would recommend taking your system up to kernel patch 108528-19. In 19 Sun released a patch that is supposed to help the scaling problems of fcntl. Joe Meslovich
Re: NMBD crashing in 2.2.7a (and 2.2.6, 2.2.5)
On Fri, Mar 28, 2003 at 02:19:48PM +0100, Edgar, Bob wrote:
Hi all,
I've been having a problem with nmbd crashing multiple times per day.
I suspect that the problem is caused by a shell script that tries to
lookup the name for ws to ws4000 to build a DNS reverse table.
It look something like this:
#!/bin/ksh
typeset -Z4 i=0
while (( $i 4000 )); do
host=ws$i
nmblookup $host | awk -v host=$host '
/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ {
printf(%s IN A %s\n, host, $1)
}
'
(( i = i + 1 ))
done
I have a level 10 debug log which I could send if it would be useful.
Let me know if there is any more information I can provide.
I think this is a bug we fixed for 2.2.8. Can you please
try with the updated version.
Thanks,
Jeremy.
RE: encrypt passwords=no, security=yes, samba 2.2.8, W2K user aut h fails
Hi Tony, Can't make it happen here on my HP-UX system, and I don't have a Solaris system to test on. But if you want to get me a log level 10 debug of the issue, and the output of testparm, I'll see if I can spot anything. Send the log and testparm off list, and compressed, ok? Don -Original Message- From: tony shepherd [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 23:31 To: MCCALL,DON (HP-USA,ex1); [EMAIL PROTECTED] Subject: RE: encrypt passwords=no, security=yes, samba 2.2.8, W2K user aut h fails --On Thursday, March 27, 2003 10:06:08 AM -0500 MCCALL,DON (HP-USA,ex1) [EMAIL PROTECTED] wrote: Hi tony, based on your log file, it sure does APPEAR that you have NOT turned off encrypted passwords, as samba is trying to open /usr/local/samba/private/smbpasswd. It should only do that if it negotiated encrypted passwords in the negot prot call, which it should only be able to do if encrypted passwords is set to yes. I note that you are including ANOTHER smb.conf file at the end of your global section; please check there and see if you have an encrypt passwords = yes, and/or include the contents of that smb.conf file as well in your next message to the list, ok? include=/etc/sfw/local-smb.conf local-smb.conf is an empty file. I don't have another encrypt passwords = yes anywhere in the config file. What is weird is that I can eventually authenticate after I change the username I try to authenticate with and then change back again. So, this looks like a bug? I wonder whether it only effects Solaris systems. I would have thought others would have fallen across it. I can't code, but I can provide logs and testing. Please let me know if I can help at all. tony -Original Message- From: tony shepherd [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 21:31 To: [EMAIL PROTECTED] Cc: tony.shepherd Subject: BUG: encrypt passwords=no, security=yes, samba 2.2.8, W2K user auth fails folks ** I am not on this mail list. Can all replied please be Cc'ed to me as well. ** I have come across the following bug using samba 2.2.8 (in the throws of upgrading from 2.0.10 to fix security vul). I discovered this bug using a W2K system; it was not present when testing with win98. I am running the samba server on a solaris 9 system. I am using encrypt passwords = no and security=user and using the Unix passwords for authentication. Registry modification have been made to the windows system. To replicate the bug, I do the following: * log onto w2k system as user ts74081, passwd: fred * try and open the share: \\huey\ts74081. As my password is different between the windows system and the samba server, it prompts me for a username/password pair. I give the correct values but I still get rejected. * I then try to access the share as a different user (one that does not exist on the system): username fred, passwd fred. Naturally it fails. * I then try again with the proper username/password pair and I get authenticated correctly and the share is made available. If I do not try and authenticate as a different user before retrying with the proper username, it will continue to fail to authenticate. I have attached debug 3 logs of the above scenario as well as the smb.conf I am using. If I change the security parameter to security=share, the above bug does not show itself. thanks tony
Re: use sendfile problems with Windows 95
Richard Sharpe wrote: On Thu, 27 Mar 2003, Pierre Belanger wrote: Can you get us a sniff? I sent a captured file directly to Richard. On this Friday, I wanted to share the following... While doing the capture for Richard, I was able to try to open different files a few times... here's what Windows 95 complained about, enjoy! Word cannot open the document. Try one or more of the following: - On the file menu, click Open to open the document - Make sure the document has a .DOC extension. (\\ALKONOST\...\CONFIG-SAVE-PROCDURE.DOC) While trying to open another file... - Word failed reading from this file (CV-belanger-EN). Please restore the network connection or replace the floppy disk and retry. (I clicked OK and then ...) - Word has lost data due to a bad network connection or missing floppy. Documents relying on this data are going to be saved and then closed. (I clicked OK and then ...) - Word cannot complete the save due to a file permission error: C:\RESCUED DOCUMENT.TXT Notes: 1) 4 out of 5 times Windows 95 just hanged when trying to open the 1st file... this time it did not hang?!?!?! 2) After doing the above tests, I mapped another drive from another Samba server not compiled with sendfile support. I was able to open the files properly... Cheers, Pierre B.
RE: NMBD crashing in 2.2.7a (and 2.2.6, 2.2.5)
Thanks, I've built and installed the 2.2.8 version. I'll give feedback on
Monday.
bob
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Freitag, 28. März 2003 18:25
To: Edgar, Bob
Cc: '[EMAIL PROTECTED]'
Subject: Re: NMBD crashing in 2.2.7a (and 2.2.6, 2.2.5)
On Fri, Mar 28, 2003 at 02:19:48PM +0100, Edgar, Bob wrote:
Hi all,
I've been having a problem with nmbd crashing multiple times per day.
I suspect that the problem is caused by a shell script that tries to
lookup the name for ws to ws4000 to build a DNS reverse table.
It look something like this:
#!/bin/ksh
typeset -Z4 i=0
while (( $i 4000 )); do
host=ws$i
nmblookup $host | awk -v host=$host '
/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ {
printf(%s IN A %s\n, host, $1)
}
'
(( i = i + 1 ))
done
I have a level 10 debug log which I could send if it would be useful.
Let me know if there is any more information I can provide.
I think this is a bug we fixed for 2.2.8. Can you please
try with the updated version.
Thanks,
Jeremy.
tmp files hanging around too long.
I recently upgraded my a21 system to a22 runaway smbds seem to have disappeared. A new, less serious problem, has emerged. When a user keeps a word document open for a very long time i see a proliferation of locked temporary files (87 since yesterday) I'd like to help track down this problem but I'm not sure where to start... The logs show the the tmp files are opened and opened closed opened closed opened closed opened closed opened opened closed closed opened closed opened opened closed note that the last closed does not happen... this file is never used again - it just hangs around in the locked files is left on the disk until the program is closed. I know this looks like a word bug... but the client computers have not changed and I've only observed this phenomena since upgrading to alpha22. How can i help debug this? brad -- Bradley W. Langhorst [EMAIL PROTECTED]
Re: Next alpha of 3.0 planned for Friday
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is just a heads up for everyone. I'm planning the 3.0alpha23 release for this Friday. If you have code that needs to be merged of commited to the SAMBA_3_0 cvs tree, please get in checked in by 8am EST on Friday of the week. I've hit a few small bugs (one in RH packaging and one in smbpasswd). As soon as I get those cleaned up, 3.0alpha23 will be on its way. Hopefully tomorrow. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+hNGSIR7qMdg1EfYRAlv+AKDWJbF5ZBK5IPE104O/ZPmD6nFwIgCfckUG 6oCiLf1R6SKsDsu4FkgS+PI= =A0L2 -END PGP SIGNATURE-
Spooler retrieves driver files hundreds times during Point andPrint install or driver property update.
I have detected significant performance slow down when I use PnP driver with versions 2.2.7A and 2.2.8. It happened with all kinds of Windows OS (exclude 9x) when user has administrative rights to Samba based printers. In Windows system event viewer I see that spooler retrieves printer driver files from Samba server to Window machine a lot of times. It happened each time when I try to update driver properties, change paper size or print .. Sometimes Windows's spooler retrieves driver files hundreds times and it take all CPU's and network resources. It newer happened before with SAMBA 2.2.2 we used. Thanks Arcady
Re: Next alpha of 3.0 planned for Friday
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 27 Mar 2003, Tomoki AONO wrote: In [EMAIL PROTECTED], [EMAIL PROTECTED] wrote: This is just a heads up for everyone. I'm planning the 3.0alpha23 release for this Friday. If you have code that needs to be merged of commited to the SAMBA_3_0 cvs tree, please get in checked in by 8am EST on Friday of the week. Would someone take a look at CIDR-like notation problem by Mr. Takeda (and following mail by me) ? If this is right, example config described in securing-samba.sgml will not work as expected. (http://lists.samba.org/pipermail/samba-technical/2003-March/042993.html) Fixed. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+hG2DIR7qMdg1EfYRAv+ZAJ446QsKK2fNTJQMUaEanz0rbJoCCACeNcuH Mxs352anoxclJKqT4TwrrLI= =JAQm -END PGP SIGNATURE-
