RE: Samba 3.0 Alpha 21 - TZ environment variable.

[Clive . Elsum]

Maybe the suggestion I made some time ago which worked for Solaris may work
for HP as well, if the Tridge replacement doesn't.
The timegm replacement within replace.c (see earlier e-mails).

 time_t timegm(struct tm *t)
{
  time_t tl, tb;
  struct tm *tg;

  tl = mktime (t);
  if (tl == -1)
{
  t-tm_hour--;
  tl = mktime (t);
  if (tl == -1)
return -1; /* can't deal with output from strptime */
  tl += 3600;
}
  tg = gmtime (tl);
  tg-tm_isdst = 0;
  tb = mktime (tg);
  if (tb == -1)
{
  tg-tm_hour--;
  tb = mktime (tg);
  if (tb == -1)
return -1; /* can't deal with output from gmtime */
  tb += 3600;
}
  return (tl - (tb - tl));
}


[EMAIL PROTECTED]



-Original Message-
From: P Ranjit Kumar [mailto:[EMAIL PROTECTED]]
Sent: Saturday, 11 January 2003 9:45 AM
To: Andrew Bartlett; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Samba 3.0 Alpha 21 - TZ environment variable.


That will be a cool solution. I will take a look at it.

- Ranjit

-Original Message-
From: Andrew Bartlett [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 10, 2003 2:34 PM
To: [EMAIL PROTECTED]
Cc: P Ranjit Kumar; [EMAIL PROTECTED]
Subject: Re: Samba 3.0 Alpha 21 - TZ environment variable.


On Sat, 2003-01-11 at 09:14, [EMAIL PROTECTED] wrote:
 On Fri, Jan 10, 2003 at 02:04:12PM -0800, P Ranjit Kumar wrote:
  Hi
 
  Samba 3.0 Alpha21 tries to emulate the timegm() call. When it does that,
it
  sets the TZ= before it invokes the mktime() call. However, on HP-UX,
  setting TZ= makes the timezone to be EST but what we want is GMT for
  time_t computation. This results in Samba failing to a join a domain.

 Adding platform specific code (like #ifdef HPUX) isn't something we
 want to move towards. Does HPUX not have timegm ? If not, can you
 work out a feature test patch that fixes it for HPUX rather than
 a platform specific one ?

Tridge's timegm() replacement doesn't use TZ any more, and has been
merged into Samba 3.0, for the next alpha.

Andrew Bartlett

--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net

RE: Samba 3.0 alpha 20 problem with timegm-mktime() on HP-UX

[Clive . Elsum]

I have already included a fix for this which you could try. See previous
e-mail to Andrew and samba-technical attached. Hopefully this will be
adopted as a fix at some stage.

Andrew,

Another suggestion which appears to work without a kludge is a very minor
mod to the code originally contributed by Roger Beeman [EMAIL PROTECTED],
with the help of Mark Baushke [EMAIL PROTECTED] and the rest of the Gurus at
CISCO. Further improved by Roger with assistance from Edward J. Sabol based
on input by Jamie Zawinski. 
Setting this as a timegm replacement within lib/replace.c overcomes the need
to reset TIMEZONE.


 time_t timegm(struct tm *t)
{
  time_t tl, tb;
  struct tm *tg;

  tl = mktime (t);
  if (tl == -1)
{
  t-tm_hour--;
  tl = mktime (t);
  if (tl == -1)
return -1; /* can't deal with output from strptime */
  tl += 3600;
}
  tg = gmtime (tl);
  tg-tm_isdst = 0;
  tb = mktime (tg);
  if (tb == -1)
{
  tg-tm_hour--;
  tb = mktime (tg);
  if (tb == -1)
return -1; /* can't deal with output from gmtime */
  tb += 3600;
}
  return (tl - (tb - tl));
}

-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia  3195
Phone : (+61 3) 9239 4509
Fax:(+61 3) 9239 
E-mail [EMAIL PROTECTED]
-



-Original Message-
From: P Ranjit Kumar [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, 28 November 2002 11:07 AM
To: [EMAIL PROTECTED]
Subject: Samba 3.0 alpha 20 problem with timegm-mktime() on HP-UX

Hi

I had a problem with net ads join on HP-UX. I used mktime() instead of the
timegm() that was used in Samba 3.0 alpha 20.

net ads join gives error saying that the times are out of sync (Windows 2000
DC and Samba HP Unix Box)

But they are in perfectly in sync. mktime() interprets the time as local
time (PST8PDT). You need to set the TZ environment variable to GMT to solve
the problem and get it working.

If I come up with a programatic solution to this issue, I will leave it on
the mailing list.

- Ranjit
@ HP CIFS Team.

RE timegm on SOLARIS

[Clive Elsum]

 Hi,
 
 I have not had any feedback on the replacement module for timegm within 
/lib/replace.c. This fix allows a correct Solaris build, without it Clock Skew
 errors occur unless the machine is dropped back to GMT. Is there any chance of 
this being implemented?
 
 Thanks in advance
 
 Clive
 
Original message attached

Delivered-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: FIX to RE: Cannot get net ads  join to work under Solaris 8 
MIME-Version: 1.0
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.0.13
List-Help: mailto:[EMAIL PROTECTED]?subject=help
List-Post: mailto:[EMAIL PROTECTED]
List-Subscribe: http://lists.samba.org/mailman/listinfo/samba-technical, 
mailto:[EMAIL PROTECTED]?subject=subscribe
List-Id: Discussions on Samba internals.  For general questions please subscribe 
to the list [EMAIL PROTECTED] samba-technical.lists.samba.org
List-Unsubscribe: http://lists.samba.org/mailman/listinfo/samba-technical, 
mailto:[EMAIL PROTECTED]?subject=unsubscribe
 List-Archive: http://lists.samba.org/pipermail/samba-technical/
X-Original-Date: Sun, 17 Nov 2002 19:33:23 +1100
Date: Sun, 17 Nov 2002 19:33:23 +1100

Andrew,

Another suggestion which appears to work without a kludge is a very minor
mod to the code originally contributed by Roger Beeman [EMAIL PROTECTED],
with the help of Mark Baushke [EMAIL PROTECTED] and the rest of the Gurus at
CISCO. Further improved by Roger with assistance from Edward J. Sabol based
on input by Jamie Zawinski. 
Setting this as a timegm replacement within lib/replace.c overcomes the need
to reset TIMEZONE.


 time_t timegm(struct tm *t)
{
  time_t tl, tb;
  struct tm *tg;

  tl = mktime (t);
  if (tl == -1)
{
  t-tm_hour--;
  tl = mktime (t);
  if (tl == -1)
return -1; /* can't deal with output from strptime */
  tl += 3600;
}
  tg = gmtime (tl);
  tg-tm_isdst = 0;
  tb = mktime (tg);
  if (tb == -1)
{
  tg-tm_hour--;
  tb = mktime (tg);
  if (tb == -1)
return -1; /* can't deal with output from gmtime */
  tb += 3600;
}
  return (tl - (tb - tl));

 
 
-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia  3195
Phone : (+61 3) 9239 4509
Fax:(+61 3) 9239 
E-mail [EMAIL PROTECTED]
-

FIX to RE: Cannot get net ads join to work under Solaris 8

[Clive . Elsum]

Andrew,

Another suggestion which appears to work without a kludge is a very minor
mod to the code originally contributed by Roger Beeman [EMAIL PROTECTED],
with the help of Mark Baushke [EMAIL PROTECTED] and the rest of the Gurus at
CISCO. Further improved by Roger with assistance from Edward J. Sabol based
on input by Jamie Zawinski. 
Setting this as a timegm replacement within lib/replace.c overcomes the need
to reset TIMEZONE.


 time_t timegm(struct tm *t)
{
  time_t tl, tb;
  struct tm *tg;

  tl = mktime (t);
  if (tl == -1)
{
  t-tm_hour--;
  tl = mktime (t);
  if (tl == -1)
return -1; /* can't deal with output from strptime */
  tl += 3600;
}
  tg = gmtime (tl);
  tg-tm_isdst = 0;
  tb = mktime (tg);
  if (tb == -1)
{
  tg-tm_hour--;
  tb = mktime (tg);
  if (tb == -1)
return -1; /* can't deal with output from gmtime */
  tb += 3600;
}
  return (tl - (tb - tl));

-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia  3195
Phone : (+61 3) 9239 4509
Fax:(+61 3) 9239 
E-mail [EMAIL PROTECTED]
-

RE: Cannot get net ads join to work under Solaris 8

[Clive . Elsum]

Following on from this in the replacement for timegm within /lib/replace.c
Solaris returns the TIMEZONE (in our case) as Australia/Victoria. This is
done
during installation.
I expect that SAMBA is looking for some variant of GMT or UTC not
Australia/Victoria.
As a very simple workaround I simply changed the putenv call to force TZ=GMT
and all 
works happily.
 

 time_t timegm(struct tm *tm)
{
time_t ret;
char *tz;
char *tzvar;

tz = getenv(TZ);

  /*putenv(TZ=);
putenv(TZ=GMT);
tzset();
ret = mktime(tm);


Clive Elsum

-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia  3195
Phone : (+61 3) 9239 4509
Fax:(+61 3) 9239 
E-mail [EMAIL PROTECTED]
-


-Original Message-
From: Andrew Bartlett [mailto:[EMAIL PROTECTED]]
Sent: Saturday, 16 November 2002 7:18 AM
To: David Collier-Brown -- Customer Engineering
Cc: Andrew Bartlett; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: Cannot get net ads join to work under Solaris 8


On Sat, 2002-11-16 at 06:09, David Collier-Brown -- Customer Engineering
wrote:
 Andrew Bartlett wrote:
  Well, it just means that we need to find a real replacement for
  gmtime().  Any chance you could have a look at that function, and see if
  you can figure out why the current replacement doesn't work?
 
   Huh?  My Solaris box has gmtime and gmtime_r, the 
   reentrant variant. 
 
   In principle, gmtime creates a struct tm, in
   Coordinated Universal Time (UTC), just as if
   you called localtime when machine was set to 
   GMT. 

Actually, we got confused - the function that Samba replaced, which I
suspected could be a problem is 'timegm'.  

Either way, there is a but in there somewhere, as it doesn't work for a
non-GMT timezone.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net

Cannot get net ads join to work under Solaris 8

[Clive . Elsum]

HI,

Any clues would be appreciated in getting net ads join working on Solaris 8.
I have downloaded the latest CVS samba 3.0. on to a solaris 8 box as is.
I have followed the same procedures as the LINUX CVS port that I have got
going.
The only mod needed was that the  --without-sendfile flag did not appear to
work so I put in with-sendfile=no in configure rather that the default yes
for the Solaris port. This was not necessary for the Linux port.

Clocks on the machines are synchronized.
kdestroy works correctly
kinit works correctly
klist works correctly
net ads join fails for the Solaris port but works for the Linux port, errors
reported below.

root#l ./net ads join -Uadminuser
[2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
  Conversion from UCS-2LE to CP850 not supported
[2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
  Conversion from UTF8 to CP850 not supported
[2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
  Conversion from ASCII to CP850 not supported
[2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
  Conversion from CP850 to UCS-2LE not supported
[2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
  Conversion from CP850 to UTF8 not supported
[2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
  Conversion from CP850 to ASCII not supported
[2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
  Conversion from CP850 to UTF8 not supported
[2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
  Conversion from UTF8 to CP850 not supported
adminuser password: 
[2002/11/14 21:01:11, 1] libsmb/clikrb5.c:krb5_mk_req2(63)
  krb5_get_credentials failed for w2kads$@OUR.DOMAIN.AU (Clock skew too
great in KDC reply)
[2002/11/14 21:01:11, 0] libads/kerberos.c:ads_kinit_password(133)
  kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication
failed
[2002/11/14 21:01:11, 1] utils/net_ads.c:ads_startup(148)
  ads_connect: Invalid credentials


Thanks in advance

Clive

-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia  3195
Phone : (+61 3) 9239 4509
Fax:(+61 3) 9239 
E-mail [EMAIL PROTECTED]
-

RE: Cannot get net ads join to work under Solaris 8

[Clive . Elsum]

Many thanks Andrew!! 

Setting the Solaris box to GMT certainly did the trick.
Well done, I appreciate the prompt response to my query.

Clive Elsum

-Original Message-
From: Andrew Bartlett [mailto:abartlet;samba.org]
Sent: Thursday, 14 November 2002 10:19 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Cannot get net ads join to work under Solaris 8


On Thu, 2002-11-14 at 21:30, [EMAIL PROTECTED] wrote:
 HI,
 
 Any clues would be appreciated in getting net ads join working on Solaris
8.
 I have downloaded the latest CVS samba 3.0. on to a solaris 8 box as is.
 I have followed the same procedures as the LINUX CVS port that I have got
 going.
 The only mod needed was that the  --without-sendfile flag did not appear
to
 work so I put in with-sendfile=no in configure rather that the default yes
 for the Solaris port. This was not necessary for the Linux port.
 
 Clocks on the machines are synchronized.
 kdestroy works correctly
 kinit works correctly
 klist works correctly
 net ads join fails for the Solaris port but works for the Linux port,
errors
 reported below.
 
 root#l ./net ads join -Uadminuser
 [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
   Conversion from UCS-2LE to CP850 not supported
 [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
   Conversion from UTF8 to CP850 not supported
 [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
   Conversion from ASCII to CP850 not supported
 [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
   Conversion from CP850 to UCS-2LE not supported
 [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
   Conversion from CP850 to UTF8 not supported
 [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
   Conversion from CP850 to ASCII not supported
 [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
   Conversion from CP850 to UTF8 not supported
 [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93)
   Conversion from UTF8 to CP850 not supported
 adminuser password: 
 [2002/11/14 21:01:11, 1] libsmb/clikrb5.c:krb5_mk_req2(63)
   krb5_get_credentials failed for w2kads$@OUR.DOMAIN.AU (Clock skew too
 great in KDC reply)

Can you try putting the Solaris machine in the GMT timezone?

My thinking is that the gmtime() replacement might not be functioning
correctly.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net

RE: Trying to join a Solaris 8 box to Windows 2000 AD.

[Clive . Elsum]

I can still not get net ads working with Solaris 8.
With the new CVS code and the mod to timegm in ldap.c The ned ads command
now fails with Clock Skew, Preauthentication failed, invalid credentials
even though the Machines are sync'd in time.
Previous failure message when mktime was substituted for timegm was 
Preauthentication failed, invalid credentials.
Any help on this would be appreciated.

Thanks in advance
Clive

-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia  3195
Phone : (+61 3) 9239 4509
Fax:(+61 3) 9239 
E-mail [EMAIL PROTECTED]
-



-Original Message-
From: [EMAIL PROTECTED] [mailto:Clive.Elsum;csiro.au] 
Sent: Wednesday, 13 November 2002 3:53 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD.

Andrew,
I got the latest CVS code. Had to copy the alpha20 versions of configure.*
to get this version to configure. I had to remove the AUTHLIBS=@AUTHLIBS@
statement from the Makefile. The timegm problem has gone away.
The latest gdb output.

GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type show copying to see the conditions.
There is absolutely no warranty for GDB.  Type show warranty for details.
This GDB was configured as sparc-sun-solaris2.8...
/usr/local/samba/lib/19461: No such file or directory.
Attaching to program `/proc/19461/object/a.out', process 19461
Reading symbols from /usr/lib/libsec.so.1...done.
Loaded symbols for /usr/lib/libsec.so.1
Reading symbols from /usr/lib/libgen.so.1...done.
Loaded symbols for /usr/lib/libgen.so.1
Reading symbols from /usr/lib/libresolv.so.2...done.
Loaded symbols for /usr/lib/libresolv.so.2
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/local/krb5/lib/libkrb5.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libkrb5.so.3
Reading symbols from /usr/local/krb5/lib/libcom_err.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libcom_err.so.3
Reading symbols from /usr/local/krb5/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libk5crypto.so.3
Reading symbols from /usr/local/krb5/lib/libgssapi_krb5.so.2
Reading symbols from /usr/local/lib/libgcc_s.so.1...done.
Loaded symbols for /usr/local/lib/libgcc_s.so.1
Reading symbols from /usr/local/ssl/lib/libssl.so.0.9.6...done.
Loaded symbols for /usr/local/ssl/lib/libssl.so.0.9.6
Reading symbols from /usr/local/ssl/lib/libcrypto.so.0.9.6...done.
Loaded symbols for /usr/local/ssl/lib/libcrypto.so.0.9.6
Reading symbols from /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1...done.
Loaded symbols for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
Retry #1:
Retry #2:
Retry #3:
Retry #4:
[New LWP 1]
Symbols already loaded for /usr/lib/libsec.so.1
Symbols already loaded for /usr/lib/libgen.so.1
Symbols already loaded for /usr/lib/libresolv.so.2
Symbols already loaded for /usr/lib/libsocket.so.1
Symbols already loaded for /usr/lib/libnsl.so.1
Symbols already loaded for /usr/lib/libdl.so.1
Symbols already loaded for /usr/local/krb5/lib/libkrb5.so.3
Symbols already loaded for /usr/local/krb5/lib/libcom_err.so.3
Symbols already loaded for /usr/local/krb5/lib/libk5crypto.so.3
Symbols already loaded for /usr/local/krb5/lib/libgssapi_krb5.so.2
Symbols already loaded for /usr/local/ldap/lib/liblber.so.2
Symbols already loaded for /usr/local/ldap/lib/libldap.so.2
Symbols already loaded for /usr/lib/libpam.so.1
Symbols already loaded for /usr/lib/libc.so.1
Symbols already loaded for /usr/lib/libmp.so.2
Symbols already loaded for /usr/local/lib/libgcc_s.so.1
Symbols already loaded for /usr/local/ssl/lib/libssl.so.0.9.6
Symbols already loaded for /usr/local/ssl/lib/libcrypto.so.0.9.6
Symbols already loaded for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
0xff01b844 in _waitid () from /usr/lib/libc.so.1
#0  0xff01b844 in _waitid () from /usr/lib/libc.so.1
No symbol table info available.
#1  0xfefd5d00 in _waitpid () from /usr/lib/libc.so.1
No symbol table info available.
#2  0xff01113c in system () from /usr/lib/libc.so.1
No symbol table info available.
#3  0x61268 in smb_panic (why=0xf31a8 internal error) at lib/util.c:1344
cmd = 0x193c00 /usr/openwin/bin/xterm -display :0.0 -e gdb -x
/usr/local/gdbcmds /proc/19461/object/a.out 19461  || gdb -x
/usr/local/gdbcmds /proc/19461/object/a.out 19461 | mail root
result = 1653760
#4  0x4f4ac in fault_report (sig=11) at lib/fault.c:41

RE: Trying to join a Solaris 8 box to Windows 2000 AD.

[Clive . Elsum]

Sorry Andrew, I may have mislead you here. In the pre CVS version I tried
timegm would not compile under Solaris without changing timegm to mktime in
ldap.c. With the newer CVS version I have not made any mods to ldap.c (as
you stated earlier this was a bug that was fixed) and all compiled OK with
mods to the 
Configure commands as detailed earlier.
With the new CVS code unmodified timegm I get the Clock Skew problem. 
You say I have a 10+ hour problem, but where and how, and how can this be
rectified.?

TIA
Clive
-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia  3195
Phone : (+61 3) 9239 4509
Fax:(+61 3) 9239 
E-mail [EMAIL PROTECTED]
-



-Original Message-
From: Andrew Bartlett [mailto:abartlet;samba.org] 
Sent: Thursday, 14 November 2002 9:03 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD.

On Thu, 2002-11-14 at 08:23, [EMAIL PROTECTED] wrote:
 I can still not get net ads working with Solaris 8.
 With the new CVS code and the mod to timegm in ldap.c The ned ads command
 now fails with Clock Skew, Preauthentication failed, invalid credentials

Well, if you modified that function, then you probably now have a +10
hour problem in the time.  Samba uses the time the ldap server sends to
avoid time skew problems, hence having those timegm() functions in the
first place...  

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net

RE: Trying to join a Solaris 8 box to Windows 2000 AD.

[Clive . Elsum]

One other thing I keep meaning to mention Andrew, I had to replace timegm
with mktime in libads/ldap.c as Solaris does not recognize timegm

Clive

-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia  3195
Phone : (+61 3) 9239 4509
Fax:(+61 3) 9239 
E-mail [EMAIL PROTECTED]
-



-Original Message-
From: Andrew Bartlett [mailto:abartlet;samba.org] 
Sent: Wednesday, 13 November 2002 10:51 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD.

On Wed, 2002-11-13 at 10:33, [EMAIL PROTECTED] wrote:
 Hi Andrew,
 
 Finally got back to this after locating a machine with more disk space!
 The dbg output was:

I need 'bt full' so I can see the contents of variables.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net

RE: Trying to join a Solaris 8 box to Windows 2000 AD.

[Clive . Elsum]

 (domain=0x18ed30, sid=0x18ef30)
at nsswitch/winbindd_ads.c:803
#19 0x36ec0 in domain_sid (domain=0x18ed30, sid=0x18ef30)
at nsswitch/winbindd_cache.c:892
#20 0x34d44 in init_domain_list () at nsswitch/winbindd_util.c:201
#21 0x2f3ac in winbind_setup_common () at nsswitch/winbindd.c:700
#22 0x2f878 in main (argc=1, argv=0xffbef95c) at nsswitch/winbindd.c:875


Any help on where to go on this would be greatly appreciated,

Clive

-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia  3195
Phone : (+61 3) 9239 4509
Fax:(+61 3) 9239 
E-mail [EMAIL PROTECTED]
-



-Original Message-
From: Andrew Bartlett [mailto:abartlet;samba.org] 
Sent: Sunday, 10 November 2002 11:39 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Trying to join a Solaris 8 box to Windows 2000 AD.

On Sun, 2002-11-10 at 21:13, [EMAIL PROTECTED] wrote:
 I am having major problems with SAMBA samba-3.0alpha20 in trying to
connect
 to 
 Windows 2000 AD. I have attached info if that helps.  Any help you can
give
 me
 would be greatly appreciated.
 
 Thanks in advance
 
 Clive Elsum
 
 I can get samba-3.0alpha20 working if I include reference to our NT PDC
 in the smb.conf file and do a net rpc join command.
 This joins our NT PDC domain which has a trust relationship with the
 Windows 2000 ADS.
 The joined domian XXX message appears and a wbinfo -m shows the
 Windows 2000 AD domain Y as a trusted-domain.
 I can then login using domain/userid and everything works correctly.
 The working smb.conf relvant bits are
   workgroup = xxx
   security = server
 encrypt passwords = yes
 stat cache = false
 winbind separator = /
 winbind uid = 1-3
 winbind gid = 1-3
 winbind use default domain = true
 winbind enum groups = yes
 winbind enum users = yes
   security = server
 template shell = /bin/tcsh
 
 
 However with the imminent departure of the local NT PDC I will be forced
 to use the net ads join command which at present fails.

There isn't a 'forced' here - you should still be able to 'net rpc join'
a Win2k domain.  But that doesn't solve your real problem.

 The kinit command works correctly (password entered prompt returned)
 The klist command appears to do the right thing.
 Suggesting that kerberos is set up OK.
 
 I have samba-3.0alpha20 version installed on Solaris 8. It was configured
 with
 ./configure  --with-ads --with-ldap --with-krb5=/usr/local/kerberos
 --with-pam --with-winbind
 
 The include/config.h file shows
 #define HAVE_KRB5 1
 #define HAVE_GSSAPI 1
 #define WITH_ADS 1
 #define HAVE_LDAP_H 1
 
 
 I am using GCC Version 3.2;  Kerberos  krb5-1.2.6; LDAP openldap-2.1.8; on
a
 Solaris 8 platform.
 
 I have modified the Makefile so as to overcome errors in compiling e.g
 passdb/pdb_ldap.c

What were they, btw?

 I then do a make install and copy relevant files with relevant links:
 cp pam_winbind.so /lib/security
 cp libnss_winbind.so /lib/nss_winbind.so
 
 
 Relevant bits from smb.conf:
 workgroup = OUR
 realm = OUR.2000AD.DOMAIN
 security =  ADS
 encrypt passwords = yes
 stat cache = false
 winbind separator = /
 winbind uid = 1-3
 winbind gid = 1-3
 winbind use default domain = true
 winbind enum groups = yes
 winbind enum users = yes
 ads server = IP ADDRESS of ads server
 template shell = /bin/tcsh
 
 WINBINDD adds the AD DOMAIN and relevant machines in lookup sequence but
 then 
 aborts with:
 
 convert_string: Required 1521, available 2048
 ===
 INTERNAL ERROR: Signal 11 in pid 25953 (3.0alpha20)
 Please read the file BUGS.txt in the distribution
 ===
 PANIC: internal error
 Abort (core dumped)

Any chance of recompiling --enable-krb5developer and getting us a gdb
backtrace?  See 'panic action' in the smb.conf

 Obviously the command net ads join also fails with:
 [2002/11/10 20:36:44, 0] libads/kerberos.c:ads_kinit_password(122)
   kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication
 failed
 [2002/11/10 20:36:44, 1] utils/net_ads.c:ads_startup(148)
   ads_connect: Invalid credentials

Why is this 'obviously'?  Anyway, a backtrace of this would be good.

Anyway, if you can get that, and also try the lastest 3.0 CVS
(pserver.samba.org), that will help us to chase it down.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http

RE: Trying to join a Solaris 8 box to Windows 2000 AD.

[Clive . Elsum]

 = {s_b1 = 144 '\220', s_b2 = 110 'n', 
  s_b3 = 3 '\003', s_b4 = 16 '\020'}, S_un_w = {s_w1 = 36974, s_w2 =
784}, 
S_addr = 2423128848}}
a = 4294967295
#15 0xe267c in ads_try_dns (ads=0x194790) at libads/ldap.c:154
port = 389
c_realm = 0x185 Address 0x185 out of bounds
ptr = 0x194d49 nxact1-gu.nexus.csiro.au:389
nxvic1-fa.nexus.csiro.au:389 worf.nexus.csiro.au:389
nxact1-bt.nexus.csiro.au:389 nxnsw1-mv.nexus.csiro.au:389
nxqld1-nd.nexus.csiro.au:389 nxact1-yf.nexus.csiro.au:389 nx...
realm = 0x130 Address 0x130 out of bounds
list = 0x1948e8 nxtst1-tt.nexus.csiro.au:389
nxwa1-wf.nexus.csiro.au:389 147141-be.nexus.csiro.au:389
nxnsw1-ri.nexus.csiro.au:389 nxqld1-rh.nexus.csiro.au:389
nxnsw1-cj.nexus.csiro.au:389 nxvic1-fy.nexus.csiro.au:38...
tok = nxact1-bm.nexus.csiro.au\000389\000¾ëØÿ¾ëð\000\aDPþÿ,ü,
'\000' repeats 15 times, \027, '\000' repeats 29 times,
\023½H\000\000\000\001\000\000\000\027\000\023È\220\000\000\000\000\000\000
\000\000ÿ¾ì@\000\005\203L\000\000\000\t\000\000\000\003\000\000'\020\000
\000\000\001\000\031X\200\000\000\000\224\000\000\000\000\005\000\002\003\02
0\000\000\000\000¬\000\000\000\000\000\002, '\000' repeats 33 times,
\023È\220\000\0170hÿ¾íp\000\000\000S\000\000\000\021þü\Pÿ¾ì¸\000\004ïì,
'\000' repeats 11 times, \002ÿ¾î ...
ip_list = (struct ldap_ip *) 0x193190
count = 389
i = 38
#16 0xe2a18 in ads_connect (ads=0x194790) at libads/ldap.c:254
version = 3
status = {error_type = 4278334252, err = {rc = 1037162097, 
nt_status = {v = 1037162097}}, minor_status = 967592}
#17 0x3df5c in ads_cached_connection (domain=0x192560)
at nsswitch/winbindd_ads.c:68
ads = (ADS_STRUCT *) 0x194790
status = {error_type = 1243136, err = {rc = 0, nt_status = {v = 0}},

  minor_status = 0}
#18 0x3fcb8 in domain_sid (domain=0x192560, sid=0x192760)
at nsswitch/winbindd_ads.c:628
ads = (ADS_STRUCT *) 0x0
rc = {error_type = 1651088, err = {rc = 0, nt_status = {v = 0}}, 
  minor_status = 0}
#19 0x37ef4 in domain_sid (domain=0x192560, sid=0x192760)
at nsswitch/winbindd_cache.c:962
cache = (struct winbind_cache *) 0x192560
#20 0x35794 in init_domain_list () at nsswitch/winbindd_util.c:215
result = {v = 1219744}
domain = (struct winbindd_domain *) 0x192560
#21 0x2fb10 in winbind_setup_common () at nsswitch/winbindd.c:694
No locals.
#22 0x2ff48 in main (argc=1, argv=0xffbef8ac) at nsswitch/winbindd.c:845
logfile = /usr/local/samba/var/log.winbindd\000\\L, '\000'
repeats 24 times, þó?ìþóbp, '\000' repeats 20 times,
ÿ¾ôÈþñøÄ\000\000\000\000\000\000\000\000ÿ¾ôÈÿ3ù\fþØ\212\230\000\000\000\000
\000\000\000\001\000\000\000\002\000\000\000\002þù¹x, '\000' repeats 44
times,
ÿ,\030\030ÿ,\030\224\000\000\000\001\000\001ux\000\000\000\000ÿ¾õ(ÿ¦h,
'\000' repeats 13 times,  \002\000\000\000\000\000
\000\000\000\000\000\000\001\000\000\000\001ÿ+\b\004ÿ+\b\000\000\000\000\000
þñø¸ÿ\e\224, '\000' repeats 12 times...
interactive = 0
opt = 962040


Thanks in advance,
Clive
-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia  3195
Phone : (+61 3) 9239 4509
Fax:(+61 3) 9239 
E-mail [EMAIL PROTECTED]
-



-Original Message-
From: Andrew Bartlett [mailto:abartlet;samba.org] 
Sent: Wednesday, 13 November 2002 11:25 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD.

On Wed, 2002-11-13 at 11:11, [EMAIL PROTECTED] wrote:
 One other thing I keep meaning to mention Andrew, I had to replace timegm
 with mktime in libads/ldap.c as Solaris does not recognize timegm

OK.  Can we take a step back then and move to current HEAD?

That bug is fixed, and perhaps your issue is fixed too.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net

Trying to join a Solaris 8 box to Windows 2000 AD.

[Clive . Elsum]

I am having major problems with SAMBA samba-3.0alpha20 in trying to connect
to 
Windows 2000 AD. I have attached info if that helps.  Any help you can give
me
would be greatly appreciated.

Thanks in advance

Clive Elsum

I can get samba-3.0alpha20 working if I include reference to our NT PDC
in the smb.conf file and do a net rpc join command.
This joins our NT PDC domain which has a trust relationship with the
Windows 2000 ADS.
The joined domian XXX message appears and a wbinfo -m shows the
Windows 2000 AD domain Y as a trusted-domain.
I can then login using domain/userid and everything works correctly.
The working smb.conf relvant bits are
workgroup = xxx
security = server
encrypt passwords = yes
stat cache = false
winbind separator = /
winbind uid = 1-3
winbind gid = 1-3
winbind use default domain = true
winbind enum groups = yes
winbind enum users = yes
security = server
template shell = /bin/tcsh


However with the imminent departure of the local NT PDC I will be forced
to use the net ads join command which at present fails.

The kinit command works correctly (password entered prompt returned)
The klist command appears to do the right thing.
Suggesting that kerberos is set up OK.

I have samba-3.0alpha20 version installed on Solaris 8. It was configured
with
./configure  --with-ads --with-ldap --with-krb5=/usr/local/kerberos
--with-pam --with-winbind

The include/config.h file shows
#define HAVE_KRB5 1
#define HAVE_GSSAPI 1
#define WITH_ADS 1
#define HAVE_LDAP_H 1


I am using GCC Version 3.2;  Kerberos  krb5-1.2.6; LDAP openldap-2.1.8; on a
Solaris 8 platform.

I have modified the Makefile so as to overcome errors in compiling e.g
passdb/pdb_ldap.c

CFLAGS=-O  -I/usr/local/kerberos/include -I/usr/local/openldap/include
CPPFLAGS= -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-I/usr/local/kerberos/include -I/usr/local/openldap/include
LDFLAGS= -L/usr/local/kerberos/lib -L/usr/local/openldap/lib
LDSHFLAGS=-G  -L/usr/local/kerberos/lib -L/usr/local/openldap/lib -O
-I/usr/local/kerberos/include -I/usr/local/openldap/includ
e

During compilation the following  warnings show:
lib/util_str.c: In function `str_list_make':
lib/util_str.c:1160: warning: passing arg 3 of `next_token' discards
qualifiers from pointer target type
auth/pampass.c: In function `smb_setup_pam_conv':
auth/pampass.c:422: warning: assignment from incompatible pointer type
libads/ldap.c: In function `ads_do_paged_search':
libads/ldap.c:405: warning: passing arg 2 of `str_list_copy' from
incompatible pointer type
libads/ldap.c: In function `ads_do_search':
libads/ldap.c:631: warning: passing arg 2 of `str_list_copy' from
incompatible pointer type
libads/ldap_printer.c: In function `ads_mod_printer_entry':
libads/ldap_printer.c:80: warning: passing arg 4 of `ads_mod_strlist' from
incompatible pointer type
libads/ldap_printer.c:96: warning: passing arg 4 of `ads_mod_strlist' from
incompatible pointer type
libads/ldap_printer.c:99: warning: passing arg 4 of `ads_mod_strlist' from
incompatible pointer type
libads/kerberos.c: In function `kerberos_kinit_password':
libads/kerberos.c:80: warning: passing arg 6 of
`krb5_get_init_creds_password' discards qualifiers from pointer target type
utils/net.c: In function `net_getlocalsid':
utils/net.c:348: warning: passing arg 1 of `secrets_fetch_domain_sid'
discards qualifiers from pointer target type
utils/net_ads.c: In function `net_ads_printer_info':
utils/net_ads.c:722: warning: passing arg 4 of `ads_find_printer_on_server'
discards qualifiers from pointer target type
utils/net_ads.c: In function `net_ads_printer_publish':
utils/net_ads.c:774: warning: assignment discards qualifiers from pointer
target type
utils/net_ads.c: In function `net_ads_printer_remove':
utils/net_ads.c:812: warning: assignment discards qualifiers from pointer
target type
utils/net_rpc_join.c: In function `net_rpc_join_ok':
utils/net_rpc_join.c:65: warning: passing arg 1 of
`secrets_fetch_trust_account_password' discards qualifiers from pointer
target type
nsswitch/pam_winbind.c: In function `converse':
nsswitch/pam_winbind.c:67: warning: passing arg 3 of `pam_get_item' from
incompatible pointer type
nsswitch/pam_winbind.c:70: warning: passing arg 2 of pointer to function
from incompatible pointer type
nsswitch/pam_winbind.c: In function `_make_remark':
nsswitch/pam_winbind.c:85: warning: assignment discards qualifiers from
pointer target type
nsswitch/pam_winbind.c: In function `_winbind_read_password':
nsswitch/pam_winbind.c:278: warning: passing arg 3 of `pam_get_item' from
incompatible pointer type
nsswitch/pam_winbind.c:311: warning: assignment discards qualifiers from
pointer target type
nsswitch/pam_winbind.c:319: warning: assignment discards qualifiers from
pointer target type
nsswitch/pam_winbind.c:325: warning: assignment discards qualifiers from
pointer target type
nsswitch/pam_winbind.c:383: warning