Nabble - Samba

Re: samba and ads authentication

2009-11-08T22:27:25Z

Thanks Seban,

I tried running the configure script with the following options...

./configure --with-ldap --with-ads --with-krb5 --with-winbind

I am getting the following error:-

checking for ldap_initialize... yes
checking for ldap_add_result_entry... yes
checking for kerberos 5 install path... no krb5-path given
checking for krb5-config... no
checking for working krb5-config... no. Fallback to previous krb5
detection strategy
checking for /usr/include/heimdal... no
checking for /usr/kerberos... no
checking krb5.h usability... no
checking krb5.h presence... no
checking for krb5.h... no
configure: error: Active Directory cannot be supported without krb5.h

I do have Kerberos installed and the kinit <user>@<domain> works for me.

My Kerberos krb5.conf file is located in the /etc/krb5/ directory,
should I be running the configure script and telling it this location?
Should I have a krb5.h file???

-----Original Message-----
From: sebastian.rajan@... [mailto:sebastian.rajan@...]
Sent: Friday, 6 November 2009 2:41 PM
To: Tom Montague; samba@...
Subject: RE: [Samba] samba and ads authentication

Using the following option to configure for ADS

--with-ldap and --with-ads in configure command

Also, you must have Kerberos library installed, so give
--with-krb5=$(PATH_TO_KRB_LIB)/lib/

If the configure fails, check the path and version of kerberos u r
using.

Regards,
Seban

-----Original Message-----
From: samba-bounces@...
[mailto:samba-bounces@...] On Behalf Of Tom Montague
Sent: Thursday, November 05, 2009 9:45 AM
To: samba@...
Subject: [Samba] samba and ads authentication

I am looking at setting up ADS authentication for my current samba
configuration. I am quite wary of making big changes that I do not
understand as there are shares currently setup and I do not want to lose
this.

I have read through the "how to's" and I am at the point where I want to
"Create the computer account" and running the command :-

Net ads join -U administrator%password

I am getting the error "ADS support not compiled in"

The fix for this says...

Samba must be reconfigured (remove config.cache) and recompile (make
clean all install) after the Kerberos libraries and headers files are
installed.

How do I reconfigure samba? I have inherited this samba configuration
and I am not sure how/what was configured originally and I do not want
to lose the current configuration..

Can someone help me with this recompile command and what entries I
should add. I have some details below of the current configuration...

Samba version 3.0.23c

I found the following details in the config.log

configure:34026: result: no

configure:34038: checking whether to use smbwrapper

configure:34085: result: no

configure:34093: checking whether to use AFS clear-text auth

configure:34111: result: no

configure:34119: checking whether to use AFS fake-kaserver

configure:34137: result: no

configure:34339: checking whether to use AFS fake-kaserver

configure:34357: result: no

configure:34376: checking whether to use DFS clear-text auth

configure:34398: result: no

configure:34407: checking for LDAP support

configure:34421: result: no

configure:35119: checking for Active Directory and krb5 support

configure:35133: result: auto

configure:35146: WARNING: Disabling Active Directory support (requires
LDAP support)

smbd -b | grep LDAP (no output)

smbd -b | grep KRB (no output)

smbd -b | grep ADS (no output)

smbd -b | grep WINBIND

WITH_WINBIND

WITH_WINBIND

TomMontague

</pre>
 <HR>

The information in this email, including any attachments, is
confidential and may be subject to legal or other professional
privilege. It is intended solely for the addressee and access to this
email by anyone else is unauthorised. If you have received this email
in error, please immediately advise the sender by return email, then
delete the message from your system and destroy any copies. If you are
not the intended recipient, any use, interference with, distribution,
disclosure or copying of this material, or any action taken or omitted
to be taken in reliance on it, is unauthorised and prohibited.

The Griffin Group scans all outgoing emails for viruses, however The
Griffin Group cannot guarantee that email communications are secure or
error-free, as information could be intercepted, corrupted, amended,
lost, destroyed, arrive late or incomplete.

 </body>
<pre>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Please do not print this email unless it is absolutely necessary.

The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s)
and may contain proprietary, confidential or privileged information. If
you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and
destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus
transmitted by this email.

www.wipro.com
</pre>
 <HR>

The information in this email, including any attachments, is confidential and may be subject to legal or other professional privilege. It is intended solely for the addressee and access to this email by anyone else is unauthorised. If you have received this email in error, please immediately advise the sender by return email, then delete the message from your system and destroy any copies. If you are not the intended recipient, any use, interference with, distribution, disclosure or copying of this material, or any action taken or omitted to be taken in reliance on it, is unauthorised and prohibited.

The Griffin Group scans all outgoing emails for viruses, however The Griffin Group cannot guarantee that email communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete.

 </body>
<pre>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Re: Yet another include/exclude question

2009-11-08T22:21:03Z

What if I also want to include everything in /this_dir/ without running
two instances and still being able to use --delete?
I thought --include="/this_dir/" --include="/this_dir/***" would do it,
but it doesn't. The exclude * seems to overwrite the include matches:
[sender] hiding file this_dir/foo because of pattern *

Tom

Steven Monai wrote:

> Tony wrote:
>> On Nov 6, 2009, at 12:43 AM, Thomas Gutzler wrote:
>>> Hi,
>>>
>>> How can I include only *.foo and *.bar files in an rsync?
>>> To make it a bit more difficult: Those files can be anywhere in the
>>> directory structure.
>>>
>>> I've been reading and trying for a while but the best I got is all
>>> *.foo and *.bar files in ./ but none of the ones inside any
>>> directories.
>> There is an example in the man pages for *.c files that will do what you
>> want.
>>
>> Try: --include=*/ --include=*.foo --exclude=*
>
> Yes. I would also strongly recommend the section of the man page that
> describes "--prune-empty-dirs".
>
> Cheers,
> -SM
> --

--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

From forum: Samba - rsync

Re: Take2: rsync over ssh with --link-dest

2009-11-08T21:48:41Z

On Mon, 2009-11-09 at 00:28 -0500, Alex wrote:
> >> I'm a bit disappointed that I
> >> can't do it by overriding the server command line
> >
> > Why? Does it have some advantage over the use of an rsync daemon (I
> > can't imagine what)? One can't really expect overriding the server
> > arguments not to lead to the inconsistent behavior you saw.
>
> Simplicity. I'd like to be able to have the server side feed me all
> data beginning with the path I specify, such /backup/serverA,

In other words, you were specifying a bogus source path and counting on
sshd to override it with the real one. Clever. I didn't catch that the
first time.

Realize that the ability to set a module's "path" in the rsyncd.conf
file and have the client refer to the module by a well-known name gives
you the same functionality, and actually more, because the client can
specify a subdirectory path within the module.

> and have
> the client side be able to "--include=/usr/bin" to be able to
> 'download' only the data from /backup/serverA/usr/bin and exclude
> everything else.

That --include means "exclude everything else" is a common
misconception; see the man page. But I imagine the issue will become
moot if you have the client specify a subdirectory of the module instead
of using filters.

> Instead, I have about eight sections of my rsyncd.conf to do this; one
> for each directory tree that I want to back up to a different
> location, primarily based on dates, to have multiple incrementals.

If the daemon solution is looking fundamentally more complicated than
the set of forced server commands you previously had, you're probably
going about it the wrong way and I could help if you post the
rsyncd.conf file.

--
Matt

--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

From forum: Samba - rsync

Re: Take2: rsync over ssh with --link-dest

2009-11-08T21:28:13Z

>> I'm a bit disappointed that I
>> can't do it by overriding the server command line
>
> Why? Does it have some advantage over the use of an rsync daemon (I
> can't imagine what)? One can't really expect overriding the server
> arguments not to lead to the inconsistent behavior you saw.

Simplicity. I'd like to be able to have the server side feed me all
data beginning with the path I specify, such /backup/serverA, and have
the client side be able to "--include=/usr/bin" to be able to
'download' only the data from /backup/serverA/usr/bin and exclude
everything else.

Instead, I have about eight sections of my rsyncd.conf to do this; one
for each directory tree that I want to back up to a different
location, primarily based on dates, to have multiple incrementals.

Thanks,
Alex
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

From forum: Samba - rsync

Re: Impossible to load ndr_* as shared objects :-(

2009-11-08T19:59:04Z

On Sun, 2009-11-08 at 23:30 +0100, Volker Lendecke wrote:

> On Sun, Nov 08, 2009 at 07:47:02PM +0100, Volker Lendecke wrote:
> > After some weekends of work disentangling the ndr tables
> > from the rest of the code I had to figure out that it is
> > impossible to load them as shared objects: lsa_String and
> > other datatypes are everywhere.
>
> Attached find a patch that introduces "shared.idl" with all
> shared stuff. Not good for a late night checkin, but that is
> needed for making the large ndr_*.o shared objects.
>
> I'll check it in together with the required build fixes once
> make test has finished. But that's probably not going to be
> before tomorrow.

The netr_SamBaseInfo looks out of place. What makes it need to be
shared with every other part of the system?

Otherwise, most of the definitions look reasonable, and it's good to
have the 'common to most of Samba', but not 'common to all of RPC'
definitions in once place.

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.

signature.asc (196 bytes) Download Attachment

From forum: Samba - samba-technical

Re: Take2: rsync over ssh with --link-dest

2009-11-08T18:12:23Z

On Sun, 2009-11-08 at 21:01 -0500, Alex wrote:
> > Overriding the server command line is generally a bad idea for the
> > reasons you went on to note. Instead, use an rsync daemon. You can
> > even have the daemon invoked over ssh with a forced command, see:
> >
> > https://bugzilla.samba.org/show_bug.cgi?id=4163#c4
>
> That looks like the way to go. I've got it set up and running for a
> few days now, and it's working okay.

Good.

> I'm a bit disappointed that I
> can't do it by overriding the server command line

Why? Does it have some advantage over the use of an rsync daemon (I
can't imagine what)? One can't really expect overriding the server
arguments not to lead to the inconsistent behavior you saw.

--
Matt

--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

From forum: Samba - rsync

Re: Take2: rsync over ssh with --link-dest

2009-11-08T18:01:29Z

Hi,

> Overriding the server command line is generally a bad idea for the
> reasons you went on to note. Instead, use an rsync daemon. You can
> even have the daemon invoked over ssh with a forced command, see:
>
> https://bugzilla.samba.org/show_bug.cgi?id=4163#c4

That looks like the way to go. I've got it set up and running for a
few days now, and it's working okay. I'm a bit disappointed that I
can't do it by overriding the server command line, but it's okay.

Thanks again,
Alex
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

From forum: Samba - rsync

[PATCH] cifs: don't use CIFSGetSrvInodeNumber in is_path_accessible

2009-11-08T16:39:04Z

Because it's lighter weight, CIFS tries to use CIFSGetSrvInodeNumber to
verify the accessibility of the root inode and then falls back to doing a
full QPathInfo if that fails with -EOPNOTSUPP. I have at least a report
of a server that returns NT_STATUS_INTERNAL_ERROR rather than something
that translates to EOPNOTSUPP.

Rather than trying to be clever with that call, just have
is_path_accessible do a normal QPathInfo. That call is widely
supported and it shouldn't increase the overhead significantly.

Cc: Stable <stable@...>
Signed-off-by: Jeff Layton <jlayton@...>
Signed-off-by: Steve French <sfrench@...>
---
fs/cifs/connect.c | 8 --------
1 files changed, 0 insertions(+), 8 deletions(-)

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index b090980..63ea83f 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2220,16 +2220,8 @@ is_path_accessible(int xid, struct cifsTconInfo *tcon,
struct cifs_sb_info *cifs_sb, const char *full_path)
{
int rc;
- __u64 inode_num;
FILE_ALL_INFO *pfile_info;

- rc = CIFSGetSrvInodeNumber(xid, tcon, full_path, &inode_num,
- cifs_sb->local_nls,
- cifs_sb->mnt_cifs_flags &
- CIFS_MOUNT_MAP_SPECIAL_CHR);
- if (rc != -EOPNOTSUPP)
- return rc;
-
pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
if (pfile_info == NULL)
return -ENOMEM;
--
1.6.0.6

_______________________________________________
linux-cifs-client mailing list
linux-cifs-client@...
https://lists.samba.org/mailman/listinfo/linux-cifs-client

From forum: Samba - linux-cifs-client

[PATCH] cifs: clean up handling when server doesn't consistently support inode numbers

2009-11-08T16:39:03Z

It's possible that a server will return a valid FileID when we query the
FILE_INTERNAL_INFO for the root inode, but then zeroed out inode numbers
when we do a FindFile with an infolevel of
SMB_FIND_FILE_ID_FULL_DIR_INFO.

In this situation turn off querying for server inode numbers, generate a
warning for the user and just generate an inode number using iunique.
Once we generate any inode number with iunique we can no longer use any
server inode numbers or we risk collisions, so ensure that we don't do
that in cifs_get_inode_info either.

Cc: Stable <stable@...>
Reported-by: Timothy Normand Miller <theosib@...>
Signed-off-by: Jeff Layton <jlayton@...>
Signed-off-by: Steve French <sfrench@...>
---
fs/cifs/cifsproto.h | 1 +
fs/cifs/inode.c | 7 ++-----
fs/cifs/misc.c | 14 ++++++++++++++
fs/cifs/readdir.c | 7 ++++---
4 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 6928c24..5646727 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -388,4 +388,5 @@ extern int CIFSSMBSetPosixACL(const int xid, struct cifsTconInfo *tcon,
const struct nls_table *nls_codepage, int remap_special_chars);
extern int CIFSGetExtAttr(const int xid, struct cifsTconInfo *tcon,
const int netfid, __u64 *pExtAttrBits, __u64 *pMask);
+extern void cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb);
#endif /* _CIFSPROTO_H */
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index 5e24925..cababd8 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -512,13 +512,10 @@ int cifs_get_inode_info(struct inode **pinode,
cifs_sb->local_nls,
cifs_sb->mnt_cifs_flags &
CIFS_MOUNT_MAP_SPECIAL_CHR);
- if (rc1) {
+ if (rc1 || !fattr.cf_uniqueid) {
cFYI(1, ("GetSrvInodeNum rc %d", rc1));
fattr.cf_uniqueid = iunique(sb, ROOT_I);
- /* disable serverino if call not supported */
- if (rc1 == -EINVAL)
- cifs_sb->mnt_cifs_flags &=
- ~CIFS_MOUNT_SERVER_INUM;
+ cifs_autodisable_serverino(cifs_sb);
}
} else {
fattr.cf_uniqueid = iunique(sb, ROOT_I);
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 0241b25..1e25efc 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -715,3 +715,17 @@ cifsConvertToUCS(__le16 *target, const char *source, int maxlen,
ctoUCS_out:
return i;
}
+
+void
+cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb)
+{
+ if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM) {
+ cifs_sb->mnt_cifs_flags &= CIFS_MOUNT_SERVER_INUM;
+ cERROR(1, ("Autodisabling the use of server inode numbers on "
+ "%s. This server doesn't seem to support them "
+ "properly. Hardlinks will not be recognized on this "
+ "mount. Consider mounting with the \"noserverino\" "
+ "option to silence this message.",
+ cifs_sb->tcon->treeName));
+ }
+}
diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
index 1f098ca..f84062f 100644
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c
@@ -727,11 +727,12 @@ static int cifs_filldir(char *pfindEntry, struct file *file, filldir_t filldir,
cifs_dir_info_to_fattr(&fattr, (FILE_DIRECTORY_INFO *)
pfindEntry, cifs_sb);

- /* FIXME: make _to_fattr functions fill this out */
- if (pCifsF->srch_inf.info_level == SMB_FIND_FILE_ID_FULL_DIR_INFO)
+ if (inum && (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM)) {
fattr.cf_uniqueid = inum;
- else
+ } else {
fattr.cf_uniqueid = iunique(sb, ROOT_I);
+ cifs_autodisable_serverino(cifs_sb);
+ }

ino = cifs_uniqueid_to_ino_t(fattr.cf_uniqueid);
tmp_dentry = cifs_readdir_lookup(file->f_dentry, &qstring, &fattr);
--
1.6.0.6

_______________________________________________
linux-cifs-client mailing list
linux-cifs-client@...
https://lists.samba.org/mailman/listinfo/linux-cifs-client

From forum: Samba - linux-cifs-client

Re: DNS and GENSEC issues when running the samba binary

2009-11-08T16:29:00Z

Hi Cr stian,

> Here's part of the error log:
>
> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 -
> > NT_STATUS_INVALID_
>
> PARAMETER
>
>
> That UUID is the same one that is shown when I try to run "samba" here, on
> my machine. They're different computers, different domains. Shouldn't those
> UUIDs be different for each one of us?

UUIDs are used for both machine specific IDs and for IDS that are
common to all computers. In this case the above ID is the 'pipe' UUID
of the DRSUAPI pipe. If you look in librpc/idl/drsuapi.idl then you'll
see a line like this:

uuid("e3514235-4b06-11d1-ab04-00c04fc2dcd2")

which says that this pipe is identified by that UUID.

If you see a UUID and wonder if it might be a fixed uuid like this,
then try "git grep" to find it in the Samba source code. For example:

git grep -i -n e3514235-4b06-11d1-ab04-00c04fc2dcd2

run that in the top level directory and it will show you any cases
where that UUID is embedded in the Samba source code.

You could also put it into a Google search.

Cheers, Tridge

From forum: Samba - samba-technical

Re: DNS and GENSEC issues when running the samba binary

2009-11-08T16:24:38Z

Hi Eduardo and Erick,

This almost certainly means your bind9 configuration is incorrect. To
diagnose/fix these types of problems you should do this:

1) first check that you can resolve the name using the 'host' command
on Linux, pointing it directly at the windows box. For example:

host -t SRV _ldap._tcp.DOMAIN 143.106.167.147

where DOMAIN is the DNS domain name you are looking for. In the
example Erick gave this would be:

winserverad.ltc.inovasoft.unicamp.br

You should get back something like this:

_ldap._tcp.DOMAIN has SRV record 0 100 389 xxx.DOMAIN

where 'xxx' is the hostname of the DC.

If that doesn't work, then either you have the wrong name, or your
windows DC is not configured correctly. Is 'winserverad' really the
name of the Windows domain?

2) when that works, then try it on the name that is failing in the
logs (the GUID name in _msdcs). It is probably a CNAME so change the
query from a SRV record to a CNAME

3) once that works, you need to make sure your local bind9 config is
right. For example, in /etc/named.conf.local you may have an entry
like this:

zone "winserverad.ltc.inovasoft.unicamp.br" IN {
type forward;
forwarders {
143.106.167.147;
};
};

Alternatively, you may be using a include file. Now restart bind
(with /etc/init.d/bind9 restart) and look in its syslog file (try
/var/log/daemon.log). Does it report any errors? A very common cause
of errors is apparmor restrictions. Try running aa-logprof and see
if bind9 is asking for permissions on any files that apparmore is
denying.

3) when you think you have the bind9 config right, try the 'host'
command again but pointing at localhost:

host -t SRV _ldap._tcp.DOMAIN 127.0.0.1

If it doesn't work then look carefully again at your bind9
config. Check for errors in the bind9 log file.

Cheers, Tridge

From forum: Samba - samba-technical

Re: Impossible to load ndr_* as shared objects :-(

2009-11-08T14:30:33Z

On Sun, Nov 08, 2009 at 07:47:02PM +0100, Volker Lendecke wrote:
> After some weekends of work disentangling the ndr tables
> from the rest of the code I had to figure out that it is
> impossible to load them as shared objects: lsa_String and
> other datatypes are everywhere.

Attached find a patch that introduces "shared.idl" with all
shared stuff. Not good for a late night checkin, but that is
needed for making the large ndr_*.o shared objects.

I'll check it in together with the required build fixes once
make test has finished. But that's probably not going to be
before tomorrow.

Volker

librpc/idl/browser.idl | 2 +-
librpc/idl/drsblobs.idl | 2 +-
librpc/idl/drsuapi.idl | 2 +-
librpc/idl/eventlog.idl | 2 +-
librpc/idl/initshutdown.idl | 2 +-
librpc/idl/krb5pac.idl | 2 +-
librpc/idl/lsa.idl | 90 +------------
librpc/idl/misc.idl | 1 -
librpc/idl/named_pipe_auth.idl | 2 +-
librpc/idl/nbt.idl | 2 +-
librpc/idl/netlogon.idl | 97 +-------------
librpc/idl/samr.idl | 63 +--------
librpc/idl/schannel.idl | 2 +-
librpc/idl/shared.idl | 307 ++++++++++++++++++++++++++++++++++++++++
librpc/idl/spoolss.idl | 2 +-
librpc/idl/srvsvc.idl | 24 +---
librpc/idl/svcctl.idl | 31 ----
librpc/idl/winreg.idl | 2 +-
librpc/idl/wkssvc.idl | 2 +-
19 files changed, 323 insertions(+), 314 deletions(-)

diff --git a/librpc/idl/browser.idl b/librpc/idl/browser.idl
index 94d4ce6..8284fae 100644
--- a/librpc/idl/browser.idl
+++ b/librpc/idl/browser.idl
@@ -1,4 +1,4 @@
-import "srvsvc.idl";
+import "shared.idl";

[
uuid("6bffd098-a112-3610-9833-012892020162"),
diff --git a/librpc/idl/drsblobs.idl b/librpc/idl/drsblobs.idl
index 97f3b2d..5d093d8 100644
--- a/librpc/idl/drsblobs.idl
+++ b/librpc/idl/drsblobs.idl
@@ -1,6 +1,6 @@
#include "idl_types.h"

-import "drsuapi.idl", "misc.idl", "samr.idl", "lsa.idl";
+import "drsuapi.idl", "misc.idl", "shared.idl";

[
uuid("12345778-1234-abcd-0001-00000001"),
diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl
index f53db00..d4f140d 100644
--- a/librpc/idl/drsuapi.idl
+++ b/librpc/idl/drsuapi.idl
@@ -1,6 +1,6 @@
#include "idl_types.h"

-import "security.idl", "misc.idl", "samr.idl";
+import "security.idl", "misc.idl", "shared.idl";

[
uuid("e3514235-4b06-11d1-ab04-00c04fc2dcd2"),
diff --git a/librpc/idl/eventlog.idl b/librpc/idl/eventlog.idl
index e269467..4d6fd3d 100644
--- a/librpc/idl/eventlog.idl
+++ b/librpc/idl/eventlog.idl
@@ -4,7 +4,7 @@
eventlog interface definition
*/

-import "lsa.idl", "security.idl";
+import "shared.idl", "security.idl";

[ uuid("82273fdc-e32a-18c3-3f78-827929dc23ea"),
version(0.0),
diff --git a/librpc/idl/initshutdown.idl b/librpc/idl/initshutdown.idl
index 13a1362..75265a8 100644
--- a/librpc/idl/initshutdown.idl
+++ b/librpc/idl/initshutdown.idl
@@ -4,7 +4,7 @@
initshutdown interface definition
*/

-import "lsa.idl";
+import "misc.idl", "shared.idl";

[
uuid("894de0c0-0d55-11d3-a322-00c04fa321a1"),
diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
index 24c55b8..3a5dba3 100644
--- a/librpc/idl/krb5pac.idl
+++ b/librpc/idl/krb5pac.idl
@@ -4,7 +4,7 @@

#include "idl_types.h"

-import "security.idl", "netlogon.idl", "samr.idl";
+import "security.idl", "shared.idl";

[
uuid("12345778-1234-abcd-0000-00000000"),
diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl
index a893786..d903a57 100644
--- a/librpc/idl/lsa.idl
+++ b/librpc/idl/lsa.idl
@@ -4,7 +4,7 @@
lsa interface definition
*/

-import "misc.idl", "security.idl";
+import "misc.idl", "security.idl", "shared.idl";

[ uuid("12345778-1234-abcd-ef00-0123456789ab"),
version(0.0),
@@ -16,41 +16,6 @@ import "misc.idl", "security.idl";
typedef bitmap security_secinfo security_secinfo;
typedef bitmap kerb_EncTypes kerb_EncTypes;

- typedef [public] struct {
- [value(2*strlen_m(string))] uint16 length;
- [value(2*strlen_m(string))] uint16 size;
- [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
- } lsa_String;
-
- typedef [public] struct {
- [value(2*strlen_m(string))] uint16 length;
- [value(2*strlen_m_term(string))] uint16 size;
- [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
- } lsa_StringLarge;
-
- typedef [public] struct {
- uint32 count;
- [size_is(count)] lsa_String *names;
- } lsa_Strings;
-
- typedef [public] struct {
- [value(strlen_m(string))] uint16 length;
- [value(strlen_m(string))] uint16 size;
- [charset(DOS),size_is(size),length_is(length)] uint8 *string;
- } lsa_AsciiString;
-
- typedef [public] struct {
- [value(strlen_m(string))] uint16 length;
- [value(strlen_m_term(string))] uint16 size;
- [charset(DOS),size_is(size),length_is(length)] uint8 *string;
- } lsa_AsciiStringLarge;
-
- typedef [public] struct {
- uint16 length;
- uint16 size;
- [size_is(size/2),length_is(length/2)] uint16 *array;
- } lsa_BinaryString;
-
/******************/
/* Function: 0x00 */
NTSTATUS lsa_Close (
@@ -446,15 +411,6 @@ import "misc.idl", "security.idl";
one privilege set
*/
/* Function: 0x0b */
- typedef struct {
- dom_sid2 *sid;
- } lsa_SidPtr;
-
- typedef [public] struct {
- [range(0,1000)] uint32 num_sids;
- [size_is(num_sids)] lsa_SidPtr *sids;
- } lsa_SidArray;
-
[public] NTSTATUS lsa_EnumAccounts(
[in] policy_handle *handle,
[in,out,ref] uint32 *resume_handle,
@@ -757,13 +713,6 @@ import "misc.idl", "security.idl";
lsa_TrustAttributes trust_attributes;
} lsa_TrustDomainInfoInfoEx;

- typedef [public,v1_enum] enum {
- TRUST_AUTH_TYPE_NONE = 0,
- TRUST_AUTH_TYPE_NT4OWF = 1,
- TRUST_AUTH_TYPE_CLEAR = 2,
- TRUST_AUTH_TYPE_VERSION = 3
- } lsa_TrustAuthType;
-
typedef struct {
NTTIME_hyper last_update_time;
lsa_TrustAuthType AuthType;
@@ -1267,43 +1216,6 @@ import "misc.idl", "security.idl";
[todo] NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();

/* Function 0x49 */
- typedef struct {
- [range(0,131072)] uint3264 length;
- [size_is(length)] uint8 *data;
- } lsa_ForestTrustBinaryData;
-
- typedef struct {
- dom_sid2 *domain_sid;
- lsa_StringLarge dns_domain_name;
- lsa_StringLarge netbios_domain_name;
- } lsa_ForestTrustDomainInfo;
-
- typedef [switch_type(uint32)] union {
- [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
- [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
- [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
- [default] lsa_ForestTrustBinaryData data;
- } lsa_ForestTrustData;
-
- typedef [v1_enum] enum {
- LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
- LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
- LSA_FOREST_TRUST_DOMAIN_INFO = 2,
- LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
- } lsa_ForestTrustRecordType;
-
- typedef struct {
- uint32 flags;
- lsa_ForestTrustRecordType level;
- hyper unknown;
- [switch_is(level)] lsa_ForestTrustData forest_trust_data;
- } lsa_ForestTrustRecord;
-
- typedef [public] struct {
- [range(0,4000)] uint32 count;
- [size_is(count)] lsa_ForestTrustRecord **entries;
- } lsa_ForestTrustInformation;
-
NTSTATUS lsa_lsaRQueryForestTrustInformation(
[in] policy_handle *handle,
[in,ref] lsa_String *trusted_domain_name,
diff --git a/librpc/idl/misc.idl b/librpc/idl/misc.idl
index 5a2bf75..ce44e86 100644
--- a/librpc/idl/misc.idl
+++ b/librpc/idl/misc.idl
@@ -4,7 +4,6 @@
miscellaneous IDL structures
*/

-
[
pyhelper("librpc/ndr/py_misc.c"),
pointer_default(unique)
diff --git a/librpc/idl/named_pipe_auth.idl b/librpc/idl/named_pipe_auth.idl
index 43db989..5a61dec 100644
--- a/librpc/idl/named_pipe_auth.idl
+++ b/librpc/idl/named_pipe_auth.idl
@@ -3,7 +3,7 @@
miscellaneous IDL structures
*/

-import "netlogon.idl";
+import "shared.idl";

[
pointer_default(unique)
diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl
index a51132c..ccd1a5c 100644
--- a/librpc/idl/nbt.idl
+++ b/librpc/idl/nbt.idl
@@ -8,7 +8,7 @@
encoding if it doesn't work out
*/

-import "misc.idl", "security.idl", "svcctl.idl", "samr.idl";
+import "misc.idl", "security.idl", "shared.idl";
[
helper("../libcli/netlogon.h", "../libcli/nbt/libnbt.h")
]
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index 82a60c7..316a0f1 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -4,7 +4,7 @@
who contributed!
*/

-import "misc.idl", "lsa.idl", "samr.idl", "security.idl", "nbt.idl";
+import "misc.idl", "shared.idl", "security.idl", "nbt.idl";

#include "idl_types.h"

@@ -181,73 +181,11 @@ interface netlogon
[case(NetlogonServiceTransitiveInformation)] netr_PasswordInfo *password;
} netr_LogonLevel;

- typedef [public,flag(NDR_PAHEX)] struct {
- uint8 key[16];
- } netr_UserSessionKey;
-
- typedef [public,flag(NDR_PAHEX)] struct {
- uint8 key[8];
- } netr_LMSessionKey;
-
- /* Flags for user_flags below */
- typedef [public,bitmap32bit] bitmap {
- NETLOGON_GUEST = 0x00000001,
- NETLOGON_NOENCRYPTION = 0x00000002,
- NETLOGON_CACHED_ACCOUNT = 0x00000004,
- NETLOGON_USED_LM_PASSWORD = 0x00000008,
- NETLOGON_EXTRA_SIDS = 0x00000020,
- NETLOGON_SUBAUTH_SESSION_KEY = 0x00000040,
- NETLOGON_SERVER_TRUST_ACCOUNT = 0x00000080,
- NETLOGON_NTLMV2_ENABLED = 0x00000100,
- NETLOGON_RESOURCE_GROUPS = 0x00000200,
- NETLOGON_PROFILE_PATH_RETURNED = 0x00000400,
- NETLOGON_GRACE_LOGON = 0x01000000
- } netr_UserFlags;
-
- typedef struct {
- NTTIME last_logon;
- NTTIME last_logoff;
- NTTIME acct_expiry;
- NTTIME last_password_change;
- NTTIME allow_password_change;
- NTTIME force_password_change;
- lsa_String account_name;
- lsa_String full_name;
- lsa_String logon_script;
- lsa_String profile_path;
- lsa_String home_directory;
- lsa_String home_drive;
- uint16 logon_count;
- uint16 bad_password_count;
- uint32 rid;
- uint32 primary_gid;
- samr_RidWithAttributeArray groups;
- netr_UserFlags user_flags;
- netr_UserSessionKey key;
- lsa_StringLarge logon_server;
- lsa_StringLarge domain;
- dom_sid2 *domain_sid;
- netr_LMSessionKey LMSessKey;
- samr_AcctFlags acct_flags;
- uint32 unknown[7];
- } netr_SamBaseInfo;
-
typedef struct {
netr_SamBaseInfo base;
} netr_SamInfo2;

typedef struct {
- dom_sid2 *sid;
- samr_GroupAttrs attributes;
- } netr_SidAttr;
-
- typedef [public] struct {
- netr_SamBaseInfo base;
- uint32 sidcount;
- [size_is(sidcount)] netr_SidAttr *sids;
- } netr_SamInfo3;
-
- typedef struct {
netr_SamBaseInfo base;
uint32 sidcount;
[size_is(sidcount)] netr_SidAttr *sids;
@@ -293,10 +231,6 @@ interface netlogon
[case(NetlogonValidationSamInfo4)] netr_SamInfo6 *sam6;
} netr_Validation;

- typedef [public, flag(NDR_PAHEX)] struct {
- uint8 data[8];
- } netr_Credential;
-
typedef [public] struct {
netr_Credential cred;
time_t timestamp;
@@ -944,35 +878,6 @@ interface netlogon
/*****************/
/* Function 0x0F */

- typedef [public,bitmap32bit] bitmap {
- NETLOGON_NEG_ACCOUNT_LOCKOUT = 0x00000001,
- NETLOGON_NEG_PERSISTENT_SAMREPL = 0x00000002,
- NETLOGON_NEG_ARCFOUR = 0x00000004,
- NETLOGON_NEG_PROMOTION_COUNT = 0x00000008,
- NETLOGON_NEG_CHANGELOG_BDC = 0x00000010,
- NETLOGON_NEG_FULL_SYNC_REPL = 0x00000020,
- NETLOGON_NEG_MULTIPLE_SIDS = 0x00000040,
- NETLOGON_NEG_REDO = 0x00000080,
- NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL = 0x00000100,
- NETLOGON_NEG_SEND_PASSWORD_INFO_PDC = 0x00000200,
- NETLOGON_NEG_GENERIC_PASSTHROUGH = 0x00000400,
- NETLOGON_NEG_CONCURRENT_RPC = 0x00000800,
- NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000,
- NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000,
- NETLOGON_NEG_STRONG_KEYS = 0x00004000,
- NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000,
- NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000,
- NETLOGON_NEG_PASSWORD_SET2 = 0x00020000,
- NETLOGON_NEG_GETDOMAININFO = 0x00040000,
- NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000,
- NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000,
- NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000,
- NETLOGON_NEG_SUPPORTS_AES_SHA2 = 0x00400000,
- NETLOGON_NEG_SUPPORTS_AES = 0x01000000,
- NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000,
- NETLOGON_NEG_AUTHENTICATED_RPC = 0x40000000
- } netr_NegotiateFlags;
-
const uint32 NETLOGON_NEG_128BIT = NETLOGON_NEG_STRONG_KEYS;
const uint32 NETLOGON_NEG_SCHANNEL = NETLOGON_NEG_AUTHENTICATED_RPC;

diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl
index da7b1aa..0400c31 100644
--- a/librpc/idl/samr.idl
+++ b/librpc/idl/samr.idl
@@ -3,7 +3,7 @@
/*
samr interface definition
*/
-import "misc.idl", "lsa.idl", "security.idl";
+import "misc.idl", "security.idl", "shared.idl";

/*
Thanks to Todd Sabin for some information from his samr.idl in acltools
@@ -17,36 +17,6 @@ import "misc.idl", "lsa.idl", "security.idl";
{
typedef bitmap security_secinfo security_secinfo;

- /* SAM database types */
- typedef [public,v1_enum] enum {
- SAM_DATABASE_DOMAIN = 0, /* Domain users and groups */
- SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */
- SAM_DATABASE_PRIVS = 2 /* Privileges */
- } netr_SamDatabaseID;
-
- /* account control (acct_flags) bits */
- typedef [public,bitmap32bit] bitmap {
- ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
- ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
- ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
- ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
- ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
- ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
- ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
- ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
- ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
- ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
- ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */
- ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */
- ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */
- ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */
- ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */
- ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
- ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */
- ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */
- ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
- } samr_AcctFlags;
-
/* SAM server specific access rights */

typedef [bitmap32bit] bitmap {
@@ -569,17 +539,6 @@ import "misc.idl", "lsa.idl", "security.idl";
[out,ref] policy_handle *group_handle
);

- /* Group attributes */
- typedef [public,bitmap32bit] bitmap {
- SE_GROUP_MANDATORY = 0x00000001,
- SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002,
- SE_GROUP_ENABLED = 0x00000004,
- SE_GROUP_OWNER = 0x00000008,
- SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010,
- SE_GROUP_RESOURCE = 0x20000000,
- SE_GROUP_LOGON_ID = 0xC0000000
- } samr_GroupAttrs;
-
/************************/
/* Function 0x14 */

@@ -811,12 +770,6 @@ import "misc.idl", "lsa.idl", "security.idl";
uint16 code_page;
} samr_UserInfo2;

- /* this is also used in samr and netlogon */
- typedef [public, flag(NDR_PAHEX)] struct {
- uint16 units_per_week;
- [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
- } samr_LogonHours;
-
typedef struct {
lsa_String account_name;
lsa_String full_name;
@@ -909,10 +862,6 @@ import "misc.idl", "lsa.idl", "security.idl";
NTTIME acct_expiry;
} samr_UserInfo17;

- typedef [public, flag(NDR_PAHEX)] struct {
- uint8 hash[16];
- } samr_Password;
-
typedef struct {
samr_Password nt_pwd;
samr_Password lm_pwd;
@@ -1092,16 +1041,6 @@ import "misc.idl", "lsa.idl", "security.idl";
/************************/
/* Function 0x27 */

- typedef [public] struct {
- uint32 rid;
- samr_GroupAttrs attributes;
- } samr_RidWithAttribute;
-
- typedef [public] struct {
- uint32 count;
- [size_is(count)] samr_RidWithAttribute *rids;
- } samr_RidWithAttributeArray;
-
NTSTATUS samr_GetGroupsForUser(
[in,ref] policy_handle *user_handle,
[out,ref] samr_RidWithAttributeArray **rids
diff --git a/librpc/idl/schannel.idl b/librpc/idl/schannel.idl
index a30e292..55fedef 100644
--- a/librpc/idl/schannel.idl
+++ b/librpc/idl/schannel.idl
@@ -4,7 +4,7 @@
schannel structures
*/

-import "netlogon.idl", "nbt.idl";
+import "shared.idl", "nbt.idl";

[
pointer_default(unique),
diff --git a/librpc/idl/shared.idl b/librpc/idl/shared.idl
new file mode 100644
index 0000000..0ecbf6b
--- /dev/null
+++ b/librpc/idl/shared.idl
@@ -0,0 +1,307 @@
+#include "idl_types.h"
+
+import "misc.idl", "security.idl";
+
+[
+ pointer_default(unique)
+]
+interface shared
+{
+ /* SAM database types */
+
+ typedef [public] struct {
+ [value(2*strlen_m(string))] uint16 length;
+ [value(2*strlen_m(string))] uint16 size;
+ [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
+ } lsa_String;
+
+ typedef [public] struct {
+ [value(2*strlen_m(string))] uint16 length;
+ [value(2*strlen_m_term(string))] uint16 size;
+ [charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
+ } lsa_StringLarge;
+
+ typedef [public] struct {
+ uint16 length;
+ uint16 size;
+ [size_is(size/2),length_is(length/2)] uint16 *array;
+ } lsa_BinaryString;
+
+ typedef [public] struct {
+ [value(strlen_m(string))] uint16 length;
+ [value(strlen_m(string))] uint16 size;
+ [charset(DOS),size_is(size),length_is(length)] uint8 *string;
+ } lsa_AsciiString;
+
+ typedef [public] struct {
+ [value(strlen_m(string))] uint16 length;
+ [value(strlen_m_term(string))] uint16 size;
+ [charset(DOS),size_is(size),length_is(length)] uint8 *string;
+ } lsa_AsciiStringLarge;
+
+ typedef struct {
+ dom_sid2 *sid;
+ } lsa_SidPtr;
+
+ typedef [public] struct {
+ [range(0,1000)] uint32 num_sids;
+ [size_is(num_sids)] lsa_SidPtr *sids;
+ } lsa_SidArray;
+
+ typedef [public] struct {
+ uint32 count;
+ [size_is(count)] lsa_String *names;
+ } lsa_Strings;
+
+ /* account control (acct_flags) bits */
+ typedef [public,bitmap32bit] bitmap {
+ ACB_DISABLED = 0x00000001, /* 1 = User account disabled */
+ ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */
+ ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */
+ ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */
+ ACB_NORMAL = 0x00000010, /* 1 = Normal user account */
+ ACB_MNS = 0x00000020, /* 1 = MNS logon user account */
+ ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */
+ ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */
+ ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */
+ ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */
+ ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */
+ ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */
+ ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */
+ ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */
+ ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */
+ ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */
+ ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */
+ ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */
+ ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */
+ } samr_AcctFlags;
+
+ /* Group attributes */
+ typedef [public,bitmap32bit] bitmap {
+ SE_GROUP_MANDATORY = 0x00000001,
+ SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002,
+ SE_GROUP_ENABLED = 0x00000004,
+ SE_GROUP_OWNER = 0x00000008,
+ SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010,
+ SE_GROUP_RESOURCE = 0x20000000,
+ SE_GROUP_LOGON_ID = 0xC0000000
+ } samr_GroupAttrs;
+
+ typedef [public, flag(NDR_PAHEX)] struct {
+ uint8 hash[16];
+ } samr_Password;
+
+ typedef [public] struct {
+ uint32 rid;
+ samr_GroupAttrs attributes;
+ } samr_RidWithAttribute;
+
+ typedef [public] struct {
+ uint32 count;
+ [size_is(count)] samr_RidWithAttribute *rids;
+ } samr_RidWithAttributeArray;
+
+ /* this is also used in samr and netlogon */
+ typedef [public, flag(NDR_PAHEX)] struct {
+ uint16 units_per_week;
+ [size_is(1260), length_is(units_per_week/8)] uint8 *bits;
+ } samr_LogonHours;
+
+ typedef struct {
+ [range(0,131072)] uint3264 length;
+ [size_is(length)] uint8 *data;
+ } lsa_ForestTrustBinaryData;
+
+ typedef struct {
+ dom_sid2 *domain_sid;
+ lsa_StringLarge dns_domain_name;
+ lsa_StringLarge netbios_domain_name;
+ } lsa_ForestTrustDomainInfo;
+
+ typedef [switch_type(uint32)] union {
+ [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
+ [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
+ [case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
+ [default] lsa_ForestTrustBinaryData data;
+ } lsa_ForestTrustData;
+
+ typedef [v1_enum] enum {
+ LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
+ LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
+ LSA_FOREST_TRUST_DOMAIN_INFO = 2,
+ LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
+ } lsa_ForestTrustRecordType;
+
+ typedef struct {
+ uint32 flags;
+ lsa_ForestTrustRecordType level;
+ hyper unknown;
+ [switch_is(level)] lsa_ForestTrustData forest_trust_data;
+ } lsa_ForestTrustRecord;
+
+ typedef [public] struct {
+ [range(0,4000)] uint32 count;
+ [size_is(count)] lsa_ForestTrustRecord **entries;
+ } lsa_ForestTrustInformation;
+
+ typedef [public,v1_enum] enum {
+ TRUST_AUTH_TYPE_NONE = 0,
+ TRUST_AUTH_TYPE_NT4OWF = 1,
+ TRUST_AUTH_TYPE_CLEAR = 2,
+ TRUST_AUTH_TYPE_VERSION = 3
+ } lsa_TrustAuthType;
+
+ typedef [public,v1_enum] enum {
+ SAM_DATABASE_DOMAIN = 0, /* Domain users and groups */
+ SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */
+ SAM_DATABASE_PRIVS = 2 /* Privileges */
+ } netr_SamDatabaseID;
+
+ typedef [public,flag(NDR_PAHEX)] struct {
+ uint8 key[16];
+ } netr_UserSessionKey;
+
+ typedef [public,flag(NDR_PAHEX)] struct {
+ uint8 key[8];
+ } netr_LMSessionKey;
+
+ /* Flags for user_flags below */
+ typedef [public,bitmap32bit] bitmap {
+ NETLOGON_GUEST = 0x00000001,
+ NETLOGON_NOENCRYPTION = 0x00000002,
+ NETLOGON_CACHED_ACCOUNT = 0x00000004,
+ NETLOGON_USED_LM_PASSWORD = 0x00000008,
+ NETLOGON_EXTRA_SIDS = 0x00000020,
+ NETLOGON_SUBAUTH_SESSION_KEY = 0x00000040,
+ NETLOGON_SERVER_TRUST_ACCOUNT = 0x00000080,
+ NETLOGON_NTLMV2_ENABLED = 0x00000100,
+ NETLOGON_RESOURCE_GROUPS = 0x00000200,
+ NETLOGON_PROFILE_PATH_RETURNED = 0x00000400,
+ NETLOGON_GRACE_LOGON = 0x01000000
+ } netr_UserFlags;
+
+ typedef [public] struct {
+ NTTIME last_logon;
+ NTTIME last_logoff;
+ NTTIME acct_expiry;
+ NTTIME last_password_change;
+ NTTIME allow_password_change;
+ NTTIME force_password_change;
+ lsa_String account_name;
+ lsa_String full_name;
+ lsa_String logon_script;
+ lsa_String profile_path;
+ lsa_String home_directory;
+ lsa_String home_drive;
+ uint16 logon_count;
+ uint16 bad_password_count;
+ uint32 rid;
+ uint32 primary_gid;
+ samr_RidWithAttributeArray groups;
+ netr_UserFlags user_flags;
+ netr_UserSessionKey key;
+ lsa_StringLarge logon_server;
+ lsa_StringLarge domain;
+ dom_sid2 *domain_sid;
+ netr_LMSessionKey LMSessKey;
+ samr_AcctFlags acct_flags;
+ uint32 unknown[7];
+ } netr_SamBaseInfo;
+
+ typedef [public] struct {
+ dom_sid2 *sid;
+ samr_GroupAttrs attributes;
+ } netr_SidAttr;
+
+ typedef [public] struct {
+ netr_SamBaseInfo base;
+ uint32 sidcount;
+ [size_is(sidcount)] netr_SidAttr *sids;
+ } netr_SamInfo3;
+
+ typedef [public,v1_enum] enum {
+ PLATFORM_ID_DOS = 300,
+ PLATFORM_ID_OS2 = 400,
+ PLATFORM_ID_NT = 500,
+ PLATFORM_ID_OSF = 600,
+ PLATFORM_ID_VMS = 700
+ } srvsvc_PlatformId;
+
+ typedef [public,bitmap32bit] bitmap {
+ SV_TYPE_WORKSTATION = 0x00000001,
+ SV_TYPE_SERVER = 0x00000002,
+ SV_TYPE_SQLSERVER = 0x00000004,
+ SV_TYPE_DOMAIN_CTRL = 0x00000008,
+ SV_TYPE_DOMAIN_BAKCTRL = 0x00000010,
+ SV_TYPE_TIME_SOURCE = 0x00000020,
+ SV_TYPE_AFP = 0x00000040,
+ SV_TYPE_NOVELL = 0x00000080,
+
+ SV_TYPE_DOMAIN_MEMBER = 0x00000100,
+ SV_TYPE_PRINTQ_SERVER = 0x00000200,
+ SV_TYPE_DIALIN_SERVER = 0x00000400,
+ SV_TYPE_SERVER_UNIX = 0x00000800,
+ SV_TYPE_NT = 0x00001000,
+ SV_TYPE_WFW = 0x00002000,
+ SV_TYPE_SERVER_MFPN = 0x00004000,
+ SV_TYPE_SERVER_NT = 0x00008000,
+ SV_TYPE_POTENTIAL_BROWSER = 0x00010000,
+ SV_TYPE_BACKUP_BROWSER = 0x00020000,
+ SV_TYPE_MASTER_BROWSER = 0x00040000,
+ SV_TYPE_DOMAIN_MASTER = 0x00080000,
+ SV_TYPE_SERVER_OSF = 0x00100000,
+ SV_TYPE_SERVER_VMS = 0x00200000,
+ SV_TYPE_WIN95_PLUS = 0x00400000,
+ SV_TYPE_DFS_SERVER = 0x00800000,
+ SV_TYPE_ALTERNATE_XPORT = 0x20000000,
+ SV_TYPE_LOCAL_LIST_ONLY = 0x40000000,
+ SV_TYPE_DOMAIN_ENUM = 0x80000000
+ } svcctl_ServerType;
+
+ typedef [public,bitmap32bit] bitmap {
+ NETLOGON_NEG_ACCOUNT_LOCKOUT = 0x00000001,
+ NETLOGON_NEG_PERSISTENT_SAMREPL = 0x00000002,
+ NETLOGON_NEG_ARCFOUR = 0x00000004,
+ NETLOGON_NEG_PROMOTION_COUNT = 0x00000008,
+ NETLOGON_NEG_CHANGELOG_BDC = 0x00000010,
+ NETLOGON_NEG_FULL_SYNC_REPL = 0x00000020,
+ NETLOGON_NEG_MULTIPLE_SIDS = 0x00000040,
+ NETLOGON_NEG_REDO = 0x00000080,
+ NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL = 0x00000100,
+ NETLOGON_NEG_SEND_PASSWORD_INFO_PDC = 0x00000200,
+ NETLOGON_NEG_GENERIC_PASSTHROUGH = 0x00000400,
+ NETLOGON_NEG_CONCURRENT_RPC = 0x00000800,
+ NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000,
+ NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000,
+ NETLOGON_NEG_STRONG_KEYS = 0x00004000,
+ NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000,
+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000,
+ NETLOGON_NEG_PASSWORD_SET2 = 0x00020000,
+ NETLOGON_NEG_GETDOMAININFO = 0x00040000,
+ NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000,
+ NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000,
+ NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000,
+ NETLOGON_NEG_SUPPORTS_AES_SHA2 = 0x00400000,
+ NETLOGON_NEG_SUPPORTS_AES = 0x01000000,
+ NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000,
+ NETLOGON_NEG_AUTHENTICATED_RPC = 0x40000000
+ } netr_NegotiateFlags;
+
+ typedef [public, flag(NDR_PAHEX)] struct {
+ uint8 data[8];
+ } netr_Credential;
+
+ typedef [public] struct {
+ srvsvc_PlatformId platform_id;
+ [string,charset(UTF16)] uint16 *server_name;
+ } srvsvc_NetSrvInfo100;
+
+ typedef [public] struct {
+ srvsvc_PlatformId platform_id;
+ [string,charset(UTF16)] uint16 *server_name;
+ uint32 version_major;
+ uint32 version_minor;
+ svcctl_ServerType server_type;
+ [string,charset(UTF16)] uint16 *comment;
+ } srvsvc_NetSrvInfo101;
+}
\ No newline at end of file
diff --git a/librpc/idl/spoolss.idl b/librpc/idl/spoolss.idl
index 04681bf..5a66673 100644
--- a/librpc/idl/spoolss.idl
+++ b/librpc/idl/spoolss.idl
@@ -3,7 +3,7 @@
/*
spoolss interface definitions
*/
-import "misc.idl", "security.idl", "winreg.idl";
+import "misc.idl", "security.idl";

[ uuid("12345678-1234-abcd-ef00-0123456789ab"),
version(1.0),
diff --git a/librpc/idl/srvsvc.idl b/librpc/idl/srvsvc.idl
index 153d8cf..9e91fce 100644
--- a/librpc/idl/srvsvc.idl
+++ b/librpc/idl/srvsvc.idl
@@ -3,7 +3,7 @@
/*
srvsvc interface definitions
*/
-import "security.idl", "svcctl.idl";
+import "security.idl", "shared.idl";

[ uuid("4b324fc8-1670-01d3-1278-5a47bf6ee188"),
version(3.0),
@@ -630,28 +630,6 @@ import "security.idl", "svcctl.idl";
/**************************/
/* srvsvc_NetSrv */
/**************************/
- typedef [public,v1_enum] enum {
- PLATFORM_ID_DOS = 300,
- PLATFORM_ID_OS2 = 400,
- PLATFORM_ID_NT = 500,
- PLATFORM_ID_OSF = 600,
- PLATFORM_ID_VMS = 700
- } srvsvc_PlatformId;
-
- typedef [public] struct {
- srvsvc_PlatformId platform_id;
- [string,charset(UTF16)] uint16 *server_name;
- } srvsvc_NetSrvInfo100;
-
- typedef [public] struct {
- srvsvc_PlatformId platform_id;
- [string,charset(UTF16)] uint16 *server_name;
- uint32 version_major;
- uint32 version_minor;
- svcctl_ServerType server_type;
- [string,charset(UTF16)] uint16 *comment;
- } srvsvc_NetSrvInfo101;
-
typedef struct {
srvsvc_PlatformId platform_id;
[string,charset(UTF16)] uint16 *server_name;
diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl
index 19866d2..44723d1 100644
--- a/librpc/idl/svcctl.idl
+++ b/librpc/idl/svcctl.idl
@@ -80,37 +80,6 @@ import "misc.idl", "security.idl";
const int SERVICE_TYPE_WIN32=SERVICE_TYPE_WIN32_OWN_PROCESS|SERVICE_TYPE_WIN32_SHARE_PROCESS;
const int SERVICE_TYPE_INTERACTIVE_PROCESS = 0x100;

- typedef [public,bitmap32bit] bitmap {
- SV_TYPE_WORKSTATION = 0x00000001,
- SV_TYPE_SERVER = 0x00000002,
- SV_TYPE_SQLSERVER = 0x00000004,
- SV_TYPE_DOMAIN_CTRL = 0x00000008,
- SV_TYPE_DOMAIN_BAKCTRL = 0x00000010,
- SV_TYPE_TIME_SOURCE = 0x00000020,
- SV_TYPE_AFP = 0x00000040,
- SV_TYPE_NOVELL = 0x00000080,
-
- SV_TYPE_DOMAIN_MEMBER = 0x00000100,
- SV_TYPE_PRINTQ_SERVER = 0x00000200,
- SV_TYPE_DIALIN_SERVER = 0x00000400,
- SV_TYPE_SERVER_UNIX = 0x00000800,
- SV_TYPE_NT = 0x00001000,
- SV_TYPE_WFW = 0x00002000,
- SV_TYPE_SERVER_MFPN = 0x00004000,
- SV_TYPE_SERVER_NT = 0x00008000,
- SV_TYPE_POTENTIAL_BROWSER = 0x00010000,
- SV_TYPE_BACKUP_BROWSER = 0x00020000,
- SV_TYPE_MASTER_BROWSER = 0x00040000,
- SV_TYPE_DOMAIN_MASTER = 0x00080000,
- SV_TYPE_SERVER_OSF = 0x00100000,
- SV_TYPE_SERVER_VMS = 0x00200000,
- SV_TYPE_WIN95_PLUS = 0x00400000,
- SV_TYPE_DFS_SERVER = 0x00800000,
- SV_TYPE_ALTERNATE_XPORT = 0x20000000,
- SV_TYPE_LOCAL_LIST_ONLY = 0x40000000,
- SV_TYPE_DOMAIN_ENUM = 0x80000000
- } svcctl_ServerType;
-
const uint32 SV_TYPE_ALL = 0xFFFFFFFF;

/*****************/
diff --git a/librpc/idl/winreg.idl b/librpc/idl/winreg.idl
index f1f4dfb..c2dbccc 100644
--- a/librpc/idl/winreg.idl
+++ b/librpc/idl/winreg.idl
@@ -2,7 +2,7 @@
winreg interface definition
*/

-import "lsa.idl", "security.idl", "misc.idl";
+import "security.idl", "misc.idl", "shared.idl";

[
uuid("338cd001-2244-31f1-aaaa-900038001003"),
diff --git a/librpc/idl/wkssvc.idl b/librpc/idl/wkssvc.idl
index 9e92ed7..9c8694d 100644
--- a/librpc/idl/wkssvc.idl
+++ b/librpc/idl/wkssvc.idl
@@ -4,7 +4,7 @@
wkssvc interface definitions
*/

-import "srvsvc.idl", "lsa.idl";
+import "misc.idl", "shared.idl";

[ uuid("6bffd098-a112-3610-9833-46c3f87e345a"),
version(1.0),

attachment0 (196 bytes) Download Attachment

From forum: Samba - samba-technical

Impossible to load ndr_* as shared objects :-(

2009-11-08T10:45:22Z

Hi!

After some weekends of work disentangling the ndr tables
from the rest of the code I had to figure out that it is
impossible to load them as shared objects: lsa_String and
other datatypes are everywhere.

Just in case someone wondered about the revert checkins that
just flew in, they were in preparation and are not pretty
worthless.

On lesson learnt: Never push anything until the feature you
want is 100% done :-((

Sorry for the noise.

Volker

signature.asc (204 bytes) Download Attachment

From forum: Samba - samba-technical

suddenly doesn't work with the username and password in credentials=... in the mount line

2009-11-08T10:18:50Z

Hi,

I'm using Scientific Linux 5.3 (~ RedHat Enterprise 5.3).

After a reboot today, I probably have switched to a new kernel, "uname
-a" gives :

Linux yipkin.c-ad.bnl.gov 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:22:26
EDT 2009 i686 i686 i386 GNU/Linux

Somehow, the auto-mounting with cifs for the following line in
/etc/fstab doesn't work but it used to work :

//c-adweb/data /mnt/c-adweb cifs
domain=BNL,credentials=/root/.credentials,gid=kinyip,uid=kinyip 0 0

I see error in /var/log/message:
Nov 8 13:11:50 yipkin kernel: Status code returned 0xc000006d
NT_STATUS_LOGON_FAILURE
Nov 8 13:11:50 yipkin kernel: CIFS VFS: Send error in SessSetup = -13
Nov 8 13:11:50 yipkin kernel: CIFS VFS: cifs_mount failed w/return
code = -13

Using the command :
mount -t cifs -o
domain=BNL,credentials=/root/.credentials,gid=500,uid=500
//c-adweb/data /mnt/c-adweb

would get me :
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

And I can see the same errors in /var/log/message (or dmesg).

If I do "mount -t cifs -o domain=BNL,user=kinyip,gid=500,uid=500
//c-adweb/data /mnt/c-adweb", it would ask me for password and
then it'd mount successfully !!

In my file /root/.credentials ("ls" would have : -rw------- 1 root root
39 Nov 8 13:02 /root/.credentials ), it's like
username=kinyip
password=$.....

My first character of my password is $ and I'm wondering whether this is
creating trouble ???? I've tried "\$...." but it doesn't help.

Any idea ???

Kin
_______________________________________________
linux-cifs-client mailing list
linux-cifs-client@...
https://lists.samba.org/mailman/listinfo/linux-cifs-client

From forum: Samba - linux-cifs-client

Re: dup error of rsync 3.0.6-1 under cygwin 1.7.0-62 and 63

2009-11-08T09:53:32Z

Eliot Moss wrote:

> I have used earlier rsync on cygwin successfully for a
> long. I have now moved to cygwin 1.7.0, which required
> moving to rsync 3.0.6-1 at the same time. (The -1 is
> for minor cygwin-specific patches.)
>
> When I do almost any command with rsync, such as the one
> below, it breaks at a dup2 after a fork in pipe.c (routine
> piped_child). Windows gives error code 6, which is translated
> by cygwin to errno 9 = EBADF, and rsync then terminates.
>
> rsync -avzuP foo roc:talks/
>
> Even
>
> rsync -r .
>
> fails the same way, though it does not need a network
> connection.
>
> Steven Monai suggests that the problem may be a mismatch
> in protocol (30 versus 29), though I think the last command
> scuttles that possibility. I think it has something to do
> with cygwin, since cygwin 1.5 seemed ok, but it could be
> a combination of changes un rsync and cygwin ...

Thought I'd give the rsync HEAD a try on this, since it
does include changes in the I/O part of the world. It fails
in exactly the same way ... (but in io.c, of course).

Cheers -- Eliot
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

From forum: Samba - rsync

dup error of rsync 3.0.6-1 under cygwin 1.7.0-62 and 63

2009-11-08T09:36:34Z

I have used earlier rsync on cygwin successfully for a
long. I have now moved to cygwin 1.7.0, which required
moving to rsync 3.0.6-1 at the same time. (The -1 is
for minor cygwin-specific patches.)

When I do almost any command with rsync, such as the one
below, it breaks at a dup2 after a fork in pipe.c (routine
piped_child). Windows gives error code 6, which is translated
by cygwin to errno 9 = EBADF, and rsync then terminates.

rsync -avzuP foo roc:talks/

Even

rsync -r .

fails the same way, though it does not need a network
connection.

Steven Monai suggests that the problem may be a mismatch
in protocol (30 versus 29), though I think the last command
scuttles that possibility. I think it has something to do
with cygwin, since cygwin 1.5 seemed ok, but it could be
a combination of changes un rsync and cygwin ...

Best wishes -- Eliot Moss
==============================================================================
J. Eliot B. Moss, Professor http://www.cs.umass.edu/~moss www
Director, Arch. and Lang. Impl. Lab. +1-413-545-4206 voice
Department of Computer Science +1-413-695-4226 cell
140 Governor's Drive, Room 372 +1-413-545-1249 fax
University of Massachusetts at Amherst moss@... email
Amherst, MA 01003-9264 USA +1-413-545-2746 Laurie Downey sec'y
==============================================================================
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

From forum: Samba - rsync

Hi guys

2009-11-08T08:43:02Z

I am testing samba4 Alpha8 which I can say is an awesome progress it is very stable. But I have a Windows 2000 Domain controller and I want to replicate it to Samba4 domain controller. Does anybody know hw to do this.

From forum: Samba - General

Re: Desiring to set up Windows Vista and Linux Fedora Core 4

2009-11-08T06:14:12Z

2009/11/7 Barry L. Bond <bbond@...>:

> Hi Michael and everyone else!
>
>> Something else you might like to try is backing up your smb.conf file
>> and starting very simply based on this:
>>
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2554870
>
> Here is my latest attempt at an smb.conf file, set up almost exactly as in
> this web page, and I have since added just a couple of things:
>
> <<>>
> # Global parameters
> [global]
> workgroup = WORKGROUP
> netbios name = BARRYCON
> interfaces = eth0
> hosts allow = 192.168.1. 192.168.2. 127.
> security = share
> printcap name = cups
> disable spoolss = Yes
> show add printer wizard = No
> printing = cups
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> guest ok = Yes
> printable = Yes
> use client driver = Yes
> browseable = No
> <<>>
>
> I don't think I'm communicating at all between the Windows Vista system
> and the Linux system.
>
> I think I need to set up something in my Advanced portion of my D-Link
> router.

Most likely your D-Link router has a built in 4 port switch and does
not control access between these 4 ports, so I doubt you need to do
anything on the D-Link router.

> For example, I have a GadSpot DVR set up, with the two ports mapped. For
> example, one port is 8080, so I have:
[...]

My understanding is that this is to allow you to connect to your DVR
from the Internet. So unless you want to connect to Samba from the
Internet, I very much doubt you need to configure anything on the
D-Link router.

> What port(s) should I allow for Samba?
[...]

See Eero's message. However, I think this could be leading you down
the wrong path.

First make sure you can ping the Ultra 30 from the Windows box and
vice versa. Then make sure you can ping the Linux box from the Ultra
30 and vice versa. Then make sure you can ping the Linux box from the
Window box and vice versa.

For the above to work, you may have to disable firewalls on the
Windows box, the Linux box and the Ultra 30. Of course you could also
allow the necessary things in the firewalls instead of disabling them.

Also, the Ultra 30 must be configured to route traffic between its
interfaces. If you can connect to the Internet from the Linux box
then this should be OK.

I think you should configure the Windows box to use the Linux box as a
WINS server after making sure that your smb.conf file has "wins
support = yes" in the global section.

I hope this gets you a bit further.

--
Michael Wood <esiotrot@...>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Re: Desiring to set up Windows Vista and Linux Fedora Core 4

2009-11-08T06:02:50Z

2009/10/24 Barry L. Bond <bbond@...>:
[...]

> On Sat, Oct 10, 2009 at 03:45:17PM +0200, Michael Wood wrote:
>
>> > Here is my current smb.conf file:
>> >
>> > <<>>
>> > # Samba config file created using SWAT
>> > # from 127.0.0.1 (127.0.0.1)
>> > # Date: 2009/10/03 00:37:16
>> >
>> > # Global parameters
>> > [global]
>> > server string = Windows in Linux - VMware
>> > interfaces = eth0, vmnet1, vmnet8
>>
>> I see you are restricting Samba to the above interfaces. Which
>> interface is your Windows machine plugged into? Your hosts allow line
>> leads me to suspect you might have another ethernet interface in the
>> machine (unless the other 192.168.x.y network is allocated to VMware.)
>
> The Windows box is plugged into my D-Link router, as it has one
> network interface connection and I also access the Internet with it.

It would be a lot easier for people to follow if you provided an ASCII
art diagram of all the machine and routers involved, but I have drawn
your network on a piece of paper based on your description.

It seems your Linux box only has one network card, right? And are you
trying to print from the Windows machine connected to your D-Link
router? Or from a Virtual machine running under VMware on the Linux
box?

Your interfaces line appears to specify all possible interfaces other
than lo anyway, so you may as well leave it out.

[...]
>> > printcap name = /etc/printcap
[...]
>> > cups options = raw
>>
>> Are you using cups? The "printcap name" above leads me to believe you
>> are not using cups.
>
> Yes. :-) Who knows... when I first set up my FC4 Linux system, I
> wasn't using cups, but I installed it soon afterward. That may have been
> leftover from then, but it was working! :-)

Well, if you are using CUPS, you could set up an IPP printer on the
Windows box and bypass Samba completely. In the "Add Printer Wizard"
you tell it to add a network printer and on the next screen choose the
"Connect to a printer on the Internet..." option (XP. Not sure if
it's the same for Vista). The URL should be something like:

http://192.168.2.1:631/printers/HP9110

(depending on what name the printer has been given in CUPS.)

Try browsing to http://127.0.0.1:631 on the Linux box to see if CUPS is running.

[...]
> I just typed "\\192.168.2.1\HP9110" in the text box and I clicked the
> [Next] button.
>
> The dialog box says "Connecting to HP9110 on 192.168.2.1"...
>
> After a delay, it eventually brings up another dialog box that says
> "Windows cannot connect to the printer. Make sure that you have typed the
> name correctly, and that the printer is connected to network."

Perhaps you should see if you can telnet to the TCP ports mentioned by
Eero from the Ultra 30. It would be better to test from Vista, but
I've been told Vista does not have a telnet client built in.
Otherwise you could download something like PuTTY and see if you can
connect to those ports from the Vista machine.

> Trying the third option, "Add a printer using a TCP/IP address or
> hostname", I click the [Next] button.
>
> For "Device type" I have left it at "Autodetect".
>
> For Hostname or IP address, I'm using the IP of the Linux system:
> 192.168.2.1
>
> The third line is "Portname". (I have never done it this way
> before.) At the moment, it has "192.168.2.1" which it put there as I
> typed in the IP address in the second line, and it adds a "_1". (So the
> entire item is: 192.168.2.1_1

Perhaps this is the Vista equivalent of the XP "Connect to a printer
on the Internet or on a home or office network" option. If so, you'll
want to try port 631 (assuming you are running CUPS on the Linux box.)
I'm not sure if this is what is meant by the above, though, and there
should be somewhere to put in /printers/HP9110 or something like that
too if it is.

>> What does the following give you:
>> rpm -qf /usr/bin/lpstat
>>
>> or maybe:
>> rpm -qf /usr/sbin/lpstat
>>
>> (I haven't run an rpm-based distribution in a while...)
>
> The first rpm gave me "cups-1.1.23-15". The second one (with /sbin)
> said "No such file or directory".

OK, so it seems that CUPS is installed. Or at least part of it.

What does "rpm -qa | grep cups" give you?

> Actually, most of my Fedora Core system was installed by yum, and not
> rpm. (But, though it does an automatic update sometimes that I see in the
> LogWatch that runs at 4:00 every morning, I'm having difficulty running it
> myself right now.)

yum is just a front end to rpm.

>> See if the Windows box can resolve the name of the Linux box:
>>
>> C:\>nbtstat -a barrycon
[...]
> It says: "Local Area Connection:
> Node IpAddress: [192.168.1.102] Scope Id: []
>
> Host not found."

OK, so name resolution is not working. This is likely because you
have the Windows box and the Linux box on different subnets. You
could try configuring the Windows box to use the Linux box as a WINS
server. Samba would have to be running as a WINS server.

>> It should show the IP address and then a "NetBIOS Remote Machine Name Table".
>>
>> Also try:
>>
>> C:\>nbtstat -A 192.168.x.y
>>
>> (with the IP address of the Linux machine.)
>
> I'm typing "nbtstat -a 192.168.2.1"...
>
> ...and it says EXACTLY the same thing, after a slight delay.

Note the capital A in my command. When you query an IP address using
nbtstat you need -A instead of -a.

>> Also see if this works from the Windows box:
>>
>> C:>ping barrycon
>
> Typing "ping barrycon" displays (after a slight delay) "Ping request
> could not find host barrycon. Please check the name and try again."

I would not expect this to work if "nbtstat -a barrycon" did not work.

> I'm typing "ping 192.168.2.1"...
>
> It says "Pinging 192.168.2.1 with 32 bytes of data:
> Request timed out.
[...]

OK, so either you have a firewall blocking this (e.g. on the Ultra 30
or on Linux) or the Window box does not know how to get to the
192.168.2.0/24 network. If it's the latter, add a route for
192.168.2.0 netmask 255.255.255.0 to the Windows machine's network
settings with a gateway of 192.168.1.201 (the IP of the Ultra 30 on
the 192.168.1.x subnet).

Also check that you can ping 192.168.1.201 from the Window box.

>> Something else you might like to try is backing up your smb.conf file
>> and starting very simply based on this:
>>
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2554870
>>
>> See also the other examples on that page, but do not bother with the
>> domain member and domain server sections. They are most likely much
>> more complicated than is necessary for what you want to know.
>>
>> Of course that does assume you're using CUPS, so you might have to
>> modify it a bit if you're not using CUPS.
>
> Thank you! I see the link, and I can't work much longer this morning (it's after
> 1:00 Saturday morning), but I'll keep it and try it soon, also depending on what you and
> others offer as additional suggestions from this post. :-)

I still think it would be worth trying to start with the simple config
mentioned above, but your routing and firewalling should be correct
first.

> I am using CUPS. It works great.

Well then you might be able to ignore Samba for the printing and just
directly use CUPS, but again your routing (and firewalling, if any)
will need to be correct first.

--
Michael Wood <esiotrot@...>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Re: Samba + LDAP error in windows xp while ACL

2009-11-08T05:09:49Z

Did this use to work OK?

It sounds like samba is not properly mapping YOURDOMAIN\username in Windows
to the underlying unix account. Do you create the unix accounts first or
does samba automatically create them? Either way, I think your LDAP entry
for each user should include the unix uid number as well as the samba sid.

What happens if you type "wbinfo -s SID
S-1-5-21-4020846335-601350461-1468625926-27594?"

Also, if I am reading this correctly, the log files seem to indicate two
domains are involved here- *-3986255151-* and *-4020846335-*

I have had problems getting the SID to unix id mapping stuff working
properly with member samba servers (not with XP clients.) Can you try
removing and rejoining an XP machine to the domain?

-----Original Message-----
From: samba-bounces@... [mailto:samba-bounces@...]
On Behalf Of D.Rajan
Sent: Sunday, November 08, 2009 7:39 AM
To: samba@...
Subject: [Samba] Samba + LDAP error in windows xp while ACL

Dear all,

I am using Samba + PDC LDAP in a single server. From last month onward i am
facing problem
When I set manualy the acl (setfacl -m g:group:rwx the_file)
It's ok, the other domain member see the ACL

But when I set the acl with a Windows Workstation, that's don't work it
gives the furnished error :

sysadm@sangam:/var/log/samba$ tailf log.r-sys-03703

[2009/11/08 17:54:05, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/08 17:54:09, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4211)
sid S-1-5-21-3986255151-1643105893-2919334401-3002 does not belong to our
domain
.
.
.
[2009/11/08 17:54:15, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/08 17:54:17, 0] smbd/posix_acls.c:create_canon_ace_lists(1438)
create_canon_ace_lists: unable to map SID
S-1-5-21-4020846335-601350461-1468625926-27594 to uid or gid.

C U Next Mail
Raj

Take Care
HAVE A NICE DAY

The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
http://in.yahoo.com/
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Samba + LDAP error in windows xp while ACL

2009-11-08T04:38:39Z

Dear all,

I am using Samba + PDC LDAP in a single server. From last month onward i am facing problem
When I set manualy the acl (setfacl -m g:group:rwx the_file)
It's ok, the other domain member see the ACL

But when I set the acl with a Windows Workstation, that's don't work it gives the furnished error :

sysadm@sangam:/var/log/samba$ tailf log.r-sys-03703

[2009/11/08 17:54:05, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/08 17:54:09, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4211)
sid S-1-5-21-3986255151-1643105893-2919334401-3002 does not belong to our domain
.
.
.
[2009/11/08 17:54:15, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/11/08 17:54:17, 0] smbd/posix_acls.c:create_canon_ace_lists(1438)
create_canon_ace_lists: unable to map SID S-1-5-21-4020846335-601350461-1468625926-27594 to uid or gid.

C U Next Mail
Raj

Take Care
HAVE A NICE DAY

The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Re: exit status 13 in version 3.1

2009-11-07T22:57:40Z

On Sat, 2009-11-07 at 09:38 -0800, Wayne Davison wrote:

> On Wed, Nov 4, 2009 at 8:05 PM, Matt McCutchen
> <matt@...> wrote:
>
> With commit 84c11e85a4c4a12ecacba24afe9617222e4361e6, I get
> different
>
> output, but still not the desired "No space left on device":
>
>
> Yeah, that's the long-standing issue where a fatal error on the server
> side can cause the client side to get a socket error trying to write
> to the socket before it has a chance to read the error(s) from the
> socket. The latest git archive finally has a fix for this.

I tested commit 2907af472d1f33b3c422cb9f601c121b242aa9c7 and, again, the
output is different but the problem is not fixed:

$ rsync-dev big-file small-fs/
rsync: connection unexpectedly closed (146 bytes received so far) [sender]

$ rsync-dev --msgs2stderr big-file small-fs/
rsync: write failed on "/PATH/TO/small-fs/big-file": No space left on device (28)
rsync: connection unexpectedly closed (36 bytes received so far) [sender]
rsync error: error in file IO (code 11) at io.c(181) [receiver=3.1.0dev]

--
Matt

--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

From forum: Samba - rsync

Community Wireless in Canberra

2009-11-07T17:54:48Z

Gday Canberrians,

I have recently moved from Adelaide to Canberra and have gained a
permanent job here.

I used to run the Air-Stream-Pasadena AP, and have been involved in the
community wireless phenomenon for years.. since about 2003.

I have contacted Daniel and have discussed a few things and we are
pretty intereted in getting things going here.

I am getting the bits and pieces of kit required to setup an AP in the
Campbell area ASAP. I am located on top of a hill behind Russell and
have pretty good LoS to Civic, Parliament House, National Muesuem,
Questacon, and the general lake area.

So if anyone is near by or just interested in setting something up.
Contact me!

Its really annoying not having a free community network here in Canberra!!!

Seabird

From forum: Samba - wireless

send error in close -9

2009-11-07T13:43:43Z

i'm trying to get some help regarding this error message running debian
lenny 5. using CIFS and have a windows share (external HD) mounted in
fstab, mount works when copying files to/from. but when doing extensive
read/writes (webserving from the mount) I get the error "send error in close
= -9" it shows up in tty0 obviously inaccessable for a second (the mounted
drive). Any help would be greatly appreciated I can post whatever info is
needed
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Re: samba & unix group permissions problems

2009-11-07T12:21:43Z

On Sat, Nov 7, 2009 at 07:32, vishesh kumar <linuxtovishesh@...> wrote:
> Dear mariano
>
> Why you not using 'force group' parameter . This will set group owner of
> newly created folder correctly.
That I tried to no avail... it didn't work either :-(

--
Mariano Absatz - El Baby
www.clueless.com.ar
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Re: file sorting of Linux samba directory from Windows Vista

2009-11-07T12:19:09Z

On Sat, Nov 07, 2009 at 01:31:47PM -0600, Seb wrote:
> Hi,
>
> When listing a directory from a Linux samba directory in a DOS prompt,
> with the DOS command "dir" (or "dir /b /n"), the sorting is completely
> messed up, compared to the same command called on a local directory. Is
> this something that is under control from samba, or is it completely
> on the Windows side? Thanks.

Samba doesn't sort directory listings (think of what
that would cost with a 100,000 file directory).
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Re: [SCM] Samba Shared Repository - branch master updated

2009-11-07T12:17:33Z

On Sat, Nov 07, 2009 at 04:08:07AM -0600, Volker Lendecke wrote:

> The branch, master has been updated
> via 5cdee7a... s3: Do the printing for DEBUGLEVEL>=10 centrally
> from 843be3b... ldb_init: use constant for result of "ldb_setup_wellknown_attributes"
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>
>
> - Log -----------------------------------------------------------------
> commit 5cdee7ae0565c08026b8845cd3090b20d8abc472
> Author: Volker Lendecke <vl@...>
> Date: Sat Nov 7 10:28:40 2009 +0100
>
> s3: Do the printing for DEBUGLEVEL>=10 centrally
>
> 12 insertions(+), 10651 deletions(-)
>
> I think that says it all :-)

Oh that's *awesome* - thanks :-).

From forum: Samba - samba-technical

file sorting of Linux samba directory from Windows Vista

2009-11-07T11:31:47Z

Hi,

When listing a directory from a Linux samba directory in a DOS prompt,
with the DOS command "dir" (or "dir /b /n"), the sorting is completely
messed up, compared to the same command called on a local directory. Is
this something that is under control from samba, or is it completely
on the Windows side? Thanks.

Cheers,

--
Seb

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Ideas needed: getting error "cannot set time on server ..."

2009-11-07T09:47:44Z

Insufficient permissions"

I am running a n rsync script on MAC OS 10.4 clients - runs OK with a Windows 2003 server but getting this error when talking to an Apple Server running OS X 10.5.7

It is a basic rsync as follows: copying, with sync from client to server volume RETeensData that is mounted on the client

rsync -av /Users/Shared/'RE Teens Data'/ /Volumes/RETeensData/"

As newbie to rsync any ideas are appreciated.

Thanks,

Lew Brentano

Ripple Effects, Inc

From forum: Samba - rsync

Re: exit status 13 in version 3.1

2009-11-07T09:38:04Z

On Wed, Nov 4, 2009 at 8:05 PM, Matt McCutchen <matt@...> wrote:

With commit 84c11e85a4c4a12ecacba24afe9617222e4361e6, I get different
output, but still not the desired "No space left on device":

Yeah, that's the long-standing issue where a fatal error on the server side can cause the client side to get a socket error trying to write to the socket before it has a chance to read the error(s) from the socket. The latest git archive finally has a fix for this. It should make the exit messages much cleaner for an abnormally-exiting protocol 31 transfer, both receiving the final error from the server and exiting with the proper error code. When an older client is talking to a new server, the error should also make it to the client, but the client will exit with the (sadly) traditional error about an unexpectedly closed connection.

..wayne..

--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

From forum: Samba - rsync

Re: mount.cifs - "Const" warnings patch

2009-11-07T07:45:45Z

Hi Jeff!

Yeah, please apply! My mission of this patch(set) was to prevent "CONST" warnings. Your solution does it in a very elegant manner (I would have only introduced another discard-const macro - which is far from perfect). Therefore it should be perfectly okay!

Thanks for working with me on the CONST issue.

Matthias

--- Jeff Layton <jlayton@...> schrieb am Sa, 7.11.2009:

Von: Jeff Layton <jlayton@...>
Betreff: Re: mount.cifs - "Const" warnings patch
An: "Matthias Dieter Wallnöfer" <mdw@...>
CC: "Samba Technical Mailinglist" <samba-technical@...>
Datum: Samstag, 7. November 2009, 14:19

On Mon, 02 Nov 2009 21:36:19 +0100
Matthias Dieter Wallnöfer <mdw@...> wrote:

> Hi Jeff,
>
> sorry, sorry - sometimes I forget the attachments.
>
> Now it should be okay.
>

No problem, I do the same thing sometimes.

The patch looks safe enough, but I wonder whether the problem is really
in addmntent. Looking at a recent glibc, it doesn't look like addmntent
ever changes any of the strings it gets passed. If any of them need to
be reencoded, it uses alloca to get a new buffer and reencodes the
string into that. Maybe the prototype for it should declare the struct
as const.

Fixing it there though may be problematic. Assuming that not stripping
off the const generates a warning, maybe it would be a little more
clear to just declare a non-const variable to hold a "cifs" string and
pass that in instead. Something like this maybe?

--
Jeff Layton <jlayton@...>

From forum: Samba - samba-technical

Re: mount.cifs - "Const" warnings patch

2009-11-07T05:19:44Z

On Mon, 02 Nov 2009 21:36:19 +0100
Matthias Dieter Wallnöfer <mdw@...> wrote:

> Hi Jeff,
>
> sorry, sorry - sometimes I forget the attachments.
>
> Now it should be okay.
>

No problem, I do the same thing sometimes.

The patch looks safe enough, but I wonder whether the problem is really
in addmntent. Looking at a recent glibc, it doesn't look like addmntent
ever changes any of the strings it gets passed. If any of them need to
be reencoded, it uses alloca to get a new buffer and reencodes the
string into that. Maybe the prototype for it should declare the struct
as const.

Fixing it there though may be problematic. Assuming that not stripping
off the const generates a warning, maybe it would be a little more
clear to just declare a non-const variable to hold a "cifs" string and
pass that in instead. Something like this maybe?

--
Jeff Layton <jlayton@...>

From 13f490451f0bf536572a1f61cd0602410f8b1eff Mon Sep 17 00:00:00 2001 From: Jeff Layton <jlayton@...> Date: Sat, 7 Nov 2009 08:15:53 -0500 Subject: [PATCH] mount.cifs: get rid of CONST_DISCARD Apparently, we need to strip the "const" attribute off of the mnt_fstype before passing it to addmntent to prevent a (somewhat bogus) compiler warning. Rather than just stripping off the "const" attribute, clarify the code by declaring a new non-const char pointer that points to the same string. We can also use that same pointer in the mount(2) call too. Signed-off-by: Jeff Layton <jlayton@...> --- client/mount.cifs.c | 7 +++---- 1 files changed, 3 insertions(+), 4 deletions(-) diff --git a/client/mount.cifs.c b/client/mount.cifs.c index 3baaad7..a9c1827 100644 --- a/client/mount.cifs.c +++ b/client/mount.cifs.c @@ -76,8 +76,6 @@ #define MAX_UNC_LEN 1024 -#define CONST_DISCARD(type, ptr) ((type) ((void *) (ptr))) - #ifndef SAFE_FREE #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0) #endif @@ -123,6 +121,7 @@ static char * user_name = NULL; static char * mountpassword = NULL; char * domain_name = NULL; char * prefixpath = NULL; +char *cifs_fstype = "cifs"; /* glibc doesn't have strlcpy, strlcat. Ensure we do. JRA. We * don't link to libreplace so need them here. */ @@ -1590,7 +1589,7 @@ mount_retry: if (verboseflag) fprintf(stderr, "\n"); - if (!fakemnt && mount(dev_name, mountpoint, "cifs", flags, options)) { + if (!fakemnt && mount(dev_name, mountpoint, cifs_fstype, flags, options)) { switch (errno) { case ECONNREFUSED: case EHOSTUNREACH: @@ -1638,7 +1637,7 @@ mount_retry: } mountent.mnt_fsname = dev_name; mountent.mnt_dir = mountpoint; - mountent.mnt_type = CONST_DISCARD(char *,"cifs"); + mountent.mnt_type = cifs_fstype; mountent.mnt_opts = (char *)malloc(220); if(mountent.mnt_opts) { char * mount_user = getusername(); -- 1.6.0.6

From forum: Samba - samba-technical

XP-machines cannot join Samba PDC with tdbsam

2009-11-07T04:59:43Z

High there ...

I cannot join my Samba PDC any longer with my XP-machines, I mean I'm
not be able to create new machine accounts.
The existing machine-accounts in the tdb-database works properly, all
the existing XP-machines are joined without any problems. Only it isn't
possible to joint the Samba PCD with new machines...

My first Samba PDC-Configuration with this tdbsam as the passwd
backend, with the same smb.conf as today (please have a look above) I
had run with an early version of Samba 3 on a 32bit Server in 2005 with
nearly 50 XP-machines as Domain-members. In 2006 I had the first
migration of a newer 64bit hardware, this was uncomplicated, all things
worked properly with meanwhile 150 XP-machines. Now I had a new
hardware-migration of a new 64bit-Server-hardware two weeks ago and I
run into some troubles.
I did the migration in the same way as before. I stopped the old Server
and I copied the /etc/samba/smb.conf with all the scripts and the
/var/lib/samba with the tdb-database to the new Server-hardware.
The new Server runs with Debian_version 5.0.3 (Lenny), before the old
hardware run with Debian_version 4.0 (Etch).
The current Samba-Version is 3.2.5-4lenny7.

When I try to join the Domain with a XPSP3-Workstation and get the
demand "Enter the name and password of an account with permission to
join the domain" and fill in the user of the domainadmin and the
password, I get the answer "The following error occurred attempting to
join the domain "MYDOMAIN, the specified domain either does not exist or
could not be contacted". But the Domain exists, this is a fact, all the
old XP-Machines, which are members of the domain MYDOMAIN work properly.
The user domadmin and the password are really correct, when I try login
on a XP-Workstation, which is an old member of the domain, then it works
properly, I can without problems login.

Have a look at my Domain-Administator rights:
===============================
/etc/passwd: domadmin:x:500:512:Domain Administrator
MYDOMAIN:/srv/data1/home1/domadmin:/bin/bash
/etc/group domadmins:x:512:admin,domadmin

Unix username: domadmin
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1656000120-2433418590-619812953-500
lookup_global_sam_rid: looking up RID 512.
pdb_getsampwrid (TDB): error looking up RID 512 by key RID_00000200.
lookup_rids: Domain Admins:2
Primary Group SID: S-1-5-21-1656000120-2433418590-619812953-512
Full Name: Domain Administrator MYDOMAIN
Home Directory: \\domainserver1\domadmin\win
HomeDir Drive: U:
Logon Script: logon.cmd
Profile Path: \\domainserver1\profiles\domadmin
Domain: MYDOMAIN
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Fr, 06 Nov 2009 12:41:16 CET
Password can change: Fr, 06 Nov 2009 12:41:16 CET
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

----------------------------------------------------------------------------------------
domainserver1:~# net rpc rights list accounts -U domadmin -S 192.168.151.240
Enter domadmin's password:
MYDOMAIN\domadmin
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege

BUILTIN\Print Operators
No privileges assigned

BUILTIN\Account Operators
No privileges assigned

BUILTIN\Backup Operators
No privileges assigned

BUILTIN\Server Operators
No privileges assigned

BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege

Everyone
No privileges assigned

-------------------------------------------------------------------------------------------------------------------

Here are the globals of my smb.conf:
[global]
unix charset = ISO8859-1
workgroup = MYDOMAIN
netbios aliases = Server2
server string = %h
update encrypted = Yes
obey pam restrictions = Yes
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
add user script = /usr/sbin/adduser.sh -p -u "%u" -n "%u"
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/local/bin/smbgrpadd.sh "%g"
delete group script = /usr/sbin/groupdel "%g"
add user to group script = /usr/bin/gpasswd -a "%u" "%g"
delete user from group script = /usr/bin/gpasswd -d "%u" "%g"
set primary group script = /usr/sbin/usermod -g "%g" "%u"
add machine script = /usr/sbin/addmachine.sh -u %u
logon script = logon.cmd
logon path = \\%N\profiles\%U
logon drive = U:
logon home = \\%N\%U\win
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
invalid users = root
---------------------------------------------------------------------------------------

Here are some debug-information from the samba-log:
[2009/11/06 14:34:59, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(644)
secrets_fetch failed!
[2009/11/06 14:34:59, 5] passdb/pdb_tdb.c:tdbsam_getsampwnam(911)
pdb_getsampwnam (TDB): error fetching database.
Key: USER_root
-------------------------------------------------------------------------------------------

Please help, I'm really desperate.

Heinz Allerberger

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Re: rsync, excluding files w/certain characteristics

2009-11-07T04:54:50Z

Edward Peschko (horos11@...) wrote on 6 November 2009 18:46:
>I was wondering - is there an option to rsync which allows you to
>exclude transfers of files with a certain size or other
>characteristics?
>
>I want to setup a 'partial' rsync mirror where I only pull files under
>5M, for example.. I see the option for including/excluding file names
>in the usage, but not file sizes..

They exist. See options --max-size and --min-size in the manual.
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

From forum: Samba - rsync

Re: LDB: Patch for fixing counter variables

2009-11-07T02:52:02Z

Thanks Jelmer, for your clear explaination. I will drop the python part. To be honest I wasn't very about it.

Matthias

--- Jelmer Vernooij <jelmer@...> schrieb am Sa, 7.11.2009:

Von: Jelmer Vernooij <jelmer@...>
Betreff: Re: LDB: Patch for fixing counter variables
An: mdw@...
CC: "Andrew Bartlett" <abartlet@...>, "Samba Technical Mailinglist" <samba-technical@...>, idra@...
Datum: Samstag, 7. November 2009, 11:02

Hi matthias,

On Sat, 2009-11-07 at 09:24 +0000, Matthias Dieter Wallnöfer wrote:
> I don't have much time to chat now, so I submit you a new version of the patch: divided in C and python bindings.
The Python binding changes are pointless. PyList_SetItem() takes an
integer (not an unsigned integer), so changing this doesn't fix
anything. If we really suspect we're going to run into ldb results or
messages with more than billions of elements, we should just raise an
exception if they don't fit in a Python list.

Cheers,

Jelmer

> --- Andrew Bartlett <abartlet@...> schrieb am Sa, 7.11.2009:
>
> Von: Andrew Bartlett <abartlet@...>
> Betreff: Re: LDB: Patch for fixing counter variables
> An: mdw@...
> CC: idra@..., "Samba Technical Mailinglist" <samba-technical@...>
> Datum: Samstag, 7. November 2009, 1:37
>
> On Fri, 2009-11-06 at 21:19 +0000, Matthias Dieter Wallnöfer wrote:
> > Most of our LDB objects are stored in structures containing a dynamic
> > array and a counter. The counter variable is typically an "unsigned
> > integer". Until here it's all okay. But with the major part of the
> > counter variables (i, j...) it's not: since they're "signed". Well,
> > this doesn't give problems till we don't break the ~ 2,1 * 10^9
> > barrier - but the API is fine to go beyond: with the possible result
> > of infinite loops (since we are never able to reach the maximum).
> > Now you can argue: "this does happen very rarely" - where I'm also
> > with you. But that doesn't mean that those counters aren't buggy.
> > Since the LDB is a public library for LDAP-like directories I would
> > be very pleased to see this fixed.
> > To achieve this I prepared a patch which changes "signed" types to
> > "unsigned" ones which fix the problem. It passes "make test" and
> > doesn't seem to give problems. The only thing I would like to ask you
> > is to review it, so I could push it soon.
>
> Matthias,
>
> As you may have come to expect, my first request is that you split the
> patch up. There are parts of this that look safe, and many parts that
> need to looked at more carefully.
>
> The changes the the Python look most dubious, as you are changing the
> type of something that is then interpreted as an integer in the python.
> (so please remove all the Python changes).
>
> You also have typo fixes and changes to use LDB_SUCCESS mixed in the
> same patch.
>
> Once you do that, I'll take another look, and we can see if some of
> these can be easily merged. Perhaps also produce the patches with more
> context? It's hard to tell from the changed declaration what the effect
> would be (otherwise I'll have to do the review in gitk).
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Cisco Inc.
>
>
>
>
>

--
Jelmer Vernooij <jelmer@...> - http://samba.org/~jelmer/
Jabber: jelmer@...

From forum: Samba - samba-technical