tag:old.nabble.com,2006:forum-13150Nabble - Samba2009-12-14T21:33:19ZSamba is software that can be run on a platform other than Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. Samba uses the TCP/IP protocol that is installed on the host server. When correctly configured, it allows that host to interact with a Microsoft Windows client or server as if it is a Windows file and print server. Samba home is <a href="http://samba.org/" target="_top" rel="nofollow">here</a>.tag:old.nabble.com,2006:post-26789718Samba for iPhone2009-12-14T21:33:19Z2009-12-14T21:33:19ZAbdullah SowayanHi folks,
<br><br>I'm new to this list. I have a jail broken phone (firmware 3.1.2). I
<br>would like the iPhone to mount an external networked SAMBA drive
<br>(hosted on either MAC or Windows). Unfortunately, I couldn't find
<br>anything to do this.
<br><br>I am wondering if anyone had ported mount_smbfs to the iPhone.
<br><br>Thanks,
<br>Abdul
<br>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26789656Re: [PATCHS] fix handling of AUX classes in objectclass.c2009-12-14T21:23:42Z2009-12-14T21:23:42ZAndrew BartlettOn Mon, 2009-12-14 at 21:16 -0500, brendan powers wrote:
<br>> These patches fix the handling of AUX classes in objectclass.c. Before
<br>> this, adding an AUX class such as posixAccount to a user would fail
<br>> with LDB_ERR_OBJECT_CLASS_VIOLATION.
<br><br>Great.
<br><br>> Here is a description of the patches
<br><br>Can you please put these in the commit message for each patch? We want
<br>to remember why these were done in the GIT history.
<br><div class='shrinkable-quote'><div class='shrinkable-quote'><br>> * 0001-return-NULL-in-strlower_talloc-if-src-is-NULL.patch, prevents
<br>> strlower_talloc from segfaulting if you pass it a NULL string.
<br>> * 0002-s4-dsdb-Add-a-check-to-prevent-acl_modify-from-debu.patch,
<br>> Check to see if there were any messages passed to acl_modify before
<br>> debugging the first one. I think I caused this by some malformed
<br>> ldiff. Unfortunately, I don't have the file that caused the problem.
<br>> * 0003-s4-dsdb-Move-get_last_structural-class-from-descrip.patch, Move
<br>> get_last_structural_class from descriptor.c to util.c so it can be
<br>> used by objectclass.c. Also, make get_last_structural_class ignore AUX
<br>> classes, as they are not structural classes.
<br>> * 0004-s4-dsdb-return-an-error-if-samAccountName-is-not-sp.patch,
<br>> makes sure samAccountName has been specified before adding a user.
<br>> This happened while I was trying to add a user with the posixAccount
<br>> objectclass. I forgot to specify the user objectClass, and samba
<br>> segfaulted. It now returns LDB_ERR_CONSTRAINT_VIOLATION.
<br>> * 0005-s4-dsdb-fix-handling-of-AUX-classes-in-objectclass_.patch, this
<br>> is the main patch in this set. It fixes the handling of AUX classes in
<br>> objectclass_sort. They were being sorted by building a class tree, and
<br>> adding the classes to the list in that order. However, AUX classes
<br>> usually don't fit into that tree, so LDB_ERR_OBJECT_CLASS_VIOLATION
<br>> was returned. I have changed the behavior to sort the classes by
<br>> subClass_order instead. Also this patch makes objectclass_do_add check
<br>> if the last structural class is a valid class to add, instead of the
<br>> last class returned by objectclass_sort.
</div></div>If it could be made to work, I would really prefer the qsort() variant
<br>of this patch. Did you discover anything in the building of this patch
<br>to indicate why it didn't work?
<br><br>> * 0006-s4-dsdb-Add-a-test-for-adding-deleting-and-append.patch, add a
<br>> test to make sure you can add the posixAccount class to an object.
<br>> This was the original reason for this set of patches.
<br>>
<br>> These patches now pass make test. So I thought it was time to send
<br>> them to the list. Hopefully I did things right this time:)
<br><br>Almost :-)
<br><br>Finally, was it deliberate having a different e-mail address in the
<br>patches to the mail? (At least it's no longer root!).
<br><br>Thanks,
<br><br>Andrew Bartlett
<br><br>--
<br>Andrew Bartlett <a href="http://samba.org/~abartlet/" target="_top" rel="nofollow">http://samba.org/~abartlet/</a><br>Authentication Developer, Samba Team <a href="http://samba.org" target="_top" rel="nofollow">http://samba.org</a><br>Samba Developer, Cisco Inc.
<br><br><br /> <div class="small"><br/><img src="http://old.nabble.com/images/icon_attachment.gif" > <strong>signature.asc</strong> (196 bytes) <a href="http://old.nabble.com/attachment/26789656/0/signature.asc" target="_top">Download Attachment</a></div><p>From forum: <a href="http://old.nabble.com/Samba---samba-technical-f13164.html" embed="fixTarget[13164]" target="_top" >Samba - samba-technical</a></p>tag:old.nabble.com,2006:post-26789629Re: Samba 3.4.2 Winbind problem IDMAP GID range full2009-12-14T21:18:55Z2009-12-14T21:18:55ZGreg-194I was finally able to resolve these error messages. I was missing the
<br>winbind settings in /etc/nsswitch.conf:
<br> passwd: compat winbind
<br> group: compat winbind
<br>This is in addition to the settings that I had made to /etc/samba/smb.conf:
<br> idmap backend = tdb
<br> idmap alloc backend = tdb
<br> idmap uid = 10000-11000
<br> idmap gid = 10000-11000
<br> winbind enum users = yes
<br> winbind enum groups = yes
<br><br>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26788951Re: KVM - usb+DVI2009-12-14T19:35:16Z2009-12-14T19:35:16ZIan MunsieI'm using 2x Aten CS62DU daisy-chained together, which I bought for
<br>around $80 each from ebay.
<br><br>They handle DVI-D fine (ie, digital which is probably what you want,
<br>they are not DVI-I or DVI-A).
<br><br>They support USB with two ports (which they also use to power
<br>themselves) - one is special and needs a keyboard plugged into it to
<br>support the hotkey switching, the other is generic and can handle any
<br>USB device, typically either a mouse or USB hub.
<br><br>They also handle switching stereo sound output and a microphone input.
<br>Sound can be switched independently of the KVM part with hotkeys to
<br>allow sound being played from one box while interacting with another.
<br><br>Only drawback of this model is that it adds some low amplitude high
<br>frequency interference to the audio, however I find that as long as I
<br>don't have my speakers near full volume (instead amplifying at the
<br>mixer) the interference is inaudible, but YMMV. I would not be
<br>surprised if similar interference is added to the microphone, but I
<br>have not tested that.
<br><br>The actual KVM is a fairly small box in the middle of the cables
<br>(cables are not removable in this model) and therefore sits out of the
<br>way. In addition to the hotkey switching capabilities, it also comes
<br>with a "remote" button to switch inputs (not remote as in wireless,
<br>remote as in it has a cable between it and the switch so you can sit
<br>it next to your keyboard instead of having to reach for the KVM
<br>itself), though using the button audio cannot be switched
<br>independently.
<br><br>Hotkeys are:
<br>scroll lock, scroll lock, enter - same as pressing the button -
<br>switches everything*
<br>scroll lock, scroll lock, s, enter - switch audio, but not KVM part
<br>scroll lock, scroll lock, k, enter - switch KVM, but not audio
<br>scroll lock, scroll lock, x, enter - Changes the hotkey from scroll
<br>lock to control (I do this on my second switch so the hotkeys do not
<br>conflict)
<br><br>* unless audio was on a different input to the KVM, in which case only
<br>the KVM is switched.
<br><br>Manufacturers details are at:
<br><a href="http://www.aten.com/products/productItem.php?pid=20070420164543001" target="_top" rel="nofollow">http://www.aten.com/products/productItem.php?pid=20070420164543001</a><br><br>Cheers,
<br>-Ian
<br><br>On Sat, Dec 12, 2009 at 3:12 PM, steve jenkin <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788951&i=0" target="_top" rel="nofollow">sjenkin@...</a>> wrote:
<div class='shrinkable-quote'><br>> anyone using a KVM that handles DVI natively?
<br>>
<br>> VGA + usb KVM's are cheap & plentiful...
<br>> From a quick on-line check, ~$200 for a DVI KVM :-(
<br>> Any reason they're expensive, apart from 'new and premium'?
<br>>
<br>> I can't get a new machine to work with a VGA adaptor, have to 'consider
<br>> my options'.
<br>>
<br>> --
<br>> Steve Jenkin, Info Tech, Systems and Design Specialist.
<br>> 0412 786 915 (+61 412 786 915)
<br>> PO Box 48, Kippax ACT 2615, AUSTRALIA
<br>>
<br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788951&i=1" target="_top" rel="nofollow">sjenkin@...</a> <a href="http://members.tip.net.au/~sjenkin" target="_top" rel="nofollow">http://members.tip.net.au/~sjenkin</a><br>> --
<br>> linux mailing list
<br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788951&i=2" target="_top" rel="nofollow">linux@...</a>
<br>> <a href="https://lists.samba.org/mailman/listinfo/linux" target="_top" rel="nofollow">https://lists.samba.org/mailman/listinfo/linux</a><br>>
</div><br><br><br>--
<br><a href="http://darkstarshout.blogspot.com/" target="_top" rel="nofollow">http://darkstarshout.blogspot.com/</a><br>--
<br>On the day *I* go to work for Microsoft, faint oinking sounds will be
<br>heard from far overhead, the moon will not merely turn blue but
<br>develop polkadots, and hell will freeze over so solid the brimstone
<br>will go superconductive.
<br> -- Eric S. Raymond, 2005
<br>--
<br>Please avoid sending me Word or PowerPoint attachments.
<br>See <a href="http://www.gnu.org/philosophy/no-word-attachments.html" target="_top" rel="nofollow">http://www.gnu.org/philosophy/no-word-attachments.html</a><br>--
<br>linux mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788951&i=3" target="_top" rel="nofollow">linux@...</a>
<br><a href="https://lists.samba.org/mailman/listinfo/linux" target="_top" rel="nofollow">https://lists.samba.org/mailman/listinfo/linux</a><br><p>From forum: <a href="http://old.nabble.com/Samba---linux-f13154.html" embed="fixTarget[13154]" target="_top" >Samba - linux</a></p>tag:old.nabble.com,2006:post-26788479Re: Max Multiplex2009-12-14T18:34:48Z2009-12-14T18:34:48ZLearner StudyPls ignore it - I found the solution! But if there is any other
<br>performance trick I could use with 2003 client, pls do suggest...
<br><br>thanks!
<br><br>On Mon, Dec 14, 2009 at 6:23 PM, Learner Study <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788479&i=0" target="_top" rel="nofollow">learner.study@...</a>> wrote:
<div class='shrinkable-quote'><br>> Hello:
<br>>
<br>> 1, Is there a limit on Max Multiplex (Max Mux count) in samba?
<br>>
<br>> 2. How can it be changed from a config file or command line? I
<br>> couldn't find it so I changed it in the code but for some reason, I'm
<br>> unable to set a value over 1000....is 1000 the max for it?
<br>>
<br>> Thanks!
<br>>
</div>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26788478Re: Max Multiplex2009-12-14T18:34:48Z2009-12-14T18:34:48ZLearner StudyPls ignore it - I found the solution! But if there is any other
<br>performance trick I could use with 2003 client, pls do suggest...
<br><br>thanks!
<br><br>On Mon, Dec 14, 2009 at 6:23 PM, Learner Study <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788478&i=0" target="_top" rel="nofollow">learner.study@...</a>> wrote:
<div class='shrinkable-quote'><br>> Hello:
<br>>
<br>> 1, Is there a limit on Max Multiplex (Max Mux count) in samba?
<br>>
<br>> 2. How can it be changed from a config file or command line? I
<br>> couldn't find it so I changed it in the code but for some reason, I'm
<br>> unable to set a value over 1000....is 1000 the max for it?
<br>>
<br>> Thanks!
<br>>
<br></div><p>From forum: <a href="http://old.nabble.com/Samba---samba-technical-f13164.html" embed="fixTarget[13164]" target="_top" >Samba - samba-technical</a></p>tag:old.nabble.com,2006:post-26788400Max Multiplex2009-12-14T18:23:37Z2009-12-14T18:23:37ZLearner StudyHello:
<br><br>1, Is there a limit on Max Multiplex (Max Mux count) in samba?
<br><br>2. How can it be changed from a config file or command line? I
<br>couldn't find it so I changed it in the code but for some reason, I'm
<br>unable to set a value over 1000....is 1000 the max for it?
<br><br>Thanks!
<br>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26788396Max Multiplex2009-12-14T18:23:37Z2009-12-14T18:23:37ZLearner StudyHello:
<br><br>1, Is there a limit on Max Multiplex (Max Mux count) in samba?
<br><br>2. How can it be changed from a config file or command line? I
<br>couldn't find it so I changed it in the code but for some reason, I'm
<br>unable to set a value over 1000....is 1000 the max for it?
<br><br>Thanks!
<br><p>From forum: <a href="http://old.nabble.com/Samba---samba-technical-f13164.html" embed="fixTarget[13164]" target="_top" >Samba - samba-technical</a></p>tag:old.nabble.com,2006:post-26788360[PATCHS] fix handling of AUX classes in objectclass.c2009-12-14T18:16:57Z2009-12-14T18:16:57Zbrendan powersThese patches fix the handling of AUX classes in objectclass.c. Before
<br>this, adding an AUX class such as posixAccount to a user would fail
<br>with LDB_ERR_OBJECT_CLASS_VIOLATION.
<br><br>Here is a description of the patches
<br>* 0001-return-NULL-in-strlower_talloc-if-src-is-NULL.patch, prevents
<br>strlower_talloc from segfaulting if you pass it a NULL string.
<br>* 0002-s4-dsdb-Add-a-check-to-prevent-acl_modify-from-debu.patch,
<br>Check to see if there were any messages passed to acl_modify before
<br>debugging the first one. I think I caused this by some malformed
<br>ldiff. Unfortunately, I don't have the file that caused the problem.
<br>* 0003-s4-dsdb-Move-get_last_structural-class-from-descrip.patch, Move
<br>get_last_structural_class from descriptor.c to util.c so it can be
<br>used by objectclass.c. Also, make get_last_structural_class ignore AUX
<br>classes, as they are not structural classes.
<br>* 0004-s4-dsdb-return-an-error-if-samAccountName-is-not-sp.patch,
<br>makes sure samAccountName has been specified before adding a user.
<br>This happened while I was trying to add a user with the posixAccount
<br>objectclass. I forgot to specify the user objectClass, and samba
<br>segfaulted. It now returns LDB_ERR_CONSTRAINT_VIOLATION.
<br>* 0005-s4-dsdb-fix-handling-of-AUX-classes-in-objectclass_.patch, this
<br>is the main patch in this set. It fixes the handling of AUX classes in
<br>objectclass_sort. They were being sorted by building a class tree, and
<br>adding the classes to the list in that order. However, AUX classes
<br>usually don't fit into that tree, so LDB_ERR_OBJECT_CLASS_VIOLATION
<br>was returned. I have changed the behavior to sort the classes by
<br>subClass_order instead. Also this patch makes objectclass_do_add check
<br>if the last structural class is a valid class to add, instead of the
<br>last class returned by objectclass_sort.
<br>* 0006-s4-dsdb-Add-a-test-for-adding-deleting-and-append.patch, add a
<br>test to make sure you can add the posixAccount class to an object.
<br>This was the original reason for this set of patches.
<br><br>These patches now pass make test. So I thought it was time to send
<br>them to the list. Hopefully I did things right this time:)
<br><br /><tt>[0001-return-NULL-in-strlower_talloc-if-src-is-NULL.patch]</tt><br /><hr align="left" width="300" /><tt>From feba7a68d7a465cc73d55013a04c1eb0c14bf56f Mon Sep 17 00:00:00 2001
<br>From: Brendan Powers <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788360&i=0" target="_top" rel="nofollow">brendan@...</a>>
<br>Date: Mon, 14 Dec 2009 20:28:48 -0500
<br>Subject: [PATCH] return NULL in strlower_talloc if src is NULL
<br><br>---
<br> lib/util/charset/util_unistr.c | 4 ++++
<br> 1 files changed, 4 insertions(+), 0 deletions(-)
<br><br>diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c
<br>index 045aa4a..f820726 100644
<br>--- a/lib/util/charset/util_unistr.c
<br>+++ b/lib/util/charset/util_unistr.c
<br>@@ -430,6 +430,10 @@ _PUBLIC_ char *strlower_talloc(TALLOC_CTX *ctx, const char *src)
<br> char *dest;
<br> struct smb_iconv_convenience *iconv_convenience = get_iconv_convenience();
<br>
<br>+ if(src == NULL) {
<br>+ return NULL;
<br>+ }
<br>+
<br> /* this takes advantage of the fact that upper/lower can't
<br> change the length of a character by more than 1 byte */
<br> dest = talloc_array(ctx, char, 2*(strlen(src))+1);
<br>--
<br>1.5.4.3
<br><br></tt><hr align="left" width="300" /><br /><tt>[0002-s4-dsdb-Add-a-check-to-prevent-acl_modify-from-debu.patch]</tt><br /><hr align="left" width="300" /><tt>From 01570ffef3f476905034d4a528bcc6ad44a2c157 Mon Sep 17 00:00:00 2001
<br>From: Brendan Powers <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788360&i=1" target="_top" rel="nofollow">brendan@...</a>>
<br>Date: Mon, 14 Dec 2009 20:32:28 -0500
<br>Subject: [PATCH] s4-dsdb: Add a check to prevent acl_modify from debuging a NULL message
<br><br>---
<br> source4/dsdb/samdb/ldb_modules/acl.c | 6 +++++-
<br> 1 files changed, 5 insertions(+), 1 deletions(-)
<br><br>diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
<br>index 45aa294..fc29ba9 100644
<br>--- a/source4/dsdb/samdb/ldb_modules/acl.c
<br>+++ b/source4/dsdb/samdb/ldb_modules/acl.c
<br>@@ -700,7 +700,11 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
<br> NULL
<br> };
<br>
<br>- DEBUG(10, ("ldb:acl_modify: %s\n", req->op.mod.message->elements[0].name));
<br>+ /* Don't print this debug statement if elements[0].name is going to be NULL */
<br>+ if(req->op.mod.message->num_elements > 0)
<br>+ {
<br>+ DEBUG(10, ("ldb:acl_modify: %s\n", req->op.mod.message->elements[0].name));
<br>+ }
<br> if (what_is_user(module) == SECURITY_SYSTEM) {
<br> return ldb_next_request(module, req);
<br> }
<br>--
<br>1.5.4.3
<br><br></tt><hr align="left" width="300" /><br /><tt>[0003-s4-dsdb-Move-get_last_structural-class-from-descrip.patch]</tt><br /><hr align="left" width="300" /><tt>From 17f1efcff60aa1ee9dac0ecab99f3b3e4246ecbc Mon Sep 17 00:00:00 2001
<br>From: Brendan Powers <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788360&i=2" target="_top" rel="nofollow">brendan@...</a>>
<br>Date: Mon, 14 Dec 2009 20:36:44 -0500
<br>Subject: [PATCH] s4-dsdb: Move get_last_structural class from descriptor.c to util.c so it can be used by objectclass.c
<br> s4-dsdb: get_last_structural_class now ignores AUX classes, because they are not structural
<br><br>---
<br> source4/dsdb/samdb/ldb_modules/descriptor.c | 17 +----------------
<br> source4/dsdb/samdb/ldb_modules/util.c | 27 +++++++++++++++++++++++++++
<br> source4/dsdb/samdb/ldb_modules/util.h | 1 +
<br> 3 files changed, 29 insertions(+), 16 deletions(-)
<br><br>diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
<br>index 03cb1ff..8df93dd 100644
<br>--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
<br>+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
<br>@@ -41,6 +41,7 @@
<br> #include "libcli/security/security.h"
<br> #include "auth/auth.h"
<br> #include "param/param.h"
<br>+#include "util.h"
<br>
<br> struct descriptor_data {
<br> int _dummy;
<br>@@ -56,22 +57,6 @@ struct descriptor_context {
<br> int (*step_fn)(struct descriptor_context *);
<br> };
<br>
<br>-static const struct dsdb_class * get_last_structural_class(const struct dsdb_schema *schema, struct ldb_message_element *element)
<br>-{
<br>- const struct dsdb_class *last_class = NULL;
<br>- int i;
<br>- for (i = 0; i < element->num_values; i++){
<br>- if (!last_class) {
<br>- last_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &element->values[i]);
<br>- } else {
<br>- const struct dsdb_class *tmp_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &element->values[i]);
<br>- if (tmp_class->subClass_order > last_class->subClass_order)
<br>- last_class = tmp_class;
<br>- }
<br>- }
<br>- return last_class;
<br>-}
<br>-
<br> struct dom_sid *get_default_ag(TALLOC_CTX *mem_ctx,
<br> struct ldb_dn *dn,
<br> struct security_token *token,
<br>diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
<br>index fe6ddfa..ed65ca4 100644
<br>--- a/source4/dsdb/samdb/ldb_modules/util.c
<br>+++ b/source4/dsdb/samdb/ldb_modules/util.c
<br>@@ -24,6 +24,7 @@
<br> #include "ldb_module.h"
<br> #include "dsdb/samdb/ldb_modules/util.h"
<br> #include "dsdb/samdb/samdb.h"
<br>+#include "util.h"
<br>
<br> int dsdb_module_search_handle_flags(struct ldb_module *module, struct ldb_request *req, int dsdb_flags)
<br> {
<br>@@ -205,3 +206,29 @@ int dsdb_module_search(struct ldb_module *module,
<br> return ret;
<br> }
<br>
<br>+const struct dsdb_class * get_last_structural_class(const struct dsdb_schema *schema,const struct ldb_message_element *element)
<br>+{
<br>+ const struct dsdb_class *last_class = NULL;
<br>+ int i;
<br>+
<br>+ for (i = 0; i < element->num_values; i++){
<br>+ const struct dsdb_class *tmp_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &element->values[i]);
<br>+
<br>+ if(tmp_class == NULL) {
<br>+ continue;
<br>+ }
<br>+
<br>+ if(tmp_class->objectClassCategory == 3) {
<br>+ continue;
<br>+ }
<br>+
<br>+ if (!last_class) {
<br>+ last_class = tmp_class;
<br>+ } else {
<br>+ if (tmp_class->subClass_order > last_class->subClass_order)
<br>+ last_class = tmp_class;
<br>+ }
<br>+ }
<br>+
<br>+ return last_class;
<br>+}
<br>diff --git a/source4/dsdb/samdb/ldb_modules/util.h b/source4/dsdb/samdb/ldb_modules/util.h
<br>index 56db27d..41ec873 100644
<br>--- a/source4/dsdb/samdb/ldb_modules/util.h
<br>+++ b/source4/dsdb/samdb/ldb_modules/util.h
<br>@@ -19,6 +19,7 @@
<br> along with this program. If not, see <http://www.gnu.org/licenses/>.
<br> */
<br>
<br>+struct dsdb_schema; /* predeclare schema struct */
<br> #include "dsdb/samdb/ldb_modules/util_proto.h"
<br>
<br> #define DSDB_SEARCH_SEARCH_ALL_PARTITIONS 0x0001
<br>--
<br>1.5.4.3
<br><br></tt><hr align="left" width="300" /><br /><tt>[0004-s4-dsdb-return-an-error-if-samAccountName-is-not-sp.patch]</tt><br /><hr align="left" width="300" /><tt>From 4ebbf6c89c537a275c8d387f40411097d311337d Mon Sep 17 00:00:00 2001
<br>From: Brendan Powers <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788360&i=3" target="_top" rel="nofollow">brendan@...</a>>
<br>Date: Mon, 14 Dec 2009 20:40:26 -0500
<br>Subject: [PATCH] s4-dsdb: return an error if samAccountName is not specified when creating a user. Prevents a segfault
<br><br>---
<br> source4/dsdb/samdb/ldb_modules/password_hash.c | 7 +++++++
<br> 1 files changed, 7 insertions(+), 0 deletions(-)
<br><br>diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
<br>index 4d4f500..35ce08f 100644
<br>--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
<br>+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
<br>@@ -1487,6 +1487,13 @@ static int setup_io(struct ph_context *ac,
<br>
<br> io->n.lm_hash = samdb_result_hash(io->ac, new_msg, "dBCSPwd");
<br>
<br>+ if(io->u.sAMAccountName == NULL)
<br>+ {
<br>+ ldb_asprintf_errstring(ldb, "samAccountName is missing on %s for attempted password set/change",
<br>+ ldb_dn_get_linearized(new_msg->dn));
<br>+ return(LDB_ERR_CONSTRAINT_VIOLATION);
<br>+ }
<br>+
<br> return LDB_SUCCESS;
<br> }
<br>
<br>--
<br>1.5.4.3
<br><br></tt><hr align="left" width="300" /><br /><tt>[0005-s4-dsdb-fix-handling-of-AUX-classes-in-objectclass_.patch]</tt><br /><hr align="left" width="300" /><tt>From 6708fb4257e57a39d75afc45b61df1c906e5578e Mon Sep 17 00:00:00 2001
<br>From: Brendan Powers <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788360&i=4" target="_top" rel="nofollow">brendan@...</a>>
<br>Date: Mon, 14 Dec 2009 20:47:18 -0500
<br>Subject: [PATCH] s4-dsdb: fix handling of AUX classes in objectclass_sort by sorting the classes by subClass_order
<br> s4-dsdb: check if the last structural class is valid to add in objectclass_do_add instead of the last class in the list
<br><br>---
<br> source4/dsdb/samdb/ldb_modules/objectclass.c | 285 ++++++++++++--------------
<br> 1 files changed, 136 insertions(+), 149 deletions(-)
<br><br>diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
<br>index c47e360..d9705ce 100644
<br>--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
<br>+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
<br>@@ -43,6 +43,7 @@
<br> #include "auth/auth.h"
<br> #include "param/param.h"
<br> #include "../libds/common/flags.h"
<br>+#include "util.h"
<br>
<br> struct oc_context {
<br>
<br>@@ -92,10 +93,8 @@ static int objectclass_sort(struct ldb_module *module,
<br> struct class_list **sorted_out)
<br> {
<br> struct ldb_context *ldb;
<br>- int i;
<br>- int layer;
<br>- struct class_list *sorted = NULL, *parent_class = NULL,
<br>- *subclass = NULL, *unsorted = NULL, *current, *poss_subclass, *poss_parent, *new_parent;
<br>+ int i, lowest;
<br>+ struct class_list *unsorted = NULL, *sorted = NULL, *current = NULL, *poss_parent = NULL, *new_parent = NULL, *current_lowest = NULL;
<br>
<br> ldb = ldb_module_get_ctx(module);
<br>
<br>@@ -148,20 +147,17 @@ static int objectclass_sort(struct ldb_module *module,
<br> return LDB_ERR_NO_SUCH_ATTRIBUTE;
<br> }
<br>
<br>- /* this is the root of the tree. We will start
<br>- * looking for subclasses from here */
<br>- if (ldb_attr_cmp("top", current->objectclass->lDAPDisplayName) == 0) {
<br>- DLIST_ADD_END(parent_class, current, struct class_list *);
<br>- } else {
<br>+ /* Don't add top to list, we will do that later */
<br>+ if (ldb_attr_cmp("top", current->objectclass->lDAPDisplayName) != 0) {
<br> DLIST_ADD_END(unsorted, current, struct class_list *);
<br> }
<br> }
<br>
<br>- if (parent_class == NULL) {
<br>- current = talloc(mem_ctx, struct class_list);
<br>- current->objectclass = dsdb_class_by_lDAPDisplayName(schema, "top");
<br>- DLIST_ADD_END(parent_class, current, struct class_list *);
<br>- }
<br>+ /* Add top here, to prevent duplicates */
<br>+ current = talloc(mem_ctx, struct class_list);
<br>+ current->objectclass = dsdb_class_by_lDAPDisplayName(schema, "top");
<br>+ DLIST_ADD_END(sorted, current, struct class_list *);
<br>+
<br>
<br> /* For each object: find parent chain */
<br> for (current = unsorted; schema && current; current = current->next) {
<br>@@ -179,44 +175,24 @@ static int objectclass_sort(struct ldb_module *module,
<br> new_parent->objectclass = dsdb_class_by_lDAPDisplayName(schema, current->objectclass->subClassOf);
<br> DLIST_ADD_END(unsorted, new_parent, struct class_list *);
<br> }
<br>-
<br>- /* DEBUGGING aid: how many layers are we down now? */
<br>- layer = 0;
<br>- do {
<br>- layer++;
<br>- /* Find all the subclasses of classes in the
<br>- * parent_classes. Push them onto the subclass list */
<br>-
<br>- /* Ensure we don't bother if there are no unsorted entries left */
<br>- for (current = parent_class; schema && unsorted && current; current = current->next) {
<br>- /* Walk the list of possible subclasses in unsorted */
<br>- for (poss_subclass = unsorted; poss_subclass; ) {
<br>- struct class_list *next;
<br>-
<br>- /* Save the next pointer, as the DLIST_ macros will change poss_subclass->next */
<br>- next = poss_subclass->next;
<br>-
<br>- if (ldb_attr_cmp(poss_subclass->objectclass->subClassOf, current->objectclass->lDAPDisplayName) == 0) {
<br>- DLIST_REMOVE(unsorted, poss_subclass);
<br>- DLIST_ADD(subclass, poss_subclass);
<br>-
<br>- break;
<br>- }
<br>- poss_subclass = next;
<br>+
<br>+ do
<br>+ {
<br>+ lowest = INT_MAX;
<br>+ current_lowest = NULL;
<br>+ for (current = unsorted; schema && current; current = current->next) {
<br>+ if(current->objectclass->subClass_order < lowest) {
<br>+ current_lowest = current;
<br>+ lowest = current->objectclass->subClass_order;
<br> }
<br> }
<br>-
<br>- /* Now push the parent_classes as sorted, we are done with
<br>- these. Add to the END of the list by concatenation */
<br>- DLIST_CONCATENATE(sorted, parent_class, struct class_list *);
<br>-
<br>- /* and now find subclasses of these */
<br>- parent_class = subclass;
<br>- subclass = NULL;
<br>-
<br>- /* If we didn't find any subclasses we will fall out
<br>- * the bottom here */
<br>- } while (parent_class);
<br>+
<br>+ if(current_lowest != NULL) {
<br>+ DLIST_REMOVE(unsorted,current_lowest);
<br>+ DLIST_ADD_END(sorted,current_lowest, struct class_list *);
<br>+ }
<br>+ } while(unsorted);
<br>+
<br>
<br> if (!unsorted) {
<br> *sorted_out = sorted;
<br>@@ -466,11 +442,14 @@ static int objectclass_do_add(struct oc_context *ac)
<br> const struct dsdb_schema *schema;
<br> struct ldb_request *add_req;
<br> char *value;
<br>- struct ldb_message_element *objectclass_element;
<br>+ struct ldb_message_element *objectclass_element, *el;
<br> struct ldb_message *msg;
<br> TALLOC_CTX *mem_ctx;
<br> struct class_list *sorted, *current;
<br> int ret;
<br>+ const struct dsdb_class *objectclass;
<br>+ int32_t systemFlags = 0;
<br>+ const char *rdn_name = NULL;
<br>
<br> ldb = ldb_module_get_ctx(ac->module);
<br> schema = dsdb_get_schema(ldb);
<br>@@ -560,120 +539,128 @@ static int objectclass_do_add(struct oc_context *ac)
<br> talloc_free(mem_ctx);
<br> return ret;
<br> }
<br>- /* Last one is the critical one */
<br>- if (!current->next) {
<br>- struct ldb_message_element *el;
<br>- int32_t systemFlags = 0;
<br>- const char *rdn_name = ldb_dn_get_rdn_name(msg->dn);
<br>- if (current->objectclass->rDNAttID
<br>- && ldb_attr_cmp(rdn_name, current->objectclass->rDNAttID) != 0) {
<br>- ldb_asprintf_errstring(ldb,
<br>- "RDN %s is not correct for most specific structural objectclass %s, should be %s",
<br>- rdn_name, current->objectclass->lDAPDisplayName, current->objectclass->rDNAttID);
<br>- return LDB_ERR_NAMING_VIOLATION;
<br>- }
<br>+ }
<br>
<br>- if (ac->search_res && ac->search_res->message) {
<br>- struct ldb_message_element *oc_el
<br>- = ldb_msg_find_element(ac->search_res->message, "objectClass");
<br>+ /* Retrive the message again so get_last_structural_class works */
<br>+ objectclass_element = ldb_msg_find_element(msg, "objectClass");
<br>
<br>- bool allowed_class = false;
<br>- int i, j;
<br>- for (i=0; allowed_class == false && oc_el && i < oc_el->num_values; i++) {
<br>- const struct dsdb_class *sclass;
<br>+ /* Make sure its valid to add an object of this type */
<br>+ objectclass = get_last_structural_class(schema,objectclass_element);
<br>+ if(objectclass == NULL) {
<br>+ ldb_asprintf_errstring(ldb,
<br>+ "Failed to find a structural class for %s",
<br>+ ldb_dn_get_linearized(msg->dn));
<br>+ return LDB_ERR_NAMING_VIOLATION;
<br>+ }
<br>
<br>- sclass = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &oc_el->values[i]);
<br>- if (!sclass) {
<br>- /* We don't know this class? what is going on? */
<br>- continue;
<br>- }
<br>- if (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
<br>- for (j=0; sclass->systemPossibleInferiors && sclass->systemPossibleInferiors[j]; j++) {
<br>- if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, sclass->systemPossibleInferiors[j]) == 0) {
<br>- allowed_class = true;
<br>- break;
<br>- }
<br>- }
<br>- } else {
<br>- for (j=0; sclass->systemPossibleInferiors && sclass->systemPossibleInferiors[j]; j++) {
<br>- if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, sclass->systemPossibleInferiors[j]) == 0) {
<br>- allowed_class = true;
<br>- break;
<br>- }
<br>- }
<br>- }
<br>- }
<br>+ rdn_name = ldb_dn_get_rdn_name(msg->dn);
<br>+ if (objectclass->rDNAttID
<br>+ && ldb_attr_cmp(rdn_name, objectclass->rDNAttID) != 0) {
<br>+ ldb_asprintf_errstring(ldb,
<br>+ "RDN %s is not correct for most specific structural objectclass %s, should be %s",
<br>+ rdn_name, objectclass->lDAPDisplayName, objectclass->rDNAttID);
<br>+ return LDB_ERR_NAMING_VIOLATION;
<br>+ }
<br>
<br>- if (!allowed_class) {
<br>- ldb_asprintf_errstring(ldb, "structural objectClass %s is not a valid child class for %s",
<br>- current->objectclass->lDAPDisplayName, ldb_dn_get_linearized(ac->search_res->message->dn));
<br>- return LDB_ERR_NAMING_VIOLATION;
<br>- }
<br>- }
<br>+ if (ac->search_res && ac->search_res->message) {
<br>+ struct ldb_message_element *oc_el
<br>+ = ldb_msg_find_element(ac->search_res->message, "objectClass");
<br>
<br>- if (current->objectclass->systemOnly && !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
<br>- ldb_asprintf_errstring(ldb, "objectClass %s is systemOnly, rejecting creation of %s",
<br>- current->objectclass->lDAPDisplayName, ldb_dn_get_linearized(msg->dn));
<br>- return LDB_ERR_UNWILLING_TO_PERFORM;
<br>- }
<br>+ bool allowed_class = false;
<br>+ int i, j;
<br>+ for (i=0; allowed_class == false && oc_el && i < oc_el->num_values; i++) {
<br>+ const struct dsdb_class *sclass;
<br>
<br>- if (!ldb_msg_find_element(msg, "objectCategory")) {
<br>- struct dsdb_extended_dn_store_format *dn_format = talloc_get_type(ldb_module_get_private(ac->module), struct dsdb_extended_dn_store_format);
<br>- if (dn_format && dn_format->store_extended_dn_in_ldb == false) {
<br>- /* Strip off extended components */
<br>- struct ldb_dn *dn = ldb_dn_new(msg, ldb, current->objectclass->defaultObjectCategory);
<br>- value = ldb_dn_alloc_linearized(msg, dn);
<br>- talloc_free(dn);
<br>- } else {
<br>- value = talloc_strdup(msg, current->objectclass->defaultObjectCategory);
<br>+ sclass = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &oc_el->values[i]);
<br>+ if (!sclass) {
<br>+ /* We don't know this class? what is going on? */
<br>+ continue;
<br>+ }
<br>+ if (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
<br>+ for (j=0; sclass->systemPossibleInferiors && sclass->systemPossibleInferiors[j]; j++) {
<br>+ if (ldb_attr_cmp(objectclass->lDAPDisplayName, sclass->systemPossibleInferiors[j]) == 0) {
<br>+ allowed_class = true;
<br>+ break;
<br>+ }
<br> }
<br>- if (value == NULL) {
<br>- ldb_oom(ldb);
<br>- talloc_free(mem_ctx);
<br>- return LDB_ERR_OPERATIONS_ERROR;
<br>+ } else {
<br>+ for (j=0; sclass->systemPossibleInferiors && sclass->systemPossibleInferiors[j]; j++) {
<br>+ if (ldb_attr_cmp(objectclass->lDAPDisplayName, sclass->systemPossibleInferiors[j]) == 0) {
<br>+ allowed_class = true;
<br>+ break;
<br>+ }
<br> }
<br>- ldb_msg_add_string(msg, "objectCategory", value);
<br>- }
<br>- if (!ldb_msg_find_element(msg, "showInAdvancedViewOnly") && (current->objectclass->defaultHidingValue == true)) {
<br>- ldb_msg_add_string(msg, "showInAdvancedViewOnly",
<br>- "TRUE");
<br> }
<br>+ }
<br>
<br>- /* There are very special rules for systemFlags, see MS-ADTS 3.1.1.5.2.4 */
<br>- el = ldb_msg_find_element(msg, "systemFlags");
<br>+ if (!allowed_class) {
<br>+ ldb_asprintf_errstring(ldb, "structural objectClass %s is not a valid child class for %s",
<br>+ objectclass->lDAPDisplayName, ldb_dn_get_linearized(ac->search_res->message->dn));
<br>+ return LDB_ERR_NAMING_VIOLATION;
<br>+ }
<br>+ }
<br>
<br>- systemFlags = ldb_msg_find_attr_as_int(msg, "systemFlags", 0);
<br>+ if (objectclass->systemOnly && !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
<br>+ ldb_asprintf_errstring(ldb, "objectClass %s is systemOnly, rejecting creation of %s",
<br>+ objectclass->lDAPDisplayName, ldb_dn_get_linearized(msg->dn));
<br>+ return LDB_ERR_UNWILLING_TO_PERFORM;
<br>+ }
<br>
<br>- if (el) {
<br>- /* Only these flags may be set by a client, but we can't tell between a client and our provision at this point */
<br>- /* systemFlags &= ( SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_LIMITED_MOVE); */
<br>- ldb_msg_remove_element(msg, el);
<br>- }
<br>+ if (!ldb_msg_find_element(msg, "objectCategory")) {
<br>+ struct dsdb_extended_dn_store_format *dn_format = talloc_get_type(ldb_module_get_private(ac->module), struct dsdb_extended_dn_store_format);
<br>+ if (dn_format && dn_format->store_extended_dn_in_ldb == false) {
<br>+ /* Strip off extended components */
<br>+ struct ldb_dn *dn = ldb_dn_new(msg, ldb, objectclass->defaultObjectCategory);
<br>+ value = ldb_dn_alloc_linearized(msg, dn);
<br>+ talloc_free(dn);
<br>+ } else {
<br>+ value = talloc_strdup(msg, objectclass->defaultObjectCategory);
<br>+ }
<br>+ if (value == NULL) {
<br>+ ldb_oom(ldb);
<br>+ talloc_free(mem_ctx);
<br>+ return LDB_ERR_OPERATIONS_ERROR;
<br>+ }
<br>+ ldb_msg_add_string(msg, "objectCategory", value);
<br>+ }
<br>+ if (!ldb_msg_find_element(msg, "showInAdvancedViewOnly") && (objectclass->defaultHidingValue == true)) {
<br>+ ldb_msg_add_string(msg, "showInAdvancedViewOnly",
<br>+ "TRUE");
<br>+ }
<br>
<br>- /* This flag is only allowed on attributeSchema objects */
<br>- if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, "attributeSchema") == 0) {
<br>- systemFlags &= ~SYSTEM_FLAG_ATTR_IS_RDN;
<br>- }
<br>+ /* There are very special rules for systemFlags, see MS-ADTS 3.1.1.5.2.4 */
<br>+ el = ldb_msg_find_element(msg, "systemFlags");
<br>
<br>- if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, "server") == 0) {
<br>- systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE | SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE);
<br>- } else if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, "site") == 0
<br>- || ldb_attr_cmp(current->objectclass->lDAPDisplayName, "serverContainer") == 0
<br>- || ldb_attr_cmp(current->objectclass->lDAPDisplayName, "ntDSDSA") == 0) {
<br>- systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
<br>-
<br>- } else if (ldb_attr_cmp(current->objectclass->lDAPDisplayName, "siteLink") == 0
<br>- || ldb_attr_cmp(current->objectclass->lDAPDisplayName, "siteLinkBridge") == 0
<br>- || ldb_attr_cmp(current->objectclass->lDAPDisplayName, "nTDSConnection") == 0) {
<br>- systemFlags |= (int32_t)(SYSTEM_FLAG_CONFIG_ALLOW_RENAME);
<br>- }
<br>+ systemFlags = ldb_msg_find_attr_as_int(msg, "systemFlags", 0);
<br>
<br>- /* TODO: If parent object is site or subnet, also add (SYSTEM_FLAG_CONFIG_ALLOW_RENAME) */
<br>+ if (el) {
<br>+ /* Only these flags may be set by a client, but we can't tell between a client and our provision at this point */
<br>+ /* systemFlags &= ( SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_LIMITED_MOVE); */
<br>+ ldb_msg_remove_element(msg, el);
<br>+ }
<br>
<br>- if (el || systemFlags != 0) {
<br>- samdb_msg_add_int(ldb, msg, msg, "systemFlags", systemFlags);
<br>- }
<br>- }
<br>+ /* This flag is only allowed on attributeSchema objects */
<br>+ if (ldb_attr_cmp(objectclass->lDAPDisplayName, "attributeSchema") == 0) {
<br>+ systemFlags &= ~SYSTEM_FLAG_ATTR_IS_RDN;
<br>+ }
<br>+
<br>+ if (ldb_attr_cmp(objectclass->lDAPDisplayName, "server") == 0) {
<br>+ systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE | SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE);
<br>+ } else if (ldb_attr_cmp(objectclass->lDAPDisplayName, "site") == 0
<br>+ || ldb_attr_cmp(objectclass->lDAPDisplayName, "serverContainer") == 0
<br>+ || ldb_attr_cmp(objectclass->lDAPDisplayName, "ntDSDSA") == 0) {
<br>+ systemFlags |= (int32_t)(SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE);
<br>+
<br>+ } else if (ldb_attr_cmp(objectclass->lDAPDisplayName, "siteLink") == 0
<br>+ || ldb_attr_cmp(objectclass->lDAPDisplayName, "siteLinkBridge") == 0
<br>+ || ldb_attr_cmp(objectclass->lDAPDisplayName, "nTDSConnection") == 0) {
<br>+ systemFlags |= (int32_t)(SYSTEM_FLAG_CONFIG_ALLOW_RENAME);
<br>+ }
<br>+
<br>+ /* TODO: If parent object is site or subnet, also add (SYSTEM_FLAG_CONFIG_ALLOW_RENAME) */
<br>+
<br>+ if (el || systemFlags != 0) {
<br>+ samdb_msg_add_int(ldb, msg, msg, "systemFlags", systemFlags);
<br> }
<br> }
<br>
<br>--
<br>1.5.4.3
<br><br></tt><hr align="left" width="300" /><br /><tt>[0006-s4-dsdb-Add-a-test-for-adding-deleting-and-append.patch]</tt><br /><hr align="left" width="300" /><tt>From 08e8f82c0b52a213ddc1ed475e6bb2a1ad7e455a Mon Sep 17 00:00:00 2001
<br>From: Brendan Powers <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26788360&i=5" target="_top" rel="nofollow">brendan@...</a>>
<br>Date: Mon, 14 Dec 2009 20:51:10 -0500
<br>Subject: [PATCH] s4-dsdb: Add a test for adding, deleting, and appending a psoxAccount objectClass to a user
<br><br>---
<br> source4/lib/ldb/tests/python/ldap.py | 30 ++++++++++++++++++++++++++++++
<br> 1 files changed, 30 insertions(+), 0 deletions(-)
<br><br>diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
<br>index d0a0ed2..54b623a 100755
<br>--- a/source4/lib/ldb/tests/python/ldap.py
<br>+++ b/source4/lib/ldb/tests/python/ldap.py
<br>@@ -1719,6 +1719,36 @@ member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
<br> res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
<br> self.assertTrue(len(res) > 0)
<br>
<br>+ print "Testing creating a user with the posixAccount objectClass"
<br>+ self.ldb.add_ldif("""dn: cn=posixuser,CN=Users,%s
<br>+objectClass: top
<br>+objectClass: person
<br>+objectClass: posixAccount
<br>+objectClass: user
<br>+objectClass: organizationalPerson
<br>+cn: posixuser
<br>+uid: posixuser
<br>+sn: posixuser
<br>+uidNumber: 10126
<br>+gidNumber: 10126
<br>+homeDirectory: /home/posixuser
<br>+loginShell: /bin/bash
<br>+gecos: Posix User;;;
<br>+description: A POSIX user"""% (self.base_dn))
<br>+
<br>+ print "Testing removing the posixAccount objectClass from an existing user"
<br>+ self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
<br>+changetype: modify
<br>+delete: objectClass
<br>+objectClass: posixAccount"""% (self.base_dn))
<br>+
<br>+ print "Testing adding the posixAccount objectClass to an existing user"
<br>+ self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
<br>+changetype: modify
<br>+add: objectClass
<br>+objectClass: posixAccount"""% (self.base_dn))
<br>+
<br>+ self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
<br> self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
<br> self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
<br> self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
<br>--
<br>1.5.4.3
<br><br></tt><hr align="left" width="300" /><p>From forum: <a href="http://old.nabble.com/Samba---samba-technical-f13164.html" embed="fixTarget[13164]" target="_top" >Samba - samba-technical</a></p>tag:old.nabble.com,2006:post-26787666Re: chpasswd gone..2009-12-14T16:42:46Z2009-12-14T16:42:46ZTony BreedsOn Tue, Dec 15, 2009 at 11:20:40AM +1100, Andrew Janke wrote:
<div class='shrinkable-quote'><br>> Anyone happen to know where this is gone on later versions of
<br>> Ubuntu/Debian? The new version seems to be very stripped down and
<br>> devoid of function for md5/encrypted passwords.
<br>>
<br>> Previously I could do something like this:
<br>>
<br>> 1) copy appropriate shadow lines from some other machine:
<br>>
<br>> 2) chpasswd --encrypted < modded-shadow-file
<br>>
<br>> Or is there a "better way" to update a bunch of passwords? (No, I
<br>> can't/dont want to play NIS/LDAP).
</div><br>If you have the plaintext you can use the --stdin on pwsswd, if not then
<br>just use sed -i- -s 's/^\(uname)\)<old crypt string>/\1<new crypt string>/'
<br>on shadow, taking the "locks" on either side of the sed
<br><br>Yours Tony
<br>--
<br>linux mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787666&i=0" target="_top" rel="nofollow">linux@...</a>
<br><a href="https://lists.samba.org/mailman/listinfo/linux" target="_top" rel="nofollow">https://lists.samba.org/mailman/listinfo/linux</a><br><p>From forum: <a href="http://old.nabble.com/Samba---linux-f13154.html" embed="fixTarget[13154]" target="_top" >Samba - linux</a></p>tag:old.nabble.com,2006:post-26787492chpasswd gone..2009-12-14T16:20:40Z2009-12-14T16:20:40ZAndrew JankeAnyone happen to know where this is gone on later versions of
<br>Ubuntu/Debian? The new version seems to be very stripped down and
<br>devoid of function for md5/encrypted passwords.
<br><br>Previously I could do something like this:
<br><br> 1) copy appropriate shadow lines from some other machine:
<br><br> 2) chpasswd --encrypted < modded-shadow-file
<br><br>Or is there a "better way" to update a bunch of passwords? (No, I
<br>can't/dont want to play NIS/LDAP).
<br><br>Thanks
<br><br>--
<br>Andrew Janke
<br>(<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787492&i=0" target="_top" rel="nofollow">a.janke@...</a> || <a href="http://a.janke.googlepages.com/" target="_top" rel="nofollow">http://a.janke.googlepages.com/</a>)
<br>Canberra->Australia +61 (402) 700 883
<br>--
<br>linux mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787492&i=1" target="_top" rel="nofollow">linux@...</a>
<br><a href="https://lists.samba.org/mailman/listinfo/linux" target="_top" rel="nofollow">https://lists.samba.org/mailman/listinfo/linux</a><br><p>From forum: <a href="http://old.nabble.com/Samba---linux-f13154.html" embed="fixTarget[13154]" target="_top" >Samba - linux</a></p>tag:old.nabble.com,2006:post-26787440Re: primaryGroupToken2009-12-14T16:14:11Z2009-12-14T16:14:11ZEdgar OlougounaAndrew,
<br><br>Your observation regarding the primaryGroupToken attribute is right. We have reviewed and updated the definition in MS-ADA3. The update will appear in a future release of the document.
<br><br>Current MS-ADA3
<br><br>2.120 Attribute primaryGroupToken
<br><br>This attribute specifies a computed attribute that is used in retrieving the membership list of a group such as Domain Users. The complete membership of such groups is not stored explicitly for scaling reasons. For more information refer to [MS-ADTS] section 3.1.1.4.5.11 and [MS-SAMR].
<br><br>MS-ADA3 update similar to:
<br><br>2.120 Attribute primaryGroupToken
<br><br>This attribute specifies a computed attribute that is the relative identifier (RID) of the group's SID. For more information refer to [MS-ADTS] section 3.1.1.4.5.11 and [MS-SAMR].
<br><br>Thanks for helping us improve the MS-ADA3 documentation.
<br><br>Best regards,
<br>Edgar
<br><br>-----Original Message-----
<br>From: Edgar Olougouna
<br>Sent: Friday, December 04, 2009 9:09 AM
<br>To: 'Andrew Bartlett'
<br>Cc: '<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787440&i=0" target="_top" rel="nofollow">cifs-protocol@...</a>'; '<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787440&i=1" target="_top" rel="nofollow">pfif@...</a>'; 'Matthieu Patou'
<br>Subject: RE: primaryGroupToken
<br><br>Andrew,
<br><br>I am looking into this and will keep you updated with my progress.
<br><br>Best regards,
<br><br>Edgar A. Olougouna
<br>Sr. SEE, Microsoft DSC Protocol Team
<br><br>-----Original Message-----
<br>From: Andrew Bartlett [mailto:<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787440&i=2" target="_top" rel="nofollow">abartlet@...</a>]
<br>Sent: Thursday, December 03, 2009 4:00 PM
<br>To: Interoperability Documentation Help
<br>Cc: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787440&i=3" target="_top" rel="nofollow">cifs-protocol@...</a>; <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787440&i=4" target="_top" rel="nofollow">pfif@...</a>; Matthieu Patou
<br>Subject: primaryGroupToken
<br><br>MS-ADA3 2.120 claims:
<br><br>Attribute primaryGroupToken
<br> This attribute specifies a computed attribute that is used in retrieving the membership list of a group
<br> such as Domain Users. The complete membership of such groups is not stored explicitly for scaling
<br> reasons. For more information refer to [MS-ADTS] section 3.1.1.4.5.11 and [MS-SAMR].
<br><br>However,
<br>MS-ADTS 3.1.1.4.5.11 claims:
<br><br>primaryGroupToken
<br> Let TO be the object from which the primaryGroupToken attribute is being read.
<br> The value of TO!primaryGroupToken is the RID from TO!objectSid when there exists C in
<br> TO!objectClass such that C is the group class. Otherwise, no value is returned. That is, if TO is a
<br> group, then the value of this attribute is the RID from the group's SID. If TO is not a group, no
<br> value is returned when this attribute is read from TO.
<br><br>The behaviour of Window 2008 appears to follow MS-ADTS. That is, the primaryGroupToken appears to be the RID of the objectSID for all groups.
<br><br>Please advise, clarify or correct,
<br><br>Thanks,
<br><br>Andrew Bartlett
<br><br>--
<br>Andrew Bartlett <a href="http://samba.org/~abartlet/" target="_top" rel="nofollow">http://samba.org/~abartlet/</a><br>Authentication Developer, Samba Team <a href="http://samba.org" target="_top" rel="nofollow">http://samba.org</a><br>Samba Developer, Cisco Inc.
<br><br>_______________________________________________
<br>cifs-protocol mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787440&i=5" target="_top" rel="nofollow">cifs-protocol@...</a>
<br><a href="https://lists.samba.org/mailman/listinfo/cifs-protocol" target="_top" rel="nofollow">https://lists.samba.org/mailman/listinfo/cifs-protocol</a><br><p>From forum: <a href="http://old.nabble.com/Samba---cifs-protocol-f13152.html" embed="fixTarget[13152]" target="_top" >Samba - cifs-protocol</a></p>tag:old.nabble.com,2006:post-26787225GMA500/PSB - the saga continues.2009-12-14T15:47:14Z2009-12-14T15:47:14ZBAXTER,AdamAnd now, for something completely different.
<br>Intel releases *another* driver for *some* GMA500 based chipsets.
<br><br><a href="http://edc.intel.com/Software/Downloads/IEGD/" target="_top" rel="nofollow">http://edc.intel.com/Software/Downloads/IEGD/</a><br><br>Yes, the Linux driver *is* packed in a 126mb Windows exe.
<br><br>--Adam
<br>Notice:
<br><br>The information contained in this email message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient any use, disclosure or copying of this email is unauthorised. If you received this email in error, please notify the DEEWR Service Desk by calling (02) 6240 9999 and delete all copies of this transmission together with any attachments.
<br><br>--
<br>linux mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787225&i=0" target="_top" rel="nofollow">linux@...</a>
<br><a href="https://lists.samba.org/mailman/listinfo/linux" target="_top" rel="nofollow">https://lists.samba.org/mailman/listinfo/linux</a><br><p>From forum: <a href="http://old.nabble.com/Samba---linux-f13154.html" embed="fixTarget[13154]" target="_top" >Samba - linux</a></p>tag:old.nabble.com,2006:post-26787120Re: disabling extended security attributes2009-12-14T15:43:56Z2009-12-14T15:43:56ZLearner StudyThanks!
<br><br>Is there any documentation on performance tricks that may be used -
<br>specifically with samba running against windows 2003 client (with
<br>IOZone benchmarking app). I have seen a write up in internet that
<br>talks about tuning max xmit, read size etc. but that is not helping.
<br><br>I'm interesting to know if there is a full list of parameters that
<br>user can tune....
<br><br>Thanks in advance for any pointers...
<br><br><br><br>On Sun, Dec 13, 2009 at 2:34 PM, Andrew Bartlett <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787120&i=0" target="_top" rel="nofollow">abartlet@...</a>> wrote:
<div class='shrinkable-quote'><br>> On Fri, 2009-12-11 at 17:15 -0800, Learner Study wrote:
<br>>> Thanks! that worked...I had disabled the code from negprot.c.
<br>>>
<br>>> BTW, are there more commands like this I could use to improve perf
<br>>> against windows 2003 client.
<br>>
<br>> This isn't a performance tuning command, and I doubt you will notice any
<br>> change with a modern client such as Windows 2003, unless your network is
<br>> badly misconfigured.
<br>>
<br>> Indeed, it can actually reduce performance, because it will turn off
<br>> Kerberos (which, if set up correctly, can improve performance compared
<br>> with NTLM).
<br>>
<br>> Andrew Bartlett
<br>>
<br>> --
<br>> Andrew Bartlett <a href="http://samba.org/~abartlet/" target="_top" rel="nofollow">http://samba.org/~abartlet/</a><br>> Authentication Developer, Samba Team <a href="http://samba.org" target="_top" rel="nofollow">http://samba.org</a><br>> Samba Developer, Cisco Inc.
<br>>
<br>>
</div>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26787119Re: disabling extended security attributes2009-12-14T15:43:56Z2009-12-14T15:43:56ZLearner StudyThanks!
<br><br>Is there any documentation on performance tricks that may be used -
<br>specifically with samba running against windows 2003 client (with
<br>IOZone benchmarking app). I have seen a write up in internet that
<br>talks about tuning max xmit, read size etc. but that is not helping.
<br><br>I'm interesting to know if there is a full list of parameters that
<br>user can tune....
<br><br>Thanks in advance for any pointers...
<br><br><br><br>On Sun, Dec 13, 2009 at 2:34 PM, Andrew Bartlett <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26787119&i=0" target="_top" rel="nofollow">abartlet@...</a>> wrote:
<div class='shrinkable-quote'><br>> On Fri, 2009-12-11 at 17:15 -0800, Learner Study wrote:
<br>>> Thanks! that worked...I had disabled the code from negprot.c.
<br>>>
<br>>> BTW, are there more commands like this I could use to improve perf
<br>>> against windows 2003 client.
<br>>
<br>> This isn't a performance tuning command, and I doubt you will notice any
<br>> change with a modern client such as Windows 2003, unless your network is
<br>> badly misconfigured.
<br>>
<br>> Indeed, it can actually reduce performance, because it will turn off
<br>> Kerberos (which, if set up correctly, can improve performance compared
<br>> with NTLM).
<br>>
<br>> Andrew Bartlett
<br>>
<br>> --
<br>> Andrew Bartlett <a href="http://samba.org/~abartlet/" target="_top" rel="nofollow">http://samba.org/~abartlet/</a><br>> Authentication Developer, Samba Team <a href="http://samba.org" target="_top" rel="nofollow">http://samba.org</a><br>> Samba Developer, Cisco Inc.
<br>>
<br>>
<br></div><p>From forum: <a href="http://old.nabble.com/Samba---samba-technical-f13164.html" embed="fixTarget[13164]" target="_top" >Samba - samba-technical</a></p>tag:old.nabble.com,2006:post-26784887Re: NGROUPS_MAX : proxy authentication/authorization2009-12-14T13:04:39Z2009-12-14T13:04:39ZVolker LendeckeOn Mon, Dec 14, 2009 at 05:41:22PM +0100, <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26784887&i=0" target="_top" rel="nofollow">miguel.sanders@...</a> wrote:
<br>> Thanks for your feedback.
<br>> I'll certainly look into this further.
<br>> Also, in our environment, the AD groups used for Samba access to shares
<br>> are all located in a single dedicated OU.
<br>> Could that dedicated OU be a starting point of the group enumeration of
<br>> a user (I'm just thinking out loud)?
<br><br>Once you have the filter infrastructure in place, there's
<br>many ways to choose the groups. I already had the proposal
<br>to have a simple glob-style filter on the nt-compatible
<br>group name.
<br><br>Volker
<br><br /> <div class="small"><br/><img src="http://old.nabble.com/images/icon_attachment.gif" > <strong>signature.asc</strong> (204 bytes) <a href="http://old.nabble.com/attachment/26784887/0/signature.asc" target="_top">Download Attachment</a></div><p>From forum: <a href="http://old.nabble.com/Samba---samba-technical-f13164.html" embed="fixTarget[13164]" target="_top" >Samba - samba-technical</a></p>tag:old.nabble.com,2006:post-26782542Re: Regedit2009-12-14T10:34:05Z2009-12-14T10:34:05ZNick Pappin-2On Fri, Dec 11, 2009 at 8:27 AM, Gaiseric Vandal
<br><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26782542&i=0" target="_top" rel="nofollow">gaiseric.vandal@...</a>>wrote:
<br><div class='shrinkable-quote'><br>> On 12/10/09 14:39, Nick Pappin wrote:
<br>>
<br>>> On Tue, Dec 8, 2009 at 4:40 PM, Nick Pappin<<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26782542&i=1" target="_top" rel="nofollow">npappin@...</a>> wrote:
<br>>>
<br>>>
<br>>>
<br>>>> Hey Everyone,
<br>>>> So here is what is going on I have two computers on the same network
<br>>>> that are both connected to the PDC of a samba domain (on the same network
<br>>>> segment):
<br>>>>
<br>>>>
<br>>>> ____________________________________________
<br>>>> |
<br>>>> | |
<br>>>> |
<br>>>> | |
<br>>>> _________
<br>>>> _________ ______
<br>>>> | comp1 | | comp2 |
<br>>>> | PDC |
<br>>>> ---------------
<br>>>> --------------- ----------
<br>>>>
<br>>>> Now when i try to connect to the registry of comp1 from comp2 I get an
<br>>>> error saying i don't have permission to connect using the domain
<br>>>> administrator account. This also coincides with a name mismatch error:
<br>>>>
<br>>>> [2009/12/08 16:10:43, 0] lib/util_sock.c:matchname(1721)
<br>>>> matchname: host name/name mismatch: FOO != FOO.bar.com
<br>>>>
<br>>>> Could this be causing my problem and how should I troubleshoot this
<br>>>> problem. Any ideas would be greatly appreciated.
<br>>>>
<br>>>> Thanks,
<br>>>> Nick
<br>>>>
<br>>>>
<br>>>>
<br>>>>
<br>>> Hi everyone,
<br>>> I have fixed the mismatch error but it still isn't working I was
<br>>> hoping someone could help me. From what I can tell in the logs I am
<br>>> authenticating on the machine however then I see a wrong password entry.
<br>>> Could someone please explain to me what is going on.
<br>>>
<br>>> I have attached a level 2 log file if you need higher I can do that as
<br>>> well.
<br>>>
<br>>>
<br>>>
<br>>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
<br>>> init_sam_from_ldap: Entry found for user: root
<br>>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
<br>>> init_group_from_ldap: Entry found for group: 512
<br>>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
<br>>> check_ntlm_password: authentication for user [root] -> [root] ->
<br>>> [root]
<br>>> succeeded
<br>>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
<br>>> init_sam_from_ldap: Entry found for user: root
<br>>> [2009/12/10 11:21:49, 0] lib/util_sock.c:matchname(1749)
<br>>> matchname: host name/address mismatch: ::ffff:192.168.1.200 != it0
<br>>> [2009/12/10 11:21:49, 0] lib/util_sock.c:get_peer_name(1870)
<br>>> Matchname failed on it0 ::ffff:192.168.1.200
<br>>> [2009/12/10 11:21:49, 2]
<br>>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
<br>>> Returning domain sid for domain LATAHFCU ->
<br>>> S-1-5-21-2238568125-4161709326-2298815865
<br>>> [2009/12/10 11:21:49, 2]
<br>>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
<br>>> Returning domain sid for domain LATAHFCU ->
<br>>> S-1-5-21-2238568125-4161709326-2298815865
<br>>> [2009/12/10 11:21:49, 2]
<br>>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
<br>>> Returning domain sid for domain LATAHFCU ->
<br>>> S-1-5-21-2238568125-4161709326-2298815865
<br>>> [2009/12/10 11:21:49, 2]
<br>>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
<br>>> Returning domain sid for domain LATAHFCU ->
<br>>> S-1-5-21-2238568125-4161709326-2298815865
<br>>> [2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
<br>>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
<br>>> all
<br>>> old resources.
<br>>> [2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
<br>>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
<br>>> all
<br>>> old resources.
<br>>> [2009/12/10 11:21:49, 2] lib/smbldap.c:smbldap_open_connection(856)
<br>>> smbldap_open_connection: connection opened
<br>>> [2009/12/10 11:21:49, 2] lib/module.c:do_smb_load_module(64)
<br>>> Module '/usr/lib64/samba/vfs/full_audit.so' loaded
<br>>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
<br>>> init_sam_from_ldap: Entry found for user: root
<br>>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
<br>>> init_ldap_from_sam: Setting entry for user: root
<br>>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(318)
<br>>> check_ntlm_password: Authentication for user [Administrator] -> [root]
<br>>> FAILED with error NT_STATUS_WRONG_PASSWORD
<br>>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
<br>>> init_sam_from_ldap: Entry found for user: root
<br>>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
<br>>> init_group_from_ldap: Entry found for group: 512
<br>>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
<br>>> check_ntlm_password: authentication for user [root] -> [root] ->
<br>>> [root]
<br>>> succeeded
<br>>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
<br>>> init_sam_from_ldap: Entry found for user: root
<br>>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
<br>>> check_ntlm_password: authentication for user [root] -> [root] ->
<br>>> [root]
<br>>> succeeded
<br>>> [2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
<br>>> init_sam_from_ldap: Entry found for user: root
<br>>> [2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
<br>>> init_ldap_from_sam: Setting entry for user: root
<br>>> [2009/12/10 11:21:54, 2] auth/auth.c:check_ntlm_password(318)
<br>>> check_ntlm_password: Authentication for user [Administrator] -> [root]
<br>>> FAILED with error NT_STATUS_WRONG_PASSWORD
<br>>>
<br>>>
<br>>> Thank you for your time,
<br>>> --
<br>>> Nick
<br>>>
<br>>>
<br>>
<br>> Did you map the Administrator account to the root account?
<br>>
<br>> I would try either creating an Administrator account in unix and not have
<br>> the mapping or try adding another WIndows account to the domain admin group
<br>> and seeing if that account can to the remote registry management.
<br>>
<br>>
<br>> If you log in to a PC as a Domain Administrator, are you able to do
<br>> Administrative things like adding local users?
<br>>
<br>>
<br>>
<br>>
<br>> --
<br>> To unsubscribe from this list go to the following URL and read the
<br>> instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br>>
</div><br><br>Yes I have set up a username map. When I log into the PC as a Domain
<br>Administrator I am able to connect to remote machines registry. I did forget
<br>to mention that I am using an ldap backend so my Administrator and root
<br>accounts are one in the same. However when I log in as a local administrator
<br>and try to use domain credentials it fails to work.
<br><br>--
<br>Nick
<br>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26781434samba caching a broken krb5.conf.NETBIOSDOMAINNAME2009-12-14T09:17:29Z2009-12-14T09:17:29ZRJTi am in a mixed win2000 and win2003 R1 ActiveDirectory environment.
<br>Have always had ntlmv2 server and client required. LM and NTLM have
<br>always been rejected. That is how it has been for 10 years.
<br><br>Mounting from CentOS 5 to the windows servers has not been an issue
<br>for years. However, using ADS credentials for Linux workstation
<br>logons has always been a issue. If using ADS credentials to logon to
<br>a Linux workstation worked once, it would stop working for no apparent
<br>reason very quickly. The problem seems to be that samba kerberos
<br>wants to revert to using very old encryption technology that is
<br>probably on par with plain LM.
<br><br>How can i force samba to use and _KEEP_USING_ the better security
<br>enctypes? i am no expert, but you don't have to be an expert to know
<br>that aes is better than des-cbc-crc . des was broken in 1998, why is
<br>samba kerberos trying to use it? Win 95 LM uses DES -- look at
<br>lmHash() documented at <a href="http://davenport.sourceforge.net/ntlm.html" target="_top" rel="nofollow">http://davenport.sourceforge.net/ntlm.html</a>.
<br><br>We have been using our CentOS clients to mount with ntlmv2i so why
<br>would attempts at joining the ADS domain fail with "stronger
<br>authentication required"?
<br>mount -t cifs //ADScontroller/share /mnt/ntlmv2iprotected --verbose
<br>-o <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26781434&i=0" target="_top" rel="nofollow">username=user@...</a>,sec=ntlmv2i
<br><br>Success with "kinit <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26781434&i=1" target="_top" rel="nofollow">admin@...</a>"
<br><br>But then "net -d 10 ads join -U <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26781434&i=2" target="_top" rel="nofollow">admin@...</a>" would fail
<br>with "stronger authentication required." I wondering why stronger
<br>auth would be needed by ADS when i am already mounting a file share on
<br>the ADS domain controller using ntlmv2i?
<br><br>The answer is in "klist -e" and
<br>/var/cache/samba/smb_krb5/krb5.conf.NETBIOSDOMAINNAME:
<br> default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
<br> default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
<br> preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
<br><br>Deleted the samba cache and added the following to /etc/krb5.conf and
<br>it worked once to join the domain and logon a CentOS box with ADS
<br>credentials.
<br>i could even map a drive letter from our Win2003 box to the CentOS
<br>share using ADS credentials.
<br> default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
<br>des-cbc-crc des-cbc-md5
<br> default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
<br>des-cbc-crc des-cbc-md5
<br> permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
<br>des-cbc-crc des-cbc-md5
<br><br>The samba cached krb5.conf.NETBIOSDOMAINNAME would come back populated
<br>with weak and incompatible encryption types while /etc/krb5.conf would
<br>still have decent enctypes. Then my account is locked out in ADS.
<br><br>So how can i permanently force samba to use the better enctypes?
<br>Disable it from ever using weak encryption such as DES? Triple DES
<br>des3-hmac-sha1 would be ok.
<br>How does one find the exact enctypes ADS will accept? There must be a
<br>command or ldap location but i had many problems finding it.
<br><br><br><br><br>The following are all previously documented problems related to this.
<br>Symptoms left here for when others search.
<br><br>kinit succeeded but ads_sasl_spnego_krb5_bind failed
<br><br>[Samba] winbind and smb tries to auth as pdc$ rather than local name
<br>when using ADS
<br><a href="http://lists.samba.org/archive/samba/2009-October/150849.html" target="_top" rel="nofollow">http://lists.samba.org/archive/samba/2009-October/150849.html</a><br><br>From a debug level 10 using smbclient,
<br>lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory
<br>tree connect failed: NT_STATUS_ACCESS_DENIED
<br><br>CentOS 5
<br>samba-common 3.0.33-3.15.el5_4
<br><br>A HPUX guy reverted his net binary to an older version.
<br><br>Sorry for the long post, but blogger is giving me some issues and i
<br>will need this as reference material.
<br>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26780854RE: NGROUPS_MAX : proxy authentication/authorization2009-12-14T08:41:22Z2009-12-14T08:41:22Zmiguel.sandersHi Volker
<br><br>Thanks for your feedback.
<br>I'll certainly look into this further.
<br>Also, in our environment, the AD groups used for Samba access to shares
<br>are all located in a single dedicated OU.
<br>Could that dedicated OU be a starting point of the group enumeration of
<br>a user (I'm just thinking out loud)?
<br><br>Cheers
<br><br>Miguel
<br><br>-----Oorspronkelijk bericht-----
<br>Van: Volker Lendecke [mailto:<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26780854&i=0" target="_top" rel="nofollow">Volker.Lendecke@...</a>]
<br>Verzonden: maandag 14 december 2009 14:58
<br>Aan: SANDERS Miguel
<br>CC: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26780854&i=1" target="_top" rel="nofollow">samba-technical@...</a>
<br>Onderwerp: Re: NGROUPS_MAX : proxy authentication/authorization
<br><br>On Mon, Dec 14, 2009 at 02:39:07PM +0100, SANDERS Miguel wrote:
<br>> I'm currently thinking of a way to bypass the NGROUPS_MAX problem we
<br>> are currently having on AIX.
<br>> Is it somehow possible to let a Linux server handle the
<br>> authentication/authorization part and then forward the request to AIX
<br>> samba server.
<br>> In a way the Linux server would act as a sort of proxy.
<br>> Would it be possible to setup something like that?
<br><br>The question is then: Who does the authorization checks, i.e. who will
<br>be in charge of actually evaluating the list of groups a user is member
<br>of. The only right place to do this is in the kernel who maintains the
<br>filesystem permissions, everything else will be a hack.
<br><br>You might also try to find someone who can implement a group filter in
<br>winbind. One way to limit the number of groups that are shown to AIX is
<br>to implement a filter in winbind.
<br><br>I have seen users who could have worked around the issue because they
<br>only had a very limited number of groups actually being assigned file
<br>system access rights, but nobody so far was able to sponsor the
<br>corresponding winbind development, so this is sitting somewhere as a
<br>feature request.
<br><br>Volker
<br><br>****
<br>This message and any attachment are confidential, intended solely for the use of the individual or entity to whom it is addressed and may be protected by professional secrecy or intellectual property rights.
<br>If you have received it by mistake, or are not the named recipient(s), please immediately notify the sender and delete the message. You are hereby notified that any unauthorized use, copying or dissemination of any or all information contained in this message is prohibited.
<br>Arcelormittal shall not be liable for the message if altered, falsified, or in case of error in the recipient.
<br>This message does not constitute any right or commitment for ArcelorMittal except when expressly agreed otherwise in writing in a separate agreement.
<br>****
<br><br><p>From forum: <a href="http://old.nabble.com/Samba---samba-technical-f13164.html" embed="fixTarget[13164]" target="_top" >Samba - samba-technical</a></p>tag:old.nabble.com,2006:post-26780738Re: Starting from scratch... and Active Directory2009-12-14T08:33:49Z2009-12-14T08:33:49ZLennart SorensenOn Fri, Dec 11, 2009 at 01:42:33PM -0800, Kevin Keane wrote:
<div class='shrinkable-quote'><br>> > -----Original Message-----
<br>> > From: Lennart Sorensen
<br>> > >
<br>> > > Next, you need to make sure that DNS resolution works and uses the
<br>> > Windows box as DNS server. This is critically important.
<br>> >
<br>> > Well you have to make your DNS use the windows box as the DNS server
<br>> > for the mydomain.local domain. To make the DNS go to the windows box
<br>> > at all times is not necesary and is frustratingly slow compared to
<br>> > bind9 for example.
<br>>
<br>> That's a good point. Actually, in this example just the ad.mydomain.local zone; the rest of mydomain.local can be served from bind.
<br>>
<br>> In fact, that's how I have it set up. There are (at least) two ways to do that. You can configure the Windows DNS server as forwarder in BIND, or you can configure bind to be a slave zone to the Windows DNS server. I had some issues with using bind as a slave zone and was too lazy to troubleshoot them, so I have it configured as forwarder.
</div><br>It is much slower to forward to bind from windows than it is to forward
<br>from bind to windows for the .local domain.
<br><br>Windows is amazingly slow as a DNS server.
<br><div class='shrinkable-quote'><br>> Somewhere in your named.conf file (or one of the include files) - just substitute your Windows DNS IP addresses, of course:
<br>>
<br>> zone "ad.nctechcenter.com" in {
<br>> type forward;
<br>> forward only;
<br>> forwarders { 192.168.2.197; 192.168.2.193; fd55:e420:71c5:1::c1; };
<br>> };
<br>>
<br>> > >
<br>> > > One catch: Server 2008 prefers IPv6. In IPv6, you cannot support
<br>> > NetBT/WINS. Samba does not support Network Discovery very well, so your
<br>> > server becomes invisible.
<br>> >
<br>> > Hmm, that's an interesting change.
<br>>
<br>> Basically, Microsoft decided not to port NetBIOS to IPv6. It has already been deprecated since Vista came out, but without NetBIOS, your Windows XP network neighborhood will remain empty.
<br>>
<br>> In Vista, the network list is populated using UPnP, which has been renamed Network Discovery. But Samba currently doesn't support the necessary underlying protocols (LLTD, in particular).
<br>>
<br>> If you are OK with flying "blind" and just giving your users specific UNC paths, then that wouldn't be a problem.
<br>>
<br>> As a side note: you can also use Avahi/Bonjour/Zeroconf to advertise Samba, but I think only Mac clients will see it; Windows clients will not. Can't these guys agree on one standard?
</div><br>Microsoft prefers standards only they have.
<br><br>--
<br>Len Sorensen
<br>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26780012big ldb file after massive import2009-12-14T07:49:06Z2009-12-14T07:49:06ZMatthieu PATOU-2Hello,
<br><br>I made a test today trying to charge a lot of contacts (around 16000),
<br>well the good point is that I was able to load them without problems.
<br><br>The good points
<br>* it is not so slow in comparison with w2k3 (loaded with also a lot of
<br>contacts) (I would say it's in the same speed range).
<br><br>The bad points:
<br><br>* it seems that ldap request are clearly slower than before but I think
<br>it's quite logical ...
<br>* the users.ldb (well DC=...,DC=....ldb) is ~ 400MB before tdbbackup and
<br>still 280MB after tdbbackup (the ntds.dit is 60MB with schema and
<br>configuration partitions ...)
<br>* The memory used by samba is big (quite logical) because the bid ldb
<br>are mapped in memory (as far as I understand).
<br><br>I didn't take the time to calculate how quick it is to insert in w2k3
<br>and s4.
<br><br>As I witnessed that the nTSecurityDescriptor is quite big for a contact
<br>and it is always the same I was wondering how much it accounts in the
<br>database.
<br>So I made a simple programs to remove this attribute on all my contacts.
<br>I am able to reduce the database to 199MB (of course it's not usefull
<br>anymore but it gives an idea of the space used by SD especially the long
<br>ones like for contact, user, ...).
<br><br><br><br>Matthieu
<br><br><br><p>From forum: <a href="http://old.nabble.com/Samba---samba-technical-f13164.html" embed="fixTarget[13164]" target="_top" >Samba - samba-technical</a></p>tag:old.nabble.com,2006:post-26779553CfP: IREHSS 2010 - Second IEEE Workshop on Interdisciplinary Research on E-health Services and Systems2009-12-14T07:18:22Z2009-12-14T07:18:22ZEleonora Borgia<br>************Apologize if you receive multiple copies of this
<br>CFP************
<br> Call for papers
<br> Second IEEE Workshop on
<br> Interdisciplinary Research on E-health Services and Systems
<br><br> IREHSS 2010
<br><br> June 14, 2010
<br> Montreal, QC Canada
<br><br>In the last few years advances in wearable computing, bioengineering,
<br>wireless sensors networks, mobile devices and wireless communications
<br>have paved the way to new definitions of e-health systems, moving from
<br>original telemedicine systems to the integration of existent specialized
<br>medical technologies with pervasive technologies. However, even more
<br>work on this area is needed to obtain significant results in improving the
<br>Quality of Life of patients and reducing medical errors and costs. First of
<br>all, a strict interaction and cooperation among medical specialists and
<br>ICT experts is necessary to define correct requirements fore-health
<br>systems. Then, in order to effectively design and deploy reliable E-health
<br>systems, a strong cooperation among several diverse research areas of
<br>ICT is necessary (i.e., bioengineering, wearable sensors, wireless
<br>communications, data fusion and processing, decision support systems
<br>and others). This is fundamental to make E-health systems a reality,
<br>satisfying main requirements of reliability and effectiveness both all the
<br>involved perspectives perspective.
<br><br>IREHSS aims to provide a forum for the interaction of experts belonging
<br>to these different research areas, from wearable computing and
<br>ubiquitous connectivity to context-awareness, sensor data fusion,
<br>artificial
<br>intelligence, expert systems, databases, security and privacy. The main
<br>objective is to provide a forum for the interaction of these multiple areas
<br>as an important chance to discuss and understand what aspects have to
<br>be considered to provide effective E-health systems.
<br><br>Authors are invited to submit papers presenting new research related to
<br>E-health, not published or currently under review for another workshop,
<br>conference, or journal.
<br><br>Areas of interest include, but are not limited to:
<br><br>- Wearable and Implantable sensors for healthcare
<br>- Wireless communications in healthcare
<br>- Service and device discovery
<br>- Data fusion and context elaboration
<br>- Privacy and security issues in healthcare
<br>- Middleware for e-health
<br>- Energy Efficiency in health monitoring
<br>- Artificial intelligence and expert systems
<br>- User interface, usability and acceptability of e-health systems
<br>- Healthcare applications for clinicians
<br>- Home monitoring and ambient assisted applications for healthcare
<br>- Power Management and energy-efficient design in Wireless Body Area
<br>Networks
<br>- System architecture and networking protocols for e-health systems
<br>- Medical data analysis, measurements and management
<br>- Modeling and performance evaluation
<br>- Semantic Web in Healthcare
<br>- Standards and frameworks
<br><br>Paper submission for regular papers must be limited to 6 pages including
<br>text, figures, references and appendices. They should be organized in
<br>IEEE proceedings format, with a font size of at least 10pt. Papers
<br>exceeding the maximum length of 6 pages will be automatically rejected.
<br>The IEEE LaTeX and Microsoft Word templates, as well as related
<br>information, can be found at the IEEE Computer Society website http://
<br>www.computer.org/portal/site/cscps/index.jsp . The submission will be
<br>entirely managed through EDAS (<a href="http://edas.info/N8548" target="_top" rel="nofollow">http://edas.info/N8548</a>).
<br><br>In line with the previous edition, there will be NO workshop-only
<br>registration. Conference registration includes attendance to all WoWMoM
<br>associated workshops, CD proceedings, etc. Moreover, each workshop
<br>paper will need to have at least one author register at the FULL
<br>conference rate. The workshop papers will be included in the main
<br>WoWMoM proceedings and published by the IEEE. However, no-shows
<br>of accepted papers at the workshop will result in those papers NOT being
<br>included in the IEEE Digital Library.
<br><br>Extended versions of selected papers with special merit will be
<br>considered for a possible fast track publication on Pervasive and Mobile
<br>Computing Journal (Elsevier). In addition, a possible free publication in
<br>the Journal of NeuroEngineering and Rehabilitation (JNER, http://
<br>jneuroengrehab.com ) could be available in case of a selection of
<br>special merit papers pertaining to the subject.
<br><br>Important Dates:
<br><br>Papers registration: February 15, 2010
<br>Papers submission deadline: February 20, 2010
<br>Acceptance Notification: April 5, 2010
<br>Camera Ready deadline: April 30, 2010.
<br><br>See <a href="http://www.irehss.org/irehss2010/" target="_top" rel="nofollow">http://www.irehss.org/irehss2010/</a> for additional information or contact
<br>the workshop organizers at <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26779553&i=0" target="_top" rel="nofollow">irehss2010-chairs@...</a> .
<br><br>IREHSS 2010 Organizers
<br><br><br><br><br><p>From forum: <a href="http://old.nabble.com/Samba---wireless-f13168.html" embed="fixTarget[13168]" target="_top" >Samba - wireless</a></p>tag:old.nabble.com,2006:post-26778142Re: NGROUPS_MAX : proxy authentication/authorization2009-12-14T05:56:08Z2009-12-14T05:56:08ZVolker LendeckeOn Mon, Dec 14, 2009 at 02:39:07PM +0100, SANDERS Miguel wrote:
<br>> I'm currently thinking of a way to bypass the NGROUPS_MAX problem we are
<br>> currently having on AIX.
<br>> Is it somehow possible to let a Linux server handle the
<br>> authentication/authorization part and then forward the request to AIX
<br>> samba server.
<br>> In a way the Linux server would act as a sort of proxy.
<br>> Would it be possible to setup something like that?
<br><br>The question is then: Who does the authorization checks,
<br>i.e. who will be in charge of actually evaluating the list
<br>of groups a user is member of. The only right place to do
<br>this is in the kernel who maintains the filesystem
<br>permissions, everything else will be a hack.
<br><br>You might also try to find someone who can implement a group
<br>filter in winbind. One way to limit the number of groups
<br>that are shown to AIX is to implement a filter in winbind.
<br><br>I have seen users who could have worked around the issue
<br>because they only had a very limited number of groups
<br>actually being assigned file system access rights, but
<br>nobody so far was able to sponsor the corresponding winbind
<br>development, so this is sitting somewhere as a feature
<br>request.
<br><br>Volker
<br><br /> <div class="small"><br/><img src="http://old.nabble.com/images/icon_attachment.gif" > <strong>signature.asc</strong> (204 bytes) <a href="http://old.nabble.com/attachment/26778142/0/signature.asc" target="_top">Download Attachment</a></div><p>From forum: <a href="http://old.nabble.com/Samba---samba-technical-f13164.html" embed="fixTarget[13164]" target="_top" >Samba - samba-technical</a></p>tag:old.nabble.com,2006:post-26777979NGROUPS_MAX : proxy authentication/authorization2009-12-14T05:39:07Z2009-12-14T05:39:07Zmiguel.sandersHi lads
<br><br>I'm currently thinking of a way to bypass the NGROUPS_MAX problem we are
<br>currently having on AIX.
<br>Is it somehow possible to let a Linux server handle the
<br>authentication/authorization part and then forward the request to AIX
<br>samba server.
<br>In a way the Linux server would act as a sort of proxy.
<br>Would it be possible to setup something like that?
<br><br>Cheers
<br><br>Miguel
<br><br><p>From forum: <a href="http://old.nabble.com/Samba---samba-technical-f13164.html" embed="fixTarget[13164]" target="_top" >Samba - samba-technical</a></p>tag:old.nabble.com,2006:post-26776748Re: Vista clients having Issues Copying files from Samba Server2009-12-14T04:05:45Z2009-12-14T04:05:45ZRXM307<div class='shrinkable-quote'>> Please update to Samba 3.4.3 or later. Many Vista and Windows 7 support
<br>> related issues have been addressed during the 3.4.x series.
<br>>
<br>> Firstly, if the Samba logs note an invalid function all, that may mean
<br>> an upgrade to a more recent version of Samba is needed. When a Windows
<br>> client notes an invalid function call or an invalid file handle the
<br>> cause may be problems in the network transport layer.
<br>>
<br>> Secondly, note what the Samba server log message says. Short translation
<br>> is: "I was taking to the client, but the client went away and did not
<br>> respond!" The client dropped the connection. In all likeliness this
<br>> is not a Samba problem and may actually be a network problem. It is a
<br>> problem regularly seen with low-cost ethernet interfaces and cheap
<br>> ether-switches.
<br>>
<br>> Kindest,
<br>> John T.
<br>>
<br>>
</div><br>I think I already know the answer to this but do you know of any 3rd party
<br>repos that would have packages for samba 3.4.x on Centos 5.4?
<br><br>Cheers,
<br><br>Anthony
<br><br><br>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26775795RE: Compression error (Re: rsync hangs during transfer)2009-12-14T02:36:03Z2009-12-14T02:36:03ZDimitar Dimitrov-14Hi Matt,
<br><br>Thanks for your elaborate reply.
<br><br>I am able to reproduce the error indeed running the suggested script:
<br>inflate (token) returned -5
<br>rsync error: error in rsync protocol data stream (code 12) at
<br>token.c(476) [receiver=2.6.9]
<br>rsync: connection unexpectedly closed (30 bytes received so far)
<br>[generator]
<br>rsync error: error in rsync protocol data stream (code 12) at io.c(454)
<br>[generator=2.6.9]
<br>rsync: connection unexpectedly closed (40 bytes received so far)
<br>[sender]
<br>rsync error: error in rsync protocol data stream (code 12) at io.c(454)
<br>[sender=2.6.9]
<br><br>The issue appears to be definitely related to the zlib library as the
<br>rsync is running fine when the compression is turned off. I.e. running
<br>rsync -axv --delete-after -e ssh /SRCDIR/ blabla@DEST:/DESTDIR.
<br><br>I will also try to run the synchronization using the option
<br>'--whole-file' for the next couple of days and will let you know my
<br>findings.
<br><br>Regards,
<br>Dimitar
<br><br><br>-----Original Message-----
<br>From: Matt McCutchen [mailto:<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26775795&i=0" target="_top" rel="nofollow">matt@...</a>]
<br>Sent: 14 December 2009 05:47
<br>To: Dimitar Dimitrov; rsync
<br>Subject: Compression error (Re: rsync hangs during transfer)
<br><br>On Fri, 2009-12-11 at 08:58 +0100, Dimitar Dimitrov wrote:
<div class='shrinkable-quote'><br>> I am running the following rsync command to synchronize directories
<br>> between two servers:
<br>> rsync -axvz --delete-after -e ssh /SRCDIR/ blabla@DEST:/DESTDIR
<br>>
<br>> The transfer starts and after a short while it appears to hang after
<br>> some files have been transferred. The process establishes connection
<br>> on both sides so I did an strace from the remote machine (using the
<br>> rsync-debug script as described in the troubleshooting procedures).
<br>> The strace output is here
<br>> <a href="http://www.adrive.com/public/142cbf351c4b73a47c6e54ec3302b856041957d61" target="_top" rel="nofollow">http://www.adrive.com/public/142cbf351c4b73a47c6e54ec3302b856041957d61</a><br>> 2ca68f440d16eccf950225c.html
<br>>
<br>> rsync --version on both machines shows 'rsync version 2.6.9 protocol
</div><br>> version 29' and both machines are running Debian.
<br>>
<br>> I would appreciate some ideas on where to look next.
<br><br>I don't know about the hang. I see rsync working for a few minutes and
<br>then exiting when the receiver encounters an error:
<br><br>write(1, "\34\0\0\10inflate (token) returned -5\n", 32) = 32
<br><br>This is the "compression error" that has occasionally come up before:
<br><br><a href="http://lists.samba.org/archive/rsync/2004-December/011119.html" target="_top" rel="nofollow">http://lists.samba.org/archive/rsync/2004-December/011119.html</a><br><a href="http://lists.samba.org/archive/rsync/2006-May/015621.html" target="_top" rel="nofollow">http://lists.samba.org/archive/rsync/2006-May/015621.html</a><br><a href="http://lists.samba.org/archive/rsync/2008-September/021668.html" target="_top" rel="nofollow">http://lists.samba.org/archive/rsync/2008-September/021668.html</a><br><a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528730" target="_top" rel="nofollow">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528730</a><br><br>And after some study, I think I figured out why it is happening. The
<br>error message comes from "see_deflate_token" in token.c, and the code -5
<br>is Z_BUF_ERROR, meaning that the inflate call didn't make progress. But
<br>a CHUNK_SIZE output buffer is always provided, and input is provided
<br>unless len == 0 at the start of the loop. If len == 0, the loop would
<br>have exited unless the previous "inflate" filled the output buffer, in
<br>which case we want to call it again to obtain any remaining output. But
<br>if the data block was exactly CHUNK_SIZE (32816), it would fill the
<br>output buffer with nothing remaining, and the next call to "inflate"
<br>would return Z_BUF_ERROR.
<br><br>This case is in fact mentioned in the zlib FAQ
<br>(<a href="http://www.zlib.net/zlib_faq.html#faq05):" target="_top" rel="nofollow">http://www.zlib.net/zlib_faq.html#faq05):</a> "A Z_BUF_ERROR may in fact be
<br>unavoidable depending on how the functions are used, since it is not
<br>possible to tell whether or not there is more output pending when
<br>strm.avail_out returns with zero."
<br><br>The block size is indeed 32816, as one can see in the second 32-bit
<br>field of the sum head. The sum head is shown in the following line
<br>after two 6-byte itemizations:
<br><br>[pid 5213] write(1,
<br>"\252\26\0\0\10\0\262\26\0\0\f\2002\200\0\0000\200\0\0\3"..., 4092) =
<br>4092
<br><br>Here's a simple script to reproduce the problem:
<br><br>#!/bin/bash
<br>head -c 32816 /dev/zero >srcfile
<br>cp srcfile destfile
<br>rsync -I -z --no-whole-file --block-size=32816 srcfile destfile
<br><br>So, we need to do something to "see_deflate_token". It would probably
<br>work to ignore the Z_BUF_ERROR and let the loop exit because the output
<br>buffer wasn't filled.
<br><br>It seems inconsistent that the sender uses Z_INSERT_ONLY while the
<br>receiver uses this hack of synthesizing part of the compressed stream.
<br>(Previously, I had imagined Z_INSERT_ONLY worked on both sides.)
<br><br>--
<br>Matt
<br><br><br><br><br>The content of this e-mail and accompanying communications and attachments (collectively, this "e-mail") are confidential to Markit Group Holdings Limited, its subsidiaries and affiliates (collectively, "Markit") and may contain information which is legally privileged or protected from disclosure under applicable law or agreement. This email may be read and used only by the intended recipient, and any disclosure, printing, copying, distribution (including forwarding), use, saving, or taking any action based on, the information contained herein (including any reliance thereon) is expressly prohibited. If you received this email in error, please contact the sender immediately by return e-mail or by telephoning +44 20 7260 2000 and delete it. You agree to take full responsibility for checking this email for viruses, and Markit shall not be responsible or liable for any damages arising from or relating to its use. Markit reserves the right to monitor all e-mail communications
<br> through its networks. Markit makes no warranty as to the accuracy or completeness of this email and hereby disclaims any liability of any kind for the information contained herein. Any opinions expressed in this email are those of the author and do not necessarily reflect the opinions of Markit. For full details about Markit, its offerings and legal terms and conditions, please see Markit's website at <a href="http://www.markit.com" target="_top" rel="nofollow">http://www.markit.com</a> <<a href="http://www.markit.com/" target="_top" rel="nofollow">http://www.markit.com/</a>> .
<br>--
<br>Please use reply-all for most replies to avoid omitting the mailing list.
<br>To unsubscribe or change options: <a href="https://lists.samba.org/mailman/listinfo/rsync" target="_top" rel="nofollow">https://lists.samba.org/mailman/listinfo/rsync</a><br>Before posting, read: <a href="http://www.catb.org/~esr/faqs/smart-questions.html" target="_top" rel="nofollow">http://www.catb.org/~esr/faqs/smart-questions.html</a><br><p>From forum: <a href="http://old.nabble.com/Samba---rsync-f13158.html" embed="fixTarget[13158]" target="_top" >Samba - rsync</a></p>tag:old.nabble.com,2006:post-26775751Re: how to join to AD ?2009-12-14T02:33:06Z2009-12-14T02:33:06ZmistofelesI'm installing another Ubuntu 9.10 server from scratch with the advice above.
<br>It seems that you got to instal krb5-users and krb5-client to make it work.
<br><br>Here is what I got (not so important):
<br><br>root@sandy:# net
<br>The program 'net' can be found in the following packages:
<br> * samba-common-bin
<br> * samba4-clients
<br>Try: apt-get install <selected package>
<br>net: command not found
<br><br>root@sandy:# dpkg --get-selections |grep samba
<br>samba install
<br>samba-common install
<br>samba-common-bin install
<br>samba-doc install
<br><br>root@sandy:# whereis net
<br>net: /usr/src/linux-headers-2.6.31-16/net /usr/src/linux-headers-2.6.31-16-generic-pae/net /usr/bin/net.samba3
<br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26775520Re: [Release Planning 3.4] Samba 3.4.42009-12-14T02:09:11Z2009-12-14T02:09:11ZKarolin Seeger-2On Tue, Dec 01, 2009 at 11:45:49AM +0100, Karolin Seeger wrote:
<br>> Samba 3.4.4 is scheduled for Thursday, December 17.
<br>> That means, v3-4-stable will be frozen on December 10.
<br>> Please make sure, that important bug fixes will be picked in time.
<br><br>Samba 3.4.4 will be delayed until January 7, 2010 due to the following
<br>bugs:
<br><br>-<a href="https://bugzilla.samba.org/show_bug.cgi?id=6841" target="_top" rel="nofollow">https://bugzilla.samba.org/show_bug.cgi?id=6841</a><br> "map acl inherit = yes" not working
<br><br>-<a href="https://bugzilla.samba.org/show_bug.cgi?id=6837" target="_top" rel="nofollow">https://bugzilla.samba.org/show_bug.cgi?id=6837</a><br> "Too many open files" when trying to access large number of files
<br><br>-<a href="https://bugzilla.samba.org/show_bug.cgi?id=6883" target="_top" rel="nofollow">https://bugzilla.samba.org/show_bug.cgi?id=6883</a><br> Add Printer fails with 0x000006f7 on Windows 7
<br><br>-<a href="https://bugzilla.samba.org/show_bug.cgi?id=6949" target="_top" rel="nofollow">https://bugzilla.samba.org/show_bug.cgi?id=6949</a><br> XP Home SP3 cause internal error in samba
<br><br>Sorry for the delay!
<br><br>Cheers,
<br>Karolin
<br><br>--
<br>Samba <a href="http://www.samba.org" target="_top" rel="nofollow">http://www.samba.org</a><br>SerNet <a href="http://www.sernet.de" target="_top" rel="nofollow">http://www.sernet.de</a><br>sambaXP <a href="http://www.sambaxp.org" target="_top" rel="nofollow">http://www.sambaxp.org</a><br><br><br /> <div class="small"><br/><img src="http://old.nabble.com/images/icon_attachment.gif" > <strong>attachment0</strong> (205 bytes) <a href="http://old.nabble.com/attachment/26775520/0/attachment0" target="_top">Download Attachment</a></div><p>From forum: <a href="http://old.nabble.com/Samba---samba-technical-f13164.html" embed="fixTarget[13164]" target="_top" >Samba - samba-technical</a></p>tag:old.nabble.com,2006:post-26775352How is "Canonicalized pathnames" bit handled by samba server??2009-12-14T01:56:08Z2009-12-14T01:56:08Zprasanna lakshmiHi,
<br><br>Can anyone explain what is the use of the "Canonicalized pathname" bit in
<br>the SMB header's flags field. How is it handled by linux samba server.
<br>What are the implications of this bit being set or not set??
<br><br>I am facing a problem accessing a share on Linux server using rtsmb cifs
<br>library. I get BAD_NETWORK_NAME error and the share access fails. But the
<br>same share access passes when directly accessed from Windows using "net
<br>use". I observed the ethereal packet capture, and the only difference found
<br>was that, when accessed through windows the "Canonicalized pathname" bit is
<br>set and when accessing using rtsmb cifs library the bit is not set.
<br><br>thanks,
<br>Lakshmi Prasanna
<br>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26775205Saving text files over 188 lines messes up file2009-12-14T01:45:53Z2009-12-14T01:45:53ZMarlunHello everyone!
<br><br>I'm having some problems with saving text files over 188 lines through
<br>samba. When saving a 189th line it ends up at the very top of the file at
<br>line 1. If I add more lines it is also added to the top.
<br><br>I'm using Ubuntu 9.10 and Samba 3.4.0.
<br><br>-Martin
<br>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26775026Cross compiling for ARM with some errors2009-12-14T01:29:03Z2009-12-14T01:29:03ZPiotr PiwkoHello,
<br><br>I try to cross compile samba for my ARM platform, but I get the
<br>following error in the building process:
<br><br>----------------------------%<----------------------------
<br> PICFLAG = -fPIE
<br> LIBS = -lresolv -lnsl -ldl
<br> LDFLAGS = -pie -Wl,-z,relro
<br>-L/home/piotr/mini2440/usr/local/arm/4.3.2/lib
<br> DYNEXP =
<br> LDSHFLAGS = shared-libraries-disabled -Wl,-z,relro
<br>-L/home/piotr/mini2440/usr/local/arm/4.3.2/lib
<br> SHLIBEXT = shared_libraries_disabled
<br> SONAMEFLAG = shared-libraries-disabled
<br>Linking bin/smbd
<br>/home/piotr/mini2440/usr/local/arm/4.3.2/bin/../lib/gcc/arm-none-linux-gnueabi/4.3.2/../../../../arm-none-linux-gnueabi/bin/ld:
<br>../lib/util/asn1.o: Relocations in generic ELF (EM: 3)
<br>../lib/util/asn1.o: could not read symbols: File in wrong format
<br>collect2: ld returned 1 exit status
<br>----------------------------%<----------------------------
<br><br>My configure options are:
<br><br>./configure --host=i686 \
<br> --target=arm-linux \
<br> --prefix= /home/piotr/mini2440/samba/install-samba-arm \
<br> --without-krb5 \
<br> --without-ldap \
<br> --without-ads \
<br> --disable-cups \
<br> --without-swat \
<br><br>Do you know something more about this error? Maybe you can give me
<br>some advices or hints to solve this problem?
<br><br>Thank you in advance for your engagement.
<br><br>--
<br>Piotr Piwko
<br><a href="http://www.embedded-engineering.pl/" target="_top" rel="nofollow">http://www.embedded-engineering.pl/</a><br>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26775000Re: samba4 newuser probs2009-12-14T01:26:04Z2009-12-14T01:26:04ZCollen BlijenbergOk, we've figured it out...
<br><br>if i only start the slapd-samba4 from the fedora-ds it wil work.
<br>but then the 389-console wil not function anymore.
<br><br>kind of odd, if you ask me, to install fedora-ds
<br>and not using the console to administer the directory...
<br><br>anny tips or tricks on how to get the console running with the samba4 ??
<br>or how to inter grade samba4-scheme with the standard 389 and console ??
<br><br>Cheers... Collen
<br><br>On 11-12-2009 10:49, <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26775000&i=0" target="_top" rel="nofollow">collen@...</a> wrote:
<div class='shrinkable-quote'><br>> Hi we're busy discovering samba4 at the moment.
<br>> we've installed fedora-ds as ldap backend.
<br>>
<br>> all install's configs and provisioning went well.. (no strange errors orso)
<br>> after fireing it all up we tried to add a user and this is what we got back:
<br>> -----------------------------------------
<br>> Traceback (most recent call last):
<br>> File "./newuser", line 69, in<module>
<br>> samdb.newuser(username, opts.unixname, password,
<br>> force_password_change_at_next_login_req=opts.must_change_at_next_login)
<br>> File "/usr/local/samba/lib/python2.6/site-packages/samba/samdb.py", line
<br>> 129, in newuser
<br>> "objectClass": "user"})
<br>> _ldb.LdbError: (32, 'objectclass: Cannot add
<br>> CN=test,CN=Users,DC=jordan,DC=net, parent does not exist!')
<br>> ------------------------------------------
<br>>
<br>> i can see that there is a prob with the CN=Users, but what's the idea.
<br>> i thought the provisioning did all the schema's and setup the ldap backend
<br>>
<br>> in the 389-console, there is no samba thing what so ever.
<br>> but if i start the dirsrv samba4 is also started..
<br>>
<br>> anny clue here..
<br>> Thx C.
<br>>
<br>>
<br>>
</div>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26774276Re: rsync speed on slow wireless links2009-12-14T00:18:35Z2009-12-14T00:18:35ZMax ArnoldOn Mon, Dec 14, 2009 at 02:23:26AM -0500, Matt McCutchen wrote:
<br>> On Thu, 2009-12-10 at 13:08 +0700, Max Arnold wrote:
<br>> > I've noticed that rsync performs significantly worse than wget on slow congested wireless
<br>> > links (GPRS in my case). I don't have large statistics, but in my tests rsync often stalls
<br>> > for 3-5 minutes, while wget stalls only for several seconds and then continues download.
<br>> >
<br>> Rsync isn't doing anything fancy that would cause it to be especially
<br>> affected by packet loss or delay. The protocol takes a few round trips
<br>> to set up, and then it is largely pipelined, so rsync can tolerate some
<br>> amount of latency without slowing down the whole process.
<br><br>Can size of this initial metadata be approximately calculated? I plan to experiment with
<br>different timeout values to find a balance between link utilization (by preventively aborting
<br>long stalls) and traffic consumption (by not retrying very often to prevent metadata overhead
<br>accumulation).
<br><br>> I can't explain why rsync would stall much longer than wget. The only
<br>> thought I had is that the network might have a quality-of-service policy
<br>> that favors port 80.
<br><br>No, it probably haven't, because I've also tried to use OpenVPN which hides internal traffic
<br>from inspection and symptoms are the same.
<br><br>Is someone here have any experience with different Linux tcp congestion control algorithms
<br>suitable for cellular networks? What about adjusting send/receive buffers? It seems that low
<br>level radio link protocols and equipment do heavy buffering, which reduces packet loss but
<br>introduces unpredictable delays (up to tens of seconds). I.e. link equipment knows that there
<br>is no radio resources available and buffers packets (maybe even does retransmissions if
<br>necessary). And this probably fools tcp protocol which thinks there is congestion and packet
<br>loss.
<br><br>Thanks for replying!
<br>--
<br>Please use reply-all for most replies to avoid omitting the mailing list.
<br>To unsubscribe or change options: <a href="https://lists.samba.org/mailman/listinfo/rsync" target="_top" rel="nofollow">https://lists.samba.org/mailman/listinfo/rsync</a><br>Before posting, read: <a href="http://www.catb.org/~esr/faqs/smart-questions.html" target="_top" rel="nofollow">http://www.catb.org/~esr/faqs/smart-questions.html</a><br><p>From forum: <a href="http://old.nabble.com/Samba---rsync-f13158.html" embed="fixTarget[13158]" target="_top" >Samba - rsync</a></p>tag:old.nabble.com,2006:post-26774145Re: Domain login and logouts2009-12-14T00:00:45Z2009-12-14T00:00:45ZDiego Zuccato-2Diego Woitasen wrote:
<br>> Is there a way to detect logins and logouts in a samba domain? I need
<br>> to add some firewalls rules when a user logins in the domain from a
<br>> workstation and remove then when the user logouts.
<br>IIUC you only can reliably detect logins, not logouts, since it seems
<br>logouts aren't sent by win clients (to logout the client just removes
<br>the tickets...).
<br>And the reason is simple: the critical part is the authentication, then
<br>the user could even detach from the network (unplugging the cable, for
<br>example) and do whatever he wants -- even reconnect just to refresh tickets.
<br><br>--
<br>Diego Zuccato
<br>Servizi Informatici
<br>Dip. di Astronomia - Università di Bologna
<br>Via Ranzani, 1 - 40126 Bologna - Italy
<br>tel.: +39 051 20 95786
<br>mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26774145&i=0" target="_top" rel="nofollow">diego.zuccato@...</a>
<br>--
<br>To unsubscribe from this list go to the following URL and read the
<br>instructions: <a href="https://lists.samba.org/mailman/options/samba" target="_top" rel="nofollow">https://lists.samba.org/mailman/options/samba</a><br><p>From forum: <a href="http://old.nabble.com/Samba---General-f62.html" embed="fixTarget[62]" target="_top" >Samba - General</a></p>tag:old.nabble.com,2006:post-26774002DO NOT REPLY [Bug 6965] Avoid code 23 when source file is concurrently truncated2009-12-13T23:42:02Z2009-12-13T23:42:02ZBugzilla from samba-bugs@samba.org<a href="https://bugzilla.samba.org/show_bug.cgi?id=6965" target="_top" rel="nofollow">https://bugzilla.samba.org/show_bug.cgi?id=6965</a><br><br><br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26774002&i=0" target="_top" rel="nofollow">matt@...</a> changed:
<br><br> What |Removed |Added
<br>----------------------------------------------------------------------------
<br> Summary|truncated files and exit |Avoid code 23 when source
<br> |code 23 |file is concurrently
<br> | |truncated
<br><br><br><br><br>------- Comment #1 from <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26774002&i=1" target="_top" rel="nofollow">matt@...</a> 2009-12-14 01:42 CST -------
<br>Indeed. This is probably one of many kinds of concurrent modification to the
<br>source that rsync handles ungracefully.
<br><br>In general, when different system calls return inconsistent results, that could
<br>indicate either a concurrent modification or filesystem misbehavior. The
<br>downside to always assuming concurrent modification is that we miss the
<br>opportunity to report filesystem misbehavior if it happens. One example is the
<br>Cygwin "file has vanished" error with foreign characters in filenames (
<br><a href="http://lists.samba.org/archive/rsync/2008-January/019696.html" target="_top" rel="nofollow">http://lists.samba.org/archive/rsync/2008-January/019696.html</a> ).
<br><br><br>--
<br>Configure bugmail: <a href="https://bugzilla.samba.org/userprefs.cgi?tab=email" target="_top" rel="nofollow">https://bugzilla.samba.org/userprefs.cgi?tab=email</a><br>------- You are receiving this mail because: -------
<br>You are the QA contact for the bug, or are watching the QA contact.
<br>--
<br>Please use reply-all for most replies to avoid omitting the mailing list.
<br>To unsubscribe or change options: <a href="https://lists.samba.org/mailman/listinfo/rsync" target="_top" rel="nofollow">https://lists.samba.org/mailman/listinfo/rsync</a><br>Before posting, read: <a href="http://www.catb.org/~esr/faqs/smart-questions.html" target="_top" rel="nofollow">http://www.catb.org/~esr/faqs/smart-questions.html</a><br><p>From forum: <a href="http://old.nabble.com/Samba---rsync-f13158.html" embed="fixTarget[13158]" target="_top" >Samba - rsync</a></p>