The branch, master has been updated via da23473 s3-rpc_server: Disable epmapper by default. via 6d9eb66 docs: Add documentation for the rpc_daemon parametric option. via 40006cf doc: Reflect the latest changes to the rpc_server option. from 485da3e s3-waf: allow unresolved symbols in some idmap and nss_info modules.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit da2347379e04caf5b7bbd3a6704b03e03c8bf30a Author: Andreas Schneider <a...@samba.org> Date: Wed Aug 31 14:53:52 2011 +0200 s3-rpc_server: Disable epmapper by default. We need more testing in the real world. We need to be sure that if a Windows client can access port 135 it doesn't require that a service is available via ncacn_ip_tcp. If possible please enable it using the following smb.conf options for testing: rpc_daemon:epmd = fork rpc_server:epmapper = external Autobuild-User: Andreas Schneider <a...@cryptomilk.org> Autobuild-Date: Wed Aug 31 16:29:20 CEST 2011 on sn-devel-104 commit 6d9eb66f29756f8df913b0057a8e66aa6f9acadd Author: Simo Sorce <i...@samba.org> Date: Tue Aug 30 17:11:48 2011 -0400 docs: Add documentation for the rpc_daemon parametric option. commit 40006cf2127df247dd6fc2200b3fac4021c1c9d8 Author: Andreas Schneider <a...@samba.org> Date: Wed Aug 31 12:13:22 2011 +0200 doc: Reflect the latest changes to the rpc_server option. bug #8425. ----------------------------------------------------------------------- Summary of changes: docs-xml/smbdotconf/misc/rpcdaemon.xml | 69 ++++++++++++++++++++++++++ docs-xml/smbdotconf/misc/rpcserver.xml | 84 +++++++++++++++++++++++++------- source3/rpc_server/rpc_config.c | 4 +- 3 files changed, 137 insertions(+), 20 deletions(-) create mode 100644 docs-xml/smbdotconf/misc/rpcdaemon.xml Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/misc/rpcdaemon.xml b/docs-xml/smbdotconf/misc/rpcdaemon.xml new file mode 100644 index 0000000..e84db21 --- /dev/null +++ b/docs-xml/smbdotconf/misc/rpcdaemon.xml @@ -0,0 +1,69 @@ +<samba:parameter name="rpc_daemon" + context="G" + type="string" + advanced="1" print="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + Defines whether to use the embedded code or start a separate daemon + for the defined rpc services. + The rpc_daemon prefix must be followed by the server name, and a value. + </para> + + <para> + Two possible values are currently supported: + <command moreinfo="none">disabled</command> + <command moreinfo="none">fork</command> + </para> + + <para> + The classic method is to run rpc services as internal daemons + embedded in smbd, therefore the external daemons are + <emphasis>disabled</emphasis> by default. + </para> + + <para> + Choosing the <emphasis>fork</emphasis> option will cause samba to fork + a separate proces for each daemon configured this way. Each daemon may + in turn fork a number of children used to handle requests from multiple + smbds and direct tcp/ip connections (if the Endpoint Mapper is + enabled). Communication with smbd happens over named pipes and require + that said pipes are forward to the external daemon (see <smbconfoption + name="rpc_server"/>). + </para> + + <para> + Forked RPC Daemons support dynamically forking children to handle + connections. The heuristics about how many children to keep around and + how fast to allow them to fork and also how many clients each child is + allowed to handle concurrently is defined by parametrical options named + after the daemon. + Five options are currently supported: + <command moreinfo="none">prefork_min_children</command> + <command moreinfo="none">prefork_max_children</command> + <command moreinfo="none">prefork_spawn_rate</command> + <command moreinfo="none">prefork_max_allowed_clients</command> + <command moreinfo="none">prefork_child_min_life</command> + + To set one of these options use the follwing syntax: + <programlisting> + damonname:prefork_min_children = 5 + </programlisting> + </para> + + <para> + Samba includes separate daemons for spoolss and the lsarpc/lsass, + netlogon and samr pipes. Currently three daemons are available and they + are called: + <command moreinfo="none">empd</command> + <command moreinfo="none">lsasd</command> + <command moreinfo="none">spoolssd</command> + Example: + <programlisting> + rpc_daemon:spoolssd = fork + </programlisting> + </para> +</description> + +<value type="default">disabled</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/misc/rpcserver.xml b/docs-xml/smbdotconf/misc/rpcserver.xml index d92d203..6984668 100644 --- a/docs-xml/smbdotconf/misc/rpcserver.xml +++ b/docs-xml/smbdotconf/misc/rpcserver.xml @@ -5,42 +5,90 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> - Defines what kind of rpc server to use for a named pipe. - The rpc_server prefix must be followed by the pipe name, and a value. + With this option you can define if a rpc service should be + running internal/embedded in smbd or should be redirected to an + external daemon like Samba4, the endpoint mapper daemon, the + spoolss daemon or the new LSA service daemon. The rpc_server + prefix must be followed by the pipe name, and a value. </para> <para> - Three possible values are currently supported: + This option can be set for each available rpc service in Samba. + The following list shows all available pipe names services you + can modify with this options. + </para> + + <itemizedlist> + <listitem><para>epmapper - Endpoint Mapper</para></listitem> + <listitem><para>winreg - Remote Registry Service</para></listitem> + <listitem><para>srvsvc - Remote Server Services</para></listitem> + <listitem><para>lsarpc - Local Security Authority</para></listitem> + <listitem><para>samr - Security Account Management</para></listitem> + <listitem><para>netlogon - Netlogon Remote Protocol</para></listitem> + <listitem><para>netdfs - Settings for Distributed File System</para></listitem> + <listitem><para>dssetup - Active Directory Setup</para></listitem> + <listitem><para>wkssvc - Workstation Services</para></listitem> + <listitem><para>spoolss - Network Printing Spooler</para></listitem> + <listitem><para>svcctl - Service Control</para></listitem> + <listitem><para>ntsvcs - Plug and Play Services</para></listitem> + <listitem><para>eventlog - Event Logger</para></listitem> + <listitem><para>initshutdown - Init Shutdown Service</para></listitem> + </itemizedlist> + + <para> + Three possible values currently supported are: <command moreinfo="none">embedded</command> - <command moreinfo="none">daemon</command> <command moreinfo="none">external</command> + <command moreinfo="none">disabled</command> + </para> + + <para> + The classic method is to run every pipe as an internal function + <emphasis>embedded</emphasis> in smbd. The defaults may vary + depending on the service. </para> <para> - The classic method is to run every pipe as an internal function - <emphasis>embedded</emphasis> in smbd. + Choosing the <emphasis>external</emphasis> option allows to run + separate daemon or even a completely independent (3rd party) + server capable of interfacing with samba via the MS-RPC + interface over named pipes. </para> <para> - An alternative method is to fork a <emphasis>daemon</emphasis> - early on at smbd startup time. This is supported only for selected - pipes. + Currently in Samba3 we support thre daemons, spoolssd, epmd and + lsasd. These daemons can be enabled using the + <emphasis>rpc_daemon</emphasis> option. For spoolssd you have + to to enable the deamon and proxy the named pipe with: + Currently in Samba3 we support thre daemons, spoolssd, epmd and + lsasd. These daemons can be enabled using the + <emphasis>rpc_daemon</emphasis> option. </para> <para> - Choosing the <emphasis>external</emphasis> option allows to run a - completely independent (3rd party) server capable of interfacing - with samba via the MS-RPC interface over named pipes. + Examples: + <programlisting> + rpc_daemon:lsasd = fork + rpc_server:lsarpc = external + rpc_server:samr = external + rpc_server:netlogon = external + + rpc_server:spoolss = external + rpc_server:epmapper = disabled + </programlisting> </para> <para> - Currently only the spoolss pipe can be configured in - <emphasis>daemon</emphasis> mode like this: - <programlisting> - rpc_server:spoolss = daemon - </programlisting> + There is one special option which allows you to enable rpc + services to listen for ncacn_ip_tcp connections too. Currently + this is only used for testing and doesn't scale! + + <programlisting> + rpc_server:tcpip = yes + </programlisting> </para> + </description> -<value type="default">none</value> +<value type="default">embedded</value> </samba:parameter> diff --git a/source3/rpc_server/rpc_config.c b/source3/rpc_server/rpc_config.c index 76df479..a1c639c 100644 --- a/source3/rpc_server/rpc_config.c +++ b/source3/rpc_server/rpc_config.c @@ -30,7 +30,7 @@ struct rpc_service_defaults { const char *name; const char *def_mode; } rpc_service_defaults[] = { - { "epmapper", "external" }, + { "epmapper", "disabled" }, /* { "spoolss", "embedded" }, */ /* { "lsarpc", "embedded" }, */ /* { "samr", "embedded" }, */ @@ -77,7 +77,7 @@ struct rpc_daemon_defaults { const char *name; const char *def_type; } rpc_daemon_defaults[] = { - { "epmd", "fork" }, + { "epmd", "disabled" }, /* { "spoolssd", "embedded" }, */ /* { "lsasd", "embedded" }, */ -- Samba Shared Repository