Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap
Hi people, did you find a solution for this problem? I'm having it too. r...@patata:/var/log/samba# pdbedit -am merlin Cannot locate Unix account for merlin$ But the unix account is in ldap and it creates automatically with smbldap. If I add it manually or add the attributes by hand it works fine. http://www.mail-archive.com/samba@lists.samba.org/msg99530.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap
On Tue, 2009-03-24 at 12:06 +0100, LiPi - wrote: Hi people, did you find a solution for this problem? I'm having it too. r...@patata:/var/log/samba# pdbedit -am merlin Cannot locate Unix account for merlin$ Is that true - Does id merlin work? But the unix account is in ldap and it creates automatically with smbldap. If I add it manually or add the attributes by hand it works fine. What do you mean by add it manually? Are you running nscd? If so, shut that service down and try again. -- OpenGroupware developer: awill...@whitemice.org http://whitemiceconsulting.blogspot.com/ OpenGroupare Cyrus IMAPd documenation @ http://docs.opengroupware.org/Members/whitemice/wmogag/file_view -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap
The question was exactly the same than the one that was in the link I wrote :p http://www.mail-archive.com/samba@lists.samba.org/msg99530.html But now, 1h later it's time to answer myself: If somebody needs to solve the mentionated problem, it only must be two things: apt-get install libnss-ldap libpam-ldap emacs /etc/ldap.conf and fill it with (according to their params): --start ldap.conf host 127.0.0.1 base dc=ctest uri ldap://127.0.0.1 ldap_version 3 rootbinddn cn=admin,dc=ctest port 389 nss_base_passwd ou=Users,dc=ctest?one nss_base_passwd ou=Computers,dc=ctest?one nss_base_shadow ou=Users,dc=ctest?one nss_base_group ou=Groups,dc=ctest?one --end ldap.conf and /etc/nsswitch.conf: --start nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis ---end nsswitch.conf Then, getent passwd and getent group must show ldap entries, and then joining to a domain and the creation of automatic machine samba accounts is well done. http://linuxadministration.us/2008/05/17/ubuntu-804-hardy-ldap-client/ http://www.cos.ufrj.br/docs/ldap#debian -- if you use debian Thank you all! 2009/3/24 Adam Tauno Williams awill...@whitemice.org: On Tue, 2009-03-24 at 12:06 +0100, LiPi - wrote: Hi people, did you find a solution for this problem? I'm having it too. r...@patata:/var/log/samba# pdbedit -am merlin Cannot locate Unix account for merlin$ Is that true - Does id merlin work? But the unix account is in ldap and it creates automatically with smbldap. If I add it manually or add the attributes by hand it works fine. What do you mean by add it manually? Are you running nscd? If so, shut that service down and try again. -- OpenGroupware developer: awill...@whitemice.org http://whitemiceconsulting.blogspot.com/ OpenGroupare Cyrus IMAPd documenation @ http://docs.opengroupware.org/Members/whitemice/wmogag/file_view -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: samba
disculpen, el samba esta sobre una distribucion de ubuntu, el directorio activo esta sobre windows server 2003, la idea es que se pueda compartir una carpeta en linux donde los usuarios validos a acceder a ella sean los usuarios del directorio activo de windows salu2s -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share.
Yes, I did. I tried them separately and together. Made no difference. Any text file copied to a SFU share has each byte replaced with a null character. Any PDF (or zip or exe) file copied fails to copy. I'm going to turn debug up to about 10 and stare at it some more. Perhaps I can find a test case that will tell me something. S.H.H. Volker Lendecke volker.lende...@sernet.de 03/23/2009 03:05 PM Please respond to volker.lende...@sernet.de To shun...@ddci.com cc samba@lists.samba.org Subject Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share. On Mon, Mar 23, 2009 at 02:58:05PM -0700, shun...@ddci.com wrote: The Windows 2003 machine is a raid array data server that provides both Windows and UNIX/Linux shares (NFS). Some users prefer a Windows browser for copying or editing files. An older Samba on an older Linux machine (Mandrake 10.2) provided this service until recently. Did you try the two options I mentioned? Volker This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this E-Mail by return E-Mail or by telephone. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share.
On Tue, Mar 24, 2009 at 06:30:29AM -0700, shun...@ddci.com wrote: Yes, I did. I tried them separately and together. Made no difference. Any text file copied to a SFU share has each byte replaced with a null character. Any PDF (or zip or exe) file copied fails to copy. I'm going to turn debug up to about 10 and stare at it some more. Perhaps I can find a test case that will tell me something. What we'd need then is sniffs of the relevant network segments taken at the exact same time, plus some time for possible deferred caching. Ah, one more hint: You might want to try the syncops vfs module. Volker pgpM1tLPCsMlc.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] AD 3.3.x issues
I have a 3.2.8 samba server (centos4) connected to AD which works perfectly. My other machine 3.3.0 was suffering from a bug where MAC users would copy a file to the network and would get an error message regarding permissions, which I tracked down to it creating ._files and putting MAC permission on files, which 3.2.8 doesn't do. Unable to solve that I upgraded to 3.3.2 which did solve the issue but left me with another. The user logs in locally, but the machine is part of an old NT domain. Before I upgraded the samba server it was using 3.3.0 but worked fine for this user. Now on 3.3.2 I get errrors like domain_client_validate: unable to validate password for user DAVE in domain MACHINENAME to Domain controller myserver.ad.domain.local Error was NT_STATUS_NO_SUCH_USER. This happens even if you \\samba\share and use domain\DAVE... still get the same error like it's expecting a trust relationship all of a sudden. ./configure --prefix=/disk1/samba --with-ads --with-krb5 --with-pam --with-winbind --with-syslog --with-quotas --with-acl-support --with-automount --with-cifsmount --enable-socket-wrapper --with-configdir=/etc/samba --with-logfilebase=/var/log/samba Cheers, Kristian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] sambaRefuseMachinePwdChange policy
Hi, we have a couple of Linux RHEL 5 samba servers in a domain, one as PDC and the other as BDC, and both with LDAP backends samba version is 3.0.28-1 We want pc clients can't change their machine password using sambaRefuseMachinePwdChange policy, so we set it to 1 in LDAP But pc clients still can change their passwords, and we don't see any acces to sambaRefuseMachinePwdChange attribute on LDAP logs. Is it not used in this version yet? Must we do something special to use it? Thanks in advance. Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap
Am Dienstag, 24. März 2009 12:56 schrieb LiPi -: The question was exactly the same than the one that was in the link I wrote :p http://www.mail-archive.com/samba@lists.samba.org/msg99530.html But now, 1h later it's time to answer myself: If somebody needs to solve the mentionated problem, it only must be two things: apt-get install libnss-ldap libpam-ldap emacs /etc/ldap.conf and fill it with (according to their params): Which version of Debian do you use? This setup is outdated for years. Read the man pages and the docs for this two packages. --start ldap.conf host 127.0.0.1 base dc=ctest uri ldap://127.0.0.1 ldap_version 3 rootbinddn cn=admin,dc=ctest port 389 nss_base_passwd ou=Users,dc=ctest?one nss_base_passwd ou=Computers,dc=ctest?one nss_base_shadow ou=Users,dc=ctest?one You really like to poll your shadow file over an unprotected network? Remember, it contains the passwords. If you do this ONLY on the loopback network, it may be OK. nss_base_group ou=Groups,dc=ctest?one --end ldap.conf and /etc/nsswitch.conf: --start nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis ---end nsswitch.conf Then, getent passwd and getent group must show ldap entries, and then joining to a domain and the creation of automatic machine samba accounts is well done. Thank you all! -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Probleme Winbind:
anyone have this error ? Phibee Network Operation Center a écrit : Hi i have a problems with winbind, all hours of the days, we have : Mar 23 08:02:45 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 08:02:46 gw (ntlm_auth): [2009/03/23 08:02:46, 0] utils/ntlm_auth.c:get_winbind_netbios_name(166) Mar 23 08:02:46 gw (ntlm_auth): could not obtain winbind netbios name! Mar 23 08:02:46 gw (ntlm_auth): [2009/03/23 08:02:46, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 08:02:46 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 09:01:53 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 09:01:53 gw (ntlm_auth): [2009/03/23 09:01:53, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 09:01:53 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 09:01:53 gw (ntlm_auth): [2009/03/23 09:01:53, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 09:01:53 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 09:01:53 gw (ntlm_auth): [2009/03/23 09:01:53, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 09:01:53 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 09:01:53 gw (ntlm_auth): [2009/03/23 09:01:53, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 09:01:53 gw (ntlm_auth): [2009/03/23 09:01:53, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 10:01:51 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 10:01:51 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 10:01:51 gw (ntlm_auth): [2009/03/23 10:01:51, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 10:01:51 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 10:01:52 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 10:01:52 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 10:01:52 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 10:01:52 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 10:01:52 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 10:01:52 gw (ntlm_auth): [2009/03/23 10:01:52, 0] utils/ntlm_auth.c:get_winbind_domain(140) Mar 23 10:01:52 gw (ntlm_auth): could not obtain winbind domain name! Mar 23 10:01:53 gw (ntlm_auth): [2009/03/23 10:01:53, 0] utils/ntlm_auth.c:get_winbind_domain(140) .. Mar 23 13:02:35 gw (ntlm_auth): [2009/03/23 13:02:35, 0] utils/ntlm_auth.c:get_winbind_netbios_name(166) Mar 23 13:02:35 gw (ntlm_auth): could not obtain winbind netbios name! Mar 23 13:02:35 gw (ntlm_auth): could not obtain winbind netbios name! Mar 23 13:02:35 gw (ntlm_auth): [2009/03/23 13:02:35, 0] utils/ntlm_auth.c:get_winbind_netbios_name(166) Mar 23 13:02:35 gw (ntlm_auth): [2009/03/23 13:02:35, 0] utils/ntlm_auth.c:get_winbind_netbios_name(166) Mar 23 13:02:35 gw (ntlm_auth): could not obtain winbind netbios name! Mar 23 13:02:35 gw (ntlm_auth): could not obtain winbind netbios name! anyone know why ? i don't see on me server a app started by cron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share.
On Tue, Mar 24, 2009 at 7:30 AM, shun...@ddci.com wrote: Yes, I did. I tried them separately and together. Made no difference. Any text file copied to a SFU share has each byte replaced with a null character. Any PDF (or zip or exe) file copied fails to copy. I'm going to turn debug up to about 10 and stare at it some more. Perhaps I can find a test case that will tell me something. Is sendfile option enabled in smb.conf? If yes, can you try disabling it (use sendfile = no), restart SMB, and run your verification tests? Thanks, -Kums -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] problem with sambaNextRid (WAS: updating samba/ldap: do I need new attributes?)
Hello, I did the steps described below and I have a problem with machine RIDs. When I first join a machine, samba adds to my sambaDomainName ldap entry a sambaNextRid attribute with a value of 1000. Now samba uses this value (incremented each time) to give its RID to the machine. This is going to be a real problem as my current samba computes RDIs as 1000+2*UID. FWIW I'm using smbldap-tools to create user accounts and I have add machine script = /usr/local/sbin/smbldap-useradd -w '%u' in my smb.conf though I don't think it is relevant because AFAIK this script is only called to create the posix machine account. What are my options? If at all possible, I'd rather stick to the 1000+2*UID algorithm. I googled about it and I know that others where caught too but I wasn't able to find a solution. Regards, Thierry. Quoting Adam Williams awill...@mdah.state.ms.us: your steps are fine. you don't need the samba LDAP entries you listed, when ou do smbpasswd -a user, it will add the minimum required LDAP entries for samba. laco...@miage.univ-paris12.fr wrote: Hello, I plan to update my samba-3.0.22/openldap-2.3.24 to samba-3.0.34/openldap-2.4.15 and I'm currently testing it. This is on FreeBSD. My idea is : 1) slapcat the openldap server and save the various tdb files. 2) deinstall samba and openldap and wipe out the bdb files 3) install the newer versions 4) slapadd to the new openldap server This seems to work in my test lab. During my tests I also built a new domain afresh and realized that the sambaDomainName ldap entry has some attributes that are not in my production server: sambaMinPwdLength, sambaLogonToChgPwd, sambaLockoutDuration, sambaLockoutObservationWindow, sambaLockoutThreshold, sambaForceLogoff. Do I have to add these attributes to my ldif file before slapadd? More generally, do I have to add some attributes to my ldap entries? Regards, Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share.
No, sendfile is not enabled. The default is false, and I haven't changed it. S.H.H. Kums kumaran.raja...@gmail.com 03/24/2009 08:25 AM To shun...@ddci.com cc volker.lende...@sernet.de, samba@lists.samba.org Subject Re: [Samba] Text File Corruption Writing from Windows to Linux NFS Share. On Tue, Mar 24, 2009 at 7:30 AM, shun...@ddci.com wrote: Yes, I did. I tried them separately and together. Made no difference. Any text file copied to a SFU share has each byte replaced with a null character. Any PDF (or zip or exe) file copied fails to copy. I'm going to turn debug up to about 10 and stare at it some more. Perhaps I can find a test case that will tell me something. Is sendfile option enabled in smb.conf? If yes, can you try disabling it (use sendfile = no), restart SMB, and run your verification tests? Thanks, -Kums This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this E-Mail by return E-Mail or by telephone. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap
Then, getent passwd and getent group must show ldap entries, and then joining to a domain and the creation of automatic machine samba accounts is well done. http://linuxadministration.us/2008/05/17/ubuntu-804-hardy-ldap-client/ http://www.cos.ufrj.br/docs/ldap#debian -- if you use debian There is nothing distribution specific (either Debian or Ubuntu) about setting up NSS. This is covered in both the Samba3-HOWTO http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ and the Samba3-ByExample http://www.samba.org/samba/docs/man/Samba-Guide/ books. It would be worth taking a look at those over whatever you find lying around the Internet. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Veto files only at one location
This *must* be do-able! If I want to veto a single directory at the root of the users home directory i.e. /home/user/Maildir I can with veto files = /Maildir/ However, this prevents the user from being able to create directories/files with that name *anywhere* in the directory structure. Is there a way I can set 'veto files' to only veto one particular directory? Thanks, Kev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Veto files only at one location
On Tue, Mar 24, 2009 at 03:46:31PM +, Kevin Bailey wrote: This *must* be do-able! If I want to veto a single directory at the root of the users home directory i.e. /home/user/Maildir I can with veto files = /Maildir/ However, this prevents the user from being able to create directories/files with that name *anywhere* in the directory structure. Is there a way I can set 'veto files' to only veto one particular directory? No, that was never part of the design of the parameter, sorry. The code would need to be expanded to do regexp processing in order to do this. Possible, but no one has yet needed it. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba kills machine
Hi I have a problem with samba, it randomly crashes, forking one unkillable (unresponsive for both sigterm and sigkill) smbd process running as root, which consumes 100% of cpu, and elevates loadavg to the point where the computer is unusable (and it has 4 cpus). I have tried several versions between 3.0.23 and 3.3.2 and all exhibit this kind of behavior. the samba itself has been migrated from an old server to this new one (copying confs, LDAP and /var/lib/samba), and has been doing this ever since, so this could be the root of the problem Thanks, Pavel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] gidNumber's and ldap backed samba PDC
In the planning process for migrating from NT4 PDC, and external ldap directory to samba 3.2.8 PDC. The external existing openldap directory is used currently to support the local uid mapping for the Linux logins and samba file servers that are members of the current NT4 PDC. While looking at the existing openldap UIDs and GIDs in use and what the samba PDC wants to use I see some uid/gid collisions. For example I see that the Domain Admins uses gid 512, just so happens to be the same as a file system group(in the ldap directory). Is it better to change the users group gid and leave the samba domain admins and such the way they are? I suspect a small shell script can crawl the file system and replace one gid for another if I were to change the users GID. Thanks Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba kills machine
On Tue, Mar 24, 2009 at 06:11:10PM +0100, Pavel Herrmann wrote: I have a problem with samba, it randomly crashes, forking one unkillable (unresponsive for both sigterm and sigkill) smbd process running as root, which consumes 100% of cpu, and elevates loadavg to the point where the computer is unusable (and it has 4 cpus). I have tried several versions between 3.0.23 and 3.3.2 and all exhibit this kind of behavior. the samba itself has been migrated from an old server to this new one (copying confs, LDAP and /var/lib/samba), and has been doing this ever since, so this could be the root of the problem Thanks, Is that Linux your running on? If so, there have been kernels with broken inotify that show this behaviour. You might try kernel change notify = false Volker pgpky1Dat8Mda.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] gidNumber's and ldap backed samba PDC
On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote: In the planning process for migrating from NT4 PDC, and external ldap directory to samba 3.2.8 PDC. The external existing openldap directory is used currently to support the local uid mapping for the Linux logins and samba file servers that are members of the current NT4 PDC. While looking at the existing openldap UIDs and GIDs in use and what the samba PDC wants to use I see some uid/gid collisions. For example I see that the Domain Admins uses gid 512, just so happens to be the same as a file system group(in the ldap directory). No, it doesn't. RID != GID. A RID is a component of the SID and SIDs are mapped to UIDs GIDs. Is it better to change the users group gid and leave the samba domain admins and such the way they are? Not necessary. I suspect a small shell script can crawl the file system and replace one gid for another if I were to change the users GID. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba not using nearest ADS server
Hello, up to now no response to this mail :-( Is no one using samba in a wide area network or has no one ever noticed such a problem as we are doing? Tobias On Thu, Mar 19, 2009 at 05:40:46PM +0100, Tobias Hennerich wrote: Hello, we integrated an samba v3.2.8 into a bigger ADS environment which is connected via MPLS world wide. Everything works as expected, but the login via SSH is slow: After entering the login name in ssh we can see via tcpdump network traffic to different ADS controllers: First a connection from Germany to UK: 17:16:43.867219 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:44.092774 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:44.092785 IP 10.49.x.y.37722 10.44.x.y.389: . 17:16:44.093054 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:44.265776 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:44.265987 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:44.647671 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:44.693567 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:44.693840 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:44.922527 IP 10.44.x.y.389 10.49.x.y.37722: . 17:16:44.997865 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:44.998074 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:45.314621 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:45.314831 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:45.577894 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:45.578100 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:45.791494 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:45.791702 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:45.982034 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:45.982240 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:46.189828 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:46.190037 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:46.365426 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:46.365633 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:46.596653 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:46.596900 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:46.802280 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:46.802487 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:47.006571 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:47.006783 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:47.325662 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:47.325868 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:47.577930 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:47.578140 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:47.775371 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:47.775577 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:47.971495 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:47.971704 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:48.186311 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:48.186521 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:48.430837 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:48.431043 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:48.622070 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:48.622274 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:48.816862 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:48.817100 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:49.061838 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:49.062951 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:49.268437 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:49.268634 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:49.426980 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:49.466643 IP 10.49.x.y.37722 10.44.x.y.389: . then a connection from Germany to the United States: 17:16:49.547138 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:49.693649 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:49.693662 IP 10.49.x.y.37731 10.3.x.y.389: . 17:16:49.693849 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:49.843729 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:49.843918 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:49.992361 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:49.992553 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:50.129522 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:50.129715 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:50.298217 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:50.298406 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:50.447220 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:50.447408 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:50.589299 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:50.589487 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:50.748952 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:50.749139 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:50.902596 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:50.902787 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:51.048477 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:51.048669 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:51.16 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:51.200183 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:51.343439 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:51.343626 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:51.509961 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:51.510146 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:51.666507 IP 10.3.x.y.389 10.49.x.y.37731: P 17:16:51.96 IP 10.49.x.y.37731
[Samba] slow printing with XP SP3
I have Samba 3.0.23a installed on a server running Solaris 9. We had no problems printing with Service Pack 2 installed on the wrokstations. However since we started rolling out XP Service Pack 3 printing has become extremely slow. Printing reverts to normal if Service Pack 3 is uninstalled. Has anyone encountered such a problem? Any suggestions for a solution will be much appreciated. -- --- 0 Daulton Theodore /\Tel: 613-520-2600 ext. 8352 Carleton University Library _\\Fax: 613-520-2750 Systems Department`/ Net: daulton_theod...@carleton.ca -- ` - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba kills machine
On Tuesday 24 March 2009 18:29:41 Volker Lendecke wrote: Is that Linux your running on? If so, there have been kernels with broken inotify that show this behaviour. You might try kernel change notify = false Volker it is indeed Linux more, precisely 2.6.27-hardened-r3 from gentoo, with none of the hardened-features enabled (yet) I will try this and ask again if it doesn't help Thank you very much Pavel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] gidNumber's and ldap backed samba PDC
Ok I see it appears that the ldap entries that samba needs in the directory are under a different O. ou=groups,o=smb,dc=unav,dc=es for example. dn: cn=Domain Admins,ou=groups,o=smb,dc=unav,dc=es objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins Where my user/file system groups would be under traditional ldap entries like: dn: cn=usrgrp,ou=Group,dc=ct,dc=unav,dc=es objectClass: posixGroup objectClass: top cn: usrgrp userPassword:: e2NyexB0fX9g= gidNumber: 512 creatorsName: cn=Manager, dc=ct,dc=unav,dc=es createTimestamp: 20021007160601Z modifiersName: cn=Manager,dc=ct,dc=unav,dc=es modifyTimestamp: 20081205192619Z This right? Thanks Derek -Original Message- From: samba-bounces+dwerthmu=ctg.albany@lists.samba.org [mailto:samba-bounces+dwerthmu=ctg.albany@lists.samba.org] On Behalf Of Adam Tauno Williams Sent: Tuesday, March 24, 2009 1:38 PM To: 'samba@lists.samba.org' Subject: Re: [Samba] gidNumber's and ldap backed samba PDC On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote: In the planning process for migrating from NT4 PDC, and external ldap directory to samba 3.2.8 PDC. The external existing openldap directory is used currently to support the local uid mapping for the Linux logins and samba file servers that are members of the current NT4 PDC. While looking at the existing openldap UIDs and GIDs in use and what the samba PDC wants to use I see some uid/gid collisions. For example I see that the Domain Admins uses gid 512, just so happens to be the same as a file system group(in the ldap directory). No, it doesn't. RID != GID. A RID is a component of the SID and SIDs are mapped to UIDs GIDs. Is it better to change the users group gid and leave the samba domain admins and such the way they are? Not necessary. I suspect a small shell script can crawl the file system and replace one gid for another if I were to change the users GID. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] gidNumber's and ldap backed samba PDC
Despite that RID!=GID, mappings between samba rids and groups must be there if you want the server to act as a PDC. If there are some GID's mapped to i.e. RID 512, and these GID is used by another group, then there will be a conflict. I had this problem one week ago, when I was trying to give permissions to a folder. So, choose N GID's to map with samba RID's or change the group GID of these conflicting groups. Be also areful with UID. 2009/3/24 Adam Tauno Williams awill...@whitemice.org: On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote: In the planning process for migrating from NT4 PDC, and external ldap directory to samba 3.2.8 PDC. The external existing openldap directory is used currently to support the local uid mapping for the Linux logins and samba file servers that are members of the current NT4 PDC. While looking at the existing openldap UIDs and GIDs in use and what the samba PDC wants to use I see some uid/gid collisions. For example I see that the Domain Admins uses gid 512, just so happens to be the same as a file system group(in the ldap directory). No, it doesn't. RID != GID. A RID is a component of the SID and SIDs are mapped to UIDs GIDs. Is it better to change the users group gid and leave the samba domain admins and such the way they are? Not necessary. I suspect a small shell script can crawl the file system and replace one gid for another if I were to change the users GID. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Short delay when logging in an XP client to a Samba PDC
Eric Woltermann wolleric at gmx.de writes: Sorry, should have taken more time for that step. :) http://www.tf.uni-kiel.de/~ew/samba.log.gz Could someone at least give me a hint where to search for a clue on this strange delay (smb.conf, DNS and/or DHCP, etc.)? Just had about four seconds again. Thanks, Eric P.S.: I'm subscribed now, just in case that non-subscribers are avoided. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba kills machine
it is indeed Linux more, precisely 2.6.27-hardened-r3 from gentoo, with none of the hardened-features enabled (yet) I will try this and ask again if it doesn't help I have never seen this at work (a few dozen samba servers / virtual or real machines) with kernels 2.6.4 to 2.6.28 and gentoo versions 2004.X to current. I have never used hardened though. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Is the net rpc vampire at all destructive to a NT4 PDC?
Reading through the Samba3 -By Example guide and I'm confused with the statement section 9.2 http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html#id2594565 about accessing the SAM and Security sections of the registry will render the PDC non operable. Its clear from the text if you go and edit the registry(regedit etc..) so you can read the entries your PDC will not work. What's not exactly clear is if any of the tools like net rcp vampire or getsid tools change the operation of the PDC in this way or any other way for that mater. The net rcp tools don't access the registry in this destructive way do they? Like: # net rpc vampire -S TRANSGRESSION -U Administrator%not24get /tmp/vampire.log 21 Is it safe to run the net rpc vampire command on a PDC as many times as you want in effort to test the NT4 - samba PDC? While keeping the NT4 PDC in production mode? With the goal of test the full operation of the migrated PDC on a separate network. Thanks Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] the unusual way ldap - AD
Hi, (this will be a long post) currently we got a working setup of one PDC in our HQ and five BDC in our branch offices, all backed by LDAP. PDC is LDAP master and all branch offices are configured as syncrepl. This setup was more a playfield for me, which 'suddenly' went into production by business needs, you know the deal... The setup does a fine job, but there is no failover of any kind, so if our main server kicks the bucket we're in trouble. We thought and played a bit with RHCS but it wasn't that highlight in my life ;). Now I'm playing with CTDB and everything is much more smooth than ever before. Since there are 4 citrix servers, backed by AD, which will start applications from samba, it's very 'interesting' to keep the users in sync (passwords). I've allready played with samba as AD-member which works like a charm, so the way will be to have all samba servers act as domain members and authenticate against AD. So far, so good.. There are some points which can't be avoided, like rejoining every PC to the domain, correct UID/GID for homedir and profiles, but THAT could be done with some scripting. The main problem I'm thinking about: HOW to get the existing users, 'round 440, from LDAP into AD. Sure, we need to overlook every account, set Profile dirs right and stuff.. Does anyone done this before? How could it be done? What about printing? ATM we're thinking about setting up a new AD server, let the CTDB-samba join this doamin and move every user step by step. Sorry for this long and confused post ;) Matthias -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] the unusual way ldap - AD
Matthias Grimm wrote: Hi, (this will be a long post) currently we got a working setup of one PDC in our HQ and five BDC in our branch offices, all backed by LDAP. PDC is LDAP master and all branch offices are configured as syncrepl. This setup was more a playfield for me, which 'suddenly' went into production by business needs, you know the deal... The setup does a fine job, but there is no failover of any kind, so if our main server kicks the bucket we're in trouble. We thought and played a bit with RHCS but it wasn't that highlight in my life ;). Now I'm playing with CTDB and everything is much more smooth than ever before. Since there are 4 citrix servers, backed by AD, which will start applications from samba, it's very 'interesting' to keep the users in sync (passwords). I've allready played with samba as AD-member which works like a charm, so the way will be to have all samba servers act as domain members and authenticate against AD. So far, so good.. There are some points which can't be avoided, like rejoining every PC to the domain, correct UID/GID for homedir and profiles, but THAT could be done with some scripting. The main problem I'm thinking about: HOW to get the existing users, 'round 440, from LDAP into AD. Sure, we need to overlook every account, set Profile dirs right and stuff.. Does anyone done this before? How could it be done? What about printing? Numerous requirements, but see http://us3.samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2594253 Dale ATM we're thinking about setting up a new AD server, let the CTDB-samba join this doamin and move every user step by step. Sorry for this long and confused post ;) Matthias -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba not using nearest ADS server
Hello Mark, thank you for your reply! First, I am assuming from your message that this network trace was from one ssh attempt, is that correct? Yes, that is one login. It doesn't matter if we use ssh or another process who needs information about a user. I think we get the same result if we just switch to a user from root via su - user. I also gather you are in the germany site? Yes, the login was a german user to the german server. That user is in some universal ADS groups, which are located in germany, too. So it looks like the auth attempts went to UK and US first before using your local DC? Please correct me if this is not right. That is correct, the samba connected first to UK and US, then to the german AD. Also, I'm not quite up to speed with ADS topologies... so is this a single domain with various sites set up with AD Sites and Services? or is it multiple domains that trust? Each site has it's own ADS domain which trust each other. or perhaps one domain in a default site just with routers/mpls handling the jump between subnets? I didn't understand that part of your question completly :-( Each site has an class-b network, (germany: 10.49.0.0/16, uk: 10.44.0.0/16 ...) and the machines have a default route to the next local MPLS-router (more or less). Best regardsTobias On Tue, Mar 24, 2009 at 01:33:23PM -0500, Mark Casey wrote: Tobias Hennerich wrote: Hello, up to now no response to this mail :-( Is no one using samba in a wide area network or has no one ever noticed such a problem as we are doing? Tobias On Thu, Mar 19, 2009 at 05:40:46PM +0100, Tobias Hennerich wrote: Hello, we integrated an samba v3.2.8 into a bigger ADS environment which is connected via MPLS world wide. Everything works as expected, but the login via SSH is slow: After entering the login name in ssh we can see via tcpdump network traffic to different ADS controllers: First a connection from Germany to UK: 17:16:43.867219 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:44.092774 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:44.092785 IP 10.49.x.y.37722 10.44.x.y.389: . 17:16:44.093054 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:44.265776 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:44.265987 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:44.647671 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:44.693567 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:44.693840 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:44.922527 IP 10.44.x.y.389 10.49.x.y.37722: . 17:16:44.997865 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:44.998074 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:45.314621 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:45.314831 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:45.577894 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:45.578100 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:45.791494 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:45.791702 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:45.982034 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:45.982240 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:46.189828 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:46.190037 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:46.365426 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:46.365633 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:46.596653 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:46.596900 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:46.802280 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:46.802487 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:47.006571 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:47.006783 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:47.325662 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:47.325868 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:47.577930 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:47.578140 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:47.775371 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:47.775577 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:47.971495 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:47.971704 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:48.186311 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:48.186521 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:48.430837 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:48.431043 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:48.622070 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:48.622274 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:48.816862 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:48.817100 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:49.061838 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:49.062951 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:49.268437 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:49.268634 IP 10.49.x.y.37722 10.44.x.y.389: P 17:16:49.426980 IP 10.44.x.y.389 10.49.x.y.37722: P 17:16:49.466643 IP 10.49.x.y.37722 10.44.x.y.389: . then a connection from Germany to the United States: 17:16:49.547138 IP 10.49.x.y.37731 10.3.x.y.389: P 17:16:49.693649 IP
Re: [Samba] Is the net rpc vampire at all destructive to a NT4 PD C?
net rpc vampire ... does NOT set the SAM or SECURITY hives of the registry to readable, which is what renders the PDC non-operable. net rpc vampire ... is safe to use as many times as it takes to get comfortable with the process. I did it my self when I was converting our labs NT4 domain to Samba. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... On Tue, 2009-03-24 at 13:48 -0500, Derek Werthmuller wrote: Reading through the Samba3 -By Example guide and I'm confused with the statement section 9.2 http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html#id2594565 about accessing the SAM and Security sections of the registry will render the PDC non operable. Its clear from the text if you go and edit the registry(regedit etc..) so you can read the entries your PDC will not work. What's not exactly clear is if any of the tools like net rcp vampire or getsid tools change the operation of the PDC in this way or any other way for that mater. The net rcp tools don't access the registry in this destructive way do they? Like: # net rpc vampire -S TRANSGRESSION -U Administrator%not24get /tmp/vampire.log 21 Is it safe to run the net rpc vampire command on a PDC as many times as you want in effort to test the NT4 - samba PDC? While keeping the NT4 PDC in production mode? With the goal of test the full operation of the migrated PDC on a separate network. Thanks Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] vampire support for windows 2000+ domains?
Is this ever going to happen? Or am I waiting in vain? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] gidNumber's and ldap backed samba PDC
On Tue, 2009-03-24 at 19:31 +0100, LiPi - wrote: Despite that RID!=GID, mappings between samba rids and groups must be there if you want the server to act as a PDC. If there are some GID's mapped to i.e. RID 512, and these GID is used by another group, then there will be a conflict. No, because that is just not how the mapping works. $ ldapsearch -LLL sambaSID=S-1-5-21-2037442776-3290224752-88127236-512 dn: cn=cifsadmins,ou=Groups,ou=SAM,o=Morrison Industries,c=US objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: cifsadmins gidNumber: 1999 sambaSID: S-1-5-21-2037442776-3290224752-88127236-512 sambaGroupType: 2 description: Local Unix group displayName: Domain Admins memberUid: steve memberUid: cleslie memberUid: adam memberUid: rhopkins memberUid: bonjour You map domain groups to POSIX groups using the net groupmap command, the RID:GID relationship is completely arbitrary. They might be the same, might not, it just doesn't matter. I have no idea what GID's mapped to i.e. RID 512, and these GID is used by another group even means. How is a GID used by another group? The GID is the unique identifier of a POSIX group. If you have multiple groups with the same GID - that is just messed up. With net groupmap you establish the relationships of SIDs to GIDs; the RID just the part of the SID relative to the domain portion on the SID. I had this problem one week ago, when I was trying to give permissions to a folder. So, choose N GID's to map with samba RID's or change the group GID of these conflicting groups. Be also areful with UID. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] vampire support for windows 2000+ domains?
On Tue, 2009-03-24 at 15:38 -0400, Charles Marcus wrote: Is this ever going to happen? Or am I waiting in vain? You mean Active Directory? You need to look into Samba4, but I don't think there is anyway to vampire an AD. Samba4 also isn't released - but it is really interesting. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] gidNumber's and ldap backed samba PDC
On Tue, 2009-03-24 at 13:31 -0500, Derek Werthmuller wrote: Ok I see it appears that the ldap entries that samba needs in the directory are under a different O. ou=groups,o=smb,dc=unav,dc=es for example. dn: cn=Domain Admins,ou=groups,o=smb,dc=unav,dc=es objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins Where my user/file system groups would be under traditional ldap entries like: dn: cn=usrgrp,ou=Group,dc=ct,dc=unav,dc=es objectClass: posixGroup objectClass: top cn: usrgrp userPassword:: e2NyexB0fX9g= gidNumber: 512 creatorsName: cn=Manager, dc=ct,dc=unav,dc=es createTimestamp: 20021007160601Z modifiersName: cn=Manager,dc=ct,dc=unav,dc=es modifyTimestamp: 20081205192619Z This right? I don't understand the question. But perhaps you haven't configured your scripts (the smbldap stuff?) correctly [this would be my guess] or you need to manually tweak your group mapping [man net]. You should have ONE object which represents both the POSIX and CIFS group. You have two and the sambaGroupMapping seems incomplete. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaRefuseMachinePwdChange policy
Frank wrote: Hi, we have a couple of Linux RHEL 5 samba servers in a domain, one as PDC and the other as BDC, and both with LDAP backends samba version is 3.0.28-1 We want pc clients can't change their machine password using sambaRefuseMachinePwdChange policy, so we set it to 1 in LDAP But pc clients still can change their passwords, and we don't see any acces to sambaRefuseMachinePwdChange attribute on LDAP logs. Is it not used in this version yet? Must we do something special to use it? I saw the same thing in August of 2007: http://marc.info/?l=sambam=118772246625319w=2 Which was never replied to. Eric Roseme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Failed to connect to IPC$ share on localhost when running the net rpc group add command.
Probably an easy one for most of you: I'm trying to create nested groups on my Samba server. When running net rpc group add I am prompted for my root password and receive the error: Failed to connect to IPC$ share on localhost. When I use my other login I receive: # net rpc group add Admins -L -U bill Enter bill's password: Failed to add alias 'Admins' with: Access is denied. Note: wbinfo -u works every time, my shares are working, but net rpc group won't add anyone. This the relevant info from my smb.conf: encrypt passwords = yes interfaces = lo eth0 bind interfaces only = yes workgroup = TEST security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 idmap backend = rid:TEST=16777216-33554431 template shell = /bin/false template homedir = /home/%U winbind use default domain = yes winbind enum users = no winbind enum groups = no winbind nested groups = yes realm = TEST.DS.USACE.ARMY.MIL password server = testdc.ds.usace.army.mil use kerberos keytab = True client signing = auto server signing = auto allow trusted domains = no [samba] path = /samba public = yes store dos attributes = yes nt acl support = yes map acl inherit = yes inherit acls = yes acl map full control = yes dos filemode = yes only guest = yes writable = yes printable = no Thanks, Bill D. Give a man a fish and you've freed him up for the day to write a poem, compose a song, or howl at the Gods. Teach a man to fish and you've doomed him to a lifetime as a fisherman. -Rodney Anonymous -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Is the net rpc vampire at all destructive to a NT4 PDC?
Is it safe to run the net rpc vampire command on a PDC as many times as you want in effort to test the NT4 - samba PDC? While keeping the NT4 PDC in production mode? With the goal of test the full operation of the migrated PDC on a separate network. ` I've done this several times against my PDC without any problems. Best, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with new Samba 3.2.3 Ubuntu install: INTERNAL ERROR 6 in pid XXXX
I'm setting up a new Samba install on a fresh Ubuntu install. Samba is 3.2.3. When I try to list shares, that works: - s...@saba:/etc/samba$ smbclient -L saba Enter stew's password: accepts correct password here Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.2.3] Sharename Type Comment - --- Library Disk Library Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.2.3] Server Comment ---- SABA saba server (Samba 3.2.3) UNAGI WorkgroupMaster ---- MYDOMAIN UNAGI - But mounting shares fails: s...@saba:/etc/samba$ smbclient //saba/Library Enter stew's password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.2.3] Receiving SMB: Server stopped responding tree connect failed: Call returned zero bytes (EOF) Errors from the logs: === [2009/03/24 12:23:59, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 6 in pid 6033 (3.2.3) Please read the Trouble-Shooting section of the Samba3-HOWTO [2009/03/24 12:23:59, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2009/03/24 12:23:59, 0] lib/fault.c:fault_report(44) === [2009/03/24 12:23:59, 0] lib/util.c:smb_panic(1663) PANIC (pid 6033): internal error [2009/03/24 12:24:00, 0] lib/util.c:log_stack_trace(1767) BACKTRACE: 23 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7c1042c] #1 /usr/sbin/smbd(smb_panic+0x80) [0xb7c10589] #2 /usr/sbin/smbd [0xb7bfb023] #3 [0xb7a41400] #4 /lib/tls/i686/cmov/libc.so.6(abort+0x188) [0xb75f7268] #5 /usr/lib/libtalloc.so.1(_talloc_steal+0x175) [0xb7733b95] #6 /usr/sbin/smbd [0xb7c4c00d] #7 /usr/sbin/smbd(pdb_default_getgrnam+0x90) [0xb7c486d7] #8 /usr/sbin/smbd(pdb_getgrnam+0x26) [0xb7bc10fb] #9 /usr/sbin/smbd(lookup_global_sam_name+0x1ee) [0xb7ebc6fd] #10 /usr/sbin/smbd(lookup_name+0x2a5) [0xb7bc6188] #11 /usr/sbin/smbd(lookup_name_smbconf+0xfb) [0xb7bc6c52] #12 /usr/sbin/smbd(token_contains_name_in_list+0x4a2) [0xb7e254b2] #13 /usr/sbin/smbd(is_share_read_only_for_token+0x9a) [0xb7e25559] #14 /usr/sbin/smbd(change_to_user+0x25a) [0xb7acb31a] #15 /usr/sbin/smbd [0xb7aecd82] #16 /usr/sbin/smbd(make_connection+0x796) [0xb7aedc47] #17 /usr/sbin/smbd(reply_tcon_and_X+0x404) [0xb7e419f3] #18 /usr/sbin/smbd [0xb7ae729e] #19 /usr/sbin/smbd(smbd_process+0x435) [0xb7ae94b1] #20 /usr/sbin/smbd(main+0xfa6) [0xb7ab0adf] #21 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb75e0685] #22 /usr/sbin/smbd [0xb7aadaf1] [2009/03/24 12:24:00, 0] lib/fault.c:dump_core(201) dumping core in /var/log/samba/cores/smbd [2009/03/24 12:24:00, 0] lib/fault.c:fault_report(40) === [2009/03/24 12:24:00, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 6 in pid 6034 (3.2.3) Please read the Trouble-Shooting section of the Samba3-HOWTO [2009/03/24 12:24:00, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2009/03/24 12:24:00, 0] lib/fault.c:fault_report(44) === [2009/03/24 12:24:00, 0] lib/util.c:smb_panic(1663) PANIC (pid 6034): internal error [2009/03/24 12:24:00, 0] lib/util.c:log_stack_trace(1767) BACKTRACE: 23 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7c1042c] #1 /usr/sbin/smbd(smb_panic+0x80) [0xb7c10589] #2 /usr/sbin/smbd [0xb7bfb023] #3 [0xb7a41400] #4 /lib/tls/i686/cmov/libc.so.6(abort+0x188) [0xb75f7268] #5 /usr/lib/libtalloc.so.1(_talloc_steal+0x175) [0xb7733b95] #6 /usr/sbin/smbd [0xb7c4c00d] #7 /usr/sbin/smbd(pdb_default_getgrnam+0x90) [0xb7c486d7] #8 /usr/sbin/smbd(pdb_getgrnam+0x26) [0xb7bc10fb] #9 /usr/sbin/smbd(lookup_global_sam_name+0x1ee) [0xb7ebc6fd] #10 /usr/sbin/smbd(lookup_name+0x2a5) [0xb7bc6188] #11 /usr/sbin/smbd(lookup_name_smbconf+0xfb) [0xb7bc6c52] #12 /usr/sbin/smbd(token_contains_name_in_list+0x4a2) [0xb7e254b2] #13 /usr/sbin/smbd(is_share_read_only_for_token+0x9a) [0xb7e25559] #14 /usr/sbin/smbd(change_to_user+0x25a) [0xb7acb31a] #15 /usr/sbin/smbd [0xb7aecd82] #16 /usr/sbin/smbd(make_connection+0x796) [0xb7aedc47] #17 /usr/sbin/smbd(reply_tcon_and_X+0x404) [0xb7e419f3] #18 /usr/sbin/smbd [0xb7ae729e] #19 /usr/sbin/smbd(smbd_process+0x435) [0xb7ae94b1] #20 /usr/sbin/smbd(main+0xfa6) [0xb7ab0adf] #21 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb75e0685] #22 /usr/sbin/smbd [0xb7aadaf1] [2009/03/24 12:24:00, 0] lib/fault.c:dump_core(201) dumping core in /var/log/samba/cores/smbd [2009/03/24 12:24:00, 0] lib/fault.c:fault_report(40)
[Samba] Re: problem with sambaNextRid (WAS: updating samba/ldap: do I need new attributes?)
samba creates the RID when smbpasswd -a is used (or machine is joined to the domain). smbldap-tools creates an entry in ldap to keep up with the next available UID. i don't remember what it is. personally, I just use a text file that contains my next available UID and GID in it and increment when i add a user. i do everything by hand with .ldif files though. Thierry Lacoste wrote: Hello, I did the steps described below and I have a problem with machine RIDs. When I first join a machine, samba adds to my sambaDomainName ldap entry a sambaNextRid attribute with a value of 1000. Now samba uses this value (incremented each time) to give its RID to the machine. This is going to be a real problem as my current samba computes RDIs as 1000+2*UID. FWIW I'm using smbldap-tools to create user accounts and I have add machine script = /usr/local/sbin/smbldap-useradd -w '%u' in my smb.conf though I don't think it is relevant because AFAIK this script is only called to create the posix machine account. What are my options? If at all possible, I'd rather stick to the 1000+2*UID algorithm. I googled about it and I know that others where caught too but I wasn't able to find a solution. Regards, Thierry. Quoting Adam Williams awill...@mdah.state.ms.us: your steps are fine. you don't need the samba LDAP entries you listed, when ou do smbpasswd -a user, it will add the minimum required LDAP entries for samba. laco...@miage.univ-paris12.fr wrote: Hello, I plan to update my samba-3.0.22/openldap-2.3.24 to samba-3.0.34/openldap-2.4.15 and I'm currently testing it. This is on FreeBSD. My idea is : 1) slapcat the openldap server and save the various tdb files. 2) deinstall samba and openldap and wipe out the bdb files 3) install the newer versions 4) slapadd to the new openldap server This seems to work in my test lab. During my tests I also built a new domain afresh and realized that the sambaDomainName ldap entry has some attributes that are not in my production server: sambaMinPwdLength, sambaLogonToChgPwd, sambaLockoutDuration, sambaLockoutObservationWindow, sambaLockoutThreshold, sambaForceLogoff. Do I have to add these attributes to my ldif file before slapadd? More generally, do I have to add some attributes to my ldap entries? Regards, Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] vampire support for windows 2000+ domains?
Charles Marcus wrote: Is this ever going to happen? Or am I waiting in vain? Can you please file a bug report on this and assign to me? I have a git branch for vampire a w2k+ domain into passdb (almost finished). Having a bugid would be good reminder to finally finish it for the next samba version. Thanks, Guenther -- Günther DeschnerGPG-ID: 8EE11688 Red Hat gdesch...@redhat.com Samba Team g...@samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: 1MB/s gigabit transfers on dell poweredge
John Drescher wrote: On Sat, Mar 14, 2009 at 1:52 PM, Ian McDonald i...@st-andrews.ac.uk wrote: Raid 5 is not a good setup for performance... Its not good for database performance and random small writes but it shines in large file operations. Either way a 3 disk raid5 (software or hardware) should be able to generate 100MB/s sustained on linux so this probably is not an issue. - Especially since John Terpstra's home setup uses a 4-disk RAID and gets up to 90MB xfers over CIFS. (Is that with standard size network/TCP packetsizes? Or anything non-default for tuning on that?) :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: 1MB/s gigabit transfers on dell poweredge
Linda Walsh wrote: John Drescher wrote: On Sat, Mar 14, 2009 at 1:52 PM, Ian McDonald i...@st-andrews.ac.uk wrote: Raid 5 is not a good setup for performance... Its not good for database performance and random small writes but it shines in large file operations. Either way a 3 disk raid5 (software or hardware) should be able to generate 100MB/s sustained on linux so this probably is not an issue. - Especially since John Terpstra's home setup uses a 4-disk RAID and gets up to 90MB xfers over CIFS. (Is that with standard size network/TCP packetsizes? Or anything non-default for tuning on that?) :-) My TCP/IP is at default settings - no tuning at all. It works well enough that I can't be bothered with tuning. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Conference: SambaXP 2009 - April 20-24
This is a reminder that every year a large contingent of Samba developers meet at the SambaXP Conference in Goettingen, Germany. Over the past 8 years this conference has been attended by Samba users, Network Managers, IT Executives, appliance and operating system integrators, and so on. The conference aims to provide specific general, as well as detailed technical training, education and information to help people like you to meet your Samba and Windows networking needs. The conference week includes workshops, tutorials, and a very full speaking agenda. This year's conference promises to again have a full agenda - in fact, the normal 1.5 days of speaking events has been extended to 2 full days to accommodate all the presentations. Topics covered includes general deployment, development goals and objectives, Samba clustering and high-availability, integration with Active Directory, Samba4 (which provides Active Directory support) status updates, and more. SambaXP conferences provide for the needs of those who are new to Samba all the way through to delving into its inner secrets. Please check out the web site at: http://www.sambaxp.org If you have any interest in attending, please register soon as accommodation reservations need to be made within the next week or so. SambaXP is the premier event for networking with other Samba users and the developers themselves. This is a great place to get solutions to your Samba concerns. I hope to see many of our subscribers at SambaXP2009. Cheers, John Terpstra Conference Chairman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RFE: manpage smb.conf`
Under log level (debuglevel) there is nothing to indicate what the numbers mean, there is only the enumeration of debug-sections. While I wouldn't need what each number does in each debug area, I did note the following helpful behavior regarding use of numbers only (which I presume would be equal to specifying that number for 'all', or listing out all sections). 0 = nothing 1 = session/workstation logins, filesystem attaches (i.e. ~1 cluster of msgs/workstation login) 2 = per-file open close ( other)... 3 = ~11 times output in '2'... maybe sufficient --- -- '1' and maybe '2' would be useful to document as useful 'features'. And, the fact that '3' expands logging by such a large amount (well beyond 'normal needs' by nearly any measure). Reason(s): For my 'debug' purposes (at one point), '2' would have been what I was looking for. Instead, I chose '3', not realizing, until recently, *how much* extra* logging info, that generated ... ;^} - For _my_ normal usage, maybe '1' would be reasonably what I'd like as it gives me an idea that things are working w/basic session connect info, but should have little impact on performance security, whereas, - '2, gives, at least, 1-2 hits per-file in the log (open,close ???). - As for '3'(or above): OMG! ... (I don't remember 3 being so verbose at some, perhaps, distant, point in the past...) Things keep changing, I know, but hard to keep even 1 finger on the pulses of every program used. I like the (new?) name debuglevel over log level. It indicates more clearly that it's pretty much limited to debug, and only coincidentally has some informational 'session-only' log entries for hosts (at =1), and, similarly, has (at least) open/close entries for every file access, per-host (at =2) Might be nice to have those levels of functionality { (1) Session login filesystem attaches, and (2) per-file-audit operations } specified apart from debug, but that's just a 'polish' detail that I've no idea anyone would want or need apart from a debug context (where the levels are not documented for someone who only wanted to turn on such basic logging levels). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: 1MB/s gigabit transfers on dell poweredge
John H Terpstra - Samba Team wrote: Linda Walsh wrote: Especially since John Terpstra's home setup uses a 4-disk RAID and gets up to 90MB xfers over CIFS. (Is that with standard size network/TCP packetsizes? Or anything non-default for tuning on that?) :-) My TCP/IP is at default settings - no tuning at all. It works well enough that I can't be bothered with tuning. --- I can see why. At 90MB over a 1GB line, tuning would be an unneeded luxury. (I'm lucky to get a sustained 700Mb for any xfer over my 1GB-ether, but my fileserver isn't running raid and is running with P-III's) Cheers, Linda W. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] shared files missing after install
I am running samba on a FreeBSD 7 vbox and get the following messages emma# /usr/local/samba/sbin/smbd -D /libexec/ld-elf.so.1: Shared object libtalloc.so.1 not found, required by smbd emma# /usr/local/samba/sbin/winbindd -D /libexec/ld-elf.so.1: Shared object libtalloc.so.1 not found, required by winbindd emma# /usr/local/samba/sbin/nmbd -D /libexec/ld-elf.so.1: Shared object libtalloc.so.1 not found, required by nmbd I have done a default install, configure, make, make install with no parameters or switches. There clearly needs to be something else installed but I don't know what. Mr David Bessell Network Manager St Michael's Collegiate School Phone 03 6211 4940 Fax 03 6211 4955 218 Macquarie Street Hobart 7000 The Christ College Trust trading as ST MICHAEL'S COLLEGIATE SCHOOL CRICOS Registration No. 00482K The contents of this email are confidential. Any unauthorised use of the contents is expressly prohibited. If you have received this email in error, please advise by telephone (reverse charges) immediately and then delete/destroy the email and any printed copies. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] CTDB repository - branch master updated - ctdb-1.0.72-39-g972036a
The branch, master has been updated via 972036a5d510fb9b399f1ee34a8861dee4221267 (commit) via 39a972b0d6d0d70282c25c54a124b67431467e77 (commit) via ccaf9ebe062127124cf23e69dcd2ac2edda40020 (commit) via b1aba6651143ae1c85b24d78b67c760795ff5bff (commit) via 8518c9e0ffec44677d45f60e63936a831d62ab20 (commit) via 36709e4325fe9a0f377e8e79741741ded4e7f7b0 (commit) via f0e3cdde7bd35bb586a46c31609398b7d4b05a26 (commit) via 124874847e5e03ce2a44bddfe778f01dfb0a7a03 (commit) from 857733ae2bdfa0037af224abfabc020e2ac384c7 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 972036a5d510fb9b399f1ee34a8861dee4221267 Merge: 857733ae2bdfa0037af224abfabc020e2ac384c7 39a972b0d6d0d70282c25c54a124b67431467e77 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Mar 24 17:49:55 2009 +1100 Merge branch 'obnox' commit 39a972b0d6d0d70282c25c54a124b67431467e77 Merge: ccaf9ebe062127124cf23e69dcd2ac2edda40020 c98f90ad61c9b1e679116fbed948ddca4111968d Author: Michael Adam ob...@samba.org Date: Mon Mar 23 10:07:44 2009 +0100 Merge commit 'ctdb-ronnie/master' commit ccaf9ebe062127124cf23e69dcd2ac2edda40020 Author: Michael Adam ob...@samba.org Date: Tue Mar 10 00:21:04 2009 +0100 ctdb.sysconfig: add CTDB_MANAGES_HTTPD comment section Michael commit b1aba6651143ae1c85b24d78b67c760795ff5bff Author: Michael Adam ob...@samba.org Date: Mon Mar 9 00:20:30 2009 +0100 events.d/50.samba: allow CTDB_SERVICE_{SMB,NMB,WINBIND} to be overriden from sysconfig Michael commit 8518c9e0ffec44677d45f60e63936a831d62ab20 Author: Michael Adam ob...@samba.org Date: Mon Mar 9 00:08:26 2009 +0100 ctdb.sysconfig: add CTDB_INIT_STYLE with explanation Michael commit 36709e4325fe9a0f377e8e79741741ded4e7f7b0 Merge: f0e3cdde7bd35bb586a46c31609398b7d4b05a26 ecf26af22245d0f55aded50e8768b0c21495f98c Author: Michael Adam ob...@samba.org Date: Wed Mar 4 21:26:25 2009 +0100 Merge commit 'ctdb-ronnie/master' commit ecf26af22245d0f55aded50e8768b0c21495f98c Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Mar 4 07:25:26 2009 +1100 new version 1.0.73 commit 432604a1435cd2b5a7178fb5aedf1d4b61bffeb9 Author: root r...@rcn1.vsofs1.com Date: Wed Mar 4 07:21:55 2009 +1100 Add a variable CTDB_NFS_SKIP_SHARE_CHECK to sysconfig that can disable the check that all shares are accessable. This can take very long if there are very many shares and is in that case better to implement in a separate cronjob than in ctdb eventscript commit f0e3cdde7bd35bb586a46c31609398b7d4b05a26 Merge: 124874847e5e03ce2a44bddfe778f01dfb0a7a03 ef9dc810c4309e8eba18d015c73c1b5d0760a4e8 Author: Michael Adam ob...@samba.org Date: Sat Feb 28 03:09:13 2009 +0100 Merge commit 'ctdb-ronnie/master' commit 124874847e5e03ce2a44bddfe778f01dfb0a7a03 Author: Michael Adam ob...@samba.org Date: Sat Feb 28 03:08:31 2009 +0100 move common code of system_linux.c and system_aix.c into new system_common.c Michael commit ef9dc810c4309e8eba18d015c73c1b5d0760a4e8 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Feb 25 09:13:16 2009 +1100 From Sumit Bose sb...@redhat.com Fix to the makefile dependencies for smnotify so that make -j works commit 051ae5f3c13892b860818eac803d348f09845dc6 Author: root r...@test2n1.vsofs1.com Date: Fri Feb 20 10:58:34 2009 +1100 make it possible to disable checking all samba shares. this is a timeconsuming process and might not be feasible to perform if there are very many thousand shares commit 7412c6706c2d8ec668d0a6a50471db369f3dbf2b Merge: e1c90b12290c682c2cba90e9afa3a09be014e20e e1be8cb2dc32f56eabd537b658b47929818b8d01 Author: Michael Adam ob...@samba.org Date: Thu Feb 19 23:51:23 2009 +0100 Merge commit 'ctdb-ronnie/master' commit e1be8cb2dc32f56eabd537b658b47929818b8d01 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Feb 18 13:22:26 2009 +1100 new version 1.0.72 commit fe4eea45c6b5702a794424037c3f2ab4241d5e5e Merge: 59a04a50e64aae0a89b165d0428e23a8bcf8eb24 4777b74b1e2eebe54cf27f3303f60e49023e7f6a Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Feb 18 13:10:03 2009 +1100 Merge branch 'martins' commit e1c90b12290c682c2cba90e9afa3a09be014e20e Merge: 2f42429f6996e98c9bfad49eab9fa23e85d7bec2 59a04a50e64aae0a89b165d0428e23a8bcf8eb24 Author: Michael Adam ob...@samba.org Date: Tue Feb 10 00:28:08 2009 +0100 Merge commit 'ctdb-ronnie/master' commit 59a04a50e64aae0a89b165d0428e23a8bcf8eb24 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Sat Feb 7 08:10:34 2009 +1100 add a licence file commit dfb16ce9ed65048d30109851737a9075d071ecdb Author: root r...@test1n1.vsofs1.com Date: Thu Feb 5 14:44:46 2009 +1100 use netstat to check first and only fall back to netcat if netstat is
[SCM] CTDB repository - branch master updated - ctdb-1.0.72-42-g95d22e4
The branch, master has been updated via 95d22e4cf265d2119f72200ab0ec708f095853df (commit) via ae317b2013eee01c4c0a5108c03f4024bea9e313 (commit) via 0840aa2bd31b2da95342dca8ff35786a3d998688 (commit) from 972036a5d510fb9b399f1ee34a8861dee4221267 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 95d22e4cf265d2119f72200ab0ec708f095853df Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Mar 24 19:02:00 2009 +1100 web: fix typo Conflicts: web/index.html commit ae317b2013eee01c4c0a5108c03f4024bea9e313 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Mar 24 18:59:27 2009 +1100 update the documentatio n with all the new commands we supprot in the ctdb tool commit 0840aa2bd31b2da95342dca8ff35786a3d998688 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Mar 24 18:23:56 2009 +1100 fix the html so that mine and obnox names are shown --- Summary of changes: doc/ctdb.1 | 95 ++-- doc/ctdb.1.html | 146 --- doc/ctdb.1.xml | 135 +- web/index.html |4 +- 4 files changed, 332 insertions(+), 48 deletions(-) Changeset truncated at 500 lines: diff --git a/doc/ctdb.1 b/doc/ctdb.1 index 5da61bf..91c1b64 100644 --- a/doc/ctdb.1 +++ b/doc/ctdb.1 @@ -1,11 +1,11 @@ .\ Title: ctdb .\Author: .\ Generator: DocBook XSL Stylesheets v1.73.2 http://docbook.sf.net/ -.\ Date: 09/15/2008 +.\ Date: 03/24/2009 .\Manual: .\Source: .\ -.TH CTDB 1 09/15/2008 +.TH CTDB 1 03/24/2009 .\ disable hyphenation .nh .\ disable justification (adjust text to left margin only) @@ -171,6 +171,43 @@ Recovery master:0 .fi .RE +.SS recmaster +.PP +This command shows the pnn of the node which is currently the recmaster\. +.SS uptime +.PP +This command shows the uptime for the ctdb daemon\. When the last recovery completed and how long the last recovery took\. If the duration is shown as a negative number, this indicates that there is a recovery in progress and it started that many seconds ago\. +.PP +Example: ctdb uptime +.PP +Example output: +.sp +.RS 4 +.nf +Current time of node : Tue Mar 24 18:27:54 2009 +Ctdbd start time : (000 00:00:05) Tue Mar 24 18:27:49 2009 +Time of last recovery : (000 00:00:05) Tue Mar 24 18:27:49 2009 +Duration of last recovery : 0\.00 seconds + +.fi +.RE +.SS listnodes +.PP +This command shows lists the ip addresses of all the nodes in the cluster\. +.PP +Example: ctdb listnodes +.PP +Example output: +.sp +.RS 4 +.nf +10\.0\.0\.71 +10\.0\.0\.72 +10\.0\.0\.73 +10\.0\.0\.74 + +.fi +.RE .SS ping .PP This command will ping all CTDB daemons in the cluster to verify that they are processing commands correctly\. @@ -190,7 +227,7 @@ response from 3 time=0\.000114 sec (2 clients) .RE .SS ip .PP -This command will display the list of public addresses that are provided by the cluster and which physical node is currently serving this ip\. +This command will display the list of public addresses that are provided by the cluster and which physical node is currently serving this ip\. By default this command will ONLY show those public addresses that are known to the node itself\. To see the full list of all public ips across the cluster you must use ctdb ip \-n all\. .PP Example: ctdb ip .PP @@ -206,6 +243,28 @@ Number of addresses:4 .fi .RE +.SS scriptstatus +.PP +This command displays which scripts where run in the previous monitoring cycle and the result of each script\. If a script failed with an error, causing the node to become unhealthy, the output from that script is also shown\. +.PP +Example: ctdb scriptstatus +.PP +Example output: +.sp +.RS 4 +.nf +7 scripts were executed last monitoring cycle +00\.ctdb Status:OKDuration:0\.056 Tue Mar 24 18:56:57 2009 +10\.interface Status:OKDuration:0\.077 Tue Mar 24 18:56:57 2009 +11\.natgw Status:OKDuration:0\.039 Tue Mar 24 18:56:57 2009 +20\.multipathdStatus:OKDuration:0\.038 Tue Mar 24 18:56:57 2009 +40\.vsftpdStatus:OKDuration:0\.045 Tue Mar 24 18:56:57 2009 +41\.httpd Status:OKDuration:0\.039 Tue Mar 24 18:56:57 2009 +50\.samba Status:ERRORDuration:0\.082 Tue Mar 24 18:56:57 2009 + OUTPUT:ERROR: Samba tcp port 445 is not responding + +.fi +.RE .SS getvar name .PP Get the runtime value of a tuneable variable\. @@ -374,6 +433,16 @@ Administratively ban a node for bantime seconds\. A bantime of 0 means that the A banned node does not participate in the cluster and does not host any records for the clustered TDB\. Its ip address has been taken over by
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-568-ga2e1384
The branch, v3-4-test has been updated via a2e138419138a2f675f6370426a6caeda0a314b4 (commit) from 55b7bf7338c13701944169df02ab8e9def6d43a1 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit a2e138419138a2f675f6370426a6caeda0a314b4 Author: Björn Jacke b...@sernet.de Date: Mon Mar 23 12:26:03 2009 +0100 s3:dsgetdcname: use parentheses in if condition to make negation clear Signed-off-by: Günther Deschner g...@samba.org (cherry picked from commit 87b428e424e2e3cca975ecd0efed327e72950a1d) --- Summary of changes: source3/libsmb/dsgetdcname.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index 3491544..1064a63 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -311,7 +311,7 @@ static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response * / / -#define RETURN_ON_FALSE(x) if (!x) return false; +#define RETURN_ON_FALSE(x) if (!(x)) return false; static bool check_cldap_reply_required_flags(uint32_t ret_flags, uint32_t req_flags) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5163-gdeba6c8
The branch, v3-3-test has been updated via deba6c883965f99bf70744a5a4fb8124a73910fd (commit) from b0ad52693d4ee548a2d3870e28f6499f827bed31 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit deba6c883965f99bf70744a5a4fb8124a73910fd Author: Björn Jacke b...@sernet.de Date: Mon Mar 23 12:26:03 2009 +0100 s3:dsgetdcname: use parentheses in if condition to make negation clear Signed-off-by: Günther Deschner g...@samba.org (cherry picked from commit 87b428e424e2e3cca975ecd0efed327e72950a1d) --- Summary of changes: source/libsmb/dsgetdcname.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/dsgetdcname.c b/source/libsmb/dsgetdcname.c index a33f684..77c2dcf 100644 --- a/source/libsmb/dsgetdcname.c +++ b/source/libsmb/dsgetdcname.c @@ -311,7 +311,7 @@ static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response * / / -#define RETURN_ON_FALSE(x) if (!x) return false; +#define RETURN_ON_FALSE(x) if (!(x)) return false; static bool check_cldap_reply_required_flags(uint32_t ret_flags, uint32_t req_flags) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3515-gca58d12
The branch, v3-2-test has been updated via ca58d12b6513beb40c14fcab2758cf21af0179f3 (commit) from 66faa809847ad60b8027ae86068f8d62c0d181ed (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit ca58d12b6513beb40c14fcab2758cf21af0179f3 Author: Björn Jacke b...@sernet.de Date: Mon Mar 23 12:26:03 2009 +0100 s3:dsgetdcname: use parentheses in if condition to make negation clear Signed-off-by: Günther Deschner g...@samba.org (cherry picked from commit 87b428e424e2e3cca975ecd0efed327e72950a1d) --- Summary of changes: source/libsmb/dsgetdcname.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/dsgetdcname.c b/source/libsmb/dsgetdcname.c index 72c3c73..e191307 100644 --- a/source/libsmb/dsgetdcname.c +++ b/source/libsmb/dsgetdcname.c @@ -439,7 +439,7 @@ static uint32_t get_cldap_reply_server_flags(union nbt_cldap_netlogon *r, / / -#define RETURN_ON_FALSE(x) if (!x) return false; +#define RETURN_ON_FALSE(x) if (!(x)) return false; static bool check_cldap_reply_required_flags(uint32_t ret_flags, uint32_t req_flags) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-690-g87b428e
The branch, master has been updated via 87b428e424e2e3cca975ecd0efed327e72950a1d (commit) from 34ee56eadce9f84d52a1c9668cf321e04ede2bc0 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 87b428e424e2e3cca975ecd0efed327e72950a1d Author: Björn Jacke b...@sernet.de Date: Mon Mar 23 12:26:03 2009 +0100 s3:dsgetdcname: use parentheses in if condition to make negation clear Signed-off-by: Günther Deschner g...@samba.org --- Summary of changes: source3/libsmb/dsgetdcname.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index 3491544..1064a63 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -311,7 +311,7 @@ static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response * / / -#define RETURN_ON_FALSE(x) if (!x) return false; +#define RETURN_ON_FALSE(x) if (!(x)) return false; static bool check_cldap_reply_required_flags(uint32_t ret_flags, uint32_t req_flags) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-691-gc388efd
The branch, master has been updated via c388efdbcb9ef1ecd5a81f7731ce56c7f79b2579 (commit) from 87b428e424e2e3cca975ecd0efed327e72950a1d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c388efdbcb9ef1ecd5a81f7731ce56c7f79b2579 Author: Günther Deschner g...@samba.org Date: Tue Mar 24 11:02:40 2009 +0100 s3: add missing prototype for auth_wbc_init(). Guenther --- Summary of changes: source3/include/proto.h |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index c8dce13..d15e45a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -150,6 +150,10 @@ bool is_trusted_domain(const char* dom_name); NTSTATUS auth_winbind_init(void); +/* The following definitions come from auth/auth_wbc.c */ + +NTSTATUS auth_wbc_init(void); + /* The following definitions come from auth/pampass.c */ bool smb_pam_claim_session(char *user, char *tty, char *rhost); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-569-g87cf381
The branch, v3-4-test has been updated via 87cf381dc3bd020dc043419f4ca18a3ff118458d (commit) from a2e138419138a2f675f6370426a6caeda0a314b4 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 87cf381dc3bd020dc043419f4ca18a3ff118458d Author: Günther Deschner g...@samba.org Date: Tue Mar 24 11:02:40 2009 +0100 s3: add missing prototype for auth_wbc_init(). Guenther (cherry picked from commit c388efdbcb9ef1ecd5a81f7731ce56c7f79b2579) --- Summary of changes: source3/include/proto.h |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index e6e925e..36b8d5e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -150,6 +150,10 @@ bool is_trusted_domain(const char* dom_name); NTSTATUS auth_winbind_init(void); +/* The following definitions come from auth/auth_wbc.c */ + +NTSTATUS auth_wbc_init(void); + /* The following definitions come from auth/pampass.c */ bool smb_pam_claim_session(char *user, char *tty, char *rhost); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-694-gde2a7c8
The branch, master has been updated via de2a7c8e4caa4898a3ff5cfd85d21cddec8188f2 (commit) via 31db53c3586339b7469802a454a3b983807ec518 (commit) via 8d901caf353ce99dfdde4e9e8ad5937f91df7c49 (commit) from c388efdbcb9ef1ecd5a81f7731ce56c7f79b2579 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit de2a7c8e4caa4898a3ff5cfd85d21cddec8188f2 Author: Günther Deschner g...@samba.org Date: Sat Mar 21 00:10:14 2009 +0100 s3: use generated dcerpc code. Guenther commit 31db53c3586339b7469802a454a3b983807ec518 Author: Günther Deschner g...@samba.org Date: Fri Mar 20 23:27:15 2009 +0100 s3: add generated dcerpc files. Guenther commit 8d901caf353ce99dfdde4e9e8ad5937f91df7c49 Author: Günther Deschner g...@samba.org Date: Fri Mar 20 23:25:53 2009 +0100 move dcerpc.idl to main directory. Guenther --- Summary of changes: librpc/gen_ndr/dcerpc.h | 343 librpc/gen_ndr/ndr_dcerpc.c | 1834 + librpc/gen_ndr/ndr_dcerpc.h | 65 ++ librpc/idl/dcerpc.idl | 306 +++ source3/Makefile.in |3 +- source3/include/rpc_dce.h | 10 - source3/include/smb.h |2 + source4/librpc/config.mk |4 +- source4/librpc/idl/dcerpc.idl | 306 --- 9 files changed, 2554 insertions(+), 319 deletions(-) create mode 100644 librpc/gen_ndr/dcerpc.h create mode 100644 librpc/gen_ndr/ndr_dcerpc.c create mode 100644 librpc/gen_ndr/ndr_dcerpc.h create mode 100644 librpc/idl/dcerpc.idl delete mode 100644 source4/librpc/idl/dcerpc.idl Changeset truncated at 500 lines: diff --git a/librpc/gen_ndr/dcerpc.h b/librpc/gen_ndr/dcerpc.h new file mode 100644 index 000..78834f6 --- /dev/null +++ b/librpc/gen_ndr/dcerpc.h @@ -0,0 +1,343 @@ +/* header auto-generated by pidl */ + +#include stdint.h + +#include libcli/util/ntstatus.h + +#include librpc/gen_ndr/misc.h +#ifndef _HEADER_dcerpc +#define _HEADER_dcerpc + +#define DCERPC_REQUEST_LENGTH ( 24 ) +#define DCERPC_BIND_REASON_ASYNTAX ( 1 ) +#define DCERPC_BIND_PROVIDER_REJECT( 2 ) +#define DECRPC_BIND_PROTOCOL_VERSION_NOT_SUPPORTED ( 4 ) +#define DCERPC_BIND_REASON_INVALID_AUTH_TYPE ( 8 ) +#define DCERPC_RESPONSE_LENGTH ( 24 ) +#define DCERPC_FAULT_OP_RNG_ERROR ( 0x1c010002 ) +#define DCERPC_FAULT_UNK_IF( 0x1c010003 ) +#define DCERPC_FAULT_NDR ( 0x06f7 ) +#define DCERPC_FAULT_INVALID_TAG ( 0x1c06 ) +#define DCERPC_FAULT_CONTEXT_MISMATCH ( 0x1c1a ) +#define DCERPC_FAULT_OTHER ( 0x0001 ) +#define DCERPC_FAULT_ACCESS_DENIED ( 0x0005 ) +#define DCERPC_FAULT_CANT_PERFORM ( 0x06d8 ) +#define DCERPC_FAULT_TODO ( 0x0042 ) +#define DCERPC_AUTH_LEVEL_DEFAULT ( DCERPC_AUTH_LEVEL_CONNECT ) +#define DCERPC_AUTH_TRAILER_LENGTH ( 8 ) +#define DCERPC_PFC_FLAG_FIRST ( 0x01 ) +#define DCERPC_PFC_FLAG_LAST ( 0x02 ) +#define DCERPC_PFC_FLAG_PENDING_CANCEL ( 0x04 ) +#define DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN( DCERPC_PFC_FLAG_PENDING_CANCEL ) +#define DCERPC_PFC_FLAG_CONC_MPX ( 0x10 ) +#define DCERPC_PFC_FLAG_DID_NOT_EXECUTE( 0x20 ) +#define DCERPC_PFC_FLAG_MAYBE ( 0x40 ) +#define DCERPC_PFC_FLAG_OBJECT_UUID( 0x80 ) +#define DCERPC_PFC_OFFSET ( 3 ) +#define DCERPC_DREP_OFFSET ( 4 ) +#define DCERPC_FRAG_LEN_OFFSET ( 8 ) +#define DCERPC_AUTH_LEN_OFFSET ( 10 ) +#define DCERPC_DREP_LE ( 0x10 ) +struct dcerpc_ctx_list { + uint16_t context_id; + uint8_t num_transfer_syntaxes; + struct ndr_syntax_id abstract_syntax; + struct ndr_syntax_id *transfer_syntaxes; +}; + +struct dcerpc_bind { + uint16_t max_xmit_frag; + uint16_t max_recv_frag; + uint32_t assoc_group_id; + uint8_t num_contexts; + struct dcerpc_ctx_list *ctx_list; + DATA_BLOB _pad;/* [flag(LIBNDR_FLAG_ALIGN4)] */ + DATA_BLOB auth_info;/* [flag(LIBNDR_FLAG_REMAINING)] */ +}; + +struct dcerpc_empty { + char _empty_; +}; + +union dcerpc_object { + struct dcerpc_empty empty;/* [default] */ + struct GUID object;/* [case(LIBNDR_FLAG_OBJECT_PRESENT)] */ +}/* [nodiscriminant] */; + +struct dcerpc_request { + uint32_t alloc_hint; + uint16_t context_id; + uint16_t opnum; + union dcerpc_object object;/* [switch_is(ndr-flagsLIBNDR_FLAG_OBJECT_PRESENT)] */ + DATA_BLOB _pad;/* [flag(LIBNDR_FLAG_ALIGN8)] */ + DATA_BLOB stub_and_verifier;/* [flag(LIBNDR_FLAG_REMAINING)] */ +}; + +struct dcerpc_ack_ctx { + uint16_t result; + uint16_t reason; + struct ndr_syntax_id syntax; +}; + +struct dcerpc_bind_ack { + uint16_t max_xmit_frag; + uint16_t max_recv_frag; + uint32_t assoc_group_id; + uint16_t secondary_address_size;/*
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3516-gbb76066
The branch, v3-2-test has been updated via bb76066e8797599e5ca75821a686e32dd0c97a74 (commit) from ca58d12b6513beb40c14fcab2758cf21af0179f3 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit bb76066e8797599e5ca75821a686e32dd0c97a74 Author: Volker Lendecke v...@samba.org Date: Tue Mar 24 11:07:16 2009 +0100 Fix bug 6097 A client sent a SID with authority 0 and 0 sub-authorities. W2k3 replies with NT_STATUS_INVALID_SID, even if other SIDs in the list are valid. Thanks to Pavel wy...@volny.cz for the bug report! --- Summary of changes: source/passdb/lookup_sid.c |2 +- source/rpc_server/srv_lsa_nt.c |4 2 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index a7175b9..d767fa4 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -804,7 +804,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, } else { /* This is a normal SID with rid component */ if (!sid_split_rid(sid, rid)) { - result = NT_STATUS_INVALID_PARAMETER; + result = NT_STATUS_INVALID_SID; goto fail; } } diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c index 9ce992c..9d411ec 100644 --- a/source/rpc_server/srv_lsa_nt.c +++ b/source/rpc_server/srv_lsa_nt.c @@ -830,6 +830,10 @@ NTSTATUS _lsa_LookupSids(pipes_struct *p, names, mapped_count); + if (NT_STATUS_IS_ERR(status)) { + return status; + } + /* Convert from lsa_TranslatedName2 to lsa_TranslatedName */ names_out = TALLOC_ARRAY(p-mem_ctx, struct lsa_TranslatedName, num_sids); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5164-gc38c80f
The branch, v3-3-test has been updated via c38c80fcd3f63e60450fd95c27d842082e8e00fd (commit) from deba6c883965f99bf70744a5a4fb8124a73910fd (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit c38c80fcd3f63e60450fd95c27d842082e8e00fd Author: Volker Lendecke v...@samba.org Date: Tue Mar 24 11:07:16 2009 +0100 Fix bug 6097 A client sent a SID with authority 0 and 0 sub-authorities. W2k3 replies with NT_STATUS_INVALID_SID, even if other SIDs in the list are valid. Thanks to Pavel wy...@volny.cz for the bug report! --- Summary of changes: source/passdb/lookup_sid.c |2 +- source/rpc_server/srv_lsa_nt.c |4 2 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index 2a5eacd..f4fc7b5 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -804,7 +804,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, } else { /* This is a normal SID with rid component */ if (!sid_split_rid(sid, rid)) { - result = NT_STATUS_INVALID_PARAMETER; + result = NT_STATUS_INVALID_SID; goto fail; } } diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c index 0176d16..f9cfeed 100644 --- a/source/rpc_server/srv_lsa_nt.c +++ b/source/rpc_server/srv_lsa_nt.c @@ -828,6 +828,10 @@ NTSTATUS _lsa_LookupSids(pipes_struct *p, names, mapped_count); + if (NT_STATUS_IS_ERR(status)) { + return status; + } + /* Convert from lsa_TranslatedName2 to lsa_TranslatedName */ names_out = TALLOC_ARRAY(p-mem_ctx, struct lsa_TranslatedName, num_sids); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-570-ge4f3d75
The branch, v3-4-test has been updated via e4f3d75432dbe372e164962a993b6e882fe44e83 (commit) from 87cf381dc3bd020dc043419f4ca18a3ff118458d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit e4f3d75432dbe372e164962a993b6e882fe44e83 Author: Volker Lendecke v...@samba.org Date: Tue Mar 24 11:07:16 2009 +0100 Fix bug 6097 A client sent a SID with authority 0 and 0 sub-authorities. W2k3 replies with NT_STATUS_INVALID_SID, even if other SIDs in the list are valid. Thanks to Pavel wy...@volny.cz for the bug report! --- Summary of changes: source3/passdb/lookup_sid.c |2 +- source3/rpc_server/srv_lsa_nt.c |4 2 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 9c20042..a5c2d50 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -804,7 +804,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, } else { /* This is a normal SID with rid component */ if (!sid_split_rid(sid, rid)) { - result = NT_STATUS_INVALID_PARAMETER; + result = NT_STATUS_INVALID_SID; goto fail; } } diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index ed54c3a..5fdcaf2 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -827,6 +827,10 @@ NTSTATUS _lsa_LookupSids(pipes_struct *p, names, mapped_count); + if (NT_STATUS_IS_ERR(status)) { + return status; + } + /* Convert from lsa_TranslatedName2 to lsa_TranslatedName */ names_out = TALLOC_ARRAY(p-mem_ctx, struct lsa_TranslatedName, num_sids); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-695-gf915655
The branch, master has been updated via f91565544f96be60cb6464d739008f8241e55d5c (commit) from de2a7c8e4caa4898a3ff5cfd85d21cddec8188f2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f91565544f96be60cb6464d739008f8241e55d5c Author: Volker Lendecke v...@samba.org Date: Tue Mar 24 11:07:16 2009 +0100 Fix bug 6097 A client sent a SID with authority 0 and 0 sub-authorities. W2k3 replies with NT_STATUS_INVALID_SID, even if other SIDs in the list are valid. Thanks to Pavel wy...@volny.cz for the bug report! --- Summary of changes: source3/passdb/lookup_sid.c |2 +- source3/rpc_server/srv_lsa_nt.c |4 2 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 9c20042..a5c2d50 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -804,7 +804,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, } else { /* This is a normal SID with rid component */ if (!sid_split_rid(sid, rid)) { - result = NT_STATUS_INVALID_PARAMETER; + result = NT_STATUS_INVALID_SID; goto fail; } } diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index ed54c3a..5fdcaf2 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -827,6 +827,10 @@ NTSTATUS _lsa_LookupSids(pipes_struct *p, names, mapped_count); + if (NT_STATUS_IS_ERR(status)) { + return status; + } + /* Convert from lsa_TranslatedName2 to lsa_TranslatedName */ names_out = TALLOC_ARRAY(p-mem_ctx, struct lsa_TranslatedName, num_sids); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-706-g5f753e2
The branch, master has been updated via 5f753e22f1f536e0e227db0f453809ad6cfacaf6 (commit) via fa6283683981c61406967ede7ad48910b602f5a4 (commit) via 8e0d9d002a4b0266c9d910bf7ce9c0510c89b09f (commit) via 22badee4bf7d75a4337a3826847070ebd7464ce8 (commit) via 1724f2ff316d20dd7e67fed59f467d4a3e187114 (commit) via f88990ec7ec92f0b8371419bfdf777d1d624abf9 (commit) via 545ed5b52e41f495a48370ba4218834337b85dd2 (commit) via 7a429fb369f608c0aaad20a89baf86aebf615440 (commit) via 7573bb758e843912335af7ee3a60b21a31b5118e (commit) via 1dd08834586484f0a463ba9378e03f742871d517 (commit) via 6a2e71b12dbfed195859f0fc521ec5a5c145e1f5 (commit) from f91565544f96be60cb6464d739008f8241e55d5c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5f753e22f1f536e0e227db0f453809ad6cfacaf6 Author: Volker Lendecke v...@samba.org Date: Mon Mar 23 23:38:04 2009 +0100 Convert rpc_pipe_bind to tevent_req commit fa6283683981c61406967ede7ad48910b602f5a4 Author: Volker Lendecke v...@samba.org Date: Mon Mar 23 23:30:18 2009 +0100 Convert rpc_cli_transport-trans to tevent_req commit 8e0d9d002a4b0266c9d910bf7ce9c0510c89b09f Author: Volker Lendecke v...@samba.org Date: Mon Mar 23 23:20:03 2009 +0100 Convert rpc_cli_transport-write to tevent_req commit 22badee4bf7d75a4337a3826847070ebd7464ce8 Author: Volker Lendecke v...@samba.org Date: Mon Mar 23 23:03:37 2009 +0100 Convert rpc_cli_transport-read to tevent_req commit 1724f2ff316d20dd7e67fed59f467d4a3e187114 Author: Volker Lendecke v...@samba.org Date: Mon Mar 23 22:49:29 2009 +0100 Convert rpc_api_pipe_req to tevent_req commit f88990ec7ec92f0b8371419bfdf777d1d624abf9 Author: Volker Lendecke v...@samba.org Date: Mon Mar 23 22:33:00 2009 +0100 Convert rpc_api_pipe to tevent_req commit 545ed5b52e41f495a48370ba4218834337b85dd2 Author: Volker Lendecke v...@samba.org Date: Mon Mar 23 22:13:44 2009 +0100 Convert cli_api_pipe to tevent_req commit 7a429fb369f608c0aaad20a89baf86aebf615440 Author: Volker Lendecke v...@samba.org Date: Mon Mar 23 21:57:19 2009 +0100 Convert get_complete_frag to tevent_req commit 7573bb758e843912335af7ee3a60b21a31b5118e Author: Volker Lendecke v...@samba.org Date: Mon Mar 23 21:49:19 2009 +0100 Convert rpc_write to tevent_req commit 1dd08834586484f0a463ba9378e03f742871d517 Author: Volker Lendecke v...@samba.org Date: Mon Mar 23 21:37:27 2009 +0100 Convert rpc_read to tevent_req commit 6a2e71b12dbfed195859f0fc521ec5a5c145e1f5 Author: Volker Lendecke v...@samba.org Date: Sun Mar 1 22:25:51 2009 +0100 Add tevent_req_simple_recv_ntstatus() --- Summary of changes: lib/util/tevent_ntstatus.c | 10 + lib/util/tevent_ntstatus.h |1 + source3/include/client.h| 32 +- source3/include/proto.h | 22 +- source3/rpc_client/cli_pipe.c | 580 +++ source3/rpc_client/rpc_transport_np.c | 127 source3/rpc_client/rpc_transport_smbd.c | 93 +++--- source3/rpc_client/rpc_transport_sock.c | 82 +++--- 8 files changed, 465 insertions(+), 482 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/tevent_ntstatus.c b/lib/util/tevent_ntstatus.c index 1a34e9c..4e43399 100644 --- a/lib/util/tevent_ntstatus.c +++ b/lib/util/tevent_ntstatus.c @@ -49,3 +49,13 @@ bool tevent_req_is_nterror(struct tevent_req *req, NTSTATUS *status) } return true; } + +NTSTATUS tevent_req_simple_recv_ntstatus(struct tevent_req *req) +{ + NTSTATUS status; + + if (tevent_req_is_nterror(req, status)) { + return status; + } + return NT_STATUS_OK; +} diff --git a/lib/util/tevent_ntstatus.h b/lib/util/tevent_ntstatus.h index 84c275f..d7194a9 100644 --- a/lib/util/tevent_ntstatus.h +++ b/lib/util/tevent_ntstatus.h @@ -28,5 +28,6 @@ bool tevent_req_nterror(struct tevent_req *req, NTSTATUS status); bool tevent_req_is_nterror(struct tevent_req *req, NTSTATUS *pstatus); +NTSTATUS tevent_req_simple_recv_ntstatus(struct tevent_req *req); #endif diff --git a/source3/include/client.h b/source3/include/client.h index db19f34..73a1d7b 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -71,26 +71,26 @@ struct rpc_cli_transport { /** * Trigger an async read from the server. May return a short read. */ - struct async_req *(*read_send)(TALLOC_CTX *mem_ctx, - struct event_context *ev, - uint8_t *data, size_t size, - void *priv); + struct tevent_req *(*read_send)(TALLOC_CTX *mem_ctx, + struct event_context
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-707-g2ff2cef
The branch, master has been updated via 2ff2ceffd256b7709d8ee807517f856cfdad5d9e (commit) from 5f753e22f1f536e0e227db0f453809ad6cfacaf6 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2ff2ceffd256b7709d8ee807517f856cfdad5d9e Author: Kai Blin k...@samba.org Date: Tue Mar 24 14:59:11 2009 +0100 wbclient: Fix use of wb_int_trans_send, queue parameter must not be NULL --- Summary of changes: source3/lib/wbclient.c | 12 ++-- 1 files changed, 6 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/wbclient.c b/source3/lib/wbclient.c index 3cf992c..c22e168 100644 --- a/source3/lib/wbclient.c +++ b/source3/lib/wbclient.c @@ -449,8 +449,8 @@ static void wb_open_pipe_connect_nonpriv_done(struct tevent_req *subreq) ZERO_STRUCT(state-wb_req); state-wb_req.cmd = WINBINDD_INTERFACE_VERSION; - subreq = wb_int_trans_send(state, state-ev, NULL, state-wb_ctx-fd, - state-wb_req); + subreq = wb_int_trans_send(state, state-ev, state-wb_ctx-queue, + state-wb_ctx-fd, state-wb_req); if (tevent_req_nomem(subreq, req)) { return; } @@ -480,8 +480,8 @@ static void wb_open_pipe_ping_done(struct tevent_req *subreq) state-wb_req.cmd = WINBINDD_PRIV_PIPE_DIR; - subreq = wb_int_trans_send(state, state-ev, NULL, state-wb_ctx-fd, - state-wb_req); + subreq = wb_int_trans_send(state, state-ev, state-wb_ctx-queue, + state-wb_ctx-fd, state-wb_req); if (tevent_req_nomem(subreq, req)) { return; } @@ -673,8 +673,8 @@ static void wb_trans_connect_done(struct tevent_req *subreq) return; } - subreq = wb_int_trans_send(state, state-ev, NULL, state-wb_ctx-fd, - state-wb_req); + subreq = wb_int_trans_send(state, state-ev, state-wb_ctx-queue, + state-wb_ctx-fd, state-wb_req); if (tevent_req_nomem(subreq, req)) { return; } -- Samba Shared Repository
[SCM] SAMBA-CTDB repository - annotated tag build_3.2.8_ctdb.56 created - build_3.2.8_ctdb.56
The annotated tag, build_3.2.8_ctdb.56 has been created at ced343df2c17e1c217c60ff492c542ae987f5d18 (tag) tagging 352fca67a831e061ed3c126d7513611aa4c1fcf3 (commit) replaces build_3.2.7_ctdb.54 tagged by Michael Adam on Tue Mar 24 16:03:39 2009 +0100 - Log - tag build_3.2.8_ctdb.56 Michael -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEABECAAYFAknI9lwACgkQyU9JOBhPkDRBOgCfSnG0XEYzFAQZMab5aRL6T2+t reAAmwSV/hAZtiu5jhnYL5MrobBDkFVP =6uCf -END PGP SIGNATURE- Andreas Schneider (4): Fix a segfault if ? is there but the options are NULL. This is the case if SMBC_parse_path is called by SMBC_stat_ctx. Avoid flooding of syslog with failing pam_putenv messages. Document default of the printing config variable. Use talloc_tos() instead of the talloc NULL context. Andrew Tridgell (1): keep compatibility with v3-0-ctdb name for fileid:mapping option Aravind Srinivasan (1): Have nmbd check all available interfaces for WINS before failing Björn Jacke (8): give configure check sub-second timestamps without struct timespec a chance to succeed rather cosmetic fix for failed birthtime configure checks add configure check for AIX style sub-second resolution support add missing semicolons add configure check for Tru64 sub-second timestamp resolution add Tru64 sub-second resolution timestamp support fix build with external dns_sd libraries enable IPv6 support for NetBSD, FreeBSD Bo Yang (2): Don't send message to any other child in child process. Fix bug in get_dc_name_via_netlogon(), null pointer refrence. Derrell Lipman (3): Treat file names in POSIX-like case-sensitive fashion by default [Bug 6022] smbc_urlencode and smbc_urldecode were not exported Determine case sensitivity based on file system attributes. Günter Kukkukk (1): Don't try and delete a default ACL from a file. Günther Deschner (6): s3-eventlog: fix buffer allocation in eventlog read call. s3-eventlog: fix various invalid memcpy in read_package_entry(). s3-docs: fix typo in eventlogadm manpage. s3-net: remove unused ENUM_HND. s3-spoolss: fix memleak in get_remote_printer_publishing_data(). errors: add WERR_NOT_FOUND. Jeff Layton (1): mount.cifs: initialize rc to 0 in main Jelmer Vernooij (4): Make the make output a bit less chatty. Add test target in Makefile. Use double colon targets. Depend on latexfigures files directly as using a rule in between causes problems. Jeremy Allison (15): Merge branch 'v3-2-test' of ssh://j...@git.samba.org/data/git/samba into v3-2-test Fix bug #6019 File corruption in Clustered SMB/NFS environment managed via CTDB From boyang - ensure we never return from a forked child, always _exit(). Fix bug #6035 - Possible race between fcntl F_SETLKW and alarm delivery. Fix bug #6040 - Calling Samba print server with an aliased DNS-name fails. Allow reinit_after_fork to be called safely from within swat and other binaries that don't have Fix bug #6040 - Missing th header in Status page. First thing, kill all the language lawyers :-). Ensure possible insane compilers Merge branch 'v3-2-test' of ssh://j...@git.samba.org/data/git/samba into v3-2-test Another attempt to fix bug #4308 - Excel save operation corrupts file ACLs. Second part of the attemt to fix #4308 - Excel save operation corrupts file ACLs. Fix logic error in try_chown - we shouldn't arbitrarily chown Apply same logic fix for #4308 Excel save operation corrupts file ACLs Fix detection of dns_sd libraries. Following Björn JACKE's patch, unify the detection of the timespec code in configure.in, and the application of it in time.c Karolin Seeger (12): S3-HowTo: Change 'winbindd -B' to 'winbindd -D'. S3-ByExample: Use 'winbindd -D' instead of 'winbindd -B'. build_docs: Use 'make distclean' instead of 'make clean'. docs: Fix formatting issue in man libsmbclient. docs: Add manpage for vfs_shadow_copy2. WHATSNEW: Prepare WHATSNEW for 3.2.8. VERSION: Raise version number up to 3.2.8. WHATSNEW: Update changes since 3.2.7. WHATSNEW: Update changes since 3.2.7. docs: Describe service in man mount.cifs. WHATSNEW: Update changes since 3.2.7. WHATSNEW: Update changes since 3.2.7. Lars Müller (2): Conditional install of the cifs.upcall man page Adjust regex to match variable names including underscores Michael Adam (102): packaging(RHEL-CTDB): Bump release number to ctdb.55 for the next RPM build. Remove proto.h that got accidentially committet to v3-2-test Merge commit 'origin/v3-2-test' into v3-2-ctdb s3:docs: fix distclean target and add realdistclean target
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-708-g2bc9ffa
The branch, master has been updated via 2bc9ffa9fb5c69416b00f46a59b59e0f523634d1 (commit) from 2ff2ceffd256b7709d8ee807517f856cfdad5d9e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2bc9ffa9fb5c69416b00f46a59b59e0f523634d1 Author: Günther Deschner g...@samba.org Date: Tue Mar 24 16:07:46 2009 +0100 s4-install: add new location of generated dcerpc headers to headermap file. Guenther --- Summary of changes: source4/headermap.txt |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/headermap.txt b/source4/headermap.txt index 280d60b..1c86f9e 100644 --- a/source4/headermap.txt +++ b/source4/headermap.txt @@ -86,6 +86,8 @@ librpc/gen_ndr/nbt.h: gen_ndr/nbt.h librpc/gen_ndr/svcctl.h: gen_ndr/svcctl.h librpc/gen_ndr/ndr_svcctl.h: gen_ndr/ndr_svcctl.h librpc/gen_ndr/ndr_svcctl_c.h: gen_ndr/ndr_svcctl_c.h +../librpc/gen_ndr/dcerpc.h: gen_ndr/dcerpc.h +../librpc/gen_ndr/ndr_dcerpc.h: gen_ndr/ndr_dcerpc.h ../librpc/gen_ndr/netlogon.h: gen_ndr/netlogon.h ../librpc/gen_ndr/ndr_misc.h: gen_ndr/ndr_misc.h ../librpc/gen_ndr/mgmt.h: gen_ndr/mgmt.h -- Samba Shared Repository
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - build_3.2.8_ctdb.56-3-g1ebd6ce
The branch, v3-2-ctdb has been updated via 1ebd6ce818f70d8108319231d67d6e4de54d2855 (commit) from 06c9926c50941bbbc0fd0b96fdadded3cbed0769 (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit 1ebd6ce818f70d8108319231d67d6e4de54d2855 Author: Michael Adam ob...@samba.org Date: Tue Mar 24 16:19:01 2009 +0100 v3-2-ctdb: bump version number to 3.2.8_ctdb.57 Michael --- Summary of changes: source/VERSION |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/VERSION b/source/VERSION index 8189440..ecacdba 100644 --- a/source/VERSION +++ b/source/VERSION @@ -96,4 +96,4 @@ SAMBA_VERSION_IS_GIT_SNAPSHOT= # - CVS 3.0.0rc2-VendorVersion# SAMBA_VERSION_VENDOR_SUFFIX=ctdb -SAMBA_VERSION_VENDOR_PATCH=56 +SAMBA_VERSION_VENDOR_PATCH=57 -- SAMBA-CTDB repository
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - build_3.2.8_ctdb.56-36-gdd23148
The branch, v3-2-ctdb has been updated via dd23148118fb058b65748cc5fda47474aa8515eb (commit) via 448443fb31dcb1c830dcb1e66187ed6d0970369c (commit) via aeabd7ba7294807d608f1e2fa30cdf33844b0248 (commit) via ec05e2079ad9405507aaa4e51a3f895a2b5f3b09 (commit) via cbd8c505084bf74b7a2b5869680cfc521dc208b4 (commit) via 3428fa22e1d111f7372b488bf362d454e83b3cd7 (commit) via 8ff0e4cf26961cfd7ebe87c7729f70694dc9ad95 (commit) via 4e27f5fd46c16e7dfcf8a9b66ed86099e2836521 (commit) via fc435e8b4b75b1d750c703f0fbbd44b1fba6873b (commit) via 4f24bc02c45bfda9352e14fa6605242c18c3e7b6 (commit) via be0a09ea769e8132678e73d35ffdc029236e01de (commit) via 28bbb327d808eb6f8299fbfa44c03c3c3360bfa6 (commit) via 7368d3b07d5aad57a2bdadc87bb9c02700481303 (commit) via 2cde6d78de3cd7e01415533d9ecfde96f0e1bbfb (commit) via b37bf89aadc4393ca804fa4fe4c4a1f6fe958d9f (commit) via 20e95a8dca1a7ebc8a4d649b6cdfc69e6bdd4277 (commit) via b84d487e3d0277a994f4016168ec16034873e729 (commit) via 95dfe11d0f0ec5f9c08e8779d40341dbac58d921 (commit) via e70a5f4d05327ef83f3907fff6bbb0a6f7ec0d34 (commit) via ba768f67f3884b60f5229d34a4af93b01e8deac3 (commit) via a5a5b5b052567e79233e2fdf279cf0ac06e7b7aa (commit) via 9a03b64f81fc9c4d21b3a1bf6d52128ae9d91c7a (commit) via 8e462c99ca80a8f68db1f8040fab3b55b1578f6d (commit) via 1250dba2b2aafa5109f4a658b7fcf34fe3ed99c7 (commit) via ad792a49ee3bfc2101d8e9d986ae5c2f048c9b79 (commit) via 19037498aa60b3b0f7a17674b3db3f9e7cc26c42 (commit) via 4079839e50ec845a6ce193d528306f3407445df3 (commit) via c9458a4022b6bb6506694fb184e287da88fc92c3 (commit) via 04e05e884c4e67d45cbee75803819610fbd08fbd (commit) via eba73c8d91144193ec288b7fe8f9e5214dc8d383 (commit) via bd34ea450f02f3e96385d0e6bc9718ab91c78e29 (commit) via 57290aede977914a5c2171c1560e95676f90b672 (commit) via e860df584b462f306ca75bcb9bb289946b8cae87 (commit) from 1ebd6ce818f70d8108319231d67d6e4de54d2855 (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit dd23148118fb058b65748cc5fda47474aa8515eb Author: Jeremy Allison j...@samba.org Date: Wed Feb 25 14:55:19 2009 -0800 Fix more POSIX path lstat calls. Fix bug where close can return failure if we have a pending modtime and the containing directory of the file has been renamed (there is no POSIX update time by fd call). This can't happen on Windows as the rename will fail if there are open files beneath it. Will add a torture test for this. Jeremy. (cherry picked from commit 5fb3b5e903c08013074ba473399ddee30f6c328f) Signed-off-by: Michael Adam ob...@samba.org commit 448443fb31dcb1c830dcb1e66187ed6d0970369c Author: Jeremy Allison j...@samba.org Date: Wed Feb 25 13:48:30 2009 -0800 Fix use of streams modules with CIFSFS client. Jeremy. (cherry picked from commit 161dc96c1147f637b5ef78bb3f543f6d5e0618c6) Signed-off-by: Michael Adam ob...@samba.org commit aeabd7ba7294807d608f1e2fa30cdf33844b0248 Author: Jeremy Allison j...@samba.org Date: Tue Feb 24 17:59:19 2009 -0800 Allow set attributes on a stream fnum to be redirected to the base filename. Fixes the new RAW-STREAMS torture test. Jeremy. (cherry picked from commit 73d0c3143eedb5a9fd4d154aaf42d20ba6a19a1f) Signed-off-by: Michael Adam ob...@samba.org commit ec05e2079ad9405507aaa4e51a3f895a2b5f3b09 Author: Steve French smfre...@gmail.com Date: Tue Feb 24 17:10:19 2009 -0600 Fix guest mounts guest session setup, login (user id) as anonymous. This patch is for samba bugzilla bug 4640. Signed-off-by: Shirish Pargaonkar shiri...@us.ibm.com Acked-by: Jeff Layton jlay...@redhat.com Signed-off-by: Steve French sfre...@samba.org (cherry picked from commit 5e6b019d70fef2ad082fc414053c131294bdeb49) Signed-off-by: Michael Adam ob...@samba.org commit cbd8c505084bf74b7a2b5869680cfc521dc208b4 Author: Steve French smfre...@gmail.com Date: Tue Feb 24 12:52:08 2009 -0600 cifs mount fix for handling -V parameter also syncs with 3-3 mount.cifs Acked-by: Jeff Layton jlay...@redhat.com Signed-off-by: Steve French sfre...@samba.org (cherry picked from commit e831cd78ee3cf89abee058a475540955fad423ce) Signed-off-by: Michael Adam ob...@samba.org commit 3428fa22e1d111f7372b488bf362d454e83b3cd7 Author: Björn Jacke b...@sernet.de Date: Sun Feb 22 19:46:40 2009 +0100 prefer gssapi header files from subdirectory this fixes some compile time noise on FreeBSD 7 (cherry picked from commit 1bfdbb093f7c5e434ea3e653d389e1ccec578af6) (cherry picked from commit de96e1a82d6e92c00a0ab3020db8d7c0284aadb1)
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3517-ge217138
The branch, v3-2-test has been updated via e217138a36b1ba1eff164aecfa52ba6fe8864747 (commit) from bb76066e8797599e5ca75821a686e32dd0c97a74 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit e217138a36b1ba1eff164aecfa52ba6fe8864747 Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 24 11:50:49 2009 -0700 s3:smbd: if we allow trans2 on the IPC$ share, then we have to allow transs2 too. Otherwise we'll confuse the client signing engine, when we reply an error to each transs2. metze --- Summary of changes: source/smbd/process.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/process.c b/source/smbd/process.c index 82d5cc9..ad01a52 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -1033,7 +1033,7 @@ static const struct smb_message_struct { /* 0x30 */ { NULL, NULL, 0 }, /* 0x31 */ { NULL, NULL, 0 }, /* 0x32 */ { SMBtrans2,reply_trans2, AS_USER | CAN_IPC }, -/* 0x33 */ { SMBtranss2,reply_transs2, AS_USER}, +/* 0x33 */ { SMBtranss2,reply_transs2, AS_USER | CAN_IPC}, /* 0x34 */ { SMBfindclose,reply_findclose,AS_USER}, /* 0x35 */ { SMBfindnclose,reply_findnclose,AS_USER}, /* 0x36 */ { NULL, NULL, 0 }, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5165-g97cdf68
The branch, v3-3-test has been updated via 97cdf68a42bd9d5ec312151bcca9830228caeee1 (commit) from c38c80fcd3f63e60450fd95c27d842082e8e00fd (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 97cdf68a42bd9d5ec312151bcca9830228caeee1 Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 24 12:36:10 2009 -0700 s3:smbd: if we allow trans2 on the IPC$ share, then we have to allow transs2 too. Otherwise we'll confuse the client signing engine, when we reply an error to each transs2. metze --- Summary of changes: source/smbd/process.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/process.c b/source/smbd/process.c index aeb0fc4..365c972 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -1039,7 +1039,7 @@ static const struct smb_message_struct { /* 0x30 */ { NULL, NULL, 0 }, /* 0x31 */ { NULL, NULL, 0 }, /* 0x32 */ { SMBtrans2,reply_trans2, AS_USER | CAN_IPC }, -/* 0x33 */ { SMBtranss2,reply_transs2, AS_USER}, +/* 0x33 */ { SMBtranss2,reply_transs2, AS_USER | CAN_IPC}, /* 0x34 */ { SMBfindclose,reply_findclose,AS_USER}, /* 0x35 */ { SMBfindnclose,reply_findnclose,AS_USER}, /* 0x36 */ { NULL, NULL, 0 }, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-709-gc653e8d
The branch, master has been updated via c653e8daaf3e842544d7f9561557d1ab9449971c (commit) from 2bc9ffa9fb5c69416b00f46a59b59e0f523634d1 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c653e8daaf3e842544d7f9561557d1ab9449971c Author: Volker Lendecke v...@samba.org Date: Tue Mar 24 21:57:01 2009 +0100 Fix two memleaks in the encryption code ntlmssp_seal_packet creates its own signature data blob, which we then have to free. Jeremy, please check and merge appropriately (Yes, I'm asking you to do the janitor work, I want you to *look* at this :-)) Volker --- Summary of changes: source3/libsmb/smb_seal.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index 795c8bc..2f7305c 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -136,7 +136,7 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, smb_set_enclen(buf_out, smb_len(buf) + NTLMSSP_SIG_SIZE, enc_ctx_num); - sig = data_blob(NULL, NTLMSSP_SIG_SIZE); + ZERO_STRUCT(sig); status = ntlmssp_seal_packet(ntlmssp_state, (unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'S' enc ctx */ @@ -153,6 +153,7 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, /* First 16 data bytes are signature for SSPI compatibility. */ memcpy(buf_out + 8, sig.data, NTLMSSP_SIG_SIZE); + data_blob_free(sig); *ppbuf_out = buf_out; return NT_STATUS_OK; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-571-g17616dd
The branch, v3-4-test has been updated via 17616dddfaa26688387f671c870873056896f6b7 (commit) from e4f3d75432dbe372e164962a993b6e882fe44e83 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 17616dddfaa26688387f671c870873056896f6b7 Author: Volker Lendecke v...@samba.org Date: Tue Mar 24 21:57:01 2009 +0100 Fix two memleaks in the encryption code ntlmssp_seal_packet creates its own signature data blob, which we then have to free. Jeremy, please check and merge appropriately (Yes, I'm asking you to do the janitor work, I want you to *look* at this :-)) Volker --- Summary of changes: source3/libsmb/smb_seal.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index 795c8bc..2f7305c 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -136,7 +136,7 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, smb_set_enclen(buf_out, smb_len(buf) + NTLMSSP_SIG_SIZE, enc_ctx_num); - sig = data_blob(NULL, NTLMSSP_SIG_SIZE); + ZERO_STRUCT(sig); status = ntlmssp_seal_packet(ntlmssp_state, (unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'S' enc ctx */ @@ -153,6 +153,7 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, /* First 16 data bytes are signature for SSPI compatibility. */ memcpy(buf_out + 8, sig.data, NTLMSSP_SIG_SIZE); + data_blob_free(sig); *ppbuf_out = buf_out; return NT_STATUS_OK; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5166-g4d0cfb4
The branch, v3-3-test has been updated via 4d0cfb46e449e85646e05df2c4efe7dffa670edd (commit) from 97cdf68a42bd9d5ec312151bcca9830228caeee1 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 4d0cfb46e449e85646e05df2c4efe7dffa670edd Author: Volker Lendecke v...@samba.org Date: Tue Mar 24 15:25:56 2009 -0700 Fix two memleaks in the encryption code ntlmssp_seal_packet creates its own signature data blob, which we then have to free. Jeremy, please check and merge appropriately (Yes, I'm asking you to do the janitor work, I want you to *look* at this :-)) Volker --- Summary of changes: source/libsmb/smb_seal.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/smb_seal.c b/source/libsmb/smb_seal.c index 795c8bc..2f7305c 100644 --- a/source/libsmb/smb_seal.c +++ b/source/libsmb/smb_seal.c @@ -136,7 +136,7 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, smb_set_enclen(buf_out, smb_len(buf) + NTLMSSP_SIG_SIZE, enc_ctx_num); - sig = data_blob(NULL, NTLMSSP_SIG_SIZE); + ZERO_STRUCT(sig); status = ntlmssp_seal_packet(ntlmssp_state, (unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'S' enc ctx */ @@ -153,6 +153,7 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, /* First 16 data bytes are signature for SSPI compatibility. */ memcpy(buf_out + 8, sig.data, NTLMSSP_SIG_SIZE); + data_blob_free(sig); *ppbuf_out = buf_out; return NT_STATUS_OK; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3518-g525af71
The branch, v3-2-test has been updated via 525af716cd52500a4e3dccf9eeb9ea85f86be7ca (commit) from e217138a36b1ba1eff164aecfa52ba6fe8864747 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 525af716cd52500a4e3dccf9eeb9ea85f86be7ca Author: Volker Lendecke v...@samba.org Date: Tue Mar 24 15:29:35 2009 -0700 Fix two memleaks in the encryption code ntlmssp_seal_packet creates its own signature data blob, which we then have to free. Jeremy, please check and merge appropriately (Yes, I'm asking you to do the janitor work, I want you to *look* at this :-)) Volker --- Summary of changes: source/libsmb/smb_seal.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/smb_seal.c b/source/libsmb/smb_seal.c index 795c8bc..2f7305c 100644 --- a/source/libsmb/smb_seal.c +++ b/source/libsmb/smb_seal.c @@ -136,7 +136,7 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, smb_set_enclen(buf_out, smb_len(buf) + NTLMSSP_SIG_SIZE, enc_ctx_num); - sig = data_blob(NULL, NTLMSSP_SIG_SIZE); + ZERO_STRUCT(sig); status = ntlmssp_seal_packet(ntlmssp_state, (unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'S' enc ctx */ @@ -153,6 +153,7 @@ NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state, /* First 16 data bytes are signature for SSPI compatibility. */ memcpy(buf_out + 8, sig.data, NTLMSSP_SIG_SIZE); + data_blob_free(sig); *ppbuf_out = buf_out; return NT_STATUS_OK; } -- Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-709-gc653e8d
On Tue, Mar 24, 2009 at 04:00:56PM -0500, Volker Lendecke wrote: The branch, master has been updated via c653e8daaf3e842544d7f9561557d1ab9449971c (commit) from 2bc9ffa9fb5c69416b00f46a59b59e0f523634d1 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c653e8daaf3e842544d7f9561557d1ab9449971c Author: Volker Lendecke v...@samba.org Date: Tue Mar 24 21:57:01 2009 +0100 Fix two memleaks in the encryption code ntlmssp_seal_packet creates its own signature data blob, which we then have to free. Jeremy, please check and merge appropriately (Yes, I'm asking you to do the janitor work, I want you to *look* at this :-)) Pushed appropriately - thanks ! Jeremy.
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3519-g4a99f2f
The branch, v3-2-test has been updated via 4a99f2f006e6324cf38b68f0f390daf52f24b1b3 (commit) from 525af716cd52500a4e3dccf9eeb9ea85f86be7ca (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 4a99f2f006e6324cf38b68f0f390daf52f24b1b3 Author: Volker Lendecke v...@samba.org Date: Tue Mar 24 15:34:13 2009 -0700 winbind_pam: fix gcc 4.4 compile warning --- Summary of changes: source/winbindd/winbindd_pam.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/winbindd_pam.c b/source/winbindd/winbindd_pam.c index f376d16..fea1075 100644 --- a/source/winbindd/winbindd_pam.c +++ b/source/winbindd/winbindd_pam.c @@ -1832,7 +1832,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, if (state-request.data.auth_crap.lm_resp_len sizeof(state-request.data.auth_crap.lm_resp) || state-request.data.auth_crap.nt_resp_len sizeof(state-request.data.auth_crap.nt_resp)) { - if (!state-request.flags WBFLAG_BIG_NTLMV2_BLOB || + if (!(state-request.flags WBFLAG_BIG_NTLMV2_BLOB) || state-request.extra_len != state-request.data.auth_crap.nt_resp_len) { DEBUG(0, (winbindd_pam_auth_crap: invalid password length %u/%u\n, state-request.data.auth_crap.lm_resp_len, -- Samba Shared Repository
Build status as of Wed Mar 25 00:00:02 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-03-24 00:00:30.0 + +++ /home/build/master/cache/broken_results.txt 2009-03-25 00:00:44.0 + @@ -1,22 +1,22 @@ -Build status as of Tue Mar 24 00:00:02 2009 +Build status as of Wed Mar 25 00:00:02 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 29 5 0 +ccache 30 5 0 ctdb 0 0 0 distcc 0 0 0 -ldb 29 30 0 +ldb 30 30 0 libreplace 30 12 0 lorikeet-heimdal 27 14 0 pidl 21 3 0 ppp 13 0 0 rsync30 10 0 samba-docs 0 0 0 -samba-gtk5 5 0 -samba_3_X_devel 29 26 0 +samba-gtk6 6 0 +samba_3_X_devel 29 28 0 samba_3_X_test 28 25 0 -samba_4_0_test 28 29 1 +samba_4_0_test 29 29 1 smb-build29 6 0 talloc 30 30 0 tdb 27 9 0
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-711-gad98eae
The branch, master has been updated via ad98eae02e623a8ca8aa6a1c46d5aedea50e2e4b (commit) via db5677d071fc58f38cab4ab800111455a8637edb (commit) from c653e8daaf3e842544d7f9561557d1ab9449971c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ad98eae02e623a8ca8aa6a1c46d5aedea50e2e4b Author: David Kwan david.k...@isilon.com Date: Fri Mar 20 16:03:08 2009 + s3 onefs: Change error status to NT_ACCESS_DENIED for errors in SET_SECURITY_DESC commit db5677d071fc58f38cab4ab800111455a8637edb Author: Tim Prouty tpro...@samba.org Date: Tue Mar 24 17:05:16 2009 -0700 s3: parse_packet can return NULL which is then dereferenced in match_mailslot_name --- Summary of changes: source3/libsmb/unexpected.c |2 ++ source3/modules/onefs_acl.c | 10 +- 2 files changed, 7 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c index df4d211..d123e24 100644 --- a/source3/libsmb/unexpected.c +++ b/source3/libsmb/unexpected.c @@ -162,6 +162,8 @@ static int traverse_match(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, state-match_type, ip, port); + if (!p) + return 0; if ((state-match_type == NMB_PACKET p-packet.nmb.header.name_trn_id == state-match_id) || diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c index 6f23d60..8ee31ab 100644 --- a/source3/modules/onefs_acl.c +++ b/source3/modules/onefs_acl.c @@ -825,7 +825,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32 security_info_sent, SEC_DESC *psd, /* Setup owner */ if (security_info_sent OWNER_SECURITY_INFORMATION) { if (!onefs_og_to_identity(psd-owner_sid, owner, false, snum)) - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_ACCESS_DENIED; SMB_ASSERT(owner.id.uid = 0); @@ -835,7 +835,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32 security_info_sent, SEC_DESC *psd, /* Setup group */ if (security_info_sent GROUP_SECURITY_INFORMATION) { if (!onefs_og_to_identity(psd-group_sid, group, true, snum)) - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_ACCESS_DENIED; SMB_ASSERT(group.id.gid = 0); @@ -846,7 +846,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32 security_info_sent, SEC_DESC *psd, if ((security_info_sent DACL_SECURITY_INFORMATION) (psd-dacl)) { if (!onefs_samba_acl_to_acl(psd-dacl, daclp, ignore_aces, snum)) - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_ACCESS_DENIED; if (ignore_aces == true) security_info_sent = ~DACL_SECURITY_INFORMATION; @@ -863,7 +863,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32 security_info_sent, SEC_DESC *psd, if (psd-sacl) { if (!onefs_samba_acl_to_acl(psd-sacl, saclp, ignore_aces, snum)) - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_ACCESS_DENIED; if (ignore_aces == true) { security_info_sent = @@ -877,7 +877,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32 security_info_sent, SEC_DESC *psd, DEBUG(5,(Setting up SD\n)); if (aclu_initialize_sd(sd, psd-type, ownerp, groupp, (daclp ? daclp : NULL), (saclp ? saclp : NULL), false)) - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_ACCESS_DENIED; return NT_STATUS_OK; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-573-g7d5996e
The branch, v3-4-test has been updated via 7d5996e1d5eca454f651ca49a357d28077446309 (commit) via 0f01296bbb08d75ce693a65ea6cb0df80c1b4927 (commit) from 17616dddfaa26688387f671c870873056896f6b7 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 7d5996e1d5eca454f651ca49a357d28077446309 Author: David Kwan david.k...@isilon.com Date: Fri Mar 20 16:03:08 2009 + s3 onefs: Change error status to NT_ACCESS_DENIED for errors in SET_SECURITY_DESC (cherry picked from commit ad98eae02e623a8ca8aa6a1c46d5aedea50e2e4b) commit 0f01296bbb08d75ce693a65ea6cb0df80c1b4927 Author: Tim Prouty tpro...@samba.org Date: Tue Mar 24 17:05:16 2009 -0700 s3: parse_packet can return NULL which is then dereferenced in match_mailslot_name (cherry picked from commit db5677d071fc58f38cab4ab800111455a8637edb) --- Summary of changes: source3/libsmb/unexpected.c |2 ++ source3/modules/onefs_acl.c | 10 +- 2 files changed, 7 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c index df4d211..d123e24 100644 --- a/source3/libsmb/unexpected.c +++ b/source3/libsmb/unexpected.c @@ -162,6 +162,8 @@ static int traverse_match(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, state-match_type, ip, port); + if (!p) + return 0; if ((state-match_type == NMB_PACKET p-packet.nmb.header.name_trn_id == state-match_id) || diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c index 6f23d60..8ee31ab 100644 --- a/source3/modules/onefs_acl.c +++ b/source3/modules/onefs_acl.c @@ -825,7 +825,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32 security_info_sent, SEC_DESC *psd, /* Setup owner */ if (security_info_sent OWNER_SECURITY_INFORMATION) { if (!onefs_og_to_identity(psd-owner_sid, owner, false, snum)) - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_ACCESS_DENIED; SMB_ASSERT(owner.id.uid = 0); @@ -835,7 +835,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32 security_info_sent, SEC_DESC *psd, /* Setup group */ if (security_info_sent GROUP_SECURITY_INFORMATION) { if (!onefs_og_to_identity(psd-group_sid, group, true, snum)) - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_ACCESS_DENIED; SMB_ASSERT(group.id.gid = 0); @@ -846,7 +846,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32 security_info_sent, SEC_DESC *psd, if ((security_info_sent DACL_SECURITY_INFORMATION) (psd-dacl)) { if (!onefs_samba_acl_to_acl(psd-dacl, daclp, ignore_aces, snum)) - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_ACCESS_DENIED; if (ignore_aces == true) security_info_sent = ~DACL_SECURITY_INFORMATION; @@ -863,7 +863,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32 security_info_sent, SEC_DESC *psd, if (psd-sacl) { if (!onefs_samba_acl_to_acl(psd-sacl, saclp, ignore_aces, snum)) - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_ACCESS_DENIED; if (ignore_aces == true) { security_info_sent = @@ -877,7 +877,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32 security_info_sent, SEC_DESC *psd, DEBUG(5,(Setting up SD\n)); if (aclu_initialize_sd(sd, psd-type, ownerp, groupp, (daclp ? daclp : NULL), (saclp ? saclp : NULL), false)) - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_ACCESS_DENIED; return NT_STATUS_OK; } -- Samba Shared Repository
[SCM] CTDB repository - annotated tag ctdb-1.0.76 created - ctdb-1.0.76
The annotated tag, ctdb-1.0.76 has been created at da0e365ec04ea3224bcecaccb1006d96ded36be7 (tag) tagging 56b7095994d1de95e40a223ed503b5572ea9d1b9 (commit) replaces ctdb-1.0.72 tagged by Ronnie Sahlberg on Wed Mar 25 16:44:44 2009 +1100 - Log - tag for the 1.0.76 release -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBJycTd2aJ36aon/y8RAo5yAJ9PGEbFpEFMp7T1cncwq0hVoQnlhgCdF+ti uvYYFy3B7+M8x+8ofY8Jwhc= =R7W5 -END PGP SIGNATURE- Mathieu PARENT (3): build: Make log-directory configurable indepently of VARDIR smnotify: fix popt.h include to allow use of system lib correct ctdbd(1) manpage warning Michael Adam (13): events.d/41.httpd: fix a typo in the fix of the comment typo make: add a showlayout target for diagnostics build: print default in help for --with-logdir events 41.httpd: support suse and ubuntu/debian systems for managing apache Merge commit 'ctdb-ronnie/master' Merge commit 'ctdb-ronnie/master' move common code of system_linux.c and system_aix.c into new system_common.c Merge commit 'ctdb-ronnie/master' Merge commit 'ctdb-ronnie/master' ctdb.sysconfig: add CTDB_INIT_STYLE with explanation events.d/50.samba: allow CTDB_SERVICE_{SMB,NMB,WINBIND} to be overriden from sysconfig ctdb.sysconfig: add CTDB_MANAGES_HTTPD comment section Merge commit 'ctdb-ronnie/master' Ronnie Sahlberg (20): From Sumit Bose sb...@redhat.com new version 1.0.73 From C Cowan, AIX needs to set sockaddr.sa_len to a consistent value for new version 1.0.74 add documentation for the NAT-GW feature update the natgw eventscript and documentation The wbinfo --sequence command has been depreciated in favor of the new add michael adams as one of the ctdb developers on the main ctdb webpage we need to set the port properly in the parse_ip helper set --single-public-ip when lvs is used create a varient of kill_tcp_connections that only kills off the local side of a connection new version 1.0.75 Merge branch 'obnox' fix the html so that mine and obnox names are shown update the documentatio n with all the new commands we supprot in the web: fix typo update how the NATGW configuration works. iupdate the documentation for NATGW to reflect that you can now use change the ctdb command table to allow us to describe commands which can be run independtly of the ctdb daemon. new version 1.0.76 root (10): check the static-routes file if it exists collect net conf list in ctdb_diagnostics make it possible to disable checking all samba shares. Add a variable CTDB_NFS_SKIP_SHARE_CHECK to sysconfig that can disable the check that all shares are accessable. make sure we can collect proper mmfs data NAT-GW updates. Describe the functionality in the sysconfig file change the NATGW_ example in sysconfig to make it more realistic redo how the natgw is done. just use a default route with a high metric instead of fancy policyrouting create a helper function that converts a ctdb instance in daemon mode to become add a new command ctdb scriptstatus --- -- CTDB repository
[SCM] CTDB repository - branch master updated - ctdb-1.0.76
The branch, master has been updated via 56b7095994d1de95e40a223ed503b5572ea9d1b9 (commit) via cd78765f9400d7abce7929a2dd199f65226e7664 (commit) via e059df6d3cd81c67e5505e8ef2d6d0ef9a287b31 (commit) via 1046885cd22b5001e0251de2e536b5f6793459be (commit) from 95d22e4cf265d2119f72200ab0ec708f095853df (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 56b7095994d1de95e40a223ed503b5572ea9d1b9 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Mar 25 14:52:08 2009 +1100 new version 1.0.76 commit cd78765f9400d7abce7929a2dd199f65226e7664 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Mar 25 14:46:05 2009 +1100 change the ctdb command table to allow us to describe commands which can be run independtly of the ctdb daemon. create a new debugging command xpnn which discovers the pnn of the local node and which works even if the local daemon is not running commit e059df6d3cd81c67e5505e8ef2d6d0ef9a287b31 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Mar 25 13:46:41 2009 +1100 iupdate the documentation for NATGW to reflect that you can now use multiple natgw groups in one cluster commit 1046885cd22b5001e0251de2e536b5f6793459be Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Mar 25 13:37:57 2009 +1100 update how the NATGW configuration works. allow the cluster to be partitioned into multiple disjoint natgw subsets --- Summary of changes: config/ctdb.sysconfig|5 + config/events.d/11.natgw | 20 +-- doc/ctdbd.1 | 24 +++- doc/ctdbd.1.html | 55 +--- doc/ctdbd.1.xml | 40 -- packaging/RPM/ctdb.spec |5 +- tools/ctdb.c | 330 -- 7 files changed, 354 insertions(+), 125 deletions(-) Changeset truncated at 500 lines: diff --git a/config/ctdb.sysconfig b/config/ctdb.sysconfig index c3b5f16..ef3b0dc 100644 --- a/config/ctdb.sysconfig +++ b/config/ctdb.sysconfig @@ -172,11 +172,16 @@ # and thus no proper routes to the external world it will instead # route all packets through the nat-gw node. # +# NATGW_NODES is the list of nodes that belong to this natgw group. +# You can have multiple natgw groups in one cluster but each node +# can only belong to one single natgw group. +# # NATGW_PUBLIC_IP=10.0.0.227/24 # NATGW_PUBLIC_IFACE=eth0 # NATGW_DEFAULT_GATEWAY=10.0.0.1 # NATGW_PRIVATE_IFACE=eth1 # NATGW_PRIVATE_NETWORK=10.1.1.0/24 +# NATGW_NODES=/etc/ctdb/natgw_nodes # where to log messages # the default is /var/log/log.ctdb diff --git a/config/events.d/11.natgw b/config/events.d/11.natgw index 254a8c1..2d256ba 100644 --- a/config/events.d/11.natgw +++ b/config/events.d/11.natgw @@ -29,16 +29,14 @@ delete_all() { case $cmd in recovered) MYPNN=`ctdb pnn | cut -d: -f2` + NATGWMASTER=`ctdb natgwlist | head -1` + NATGWIP=`ctdb natgwlist | tail --lines=+2 | head -1 | cut -d: -f3` - # Find the first connected node - FIRST=`ctdb status -Y | grep :0:$ | head -1` - FIRSTNODE=`echo $FIRST | cut -d: -f2` - FIRSTIP=`echo $FIRST | cut -d: -f3` NATGW_PUBLIC_IP_HOST=`echo $NATGW_PUBLIC_IP | sed -e s/\/.*/\/32/` delete_all - if [ $FIRSTNODE == $MYPNN ]; then + if [ $MYPNN == $NATGWMASTER ]; then # This is the first node, set it up as the NAT GW echo 1 /proc/sys/net/ipv4/ip_forward iptables -A POSTROUTING -t nat -s $NATGW_PRIVATE_NETWORK -d ! $NATGW_PRIVATE_NETWORK -j MASQUERADE @@ -51,14 +49,12 @@ case $cmd in # We do this so that the ip address will exist on a # non-loopback interface so that samba may send it along in the # KDC requests. - - # Set the scope up as host and make sure we dont respond to ARP - # for this ip - echo 3 /proc/sys/net/ipv4/conf/all/arp_ignore - ip addr add $NATGW_PUBLIC_IP_HOST dev $NATGW_PRIVATE_IFACE scope host - - ip route add 0.0.0.0/0 via $FIRSTIP metric 10 + ip addr add $NATGW_PUBLIC_IP_HOST dev $NATGW_PRIVATE_IFACE + ip route add 0.0.0.0/0 via $NATGWIP metric 10 fi + + # flush our route cache + echo 1 /proc/sys/net/ipv4/route/flush ;; shutdown) diff --git a/doc/ctdbd.1 b/doc/ctdbd.1 index e379128..13e4a6b 100644 --- a/doc/ctdbd.1 +++ b/doc/ctdbd.1 @@ -1,11 +1,11 @@ .\ Title: ctdbd .\Author: .\ Generator: DocBook XSL Stylesheets v1.73.2 http://docbook.sf.net/ -.\ Date: 03/19/2009 +.\ Date: 03/25/2009 .\Manual: .\Source: .\ -.TH CTDBD 1 03/19/2009 +.TH CTDBD 1 03/25/2009 .\ disable hyphenation .nh .\ disable