Re: [Samba] Dynamic updates to interfaces parameter doesn't work
Yatish Jain wrote: Hi All, I am trying to make changes to interfaces = parameter in smb.conf while samba is running but even after smbcontrol smbd reload-configuration , there is no effect of this change. Please tell me how to find the interfaces a running smbd is listening to since smb.conf file may have changed since smbd started and didn't detect these changes. Version : 3.0.33-3.7.el5 Platform: Red Hat Enterprise Linux Server release 5.3 Best Wishes Yatish Samba can pick up certain changes dynamically, such as adding a new share, but I would expect changing the interfaces parameter to require a full restart: I do not think existing connections could be moved seamlessly from one interface to another. One way so see what Samba is listening on is to use the netstat(8) command. Something like netstat -lnp | grep [ns]mbd will show you what IP addresses and ports Samba is using. Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I find my files in a shared folder?
Allen Chen wrote: Hi, there I have a Samba(3.0.22) PDC and 100 XP users. This configuration works perfect for me. Thanks for Samba team. My question is: Is there a way to show an XP user all files belong to her/him on a Samba shared folder? The reason I'm asking, is I want to find all my file on the shared Samba folder. Thanks, Allen I would do this from the Unix side: find path -user username I don't know of any way to get XP to search for files by ownership, although there may be some 3rd party file indexing tool that would do it. Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] kerberos configuration in samba
Rajesh Ghanekar rajesh_ghane...@symantec.com wrote: - I guess I don't need to do kinit manually if I am using net ads join command, right? kinit is a good tool for tesing a kerberos workskation, or when doing local GSSAPI authentication. Not needed for samba. In your smb.conf you have to set the realm unless your local domainname matches the realm name (with lower case) - Does samba use SRV records for anything else other than finding out domain controller names? If not, I can do away without them by writing manual entries in /etc/krb5.conf. I will be using DNS, but no SRV records. When using no SRV records you have to set only the domaincontrollers in smb.conf. The other stuff (domainname, ...) is netbios related and does not use DNS. Additionally, the realm name in smb.conf must match a configuration in krb5.conf - I found that even when no SRV records are present and wrong (invalid hosts) IP addresses configured for domain controllers (in smb.conf and /etc/krb5.conf), I am still able to join the domain. I am not sure if there is any component which actually does broadcasting and finds out if any domain controller present using this fallback method? Samba version 3 can act as a Windows NT/200* member server or as a NT4 Domaincontroller (CMIIW). As member server (your config) it uses RPC and/or SMB to join a domain. Kerberos is used by samba to do any local authentication e.g. getting a shell, or accessing network shares, by winbind for example, or pam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Strange problem: NT_STATUS_ACCESS_DENIED
Hi, we have a very strange behaviour today. On of our clustered (by heartbeat) samba server don't want provide shares anymore. Every user is blocked with message access denied. So I thought there is a problem with mapping of users/groups. But wbinfo / id / getent are working fine. Do I move the share to another node everything works fine - the shared folders and the smb.conf are stored on a cluster filesystem, so all other nodes uses the same config file and the shared files have the same permissions. With log level of 10 I got following log: [...] [2009/12/16 10:57:26, 6] auth/auth_sam.c:416(check_samstrict_security) check_samstrict_security: EVAN is not one of my local names (ROLE_DOMAIN_MEMBER) [2009/12/16 10:57:26, 10] auth/auth.c:262(check_ntlm_password) check_ntlm_password: sam had nothing to say [2009/12/16 10:57:26, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/12/16 10:57:26, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/12/16 10:57:26, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/12/16 10:57:26, 5] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2009/12/16 10:57:26, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/12/16 10:57:27, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/12/16 10:57:27, 10] auth/auth_winbind.c:85(check_winbind_security) check_winbind_security: wbcAuthenticateUserEx failed: WBC_ERR_AUTH_ERROR [2009/12/16 10:57:27, 5] auth/auth.c:274(check_ntlm_password) check_ntlm_password: winbind authentication for user [username] FAILED with error NT_STATUS_ACCESS_DENIED [2009/12/16 10:57:27, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [username] - [username] FAILED with error NT_STATUS_ACCESS_DENIED [2009/12/16 10:57:27, 5] auth/auth_util.c:2114(free_user_info) attempting to free (and zero) a user_info structure [2009/12/16 10:57:27, 10] auth/auth_util.c:2118(free_user_info) structure was created for username [2009/12/16 10:57:27, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(1725) cmd=115 (SMBsesssetupX) NT_STATUS_ACCESS_DENIED [2009/12/16 10:57:27, 5] lib/util.c:632(show_msg) [2009/12/16 10:57:27, 5] lib/util.c:642(show_msg) [...] Is there a possibility to get the reason for NT_STATUS_ACCESS_DENIED? What does check_winbind_security: wbcAuthenticateUserEx failed: WBC_ERR_AUTH_ERROR meens? Used samba version: 3.4.1 (by SerNet) Thanks Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] UNIX accounts needed for machine accounts?
Hi, I have the following problem: My structure is stored in LDAP that way: dc=example,dc=com + ou=groups | + cn=Account Operators | + ... + ou=machines | + uid=workstation1$ | + uid=workstation2$ | + ... + ou=users + ou=int | + uid=user1 | + uid=user2 | + ... + ou=ext + uid=user3 + uid=user4 + ... ... Only internal users (in ou=int) branch have the samba object classes and should be available on internal servers. Therefore I set the in the libnss-ldap the search scope for the users to ou=int,ou=users,dc=example,dc=com. But this also means that the machine accounts are not available on the UNIX server. Is this necessary? Does it cause any problems? If yes, is there a solution for that (except putting the machine accounts into the ou=int branch)? Regards, Luke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Lukas Haase lukasha...@gmx.at wrote: Is this necessary? Does it cause any problems? Only the samba DC must be able to access the machine objects. So if you plan to reduce the scope on your PDC, machine autentication, or joining a machine to domain will allways fail. On client side I can't see problems so far... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to join to AD ? -Annoyed
mistofeles wrote: mistofeles wrote: I'm installing another Ubuntu 9.10 server from scratch with the advice above. It seems that you got to instal krb5-users and krb5-client to make it work. I spent hours with this. In the end I installed this samba4-bla-bla and managed to make 'net' run, Okay, this Samba4 seemed to be a dead end. I re-installed some parts of Samba and 'net' command started to work again. Some questions: - Must I log in and 'kinit' with my username, which has rights to join this device to AD every time I reboot the PC. It seems so. - Is there some way to make the user permissions work in Samba ? Now I have to set 707 permissions to user home directory so that he can read and modify his data. If I make it like this, everyone in the AD can go and read his files. Linux has its own system of permissions. Is there any way to make Samba understand that they should be used and not some system, which is built in Samba ? Somebody said that I should keep the system 'KISS'. How is this made ? -- View this message in context: http://old.nabble.com/how-to-join-to-AD---tp26513594p26809793.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Ralf Hornik Mailings wrote: Lukas Haase lukasha...@gmx.at wrote: Is this necessary? Does it cause any problems? Only the samba DC must be able to access the machine objects. So if you plan to reduce the scope on your PDC, machine autentication, or joining a machine to domain will allways fail. On client side I can't see problems so far... Hi, Thanks for your reply. Actually this is exactly whats the problem: On the PDC I want NOT to have the external users in the system! Is there any good solution for that? It would be great if libnss-ldap would support users from different trees (than I could take ou=int,ou=users AND ou=machines) but I guess this is not possible... Regards, Luke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Lukas Haase lukasha...@gmx.at schrieb: It would be great if libnss-ldap would support users from different trees (than I could take ou=int,ou=users AND ou=machines) but I guess this is not possible... I don't see a problem here. You can just set up your ldap to ou=users,ou=ext,dc=domain,dc=com ou=groups,ou=ext,dc=domain,dc=com and ou=machines,ou=int,dc=domain,dc=com ou=users,ou=int,dc=domain,dc=com ou=groups,ou=int,dc=domain,dc=com then point libnss on your samba related machines to ou=int,dc=domain,dc=com and any other machines to dc=domain,dc=com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Ralf Hornik Mailings r...@best.homeunix.org schrieb: then point libnss on your samba related machines to ou=int,dc=domain,dc=com and any other machines to dc=domain,dc=com. Sorry, I made a mistake. Point your samba related machines to ou=int,dc=domain,dc=com and your none samba related machines to ou=ext,dc=domain,dc=com You can also use ACL's in ldap to restrict searchable attributes and deny logins. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Write-only share and NT_STATUS_ACCESS_DENIED closing remote file error
I'm trying to get a write-only share with sever version 3.2.5 (Debian Lenny updated). I'm doing this with a chmod 0770 on the directory, owned by root and group mysambagroup. The samba user with write permission on the share is in the mysambagroup group and the share is like this: read only = no create mask = inherit owner = yes path = /sambashare valid user = myuser It works just fine, I can upload files and not read/delete/chmod them, but just after the upload I get this error (testing with smbclient): NT_STATUS_ACCESS_DENIED closing remote file \myfile (the file is actually fully uploaded) Is there a way to accomplish the write-only share in other ways? The only other topic I found googling is http://lists.samba.org/archive/samba/2008-April/139701.html but it doesn't seem to fix the write-only problem (user can still chmod file and then read it). Thank you! -- Alexander Fortin Studio Synthesis srl Business Process Consulting Via Callegari 10, Brescia - (+39)030/8336089 http://www.studiosynthesis.biz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Ralf Hornik Mailings schrieb: Ralf Hornik Mailings r...@best.homeunix.org schrieb: then point libnss on your samba related machines to ou=int,dc=domain,dc=com and any other machines to dc=domain,dc=com. Sorry, I made a mistake. Point your samba related machines to ou=int,dc=domain,dc=com and your none samba related machines to ou=ext,dc=domain,dc=com Yes I thought about that but unfortunately this would imply to completely put the internal and the external stuff in a separate tree. But the idea about my design (ou={int,ext},ou=users,...) is that * On internal servers I just use ou=int,ou=users,... that only internal users are in the system * And on the external servers (Mail and Web) I want to have the internal ones *and* the external ones so I just take the whole ou=users,... as base. Complicated... Maybe I could use aliases to point the machines branch into the ou=int branch? But I have no experiences with aliases etc. Regards, Luke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Lukas Haase lukasha...@gmx.at wrote: Maybe I could use aliases to point the machines branch into the ou=int branch? But I have no experiences with aliases etc. Why don't you simply move the ou=machines into your ou=int? None samba related users do not need machine accounts. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Ralf Hornik Mailings schrieb: Lukas Haase lukasha...@gmx.at wrote: Maybe I could use aliases to point the machines branch into the ou=int branch? But I have no experiences with aliases etc. Why don't you simply move the ou=machines into your ou=int? None samba related users do not need machine accounts. Yes I think that is the one solution. But the reason why I did not yet do it is simple: Because the machine Accounts are not users! Look again at my tree: dc=example,dc=com + ou=groups | + cn=Account Operators | + ... + ou=machines | + uid=workstation1$ | + uid=workstation2$ | + ... + ou=users + ou=int | + uid=user1 | + uid=user2 | + ... + ou=ext + uid=user3 + uid=user4 + ... ... So I would need to move the machines tree into the users tree what is semantically not correct. But maybe the one solution? Regards, Luke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Lukas Haase lukasha...@gmx.at schreibte: Yes I think that is the one solution. But the reason why I did not yet do it is simple: Because the machine Accounts are not users! Machine accounts are very well users! ;-) Respective samba users. So by design they have to reside your samba containers. However you can seperate them by name (as in my suggestion of your LDAP design) but getent will (and should) always find them. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Issue Joining Win7 to Samba Domain (tried wiki instructions)
Hi, I'm trying to join a Windows 7 client to a samba domain. We're running samba 3.3.9 from SerNet. I've changed the registry settings on the Win7 client per the wiki page (http://wiki.samba.org/index.php/Windows7). Unfortunately, I'm still getting: The following error occurred attempting to join the domain because the following error has occurred: The specified domain either does not exist or could not be contacted. Before I found the wiki page, I tried some other settings from blogs, etc. I think I have reverted the machine back to its default settings. Also, I am able to join two other Win7 clients to the domain. Any idea what could be wrong with the one client? The machine can browse to file shares on the samba server. I don't see any error messages in the samba logs. Thanks, -Ryan Casey -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Ralf Hornik Mailings schrieb: Lukas Haase lukasha...@gmx.at schreibte: Yes I think that is the one solution. But the reason why I did not yet do it is simple: Because the machine Accounts are not users! Machine accounts are very well users! ;-) Respective samba users. So by design they have to reside your samba containers. However you can seperate them by name (as in my suggestion of your LDAP design) but getent will (and should) always find them. Yes. Are you familiar with LDAP? I created an alias now: ou=machines,ou=int,ou=users,dc=example,dc=com -- ou=machines,dc=example,dc=com That works really good on the fly ... if I enable dereference aliases in my LDAP browser I there is even no difference. libnss-ldap seems to support dereferencing aliases. So it should work...BUT is this a good idea or is it better to move the machines there instead of linking? Regards, Luke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Lukas Haase schrieb: Ralf Hornik Mailings schrieb: Lukas Haase lukasha...@gmx.at schreibte: Yes I think that is the one solution. But the reason why I did not yet do it is simple: Because the machine Accounts are not users! Machine accounts are very well users! ;-) Respective samba users. So by design they have to reside your samba containers. However you can seperate them by name (as in my suggestion of your LDAP design) but getent will (and should) always find them. Yes. Are you familiar with LDAP? I created an alias now: ou=machines,ou=int,ou=users,dc=example,dc=com -- ou=machines,dc=example,dc=com That works really good on the fly ... if I enable dereference aliases in my LDAP browser I there is even no difference. libnss-ldap seems to support dereferencing aliases. So it should work...BUT is this a good idea or is it better to move the machines there instead of linking? Sorry to quote myself...but I think that would have another big advantage: I would only need to dereference the aliases on the PDC machine and nowhere other I would have the ugly machine accounts in the system :) Regards, Luke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Lukas Haase lukasha...@gmx.at wrote: Sorry to quote myself...but I think that would have another big advantage: I would only need to dereference the aliases on the PDC machine and nowhere other I would have the ugly machine accounts in the system :) As I mentioned before. Move the machines into your samba related ou's and the world will be happy again... ;-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to join to AD ? -Annoyed
On Wed, Dec 16, 2009 at 4:34 AM, mistofeles ptmu...@utu.fi wrote: Okay, this Samba4 seemed to be a dead end. I re-installed some parts of Samba and 'net' command started to work again. Some questions: - Must I log in and 'kinit' with my username, which has rights to join this device to AD every time I reboot the PC. It seems so. - Is there some way to make the user permissions work in Samba ? Now I have to set 707 permissions to user home directory so that he can read and modify his data. If I make it like this, everyone in the AD can go and read his files. Linux has its own system of permissions. Is there any way to make Samba understand that they should be used and not some system, which is built in Samba ? Somebody said that I should keep the system 'KISS'. How is this made ? You seem to be having a lot more trouble with this than it should be. I'll go over the steps that are in a joining script I wrote to make sure you are not missing anything. YMMV mostly depending on how your DNS is set up. apt-get update apt-get install samba samba-common winbind ntp ntpdate openssh-server krb5-config krb5-user /etc/init.d/winbind stop /etc/init.d/samba stop edit /etc/krb5.conf (if needed, we replace the file with only the following contents as our DNS provides everything else we need) [libdefaults] default_realm = DOMAIN.LOCAL forwardable = true rdns = no [domain_realm] .domain.local = DOMAIN.LOCAL edit /etc/hosts 127.0.0.1 localhost 127.0.1.1 hostname.domain.localhostname.domain.edu hostname edit /etc/dhcp3/dhclient.conf (if the computer is using DHCP, add the following lines) send host-name MYCOMPUTER; supersede domain-name domain.local domain.edu; /sbin/dhclient If static assigned IP addresses edit /etc/resolve.conf domain domain.local search domain.local domain.edu edit /etc/nsswitch.conf (modify the following lines) passwd: compat winbind group: compat winbind hosts: files dns (msdns, or whatever it is causes lots of problems, I suggest you only use files and dns for hosts, use whatever else you need) If you don't want interactive logins to the box, comment out the identified PAM lines - Edit /etc/pam.d/common-account like this: account sufficient pam_winbind.so account requiredpam_unix.so - Edit /etc/pam.d/common-auth like this: authsufficient pam_winbind.so krb5_auth krb5_ccache_type=FILE authrequiredpam_unix.so use_first_pass nullok_secure - Edit /etc/pam.d/common-session like this: session requiredpam_mkhomedir.soskel=/etc/skel umask=0028 #Comment out if no interactive logins session requiredpam_winbind.so session requiredpam_unix.so - Edit /etc/pam.d/samba like this: @include common-auth authrequiredpam_winbind.so @include common-account account requiredpam_winbind.so @include common-session - Edit /etc/pam.d/login like this:(no changes needed if no interactive logins) # # The PAM configuration file for the Shadow 'login' service # # Enforce a minimal delay in case of failure (in microseconds). # (Replaces the \`FAIL_DELAY' setting from login.defs) # Note that other modules may require another minimal delay. (for example, # to disable any delay, you should add the nodelay option to pam_unix) auth optional pam_faildelay.so delay=300 # Outputs an issue file prior to each login prompt (Replaces the # ISSUE_FILE option from login.defs). Uncomment for use # auth required pam_issue.so issue=/etc/issue # Disallows root logins except on tty's listed in /etc/securetty # (Replaces the \`CONSOLE' setting from login.defs) auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so # Disallows other than root logins when /etc/nologin exists # (Replaces the \`NOLOGINS_FILE' option from login.defs) auth requisite pam_nologin.so # This module parses environment configuration file(s) # and also allows you to use an extended config # file /etc/security/pam_env.conf. # # parsing /etc/environment needs readenv=1 session required pam_env.so readenv=1 # locale variables are also kept into /etc/default/locale in etch # reading this file *in addition to /etc/environment* does not hurt session required pam_env.so readenv=1 envfile=/etc/default/locale # Standard Un*x authentication. @include common-auth # This allows certain extra groups to be granted to a user # based on things like time of day, tty, service, and user. # Please edit /etc/security/group.conf to fit your needs # (Replaces the \`CONSOLE_GROUPS' option in login.defs) auth optional pam_group.so # Uncomment and edit /etc/security/time.conf if you need to set # time restrainst on logins. # (Replaces the \`PORTTIME_CHECKS_ENAB' option from login.defs # as well as /etc/porttime) # accountrequisite pam_time.so # Uncomment and
[Samba] smbclient(3.4.2) needs credentials to view all shares
After upgrading to fedora 11, I noticed with samba 3.4.2 I could no longer view all the shares I have access to from my linux box to a windows server. The command line is smbclient -U domain/user%pass -L //server. I modified libsmb/clidfs.c in cli_cm_connect() and added the line cli_init_creds(cli, get_cmdline_auth_info_username(auth_info), lp_workgroup(), get_cmdline_auth_info_password(auth_info)); after the do_connect() call and this at least allowed me to view the shares I have access to. However, not being a samba expert, I leave the proper solution up to others. Thanks. Ken -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Ralf Hornik Mailings r...@best.homeunix.org schreibte: then point libnss on your samba related machines to ou=int,dc=domain,dc=com and any other machines to dc=domain,dc=com. Sorry, I made a mistake. Point your samba related machines to dc=domain,dc=com and your none samba related machines to ou=ext,dc=domain,dc=com You can also use ACL's in Ldap to restrict the searchable attributes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UNIX accounts needed for machine accounts?
Forget this mail. It was sent mistakenly... Ralf Hornik r...@ralf-hornik.de wrote: Ralf Hornik Mailings r...@best.homeunix.org wrote then point libnss on your samba related machines to ou=int,dc=domain,dc=com and any other machines to dc=domain,dc=com. Sorry, I made a mistake. Point your samba related machines to dc=domain,dc=com and your none samba related machines to ou=ext,dc=domain,dc=com You can also use ACL's in Ldap to restrict the searchable attributes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- alles bleibt anders... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] mac client: folder copy problem
Hi, Server is debian lenny w/ samba 3.3.9. Client is mac osx 10.5.x Client tries to copy a folder on share. Only the folder is copied, it's contents are not. An extra step is needed by the client to copy the contents into the new folder on the share. Anyone know of this problem? regards, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Wed, Dec 16, 2009 at 12:15:20PM -0500, Ryan Suarez wrote: Server is debian lenny w/ samba 3.3.9. Client is mac osx 10.5.x Client tries to copy a folder on share. Only the folder is copied, it's contents are not. An extra step is needed by the client to copy the contents into the new folder on the share. Anyone know of this problem? Yes, I have seen this at a customer site. I've stared at the logs and sniffs for MANY hours, but I could not find anything. If you solve this, please let me know :-) Volker pgpVFfbfAICXY.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Wed, Dec 16, 2009 at 06:19:05PM +0100, Volker Lendecke wrote: On Wed, Dec 16, 2009 at 12:15:20PM -0500, Ryan Suarez wrote: Server is debian lenny w/ samba 3.3.9. Client is mac osx 10.5.x Client tries to copy a folder on share. Only the folder is copied, it's contents are not. An extra step is needed by the client to copy the contents into the new folder on the share. Anyone know of this problem? Yes, I have seen this at a customer site. I've stared at the logs and sniffs for MANY hours, but I could not find anything. If you solve this, please let me know :-) Try pinging George and James (CC:ed on this :-). Hopefully they can help. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Wed, Dec 16, 2009 at 09:30:18AM -0800, Jeremy Allison wrote: Yes, I have seen this at a customer site. I've stared at the logs and sniffs for MANY hours, but I could not find anything. If you solve this, please let me know :-) Try pinging George and James (CC:ed on this :-). Hopefully they can help. Already done. Jht mentioned that turning off winbind fixed it for him ... :-) Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
Volker Lendecke wrote: On Wed, Dec 16, 2009 at 09:30:18AM -0800, Jeremy Allison wrote: Yes, I have seen this at a customer site. I've stared at the logs and sniffs for MANY hours, but I could not find anything. If you solve this, please let me know :-) Try pinging George and James (CC:ed on this :-). Hopefully they can help. Already done. Jht mentioned that turning off winbind fixed it for him ... :-) hmm, this server isn't even running winbind... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Wed, Dec 16, 2009 at 12:37:48PM -0500, Ryan Suarez wrote: Volker Lendecke wrote: On Wed, Dec 16, 2009 at 09:30:18AM -0800, Jeremy Allison wrote: Yes, I have seen this at a customer site. I've stared at the logs and sniffs for MANY hours, but I could not find anything. If you solve this, please let me know :-) Try pinging George and James (CC:ed on this :-). Hopefully they can help. Already done. Jht mentioned that turning off winbind fixed it for him ... :-) hmm, this server isn't even running winbind... That was my initial reaction as well. This just can't be true, there must be something else. But it *is* a very weird phenomenon. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
Probably it can be related. In my case filesync of portable directories with samba server always fail for newly created directories with error 0:: 09/12/16 06:49:55.282 EXCEPTION: Invalid argument -SStoreFileOperator_FS applyPermissionsFromObject: (StoreFileOperator-FS.m:508): chflags('/Network/Servers/samba.server.host/cifstest/', flags=0)-- Error Domain=NSPOSIXErrorDomain Code=22 UserInfo=0x10058c170 Invalid argument It tries to chflags after creation of directory and get this error. Anton. On Dec 16, 2009, at 6:37 PM, Ryan Suarez wrote: Volker Lendecke wrote: On Wed, Dec 16, 2009 at 09:30:18AM -0800, Jeremy Allison wrote: Yes, I have seen this at a customer site. I've stared at the logs and sniffs for MANY hours, but I could not find anything. If you solve this, please let me know :-) Try pinging George and James (CC:ed on this :-). Hopefully they can help. Already done. Jht mentioned that turning off winbind fixed it for him ... :-) hmm, this server isn't even running winbind... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) On Dec 16, 2009, at 6:48 PM, Anton Starikov wrote: Probably it can be related. In my case filesync of portable directories with samba server always fail for newly created directories with error 0:: 09/12/16 06:49:55.282 EXCEPTION: Invalid argument -SStoreFileOperator_FS applyPermissionsFromObject: (StoreFileOperator-FS.m:508): chflags('/Network/Servers/samba.server.host/cifstest/', flags=0)-- Error Domain=NSPOSIXErrorDomain Code=22 UserInfo=0x10058c170 Invalid argument It tries to chflags after creation of directory and get this error. Anton. On Dec 16, 2009, at 6:37 PM, Ryan Suarez wrote: Volker Lendecke wrote: On Wed, Dec 16, 2009 at 09:30:18AM -0800, Jeremy Allison wrote: Yes, I have seen this at a customer site. I've stared at the logs and sniffs for MANY hours, but I could not find anything. If you solve this, please let me know :-) Try pinging George and James (CC:ed on this :-). Hopefully they can help. Already done. Jht mentioned that turning off winbind fixed it for him ... :-) hmm, this server isn't even running winbind... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) Hmmm. Looks like a client bug then, in that they don't cope with an error on chflags set. What error is the Samba server returning here ? George, what errors can the MacOSX client cope with and continue ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Dec 16, 2009, at 7:08 PM, Jeremy Allison wrote: On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) Hmmm. Looks like a client bug then, in that they don't cope with an error on chflags set. What error is the Samba server returning here ? Of course it is client error. But it is much easy to add dirty hack to samba on server that fooling around bunch of clients. Does Apple opensource their implementation of smbfs? George, what errors can the MacOSX client cope with and continue ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrating an NT4 domain to a Samba PDC - How to limit users access to only certain machines?
Hello! We are converting an old windows NT domain to a Samba domain. All appears well in testing, however we need to limit certain users to have permission only to log in to their specific workstation. If someone tried logging into my workstation with their account (even though their account is a valid domain account) - I need it to reject the attempt. Is there an easy way to do this? Is it even possible? Thanks! -Jason PS - I have set up the PDC on ClearOS 5.1 (which is the successor to ClarkConnect) -- = Jason Somers Network Administrator Red Barn Technology Group, Inc. 1235 Front Street - Suite 3 Binghamton, NY 13905 (607) 772-1888 x222 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
Yep, and there is some other problem with OSX client and linux samba server: smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data available)|Desktop/ddldldl|755 smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data available)|Library/Application Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|644 cmsdata smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data available)|Library/Application Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|744 It is with unix extensions = yes. On Dec 16, 2009, at 7:08 PM, Jeremy Allison wrote: On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) Hmmm. Looks like a client bug then, in that they don't cope with an error on chflags set. What error is the Samba server returning here ? George, what errors can the MacOSX client cope with and continue ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
But what is strange, is the fact that I don't see chflags commands, during audit of server side. And, obviously, client accepts chmod_acl errors silently. (Although I don't have ACL's on files on server side, as result). So, it looks like client knows that server doesn't support chflags, and complains locally. Can it be an issue, that vfs_audit doesn't audit chflags if they unsupported on server side? On Dec 16, 2009, at 7:51 PM, Anton Starikov wrote: Yep, and there is some other problem with OSX client and linux samba server: smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data available)|Desktop/ddldldl|755 smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data available)|Library/Application Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|644 cmsdata smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data available)|Library/Application Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|744 It is with unix extensions = yes. On Dec 16, 2009, at 7:08 PM, Jeremy Allison wrote: On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) Hmmm. Looks like a client bug then, in that they don't cope with an error on chflags set. What error is the Samba server returning here ? George, what errors can the MacOSX client cope with and continue ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with Snow Leopard and Samba
We have a user who purchased a Mac Book Pro with OSX 10.6.2. Everyday he has a problem with one or another Samba Server. One day it's FileShare1 , the next day it's ProductionData Server. I use Windows and Linux and neither has a problem connecting to these servers. He has XP in VMWare Fusion and that works fine. But about every other day he comes and says some server won't allow him to connect. Sometimes a reboot will fix the problem. We are using Samba PDC with LDAP backend and these are member servers he is logging into. Today he is getting an error that the login is incorrect on one Member Server, yesterday he would log into a server and it would hang about 3 deep into a directory tree and require reboot of the system. Eventually that error just seemed to go away. Anyone know of some glitch or issue with software on OSX 10.6.2? I am not familiar with MACs and didn't think that there would be an issue, but thought someone out here may know of a quirk or something that would cause this type of problem and how to resolve it. Thanks, P.S. Are Snow Leopards an endangered species? Do I need a license to shoot a Mac Book Pro? :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I find my files in a shared folder?
Moray Henderson wrote: Allen Chen wrote: Hi, there I have a Samba(3.0.22) PDC and 100 XP users. This configuration works perfect for me. Thanks for Samba team. My question is: Is there a way to show an XP user all files belong to her/him on a Samba shared folder? The reason I'm asking, is I want to find all my file on the shared Samba folder. Thanks, Allen I would do this from the Unix side: find path -user username I don't know of any way to get XP to search for files by ownership, although there may be some 3rd party file indexing tool that would do it. It's not a problem to find them on linux side, but I need to do it on XP side. I was thinking to have a vfs objects to search for files by ownership. Does anybody know how to program vfs module or have an URL to it? I do have C programming experience. Thanks. Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] LDAP Account Manager 2.9.0 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 LDAP Account Manager (LAM) 2.9.0 - December 16th, 2009 == LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: - - LAM now supports managing Asterisk accounts and extensions. All documentation was moved to the new LAM manual. LAM Pro supports nisObject entries and custom scripts for the self service. This release also fixes some bugs. Full changelog: http://www.ldap-account-manager.org/lamcms/changelog Features: - - * management of various account types * Unix * Samba 3 * Kolab 2 * Asterisk * phpGroupwWare * DHCP * SSH keys * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * multiple configuration files * multi-language support: Catalan, Chinese (Traditional + Simplified), Czech, Dutch, English, French, German, Hungarian, Italian, Japanese, Polish, Portuguese, Russian and Spanish * support for LDAP+SSL/TLS Availability: - - This software is available under the GNU General Public License V2.0. You can get the newest version at http://www.ldap-account-manager.org. File formats: DEB, RPM, tar.gz There is also a FreeBSD port. Debian users may use the packages in unstable. Demo installation: - -- You can try our demo installation online. http://www.ldap-account-manager.org/lamcms/liveDemo Support: - If you find a bug please file a bug report. For questions or implementing new features please use the mailinglist and feature request tracker at our homepage http://www.ldap-account-manager.org. Authors Copyright: - Copyright (C) 2003 - 2009: Michael Duergner mich...@duergner.com Roland Gruber p...@rolandgruber.de Tilo Lutz tilol...@gmx.de LAM is published under the GNU General Public License. The complete list of licenses can be found in the copyright file. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkspP1kACgkQq/ywNCsrGZ5RnACbBhHW5KvZanVqw6arz2Enkqpy Kk0AnRECE3Oara+cvQPHdKDBQPsvhLbo =7AUR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Snow Leopard and Samba
On Wed, Dec 16, 2009 at 2:06 PM, Mike Eggleston mikee...@mac.com wrote: On Wed, 16 Dec 2009, Clark Johnston might have said: We have a user who purchased a Mac Book Pro with OSX 10.6.2. Everyday he has a problem with one or another Samba Server. One day it's FileShare1 , the next day it's ProductionData Server. I use Windows and Linux and neither has a problem connecting to these servers. He has XP in VMWare Fusion and that works fine. But about every other day he comes and says some server won't allow him to connect. Sometimes a reboot will fix the problem. We are using Samba PDC with LDAP backend and these are member servers he is logging into. Today he is getting an error that the login is incorrect on one Member Server, yesterday he would log into a server and it would hang about 3 deep into a directory tree and require reboot of the system. Eventually that error just seemed to go away. Anyone know of some glitch or issue with software on OSX 10.6.2? I am not familiar with MACs and didn't think that there would be an issue, but thought someone out here may know of a quirk or something that would cause this type of problem and how to resolve it. Thanks, P.S. Are Snow Leopards an endangered species? Do I need a license to shoot a Mac Book Pro? :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I have seen issues with Microsoft Office for the Mac trying to connect to shares of the same name on multiple servers. The Microsoft applications gets confused. - $server1 - ProductionData - $server2 - ProductionData My user could not open for writing, and other permission errors, an Excel file on one of the shares because the shares have the same name. Mike Thanks for the info But I haven't even gotten to that problem yet. :) Oh joy the day. This is just simply connecting to different named shares on differently named servers. Maybe I need some tutoring on a Mac also, anyone have any book recommendations. This one computer seems to be taking up about 10% of my time in the last 2 weeks. I'd be looking for information on log files and other such troubleshooting help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Jeremy Allison j...@samba.org: On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) Hmmm. Looks like a client bug then, in that they don't cope with an error on chflags set. What error is the Samba server returning here ? George, what errors can the MacOSX client cope with and continue ? FileSync wants to create accurate copies of files, including all their metadata. We just pass the error up the stack. The current code does not look too closely at the unix capabilities, we should be looking at the flags mask in the UNIX_INFO2 response and handling the case where the server doesn't understand any flags. Please file a bug at http://bugreporter.apple.com and attach the packet trace. This will help us to make a case to fix this in an update. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Anton Starikov ant.stari...@gmail.com: On Dec 16, 2009, at 7:08 PM, Jeremy Allison wrote: On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) Hmmm. Looks like a client bug then, in that they don't cope with an error on chflags set. What error is the Samba server returning here ? Of course it is client error. But it is much easy to add dirty hack to samba on server that fooling around bunch of clients. Does Apple opensource their implementation of smbfs? http://www.opensource.apple.com/source/smb/smb-348.7/ -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Dec 16, 2009, at 9:28 PM, James Peach wrote: Please file a bug at http://bugreporter.apple.com and attach the packet trace. This will help us to make a case to fix this in an update. Thanks, I will do my best! :) Anton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
One question. The fact that client ignore ACL capabilities of server, it is also normal for current smbfs implementation? On Dec 16, 2009, at 9:28 PM, James Peach wrote: 2009/12/16 Jeremy Allison j...@samba.org: On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) Hmmm. Looks like a client bug then, in that they don't cope with an error on chflags set. What error is the Samba server returning here ? George, what errors can the MacOSX client cope with and continue ? FileSync wants to create accurate copies of files, including all their metadata. We just pass the error up the stack. The current code does not look too closely at the unix capabilities, we should be looking at the flags mask in the UNIX_INFO2 response and handling the case where the server doesn't understand any flags. Please file a bug at http://bugreporter.apple.com and attach the packet trace. This will help us to make a case to fix this in an update. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Anton Starikov ant.stari...@gmail.com: One question. The fact that client ignore ACL capabilities of server, it is also normal for current smbfs implementation? Even in 10.5, the smbfs client does not ignore the filesystem ACL support attribute. On Dec 16, 2009, at 9:28 PM, James Peach wrote: 2009/12/16 Jeremy Allison j...@samba.org: On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote: And although it creates directory, it doesn't copy contents, because it stops process of copying directory after this error. If I repeat filesync, the contents of directory will be copid (cause directory is already here). So, it looks exactly the same. If so, then problem in chflags(). I expect that samba on linux is compiled without support for chflags, obviously. I presume that settings unix extensions = no would probably fix this, but it has a drawback, because then you loose native unix things like symlinks etc. Which is, at least in our case is not possible, cause shares accessed by both, mac and linux clients over NFS (the same clients on different hosts) and symlinks are heavily used. I think, OSX client, when it sees that server supports unix extensions, expects that on other side is OSX server with samba which supports chflags. So, if we don't discuss rewrite of OSX cifs FS, then only solution is to emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs somehow) Hmmm. Looks like a client bug then, in that they don't cope with an error on chflags set. What error is the Samba server returning here ? George, what errors can the MacOSX client cope with and continue ? FileSync wants to create accurate copies of files, including all their metadata. We just pass the error up the stack. The current code does not look too closely at the unix capabilities, we should be looking at the flags mask in the UNIX_INFO2 response and handling the case where the server doesn't understand any flags. Please file a bug at http://bugreporter.apple.com and attach the packet trace. This will help us to make a case to fix this in an update. -- James Peach | jor...@gmail.com -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Dec 16, 2009, at 9:45 PM, James Peach wrote: 2009/12/16 Anton Starikov ant.stari...@gmail.com: One question. The fact that client ignore ACL capabilities of server, it is also normal for current smbfs implementation? Even in 10.5, the smbfs client does not ignore the filesystem ACL support attribute. With unix extensions enabled? Then I don't understand. Where is the problem. On server side I see smbd_audit: antst|xxx|antst|sys_acl_get_file|ok|. smbd_audit: antst|xxx|antst|sys_acl_get_file|ok|. smbd_audit: antst|xxx|antst|sys_acl_get_entry|ok| smbd_audit: antst|xxx|antst|sys_acl_free_acl|ok| smbd_audit: antst|xxx|antst|sys_acl_free_acl|ok| smbd_audit: antst|xxx|antst|get_nt_acl|ok|. a file: # getfacl /home/antst/tt1 getfacl: Removing leading '/' from absolute path names # file: home/antst/tt1 # owner: antst # group: cmsusers user::rw- user:mohand:rwx group::r-- mask::rwx other::--- And on client side: ls -le /tmp/qq1/tt1 -rw-r- 1 antst cmsusers 0 Dec 16 20:19 /tmp/qq1/tt1 And if I try to set ACL from OSX I get $ chmod +a mohand allow write /tmp/qq1/tt1 chmod: Failed to set ACL on file '/tmp/qq1/tt1': Operation not supported Looking into the source code of client (thanks for link) I see that CIFS_UNIX_POSIX_ACLS_CAP is not referenced in the sources (except header file, where it is defined). Although it can mean nothing and you can use somewhere in the code just numerical value. Anton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Snow Leopard and Samba
On Wed, 16 Dec 2009, Clark Johnston might have said: We have a user who purchased a Mac Book Pro with OSX 10.6.2. Everyday he has a problem with one or another Samba Server. One day it's FileShare1 , the next day it's ProductionData Server. I use Windows and Linux and neither has a problem connecting to these servers. He has XP in VMWare Fusion and that works fine. But about every other day he comes and says some server won't allow him to connect. Sometimes a reboot will fix the problem. We are using Samba PDC with LDAP backend and these are member servers he is logging into. Today he is getting an error that the login is incorrect on one Member Server, yesterday he would log into a server and it would hang about 3 deep into a directory tree and require reboot of the system. Eventually that error just seemed to go away. Anyone know of some glitch or issue with software on OSX 10.6.2? I am not familiar with MACs and didn't think that there would be an issue, but thought someone out here may know of a quirk or something that would cause this type of problem and how to resolve it. Thanks, P.S. Are Snow Leopards an endangered species? Do I need a license to shoot a Mac Book Pro? :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I have seen issues with Microsoft Office for the Mac trying to connect to shares of the same name on multiple servers. The Microsoft applications gets confused. - $server1 - ProductionData - $server2 - ProductionData My user could not open for writing, and other permission errors, an Excel file on one of the shares because the shares have the same name. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
2009/12/16 Anton Starikov ant.stari...@gmail.com: On Dec 16, 2009, at 9:45 PM, James Peach wrote: 2009/12/16 Anton Starikov ant.stari...@gmail.com: One question. The fact that client ignore ACL capabilities of server, it is also normal for current smbfs implementation? Even in 10.5, the smbfs client does not ignore the filesystem ACL support attribute. With unix extensions enabled? Then I don't understand. Where is the problem. On server side I see smbd_audit: antst|xxx|antst|sys_acl_get_file|ok|. smbd_audit: antst|xxx|antst|sys_acl_get_file|ok|. smbd_audit: antst|xxx|antst|sys_acl_get_entry|ok| smbd_audit: antst|xxx|antst|sys_acl_free_acl|ok| smbd_audit: antst|xxx|antst|sys_acl_free_acl|ok| smbd_audit: antst|xxx|antst|get_nt_acl|ok|. a file: # getfacl /home/antst/tt1 getfacl: Removing leading '/' from absolute path names # file: home/antst/tt1 # owner: antst # group: cmsusers user::rw- user:mohand:rwx group::r-- mask::rwx other::--- And on client side: ls -le /tmp/qq1/tt1 -rw-r- 1 antst cmsusers 0 Dec 16 20:19 /tmp/qq1/tt1 And if I try to set ACL from OSX I get $ chmod +a mohand allow write /tmp/qq1/tt1 chmod: Failed to set ACL on file '/tmp/qq1/tt1': Operation not supported Looking into the source code of client (thanks for link) I see that CIFS_UNIX_POSIX_ACLS_CAP is not referenced in the sources (except header file, where it is defined). Although it can mean nothing and you can use somewhere in the code just numerical value. It doesn't use unix ACLs, it uses SMB ACLs. -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Dec 16, 2009, at 10:13 PM, James Peach wrote: It doesn't use unix ACLs, it uses SMB ACLs. Then with unix extension = yes there os no way for propagation of ACL's? BTW, I tried it with unix extension = no on server side. According to google it used to work on 10.5.x in this way. But on 10.6.2 it results in the same behavior: chmod: Failed to set ACL on file '/tmp/qq1/tt1': Operation not supported Anton. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
Anton Starikov wrote: Then with unix extension = yes there os no way for propagation of ACL's? BTW, I tried it with unix extension = no on server side. According to google it used to work on 10.5.x in this way. Nope, I'm testing with OSX v10.5.7 client and we have 'unix extensions=no' explicitly set on the server. This problem still occurs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Dec 16, 2009, at 10:28 PM, Ryan Suarez wrote: Anton Starikov wrote: Then with unix extension = yes there os no way for propagation of ACL's? BTW, I tried it with unix extension = no on server side. According to google it used to work on 10.5.x in this way. Nope, I'm testing with OSX v10.5.7 client and we have 'unix extensions=no' explicitly set on the server. This problem still occurs. Then I don't understand. I found few cases on the internet, where disabling of unix extensions helped to enable ACL for 10.5.x. Probably it was with older versions of Leopard with older of smbfs. Anton. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SPAM: 4.3] Re: samba4 size
- Oorspronkelijk bericht - From: John H Terpstra j...@samba.org On 12/15/2009 05:35 PM, theHog wrote: Hi, I've built samba 4 from the git repository, but... the resulting (stripped) binaries take 504 MB disk space! Is that what it is or did I do something wrong? theHog No, you did it right. I want to know how you did that! Mine is 1.2GB for the whole of it. ;-) - John T. I guess you'll need to buy yourself an extra hard disk for xmas just to host samba :-) theHog -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating an NT4 domain to a Samba PDC - How to limit users access to only certain machines?
we need to limit certain users to have permission only to log in to their specific workstation. I'm not familiar with ClearOS, but if it uses an LDAP backend (and maybe even if it doesn't) the sambaUserWorkstations property should do what you want. *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Configure a linux client to be a member of a Samba Domain and allow users from Domain to sign on.
Hi, I have a Samba server setup as a PDC. I have a mostly Windows client in the domain. I have one linux client that I configured and joined the domain. However, after joining the domain, I can't login with any of the domain users. I have the SMB.conf configured on the client side as security=domain What else do I have to do to allow smb users to login to the linux box? I searched google but the most I find is how to configure PDCs Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem Joining Win7 to Samba Domain (tried wiki instructions)
Ryan Casey wrote: I'm trying to join a Windows 7 client to a samba domain. We're running samba 3.3.9 from SerNet. I've changed the registry settings on the Win7 client per the wiki page (http://wiki.samba.org/index.php/Windows7). Unfortunately, I'm still getting: The following error occurred attempting to join the domain because the following error has occurred: The specified domain either does not exist or could not be contacted. Ditto. While the wiki *did* work a few weeks ago, I had to reinstall Win7 after a 'System-Restore' deleted most files on the disk. (There wasn't much on it except for program installations). I am able to join with a XP client -- unjoined, rejoined, rejoiced. But the Win7 is giving nothing in the log (level 4) concerning the problem and in Wireshk, I'm seeing attempts at Net LOGON both with blank names and with the machine name (machine$), and the Samba (3.4.3) DC says name doesn't exist.I do have the dword entries as mentioned in the wiki -- and that did work last time, but this time, nada. Not sure what debugging step to try next. Ideas? *sigh*...one step forward, two steps back... -l -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Wed, Dec 16, 2009 at 11:16:24PM -0800, George K Colley wrote: The lack of support of the BSD MODES flags in Samba is a known issue that we hope to solve in a future release. We will never be able to support Samba correctly without these bits, but plan on doing a better job in the future.It would be nice if Samba would support the following flags the same as the DOS Attributes. That would solve so many issues:) BSD hidden Flag - DOS Attribute Hidden BSD immutable - Windows Read-Only bit BSD archived - the reverse of the BSD archive bit But the UNIX extensions does not require this support, but this causes the Mac OS Client to have several issue. Where in the protocol do these show up? In a unixinfo call? If they directly map to the Windows attributes, it should be possible to splice them into our Winattr logic (x permission bits or the EA xattr). Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Dec 17, 2009, at 8:22 AM, George K Colley wrote: On Dec 16, 2009, at 1:39 PM, Anton Starikov wrote: On Dec 16, 2009, at 10:28 PM, Ryan Suarez wrote: Anton Starikov wrote: Then with unix extension = yes there os no way for propagation of ACL's? BTW, I tried it with unix extension = no on server side. According to google it used to work on 10.5.x in this way. Nope, I'm testing with OSX v10.5.7 client and we have 'unix extensions=no' explicitly set on the server. This problem still occurs. Then I don't understand. I found few cases on the internet, where disabling of unix extensions helped to enable ACL for 10.5.x. Probably it was with older versions of Leopard with older of smbfs. unix extension on or off has no affect on ACL support. We turn on NT Style ACL support only if we think the Server, Client and Network Log in user all belong to the same Domain. How to check it or enforce it? Setup is next: 1) On OSX 10.5 server OpenDirectory + samba PDC. 2) Linux server with samba (member of domain hosted on OSX) 3) OSX 10.6 client. OSX client login as OpenDirectory user. In opendirectory apple-user-homeurl set to point to samba share on linux server. Anton. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mac client: folder copy problem
On Dec 17, 2009, at 8:35 AM, George K Colley wrote: unix extension on or off has no affect on ACL support. We turn on NT Style ACL support only if we think the Server, Client and Network Log in user all belong to the same Domain. How to check it or enforce it? Setup is next: 1) On OSX 10.5 server OpenDirectory + samba PDC. ON 10.5 we require that the mount point be owned by an AD user and the log user is an AD user. There is no AD. OSX server acts as PDC. But in smb.conf on this server it is pointed that profiles and homes should be taken from linux server (for windows clients domain logons). We mount nothing on 10.5 server itself. it just acts as authorization center for all kind of services. On linux file-server, obviously, home shares are same user home directories we share over NFS. So, permissions are OK. 2) Linux server with samba (member of domain hosted on OSX) Can't be some with 10.5 clients Didn't get your point here. 3) OSX 10.6 client. OSX client login as OpenDirectory user. In opendirectory apple-user-homeurl set to point to samba share on linux server. Need to return the correct info in the WhoAMI call. I will need to look at the code. So let me get back to you on this one. OK, I'll test it today. Anton. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e22e336... s4:drsuapi/getncchanges.c - Update the list of operational attributes from e831e3e... Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e22e336f41e2196524a5f70e096c61905b7676ae Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Wed Dec 16 09:45:22 2009 +0100 s4:drsuapi/getncchanges.c - Update the list of operational attributes - Reorder them as specified in operational.c - Add also the lan manager hash password attribute --- Summary of changes: source4/rpc_server/drsuapi/getncchanges.c | 15 --- 1 files changed, 8 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 24ff324..488ecd1 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -307,14 +307,15 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ struct drsuapi_DsReplicaObjectListItemEx **currentObject; NTSTATUS status; DATA_BLOB session_key; - const char *attrs[] = { *, distinguishedName, - ntSecurityDescriptor, - replPropertyMetaData, - lmPwdHistory, - ntPwdHistory, - supplementalCredentials, - unicodePwd, + const char *attrs[] = { *, distinguishedName, + nTSecurityDescriptor, parentGUID, + replPropertyMetaData, + unicodePwd, + dBCSPwd, + ntPwdHistory, + lmPwdHistory, + supplementalCredentials, NULL }; WERROR werr; struct dcesrv_handle *h; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8d3fc23... s4-dsdb: also mark the relax control non-critical when done via 558a386... s4-dsdb: it is a better pattern to mark a control as done than remove it via 41e403a... s4-dsdb: when the SD_FLAGS control is set, don't remove nTSecurityDescriptor via 934bb28... s4-dsdb: don't actually remove the sd_flags control, just mark it non-critical via 9955756... s4-ldb: show the OID of any unhandled critical controls via f8320b3... s4-ldb: fixed a transaction error on prepare_commit via e14c728... s4-ldb: added --show-deactivated-link command line option via f9302f9... ldap: give a debug error when we don't know a control via 6c21255... s4-dsdb: added dsdb_get_deleted_objects_dn() via 3c1f18c... s4-dsdb: added dsdb_find_nc_root() via 7d0fdca... s4-dsdb: added dsdb_wellknown_dn() via b7a74ac... libds: added GUIDs for wellknown AD objects via 8a74633... s4-dsdb: added a dsdb_module_rename() call via 9fa1f96... s4-dsdb: added dsdb_module_modify() via 4b970c0... s4-dsdb: fixed dsdb_module_dn_by_guid() via cd4574f... s4-dsdb: dsdb_flags should be unsigned via 57b10b6... s4-dsdb: rename dsdb_module_search_handle_flags to dsdb_request_add_controls via 9515926... s4-dsdb: added dsdb_module_dn_by_guid() via 32995e8... s4-dsdb: use dsdb_dn_is_deleted_val() via 152f415... s4-dsdb: added dsdb_dn_is_deleted_val() via d31b636... s4-ntvfs: try to fix bug 6989 from e22e336... s4:drsuapi/getncchanges.c - Update the list of operational attributes http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8d3fc23157376af5657a09324509abace3c5ee4f Author: Andrew Tridgell tri...@samba.org Date: Wed Dec 16 20:45:40 2009 +1100 s4-dsdb: also mark the relax control non-critical when done commit 558a38671af5ea05d9ee1d815f0c1c2dab41a80c Author: Andrew Tridgell tri...@samba.org Date: Wed Dec 16 20:45:02 2009 +1100 s4-dsdb: it is a better pattern to mark a control as done than remove it removing a control means it can't be seen by any other modules, which is usually not what is wanted. Better to just mark it non-critical, which means anyone else who wants to look at it can, but if nobody does its not an error. commit 41e403adb0fa76c8d15d5d1ef38b195a6da2265c Author: Andrew Tridgell tri...@samba.org Date: Wed Dec 16 20:39:55 2009 +1100 s4-dsdb: when the SD_FLAGS control is set, don't remove nTSecurityDescriptor commit 934bb28ef3cc9c6589cbb8b75c2a9f8435cc88a3 Author: Andrew Tridgell tri...@samba.org Date: Wed Dec 16 20:39:18 2009 +1100 s4-dsdb: don't actually remove the sd_flags control, just mark it non-critical For controls that need to be seen by more than one module, it is best to just mark them non-critical when handled, instead of removing them. Otherwise lower modules can't see them. In this case we want the operational module to see the SD_FLAGS control commit 99557563141a3776b05bebba0436c56e72f9e20f Author: Andrew Tridgell tri...@samba.org Date: Wed Dec 16 17:13:19 2009 +1100 s4-ldb: show the OID of any unhandled critical controls It isn't very useful just saying that a control is not supported, without saying which one is the problem Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit f8320b3559956b06d3b54e7707986d03aa5084f3 Author: Andrew Tridgell tri...@samba.org Date: Wed Dec 16 17:12:28 2009 +1100 s4-ldb: fixed a transaction error on prepare_commit when a prepare commit fails, we need to give a cancel to all modules, not a commit! Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit e14c72877fa87e0e6ba0f637dd3367160f8d52b1 Author: Andrew Tridgell tri...@samba.org Date: Wed Dec 16 14:58:35 2009 +1100 s4-ldb: added --show-deactivated-link command line option this adds the SHOW_DEACTIVATED_LINK control commit f9302f9e08d68f6fd974e02668c2bae273981688 Author: Andrew Tridgell tri...@samba.org Date: Wed Dec 16 14:57:32 2009 +1100 ldap: give a debug error when we don't know a control This interface should really have a proper error interface, but at least a DEBUG() gives the user a chance of finding the error Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 6c2125572cfbcd1878dfe99893ddae37f95d1f6e Author: Andrew Tridgell tri...@samba.org Date: Wed Dec 16 13:41:21 2009 +1100 s4-dsdb: added dsdb_get_deleted_objects_dn() This is based on the code from Eduardo Lima eduard...@gmail.com, but uses the new helper functions added in the last couple of commits Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 3c1f18c5e2c3f56d512aa9a8cfab2f5698bafbb0 Author: Andrew Tridgell
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d9f9322... s3-pdbedit: allow to call pdbedit -N description -u user without specifiyng -r. from 8d3fc23... s4-dsdb: also mark the relax control non-critical when done http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d9f93224bdd2b02a8c96667009e43406b47d4c35 Author: Günther Deschner g...@samba.org Date: Wed Dec 16 15:59:04 2009 +0100 s3-pdbedit: allow to call pdbedit -N description -u user without specifiyng -r. Guenther --- Summary of changes: source3/utils/pdbedit.c |6 -- 1 files changed, 4 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index 5d8a6fd..06eedef 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -50,9 +50,10 @@ #define BIT_BADPWRESET 0x0800 #define BIT_LOGONHOURS 0x1000 #define BIT_KICKOFFTIME0x2000 +#define BIT_DESCRIPTION 0x4000 #define MASK_ALWAYS_GOOD 0x001F -#define MASK_USER_GOOD 0x20405FE0 +#define MASK_USER_GOOD 0x60405FE0 static int get_sid_from_cli_string(DOM_SID *sid, const char *str_sid) { @@ -1106,7 +1107,8 @@ int main (int argc, char **argv) (backend_out ? BIT_EXPORT : 0) + (badpw_reset ? BIT_BADPWRESET : 0) + (hours_reset ? BIT_LOGONHOURS : 0) + - (kickoff_time ? BIT_KICKOFFTIME : 0); + (kickoff_time ? BIT_KICKOFFTIME : 0) + + (acct_desc ? BIT_DESCRIPTION : 0); if (setparms BIT_BACKEND) { /* HACK: set the global passdb backend by overwriting globals. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 64e588f... spoolss: add spoolss_DriverInfo7. from d9f9322... s3-pdbedit: allow to call pdbedit -N description -u user without specifiyng -r. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 64e588f868c23bf4c836f4029a285885db5d087e Author: Günther Deschner g...@samba.org Date: Wed Dec 16 10:39:00 2009 +0100 spoolss: add spoolss_DriverInfo7. Guenther --- Summary of changes: librpc/gen_ndr/ndr_spoolss.c | 223 ++ librpc/gen_ndr/ndr_spoolss.h |4 + librpc/gen_ndr/spoolss.h |9 ++ librpc/idl/spoolss.idl |9 ++ 4 files changed, 245 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/gen_ndr/ndr_spoolss.c b/librpc/gen_ndr/ndr_spoolss.c index f4cf968..6178b1c 100644 --- a/librpc/gen_ndr/ndr_spoolss.c +++ b/librpc/gen_ndr/ndr_spoolss.c @@ -13141,6 +13141,205 @@ _PUBLIC_ size_t ndr_size_spoolss_DriverInfo6(const struct spoolss_DriverInfo6 *r return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_spoolss_DriverInfo6, ic); } +_PUBLIC_ enum ndr_err_code ndr_push_spoolss_DriverInfo7(struct ndr_push *ndr, int ndr_flags, const struct spoolss_DriverInfo7 *r) +{ + if (ndr_flags NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 5)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r-size)); + NDR_CHECK(ndr_push_spoolss_DriverOSVersion(ndr, NDR_SCALARS, r-version)); + { + uint32_t _flags_save_string = ndr-flags; + ndr_set_flags(ndr-flags, LIBNDR_FLAG_STR_NULLTERM); + NDR_CHECK(ndr_push_relative_ptr1(ndr, r-driver_name)); + ndr-flags = _flags_save_string; + } + { + uint32_t _flags_save_string = ndr-flags; + ndr_set_flags(ndr-flags, LIBNDR_FLAG_STR_NULLTERM); + NDR_CHECK(ndr_push_relative_ptr1(ndr, r-inf_name)); + ndr-flags = _flags_save_string; + } + { + uint32_t _flags_save_string = ndr-flags; + ndr_set_flags(ndr-flags, LIBNDR_FLAG_STR_NULLTERM); + NDR_CHECK(ndr_push_relative_ptr1(ndr, r-install_source_root)); + ndr-flags = _flags_save_string; + } + NDR_CHECK(ndr_push_trailer_align(ndr, 5)); + } + if (ndr_flags NDR_BUFFERS) { + { + uint32_t _flags_save_string = ndr-flags; + ndr_set_flags(ndr-flags, LIBNDR_FLAG_STR_NULLTERM); + if (r-driver_name) { + NDR_CHECK(ndr_push_relative_ptr2(ndr, r-driver_name)); + NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r-driver_name)); + } + ndr-flags = _flags_save_string; + } + { + uint32_t _flags_save_string = ndr-flags; + ndr_set_flags(ndr-flags, LIBNDR_FLAG_STR_NULLTERM); + if (r-inf_name) { + NDR_CHECK(ndr_push_relative_ptr2(ndr, r-inf_name)); + NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r-inf_name)); + } + ndr-flags = _flags_save_string; + } + { + uint32_t _flags_save_string = ndr-flags; + ndr_set_flags(ndr-flags, LIBNDR_FLAG_STR_NULLTERM); + if (r-install_source_root) { + NDR_CHECK(ndr_push_relative_ptr2(ndr, r-install_source_root)); + NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r-install_source_root)); + } + ndr-flags = _flags_save_string; + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_spoolss_DriverInfo7(struct ndr_pull *ndr, int ndr_flags, struct spoolss_DriverInfo7 *r) +{ + uint32_t _ptr_driver_name; + TALLOC_CTX *_mem_save_driver_name_0; + uint32_t _ptr_inf_name; + TALLOC_CTX *_mem_save_inf_name_0; + uint32_t _ptr_install_source_root; + TALLOC_CTX *_mem_save_install_source_root_0; + if (ndr_flags NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 5)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r-size)); + NDR_CHECK(ndr_pull_spoolss_DriverOSVersion(ndr, NDR_SCALARS, r-version)); + { + uint32_t _flags_save_string = ndr-flags; + ndr_set_flags(ndr-flags,
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via 22332e0... Second part of fix for 6875 - trans2 FIND_FIRST2 response -- FIND_FIRST2 Data - Fille Attributes are returned as 0x220 for LANMAN2.1 dialect from 874a4e3... spoolss: remove unused spoolss_StringArray2. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 22332e08ab5b406ca603576b29fcaf0c1f786708 Author: Jeremy Allison j...@samba.org Date: Tue Dec 15 18:36:36 2009 -0800 Second part of fix for 6875 - trans2 FIND_FIRST2 response -- FIND_FIRST2 Data - Fille Attributes are returned as 0x220 for LANMAN2.1 dialect Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. This makes us consistant in returning DOS attrs across all replies. Tested on OS/2 by Günter Kukkukk. Jeremy. --- Summary of changes: source3/smbd/dosmode.c | 28 source3/smbd/trans2.c | 15 +-- 2 files changed, 25 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 45ea74d..7b47fe6 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -22,6 +22,18 @@ extern enum protocol_types Protocol; +static uint32_t filter_mode_by_protocol(uint32_t mode) +{ + if (Protocol = PROTOCOL_LANMAN2) { + DEBUG(10,(filter_mode_by_protocol: + filtering result 0x%x to 0x%x\n, + (unsigned int)mode, + (unsigned int)(mode 0x3f) )); + mode = 0x3f; + } + return mode; +} + static int set_sparse_flag(const SMB_STRUCT_STAT * const sbuf) { #if defined (HAVE_STAT_ST_BLOCKS) defined(STAT_ST_BLOCKSIZE) @@ -343,12 +355,12 @@ uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT result |= aHIDDEN; } - if (Protocol = PROTOCOL_LANMAN2) { - DEBUG(10,(dos_mode_msdfs : filtering result 0x%x\n, - (unsigned int)result )); - result = 0xff; + if (result == 0) { + result = FILE_ATTRIBUTE_NORMAL; } + result = filter_mode_by_protocol(result); + DEBUG(8,(dos_mode_msdfs returning )); if (result aHIDDEN) DEBUG(8, (h)); @@ -526,12 +538,12 @@ uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf) result |= aHIDDEN; } - if (Protocol = PROTOCOL_LANMAN2) { - DEBUG(10,(dos_mode : filtering result 0x%x\n, - (unsigned int)result )); - result = 0xff; + if (result == 0) { + result = FILE_ATTRIBUTE_NORMAL; } + result = filter_mode_by_protocol(result); + DEBUG(8,(dos_mode returning )); if (result aHIDDEN) DEBUG(8, (h)); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index bf3808e..f665bfb 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1254,7 +1254,6 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, char *nameptr; char *last_entry_ptr; bool was_8_3; - uint32 nt_extmode; /* Used for NT connections instead of mode */ bool needslash = ( conn-dirpath[strlen(conn-dirpath) -1] != '/'); bool check_mangled_names = lp_manglednames(conn-params); char mangled_name[13]; /* mangled 8.3 name. */ @@ -1456,8 +1455,6 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, p = pdata; last_entry_ptr = p; - nt_extmode = mode ? mode : FILE_ATTRIBUTE_NORMAL; - switch (info_level) { case SMB_FIND_INFO_STANDARD: DEBUG(10,(get_lanman2_dir_entry: SMB_FIND_INFO_STANDARD\n)); @@ -1604,7 +1601,7 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, put_long_date_timespec(conn-ts_res, p,mdate_ts); p += 8; SOFF_T(p,0,file_size); p += 8; SOFF_T(p,0,allocation_size); p += 8; - SIVAL(p,0,nt_extmode); p += 4; + SIVAL(p,0,mode); p += 4; q = p; p += 4; /* q is placeholder for name length. */ { unsigned int ea_size = estimate_ea_size(conn, NULL, pathreal); @@ -1655,7 +1652,7 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, put_long_date_timespec(conn-ts_res, p,mdate_ts); p += 8; SOFF_T(p,0,file_size); p += 8; SOFF_T(p,0,allocation_size); p += 8; - SIVAL(p,0,nt_extmode); p += 4; + SIVAL(p,0,mode); p += 4; len = srvstr_push(base_data, flags2,
[SCM] Samba Shared Repository - branch v3-3-test updated
The branch, v3-3-test has been updated via b53ee9f... Second part of fix for 6875 - trans2 FIND_FIRST2 response -- FIND_FIRST2 Data - Fille Attributes are returned as 0x220 for LANMAN2.1 dial from a706038... s3 aclocal.m4: Fix iconv checks, clean up m4 code http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit b53ee9ffe9d265e254a2c0b11bfcd7e6314ab13f Author: Jeremy Allison j...@samba.org Date: Tue Dec 15 18:38:06 2009 -0800 Second part of fix for 6875 - trans2 FIND_FIRST2 response -- FIND_FIRST2 Data - Fille Attributes are returned as 0x220 for LANMAN2.1 dial Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. This makes us consistant in returning DOS attrs across all replies. Tested on OS/2 by Günter Kukkukk. Jeremy. --- Summary of changes: source/smbd/dosmode.c | 28 source/smbd/trans2.c | 15 +-- 2 files changed, 25 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/dosmode.c b/source/smbd/dosmode.c index 07e1103..c7c9f3e 100644 --- a/source/smbd/dosmode.c +++ b/source/smbd/dosmode.c @@ -22,6 +22,18 @@ extern enum protocol_types Protocol; +static uint32_t filter_mode_by_protocol(uint32_t mode) +{ + if (Protocol = PROTOCOL_LANMAN2) { + DEBUG(10,(filter_mode_by_protocol: + filtering result 0x%x to 0x%x\n, + (unsigned int)mode, + (unsigned int)(mode 0x3f) )); + mode = 0x3f; + } + return mode; +} + static int set_sparse_flag(const SMB_STRUCT_STAT * const sbuf) { #if defined (HAVE_STAT_ST_BLOCKS) defined(STAT_ST_BLOCKSIZE) @@ -337,12 +349,12 @@ uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT result |= aHIDDEN; } - if (Protocol = PROTOCOL_LANMAN2) { - DEBUG(10,(dos_mode_msdfs : filtering result 0x%x\n, - (unsigned int)result )); - result = 0xff; + if (result == 0) { + result = FILE_ATTRIBUTE_NORMAL; } + result = filter_mode_by_protocol(result); + DEBUG(8,(dos_mode_msdfs returning )); if (result aHIDDEN) DEBUG(8, (h)); @@ -408,12 +420,12 @@ uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf) result |= aHIDDEN; } - if (Protocol = PROTOCOL_LANMAN2) { - DEBUG(10,(dos_mode : filtering result 0x%x\n, - (unsigned int)result )); - result = 0xff; + if (result == 0) { + result = FILE_ATTRIBUTE_NORMAL; } + result = filter_mode_by_protocol(result); + DEBUG(8,(dos_mode returning )); if (result aHIDDEN) DEBUG(8, (h)); diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index 21f70d0..4d6d55c 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -1269,7 +1269,6 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, char *nameptr; char *last_entry_ptr; bool was_8_3; - uint32 nt_extmode; /* Used for NT connections instead of mode */ bool needslash = ( conn-dirpath[strlen(conn-dirpath) -1] != '/'); bool check_mangled_names = lp_manglednames(conn-params); char mangled_name[13]; /* mangled 8.3 name. */ @@ -1456,8 +1455,6 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, p = pdata; last_entry_ptr = p; - nt_extmode = mode ? mode : FILE_ATTRIBUTE_NORMAL; - switch (info_level) { case SMB_FIND_INFO_STANDARD: DEBUG(10,(get_lanman2_dir_entry: SMB_FIND_INFO_STANDARD\n)); @@ -1604,7 +1601,7 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, put_long_date_timespec(p,mdate_ts); p += 8; SOFF_T(p,0,file_size); p += 8; SOFF_T(p,0,allocation_size); p += 8; - SIVAL(p,0,nt_extmode); p += 4; + SIVAL(p,0,mode); p += 4; q = p; p += 4; /* q is placeholder for name length. */ { unsigned int ea_size = estimate_ea_size(conn, NULL, pathreal); @@ -1655,7 +1652,7 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, put_long_date_timespec(p,mdate_ts); p += 8; SOFF_T(p,0,file_size); p += 8; SOFF_T(p,0,allocation_size); p += 8; - SIVAL(p,0,nt_extmode); p += 4; + SIVAL(p,0,mode); p += 4; len = srvstr_push(base_data, flags2, p + 4, fname,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b8c87c4... Add helpful debug of DACL for errors on ACL access. Jeremy. from 64e588f... spoolss: add spoolss_DriverInfo7. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b8c87c43dd9309b3d2fed5d5db5b38057a8e4e90 Author: Jeremy Allison j...@samba.org Date: Wed Dec 16 10:09:11 2009 -0800 Add helpful debug of DACL for errors on ACL access. Jeremy. --- Summary of changes: source3/smbd/open.c | 12 ++-- 1 files changed, 10 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 9dc8320..120de0f 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -102,8 +102,6 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, access_mask, access_granted); - TALLOC_FREE(sd); - DEBUG(10,(smbd_check_open_rights: file %s requesting 0x%x returning 0x%x (%s)\n, smb_fname_str_dbg(smb_fname), @@ -111,6 +109,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, (unsigned int)*access_granted, nt_errstr(status) )); + if (!NT_STATUS_IS_OK(status)) { + if (DEBUGLEVEL = 10) { + DEBUG(10,(smbd_check_open_rights: acl for %s is:\n, + smb_fname_str_dbg(smb_fname) )); + NDR_PRINT_DEBUG(security_descriptor, sd); + } + } + + TALLOC_FREE(sd); + return status; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 88d2eca3.. Add helpful debug of DACL for errors on ACL access. Jeremy. (cherry picked from commit b8c87c43dd9309b3d2fed5d5db5b38057a8e4e90) from 4c733f1... Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 88d2eca3b3b305a569fdd56936c8a92ee5843e4b Author: Jeremy Allison j...@samba.org Date: Wed Dec 16 10:09:11 2009 -0800 Add helpful debug of DACL for errors on ACL access. Jeremy. (cherry picked from commit b8c87c43dd9309b3d2fed5d5db5b38057a8e4e90) --- Summary of changes: source3/smbd/open.c | 12 ++-- 1 files changed, 10 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 9dc8320..120de0f 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -102,8 +102,6 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, access_mask, access_granted); - TALLOC_FREE(sd); - DEBUG(10,(smbd_check_open_rights: file %s requesting 0x%x returning 0x%x (%s)\n, smb_fname_str_dbg(smb_fname), @@ -111,6 +109,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, (unsigned int)*access_granted, nt_errstr(status) )); + if (!NT_STATUS_IS_OK(status)) { + if (DEBUGLEVEL = 10) { + DEBUG(10,(smbd_check_open_rights: acl for %s is:\n, + smb_fname_str_dbg(smb_fname) )); + NDR_PRINT_DEBUG(security_descriptor, sd); + } + } + + TALLOC_FREE(sd); + return status; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8f4d4a6... Final part of the fix for 6837 - Too many open files when trying to access large number of files from b8c87c4... Add helpful debug of DACL for errors on ACL access. Jeremy. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8f4d4a67587655dffe669cdda4ceed108bcfc4e7 Author: Jeremy Allison j...@samba.org Date: Wed Dec 16 10:19:19 2009 -0800 Final part of the fix for 6837 - Too many open files when trying to access large number of files Win7 needs a min of 16k file handles to work against a server. Jeremy. --- Summary of changes: source3/include/local.h | 24 1 files changed, 12 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/local.h b/source3/include/local.h index de54ea5..a88b17b 100644 --- a/source3/include/local.h +++ b/source3/include/local.h @@ -56,17 +56,6 @@ #define SYSLOG_FACILITY LOG_DAEMON #endif -/* - * Default number of maximum open files per smbd. This is - * also limited by the maximum available file descriptors - * per process and can also be set in smb.conf as max open files - * in the [global] section. - */ - -#ifndef MAX_OPEN_FILES -#define MAX_OPEN_FILES 1 -#endif - /* * Fudgefactor required for open tdb's, etc. */ @@ -82,7 +71,18 @@ */ #ifndef MIN_OPEN_FILES_WINDOWS -#define MIN_OPEN_FILES_WINDOWS 1050 +#define MIN_OPEN_FILES_WINDOWS 16384 +#endif + +/* + * Default number of maximum open files per smbd. This is + * also limited by the maximum available file descriptors + * per process and can also be set in smb.conf as max open files + * in the [global] section. + */ + +#ifndef MAX_OPEN_FILES +#define MAX_OPEN_FILES (MIN_OPEN_FILES_WINDOWS + MAX_OPEN_FUDGEFACTOR) #endif #define WORDMAX 0x -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 776b519... Final part of the fix for 6837 - Too many open files when trying to access large number of files from 88d2eca3.. Add helpful debug of DACL for errors on ACL access. Jeremy. (cherry picked from commit b8c87c43dd9309b3d2fed5d5db5b38057a8e4e90) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 776b5192423d02cbdb861c7cb4af325d4958db34 Author: Jeremy Allison j...@samba.org Date: Wed Dec 16 10:20:34 2009 -0800 Final part of the fix for 6837 - Too many open files when trying to access large number of files Win7 needs a min of 16k file handles to work against a server. Jeremy. --- Summary of changes: source3/include/local.h | 24 1 files changed, 12 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/local.h b/source3/include/local.h index de54ea5..a88b17b 100644 --- a/source3/include/local.h +++ b/source3/include/local.h @@ -56,17 +56,6 @@ #define SYSLOG_FACILITY LOG_DAEMON #endif -/* - * Default number of maximum open files per smbd. This is - * also limited by the maximum available file descriptors - * per process and can also be set in smb.conf as max open files - * in the [global] section. - */ - -#ifndef MAX_OPEN_FILES -#define MAX_OPEN_FILES 1 -#endif - /* * Fudgefactor required for open tdb's, etc. */ @@ -82,7 +71,18 @@ */ #ifndef MIN_OPEN_FILES_WINDOWS -#define MIN_OPEN_FILES_WINDOWS 1050 +#define MIN_OPEN_FILES_WINDOWS 16384 +#endif + +/* + * Default number of maximum open files per smbd. This is + * also limited by the maximum available file descriptors + * per process and can also be set in smb.conf as max open files + * in the [global] section. + */ + +#ifndef MAX_OPEN_FILES +#define MAX_OPEN_FILES (MIN_OPEN_FILES_WINDOWS + MAX_OPEN_FUDGEFACTOR) #endif #define WORDMAX 0x -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fae70e1... s4:gensec: allow clearing local and remote address by passing NULL via c457d54... s4-gensec: Remove obsolete socket_address vars and fns. via 1e54888... s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn. via ac2d31e... s4-gensec: Replace gensec_set_peer_addr with new tsocket based fn. via 8ca8804... s4-gensec: Replace gensec_get_my_addr with new tsocket based fn. via 226a9db... s4-gensec: Replace gensec_set_my_addr() with new tsocket based fn. via 743e636... s4-gensec: Added remote and local setter/getter using tsocket. from 8f4d4a6... Final part of the fix for 6837 - Too many open files when trying to access large number of files http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fae70e1f54fb0bcc6c39caad70ed69a626640381 Author: Stefan Metzmacher me...@samba.org Date: Wed Dec 16 20:34:15 2009 +0100 s4:gensec: allow clearing local and remote address by passing NULL metze commit c457d54434ce0f475a53d3205d703b9370f7c264 Author: Andreas Schneider a...@redhat.com Date: Wed Dec 16 18:07:07 2009 +0100 s4-gensec: Remove obsolete socket_address vars and fns. commit 1e5488859a66d25a0dedf0e2f9b545fb7acf1fa2 Author: Andreas Schneider a...@redhat.com Date: Wed Dec 16 16:41:21 2009 +0100 s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn. commit ac2d31e24cfa24f6674b645b3661a1a2ce9ab060 Author: Andreas Schneider a...@redhat.com Date: Wed Dec 16 16:12:13 2009 +0100 s4-gensec: Replace gensec_set_peer_addr with new tsocket based fn. commit 8ca88042f0f4dae9f0207ec5de3074f26a2ef9cb Author: Andreas Schneider a...@redhat.com Date: Wed Dec 16 16:06:55 2009 +0100 s4-gensec: Replace gensec_get_my_addr with new tsocket based fn. commit 226a9db2d9e0e15c14fb286761bff68253028a0c Author: Andreas Schneider a...@redhat.com Date: Wed Dec 16 15:52:30 2009 +0100 s4-gensec: Replace gensec_set_my_addr() with new tsocket based fn. commit 743e6363d54cf45a14de517e297faaa8258caaec Author: Andreas Schneider a...@redhat.com Date: Wed Dec 16 13:27:20 2009 +0100 s4-gensec: Added remote and local setter/getter using tsocket. --- Summary of changes: source4/auth/auth.h |2 +- source4/auth/gensec/config.mk |2 +- source4/auth/gensec/cyrus_sasl.c | 25 source4/auth/gensec/gensec.c | 101 - source4/auth/gensec/gensec.h | 13 +++- source4/auth/gensec/gensec_krb5.c | 41 ++ source4/auth/ntlm/auth_unix.c |6 +- source4/auth/ntlm/config.mk |2 +- source4/auth/ntlmssp/ntlmssp_server.c |3 +- source4/kdc/kpasswdd.c| 20 +-- 10 files changed, 137 insertions(+), 78 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/auth.h b/source4/auth/auth.h index 49cf161..c31ed2f 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -57,7 +57,7 @@ enum auth_password_state { struct auth_usersupplied_info { const char *workstation_name; - struct socket_address *remote_host; + const struct tsocket_address *remote_host; uint32_t logon_parameters; diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk index aa52b18..f7cbd5b 100644 --- a/source4/auth/gensec/config.mk +++ b/source4/auth/gensec/config.mk @@ -2,7 +2,7 @@ # Start SUBSYSTEM gensec [LIBRARY::gensec] PUBLIC_DEPENDENCIES = \ - CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL samba_socket LIBPACKET + CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL samba_socket LIBPACKET LIBTSOCKET # End SUBSYSTEM gensec # diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c index da96d23..f563867 100644 --- a/source4/auth/gensec/cyrus_sasl.c +++ b/source4/auth/gensec/cyrus_sasl.c @@ -20,6 +20,7 @@ */ #include includes.h +#include lib/tsocket/tsocket.h #include auth/credentials/credentials.h #include auth/gensec/gensec.h #include auth/gensec/gensec_proto.h @@ -117,8 +118,8 @@ static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security struct gensec_sasl_state *gensec_sasl_state; const char *service = gensec_get_target_service(gensec_security); const char *target_name = gensec_get_target_hostname(gensec_security); - struct socket_address *local_socket_addr = gensec_get_my_addr(gensec_security); - struct socket_address *remote_socket_addr = gensec_get_peer_addr(gensec_security); + const struct tsocket_address *tlocal_addr = gensec_get_local_address(gensec_security); + const struct tsocket_address *tremote_addr =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0708b2a... s4-ntvfs: check if pvfs is NULL in pvfs_logoff from fae70e1... s4:gensec: allow clearing local and remote address by passing NULL http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0708b2a0c91aa3d0c836a3edf21b3cb8fbdcd76c Author: brendan powers brendan0pow...@gmail.com Date: Wed Dec 16 19:01:32 2009 -0500 s4-ntvfs: check if pvfs is NULL in pvfs_logoff pvfs can be NULL if the directory a share points to does not exist. In this case, there would be no open files, so it is safe to just return from the function. Signed-off-by: Andrew Tridgell tri...@samba.org --- Summary of changes: source4/ntvfs/posix/pvfs_open.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 621db3c..aa66ad7 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -1713,6 +1713,11 @@ NTSTATUS pvfs_logoff(struct ntvfs_module_context *ntvfs, struct pvfs_state); struct pvfs_file *f, *next; + /* If pvfs is NULL, we never logged on, and no files are open. */ + if(pvfs == NULL) { + return NT_STATUS_OK; + } + for (f=pvfs-files.list;f;f=next) { next = f-next; if (f-ntvfs-session_info == req-session_info) { -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.0.108-178-g5d50f0e
The branch, master has been updated via 5d50f0e16948d18009f6623f132113f7273efc7f (commit) from b4365045797f520a7914afdb69ebd1a8dacfa0d9 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 5d50f0e16948d18009f6623f132113f7273efc7f Author: Rusty Russell ru...@rustcorp.com.au Date: Thu Dec 17 14:38:15 2009 +1030 eventscript: remove cb_status, fix uninitialized bug when monitoring aborted Previously we updated cb_status a each script finished. Since we're storing the status anyway, we can calculate it by iterating the scripts array itself, providing clear and uniform behavior on all code paths. In particular, this fixes a longstanding bug when we abort monitor scripts to run some other script: the cb_status was uninitialized. In this case, we need to hand *something* to the callback; 0 might make us go healthy when we shouldn't. So we use the last status (normally, this will be the just-saved current status). In addition, we make the case of failing the first fork for the script and failing other script forks the same: the error is returned via the callback and saved for viewing through 'ctdb scriptstatus'. Signed-off-by: Rusty Russell ru...@rustcorp.com.au --- Summary of changes: server/eventscript.c | 83 - 1 files changed, 54 insertions(+), 29 deletions(-) Changeset truncated at 500 lines: diff --git a/server/eventscript.c b/server/eventscript.c index 803ac1d..f438774 100644 --- a/server/eventscript.c +++ b/server/eventscript.c @@ -64,7 +64,6 @@ struct ctdb_event_script_state { pid_t child; /* Warning: this can free us! */ void (*callback)(struct ctdb_context *, int, void *); - int cb_status; int fd[2]; void *private_data; bool from_user; @@ -423,6 +422,31 @@ static int fork_child_for_script(struct ctdb_context *ctdb, return 0; } +/* + Summarize status of this run of scripts. + */ +static int script_status(struct ctdb_scripts_wire *scripts) +{ + unsigned int i; + + for (i = 0; i scripts-num_scripts; i++) { + switch (scripts-scripts[i].status) { + case -ENOENT: + case -ENOEXEC: + /* Disabled or missing; that's OK. */ + break; + case 0: + /* No problem. */ + break; + default: + return scripts-scripts[i].status; + } + } + + /* All OK! */ + return 0; +} + /* called when child is finished */ static void ctdb_event_script_handler(struct event_context *ev, struct fd_event *fde, uint16_t flags, void *p) @@ -431,7 +455,7 @@ static void ctdb_event_script_handler(struct event_context *ev, struct fd_event talloc_get_type(p, struct ctdb_event_script_state); struct ctdb_script_wire *current = get_current_script(state); struct ctdb_context *ctdb = state-ctdb; - int r; + int r, status; r = read(state-fd[0], current-status, sizeof(current-status)); if (r 0) { @@ -441,15 +465,6 @@ static void ctdb_event_script_handler(struct event_context *ev, struct fd_event } current-finished = timeval_current(); - - /* update overall status based on this script. */ - state-cb_status = current-status; - - /* don't stop just because it vanished or was disabled. */ - if (current-status == -ENOENT || current-status == -ENOEXEC) { - state-cb_status = 0; - } - /* valgrind gets overloaded if we run next script as it's still doing * post-execution analysis, so kill finished child here. */ if (ctdb-valgrinding) { @@ -458,10 +473,12 @@ static void ctdb_event_script_handler(struct event_context *ev, struct fd_event state-child = 0; + status = script_status(state-scripts); + /* Aborted or finished all scripts? We're done. */ - if (state-cb_status != 0 || state-current+1 == state-scripts-num_scripts) { + if (status != 0 || state-current+1 == state-scripts-num_scripts) { DEBUG(DEBUG_INFO,(__location__ Eventscript %s %s finished with state %d\n, - ctdb_eventscript_call_names[state-call], state-options, state-cb_status)); + ctdb_eventscript_call_names[state-call], state-options, status)); ctdb-event_script_timeouts = 0; talloc_free(state); @@ -473,8 +490,9 @@ static void ctdb_event_script_handler(struct event_context *ev, struct fd_event /* Next script! */ state-current++; -
[SCM] CTDB repository - branch master updated - ctdb-1.0.108-179-g99894a7
The branch, master has been updated via 99894a70fe2ebfe43daae7e88ff0fc9cab33e0fb (commit) from 5d50f0e16948d18009f6623f132113f7273efc7f (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 99894a70fe2ebfe43daae7e88ff0fc9cab33e0fb Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Dec 17 15:49:01 2009 +1100 version 1.0.109 --- Summary of changes: packaging/RPM/ctdb.spec.in | 15 +++- server/eventscript.c | 83 +++ 2 files changed, 43 insertions(+), 55 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RPM/ctdb.spec.in b/packaging/RPM/ctdb.spec.in index 0c3ff50..2449ed7 100644 --- a/packaging/RPM/ctdb.spec.in +++ b/packaging/RPM/ctdb.spec.in @@ -4,7 +4,7 @@ Summary: Clustered TDB Vendor: Samba Team Packager: Samba Team sa...@samba.org Name: ctdb -Version: 1.0.108 +Version: 1.0.109 Release: 1GITHASH Epoch: 0 License: GNU GPL version 3 @@ -123,6 +123,19 @@ rm -rf $RPM_BUILD_ROOT %{_docdir}/ctdb/tests/bin/ctdb_transaction %changelog +* Thu Dec 17 2009 : Version 1.0.109 + - Massive eventscript updates. (bz58828) + - Nice the daemon instead of using realtime scheduler, also use mlockall() to + reduce the risk of blockign due to paging. + - Workarounds for valgrind when forking once for each script. Valgrind consumes + massive cpu when terminating the scripts on virtual systems. + - Sync the tdb library with upstream, and use the new TDB_DISALLOW_NESTING flag. + - Add new command ctdb dumpdbbackup + - Start using the new tdb check framework to validate tdb files upon startup. + - A new framework where we can control health for individual tdb databases. + - Fix a crash bug in the logging code. + - New transaction code for persistent databases. + - Various other smaller fixes. * Mon Dec 7 2009 : Version 1.0.108 - Transaction updates from Michael Adam. - Use the new wbinfo --ping-dc instead of -p in the eventscript for samba diff --git a/server/eventscript.c b/server/eventscript.c index f438774..803ac1d 100644 --- a/server/eventscript.c +++ b/server/eventscript.c @@ -64,6 +64,7 @@ struct ctdb_event_script_state { pid_t child; /* Warning: this can free us! */ void (*callback)(struct ctdb_context *, int, void *); + int cb_status; int fd[2]; void *private_data; bool from_user; @@ -422,31 +423,6 @@ static int fork_child_for_script(struct ctdb_context *ctdb, return 0; } -/* - Summarize status of this run of scripts. - */ -static int script_status(struct ctdb_scripts_wire *scripts) -{ - unsigned int i; - - for (i = 0; i scripts-num_scripts; i++) { - switch (scripts-scripts[i].status) { - case -ENOENT: - case -ENOEXEC: - /* Disabled or missing; that's OK. */ - break; - case 0: - /* No problem. */ - break; - default: - return scripts-scripts[i].status; - } - } - - /* All OK! */ - return 0; -} - /* called when child is finished */ static void ctdb_event_script_handler(struct event_context *ev, struct fd_event *fde, uint16_t flags, void *p) @@ -455,7 +431,7 @@ static void ctdb_event_script_handler(struct event_context *ev, struct fd_event talloc_get_type(p, struct ctdb_event_script_state); struct ctdb_script_wire *current = get_current_script(state); struct ctdb_context *ctdb = state-ctdb; - int r, status; + int r; r = read(state-fd[0], current-status, sizeof(current-status)); if (r 0) { @@ -465,6 +441,15 @@ static void ctdb_event_script_handler(struct event_context *ev, struct fd_event } current-finished = timeval_current(); + + /* update overall status based on this script. */ + state-cb_status = current-status; + + /* don't stop just because it vanished or was disabled. */ + if (current-status == -ENOENT || current-status == -ENOEXEC) { + state-cb_status = 0; + } + /* valgrind gets overloaded if we run next script as it's still doing * post-execution analysis, so kill finished child here. */ if (ctdb-valgrinding) { @@ -473,12 +458,10 @@ static void ctdb_event_script_handler(struct event_context *ev, struct fd_event state-child = 0; - status = script_status(state-scripts); - /* Aborted or finished all scripts? We're done. */ - if (status != 0 || state-current+1 == state-scripts-num_scripts) { + if (state-cb_status != 0 || state-current+1 == state-scripts-num_scripts) {
[SCM] CTDB repository - annotated tag ctdb-1.0.109 created - ctdb-1.0.109
The annotated tag, ctdb-1.0.109 has been created at 0ef5d97eea0593775e29a64448cc596da1060743 (tag) tagging 99894a70fe2ebfe43daae7e88ff0fc9cab33e0fb (commit) replaces ctdb-1.0.108 tagged by Ronnie Sahlberg on Thu Dec 17 15:55:32 2009 +1100 - Log - tag for 1.0.109 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBLKbnW2aJ36aon/y8RAh7HAJ93sAsji3UX1XJG2IAoQ2hMN5yzjwCdHyRI cDufV0kMcguHHqe1NemwZLk= =qcSW -END PGP SIGNATURE- Andrew Tridgell (7): tdb: allow reads after prepare commit added some more speed tests to tdbtool tdb: fixed the intermittent failure of tdbtorture in the build farm fixed tdbbackup to give tdb error messages (cherry picked from samba commit 08be1420ba52ef9bba90d0f811c7810841ee8568) make tdbbackup use transactions added basic testing of tdb_transaction_prepare_commit() in tdbtorture (cherry picked from samba commit 84547b8dba3c0cf4e20b3c50d9386081d475df6b) tdb: detect tdb store of identical records and skip Christian Ambach (2): improve time jump logging reduce vacuuming lognoise Günther Deschner (1): tdb: fix c++ build warning. Holger Hetterich (1): Added a simple tdb integrity check to tdbtool. The command check runs traverse on the currently open tdb, and returns the number of entries if the integrity check is successful. (cherry picked from samba commit 42366bcbbdd42bb9d5821dfcc9dbe71a1eafa330) Jelmer Vernooij (3): tdb: Add simple reimplementation of tdbdump in Python as an example of the tdb Python bindings. (This used to be commit 47d797f7885b1e7bcff724496ecb1990e8440eea) (cherry picked from samba commit 6bdd1425b75c8931965f0e5627f5a63dc6820a7c) Implement missing functions in pytdb. (cherry picked from samba commit 2da551bbcc6cab296769c193b0b82aaa6256cece) Make sure to not close tdb database more than once. (cherry picked from samba commit 6fe6983e4c960abc69d5fa80cbef534ae515209a) Jeremy Allison (2): Add define guards around otherwise unused variable. Jeremy. (cherry picked from samba commit 4fc9f9c3f943cdeb27e37f0ee068cdd0da7cb00c) Remove unecessary msync. Jeremy. (cherry picked from samba commit 0bae1ef3de8fda5e1e2d641b14a408e627396912) (This used to be commit db2acaf46fdc38078b6b28b68909e289f6c9e0ec) (cherry picked from samba commit a1cf3ad5d655cf5a847df6d6299b3af1a30ec1e3) Kirill Smelkov (5): tdb: kill last bits from swig tdb: fix typo in python's Tdb.get() docstring tdb: reset tdb-fd to -1 in tdb_close() tdb: add tests for double .close() in pytdb tdb: update README a bit Matthias Dieter Wallnöfer (1): tdb tools: Mostly cosmetic adaptions Michael Adam (27): call: lower the debug message refusing migration while transction to lvl INFO client: lower debug level of transaction-active-retry message to DEBUG client: lower level of commit retry message WARNING-DEBUG test: get value for --timelimit from environment var CTDB_TEST_TIMELIMIT in transaction test test: add test 54_ctdb_transaction_recovery.sh tests: remove persistent_safe write test. tests: remove the persistent_unsafe writes test. tests: remove the no_trans mode from ctdb_transaction. server: add a new control CTDB_CONTROL_TRANS3_COMMIT define CTDB_DB_SEQNUM_KEY - used with the new implementation of transactions. Add a new control CTDB_GET_DB_SEQNUM - fetch a persistent db's sequence number. tests: temporarily disable the transaction test tool. Revert recovery: add special pull-logic for persistent databases tdb: add scripts to extract library symbols (exports file) from headers tdb: add script to extract signatures from header files. tdb: add script/abi_checks.sh. check for abi changes without gcc magic. One would expect I could spell my name... (cherry picked from samba commit 0d120be36bfc561e3f679d081993ccc6bea2a401) tdb:mksyms: allow double pointer return value of functions. tdb:mksyms: allow characters after closing functions parenthesis. tdb:mksigs: ignore struct forward declarations. tdb:mksigs: correctly ignode multiline function typedefs tdb:mksigs: ignore symbols (like _DEPRECATED_) after closing function parentheses tdb:mksigs: normalize bool - _Bool tdb:mksigs: allow PRINTF_ATTRIBUTE(..) macros function types as funcion args tdb:tdbtool: add the speed command to the help text. tdb:tdbtool: add transaction_start/_commit/_cancel commands. tdb:tdbtool: fix indentation. Ronnie Sahlberg (20): make sure to also check that interfaces used for NATGW are ok Bond devices can have any name the user configures, so Merge commit 'rusty/script-report' From: Volker Lendecke v...@samba.org remove the variable disable when unhealthy cleanup: remove a
Build status as of Thu Dec 17 07:00:02 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-12-16 00:00:04.0 -0700 +++ /home/build/master/cache/broken_results.txt 2009-12-17 00:00:18.0 -0700 @@ -1,4 +1,4 @@ -Build status as of Wed Dec 16 07:00:02 2009 +Build status as of Thu Dec 17 07:00:02 2009 Build counts: Tree Total Broken Panic @@ -6,17 +6,17 @@ ccache 2 1 0 distcc 0 0 0 ldb 33 33 0 -libreplace 2 1 0 +libreplace 1 1 0 lorikeet 0 0 0 -pidl 23 23 0 +pidl 3 3 0 ppp 0 0 0 rsync33 12 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 0 0 0 -samba_3_master 31 23 4 +samba_3_current 27 27 0 +samba_3_master 31 24 4 samba_3_next 31 31 2 samba_4_0_test 33 30 0 -talloc 31 11 0 -tdb 2 0 0 +talloc 33 11 0 +tdb 1 0 0