[Samba] map to guest option in ads mode
Hi, it seems map to guest option works differently in ads mode, namely when it is set to bad user. For example, I have domain user vova and try to authenticate with wrong password to Samba server and then to Windows server: smbclient -U vova -L //samba server Surprisingly I got list of shares, i.e. samba mapped user vova to guest. And now smbclient -U vova -L //windows server Error returning browse list: NT_STATUS_ACCESS_DENIED i.e. how map to guest=bad user should behave. Please, can someone clarify how option map to guest works? -- Vladimir Vassiliev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Status of samba packages in Debian
It's been some time since I didn't send an update about samba packages in Debian. Here it is. Fairly long, sorry for this. As preliminary facts: Debian entered a full freeze in Mid-August, in preparation of the next release, codename squeeze. It means that packages uploaded to Debian unstable no longer migrate to testing (which is the next release, so squeeze right now) when they had 10 days without RC bugs and when they're built on all supported architectures. During a freeze, packages do migrate semi-manually after being unblocked by Debian release team on request of the package maintainers. The release team requests avoiding upstream version updates during a freeze. Situation of samba in squeeze - We will have samba 3.5 in squeeze. At this moment, this is 3.5.5. We are very grateful to Debian release team as they allowed upgrading from 3.4.8 to 3.5.* *during the freeze* which breaks the official freeze rules! I have some hope to convince our RT to follow next 3.5 updates but that will be on a case by case basis. The clear policy adopted by the Samba Team for updates will help..:-) We have one release critical bug to tackle: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593823 (undeclared library backwards-incompatibility between 3.2.5 and 3.4...probably 3.5 also, in libwbclient) Situation of samba in lenny --- (lenny is the current stable release of Debian. Release in Feb. 2009, it has samba 3.2.5) We updated our 3.2.5 packages with the patch for the last unveiled security issue (CVE-2019-3069). Users of lenny who have security.debian.org in their sources.list files probably already got the update. Situation of samba in experimental -- Debian experimental is meant for prospective package development. During freezes, it's often use to have last upstream releases when they're not suitable anymore in unstable because of the freeze. At this moment, we no longer have interesting stuff there (we used to have 3.5 when the target for squeeze was 3.4.*). We will probably have 3.6. However, my last attempts to build it when 3.6.0pre1 was released resulted in a failure because of disappearing symbols in libraries (which should be discussed with the Samba Team). Situation of Samba 4 No samba4 packages in squeeze. Packages are judged as too experimental yet. Old outdated samba4 packages are currently in unstable. More recent ones are in experimental. The plan is to update packages in unstable with the last released version of samba4 (alpha14). Jelmer Vernooij is in charge of this and will do it...as soon as he finds a timeslot for that..:) Backports for lenny --- Debian recently integrated backports as a (nearly) fully official service (well, some implementation issues remain to be done in the BTS). Official backports for Debian stable (so, lenny, ATM) follow a strict policy. The packages have to be the same version than the one in testing and maintainers must commit to update them as carefully as they'd do for packages in Debian stable. See http://backports.debian.org for details and instructions about how to use backports Official backports for samba now feature samba 3.5.5 since a few days. These packages are as close as possible to those in squeeze (some packaging features that don't exist in lenny are dropped, though). Unofficial backports Besides official backports, we do maintain unofficial packages for users who might want different packages than those officially supported. Please be warned that these packages are updated less frequently then official ones. This might be a concern for those who are keen about security fixes. These unofficial backports live at http://pkg-samba.alioth.debian.org. They're built for i386 and amd64 architectures only. At this moment, we have there: - no longer maintained backports for etch. Don't use them. Don't use etch anymore..:-). Yes, I should remove that old crap. - lenny-backports: these feature samba 3.2.15 (latest released 3.2) for those users who want to stick with 3.2 on their servers (for instance, because they haven't gone through all regression tests on mission critical servers)...but are hit by some bug of 3.2.5 I actually needed those for a server of mine and decided to share them..:-) - lenny-backports-latest: these feature, for lenny, the last version of samba released by the Samba Team when we cannot have it in official backports. At this moment, there is nothing interesting there (indeed, there is 3.5.4) as official backports *do* have the latest released samba. I should even remove what's there right now. 3.6 packages for lenny will probably land there when 3.6 is released. We hope that this status update is helping users of samba in Debian. Please don't hesitate to discuss issues and wishes in mailing lists on samba.org, we try to be watching out things
Re: [Samba] using include directives for shares?
scott_st...@trendmicro.com writes: From the smb.conf manpage, it says that an 'include file' will include that file into smb.conf as if it were typed in place. Yes, that should work. Some things you want to look at: - Is the include file world readable? - Does the output of 'testparm -sv' give any clues? Regards, roel /etc/samba/smb.conf contains: [global] various global parameters include /etc/samba/smb.conf.local and then /etc/samba/smb.conf.local contains my share definitions. I'm doing it this way because I'm using puppet to manage the global parameters on my various file servers, but each individual file server may have a different local configuration that operations guys without access to the puppetmaster might need to change. It seems to me that this should be supported as I'm doing it, but it appears not - the shares defined in smb.conf.local aren't getting served. What am I doing wrong, or am I running up against a known limitation? Using CentOS 5, latest updates installed, samba RPM version samba-3.0.33-3.29.el5_5.1 Scott Stone scott_st...@trendmicro.com Lead Developer, DCS-RD Trend Micro, Inc. http://www.trendmicro.com TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] solaris 10 -zfs - smb.conf
Hi, The connection with AD is ok. ( I get the right info for wbinfo and getent ) The idmap backend is tdb. tdbdump /var/samba/locks/winbindd_idmap.tdb gives me correct information. I just don't know what combinations of options to use with zfs. (vfsobject, ... inherit acls, file acls, check nt permissions, etc.. etc.. ) Rgrds, I am making some guesses... Read the man page on idmap_rid. That might make the idmap stuff a little simpler (it doesn't apply to my environment so I am not 100% sure.) Does wbinfo -u and wbinfo -g list the AD domain users and groups? Does getent passwd and getent group list those users?Do you have /etc/nsswitch.conf configured to handle users and groups from winbind?The Solaris OS has so have some way of dealing with Windows users. Is your idmap backend TDB or ldap? Do you see idmap entries in the IDMAP DB? -- View this message in context: http://samba.2283325.n4.nabble.com/solaris-10-zfs-smb-conf-tp2715256p2716776.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Storing Profile remote on Samba PDC only works for one user
Hello :-) Meanwhile I found out why the %a in my logon path was not respected, there was an entry in my LDAP user entries overriding this. I removed it and now the %a ist respected, /exports/home/samba/profiles/XXX_admin/Win2K is created _and_ populated only for XXX_admin, only created and _not_ populated for the other users (works also from WinXP with %a becoming WinXP). I have this issue on WinXP clients _and_ Win2k clients. I found out to enable userenv.log on the windows clients: This is the user logging in: USERENV(b8.a0) 17:11:29:781 = USERENV(b8.a0) 17:11:29:781 LoadUserProfile: Entering, hToken = 0x50, lpProfileInfo = 0x6f648 USERENV(b8.a0) 17:11:29:781 LoadUserProfile: Entering, hToken = 0x50, lpProfileInfo = 0x6f648 USERENV(b8.a0) 17:11:29:781 LoadUserProfile: lpProfileInfo-dwFlags = 0x0 USERENV(b8.a0) 17:11:29:781 LoadUserProfile: lpProfileInfo-lpUserName = XXX_user USERENV(b8.a0) 17:11:29:781 LoadUserProfile: lpProfileInfo-lpProfilePath = \\pferdekopfnebel\profiles\XXX_user\Win2K USERENV(b8.a0) 17:11:29:781 LoadUserProfile: lpProfileInfo-lpDefaultPath = \\PFERDEKOPFNEBEL\netlogon\Default User USERENV(b8.a0) 17:11:29:781 LoadUserProfile: NULL server name USERENV(b8.a0) 17:11:29:781 GetUserMutex: entering USERENV(b8.a0) 17:11:29:781 GetUserMutex: Waiting... USERENV(b8.a0) 17:11:29:781 GetUserMutex: Wait succeeded. Mutex currently held. USERENV(b8.a0) 17:11:29:781 GetUserGuid: Failed to get user guid with 1355. USERENV(b8.a0) 17:11:29:781 GetProfileSid: No Guid - Sid Mapping available USERENV(b8.a0) 17:11:29:781 GetUserGuid: Failed to get user guid with 1355. USERENV(b8.a0) 17:11:29:781 GetProfileSid: No Guid - Sid Mapping available USERENV(b8.a0) 17:11:29:781 ParseProfilePath: Entering, lpProfilePath = \\pferdekopfnebel\profiles\XXX_user\Win2K USERENV(b8.a0) 17:11:29:781 CheckXForestLogon: checking x-forest logon, user handle = 80 USERENV(b8.a0) 17:11:29:796 MyGetDomainDNSName: MyGetUserName failed for dns domain name with 1355 USERENV(b8.a0) 17:11:29:796 CheckUserInMachineForest: MyGetDomainName failed with 1355. USERENV(b8.a0) 17:11:29:796 CheckXForestLogon : CheckUserInMachineForest failed with 1355 USERENV(b8.a0) 17:11:29:796 ParseProfilePath: CheckXForestLogon failed, hr = 8007054B USERENV(b8.a0) 17:11:29:906 ParseProfilePath: Tick Count = 16 USERENV(b8.a0) 17:11:29:906 PingComputer: PingBufferSize set as 2048 USERENV(b8.a0) 17:11:29:906 PingComputer: First time: 0 USERENV(b8.a0) 17:11:29:906 PingComputer: Fast link. Exiting. USERENV(b8.a0) 17:11:29:906 ParseProfilePath: FindFirstFile found something with attributes 0x10 USERENV(b8.a0) 17:11:29:906 ParseProfilePath: Found a directory USERENV(b8.a0) 17:11:29:906 LoadUserProfile: ParseProfilePath returned a directory of \\pferdekopfnebel\profiles\XXX_user\Win2K USERENV(b8.a0) 17:11:29:906 RestoreUserProfile: Entering USERENV(b8.a0) 17:11:29:906 RestoreUserProfile: User is a Guest USERENV(b8.a0) 17:11:29:906 IsCentralProfileReachable: Entering USERENV(b8.a0) 17:11:29:906 CheckRoamingShareOwnership: checking ownership for \\pferdekopfnebel\profiles\XXX_user\Win2K USERENV(b8.a0) 17:11:29:906 CheckRoamingShareOwnership: policy set to disable ownership check USERENV(b8.a0) 17:11:29:906 IsCentralProfileReachable: Testing \\pferdekopfnebel\profiles\XXX_user\Win2K\ntuser.man USERENV(b8.a0) 17:11:29:906 IsCentralProfileReachable: Profile is not reachable, error = 2 USERENV(b8.a0) 17:11:29:906 IsCentralProfileReachable: Testing \\pferdekopfnebel\profiles\XXX_user\Win2K\ntuser.dat USERENV(b8.a0) 17:11:29:906 IsCentralProfileReachable: Profile is not reachable, error = 2 USERENV(b8.a0) 17:11:29:906 IsCentralProfileReachable: Ok to create a user profile. USERENV(b8.a0) 17:11:29:906 RestoreUserProfile: Central Profile is reachable USERENV(b8.a0) 17:11:29:906 RestoreUserProfile: Central Profile is roaming USERENV(b8.a0) 17:11:29:906 RestoreUserProfile: Profile path = \\pferdekopfnebel\profiles\XXX_user\Win2K This is the admin logging in: USERENV(b8.a0) 17:11:55:421 = USERENV(b8.a0) 17:11:55:421 LoadUserProfile: Entering, hToken = 0x1f0, lpProfileInfo = 0x6f648 USERENV(b8.a0) 17:11:55:421 LoadUserProfile: Entering, hToken = 0x1f0, lpProfileInfo = 0x6f648 USERENV(b8.a0) 17:11:55:421 LoadUserProfile: lpProfileInfo-dwFlags = 0x0 USERENV(b8.a0) 17:11:55:421 LoadUserProfile: lpProfileInfo-lpUserName = XXX_admin USERENV(b8.a0) 17:11:55:421 LoadUserProfile: lpProfileInfo-lpProfilePath = \\pferdekopfnebel\profiles\XXX_admin\Win2K USERENV(b8.a0) 17:11:55:421 LoadUserProfile: lpProfileInfo-lpDefaultPath = \\PFERDEKOPFNEBEL\netlogon\Default User USERENV(b8.a0) 17:11:55:421 LoadUserProfile: NULL server name USERENV(b8.a0) 17:11:55:421 GetUserMutex: entering USERENV(b8.a0) 17:11:55:421 GetUserMutex: Waiting... USERENV(b8.a0) 17:11:55:421 GetUserMutex: Wait
Re: [Samba] Fwd: Re: Problem with Samba - Openldap and domain autentication of Windows XP
Ok, now the join to the domain works, but when i create a new user, and i try to login to the Windows XP domain, the windows says to me Unable to access. A periferic is not working. (sorry for the poor traduction, but my windows is in italian). Into the samba logs i read this: [2010/09/28 10:07:45.795892, 2] smbd/reply.c:536(reply_special) netbios connect: name1=MEDIADC0x20 name2=TESTAFS0x0 [2010/09/28 10:07:45.796139, 2] smbd/reply.c:547(reply_special) netbios connect: local=mediadc remote=testafs, name type = 0 [2010/09/28 10:07:45.799185, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/09/28 10:07:45.801093, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/09/28 10:07:45.801767, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2010/09/28 10:07:45.865629, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: AFS [2010/09/28 10:07:45.872442, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [AFS] - [AFS] - [AFS] succeeded [2010/09/28 10:07:45.872630, 1] rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base) _netr_LogonSamLogon: user MEDIADC\AFS has user sid S-1-5-21-3218914170-3340994528-1537192846-3010 but group sid S-1-5-21-1949818787-1514111066-129980733-513. The conflicting domain portions are not supported for NETLOGON calls This is my testparm (actually): [global] workgroup = MEDIADC netbios name = MEDIADC map to guest = Bad User passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri log level = 2 printcap name = cups add user script = /usr/sbin/ldapsmb -a -u %u -smbacct --makehomedir --homedir /home/%u -f delete user script = /usr/sbin/ldapsmb -d -u %u -f add group script = /usr/sbin/ldapsmb -a -g %g -f delete group script = /usr/sbin/ldapsmb -d -g %g -f add user to group script = /usr/sbin/ldapsmb -j -u %u -g %g -f delete user from group script = /usr/sbin/ldapsmb -r -u %u -g %g -f add machine script = /usr/sbin/ldapsmb -a -wks %u -f logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile domain logons = Yes os level = 99 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Machines ldap passwd sync = yes ldap suffix = dc=mediaservice-test,dc=pri ldap ssl = no ldap user suffix = ou=people usershare allow guests = Yes idmap backend = ldap:ldap://afs-test.mediaservice-test.pri cups options = raw [homes] comment = Home Directories valid users = %S, %D%w%S read only = No inherit acls = Yes browseable = No [profiles] comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root How i can debug what is wrong? Any suggestion? Cordially, Claudio Prono. Gaiseric Vandal ha scritto: Wait, you are using samba with openldap backend. Why are you using useradd ??? with this backend you need smbldap instead. like this: passdb backend = ldapsam:ldap://your ldap server ldap passwd sync = yes ldap delete dn = Yes ldap admin dn = cn=root,dc=domain,dc=com,dc=br ldap suffix = dc=domain,dc=com,dc=br ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = sambaDomainName=DOMAIN idmap backend = ldap:ldap://ldap server idmap alloc backend = ldap:ldap://ldap server idmap uid = 1000-2 idmap gid = 1000-2 idmap alloc config:range = 1000-2 ldap timeout
Re: [Samba] using include directives for shares?
include = /path/to/file (note =) 2010/9/28 Roel van Meer ro...@bokxing.nl scott_st...@trendmicro.com writes: From the smb.conf manpage, it says that an 'include file' will include that file into smb.conf as if it were typed in place. Yes, that should work. Some things you want to look at: - Is the include file world readable? - Does the output of 'testparm -sv' give any clues? Regards, roel /etc/samba/smb.conf contains: [global] various global parameters include /etc/samba/smb.conf.local and then /etc/samba/smb.conf.local contains my share definitions. I'm doing it this way because I'm using puppet to manage the global parameters on my various file servers, but each individual file server may have a different local configuration that operations guys without access to the puppetmaster might need to change. It seems to me that this should be supported as I'm doing it, but it appears not - the shares defined in smb.conf.local aren't getting served. What am I doing wrong, or am I running up against a known limitation? Using CentOS 5, latest updates installed, samba RPM version samba-3.0.33-3.29.el5_5.1 Scott Stone scott_st...@trendmicro.com Lead Developer, DCS-RD Trend Micro, Inc. http://www.trendmicro.com TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] fstab configuration for extended attributes
I have extended attributes in my fstab set with the following options: /dv/md0 /mnt/raid ext4 auto,errors=remount-ro,user_xattr 0 2 Aside from the user_xattr flag, do I have to set any other options to save extended attribute or file permissions information correctly to my share? I am running Samba 3.4.7 under Ubuntu 10.04 server. Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Samba - Openldap and domain autentication of Windows XP
On Mon, 27 Sep 2010 17:08:12 +0200, Claudio Prono claudio.pr...@atpss.net wrote: Gaiseric Vandal ha scritto: Do you have an underlying unix account for the pc (eg SOMEMACHINE$) It is possible to configure scripts that the unix account is created by samba if necessary when samba creates the Windows account for the machine. I don't have it set up this way, so I need to create the unix account 1st. add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ This script automatically add the machine if needed, or i am wrong ? Also, I found that since the underlying unix OS may need validate the machine account, I put my machine accounts in either the same ldap ou as people (or in a sub ou.) (getent passwd command may need to show your machine accounts as well as people accounts.) If you have manually created the unix account for the machine, can you them manually create the samba account for it e.g. smbpasswd -m -a SOMEMACHINE (I think you leave the $ off .) I use LDAP for both unix and windows clients so my config choices may not be applicable to a windows-only client environment. On 09/27/2010 09:59 AM, Claudio Prono wrote: Hello all, I have some problems to make work a configuration like Samba and OpenLDAP as domain controller. My operative system is OpenSuSE 11.3. Here is my testparm: [global] workgroup = MEDIADC netbios name = MEDIADC map to guest = Bad User passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri log level = 2 printcap name = cups add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Machines ldap passwd sync = yes ldap suffix = dc=mediaservice-test,dc=pri ldap ssl = no ldap user suffix = ou=people usershare allow guests = Yes idmap backend = ldap:ldap://afs-test.mediaservice-test.pri idmap uid = 1000-6 idmap gid = 1000-6 cups options = raw [homes] comment = Home Directories valid users = %S, %D%w%S read only = No inherit acls = Yes browseable = No [profiles] comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root If i try to join a windows xp into the domain i have this results: [2010/09/27 14:58:52.229946, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected [2010/09/27 14:58:52.233371, 2] smbd/reply.c:536(reply_special) netbios connect: name1=MEDIADC0x20 name2=TESTAFS0x0 [2010/09/27 14:58:52.233498, 2] smbd/reply.c:547(reply_special) netbios connect: local=mediadc remote=testafs, name type = 0 [2010/09/27 14:58:52.234068, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/09/27 14:58:52.233647, 0] lib/util_sock.c:675(write_data) [2010/09/27 14:58:52.234876, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2010/09/27 14:58:52.236855, 0] smbd/process.c:79(srv_send_smb) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) [2010/09/27 14:58:52.238615, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/09/27 14:58:52.239888,
[Samba] cross-realm Kerberos trust with a third Windows domain
Here is our scenario. We have a Windows 2008 domain I'll call CORP and an MIT realm I'll call REALM. There is a one-way trust (AES enabled) such that users in the CORP domain can access REALM resources. If I log into a CORP workstation, I can access REALM resources as expected (including samba). We have a third Windows 2008 domain I'll call LAB. If I log into a LAB workstation as a CORP user, and try to get to a REALM samba share, it won't connect and I get a very nondescript Windows error (normally a 'the network name no longer exists'). Using a packet capture and the 'klist ticket's command, I see I am getting the correct cifs Kerberos ticket for the samba server. Other kerberized resources (web, ssh) work - but samba won't connect. I am fairly certain Kerberos is working correctly, but samba won't allow the connection (I see SMB packets, but only about a half-dozen, and nothing indicating what the error might be) Is there any known reason why this configuration won't work? Is there a workaround? Any suggestions on troubleshooting this? Thanks much, Blake -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.5. id-map issues with Active Directory
Hi, I'm running Debian Squeeze on a few machines that are all authenticating to a pair of Windows 2008 servers. After upgrading to samba 3.5.5 from 3.4.8 idmap has stopped resolving which is preventing user authentication on these boxes. The boxes that have been left at 3.4.8 continue to work fine. On the 3.5.5 boxes wbinfo and net ads show lists of users and groups without issue yet id is not able to map uid's any more. nsswitch.conf is using: passwd: files winbind group: files winbind shadow: files winbind I can successfully connect the affected servers to the AD domain using net ads join and the keytab also generates fine. I have included my smb.conf below and will happily provide any details that will help. Many thanks for your time. Regards Simon [global] # Debuging domain auth issues: debug level = 10 workgroup = DOMAIN security = ads kerberos method = system keytab winbind use default domain = true realm = DOMAIN.NET disable netbios = yes name resolve order = host lmhosts hosts allow = 127.0.0.1 192.168.1.0/24 93.97.246.119 hosts deny = 0.0.0.0/0 password server = 192.168.1.2, 192.168.1.3, * idmap config DOMAIN:default = yes idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:backend = ad idmap config DOMAIN:range = 1-2 idmap backend = ad winbind offline logon = yes winbind nested groups = yes winbind separator = + winbind cache time = 3600 winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = rfc2307 template homedir = /home/%U template shell = /bin/bash client ntlmv2 auth = yes encrypt passwords = true local master = no domain master = no preferred master = no dns proxy = no server string = Samba Server Version %v socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 # Fix character set issues: # http://www.unixresources.net/linux/lf/59/archive/00/00/13/18/131896.html dos charset = 850 unix charset = UTF-8 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Quick question: samba and kerberos
Hello all, Samba can authenticate users into a Domain with kerberos password? I explain better: is possible to tell to samba to check the password using a kerberos server? Cordially, Claudio Prono. -- Claudio Prono OPST System Developer Gsm: +39-349-54.33.258 @PSS Srl Tel: +39-011-32.72.100 Via San Bernardino, 17Fax: +39-011-32.46.497 10141 Torino - ITALY http://atpss.net/disclaimer PGP Key - http://keys.atpss.net/c_prono.asc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Samba - Openldap and domain autentication of Windows XP
Claudio, Your problems may arise from the fact that you have set the workgroup and netbios name to identical values. [global] workgroup = MEDIADC netbios name = MEDIADC See the last sentence of this link: On 09/28/2010 4:06 AM, Claudio Prono wrote: http://oreilly.com/catalog/samba/chapter/book/ch04_04.html Dale Ok, now the join to the domain works, but when i create a new user, and i try to login to the Windows XP domain, the windows says to me Unable to access. A periferic is not working. (sorry for the poor traduction, but my windows is in italian). Into the samba logs i read this: [2010/09/28 10:07:45.795892, 2] smbd/reply.c:536(reply_special) netbios connect: name1=MEDIADC0x20 name2=TESTAFS0x0 [2010/09/28 10:07:45.796139, 2] smbd/reply.c:547(reply_special) netbios connect: local=mediadc remote=testafs, name type = 0 [2010/09/28 10:07:45.799185, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/09/28 10:07:45.801093, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/09/28 10:07:45.801767, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2010/09/28 10:07:45.865629, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: AFS [2010/09/28 10:07:45.872442, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [AFS] - [AFS] - [AFS] succeeded [2010/09/28 10:07:45.872630, 1] rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base) _netr_LogonSamLogon: user MEDIADC\AFS has user sid S-1-5-21-3218914170-3340994528-1537192846-3010 but group sid S-1-5-21-1949818787-1514111066-129980733-513. The conflicting domain portions are not supported for NETLOGON calls This is my testparm (actually): [global] workgroup = MEDIADC netbios name = MEDIADC map to guest = Bad User passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri log level = 2 printcap name = cups add user script = /usr/sbin/ldapsmb -a -u %u -smbacct --makehomedir --homedir /home/%u -f delete user script = /usr/sbin/ldapsmb -d -u %u -f add group script = /usr/sbin/ldapsmb -a -g %g -f delete group script = /usr/sbin/ldapsmb -d -g %g -f add user to group script = /usr/sbin/ldapsmb -j -u %u -g %g -f delete user from group script = /usr/sbin/ldapsmb -r -u %u -g %g -f add machine script = /usr/sbin/ldapsmb -a -wks %u -f logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile domain logons = Yes os level = 99 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Machines ldap passwd sync = yes ldap suffix = dc=mediaservice-test,dc=pri ldap ssl = no ldap user suffix = ou=people usershare allow guests = Yes idmap backend = ldap:ldap://afs-test.mediaservice-test.pri cups options = raw [homes] comment = Home Directories valid users = %S, %D%w%S read only = No inherit acls = Yes browseable = No [profiles] comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root How i can debug what is wrong? Any suggestion? Cordially, Claudio Prono. Gaiseric Vandal ha scritto: Wait, you are using samba with openldap backend. Why are you using useradd ??? with this backend you need smbldap instead. like this: passdb backend = ldapsam:ldap://your ldap server ldap passwd sync = yes ldap delete dn = Yes ldap admin dn = cn=root,dc=domain,dc=com,dc=br ldap suffix =
[Samba] help with user permissions
Hi My Name is Ben.T.George i successfully installed samba and other all dependencies on my Solaris 10 (SPARC) machine. i stopped the default samba and swat and enabled these 2 from the installed location (/usr/local/samba/sbin) then i edited the smb.conf using swat.after that i got a smb.conf like this\ # Samba config file created using SWAT # from UNKNOWN (ÿ¿û ) # Date: 2010/09/28 16:30:12 [global] workgroup = GROUP hosts allow = 192.168.1. [user1] path = /export/home/user1 valid users = user1 [ramana] path = /export/home/ramana valid users = ramana [teju] path = /export/home/teju valid users = teju [user1] path = /export/home/user1 valid users = user1 after that i created these 3 user's and set password (smbpassword and normal password) then i added one windows xp machine to this same GROUP,i can view these shared folders there then my problem is when i access that particular shared folders,every time one folder opens,when i try to access other 2 ,it says not accessible after that i tried to create these same users on windows,i logged another user and tried,,then the folder permission changed still i can access another folder and other 2 are not accessible.. every time these changed according to the user. please help me to solve thesewithout giving valid users it works perfect for me please Thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Samba - Openldap and domain autentication of Windows XP
Ok thanks, i have resolved it...now the samba+ldap part as domain controller works like a charm! Thank you to all. Claudio. Dale Schroeder ha scritto: Claudio, Your problems may arise from the fact that you have set the workgroup and netbios name to identical values. [global] workgroup = MEDIADC netbios name = MEDIADC See the last sentence of this link: On 09/28/2010 4:06 AM, Claudio Prono wrote: http://oreilly.com/catalog/samba/chapter/book/ch04_04.html Dale Ok, now the join to the domain works, but when i create a new user, and i try to login to the Windows XP domain, the windows says to me Unable to access. A periferic is not working. (sorry for the poor traduction, but my windows is in italian). Into the samba logs i read this: [2010/09/28 10:07:45.795892, 2] smbd/reply.c:536(reply_special) netbios connect: name1=MEDIADC0x20 name2=TESTAFS0x0 [2010/09/28 10:07:45.796139, 2] smbd/reply.c:547(reply_special) netbios connect: local=mediadc remote=testafs, name type = 0 [2010/09/28 10:07:45.799185, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/09/28 10:07:45.801093, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/09/28 10:07:45.801767, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2010/09/28 10:07:45.865629, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: AFS [2010/09/28 10:07:45.872442, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [AFS] - [AFS] - [AFS] succeeded [2010/09/28 10:07:45.872630, 1] rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base) _netr_LogonSamLogon: user MEDIADC\AFS has user sid S-1-5-21-3218914170-3340994528-1537192846-3010 but group sid S-1-5-21-1949818787-1514111066-129980733-513. The conflicting domain portions are not supported for NETLOGON calls This is my testparm (actually): [global] workgroup = MEDIADC netbios name = MEDIADC map to guest = Bad User passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri log level = 2 printcap name = cups add user script = /usr/sbin/ldapsmb -a -u %u -smbacct --makehomedir --homedir /home/%u -f delete user script = /usr/sbin/ldapsmb -d -u %u -f add group script = /usr/sbin/ldapsmb -a -g %g -f delete group script = /usr/sbin/ldapsmb -d -g %g -f add user to group script = /usr/sbin/ldapsmb -j -u %u -g %g -f delete user from group script = /usr/sbin/ldapsmb -r -u %u -g %g -f add machine script = /usr/sbin/ldapsmb -a -wks %u -f logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile domain logons = Yes os level = 99 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Machines ldap passwd sync = yes ldap suffix = dc=mediaservice-test,dc=pri ldap ssl = no ldap user suffix = ou=people usershare allow guests = Yes idmap backend = ldap:ldap://afs-test.mediaservice-test.pri cups options = raw [homes] comment = Home Directories valid users = %S, %D%w%S read only = No inherit acls = Yes browseable = No [profiles] comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root How i can debug what is wrong? Any suggestion? Cordially, Claudio Prono. Gaiseric Vandal ha scritto: Wait, you are using samba with openldap backend. Why are you using
[Samba] samba 3.5.5 and ACL mod
Hello, We are in the middle of testing debian squeeze 64 bits with samba 3.5.5 and are running into some questions: 1) Is this solution OK with windows 7 out of the box (ie no hacking/modifications to do on the pc) ? I have tested it seems so but I would like a confirmation. 2) Despite massive googling, I have not found a correct smb.conf configuration to change ACL statuses on shares (or even subfolders/files) via a windows based mmc (xp or vista). Yes, the IT people are not into SWAT or Webmin. It is stated possible. Are there any pointers or special issues I have missed with this version? Thanks in advance, Best Regards, Sebastian Perkins Systems Developer Engineer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.5.5 and ACL mod
On Tue, Sep 28, 2010 at 12:14 PM, sebastian.perk...@swisscom.com wrote: Hello, We are in the middle of testing debian squeeze 64 bits with samba 3.5.5 and are running into some questions: 1) Is this solution OK with windows 7 out of the box (ie no hacking/modifications to do on the pc) ? I have tested it seems so but I would like a confirmation. You still need the registry change from here: http://wiki.samba.org/index.php/Windows7 2) Despite massive googling, I have not found a correct smb.conf configuration to change ACL statuses on shares (or even subfolders/files) via a windows based mmc (xp or vista). Yes, the IT people are not into SWAT or Webmin. It is stated possible. Are there any pointers or special issues I have missed with this version? You need idmap to work for acls to even begin to work as you expect. You also need either acls enabled in the host filesystem and / or use the acl_xattr module. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with user permissions
Ben, If I understand you correctly, you are describing expected behavior. Using valid users means only the users listed can access that share. If you want all the users to have access, don't use valid users. Dale valid users (S) This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '' are interpreted using the same rules as described in the /|invalid users|/ parameter. If this is empty (the default) then any user can login. If a username is in both this list and the /|invalid users|/ list then access is denied for that user. The current servicename is substituted for /|%S|/. This is useful in the [homes] section. Default: //|valid users|/ = | # No valid users list (anyone can login) | / Example: //|valid users|/ = |greg, @pcusers| / On 09/28/2010 10:22 AM, Ben George wrote: Hi My Name is Ben.T.George i successfully installed samba and other all dependencies on my Solaris 10 (SPARC) machine. i stopped the default samba and swat and enabled these 2 from the installed location (/usr/local/samba/sbin) then i edited the smb.conf using swat.after that i got a smb.conf like this\ # Samba config file created using SWAT # from UNKNOWN (ÿ¿û ) # Date: 2010/09/28 16:30:12 [global] workgroup = GROUP hosts allow = 192.168.1. [user1] path = /export/home/user1 valid users = user1 [ramana] path = /export/home/ramana valid users = ramana [teju] path = /export/home/teju valid users = teju [user1] path = /export/home/user1 valid users = user1 after that i created these 3 user's and set password (smbpassword and normal password) then i added one windows xp machine to this same GROUP,i can view these shared folders there then my problem is when i access that particular shared folders,every time one folder opens,when i try to access other 2 ,it says not accessible after that i tried to create these same users on windows,i logged another user and tried,,then the folder permission changed still i can access another folder and other 2 are not accessible.. every time these changed according to the user. please help me to solve thesewithout giving valid users it works perfect for me please Thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with user permissions
Thanks for your reply.. yea i also want that same thing..give permission to that listed users only.. but when i checked that 3 folders in windows pc.,,only one folder can accable without password and when i try to access the other 2 folder's,,it says that network not reachable..u don't have permission to access this network...like that... On Tue, Sep 28, 2010 at 8:58 PM, Dale Schroeder d...@briannassaladdressing.com wrote: Ben, If I understand you correctly, you are describing expected behavior. Using valid users means only the users listed can access that share. If you want all the users to have access, don't use valid users. Dale valid users (S) This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '' are interpreted using the same rules as described in the *invalid users* parameter. If this is empty (the default) then any user can login. If a username is in both this list and the *invalid users* list then access is denied for that user. The current servicename is substituted for *%S*. This is useful in the [homes] section. Default: *valid users = # No valid users list (anyone can login) * Example: *valid users = greg, @pcusers * On 09/28/2010 10:22 AM, Ben George wrote: Hi My Name is Ben.T.George i successfully installed samba and other all dependencies on my Solaris 10 (SPARC) machine. i stopped the default samba and swat and enabled these 2 from the installed location (/usr/local/samba/sbin) then i edited the smb.conf using swat.after that i got a smb.conf like this\ # Samba config file created using SWAT # from UNKNOWN (ÿ¿û ) # Date: 2010/09/28 16:30:12 [global] workgroup = GROUP hosts allow = 192.168.1. [user1] path = /export/home/user1 valid users = user1 [ramana] path = /export/home/ramana valid users = ramana [teju] path = /export/home/teju valid users = teju [user1] path = /export/home/user1 valid users = user1 after that i created these 3 user's and set password (smbpassword and normal password) then i added one windows xp machine to this same GROUP,i can view these shared folders there then my problem is when i access that particular shared folders,every time one folder opens,when i try to access other 2 ,it says not accessible after that i tried to create these same users on windows,i logged another user and tried,,then the folder permission changed still i can access another folder and other 2 are not accessible.. every time these changed according to the user. please help me to solve thesewithout giving valid users it works perfect for me please Thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using include directives for shares?
sigh... I know I pressed the = button but I guess not hard enough.. and I wasn't looking for typos when debugging :) thanks for the good catch, that seemed to fix it... Still having performance problems with it but I'll start a new thread on that with more details. Scott Stone scott_st...@trendmicro.com Lead Developer, DCS-RD Trend Micro, Inc. http://www.trendmicro.com -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Juan Asensio Sánchez Sent: Tuesday, September 28, 2010 2:18 AM To: Roel van Meer; samba@lists.samba.org Subject: Re: [Samba] using include directives for shares? include = /path/to/file (note =) 2010/9/28 Roel van Meer ro...@bokxing.nl scott_st...@trendmicro.com writes: From the smb.conf manpage, it says that an 'include file' will include that file into smb.conf as if it were typed in place. Yes, that should work. Some things you want to look at: - Is the include file world readable? - Does the output of 'testparm -sv' give any clues? Regards, roel /etc/samba/smb.conf contains: [global] various global parameters include /etc/samba/smb.conf.local and then /etc/samba/smb.conf.local contains my share definitions. I'm doing it this way because I'm using puppet to manage the global parameters on my various file servers, but each individual file server may have a different local configuration that operations guys without access to the puppetmaster might need to change. It seems to me that this should be supported as I'm doing it, but it appears not - the shares defined in smb.conf.local aren't getting served. What am I doing wrong, or am I running up against a known limitation? Using CentOS 5, latest updates installed, samba RPM version samba-3.0.33-3.29.el5_5.1 Scott Stone scott_st...@trendmicro.com Lead Developer, DCS-RD Trend Micro, Inc. http://www.trendmicro.com TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] how to run more than one logon script
Hi everyone, I'm running Samba 3.4.7 with OpenLDAP as PDC and I want to run more than one logon script per user. What i want to achieve is: Run a general logon script, that do the folder mapping of the public access folders for all users. AFTER this run a group-based logon script, to map some groups-related folders. And still after those 2 scripts, run a user-based logon script, to map some user-related folders. Why i'm trying to do this: I want to do this because i have a lot of folders that i want to map for some users that are not from the same primary group. If i create only one script per user, i'll have tons of scripts, and I'll have to edit each of then every time i'd want to map a folder to all users, not only to those guys. I'm well aware that i can specify a group or user (or other things) related script in the users settings in samba, but i want to run more than one script. Is there a specific configuration to make this work? Is there a workaround to do this? Tks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] rpcclient errors
Hi all, I'm running Ubuntu 10.04 LTS and loaded (via apt-get) Samba version 2:3.4.7 as part of the effort to bring up Sambafax. A dpkg-query gives the following: # dpkg-query -l | fgrep samba ii libcrypt-smbhash-perl 0.12-3 generate LM/NT hash of a password for samba ii samba 2:3.4.7~dfsg-1ubuntu3.1 SMB/CIFS file, print, and login server for U ii samba-common2:3.4.7~dfsg-1ubuntu3.1 common files used by both the Samba server a ii samba-common-bin2:3.4.7~dfsg-1ubuntu3.1 common files used by both the Samba server a ii samba-doc 2:3.4.7~dfsg-1ubuntu3.1 Samba documentation The Windows drivers I've chosen are those used in a previous implementation of Sambafax (now years old) running on an old Redhat kernel; I'm to 'update' this but decided to use the Windows drivers of the old implementation with the notion, if it ain't broke... Populating /etc/samba/drivers with W32X86/2 and WIN40/0 drivers, I see: # ls -R /etc/samba/drivers /etc/samba/drivers: W32X86 WIN40 /etc/samba/drivers/W32X86: 2 /etc/samba/drivers/W32X86/2: cups5.hlp cupsdrv5.dll cupsui5.dll sambafax.ppd /etc/samba/drivers/WIN40: 0 /etc/samba/drivers/WIN40/0: ADFONTS.MFM ADOBEPS4.HLP ICONLIB.DLL sambafax.ppd ADOBEPS4.DRV DEFPRTR2.PPD PSMON.DLL I've tried to run rpcclient with the adddriver subcommand which fails with an different error for these 2 cases, and nothing specific in the error messages to indicate what really is the problem: # rpcclient -U 'Name%passwd' -c 'adddriver Windows NT x86 sambafax:cupsdrv5.dll:sambafax.ppd:cupsui5.dll:cups5.hlp:NULL:RAW:NULL' localhost result was WERR_BADFILE and # rpcclient -U 'Name%passwd' -c 'adddriver Windows 4.0 sambafax:ADOBEPS4.DRV:sambafax.ppd:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADOBEPS4.DRV,sambafax.ppd,ADOBEPS4.HLP,PSMON.DLL,ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL' localhost result was WERR_UNKNOWN_PRINTER_DRIVER I've tried putting the driver files directly in /etc/samba/drivers prior to executing the above rpcclient commands, as some comments on the net suggest the 'adddriver' command expects them there and moves them to the appropriate subdirectories but similar errors ensue. The errors would appear to be on the server side, but of course that's the same linux box. I've been stuck on this a few days... Any suggestions? Sorry for the volume here, but I didn't want to leave out some useful detail or other. Jeff Bernhard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to run more than one logon script
Hi Pascal, Forgive me my poor english, but i didn't understood what factorize your code means. Could you explain in another way (with examples, if possible =D )? Tks in advance. On Tue, Sep 28, 2010 at 4:52 PM, Pascal Valois pascal.val...@devinci.fr wrote: run more than one logon script ? there is only one reason to do so. it's if you want to share part of login script between users and factorize your code. if you dont, then merging the script is enough, and would explain why one logon script is sufficient. Le 28/09/2010 21:49, Leonardo Carneiro a écrit : Hi everyone, I'm running Samba 3.4.7 with OpenLDAP as PDC and I want to run more than one logon script per user. What i want to achieve is: Run a general logon script, that do the folder mapping of the public access folders for all users. AFTER this run a group-based logon script, to map some groups-related folders. And still after those 2 scripts, run a user-based logon script, to map some user-related folders. Why i'm trying to do this: I want to do this because i have a lot of folders that i want to map for some users that are not from the same primary group. If i create only one script per user, i'll have tons of scripts, and I'll have to edit each of then every time i'd want to map a folder to all users, not only to those guys. I'm well aware that i can specify a group or user (or other things) related script in the users settings in samba, but i want to run more than one script. Is there a specific configuration to make this work? Is there a workaround to do this? Tks in advance. -- Pascal Valois Service Informatique Pole Universitaire Léonard de Vinci -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to run more than one logon script
This is more of a Windows question (i.e. google searches windows login scripts may be helpfull. You scripts could use commands like ifmember groupname http://www.eggheadcafe.com/software/aspnet/30250014/login-script-group-membership.aspx That should let you map drives based on group membership. Then you can have the same login script specified for each user, and that login script includes conditional drive mappings for the specific groups. Windows also has the call command which should let one batch file call another then return to the 1st file. http://www.computerhope.com/call.htm On 09/28/2010 03:49 PM, Leonardo Carneiro wrote: Hi everyone, I'm running Samba 3.4.7 with OpenLDAP as PDC and I want to run more than one logon script per user. What i want to achieve is: Run a general logon script, that do the folder mapping of the public access folders for all users. AFTER this run a group-based logon script, to map some groups-related folders. And still after those 2 scripts, run a user-based logon script, to map some user-related folders. Why i'm trying to do this: I want to do this because i have a lot of folders that i want to map for some users that are not from the same primary group. If i create only one script per user, i'll have tons of scripts, and I'll have to edit each of then every time i'd want to map a folder to all users, not only to those guys. I'm well aware that i can specify a group or user (or other things) related script in the users settings in samba, but i want to run more than one script. Is there a specific configuration to make this work? Is there a workaround to do this? Tks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba version to use on CentOS?
I see via yum that there is samba and there is samba3x available for CentOS (my boxes are hooked to the main CentOS repo, Fedora EPEL, and RPMFORGE). 'samba' is 3.0.33 'samba3x' is 3.3.8 Is there any down-side to upgrading to 'samba3x' and running 3.3.8 instead of 3.0.33? I'm assuming that, in general, I should be running the latest stable version, yes? Scott Stone scott_st...@trendmicro.com Lead Developer, DCS-RD Trend Micro, Inc. http://www.trendmicro.com TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba version to use on CentOS?
If you want Windows 7 support, you need Samba 3.3.x. Which Fedora repo? I found that FC6 RPM's usually installed OK on RedHat RHEL5.x but anything above was likely to need a newer glibc or libc (or something like that.) On 09/28/2010 04:23 PM, scott_st...@trendmicro.com wrote: I see via yum that there is samba and there is samba3x available for CentOS (my boxes are hooked to the main CentOS repo, Fedora EPEL, and RPMFORGE). 'samba' is 3.0.33 'samba3x' is 3.3.8 Is there any down-side to upgrading to 'samba3x' and running 3.3.8 instead of 3.0.33? I'm assuming that, in general, I should be running the latest stable version, yes? Scott Stonescott_st...@trendmicro.com Lead Developer, DCS-RD Trend Micro, Inc. http://www.trendmicro.com TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to run more than one logon script
Hmm... this is interesting. I think that with the 'call' statement i can reach my goal. Make all users to run a default script, then this script does it's magic, call a group based script, and then this one also does it calls a third user-based script. Well, in theory this should work. I'll try and post here if this will work well. Tks in advance. On Tue, Sep 28, 2010 at 5:06 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: This is more of a Windows question (i.e. google searches windows login scripts may be helpfull. You scripts could use commands like ifmember groupname http://www.eggheadcafe.com/software/aspnet/30250014/login-script-group-membership.aspx That should let you map drives based on group membership. Then you can have the same login script specified for each user, and that login script includes conditional drive mappings for the specific groups. Windows also has the call command which should let one batch file call another then return to the 1st file. http://www.computerhope.com/call.htm On 09/28/2010 03:49 PM, Leonardo Carneiro wrote: Hi everyone, I'm running Samba 3.4.7 with OpenLDAP as PDC and I want to run more than one logon script per user. What i want to achieve is: Run a general logon script, that do the folder mapping of the public access folders for all users. AFTER this run a group-based logon script, to map some groups-related folders. And still after those 2 scripts, run a user-based logon script, to map some user-related folders. Why i'm trying to do this: I want to do this because i have a lot of folders that i want to map for some users that are not from the same primary group. If i create only one script per user, i'll have tons of scripts, and I'll have to edit each of then every time i'd want to map a folder to all users, not only to those guys. I'm well aware that i can specify a group or user (or other things) related script in the users settings in samba, but i want to run more than one script. Is there a specific configuration to make this work? Is there a workaround to do this? Tks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Setting Samba Write Cache Size Can Cause File Corruption
Hi, Back in June we had a thread going on this list about a problem we were seeing in which Disk I/Os on a Linux server periodically dropped out for a fraction of a second under very high Samba load (high load = 100s of MB/sec for both Read and Write). If you are interested in the details of the old thread, search the Samba list for Possible Issue with Samba Blocking I/O and CPU Anyway, we came to the conclusion that using the Samba variable write cache size = 262144 could significantly reduce the incidence of these I/O drop outs. If we understand correctly, this setting influences the minimum amount of data that Samba will send to the filesystem in a given write event. We suspect setting this value (versus not setting it) can provide a mechanism to help keep Samba writes aligned to the stripe size and stripe width of a hardware RAID array and help reduce or eliminate so-called partial stripe writes. After months of successful testing and real-world use, we believe we found a situation in which setting the write cache size causes a serious glitch. Searching Google with the terms Samba 'write cache size' file corruption yields a few prior cases of reported corruption, one with a patch to Samba in October of 2002. A couple of subsequent reports seem to have remained unresolved. In our situation, when write cache size is set to 262144 and when a certain non-linear video editing application imports still images and saves them as a single video frame to a Samba share, under some circumstances the file can get corrupted. At least that's what the editing application says about the file. Most of the time, importing works out just fine. For all codecs tested -- ranging from 25 Mbit/sec DV25 to 100 Mbit/sec DVC Pro HD to uncompressed SD and HD (respectively, about 28 and 160 MB/sec) -- imported still frame images are fine when the video standard is NTSC. But for PAL video (where each frame is slightly larger in size, but the total MB/sec is slightly lower due to 25 versus 29.97 frames per second) we found a couple of medium data rate codecs where the imported still frames always get corrupted. It is 100 percent reproducible. The problem doesn't seem to be the actual SIZE of the files. In other words, it's not like you pass some size threshold and then see the problem, or even that there are particular file sizes that cause problems. You can import a still image as a DV25 PAL frame and get a 641KB file and you can import the same still image as a DV50 NTSC frame and also get a 641KB file and the PAL file is always corrupted but the NTSC file is always fine. (I know it is weird that the files are the same size -- NTSC DV50 has double the data rate per sec and 20 percent more frames per second than PAL DV25, so a single sample frame from DV50 NTSC should be approximately 2*(PAL DV25)*(25/30) or 1.66*(PAL DV25). But they are the same. What can I say?). I can tell you that setting write cache size to 131072 (half the size) makes the corruption go away, and so does turning off the write cache size setting altogether. However, we are now wondering why the write cache size can have this effect on file corruption and whether setting it to 131072 will cause a corruption problem under some other circumstance we just haven't hit yet. Any ideas? By the way, we have seen and documented this problem with both Samba 3.4.2 and Samba 3.5.3. We also noticed that write cache size was listed as deprecated in 3.4.2 and that in 3.5.3 it is no longer listed as deprecated. Somebody besides us must have thought keeping write cache size was still a good idea?? Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Setting Samba Write Cache Size Can Cause File Corruption
On Tue, Sep 28, 2010 at 05:34:37PM -0400, Andy Liebman wrote: Back in June we had a thread going on this list about a problem we were seeing in which Disk I/Os on a Linux server periodically dropped out for a fraction of a second under very high Samba load (high load = 100s of MB/sec for both Read and Write). If you are interested in the details of the old thread, search the Samba list for Possible Issue with Samba Blocking I/O and CPU Anyway, we came to the conclusion that using the Samba variable write cache size = 262144 could significantly reduce the incidence of these I/O drop outs. If we understand correctly, this setting influences the minimum amount of data that Samba will send to the filesystem in a given write event. We suspect setting this value (versus not setting it) can provide a mechanism to help keep Samba writes aligned to the stripe size and stripe width of a hardware RAID array and help reduce or eliminate so-called partial stripe writes. After months of successful testing and real-world use, we believe we found a situation in which setting the write cache size causes a serious glitch. Searching Google with the terms Samba 'write cache size' file corruption yields a few prior cases of reported corruption, one with a patch to Samba in October of 2002. A couple of subsequent reports seem to have remained unresolved. In our situation, when write cache size is set to 262144 and when a certain non-linear video editing application imports still images and saves them as a single video frame to a Samba share, under some circumstances the file can get corrupted. At least that's what the editing application says about the file. Most of the time, importing works out just fine. For all codecs tested -- ranging from 25 Mbit/sec DV25 to 100 Mbit/sec DVC Pro HD to uncompressed SD and HD (respectively, about 28 and 160 MB/sec) -- imported still frame images are fine when the video standard is NTSC. But for PAL video (where each frame is slightly larger in size, but the total MB/sec is slightly lower due to 25 versus 29.97 frames per second) we found a couple of medium data rate codecs where the imported still frames always get corrupted. It is 100 percent reproducible. The problem doesn't seem to be the actual SIZE of the files. In other words, it's not like you pass some size threshold and then see the problem, or even that there are particular file sizes that cause problems. You can import a still image as a DV25 PAL frame and get a 641KB file and you can import the same still image as a DV50 NTSC frame and also get a 641KB file and the PAL file is always corrupted but the NTSC file is always fine. (I know it is weird that the files are the same size -- NTSC DV50 has double the data rate per sec and 20 percent more frames per second than PAL DV25, so a single sample frame from DV50 NTSC should be approximately 2*(PAL DV25)*(25/30) or 1.66*(PAL DV25). But they are the same. What can I say?). I can tell you that setting write cache size to 131072 (half the size) makes the corruption go away, and so does turning off the write cache size setting altogether. However, we are now wondering why the write cache size can have this effect on file corruption and whether setting it to 131072 will cause a corruption problem under some other circumstance we just haven't hit yet. Any ideas? By the way, we have seen and documented this problem with both Samba 3.4.2 and Samba 3.5.3. We also noticed that write cache size was listed as deprecated in 3.4.2 and that in 3.5.3 it is no longer listed as deprecated. Somebody besides us must have thought keeping write cache size was still a good idea?? Well, it *is* a crap idea that happens to be wildly successful in tuning weird workloads. A couple of weeks (months?) ago I've done some considerable tuning to the write cache, which changed a few code paths. I would really like to see if master (or v3-6-test) still corrupts files. If it does, I am very interested in fixing that. What I would need is a debug level 10 log of smbd doing that together with a network trace and an strace. Probably a HUGE amount of data, but that is necessary unfortunately. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba version to use on CentOS?
it's Fedora EPEL which is the enterprise repository.. ie, Fedora packages specifically ported to work on CentOS. It used to be part of the fedora mirror but now it's its own thing, at least on mirrors.kernel.org. Turns out, however, that both versions of samba are part of the CentOS 5 base repo. Scott Stone scott_st...@trendmicro.com Lead Developer, DCS-RD Trend Micro, Inc. http://www.trendmicro.com -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Gaiseric Vandal Sent: Tuesday, September 28, 2010 1:37 PM To: samba@lists.samba.org Subject: Re: [Samba] samba version to use on CentOS? If you want Windows 7 support, you need Samba 3.3.x. Which Fedora repo? I found that FC6 RPM's usually installed OK on RedHat RHEL5.x but anything above was likely to need a newer glibc or libc (or something like that.) On 09/28/2010 04:23 PM, scott_st...@trendmicro.com wrote: I see via yum that there is samba and there is samba3x available for CentOS (my boxes are hooked to the main CentOS repo, Fedora EPEL, and RPMFORGE). 'samba' is 3.0.33 'samba3x' is 3.3.8 Is there any down-side to upgrading to 'samba3x' and running 3.3.8 instead of 3.0.33? I'm assuming that, in general, I should be running the latest stable version, yes? Scott Stonescott_st...@trendmicro.com Lead Developer, DCS-RD Trend Micro, Inc. http://www.trendmicro.com TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to run more than one logon script
Am 28.09.2010 23:17, schrieb Leonardo Carneiro: Well, in theory this should work. I'll try and post here if this will work well. Tks in advance. It works, you could use many combinations: for user: logon script = %u.bat %g %m for group: logon script = %g.bat %u %m for machine: logon script = %m.bat %u %g for all: logon script = logon.bat %u %g %m For example, if you use the last possibility 'all', then in logon.bat: REM Run user specific stuff REM call %1.bat REM Run group specific stuff REM call %2.bat REM Run machine specific stuff REM call %3.bat -- der tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Setting Samba Write Cache Size Can Cause File Corruption
On Tue, Sep 28, 2010 at 05:34:37PM -0400, Andy Liebman wrote: I can tell you that setting write cache size to 131072 (half the size) makes the corruption go away, and so does turning off the write cache size setting altogether. However, we are now wondering why the write cache size can have this effect on file corruption and whether setting it to 131072 will cause a corruption problem under some other circumstance we just haven't hit yet. Well it's because this code must have a bug :-). Volker is right, you should check it first with the v3-6-test git tree code, as he has done some changes there that might have already fixed it (if so we will back-port to 3.5.next of course). If not, we'll need voluminous traces to track down the exact set of writes that cause the problem. Using the vfs_full_audit might initially help. Any ideas? By the way, we have seen and documented this problem with both Samba 3.4.2 and Samba 3.5.3. We also noticed that write cache size was listed as deprecated in 3.4.2 and that in 3.5.3 it is no longer listed as deprecated. Somebody besides us must have thought keeping write cache size was still a good idea?? I wrote the original write cache code but thought it wasn't needed (so marked it deprecated) but as Volker found, sometimes it's really useful in certain workloads. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Setting Samba Write Cache Size Can Cause File Corruption
Hi Well it's because this code must have a bug :-). Volker is right, you should check it first with the v3-6-test git tree code, as he has done some changes there that might have already fixed it (if so we will back-port to 3.5.next of course). If not, we'll need voluminous traces to track down the exact set of writes that cause the problem. Using the vfs_full_audit might initially help. We just compiled it. As I said, very easy to reproduce. So, we'll let you know what we find tomorrow with the new code. We have already looked at wireshark traces and it won't be any problem to get you level 10 logs (if the problem still persists). Fortunately, it's just 1 frame of video, so the logs won't be THAT unmanageable. Thanks! Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba version to use on CentOS?
On Tue, Sep 28, 2010 at 5:42 PM, scott_st...@trendmicro.com wrote: it's Fedora EPEL which is the enterprise repository.. ie, Fedora packages specifically ported to work on CentOS. It used to be part of the fedora mirror but now it's its own thing, at least on mirrors.kernel.org. Turns out, however, that both versions of samba are part of the CentOS 5 base repo. Fedora EPEL is a very handy backport repository, porting Fedora packages back to RHEL. They have considerable support from RedHat, and make RedHat's frankly so stable it's stopped breathing release of RHEL 5 usable. CentOS is a carefully matched fork of RHEL, so the compatibility with CentOS is excellent, and some tools (such as mock) use CentOS resources rather than RHEL because those are freely accessed without a license. If you look upstream to RHEL repositories, you'll see that both those packages come from RedHat's RHEL 5, and are rebuilt from SRPM's. They're useful, but seriously dated. There are binaries and some RPM's for 3.5.x releases at ftp.sernet.de, and I like them. I've been trying to get Samba 4 to build as an RPM, but it's painful: the switch from autoconf based build tools to WAF is driving me nutty, as is the confusing presence of sourc3 content in parallel to source4 tools, and the discarding of installation to sbin targets for mount.cifs and umount.cifs utilities, and dependency tracking to get certain components built. It's painful work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Replicating Windows Inheritance
Hello All, I have been spending a bit of time playing around with trying to get permission inheritance to work in a similar way to what our Windows team is used to with their Windows servers. The behaviour I am after is to following: 1. Create a new folder 2. Select the new folder and go to Properties - Security - Advanced 3. Tick the Inherit from parent the permission entries that apply to child objects... 4. Click Apply/OK as necessary to close the options windows 5. Create a new sub-folder in the previously created folder 6. Select the new sub-folder and go to Properties - Security - Advanced 7. I should see that Inherit from parent... is already ticked by default 'map acl inherit = yes' would seem to be the option I am after. It does seem to work on individual folders, but does not propagate the Inherit from parent... option by default when new sub-folders are created. 'inherit permissions = yes' and 'inherit acls = yes' work OK for settings the permissions correctly when a file/folder is newly created, but falls over when permissions need to changed at a later stage. Am I missing something obvious? or is this behaviour not able to be reproduced using samba? Cheers, John. == Some (Hopefully) Useful Info == ACLs and Extended Attributes are enabled on the file-system # smbd -V Version 3.4.8 # testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [share1] Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = TESTLAB realm = TEST.LAB server string = testsamba security = ADS password server = testlabad.test.lab, * syslog = 0 log file = /var/log/samba/log.smbd unix extensions = No load printers = No local master = No domain master = No dns proxy = No panic action = /usr/share/samba/panic-action %d idmap uid = 100-1000 idmap gid = 100-1000 winbind separator = + winbind cache time = 600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config TESTLAB:default = yes idmap config TESTLAB:range = 100-199 idmap config TESTLAB:backend = rid admin users = @TESTLAB+Domain Admins read only = No inherit permissions = Yes inherit acls = Yes map acl inherit = Yes [share1] comment = Test Share 1 path = /srv/share1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 intersite DC replication
Hi, How's samba4 in intersite environment ? I'm not really concerned about bandwidth, but mostly in which ports I need to open in the firewall and if it has been tested before. Thanks Srinath -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba version to use on CentOS?
On 09/29/2010 02:10 PM, Nico Kadel-Garcia wrote: There are binaries and some RPM's for 3.5.x releases at ftp.sernet.de, and I like them. I've been trying to get Samba 4 to build as an RPM, but it's painful: Why don't you just use the official 3.5.5 source and build the rpms from that? Oh yeah - the official makerpm.sh is buggy... You should be able to... cd samba-3.5.5/packaging/RHEL sh makerpms.sh ...however the samba.spec is slightly broken. Find attached the altered version I've made - allows me to compile 3.5.5 under CentOS-4.8 and CentOS-5.4. I'll also upload it to bugzilla -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 %define initdir %{_sysconfdir}/rc.d/init.d %define auth %(test -f /etc/pam.d/system-auth echo /etc/pam.d/system-auth || echo) #a total hack - I don't know rpm better :-( %define rhV %(awk '{print $3}' /etc/redhat-release|grep -c ^4) Summary: Samba SMB client and server Vendor: Samba Team Packager: Samba Team sa...@samba.org Name: samba Version: 3.5.5 Release: 1 Epoch:0 License: GNU GPL version 3 Group: System Environment/Daemons URL: http://www.samba.org/ Source: samba-%{version}.tar.bz2 # Don't depend on Net::LDAP Source998: filter-requires-samba.sh Source999: setup.tar.bz2 Prereq: /sbin/chkconfig /bin/mktemp /usr/bin/killall Prereq: fileutils sed /etc/init.d Requires: pam = 0.64 %{auth} Requires: samba-common = %{version}-%{release} Requires: logrotate = 3.4 initscripts = 5.54-1 Provides: samba = %{version} Prefix: /usr BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: pam-devel, readline-devel, fileutils, libacl-devel, openldap-devel, krb5-devel, cups-devel %if 0%{?rhV} BuildRequires: keyutils-devel %else BuildRequires: keyutils-libs-devel %endif # Working around perl dependency problem from docs %define __perl_requires %{SOURCE998} # rpm screws up the arch lib dir when using --target on RHEL5 %ifarch i386 i486 i586 i686 ppc s390 %define _libarch lib %else %define _libarch %_lib %endif %define _libarchdir /usr/%{_libarch} %description Samba is the protocol by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB server that can be used to provide network services to SMB (sometimes called Lan Manager) clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. ### %package client Summary: Samba (SMB) client programs. Group: Applications/System Requires: samba-common = %{version}-%{release} Obsoletes: smbfs Provides: samba-client = %{version}-%{release} %description client The samba-client package provides some SMB clients to compliment the built-in SMB filesystem in Linux. These clients allow access of SMB shares and printing to SMB printers. ### %package common Summary: Files used by both Samba servers and clients. Group: Applications/System Provides: samba-common = %{version}-%{release} %description common Samba-common provides files necessary for both the server and client packages of Samba. ### %package swat Summary: The Samba SMB server configuration program. Group: Applications/System Requires: samba = %{version} xinetd Provides: samba-swat = %{version}-%{release} %description swat The samba-swat package includes the new SWAT (Samba Web Administration Tool), for remotely managing Samba's smb.conf file using your favorite Web browser. ### %package doc Summary: Samba Documentation Group:Documentation/Other Provides: samba-doc = %{version}-%{release} Prereq: /usr/bin/find /bin/rm /usr/bin/xargs %description doc The samba-doc package includes the HTML versions of the Samba manpages utilized by SWAT as well as the HTML and PDF version of Using Samba, Samba By Example, and The Official Samba HOWTO and Reference Guide. ### %prep %setup -q # setup the vendor files (init scripts, etc...) %setup -T -D -a 999 -n samba-%{version} -q %build /bin/cp setup/filter-requires-samba.sh %{SOURCE998} cd source3 # RPM_OPT_FLAGS=$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64 ## check for ccache if [ $(which ccache 2 /dev/null) != ]; then CC=ccache gcc else CC=gcc fi ## always run autogen.sh ./autogen.sh ## ignore insufficiently linked libreadline (RH bugzilla #499837):
Re: [Samba] Setting Samba Write Cache Size Can Cause File Corruption
On Tue, Sep 28, 2010 at 06:15:18PM -0400, Andy Liebman wrote: Well it's because this code must have a bug :-). Volker is right, you should check it first with the v3-6-test git tree code, as he has done some changes there that might have already fixed it (if so we will back-port to 3.5.next of course). If not, we'll need voluminous traces to track down the exact set of writes that cause the problem. Using the vfs_full_audit might initially help. We just compiled it. As I said, very easy to reproduce. So, we'll let you know what we find tomorrow with the new code. We have already looked at wireshark traces and it won't be any problem to get you level 10 logs (if the problem still persists). Fortunately, it's just 1 frame of video, so the logs won't be THAT unmanageable. Please make sure that we get all three: strace, level10 logs and sniff, all from the same run. We could probably work it out with less, but this piece of code can be a bit delicate, and all three give most information. Thanks, Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.5 with ldap backend crash slapd 2.4.23 !!!
Hello We use here Openldap 2.4.23 server running on a FreeBSD 8.1 server compiled on the server from the FreeBSD ports. It runs well since weeks. We also use a Samba server 3.5.2 with ldap backend on a Linux Debian Lenny server compiled from source on the server, everything was running well ... Last Monday I decided to upgrade the Samba server to the latest Stable release ( 3.5.5 ) then the nightmare begins ... Few minutes after I restart ( reboot the server ) the samba server the slapd daemon violently crashed. After few restart it was still the same : slapd works well if samba is stopped , Linux clients can authenticate without problem, if I start samba daemons , windows clients begin to connect and after few seconds slapd crash ... Any infos welcome ! Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Tue Sep 28 06:00:01 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-09-27 00:00:23.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-09-28 00:00:44.0 -0600 @@ -1,9 +1,9 @@ -Build status as of Mon Sep 27 06:00:01 2010 +Build status as of Tue Sep 28 06:00:01 2010 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 32 4 0 +ccache 32 2 0 ccache-maint 31 2 0 ldb 32 11 0 libreplace 32 11 0 @@ -14,7 +14,7 @@ samba-docs 0 0 0 samba-web0 0 0 samba_3_current 32 28 0 -samba_3_master 32 27 0 +samba_3_master 32 26 0 samba_3_next 32 30 0 samba_4_0_waf 35 31 0 talloc 32 6 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c7f6ab8 s4-provision: fixed the authority response for our SOA record via 0bbbfa0 s4-dns: implemented RODC DNS update in dns update task via c4d2b6f s4-netlogon: added RODC DNS update call fwded to dnsupdate task via 6237d56 s4-dns: added --update-list option to samba_dnsupdate via 7d38079 pidl: added ifdef guards around ndr headers via bc47af5 s4-kdc: added ifdef guards in kdc.h via 1587b46 s4-ldb: removed an unused variable via 17aa2b3 s4-kcc: fixed a incorrect context to kcctpl_get_all_bridgehead_dcs via e313667 s4-dsdb: added samdb_find_site_for_computer() and samdb_find_ntdsguid_for_computer() via c972790 s4-auth: removed unused variable dom_sid from 94dc2c1 s3: Lift smbd_messaging_context() from open_sockets_smbd() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c7f6ab890e8e70f27ddc975abec58b5e0cf8d6a5 Author: Andrew Tridgell tri...@samba.org Date: Mon Sep 27 22:53:06 2010 -0700 s4-provision: fixed the authority response for our SOA record some clients rely on this being the hostname, not the domain Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104 commit 0bbbfa04f60b173912cedcfe08590fe43b5c2872 Author: Andrew Tridgell tri...@samba.org Date: Mon Sep 27 21:08:43 2010 -0700 s4-dns: implemented RODC DNS update in dns update task Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit c4d2b6fbc21625dc5ed2063e5ad699309fa5a3e1 Author: Andrew Tridgell tri...@samba.org Date: Mon Sep 27 21:08:23 2010 -0700 s4-netlogon: added RODC DNS update call fwded to dnsupdate task when we get a netlogon RODC DNS update, we send it to the dnsupdate task commit 6237d560275d7d19e46afe85cb9f19313359ea80 Author: Andrew Tridgell tri...@samba.org Date: Mon Sep 27 21:07:17 2010 -0700 s4-dns: added --update-list option to samba_dnsupdate this allows us to use it for RODC netlogon updates commit 7d380795b63c9b6e5196607960a35cfc90bdf1d9 Author: Andrew Tridgell tri...@samba.org Date: Mon Sep 27 21:03:45 2010 -0700 pidl: added ifdef guards around ndr headers this prevents us parsing the leading headers needlessly commit bc47af50eb0896c108b7acc5323a897e27120252 Author: Andrew Tridgell tri...@samba.org Date: Mon Sep 27 21:03:14 2010 -0700 s4-kdc: added ifdef guards in kdc.h this prevents too much recursion in the compiler preprocessor commit 1587b46fa0f403578f7198a4e7c7ef603aaa5598 Author: Andrew Tridgell tri...@samba.org Date: Mon Sep 27 19:47:14 2010 -0700 s4-ldb: removed an unused variable commit 17aa2b329494bc82a89bc9bd8a7e6ba66406fc52 Author: Andrew Tridgell tri...@samba.org Date: Mon Sep 27 19:47:01 2010 -0700 s4-kcc: fixed a incorrect context to kcctpl_get_all_bridgehead_dcs commit e313667983f5225d6f506d53fcd15011d54d5538 Author: Andrew Tridgell tri...@samba.org Date: Mon Sep 27 19:46:37 2010 -0700 s4-dsdb: added samdb_find_site_for_computer() and samdb_find_ntdsguid_for_computer() these will be used by the new RODC dns update code Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit c9727902499b0cc84fef9a44b5252ac83376456e Author: Andrew Tridgell tri...@samba.org Date: Mon Sep 27 19:45:56 2010 -0700 s4-auth: removed unused variable dom_sid --- Summary of changes: pidl/lib/Parse/Pidl/Samba4/Header.pm | 17 ++- source4/auth/session.c|2 +- source4/dsdb/common/util.c| 57 +++ source4/dsdb/dns/dns_update.c | 199 + source4/dsdb/kcc/kcc_topology.c |2 +- source4/dsdb/samdb/ldb_modules/util.c |1 - source4/kdc/kdc.h |5 + source4/librpc/idl/irpc.idl | 12 ++- source4/rpc_server/netlogon/dcerpc_netlogon.c | 92 +++- source4/scripting/bin/samba_dnsupdate | 22 ++- source4/setup/provision.zone |2 +- 11 files changed, 394 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/pidl/lib/Parse/Pidl/Samba4/Header.pm b/pidl/lib/Parse/Pidl/Samba4/Header.pm index be1df4b..9788b2c 100644 --- a/pidl/lib/Parse/Pidl/Samba4/Header.pm +++ b/pidl/lib/Parse/Pidl/Samba4/Header.pm @@ -5,7 +5,6 @@ # released under the GNU GPL package Parse::Pidl::Samba4::Header; - require Exporter; @ISA = qw(Exporter); @@ -412,6 +411,20 @@ sub Parse($) $res = ; %headerstructs = (); pidl /* header auto-generated by pidl */\n\n; + + my $ifacename = ; + + # work out a unique interface name + foreach (@{$ndr}) { + if ($_-{TYPE}
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0688c5b samba4: Don't update Makefile/configure from autogen.sh. via 63928c8 ldb/tevent: Fix detection of waf paths. via 4752d88 tevent: Remove make targets that are not relevant for tevent. via 302423f tevent: Don't update Makefile/configure files. via 85443e0 ldb: Update autogen-waf.sh to no longer overwrite existing files. via 72a41cc ldb: Remove samba-specific targets from Makefile. via 78b4b21 ldb: Bump version because of addition of ldb_req_location. via 02f87d1 format-subunit: Display number of failed tests even if there are no failed testsuites. via 36ffe4f selftest: Abort early on SIGPIPE. via 7ac4a71 Add dedicated exception for immediate failure in filter-subunit, don't raise it on known exceptions. via c12f1a1 s4-selftest: added a --fail-immediately option to s4 test via 71f88c4 filter-subunit: added a --fail-immediately option from c7f6ab8 s4-provision: fixed the authority response for our SOA record http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0688c5b2f1b6c34e7f79018007848ad8a477e854 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 28 09:08:10 2010 +0200 samba4: Don't update Makefile/configure from autogen.sh. commit 63928c82c1c5ed2fa3bab30976566a8a393ef8b4 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 28 09:00:26 2010 +0200 ldb/tevent: Fix detection of waf paths. commit 4752d88fed66ac07e6704688cc2188e42d216962 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 28 08:42:26 2010 +0200 tevent: Remove make targets that are not relevant for tevent. commit 302423f3062f16f75b3204c1ddf3cf2154f4f224 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 28 08:41:11 2010 +0200 tevent: Don't update Makefile/configure files. commit 85443e0850fc58925ab7d3e7f36e1001b7f4a149 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 28 08:38:33 2010 +0200 ldb: Update autogen-waf.sh to no longer overwrite existing files. commit 72a41cc820dd52699d7e2b33f2dce273d0f246d7 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 28 08:34:10 2010 +0200 ldb: Remove samba-specific targets from Makefile. commit 78b4b21b40ba23490581d0bedf4b3208dd13fa13 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 28 08:15:55 2010 +0200 ldb: Bump version because of addition of ldb_req_location. commit 02f87d1c367908fa97be35880260e8c2f6fa04a3 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 28 07:53:02 2010 +0200 format-subunit: Display number of failed tests even if there are no failed testsuites. commit 36ffe4f467779cd282ed471f3bed8aee8a7c55bd Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 28 07:40:27 2010 +0200 selftest: Abort early on SIGPIPE. commit 7ac4a710725d1e439179c3846525b3245dc3f5f6 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 28 07:10:43 2010 +0200 Add dedicated exception for immediate failure in filter-subunit, don't raise it on known exceptions. commit c12f1a1e912aeca8645b68c0ef720466c13ce8bb Author: Andrew Tridgell tri...@samba.org Date: Sun Sep 26 18:58:05 2010 -0700 s4-selftest: added a --fail-immediately option to s4 test this can be used to force an immediate test failure on the first failed test case. You can also use: make test FAIL_IMMEDIATELY=1 commit 71f88c45a751e5f72de00dee0628b5c1b6614bf3 Author: Andrew Tridgell tri...@samba.org Date: Sun Sep 26 18:56:50 2010 -0700 filter-subunit: added a --fail-immediately option --- Summary of changes: lib/tevent/Makefile| 12 +++- lib/tevent/autogen-waf.sh | 12 +++- lib/tevent/autogen.sh |2 +- lib/tevent/configure |9 - selftest/filter-subunit| 13 ++--- selftest/format-subunit|4 +++- selftest/selftest.pl |8 selftest/subunithelper.py | 15 ++- source4/autogen-waf.sh | 12 +++- source4/autogen.sh |2 +- source4/lib/ldb/Makefile | 12 +++- source4/lib/ldb/autogen-waf.sh | 12 +++- source4/lib/ldb/autogen.sh |2 +- source4/lib/ldb/configure |9 - source4/lib/ldb/wscript|2 +- source4/selftest/wscript |7 +++ 16 files changed, 101 insertions(+), 32 deletions(-) mode change 12 = 100755 lib/tevent/autogen-waf.sh mode change 12 = 100755 source4/autogen-waf.sh mode change 12 = 100755 source4/lib/ldb/autogen-waf.sh Changeset truncated at 500 lines: diff --git a/lib/tevent/Makefile b/lib/tevent/Makefile index bf19ebe..3f188a9 100644 --- a/lib/tevent/Makefile +++ b/lib/tevent/Makefile @@ -1,6 +1,8 @@ # simple makefile wrapper to run waf
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b4a5ece ldb: Fix path to alternative buildtools. from 0688c5b samba4: Don't update Makefile/configure from autogen.sh. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b4a5ece84a0a516a1efec6b17d67eb787b824663 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 28 09:16:03 2010 +0200 ldb: Fix path to alternative buildtools. --- Summary of changes: source4/lib/ldb/Makefile |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/ldb/Makefile b/source4/lib/ldb/Makefile index 3f188a9..3d0d8e4 100644 --- a/source4/lib/ldb/Makefile +++ b/source4/lib/ldb/Makefile @@ -1,6 +1,6 @@ # simple makefile wrapper to run waf -WAFPATH:=$(shell PATH=../../buildtools/bin:buildtools/bin:$(PATH) which waf) +WAFPATH:=$(shell PATH=../../../buildtools/bin:buildtools/bin:$(PATH) which waf) WAF=WAF_MAKE=1 $(WAFPATH) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 07697fa s3-auth_util: make sure the system server info actually contains S-1-5-18. via 314d738 s3-printing: remove unused old structs. from b4a5ece ldb: Fix path to alternative buildtools. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 07697fa053099a01035a30f4d05dffeafff96c75 Author: Günther Deschner g...@samba.org Date: Tue Sep 28 07:45:47 2010 +0200 s3-auth_util: make sure the system server info actually contains S-1-5-18. Without this, all security descriptor checks for the winreg spoolss backend fail and make our spoolss system in its current shape basically unusable. Andreas, please check. Guenther commit 314d738f907958a86e2638689f5c45f3b931047e Author: Günther Deschner g...@samba.org Date: Tue Sep 28 05:39:42 2010 +0200 s3-printing: remove unused old structs. Guenther --- Summary of changes: source3/auth/auth_util.c |9 ++ source3/include/nt_printing.h | 60 - 2 files changed, 9 insertions(+), 60 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 94adc3c..9fbc7f1 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -768,6 +768,15 @@ static NTSTATUS make_new_server_info_system(TALLOC_CTX *mem_ctx, (*server_info)-system = true; + status = add_sid_to_array_unique((*server_info)-ptok-sids, +global_sid_System, +(*server_info)-ptok-sids, +(*server_info)-ptok-num_sids); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE((*server_info)); + return status; + } + return NT_STATUS_OK; } diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h index 52b11fe..d244b2c 100644 --- a/source3/include/nt_printing.h +++ b/source3/include/nt_printing.h @@ -25,66 +25,6 @@ #include client.h #include ../librpc/gen_ndr/srv_spoolss.h -/* container for a single registry key */ - -typedef struct { - char*name; - struct regval_ctr *values; -} NT_PRINTER_KEY; - -/* container for all printer data */ - -typedef struct { - int num_keys; - NT_PRINTER_KEY *keys; -} NT_PRINTER_DATA; - -typedef struct nt_printer_info_level_2 -{ - uint32 attributes; - uint32 priority; - uint32 default_priority; - uint32 starttime; - uint32 untiltime; - uint32 status; - uint32 cjobs; - uint32 averageppm; - fstring servername; - fstring printername; - fstring sharename; - fstring portname; - fstring drivername; - char comment[1024]; - fstring location; - struct spoolss_DeviceMode *devmode; - fstring sepfile; - fstring printprocessor; - fstring datatype; - fstring parameters; - NT_PRINTER_DATA *data; - struct sec_desc_buf *secdesc_buf; - uint32 changeid; - uint32 c_setprinter; - uint32 setuptime; -} NT_PRINTER_INFO_LEVEL_2; - -typedef struct nt_printer_info_level -{ - NT_PRINTER_INFO_LEVEL_2 *info_2; -} NT_PRINTER_INFO_LEVEL; - -typedef struct -{ - fstring name; - uint32 flag; - uint32 width; - uint32 length; - uint32 left; - uint32 top; - uint32 right; - uint32 bottom; -} nt_forms_struct; - #ifndef SAMBA_PRINTER_PORT_NAME #define SAMBA_PRINTER_PORT_NAME Samba Printer Port #endif -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2a1891a s3-waf: fix dependencies in most of our module subsystems. via 5fcd047 s3-waf: add pam_smbpass. from 07697fa s3-auth_util: make sure the system server info actually contains S-1-5-18. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2a1891a9d67d547847b233dec85925d726696e7f Author: Günther Deschner g...@samba.org Date: Tue Sep 28 09:27:54 2010 +0200 s3-waf: fix dependencies in most of our module subsystems. Guenther commit 5fcd0471e59c35d0769628fa8d1a021bf78b714c Author: Günther Deschner g...@samba.org Date: Tue Sep 28 08:54:39 2010 +0200 s3-waf: add pam_smbpass. Guenther --- Summary of changes: source3/auth/wscript_build |8 ++-- source3/libgpo/gpext/wscript_build |1 - source3/modules/wscript_build | 16 +--- source3/pam_smbpass/wscript_build | 13 + source3/winbindd/wscript_build |1 - source3/wscript|4 source3/wscript_build |7 +-- 7 files changed, 21 insertions(+), 29 deletions(-) create mode 100644 source3/pam_smbpass/wscript_build Changeset truncated at 500 lines: diff --git a/source3/auth/wscript_build b/source3/auth/wscript_build index bdfa582..af5b984 100644 --- a/source3/auth/wscript_build +++ b/source3/auth/wscript_build @@ -10,8 +10,7 @@ AUTH_WBC_SRC = 'auth_wbc.c' AUTH_SCRIPT_SRC = 'auth_script.c' AUTH_NETLOGOND_SRC = 'auth_netlogond.c' -AUTH_STATIC = '' -AUTH_SRC = '''${AUTH_STATIC} auth.c auth_util.c token_util.c +AUTH_SRC = '''auth.c auth_util.c token_util.c server_info.c server_info_sam.c user_info.c @@ -21,10 +20,7 @@ AUTH_SRC = '''${AUTH_STATIC} auth.c auth_util.c token_util.c bld.SAMBA_SUBSYSTEM('AUTH', source=AUTH_SRC, -deps='''AUTH_SAM AUTH_UNIX AUTH_WINBIND AUTH_WBC -AUTH_SERVER AUTH_DOMAIN AUTH_BUILTIN -AUTH_NETLOGOND -PLAINTEXT_AUTH SLCACHE DCUTIL''', +deps='''PLAINTEXT_AUTH SLCACHE DCUTIL''', vars=locals()) bld.SAMBA_MODULE('AUTH_SAM', diff --git a/source3/libgpo/gpext/wscript_build b/source3/libgpo/gpext/wscript_build index c2cca3d..8f7164a 100644 --- a/source3/libgpo/gpext/wscript_build +++ b/source3/libgpo/gpext/wscript_build @@ -8,7 +8,6 @@ GPEXT_SRC = '''../../../libgpo/gpext/gpext.c''' bld.SAMBA_SUBSYSTEM('GPEXT', source=GPEXT_SRC, -deps='''GPEXT_REGISTRY GPEXT_SCRIPTS GPEXT_SECURITY''', vars=locals()) bld.SAMBA_MODULE('GPEXT_REGISTRY', diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build index 8f0e547..eebac9d 100644 --- a/source3/modules/wscript_build +++ b/source3/modules/wscript_build @@ -59,19 +59,7 @@ bld.SAMBA_SUBSYSTEM('VFS_AIXACL_UTIL', bld.SAMBA_SUBSYSTEM('VFS', source='', -deps='''VFS_DEFAULT VFS_AUDIT VFS_EXTD_AUDIT - VFS_FULL_AUDIT VFS_FAKE_PERMS VFS_RECYCLE - VFS_NETATALK VFS_DEFAULT_QUOTA VFS_READONLY - VFS_CAP VFS_EXPAND_MSDFS VFS_SHADOW_COPY VFS_SHADOW_COPY2 - VFS_AFSACL VFS_XATTR_TDB VFS_POSIXACL VFS_AIXACL VFS_AIXACL2 - VFS_SOLARISACL VFS_ZFSACL VFS_HPUXACL VFS_IRIXACL - VFS_TRU64ACL VFS_CATIA VFS_STREAMS_XATTR VFS_STREAMS_DEPOT - VFS_CACHEPRIME VFS_PREALLOC VFS_COMMIT VFS_GPFS - VFS_NOTIFY_FAM VFS_READAHEAD VFS_TSMSM VFS_FILEID - VFS_AIO_FORK VFS_PREOPEN VFS_SYNCOPS VFS_ACL_XATTR - VFS_ACL_TDB VFS_SMB_TRAFFIC_ANALYZER VFS_ONEFS - VFS_ONEFS_SHADOW_COPY VFS_DIRSORT VFS_SCANNEDONLY - VFS_CROSSRENAME VFS_LINUX_XFS_SGID''', +deps='''VFS_DEFAULT''', vars=locals()) bld.SAMBA_MODULE('VFS_DEFAULT', @@ -414,7 +402,6 @@ CHARSET_MACOSXFS_SRC = 'charset_macosxfs.c' bld.SAMBA_SUBSYSTEM('CHARSET', source='', -deps='''CHARSET_WEIRD CHARSET_CP850 CHARSET_CP437 CHARSET_MACOSXFS''', vars=locals()) bld.SAMBA_MODULE('CHARSET_WEIRD', @@ -451,7 +438,6 @@ PERFCOUNT_TEST_SRC = 'perfcount_test.c' bld.SAMBA_SUBSYSTEM('PERFCOUNT', source='', -deps='''PERFCOUNT_ONEFS PERFCOUNT_TEST''', vars=locals()) bld.SAMBA_MODULE('PERFCOUNT_ONEFS', diff --git a/source3/pam_smbpass/wscript_build b/source3/pam_smbpass/wscript_build new file mode 100644 index 000..39e615e --- /dev/null +++ b/source3/pam_smbpass/wscript_build @@ -0,0 +1,13 @@ +#!/usr/bin/env python + +if
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 51bc104 s3: Increase the debuglevel for connection termination msgs from 2a1891a s3-waf: fix dependencies in most of our module subsystems. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 51bc104c5c2e8f23fab1c599a7ec3e4291165244 Author: Volker Lendecke v...@samba.org Date: Tue Sep 28 10:38:20 2010 +0200 s3: Increase the debuglevel for connection termination msgs --- Summary of changes: source3/smbd/process.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 27f132e..66be77e 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -140,7 +140,7 @@ bool srv_send_smb(struct smbd_server_connection *sconn, char *buffer, * Try and give an error message saying what * client failed. */ - DEBUG(0,(pid[%d] Error writing %d bytes to client %s. %d. (%s)\n, + DEBUG(1,(pid[%d] Error writing %d bytes to client %s. %d. (%s)\n, (int)sys_getpid(), (int)len, get_peer_addr(sconn-sock, addr, sizeof(addr)), (int)ret, strerror(errno) )); @@ -425,7 +425,7 @@ static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx, int fd, p_unread, len); if (!NT_STATUS_IS_OK(status)) { char addr[INET6_ADDRSTRLEN]; - DEBUG(0, (read_smb_length_return_keepalive failed for + DEBUG(1, (read_smb_length_return_keepalive failed for client %s read error = %s.\n, get_peer_addr(fd, addr, sizeof(addr)), nt_errstr(status))); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via e390261 s3: Increase the debuglevel for connection termination msgs from 5710476 tsocket: make sure we delete the fd event before calling close() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit e3902618759a0afe0686127d082adadbcc33a270 Author: Volker Lendecke v...@samba.org Date: Tue Sep 28 10:38:20 2010 +0200 s3: Increase the debuglevel for connection termination msgs --- Summary of changes: source3/smbd/process.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index f4f7a16..2b8d8b1 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -146,7 +146,7 @@ bool srv_send_smb(int fd, char *buffer, ret = write_data(fd,buf_out+nwritten,len - nwritten); if (ret = 0) { - DEBUG(0,(pid[%d] Error writing %d bytes to client. %d. (%s)\n, + DEBUG(1,(pid[%d] Error writing %d bytes to client. %d. (%s)\n, (int)sys_getpid(), (int)len,(int)ret, strerror(errno) )); srv_free_enc_buffer(buf_out); goto out; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a3e211c s3: Attempt to fix bug 7518 from 51bc104 s3: Increase the debuglevel for connection termination msgs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a3e211ca3f6bc0335170546648ebcc54a1db1ef4 Author: Volker Lendecke v...@samba.org Date: Tue Sep 28 18:40:49 2010 +0200 s3: Attempt to fix bug 7518 If select returns -1, we can't rely on the fd sets. The current code might loop endlessly because when putting an invalid fd (the closed socket?) on the read set, a select implementation might choose not to touch it but directly return with EINVAL. Thus run_events will see the socket readable, which leads to a return true, and thus a NT_STATUS_RETRY - same game again. We should never get into this situation, but to me the logfiles given in bug 7518 do not reveal enough information to understand how this can happen. --- Summary of changes: source3/smbd/process.c | 12 ++-- 1 files changed, 6 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 66be77e..4db54f3 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -991,6 +991,12 @@ static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection * errno = sav; } + /* Check if error */ + if (selrtn == -1) { + /* something is wrong. Maybe the socket is dead? */ + return map_nt_error_from_unix(errno); + } + if ((conn-smb1.echo_handler.trusted_fd != -1) FD_ISSET(conn-sock, r_fds) FD_ISSET(conn-smb1.echo_handler.trusted_fd, r_fds)) { @@ -1006,12 +1012,6 @@ static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection * return NT_STATUS_RETRY; } - /* Check if error */ - if (selrtn == -1) { - /* something is wrong. Maybe the socket is dead? */ - return map_nt_error_from_unix(errno); - } - /* Did we timeout ? */ if (selrtn == 0) { return NT_STATUS_RETRY; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 237799d s3: Attempt to fix bug 7518 from e390261 s3: Increase the debuglevel for connection termination msgs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 237799d40f6d0cd535adbecb4d2e15c46ce47e00 Author: Volker Lendecke v...@samba.org Date: Tue Sep 28 18:40:49 2010 +0200 s3: Attempt to fix bug 7518 If select returns -1, we can't rely on the fd sets. The current code might loop endlessly because when putting an invalid fd (the closed socket?) on the read set, a select implementation might choose not to touch it but directly return with EINVAL. Thus run_events will see the socket readable, which leads to a return true, and thus a NT_STATUS_RETRY - same game again. We should never get into this situation, but to me the logfiles given in bug 7518 do not reveal enough information to understand how this can happen. --- Summary of changes: source3/smbd/process.c | 12 ++-- 1 files changed, 6 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 2b8d8b1..3eb957e 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -975,6 +975,12 @@ static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection * errno = sav; } + /* Check if error */ + if (selrtn == -1) { + /* something is wrong. Maybe the socket is dead? */ + return map_nt_error_from_unix(errno); + } + if ((conn-smb1.echo_handler.trusted_fd != -1) FD_ISSET(smbd_server_fd(), r_fds) FD_ISSET(conn-smb1.echo_handler.trusted_fd, r_fds)) { @@ -990,12 +996,6 @@ static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection * return NT_STATUS_RETRY; } - /* Check if error */ - if (selrtn == -1) { - /* something is wrong. Maybe the socket is dead? */ - return map_nt_error_from_unix(errno); - } - /* Did we timeout ? */ if (selrtn == 0) { return NT_STATUS_RETRY; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9d3046f s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as shared module by default). via 2cf5c66 s3-waf: add vfs_linux_xfs_sgid to the list of default shared modules. from a3e211c s3: Attempt to fix bug 7518 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9d3046f09857b28dbd1674876b8c63079d183fbd Author: Günther Deschner g...@samba.org Date: Tue Sep 28 20:00:47 2010 +0200 s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as shared module by default). Guenther commit 2cf5c661c6577c28f1f5ff8e12b7ae2554277dda Author: Günther Deschner g...@samba.org Date: Tue Sep 28 20:00:12 2010 +0200 s3-waf: add vfs_linux_xfs_sgid to the list of default shared modules. Guenther --- Summary of changes: source3/auth/wscript_build |7 +++ source3/wscript|2 +- 2 files changed, 8 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/wscript_build b/source3/auth/wscript_build index af5b984..a8da5e0 100644 --- a/source3/auth/wscript_build +++ b/source3/auth/wscript_build @@ -78,3 +78,10 @@ bld.SAMBA_MODULE('AUTH_NETLOGOND', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('AUTH_NETLOGOND'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('AUTH_NETLOGOND')) + +bld.SAMBA_MODULE('AUTH_SCRIPT', + subsystem='AUTH', + source=AUTH_SCRIPT_SRC, + init_function='', + internal_module=bld.SAMBA3_IS_STATIC_MODULE('AUTH_SCRIPT'), + enabled=bld.SAMBA3_IS_ENABLED_MODULE('AUTH_SCRIPT')) diff --git a/source3/wscript b/source3/wscript index 706b932..d182d94 100644 --- a/source3/wscript +++ b/source3/wscript @@ -328,7 +328,7 @@ return acl_get_perm_np(permset_d, perm); charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_streams_depot vfs_acl_xattr vfs_acl_tdb vfs_smb_traffic_analyzer vfs_preopen vfs_catia vfs_scannedonly - vfs_crossrename''') + vfs_crossrename vfs_linux_xfs_sgid''') if Options.options.developer: default_static_modules.extend(TO_LIST('rpc_rpcecho pdb_ads')) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e257e7a autobuild: use git notes for autobuild messages via 00611cb selftest: enable FAIL_IMMEDIATELY in autobuild make test via f4177b6 s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ via 491e89f ldb-tdb: ignore failure to register control on rootdse via 9aa07e7 s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges via d4939ce s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c via cd3eddb waf: we don't need the preprocessor recursion limit any more via 8045b35 s4-drs: Added check for drs-manage-topology to updateRefs. via 440cee4 s4-drs: Added drs_security_access_check function via 6caa512 s4-dsdb: adapted check_access_on_dn for use in drs. via 4be2696 heimdal Fix DNS name qualification to not mangle IP addresses via 89ee9e6 s4-kdc Handle the case where we may be given a ticket from an RODC in db layer via 9d33929 heimdal Add an error code for use in the RODC via 9b5e304 heimdal Add support for extracting a particular KVNO from the database via 3021af2 s4-kdc Add common setup, handle RODC setup case via 88abf44 s4-dsdb Add ldb_reset_err_string() when we set error codes. via 063b612 s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLY via 990720b s4-kdc Add function to determine if a hdb entry is a RODC via 85f7bce s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNO via 8b57482 s4-dsdb Fix segfault in error case in rootdse module via 6bab5c0 Make upgrade procedure more explicit. from 9d3046f s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as shared module by default). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e257e7a40b0d7d22c3aff2d1f15bb350775dbff3 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 11:24:37 2010 -0700 autobuild: use git notes for autobuild messages This avoids changing the commit ID when we add a note that the autobuild has passed thanks to Jelmer for this suggestion! commit 00611cbcf6ea2da2b0b9179c9ef8e3bd27555c5c Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 11:23:35 2010 -0700 selftest: enable FAIL_IMMEDIATELY in autobuild make test this should reduce the time we wait for previous failing builds. Right now this will only work for s4, as we need a makefile change for s3 support commit f4177b66c5b9351cf36b09f6b55b042985d633f0 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 10:48:38 2010 -0700 s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ this extended getncchanges operation replicates a single object commit 491e89fa1c8dc4df327866c09cae941578209243 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 10:46:03 2010 -0700 ldb-tdb: ignore failure to register control on rootdse this is expected for non-sam LDBs commit 9aa07e72c88c9e4f52546597610019c8596ea4cc Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 10:40:18 2010 -0700 s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges this allows for replication by GUID or SID commit d4939ce4fc5e61c96e047b6a61a5502335da8926 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 10:39:52 2010 -0700 s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier commit cd3eddbb59a21534f5a854b9a1fb1419530cca3f Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 10:38:40 2010 -0700 waf: we don't need the preprocessor recursion limit any more thanks to ita for this commit 8045b35b1bda15f619238fac943c604cfe851c94 Author: Nadezhda Ivanova nivan...@samba.org Date: Sun Sep 26 21:16:47 2010 -0700 s4-drs: Added check for drs-manage-topology to updateRefs. commit 440cee48b93936bfb9b1376e55e457a721bdcc19 Author: Nadezhda Ivanova nivan...@samba.org Date: Sun Sep 26 21:14:45 2010 -0700 s4-drs: Added drs_security_access_check function It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted commit 6caa5128150da5c585957b34e8a9c40396877452 Author: Nadezhda Ivanova nivan...@samba.org Date: Sun Sep 26 21:12:48 2010 -0700 s4-dsdb: adapted check_access_on_dn for use in drs. commit 4be269664451f3df82a8b4939ffcf5d4274d02ed Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 29 03:59:15 2010 +1000 heimdal Fix DNS name qualification to not mangle IP addresses If the host running this code used IPv6 forms for IPv4 addreses then the check for '.' would not be sufficient to determine that this isn't a name we should mangle. Instead, check if it
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4677438 s3-waf: add in a little hack to deal with the ECHO rpc module for non-developer builds. from e257e7a autobuild: use git notes for autobuild messages http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 46774388dcb7e6534927ae99adf912c911f25689 Author: Günther Deschner g...@samba.org Date: Tue Sep 28 22:53:08 2010 +0200 s3-waf: add in a little hack to deal with the ECHO rpc module for non-developer builds. This will be removed once we have the rpc modules subsystem in place. Guenther --- Summary of changes: source3/wscript_build |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/wscript_build b/source3/wscript_build index 183eac1..634d843 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -1209,6 +1209,10 @@ bld.SAMBA_SUBSYSTEM('SMBD_BASE', REGFIO REG_API_REGF PRINTING PRINTBACKEND SERVICES NDR_XATTR NDR_PERFCOUNT''', vars=locals()) +if not bld.env.developer: + bld.SAMBA_SUBSYSTEM('RPC_RPCECHO', + source='') + bld.SAMBA_SUBSYSTEM('RPC_MODULES', source='', deps='''RPC_LSARPC RPC_SAMR RPC_WINREG RPC_INITSHUTDOWN -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fcee50b pidl: add support for pointers in typedefs via d4636c4 pidl:NDR/Parser: remove unused code for array element index via 7fff22c pidl:NDR/Parser: simplify logic in ParseMemCtxPullFlags() via 3fa29cd pidl:NDR/Client: make the generated code look a bit nicer via bffa192 librpc/ndr: remove 'async' from ndr_interface_call via 9d4 pidl: remove unused async property handling via a73a2ab pidl/Python: use has_property($d, noopnum) helper function via 65c5278 pidl:NDR/Client.pm: remove unreached code via 121ad07 pidl/Python: remove todo handling from PythonFunction(), it's done by the caller via a0fa1dd pidl/Typelist: let typeIs() do TYPEDEF dereference in the HASH case from 4677438 s3-waf: add in a little hack to deal with the ECHO rpc module for non-developer builds. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fcee50b9c9ca157c839df5761ca0a2f87fc1ac33 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 5 13:43:49 2009 +0200 pidl: add support for pointers in typedefs metze commit d4636c47c70d4ef5441a33cc6ef5eb469cf11bff Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 10:34:30 2010 +0200 pidl:NDR/Parser: remove unused code for array element index metze commit 7fff22c29dfb4bd424c08da53c384dcc2c37fe22 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 03:48:09 2010 +0200 pidl:NDR/Parser: simplify logic in ParseMemCtxPullFlags() metze commit 3fa29cdd943f18871b16fc845028fc39a5a7ad0d Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 03:41:03 2010 +0200 pidl:NDR/Client: make the generated code look a bit nicer metze commit bffa192bfea6dccfe56a1b5692333fd8f39cfe7a Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 00:44:30 2010 +0200 librpc/ndr: remove 'async' from ndr_interface_call metze commit 9d48a75573c47739e4d217b2aacea7841570 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 00:41:29 2010 +0200 pidl: remove unused async property handling metze commit a73a2abb3a2ec79016ddcf5f0994025dd705975d Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 03:10:10 2010 +0200 pidl/Python: use has_property($d, noopnum) helper function metze commit 65c5278f4d8e07275db02f146afb847d91cd6596 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 03:05:41 2010 +0200 pidl:NDR/Client.pm: remove unreached code metze commit 121ad074f96c7cec79a15acb5587d3fd601f3e09 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 02:17:21 2010 +0200 pidl/Python: remove todo handling from PythonFunction(), it's done by the caller metze commit a0fa1dd6fccf21e567abb46574ef4e85b886a8ab Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 21 01:40:56 2010 +0200 pidl/Typelist: let typeIs() do TYPEDEF dereference in the HASH case metze --- Summary of changes: librpc/ndr/libndr.h |1 - pidl/idl.yp |7 +- pidl/lib/Parse/Pidl/IDL.pm | 475 +++--- pidl/lib/Parse/Pidl/NDR.pm | 38 ++- pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm |5 +- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 19 +- pidl/lib/Parse/Pidl/Samba4/Python.pm | 23 +- pidl/lib/Parse/Pidl/Typelist.pm |1 + pidl/tests/parse_idl.pl |4 + 9 files changed, 284 insertions(+), 289 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h index 5ad05be..bd39cf4 100644 --- a/librpc/ndr/libndr.h +++ b/librpc/ndr/libndr.h @@ -333,7 +333,6 @@ struct ndr_interface_call { ndr_push_flags_fn_t ndr_push; ndr_pull_flags_fn_t ndr_pull; ndr_print_function_t ndr_print; - bool async; }; struct ndr_interface_string_array { diff --git a/pidl/idl.yp b/pidl/idl.yp index dc8e293..b3d5ed1 100644 --- a/pidl/idl.yp +++ b/pidl/idl.yp @@ -169,13 +169,14 @@ function: ; typedef: - property_list 'typedef' type identifier array_len ';' + property_list 'typedef' type pointers identifier array_len ';' {{ TYPE = TYPEDEF, PROPERTIES = $_[1], - NAME = $_[4], + NAME = $_[5], DATA = $_[3], - ARRAY_LEN = $_[5], + POINTERS = $_[4], + ARRAY_LEN = $_[6], FILE = $_[0]-YYData-{FILE}, LINE = $_[0]-YYData-{LINE}, }} diff --git a/pidl/lib/Parse/Pidl/IDL.pm b/pidl/lib/Parse/Pidl/IDL.pm index 1a3c59d..bc66020 100644 --- a/pidl/lib/Parse/Pidl/IDL.pm +++ b/pidl/lib/Parse/Pidl/IDL.pm @@ -1065,11 +1065,9 @@ sub
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ec33a87 s3-printing: skip metadata entry when traversing printerlist. from fcee50b pidl: add support for pointers in typedefs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ec33a87d5855348e6de4c1f0f02d3bd5a0638985 Author: Günther Deschner g...@samba.org Date: Wed Sep 29 01:18:07 2010 +0200 s3-printing: skip metadata entry when traversing printerlist. We were creating a new printer (with a very broken name) out of the lasttimestamp entry all the time. Simo, please check. Guenther --- Summary of changes: source3/printing/printer_list.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/printing/printer_list.c b/source3/printing/printer_list.c index 667ff70..8e9e06a 100644 --- a/source3/printing/printer_list.c +++ b/source3/printing/printer_list.c @@ -380,6 +380,11 @@ static int printer_list_exec_fn(struct db_record *rec, void *private_data) char *comment; int ret; + /* always skip PL_TIMESTAMP_KEY key */ + if (strequal((const char *)rec-key.dptr, PL_TIMESTAMP_KEY)) { + return 0; + } + ret = tdb_unpack(rec-value.dptr, rec-value.dsize, PL_DATA_FORMAT, time_h, time_l, name, comment); if (ret == -1) { -- Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated
On Wed, 2010-09-29 at 01:23 +0200, Günther Deschner wrote: The branch, master has been updated via ec33a87 s3-printing: skip metadata entry when traversing printerlist. from fcee50b pidl: add support for pointers in typedefs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ec33a87d5855348e6de4c1f0f02d3bd5a0638985 Author: Günther Deschner g...@samba.org Date: Wed Sep 29 01:18:07 2010 +0200 s3-printing: skip metadata entry when traversing printerlist. We were creating a new printer (with a very broken name) out of the lasttimestamp entry all the time. Simo, please check. Guenther --- Summary of changes: source3/printing/printer_list.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/printing/printer_list.c b/source3/printing/printer_list.c index 667ff70..8e9e06a 100644 --- a/source3/printing/printer_list.c +++ b/source3/printing/printer_list.c @@ -380,6 +380,11 @@ static int printer_list_exec_fn(struct db_record *rec, void *private_data) char *comment; int ret; + /* always skip PL_TIMESTAMP_KEY key */ + if (strequal((const char *)rec-key.dptr, PL_TIMESTAMP_KEY)) { + return 0; + } + ret = tdb_unpack(rec-value.dptr, rec-value.dsize, PL_DATA_FORMAT, time_h, time_l, name, comment); if (ret == -1) { Obviously correct, sorry for introducing this bug :/ Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 115ad60 midltests: add a midltests_tcp.exe tool via cf4e572 midltests: move the current implementation to midltests_simple.exe via d8a0436 testprogs/win32: add vs2010-metze.cmd from ec33a87 s3-printing: skip metadata entry when traversing printerlist. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 115ad6012540338a73abd9de13c6bb4de3a12cf2 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 28 11:04:59 2010 +0200 midltests: add a midltests_tcp.exe tool This uses a man in the middle approach in order to dump the request and response pdus. It also tests NDR32 and NDR64. metze commit cf4e57281b867878521d6f38ec5b0f552c4d2c90 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 28 10:50:05 2010 +0200 midltests: move the current implementation to midltests_simple.exe metze commit d8a0436fb4d61e16a04a8249ece79d563ae2e3cd Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 28 09:47:55 2010 +0200 testprogs/win32: add vs2010-metze.cmd metze --- Summary of changes: testprogs/win32/midltests/Makefile | 33 +- .../win32/midltests/{Makefile = Makefile.simple} | 12 +- testprogs/win32/midltests/Makefile.tcp | 22 + testprogs/win32/midltests/midltests_marshall.c |6 +- testprogs/win32/midltests/midltests_marshall.h |7 +- .../midltests/{midltests.c = midltests_simple.c} |0 testprogs/win32/midltests/midltests_tcp.c | 573 testprogs/win32/vs2010-metze.cmd | 24 + 8 files changed, 646 insertions(+), 31 deletions(-) copy testprogs/win32/midltests/{Makefile = Makefile.simple} (65%) create mode 100644 testprogs/win32/midltests/Makefile.tcp rename testprogs/win32/midltests/{midltests.c = midltests_simple.c} (100%) create mode 100644 testprogs/win32/midltests/midltests_tcp.c create mode 100644 testprogs/win32/vs2010-metze.cmd Changeset truncated at 500 lines: diff --git a/testprogs/win32/midltests/Makefile b/testprogs/win32/midltests/Makefile index 535968b..ded98e9 100644 --- a/testprogs/win32/midltests/Makefile +++ b/testprogs/win32/midltests/Makefile @@ -1,27 +1,16 @@ -INCLUDES=-I -CFLAGS=$(INCLUDES) -Zi -D_WIN32_WINNT=0x502 -LIBS=rpcrt4.lib -all: midltests.exe +all: + @echo nmake targets: + @echoclean + @echosimple + @echotcp clean: - del *~ *.obj *.exe midltests.h midltests_s.c midltests_c.c + @call nmake /f Makefile.simple /A /NOLOGO clean + @call nmake /f Makefile.tcp /A /NOLOGO clean -#MIDL_ARGS=/target NT50 -MIDL_ARGS=/Os /prefix client cli_ /prefix server srv_ /prefix switch swi_ -midltests.h midltests_s.c midltests_c.c: midltests.idl midltests.acf - midl $(MIDL_ARGS) /acf midltests.acf midltests.idl +simple: + @call nmake /f Makefile.simple /A /NOLOGO all -MIDLTESTS_OBJ = midltests.obj midltests_s_m.obj midltests_c_m.obj midltests_marshall.obj utils.obj -midltests.exe: $(MIDLTESTS_OBJ) - $(CC) -o midltests.exe $(MIDLTESTS_OBJ) $(LIBS) - -midltests.obj: midltests.h midltests.idl -midltests_c_m.c: midltests_c.c -midltests_s_m.c: midltests_s.c - -midltests.obj: midltests.h midltests.idl midltests.c -midltests_s_m.obj: midltests_marshall.h midltests_s.c midltests_s_m.c -midltests_c_m.obj: midltests_marshall.h midltests_c.c midltests_c_m.c -midltests_marshall.obj: midltests.h midltests_marshall.c -utils.obj: midltests.h utils.c +tcp: + @call nmake /f Makefile.tcp /A /NOLOGO all diff --git a/testprogs/win32/midltests/Makefile b/testprogs/win32/midltests/Makefile.simple similarity index 65% copy from testprogs/win32/midltests/Makefile copy to testprogs/win32/midltests/Makefile.simple index 535968b..ec4a542 100644 --- a/testprogs/win32/midltests/Makefile +++ b/testprogs/win32/midltests/Makefile.simple @@ -2,7 +2,7 @@ INCLUDES=-I CFLAGS=$(INCLUDES) -Zi -D_WIN32_WINNT=0x502 LIBS=rpcrt4.lib -all: midltests.exe +all: midltests_simple.exe clean: del *~ *.obj *.exe midltests.h midltests_s.c midltests_c.c @@ -12,15 +12,15 @@ MIDL_ARGS=/Os /prefix client cli_ /prefix server srv_ /prefix switch swi_ midltests.h midltests_s.c midltests_c.c: midltests.idl midltests.acf midl $(MIDL_ARGS) /acf midltests.acf midltests.idl -MIDLTESTS_OBJ = midltests.obj midltests_s_m.obj midltests_c_m.obj midltests_marshall.obj utils.obj -midltests.exe: $(MIDLTESTS_OBJ) - $(CC) -o midltests.exe $(MIDLTESTS_OBJ) $(LIBS) +MIDLTESTS_OBJ = midltests_simple.obj midltests_s_m.obj midltests_c_m.obj midltests_marshall.obj utils.obj +midltests_simple.exe: $(MIDLTESTS_OBJ) + $(CC) -o midltests_simple.exe $(MIDLTESTS_OBJ) $(LIBS) -midltests.obj: midltests.h midltests.idl +midltests_simple.obj: midltests.h
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e2c305d midltests/todo: add some random idl files I had tested month ago via ad99711 midltests: add midltests-pipe-sync-ndr32-downgrade-01.idl example via c5e221c midltests: add some usefull defines to midltests.idl via 0610868 midltests: make it possible to allow downgrades to NDR32 from 115ad60 midltests: add a midltests_tcp.exe tool http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e2c305deb1553ab8ba11fa687dcf1c08f2acd88a Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 28 09:57:22 2010 +0200 midltests/todo: add some random idl files I had tested month ago metze commit ad99711f4968cb07b85cead5beb8351f63395004 Author: Stefan Metzmacher me...@samba.org Date: Wed Sep 29 02:36:51 2010 +0200 midltests: add midltests-pipe-sync-ndr32-downgrade-01.idl example metze commit c5e221c5f88cbc557a6978bc062f5efef224b94a Author: Stefan Metzmacher me...@samba.org Date: Wed Sep 29 02:50:19 2010 +0200 midltests: add some usefull defines to midltests.idl metze commit 06108687e8949520b29e0016fb9605facfd6f073 Author: Stefan Metzmacher me...@samba.org Date: Wed Sep 29 02:35:54 2010 +0200 midltests: make it possible to allow downgrades to NDR32 metze --- Summary of changes: testprogs/win32/midltests/midltests.idl| 273 ++- testprogs/win32/midltests/midltests_tcp.c | 12 +- .../win32/midltests/todo/midltests-array-range.idl | 39 +++ .../win32/midltests/todo/midltests-pipe-02.idl | 153 ++ .../midltests/todo/midltests-pipe-03-hyper.idl | 205 ++ .../midltests/todo/midltests-pipe-04-struct.idl| 272 ++ .../win32/midltests/todo/midltests-pipe-first.idl | 233 +++ .../midltests/todo/midltests-string-in-out-ref.idl | 33 +++ .../win32/midltests/todo/midltests-transmit-as.idl | 59 .../midltests/todo/midltests_pointer_default.idl | 20 ++ .../midltests-pipe-sync-ndr32-downgrade-01.idl | 296 .../midltests-pipe-sync-ndr32-downgrade-01.txt | 138 + 12 files changed, 1727 insertions(+), 6 deletions(-) create mode 100644 testprogs/win32/midltests/todo/midltests-array-range.idl create mode 100644 testprogs/win32/midltests/todo/midltests-pipe-02.idl create mode 100644 testprogs/win32/midltests/todo/midltests-pipe-03-hyper.idl create mode 100644 testprogs/win32/midltests/todo/midltests-pipe-04-struct.idl create mode 100755 testprogs/win32/midltests/todo/midltests-pipe-first.idl create mode 100644 testprogs/win32/midltests/todo/midltests-string-in-out-ref.idl create mode 100755 testprogs/win32/midltests/todo/midltests-transmit-as.idl create mode 100755 testprogs/win32/midltests/todo/midltests_pointer_default.idl create mode 100644 testprogs/win32/midltests/valid/midltests-pipe-sync-ndr32-downgrade-01.idl create mode 100644 testprogs/win32/midltests/valid/midltests-pipe-sync-ndr32-downgrade-01.txt Changeset truncated at 500 lines: diff --git a/testprogs/win32/midltests/midltests.idl b/testprogs/win32/midltests/midltests.idl index b327657..26ef939 100644 --- a/testprogs/win32/midltests/midltests.idl +++ b/testprogs/win32/midltests/midltests.idl @@ -1,27 +1,296 @@ #ifndef MIDLTESTS_C_CODE +/* + * For midltests_tcp.exe you may want to + * redirect the traffic via rinetd + * with a /etc/rinetd.conf like this: + * + * 172.31.9.1 5032 172.31.9.8 5032 + * 172.31.9.1 5064 172.31.9.8 5064 + * + * This is useful to watch the traffic with + * a network sniffer. + */ +/* +cpp_quote(#define LISTEN_IP \0.0.0.0\) +cpp_quote(#define FORWARD_IP \127.0.0.1\) +cpp_quote(#define CONNECT_IP \172.31.9.1\) +*/ + +/* + * With midltests_tcp.exe NDR64 is enforced by default. + * For testing it might be needed to allow downgrades + * to NDR32. This is needed when you use 'pipe'. + */ +cpp_quote(#define DONOT_FORCE_NDR64 1) + [ uuid(225b9fcb-eb3d-497b-8b0b-591f049a2507), pointer_default(unique) ] interface midltests { + typedef pipe char pipe_char; + typedef pipe hyper pipe_hyper; + typedef struct { + long l; + short s; + } structtype; + typedef pipe structtype pipe_structtype; + + struct msg { + long l; + [size_is(l)] char *m; + }; + long midltests_fn( + [out,ref] struct msg *out1, + [out] pipe_structtype outp, + [in] pipe_structtype inp, + [in] struct msg in1 ); + + long midltests_ping( [in] struct msg in1); + } #elif MIDLTESTS_C_CODE +struct pipe_char_state { + const char *name; + unsigned long count; + unsigned long sleep; +}; + +void pipe_char_pull( +char *
[SCM] CTDB repository - branch master updated - ctdb-1.0.114-322-ge6e16fc
The branch, master has been updated via e6e16fcd5a45ebd3739a8160c8fb5f44494edb9e (commit) via 09e5a2fb47c312f71f455cdbf8d9cabcca1041a4 (commit) via 2e648df890e5713bc575965d87937827b068d0d7 (commit) from b4c00b4ac30ec215629f44f802ce9660abcd7a48 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit e6e16fcd5a45ebd3739a8160c8fb5f44494edb9e Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Sep 29 12:13:05 2010 +1000 Add rolling statistics that are collected across 10 second intervals. Add a new command ctdb stats [num] that prints the [num] most recent statistics intervals collected. commit 09e5a2fb47c312f71f455cdbf8d9cabcca1041a4 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Sep 29 10:58:18 2010 +1000 Add a new statistics structure to keep the current running statistics commit 2e648df890e5713bc575965d87937827b068d0d7 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Sep 29 10:38:41 2010 +1000 Create macros to update the statistics counters and use these macros everywhere instead of manipulating the coutenrs directly. --- Summary of changes: Makefile.in |2 +- client/ctdb_client.c | 20 common/ctdb_util.c | 34 - include/ctdb_client.h|3 + include/ctdb_private.h | 122 +- include/ctdb_protocol.h | 65 server/ctdb_call.c |6 +-- server/ctdb_control.c|8 ++- server/ctdb_daemon.c | 72 ++- server/ctdb_lockwait.c | 18 +++--- server/ctdb_persistent.c | 18 +++--- server/ctdb_recover.c|4 +- server/ctdb_server.c | 20 server/ctdb_statistics.c | 77 + server/ctdb_traverse.c |2 +- server/ctdbd.c |2 +- tools/ctdb.c | 33 17 files changed, 332 insertions(+), 174 deletions(-) create mode 100644 server/ctdb_statistics.c Changeset truncated at 500 lines: diff --git a/Makefile.in b/Makefile.in index 369cec0..849d626 100755 --- a/Makefile.in +++ b/Makefile.in @@ -63,7 +63,7 @@ CTDB_SERVER_OBJ = server/ctdbd.o server/ctdb_daemon.o server/ctdb_lockwait.o \ server/ctdb_traverse.o server/eventscript.o server/ctdb_takeover.o \ server/ctdb_serverids.o server/ctdb_persistent.o \ server/ctdb_keepalive.o server/ctdb_logging.o server/ctdb_uptime.o \ - server/ctdb_vacuum.o server/ctdb_banning.o \ + server/ctdb_vacuum.o server/ctdb_banning.o server/ctdb_statistics.o \ $(CTDB_CLIENT_OBJ) $(CTDB_TCP_OBJ) @INFINIBAND_WRAPPER_OBJ@ TEST_BINS=tests/bin/ctdb_bench tests/bin/ctdb_fetch tests/bin/ctdb_fetch_one \ diff --git a/client/ctdb_client.c b/client/ctdb_client.c index 6215dc0..4c770fd 100644 --- a/client/ctdb_client.c +++ b/client/ctdb_client.c @@ -4216,3 +4216,23 @@ int ctdb_ctrl_get_db_priority(struct ctdb_context *ctdb, struct timeval timeout, return 0; } + +int ctdb_ctrl_getstathistory(struct ctdb_context *ctdb, struct timeval timeout, uint32_t destnode, TALLOC_CTX *mem_ctx, struct ctdb_statistics_wire **stats) +{ + int ret; + TDB_DATA outdata; + int32_t res; + + ret = ctdb_control(ctdb, destnode, 0, + CTDB_CONTROL_GET_STAT_HISTORY, 0, tdb_null, + mem_ctx, outdata, res, timeout, NULL); + if (ret != 0 || res != 0 || outdata.dsize == 0) { + DEBUG(DEBUG_ERR,(__location__ ctdb_control for getstathistory failed ret:%d res:%d\n, ret, res)); + return -1; + } + + *stats = (struct ctdb_statistics_wire *)talloc_memdup(mem_ctx, outdata.dptr, outdata.dsize); + talloc_free(outdata.dptr); + + return 0; +} diff --git a/common/ctdb_util.c b/common/ctdb_util.c index 46c737a..4acfa3f 100644 --- a/common/ctdb_util.c +++ b/common/ctdb_util.c @@ -123,40 +123,6 @@ static void *_idr_find_type(struct idr_context *idp, int id, const char *type, c return p; } - -/* - update a max latency number - */ -void ctdb_latency(struct ctdb_db_context *ctdb_db, const char *name, double *latency, struct timeval t) -{ - double l = timeval_elapsed(t); - if (l *latency) { - *latency = l; - } - - if (ctdb_db-ctdb-tunable.log_latency_ms !=0) { - if (l*1000 ctdb_db-ctdb-tunable.log_latency_ms) { - DEBUG(DEBUG_WARNING, (High latency %.6fs for operation %s on database %s\n, l, name, ctdb_db-db_name)); - } - } -} - -/* - update a reclock latency number - */ -void ctdb_reclock_latency(struct ctdb_context *ctdb, const char *name, double *latency, double l) -{ - if (l *latency) { -
[SCM] CTDB repository - branch 1.2 updated - ctdb-1.0.114-337-g22227fc
The branch, 1.2 has been updated via 7fc54911c7ca621fd3e8fe11da2cd5645de8 (commit) via 962188d9f05128028ac1f383a55c6d375d3011fd (commit) via dcb7779fa52dc8f6f689c925f6f62014d6466c3b (commit) from 700f1c37c446463bc523761a2e4c6cfc49843d30 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=1.2 - Log - commit 7fc54911c7ca621fd3e8fe11da2cd5645de8 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Sep 29 12:13:05 2010 +1000 Add rolling statistics that are collected across 10 second intervals. Add a new command ctdb stats [num] that prints the [num] most recent statistics intervals collected. commit 962188d9f05128028ac1f383a55c6d375d3011fd Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Sep 29 10:58:18 2010 +1000 Add a new statistics structure to keep the current running statistics commit dcb7779fa52dc8f6f689c925f6f62014d6466c3b Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Sep 29 10:38:41 2010 +1000 Create macros to update the statistics counters and use these macros everywhere instead of manipulating the coutenrs directly. --- Summary of changes: Makefile.in |2 +- client/ctdb_client.c | 20 common/ctdb_util.c | 34 - include/ctdb_client.h|3 + include/ctdb_private.h | 122 +- include/ctdb_protocol.h | 65 server/ctdb_call.c |6 +-- server/ctdb_control.c|8 ++- server/ctdb_daemon.c | 72 ++- server/ctdb_lockwait.c | 18 +++--- server/ctdb_persistent.c | 18 +++--- server/ctdb_recover.c|4 +- server/ctdb_server.c | 20 server/ctdb_statistics.c | 77 + server/ctdb_traverse.c |2 +- server/ctdbd.c |2 +- tools/ctdb.c | 33 17 files changed, 332 insertions(+), 174 deletions(-) create mode 100644 server/ctdb_statistics.c Changeset truncated at 500 lines: diff --git a/Makefile.in b/Makefile.in index 369cec0..849d626 100755 --- a/Makefile.in +++ b/Makefile.in @@ -63,7 +63,7 @@ CTDB_SERVER_OBJ = server/ctdbd.o server/ctdb_daemon.o server/ctdb_lockwait.o \ server/ctdb_traverse.o server/eventscript.o server/ctdb_takeover.o \ server/ctdb_serverids.o server/ctdb_persistent.o \ server/ctdb_keepalive.o server/ctdb_logging.o server/ctdb_uptime.o \ - server/ctdb_vacuum.o server/ctdb_banning.o \ + server/ctdb_vacuum.o server/ctdb_banning.o server/ctdb_statistics.o \ $(CTDB_CLIENT_OBJ) $(CTDB_TCP_OBJ) @INFINIBAND_WRAPPER_OBJ@ TEST_BINS=tests/bin/ctdb_bench tests/bin/ctdb_fetch tests/bin/ctdb_fetch_one \ diff --git a/client/ctdb_client.c b/client/ctdb_client.c index 6215dc0..4c770fd 100644 --- a/client/ctdb_client.c +++ b/client/ctdb_client.c @@ -4216,3 +4216,23 @@ int ctdb_ctrl_get_db_priority(struct ctdb_context *ctdb, struct timeval timeout, return 0; } + +int ctdb_ctrl_getstathistory(struct ctdb_context *ctdb, struct timeval timeout, uint32_t destnode, TALLOC_CTX *mem_ctx, struct ctdb_statistics_wire **stats) +{ + int ret; + TDB_DATA outdata; + int32_t res; + + ret = ctdb_control(ctdb, destnode, 0, + CTDB_CONTROL_GET_STAT_HISTORY, 0, tdb_null, + mem_ctx, outdata, res, timeout, NULL); + if (ret != 0 || res != 0 || outdata.dsize == 0) { + DEBUG(DEBUG_ERR,(__location__ ctdb_control for getstathistory failed ret:%d res:%d\n, ret, res)); + return -1; + } + + *stats = (struct ctdb_statistics_wire *)talloc_memdup(mem_ctx, outdata.dptr, outdata.dsize); + talloc_free(outdata.dptr); + + return 0; +} diff --git a/common/ctdb_util.c b/common/ctdb_util.c index 46c737a..4acfa3f 100644 --- a/common/ctdb_util.c +++ b/common/ctdb_util.c @@ -123,40 +123,6 @@ static void *_idr_find_type(struct idr_context *idp, int id, const char *type, c return p; } - -/* - update a max latency number - */ -void ctdb_latency(struct ctdb_db_context *ctdb_db, const char *name, double *latency, struct timeval t) -{ - double l = timeval_elapsed(t); - if (l *latency) { - *latency = l; - } - - if (ctdb_db-ctdb-tunable.log_latency_ms !=0) { - if (l*1000 ctdb_db-ctdb-tunable.log_latency_ms) { - DEBUG(DEBUG_WARNING, (High latency %.6fs for operation %s on database %s\n, l, name, ctdb_db-db_name)); - } - } -} - -/* - update a reclock latency number - */ -void ctdb_reclock_latency(struct ctdb_context *ctdb, const char *name, double *latency, double l) -{ - if (l *latency) { -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cc28860 s4-provision: simplify our generated krb5.conf via 4e0a3ea s4-kdc: RODC DCs should be able to produce forwardable tickets via 04e3e27 heimdal: fixed timegm UTC/GMT bug via dacfe67 s4-sam: fixed termination of krbtgt_attrs (comma and NULL) via c83775d ldb-dn: don't crash on NULL in ldb_binary_encode_string() via 3d4576b s4-kdc Ensure that an RODC may act as a server (needed to fill the krbtgt role). via f84bdf9 heimdal Use a seperate krb5_auth_context for the delegated credentials from e2c305d midltests/todo: add some random idl files I had tested month ago http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cc288603ce67ccca3625d162fadc618df5fbc807 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 19:11:34 2010 -0700 s4-provision: simplify our generated krb5.conf we don't want to force the KDC to be ourselves, we should be using DNS to find a live KDC. Also remove some other options and allow the krb5 lib to use defaults. Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 4e0a3ea705a793ef2f68805728caabd58bdf5788 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 19:10:27 2010 -0700 s4-kdc: RODC DCs should be able to produce forwardable tickets Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 04e3e27fd1062cd9ffe462f4a2c6b0635c3917eb Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 19:09:58 2010 -0700 heimdal: fixed timegm UTC/GMT bug This was a wonderful bug! On some Fedora systems, but not on Ubuntu, there is a difference between UTC and GMT. Heimdal replaced timegm() with _der_timegm() which did not account for that difference (which is 24 seconds at the moment). This led to a mutual authentication failure. Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit dacfe67a0e4c591710adbe6b2f53783ac76f4ba1 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 19:07:43 2010 -0700 s4-sam: fixed termination of krbtgt_attrs (comma and NULL) Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit c83775d524612c24be97d3761a1cc29998040fa1 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 18:01:21 2010 -0700 ldb-dn: don't crash on NULL in ldb_binary_encode_string() Thanks to Nadya for finding this one! commit 3d4576b170d92f97018076faf0ed914cf2fdd01b Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 29 09:06:39 2010 +1000 s4-kdc Ensure that an RODC may act as a server (needed to fill the krbtgt role). Andrew Bartlett commit f84bdf91d865ab176dcc0d829944821b89b88074 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 29 06:44:33 2010 +1000 heimdal Use a seperate krb5_auth_context for the delegated credentials If we re-use this context, we overwrite the timestamp while talking to the KDC and fail the mutual authentiation with the target server. Andrew Bartlett --- Summary of changes: source4/auth/sam.c |8 ++-- source4/heimdal/lib/asn1/timegm.c | 21 +++- .../heimdal/lib/gssapi/krb5/delete_sec_context.c |1 + source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h |1 + source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 34 +++- source4/kdc/db-glue.c | 29 ++--- source4/lib/ldb/common/ldb_parse.c |3 ++ source4/setup/krb5.conf| 15 + 8 files changed, 73 insertions(+), 39 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 0f97a19..ad7fe0a 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -36,7 +36,7 @@ userPrincipalName,\ servicePrincipalName, \ msDS-KeyVersionNumber,\ - msDS-SecondaryKrbTgtNumber\ + msDS-SecondaryKrbTgtNumber, \ msDS-SupportedEncryptionTypes,\ supplementalCredentials, \ \ @@ -48,14 +48,14 @@ objectSid,\ \ pwdLastSet, \ - accountExpires + accountExpires const char *krbtgt_attrs[] = { - KRBTGT_ATTRS + KRBTGT_ATTRS, NULL }; const char *server_attrs[] = { - KRBTGT_ATTRS + KRBTGT_ATTRS, NULL }; const char *user_attrs[] = { diff --git a/source4/heimdal/lib/asn1/timegm.c b/source4/heimdal/lib/asn1/timegm.c index c72968d..83f0e33 100644 ---
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3b0d6fd s4-rodc: RODC should not accept requests for role transfer from cc28860 s4-provision: simplify our generated krb5.conf http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3b0d6fda38749b01d2f8c4ff0ccbfc6ffc7bde49 Author: Nadezhda Ivanova nivan...@samba.org Date: Tue Sep 28 19:35:56 2010 -0700 s4-rodc: RODC should not accept requests for role transfer A RODC cannot assume a role, and unwillingToPerform must be returned if such request is sent via LDAP --- Summary of changes: source4/dsdb/samdb/ldb_modules/rootdse.c | 12 1 files changed, 12 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 4f0b11b..6c2a1e6 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -1059,7 +1059,19 @@ static int rootdse_become_master(struct ldb_module *module, struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, loadparm); NTSTATUS status_call; WERROR status_fn; + bool am_rodc; struct dcerpc_binding_handle *irpc_handle; + int ret; + + ret = samdb_rodc(ldb, am_rodc); + if (ret != LDB_SUCCESS) { + return ldb_error(ldb, ret, Could not determine if server is RODC.); + } + + if (am_rodc) { + return ldb_error(ldb, LDB_ERR_UNWILLING_TO_PERFORM, +RODC cannot become a role master.); + } msg = messaging_client_init(tmp_ctx, lpcfg_messaging_path(tmp_ctx, lp_ctx), ldb_get_event_context(ldb)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3131082 s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS call via 739a4e4 s4-drsutils: expose DsBind() call in drs_utils.py via 06022da s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpers from 3b0d6fd s4-rodc: RODC should not accept requests for role transfer http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 31310826e02a398eec6569a9150a798ee216f745 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 20:47:03 2010 -0700 s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS call we can't do SPN updates via sam writes and replication, as the sam is read-only commit 739a4e4e2361fad17a4d041e2e0b4fc73a9d18c2 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 20:46:15 2010 -0700 s4-drsutils: expose DsBind() call in drs_utils.py this will be used by samba_spnupdate commit 06022dad70ec11ddbedc09a4a1fffe127ced2a06 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 28 20:43:58 2010 -0700 s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpers Our helper scripts can fail on Fedora with the PDT timezone (Western USA). This is the same issue we found with Heimdal earlier today, the 24 second difference between GMT and UTC, but this time in MIT Kerberos as linked into bind9. By forcing TZ=GMT in these scripts we avoid the problem Pair-Programmed-With: Andrew Bartlett abart...@samba.org --- Summary of changes: source4/scripting/bin/samba_dnsupdate |6 ++ source4/scripting/bin/samba_spnupdate | 73 ++ source4/scripting/python/samba/drs_utils.py | 75 ++- 3 files changed, 107 insertions(+), 47 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index 5ed46c3..a8a7e59 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -27,6 +27,12 @@ import tempfile # and don't get swallowed by a timeout os.putenv('PYTHONUNBUFFERED', '1') +# forcing GMT avoids a problem in some timezones with kerberos. Both MIT +# heimdal can get mutual authentication errors due to the 24 second difference +# between UTC and GMT when using some zone files (eg. the PDT zone from +# the US) +os.putenv(TZ, GMT) + # Find right directory when running from source tree sys.path.insert(0, bin/python) diff --git a/source4/scripting/bin/samba_spnupdate b/source4/scripting/bin/samba_spnupdate index 7c9ed4f..6a69f48 100755 --- a/source4/scripting/bin/samba_spnupdate +++ b/source4/scripting/bin/samba_spnupdate @@ -24,6 +24,12 @@ import os, sys # and don't get swallowed by a timeout os.putenv('PYTHONUNBUFFERED', '1') +# forcing GMT avoids a problem in some timezones with kerberos. Both MIT +# heimdal can get mutual authentication errors due to the 24 second difference +# between UTC and GMT when using some zone files (eg. the PDT zone from +# the US) +os.putenv(TZ, GMT) + # Find right directory when running from source tree sys.path.insert(0, bin/python) @@ -102,9 +108,6 @@ except ldb.LdbError, (num, msg): print(Unable to open sam database %s : %s % (lp.get(sam database), msg)) sys.exit(1) -if samdb.am_rodc(): -# don't try and update SPNs on RODC -exit(0) # get the substitution dictionary sub_vars = get_subst_vars(samdb) @@ -132,6 +135,8 @@ if not res or len(res) != 1: print(Failed to find computer object for %s$ % sub_vars['NETBIOSNAME']) sys.exit(1) +machine_dn = res[0][dn] + old_spns = [] for s in res[0]['servicePrincipalName']: old_spns.append(s) @@ -159,10 +164,58 @@ if add_list == []: print(Nothing to add) sys.exit(0) -# build the modify request -msg = ldb.Message() -msg.dn = res[0]['dn'] -msg[] = ldb.MessageElement(add_list, -ldb.FLAG_MOD_ADD, servicePrincipalName) -res = samdb.modify(msg) -sys.exit(0) +def local_update(add_list): +'''store locally''' +global res +msg = ldb.Message() +msg.dn = res[0]['dn'] +msg[] = ldb.MessageElement(add_list, + ldb.FLAG_MOD_ADD, servicePrincipalName) +res = samdb.modify(msg) + +def call_rodc_update(d): +'''RODCs need to use the writeSPN DRS call''' +global lp, sub_vars +from samba import drs_utils +from samba.dcerpc import drsuapi, nbt +from samba.net import Net + +if opts.verbose: +print(Using RODC SPN update) + +creds = credopts.get_credentials(lp) +creds.set_machine_account(lp) + +net = Net(creds=creds, lp=lp) +try: +cldap_ret = net.finddc(domain, nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE) +except Exception, reason: +