[Samba] problems with login and browsing on 3.5.4 LDAP PDC
I was running 3.0.25c (I think) LDAP PDC for a couple of years and just tried swapping in a new 3.5.4 setup. I had some problems so I wiped all the entries and *.tdb files, and started from scratch. Problem in a nutshell: I can't browse the domain normally, nor can I logon to the domain. However I can access the server shares fine if I point to the server specifically. SOMETIMES this will then cause browsing to succeed as well. Normally I can see the domain in network neighborhood but if I click on I get the domain is not accessible error. From a command prompt net view /domain:DOMAIN also typically produces an error 59. However if I net view \\SERVER then that works fine, and THEN I am sometimes able to successfully view the domain (about half the time sometimes more). I am able to successfully join machines to the domain (they show up in LDAP) but am unable to login to the domain from any of them. On XP/SP3 boxes the error is the system cannot log you on now because the domain DOMAIN is not available, while Windows 7 says there are currently no logon servers available to service the logon request I have looked at the smb/nmb/winbind logs at level 3 and near as I can tell everything is operating correctly although something seems to be crashing a lot--there are many entries about brl and lock database after unclean shutdown. I don't know SMB protocol very well but from watching some wireshark traces and reading the corresponding logs it looks like the nodes are negotiating IPC$ connection but not getting data. Client asks for copy 4, server offers copy 1, client negotiates TCP/IP session then closes, and everything starts over again. Perhaps once they authenticate (enough to view \\SERVER shares) the negotiation is reused and this is what works? Are there security permissions on IPC$ that need to be set? Where should I be looking and what should I be looking for? Thanks -- Eric A. Hall http://www.eric-a-hall.com/ Network Technology Research Grouphttp://www.ntrg.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error was Transport endpoint is not connected
I tried it with smb ports 139 to no avail. Same problem. The backup job takes that long because the windows box first runs an integrity check. If I just copy the file manually it takes a couple of minutes. As already mentioned the other samba server 3.4.7 works without any problems. What does that error message actually mean? Does it mean a network error has occurred, the server has run into a timeout, the server can no longer resolve the name of the client or what? Ideas are welcome. Rob On Fri, 2010-10-15 at 14:57 +0200, Gaiseric Vandal wrote: Did you try changing smb.conf on the NAS to be port 139 only? Also, it seems that 55 GB should not take one hour to copy (55 GBytes is 440 Gbit, and at 1 Gbit/sec and 60 secs / min, the transfer sohuld take about minutes- at least in theory.) I am guessing it is dropping because it tries to reestablish a connection part way through the transfer. On 10/15/2010 07:12 AM, robert.gehr wrote: Nice try. The backup fails exactly the moment the message appears in the log. So I would say it is something to worry about. Has really no one any ideas why this all of a sudden comes up. Thanks for any hints Rob On Tue, 2010-10-12 at 08:41 +0200, Daniel Müller wrote: This message only says: I established to one of the ports 139 or 445 and dropped the other. It is nothing to trouble about. --- EDV Daniel Mller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tbingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Montag, 11. Oktober 2010 16:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error was Transport endpoint is not connected By default samba listens on two TCP ports- 445 and 139. You can specify this in smb.conf smb ports = 445 139 445 is the newer smb over tcp.139 is the older smb over netbios over tcp/ip. 445 was for Windows 2000 and newer clients.. I am not sure why samba enables 445 by default since as far as I know it does not support smb-over-tcp (without the NBT/netbios over tcp stuff.)If you set smb ports = 139 in your smb.conf you should see endpoint messages disappear. I think what happens is Win 2000 (and newer) clients will initially try to connect on port 445, find it isn't really compatible, and then dump down to NBT on port 139. So your NAS may be occasionally connecting on port 139 without problems and occasionally connecting on port 445, and which point it fails. OR- the endpoint errors may be completely unrelated, but you just don't look for when when the NAS is working. Is the NAS part of the domain? Is it a windows or linux/samba based device? My samba server is a PDC. XP clients in the domain connect with no problems regardless of if smb ports is 139 only or 139 + 445. XP/Win7 clients NOT in the domain can't connect to shares if 445 is disabled, which indicates they are connecting to 445 1st. On 10/11/2010 08:57 AM, robert.gehr wrote: Hello All I used to back up a Mssql database (about 55GB) to a samba share without any problems. The samba server Server-A was running version 3.4.7 We just got one of those Netgear ReadyNas3200 things and I tried to backup up to a share there which sometimes works and sometimes not in wich case I get the following error: snip--- [2010/10/08 21:32:26.937834, 0] lib/util_sock.c:474(read_fd_with_timeout) [2010/10/08 21:32:26.966404, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. ---snap- The samba version on the ReadyNas is 3.5.4 On the windows side nothing has changed apart form the destination to the new share. The ReadyNas performs pretty well and I do not get any network errors or otherwise. To rule out some network problem I exported a nfs share on the ReadyNas which I mounted on Server-A, created a share on Server-A that points to the nfs-mount and ran a backup. No problems and no errors. Any ideas which buttons to push in order to get a reliable backup going again? From what I read this usually points to a problem on the client side but nothing has changed there. I could of course use the Server-A:smb-nfs-mount:ReadyNas solution but this is not what I want. Thanks Rob -- -- To unsubscribe from this list go to the following URL and read the instructions:
Re: [Samba] Setting up Samba4 - lots of implementation questions esp re. PKI and SSO
Hi On 19 October 2010 01:48, Paul Bradley paul.bradley.listm...@gmail.com wrote: I have a LOT of questions!!! This may take a while. I know some of this stuff is at the edge of what Samba4 is just becoming able to do, so if anyone who knows feels this is better posted on samba-technical I'd appreciate a cross-post from someone in a position to know for sure - I did consider posting it there straight away but I figured it's a dev list and I could at least get _some_ of my questions answered here first maybe. Well, the Samba4 HOWTO still says to post to samba-technical. I think some of the stuff you're asking about might also be appropriate for the heimdal mailing list. Anyway, I've copied the samba-technical list. I am setting up Samba4 for SSO on a home lan with VPN access. My needs are therefore relatively modest in terms of the more enterprise level features of S4 (awesome stuff by the way guys - what a project), but I do want to do some stuff like use a PKI structure with smartcards, manage group policy for the windows clients, use kerberos for single sign on and that sort of thing. We have a few PCs/Laptops/VMs and are setting up a VPN, so although it's not really enterprise level stuff I am doing a few things that are business like if you want to put it that way. I have mainly windows clients (Win7, WinXP VMs) but there are one or two linux VMs that I'd also like to get the benefits of samba4 with. I'm strongly getting the impression from reading over the past couple of days that samba4 has just recently reached the point of doing basically everything I need. Servers are linux and linux-like, applications are filesharing, ssh, vpn (probably going to be IPSEC/L2TP - haven't set that up yet, it's waiting on the PKI, and on the kerberos for authenticating sessions to services once the VPN connection is made), apache for a Joomla CMS and probably a couple of other bits and pieces that I've forgotten all about. My questions are: - I am a little confused about the PKI implementation. Especially as regards the particular details of how I should set up the X509 information in the certificates. I found this: http://middleware.internet2.edu/pki07/proceedings/slides/10-kornievskaia-pkinit-interop.pdf which seems quite detailed and covers quite a bit, in particular it mentions this: ---QUOTE-- CLIENT IDENTITY - Kerberos principal name encoded in X509 SAN - Mapping facility at the KDC - Must have X509 EKU fields /QUOTE-- So to handle those one at a time, principal name for a user would just be their username on the domain, or would it be the full CN like p...@mydomain.com ? The principal would be u...@realm. Then for a service (I've read http://technet.microsoft.com/en-us/library/cc961723.aspx) is the principal name something like smb/192.168.0.1/:139/fileserver which would specify a smb service on 192.168.0.1 on port 139 called fileserver, then fileserver would be the name that resolved to 192.168.0.1 in the DNS? What happens with multiple services on one server - do they all need separate keys and certificates since they each need a different service principal name? As far as I understand, yes, each service needs its own SPN. Perhaps it is enough to have more than one certificate each specifying a different SPN, but all using the same key, or if I did that would there be a security implication, since this might mean one service could masquerade as another? How do I specify when creating the certificates with OpenSSL what the SAN should be? As to the second part - Mapping facility at the KDC. I understand the KDC needs to map the user certificate onto a username on the domain (or perhaps more accurately some sort of GUID for the user) but how is this set up when using PKI - do I use the Microsoft domain administration tools to connect to Samba and bind the user certificates to the users? What about servers - presumably their keys (now stored on disk rather than on tokens/smartcards) also need to be in the directory so they can be mapped to the object in the directory and participate in the kerberos or indeed do PKINIT for eg. cron jobs which require connecting to other services? For the third part (X509 EKU fields) - are these the key usage fields? The Yes, I think it's extended key usage or something like that. stuff like signing encryption etc. etc.? How do I set these in OpenSSL when creating the certificates and what should I set them too? Also, is there much in particular I should be aware of when creating my CA? LDAP and X509 are probably my weakest points in understanding all this - can someone point me to a guide or give me some more information that can guide me in deciding how to name and structure things so as to avoid potential future issues. Now, as to the PKINIT I presume Samba4 will
[Samba] Our success story with samba4
Hi all, This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. This semester we have moved from samba 3.0.X DC to samba4 DC for students, and things are working great The move was predominantly driven by switching from Windows XP to Windows 7 desktop platform (but also by a need for proper group policy). Our setup is quite simple and includes: One samba4 DC (running on centos 5.5 x64) with nsd dns backend Two samba 3.3.8 domain members (running on centos 5.5 x64) providing file services and printing We also have Windows Server 2003 domain member ~340 Windows 7 x64 Workstations ~1900 users, that were imported from our previous samba3 domain with ldap back-end. Note that we did not move entire domain, but decided to start afresh, and existing users (and computers) were ported to the new domain. We use group policy to deploy various settings, user profiles, software and printers. So, please grab samba4, start using it, report the bugs, make it even better than it is :) Regards Luk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 Offline Files (CSC) not syncing from Samba 3.4.0 PDC
Hi All, I've been running a Samba 3.4.0 on Ubuntu 9.10 for over a year at a friend's office and it has been extremely stable. But I've suddenly hit a scenario where Windows 7 clients can no longer properly sync the main share as 'Offline Files' I found it highly unreliable under Vista Business, then Win7Pro seemed to work much better; but suddenly I am finding that the sync is succeeding but the files are not actually available offline. Here are the scenarios I am seeing: 1) A user updates an offline copy of an Open Office document or presentation. When the user sync's, the updated copy is sent to the server, but the local copy gets trashed and ceases to be available offline regardless of how many time it 'successfully' syncs. 2) I reformatted the offline files cache on a Win7Pro host today and started a fresh sync relationship with the folder. The first attempt to sync failed ~6600 out of ~6900 files claiming they were in use by another user/process - this was nonsense and smbstatus showed only one file open which was correct. I restarted smbd and then the sync completed with *NO ERRORS* - However as soon as the host was taken away from the network, almost all the offline files had crosses through them to indicate that they weren't available. Until 2-3 weeks ago, offline files appeared to be working reasonably well so I'm struggling to understand what has changed. I can find little information about the combination of Windows 7 Offline Files with a Samba PDC - Has anyone ever made this work reliably (or at least seen the same problem)?? Can anyone offer me any assistance with diagnosing the offline files cache on the windows side, or advise on what logging to set up on the Samba side to analyse this problem (or an alternative product that just works better!)? I've attached my smb.conf I do understand that this is the Samba list and not a Windows support list, but M$ aren't interested in helping Samba users ;-) Notes: - I've updated the registry to round up write times as documented on http://blogs.technet.com/b/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx - I follows the Samba wiki to enable Domain Compatibility Mode to join Windows 7 to the domain. - There are two users on Windows XP Home which access the Shared files without being domain members. No users Domain/Non-Domain have any problems accessing files while online in the office. Any help/advice/suggestions would be much appreciated :-) Regards Jonathan -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 Offline Files (CSC) not syncing from Samba 3.4.0 PDC
Hi All, I've been running a Samba 3.4.0 on Ubuntu 9.10 for over a year at a friend's office and it has been extremely stable. But I've suddenly hit a scenario where Windows 7 clients can no longer properly sync the main share as 'Offline Files' I found it highly unreliable under Vista Business, then Win7Pro seemed to work much better; but suddenly I am finding that the sync is succeeding but the files are not actually available offline. Here are the scenarios I am seeing: 1) A user updates an offline copy of an Open Office document or presentation. When the user sync's, the updated copy is sent to the server, but the local copy gets trashed and ceases to be available offline regardless of how many time it 'successfully' syncs. 2) I reformatted the offline files cache on a Win7Pro host today and started a fresh sync relationship with the folder. The first attempt to sync failed ~6600 out of ~6900 files claiming they were in use by another user/process - this was nonsense and smbstatus showed only one file open which was correct. I restarted smbd and then the sync completed with *NO ERRORS* - However as soon as the host was taken away from the network, almost all the offline files had crosses through them to indicate that they weren't available. Until 2-3 weeks ago, offline files appeared to be working reasonably well so I'm struggling to understand what has changed. I can find little information about the combination of Windows 7 Offline Files with a Samba PDC - Has anyone ever made this work reliably (or at least seen the same problem)?? Can anyone offer me any assistance with diagnosing the offline files cache on the windows side, or advise on what logging to set up on the Samba side to analyse this problem (or an alternative product that just works better!)? I've attached my smb.conf I do understand that this is the Samba list and not a Windows support list, but M$ aren't interested in helping Samba users ;-) Notes: - I've updated the registry to round up write times as documented on http://blogs.technet.com/b/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx - I follows the Samba wiki to enable Domain Compatibility Mode to join Windows 7 to the domain. - There are two users on Windows XP Home which access the Shared files without being domain members. No users Domain/Non-Domain have any problems accessing files while online in the office. Any help/advice/suggestions would be much appreciated :-) Regards Jonathan -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Missing files on cifs-mount
I have a cifs-mount on an ubuntu 10.04 client which do not show all files. On other machines I can see all 58,000 files in a folder but on this special machine I see only 122 files. The server is an brave old smbd Version 3.0.20b-3.5-SUSE serving a big network since years without anny troubles. I can see this files on the server as well as on windows-clients. The client making troubles is an ubuntu 10.04 server with a cifs client: mount.cifs version: 1.12-3.4.7 the config from the server: - [global] workgroup = netbios name = map to guest = Bad User username map = /etc/samba/smbusers log level = 1 vfs:2 unix extensions = No printcap name = cups add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile os level = 64 preferred master = Yes domain master = No ldap ssl = no cups options = raw include = /etc/samba/dhcp.conf ... ... [dataN] path = /var/share/dataN force group = users read only = No create mask = 0666 force create mode = 0660 directory mask = 0777 force directory mode = 0770 ... ... -- There is a real device mounted at /var/share/dataN (no link or symbolic link) and there are NO smb-entries below this mount-point. With other words: The whole tree is exportet and no subtree is accessed separately. Config at the client: if /etc/fstab: -- ... ... //xx.xx.xx.xx/dataN /mnt/xxx cifs rw,workgroup=,credentials=/root/xxx.cifs,nounix,iocharset=utf8,uid=1000,gid=1000 0 0 ... ... -- For example at one folder at the server there are 58,000 files and at the client I can only see the file 1 to 122. Thank you in advance for any help! -- Mit freundlichen Grüßen / best regards Ing. Rainer Pietsch -- PCS - Pichler Computer Systeme Inh. Claudia Pichler-Pietsch Hauptplatz 10 A-2751 Steinabrückl -- mail: r.piet...@pcs-at.com web: http://www.pcs-at.com tel.: +43 (2622) 420 19 / 15 mobil: +43 (676) 31 242 69 fax: +43 (2622) 420 19 / 20 -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting samba subfolder acl changes to admin users
Jeremy did you get a chance to look at this . can you please pass your comments on this.? Thanks Suresh -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: Monday, October 18, 2010 1:16 PM To: Kandukuru, Suresh Cc: j...@samba.org Subject: Re: [Samba] Restricting samba subfolder acl changes to admin users On Mon, Oct 18, 2010 at 12:12:55AM -0400, suresh.kanduk...@emc.com wrote: Thanks Jeremy and Volker. Clarified some of points.still little bit confusion for me. so, in summary if a user can change ACL, if he has write acess on the share and the ownership on subfolders / files inside it. here is is my test. 1) created share test , given write access to it for admin, user1 users. 2) connected to share with admin user and created sub folder test_subfldr in it. and given read access to user1 user . output of getfacl r...@storage:/mnt/soho_storage/samba/shares/SP0/test# getfacl test_subfldr/ # file: test_subfldr/ # owner: admin # group: users user::rwx user:user1:r-x group::rwx mask::rwx other::rwx default:user::rwx default:user:user1:r-x default:group::--- default:mask::rwx default:other::--- r...@storage:/mnt/soho_storage/samba/shares/SP0/test# -- 4) connected to test share with user1 , could not write into test_subfldr. and user1 has changed acl settings on test_subfldr to write access . why samba is allowing this? Though user1 has write access to share , he is not the owner of test_subfldr/.(admin is the owner for this) . user1 effectivly has read access on the test_subfldr. This might actually be a bug. Maybe Samba believes the user has write permissions due to the group having the w permission? Which group is the user member of? Jeremy, can this be a mis-mapping of Posix permissions to NTFS ACLs in the dos filemode permission check? Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error was Transport endpoint is not connected
The following may help explain the error: http://wiki.samba.org/index.php/Samba_Myths So if you copy the file it is OK, but if the backup job runs an integrity check first it fails? What is involved in the integrity check? Is it somehow opening a connection to the server before starting the integrity check? On 10/19/2010 03:05 AM, robert.gehr wrote: I tried it with smb ports 139 to no avail. Same problem. The backup job takes that long because the windows box first runs an integrity check. If I just copy the file manually it takes a couple of minutes. As already mentioned the other samba server 3.4.7 works without any problems. What does that error message actually mean? Does it mean a network error has occurred, the server has run into a timeout, the server can no longer resolve the name of the client or what? Ideas are welcome. Rob On Fri, 2010-10-15 at 14:57 +0200, Gaiseric Vandal wrote: Did you try changing smb.conf on the NAS to be port 139 only? Also, it seems that 55 GB should not take one hour to copy (55 GBytes is 440 Gbit, and at 1 Gbit/sec and 60 secs / min, the transfer sohuld take about minutes- at least in theory.) I am guessing it is dropping because it tries to reestablish a connection part way through the transfer. On 10/15/2010 07:12 AM, robert.gehr wrote: Nice try. The backup fails exactly the moment the message appears in the log. So I would say it is something to worry about. Has really no one any ideas why this all of a sudden comes up. Thanks for any hints Rob On Tue, 2010-10-12 at 08:41 +0200, Daniel Müller wrote: This message only says: I established to one of the ports 139 or 445 and dropped the other. It is nothing to trouble about. --- EDV Daniel Mller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tbingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Montag, 11. Oktober 2010 16:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error was Transport endpoint is not connected By default samba listens on two TCP ports- 445 and 139. You can specify this in smb.conf smb ports = 445 139 445 is the newer smb over tcp.139 is the older smb over netbios over tcp/ip. 445 was for Windows 2000 and newer clients.. I am not sure why samba enables 445 by default since as far as I know it does not support smb-over-tcp (without the NBT/netbios over tcp stuff.)If you set smb ports = 139 in your smb.conf you should see endpoint messages disappear. I think what happens is Win 2000 (and newer) clients will initially try to connect on port 445, find it isn't really compatible, and then dump down to NBT on port 139. So your NAS may be occasionally connecting on port 139 without problems and occasionally connecting on port 445, and which point it fails. OR- the endpoint errors may be completely unrelated, but you just don't look for when when the NAS is working. Is the NAS part of the domain? Is it a windows or linux/samba based device? My samba server is a PDC. XP clients in the domain connect with no problems regardless of if smb ports is 139 only or 139 + 445. XP/Win7 clients NOT in the domain can't connect to shares if 445 is disabled, which indicates they are connecting to 445 1st. On 10/11/2010 08:57 AM, robert.gehr wrote: Hello All I used to back up a Mssql database (about 55GB) to a samba share without any problems. The samba server Server-A was running version 3.4.7 We just got one of those Netgear ReadyNas3200 things and I tried to backup up to a share there which sometimes works and sometimes not in wich case I get the following error: snip--- [2010/10/08 21:32:26.937834, 0] lib/util_sock.c:474(read_fd_with_timeout) [2010/10/08 21:32:26.966404, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. ---snap- The samba version on the ReadyNas is 3.5.4 On the windows side nothing has changed apart form the destination to the new share. The ReadyNas performs pretty well and I do not get any network errors or otherwise. To rule out some network problem I exported a nfs share on the ReadyNas which I mounted on Server-A, created a share on Server-A that points to the nfs-mount and ran a backup. No problems and no errors. Any ideas which buttons to push in order to get a reliable backup going again? From what I read this usually points to a problem on the client side but nothing has changed there. I could of course use the Server-A:smb-nfs-mount:ReadyNas
Re: [Samba] problems with login and browsing on 3.5.4 LDAP PDC
Is your samba server also a WINS server? That may help browsing issues. Do you have smb ports defined in smb.conf? The default is smb ports = 445 139 I found if I set smb ports = 139 some clients would have trouble locating shares or authenticating to servers. wiki.samba.org should have the registry settings required to let Windows 7 machines join on a Samba domain. Also, make sure that you do have correct group mappings for the key well know windows groups (including Administrators, Domain Admins, Users) # net groupmap list I would concentrate on the XP machines first since they don't need the registry changes. Also, the windows diagnostic tools (netdiag, dcdiag, nbtstat ?) may help you determine which domain controller and master browser the client is using. On 10/19/2010 02:02 AM, Eric A. Hall wrote: I was running 3.0.25c (I think) LDAP PDC for a couple of years and just tried swapping in a new 3.5.4 setup. I had some problems so I wiped all the entries and *.tdb files, and started from scratch. Problem in a nutshell: I can't browse the domain normally, nor can I logon to the domain. However I can access the server shares fine if I point to the server specifically. SOMETIMES this will then cause browsing to succeed as well. Normally I can see the domain in network neighborhood but if I click on I get the domain is not accessible error. From a command prompt net view /domain:DOMAIN also typically produces an error 59. However if I net view \\SERVER then that works fine, and THEN I am sometimes able to successfully view the domain (about half the time sometimes more). I am able to successfully join machines to the domain (they show up in LDAP) but am unable to login to the domain from any of them. On XP/SP3 boxes the error is the system cannot log you on now because the domain DOMAIN is not available, while Windows 7 says there are currently no logon servers available to service the logon request I have looked at the smb/nmb/winbind logs at level 3 and near as I can tell everything is operating correctly although something seems to be crashing a lot--there are many entries about brl and lock database after unclean shutdown. I don't know SMB protocol very well but from watching some wireshark traces and reading the corresponding logs it looks like the nodes are negotiating IPC$ connection but not getting data. Client asks for copy 4, server offers copy 1, client negotiates TCP/IP session then closes, and everything starts over again. Perhaps once they authenticate (enough to view \\SERVER shares) the negotiation is reused and this is what works? Are there security permissions on IPC$ that need to be set? Where should I be looking and what should I be looking for? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.6 - configure creates Makefile with errors on Solaris 10
Greetings, I was able to get 3.4.9 to build on my Solaris 10 boxes - but nothing later. I've been building my own samba from source for far longer than I care to admit (because I should know more about samba by now than I do.) I've never had so many problems building the source has I have had the past several months. I am going to look into the points that Gaiseric Vandal has brought up. I am already using Sunfreeware's gcc. I got past my latest make issue by using Sunfreeware's version of Make rather then the one found in /usr/ccs/bin (which has never been a problem in the past.) Following a tip I found at http://forums.sun.com/thread.jspa?threadID=5445706 I added -lintl to the LIBS option in the Makefile. Line 25 That got me as far as linking winbind: - ... Linking shared library bin/pam_winbind.so Undefined first referenced symbol in file libintl_bindtextdomain ../nsswitch/pam_winbind.o libintl_dgettext../nsswitch/pam_winbind.o ld: fatal: Symbol referencing errors. No output written to bin/pam_winbind.so collect2: ld returned 1 exit status make: *** [bin/pam_winbind.so] Error 1 - Which has me now stopped at the same place on both my Solaris 9 and Solaris 10 builds. On Solaris 9 I have not been able to get a FULLY working version of Samba with AD support past version 3.2.15. -Bob On 10/18/2010 02:25 PM, Joe Cammisa wrote: i've had no problem compiling up to 3.4.8 on several solaris10 boxes at varying patch levels; but for some reason i can't get anywhere with 3.5.x. has anyone else been successful in this regard? any tips appreciated--thanks all in advance... -joe On Mon, Oct 18, 2010 at 2:13 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Have you tried the precompiled samba version from sunfreeware.com? It is only 3.4.2 but should have AD support. It won't have ZFS support (an issue for Solaris 10 but Solaris 9.) the winbind nsswitch stuff may be require a little work to setup. -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to compile Samba 3.5.6 on Solaris 9 - more winbind issues
Greetings, Just for completeness I am seeing the same problem building Samba 3.5.6 under Solaris 10: Had to manually add -lintl to the LIBS option in the Makefile. ... Linking shared library bin/pam_winbind.so Undefined first referenced symbol in file libintl_bindtextdomain ../nsswitch/pam_winbind.o libintl_dgettext../nsswitch/pam_winbind.o ld: fatal: Symbol referencing errors. No output written to bin/pam_winbind.so collect2: ld returned 1 exit status make: *** [bin/pam_winbind.so] Error 1 On 10/18/2010 10:01 AM, Robert M. Martel - CSU wrote: Greetings, No helpful hints have been offered to my winbind issues with Samba 3.4.9 and Solaris 9 I started trying to build Samba 3.5.6. Using gcc 3.4.6. I added -lintl to the LIBS option in the Makefile which cleared some earlier linker errors involving libintl_gettext, libintl_textdomain and libintl_bindtextdomain being undefined, except with winbind: Linking shared library bin/pam_winbind.so Undefined first referenced symbol in file libintl_bindtextdomain ../nsswitch/pam_winbind.o libintl_dgettext ../nsswitch/pam_winbind.o ld: fatal: Symbol referencing errors. No output written to bin/pam_winbind.so collect2: ld returned 1 exit status make: *** [bin/pam_winbind.so] Error 1 I have not been able to get any version of Samba beyond 3.2.15 to build on Solaris 9 with support for Active Directory. Any later 3.2 version I see run-time errors with winbind which is why I decided to give 3.5 a try. -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] CTDB starting statd without -n gfs -H /etc/ctdb/statd-callout
Hello, First and foremost, thanks *very* much for ctdb. It's a joy to use after banging around with other HA solutions. We're planning to use it to export Samba and NFS shares throughout campus. I'm having one problem with the NFS part though. When ctdbd first starts statd (we're using CTDB_MANAGES_NFS=yes), it does so without appending the stuff in the STATD_HOSTNAME variable in /etc/sysconfig/nfs, which is where the statd-callout script is passed to statd. In our case, this means that statd is running as rpc.statd -p 662 -o 2020 instead of rpc.statd -n gfs -H /etc/ctdb/statd-callout -p 662 -o 2020 I could be wrong, but it looks to me that ctdb is using the nfslock init script to start statd. This script doesn't use $STATD_HOSTNAME at all, so it follows that the statd-callout script isn't passed to statd. If I kill statd and let ctdb start the 60.nfs script restart it when it monitors, then statd is run with the correct statd-callout script, since 60.nfs does append the $STATD_HOSTNAME variable when rpc.statd is invoked. And the same is true if I change the nfslock init script so that it appends the $STATD_HOSTNAME. This is an up-to-date CentOS 5.5 OS, with CTDB pulled from the git repository last week. One quick unrelated question about CTDB -- the documentation states that the CTDB_NODES IP addresses should live on a private non-routable subnet which is only used for internal cluster traffic. This this a requirement? I have our cluster nodes on one part of a /24 (which is routable to our organization, but not to the internet), and the CTDB_PUBLIC_ADDRESSES on another part. This seems to be working fine, but I wanted to check that I wasn't doing something that would bite us later. Thanks again for CTDB and Samba! Best, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind on Samba 3.5.5 (centos5)
Folks, Having some fun with winbind on Samba 3.5.5 on RHEL5 and/or Centos5. I’ve got it working so ssh logins work correctly and file permissions are seemingly correct with created files etc. Backend authentication is from a Win2K3R2 box running RFC2372 extensions (ie not SFU) and all UIDs etc are assigned for the users who need them. However, wbinfo returns some interesting things. We’re in a reasonably sized AD forest and there seems to be some ID mashing going on. If I do wbinfo –u it will sniff out the entire forest and return anything its allowed to as well as the local domain, obviously this can be filtered by using --domain=DOMAIN which sometimes works well, groups also. Things that don’t work: wbinfo -i returns ‘could not get info for user’ wbinfo -r returns ‘could not get groups for user’ wbinfo -Y returns ‘could not convert sid’ wbinfo --user-sidinfo returns ‘couldn’t get info for user’ wbinfo --user-sids also returns failure. Things that do: wbinfo -S my-username-SID correctly returns my UID of 666 wbinfo -s my-username-SID correctly returns DOMAIN+Username getent group getent passwd Wish I could remember what I changed, but at some point wbinfo -u username DID work but returned a UID of 147, no idea where it got that from as I even deleted the idmap cache files etc. Also if I browse to a share and create a file it ends up with the UID/GID of a user in a completely different domain! Current smb.conf: [global] workgroup = CAM realm = CAM.CW.LOCAL server string = test-samba server (CentOS 5) interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS map to guest = Bad User password server = 172.31.134.30 log level = 100 log file = /var/log/samba/%m.log printcap name = cups wins server = 172.31.134.30 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = + winbind cache time = 5 winbind use default domain = Yes winbind trusted domains only = Yes idmap config CAM: range = 100- idmap config CAM: backend = ad idmap config CAM: schema_mode = rfc2307 idmap config CAM: default = yes [homes] comment = Home Directories read only = No create mask = 0664 directory mask = 0775 browseable = No [docs] path = /usr/share/doc/samba3/htmldocs guest ok = Yes Anyone? Kerberos seems to be acting ok too, otherwise SSH logins wouldn't work? -- adrian/witchy Owner of Binary Dinosaurs, the UK's biggest home computer collection? www.binarydinosaurs.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Our success story with samba4
Hi, Tue, Oct 19, 2010 at 10:12:16AM +0100, Lukasz Zalewski napsal(a): This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. it's nice to know it. How you cooperate with other systems required LDAP accounts and some additional data? As I know there is no complete support for external LDAP server which is stopper for us. Do you mirror user's account to external LDAP or you don't need it at all? Best regards, Luf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Our success story with samba4
On 10/19/2010 03:53 PM, Ludek Finstrle wrote: Hi Ludek, Hi, Tue, Oct 19, 2010 at 10:12:16AM +0100, Lukasz Zalewski napsal(a): This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. it's nice to know it. How you cooperate with other systems required LDAP accounts and some additional data? As I know there is no complete support for external LDAP server which is stopper for us. Do you mirror user's account to external LDAP or you don't need it at all? Yeah we still maintain openldap backend (which provides core functionality for the school) - the way i see it is that samba account information has moved from openldap to s4. AFAICT (but would like to be proven wrong) s4 allows the storage of posix account attributes, but i do not think you can add custom schemas to it. I suspect this behaviour is probably no different to real AD Regards Luk Best regards, Luf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems with login and browsing on 3.5.4 LDAP PDC
On 10/19/2010 9:47 AM, Gaiseric Vandal wrote: Is your samba server also a WINS server? That may help browsing issues. The nodes don't have any problems finding or communicating with the server, the server just does not want to provide data. I have three distinct networks that are interconnected by routers. Each segment has a local DHCP/DNS/WINS/etc server that assigns H-Node WINS options to the local clients, and in addition the broadcasts on 137/138 are also forwarded from each segment to the WINS servers on the other segments. What this means is clients try to resolve a name by asking the local server, then will broadcast a query which is forwarded to the other servers, which they answer. If a TCP session is required (such as fetching a browse list via port 139) then that also happens as expected, once the client knows the server to contact. This works for local and remote nodes alike. From a client on network A that is trying to browse Windows 2003 domain on network B, I can see the TCP session established, the challenge and response negotiation, the Tree Connect AndX Request and Response, the LANMAN server enumeration exchange, and orderly shutdown. When using the same client to browse the Samba domain on network C, I can see the TCP session established, the challenge and response negotiation, the Tree Connect AndX Request and Response, but then the client shuts down the session without trying to enumerate the LANMAN servers. This cycle repeats 4 times for every failed browse attempt indicating that the client believes it should be able to get an answer from the server. Both responses show STATUS_SUCCESS in the SMB message. The only potential difference that I can see between them is that the Samba response shows Security signatures are not supported in the reply message. Perhaps this is preventing the client from following up with the LANMAN request to enumerate the servers? Also I have long since set the registry options needed for signatures, and this same configuration was working before the upgrade. Did something about this change recently? Do you have smb ports defined in smb.conf? I don't have it defined and am using the defaults. It does not seem to be causing any problems. wiki.samba.org should have the registry settings required to let Windows 7 machines join on a Samba domain. I have already made those changes and like I said I am able to join the Win7 client to the domain and can view \\SERVER shares, but cannot browse the domain or login to the server. I would concentrate on the XP machines first since they don't need the registry changes. Yes that is what I'm doing. I have XP/SP3, Windows Server 2003 (and R2), and Windows 7, but am focusing on XP/SP3. Also, make sure that you do have correct group mappings for the key well know windows groups (including Administrators, Domain Admins, Users) # net groupmap list [ 12:39:47 -- bulldog:/root/ ] [ root# ] net groupmap list Domain Admins (S-1-5-21-[...]-512) - Domain Admins Domain Users (S-1-5-21-[...]-513) - Domain Users Domain Guests (S-1-5-21-[...]-514) - Domain Guests Domain Computers (S-1-5-21-[...]-515) - Domain Computers Local Admins (S-1-5-32-544) - Local Admins Local Users (S-1-5-32-545) - users Local Guests (S-1-5-32-546) - nobody For a while I thought it might be related to guest/nobody mapping but I have exhausted all of the permutations there. I have tried smbusers mapping, putting guest into LDAP, etc., and none of it seems to make much any difference in the logs or with the problem at hand. Also, the windows diagnostic tools (netdiag, dcdiag, nbtstat ?) may help you determine which domain controller and master browser the client is using. nbtstat is able to display remote data but it does not use the SMB/LANMAN enumeration over IPC$ which is where the problem seems to lie. Local utilities on the Samba server also seem to express normally although I am happy to try specific things if somebody will name them. I am able to use USRMGR.EXE to connect to the server and view/modify user accounts successfully. I have not looked at the others yet. Thanks for the help On 10/19/2010 02:02 AM, Eric A. Hall wrote: I was running 3.0.25c (I think) LDAP PDC for a couple of years and just tried swapping in a new 3.5.4 setup. I had some problems so I wiped all the entries and *.tdb files, and started from scratch. Problem in a nutshell: I can't browse the domain normally, nor can I logon to the domain. However I can access the server shares fine if I point to the server specifically. SOMETIMES this will then cause browsing to succeed as well. Normally I can see the domain in network neighborhood but if I click on I get the domain is not accessible error. From a command prompt net view /domain:DOMAIN also typically produces an error 59. However if I net view \\SERVER then that works fine, and THEN I am sometimes able to successfully view the domain (about half the time sometimes more).
Re: [Samba] problems with login and browsing on 3.5.4 LDAP PDC
On 10/19/2010 12:45 PM, Eric A. Hall wrote: Both responses show STATUS_SUCCESS in the SMB message. The only potential difference that I can see between them is that the Samba response shows Security signatures are not supported in the reply message. Perhaps this is preventing the client from following up with the LANMAN request to enumerate the servers? Also I have long since set the registry options needed for signatures, and this same configuration was working before the upgrade. Did something about this change recently? Yes, yes it did. The old install had server signing = auto but this seems to break the new one. Setting the following options fixes it: server signing = disabled smb encrypt = disabled Is there a paper discussing these options in detail? Is there something I should add to my group policy files to make this work better? -- Eric A. Hall http://www.eric-a-hall.com/ Network Technology Research Grouphttp://www.ntrg.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems with login and browsing on 3.5.4 LDAP PDC
Maybe I missed it- but do you have problems if the client and server are on the same network segment? Are all the local WINS servers samba servers or something else? On 10/19/2010 12:45 PM, Eric A. Hall wrote: On 10/19/2010 9:47 AM, Gaiseric Vandal wrote: Is your samba server also a WINS server? That may help browsing issues. The nodes don't have any problems finding or communicating with the server, the server just does not want to provide data. I have three distinct networks that are interconnected by routers. Each segment has a local DHCP/DNS/WINS/etc server that assigns H-Node WINS options to the local clients, and in addition the broadcasts on 137/138 are also forwarded from each segment to the WINS servers on the other segments. What this means is clients try to resolve a name by asking the local server, then will broadcast a query which is forwarded to the other servers, which they answer. If a TCP session is required (such as fetching a browse list via port 139) then that also happens as expected, once the client knows the server to contact. This works for local and remote nodes alike. From a client on network A that is trying to browse Windows 2003 domain on network B, I can see the TCP session established, the challenge and response negotiation, the Tree Connect AndX Request and Response, the LANMAN server enumeration exchange, and orderly shutdown. When using the same client to browse the Samba domain on network C, I can see the TCP session established, the challenge and response negotiation, the Tree Connect AndX Request and Response, but then the client shuts down the session without trying to enumerate the LANMAN servers. This cycle repeats 4 times for every failed browse attempt indicating that the client believes it should be able to get an answer from the server. Both responses show STATUS_SUCCESS in the SMB message. The only potential difference that I can see between them is that the Samba response shows Security signatures are not supported in the reply message. Perhaps this is preventing the client from following up with the LANMAN request to enumerate the servers? Also I have long since set the registry options needed for signatures, and this same configuration was working before the upgrade. Did something about this change recently? Do you have smb ports defined in smb.conf? I don't have it defined and am using the defaults. It does not seem to be causing any problems. wiki.samba.org should have the registry settings required to let Windows 7 machines join on a Samba domain. I have already made those changes and like I said I am able to join the Win7 client to the domain and can view \\SERVER shares, but cannot browse the domain or login to the server. I would concentrate on the XP machines first since they don't need the registry changes. Yes that is what I'm doing. I have XP/SP3, Windows Server 2003 (and R2), and Windows 7, but am focusing on XP/SP3. Also, make sure that you do have correct group mappings for the key well know windows groups (including Administrators, Domain Admins, Users) # net groupmap list [ 12:39:47 -- bulldog:/root/ ] [ root# ] net groupmap list Domain Admins (S-1-5-21-[...]-512) - Domain Admins Domain Users (S-1-5-21-[...]-513) - Domain Users Domain Guests (S-1-5-21-[...]-514) - Domain Guests Domain Computers (S-1-5-21-[...]-515) - Domain Computers Local Admins (S-1-5-32-544) - Local Admins Local Users (S-1-5-32-545) - users Local Guests (S-1-5-32-546) - nobody For a while I thought it might be related to guest/nobody mapping but I have exhausted all of the permutations there. I have tried smbusers mapping, putting guest into LDAP, etc., and none of it seems to make much any difference in the logs or with the problem at hand. Also, the windows diagnostic tools (netdiag, dcdiag, nbtstat ?) may help you determine which domain controller and master browser the client is using. nbtstat is able to display remote data but it does not use the SMB/LANMAN enumeration over IPC$ which is where the problem seems to lie. Local utilities on the Samba server also seem to express normally although I am happy to try specific things if somebody will name them. I am able to use USRMGR.EXE to connect to the server and view/modify user accounts successfully. I have not looked at the others yet. Thanks for the help On 10/19/2010 02:02 AM, Eric A. Hall wrote: I was running 3.0.25c (I think) LDAP PDC for a couple of years and just tried swapping in a new 3.5.4 setup. I had some problems so I wiped all the entries and *.tdb files, and started from scratch. Problem in a nutshell: I can't browse the domain normally, nor can I logon to the domain. However I can access the server shares fine if I point to the server specifically. SOMETIMES this will then cause browsing to succeed as well. Normally I can see the domain in network neighborhood but if I click on I
[Samba] Highly-available file server question..
I'm working on a project which requires a highly-available Samba service in a hurry. We multiple (3) servers with access to SAN storage using Oracle OCFS2 (clustered filesystem, allows each of the 3 nodes to simultaneously access to the same SAN disk). We need to somehow provide Windows clients with access to a location on this shared SAN disk, using Samba. OS is RHEL 5.5. I can run samba on any/all of the 3 nodes, and have Cisco ACE's at our disposal too if that helps. We don't have clustering software to use for the Samba service itself, and need to either run it on some or all of the nodes and somehow direct clients to one of them. Ideally, windows clients will be provided with one UNC to access the share, and ideally will be able to use this regardless of which node is actively servicing their request. At first, I was hoping we could use something like RHEL clustering for the Samba service. This isn't possible due to cost and other issues. I thought maybe we could go with DNS round-robin, pointing at the 3 Samba servers.. This is better than nothing, but doesn't handle a down node very gracefully (some clients will resolve to a down server). Has anyone used ACE's to load-balance Samba? Can anyone recommended configuration for something like this, or maybe suggest a better way to do it? I'm open to ideas! _ John Delisle | Business Analyst | Ceridian Canada Ltd. | ceridian.ca 400 ? 125 Garry Street | Winnipeg, MB R3C 3P2 | p: 204-975-5909 | john_deli...@ceridian.ca This communication is intended to be received only by the individual[s] or entity[s] to whom or to which it is addressed, and contains information which is confidential, privileged and subject to copyright. Any unauthorized use, copying, review or disclosure is prohibited. Please notify the sender immediately if you have received this communication in error [by calling collect, if necessary] so that we can arrange for its return at our expense. Thank you in advance for your anticipated assistance and cooperation. Cette communication est destinée uniquement à la personne ou à la personne morale à qui elle est adressée. Elle contient de l’information confidentielle, protégée par le secret professionnel et sujette à des droits d'auteurs. Toute utilisation, reproduction, consultation ou divulgation non autorisées sont interdites. Nous vous prions d’aviser immédiatement l’expéditeur si vous avez reçu cette communication par erreur (en appelant à frais virés, si nécessaire), afin que nous puissions prendre des dispositions pour en assurer le renvoi à nos frais. Nous vous remercions à l’avance de votre coopération. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Highly-available file server question..
On Tue, Oct 19, 2010 at 12:34 PM, john_deli...@ceridian.ca wrote: We multiple (3) servers with access to SAN storage using Oracle OCFS2 (clustered filesystem, allows each of the 3 nodes to simultaneously access to the same SAN disk). We need to somehow provide Windows clients with access to a location on this shared SAN disk, using Samba. OS is RHEL 5.5. have you looked into DFS? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Highly-available file server question..
I wasn't sure DFS was a good fit, my understanding of DFS is limited (reading up today..). From what I've read it seems I'd need to host the DFS root on a highly-available server, and have links from there to my three single hosts (all with shared SAN access). Unfortunately, I only have these three servers to work with. Is there a way I can use DFS with just the three nodes to create a highly available DFS configuration? Sorry if my terminology is off a little, I'm pretty new to DFS. _ John Delisle | Business Analyst | Ceridian Canada Ltd. | ceridian.ca 400 ? 125 Garry Street | Winnipeg, MB R3C 3P2 | p: 204-975-5909 | john_deli...@ceridian.ca Chris Weiss cwe...@gmail.com 2010/10/19 12:55 PM To john_deli...@ceridian.ca, samba samba@lists.samba.org cc Subject Re: [Samba] Highly-available file server question.. On Tue, Oct 19, 2010 at 12:34 PM, john_deli...@ceridian.ca wrote: We multiple (3) servers with access to SAN storage using Oracle OCFS2 (clustered filesystem, allows each of the 3 nodes to simultaneously access to the same SAN disk). We need to somehow provide Windows clients with access to a location on this shared SAN disk, using Samba. OS is RHEL 5.5. have you looked into DFS? This communication is intended to be received only by the individual[s] or entity[s] to whom or to which it is addressed, and contains information which is confidential, privileged and subject to copyright. Any unauthorized use, copying, review or disclosure is prohibited. Please notify the sender immediately if you have received this communication in error [by calling collect, if necessary] so that we can arrange for its return at our expense. Thank you in advance for your anticipated assistance and cooperation. Cette communication est destinée uniquement à la personne ou à la personne morale à qui elle est adressée. Elle contient de l’information confidentielle, protégée par le secret professionnel et sujette à des droits d'auteurs. Toute utilisation, reproduction, consultation ou divulgation non autorisées sont interdites. Nous vous prions d’aviser immédiatement l’expéditeur si vous avez reçu cette communication par erreur (en appelant à frais virés, si nécessaire), afin que nous puissions prendre des dispositions pour en assurer le renvoi à nos frais. Nous vous remercions à l’avance de votre coopération. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba and sleep
Hello, I built a home network storage using a dedicated computer running a Debian distro with Samba. Since I don't need it always up, I activated the sleep mode feature on Debian. My problem is that this computer is going to sleep mode, even if Samba is connected. Does anybody here have an idea on: - how I can forbid my computer sleep mode when Samba is connected ? - how I can allow it back when it is disconnected? Thx, br, Olive -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and sleep
On Tue, Oct 19, 2010 at 08:54:38PM +0200, Olivier Arnaud wrote: I built a home network storage using a dedicated computer running a Debian distro with Samba. Since I don't need it always up, I activated the sleep mode feature on Debian. My problem is that this computer is going to sleep mode, even if Samba is connected. Does anybody here have an idea on: - how I can forbid my computer sleep mode when Samba is connected ? I guess you could check smbstatus, although then the question is: Does anyone being logged in to a share mean no sleep allowed or should that only be the case if file accesses are actually happening? - how I can allow it back when it is disconnected? How would it know a client wants to connect later? Really, servers don't sleep. Simple as that. Sleep is for client machines that only care about when a human wants them to respond. -- Len Sorensen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.7 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The last cifs-utils release (4.6) was on July 30th, so it's probably a good time to go ahead and release a new one with kernel 2.6.36 shipping soon. Major highlights: - - new cifscreds program has been added. This will eventually allow for stashing of username/password in the kernel's keyring for use by cifs. Kernel code for this is not in place yet, and the program is not yet built by default. Configuring with --enable-cifscreds=yes will enable it. - - timeouts for things like mtab locking now use monotonic time and should no longer have problems if the clock jumps ...plus the usual assortment of minor bugfixes and manpage updates. webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit 6739b667677b28740b87ede94e53dfc500718acb Author: Jeff Layton jlay...@samba.org Date: Tue Oct 19 14:59:49 2010 -0400 autoconf: bump release to 4.7 Signed-off-by: Jeff Layton jlay...@samba.org commit 202f4b43209da32afc7ce5445a8f561c354c8f82 Author: Jeff Layton jlay...@samba.org Date: Fri Oct 8 15:11:58 2010 -0400 manpage: add mount.cifs manpage entry for multiuser option Signed-off-by: Jeff Layton jlay...@samba.org commit d90691a283d0f2ed928476fc96970b1ef2a28662 Author: Jeff Layton jlay...@samba.org Date: Fri Oct 8 15:11:57 2010 -0400 mount.cifs: reinstate ip= as an override for address resolution The manpage says: ip=arg sets the destination IP address. This option is set automatically if the server name portion of the requested UNC name can be resolved so rarely needs to be specified by the user. ...but recent changes have made it not work anymore as an override if someone specifies an ip= option as part of the mount options. Reinstate that behavior by copying the ip= option verbatim into the addrlist of the parsed options struct and then skipping the name resolution. That should allow the ip= option to pass unadulterated to the kernel. Signed-off-by: Jeff Layton jlay...@samba.org commit f2daa2a08bf8706f90e1154272c5bfe6279895cd Author: Björn Jacke b...@sernet.de Date: Tue Aug 24 13:30:05 2010 -0400 mount.cifs: use monotonic time for timeouts this is especially important during the boot process, where the clock is often being set initially and clock jumps are more common. commit 79774488814b0f5267644628e31c07c7ac380a65 Author: Björn Jacke b...@sernet.de Date: Tue Aug 24 13:29:59 2010 -0400 autoconf: add checks for clock_gettime commit 909c1bac5eb3b1fc677ef0d4de011cb68e999d15 Author: Igor Druzhinin jaxbr...@gmail.com Date: Fri Aug 20 14:53:38 2010 -0400 cifs-utils: infrastructure for stashing passwords in keyring It is a userspace part of a new infrastructure for stashing passwords in kernel keyring per user basis. The patch adds the cifscreds utility for management keys with credentials. Assembling of the utility from the distribution is possible with --enable-cifscreds=yes option of configure script. Signed-off-by: Igor Druzhinin jaxbr...@gmail.com commit c546d8d786f70204968fbc78d276bc2c8d2eb670 Author: Igor Druzhinin jaxbr...@gmail.com Date: Fri Aug 20 14:53:05 2010 -0400 cifs-utils: moving resolve_host into separate file The resolve_host routine from mount.cifs is carried out in separate file and appropriate corrections are made. Signed-off-by: Igor Druzhinin jaxbr...@gmail.com commit 2b2ce5830fec4317e0c264115cf93e64344b1417 Author: Suresh Jayaraman sjayara...@suse.de Date: Wed Aug 4 07:55:54 2010 -0400 mount.cifs: remove redundant error assignment Avoid setting error code twice by moving error handling out of add_mtab_exit block. We already set error code and report error in other places. Signed-off-by: Suresh Jayaraman sjayara...@suse.de commit 796c714569f5a2d1563f284d94333f2971217417 Author: Jeff Layton jlay...@samba.org Date: Wed Aug 4 06:35:24 2010 -0400 autoconf: bump version number to 4.6.1 for non-release builds Signed-off-by: Jeff Layton jlay...@samba.org - -- Jeff Layton jlay...@samba.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAky98dYACgkQyP0gxQMdzIDiFQCfclgv5NgozZUEYsdKHFSTUNZI wm0AoKsqHk1FT1Wzz32KqSxr3Psr9ZEq =Q3yq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading Samba-LDAP
I am looking to upgrade my Samba server to Samba 3.5.x from Samba 3.0.20 and openldap from 2.2.13 to 2.3.43. Is there anyway to do this and still keep my current domain intact? The interest in upgrading is so that we can suppport Win 7 systems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrading Samba-LDAP
I am looking to upgrade my Samba server to Samba 3.5.x from Samba 3.0.20 and openldap from 2.2.13 to 2.3.43. Is there anyway to do this and still keep my current domain intact? The interest in upgrading is so that we can suppport Win 7 systems. Of course you can keep your current domain intact. Do you have more than 1 ldap server? I highly recommend that. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind on Samba 3.5.5 (centos5)
W dniu 19.10.2010 16:50, Adrian Graham pisze: Folks, Having some fun with winbind on Samba 3.5.5 on RHEL5 and/or Centos5. I’ve got it working so ssh logins work correctly and file permissions are seemingly correct with created files etc. Backend authentication is from a Win2K3R2 box running RFC2372 extensions (ie not SFU) and all UIDs etc are assigned for the users who need them. However, wbinfo returns some interesting things. We’re in a reasonably sized AD forest and there seems to be some ID mashing going on. If I do wbinfo –u it will sniff out the entire forest and return anything its allowed to as well as the local domain, obviously this can be filtered by using --domain=DOMAIN which sometimes works well, groups also. Things that don’t work: wbinfo -i returns ‘could not get info for user’ wbinfo -r returns ‘could not get groups for user’ wbinfo -Y returns ‘could not convert sid’ wbinfo --user-sidinfo returns ‘couldn’t get info for user’ wbinfo --user-sids also returns failure. Things that do: wbinfo -S my-username-SID correctly returns my UID of 666 wbinfo -s my-username-SID correctly returns DOMAIN+Username getent group getent passwd Wish I could remember what I changed, but at some point wbinfo -u username DID work but returned a UID of 147, no idea where it got that from as I even deleted the idmap cache files etc. Also if I browse to a share and create a file it ends up with the UID/GID of a user in a completely different domain! Current smb.conf: [global] workgroup = CAM realm = CAM.CW.LOCAL server string = test-samba server (CentOS 5) interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS map to guest = Bad User password server = 172.31.134.30 log level = 100 log file = /var/log/samba/%m.log printcap name = cups wins server = 172.31.134.30 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = + winbind cache time = 5 winbind use default domain = Yes winbind trusted domains only = Yes idmap config CAM: range = 100- idmap config CAM: backend = ad idmap config CAM: schema_mode = rfc2307 idmap config CAM: default = yes [homes] comment = Home Directories read only = No create mask = 0664 directory mask = 0775 browseable = No [docs] path = /usr/share/doc/samba3/htmldocs guest ok = Yes Anyone? Kerberos seems to be acting ok too, otherwise SSH logins wouldn't work? Winbind in samba 3.5 is something broken. I try samba 3.5.3, 3.5.4 and the latest 3.5.6 and i have problems. For example: I connect to samba share (samba are member of AD) from Windows 7 x86_64 and when i create file, root is the owner, but it shuld be me (user, that connect to this share). For me it is messy. Again i switch back to samba 3.4.9 to use winbind Samba 3.5.6 have broken acls to - when i try to change and populate acl trough the directories i have error: bad argument and operation stopped. So many hours spend with it. I.Piasecki -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Highly-available file server question..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/10/2010, at 4:31 AM, john_deli...@ceridian.ca wrote: I wasn't sure DFS was a good fit, my understanding of DFS is limited (reading up today..). As i understood it, Samba does not support DFS? Am i wrong? I have done some googling into this and cant find any results about it. Is this replicating DFS, or is this using a windows server as the DFS root, and then pooling them with samba as a dumb client? From what I've read it seems I'd need to host the DFS root on a highly-available server, and have links from there to my three single hosts (all with shared SAN access). Unfortunately, I only have these three servers to work with. Is there a way I can use DFS with just the three nodes to create a highly available DFS configuration? Sorry if my terminology is off a little, I'm pretty new to DFS. DFS is just a distributed filesystem. It can either replicate between X nodes to keep them in sync, or it can merge 3 shares into one über share. In your case you likely want the merged shares, and just all the three servers export the same allocation of SAN (since the files will all be consistent). If your servers were all on separate SAN allocations, you would want replication as well to keep these synchronised. _ William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMvi6UAAoJEHF16AnLoz6J+2UQAKcqRQ2kV1uG3TqLbaY70m+m 6IEpS8SeKW0xlSbzBz4D605mIv4NctWMV9r89pXSKpH1OL+22OOKv2iVlSdlbFM3 pn5lZCrMgG1il/5MYxTIjvfK+uHikU9aC0LcRxSnfM1BjYu+i287/NBFWLa3BBDK cbj0ukgYxHpmE7I/55rWPRlUVhioJjzt4IEu44Jsai1VKlUJQgWVKJDZiXhwCQUZ 414lrMhifflUvXelOwxgEnAPXwEK4VpNEJTyDvcYKbGv/Id409s7+edYyFyGjLIm UWNDoWM3HQF8kwyaRSAH/YS3UyGzReU2T8Ag1kqO1W8dxRi3ziHEgVraevChYEDD ClpL+MtOBmoxiejZOvie90GQBJnxOAuq/UkuKewO8RhkifdkPHLAUqJjPkv13qkH S7wbBS6iDDbLe9gXAJFO4O7ca2iaOhUtg6WY/EwUxohAK/9lgofOTChqSW+kqgNu yC2XZGcG0h+7RKvzZNgcQBJmxPxpNaIbIUXQnIuMTQAa5a8TkQkX2/deYP6DgwDf yFfXFejTdVi89MiPvXtBz4niSjn8eCD+KA0zkFR1DgCMmdQbWoT2yMr3jOPWWNWI mHzFgWoSk0XgvRbZioHghnGXinC4BrHupvt1E8xypDIfcLd/i9Y7yW6LTGY0kXKE 0doXs+15DhnPy+e8/cSh =NGpD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Highly-available file server question..
On Wed, Oct 20, 2010 at 10:19:36AM +1030, Indexer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/10/2010, at 4:31 AM, john_deli...@ceridian.ca wrote: I wasn't sure DFS was a good fit, my understanding of DFS is limited (reading up today..). As i understood it, Samba does not support DFS? Am i wrong? I have done some googling into this and cant find any results about it. Yes you are wrong. Samba supports DFS. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Highly-available file server question..
On Tue, 2010-10-19 at 16:52 -0700, Jeremy Allison wrote: On Wed, Oct 20, 2010 at 10:19:36AM +1030, Indexer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/10/2010, at 4:31 AM, john_deli...@ceridian.ca wrote: I wasn't sure DFS was a good fit, my understanding of DFS is limited (reading up today..). As i understood it, Samba does not support DFS? Am i wrong? I have done some googling into this and cant find any results about it. Yes you are wrong. Samba supports DFS. Samba supports the DFS mechanism but I think that some Windows Admins tend to also imply the related File Replication when they say DFS. We do not support the File Replication Protocol, yet. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restricting samba subfolder acl changes to admin users
On Tue, Oct 19, 2010 at 09:19:00AM -0400, suresh.kanduk...@emc.com wrote: Jeremy did you get a chance to look at this . can you please pass your comments on this.? Just wanted to let you know I haven't forgotten this, just haven't had time to get to it yet. Keep pinging me until I respond :-). Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba+ldap setup, users info in two OU
Dear friends My domain users in two diffrent OU, one OU is TEMP_USERS and other OU is PEOPLE. What i should mention in smb.conf ? If i mention ldap user suffix = ou=PEOPLE, then users of ou TEMP_USERS is not able to authenticate. Please guide me. Thanks -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldap user suffix
Dear friends My domain users in two diffrent OU, one OU is TEMP_USERS and other OU is PEOPLE. What i should mention in smb.conf ? If i mention ldap user suffix = ou=PEOPLE, then users of ou TEMP_USERS is not able to authenticate. Please guide me. Thanks -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Tue Oct 19 06:00:01 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-10-18 00:00:03.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-10-19 00:00:03.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Mon Oct 18 06:00:01 2010 +Build status as of Tue Oct 19 06:00:01 2010 Build counts: Tree Total Broken Panic @@ -15,8 +15,8 @@ samba-web0 0 0 samba_3_current 32 32 5 samba_3_master 32 24 0 -samba_3_next 32 31 0 -samba_4_0_test 36 31 0 +samba_3_next 32 29 0 +samba_4_0_test 36 33 1 talloc 32 8 0 tdb 30 11 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 73d6bb7 s4-gensec Don't give more to sasl_encode() than it will
permit
via 15a3077 s4-gensec Don't upgrade all DIGEST-MD5 connections to seal
via f9c7365 s4-provisionbackend Allow a fixed URI to be specified for
LDAP backend
via 4d9b12a s4-provision Remove serverdn parameter from Schema()
from 640fbf8 s4-dsdb: register the DCPROMO_OID control with the rootdse
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 73d6bb74476561ef0140d21810541825c44b44a4
Author: Andrew Bartlett abart...@samba.org
Date: Tue Oct 19 17:12:35 2010 +1100
s4-gensec Don't give more to sasl_encode() than it will permit
We need to ask the library how much data to pass in at any time.
Andrew Bartlett
Autobuild-User: Andrew Bartlett abart...@samba.org
Autobuild-Date: Tue Oct 19 08:37:45 UTC 2010 on sn-devel-104
commit 15a3077885227cc5e81e331979713c27192a01ef
Author: Andrew Bartlett abart...@samba.org
Date: Tue Oct 19 15:12:20 2010 +1100
s4-gensec Don't upgrade all DIGEST-MD5 connections to seal
The issue here is that when props.max_ssf = UINT_MAX was always set,
as was the maxbufsize, and the connection would always be upgraded,
regardless of the callers wishes.
Andrew Bartlett
commit f9c7365e535727b1d6d6ef55ed8c196368c625b9
Author: Andrew Bartlett abart...@samba.org
Date: Tue Oct 19 10:38:10 2010 +1100
s4-provisionbackend Allow a fixed URI to be specified for LDAP backend
This is added to make the 'existing' LDAP backend class more useful,
and to allow debuging of our OpenLDAP backend class with wireshark, by
forcing the traffic over loopback TCP, which is much easier to sniff.
Andrew Bartlett
commit 4d9b12ae8f9fc7c097b94e6c02df3cb1c38a52ce
Author: Andrew Bartlett abart...@samba.org
Date: Tue Oct 19 09:12:57 2010 +1100
s4-provision Remove serverdn parameter from Schema()
We don't need to know the server DN here any more, and it
makes no sense for many callers.
Andrew Bartlett
---
Summary of changes:
source4/auth/gensec/cyrus_sasl.c | 46
source4/scripting/bin/upgradeprovision |3 +-
source4/scripting/python/samba/provision.py| 81 ++--
source4/scripting/python/samba/provisionbackend.py | 41 +-
source4/scripting/python/samba/schema.py | 10 +--
source4/setup/provision| 12 +++
6 files changed, 110 insertions(+), 83 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c
index c4f9544..e05a3b8 100644
--- a/source4/auth/gensec/cyrus_sasl.c
+++ b/source4/auth/gensec/cyrus_sasl.c
@@ -29,6 +29,7 @@
struct gensec_sasl_state {
sasl_conn_t *conn;
int step;
+ bool wrap;
};
static NTSTATUS sasl_nt_status(int sasl_ret)
@@ -125,7 +126,7 @@ static NTSTATUS gensec_sasl_client_start(struct
gensec_security *gensec_security
sasl_callback_t *callbacks;
- gensec_sasl_state = talloc(gensec_security, struct gensec_sasl_state);
+ gensec_sasl_state = talloc_zero(gensec_security, struct
gensec_sasl_state);
if (!gensec_sasl_state) {
return NT_STATUS_NO_MEMORY;
}
@@ -173,26 +174,27 @@ static NTSTATUS gensec_sasl_client_start(struct
gensec_security *gensec_security
local_addr, remote_addr, callbacks, 0,
gensec_sasl_state-conn);
- if (sasl_ret == SASL_OK || sasl_ret == SASL_CONTINUE) {
+ if (sasl_ret == SASL_OK) {
sasl_security_properties_t props;
talloc_set_destructor(gensec_sasl_state, gensec_sasl_dispose);
-
+
ZERO_STRUCT(props);
if (gensec_security-want_features GENSEC_FEATURE_SIGN) {
props.min_ssf = 1;
+ props.max_ssf = 1;
+ props.maxbufsize = 65536;
+ gensec_sasl_state-wrap = true;
}
if (gensec_security-want_features GENSEC_FEATURE_SEAL) {
props.min_ssf = 40;
- }
-
- props.max_ssf = UINT_MAX;
- props.maxbufsize = 65536;
- sasl_ret = sasl_setprop(gensec_sasl_state-conn,
SASL_SEC_PROPS, props);
- if (sasl_ret != SASL_OK) {
- return sasl_nt_status(sasl_ret);
+ props.max_ssf = UINT_MAX;
+ props.maxbufsize = 65536;
+ gensec_sasl_state-wrap = true;
}
- } else {
+ sasl_ret =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via a9b58f6 s4:samdb.py - remove a pointless comment
via 8c4f6bc s4:samdb.py - use a more standard way to get to the domain
realm/dns name
via 87fd2fd Addition of userPrincipalName attribute when new account is
created
from 73d6bb7 s4-gensec Don't give more to sasl_encode() than it will
permit
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit a9b58f6246f9098ec42e0b162e5fb97e50dbd32a
Author: Matthias Dieter Wallnöfer m...@samba.org
Date: Tue Oct 19 10:57:12 2010 +0200
s4:samdb.py - remove a pointless comment
We are only looking for the default DN - but the method name already tells
us this.
Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org
Autobuild-Date: Tue Oct 19 10:03:12 UTC 2010 on sn-devel-104
commit 8c4f6bcd672d7c4e85f28865ee7602554a187baf
Author: Matthias Dieter Wallnöfer m...@samba.org
Date: Tue Oct 19 10:56:07 2010 +0200
s4:samdb.py - use a more standard way to get to the domain realm/dns name
We do always use the canonical name as a base if we don't have it around
yet.
commit 87fd2fd1574d4cb52aef216e632e9899a01b2940
Author: Lukasz Zalewski lu...@eecs.qmul.ac.uk
Date: Sat Oct 16 19:51:09 2010 +0100
Addition of userPrincipalName attribute when new account is created
---
Summary of changes:
source4/scripting/python/samba/samdb.py |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/python/samba/samdb.py
b/source4/scripting/python/samba/samdb.py
index a40d10d..c435b7a 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -68,7 +68,6 @@ class SamDB(samba.Ldb):
return dsdb._am_rodc(self)
def domain_dn(self):
-# find the DNs for the domain
res = self.search(base=,
scope=ldb.SCOPE_BASE,
expression=(defaultNamingContext=*),
@@ -274,10 +273,13 @@ member: %s
user_dn = CN=%s,%s,%s % (cn, (userou or CN=Users),
self.domain_dn())
+dnsdomain = ldb.Dn(self,
self.domain_dn()).canonical_str().replace(/, )
+user_principal_name = %...@%s % (username, dnsdomain)
# The new user record. Note the reliance on the SAMLDB module which
# fills in the default informations
ldbmessage = {dn: user_dn,
sAMAccountName: username,
+ userPrincipalName: user_principal_name,
objectClass: user}
if surname is not None:
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via d652803 ldb:ldb_schema_attribute_by_name_internal - support the
whole unsigned int range
via a6d70dd s4:dsdb/schema/schema_init.c - remove a duplicated
talloc_free
from a9b58f6 s4:samdb.py - remove a pointless comment
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d652803c12b79315fe6a1d0410b82492908950e4
Author: Matthias Dieter Wallnöfer m...@samba.org
Date: Tue Oct 19 11:30:24 2010 +0200
ldb:ldb_schema_attribute_by_name_internal - support the whole unsigned
int range
Commit 8556602b048e825b35df314d6865f997823ec2bb wasn't quite right - it only
restored the functionality on the positive integer range.
This one however should now really support the whole unsigned range.
Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org
Autobuild-Date: Tue Oct 19 10:52:08 UTC 2010 on sn-devel-104
commit a6d70ddf86842db6fbd76da857cb0c70fb48aacf
Author: Matthias Dieter Wallnöfer m...@samba.org
Date: Tue Oct 19 11:46:34 2010 +0200
s4:dsdb/schema/schema_init.c - remove a duplicated talloc_free
---
Summary of changes:
source4/dsdb/schema/schema_init.c |1 -
source4/lib/ldb/common/ldb_attributes.c | 12 +---
2 files changed, 5 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/schema/schema_init.c
b/source4/dsdb/schema/schema_init.c
index 54fc6b8..6dbf9ba 100644
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -80,7 +80,6 @@ static WERROR _dsdb_prefixmap_from_ldb_val(const struct
ldb_val *pfm_ldb_val,
(ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
- talloc_free(temp_ctx);
DEBUG(0,(_dsdb_prefixmap_from_ldb_val: Failed to parse
prefixmap of length %u: %s\n,
(unsigned int)pfm_ldb_val-length,
ndr_map_error2string(ndr_err)));
talloc_free(temp_ctx);
diff --git a/source4/lib/ldb/common/ldb_attributes.c
b/source4/lib/ldb/common/ldb_attributes.c
index ea6fafd..21a3e6e 100644
--- a/source4/lib/ldb/common/ldb_attributes.c
+++ b/source4/lib/ldb/common/ldb_attributes.c
@@ -123,8 +123,8 @@ static const struct ldb_schema_attribute
*ldb_schema_attribute_by_name_internal(
const char *name)
{
/* for binary search we need signed variables */
- int r, i, e, b = 0;
- unsigned int u_i;
+ unsigned int i, e, b = 0;
+ int r;
const struct ldb_schema_attribute *def = ldb_attribute_default;
/* as handlers are sorted, '*' must be the first if present */
@@ -136,20 +136,18 @@ static const struct ldb_schema_attribute
*ldb_schema_attribute_by_name_internal(
/* do a binary search on the array */
e = ldb-schema.num_attributes - 1;
- while (b = e) {
+ while ((b = e) (e != (unsigned int) -1)) {
i = (b + e) / 2;
- u_i = (unsigned int) i;
- r = ldb_attr_cmp(name, ldb-schema.attributes[u_i].name);
+ r = ldb_attr_cmp(name, ldb-schema.attributes[i].name);
if (r == 0) {
- return ldb-schema.attributes[u_i];
+ return ldb-schema.attributes[i];
}
if (r 0) {
e = i - 1;
} else {
b = i + 1;
}
-
}
return def;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4b4dcaf s4-dsdb Reset the error string after 'expected' errors.
via 439a1fe s4-dsdb Add module to send only 'simple' DNs to OpenLDAP
backends
via 5650e85 s4-dsdb Allow LDB_ERR_INVALID_DN_SYNTAX in
dsdb_load_partition_usn
via 8975834 s4-auth Add DEBUG() for invalid DNs and errors expanding
user groups.
from d652803 ldb:ldb_schema_attribute_by_name_internal - support the
whole unsigned int range
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4b4dcaf4b300c3d66833e9b0eff91c8365275d9d
Author: Andrew Bartlett abart...@samba.org
Date: Tue Oct 19 22:30:26 2010 +1100
s4-dsdb Reset the error string after 'expected' errors.
This helps ensure that we don't get confusing error strings in the
logs on other error cases.
Andrew Bartlett
Autobuild-User: Andrew Bartlett abart...@samba.org
Autobuild-Date: Tue Oct 19 12:16:07 UTC 2010 on sn-devel-104
commit 439a1fe2d0db8a784431a4dbc070faef6e4f788e
Author: Andrew Bartlett abart...@samba.org
Date: Tue Oct 19 22:29:04 2010 +1100
s4-dsdb Add module to send only 'simple' DNs to OpenLDAP backends
If we send the full extended DN, then we risk standards-complient LDAP
servers rejecting it as invalid. Only the DN portion is needed to
resolve the record in any case, and any SID or GUID componenets have
already been evaluated into the DN.
Andrew Bartlett
commit 5650e8558eb703a5660cb3cef79bec89dc6ac5fc
Author: Andrew Bartlett abart...@samba.org
Date: Tue Oct 19 22:27:54 2010 +1100
s4-dsdb Allow LDB_ERR_INVALID_DN_SYNTAX in dsdb_load_partition_usn
This will happen on an OpenLDAP backend, because @ records are invalid in
LDAP.
We don't have these sequence numbers in this case.
Andrew Bartlett
commit 897583476c49d4c037c1d8579fd6841728b871ba
Author: Andrew Bartlett abart...@samba.org
Date: Tue Oct 19 20:20:43 2010 +1100
s4-auth Add DEBUG() for invalid DNs and errors expanding user groups.
Against the OpenLDAP backend, I currently get failures. This makes it
possible to debug those failures.
Andrew Bartlett
---
Summary of changes:
source4/auth/sam.c |5 ++
source4/dsdb/common/util.c |2 +-
source4/dsdb/samdb/ldb_modules/samba_dsdb.c |4 +-
source4/dsdb/samdb/ldb_modules/simple_dn.c | 73 ++
source4/dsdb/samdb/ldb_modules/util.c|1 +
source4/dsdb/samdb/ldb_modules/wscript_build |8 +++
6 files changed, 90 insertions(+), 3 deletions(-)
create mode 100644 source4/dsdb/samdb/ldb_modules/simple_dn.c
Changeset truncated at 500 lines:
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index c83a7d4..b98830a 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -319,6 +319,8 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context
*sam_ctx,
dn = ldb_dn_from_ldb_val(tmp_ctx, sam_ctx, dn_val);
if (dn == NULL) {
talloc_free(tmp_ctx);
+ DEBUG(0, (__location__ : we failed parsing DN %*.*s, so we
cannot calculate the group token\n,
+ (int)dn_val-length, (int)dn_val-length,
dn_val-data));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -359,6 +361,9 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context
*sam_ctx,
}
if (ret != LDB_SUCCESS) {
+ DEBUG(1, (__location__ : dsdb_search for %s failed: %s\n,
+ ldb_dn_get_extended_linearized(tmp_ctx, dn, 1),
+ ldb_errstring(sam_ctx)));
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 9e6ccbc..f56cd07 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2828,7 +2828,7 @@ int dsdb_load_partition_usn(struct ldb_context *ldb,
struct ldb_dn *dn,
ret = ldb_wait(req-handle, LDB_WAIT_ALL);
}
- if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ if (ret == LDB_ERR_NO_SUCH_OBJECT || ret == LDB_ERR_INVALID_DN_SYNTAX) {
/* it hasn't been created yet, which means
an implicit value of zero */
*uSN = 0;
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index 4d0f946..9536981 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -209,9 +209,9 @@ static int samba_dsdb_init(struct ldb_module *module)
const char **backend_modules;
static const char *fedora_ds_backend_modules[] = {
- nsuniqueid, paged_searches, NULL };
+
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 38438c3 s4:nbt_server - fix a LDB counter type from 4b4dcaf s4-dsdb Reset the error string after 'expected' errors. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 38438c30618ab440bf3b5e45941f14a295ad1c3f Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Oct 19 15:05:01 2010 +0200 s4:nbt_server - fix a LDB counter type Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org Autobuild-Date: Tue Oct 19 14:05:13 UTC 2010 on sn-devel-104 --- Summary of changes: source4/nbt_server/wins/winsdb.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/nbt_server/wins/winsdb.c b/source4/nbt_server/wins/winsdb.c index f62cce9..9ed4d0a 100644 --- a/source4/nbt_server/wins/winsdb.c +++ b/source4/nbt_server/wins/winsdb.c @@ -855,7 +855,7 @@ uint8_t winsdb_modify(struct winsdb_handle *h, struct winsdb_record *rec, uint32 TALLOC_CTX *tmp_ctx = talloc_new(wins_db); int trans; int ret; - int i; + unsigned int i; trans = ldb_transaction_start(wins_db); if (trans != LDB_SUCCESS) goto failed; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7db20c3 s3-waf: all subsystems complete now, no need for this loop
anymore.
via fa2a2d5 s3-waf: convert rpc into a subsystem.
from 38438c3 s4:nbt_server - fix a LDB counter type
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7db20c3128361abe3facbcbd9714b1e44f1333d2
Author: Günther Deschner g...@samba.org
Date: Tue Oct 19 16:07:45 2010 +0200
s3-waf: all subsystems complete now, no need for this loop anymore.
Kai, please check.
Guenther
Autobuild-User: Günther Deschner g...@samba.org
Autobuild-Date: Tue Oct 19 17:10:24 UTC 2010 on sn-devel-104
commit fa2a2d562f9fff0ca0de4e17ef49f318d2b481b9
Author: Günther Deschner g...@samba.org
Date: Tue Sep 28 18:55:55 2010 +0200
s3-waf: convert rpc into a subsystem.
Guenther
---
Summary of changes:
source3/rpc_server/wscript_build | 126 ++
source3/wscript_build| 101 --
2 files changed, 139 insertions(+), 88 deletions(-)
create mode 100644 source3/rpc_server/wscript_build
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/wscript_build b/source3/rpc_server/wscript_build
new file mode 100644
index 000..7ad35cc
--- /dev/null
+++ b/source3/rpc_server/wscript_build
@@ -0,0 +1,126 @@
+#!/usr/bin/env python
+
+RPC_LSARPC_SRC = '''srv_lsa_nt.c ../librpc/gen_ndr/srv_lsa.c'''
+RPC_NETLOGON_SRC = '''srv_netlog_nt.c ../librpc/gen_ndr/srv_netlogon.c'''
+RPC_SAMR_SRC = '''srv_samr_nt.c ../librpc/gen_ndr/srv_samr.c
+ srv_samr_util.c
+ srv_samr_chgpasswd.c'''
+RPC_INITSHUTDOWN_SRC = '''srv_initshutdown_nt.c
../librpc/gen_ndr/srv_initshutdown.c'''
+RPC_WINREG_SRC = '''srv_winreg_nt.c ../librpc/gen_ndr/srv_winreg.c'''
+RPC_DSSETUP_SRC = '''srv_dssetup_nt.c ../librpc/gen_ndr/srv_dssetup.c'''
+RPC_SRVSVC_SRC = '''srv_srvsvc_nt.c ../librpc/gen_ndr/srv_srvsvc.c'''
+RPC_WKSSVC_SRC = '''srv_wkssvc_nt.c ../librpc/gen_ndr/srv_wkssvc.c'''
+RPC_SVCCTL_SRC = '''srv_svcctl_nt.c ../librpc/gen_ndr/srv_svcctl.c'''
+RPC_NTSVCS_SRC = '''srv_ntsvcs_nt.c ../librpc/gen_ndr/srv_ntsvcs.c'''
+RPC_NETDFS_SRC = '''srv_dfs_nt.c ../librpc/gen_ndr/srv_dfs.c'''
+RPC_SPOOLSS_SRC = '''srv_spoolss_nt.c ../librpc/gen_ndr/srv_spoolss.c
+ srv_spoolss_util.c'''
+RPC_EVENTLOG_SRC = '''srv_eventlog_nt.c ../librpc/gen_ndr/srv_eventlog.c'''
+RPC_RPCECHO_SRC = '''srv_echo_nt.c ../librpc/gen_ndr/srv_echo.c'''
+
+bld.SAMBA_SUBSYSTEM('rpc',
+source='srv_pipe_register.c',
+vars=locals())
+
+bld.SAMBA_MODULE('rpc_lsarpc',
+ subsystem='rpc',
+ source=RPC_LSARPC_SRC,
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('RPC_LSARPC'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('RPC_LSARPC'))
+
+bld.SAMBA_MODULE('rpc_samr',
+ subsystem='rpc',
+ source=RPC_SAMR_SRC,
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('RPC_SAMR'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('RPC_SAMR'))
+
+bld.SAMBA_MODULE('rpc_winreg',
+ subsystem='rpc',
+ source=RPC_WINREG_SRC,
+ deps='REGFIO REG_API_REGF NDR_PERFCOUNT',
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('RPC_WINREG'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('RPC_WINREG'))
+
+bld.SAMBA_MODULE('rpc_initshutdown',
+ subsystem='rpc',
+ source=RPC_INITSHUTDOWN_SRC,
+ init_function='',
+
internal_module=bld.SAMBA3_IS_STATIC_MODULE('RPC_INITSHUTDOWN'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('RPC_INITSHUTDOWN'))
+
+bld.SAMBA_MODULE('rpc_dssetup',
+ subsystem='rpc',
+ source=RPC_DSSETUP_SRC,
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('RPC_DSSETUP'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('RPC_DSSETUP'))
+
+bld.SAMBA_MODULE('rpc_wkssvc',
+ subsystem='rpc',
+ source=RPC_WKSSVC_SRC,
+ deps='LIBNET',
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('RPC_WKSSVC'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('RPC_WKSSVC'))
+
+bld.SAMBA_MODULE('rpc_svcctl',
+ subsystem='rpc',
+ source=RPC_SVCCTL_SRC,
+ deps='SERVICES',
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('RPC_SVCCTL'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('RPC_SVCCTL'))
+
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via f91c4b0 Add deadtime detection for SMB2. Correctly update lastused
timestamp across all active tcons. Should fix dfree cache not updating bug.
via bdd78af Add SMB2 paths to smbd/conn.c. Except for conn_idle_all(),
to be cleaned up next. (cherry picked from commit
dd9317d8790bc7f32a4af1014c70ca55779933aa)
via a786890 Copyright/whitespace/comment cleanup in preparation for
adding SMB2 paths. (cherry picked from commit
437f9436d51314e2bf55708d4f964189c493779a)
via 3856dfc Move tcons.num_open from smb1 to sconn-num_tcons_open as
this is needed for SMB2 also.
from 1fec543 This is typo fix patch for smbcacls.1.xml .
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit f91c4b00dc7f139af6cedc6eae0738d29b28fe23
Author: Jeremy Allison j...@samba.org
Date: Tue Oct 19 11:11:56 2010 -0700
Add deadtime detection for SMB2. Correctly update lastused timestamp across
all active tcons. Should fix dfree cache not updating bug.
commit bdd78af6c5fce2cbec880dc391df9274ae8707ba
Author: Jeremy Allison j...@samba.org
Date: Tue Oct 19 10:12:42 2010 -0700
Add SMB2 paths to smbd/conn.c. Except for conn_idle_all(), to be cleaned up
next.
(cherry picked from commit dd9317d8790bc7f32a4af1014c70ca55779933aa)
commit a78689056569e4f4b3c6b49527995a8961ee7c2e
Author: Jeremy Allison j...@samba.org
Date: Tue Oct 19 10:04:27 2010 -0700
Copyright/whitespace/comment cleanup in preparation for adding SMB2 paths.
(cherry picked from commit 437f9436d51314e2bf55708d4f964189c493779a)
commit 3856dfccce4241b8872bb6092b6edfc7a5f26f31
Author: Jeremy Allison j...@samba.org
Date: Tue Oct 19 13:25:51 2010 -0700
Move tcons.num_open from smb1 to sconn-num_tcons_open as this is needed
for SMB2 also.
---
Summary of changes:
source3/smbd/conn.c | 289 ++
source3/smbd/globals.h | 14 ++-
source3/smbd/msdfs.c |2 +-
source3/smbd/process.c | 13 +--
source3/smbd/smb2_tcon.c |3 +
5 files changed, 231 insertions(+), 90 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index fffb5bf..710c182 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -1,19 +1,20 @@
-/*
+/*
Unix SMB/CIFS implementation.
Manage connections_struct structures
Copyright (C) Andrew Tridgell 1998
Copyright (C) Alexander Bokovoy 2002
-
+ Copyright (C) Jeremy Allison 2010
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see http://www.gnu.org/licenses/.
*/
@@ -25,40 +26,60 @@
* maximum size of the bitmap is the largest positive integer, but you will hit
* the max connections limit, looong before that.
*/
+
#define BITMAP_BLOCK_SZ 128
/
-init the conn structures
+ Init the conn structures.
/
+
void conn_init(struct smbd_server_connection *sconn)
{
sconn-smb1.tcons.Connections = NULL;
- sconn-smb1.tcons.num_open = 0;
sconn-smb1.tcons.bmap = bitmap_talloc(sconn, BITMAP_BLOCK_SZ);
}
/
-return the number of open connections
+ Return the number of open connections.
/
+
int conn_num_open(struct smbd_server_connection *sconn)
{
- return sconn-smb1.tcons.num_open;
+ return sconn-num_tcons_open;
}
-
/
-check if a snum is in use
+ Check if a snum is in use.
/
+
bool conn_snum_used(int snum)
{
struct smbd_server_connection *sconn = smbd_server_conn;
- connection_struct *conn;
- for (conn=sconn-smb1.tcons.Connections;conn;conn=conn-next) {
- if (conn-params-service == snum) {
- return(True);
+
+ if (sconn-using_smb2) {
+ /* SMB2 */
+ struct smbd_smb2_session *sess;
+ for (sess =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 492ab4d s3-waf Use LIBSECRUITY subsystem from the common
wscript_build
from 7db20c3 s3-waf: all subsystems complete now, no need for this loop
anymore.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 492ab4d60fac5551b8c9b40d18871e677cd4187c
Author: Andrew Bartlett abart...@samba.org
Date: Wed Oct 20 07:52:14 2010 +1100
s3-waf Use LIBSECRUITY subsystem from the common wscript_build
Andrew Bartlett
Autobuild-User: Andrew Bartlett abart...@samba.org
Autobuild-Date: Tue Oct 19 22:06:51 UTC 2010 on sn-devel-104
---
Summary of changes:
source3/wscript_build | 33 +
1 files changed, 9 insertions(+), 24 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/wscript_build b/source3/wscript_build
index 40c648c..695a187 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -195,16 +195,10 @@ LIB_SRC = '''${LIBSAMBAUTIL_SRC} ${UTIL_SRC}
lib/module.c lib/events.c ${LIBTEVENT_SRC0}
lib/server_contexts.c
lib/ldap_escape.c
- lib/secdesc.c ../libcli/security/access_check.c
- ../libcli/security/secace.c
- ../libcli/security/object_tree.c
- ../libcli/security/sddl.c
- ../libcli/security/secacl.c ${PTHREADPOOL_SRC}
+ lib/secdesc.c ${PTHREADPOOL_SRC}
lib/fncall.c
libads/krb5_errs.c lib/system_smbd.c lib/audit.c
- lib/file_id.c lib/idmap_cache.c
- ../libcli/security/dom_sid.c ../libcli/security/security_descriptor.c
- ../libcli/security/security_token.c ../libcli/security/util_sid.c'''
+ lib/file_id.c lib/idmap_cache.c'''
LIB_DUMMY_SRC = '''lib/dummysmbd.c lib/dummyroot.c'''
LIB_NONSMBD_SRC = '''${LIB_DUMMY_SRC}'''
@@ -213,7 +207,7 @@ POPT_LIB_SRC = '''lib/popt_common.c'''
PARAM_WITHOUT_REG_SRC = '''param/loadparm.c param/util.c
param/loadparm_server_role.c
lib/sharesec.c lib/ldap_debug_handler.c'''
-PARAM_REG_ADD_SRC = '''${REG_SMBCONF_SRC} ${LIBSMBCONF_SRC}
${PRIVILEGES_BASIC_SRC}'''
+PARAM_REG_ADD_SRC = '''${REG_SMBCONF_SRC} ${LIBSMBCONF_SRC}'''
PARAM_SRC = '''${PARAM_REG_ADD_SRC}'''
KRBCLIENT_SRC = '''libads/kerberos.c libads/ads_status.c'''
@@ -399,8 +393,6 @@ RPC_CLIENT_SCHANNEL_SRC =
'''rpc_client/cli_pipe_schannel.c'''
LOCKING_SRC = '''locking/locking.c locking/brlock.c locking/posix.c'''
-PRIVILEGES_BASIC_SRC = '''../libcli/security/privileges.c'''
-
PRIVILEGES_SRC = '''lib/privileges.c'''
PASSDB_GET_SET_SRC = '''passdb/pdb_get_set.c'''
@@ -602,8 +594,7 @@ SMBD_SRC_BASE = '''${SMBD_SRC_SRV}
${LIBCLI_NETLOGON_SRC}
${RPC_CLIENT_SCHANNEL_SRC}
rpc_client/init_netlogon.c
-rpc_client/init_samr.c
-${PRIVILEGES_BASIC_SRC}'''
+rpc_client/init_samr.c'''
PRINTING_SRC = '''printing/pcap.c printing/print_svid.c printing/print_aix.c
printing/print_cups.c printing/print_generic.c
@@ -666,8 +657,6 @@ PDBEDIT_SRC = '''utils/pdbedit.c'''
SMBGET_SRC = '''utils/smbget.c'''
-DISPLAY_SEC_SRC= '../libcli/security/display_sec.c'
-
RPCCLIENT_SRC1 = '''rpcclient/rpcclient.c rpcclient/cmd_lsarpc.c
rpcclient/cmd_samr.c rpcclient/cmd_spoolss.c
rpcclient/cmd_netlogon.c rpcclient/cmd_srvsvc.c
@@ -741,7 +730,6 @@ LIBNETAPI_SRC0 = '''lib/netapi/netapi.c
LIBNETAPI_SRC = '''${LIBNETAPI_SRC0}
${LIBSMBCONF_SRC}
${REG_SMBCONF_SRC}
- ${PRIVILEGES_BASIC_SRC}
auth/token_util.c
${LIBCLI_INITSHUTDOWN_SRC}
${LIBCLI_WKSSVC_SRC}
@@ -933,6 +921,7 @@ bld.RECURSE('build')
bld.RECURSE('../librpc')
bld.RECURSE('librpc/idl')
bld.RECURSE('librpc')
+bld.RECURSE('../libcli/security')
bld.SAMBA_MKVERSION('include/version.h')
@@ -1050,7 +1039,7 @@ bld.SAMBA_SUBSYSTEM('KRBCLIENT',
bld.SAMBA_SUBSYSTEM('LIBS',
source=LIB_SRC,
-deps='NSS_WRAPPER iconv LIBCRYPTO LIBNDR NDR_SECURITY
charset NDR_MESSAGING',
+deps='NSS_WRAPPER iconv LIBCRYPTO LIBNDR LIBSECURITY
NDR_SECURITY charset NDR_MESSAGING',
vars=locals())
bld.SAMBA_SUBSYSTEM('LIB_NONSMBD',
@@ -1147,10 +1136,6 @@ bld.SAMBA_SUBSYSTEM('PASSWD_UTIL',
source=PASSWD_UTIL_SRC,
vars=locals())
-bld.SAMBA_SUBSYSTEM('DISPLAY_SEC',
-source=DISPLAY_SEC_SRC,
-vars=locals())
-
bld.SAMBA_SUBSYSTEM('LIBNET',
source=LIBNET_SRC,
deps='NDR_LIBNET_JOIN',
@@ -1273,14 +1258,14 @@ bld.SAMBA_BINARY('rpcclient/rpcclient',
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 45794dd Fix shadow warning for access variable.
via e7d0f47 Add deadtime detection for SMB2. Correctly update lastused
timestamp across all active tcons. Should fix dfree cache not updating bug.
via d7f4bea Add SMB2 paths to smbd/conn.c. Except for conn_idle_all(),
to be cleaned up next.
via 1bd6faa Copyright/whitespace/comment cleanup in preparation for
adding SMB2 paths.
via edefaf5 Move tcons.num_open from smb1 to sconn-num_tcons_open as
this is needed for SMB2 also.
from 492ab4d s3-waf Use LIBSECRUITY subsystem from the common
wscript_build
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 45794dd30a7717aafba40864c1843e47098a4502
Author: Jeremy Allison j...@samba.org
Date: Tue Oct 19 13:32:53 2010 -0700
Fix shadow warning for access variable.
Autobuild-User: Jeremy Allison j...@samba.org
Autobuild-Date: Tue Oct 19 22:53:38 UTC 2010 on sn-devel-104
commit e7d0f478ee529500461f80f2fd51987c9255d345
Author: Jeremy Allison j...@samba.org
Date: Tue Oct 19 11:11:56 2010 -0700
Add deadtime detection for SMB2. Correctly update lastused timestamp across
all active tcons. Should fix dfree cache not updating bug.
commit d7f4bea39455c5d0a9b36cfa731d10c96a1c1405
Author: Jeremy Allison j...@samba.org
Date: Tue Oct 19 10:12:42 2010 -0700
Add SMB2 paths to smbd/conn.c. Except for conn_idle_all(), to be cleaned up
next.
commit 1bd6faa8fa9143f526f9438c6b126b68820d29f8
Author: Jeremy Allison j...@samba.org
Date: Tue Oct 19 10:04:27 2010 -0700
Copyright/whitespace/comment cleanup in preparation for adding SMB2 paths.
commit edefaf5bed75fd315b1ca9a3da096419a7a6cec3
Author: Jeremy Allison j...@samba.org
Date: Tue Oct 19 13:25:51 2010 -0700
Move tcons.num_open from smb1 to sconn-num_tcons_open as this is needed
for SMB2 also.
---
Summary of changes:
libcli/security/object_tree.c |6 +-
source3/smbd/conn.c | 289 ++---
source3/smbd/globals.h|4 +-
source3/smbd/msdfs.c |2 +-
source3/smbd/process.c| 14 +--
source3/smbd/smb2_tcon.c |3 +
6 files changed, 224 insertions(+), 94 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/object_tree.c b/libcli/security/object_tree.c
index 7c7d644..6fa9585 100644
--- a/libcli/security/object_tree.c
+++ b/libcli/security/object_tree.c
@@ -109,13 +109,13 @@ struct object_tree *get_object_tree_by_GUID(struct
object_tree *root,
/* Change the granted access per each ACE */
void object_tree_modify_access(struct object_tree *root,
- uint32_t access)
+ uint32_t access_mask)
{
- root-remaining_access = ~access;
+ root-remaining_access = ~access_mask;
if (root-num_of_children 0) {
int i;
for (i = 0; i root-num_of_children; i++) {
- object_tree_modify_access(root-children[i], access);
+ object_tree_modify_access(root-children[i],
access_mask);
}
}
}
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index d12495b..8de8ce2 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -1,19 +1,20 @@
-/*
+/*
Unix SMB/CIFS implementation.
Manage connections_struct structures
Copyright (C) Andrew Tridgell 1998
Copyright (C) Alexander Bokovoy 2002
-
+ Copyright (C) Jeremy Allison 2010
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see http://www.gnu.org/licenses/.
*/
@@ -25,40 +26,60 @@
* maximum size of the bitmap is the largest positive integer, but you will hit
* the max connections limit, looong before that.
*/
+
#define BITMAP_BLOCK_SZ 128
/
-init the conn structures
+ Init the conn structures.
/
+
void conn_init(struct smbd_server_connection *sconn)
{
sconn-smb1.tcons.Connections = NULL;
- sconn-smb1.tcons.num_open = 0;
sconn-smb1.tcons.bmap = bitmap_talloc(sconn, BITMAP_BLOCK_SZ);
}
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 39932f2 autobuild: create an autobuild.pid file
via 0a2e55b s4-mailslot: fixed handling of random collision in
temporary mailslot names
from 45794dd Fix shadow warning for access variable.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 39932f21dabbd96b6a1e7165d9289069cac87a3e
Author: Andrew Tridgell tri...@samba.org
Date: Wed Oct 20 09:44:03 2010 +1100
autobuild: create an autobuild.pid file
this will allow us to avoid an error email when you resubmit and there
is an existing autobuild.
Pair-Programmed-With: Andrew Bartlett abart...@samba.org
Autobuild-User: Andrew Tridgell tri...@samba.org
Autobuild-Date: Tue Oct 19 23:36:05 UTC 2010 on sn-devel-104
commit 0a2e55bb41c8ed32d4731c8b6456fc714a1149f4
Author: Andrew Tridgell tri...@samba.org
Date: Wed Oct 20 09:14:40 2010 +1100
s4-mailslot: fixed handling of random collision in temporary mailslot names
we could get occasional failures in the samba4.nbt.dgram test if we
happened to get a collision in the random mailslot names.
Thanks to Jeremy for spotting this! (his autobuild failed)
Pair-Programmed-With: Andrew Bartlett abart...@samba.org
---
Summary of changes:
script/autobuild.py |9 +
source4/libcli/dgram/mailslot.c |2 +-
2 files changed, 10 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/script/autobuild.py b/script/autobuild.py
index cb3e959..3fae59f 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -273,6 +273,13 @@ def daemonize(logfile):
os.dup2(0, 1)
os.dup2(0, 2)
+def write_pidfile(fname):
+'''write a pid file, cleanup on exit'''
+f = open(fname, mode='w')
+f.write(%u\n % os.getpid())
+f.close()
+cleanup_list.append(fname)
+
def rebase_tree(url):
print(Rebasing on %s % url)
@@ -435,6 +442,8 @@ if options.daemon:
print Forking into the background, writing progress to %s % logfile
daemonize(logfile)
+write_pidfile(gitroot + /autobuild.pid)
+
while True:
try:
run_cmd(rm -rf %s % test_master)
diff --git a/source4/libcli/dgram/mailslot.c b/source4/libcli/dgram/mailslot.c
index 261946e..38dd8fb 100644
--- a/source4/libcli/dgram/mailslot.c
+++ b/source4/libcli/dgram/mailslot.c
@@ -129,7 +129,7 @@ struct dgram_mailslot_handler *dgram_mailslot_temp(struct
nbt_dgram_socket *dgms
if (name == NULL) return NULL;
if (dgram_mailslot_find(dgmsock, name)) {
talloc_free(name);
- return NULL;
+ continue;
}
dgmslot = dgram_mailslot_listen(dgmsock, name, handler,
private_data);
talloc_free(name);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4a8c17a libcli/ldap Don't try and encode a control with a NULL OID
from 39932f2 autobuild: create an autobuild.pid file
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4a8c17a41cd8412247741afbcd8abad77b2a8113
Author: Andrew Bartlett abart...@samba.org
Date: Wed Oct 20 14:27:57 2010 +1100
libcli/ldap Don't try and encode a control with a NULL OID
ctrl-oid is set to NULL by the Samba4 rootDSE module when removing
controls that should not be exposed over LDAP (to avoid a realloc).
Andrew Bartlett
Autobuild-User: Andrew Bartlett abart...@samba.org
Autobuild-Date: Wed Oct 20 04:13:44 UTC 2010 on sn-devel-104
---
Summary of changes:
libcli/ldap/ldap_message.c |6 ++
1 files changed, 6 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/ldap/ldap_message.c b/libcli/ldap/ldap_message.c
index b9f9dff..7756e73 100644
--- a/libcli/ldap/ldap_message.c
+++ b/libcli/ldap/ldap_message.c
@@ -167,6 +167,12 @@ static bool ldap_encode_control(void *mem_ctx, struct
asn1_data *data,
}
for (i = 0; handlers[i].oid != NULL; i++) {
+ if (!ctrl-oid) {
+ /* not encoding this control, the OID has been
+* set to NULL indicating it isn't really
+* here */
+ return true;
+ }
if (strcmp(handlers[i].oid, ctrl-oid) == 0) {
if (!handlers[i].encode) {
if (ctrl-critical) {
--
Samba Shared Repository
