[Samba] Increasing max stat cache
Hi ..., We have a Lustre Storage with large directories. Many of these directories contain thousands of files and we have hundreds of such directories. Directory Listing on Lustre is very slow, due to the nature of most Parallel File Systems design. It takes around 4 Secs (during non-peak hours) to list a 2000 file directory. And during heavy load times, this goes upto 10-11 Secs. Since all the users access the storage through a Samba gateway, we were thinking whether Samba could help us solve this problem. Here are my queries - 1. What is the finite upper limit of 'max_stat_cache' value? Not the unlimited '0' option. 2. How much cache space does storing a typical stat consume? In other words I would like to know how much memory will we require to cache obscene amounts of Stat information? 3. Can we increase the max_stat_cache TTL? Since the files once created, never ever change, I would like to set this to a very High value. 4. Is there anything else that I should look for, on increasing the 'max_stat_cache' value? Regards, Indivar Nair -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 alpha17 GIT raise domain functional level
On 11/09/11 19:21, Matthias Dieter Wallnöfer wrote: Fix has been checked in, the parameters domain and forest have been renamed into domain-level and forest-level for further clarification. Matthias Matthias Dieter Wallnöfer wrote: There has been a porting error from the old to the new implementation of this samba-tool command. Since I am the original author of this code I will try to figure out how to re-add the domain option. Matthias Matthieu Patou wrote: On 06/09/2011 13:53, a.key wrote: Hi. We are using samba4 as our production AD for a while in a mixed (XP, win2k3, win7, win2k8) environment. This post: http://lists.samba.org/archive/samba-technical/2011-February/076525.html mentions that to raise the functional level one should use this command: samba-tool domainlevel raise --domain=2008 --forest=2008 but in our current git version this command doesn't work due to the fact that there is no --domain switch as shown below: # samba-tool domain level --help Usage: samba-tool domain level (show | raise options) Options: -h, --help show this help message and exit -H URL, --URL=URL LDB URL for database or target server --quiet Be quiet --forest=FOREST The forest function level (2003 | 2008 | 2008_R2) Samba Common Options: -s FILE, --configfile=FILE Configuration file -d DEBUGLEVEL, --debuglevel=DEBUGLEVEL debug level --option=OPTION set smb.conf option from command line --realm=REALM set the realm name Credentials Options: --simple-bind-dn=DN DN to use for a simple bind --password=PASSWORD Password -U USERNAME, --username=USERNAME Username -W WORKGROUP, --workgroup=WORKGROUP Workgroup -N, --no-pass Don't ask for a password -k KERBEROS, --kerberos=KERBEROS Use Kerberos --ipaddress=IPADDRESS IP address of server Version Options: --version Display version number and when I'm trying to raise the forest level the tools says that the domain functional level needs to be raised first. What's the proper way of raising the functional level in recent git is ? Looks like a regression, you should file a bug in https://bugzilla.samba.org. Matthieu. Thanks ! I'll update our git and will test later. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Increasing max stat cache
Okay... I read about 'stat cache size' on this page - http://www.samba.org/samba/docs/using_samba/ch11.html which says that it is the number of entries. But the man page ( http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html) states that 'max stat cache size' is the number specified into kilobytes of space provided for 'stat cache'. So now my question is, how many kilobytes would it take to say store something like 100,000 stat entries. And what is the default and maximum TTL for these entries? Regards, Indivar Nair On Mon, Sep 12, 2011 at 12:31 PM, Indivar Nair indivar.n...@techterra.inwrote: Hi ..., We have a Lustre Storage with large directories. Many of these directories contain thousands of files and we have hundreds of such directories. Directory Listing on Lustre is very slow, due to the nature of most Parallel File Systems design. It takes around 4 Secs (during non-peak hours) to list a 2000 file directory. And during heavy load times, this goes upto 10-11 Secs. Since all the users access the storage through a Samba gateway, we were thinking whether Samba could help us solve this problem. Here are my queries - 1. What is the finite upper limit of 'max_stat_cache' value? Not the unlimited '0' option. 2. How much cache space does storing a typical stat consume? In other words I would like to know how much memory will we require to cache obscene amounts of Stat information? 3. Can we increase the max_stat_cache TTL? Since the files once created, never ever change, I would like to set this to a very High value. 4. Is there anything else that I should look for, on increasing the 'max_stat_cache' value? Regards, Indivar Nair -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.6.0 compile error --enable-external-libtdb=yes (works for samba-3.5.11)
Hello I'm trying to compile samba-3.6.0 on a RHEL6 server (relevant options below): --with-libtalloc=no \ --enable-external-libtalloc=yes \ --with-libtdb=no --enable-external-libtdb=yes This does not work, I get an error Unable to find libtdb. However: libtdb-devel-1.2.1-3.el6.i686 libtdb-1.2.1-3.el6.i686 have been installed. This works fine when I try to build samba-3.5.11 on the same machine. What's has changed? I could find that in Fedora Rawhide they have disabled this option in the spec file but without specifying a reason: http://permalink.gmane.org/gmane.network.samba.internals/55452 Kind regards Werner -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: After a few time lost access to the Samba server (server samba - a member of the AD Win2k3)
Who would have thought The problem was the presence of CNAME-record for the current server in DNS. Sorry for my English ... Kramarenko A. Maksim mc@k-max.name писал(а) в своём письме Fri, 09 Sep 2011 22:49:25 +0400: A small addition: When lost access to the server by name - when accessing the server by IP address, for example, \\10.0.0.11\ - access is granted. Kramarenko A. Maksim mc@k-max.name писал(а) в своём письме Fri, 09 Sep 2011 15:51:21 +0400: Hello! For a long time struggling with the problem with SAMBA, is I would appreciate your help! Problem: After some time working with files on the file server unexpectedly lost access to that server. When you try to access the server using windows explorer - a window of login / password. When you enter a correct username / password - again the same window with the introduction of a login / password. This problem can occur in some domain users that work for specific computers. Other users - are working round the clock without fail. For example, one computer work 2nd shift users. At the same time a single user problem occurs, the second - no. Accordingly, the falling off network printing and file access. After rebooting, or just logout / login the user computer - access is restored. Configuration: Samba is authenticated in the domain via winbind. Clients - most of WinXP. Distributors and samba version: ===bash== files ~ # cat /etc/debian_version 6.0.2 files ~ # uname -a Linux files 2.6.32-5-686 #1 SMP Mon Jun 13 04:13:06 UTC 2011 i686 GNU/Linux files ~ # dpkg -l | grep samba ii samba 2:3.5.6~dfsg-3squeeze4 SMB/CIFS file, print, and login server for Unix ii samba-common 2:3.5.6~dfsg-3squeeze4 common files used by both the Samba server and client ii samba-common-bin 2:3.5.6~dfsg-3squeeze4 common files used by both the Samba server and client files ~ # dpkg -l | grep winbi ii libwbclient0 2:3.5.6~dfsg-3squeeze4 Samba winbind client library ii winbind2:3.5.6~dfsg-3squeeze4 Samba nameservice integration server ===bash== config samba and network: ===bash== files ~ # testparm -s Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [printers] Processing section [print$] Processing section [homes] Processing section [backup$] Processing section [install$] .. Loaded services file OK. WARNING: You have some share names that are longer than 12 characters. These may not be accessible to some older clients. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) Server role: ROLE_DOMAIN_MEMBER [global] workgroup = SAG realm = SAG.LOCAL server string = Файловый сервер security = ADS auth methods = winbind obey pam restrictions = Yes password server = dc.sag.local dc2.sag.local username map = /etc/samba/userssmb log file = /var/log/samba/log.%m smb ports = 139 lpq cache time = 5 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 usershare path = panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template homedir = /backup/SAG/%U winbind separator = ^ winbind cache time = 600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind offline logon = Yes cups options = raw veto files = /autorun.inf/AUTORUN.INF/.*/Thumbs.db/ hide files = /$RECYCLE.BIN/desktop.ini/lost+found/Thumbs.db/ [printers] comment = Очередь печати SMB path = /var/spool/samba printable = Yes browseable = No [print$] comment = Драйверы принтера path = /var/lib/samba/printers [homes] comment = Личная папка пользователя %U read only = No browseable = No [backup$] comment = Инсталяхи path = /shares/backup read only = No [install$] comment = Инсталяхи path = /shares/install read only = No veto files = files ~ # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat winbind hosts:
[Samba] can't turn on wide links in homedir
Hi, I discovered that it's not possible to run 'wide links' and 'unix entensions' at the same time - there are source-level blockers in place that will disable wide links and write a log entry. I traced this to https://bugzilla.samba.org/show_bug.cgi?id=7104 and http://www.samba.org/samba/news/symlink_attack.html ... However, I run a private home LAN server that already exposes / (root) as a share to all authenticated (and unauthenticated) clients. Therefore this issue is irrelevant to me. Furthermore, I want to organize some per-user directories (~/public_html for www, ~/storage for large files, and so on) in a separate location, and I can't do this without wide links. The restriction kills off my usage scenario. When the abovementioned 'security' fixes were done, why weren't the developers content with just changing the defaults, and maybe printing a warning on startup? Why did they add this restriction without a way to turn it off? Should I file a bugreport to have these blockers removed? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] UNIX group updates with Samba 3.0.28
Hi, I am using Samba on Nexenta 3.1.1 which is why the version is pretty old. I am seeing that Samba daemons do not see group membership changes until I do a samba restart or kill the PIDs specific for the shares I need updated. When I tried doing the same on an Ubuntu machine, I remember that Samba was able to see the changes as they happened (was using Samba 3.5+). I've read somewhere in an old forum post that Samba daemons refresh the contents of /etc/group on load. I'm guessing that might have been changed at some time. I couldn't find any configuration differences that might explain the different behavior. My question is whether there's anything I can do with the version I have (3.0.28) to get Samba to refresh /etc/group which does not involve killing processes and disrupting access. Using reload (SIGHUP) does not help. Thanks, Leeor. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Re: Can't add users to well known groups...
Forgot to CC the list. Original Message SUBJECT: Re: [Samba] Can't add users to well known groups... DATE: Mon, 12 Sep 2011 15:51:31 +0200 FROM: François Legal TO: Linda Walsh Not sure if this is relevant, but if (first case shown down here) Domain Admins is not so much a group but a map to unix group, I'm not surprised that you can't add users to this using sambe. I would rather use /etc/group or whatever to add users to the unix group mapped. François On Sat, 10 Sep 2011 12:08:32 -0700, Linda Walsh wrote: Harry Jede wrote: On 15:48:09 wrote Linda Walsh: I created the well known group Domain Admins pointing to a local group, but I am not able to add users to the group -- it claims I can only add users to local or global groups... But I only see local, domain ,well-known, builtin. There are no global groups unless one would include all groups that are not local (i.e. domain, well-known, and builtin) So why doesn't it want to let me add to my domain admins group when it is defined as a well known group (which it is, according to MS)... Nobody may be able to answer your questions, if you dont give us some background information! something like: which samba version which sam, ldapsam or tdbsam do you use winbind your global section of samba conf the commands you have used which well knwon groups you have cureently --- Sorry... running with latest 3.5.x: 3.5.11 as of this writing. Using Tdb winbind. Since I as having problems with Domain Admins, tried deleting it and recreating it as a domain group (so it doesn't show, below, as a 'well known group, but a domain group (even though it should be both)). -- sudo net -l groupmap list Domain Users SID : S-1-5-21-3-7-3-513 Unix gid : 513 Unix group: Domain Users Group type: Well-known Group Comment : Wellknown Unix group man SID : S-1-5-21-3-7-3-1028 Unix gid : 62 Unix group: man Group type: Domain Group Comment : Unix Group man Domain Controllers SID : S-1-5-21-3-7-3-516 Unix gid : 516 Unix group: Domain Controllers Group type: Well-known Group Comment : Wellknown Unix group Backup Operators SID : S-1-5-32-551 Unix gid : 551 Unix group: Backup Operators Group type: Well-known Group Comment : Wellknown Unix group Power Users SID : S-1-5-32-547 Unix gid : 547 Unix group: Power Users Group type: Well-known Group Comment : Wellknown Unix group Cert Publishers SID : S-1-5-21-3-7-3-517 Unix gid : 517 Unix group: Cert Publishers Group type: Well-known Group Comment : Wellknown Unix group Replicators SID : S-1-5-32-552 Unix gid : 552 Unix group: Replicators Group type: Well-known Group Comment : Wellknown Unix group Domain Admins SID : S-1-5-21-3-7-3-544 Unix gid : 512 Unix group: Domain Admins Group type: Domain Group Comment : Domain Unix group Juno SID : S-1-5-21-3-7-3-1005 Unix gid : 231 Unix group: Juno Group type: Domain Group Comment : Juno Printer Group media SID : S-1-5-21-3-7-3-1017 Unix gid : 20001 Unix group: media Group type: Domain Group Comment : Unix Group media Administrators SID : S-1-5-32-544 Unix gid : 544 Unix group: Administrators Group type: Well-known Group Comment : Wellknown Unix group Domain Guests SID : S-1-5-21-3-7-3-514 Unix gid : 514 Unix group: Domain Guests Group type: Well-known Group Comment : Wellknown Unix group Trusted Local Net Users SID : S-1-5-21-3-7-3-50002 Unix gid : 50002 Unix group: trusted_local_net_users Group type: Domain Group Comment : Trusted Local Net Users Account Operators SID : S-1-5-32-548 Unix gid : 548 Unix group: Account Operators Group type: Well-known Group Comment : Wellknown Unix group Schema Admins SID : S-1-5-21-3-7-3-518 Unix gid : 518 Unix group: Schema Admins Group type: Well-known Group Comment : Wellknown Unix group RAS Servers SID : S-1-5-32-553 Unix gid : 10123 Unix group: BUILTINras servers Group type: Local Group Comment : scan SID : S-1-5-21-3-7-3-1006 Unix gid : 232 Unix group: scan Group type: Local Group Comment : Local Unix group Users SID : S-1-5-32-545 Unix gid : 1 Unix group: BUILTINusers Group type: Local Group Comment : Domain Computers SID : S-1-5-21-3-7-3-515 Unix gid : 515 Unix group: Domain Computers Group type: Well-known Group Comment : Wellknown Unix group Domain Administrator SID : S-1-5-21-3-7-3-500 Unix gid : 500 Unix group: Domain Administrator Group type: Well-known Group Comment : Wellknown Unix group Print Operators SID : S-1-5-32-550 Unix gid : 550 Unix group: Print Operators Group type: Well-known Group Comment : Wellknown Unix group Guests SID : S-1-5-32-546 Unix gid : 546 Unix group:
[Samba] How to check the password complexity in samba
Hi all, can someone give a working example for checking the password complexity in samba? I have tried the next one 1. Download and extract samba-3.4.15.tar.zg. Go to samba-3.4.15/examples/auth/crackcheck and compile crackcheck 2. Copy crackcheck binary to the /usr/bin/ 3. Check that the program working correctly # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict 123 ERR - it is too short # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict AV7OaV2BRr Looks good. 4. Add the following line to the smb.conf and restart samba check password script = /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict But when I change user password from command line (smbldap-passwd) or via gui (srvtools), there is no warning. Even if I set 123 as password. Am I missing something? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to check the password complexity in samba
From: Alex Domoradov alex@gmail.com Date: Mon, 12 Sep 2011 17:09:29 +0300 Hi all, can someone give a working example for checking the password complexity in samba? (snip) 4. Add the following line to the smb.conf and restart samba check password script = /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict But when I change user password from command line (smbldap-passwd) or via gui (srvtools), there is no warning. Even if I set 123 as password. Am I missing something? Who changed users' password? check password script affects only for normal user. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba: Domain Skolelinux not available if IP beyond 10.0.2.239
Hi On 8 September 2011 15:10, RalfGesellensetter r...@gmx.de wrote: Dear list, our Debian Edu system used to be stable like a rock. After holidays, I encountered an issue as follows: The last 8 of 20 clients in our cabinet cannot log in to samba, their message is domain not available. I checked cables and switches - and IPs (from 2nd boot partition running Debian Edu without problem), nothing that differs from other machines. It stroke me that all clients concerned were in an IP range of 10.0.2.240 upwards (static190). Then, I changed dhcpd.conf, giving those clients lower IPs (there was a gap in static62..70). And, indeed: Now those clients were also able to login! All butt the last one (that got no free IP in dhcpd). There were no other changes AFAIK, can anybody explain this behaviour, i.e. rejection of clients with specific IPs? Thank you very much, I like to sort out the origin of this issue ASAP, because I need to report tickets to our support compony (without giving them the chance to blame Skolelinux) Bye Ralf P.S.: Maybe there is a connection to this changes: - I added a course of 85 students, now we got 1000 users) - I added a corresponding share - another share (restricted access) is not available anymore recently, while testparm reports no issues, and any other share is working. Check that the server can ping the clients and vice versa. Also check the netmask on the server and clients to make sure it is correct (probably 255.255.255.0). Have a look at the hosts allow/hosts deny parameters in smb.conf to make sure that they are not restricting access to some of the machines. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can't add users to well known groups...
François Legal wrote: Not sure if this is relevant, but if (first case shown down here) Domain Admins is not so much a group but a map to unix group, I'm not surprised that you can't add users to this using sambe. I would rather use /etc/group or whatever to add users to the unix group mapped Good point, 2 things: 1) My userid/login 'should' already be listed in the group, (as it IS in /etc/group), but wins doesn't return the members that SHOULD be listed in the group). 2) It is has scripts to modify users, groups and machines... (add delete), in a most primitive form, it could delete group/ re-add group w/new member list. --- It just occurred to me, that maybe it's confusing itself -- in that, currently, Samba mangles the casename of groups/users to lower case and hosts/domains to upper case. Current versions of windows don't do this -- they ignore but preserve case (unless there is some pre-existing copy of the name already in some other 'case', in which case it will convert your typed input into the 'pre-existing copy'. But unix/linux not only doesn't change case, it doesn't ignore them either, so if it took something like Domain Admins, and changed it to 'domain admins', it wouldn't match the group name when it tried to look it up. Nevertheless, the lookup problem, was definitely caused by code that in the patched files files that tells it not to deal with 'well known groups' -- regardless if they are mappings or not... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't turn on wide links in homedir
On Mon, Sep 12, 2011 at 02:21:12PM +0200, umage wrote: Hi, I discovered that it's not possible to run 'wide links' and 'unix entensions' at the same time - there are source-level blockers in place that will disable wide links and write a log entry. I traced this to https://bugzilla.samba.org/show_bug.cgi?id=7104 and http://www.samba.org/samba/news/symlink_attack.html ... However, I run a private home LAN server that already exposes / (root) as a share to all authenticated (and unauthenticated) clients. Therefore this issue is irrelevant to me. Furthermore, I want to organize some per-user directories (~/public_html for www, ~/storage for large files, and so on) in a separate location, and I can't do this without wide links. The restriction kills off my usage scenario. Sorry about that. When the abovementioned 'security' fixes were done, why weren't the developers content with just changing the defaults, and maybe printing a warning on startup? Why did they add this restriction without a way to turn it off? Should I file a bugreport to have these blockers removed? We needed to make it impossible to configure Samba insecurely. At the time this was proposed, it was posted to the list and no dissenting voices were heard. Since then there have been a couple of people with the desire to configure Samba in a completely insecure mode like yourself, and there is a proposed patch to allow Samba to be run with this known security hole. As you may imagine, I'm not too keen on this but we may decide to add it in for people who desire insecure setups. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't turn on wide links in homedir
On 12. 9. 2011 19:21, Jeremy Allison wrote: We needed to make it impossible to configure Samba insecurely. At the time this was proposed, it was posted to the list and no dissenting voices were heard. Since then there have been a couple of people with the desire to configure Samba in a completely insecure mode like yourself, and there is a proposed patch to allow Samba to be run with this known security hole. As you may imagine, I'm not too keen on this but we may decide to add it in for people who desire insecure setups. Jeremy. Well, I'm not too sure about the real security implications of this thing. I could restrict the flag to homedirs only - and since homedirs are private to the person accessing them, unless the user symlinks / into his public_html dir it shouldn't be that bad... but I can understand that someone wishing to lock down a system would want to minimize risks (although then why does he give out local ssh accounts). For my personal use I dug through the sources a bit and disabled the stuff in widelinks_warning() and lp_widelinks(), so there's no particular time pressure from my side :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] passdb backend issue: setting other than 'smbpasswd' does not work
I'm currently running the samba3x packages on Centos 5.6. I recently switched to them from the SERnet Samba 3.3 packages to Centos Samba3x packages (smbd now reports Version 3.5.4-0.70.el5_6.1). At the same time, I switched to ldapsam as a backend. Everything seemed to be working fine until I tried to change a user's password with smbpasswd (as root). smbpasswd did not report any errors, and pdbedit shows the last update for that password to match when I ran smbpasswd. However, the updated password does not work to log in with smbclient. I then switched to tdbsam, assuming that I had screwed up part of the ldap setup. I saw the same issues. Switching to the smbpasswd backend has everything working, but I'd rather hoped to switch everything over to LDAP so I can integrate some of our other systems in one directory. I can pull logs, but I'm not sure which logs and debugging levels are most useful—there were no error messages even with the loglevel set to 5 during the smbpasswd run, and the access rejection comes up as NT_STATUS_WRONG_PASSWORD. It *seems* like smbd is reading from smbpasswd regardless of the passdb backend setting and that the smbpasswd utility is updating the correct backend based on the smb.conf setting. I did run a service smbd reload each time I changed the config file. Any suggestions? Kevin T. Broderick IT Communications Coordinator KILLINGTON MOUNTAIN SCHOOL E: kbroder...@killingtonmountainschool.org P: 802-422-5671 F: 802-422-5678 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to check the password complexity in samba
Who changed users' password? check password script affects only for normal user. I run smbldap-passwd as root dn and gui (srvtools) as domain admins 2011/9/12 TAKAHASHI Motonobu mo...@monyo.com From: Alex Domoradov alex@gmail.com Date: Mon, 12 Sep 2011 17:09:29 +0300 Hi all, can someone give a working example for checking the password complexity in samba? (snip) 4. Add the following line to the smb.conf and restart samba check password script = /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict But when I change user password from command line (smbldap-passwd) or via gui (srvtools), there is no warning. Even if I set 123 as password. Am I missing something? Who changed users' password? check password script affects only for normal user. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 368ad28 doc: suggest samba-tool dbcheck in upgrading-samba4.txt via 8268c2d s4-s3-upgrade Remove upgrade_from_s3 script, use samba-tool domain samba3upgrade via 3e246a3 start Samba 4.0alpha17 release notes via 28ad50e s3-selftest: Set path to bin/net and bin/wbinfo in command line to test scripts via e223a65 samba-tool: Add domain samba3upgrade subcommand via c7b1f15 s4-s3-upgrade: Check for duplicate sids before provisioning via 662818b s4-provision: Fix the informational message from dns provisioning via c7c29a3 s4-provision: Create private dir for dns in a separate function via c6a4094 s4-s3-upgrade: Check for common user/group names before provisioning via 0b08988 s4-provision: Generate appropriate named.conf file depending on dns_backend via 295361c s4-provision: Remove dupliate creation of dns/spn_update_list files via 9a5524e s4-provision: Add named.conf template for BIND9 with DLZ support via 41e9f9d s4-provision: Add Seperate instructions for BIND 9.7.x and 9.8.x. via 1860e6b s4-provision: Enable SPNs for DNS from 6f4264a s4:samba-tool/domain.py - rename arguments domain - domain-level, forest - forest-level http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 368ad28a6e95911739f6ad1485b63e87cf2adcc6 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 12 20:41:29 2011 +1000 doc: suggest samba-tool dbcheck in upgrading-samba4.txt Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Mon Sep 12 14:24:20 CEST 2011 on sn-devel-104 commit 8268c2d4e231b05b439bc70331b75342b35daa4e Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 12 20:21:53 2011 +1000 s4-s3-upgrade Remove upgrade_from_s3 script, use samba-tool domain samba3upgrade commit 3e246a3cf47214b95fa7d45dafa24b98271c657b Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 12 14:16:12 2011 +1000 start Samba 4.0alpha17 release notes commit 28ad50e5fd1887fff149d05793b2dabe5a08051a Author: Andrew Bartlett abart...@samba.org Date: Sun Sep 11 08:16:50 2011 +1000 s3-selftest: Set path to bin/net and bin/wbinfo in command line to test scripts This makes it easier to reproduce these tests outside the test environment, as we rely less on environment variables. Andrew Bartlett commit e223a65b1011f82687e2fdfa102f305e1fd76214 Author: Amitay Isaacs ami...@gmail.com Date: Mon Sep 12 16:03:34 2011 +1000 samba-tool: Add domain samba3upgrade subcommand Added new command to upgrade from samba3 to samba4. Pair-Programmed-With: Andrew Bartlett abart...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org commit c7b1f156bbf23801515547bae50c4ca90911 Author: Amitay Isaacs ami...@gmail.com Date: Mon Sep 12 15:09:49 2011 +1000 s4-s3-upgrade: Check for duplicate sids before provisioning Pair-Programmed-With: Andrew Bartlett abart...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org commit 662818b123ea7813f72053bd976aad4628637cd1 Author: Amitay Isaacs ami...@gmail.com Date: Mon Sep 12 13:17:50 2011 +1000 s4-provision: Fix the informational message from dns provisioning Signed-off-by: Andrew Bartlett abart...@samba.org commit c7c29a3523a721737aa647b2e40e23a0775b3958 Author: Amitay Isaacs ami...@gmail.com Date: Mon Sep 12 13:14:42 2011 +1000 s4-provision: Create private dir for dns in a separate function Signed-off-by: Andrew Bartlett abart...@samba.org commit c6a40942b2c5b2f330b73a5513927ffe9ed1af20 Author: Amitay Isaacs ami...@gmail.com Date: Mon Sep 12 12:14:00 2011 +1000 s4-s3-upgrade: Check for common user/group names before provisioning Pair-Programmed-With: Andrew Bartlett abart...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org commit 0b089880f021121320744f4f1b742857c0cb5cbf Author: Amitay Isaacs ami...@gmail.com Date: Thu Sep 8 15:33:41 2011 +1000 s4-provision: Generate appropriate named.conf file depending on dns_backend For --dns_backend=BIND9, generate the dns zone file, and named.conf with zone information. For --dns-backend=BIND9_DLZ, generate the named.conf with dlz directive. If no option is specified, default dns_backend is BIND9. Signed-off-by: Andrew Bartlett abart...@samba.org commit 295361c13d12782b2248e53b30e4101a41a96f90 Author: Amitay Isaacs ami...@gmail.com Date: Thu Sep 8 15:29:59 2011 +1000 s4-provision: Remove dupliate creation of dns/spn_update_list files dns_update_list and spn_update_list are set up using create_dns_update_list() function. Signed-off-by: Andrew Bartlett abart...@samba.org commit 9a5524e00ad8f257305f823d4a9936026e6d9160 Author: Amitay Isaacs ami...@gmail.com Date:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 456aee8 s3-lsa: Add conversion for auth info structs from 368ad28 doc: suggest samba-tool dbcheck in upgrading-samba4.txt http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 456aee80f584e136a4e1decb6c53fbe019ead6b8 Author: Sumit Bose sb...@redhat.com Date: Thu Sep 1 18:18:31 2011 +0200 s3-lsa: Add conversion for auth info structs struct lsa_TrustDomainInfoAuthInfo and struct trustAuthInOutBlob can store the same information for different usage. The added routines can convert one struct into the other. Signed-off-by: Günther Deschner g...@samba.org Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Mon Sep 12 15:52:17 CEST 2011 on sn-devel-104 --- Summary of changes: source3/Makefile.in|7 +- source3/rpc_client/util_lsarpc.c | 334 .../rpc_client/{util_netlogon.h = util_lsarpc.h} | 19 +- source3/rpc_server/lsa/srv_lsa_nt.c| 47 +-- source3/torture/proto.h|1 + source3/torture/test_authinfo_structs.c| 218 + source3/torture/torture.c |1 + source3/wscript_build |5 +- 8 files changed, 587 insertions(+), 45 deletions(-) create mode 100644 source3/rpc_client/util_lsarpc.c copy source3/rpc_client/{util_netlogon.h = util_lsarpc.h} (57%) create mode 100644 source3/torture/test_authinfo_structs.c Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index bf66af4..1b79637 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -688,7 +688,8 @@ LIB_EVENTLOG_OBJ = lib/eventlog/eventlog.o DCE_RPC_EP_OBJ = librpc/rpc/dcerpc_ep.o RPC_LSARPC_OBJ = rpc_server/lsa/srv_lsa_nt.o \ -librpc/gen_ndr/srv_lsa.o +librpc/gen_ndr/srv_lsa.o \ +rpc_client/util_lsarpc.o RPC_NETLOGON_OBJ = rpc_server/netlogon/srv_netlog_nt.o \ librpc/gen_ndr/srv_netlogon.o @@ -1255,13 +1256,15 @@ SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/uta torture/test_addrchange.o \ torture/test_case_insensitive.o \ torture/test_posix_append.o \ - torture/test_smb2.o + torture/test_smb2.o \ + torture/test_authinfo_structs.o SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) $(TLDAP_OBJ) \ $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \ @LIBWBCLIENT_STATIC@ \ torture/wbc_async.o \ ../nsswitch/wb_reqtrans.o \ + rpc_client/util_lsarpc.o \ $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ) MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ diff --git a/source3/rpc_client/util_lsarpc.c b/source3/rpc_client/util_lsarpc.c new file mode 100644 index 000..e607a0c --- /dev/null +++ b/source3/rpc_client/util_lsarpc.c @@ -0,0 +1,334 @@ +/* + Unix SMB/CIFS implementation. + Authentication utility functions + Copyright (C) Sumit Bose 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include includes.h +#include ../librpc/gen_ndr/ndr_drsblobs.h +#include ../librpc/gen_ndr/ndr_lsa.h +#include rpc_client/util_lsarpc.h + +static NTSTATUS ai_array_2_trust_domain_info_buffer(TALLOC_CTX *mem_ctx, + uint32_t count, + struct AuthenticationInformationArray *ai, + struct lsa_TrustDomainInfoBuffer **_b) +{ + NTSTATUS status; + struct lsa_TrustDomainInfoBuffer *b; + int i; + + b = talloc_array(mem_ctx, struct lsa_TrustDomainInfoBuffer, count); + if (b == NULL) { + return NT_STATUS_NO_MEMORY; + } + + for(i = 0; i count; i++) { + size_t size = 0; + b[i].last_update_time = ai-array[i].LastUpdateTime; + b[i].AuthType = ai-array[i].AuthType; + switch(ai-array[i].AuthType) { + case TRUST_AUTH_TYPE_NONE: + b[i].data.size =
[SCM] CTDB repository - branch master updated - ctdb-1.11-58-gf6a4719
The branch, master has been updated via f6a47197dbb64cc7705fc564fa8dc78e958226c4 (commit) from 14656eaa01a8951693fa146b3d35258f7daaafd5 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit f6a47197dbb64cc7705fc564fa8dc78e958226c4 Author: Michael Adam ob...@samba.org Date: Mon Sep 12 15:04:46 2011 +0200 Fix a typo in a message in ctdb backupdb. --- Summary of changes: tools/ctdb.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/tools/ctdb.c b/tools/ctdb.c index 26c0bfb..9443eca 100644 --- a/tools/ctdb.c +++ b/tools/ctdb.c @@ -4325,7 +4325,7 @@ done: } } - DEBUG(DEBUG_ERR,(Database acked up to %s\n, argv[1])); + DEBUG(DEBUG_ERR,(Database backed up to %s\n, argv[1])); talloc_free(tmp_ctx); return status; -- CTDB repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 81b965a s3-auth: fix uninitialized server_info from 456aee8 s3-lsa: Add conversion for auth info structs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 81b965af892fb279b71ebdc8a9541d2f157368c6 Author: Sumit Bose sb...@redhat.com Date: Mon Sep 12 15:50:31 2011 +0200 s3-auth: fix uninitialized server_info Signed-off-by: Günther Deschner g...@samba.org Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Mon Sep 12 17:44:46 CEST 2011 on sn-devel-104 --- Summary of changes: source3/auth/user_krb5.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c index 0cb80c8..489080e 100644 --- a/source3/auth/user_krb5.c +++ b/source3/auth/user_krb5.c @@ -242,6 +242,10 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, make_server_info_pw\n, username)); status = make_server_info_pw(tmp, username, pw); } + + /* Steal tmp server info into the server_info pointer. */ + server_info = talloc_move(mem_ctx, tmp); + TALLOC_FREE(sampass); if (!NT_STATUS_IS_OK(status)) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1dc3ac2 s3:libsmb: let cli_pull_raw_error() return NT_STATUS_OK as DOS-Error success from 81b965a s3-auth: fix uninitialized server_info http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1dc3ac242a9027575d0119ec3547ae508e2cb2a9 Author: Stefan Metzmacher me...@samba.org Date: Mon Sep 12 09:45:13 2011 +0200 s3:libsmb: let cli_pull_raw_error() return NT_STATUS_OK as DOS-Error success metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Mon Sep 12 19:12:21 CEST 2011 on sn-devel-104 --- Summary of changes: source3/libsmb/async_smb.c |7 ++- 1 files changed, 6 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index 0910332..df205dd 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -30,9 +30,14 @@ static NTSTATUS cli_pull_raw_error(const uint8_t *buf) { uint32_t flags2 = SVAL(buf, smb_flg2); + NTSTATUS status = NT_STATUS(IVAL(buf, smb_rcls)); + + if (NT_STATUS_IS_OK(status)) { + return NT_STATUS_OK; + } if (flags2 FLAGS2_32_BIT_ERROR_CODES) { - return NT_STATUS(IVAL(buf, smb_rcls)); + return status; } return NT_STATUS_DOS(CVAL(buf, smb_rcls), SVAL(buf,smb_err)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 85332eb s3:libsmb: check the wct of the incoming SMBnegprot responses from 1dc3ac2 s3:libsmb: let cli_pull_raw_error() return NT_STATUS_OK as DOS-Error success http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 85332eb1c721d585e1a33101bddafdca4073e10f Author: Stefan Metzmacher me...@samba.org Date: Mon Sep 12 07:13:56 2011 +0200 s3:libsmb: check the wct of the incoming SMBnegprot responses metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Mon Sep 12 20:50:27 CEST 2011 on sn-devel-104 --- Summary of changes: source3/libsmb/cliconnect.c | 10 ++ 1 files changed, 10 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index fd0536c..e0d2419 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -2640,6 +2640,11 @@ static void cli_negprot_done(struct tevent_req *subreq) struct timespec ts; bool negotiated_smb_signing = false; + if (wct != 0x11) { + tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); + return; + } + /* NT protocol */ cli-sec_mode = CVAL(vwv + 1, 0); cli-max_mux = SVAL(vwv + 1, 1); @@ -2700,6 +2705,11 @@ static void cli_negprot_done(struct tevent_req *subreq) } } else if (cli_state_protocol(cli) = PROTOCOL_LANMAN1) { + if (wct != 0x0D) { + tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); + return; + } + cli-use_spnego = False; cli-sec_mode = SVAL(vwv + 1, 0); cli-max_xmit = SVAL(vwv + 2, 0); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fad5e3b Move the talloc_move call until *after* the check on status. Don't want to move something that might be invalid. from 85332eb s3:libsmb: check the wct of the incoming SMBnegprot responses http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fad5e3be5e4739e9e19f3f87a49c059336a436d4 Author: Jeremy Allison j...@samba.org Date: Mon Sep 12 11:23:17 2011 -0700 Move the talloc_move call until *after* the check on status. Don't want to move something that might be invalid. Makes the code match what is currently in 3.6.x. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Mon Sep 12 22:21:24 CEST 2011 on sn-devel-104 --- Summary of changes: source3/auth/user_krb5.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c index 489080e..b106e45 100644 --- a/source3/auth/user_krb5.c +++ b/source3/auth/user_krb5.c @@ -243,9 +243,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, status = make_server_info_pw(tmp, username, pw); } - /* Steal tmp server info into the server_info pointer. */ - server_info = talloc_move(mem_ctx, tmp); - TALLOC_FREE(sampass); if (!NT_STATUS_IS_OK(status)) { @@ -254,6 +251,9 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, return status; } + /* Steal tmp server info into the server_info pointer. */ + server_info = talloc_move(mem_ctx, tmp); + /* make_server_info_pw does not set the domain. Without this * we end up with the local netbios name in substitutions for * %D. */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d0df757 s4:lib/socket/interface.c - ifaces strictly needs to be initialised from fad5e3b Move the talloc_move call until *after* the check on status. Don't want to move something that might be invalid. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d0df75701e529e2d872691f8be047c5b55118930 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Mon Sep 12 15:45:11 2011 +0200 s4:lib/socket/interface.c - ifaces strictly needs to be initialised Please consider a failing get_interfaces call and the talloc_free() operation on a possible uninitialised ifaces on line 326. https://bugzilla.samba.org/show_bug.cgi?id=8397 Reviewed-by: Jelmer Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org Autobuild-Date: Mon Sep 12 23:49:12 CEST 2011 on sn-devel-104 --- Summary of changes: source4/lib/socket/interface.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/socket/interface.c b/source4/lib/socket/interface.c index 42e1946..7994716 100644 --- a/source4/lib/socket/interface.c +++ b/source4/lib/socket/interface.c @@ -293,7 +293,7 @@ void load_interface_list(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, s { const char **ptr = lpcfg_interfaces(lp_ctx); int i; - struct iface_struct *ifaces; + struct iface_struct *ifaces = NULL; int total_probed; bool enable_ipv6 = lpcfg_parm_bool(lp_ctx, NULL, ipv6, enable, true); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0ee22a2 s4-python: Fix some formatting issues. via df1d3dc s4-python: Consistently use spaces rather than tabs, fix headers in several places. via b4c4a2d Add samba.tests.source, which checks Python files for copyright lines, license headers and invalid characters (dos newlines, tabs). via 762102f testparm.py: Use standard formatting of header. via 62670d4 group.py: Remove tab characters. via 375a92c drs.py: Remove tab characters. via 4c7acab domain.py: Remove tab characters. via dc26067 delegation.py: Remove tab characters. via 1fcce6b drs_utils.py: Remove tab characters. from d0df757 s4:lib/socket/interface.c - ifaces strictly needs to be initialised http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0ee22a2dec1716e0d5c0a6aee612f635800af5ef Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 13 01:27:50 2011 +0200 s4-python: Fix some formatting issues. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Tue Sep 13 03:51:13 CEST 2011 on sn-devel-104 commit df1d3dc777b48bc9bc10f3eb44dec90db490a899 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 13 01:10:37 2011 +0200 s4-python: Consistently use spaces rather than tabs, fix headers in several places. commit b4c4a2d0f95166a8c3c01b8837103630fdea8c3f Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 13 01:09:16 2011 +0200 Add samba.tests.source, which checks Python files for copyright lines, license headers and invalid characters (dos newlines, tabs). commit 762102f05443165577495afc0f15c7a83d78b503 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 13 00:20:57 2011 +0200 testparm.py: Use standard formatting of header. commit 62670d43b81de0f9603b18e020687dfff129a9f9 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 13 00:20:17 2011 +0200 group.py: Remove tab characters. commit 375a92c302f0cc6b171358e4e954836e3eae1e91 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 13 00:20:03 2011 +0200 drs.py: Remove tab characters. commit 4c7acab5fc700c53381b52edd430c9c319b6ea50 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 13 00:19:51 2011 +0200 domain.py: Remove tab characters. commit dc26067a6f73d20fda65cc2996a0c6c156d4d5b0 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 13 00:19:45 2011 +0200 delegation.py: Remove tab characters. commit 1fcce6bd3f8bebbec02d2b0e9ef07da74d74f514 Author: Jelmer Vernooij jel...@samba.org Date: Tue Sep 13 00:19:24 2011 +0200 drs_utils.py: Remove tab characters. --- Summary of changes: source4/librpc/rpc/dcerpc.py |6 +- source4/scripting/bin/samba-tool |2 +- source4/scripting/python/samba/__init__.py |5 +- source4/scripting/python/samba/drs_utils.py| 18 +- source4/scripting/python/samba/getopt.py | 23 +- source4/scripting/python/samba/ms_schema.py| 19 +- source4/scripting/python/samba/ndr.py |2 +- .../scripting/python/samba/netcmd/delegation.py|4 +- source4/scripting/python/samba/netcmd/domain.py| 25 +- source4/scripting/python/samba/netcmd/drs.py | 72 +++--- source4/scripting/python/samba/netcmd/group.py |4 +- source4/scripting/python/samba/netcmd/testparm.py | 24 +- source4/scripting/python/samba/sd_utils.py |4 +- source4/scripting/python/samba/tests/auth.py |6 +- .../python/samba/tests/blackbox/__init__.py| 16 + .../python/samba/tests/blackbox/ndrdump.py | 14 + source4/scripting/python/samba/tests/core.py |6 +- .../scripting/python/samba/tests/credentials.py|6 +- .../python/samba/tests/dcerpc/__init__.py |2 +- .../scripting/python/samba/tests/dcerpc/bare.py|6 +- .../scripting/python/samba/tests/dcerpc/misc.py|6 +- .../python/samba/tests/dcerpc/registry.py |6 +- .../python/samba/tests/dcerpc/rpc_talloc.py| 16 +- .../scripting/python/samba/tests/dcerpc/rpcecho.py |6 +- source4/scripting/python/samba/tests/dcerpc/sam.py |6 +- .../scripting/python/samba/tests/dcerpc/testrpc.py | 15 +- .../scripting/python/samba/tests/dcerpc/unix.py|6 +- source4/scripting/python/samba/tests/hostconfig.py |6 +- source4/scripting/python/samba/tests/messaging.py |6 +- source4/scripting/python/samba/tests/provision.py |6 +- source4/scripting/python/samba/tests/registry.py |6 +- source4/scripting/python/samba/tests/samba3.py | 13 +- source4/scripting/python/samba/tests/samba3sam.py |6 +- source4/scripting/python/samba/tests/source.py | 168 ++ source4/scripting/python/samba/tests/strings.py| 20 +-
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6d9b0ee2 start work on Samba 4.0 alpha18 via 5190a3e Release Samba 4.0 alpha17 via 19d1c41 WHATSNEW: more information on running dbcheck from 0ee22a2 s4-python: Fix some formatting issues. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6d9b0ee26ea05ac23fe8b4f7e1fd756045c0b409 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 13 11:39:09 2011 +1000 start work on Samba 4.0 alpha18 Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Tue Sep 13 05:44:47 CEST 2011 on sn-devel-104 commit 5190a3e5c2511de2a3d2f2e2ffa41885ab60740b Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 13 11:38:30 2011 +1000 Release Samba 4.0 alpha17 commit 19d1c41fe5e88e5b186f7314df725e7ce3cb7646 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 13 12:05:00 2011 +1000 WHATSNEW: more information on running dbcheck --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 15 +++ 2 files changed, 16 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 6af0d96..866376e 100644 --- a/VERSION +++ b/VERSION @@ -57,7 +57,7 @@ SAMBA_VERSION_TP_RELEASE= # e.g. SAMBA_VERSION_ALPHA_RELEASE=1 # # - 4.0.0alpha1 # -SAMBA_VERSION_ALPHA_RELEASE=17 +SAMBA_VERSION_ALPHA_RELEASE=18 # For 'pre' releases the version will be # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6b6e685..3fac360 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -79,6 +79,21 @@ See also the -H option to point dbcheck at a different database to the default, and the --fix and --yes options to make changes and to not prompt about those changes. +After upgrading Samba, it is suggested that you do the following: + + - stop samba + - take a backup copy of your sam.ldb and sam.ldb.d/* database files + - run samba-tool dbcheck --cross-ncs --fix + - use 'all' to say yes to fixing each type of error found + - after it has finished, run dbcheck again to ensure it reports no +errors + +There will be a lot of errors fixed, particularly related to +bad/missing GUID values. This is due to a bug in previous releases +that left many objects with bad GUID values. These can all be fixed +using dbcheck with steps above. + + New default paths - -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.0.0alpha17 created
The annotated tag, samba-4.0.0alpha17 has been created at aaf258bc54a6da412b601e21e9e73673056cc95f (tag) tagging 5190a3e5c2511de2a3d2f2e2ffa41885ab60740b (commit) replaces tevent-0.9.14 tagged by Andrew Bartlett on Tue Sep 13 14:51:54 2011 +1000 - Log - samba4: tag release samba-4.0.0alpha17 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBObuFqz4A8Wyi0NrsRAtYgAKCGadSdInWFGhehtZEvDlGbojoeiwCZARER pI0kkHz4xydaspm/JVxvy5Q= =Gat0 -END PGP SIGNATURE- Amitay Isaacs (76): samba-tool: Remove gpo setacl command waf: Add SAMBA3_PYTHON context to build python wrappers in samba3 passdb: Add a function to expose loaded backend list. passdb: Add a function to read secrets db from a specified path passdb: Added python wrapper to passdb passdb: Call with correct backend methods instead of default methods passdb: Allocate talloc stackframe before calling in pdb functions. s3-param: Make sure we have talloc stack frame before calling in s3 code s4-dsdb: Provide additional method to connect to specified database path s3-passdb: Fix the error messages and return correct NTSTATUS s3-passdb: Connect to specified samdb if location is provided, otherwise use default s3-param: Add python wrapper for s3 parameters py-samba3: Create samba3 python package to hold other modules passdb: Move python wrapper for passdb in samba3 python package s3-passdb: Return dom_sid and guid with correct python types. s3-passdb: Added python method to get_global_sam_sid tests: Update test for s3 to s4 upgrade with two cases upgrade: Add missing bits for the s3 to s4 upgrade script s3-passdb: Replace SMB_MALLOC_ARRAY()/SAFE_FREE() with talloc equivalents. s3-passdb: Python wrapper for passdb s3-passdb: Added python wrapper for passdb methods s3-passdb: Make arguments for python wrapper enum_group_mapping() optional s3-passdb: Return list of sids from python wrapper enum_group_members s3-passdb: Fix call for search_aliases(). It returns bool and not NTSTATUS. py_security: Fix comparison between two dom_sid objects samba3-python: Add methods to get any entry (user/group) and its sid from idmap provision: Add idmap database handle to the result of provision s3upgrade: Add idmap migration, users/groups import s3-passdb: Use pdb_get_nt_passwd() to get nt passwd. s3-passdb: Display username when reporting error on add_sam_account. python-samba3: Secrets file loaded from private dir, not lib dir s3_upgrade: Do not add administrator and root accounts from s3 to s4 s3-passdb: Fix the get/set routines for pw_history for samu s3_upgrade: Set the administrator password on upgrade s3_upgrade: Add document strings for python methods s3_upgrade: Let python generate backtrace for unknown exceptions s3-param: Add a dump() method to output parameters s4-param: Use s3 dump method if s3 context is defined script: Fix the name of the script in autogenerated header file s3-passdb: Convert lm_pw and nt_pw to python string using length s3-passdb: Return assigned number of hours and not MAX_HOURS_LEN s3-passdb: Make domain_sid argument optional for search_aliases method py-samba3: Use passdb/param wrapper for samba3 module s3_upgrade: Update commandline options and use updated samba3 python module testdata: Set netbios name in the samba3 configuation py-samba3-test: Set lock directory to the datadir s3_upgrade: Set lock directory to correct directory samba3dump: Update the code using modified samba3 module with passdb api py-samba3-test: Copy sample database in tempdir before running test s3-param: Allocate talloc stackframe before calling s3 param routines s3-passdb: Allocate talloc stackframe before calling pdb_get_group_sid() s4-kcc: Fix the list of NCs for DRS replica information samba-tool: Add --filter option to ldapcmp to ignore specified attributes build: Replace mkbuildoptions-waf awk script with waf target s4-provision: Extract dns account creation as separate ldif s4-provision: exit is not imported directed, use sys.exit s4-provision: Add DNS backend option to provision s4-provision: LDIF files to set up AD DNS schema s4-provision: Reworked DNS provisioning to support AD DNS schema s4-provision: Make DNS entries consistent with dns_update script s4-provision: Fill msDS-NC-Replica-Locations attribute in DNS provisioning s4-test: name attribute remove from Command class, so test not required samba-tool: Correctly handle sys.exit() called from subcommand samba-tool: max() with key option is available in python = 2.6 samba-tool: Provide feedback if synopsis