Re: [Samba] Domain Member keytabs invalid after Password Change
Chase Whitener chase.white...@infotechfl.com writes: We have a 2008r2 AD domain. We join Linux machines as domain members using Samba with Winbind (I'll show all of my config files below). This portion of our setup works without failures of any kind. However, some of these machines are web servers for Intranet stuff and we'd like to have SSO working. For this, we use Apache (HTTPD) plus mod_auth_kerb (requires a keytab file). So, since we're already joining the machines to the domain with Samba, we thought it would be smart to just generate the keytab files with net ads. export KRB5_KTNAME=FILE:/etc/www.keytab net ads keytab create -Udomain-admin (requires a password, so this can't be scripted and run in cron) net ads keytab add HTTP -Udomain-admin (requires a password, so this can't be scripted and run in cron) unset KRB5_KTNAME chown apache /etc/www.keytab service httpd restart However, when Samba changes the machine account's password (seemingly randomly), those keytab files are no longer valid and have to be regenerated. Is there some way for those keytab files to be updated automatically when Samba updates the machine account, or some setting to stop Samba from updating that password? And alternatively, are we doing things in a completely wrong way? I apologize for writing a book here, but without all of the background info, you may not be able to help. Here's my config files for a machine: Hi Chase, I did not see an answer to your question and would like to ask if you received any help with your problem or solved it some other way. Regards, Dirk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] cli_push returned NT_STATUS_IO_TIMEOUT
Hello all, I'm having a problem with smbclient after an upgrade from 3.0.37 to 3.5.3 (I also tested 3.5.11 and 3.6.0). The client uses a command similar to: tar -cz /some/directory | smbclient '\\server_ip\share' -N -c 'put - \directory\filename' After that the client checks the exit status to determine if the transfer succeeded or failed. The server is running samba 3.2.5. With samba-3.0.37 this worked without problem; With samba-3.5.3 the transfer regularly fails. The moment that is fails is different... normally it should transfer about 16GB of data but I have seen it fail after 2GB, 8GB and after 13GB. Looking at a tcpdump shows: - at 04:00:07: a packet is send from the client to the server that contains data (wireshark identifies it as 'Write AndX Request') - at 04:00:07: a packet is send from the server to the client to confirm the data (wireshark identifies it as 'Write AndX Response') - at 04:00:14: a packet is send from the client to the server which contains a 'Close Request'. Reproducing it is somewhat successful and somewhat unsuccessful: When I replace the 'tar -cz' command with a command that sleeps 20 seconds then I'm able to reproduce the error. With a delay of 19 seconds this is not reproducible; But this is not the same as the real command since this shows a delay of only 7 seconds. The test script used is attached to this mail. What it does: * It outputs a list of 'a' * It sleeps 20 seconds * It outputs a list of 'b'. Running it with samba-3.5.3: $ perl test.pl 20 | smbclient '\\server_ip\share' -N -c 'put - \directory\filename' ; echo $? Sending data 'a' Anonymous login successful Domain=[..] OS=[Unix] Server=[Samba 3.2.5] Sending data 'a' done Sleep done Sending data 'b' cli_push returned NT_STATUS_IO_TIMEOUT putting file - as \directory\filename (100.4 kb/s) (average 100.4 kb/s) The last lines of a smbclient -d10: dos_clean_name [\\directory\filename] unix_clean_name [\directory\filename] Sending data 'a' done Sleep done Sending data 'b' putting file - as \directory\filename Running timed event tevent_req_timedout 0xb8032c58 cli_push returned NT_STATUS_IO_TIMEOUT (99.6 kb/s) (average 99.6 kb/s) write_socket(4,39) write_socket(4,39) wrote 39 Running it with samba-3.6.0: $ perl test.pl 20 | smbclient '\\server_ip\share' -N -c 'put - \directory\filename' ; echo $? Sending data 'a' WARNING: The security=share option is deprecated Anonymous login successful Domain=[..] OS=[Unix] Server=[Samba 3.2.5] Sending data 'a' done Sleep done Sending data 'b' cli_push returned NT_STATUS_IO_TIMEOUT putting file - as \directory\filename (100.1 kb/s) (average 100.1 kb/s) The last lines of a smbclient -d10: [2011/09/19 12:02:20, 0] libsmb/clidfs.c:227(do_connect) Domain=[.] OS=[Unix] Server=[Samba 3.2.5] [2011/09/19 12:02:20, 4] libsmb/clidfs.c:233(do_connect) session setup ok [2011/09/19 12:02:20, 10] libsmb/clitrans.c:299(cli_trans_format) num_setup=1, max_setup=0, param_total=44, this_param=44, max_param=2, data_total=0, this_data=0, max_data=16644, param_offset=68, param_pad=0, param_disp=0, data_offset=112, data_pad=0, data_disp=0 [2011/09/19 12:02:20, 4] libsmb/clidfs.c:276(do_connect) tconx ok [2011/09/19 12:02:20, 3] lib/util.c:435(dos_clean_name) dos_clean_name [\\directory\filename] [2011/09/19 12:02:20, 3] lib/util.c:487(unix_clean_name) unix_clean_name [\directory\filename] [2011/09/19 12:02:20, 1] client/client.c:1872(do_put) putting file - as \ndirectory\filename Running timed event tevent_req_timedout 0xb80399a0 cli_push returned NT_STATUS_IO_TIMEOUT [2011/09/19 12:02:40, 1] client/client.c:1911(do_put) (100.3 kb/s) (average 100.3 kb/s) Some questions: a) can others reproduce this? b) is it expected that the exit status of smbclient is 0? The transfer failed so I, sort of, expected an exit status of 1 (or at least != 0) c) is this timeout expected? To me 'tevent_req_timedout' suggest that it is a timeout added when sending a request. Shouldn't the timeout/timer/.. be cleared when the response on the request is received? d) is it possible to change the value of the timeout? Best regards, Bram -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cli_push returned NT_STATUS_IO_TIMEOUT
The test script used is attached to this mail. What it does: * It outputs a list of 'a' * It sleeps 20 seconds * It outputs a list of 'b'. It appears that the list server removed the attachment.. inline version of the test script: $ cat test.pl #!/usr/bin/perl -l use strict; use warnings; $|++; my $sleep = shift; print STDERR Sending data 'a'; print a x 2048000; print STDERR Sending data 'a' done; sleep $sleep; print STDERR Sleep done; print STDERR Sending data 'b'; print b x 2048000; print STDERR Sending data 'b' done; -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain Member keytabs invalid after Password Change
Hi Dirk, No, I haven't gotten any word back yet. If you have any insight into what I might be doing incorrectly, it would be greatly appreciated. Thanks, Chase On Mon, Sep 19, 2011 at 3:10 AM, Dirk Gouders goud...@et.bocholt.fh-gelsenkirchen.de wrote: Chase Whitener chase.white...@infotechfl.com writes: We have a 2008r2 AD domain. We join Linux machines as domain members using Samba with Winbind (I'll show all of my config files below). This portion of our setup works without failures of any kind. However, some of these machines are web servers for Intranet stuff and we'd like to have SSO working. For this, we use Apache (HTTPD) plus mod_auth_kerb (requires a keytab file). So, since we're already joining the machines to the domain with Samba, we thought it would be smart to just generate the keytab files with net ads. export KRB5_KTNAME=FILE:/etc/www.keytab net ads keytab create -Udomain-admin (requires a password, so this can't be scripted and run in cron) net ads keytab add HTTP -Udomain-admin (requires a password, so this can't be scripted and run in cron) unset KRB5_KTNAME chown apache /etc/www.keytab service httpd restart However, when Samba changes the machine account's password (seemingly randomly), those keytab files are no longer valid and have to be regenerated. Is there some way for those keytab files to be updated automatically when Samba updates the machine account, or some setting to stop Samba from updating that password? And alternatively, are we doing things in a completely wrong way? I apologize for writing a book here, but without all of the background info, you may not be able to help. Here's my config files for a machine: Hi Chase, I did not see an answer to your question and would like to ask if you received any help with your problem or solved it some other way. Regards, Dirk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba and AD integration
Hello everyone. I am running Samba on a Debian system, and I'm currently getting the following error on the logs: [2011/09/19 15:06:36.708281, 1] smbd/sesssetup.c:454(reply_spnego_kerberos) Username GALILEU-F\bmartins is invalid on this system Being GALILEU-F my Windows domain and bmartins my username. However, both 'wbinfo -g' and 'wbinfo -u' are working fine. Also, 'kinit (...)' works. My smb.conf: [global] workgroup = GALILEU-F realm = GALILEU-F.GALILEU.PT server string = Samba Server security = ADS auth methods = winbind password server = 192.168.0.2 username map = /etc/samba/smbusers client NTLMv2 auth = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 printcap name = cups dns proxy = No wins server = 192.168.0.2 idmap uid = 20-30 idmap gid = 20-30 winbind use default domain = Yes winbind trusted domains only = Yes cups options = raw My krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = GALILEU-F.GALILEU.PT dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] GALILEU-F.GALILEU.PT = { kdc = jupiter.galileu-f.galileu.pt admin_server = jupiter.galileu-f.galileu.pt default_domain = galileu-f.galileu.pt } [domain_realm] .jupiter.galileu-f.galileu.pt = GALILEU-F.GALILEU.PT .galileu-f.galileu.pt = GALILEU-F.GALILEU.PT [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } And... /etc/nsswitch.conf: # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis Can someone please give me a light on this? Best regards, Bruno Martins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and AD integration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/19/2011 10:16 AM, Bruno Martins wrote: Hello everyone. I am running Samba on a Debian system, and I'm currently getting the following error on the logs: [2011/09/19 15:06:36.708281, 1] smbd/sesssetup.c:454(reply_spnego_kerberos) Username GALILEU-F\bmartins is invalid on this system Being GALILEU-F my Windows domain and bmartins my username. However, both 'wbinfo -g' and 'wbinfo -u' are working fine. Also, 'kinit (...)' works. My smb.conf: [global] workgroup = GALILEU-F realm = GALILEU-F.GALILEU.PT server string = Samba Server security = ADS auth methods = winbind password server = 192.168.0.2 username map = /etc/samba/smbusers client NTLMv2 auth = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 printcap name = cups dns proxy = No wins server = 192.168.0.2 idmap uid = 20-30 idmap gid = 20-30 winbind use default domain = Yes winbind trusted domains only = Yes cups options = raw My krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = GALILEU-F.GALILEU.PT dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] GALILEU-F.GALILEU.PT = { kdc = jupiter.galileu-f.galileu.pt admin_server = jupiter.galileu-f.galileu.pt default_domain = galileu-f.galileu.pt } [domain_realm] .jupiter.galileu-f.galileu.pt = GALILEU-F.GALILEU.PT .galileu-f.galileu.pt = GALILEU-F.GALILEU.PT [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } And... /etc/nsswitch.conf: # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis Can someone please give me a light on this? Best regards, Bruno Martins Bruno, You are using the option winbind use default domain = Yes, so AD users should be able to access with just their username and there should be no need to pre-pend the domain and backslash. Robert - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk53XnMACgkQup357T5MfTZcugCgvNMoqvTIPIlHdkov7i/ThBvK x94AniXBk960e1L4ompA1nW+Wm+qZvAI =yDia -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and AD integration
-Original Message- From: Robert Freeman-Day [mailto:pres...@gmail.com] Sent: segunda-feira, 19 de Setembro de 2011 16:24 To: Bruno Martins Cc: samba@lists.samba.org; António Moreira Subject: Re: [Samba] Samba and AD integration -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/19/2011 10:16 AM, Bruno Martins wrote: Hello everyone. I am running Samba on a Debian system, and I'm currently getting the following error on the logs: [2011/09/19 15:06:36.708281, 1] smbd/sesssetup.c:454(reply_spnego_kerberos) Username GALILEU-F\bmartins is invalid on this system Being GALILEU-F my Windows domain and bmartins my username. However, both 'wbinfo -g' and 'wbinfo -u' are working fine. Also, 'kinit (...)' works. My smb.conf: [global] workgroup = GALILEU-F realm = GALILEU-F.GALILEU.PT server string = Samba Server security = ADS auth methods = winbind password server = 192.168.0.2 username map = /etc/samba/smbusers client NTLMv2 auth = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 printcap name = cups dns proxy = No wins server = 192.168.0.2 idmap uid = 20-30 idmap gid = 20-30 winbind use default domain = Yes winbind trusted domains only = Yes cups options = raw My krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = GALILEU-F.GALILEU.PT dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] GALILEU-F.GALILEU.PT = { kdc = jupiter.galileu-f.galileu.pt admin_server = jupiter.galileu-f.galileu.pt default_domain = galileu-f.galileu.pt } [domain_realm] .jupiter.galileu-f.galileu.pt = GALILEU-F.GALILEU.PT .galileu-f.galileu.pt = GALILEU-F.GALILEU.PT [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } And... /etc/nsswitch.conf: # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis Can someone please give me a light on this? Best regards, Bruno Martins Bruno, You are using the option winbind use default domain = Yes, so AD users should be able to access with just their username and there should be no need to pre-pend the domain and backslash. Robert - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk53XnMACgkQup357T5MfTZcugCgvNMoqvTIPIlHdkov7i/ThBvK x94AniXBk960e1L4ompA1nW+Wm+qZvAI =yDia -END PGP SIGNATURE- Hi there, mate. I've commented that line but I'm getting the same result. Also, I have set it to no but, again, without success. By the way, when I do a getent passwd it just shows me local users, no AD users. Is this a normal behavior? Best regards, Bruno Martins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 64 bit xerox print drivers
I would like to respond to my own question ... yes ... one year later :-) My answer to this problem is * don't use Samba * to solve this type of problem. Instead I created a .dat file (using printui.dll) for each printer I wanted to install, scripted the creation of an LPR port ( objWMIService.Get(Win32_TCPIPPrinterPort) and install print drivers using printui.dll. I'm running LPD on the cups server. Works like a charm. No hassles joining this server to the domain, no wonky error messages, 500 desktops up and running at login, it just works. I'm posting this here because I'm genuinely curious if there has been any large scale success with Samba, Win 7 and Xerox (or other) 64 bit print drivers. Greg On Mon, Aug 9, 2010 at 5:47 PM, Greg Saunders g...@taord.com wrote: Samba 3.4.7 Ubuntu 10.04 Has anyone out there got Xerox 64 bit drivers working in a point and print samba set up? And if so, which Xerox drivers? And which method of driver installation? I'm at a complete loss. We currently have an environment with 500 + desktops and a couple dozen Xerox workgroup docucolor MFPs that are running fine now with XP clients and a Samba print server. We're moving to Win 7 64 bit clients over the next couple of months and this is going to be a huge stumbling block. Several months ago I posted a problem I was having installing 64 bit Xerox drivers into a shared samba queue. 32 bit drivers seem to be fine but the 64 bit are a world of pain. There didn't seem to be any resolution at that time and hoping things may have changed in the last few months. I've had success with 64 bit HP drivers ... just not Xerox. When adding the 64 bit driver as an additional driver under the sharing tab of the queue of the samba server, it complains, The specified location does not contain the driver driver name here for the requested processor architecture. It clearly is a 64 version, it will install locally. As far as cupsaddsmb is concerned ... it just doesn't seem to work with 64 bit ... unless I'm doing something wrong ... which is completely likely :) If anyone could shed some light on this, it would be immensely appreciated. Thanking you all in advance. Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba (CentOS) + Windows 7 Ultimate 64 = no login
I've given up on my CentOS server as I did get a Samba setup working, but in doing so broke my apache setup. I need to take a more detailed look at what would be my optimum staging setup which offers me the best versioning process for my code. Thanks for your help everyone! Regards, Paul Gardner,Webbed IT Logo Webbed IT. On 07/09/2011 19:21, Dale Schroeder wrote: On 09/06/2011 2:09 PM, phpMagpie wrote: Update: I tried the following tutorial http://www.samba.org/samba/docs/man/Samba-Guide/simple.html#id2550946 *I changed my smb.conf to:* [global] workgroup = WEBBEDIT security = SHARE [HTML] path = /var/www/html read only = No guest ok = Yes Shortened version of what I use with 3.5.11 on Debian: [global] workgroup = WEBBEDIT security = User map to guest = Bad User unix passwd sync = Yes [html] path = /var/www/html read only = No valid users = your_login admin users = your_login Ensure that your Win7, linux, and samba username and password combinations are identical. If this config works, you can fine tune with other parameters as needed. Dale The first validation step is to run 'smbclient -L localhost -U%'. *It should have returned something like:* Sharename Type Comment - --- Plans Disk IPC$ IPC IPC Service (Samba 3.0.20) ADMIN$ IPC IPC Service (Samba 3.0.20) ServerComment - --- webbedit.lan Samba 3.0.20 Workgroup Master - WEBBEDIT SERVER *Mine returned this:* Domain=[WEBBEDIT] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2] Sharename Type Comment - --- HTML Disk IPC$IPC IPC Service (Samba 3.5.4-68.el6_0.2) Domain=[WEBBEDIT] OS=[Unix] Server=[Samba 3.5.4-68.el6_0.2] Server Comment ---- WorkgroupMaster ---- Now the tutorial is on an earlier version so some changes may be required, but it's clear to see from my output that a domain is being set rather than a Workgroup. Any ideas? Paul. -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-CentOS-Windows-7-Ultimate-64-no-login-tp3793880p3794292.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 alpha17 GIT raise domain functional level
Fix has been checked in, the parameters domain and forest have been renamed into domain-level and forest-level for further clarification. Matthias Matthias Dieter Wallnöfer wrote: There has been a porting error from the old to the new implementation of this samba-tool command. Since I am the original author of this code I will try to figure out how to re-add the domain option. Matthias Matthieu Patou wrote: On 06/09/2011 13:53, a.key wrote: Hi. We are using samba4 as our production AD for a while in a mixed (XP, win2k3, win7, win2k8) environment. This post: http://lists.samba.org/archive/samba-technical/2011-February/076525.html mentions that to raise the functional level one should use this command: samba-tool domainlevel raise --domain=2008 --forest=2008 but in our current git version this command doesn't work due to the fact that there is no --domain switch as shown below: # samba-tool domain level --help Usage: samba-tool domain level (show | raise options) Options: -h, --helpshow this help message and exit -H URL, --URL=URL LDB URL for database or target server --quiet Be quiet --forest=FOREST The forest function level (2003 | 2008 | 2008_R2) Samba Common Options: -s FILE, --configfile=FILE Configuration file -d DEBUGLEVEL, --debuglevel=DEBUGLEVEL debug level --option=OPTION set smb.conf option from command line --realm=REALM set the realm name Credentials Options: --simple-bind-dn=DN DN to use for a simple bind --password=PASSWORD Password -U USERNAME, --username=USERNAME Username -W WORKGROUP, --workgroup=WORKGROUP Workgroup -N, --no-pass Don't ask for a password -k KERBEROS, --kerberos=KERBEROS Use Kerberos --ipaddress=IPADDRESS IP address of server Version Options: --version Display version number and when I'm trying to raise the forest level the tools says that the domain functional level needs to be raised first. What's the proper way of raising the functional level in recent git is ? Looks like a regression, you should file a bug in https://bugzilla.samba.org. Matthieu. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Wireless Production Servers Authentication of Active Directory with Inconsistent NTLM Auth Failures
Hi I work for a medium sized University and have recently set up some new infrastructure to authenticate our wireless users of Active Directory. Every thing was working as expected or so I thought. I set up a monitoring script that performs an ntlm_auth every minute and it shows that the authentication is failing inconsistently but for around 5 minutes at a time (see below). There are two development servers that I am trialling different configurations with to test. The architecture is currently 5 RHEL5 64bit servers running Radiator 4.4 authenticating off of Active Directory. The database resides on Oracle 11.2g RAC. The service is load balance behind a BIG-IP 6900. DESIGN All servers will be load balanced behind the BIG-IP. 2 production servers Lismore 2 production servers Tweed 1 production server Coffs Harbour Database residing on Oracle RAC 11.2g CONFIGURATION Radiator 4.4 using NTLM EAP PEAP SAMBA 3.0.33-3.29 (ntlm_auth) BIG-IP Two Virtual Servers. One for auth port. One for accounting port. Production Radius Pool = 5 servers Load balanced method Round Robin Monitors 1. Built in monitors for auth and accounting. radiusdev1 smb.conf [global] workgroup = ROOT realm = SCU.AD security = ADS password server = * [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = SCU.AD dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] SCU.AD = { kdc = lp-server2-wv.scu.ad admin_server = lp-server2-wv.scu.ad default_domain = scu.ad } [domain_realm] .kerberos.server = SCU.AD .scu.ad = SCU.AD [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Mon Sep 12 00:38:08 Mon Sep 12 00:38:09 Mon Sep 12 00:39:09 Mon Sep 12 00:39:09 Mon Sep 12 00:40:09 Mon Sep 12 00:40:09 Mon Sep 12 00:41:09 Mon Sep 12 00:41:09 Mon Sep 12 00:42:09 Mon Sep 12 00:42:09 Mon Sep 12 03:26:51 Mon Sep 12 03:26:51 Mon Sep 12 03:27:51 Mon Sep 12 03:27:51 Mon Sep 12 03:28:51 Mon Sep 12 03:28:51 Mon Sep 12 03:29:51 Mon Sep 12 03:29:51 Mon Sep 12 03:30:51 Mon Sep 12 03:30:51 Tue Sep 13 05:55:38 Tue Sep 13 05:55:38 Tue Sep 13 05:56:39 Tue Sep 13 05:56:39 Tue Sep 13 05:57:39 Tue Sep 13 05:57:39 Tue Sep 13 05:58:39 Tue Sep 13 05:58:39 Tue Sep 13 05:59:39 Tue Sep 13 05:59:39 Wed Sep 14 12:32:19 Wed Sep 14 12:32:19 Wed Sep 14 12:33:19 Wed Sep 14 12:33:19 Wed Sep 14 12:34:19 Wed Sep 14 12:34:19 Wed Sep 14 12:35:20 Wed Sep 14 12:35:20 Wed Sep 14 12:36:20 Wed Sep 14 12:36:20 radiusdev2 [global] workgroup = ROOT realm = SCU.AD security = ADS client schannel = Yes server schannel = Yes password server = 10.30.4.20, 10.30.4.21, * client signing = required server signing = required [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = SCU.AD dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] SCU.AD = { kdc = lp-server2-wv.scu.ad admin_server = lp-server2-wv.scu.ad default_domain = scu.ad } [domain_realm] .kerberos.server = SCU.AD .scu.ad = SCU.AD [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Log of the failed NTLM auth Mon Sep 12 05:03:38 Mon Sep 12 05:03:39 Mon Sep 12 05:04:39 Mon Sep 12 05:04:39 Mon Sep 12 05:05:39 Mon Sep 12 05:05:39 Mon Sep 12 05:06:39 Mon Sep 12 05:06:39 Mon Sep 12 05:07:39 Mon Sep 12 05:07:39 Mon Sep 12 19:35:32 Mon Sep 12 19:35:32 Mon Sep 12 19:36:32 Mon Sep 12 19:36:32 Mon Sep 12 19:37:32 Mon Sep 12 19:37:32 Mon Sep 12 19:38:32 Mon Sep 12 19:38:32 Mon Sep 12 19:39:32 Mon Sep 12 19:39:32 Mon Sep 12 20:22:42 Mon Sep 12 20:22:42 Mon Sep 12 20:23:42 Mon Sep 12 20:23:43 Mon Sep 12 20:24:43 Mon Sep 12 20:24:43 Mon Sep 12 20:25:43 Mon Sep 12 20:25:43 Mon Sep 12 20:26:43 Mon Sep 12 20:26:43 Mon Sep 12 20:27:43 Mon Sep 12 20:27:43 Mon Sep 12 20:28:43 Mon Sep 12 20:28:43 Mon Sep 12 20:29:43 Mon Sep 12 20:29:43 Mon Sep 12 20:30:43 Mon Sep 12 20:30:43 Mon Sep 12 20:31:43 Mon Sep 12 20:31:43 Tue Sep 13 11:52:40 Tue Sep 13 11:52:40 Tue Sep 13 11:53:40 Tue Sep 13 11:53:40 Tue Sep 13 11:54:40 Tue Sep 13 11:54:40 Tue Sep 13 11:55:40 Tue Sep 13 11:55:40 Tue Sep 13 11:56:40 Tue Sep 13 11:56:40 Tue Sep 13
[Samba] copy acls with getfacl / setfalc - invalid argument ....
I hav a problem porting my ACLS from my old filserver to a new one... My old Fileserver: I have my shares on a partition supporting acls with ext3 /dev/md0 on /data/raid type ext3 (rw,acl,user_xattr) My new Fileserver: /dev/md0 on /data/raid type ext4 (rw,acl,user_xattr) Now I copied all my shares to the new Fileserver with rsync and backed up my acls with: getfacl -R acls-fileserver.facl I copyied the file acls-fileserver.facl to the new one and tried to restore all the acls to the files and directories with: setfacl -restore=acls-fileserver.facl There I keep getting an error Invalid argument in line 75635 Sometimes sonner sometimes later. I also had: Invalid argument in line 14 I use getfacl / setfacl Version 2.5.1 Thanks for your help in advance! Greetings Oliver -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Browsing confusion
Am Donnerstag, den 15.09.2011, 08:26 +0900 schrieb TAKAHASHI Motonobu: From: steff...@gmx.de Date: Tue, 13 Sep 2011 17:17:23 +0200 (snip) The question is how the clients on the other subnets should find the BDC if the PDC is down if only one of them has wins support = yes set as suggested in the manpage for smb.conf. As you would understand, WINS server implementation of Samba lacks the function of replication, which means no redundancy. Unfortunately, there is no smart way to resolve that: 1) using samba4wins or WINS server on Windows server which can replicate their WINS database to each other. 2) using LMHOSTS file 3) using one of some hand-made replication solutions: I know 2 solutions in Japan. Both use wins hook parameter. - http://www.osstech.co.jp/techinfo/samba/wins-push - http://wiki.samba.gr.jp/mediawiki/index.php?title=WINS-replication If you are interested in them, I will translate them in English. Thanks, I used an automatic translator for this task and had a lot of fun reading ;-) I tried wins-push and samba4wins and decided to go with wins-push since it is much less hassle. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Browsing confusion
Am Donnerstag, den 15.09.2011, 08:26 +0900 schrieb TAKAHASHI Motonobu: From: steff...@gmx.de Date: Tue, 13 Sep 2011 17:17:23 +0200 (snip) The question is how the clients on the other subnets should find the BDC if the PDC is down if only one of them has wins support = yes set as suggested in the manpage for smb.conf. As you would understand, WINS server implementation of Samba lacks the function of replication, which means no redundancy. Unfortunately, there is no smart way to resolve that: 1) using samba4wins or WINS server on Windows server which can replicate their WINS database to each other. 2) using LMHOSTS file 3) using one of some hand-made replication solutions: I know 2 solutions in Japan. Both use wins hook parameter. - http://www.osstech.co.jp/techinfo/samba/wins-push - http://wiki.samba.gr.jp/mediawiki/index.php?title=WINS-replication If you are interested in them, I will translate them in English. Thanks, I used an automatic translator for this task and had a lot of fun reading ;-) I tried wins-push and samba4wins and decided to go with wins-push since it is much less hassle. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Inconsistent NT_STATUS_NO_LOGON_SERVERS with AD (muliti domain)
Hi I work for a medium sized University and have recently set up some new infrastructure to authenticate our wireless users of Active Directory. Every thing was working as expected or so I thought. I set up a monitoring script that performs an ntlm_auth every minute and it shows that the authentication is failing inconsistently but for around 5 minutes at a time (see below). There are two development servers that I am trialling different configurations with to test. The architecture is currently 5 RHEL5 64bit servers running Radiator 4.4 authenticating off of Active Directory. The database resides on Oracle 11.2g RAC. The service is load balance behind a BIG-IP 6900. DESIGN All servers will be load balanced behind the BIG-IP. 2 production servers site1 2 production servers site2 1 production server site3 Database residing on Oracle RAC 11.2g CONFIGURATION Radiator 4.4 using NTLM EAP PEAP SAMBA 3.0.33-3.29 (ntlm_auth) BIG-IP Two Virtual Servers. One for auth port. One for accounting port. Production Radius Pool = 5 servers Load balanced method Round Robin Monitors 1. Built in monitors for auth and accounting. radiusdev1 smb.conf [global] workgroup = ROOT realm = SCU.AD security = ADS password server = * [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = SCU.AD dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] SCU.AD = { kdc = lp-server2-wv.scu.ad admin_server = lp-server2-wv.scu.ad default_domain = scu.ad } [domain_realm] .kerberos.server = SCU.AD .scu.ad = SCU.AD [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Mon Sep 12 00:38:08 Mon Sep 12 00:38:09 Mon Sep 12 00:39:09 Mon Sep 12 00:39:09 Mon Sep 12 00:40:09 Mon Sep 12 00:40:09 Mon Sep 12 00:41:09 Mon Sep 12 00:41:09 Mon Sep 12 00:42:09 Mon Sep 12 00:42:09 Mon Sep 12 03:26:51 Mon Sep 12 03:26:51 Mon Sep 12 03:27:51 Mon Sep 12 03:27:51 Mon Sep 12 03:28:51 Mon Sep 12 03:28:51 Mon Sep 12 03:29:51 Mon Sep 12 03:29:51 Mon Sep 12 03:30:51 Mon Sep 12 03:30:51 Tue Sep 13 05:55:38 Tue Sep 13 05:55:38 Tue Sep 13 05:56:39 Tue Sep 13 05:56:39 Tue Sep 13 05:57:39 Tue Sep 13 05:57:39 Tue Sep 13 05:58:39 Tue Sep 13 05:58:39 Tue Sep 13 05:59:39 Tue Sep 13 05:59:39 Wed Sep 14 12:32:19 Wed Sep 14 12:32:19 Wed Sep 14 12:33:19 Wed Sep 14 12:33:19 Wed Sep 14 12:34:19 Wed Sep 14 12:34:19 Wed Sep 14 12:35:20 Wed Sep 14 12:35:20 Wed Sep 14 12:36:20 Wed Sep 14 12:36:20 radiusdev2 [global] workgroup = ROOT realm = SCU.AD security = ADS client schannel = Yes server schannel = Yes password server = 10.30.4.20, 10.30.4.21, * client signing = required server signing = required [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = SCU.AD dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] SCU.AD = { kdc = lp-server2-wv.scu.ad admin_server = lp-server2-wv.scu.ad default_domain = scu.ad } [domain_realm] .kerberos.server = SCU.AD .scu.ad = SCU.AD [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Log of the failed NTLM auth Mon Sep 12 05:03:38 Mon Sep 12 05:03:39 Mon Sep 12 05:04:39 Mon Sep 12 05:04:39 Mon Sep 12 05:05:39 Mon Sep 12 05:05:39 Mon Sep 12 05:06:39 Mon Sep 12 05:06:39 Mon Sep 12 05:07:39 Mon Sep 12 05:07:39 Mon Sep 12 19:35:32 Mon Sep 12 19:35:32 Mon Sep 12 19:36:32 Mon Sep 12 19:36:32 Mon Sep 12 19:37:32 Mon Sep 12 19:37:32 Mon Sep 12 19:38:32 Mon Sep 12 19:38:32 Mon Sep 12 19:39:32 Mon Sep 12 19:39:32 Mon Sep 12 20:22:42 Mon Sep 12 20:22:42 Mon Sep 12 20:23:42 Mon Sep 12 20:23:43 Mon Sep 12 20:24:43 Mon Sep 12 20:24:43 Mon Sep 12 20:25:43 Mon Sep 12 20:25:43 Mon Sep 12 20:26:43 Mon Sep 12 20:26:43 Mon Sep 12 20:27:43 Mon Sep 12 20:27:43 Mon Sep 12 20:28:43 Mon Sep 12 20:28:43 Mon Sep 12 20:29:43 Mon Sep 12 20:29:43 Mon Sep 12 20:30:43 Mon Sep 12 20:30:43 Mon Sep 12 20:31:43 Mon Sep 12 20:31:43 Tue Sep 13 11:52:40 Tue Sep 13 11:52:40 Tue Sep 13 11:53:40 Tue Sep 13 11:53:40 Tue Sep 13 11:54:40 Tue Sep 13 11:54:40 Tue Sep 13 11:55:40 Tue Sep 13 11:55:40 Tue Sep 13 11:56:40 Tue Sep 13 11:56:40 Tue Sep 13 14:36:01
[Samba] Samba for Mac OS X
Dear Samba Community, Because Apple has transitioned away from the open-source SAMBA protocol for their new 10.7 release of Mac OS X, I was wondering if there is a third-party solution to fill this void. Because OS X is based on Darwin, and Darwin is an open-source free version of UNIX, I thought there might be a solution with an Aqua front-end that would make it easier for Mac machines to connect to Windows networks. If you are able to answer my question, I would be very happy! Thank you so much, and have a great week, --Daniel --- Daniel Sutton danielsut...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unexpected Access Denied
Background: This situation is using Rational ClearCase in a situation with server on Solaris 10 and clients on a mixture of Windows XP and Windows 7, with access to the VOB (repository) enabled via Samba version: 3.4.9 Users are getting a consistent error with a specific ClearCase operation (Add to Source Control), which we have traced to a Samba interaction. The issue: For the interaction described, I need to know is it a) Working as Designed (would then like to understand why it is designed that way) b) defective c) dependent on Samba config/compile options (would then want to know which options control the behaviour) The file: -r--r- 1 cc_admin cc_users 5 Aug 1 16:29 /data01/vobstore/vobs_test_special.vbs/c/cdft/1c/19/1045e69c222a4a92bc1d733ec7cb1d6a The Samba connection made (log message): 141.11.249.110 (141.11.249.110) connect to service data01 initially as user rivacl (uid=20213, gid=9007) (pid 14214) GID 9007 is cc_users Microsoft Process Monitor / Network Trace shows that file access succeeds for Generic Read on the UNC path --- snip from process monitor event properties Result:SUCCESS Desired Access: Generic Read Disposition: Open Options: Synchronous IO Alert -- The failing operation is --- process monitor event properties Date Time:27/07/2011 5:18:03 PM Event Class:File System Operation:CreateFile Result:ACCESS DENIED Path:\\MYSERVER .MYORG.com\data01\vobstore\vobs_test_special.vbs\c\cdft\20\3a\2fd3179605c4436d83180c065bc59c67 TID:4112 Duration:0.0008641 Desired Access:Read EA, Read Attributes, Read Control, Synchronize Disposition:Open Options:Synchronous IO Non-Alert Attributes:n/a ShareMode:Read, Write, Delete AllocationSize:n/a -- This gets passed to the network as (flags same on request as response) 1622 00:55:07.589682 192.11.249.139 192.11.248.155 SMB NT Create AndX Request, Path: \vobstore\vobs_test_special.vbs\c\cdft\1c\19\1045e69c222a4a92bc1d733ec7cb1d6a Create Flags: 0x0010 ... ...1 = Extended Response: Extended responses required ... 0... = Create Directory: Target of open can be a file ... .0.. = Batch Oplock: Does NOT request batch oplock ... ..0. = Exclusive Oplock: Does NOT request oplock Access Mask: 0x00120088 ... ...1 = Synchronize: Can wait on handle to SYNCHRONIZE on completion of I/O ... ..1. = Read Control: READ ACCESS to owner, group and ACL of the SID ... 1... = Read Attributes: READ ATTRIBUTES access ... 1... = Read EA: READ EXTENDED ATTRIBUTES access Share Access: 0x0007 SHARE_DELETE SHARE_WRITE SHARE_READ 1623 00:55:07.590514 192.11.248.155 192.11.249.139 SMB NT Create AndX Response, FID: 0x, Error: STATUS_ACCESS_DENIED The request succeeds when the file permissions are 444 but fails when they are 440 The connection resolves to being in the same group as the file, so it seems to me the world readable bit should be irrelevant. FYI attaching the output of testparm -v -s Thanks you for any help you can give. David Every act is an act of self-definition.[global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = EU realm = MYORG.com netbios name = MYSERVER netbios aliases = netbios scope = server string = MYSERVER interfaces = bind interfaces only = No security = ADS auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = No password server = ipaddr MYORG.com smb passwd file = /opt/samba-3.4.9/private/smbpasswd private dir = /opt/samba-3.4.9/private passdb backend = tdbsam algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = /opt/samba/etc/username.map password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = No
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cc6ecd4 s3:registry: fix a debug message in the v2_to_v3 upgrade code from d49f509 s3:smb2cli: remove unused struct ntlmssp_state from smb2cli_session_setup_state http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cc6ecd4ead4144a9f37c7de3407862955bb7 Author: Michael Adam ob...@samba.org Date: Tue Sep 13 17:11:04 2011 +0200 s3:registry: fix a debug message in the v2_to_v3 upgrade code Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Mon Sep 19 10:31:45 CEST 2011 on sn-devel-104 --- Summary of changes: source3/registry/reg_backend_db.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c index bac075a..e22a73a 100644 --- a/source3/registry/reg_backend_db.c +++ b/source3/registry/reg_backend_db.c @@ -522,7 +522,7 @@ static int regdb_upgrade_v2_to_v3_fn(struct db_record *rec, void *private_data) } if (db == NULL) { - DEBUG(0, (regdb_normalize_keynames_fn: ERROR: + DEBUG(0, (regdb_upgrade_v2_to_v3_fn: ERROR: NULL db context handed in via private_data\n)); return 1; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via be4f188 s4-client: added close command in smbclient from fcfde9a s4:ntvfs/common/brlock.c - remove unnecessary include tdb_compat.h http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit be4f188128d631abe014a8182c22a03f4c09264a Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 20 06:06:26 2011 +1000 s4-client: added close command in smbclient this matches the existing open command, and also gives you error codes on both open and close useful for testing share mode locking Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Mon Sep 19 23:59:28 CEST 2011 on sn-devel-104 --- Summary of changes: source4/client/client.c | 66 --- 1 files changed, 62 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/client/client.c b/source4/client/client.c index 2f353ae..c30d17d 100644 --- a/source4/client/client.c +++ b/source4/client/client.c @@ -2131,18 +2131,75 @@ static int cmd_delprivileges(struct smbclient_context *ctx, const char **args) / +open a file / static int cmd_open(struct smbclient_context *ctx, const char **args) { - char *mask; - + char *filename; + union smb_open io; + NTSTATUS status; + TALLOC_CTX *tmp_ctx; + if (!args[1]) { d_printf(open filename\n); return 1; } - mask = talloc_asprintf(ctx, %s%s, ctx-remote_cur_dir, args[1]); + tmp_ctx = talloc_new(ctx); + + filename = talloc_asprintf(tmp_ctx, %s%s, ctx-remote_cur_dir, args[1]); + + io.generic.level = RAW_OPEN_NTCREATEX; + io.ntcreatex.in.root_fid.fnum = 0; + io.ntcreatex.in.flags = 0; + io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL; + io.ntcreatex.in.create_options = 0; + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; + io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ; + io.ntcreatex.in.alloc_size = 0; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN_IF; + io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; + io.ntcreatex.in.security_flags = 0; + io.ntcreatex.in.fname = filename; + + status = smb_raw_open(ctx-cli-tree, tmp_ctx, io); + talloc_free(tmp_ctx); + + if (NT_STATUS_IS_OK(status)) { + d_printf(Opened file with fnum %u\n, (unsigned)io.ntcreatex.out.file.fnum); + } else { + d_printf(Opened failed: %s\n, nt_errstr(status)); + } + + return 0; +} - smbcli_open(ctx-cli-tree, mask, O_RDWR, DENY_ALL); +/ +close a file +/ +static int cmd_close(struct smbclient_context *ctx, const char **args) +{ + union smb_close io; + NTSTATUS status; + uint16_t fnum; + + if (!args[1]) { + d_printf(close fnum\n); + return 1; + } + + fnum = atoi(args[1]); + + ZERO_STRUCT(io); + io.generic.level = RAW_CLOSE_CLOSE; + io.close.in.file.fnum = fnum; + + status = smb_raw_close(ctx-cli-tree, io); + + if (NT_STATUS_IS_OK(status)) { + d_printf(Closed file OK\n); + } else { + d_printf(Close failed: %s\n, nt_errstr(status)); + } return 0; } @@ -2694,6 +2751,7 @@ static struct {mput,cmd_mput,mask put all matching files,{COMPL_REMOTE,COMPL_NONE}}, {newer,cmd_newer,file only mget files newer than the specified local file,{COMPL_LOCAL,COMPL_NONE}}, {open,cmd_open,mask open a file,{COMPL_REMOTE,COMPL_NONE}}, + {close,cmd_close,fnum close a file,{COMPL_NONE,COMPL_NONE}}, {privileges,cmd_privileges,user show privileges for a user,{COMPL_NONE,COMPL_NONE}}, {print,cmd_print,file name print a file,{COMPL_NONE,COMPL_NONE}}, {printmode,cmd_printmode,graphics or text set the print mode,{COMPL_NONE,COMPL_NONE}}, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f9acf77 lib/util/charset: remove charset module loading via 8316577 lib/util/charcnv: Remove broken internal CP850 and CP464 modules from be4f188 s4-client: added close command in smbclient http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f9acf770e9c121aa495cb7e19175a4a6e45ff3d9 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 19 19:13:21 2011 -0700 lib/util/charset: remove charset module loading Now that the 'table' modules are gone, there is no reason for there to be charset modules at all. This builds the macosxfs and weird modules into the binary at the appropriate times, and changes the tests to test instead the difference between the remaining internal handlers and iconv(). Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Tue Sep 20 06:27:06 CEST 2011 on sn-devel-104 commit 8316577b7538f7204c5fd6328756c4c3f171b36e Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 16 14:52:28 2011 -0700 lib/util/charcnv: Remove broken internal CP850 and CP464 modules These modules are now known to be faulty, and Samba 3.6.0 didn't include support for them, so we now require a system iconv if you wish to support these character sets for the non-ASCII range. Andrew Bartlett --- Summary of changes: lib/util/charset/CP437.c | 135 lib/util/charset/CP850.c | 121 -- lib/util/charset/charset.h | 101 +-- lib/util/charset/charset_macosxfs.c| 26 ++-- .../srvstr.h = lib/util/charset/charset_proto.h | 26 +++-- lib/util/charset/codepoints.c | 14 +- lib/util/charset/iconv.c | 115 +++-- lib/util/charset/tests/convert_string.c| 22 ++-- lib/util/charset/tests/iconv.c |7 +- lib/util/charset/weird.c | 25 ++-- lib/util/charset/wscript_build | 39 +-- source3/Makefile.in| 21 +--- source3/configure.in | 10 +- source3/wscript|3 - source4/param/util.c |6 +- source4/selftest/knownfail |8 +- source4/selftest/tests.py |6 +- source4/torture/smbiconv.c |2 +- 18 files changed, 101 insertions(+), 586 deletions(-) delete mode 100644 lib/util/charset/CP437.c delete mode 100644 lib/util/charset/CP850.c copy source3/include/srvstr.h = lib/util/charset/charset_proto.h (51%) Changeset truncated at 500 lines: diff --git a/lib/util/charset/CP437.c b/lib/util/charset/CP437.c deleted file mode 100644 index 1e478d6..000 --- a/lib/util/charset/CP437.c +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Conversion table for CP437 charset also known as IBM437 - * - * Copyright (C) Alexander Bokovoy 2003 - * - * Conversion tables are generated using GNU libc 2.2.5's - * localedata/charmaps/IBM437 table and source/script/gen-8bit-gap.sh script - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see http://www.gnu.org/licenses/. - */ - -#include includes.h - -static const uint16_t to_ucs2[256] = { - 0x, 0x0001, 0x0002, 0x0003, 0x0004, 0x0005, 0x0006, 0x0007, - 0x0008, 0x0009, 0x000A, 0x000B, 0x000C, 0x000D, 0x000E, 0x000F, - 0x0010, 0x0011, 0x0012, 0x0013, 0x0014, 0x0015, 0x0016, 0x0017, - 0x0018, 0x0019, 0x001A, 0x001B, 0x001C, 0x001D, 0x001E, 0x001F, - 0x0020, 0x0021, 0x0022, 0x0023, 0x0024, 0x0025, 0x0026, 0x0027, - 0x0028, 0x0029, 0x002A, 0x002B, 0x002C, 0x002D, 0x002E, 0x002F, - 0x0030, 0x0031, 0x0032, 0x0033, 0x0034, 0x0035, 0x0036, 0x0037, - 0x0038, 0x0039, 0x003A, 0x003B, 0x003C, 0x003D, 0x003E, 0x003F, - 0x0040, 0x0041, 0x0042, 0x0043, 0x0044, 0x0045, 0x0046, 0x0047, - 0x0048, 0x0049, 0x004A, 0x004B, 0x004C, 0x004D, 0x004E, 0x004F, - 0x0050, 0x0051, 0x0052, 0x0053, 0x0054, 0x0055, 0x0056, 0x0057, - 0x0058, 0x0059, 0x005A, 0x005B, 0x005C, 0x005D, 0x005E, 0x005F, - 0x0060, 0x0061,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via da5224a s3:dbwrap_ctdb: skip the internal __db_sequence_number__ key from (persistent) traverse and traverse_read via 4d30fd8 s3:dbwrap_tool: add popt support and standard samba options via aa0f102 s3:g_lock: add a missing to a debug message in g_lock_init from f9acf77 lib/util/charset: remove charset module loading http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit da5224a9d2684c0a95f056700af4c4f7be2f93f9 Author: Michael Adam ob...@samba.org Date: Tue Sep 20 04:33:31 2011 +0200 s3:dbwrap_ctdb: skip the internal __db_sequence_number__ key from (persistent) traverse and traverse_read This is is used internally in the persistent transactions and should not surface. Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Tue Sep 20 07:59:20 CEST 2011 on sn-devel-104 commit 4d30fd8c5163c92e8fdbfd1cae7088e9e010b8cd Author: Michael Adam ob...@samba.org Date: Tue Sep 20 04:32:25 2011 +0200 s3:dbwrap_tool: add popt support and standard samba options commit aa0f102fd7defb5ff442ac4bfc782721fbbff434 Author: Michael Adam ob...@samba.org Date: Mon Sep 19 22:30:57 2011 +0200 s3:g_lock: add a missing \n to a debug message in g_lock_init --- Summary of changes: source3/Makefile.in |4 ++- source3/lib/dbwrap/dbwrap_ctdb.c | 26 + source3/lib/g_lock.c |2 +- source3/utils/dbwrap_tool.c | 58 - source3/wscript_build|3 +- 5 files changed, 76 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index d64adb8..0796bc6 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1549,7 +1549,8 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \ DBWRAP_TOOL_OBJ = utils/dbwrap_tool.o \ $(PARAM_OBJ) \ $(LIB_NONSMBD_OBJ) \ - $(LIBSMB_ERR_OBJ) + $(LIBSMB_ERR_OBJ) \ + $(POPT_LIB_OBJ) DBWRAP_TORTURE_OBJ = utils/dbwrap_torture.o \ $(PARAM_OBJ) \ @@ -3204,6 +3205,7 @@ bin/dbwrap_tool@EXEEXT@: $(DBWRAP_TOOL_OBJ) $(LIBTALLOC) $(LIBTDB) @$(CC) -o $@ $(DBWRAP_TOOL_OBJ)\ $(LDFLAGS) $(DYNEXP) $(LIBS) \ $(LDAP_LIBS) \ + $(POPT_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) install-dbwrap_tool:: bin/dbwrap_tool@EXEEXT@ diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c index 429f542..d9fb489 100644 --- a/source3/lib/dbwrap/dbwrap_ctdb.c +++ b/source3/lib/dbwrap/dbwrap_ctdb.c @@ -1261,11 +1261,25 @@ static int traverse_persistent_callback(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DAT struct db_record *rec; TALLOC_CTX *tmp_ctx = talloc_new(state-db); int ret = 0; + + /* +* Skip the __db_sequence_number__ key: +* This is used for persistent transactions internally. +*/ + if (kbuf.dsize == strlen(CTDB_DB_SEQNUM_KEY) + 1 + strncmp((const char*)kbuf.dptr, CTDB_DB_SEQNUM_KEY, + strlen(CTDB_DB_SEQNUM_KEY)) == 0) + { + goto done; + } + /* we have to give them a locked record to prevent races */ rec = db_ctdb_fetch_locked(state-db, tmp_ctx, kbuf); if (rec rec-value.dsize 0) { ret = state-fn(rec, state-private_data); } + +done: talloc_free(tmp_ctx); return ret; } @@ -1321,6 +1335,18 @@ static int traverse_persistent_callback_read(TDB_CONTEXT *tdb, TDB_DATA kbuf, TD { struct traverse_state *state = (struct traverse_state *)private_data; struct db_record rec; + + /* +* Skip the __db_sequence_number__ key: +* This is used for persistent transactions internally. +*/ + if (kbuf.dsize == strlen(CTDB_DB_SEQNUM_KEY) + 1 + strncmp((const char*)kbuf.dptr, CTDB_DB_SEQNUM_KEY, + strlen(CTDB_DB_SEQNUM_KEY)) == 0) + { + return 0; + } + rec.key = kbuf; rec.value = dbuf; rec.store = db_ctdb_store_deny; diff --git a/source3/lib/g_lock.c b/source3/lib/g_lock.c index 308e5cf..38dec40 100644 --- a/source3/lib/g_lock.c +++ b/source3/lib/g_lock.c @@ -62,7 +62,7 @@ struct g_lock_ctx *g_lock_ctx_init(TALLOC_CTX *mem_ctx, TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, O_RDWR|O_CREAT, 0600); if (result-db == NULL) { - DEBUG(1, (g_lock_init: Could not open g_lock.tdb)); + DEBUG(1, (g_lock_init: Could not open g_lock.tdb\n)); TALLOC_FREE(result); return NULL; } diff --git