Re: [Samba] VFS ACL modules - question to developers
Hi! Do you have any update? Best regards /Adrian Berlin Dnia 24 listopada 2011 12:43 adrian.berlin adrian.ber...@o2.pl napisał(a): Hi! 1. To check acl_tdb limits I used this script (on Windows): @echo off for /l %%i in (1,1,10) do ( icacls.exe \\IP_address\smb_share\folder /grant user%%i:F I could write only 22 entries. 2. Please see document on scribd http://www.scribd.com/doc/73654474/vfs-acls Cheers /Adrian Berlin Dnia 23 listopada 2011 21:39 Jeremy Allison j...@samba.org napisał(a): On Wed, Nov 23, 2011 at 01:15:46PM +0100, adrian.berlin wrote: Hi! I have few question to developers of VFS ACL modules (acl_tdb and acl_xattr): 1. Do you plan to extend quantity of entries in acl_tdb (now I can write 22 user ACLs plus CREATOR OWNER, CREATOR GROUP, domain users and everyone) I don't see any limits in acl_tdb. Where are you getting this limit from ? 2. Do you plan to fix few ACLs eg. Traverse folder / Execute file (to traverse I need to enable additional permission List folder / read data to traverse through folder), Read attributes seems to be always enabled, Read Extended Attributes seems to be always disabled, the same behaviour is with Write Attributes and Write Extended Attributes, Delete subfolder and files permission works only on files - I cannot remove subfolder. Can you expand on this more ? I need to know what specific bugs you're seeing here. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] offline logon with AD
Hi yesterday I configured my laptop to login via AD usernames/passwords. This was working finally with using the sadms. Now I want to enable login when the user is not connected to the network. I found that you need to enable winbind offline logon = yes in the smb.conf. But actually this is not working. I'm using ubuntu 11.10 and whenever I logon via the desktop i get password not correct and no logon servers Anybody an idea on how to resolve this? thanks Steven Geerts This message and any attachments herein are confidential, intended solely for the addressees and are SoftAtHome's ownership. Any unauthorized use or dissemination is prohibited. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] unclean shutdown
Hi, I noticed error messages in the smbd log: [2011/11/29 09:40:25.848558, 1] smbd/server.c:240(cleanup_timeout_fn) Cleaning up brl and lock database after unclean shutdown [2011/11/29 09:44:07.666599, 1] smbd/server.c:267(remove_child_pid) Scheduled cleanup of brl and lock database after unclean shutdown It appears very frequently in the logs on the PDC (Samba 3.5.6) and on the BDC (sernet-samba 3.5.9) too. Servers are Debian Squeeze on Xen. I googled this message, but haven't find solution (the server signing option was mentioned, but it is set to no on both servers). I use openldap backend. Thanks, in advance. Tamas. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] offline logon with AD
From: Steven Geerts steven.gee...@softathome.com Date: Tue, 29 Nov 2011 10:18:58 +0100 yesterday I configured my laptop to login via AD usernames/passwords. This was working finally with using the sadms. Now I want to enable login when the user is not connected to the network. I found that you need to enable winbind offline logon = yes in the smb.conf. But actually this is not working. I'm using ubuntu 11.10 and whenever I logon via the desktop i get password not correct and no logon servers Anybody an idea on how to resolve this? You need to add pam_winbind.so with cached_login parameter to auth type. See pam_winbind(8) --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Uninstall Samba 3.6
Hi; How uninstall the version 3.6 Samba after a compilation/install of source code ? Regards; -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Uninstall Samba 3.6
Hi; How uninstall the version 3.6 Samba after a compilation/install of source code ? Regards; -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS ACL modules - question to developers
On Tue, Nov 29, 2011 at 09:19:16AM +0100, adrian.berlin wrote: Hi! Do you have any update? Best regards /Adrian Berlin Dnia 24 listopada 2011 12:43 adrian.berlin adrian.ber...@o2.pl napisał(a): Hi! 1. To check acl_tdb limits I used this script (on Windows): @echo off for /l %%i in (1,1,10) do ( icacls.exe \\IP_address\smb_share\folder /grant user%%i:F I could write only 22 entries. 2. Please see document on scribd http://www.scribd.com/doc/73654474/vfs-acls That's a really interesting document. I'd like to work on that with you to make Samba behave exactly how you expect. I have a jumbo patch for 3.6.x which should fix the issues you're having with READ_ATTRIBUTES/WRITE_ATTRIBUTES. There are no limits in the acl_tdb code that would cause it to behave as you describe. What you may be seeing are limits in mapping the incoming ACL down onto the underlying file system. Do you have debug level 10 logs of this ? What is your underlying file system ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 success on openSUSE 12.1
samba -b Samba version: 4.0.0alpha18-GIT-5c53926 Build environment: Build host: Linux hh3 3.1.0-1.2-desktop #1 SMP PREEMPT Thu Nov 3 14:45:45 UTC 2011 (187dde0) i686 i686 i386 GNU/Linux openSUSE 12.1 i586 Hi everyone. After. ./source4/setup/provision --realm=hh3.site --domain=HH1 --adminpass=SOMEPASSWORD --server-role='domain controller' The wiki howto is for DNS seems to be wrong. I had to do this: Copy /usr/local/samba/private/named.conf to /etc/named.conf.samba4 Copy /usr/local/samba/private/dns/hh3.site.zone to /var/lib/named/master edit /etc/named.conf.samba4 to point to /var/lib/named: one hh3.site. IN { type master; file /var/lib/named/master/hh3.site.zone; edit /etc/named.conf to include: include /etc/named.conf.samba4; as the last line in the file. Is this correct? On restarting bind there are still errors: Nov 29 19:54:15 hh3 named[4038]: command channel listening on 127.0.0.1#953 Nov 29 19:54:15 hh3 named[4038]: couldn't add command channel ::1#953: address not available Nov 29 19:54:15 hh3 named[4038]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Nov 29 19:54:15 hh3 named[4038]: managed-keys-zone ./IN: loaded serial 0 DNS and Kerberos are working fine. Are these errors to do with Samba4? Thanks Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Linux users and Samba 4
I have a LAN of linux and win7 clients currently with Samba 3.6 and LDAP. Linux users authenticate against LDAP and are placed in their nfs'd /home folder. The same user can also logon to windows. His roaming profile is stored in his /home folder. (something like .msprofile_v2) How do I transfer my current Linux/Samba 3/LDAP users over to Linux/Samba 4? Thanks. Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux users and Samba 4
On Tue, 2011-11-29 at 20:09 +0100, steve wrote: I have a LAN of linux and win7 clients currently with Samba 3.6 and LDAP. Linux users authenticate against LDAP and are placed in their nfs'd /home folder. The same user can also logon to windows. His roaming profile is stored in his /home folder. (something like .msprofile_v2) How do I transfer my current Linux/Samba 3/LDAP users over to Linux/Samba 4? Samba4's winbind does not support RFC2307, so doing this is pretty rough. I think you need to either use CIFS + winbind everywhere or somehow maintain an external idmap. Yea, it is horrible. We are staring down the barrell of the same gun. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux users and Samba 4
On 29/11/11 20:20, Adam Tauno Williams wrote: On Tue, 2011-11-29 at 20:09 +0100, steve wrote: I have a LAN of linux and win7 clients currently with Samba 3.6 and LDAP. Linux users authenticate against LDAP and are placed in their nfs'd /home folder. The same user can also logon to windows. His roaming profile is stored in his /home folder. (something like .msprofile_v2) How do I transfer my current Linux/Samba 3/LDAP users over to Linux/Samba 4? Samba4's winbind does not support RFC2307, so doing this is pretty rough. I think you need to either use CIFS + winbind everywhere or somehow maintain an external idmap. Yea, it is horrible. We are staring down the barrell of the same gun. I don't believe it. So with samba 4, we are back to having to have two separate accounts and two passwords. AgghhH!!! So, after all this, I've now found out that Samba 4 only caters for windows clients; it does not provide the single sign on that samba3/LDAP offers. That can't be true can it? Any ideas anyone? Thanks Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux users and Samba 4
On Tue, Nov 29, 2011 at 08:34:06PM +0100, steve wrote: On 29/11/11 20:20, Adam Tauno Williams wrote: On Tue, 2011-11-29 at 20:09 +0100, steve wrote: I have a LAN of linux and win7 clients currently with Samba 3.6 and LDAP. Linux users authenticate against LDAP and are placed in their nfs'd /home folder. The same user can also logon to windows. His roaming profile is stored in his /home folder. (something like .msprofile_v2) How do I transfer my current Linux/Samba 3/LDAP users over to Linux/Samba 4? Samba4's winbind does not support RFC2307, so doing this is pretty rough. I think you need to either use CIFS + winbind everywhere or somehow maintain an external idmap. Yea, it is horrible. We are staring down the barrell of the same gun. I don't believe it. So with samba 4, we are back to having to have two separate accounts and two passwords. AgghhH!!! So, after all this, I've now found out that Samba 4 only caters for windows clients; it does not provide the single sign on that samba3/LDAP offers. That can't be true can it? Any ideas anyone? Raise this as a blocker bug for 4.0.0 release. We'll ensure it's fixed before we release. Now is a good time to do this - we're trying to nail down the final feature set for 4.0.0. Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 success on openSUSE 12.1
Am 29.11.2011 19:58, schrieb steve: samba -b Samba version: 4.0.0alpha18-GIT-5c53926 Build environment: Build host: Linux hh3 3.1.0-1.2-desktop #1 SMP PREEMPT Thu Nov 3 14:45:45 UTC 2011 (187dde0) i686 i686 i386 GNU/Linux openSUSE 12.1 i586 Hi everyone. After. ./source4/setup/provision --realm=hh3.site --domain=HH1 --adminpass=SOMEPASSWORD --server-role='domain controller' The wiki howto is for DNS seems to be wrong. I had to do this: Copy /usr/local/samba/private/named.conf to /etc/named.conf.samba4 Copy /usr/local/samba/private/dns/hh3.site.zone to /var/lib/named/master edit /etc/named.conf.samba4 to point to /var/lib/named: one hh3.site. IN { type master; file /var/lib/named/master/hh3.site.zone; edit /etc/named.conf to include: include /etc/named.conf.samba4; as the last line in the file. Is this correct? On restarting bind there are still errors: Nov 29 19:54:15 hh3 named[4038]: command channel listening on 127.0.0.1#953 Nov 29 19:54:15 hh3 named[4038]: couldn't add command channel ::1#953: address not available Nov 29 19:54:15 hh3 named[4038]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found looks like pure bind failure perhaps related to dnssec are youre running a chroot bind ? perhaps its looking on the wrong place for the file, try locate managed-keys.bind( if locate is installed ) to find it, or try to create it http://o-o-s.de/?p=2966 says for i.e. for debian echo include \/etc/bind/bind.keys\; /etc/bind/named.conf touch /var/cache/bind/managed-keys.bind but that may different with suse attention ! look other bind sites Nov 29 19:54:15 hh3 named[4038]: managed-keys-zone ./IN: loaded serial 0 DNS and Kerberos are working fine. Are these errors to do with Samba4? Thanks Steve. -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 success on openSUSE 12.1
Am 29.11.2011 20:37, schrieb Robert Schetterer: Am 29.11.2011 19:58, schrieb steve: samba -b Samba version: 4.0.0alpha18-GIT-5c53926 Build environment: Build host: Linux hh3 3.1.0-1.2-desktop #1 SMP PREEMPT Thu Nov 3 14:45:45 UTC 2011 (187dde0) i686 i686 i386 GNU/Linux openSUSE 12.1 i586 Hi everyone. After. ./source4/setup/provision --realm=hh3.site --domain=HH1 --adminpass=SOMEPASSWORD --server-role='domain controller' The wiki howto is for DNS seems to be wrong. I had to do this: Copy /usr/local/samba/private/named.conf to /etc/named.conf.samba4 Copy /usr/local/samba/private/dns/hh3.site.zone to /var/lib/named/master edit /etc/named.conf.samba4 to point to /var/lib/named: one hh3.site. IN { type master; file /var/lib/named/master/hh3.site.zone; edit /etc/named.conf to include: include /etc/named.conf.samba4; as the last line in the file. Is this correct? On restarting bind there are still errors: Nov 29 19:54:15 hh3 named[4038]: command channel listening on 127.0.0.1#953 Nov 29 19:54:15 hh3 named[4038]: couldn't add command channel ::1#953: address not available Nov 29 19:54:15 hh3 named[4038]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found looks like pure bind failure perhaps related to dnssec are youre running a chroot bind ? perhaps its looking on the wrong place for the file, try locate managed-keys.bind( if locate is installed ) to find it, or try to create it http://o-o-s.de/?p=2966 says for i.e. for debian echo include \/etc/bind/bind.keys\; /etc/bind/named.conf touch /var/cache/bind/managed-keys.bind but that may different with suse attention ! look other bind sites studied some faqs , this file should be autocreated if the related dir is writable restart bind ( named ) and look if the log shows the failure up again Nov 29 19:54:15 hh3 named[4038]: managed-keys-zone ./IN: loaded serial 0 DNS and Kerberos are working fine. Are these errors to do with Samba4? Thanks Steve. -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 success on openSUSE 12.1
studied some faqs , this file should be autocreated if the related dir is writable restart bind ( named ) and look if the log shows the failure up again Yep. Still there: Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loaded serial 0 Nov 29 20:49:23 hh3 named[4952]: Starting name server BIND ..done Nov 29 20:49:23 hh3 named[5000]: running What is the directory that should be writeable? Cheers Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux users and Samba 4 (bug submitted)
On 29/11/11 20:34, steve wrote: On 29/11/11 20:20, Adam Tauno Williams wrote: On Tue, 2011-11-29 at 20:09 +0100, steve wrote: I have a LAN of linux and win7 clients currently with Samba 3.6 and LDAP. Linux users authenticate against LDAP and are placed in their nfs'd /home folder. The same user can also logon to windows. His roaming profile is stored in his /home folder. (something like .msprofile_v2) How do I transfer my current Linux/Samba 3/LDAP users over to Linux/Samba 4? Samba4's winbind does not support RFC2307, so doing this is pretty rough. I think you need to either use CIFS + winbind everywhere or somehow maintain an external idmap. Yea, it is horrible. We are staring down the barrell of the same gun. I don't believe it. So with samba 4, we are back to having to have two separate accounts and two passwords. AgghhH!!! So, after all this, I've now found out that Samba 4 only caters for windows clients; it does not provide the single sign on that samba3/LDAP offers. That can't be true can it? Any ideas anyone? Thanks Steve. For many this is a Samba 4 show stopper. Just found the bugzilla and signed up: The Samba-Bugzilla – Bug 8635 Submitted Thanks Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot change SID on NTUSER.DAT file
Hi. I have just changed to the latest version of samba on a CentOS 5.4 machine as I now have Win7 computers in the domain. [root] #smbd -V Version 3.5.4-0.83.el5_7.2 On the old version (I think 3.0.29) I was able to change the SID on any NTUDER.DAT file happily. Now I cannot change SID on any NTUSER.DAT file. However, I can log into the domain using the username that is attached to the NTUSER.DAT file, no problem there, so there is not anything wrong with the registry file. I get this: [root] #/usr/bin/profiles -c S-1-5-21-DELETED-5424 -n S-1-5-21-DELETED-5560 NTUSER.DAT ndr_pull_error(11): Pull bytes 1 (../librpc/ndr/ndr_basic.c:74) ndr_pull_security_descriptor failed: NDR_ERR_BUFSIZE prs_grow: Buffer overflow - unable to expand buffer by 36 bytes. ndr_pull_error(11): Pull bytes 1 (../librpc/ndr/ndr_basic.c:74) ndr_pull_security_descriptor failed: NDR_ERR_BUFSIZE prs_grow: Buffer overflow - unable to expand buffer by 36 bytes. ndr_pull_error(11): ndr_pull_relative_ptr1 rel_offset(229376) ndr-data_size(4096) ndr_pull_security_descriptor failed: NDR_ERR_BUFSIZE Any ideas anyone? Jobst -- 'Two things are infinite: the universe and human stupidity, and I'm not sure about the first one. - Albert Einstein | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 home folder
Hi What is the equivalent of a users /home folder on Samba 4? What is the equivalent of the Samba 3 [homes] share? Where are user files stored? Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot access a share outside a share after upgrade
Hi. I have a share that I can only access as root that has a few symlinks in it to make it easy for me to access files/dirs. I used to be able to access before upgrade to [root] #smbd -V Version 3.5.4-0.83.el5_7.2 Now it simply displays an error Access denied I have in the smb.conf file the following: [SHARE_NAME_MASKED] path = /THIS_IS_MY_PATH valid users = @domadmins admin users = root read only = No create mask = 0660 force create mode = 0770 directory mask = 0770 force directory mode = 06770 browseable = No follow symlinks = yes wide links = yes and in /etc/group domadmins:x:GROUPID_MASKED:root I have not changed any other setting after upgrade of samba, nor have I changed file/directory permissions. Any ideas anyone? Jobst -- Pledge of allegiance: I Pledge Allegiance To the Flag That Appears on my Desktop Startup Screen. And to the Monopoly For Which it Stands; One Operating System Over All, Inescapable, With Freedom and Privacy for none. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux users and Samba 4 (bug submitted)
2011-11-29 21:07 keltezéssel, steve írta: On 29/11/11 20:34, steve wrote: On 29/11/11 20:20, Adam Tauno Williams wrote: On Tue, 2011-11-29 at 20:09 +0100, steve wrote: I have a LAN of linux and win7 clients currently with Samba 3.6 and LDAP. Linux users authenticate against LDAP and are placed in their nfs'd /home folder. The same user can also logon to windows. His roaming profile is stored in his /home folder. (something like .msprofile_v2) How do I transfer my current Linux/Samba 3/LDAP users over to Linux/Samba 4? Samba4's winbind does not support RFC2307, so doing this is pretty rough. I think you need to either use CIFS + winbind everywhere or somehow maintain an external idmap. Yea, it is horrible. We are staring down the barrell of the same gun. I don't believe it. So with samba 4, we are back to having to have two separate accounts and two passwords. AgghhH!!! So, after all this, I've now found out that Samba 4 only caters for windows clients; it does not provide the single sign on that samba3/LDAP offers. That can't be true can it? Any ideas anyone? Thanks Steve. For many this is a Samba 4 show stopper. Just found the bugzilla and signed up: The Samba-Bugzilla – Bug 8635 Submitted Thanks Steve BTW. Samba3 winbind with idmap ad configured as an AD client (see the docs) can work with samba4 (which support storing rfc2307 attributes, just not obeying them). For configuring Samba4 recommended reading: http://phaedrus77.blogspot.com/2010/04/samba4-ad-domain-controller-to-serve.html which uses nss-ldap and pam-krb5 which is als possible. Cheers Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 success on openSUSE 12.1
Am 29.11.2011 20:50, schrieb steve: studied some faqs , this file should be autocreated if the related dir is writable restart bind ( named ) and look if the log shows the failure up again Yep. Still there: Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loaded serial 0 Nov 29 20:49:23 hh3 named[4952]: Starting name server BIND ..done Nov 29 20:49:23 hh3 named[5000]: running What is the directory that should be writeable? Cheers Steve. named11828 3.2 1.5 116332 48032 ?Ssl Nov22 360:27 /usr/sbin/named -t /var/lib/named -u named sorry i have only a older suse to look at try look/cd at /var/lib/named if using chroot then try touch managed-keys-zone or in there or some subfolder ( depend on your conf ) perhaps you need chmod named:named managed-keys-zone after all , try ask on a suse list, suse people should easy answer this stuff -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux users and Samba 4
On 29 November 2011 21:34, steve st...@steve-ss.com wrote: On 29/11/11 20:20, Adam Tauno Williams wrote: On Tue, 2011-11-29 at 20:09 +0100, steve wrote: I have a LAN of linux and win7 clients currently with Samba 3.6 and LDAP. Linux users authenticate against LDAP and are placed in their nfs'd /home folder. The same user can also logon to windows. His roaming profile is stored in his /home folder. (something like .msprofile_v2) How do I transfer my current Linux/Samba 3/LDAP users over to Linux/Samba 4? Samba4's winbind does not support RFC2307, so doing this is pretty rough. I think you need to either use CIFS + winbind everywhere or somehow maintain an external idmap. Yea, it is horrible. We are staring down the barrell of the same gun. I don't believe it. So with samba 4, we are back to having to have two separate accounts and two passwords. AgghhH!!! So, after all this, I've now found out that Samba 4 only caters for windows clients; it does not provide the single sign on that samba3/LDAP offers. That can't be true can it? Any ideas anyone? Bear in mind that Samba 4 is still alpha. There has not been a production release yet. As Jeremy said, they are discussing what needs to be done before releasing Samba 4.0.0 and how to reconcile Samba 3's winbind and Samba 4's winbind etc., so if something that is critical for you does not currently work, you should file a bug report. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 home folder
On 30 November 2011 02:33, steve st...@steve-ss.com wrote: Hi What is the equivalent of a users /home folder on Samba 4? What is the equivalent of the Samba 3 [homes] share? Where are user files stored? It's currently best to use smbd for file and printer sharing (except for netlogon and sysvol shares as far as I know). The best way to do this at the moment is probably to have a Samba 3 member server serving [homes]. I only use Samba for authentication, so I haven't tried the different file serving options with Samba 4. This is another thing being discussed on the samba-technical list wrt. releasing Samba 4.0.0. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux users and Samba 4
On 30/11/11 07:50, Michael Wood wrote: On 29 November 2011 21:34, stevest...@steve-ss.com wrote: On 29/11/11 20:20, Adam Tauno Williams wrote: On Tue, 2011-11-29 at 20:09 +0100, steve wrote: I have a LAN of linux and win7 clients currently with Samba 3.6 and LDAP. Linux users authenticate against LDAP and are placed in their nfs'd /home folder. The same user can also logon to windows. His roaming profile is stored in his /home folder. (something like .msprofile_v2) How do I transfer my current Linux/Samba 3/LDAP users over to Linux/Samba 4? Samba4's winbind does not support RFC2307, so doing this is pretty rough. I think you need to either use CIFS + winbind everywhere or somehow maintain an external idmap. Yea, it is horrible. We are staring down the barrell of the same gun. I don't believe it. So with samba 4, we are back to having to have two separate accounts and two passwords. AgghhH!!! So, after all this, I've now found out that Samba 4 only caters for windows clients; it does not provide the single sign on that samba3/LDAP offers. That can't be true can it? Any ideas anyone? Bear in mind that Samba 4 is still alpha. There has not been a production release yet. As Jeremy said, they are discussing what needs to be done before releasing Samba 4.0.0 and how to reconcile Samba 3's winbind and Samba 4's winbind etc., so if something that is critical for you does not currently work, you should file a bug report. Yep. I realise the 'alphaness' of Samba 4 but I think I am not alone with my issue. I think I should be easy to fix now before it goes beta. https://bugzilla.samba.org/show_bug.cgi?id=8635 Thanks Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 home folder
In Samba4 this is quiet different then in samba 3. Use the Microsoft ads tool to administrate Step 3: Configure home shares of the users. This was the greatest try and error. Since samba3 this changed. And it is not the same in samba4!!! A simple: [homes] path= /home read only=no This is all. All other ACLS is setting from the tool Active Directory Users and Groups within windows. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers. In the Details pane, right-click the applicable user account, and then click Properties. In the Properties dialog box, click the Profile tab. Under Home folder, type the directory information: In my case \\your.domain\homes and the tool will make the users directory, settings the correct rights. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michael Wood Gesendet: Mittwoch, 30. November 2011 07:58 An: steve Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 4 home folder On 30 November 2011 02:33, steve st...@steve-ss.com wrote: Hi What is the equivalent of a users /home folder on Samba 4? What is the equivalent of the Samba 3 [homes] share? Where are user files stored? It's currently best to use smbd for file and printer sharing (except for netlogon and sysvol shares as far as I know). The best way to do this at the moment is probably to have a Samba 3 member server serving [homes]. I only use Samba for authentication, so I haven't tried the different file serving options with Samba 4. This is another thing being discussed on the samba-technical list wrt. releasing Samba 4.0.0. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Failing identification of users in trusted domains?
Hi all. I'm getting mad at this. I use winbind to authenticate users in multiple domains from AD. The config worked well, before upgrading from 3.5.3 to 3.5.10 in Mandriva. Now, if I 'winbind -i user.name' (so using the joined domain PERSONALE) I get the correct info, but if I do a 'winbind -i STUDENTI\\another.name' the answer is a 'Could not get info for user STUDENTI\another.name'... On other machines, the same config works well. I already tried uninstalling samba (both -winbind and -common), removing /etc/samba, /var/cache/samba and /var/lib/samba then reinstalling after copying /etc/samba/smb.conf from a working machine and rejoining. Doing a tail -f /var/log/samba/* I could see the following: [2011/11/28 11:43:51.053242, 10] winbindd/winbindd_cache.c:536(refresh_sequence_number) refresh_sequence_number: PERSONALE time ok [2011/11/28 11:43:51.053578, 10] winbindd/winbindd_cache.c:581(refresh_sequence_number) refresh_sequence_number: PERSONALE seq number is now 343528996 [2011/11/28 11:43:51.053681, 10] winbindd/winbindd_cache.c:913(wcache_save_name_to_sid) wcache_save_name_to_sid: STUDENTI\DIEGO.ZUCCATO2 - S-1-5-21-790525478-1035525444-682003330-86279 (NT_STATUS_OK) [2011/11/28 11:43:51.053756, 10] winbindd/winbindd_cache.c:935(wcache_save_sid_to_name) wcache_save_sid_to_name: S-1-5-21-790525478-1035525444-682003330-86279 - diego.zuccato2 (NT_STATUS_OK) [2011/11/28 11:43:51.053805, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USER (1) sid : * sid : S-1-5-21-790525478-1035525444-682003330-86279 result : NT_STATUS_OK [2011/11/28 11:43:51.053997, 4] winbindd/winbindd_dual.c:1532(fork_domain_child) Finished processing child request 63 [2011/11/28 11:43:51.054045, 10] winbindd/winbindd_dual.c:1548(fork_domain_child) Writing 3532 bytes to parent [2011/11/28 11:43:51.054113, 10] lib/events.c:183(get_timed_events_timeout) == log.winbindd == [2011/11/28 11:43:51.054550, 5] winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv) Could not convert sid S-1-5-21-790525478-1035525444-682003330-86279: NT_STATUS_UNSUCCESSFUL [2011/11/28 11:43:51.054670, 10] winbindd/winbindd.c:655(wb_request_done) wb_request_done[17597:GETPWNAM]: NT_STATUS_UNSUCCESSFUL It seems my account in STUDENTI gets written to cache, but then winbind doesn't read it back And why is the name all upper case when I wrote it lower case? Any hints? Tks! BYtE, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2bff209 s4-samba-tool: Add --principal argument to samba-tool domain exportkeytab from 8eef716 s4-provision: Fix the security ace for DnsAdmins group on DNS records http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2bff209128b85bd870ad36fa00ffcc92edbbab08 Author: Andrew Bartlett abart...@samba.org Date: Tue Nov 29 12:47:40 2011 +1100 s4-samba-tool: Add --principal argument to samba-tool domain exportkeytab This allows only a particular principal to be exported to the keytab. This is useful when setting up unix servers in a Samba controlled domain. Based on a request by Gémes Géza g...@kzsdabas.hu Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104 --- Summary of changes: source4/auth/kerberos/keytab_copy.c | 195 --- source4/libnet/libnet_export_keytab.c | 22 +++- source4/libnet/libnet_export_keytab.h |1 + source4/libnet/py_net.c |8 +- source4/scripting/python/samba/netcmd/domain.py |7 +- testprogs/blackbox/test_export_keytab.sh| 12 ++- 6 files changed, 174 insertions(+), 71 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/kerberos/keytab_copy.c b/source4/auth/kerberos/keytab_copy.c index ba4ea2b..d823e02 100644 --- a/source4/auth/kerberos/keytab_copy.c +++ b/source4/auth/kerberos/keytab_copy.c @@ -1,6 +1,8 @@ /* * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 2011 Andrew Bartlett + * * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -35,8 +37,6 @@ #include system/kerberos.h #include auth/kerberos/kerberos.h -static const krb5_boolean verbose_flag = FALSE; - static krb5_boolean compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b) { @@ -47,90 +47,99 @@ compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b) return TRUE; } +static krb5_error_code copy_one_entry(krb5_context context, + krb5_keytab src_keytab, krb5_keytab dst_keytab, krb5_keytab_entry entry) +{ +krb5_error_code ret; +krb5_keytab_entry dummy; + +char *name_str; +char *etype_str; +ret = krb5_unparse_name (context, entry.principal, name_str); +if(ret) { + krb5_set_error_message(context, ret, krb5_unparse_name); + name_str = NULL; /* XXX */ + return ret; +} +ret = krb5_enctype_to_string(context, entry.keyblock.keytype, etype_str); +if(ret) { + krb5_set_error_message(context, ret, krb5_enctype_to_string); + etype_str = NULL; /* XXX */ + return ret; +} +ret = krb5_kt_get_entry(context, dst_keytab, + entry.principal, + entry.vno, + entry.keyblock.keytype, + dummy); +if(ret == 0) { + /* this entry is already in the new keytab, so no need to + copy it; if the keyblocks are not the same, something + is weird, so complain about that */ + if(!compare_keyblock(entry.keyblock, dummy.keyblock)) { + krb5_warn(context, 0, entry with different keyvalue + already exists for %s, keytype %s, kvno %d, + name_str, etype_str, entry.vno); + } + krb5_kt_free_entry(context, dummy); + krb5_kt_free_entry (context, entry); + free(name_str); + free(etype_str); + return ret; +} else if(ret != KRB5_KT_NOTFOUND) { + krb5_set_error_message (context, ret, fetching %s/%s/%u, + name_str, etype_str, entry.vno); + krb5_kt_free_entry (context, entry); + free(name_str); + free(etype_str); + return ret; +} +ret = krb5_kt_add_entry (context, dst_keytab, entry); +krb5_kt_free_entry (context, entry); +if (ret) { + krb5_set_error_message (context, ret, adding %s/%s/%u, + name_str, etype_str, entry.vno); + free(name_str); + free(etype_str); + return ret; +} +free(name_str); +free(etype_str); +return ret; +} + krb5_error_code kt_copy (krb5_context context, const char *from, const char *to) { krb5_error_code ret; krb5_keytab src_keytab, dst_keytab; krb5_kt_cursor cursor; -krb5_keytab_entry entry, dummy; +krb5_keytab_entry entry; ret = krb5_kt_resolve (context, from, src_keytab); if (ret) { - krb5_warn (context, ret, resolving src keytab `%s', from); - return 1; + krb5_set_error_message (context,
[SCM] CTDB repository - branch master updated - ctdb-1.12-58-gccd67cf
The branch, master has been updated via ccd67cf7f26713e695000d89d9ce8cfa78bfe00f (commit) from c19cb751077b78cf4b6e28a1e3746d4ffedbfd68 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit ccd67cf7f26713e695000d89d9ce8cfa78bfe00f Author: Stefan Metzmacher me...@samba.org Date: Tue Jun 21 15:49:30 2011 +0200 recoverd: try to become the recovery master if we have the capability, but the current master doesn't metze (cherry picked from commit 6ba8af28f8a8f79db65120a97d7157dcc5c7e083) Signed-off-by: Michael Adam ob...@samba.org --- Summary of changes: server/ctdb_recoverd.c | 23 ++- 1 files changed, 22 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c index fa4b6ba..e77bd41 100644 --- a/server/ctdb_recoverd.c +++ b/server/ctdb_recoverd.c @@ -3010,6 +3010,13 @@ static void main_loop(struct ctdb_context *ctdb, struct ctdb_recoverd *rec, } nodemap = rec-nodemap; + /* update the capabilities for all nodes */ + ret = update_capabilities(ctdb, nodemap); + if (ret != 0) { + DEBUG(DEBUG_ERR, (__location__ Unable to update node capabilities.\n)); + return; + } + /* check which node is the recovery master */ ret = ctdb_ctrl_getrecmaster(ctdb, mem_ctx, CONTROL_TIMEOUT(), pnn, rec-recmaster); if (ret != 0) { @@ -3032,7 +3039,6 @@ static void main_loop(struct ctdb_context *ctdb, struct ctdb_recoverd *rec, return; } - /* if the local daemon is STOPPED, we verify that the databases are also frozen and thet the recmode is set to active */ @@ -3067,6 +3073,21 @@ static void main_loop(struct ctdb_context *ctdb, struct ctdb_recoverd *rec, return; } + /* +* if the current recmaster do not have CTDB_CAP_RECMASTER, +* but we have force an election and try to become the new +* recmaster +*/ + if ((rec-ctdb-nodes[rec-recmaster]-capabilities CTDB_CAP_RECMASTER) == 0 + (rec-ctdb-capabilities CTDB_CAP_RECMASTER) +!(nodemap-nodes[pnn].flags NODE_FLAGS_INACTIVE)) { + DEBUG(DEBUG_ERR, (__location__ Current recmaster node %u does not have CAP_RECMASTER, + but we (node %u) have - force an election\n, + rec-recmaster, pnn)); + force_election(rec, pnn, nodemap); + return; + } + /* check that we (recovery daemon) and the local ctdb daemon agrees on whether we are banned or not */ -- CTDB repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b94b7a2 selftest/Samba4: pass '--machinepass' to 'samba-tool domain join' via f9f261c s4:python: add --machinepass option to 'samba-tool domain join' via 4edbc71 s4:python/samba/join.py: add optional 'machinepass' parameter to join_*() via 948f091 s4:python/samba/join.py: add optional 'machinepass' parameter to class dc_join via f8fbc41 s4:py_net: add optional 'machinepass' parameter to py_net_join_member() via fe69c58 s4:libnet: make it possible to join with a given machine password via 677f524 s4:libnet/py_net: ZERO_STRUCT() struct libnet_Join_member in py_net_join_member() via 1764607 s4:torture/rpc: use talloc_zero() in torture_join_domain() via 5baa443 s4:libnet: use talloc_zero(struct libnet_JoinDomain) in libnet_Join_member() from 2bff209 s4-samba-tool: Add --principal argument to samba-tool domain exportkeytab http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b94b7a2fe106702dfd6bf039d70c10f6858d7954 Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 28 19:34:52 2011 +0100 selftest/Samba4: pass '--machinepass' to 'samba-tool domain join' metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Tue Nov 29 11:00:42 CET 2011 on sn-devel-104 commit f9f261cb6090aa26357d4949008763b098122902 Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 16 15:32:47 2011 +0100 s4:python: add --machinepass option to 'samba-tool domain join' metze commit 4edbc719e5aa63b617f170b51382592dd57aa7b7 Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 28 20:03:11 2011 +0100 s4:python/samba/join.py: add optional 'machinepass' parameter to join_*() metze commit 948f091a22a5e2bd348d2840e0fdff1d9c9baca7 Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 28 20:03:11 2011 +0100 s4:python/samba/join.py: add optional 'machinepass' parameter to class dc_join metze commit f8fbc4163b3f3e02bf15fb495b2d2b721a67162b Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 28 19:49:54 2011 +0100 s4:py_net: add optional 'machinepass' parameter to py_net_join_member() metze commit fe69c589e8f3196f2f478adf611bc78a0ea66f50 Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 16 13:06:19 2011 +0100 s4:libnet: make it possible to join with a given machine password metze commit 677f5246f16c7c2dd4b0006202b2c7ec9f8c3520 Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 16 15:30:48 2011 +0100 s4:libnet/py_net: ZERO_STRUCT() struct libnet_Join_member in py_net_join_member() metze commit 17646071503f166eab31721edab9138141449db1 Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 16 15:29:03 2011 +0100 s4:torture/rpc: use talloc_zero() in torture_join_domain() metze commit 5baa44345f6b6fbf4c922f5bc60484517794da2d Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 16 15:28:20 2011 +0100 s4:libnet: use talloc_zero(struct libnet_JoinDomain) in libnet_Join_member() metze --- Summary of changes: selftest/target/Samba4.pm |4 +++ source4/libnet/libnet_join.c| 21 +- source4/libnet/libnet_join.h|2 + source4/libnet/py_net.c |9 +-- source4/scripting/python/samba/join.py | 26 +++--- source4/scripting/python/samba/netcmd/domain.py | 16 + source4/torture/rpc/testjoin.c |4 +- 7 files changed, 58 insertions(+), 24 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index d515089..9419921 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -869,6 +869,7 @@ sub provision_member($$$) $cmd .= KRB5_CONFIG=\$ret-{KRB5_CONFIG}\ ; $cmd .= $samba_tool domain join $ret-{CONFIGURATION} $dcvars-{REALM} member; $cmd .= -U$dcvars-{DC_USERNAME}\%$dcvars-{DC_PASSWORD}; + $cmd .= --machinepass=machine$ret-{password}; unless (system($cmd) == 0) { warn(Join failed\n$cmd); @@ -937,6 +938,7 @@ sub provision_rpc_proxy($$$) $cmd .= KRB5_CONFIG=\$ret-{KRB5_CONFIG}\ ; $cmd .= $samba_tool domain join $ret-{CONFIGURATION} $dcvars-{REALM} member; $cmd .= -U$dcvars-{DC_USERNAME}\%$dcvars-{DC_PASSWORD}; + $cmd .= --machinepass=machine$ret-{password}; unless (system($cmd) == 0) { warn(Join failed\n$cmd); @@ -1021,6 +1023,7 @@ sub provision_vampire_dc($$$) $cmd .= KRB5_CONFIG=\$ret-{KRB5_CONFIG}\ ; $cmd .= $samba_tool domain join $ret-{CONFIGURATION} $dcvars-{REALM} DC --realm=$dcvars-{REALM};
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 165d5bf s3: Remove some false/superfluous translations from b94b7a2 selftest/Samba4: pass '--machinepass' to 'samba-tool domain join' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 165d5bf490d5479683e4b70588abe6540dfe9a26 Author: Volker Lendecke v...@samba.org Date: Tue Nov 29 10:27:26 2011 +0100 s3: Remove some false/superfluous translations Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Tue Nov 29 12:39:45 CET 2011 on sn-devel-104 --- Summary of changes: source3/locale/net/de.po | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/locale/net/de.po b/source3/locale/net/de.po index 2244cd6..15e5bbf 100644 --- a/source3/locale/net/de.po +++ b/source3/locale/net/de.po @@ -2094,19 +2094,19 @@ msgstr #: ../../utils/net_conf.c:105 msgid net conf delshare sharename\n -msgstr net conf showshare sharename\n +msgstr #: ../../utils/net_conf.c:114 msgid net conf setparm section param value\n -msgstr net conf setparm section param value\n +msgstr #: ../../utils/net_conf.c:123 msgid net conf getparm section param\n -msgstr net conf setparm section param value\n +msgstr #: ../../utils/net_conf.c:132 msgid net conf delparm section param\n -msgstr net conf setparm section param value\n +msgstr #: ../../utils/net_conf.c:141 msgid net conf getincludes section\n @@ -2114,7 +2114,7 @@ msgstr #: ../../utils/net_conf.c:150 msgid net conf setincludes section [filename]*\n -msgstr net conf setparm section param value\n +msgstr #: ../../utils/net_conf.c:159 msgid net conf delincludes section\n -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.12-75-g3b6ef34
The branch, master has been updated via 3b6ef3442f0b62d65ec0f9be67a2b1dbf7e4af67 (commit) via 5b527e6127a649fa80dcf9a7599b22bcb7cd3640 (commit) via 2d2ce07c51055d9400b22cd3c1fd682597cb921c (commit) via 0e26774f32d7ea0ce9d034c331730f5324f6b092 (commit) via 998b7f4450026051867525d91c6d8dcbd2326ab5 (commit) via efc033c28ade97f9884794256d59a4553e052d5f (commit) via 7f46671fc912c969c5c87e50b77e2e3a7d6c8904 (commit) via 7e7d86ac9b05f8b67414200adc8ac87cfccf26cf (commit) via 326f88ef622620cb9e0569c4497bc0e86124beaa (commit) via 6f8e7480dadf15d1639355fdb61d5bef025a0325 (commit) via 9e8045a5b0d8bd9ab2e0343b329de9f45b883531 (commit) via dd866116041e71cbf91e7fd91edcc9501634051d (commit) via 079f12dfc1edeac9748af15f652f2f1a6ed35548 (commit) via 7b4663dd2454b798841815044f898dead9b734e2 (commit) via 6ec68a2e667f66d2b194fe48cb75229a2777842e (commit) via 4ada4bfc4510886c5c7fcf49e09711b9d2dcb75d (commit) via ddc5da3a0df7701934404192a0a0aa659a806acb (commit) from ccd67cf7f26713e695000d89d9ce8cfa78bfe00f (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 3b6ef3442f0b62d65ec0f9be67a2b1dbf7e4af67 Author: Michael Adam ob...@samba.org Date: Tue Nov 29 13:42:40 2011 +0100 doc: commit generated ctdb.1 manpages after xml change commit 5b527e6127a649fa80dcf9a7599b22bcb7cd3640 Author: Michael Adam ob...@samba.org Date: Tue Nov 29 13:41:16 2011 +0100 doc: document the --print-recordflags parameter to ctdb commit 2d2ce07c51055d9400b22cd3c1fd682597cb921c Author: Michael Adam ob...@samba.org Date: Tue Nov 29 10:24:52 2011 +0100 ctdb: add an option --print-recordflags to trigger printing record flags in catdb and dumpdbbackup This changes the default behaviour to not print record flags. commit 0e26774f32d7ea0ce9d034c331730f5324f6b092 Author: Michael Adam ob...@samba.org Date: Tue Nov 29 13:39:37 2011 +0100 doc: commit generated ctdb.1 manpages after xml change commit 998b7f4450026051867525d91c6d8dcbd2326ab5 Author: Michael Adam ob...@samba.org Date: Tue Nov 29 13:39:08 2011 +0100 doc: document the --print-hash parameter to ctdb. commit efc033c28ade97f9884794256d59a4553e052d5f Author: Michael Adam ob...@samba.org Date: Tue Nov 29 00:56:23 2011 +0100 ctdb: add an option --print-hash to enable printing of record hashes when dumping dbs commit 7f46671fc912c969c5c87e50b77e2e3a7d6c8904 Author: Michael Adam ob...@samba.org Date: Tue Nov 29 13:37:29 2011 +0100 doc: commit generated ctdb.1 manpages after xml change commit 7e7d86ac9b05f8b67414200adc8ac87cfccf26cf Author: Michael Adam ob...@samba.org Date: Tue Nov 29 13:36:38 2011 +0100 doc: document the --print-lmaster parameter to ctdb commit 326f88ef622620cb9e0569c4497bc0e86124beaa Author: Michael Adam ob...@samba.org Date: Mon Nov 28 17:36:03 2011 +0100 ctdb: add an option --print-lmaster to enable printing of lmaster in ctdb catdb commit 6f8e7480dadf15d1639355fdb61d5bef025a0325 Author: Michael Adam ob...@samba.org Date: Tue Nov 29 13:35:02 2011 +0100 doc: commit generated ctdb.1 manpages after xml change commit 9e8045a5b0d8bd9ab2e0343b329de9f45b883531 Author: Michael Adam ob...@samba.org Date: Tue Nov 29 13:31:11 2011 +0100 doc: document the --print-datasize parameter to ctdb commit dd866116041e71cbf91e7fd91edcc9501634051d Author: Michael Adam ob...@samba.org Date: Mon Nov 28 17:19:03 2011 +0100 ctdb: add an option --print-datasize to only print datasize instead of dumping data in db dumps Used in catdb, cattdb and dumpdbbackup. commit 079f12dfc1edeac9748af15f652f2f1a6ed35548 Author: Michael Adam ob...@samba.org Date: Tue Nov 29 13:32:25 2011 +0100 doc: commit generated ctdb.1 manpages after xml change commit 7b4663dd2454b798841815044f898dead9b734e2 Author: Michael Adam ob...@samba.org Date: Tue Nov 29 13:28:35 2011 +0100 doc: document the --print-emptyrecords switch in the ctdb manpage. commit 6ec68a2e667f66d2b194fe48cb75229a2777842e Author: Michael Adam ob...@samba.org Date: Mon Nov 28 17:11:16 2011 +0100 ctdb: add an option --print-emptyrecords to enable printing of empty records in dumping databases this option is used with the commands catdb, cattdb and dumpdbbackup. commit 4ada4bfc4510886c5c7fcf49e09711b9d2dcb75d Author: Michael Adam ob...@samba.org Date: Wed Dec 22 12:45:06 2010 +0100 client: add version ctdb_traverse_ext() of ctdb_traverse() that can list empty records. commit ddc5da3a0df7701934404192a0a0aa659a806acb Author: Michael Adam ob...@samba.org Date: Sun Nov 27 23:16:33 2011 +0100 traverse: add a flag to enable transferring empty records in cluster wide traverse This will be useful for also printing information about empty/deleted records in ctdb catdb, e.g. for
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 023558a s3-passdb: make pdb_password_change_time_max static. via 158f6d8 s3-rpcclient: add tool to call lsa_SetInformationTrustedDomain. from 165d5bf s3: Remove some false/superfluous translations http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 023558aa90e51d4a0c37fff272213bd26343f901 Author: Günther Deschner g...@samba.org Date: Tue Nov 29 13:38:59 2011 +0100 s3-passdb: make pdb_password_change_time_max static. Guenther Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Tue Nov 29 15:16:51 CET 2011 on sn-devel-104 commit 158f6d8f6818dd4d32fd49482caa8c6cbd38421f Author: Günther Deschner g...@samba.org Date: Tue Nov 22 18:38:52 2011 +0100 s3-rpcclient: add tool to call lsa_SetInformationTrustedDomain. lsasettrustdominfo S-1-5-21-123456-123456-123456 13 1 currently you only can set the encryption type field. Guenther --- Summary of changes: source3/passdb/pdb_get_set.c |2 +- source3/rpcclient/cmd_lsarpc.c | 71 2 files changed, 72 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 540435f..7575af2 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -64,7 +64,7 @@ bool pdb_is_password_change_time_max(time_t test_time) Return an unchanging version of max password change time - 0x7FFF. / -time_t pdb_password_change_time_max(void) +static time_t pdb_password_change_time_max(void) { return 0x7FFF; } diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 8325a61..ed55c45 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -1312,6 +1312,76 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli, return status; } +static NTSTATUS cmd_lsa_set_trustdominfo(struct rpc_pipe_client *cli, +TALLOC_CTX *mem_ctx, int argc, +const char **argv) +{ + struct policy_handle pol, trustdom_pol; + NTSTATUS status, result; + uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + union lsa_TrustedDomainInfo info; + struct dom_sid dom_sid; + enum lsa_TrustDomInfoEnum info_class = 1; + struct dcerpc_binding_handle *b = cli-binding_handle; + + if (argc 4 || argc 3) { + printf(Usage: %s [sid] [info_class] [value]\n, argv[0]); + return NT_STATUS_OK; + } + + if (!string_to_sid(dom_sid, argv[1])) { + return NT_STATUS_NO_MEMORY; + } + + + info_class = atoi(argv[2]); + + switch (info_class) { + case 13: /* LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES */ + info.enc_types.enc_types = atoi(argv[3]); + break; + default: + return NT_STATUS_INVALID_PARAMETER; + } + + status = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, pol); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = dcerpc_lsa_OpenTrustedDomain(b, mem_ctx, + pol, + dom_sid, + access_mask, + trustdom_pol, + result); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + if (!NT_STATUS_IS_OK(result)) { + status = result; + goto done; + } + + status = dcerpc_lsa_SetInformationTrustedDomain(b, mem_ctx, + trustdom_pol, + info_class, + info, + result); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + if (!NT_STATUS_IS_OK(result)) { + status = result; + goto done; + } + done: + dcerpc_lsa_Close(b, mem_ctx, trustdom_pol, result); + dcerpc_lsa_Close(b, mem_ctx, pol, result); + + return status; +} + static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) @@ -2224,6 +2294,7 @@ struct cmd_set lsarpc_commands[] = { { lsaquerytrustdominfo,RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6b5cfa3 s4:libcli/raw: copy smbcli_transport_connect_* to clisocket.c via b3d3395 s4:libcli/raw: add transport-ev as copy of transport-socket-event.ctx via 511dc93 s4:torture: use tctx-ev as event context for polling via 13dbef2 smbXcli: add support for SMBreadBraw via e450c45 smbXcli: add smb1cli_conn_server_{readbraw,writebraw,lockread,writeunlock}() via 46f0b73 s4:gentest: get the tid from the smbcli_tree struct via 04fa5b4 s4:libcli/smb2: make sure only one idle event runs at a time via 51a7201 smb1cli_trans: add support for tevent_req_cancel() via 524d066 smb1cli_trans: return the status from the server if possible via f0d8038 smbXcli: rebuild smb1.recv_iov array if we expect more than one response via 8c7e7ee smbXcli: allow up to 10 iovec elements for the bytes in smb1cli_req_create() via 3453665 smbXcli: s/smb2cli_writev_done/smb2cli_req_writev_done via c9ca3bb smbXcli: call tevent_queue_stop() for the outgoing queue on disconnect via 91cb09f smbXcli: use talloc_stackframe() instead of talloc_tos() in smb1cli_conn_signv() via 9f6454a libcli/smb: remove unused smb_signing_set_bsrspyl() prototype from 023558a s3-passdb: make pdb_password_change_time_max static. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6b5cfa39f252c7272f3cef0a00d6a5d01db81024 Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 29 12:21:48 2011 +0100 s4:libcli/raw: copy smbcli_transport_connect_* to clisocket.c metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Tue Nov 29 17:34:52 CET 2011 on sn-devel-104 commit b3d3395e01a015b440a84878c4d540dbaa437a32 Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 22 09:36:30 2011 +0100 s4:libcli/raw: add transport-ev as copy of transport-socket-event.ctx We'll remove transport-socket soon, but removing transport-ev will take a bit longer. metze commit 511dc9358d8954f9ef04c01fb7cc3f776625c1f2 Author: Stefan Metzmacher me...@samba.org Date: Thu Sep 22 21:30:13 2011 +0200 s4:torture: use tctx-ev as event context for polling metze commit 13dbef241b24d54c7e8793ff81090614393d76ad Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 25 14:49:24 2011 +0100 smbXcli: add support for SMBreadBraw metze commit e450c45e6738900daf9a1800bd6998268fb7d6d6 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 25 15:13:38 2011 +0100 smbXcli: add smb1cli_conn_server_{readbraw,writebraw,lockread,writeunlock}() metze commit 46f0b73c8a1fd372299fae5618d2e67f09e3f5e0 Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 28 20:46:19 2011 +0100 s4:gentest: get the tid from the smbcli_tree struct metze commit 04fa5b4957d4d668be612ded509d6d6c8070d270 Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 22 10:10:30 2011 +0100 s4:libcli/smb2: make sure only one idle event runs at a time metze commit 51a7201a12856a11695ecb1b769c31fedf984e9c Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 28 10:41:25 2011 +0100 smb1cli_trans: add support for tevent_req_cancel() metze commit 524d06615fd1b28f8cef14f6b7e083c4b24cae13 Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 28 09:15:11 2011 +0100 smb1cli_trans: return the status from the server if possible metze commit f0d8038ed8030655223fc03251dbd2245b7ec402 Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 28 17:48:44 2011 +0100 smbXcli: rebuild smb1.recv_iov array if we expect more than one response metze commit 8c7e7ee91beda577ec6a9acf36a856a3dadb30c6 Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 28 15:28:31 2011 +0100 smbXcli: allow up to 10 iovec elements for the bytes in smb1cli_req_create() The smb1cli_trans_* code uses up to 6 elements, which was too much for the current limit of 5. metze commit 3453665bcb408e2961920d156353ae45402d682f Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 28 10:24:18 2011 +0100 smbXcli: s/smb2cli_writev_done/smb2cli_req_writev_done This is a better name and it matches smb1cli_req_writev_done metze commit c9ca3bb4921882634058ee203205aa72b30fb4a7 Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 28 10:23:23 2011 +0100 smbXcli: call tevent_queue_stop() for the outgoing queue on disconnect metze commit 91cb09fa0cdcdd04b2779736dd9855a5572bd0b4 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 25 13:12:35 2011 +0100 smbXcli: use talloc_stackframe() instead of talloc_tos() in smb1cli_conn_signv() metze commit 9f6454af3927033d9bf1ed9e4f6cb1d748f24220 Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 23 08:47:31 2011
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3ab37a0 s3:net registry check: adapt to new semantic of dbwrap_fetch with rbt via bca2677 s3:net registry check: adapt to new semantic of dbwrap_fetch via efb993b s3:dbwrap: turn the fetch dbwrap method to NTSTATUS return code. via 819ca3b s3:dbwrap_ctdb: re-use map_nt_error_from_tdb() in local tdb_error_to_ntstatus() via bba62cd s3:net registry check: handle missing version info via c1d83b0 s3:dbwrap_torture: code cleanup from 6b5cfa3 s4:libcli/raw: copy smbcli_transport_connect_* to clisocket.c http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3ab37a0d0e8da0a149f3b0c4b0f54d4a7e8a66cf Author: Gregor Beck gb...@sernet.de Date: Thu Nov 3 14:57:52 2011 +0100 s3:net registry check: adapt to new semantic of dbwrap_fetch with rbt Signed-off-by: Michael Adam ob...@samba.org Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Tue Nov 29 19:53:30 CET 2011 on sn-devel-104 commit bca2677afe0646e5436356d73c4acee7844e8056 Author: Gregor Beck gb...@sernet.de Date: Mon Oct 24 10:25:29 2011 +0200 s3:net registry check: adapt to new semantic of dbwrap_fetch Signed-off-by: Michael Adam ob...@samba.org commit efb993b686e397e06ba647089535c92ec08c4345 Author: Michael Adam ob...@samba.org Date: Fri Nov 11 00:49:11 2011 +0100 s3:dbwrap: turn the fetch dbwrap method to NTSTATUS return code. This implement more correct NTSTATUS handling inside the backends. This ensures that data.dptr != NULL if return code is NT_STATUS_OK. commit 819ca3b697e1b396b83308341cf81c19362c2626 Author: Michael Adam ob...@samba.org Date: Tue Nov 29 15:57:10 2011 +0100 s3:dbwrap_ctdb: re-use map_nt_error_from_tdb() in local tdb_error_to_ntstatus() commit bba62cdb0c5f3ae85a5eeaa9b747e04a2d392440 Author: Gregor Beck gb...@sernet.de Date: Mon Oct 24 14:29:45 2011 +0200 s3:net registry check: handle missing version info Signed-off-by: Michael Adam ob...@samba.org commit c1d83b0ff2bd400161a21c99b34523164ebd6462 Author: Gregor Beck gb...@sernet.de Date: Thu Oct 20 10:18:24 2011 +0200 s3:dbwrap_torture: code cleanup Signed-off-by: Michael Adam ob...@samba.org --- Summary of changes: source3/lib/dbwrap/dbwrap.c | 22 +-- source3/lib/dbwrap/dbwrap_ctdb.c| 53 +++-- source3/lib/dbwrap/dbwrap_private.h |8 ++-- source3/lib/dbwrap/dbwrap_rbt.c | 10 ++-- source3/lib/dbwrap/dbwrap_tdb.c | 35 - source3/utils/dbwrap_torture.c |6 +- source3/utils/net_registry_check.c | 71 +++ 7 files changed, 117 insertions(+), 88 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/dbwrap/dbwrap.c b/source3/lib/dbwrap/dbwrap.c index 38404a8..cdc46c3 100644 --- a/source3/lib/dbwrap/dbwrap.c +++ b/source3/lib/dbwrap/dbwrap.c @@ -28,19 +28,20 @@ * Fall back using fetch_locked if no genuine fetch operation is provided */ -int dbwrap_fallback_fetch(struct db_context *db, TALLOC_CTX *mem_ctx, - TDB_DATA key, TDB_DATA *data) +NTSTATUS dbwrap_fallback_fetch(struct db_context *db, TALLOC_CTX *mem_ctx, + TDB_DATA key, TDB_DATA *data) { struct db_record *rec; - if (!(rec = db-fetch_locked(db, mem_ctx, key))) { - return -1; + rec = db-fetch_locked(db, mem_ctx, key); + if (rec == NULL) { + return NT_STATUS_UNSUCCESSFUL; } data-dsize = rec-value.dsize; data-dptr = talloc_move(mem_ctx, rec-value.dptr); TALLOC_FREE(rec); - return 0; + return NT_STATUS_OK; } /* @@ -65,9 +66,10 @@ int dbwrap_fallback_parse_record(struct db_context *db, TDB_DATA key, { TDB_DATA data; int res; + NTSTATUS status; - res = db-fetch(db, talloc_tos(), key, data); - if (res != 0) { + status = db-fetch(db, talloc_tos(), key, data); + if (!NT_STATUS_IS_OK(status)) { return -1; } @@ -137,11 +139,7 @@ NTSTATUS dbwrap_fetch(struct db_context *db, TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - if (db-fetch(db, mem_ctx, key, value) != 0) { - return NT_STATUS_NOT_FOUND; - } - - return NT_STATUS_OK; + return db-fetch(db, mem_ctx, key, value); } bool dbwrap_exists(struct db_context *db, TDB_DATA key) diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c index aae5c06..7262b87 100644 --- a/source3/lib/dbwrap/dbwrap_ctdb.c +++ b/source3/lib/dbwrap/dbwrap_ctdb.c @@ -82,22 +82,9 @@ struct db_ctdb_rec { static NTSTATUS tdb_error_to_ntstatus(struct tdb_context *tdb) { -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6bf97ea Fix bug 8631 - POSIX ACE x permission becomes rx following mapping to and from a DACL Reported by David Disseldorp. Fix based on a patch by David. from 3ab37a0 s3:net registry check: adapt to new semantic of dbwrap_fetch with rbt http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6bf97ea3bc70745f64f82251cbce443f2637c703 Author: Jeremy Allison j...@samba.org Date: Tue Nov 29 11:55:39 2011 -0800 Fix bug 8631 - POSIX ACE x permission becomes rx following mapping to and from a DACL Reported by David Disseldorp. Fix based on a patch by David. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Tue Nov 29 22:32:27 CET 2011 on sn-devel-104 --- Summary of changes: source3/smbd/posix_acls.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index b69177a..2ed64c2 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1130,8 +1130,8 @@ uint32_t map_canon_ace_perms(int snum, Map NT perms to a UNIX mode_t. / -#define FILE_SPECIFIC_READ_BITS (FILE_READ_DATA|FILE_READ_EA|FILE_READ_ATTRIBUTES) -#define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES) +#define FILE_SPECIFIC_READ_BITS (FILE_READ_DATA|FILE_READ_EA) +#define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA) #define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE) static mode_t map_nt_perms( uint32 *mask, int type) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 184e8e5 build: TDB_ERR_NESTING is used unconditionally from 6bf97ea Fix bug 8631 - POSIX ACE x permission becomes rx following mapping to and from a DACL Reported by David Disseldorp. Fix based on a patch by David. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 184e8e52182ce28d8a68c1a6904fdd7dad89ef4d Author: Andrew Bartlett abart...@samba.org Date: Thu Nov 24 23:07:21 2011 +1100 build: TDB_ERR_NESTING is used unconditionally Therefore, do not bother doing an autoconf test looking for it. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Wed Nov 30 00:08:18 CET 2011 on sn-devel-104 --- Summary of changes: source3/configure.in | 10 -- source3/wscript |5 - 2 files changed, 0 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 6091a4a..529b29b 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -2178,16 +2178,6 @@ then AC_SUBST(TDBTOOL) TDBTORTURE=bin/tdbtorture\$(EXEEXT) AC_SUBST(TDBTORTURE) - ac_cv_have_tdb_err_nesting=yes -else - AC_TRY_COMPILE([#include tdb.h], - [enum TDB_ERROR err = TDB_ERR_NESTING], - ac_cv_have_tdb_err_nesting=yes, - ac_cv_have_tdb_err_nesting=no) -fi - -if test x$ac_cv_have_tdb_err_nesting = xyes; then - AC_DEFINE(HAVE_TDB_ERR_NESTING, 1, [Whether we have TDB_ERR_NESTING]) fi SMB_LIBRARY(netapi, 0) diff --git a/source3/wscript b/source3/wscript index c329cbf..2514048 100644 --- a/source3/wscript +++ b/source3/wscript @@ -1358,11 +1358,6 @@ main() { msg=getcwd takes a NULL argument) -conf.CHECK_CODE('''enum TDB_ERROR err = TDB_ERR_NESTING''', - 'HAVE_TDB_ERR_NESTING', - headers='tdb.h', - msg='Checking whether we have TDB_ERR_NESTING') - # UnixWare 7.x has its getspnam in -lgen conf.CHECK_FUNCS_IN('getspnam', 'gen') conf.CHECK_FUNCS_IN('getspnam', 'security') -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.12-85-g6489d0d
The branch, master has been updated via 6489d0d9b8ec14c7764a1865618faf659800bcc3 (commit) via 36105b7283df729946e0a2ed61a696a14221efa6 (commit) via c32604fd0016de0df14845a2f222edaa3c52a4fa (commit) via e9250775f5a1234f27a1a62caa902d7b86194285 (commit) via 92a391a81d0697956b96e96e39bb1b9d13e18097 (commit) via ad64ef2c40a2a12b37dbf39142e95c6781c2fc3b (commit) via 86d956170d4806065f1470fc44710c085c57f17a (commit) via 502150c764298a9fa8c4d8aa445bf7d85d4ee9dc (commit) via 6e96a62494bbb2c7b0682ebf0c2115dd2f44f7af (commit) via 1fea9ef55a6a9d201ad1b49583451ac3e6b1c66d (commit) from 3b6ef3442f0b62d65ec0f9be67a2b1dbf7e4af67 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 6489d0d9b8ec14c7764a1865618faf659800bcc3 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Nov 30 10:05:59 2011 +1100 DOC: document the check_srvids debugging command commit 36105b7283df729946e0a2ed61a696a14221efa6 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Nov 30 10:00:27 2011 +1100 ctdb: use libctdb version of check-srvids call commit c32604fd0016de0df14845a2f222edaa3c52a4fa Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Nov 30 10:00:07 2011 +1100 LibCTDB: add support for the check-srvids control commit e9250775f5a1234f27a1a62caa902d7b86194285 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Nov 30 09:50:12 2011 +1100 check_srvids: remove the pnn from the commandline so that we only specify the list of srvids Specifying the pnn can be done via '-n pnn' commit 92a391a81d0697956b96e96e39bb1b9d13e18097 Author: Volker Lendecke v...@samba.org Date: Mon Oct 31 16:21:54 2011 +0100 Add ctdb check_srvid commit ad64ef2c40a2a12b37dbf39142e95c6781c2fc3b Author: Volker Lendecke v...@samba.org Date: Mon Oct 31 13:29:13 2011 +0100 Add CTDB_CONTROL_CHECK_SRVID commit 86d956170d4806065f1470fc44710c085c57f17a Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Nov 30 08:59:03 2011 +1100 DOC: describe the RecoverPDBBySeqNum tunable commit 502150c764298a9fa8c4d8aa445bf7d85d4ee9dc Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Mon Nov 28 13:56:30 2011 +1100 Recover Persistent database DB by DB and not record by record Add a new tunable that changes the mode how persistent databases are recovered. RecoveryPDBBySeqNum When set to 1, persistent databases will be recovered in whole from the node which has the highest __db_sequence_number__ record. This record is managed by samba for those databases where we do persistent writes and have inter-record relations. For these databases we do not want the usual blend records from all nodes based on individual record RSN but instead a mode where we pick one instance of the persistent database. If no node was found with a __db_sequence_number__ record at all, we fail back to the original recover records independently based on record RSN. Some persistent databases do not contain record interrelations and as such does not contain this special record at all. commit 6e96a62494bbb2c7b0682ebf0c2115dd2f44f7af Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Mon Nov 28 16:30:46 2011 +1100 LibCTDB: add get persistent db seqnum control commit 1fea9ef55a6a9d201ad1b49583451ac3e6b1c66d Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Mon Nov 28 10:41:17 2011 +1100 DB Seqnum: must provide a ctdb_ltdb_header when calling ctdb_ltdb_fetch() --- Summary of changes: doc/ctdb.1 | 678 +- doc/ctdb.1.html | 166 ++-- doc/ctdb.1.xml | 19 ++ doc/ctdbd.1 | 593 - doc/ctdbd.1.html | 93 --- doc/ctdbd.1.xml | 19 ++ include/ctdb.h | 121 include/ctdb_private.h |3 + include/ctdb_protocol.h |1 + libctdb/control.c| 84 ++ libctdb/sync.c | 36 +++ server/ctdb_control.c|3 + server/ctdb_daemon.c | 36 +++ server/ctdb_persistent.c |3 +- server/ctdb_recoverd.c | 126 +- server/ctdb_tunables.c |3 +- tools/ctdb.c | 67 + 17 files changed, 1140 insertions(+), 911 deletions(-) Changeset truncated at 500 lines: diff --git a/doc/ctdb.1 b/doc/ctdb.1 index 4416f9f..70405d0 100644 --- a/doc/ctdb.1 +++ b/doc/ctdb.1 @@ -1,218 +1,164 @@ -'\ t -.\ Title: ctdb -.\Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\ Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/ -.\ Date: 11/29/2011 -.\Manual: CTDB - clustered TDB database -.\Source: ctdb -.\ Language: English -.\
[SCM] CTDB repository - branch 1.2 updated - ctdb-1.9.1-496-gc77008e
The branch, 1.2 has been updated via c77008ea28b0237be6f78bb26fc62df6b65f3144 (commit) via 79eb40c7ea594267cae8ad45e8641e23075b9791 (commit) via 2b9b2c874e4f038bd7aefbc5e4e730fcef30c48a (commit) via 3ec9b4254e2c73ee9cbfe484dccc6661fce6736c (commit) from 85206ee924d8245091264984669abfe99f6e82b9 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2 - Log - commit c77008ea28b0237be6f78bb26fc62df6b65f3144 Author: Volker Lendecke v...@samba.org Date: Mon Oct 31 13:29:13 2011 +0100 Add CTDB_CONTROL_CHECK_SRVID commit 79eb40c7ea594267cae8ad45e8641e23075b9791 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Mon Nov 28 13:56:30 2011 +1100 Recover Persistent database DB by DB and not record by record Add a new tunable that changes the mode how persistent databases are recovered. RecoveryPDBBySeqNum When set to 1, persistent databases will be recovered in whole from the node which has the highest __db_sequence_number__ record. This record is managed by samba for those databases where we do persistent writes and have inter-record relations. For these databases we do not want the usual blend records from all nodes based on individual record RSN but instead a mode where we pick one instance of the persistent database. If no node was found with a __db_sequence_number__ record at all, we fail back to the original recover records independently based on record RSN. Some persistent databases do not contain record interrelations and as such does not contain this special record at all. commit 2b9b2c874e4f038bd7aefbc5e4e730fcef30c48a Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Mon Nov 28 10:57:39 2011 +1100 LibCTDB: add get persistent db seqnum control commit 3ec9b4254e2c73ee9cbfe484dccc6661fce6736c Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Mon Nov 28 10:41:17 2011 +1100 DB Seqnum: must provide a ctdb_ltdb_header when calling ctdb_ltdb_fetch() --- Summary of changes: include/ctdb.h | 52 +++ include/ctdb_private.h |3 + include/ctdb_protocol.h |1 + libctdb/control.c| 40 +++ libctdb/sync.c | 18 +++ server/ctdb_control.c|3 + server/ctdb_daemon.c | 36 + server/ctdb_persistent.c |3 +- server/ctdb_recoverd.c | 126 - server/ctdb_tunables.c |3 +- tools/ctdb.c | 27 ++ 11 files changed, 307 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/include/ctdb.h b/include/ctdb.h index c95c2e1..f6b5f9f 100644 --- a/include/ctdb.h +++ b/include/ctdb.h @@ -453,6 +453,35 @@ bool ctdb_getpnn_recv(struct ctdb_connection *ctdb, /** + * ctdb_getdbseqnum_send - read the sequence number off a db + * @ctdb: the ctdb_connection from ctdb_connect. + * @destnode: the destination node (see below) + * @dbid: database id + * @callback: the callback when ctdb replies to our message (typesafe) + * @cbdata: the argument to callback() + * + * There are several special values for destnode, detailed in + * ctdb_protocol.h, particularly CTDB_CURRENT_NODE which means the + * local ctdbd. + */ +struct ctdb_request * +ctdb_getdbseqnum_send(struct ctdb_connection *ctdb, +uint32_t destnode, +uint32_t dbid, +ctdb_callback_t callback, +void *cbdata); +/** + * ctdb_getdbseqnum_recv - read the sequence number off a database + * @ctdb: the ctdb_connection from ctdb_connect. + * @req: the completed request. + * @seqnum: a pointer to the seqnum to fill in + * + * This returns false if something went wrong, or otherwise fills in pnn. + */ +bool ctdb_getdbseqnum_recv(struct ctdb_connection *ctdb, + struct ctdb_request *req, uint64_t *seqnum); + +/** * ctdb_getnodemap_send - read the nodemap number from a node. * @ctdb: the ctdb_connection from ctdb_connect. * @destnode: the destination node (see below) @@ -652,6 +681,25 @@ bool ctdb_getpnn(struct ctdb_connection *ctdb, uint32_t *pnn); /** + * ctdb_getdbseqnum - read the seqnum of a database + * @ctdb: the ctdb_connection from ctdb_connect. + * @destnode: the destination node (see below) + * @dbid: database id + * @seqnum: sequence number for the database + * + * There are several special values for destnode, detailed in + * ctdb_protocol.h, particularly CTDB_CURRENT_NODE which means the + * local ctdbd. + * + * Returns true and fills in *pnn on success. + */ +bool +ctdb_getdbseqnum(struct ctdb_connection *ctdb, +uint32_t destnode, +uint32_t dbid, +uint64_t *seqnum); + +/** * ctdb_getrecmaster - read the recovery master of a node (synchronous) *
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0ee447f s3:dbwrap_tdb: pass NTSTATUS code further up from db_tdb_fetch_parse in db_tdb_fetch() from 184e8e5 build: TDB_ERR_NESTING is used unconditionally http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0ee447fef5563e2b26fac6cac7c8fd7a71c80c0a Author: Michael Adam ob...@samba.org Date: Tue Nov 29 22:36:48 2011 +0100 s3:dbwrap_tdb: pass NTSTATUS code further up from db_tdb_fetch_parse in db_tdb_fetch() Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Wed Nov 30 01:46:31 CET 2011 on sn-devel-104 --- Summary of changes: source3/lib/dbwrap/dbwrap_tdb.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/dbwrap/dbwrap_tdb.c b/source3/lib/dbwrap/dbwrap_tdb.c index cf761e2..ffdb906 100644 --- a/source3/lib/dbwrap/dbwrap_tdb.c +++ b/source3/lib/dbwrap/dbwrap_tdb.c @@ -191,7 +191,7 @@ static NTSTATUS db_tdb_fetch(struct db_context *db, TALLOC_CTX *mem_ctx, } if (!NT_STATUS_IS_OK(state.result)) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; + return state.result; } *pdata = state.data; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 12ce07e s4-kdc: Add hdb plugin for samba4, to allow kadmin to work from 0ee447f s3:dbwrap_tdb: pass NTSTATUS code further up from db_tdb_fetch_parse in db_tdb_fetch() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 12ce07e53b9453f35a1483d941bfce9c23f790a0 Author: Andrew Bartlett abart...@samba.org Date: Wed Nov 30 07:45:25 2011 +1100 s4-kdc: Add hdb plugin for samba4, to allow kadmin to work This will help users who are used to the kadmin interface, and could be extended to import existing MIT or Heimdal keys into a Samba4 AD domain. To use, add to your krb5.conf [kdc] database = { dbname = samba4: } or [kdc] database = { dbname = samba4:/usr/local/samba/etc/smb.conf } And copy hdb_samba4.so from PREFIX/modules/hdb to your Heimdal lib directory Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Wed Nov 30 03:22:11 CET 2011 on sn-devel-104 --- Summary of changes: source4/kdc/hdb-samba4-plugin.c | 84 + source4/kdc/hdb-samba4.c | 32 source4/kdc/kdc.c |3 +- source4/kdc/samba_kdc.h |2 + source4/kdc/wscript_build | 20 ++-- source4/libnet/libnet_export_keytab.c |4 +- 6 files changed, 103 insertions(+), 42 deletions(-) create mode 100644 source4/kdc/hdb-samba4-plugin.c Changeset truncated at 500 lines: diff --git a/source4/kdc/hdb-samba4-plugin.c b/source4/kdc/hdb-samba4-plugin.c new file mode 100644 index 000..568386d --- /dev/null +++ b/source4/kdc/hdb-samba4-plugin.c @@ -0,0 +1,84 @@ +/* + Unix SMB/CIFS implementation. + + KDC Server startup + + Copyright (C) Andrew Bartlett abart...@samba.org 2005-20011 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include includes.h +#include kdc/kdc-glue.h +#include kdc/db-glue.h +#include lib/util/samba_util.h +#include lib/param/param.h +#include source4/lib/events/events.h + +static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg) +{ + NTSTATUS nt_status; + void *ptr; + struct samba_kdc_base_context *base_ctx; + + if (sscanf(arg, %p, ptr) == 1) { + base_ctx = talloc_get_type_abort(ptr, struct samba_kdc_base_context); + } else if (arg[0] == '\0' || file_exist(arg)) { + /* This mode for use in kadmin, rather than in Samba */ + + setup_logging(hdb_samba4, DEBUG_DEFAULT_STDERR); + + base_ctx = talloc_zero(NULL, struct samba_kdc_base_context); + if (!base_ctx) { + return ENOMEM; + } + + base_ctx-ev_ctx = s4_event_context_init(base_ctx); + base_ctx-lp_ctx = loadparm_init_global(false); + if (arg[0]) { + lpcfg_load(base_ctx-lp_ctx, arg); + } else { + lpcfg_load_default(base_ctx-lp_ctx); + } + } else { + return EINVAL; + } + + /* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */ + nt_status = hdb_samba4_create_kdc(base_ctx, context, db); + + if (NT_STATUS_IS_OK(nt_status)) { + return 0; + } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) { + + krb5_set_error_message(context, EINVAL, Failed to open Samba4 LDB at %s, lpcfg_private_path(base_ctx, base_ctx-lp_ctx, sam.ldb)); + } else { + krb5_set_error_message(context, EINVAL, Failed to connect to Samba4 DB: %s (%s), get_friendly_nt_error_msg(nt_status), nt_errstr(nt_status)); + } + + return EINVAL; +} + +/* Only used in the hdb-backed keytab code + * for a keytab of 'samba4address' or samba4, to find + * kpasswd's key in the main DB, and to + * copy all the keys into a file (libnet_keytab_export) + * + * The address is the string form of a pointer to a talloced struct hdb_samba_context + */
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via da992be Fix bug 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field. from 12ce07e s4-kdc: Add hdb plugin for samba4, to allow kadmin to work http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit da992be64f39364fbb8bca26e9421c7a36c49ac6 Author: Jeremy Allison j...@samba.org Date: Tue Nov 29 16:31:18 2011 -0800 Fix bug 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Nov 30 04:59:07 CET 2011 on sn-devel-104 --- Summary of changes: source3/modules/vfs_acl_common.c |2 ++ source3/smbd/nttrans.c |2 ++ 2 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 799de98..00ac2a1 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -426,9 +426,11 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, psd-group_sid = NULL; } if (!(security_info SECINFO_DACL)) { + psd-type = ~SEC_DESC_DACL_PRESENT; psd-dacl = NULL; } if (!(security_info SECINFO_SACL)) { + psd-type = ~SEC_DESC_SACL_PRESENT; psd-sacl = NULL; } diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 05d42a2..ddabdda 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1900,9 +1900,11 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, psd-group_sid = NULL; } if (!(security_info_wanted SECINFO_DACL)) { + psd-type = ~SEC_DESC_DACL_PRESENT; psd-dacl = NULL; } if (!(security_info_wanted SECINFO_SACL)) { + psd-type = ~SEC_DESC_SACL_PRESENT; psd-sacl = NULL; } -- Samba Shared Repository