Re: [Samba] idmap_ad partially stopped working after upgrading Samba from 3.4.3 to 3.6.3
On 16 May 2012 16:50, Javier Conti javier.co...@gmail.com wrote: On 16 May 2012 13:19, Michael Adam ob...@samba.org wrote: Hi Javier, Javier Conti wrote: On 15 May 2012 23:29, Michael Adam ob...@samba.org wrote: Hi Javier, Javier Conti wrote: Dear list, upgrading from SLES11 SP1 to SLES11 SP2, I upgraded Samba from 3.4.3 to 3.6.3. I was successfully using idmap_ad to authenticate users but after the upgrade it stopped working and users are not seen by the OS. Obviously the users I want to see on the Linux server have all RFC2307 attributes populated and are seen by all other SLES11 SP1 servers. Although I tried many changes to the config, according to some hints found on the web, this is what I was using with Samba 3.4.3: [global] workgroup = MYDOMAIN realm = MYREALM security = ADS idmap backend = idmap_ad idmap uid = 64000 - 64999 idmap gid = 64000 - 64999 idmap config MYDOMAIN : default = yes idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema_mode = rfc2307 winbind use default domain = yes winbind nss info = rfc2307 winbind offline logon = yes winbind refresh tickets = yes [...] Any hints on what has changed with Samba 3.6.3 and/or what to change to adapt the configuration to 3.6.3 (if necessary)? Some comments: The above config makes no real sense for me, neither for 3.4 nor for 3.6: * The parameter idmap config DOMAIN : default = yes/no has been removed in samba 3.3. It only existed from 3.0.25 to 3.2. (http://www.samba.org/samba/history/samba-3.3.0.html) * You are using the backend ad (or idmap_ad which is a deprecated synonym) both in idmap config MYDOMAIN : backend and in idmap backend. Both with different ranges. This does not seem to make sense to me. It is necessary to specify a writable backend for the catch all default idmap configuration, e.g. tdb or ldap. In 3.6, the idmap backend has been replaced by idmap config * : backend, etc. A valid config for 3.4 would be: ~ [global] workgroup = MYDOMAIN idmap backend = tdb idmap uid = x-y idmap gid = x-y idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema mode = rfc2370 ~ The corresponding for 3.6: ~ [global] workgroup = MYDOMAIN idmap config * : backend = tdb idmap config * : range = x-y idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema mode = rfc2370 ~ Hi Michael, thanks for your input. The latter is indeed the configuration I'm running lately. Ok, so you _are_ running the default domain with the tdb idmap backend. -- Good. Could you please check with the more low level wbinfo commands the results of the commands for id mapping: wbinfo -S S-1-5-21-828208052-1092558876-1846952604-22794 == should give a uid That works and gives me 10106. wbinfo -Y S-1-5-21-828208052-1092558876-1846952604-22794 == should fail That fails with WBC_ERR_DOMAIN_NOT_FOUND. wbinfo -S S-1-5-21-828208052-1092558876-1846952604-513 == should fail That fails with WBC_ERR_DOMAIN_NOT_FOUND. wbinfo -Y S-1-5-21-828208052-1092558876-1846952604-513 == should give a gid That fails with WBC_ERR_DOMAIN_NOT_FOUND. Ok, the error messages seem to be bogus. But from what you have written below, the behaviour is correct. I don't know if it's related to that, but in the RFC2307 fields of the 10106 user I put as primary group 1, which is not Domain Users, but S-1-5-21-828208052-1092558876-1846952604-51 is actually Domain Users. The group Domain Users has no RFC2307 gid attribute. We didn't populate it since it's not used at all in the Unix environment. Ah! That explains the above results. If I get the SID of the user primary group (i.e. the one I see using id(1) on a 3.4.3 client) and then perform a sid-to-gid (wbinfo -Y) it works. If you don't have a gid associated to the domain users group in AD, but you configured the idmap backend ad for this domain, then you should get no gid for this group out of winbindd: If the older version 3.4 falls back to allocating one from the default range, then this is a bug in 3.4, and 3.6 is correct. In 3.4 I don't have a gid for Domain Users. This has never been a problem since the Domain Users group is not used at all on Unix machines. If I perform a getent(1) on group Domain Users I get nothing, if I perform a
[Samba] Samba4 alpha 20 version: Samba smbd daemons !
Firstly, I have forgotten to say that it all would be under Ubuntu 12.04 TLS. I didn' t test or run it under other OSes. I have found out one point of these issue. For example Samba and smbd daemons have started normally (by Samba daemon run only) . Then in some circumstances smbd either falls out (I haven't investigated yet why) or I stop it normally but as I wrote earlier all pid files have not be deleted. And at the next time I try to start Samba daemon, it is started but smbd fails, because of existing smbd-fileserver.conf.pid file (there is message that so pid file exists in smbd log) . Regarding kill -9, I run ps ajx | grep smbd and get process ID. Then I use kill -9 got procID . About Gdb, I haven' t use it yet. I offer to make error messages when user trys to start smbd daemon in alone or without Samba started that is in 1 case: Samba is not started, user runs smbd - error you can not to do so or something else; Samba is startded, user runs smbd - handling of this situation is up to yuo as developer. It is some fool protection. And talking about pid files, I offer to add its deletion function to appopriative daemons (during unloading Samba daemon - samba daemon deletes its pid file, during unloading smbd daemon by Samba daemon - smbd deletes its pid file) . And how can I make to you as RD person and your RD team some donations ? Not much, but about $200. In Samba4 alpha 21 and 22 Smbd daemon has to be run except Samba daemon to get access to your shared NetBios resources (folders) .That is in case of alpha versions after 20, Samba daemon starts in its own smbd daemon automatically and with with some parameters such as --configfile and --foreground (but without -D parametr that is not as daemon) .After Samba is started there are 2 processes: Samba smbd.1. So, after killing of Samba process samba doesn' t delete samba.pid smb-fileserver.conf.pid, is it riht behaivour of its daemons ?As I remembered nmbd daemon does - it deletes nmbd.pid file.Does Samba daemon have to delete its pid file and pid files of all other processes started by it, in particular smbd process or not ? 2. When Samba are not run and smbd hsa been started without Samba daemon, there 2 processes in memory, but smbd only, not Samba smbd.And these processes can not be killed by killall command, can be killed by kill -9 # pid only. But after that if start Samba normally (Samba and smbd are started) users can' t get access to NetBios resources before full server reboot and there are messages such as this address are already in use for port 139, this address are already in use for port 445 in log file after restart Samba daemon after ru of kill -9 #pid. Th same situation if Samba starts not correctly and smbd couldn' t be started with Samba and it needs to start smbd manually. I have got this situation too, but at the time couldn' t investigate why it is so.May be to make impossible to start smbd daemon without Samba daemon or make possible to correctly unload its process. In Samba4 alpha up to 20 version Samba daemon served as authorization as AD services as file access - all in one and it didn' t need to run smbd and smbd wasn' t started, smbd wasn' t in memory at all. null -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.6.4 + office 2010 - deny write 0x3019f
Hi, we just noticed the following problem: User wants to open a file on a group share. Nobody else is currently using the file. Open is possible, saving the file is denied DENY_WRITE 0x3019f RDWR EXCLUSIVE+BATCH Using office 2003 it works. Using 2007/2010 we get this fault. Do we have to change the settings for the share, or what can we do to avoid this ? OS (Server): Novell SLES 11SP1 (x86_64), samba 3.6.4-44 (sernet rpm) -- Bye, Peer _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.5 is ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nothing terribly earth-shattering in this release. We had a number of reports of build-breaking problems in version 5.4, mostly due to the fact that we now turn on -Werror by default, and a number of patches to fix them. I'm starting to have doubts as to whether it's a good idea to keep - -Werror in the default CFLAGS. This is built in a large range of environments and with a large range of different tool versions. Catching all of the warnings can be difficult. I've left that flag in place for now, but if it's causing significant pain for anyone then please speak up, and we might remove it in a later release. Highlights: * a bunch of fixes for compile time warnings and build breaks * some fixes in the libcap capabilities dropping code * remove unneeded mount.smb2 multicall code and other prep work for smb2 support * manpage updates for kernel-level behavior changes webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.4: commit 676f0386df51b36df42d8b6b815b7d9d8b6934dc Author: Jeff Layton jlay...@samba.org Date: Thu Apr 19 07:29:33 2012 -0400 autoconf: set version to 5.4.1 for interim builds Signed-off-by: Jeff Layton jlay...@samba.org commit 8c6268cbbd4202631e5c4b30297adc0088a1d568 Author: Jeff Layton jlay...@samba.org Date: Thu Apr 19 07:29:46 2012 -0400 mount.cifs: fix up some -D_FORTIFY_SOURCE=2 warnings ...and add -D_FORTIFY_SOURCE=2 to the default $CFLAGS. Acked-by: Acked-by: Suresh Jayaraman sjayara...@suse.com Signed-off-by: Jeff Layton jlay...@samba.org commit be5b954e35858c09dfaeee33bf06bb0dc76a86f9 Author: Lars Mueller lmue...@suse.com Date: Fri Apr 20 07:58:54 2012 -0400 mount.cifs: uninitialized variables in mount.cifs older gcc versions (4.3 in the case of SUSE Linux Enterprise 11 SP 1 and SP 2) complain about uninitialized variables in the recent 5.4 release. The attached patch makes the build process a bit quieter. Acked-by: Suresh Jayaraman sjayara...@suse.com Signed-off-by: Lars Mueller lmue...@suse.com commit e5f124c10fa8e582c5df61017d6f6c2b10c397dc Author: Lars Mueller lmue...@suse.com Date: Fri Apr 20 07:59:06 2012 -0400 cifs.upcall: missing prototype for krb5_auth_con_set_req_cksumtype in MIT krb5 1.7 products coming with MIT krb5 1.7 (like SUSE Linux Enterprise 11 SP 1 or SP 2) suffer from the same issue as described by https://bugzilla.samba.org/show_bug.cgi?id=6918 The declaration of krb5_auth_con_set_req_cksumtype is missing. Inspiration: https://bugzilla.samba.org/show_bug.cgi?id=6918 Acked-by: Suresh Jayaraman sjayara...@suse.com Signed-off-by: Lars Mueller lmue...@suse.com commit 0aa12de5c1565d56a240d7b0dd814316f4ea81f3 Author: Lars Mueller lmue...@suse.com Date: Fri Apr 20 07:59:15 2012 -0400 mount.cifs: toggle_dac_capability() stores return code the build process of the cifs-utils for Mandriva 2011 made me notice of the unused variable rc in toggle_dac_capability() of mount.cifs.c. A bit up in the code we store the return value and do not make use of it while calling return. The attached patch intends to fix this. The failing build result is still visible at https://build.opensuse.org/package/live_build_log?arch=x86_64package=cifs-utilsproject=network%3Asamba%3ASTABLErepository=Mandriva_2011 Acked-by: Suresh Jayaraman sjayara...@suse.com Signed-off-by: Lars Mueller lmue...@suse.com commit a91fb0671273e4ef9079ee7860574c460aa94a51 Author: Jeff Layton jlay...@samba.org Date: Fri Apr 20 07:59:17 2012 -0400 mount.cifs: remove unnecessary getuid() check in libcap version of toggle_dac_capability I'm not sure what I was thinking when I added that check in, but it's been there since the inception. We shouldn't care at all what the real uid is when we call toggle_dac_capability and indeed we don't care with the libcap-ng version. Remove that check. Signed-off-by: Jeff Layton jlay...@samba.org commit bab572a89bd0d989bd761e8cea926dfcf48b938d Author: Jeff Layton jlay...@samba.org Date: Wed May 2 14:25:28 2012 -0400 mount.cifs: don't pass credentials= option to the kernel We handle this option in userspace, so there's little value in also passing it to the kernel. Also fix minor double-comma nit in the options string. Reported-by: Ronald ronald...@gmail.com Signed-off-by: Jeff Layton jlay...@samba.org commit 9410c776a3bd69a8434e5f01174bc59f08e7e62a Author: Jeff Layton jlay...@samba.org Date: Mon May 14 06:41:29 2012 -0400 doc: update mailing list Signed-off-by: Luk Claes l...@debian.org commit
[Samba] Samba 4 analyse
Hi, My actual config Samba 3 PDC, file and print server use openldap backend Posix ACL on XFS FS using pam_ldap and ns_ldap. independant wins and DNS server (not DDNS) Can I have same configuration in samba 4 ? LIke : DC flie server with posix ACL support and pam, ns_ldap . independant wins and DNS server (not DDNS). It's just an analyse ! Have a nice day Stéphane --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Setting up DNS on a joined samba4 DC to W2003 Domain
Hi, I've installed s4 succesfully on two servers to replace the w2003 domain controllers, but to do that, I need to get DNS to work and I can't find documentation on how to set up bind to import DNS from AD as the how to is to set up and provision a domain or the docs on joining as DC are outdated and have bearly no info on doing this. Can anyone help me on this? Regards, Juan Pablo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] idmap backend = ad and Active Directory 2008R2
On Tue, 2012-05-29 at 15:41 -0700, Randy Rue wrote: Can anyone tell me what's wrong with the below file? Or at least provide a working example? Is there a complete howto anywhere for SMB3.5 and AD2008R2? Yes, for starters where is the default writable backend that is required as specified in man idmap_ad? You need some lines like the following idmap backend = tdb idmap uid = 100-199 idmap gid = 100-199 Where those numbers don't overlap with the numbers for your FHCRC domain. Hope to hear from you, rrue seattle /etc/samba/smb.conf: [global] workgroup = FOO password server = dcx.foo.org dcy.foo.org dcz.foo.org realm = FOO.ORG security = ads winbind use default domain = true winbind offline logon = false log file = /var/log/samba/%m.log max log size = 100 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no idmap config FHCRC : default = yes idmap config FHCRC : backend = ad idmap config FHCRC : schema_mode = rfc2307 idmap config FHCRC : range = 5000 - 7 allow trusted domains = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes I also don't see a winbind nss info = rfc2307 line either so it is not clear how the UID's and GID's from the AD scheme are getting through to Linux. Note for reasons I don't follow the primary GID of the user is calculated from the primaryGroupID attribute. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] idmap backend = ad and Active Directory 2008R2
Thank you, this is the kind of feedback I need. I've tried it with and without the writeable back end, I wasn't clear on whether it was necessary if all accounts would be in either AD or local files. I'll put it back. Similar problem for the rfc2307 line. I've found conflicting advice online: it appears that the needed directives and their syntax have changed significantly over the last several versions and when I find a claimed working example it usually doesn't specify what version it worked with or when (I can make some guesses from the age of the post). Tried these changes with no luck. I did see a new error from winbindd in the syslog on restart, Cannot find KDC for the requested realm. Realized that in a previous restore to default I'd rolled back to the example /etc/krb5.conf file. On attempting an SSH login with an AD account I still get a string of errors in syslog beginning with invalid user, several variations on error retrieving information about user, and ending with Failed password for invalid user. Current version of smb.conf and krb5.conf are: --- /etc/samba/smb.conf: [global] workgroup = FOO password server = dc42.foo.org dc52.foo.org dc152.foo.org realm = FOO.ORG security = ads winbind use default domain = true winbind offline logon = false log file = /var/log/samba/%m.log max log size = 100 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no idmap backend = tdb idmap uid = 2500-4999 idmap gid = 2500-4999 idmap config FOO : default = yes idmap config FOO : backend = ad idmap config FOO : schema_mode = rfc2307 idmap config FOO : range = 5000 - 7 allow trusted domains = No winbind nss info = rfc2307 winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes /etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = FOO.ORG dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] EXAMPLE.COM = { kdc = DC42.FOO.ORG:88 kdc = DC52.FOO.ORG:88 kdc = DC152.FOO.ORG admin_server = dc152.foo.org:749 } [domain_realm] .foo.org = FOO.ORG foo.org = FOO.ORG [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } --- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Jonathan Buzzard Sent: Wednesday, May 30, 2012 5:11 AM To: samba@lists.samba.org Subject: Re: [Samba] idmap backend = ad and Active Directory 2008R2 On Tue, 2012-05-29 at 15:41 -0700, Randy Rue wrote: Can anyone tell me what's wrong with the below file? Or at least provide a working example? Is there a complete howto anywhere for SMB3.5 and AD2008R2? Yes, for starters where is the default writable backend that is required as specified in man idmap_ad? You need some lines like the following idmap backend = tdb idmap uid = 100-199 idmap gid = 100-199 Where those numbers don't overlap with the numbers for your FHCRC domain. Hope to hear from you, rrue seattle /etc/samba/smb.conf: [global] workgroup = FOO password server = dcx.foo.org dcy.foo.org dcz.foo.org realm = FOO.ORG security = ads winbind use default domain = true winbind offline logon = false log file = /var/log/samba/%m.log max log size = 100 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no idmap config FOO : default = yes idmap config FOO : backend = ad idmap config FOO : schema_mode = rfc2307 idmap config FOO : range = 5000 - 7 allow trusted domains = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes I also don't see a winbind nss info = rfc2307 line either so it is not clear how the UID's and GID's from the AD scheme are getting through to Linux. Note for reasons I don't follow the primary GID of the user is calculated from the primaryGroupID attribute. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Secondary DNS - samba 4 domain
How do I do about setting up a second samba DC as a DNS server? I have 2 DCs in the domain (setup via the How-to on the wiki) If I try to follow the steps I used for the first controller on the second, bind won't start because /usr/local/samba/private/dns hasn't been created or populated. (I'm using the dlz backend). Searching the wiki has provided nothing. How to I create the needed ldb zone files? Do i just copy them from the first machine? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] BUILD Systems for Samba 4.0 (python-based waf in particular)
Quick question: You mention here using the ./configure command, but the HOWTO and everything else I've seen up to this point recommend using ./configure.developer. Is this still the recommendation, or is it better to just use ./configure if you really aren't doing development (which includes, debugging, testing and general mucking around with stuff you aren't sure yet if it works) Thanks! On Tue, May 29, 2012 at 8:02 PM, Andrew Bartlett abart...@samba.org wrote: (This is the Team's agreed statement explaining the role of the two build systems in Samba 4.0. Please, if you have can't use the waf build system, and so need the autoconf system for 4.0, reply and let us know your reasons and needs here or in the specific threads I'm raising on samba-technical). Thanks, Andrew Bartlett BUILDING SAMBA 4.0 (which build system to use and why) === The waf build - Samba 4.0 ships with a new build system, based on waf. A background to this build system can be found at https://wiki.samba.org/index.php/Waf This is the build system that is used when you run ./configure make in the top level of a Samba 4.0 release tree. For the vast majority of our users, this is the build system you should use. It supports parallel and incremental builds, and builds the whole Samba suite, the file server, the print server, the NT4 domain controller, winbind, the AD Domain Controller, the client libraries and the python libraries. A key feature for many of our distributors and OEMs is that despite the range of additional features, the resulting binaries and libraries are substantially smaller, because we use shared libraries extensively. For distributions that have a requirement to use the system-supplied Kerberos library, we support building against a Heimdal or system MIT Kerberos library, provided the version is recent enough (otherwise we will use our internal version of Heimdal). Please note that builds with MIT krb5 support will not have AD DC features. By the time of the first release candidate, we will finish renaming the binaries that we ship so that where we provide a tool under a name that was used in Samba 3.x, it continues to behave in the same way it always has. This will ensure that our change in build system does not impact on our user's ability to use Samba as they always have. For developers, this build system backs a comprehensive 'make test', which provides code coverage of around 48% of our code by line: https://build.samba.org/lcov/data/coverage/samba_4_0_test/ This build system also implements important features such as ABI checking (which protects you as users from accidental changes to our published libraries), symbol versions and dependency checked incremental rebuilds after header-file changes. The waf build also assists developers by providing fully-linked binaries that run from bin/ without needing to set LD_LIBRARY_PATH. For users who do not have python installed on their systems, we provide a install_with_python.sh script, which will install a local copy of python sufficient to run the build system, without impacting on the rest of the system. Within this requirement, we expect that this build will run on all our supported platforms, and will actively deal with any portability issues that users can bring to our attention. For all these reasons, we highly recommend this new build system to all our users, for whatever purpose you want to put Samba to. The autoconf build -- For a small number of users, the requirement to have access to Python 2.4 and perl will be unacceptable, and for these users we continue to provide the 'autoconf' build system used in Samba 3.x under the source3/. This will build fewer parts of Samba, but should not be seen as 'the file server build' (typical file server deployments should use the top level build), but as a measure provided with limited features for systems and organisations unable to meet the requirements for the new build system. If you do need to use the autoconf build system, please let us know: both why you cannot use the 'waf' build in the top level, and what features of the source3 build that you require. We need this information to assess the continuing demand for this parallel infrastructure, and to determine which features need to remain available in both build systems. Optional Libraries -- To assist users and distributors to build Samba with the full feature set, by the first release candidate the build system will abort if our dependent libraries and their header files are not found on the target system. This will mean for example, that xattr, acl and ldap headers must be installed for the default build to complete. The configure system will check for these headers, and the error message will indicate: - the required header and library - the option (such as
Re: [Samba] Secondary DNS - samba 4 domain
On 5/30/2012 12:52 PM, Ryan Whelan wrote: How do I do about setting up a second samba DC as a DNS server? I have 2 DCs in the domain (setup via the How-to on the wiki) If I try to follow the steps I used for the first controller on the second, bind won't start because /usr/local/samba/private/dns hasn't been created or populated. (I'm using the dlz backend). Searching the wiki has provided nothing. How to I create the needed ldb zone files? Do i just copy them from the first machine? I think you would just need to configure bind on the second machine as a backup dns. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ./configure.developer and Samba 4.0 pre-releases
On Wed, 2012-05-30 at 17:04 -0400, Charles Tryon wrote: Quick question: You mention here using the ./configure command, but the HOWTO and everything else I've seen up to this point recommend using ./configure.developer. Is this still the recommendation, or is it better to just use ./configure if you really aren't doing development (which includes, debugging, testing and general mucking around with stuff you aren't sure yet if it works) G'day, The main reason we recommend ./configure.developer in the HOWTO is that if it crashes, the debugging symbols from --enable-debug will be valuable. Also, while it isn't in the howto, make test relies on --enable-selftest. Both these modes are turned on by --enable-developer (which is what ./configure.developer does). For productions use, ideally neither will be required. That said, we may ask for a rebuild with --enable-debug at least if it crashes, or ask to rebuild with ./configure.developer and run make test if you get inexplicable results. I hope this clarifies things, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Secondary DNS - samba 4 domain
Hi Ryan, On Thu, May 31, 2012 at 5:52 AM, Ryan Whelan rcwhe...@gmail.com wrote: How do I do about setting up a second samba DC as a DNS server? I have 2 DCs in the domain (setup via the How-to on the wiki) If I try to follow the steps I used for the first controller on the second, bind won't start because /usr/local/samba/private/dns hasn't been created or populated. (I'm using the dlz backend). Searching the wiki has provided nothing. How to I create the needed ldb zone files? Do i just copy them from the first machine? It's slightly more involved. First you have to make sure that DNS partitions are getting replicated between two DCs. If the DNS partitions are not replicated correctly you won't be able to run DNS server on secondary DC. Next step is to use samba_upgradedns script to fix the provision on secondary DC and to create the files required by DLZ backend. The main issue reported by few users is that the replication fails at times and I have not yet been able to figure out the root cause of this. So if you notice issues with replication, let me know. Amitay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Secondary DNS - samba 4 domain
I was able to get the DomainDnsZone and ForestDnsZone replicated to the second machine. I ran the samba_upgradedns script and it created the private/dns dir and populated it with with the ldbs. Bind starts fine with the dlopen. However, bind fails to resolve anything. Trying to do a zone transfer (via `dig`) from the second machine fails- looking at the log, it says the zone has no SOA. However, running `samba-tool dns query smb2 cngtest.local cngtest.local SOA` returns: Name=, Records=0, Children=0 Name=_msdcs, Records=0, Children=0 Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=4 Name=_udp, Records=0, Children=2 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=smb1, Records=0, Children=0 Name=tester, Records=0, Children=0 If i try to resolve a single host (via `dig`) returns SERVFAIL. I've tried restarting both bind and samba. It didn't help. On Wed, May 30, 2012 at 7:10 PM, Amitay Isaacs ami...@gmail.com wrote: Hi Ryan, On Thu, May 31, 2012 at 5:52 AM, Ryan Whelan rcwhe...@gmail.com wrote: How do I do about setting up a second samba DC as a DNS server? I have 2 DCs in the domain (setup via the How-to on the wiki) If I try to follow the steps I used for the first controller on the second, bind won't start because /usr/local/samba/private/dns hasn't been created or populated. (I'm using the dlz backend). Searching the wiki has provided nothing. How to I create the needed ldb zone files? Do i just copy them from the first machine? It's slightly more involved. First you have to make sure that DNS partitions are getting replicated between two DCs. If the DNS partitions are not replicated correctly you won't be able to run DNS server on secondary DC. Next step is to use samba_upgradedns script to fix the provision on secondary DC and to create the files required by DLZ backend. The main issue reported by few users is that the replication fails at times and I have not yet been able to figure out the root cause of this. So if you notice issues with replication, let me know. Amitay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ./configure.developer and Samba 4.0 pre-releases
On Wed, May 30, 2012 at 6:34 PM, Andrew Bartlett abart...@samba.org wrote: On Wed, 2012-05-30 at 17:04 -0400, Charles Tryon wrote: Quick question: You mention here using the ./configure command, but the HOWTO and everything else I've seen up to this point recommend using ./configure.developer. Is this still the recommendation, or is it better to just use ./configure if you really aren't doing development (which includes, debugging, testing and general mucking around with stuff you aren't sure yet if it works) G'day, The main reason we recommend ./configure.developer in the HOWTO is that if it crashes, the debugging symbols from --enable-debug will be valuable. Also, while it isn't in the howto, make test relies on --enable-selftest. Both these modes are turned on by --enable-developer (which is what ./configure.developer does). For productions use, ideally neither will be required. That said, we may ask for a rebuild with --enable-debug at least if it crashes, or ask to rebuild with ./configure.developer and run make test if you get inexplicable results. I hope this clarifies things, Yes, thank you! Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- Charles Tryon _ “Risks are not to be evaluated in terms of the probability of success, but in terms of the value of the goal.” - Ralph D. Winter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Secondary DNS - samba 4 domain
I was able to get dns to replicate from the first to the second DC. Its working well- except I can't create records on the second machine. Should I be able to? DomainDnsZone and ForestDnsZone are replicating both directions. When i try; I get WERR_INTERNAL_DB_ERROR. Is there a way to verify the structure of the DBs on the second machine? samba-tool dbcheck returns without issue. root@SMB2:/usr/local/samba# bin/samba-tool dns add -Uadministrator smb2 cngtest.local tester A 192.168.0.250 Password for [CNGTEST\administrator]: ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR') File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 160, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py, line 1055, in run None) It errors out in the MS server admin tools as well. On Wed, May 30, 2012 at 8:09 PM, Ryan Whelan rcwhe...@gmail.com wrote: I was able to get the DomainDnsZone and ForestDnsZone replicated to the second machine. I ran the samba_upgradedns script and it created the private/dns dir and populated it with with the ldbs. Bind starts fine with the dlopen. However, bind fails to resolve anything. Trying to do a zone transfer (via `dig`) from the second machine fails- looking at the log, it says the zone has no SOA. However, running `samba-tool dns query smb2 cngtest.local cngtest.local SOA` returns: Name=, Records=0, Children=0 Name=_msdcs, Records=0, Children=0 Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=4 Name=_udp, Records=0, Children=2 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=smb1, Records=0, Children=0 Name=tester, Records=0, Children=0 If i try to resolve a single host (via `dig`) returns SERVFAIL. I've tried restarting both bind and samba. It didn't help. On Wed, May 30, 2012 at 7:10 PM, Amitay Isaacs ami...@gmail.com wrote: Hi Ryan, On Thu, May 31, 2012 at 5:52 AM, Ryan Whelan rcwhe...@gmail.com wrote: How do I do about setting up a second samba DC as a DNS server? I have 2 DCs in the domain (setup via the How-to on the wiki) If I try to follow the steps I used for the first controller on the second, bind won't start because /usr/local/samba/private/dns hasn't been created or populated. (I'm using the dlz backend). Searching the wiki has provided nothing. How to I create the needed ldb zone files? Do i just copy them from the first machine? It's slightly more involved. First you have to make sure that DNS partitions are getting replicated between two DCs. If the DNS partitions are not replicated correctly you won't be able to run DNS server on secondary DC. Next step is to use samba_upgradedns script to fix the provision on secondary DC and to create the files required by DLZ backend. The main issue reported by few users is that the replication fails at times and I have not yet been able to figure out the root cause of this. So if you notice issues with replication, let me know. Amitay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9cae92b s3:utils: use cli_tree_connect() instead of cli_tcon_andx() via 9c02667 s3:libsmb: use cli_tree_connect() instead of cli_tcon_andx() via bce43d7 s3:libsmb: fallback to SMBtcon for old servers from 27fb14b s3-loadparm: Swap synonyms of max/min protocol to server max/min protocol http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9cae92b48574d22e0d8e129ed6cb3d2ca20b6fc8 Author: Stefan Metzmacher me...@samba.org Date: Wed May 30 10:22:19 2012 +0200 s3:utils: use cli_tree_connect() instead of cli_tcon_andx() metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Wed May 30 12:54:05 CEST 2012 on sn-devel-104 commit 9c02667b8220368b02fcae3ba90a0c8d801661bc Author: Stefan Metzmacher me...@samba.org Date: Wed May 30 10:20:11 2012 +0200 s3:libsmb: use cli_tree_connect() instead of cli_tcon_andx() cli_tree_connect() is more generic and uses what the server supports metze commit bce43d75da8e73a00a6aeca7c4064f17e4f2804e Author: Stefan Metzmacher me...@samba.org Date: Wed May 30 10:07:21 2012 +0200 s3:libsmb: fallback to SMBtcon for old servers metze --- Summary of changes: source3/libsmb/cliconnect.c | 20 +--- source3/utils/smbcacls.c|2 +- 2 files changed, 18 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index fe8c3a1..9481e75 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -2514,6 +2514,10 @@ NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share, NTSTATUS cli_tree_connect(struct cli_state *cli, const char *share, const char *dev, const char *pass, int passlen) { + NTSTATUS status; + uint16_t max_xmit = 0; + uint16_t tid = 0; + cli-share = talloc_strdup(cli, share); if (!cli-share) { return NT_STATUS_NO_MEMORY; @@ -2523,7 +2527,17 @@ NTSTATUS cli_tree_connect(struct cli_state *cli, const char *share, return smb2cli_tcon(cli, share); } - return cli_tcon_andx(cli, share, dev, pass, passlen); + if (smbXcli_conn_protocol(cli-conn) = PROTOCOL_LANMAN1) { + return cli_tcon_andx(cli, share, dev, pass, passlen); + } + + status = cli_raw_tcon(cli, share, pass, dev, max_xmit, tid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + cli-smb1.tid = tid; + + return NT_STATUS_OK; } / @@ -2821,8 +2835,8 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli, } if (service) { - nt_status = cli_tcon_andx(cli, service, service_type, password, - pw_len); + nt_status = cli_tree_connect(cli, service, service_type, +password, pw_len); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1,(failed tcon_X with %s\n, nt_errstr(nt_status))); cli_shutdown(cli); diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 714f47b..3d18bee 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -187,7 +187,7 @@ static NTSTATUS cli_lsa_lookup_domain_sid(struct cli_state *cli, TALLOC_CTX *frame = talloc_stackframe(); const struct ndr_syntax_id *lsarpc_syntax = ndr_table_lsarpc.syntax_id; - status = cli_tcon_andx(cli, IPC$, ?, , 0); + status = cli_tree_connect(cli, IPC$, ?, , 0); if (!NT_STATUS_IS_OK(status)) { goto done; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3e92bff s4-provision: Use the s3fs file server by default in migrations via c8000ca s3-build: Fix configure checks for Heimdal via a49e771 build: Make gss_wrap_iov mandatory for krb5 build via 65bd5eb lib/krb5_wrap: Move krb5_princ_size helper to source4 as it is only used there from 9cae92b s3:utils: use cli_tree_connect() instead of cli_tcon_andx() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3e92bff13df47943d180bdef96f2a3d4815f8472 Author: Andrew Bartlett abart...@samba.org Date: Wed May 30 16:40:03 2012 +1000 s4-provision: Use the s3fs file server by default in migrations This covers both migrations from s3 and joining a domain as a new DC. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Wed May 30 14:57:22 CEST 2012 on sn-devel-104 commit c8000cad5598831b11be7788e4356122beb39491 Author: Andrew Bartlett abart...@samba.org Date: Wed May 30 17:44:42 2012 +1000 s3-build: Fix configure checks for Heimdal A series of small errors meant that all Heimdal versions became unsupported, when for the autoconf build, some versions have what we need. Andrew Bartlett commit a49e771a93d54b0f3475242d5e74e09c130c3fac Author: Andrew Bartlett abart...@samba.org Date: Wed May 30 19:21:12 2012 +1000 build: Make gss_wrap_iov mandatory for krb5 build This isn't in Heimdal 1.1, so we still fail on that version, but at least we fail for the right reasons. Andrew Bartlett commit 65bd5eb04bcd426833ba4a5cf424af9710f03f2e Author: Andrew Bartlett abart...@samba.org Date: Wed May 30 17:41:51 2012 +1000 lib/krb5_wrap: Move krb5_princ_size helper to source4 as it is only used there This is also where the related krb5_princ_component is declared. Also fix the configure check to use the correct name This helps the autoconf build on Heimdal. Andrew Bartlett --- Summary of changes: lib/krb5_wrap/krb5_samba.h |8 source3/configure.in | 35 +++ source4/auth/kerberos/kerberos.h |8 source4/heimdal_build/wscript_configure|2 +- .../scripting/python/samba/provision/__init__.py |2 +- 5 files changed, 30 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 8d55a32..bd34879 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -64,14 +64,6 @@ #define AP_OPTS_USE_SUBKEY 0 #endif -#ifndef krb5_princ_size -#if defined(HAVE_KRB5_KRB5_PRINCIPAL_GET_NUM_COMP) -#define krb5_princ_size krb5_principal_get_num_comp -#else -#error krb5_princ_size unavailable -#endif -#endif - typedef struct { #if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */ krb5_address **addrs; diff --git a/source3/configure.in b/source3/configure.in index 989b617..ea89fa2 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3542,6 +3542,12 @@ if test x$with_ads_support != xno; then AC_DEFINE(HAVE_GSSAPI, , [Whether the platform has GSSAPI support]) fi + # This is for FreeBSD (and possibly others). gss_mech_krb5 is a + # #define to GSS_KRB5_MECHANISM, which is defined in -lgssapi_krb5 + # Also, gsskrb5_extract_authz_data_from_sec_context is in -lgssapi_krb5 + AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS, GSS_KRB5_MECHANISM, + [KRB5_LIBS=$KRB5_LIBS -lgssapi_krb5]) + AC_CHECK_FUNC_EXT(krb5_set_real_time, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_set_default_in_tkt_etypes, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_set_default_tgs_enctypes, $KRB5_LIBS) @@ -3567,6 +3573,7 @@ if test x$with_ads_support != xno; then AC_CHECK_FUNC_EXT(krb5_principal_compare_any_realm, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_parse_name_norealm, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_princ_size, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(krb5_make_principal, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_principal_get_num_comp, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_set_pac_request, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_renewed_creds, $KRB5_LIBS) @@ -3598,11 +3605,6 @@ if test x$with_ads_support != xno; then AC_CHECK_FUNC_EXT(gss_inquire_sec_context_by_oid, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_wrap_iov, $KRB5_LIBS) - # This is for FreeBSD (and possibly others). gss_mech_krb5 is a - # #define to GSS_KRB5_MECHANISM, which is defined in -lgssapi_krb5 - AC_CHECK_LIB_EXT(gssapi_krb5, KRB5_LIBS, GSS_KRB5_MECHANISM, - [KRB5_LIBS=$KRB5_LIBS -lgssapi_krb5]) - # MIT krb5 1.8 does not expose this call (yet)
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 866279d dsdb: Fix error checking conditions in partition_metadata module via 6f133c9 librpc: Fix an incompatible pointer type warning from 3e92bff s4-provision: Use the s3fs file server by default in migrations http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 866279df9f565df32234ffbefce612b711ed747a Author: Amitay Isaacs ami...@gmail.com Date: Wed May 30 21:07:38 2012 +1000 dsdb: Fix error checking conditions in partition_metadata module Thanks to Matthieu Patou m...@matws.net for pointing it out. Autobuild-User: Amitay Isaacs ami...@samba.org Autobuild-Date: Wed May 30 17:00:01 CEST 2012 on sn-devel-104 commit 6f133c911f0fa0c75a01ccb02f2857887a56f5c4 Author: Volker Lendecke v...@samba.org Date: Wed May 30 21:01:33 2012 +1000 librpc: Fix an incompatible pointer type warning Signed-off-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: librpc/ndr/ndr_dnsp.c |6 -- .../dsdb/samdb/ldb_modules/partition_metadata.c| 14 +++--- 2 files changed, 11 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/ndr/ndr_dnsp.c b/librpc/ndr/ndr_dnsp.c index f7300c8..fcb623a 100644 --- a/librpc/ndr/ndr_dnsp.c +++ b/librpc/ndr/ndr_dnsp.c @@ -197,13 +197,15 @@ _PUBLIC_ void ndr_print_dnsp_string_list(struct ndr_print *ndr, const char *name _PUBLIC_ enum ndr_err_code ndr_pull_dnsp_string_list(struct ndr_pull *ndr, int ndr_flags, struct dnsp_string_list *list) { list-count = 0; - list-str = talloc_array(ndr-current_mem_ctx, char *, list-count); + list-str = talloc_array(ndr-current_mem_ctx, const char *, +list-count); if (! list-str) { return ndr_pull_error(ndr, NDR_ERR_ALLOC, Failed to pull dnsp_string_list); } while (ndr-offset ndr-data_size) { - list-str = talloc_realloc(ndr-current_mem_ctx, list-str, char *, list-count+1); + list-str = talloc_realloc(ndr-current_mem_ctx, list-str, + const char *, list-count+1); if (! list-str) { return ndr_pull_error(ndr, NDR_ERR_ALLOC, Failed to pull dnsp_string_list); } diff --git a/source4/dsdb/samdb/ldb_modules/partition_metadata.c b/source4/dsdb/samdb/ldb_modules/partition_metadata.c index e3f0fb5..76b78dd 100644 --- a/source4/dsdb/samdb/ldb_modules/partition_metadata.c +++ b/source4/dsdb/samdb/ldb_modules/partition_metadata.c @@ -39,7 +39,7 @@ static int partition_metadata_get_uint64(struct ldb_module *module, data = talloc_get_type_abort(ldb_module_get_private(module), struct partition_private_data); - if (!data !data-metadata !data-metadata-db) { + if (!data || !data-metadata || !data-metadata-db) { return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR, partition_metadata: metadata tdb not initialized); } @@ -98,7 +98,7 @@ static int partition_metadata_set_uint64(struct ldb_module *module, data = talloc_get_type_abort(ldb_module_get_private(module), struct partition_private_data); - if (!data !data-metadata !data-metadata-db) { + if (!data || !data-metadata || !data-metadata-db) { return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR, partition_metadata: metadata tdb not initialized); } @@ -359,7 +359,7 @@ int partition_metadata_sequence_number_increment(struct ldb_module *module, uint data = talloc_get_type_abort(ldb_module_get_private(module), struct partition_private_data); - if (!data !data-metadata) { + if (!data || !data-metadata) { return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR, partition_metadata: metadata not initialized); } @@ -390,7 +390,7 @@ int partition_metadata_start_trans(struct ldb_module *module) data = talloc_get_type_abort(ldb_module_get_private(module), struct partition_private_data); - if (!data !data-metadata !data-metadata-db) { + if (!data || !data-metadata || !data-metadata-db) { return ldb_module_error(module, LDB_ERR_OPERATIONS_ERROR, partition_metadata: metadata not initialized); } @@ -417,7 +417,7 @@ int partition_metadata_prepare_commit(struct ldb_module *module) data = talloc_get_type_abort(ldb_module_get_private(module),
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 633060f selftest: bug #8373 is fixed and we should always test this now. from 866279d dsdb: Fix error checking conditions in partition_metadata module http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 633060f025c99c0077abb58065bf76a4f8a59f0b Author: Günther Deschner g...@samba.org Date: Wed May 30 14:54:27 2012 +0200 selftest: bug #8373 is fixed and we should always test this now. Guenther Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Wed May 30 18:56:38 CEST 2012 on sn-devel-104 --- Summary of changes: selftest/skip |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/skip b/selftest/skip index bd11312..f2f6b69 100644 --- a/selftest/skip +++ b/selftest/skip @@ -102,4 +102,3 @@ bench # don't run benchmarks in our selftest ^samba4.drs.delete_object.python # flakey test ^samba4.rpc.unixinfo # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use ^samba.tests.dcerpc.unix # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use -^samba.*.local.ndr.nbt_netlogon_packet # until bug #8373 is fixed -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-05-30-1949/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-30-1949/samba3.stderr http://git.samba.org/autobuild.flakey/2012-05-30-1949/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-30-1949/samba4.stderr http://git.samba.org/autobuild.flakey/2012-05-30-1949/samba4.stdout The top commit at the time of the failure was: commit 866279df9f565df32234ffbefce612b711ed747a Author: Amitay Isaacs ami...@gmail.com Date: Wed May 30 21:07:38 2012 +1000 dsdb: Fix error checking conditions in partition_metadata module Thanks to Matthieu Patou m...@matws.net for pointing it out. Autobuild-User: Amitay Isaacs ami...@samba.org Autobuild-Date: Wed May 30 17:00:01 CEST 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e697253 s3:libsmb: use nb_connect_send() directly instead of doing a 0 timer for port 139 from 633060f selftest: bug #8373 is fixed and we should always test this now. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e697253263f9c5138f71574c8f35d1e5e7d957a5 Author: Stefan Metzmacher me...@samba.org Date: Wed May 30 13:20:19 2012 +0200 s3:libsmb: use nb_connect_send() directly instead of doing a 0 timer for port 139 metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Wed May 30 20:51:51 CEST 2012 on sn-devel-104 --- Summary of changes: source3/libsmb/smbsock_connect.c | 13 + 1 files changed, 9 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/smbsock_connect.c b/source3/libsmb/smbsock_connect.c index d9d3b92..c5fd2c8 100644 --- a/source3/libsmb/smbsock_connect.c +++ b/source3/libsmb/smbsock_connect.c @@ -330,7 +330,7 @@ struct tevent_req *smbsock_connect_send(TALLOC_CTX *mem_ctx, const char *calling_name, int calling_type) { - struct tevent_req *req, *subreq; + struct tevent_req *req; struct smbsock_connect_state *state; req = tevent_req_create(mem_ctx, state, struct smbsock_connect_state); @@ -352,11 +352,16 @@ struct tevent_req *smbsock_connect_send(TALLOC_CTX *mem_ctx, talloc_set_destructor(state, smbsock_connect_state_destructor); if (port == NBT_SMB_PORT) { - subreq = tevent_wakeup_send(state, ev, timeval_set(0, 0)); - if (tevent_req_nomem(subreq, req)) { + state-req_139 = nb_connect_send(state, state-ev, state-addr, +state-called_name, +state-called_type, +state-calling_name, +state-calling_type); + if (tevent_req_nomem(state-req_139, req)) { return tevent_req_post(req, ev); } - tevent_req_set_callback(subreq, smbsock_connect_do_139, req); + tevent_req_set_callback( + state-req_139, smbsock_connect_connected, req); return req; } if (port != 0) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fc7e111 Fix bad bugfix for bug #8910 - resolve_ads() code can return zero addresses and miss valid DC IP addresses via d7e52cc Fix metze's complaint about the bugfix for bug #8953 - winbind can hang as nbt_getdc() has no timeout. from e697253 s3:libsmb: use nb_connect_send() directly instead of doing a 0 timer for port 139 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fc7e1113c34819de6fc8053fb81ee2e0e970bec2 Author: Ira Cooper i...@wakeful.net Date: Wed May 30 11:50:06 2012 -0700 Fix bad bugfix for bug #8910 - resolve_ads() code can return zero addresses and miss valid DC IP addresses Original code incorrectly used a while() instead of a for() loop. We need to iterate over the entire array here. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed May 30 23:29:03 CEST 2012 on sn-devel-104 commit d7e52cc5273c3ec1a0570f06610e30b48c03bf6b Author: Jeremy Allison j...@samba.org Date: Tue May 29 15:25:39 2012 -0700 Fix metze's complaint about the bugfix for bug #8953 - winbind can hang as nbt_getdc() has no timeout. This code explicitly isn't needed as the tevent code will take care of this. --- Summary of changes: source3/libsmb/clidgram.c |7 --- source3/libsmb/namequery.c |2 +- 2 files changed, 1 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clidgram.c b/source3/libsmb/clidgram.c index cfed067..3772194 100644 --- a/source3/libsmb/clidgram.c +++ b/source3/libsmb/clidgram.c @@ -450,8 +450,6 @@ NTSTATUS nbt_getdc(struct messaging_context *msg_ctx, TALLOC_CTX *frame = talloc_stackframe(); struct tevent_context *ev; struct tevent_req *req; - enum tevent_req_state err_state; - uint64_t error; NTSTATUS status = NT_STATUS_NO_MEMORY; ev = tevent_context_init(frame); @@ -473,11 +471,6 @@ NTSTATUS nbt_getdc(struct messaging_context *msg_ctx, status = nbt_getdc_recv(req, mem_ctx, pnt_version, dc_name, samlogon_response); fail: - if (ev req - tevent_req_is_error(req, err_state, error) - err_state == TEVENT_REQ_TIMED_OUT) { - status = NT_STATUS_IO_TIMEOUT; - } TALLOC_FREE(frame); return status; } diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 3eae347..4c05e4f 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -2491,7 +2491,7 @@ static NTSTATUS resolve_ads(const char *name, *return_count = 0; - while ( i numdcs (*return_countnumaddrs) ) { + for (i = 0; i numdcs (*return_countnumaddrs); i++ ) { /* If we don't have an IP list for a name, lookup it up */ if (!dcs[i].ss_s) { /* We need to get all IP addresses here. */ -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-05-30-2350/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-30-2350/samba3.stderr http://git.samba.org/autobuild.flakey/2012-05-30-2350/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-30-2350/samba4.stderr http://git.samba.org/autobuild.flakey/2012-05-30-2350/samba4.stdout The top commit at the time of the failure was: commit e697253263f9c5138f71574c8f35d1e5e7d957a5 Author: Stefan Metzmacher me...@samba.org Date: Wed May 30 13:20:19 2012 +0200 s3:libsmb: use nb_connect_send() directly instead of doing a 0 timer for port 139 metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Wed May 30 20:51:51 CEST 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5e5f569 lib/dbwrap: make it possible to delete/store the current record during traverse via 39ac945 lib/dbwrap: don't alter the record on failure in db_rbt_store() via a06b9b4 lib/dbwrap: fix db_rbt_store and update the per record node pointer via 5b8cb6b lib/dbwrap: remove unused per db_record pointer in dbwrap_rbt from fc7e111 Fix bad bugfix for bug #8910 - resolve_ads() code can return zero addresses and miss valid DC IP addresses http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5e5f5692b8061e7151f80b155a229ce9bbb31ef9 Author: Stefan Metzmacher me...@samba.org Date: Wed May 30 15:06:12 2012 +0200 lib/dbwrap: make it possible to delete/store the current record during traverse metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Thu May 31 02:50:09 CEST 2012 on sn-devel-104 commit 39ac9457a3d75a344b6ca41a7df3122eb9c5b26e Author: Stefan Metzmacher me...@samba.org Date: Wed May 30 16:50:06 2012 +0200 lib/dbwrap: don't alter the record on failure in db_rbt_store() metze commit a06b9b413e6e739310d6f0e95ad5d31f9503482a Author: Stefan Metzmacher me...@samba.org Date: Wed May 30 16:48:39 2012 +0200 lib/dbwrap: fix db_rbt_store and update the per record node pointer metze commit 5b8cb6b2be4008d3f985e304f6c7cf259672e616 Author: Stefan Metzmacher me...@samba.org Date: Wed May 30 16:05:03 2012 +0200 lib/dbwrap: remove unused per db_record pointer in dbwrap_rbt metze --- Summary of changes: lib/dbwrap/dbwrap_rbt.c | 117 --- 1 files changed, 90 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c index d468953..3dca3ba 100644 --- a/lib/dbwrap/dbwrap_rbt.c +++ b/lib/dbwrap/dbwrap_rbt.c @@ -30,7 +30,6 @@ struct db_rbt_ctx { }; struct db_rbt_rec { - struct db_rbt_ctx *db_ctx; struct db_rbt_node *node; }; @@ -92,6 +91,8 @@ static void db_rbt_parse_node(struct db_rbt_node *node, static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag) { + struct db_rbt_ctx *db_ctx = talloc_get_type_abort( + rec-db-private_data, struct db_rbt_ctx); struct db_rbt_rec *rec_priv = (struct db_rbt_rec *)rec-private_data; struct db_rbt_node *node; @@ -120,13 +121,23 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag) rec_priv-node-valuesize = data.dsize; return NT_STATUS_OK; } + } + + node = (struct db_rbt_node *)talloc_size(db_ctx, + offsetof(struct db_rbt_node, data) + rec-key.dsize + + data.dsize); + + if (node == NULL) { + return NT_STATUS_NO_MEMORY; + } + if (rec_priv-node != NULL) { /* * We need to delete the key from the tree and start fresh, * there's not enough space in the existing record */ - rb_erase(rec_priv-node-rb_node, rec_priv-db_ctx-tree); + rb_erase(rec_priv-node-rb_node, db_ctx-tree); /* * Keep the existing node around for a while: If the record @@ -134,15 +145,6 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag) */ } - node = (struct db_rbt_node *)talloc_size(rec_priv-db_ctx, - offsetof(struct db_rbt_node, data) + rec-key.dsize - + data.dsize); - - if (node == NULL) { - TALLOC_FREE(rec_priv-node); - return NT_STATUS_NO_MEMORY; - } - ZERO_STRUCT(node-rb_node); node-keysize = rec-key.dsize; @@ -152,11 +154,12 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag) memcpy(this_key.dptr, rec-key.dptr, node-keysize); TALLOC_FREE(rec_priv-node); + rec_priv-node = node; memcpy(this_val.dptr, data.dptr, node-valuesize); parent = NULL; - p = rec_priv-db_ctx-tree.rb_node; + p = db_ctx-tree.rb_node; while (*p) { struct db_rbt_node *r; @@ -183,24 +186,37 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag) } rb_link_node(node-rb_node, parent, p); - rb_insert_color(node-rb_node, rec_priv-db_ctx-tree); + rb_insert_color(node-rb_node, db_ctx-tree); return NT_STATUS_OK; } static NTSTATUS db_rbt_delete(struct db_record *rec) { + struct db_rbt_ctx *db_ctx = talloc_get_type_abort( + rec-db-private_data, struct db_rbt_ctx); struct db_rbt_rec *rec_priv =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5d1a8d2 Stop spamming the logs with Could not remove pid XX from serverid.tdb messages and initiating the cleanup function on every process death. from 5e5f569 lib/dbwrap: make it possible to delete/store the current record during traverse http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5d1a8d2a31390762c471229c2b115147ad0857fe Author: Jeremy Allison j...@samba.org Date: Wed May 30 17:12:10 2012 -0700 Stop spamming the logs with Could not remove pid XX from serverid.tdb messages and initiating the cleanup function on every process death. We now have many sub-processes from smbd that don't serve SMB1/SMB2 requests and don't register themselves in the serverid.tdb. Only initiate the cleanup from processes that were explicitly in the child list. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Thu May 31 04:44:09 CEST 2012 on sn-devel-104 --- Summary of changes: source3/smbd/server.c | 33 ++--- 1 files changed, 18 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server.c b/source3/smbd/server.c index ab4e971..f71235f 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -416,6 +416,24 @@ static void remove_child_pid(struct smbd_parent_context *parent, struct smbd_child_pid *child; struct server_id child_id; + child_id = pid_to_procid(pid); + + for (child = parent-children; child != NULL; child = child-next) { + if (child-pid == pid) { + struct smbd_child_pid *tmp = child; + DLIST_REMOVE(parent-children, child); + TALLOC_FREE(tmp); + parent-num_children -= 1; + break; + } + } + + if (child == NULL) { + /* not all forked child processes are added to the children list */ + DEBUG(2, (Could not find child %d -- ignoring\n, (int)pid)); + return; + } + if (unclean_shutdown) { /* a child terminated uncleanly so tickle all processes to see if they can grab any of the @@ -435,25 +453,10 @@ static void remove_child_pid(struct smbd_parent_context *parent, } } - child_id = pid_to_procid(pid); - if (!serverid_deregister(child_id)) { DEBUG(1, (Could not remove pid %d from serverid.tdb\n, (int)pid)); } - - for (child = parent-children; child != NULL; child = child-next) { - if (child-pid == pid) { - struct smbd_child_pid *tmp = child; - DLIST_REMOVE(parent-children, child); - TALLOC_FREE(tmp); - parent-num_children -= 1; - return; - } - } - - /* not all forked child processes are added to the children list */ - DEBUG(2, (Could not find child %d -- ignoring\n, (int)pid)); } / -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-05-31-0620/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-31-0620/samba3.stderr http://git.samba.org/autobuild.flakey/2012-05-31-0620/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-31-0620/samba4.stderr http://git.samba.org/autobuild.flakey/2012-05-31-0620/samba4.stdout The top commit at the time of the failure was: commit 5d1a8d2a31390762c471229c2b115147ad0857fe Author: Jeremy Allison j...@samba.org Date: Wed May 30 17:12:10 2012 -0700 Stop spamming the logs with Could not remove pid XX from serverid.tdb messages and initiating the cleanup function on every process death. We now have many sub-processes from smbd that don't serve SMB1/SMB2 requests and don't register themselves in the serverid.tdb. Only initiate the cleanup from processes that were explicitly in the child list. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Thu May 31 04:44:09 CEST 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 15d5672 build: rename build targets smbclient - smbclient4 and smbclient3 - smbclient via 7699085 s4:selftest: change the blackbox.samba_tool_demote test to use a binary mapping for smbclient via 72fbbdb s4:selftest: change the blackbox.passwords test to use a binary mapping for smbclient via e7281b4 s4:selftest: change the blackbox.pkinit test to use a binary mapping for smbclient via d86ae30 s4:selftest: change the blackbox.kinit test to use a binary mapping for smbclient via 104135fa s4:selftest: change the blackbox.export.keytab test to use a binary mapping for smbclient via 00f5473 s4:selftest: change the blackbox.chgdcpass test to use a binary mapping for smbclient via df0cadb s4:selftest: change the blackbox.samba_tool test to use a binary mapping for smbclient via da82c07 s4:selftets: change the blackbox.bogusdomain test to use binary mapping for smbclient via 11a2eea s4:selftest: change the blackbox.smbclient test to use binary mapping for smbclient via 4b07193 s3:selftest: add a binary mapping for smbclient4 via 37194f5 selftest: add a binary mapping for smbclient4 via 52e1bba build: rename build targets nmblookup - nmblookup4 and nmblookup3 - nmblookup via 0659a70 build: add a build suffix (4) for s4-binaries via fef5ce7 s4:selftest: determine nmblookup via binary mapping for blackbox test in tests.py via f6e6086 selftest:Samba4: use the nmblookup4 binary mapping via f56ada0 s3:selftest: add a binary mapping for nmblookup4 via ab39551 selftest: add a binary mapping for nmblookup4 via 13181f3 s3:selftest: improve strange linebreaks for blackbox tests in tests.py for readability via 910a497 s3:selftest: introduce a variable for binpath('dbwrap_tool') in tests.py via 953163d s3:selftest: introduce a variable for binpath('ntlm_auth3') in tests.py via 5ec763a s3:selftest: introduce a variable for binpath('smbtorture3') in tests.py via 886169b s3:selftest: introduce a variable for binpath('net') in tests.py via f9aef09 s3:selftest: introduce a variable for binpath('wbinfo') in tests.py via 4f611bc s3:selftest: introduce a variable for binpath('smbclient3') to test.py via 24bdec9 s3:selftest: introduce a variable for binpath('nmblookup3') in tests.py via 3d504b8 s3:build: fix some spacing in wscript_build from 5d1a8d2 Stop spamming the logs with Could not remove pid XX from serverid.tdb messages and initiating the cleanup function on every process death. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 15d567265e65e3d47579232a649d6d54f7b32d35 Author: Michael Adam ob...@samba.org Date: Wed May 30 13:10:57 2012 +0200 build: rename build targets smbclient - smbclient4 and smbclient3 - smbclient Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Thu May 31 06:36:55 CEST 2012 on sn-devel-104 commit 769908540f047f24fcd3c57a90843abca85252b2 Author: Michael Adam ob...@samba.org Date: Wed May 30 12:21:42 2012 +0200 s4:selftest: change the blackbox.samba_tool_demote test to use a binary mapping for smbclient commit 72fbbdb9b35fe2f6da09512fe9d887c7a8211739 Author: Michael Adam ob...@samba.org Date: Wed May 30 12:18:35 2012 +0200 s4:selftest: change the blackbox.passwords test to use a binary mapping for smbclient commit e7281b450a5d77b783f0d840d1097593b57f781f Author: Michael Adam ob...@samba.org Date: Wed May 30 12:16:49 2012 +0200 s4:selftest: change the blackbox.pkinit test to use a binary mapping for smbclient commit d86ae30bb8cce9fb78b655a05f3eaba4fc6a0bb8 Author: Michael Adam ob...@samba.org Date: Wed May 30 12:15:10 2012 +0200 s4:selftest: change the blackbox.kinit test to use a binary mapping for smbclient commit 104135faa9d0c7926ceea2f3fc1152312414f210 Author: Michael Adam ob...@samba.org Date: Wed May 30 12:09:25 2012 +0200 s4:selftest: change the blackbox.export.keytab test to use a binary mapping for smbclient commit 00f5473de8e34fc7077ca48ca29d2fa5c8c1814e Author: Michael Adam ob...@samba.org Date: Wed May 30 12:07:18 2012 +0200 s4:selftest: change the blackbox.chgdcpass test to use a binary mapping for smbclient commit df0cadbcc9c3706c8ef86dbc431795b31c1fce70 Author: Michael Adam ob...@samba.org Date: Wed May 30 12:04:30 2012 +0200 s4:selftest: change the blackbox.samba_tool test to use a binary mapping for smbclient commit da82c07e13d1d4ecd32c4b040477f12b2388941c Author: Michael Adam ob...@samba.org Date: Wed May 30 11:57:16 2012 +0200 s4:selftets: change the blackbox.bogusdomain test to use binary mapping for smbclient commit 11a2eeabaaf17be5475dce0cfed3022b08937876 Author: Michael Adam ob...@samba.org Date: Wed May 30