Re: [Samba] Re-replicate LDAP
On Oct 15, 2012, at 12:56 AM, Andreas Oster aos...@novanetwork.de wrote: I guess you can achieve the same with: samba-tool domain demote -Uadministrator afterwards you can join the DC again. That has been unsuccessful to me also. I receiver errors: Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:BLADS1.ad.domain.com[1024,seal] NT_STATUS_IO_TIMEOUT ERROR(class 'samba.drs_utils.drsException'): uncaught exception - drsException: DRS connection to BLADS1.ad.domain.com failed: (-1073741643, 'NT_STATUS_IO_TIMEOUT') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 168, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 631, in run (drsuapiBind, drsuapi_handle, supportedExtensions) = drsuapi_connect(server, lp, creds) File /usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py, line 54, in drsuapi_connect raise drsException(DRS connection to %s failed: %s % (server, e)) root@rcads1:/usr/local/samba/bin# -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re-replicate LDAP
Am 15.10.2012 08:41, schrieb Kristofer: On Oct 15, 2012, at 12:56 AM, Andreas Oster aos...@novanetwork.de wrote: I guess you can achieve the same with: samba-tool domain demote -Uadministrator afterwards you can join the DC again. That has been unsuccessful to me also. I receiver errors: Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:BLADS1.ad.domain.com[1024,seal] NT_STATUS_IO_TIMEOUT ERROR(class 'samba.drs_utils.drsException'): uncaught exception - drsException: DRS connection to BLADS1.ad.domain.com failed: (-1073741643, 'NT_STATUS_IO_TIMEOUT') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 168, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 631, in run (drsuapiBind, drsuapi_handle, supportedExtensions) = drsuapi_connect(server, lp, creds) File /usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py, line 54, in drsuapi_connect raise drsException(DRS connection to %s failed: %s % (server, e)) root@rcads1:/usr/local/samba/bin# Hello Kristofer, samba4 service needs to be running to demote. When samba is started what does samba-tool drs showrepl say ? best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba3 to samba4 // logon hours // server role secrets.tdb, secrets.ldb
Hello. I tried the migration from samba3 domain master (pdc) to a samba4. samba4 -V: Version 4.1.0pre1-GIT-2c3a808 I used the wiki entry about samba3 migration as a guide, copied over the data etc. but I have some questions left. fyi - samba3 tdbsam backend. I removed/edited serveral user accounts with Umlauts in Fullname/Displayname. (tdbdump/text editor/tdbrestore) until all user accounts got migrated. 1. machine accounts: some machine accounts don't have Logon hours FF what seem to be a problem. Could I manually change fields (which fields?) in the tdbsam dump? I tried pdbedit -Z of the specific account, but that seems to change it to an epoch style timestamp and migration fails again - so I removed them in the tdbsam dump to get the migration working, after that additional steps all user and machine accounts get migrated. 2. The server role of samba3 is ROLE_DOMAIN_PDC after migration the samba4 server is stand alone and starting of smbd works without error. BUT if I change the server role to active directory domain controller and try samba instead of smbd, I get an error: Failed to find record for MYDOMAIN-HERE in /var/lib/samba/private/secrets.ldb: No such object: Have you provisioned the MYDOMAIN-HERE domain? Provisioning an new and empty ADS from scratch does work - but I need the migration ;-) I tried to modify the secrets.tdb before I start the classicupgrade without success. This is a show-stopper ;-) Do you could provide me a hint / solution to this? Thanks. cu Joh.Paechnatz -- Johannes Paechnatz -- googleplus: http://goo.gl/GVNoM -- facebook: http://www.facebook.com/jpaechnatz -- jabber/xmpp: jpaechn...@gmail.com -- icq: 22621122 -- skype: jpaechnatz -- blog: http://simplyroot.blogspot.com/ amazon wishlist: -- http://www.amazon.de/registry/wishlist/3L6U7SE47GQ1Z Backup u. Sync sicher via Wuala: http://www.wuala.com/referral/BBN3CFN4HKFF74HN3B7M Encfs4win: http://goo.gl/djpLB Callsign: DO2PJ Try JT65a: http://jt65.w6cqz.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re-replicate LDAP
samba4 service needs to be running to demote. When samba is started what does samba-tool drs showrepl say ? Samba IS running. I also receive this error when trying it against a specific server: Using BRSAD as partner server for the demotion ERROR(class 'samba.drs_utils.drsException'): uncaught exception - drsException: DRS connection to BRSAD failed: (-1073741772, 'NT_STATUS_OBJECT_NAME_NOT_FOUND') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 168, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 631, in run (drsuapiBind, drsuapi_handle, supportedExtensions) = drsuapi_connect(server, lp, creds) File /usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py, line 54, in drsuapi_connect raise drsException(DRS connection to %s failed: %s % (server, e)) ALl servers are showing success from showrepl and 0 consecutive failures. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Verifying Samba enviroment
People I'm new in Samba and I'm trying to learn with manuals, sites etc.. So, I'd like to know how can I test my enviroment. In other words, I'd like to know if my DCs are working correctly. I'm working in a new company and now I'm the sponsor about domain. The structure is two sites (matrix office and branch office). At the matrix we have one PDC and one BDC. At the branch we have 2 BDCs. What are the ways that can I verify if is everything working ok? Are there any commands important to test this enviroment? How to know about machines and users that are using the samba DCs? Note: the enviroment is already in production. Thanks, -- Marcio Oliveira. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] log tdb
This log is repeatedly appearing: [2012/10/10 18:42:47.088584, 1] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (64768,921067) is already open in this process Anybody knows if it's true tha it's harmless? Thanks, -- Marcio Oliveira. Tudo concorre para o bem daqueles que amam à Deus. (Rom 8,28) 2012/10/10 Marcio Oli marcio.oli...@gmail.com This log is repeatedly appearing: [2012/10/10 18:42:47.088584, 1] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (64768,921067) is already open in this process Anybody knows if it's true tha it's harmless? Thanks, -- Marcio Oliveira. Tudo concorre para o bem daqueles que amam à Deus. (Rom 8,28) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 118, Issue 16
Pessoal, bom dia! Estarei de férias no período de 05/10 a 28/10, retornando no dia 29/10/2012. Na minha ausência as dúvidas poderão ser resolvidas pela seguinte equipe: Ricardo: Coordenação da equipe TI, e-mails e servidores – AMP e Inpacom - (011) 3616-1417 Igor: Gemma - AMP e Inpacom - (011) 3616-1438 Luciano e Vagner: Ginjo/ Silbra - Todos os sistemas - (011) 3659-3096 Robson: Indisa - Todos os sistemas - (019) 3765-6000 Essa é uma resposta automática. Até mais. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] wins: no nmblookup on 192.168.1.255 but 192.168.1.2
*ping* On Sun, 2012-10-14 at 11:06 +0200, Rieker Flaik wrote: Hi, here is a client computer and a server computer (Debian Wheezy, armel, samba Version 3.6.6, IP address: 192.168.1.2, Name: xyz). Problem: wins doesn't answer nmblookups by the client on the broadcast address: client$ nmblookup -S xyz querying xyz on 192.168.1.255 name_query failed to find name xyz Why is that so? How to fix this? When I specify the the server IP I do get an answer: client$ nmblookup -U 192.168.1.2 -S xyz querying xyz on 192.168.1.2 192.168.1.2 xyz00 Looking up status of 192.168.1.2 XYZ 00 - H ACTIVE XYZ 03 - H ACTIVE XYZ 20 - H ACTIVE ..__MSBROWSE__. 01 - GROUP H ACTIVE TEST1d - H ACTIVE TEST1e - GROUP H ACTIVE TEST00 - GROUP H ACTIVE MAC Address = 00-00-00-00-00-00 I also get an answer if I do nmblookup on the server: xyz# nmblookup -S XYZ added interface eth0 ip=192.168.1.2 bcast=192.168.1.255 netmask=255.255.255.0 querying XYZ on 192.168.1.255 Got a positive name query response from 192.168.1.2 ( 192.168.1.2 ) 192.168.1.2 XYZ00 Looking up status of 192.168.1.2 XYZ 00 - H ACTIVE XYZ 03 - H ACTIVE XYZ 20 - H ACTIVE ..__MSBROWSE__. 01 - GROUP H ACTIVE TEST1d - H ACTIVE TEST1e - GROUP H ACTIVE TEST00 - GROUP H ACTIVE MAC Address = 00-00-00-00-00-00 Below is netstat, smb.conf, log.nmbd, log.smbd. Please let me know if you need more information or want me to test something. Thanks for you help, Rik xyz# netstat -nap | grep [sn]mbd tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN 18632/smbd tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN 18632/smbd udp0 0 192.168.1.255:137 0.0.0.0:* 18628/nmbd udp0 0 192.168.1.2:137 0.0.0.0:* 18628/nmbd udp0 0 0.0.0.0:137 0.0.0.0:* 18628/nmbd udp0 0 192.168.1.255:138 0.0.0.0:* 18628/nmbd udp0 0 192.168.1.2:138 0.0.0.0:* 18628/nmbd udp0 0 0.0.0.0:138 0.0.0.0:* 18628/nmbd unix 2 [ ACC ] STREAM LISTENING 3402118628/nmbd /var/run/samba/unexpected unix 2 [ ] DGRAM3403318632/smbd xyz# cat /etc/smb.conf [global] workgroup = TEST netbios name = XYZ wins support = yes log file = /var/log/samba/log.%m log level = 2 max log size = 1000 [upload] guest ok = yes guest account = blafoo browseable = yes writeable = yes path = /home/test/uploads comment = test upload guest only = yes public = yes available = yes force group = blafoo force user = blafoo xyz# cat /var/log/samba/log.nmbd [2012/10/14 10:18:14, 0] nmbd/nmbd.c:861(main) nmbd version 3.6.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2012/10/14 10:18:14, 2] lib/tallocmsg.c:124(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2012/10/14 10:18:14, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2012/10/14 10:18:14, 2] param/loadparm.c:4985(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2012/10/14 10:18:14, 2] nmbd/nmbd.c:894(main) Becoming a daemon. [2012/10/14 10:18:14, 0] nmbd/asyncdns.c:157(start_async_dns) started asyncdns process 18630 [2012/10/14 10:18:14, 2] lib/interface.c:341(add_interface) added interface eth0 ip=192.168.1.2 bcast=192.168.1.255 netmask=255.255.255.0 [2012/10/14 10:18:14, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:192.168.1.2 Broadcast address:192.168.1.255 Subnet mask:255.255.255.0 [2012/10/14 10:18:14, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:UNICAST_SUBNET Broadcast address:192.168.1.2 Subnet mask:192.168.1.2 [2012/10/14 10:18:14, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 [2012/10/14 10:18:14, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:WINS_SERVER_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 [2012/10/14 10:18:14, 2] nmbd/nmbd_lmhosts.c:43(load_lmhosts_file) load_lmhosts_file: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or
[Samba] [PATCH] Re: can not change mandatory owner to administrators
On Sat, 2012-10-13 at 19:30 +1100, Andrew Bartlett wrote: On Sat, 2012-10-13 at 09:58 +0330, Mohammad Ebrahim Abravi wrote: Solved Thanks a lot Thanks. The root of the issue is this automatically generated entry in your idmap.ldb: # record 12 dn: CN=S-1-5-32-544 cn: S-1-5-32-544 objectClass: sidMap objectSid: S-1-5-32-544 type: ID_TYPE_GID xidNumber: 10 distinguishedName: CN=S-1-5-32-544 What we need to do in your case is to remove that record, so it becomes regenerated as an IDMAP_BOTH. We also need to remove the generation of that record from provision. The issue is that as a GID, you of course can't own a file. The ntvfs file server papered over this issue (didn't deal with file ownership at a unix level), but the smbd file server needs to correctly set posix permissions. I hope this clarifies things. If you can please file a bug, I'll try not to forget this. The attached patch should prevent this for a new provision. Are you able to test if this fixes things for you (on a new test domain?) Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org From c5b4f82218041132210098dcfe2f269700de66bc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett abart...@samba.org Date: Tue, 16 Oct 2012 13:08:22 +1100 Subject: [PATCH] provision: No longer use the wheel group in new AD Domains The issue here is that if we set S-1-5-32-544 (administrators) to a GID only, then users cannot force a mandetory profile to be owned by administrators (which is a requirement). There is no particularly useful reason for us to enforce this matching a system group. Andrew Bartlett --- source4/scripting/python/samba/netcmd/domain.py| 5 +--- .../scripting/python/samba/provision/__init__.py | 34 ++ 2 files changed, 16 insertions(+), 23 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 6e3f35a..4ba305c 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -186,8 +186,6 @@ class cmd_domain_provision(Command): help=choose 'root' unix username), Option(--nobody, type=string, metavar=USERNAME, help=choose 'nobody' user), - Option(--wheel, type=string, metavar=GROUPNAME, -help=choose 'wheel' privileged group), Option(--users, type=string, metavar=GROUPNAME, help=choose 'users' group), Option(--quiet, help=Be quiet, action=store_true), @@ -237,7 +235,6 @@ class cmd_domain_provision(Command): ldapadminpass=None, root=None, nobody=None, -wheel=None, users=None, quiet=None, blank=None, @@ -393,7 +390,7 @@ class cmd_domain_provision(Command): krbtgtpass=krbtgtpass, machinepass=machinepass, dns_backend=dns_backend, dns_forwarder=dns_forwarder, dnspass=dnspass, root=root, nobody=nobody, - wheel=wheel, users=users, + users=users, serverrole=server_role, dom_for_fun_level=dom_for_fun_level, backend_type=ldap_backend_type, ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls, diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index d9ba90c..ccf56962 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -241,12 +241,6 @@ def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, names.policyid_dc = str(res8[0][cn]).replace({,).replace(},) else: names.policyid_dc = None -res9 = idmapdb.search(expression=(cn=%s) % -(security.SID_BUILTIN_ADMINISTRATORS), -attrs=[xidNumber]) -if len(res9) != 1: -raise ProvisioningError(Unable to find uid/gid for Domain Admins rid) -names.wheel_gid = res9[0][xidNumber] return names @@ -692,7 +686,7 @@ def make_smbconf(smbconf, hostname, domain, realm, targetdir, def setup_name_mappings(idmap, sid, root_uid, nobody_uid, -users_gid, wheel_gid): +users_gid, root_gid): setup reasonable name mappings for sam names to unix names. :param samdb: SamDB object. @@ -702,12 +696,14 @@ def setup_name_mappings(idmap, sid, root_uid, nobody_uid, :param root_uid: uid of the UNIX root user. :param nobody_uid: uid of the UNIX nobody user. :param users_gid: gid of the UNIX users group. -:param wheel_gid: gid of the UNIX wheel group. +:param root_gid: gid of the UNIX root group. idmap.setup_name_mapping(S-1-5-7,
Re: [Samba] Change DNS method?
On Sun, 2012-10-14 at 15:31 -0700, Matthieu Patou wrote: On 10/14/2012 03:17 PM, Andrew Bartlett wrote: On Sun, 2012-10-14 at 15:02 +, Steve wrote: Is it possible to change from the internal name server to BIND once you've provisioned a domain? I set mine up with the internal since it seemed easier, but then discovered the only way for my DHCP clients to update their names in DNS is via BIND, so I'd rather use that instead. I'm not sure it will work anyway, but you are welcome to try. I think we would need some more code to correctly accept TKEY requests in the same way the internal DNS server accepts unauthenticated requests (write them 'as system'). Which kind of updates the internal is able to handle tsig only ? I'm having trouble parsing that, but yes, additional patches are required to have the internal DNS server accept static keys. We would need a key storage mechanism, and then code to implement that TSIG method. I think it would be a very valuable improvement. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba3 to samba4 // logon hours // server role secrets.tdb, secrets.ldb
On Mon, 2012-10-15 at 11:52 +0200, Johannes Paechnatz wrote: Hello. I tried the migration from samba3 domain master (pdc) to a samba4. samba4 -V: Version 4.1.0pre1-GIT-2c3a808 I used the wiki entry about samba3 migration as a guide, copied over the data etc. but I have some questions left. fyi - samba3 tdbsam backend. I removed/edited serveral user accounts with Umlauts in Fullname/Displayname. (tdbdump/text editor/tdbrestore) until all user accounts got migrated. What was your 'unix charset' (we may need to add a conversion here, as we assume UTF8 at the ldb layer). 1. machine accounts: some machine accounts don't have Logon hours FF what seem to be a problem. Could I manually change fields (which fields?) in the tdbsam dump? I tried pdbedit -Z of the specific account, but that seems to change it to an epoch style timestamp and migration fails again - so I removed them in the tdbsam dump to get the migration working, after that additional steps all user and machine accounts get migrated. Can you give me some more detail about what is wrong here? We generally do want to convert any valid samba3 account. 2. The server role of samba3 is ROLE_DOMAIN_PDC after migration the samba4 server is stand alone and starting of smbd works without error. BUT if I change the server role to active directory domain controller and try samba instead of smbd, I get an error: Failed to find record for MYDOMAIN-HERE in /var/lib/samba/private/secrets.ldb: No such object: Have you provisioned the MYDOMAIN-HERE domain? Provisioning an new and empty ADS from scratch does work - but I need the migration ;-) I tried to modify the secrets.tdb before I start the classicupgrade without success. This is a show-stopper ;-) Exactly what command did you run? We should upgrade a ROLE_DOMAIN_PDC into an 'server role = active directory domain controller'. Are you sure you are using the smb.conf produced by the upgrade? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via e96f50c s3-libsmb: Initialise ticket to ensure we do not invalid memory from 5166e0b s3-printing: Increase debug level for info that the db is empty. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit e96f50c9bb145a6af2c023e8ff4c3ec5a4a6 Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 16:55:04 2012 +1100 s3-libsmb: Initialise ticket to ensure we do not invalid memory The free is however a talloc_free(), which has additional protection against freeing the wrong thing. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104 (cherry picked from commit f1452a296429b79755235f4a480f0d5ea38ce178) Fix bug #8788 - spnego_parse_krb5_wrap() frees invalid memory. --- Summary of changes: source3/libsmb/clispnego.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index a97e1dc..98b575d 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -257,6 +257,7 @@ bool spnego_parse_krb5_wrap(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *ticket, bool ret; ASN1_DATA *data; int data_remaining; + *ticket = data_blob_null; data = asn1_init(talloc_tos()); if (data == NULL) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 8013e2e s3-libsmb: Initialise ticket to ensure we do not invalid memory from f156a35 autoconf: fix --with(out)-sendfile-support option handling http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 8013e2e96fd54446584cb91c0120acf41d9e8d46 Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 16:55:04 2012 +1100 s3-libsmb: Initialise ticket to ensure we do not invalid memory The free is however a talloc_free(), which has additional protection against freeing the wrong thing. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104 (cherry picked from commit f1452a296429b79755235f4a480f0d5ea38ce178) Fix bug #8788 - spnego_parse_krb5_wrap() frees invalid memory. (cherry picked from commit e96f50c9bb145a6af2c023e8ff4c3ec5a4a6) --- Summary of changes: source3/libsmb/clispnego.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 49b484b..3200380 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -387,6 +387,7 @@ bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) bool ret; ASN1_DATA *data; int data_remaining; + *ticket = data_blob_null; data = asn1_init(talloc_tos()); if (data == NULL) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via c13c6eb Fix bug #9117 - smbclient can't connect to a Windows 7 server using NTLMv2 (crypto code changes domain case). from 8013e2e s3-libsmb: Initialise ticket to ensure we do not invalid memory http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit c13c6eb11f49b1fd3b3be95c7265cf9c0738b4e8 Author: Jeremy Allison j...@samba.org Date: Fri Aug 24 15:54:07 2012 -0700 Fix bug #9117 - smbclient can't connect to a Windows 7 server using NTLMv2 (crypto code changes domain case). Simple fix for 3.5.x, tested and confirmed as working by original reporter Blohm, Guntram (I/FP-37, extern) extern.guntram.bl...@audi.de. --- Summary of changes: libcli/auth/smbencrypt.c|5 - source3/libsmb/cliconnect.c |1 + 2 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index f7c60e7..e821dbc 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -471,8 +471,11 @@ bool SMBNTLMv2encrypt_hash(TALLOC_CTX *mem_ctx, /* We don't use the NT# directly. Instead we use it mashed up with the username and domain. This prevents username swapping during the auth exchange + NB. *DON'T* tell ntv2_owf_gen() to uppercase the domain + name here, we may have already been added to an NTLMSSP + exchange in the non-uppercase form. */ - if (!ntv2_owf_gen(nt_hash, user, domain, true, ntlm_v2_hash)) { + if (!ntv2_owf_gen(nt_hash, user, domain, false, ntlm_v2_hash)) { return false; } diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index e858280..7b00469 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1178,6 +1178,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli, (p=strchr_m(user2,*lp_winbind_separator( { *p = 0; user = p+1; + strupper_m(user2); workgroup = user2; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via ee5a100 lib-addns: ensure that allocated buffer are pre set to 0 (bug #9259) from c13c6eb Fix bug #9117 - smbclient can't connect to a Windows 7 server using NTLMv2 (crypto code changes domain case). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit ee5a100eaa7cef525a8bc9d1390d7bbdbbfc84fa Author: Matthieu Patou m...@matws.net Date: Thu Sep 27 01:22:57 2012 -0700 lib-addns: ensure that allocated buffer are pre set to 0 (bug #9259) It avoid bugs when one of the buffer is supposed to contain a string that is not null terminated (ie. label-label) and that we don't force the last byte to 0. (similar to commit 03c4dceaab82ca2c60c9ce0e09fddd071f98087b) --- Summary of changes: source3/libaddns/dnsmarshall.c | 24 1 files changed, 12 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libaddns/dnsmarshall.c b/source3/libaddns/dnsmarshall.c index 5530290..b2e84eb 100644 --- a/source3/libaddns/dnsmarshall.c +++ b/source3/libaddns/dnsmarshall.c @@ -27,7 +27,7 @@ struct dns_buffer *dns_create_buffer(TALLOC_CTX *mem_ctx) { struct dns_buffer *result; - if (!(result = talloc(mem_ctx, struct dns_buffer))) { + if (!(result = talloc_zero(mem_ctx, struct dns_buffer))) { return NULL; } @@ -39,7 +39,7 @@ struct dns_buffer *dns_create_buffer(TALLOC_CTX *mem_ctx) */ result-size = 2; - if (!(result-data = TALLOC_ARRAY(result, uint8, result-size))) { + if (!(result-data = TALLOC_ZERO_ARRAY(result, uint8, result-size))) { TALLOC_FREE(result); return NULL; } @@ -216,14 +216,14 @@ static void dns_unmarshall_label(TALLOC_CTX *mem_ctx, return; } - if (!(label = talloc(mem_ctx, struct dns_domain_label))) { + if (!(label = talloc_zero(mem_ctx, struct dns_domain_label))) { buf-error = ERROR_DNS_NO_MEMORY; return; } label-len = len; - if (!(label-label = TALLOC_ARRAY(label, char, len+1))) { + if (!(label-label = TALLOC_ZERO_ARRAY(label, char, len+1))) { buf-error = ERROR_DNS_NO_MEMORY; goto error; } @@ -250,7 +250,7 @@ void dns_unmarshall_domain_name(TALLOC_CTX *mem_ctx, if (!ERR_DNS_IS_OK(buf-error)) return; - if (!(name = talloc(mem_ctx, struct dns_domain_name))) { + if (!(name = talloc_zero(mem_ctx, struct dns_domain_name))) { buf-error = ERROR_DNS_NO_MEMORY; return; } @@ -281,7 +281,7 @@ static void dns_unmarshall_question(TALLOC_CTX *mem_ctx, if (!(ERR_DNS_IS_OK(buf-error))) return; - if (!(q = talloc(mem_ctx, struct dns_question))) { + if (!(q = talloc_zero(mem_ctx, struct dns_question))) { buf-error = ERROR_DNS_NO_MEMORY; return; } @@ -314,7 +314,7 @@ static void dns_unmarshall_rr(TALLOC_CTX *mem_ctx, if (!(ERR_DNS_IS_OK(buf-error))) return; - if (!(r = talloc(mem_ctx, struct dns_rrec))) { + if (!(r = talloc_zero(mem_ctx, struct dns_rrec))) { buf-error = ERROR_DNS_NO_MEMORY; return; } @@ -329,7 +329,7 @@ static void dns_unmarshall_rr(TALLOC_CTX *mem_ctx, if (!(ERR_DNS_IS_OK(buf-error))) return; if (r-data_length != 0) { - if (!(r-data = TALLOC_ARRAY(r, uint8, r-data_length))) { + if (!(r-data = TALLOC_ZERO_ARRAY(r, uint8, r-data_length))) { buf-error = ERROR_DNS_NO_MEMORY; return; } @@ -406,22 +406,22 @@ DNS_ERROR dns_unmarshall_request(TALLOC_CTX *mem_ctx, err = ERROR_DNS_NO_MEMORY; if ((req-num_questions != 0) - !(req-questions = TALLOC_ARRAY(req, struct dns_question *, + !(req-questions = TALLOC_ZERO_ARRAY(req, struct dns_question *, req-num_questions))) { goto error; } if ((req-num_answers != 0) - !(req-answers = TALLOC_ARRAY(req, struct dns_rrec *, + !(req-answers = TALLOC_ZERO_ARRAY(req, struct dns_rrec *, req-num_answers))) { goto error; } if ((req-num_auths != 0) - !(req-auths = TALLOC_ARRAY(req, struct dns_rrec *, + !(req-auths = TALLOC_ZERO_ARRAY(req, struct dns_rrec *, req-num_auths))) { goto error; } if ((req-num_additionals != 0) - !(req-additionals = TALLOC_ARRAY(req, struct dns_rrec *, + !(req-additionals = TALLOC_ZERO_ARRAY(req, struct
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-10-16-0533/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-16-0533/samba3.stderr http://git.samba.org/autobuild.flakey/2012-10-16-0533/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-16-0533/samba.stderr http://git.samba.org/autobuild.flakey/2012-10-16-0533/samba.stdout The top commit at the time of the failure was: commit 2c3a8081ea2fd7eaa2d7bacffc35e0a58c54 Author: Matthieu Patou m...@matws.net Date: Sat Oct 13 01:36:06 2012 -0700 s4-dns: Fix the comments about ignoring zones in internal server Acked-By: Kai Blin k...@samba.org Autobuild-User(master): Kai Blin k...@samba.org Autobuild-Date(master): Sat Oct 13 12:37:53 CEST 2012 on sn-devel-104
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-10-16-0629/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-16-0629/samba3.stderr http://git.samba.org/autobuild.flakey/2012-10-16-0629/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-16-0629/samba.stderr http://git.samba.org/autobuild.flakey/2012-10-16-0629/samba.stdout The top commit at the time of the failure was: commit 2c3a8081ea2fd7eaa2d7bacffc35e0a58c54 Author: Matthieu Patou m...@matws.net Date: Sat Oct 13 01:36:06 2012 -0700 s4-dns: Fix the comments about ignoring zones in internal server Acked-By: Kai Blin k...@samba.org Autobuild-User(master): Kai Blin k...@samba.org Autobuild-Date(master): Sat Oct 13 12:37:53 CEST 2012 on sn-devel-104