Re: [Samba] samba3 to samba4 // logon hours // server role secrets.tdb, secrets.ldb
fyi - samba3 tdbsam backend. I removed/edited serveral user accounts with Umlauts in Fullname/Displayname. (tdbdump/text editor/tdbrestore) until all user accounts got migrated. What was your 'unix charset' (we may need to add a conversion here, as we assume UTF8 at the ldb layer). old samba3 server: LANG=de_DE LC_ALL=de_DE smb.conf: display charset = ISO8859-1 unix charset = ISO8859-1 I remember the reason for this was a software that couldn't handle UTF-8 (which is fixed meanwhile) - and I know that we need to convert the whole content of the filesystem when we migrate... 1. machine accounts: some machine accounts don't have Logon hours FF what seem to be a problem. Could I manually change fields (which fields?) in the tdbsam dump? I tried pdbedit -Z of the specific account, but that seems to change it to an epoch style timestamp and migration fails again - so I removed them in the tdbsam dump to get the migration working, after that additional steps all user and machine accounts get migrated. Can you give me some more detail about what is wrong here? We generally do want to convert any valid samba3 account. old samba3 server: add machine script = /usr/sbin/useradd -c Machine -d /dev/null -g 1000 -s /bin/false %u all machine accounts are added via this entry - so I thought they are the same. example: Failed to modify account record CN=w-2000-007,CN=Computers,DC=SAMBA4SRV to set user attributes: objectclass_attrs: attribute 'logonHours' on entry 'CN=w-2000-007,CN=Computers,DC=SAMBA4SRV' contains at least one invalid value! ERROR(class 'passdb.error'): uncaught exception - Unable to add sam account 'w-2000-007$', (-1073741811,Unexpected information received) File /usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib/python2.7/dist-packages/samba/netcmd/domain.py, line 1321, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/lib/python2.7/dist-packages/samba/upgrade.py, line 883, in upgrade_from_samba3 s4_passdb.add_sam_account(userdata[username]) on samba3 pdbedit -Lv Unix username:w-2000-007$ NT username: Account Flags:[W ] User SID: S-1-5-21-2800255703-2035631742-3861056042-3132 Primary Group SID:S-1-5-21-2800255703-2035631742-3861056042-513 Full Name:W-2000-007$ Home Directory: \\filesrv\w-2000-007_ HomeDir Drive:L: Logon Script: logon-users.bat Profile Path: Domain: BFE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 9223372036854775807 seconds since the Epoch Kickoff time: 9223372036854775807 seconds since the Epoch Password last set:Mon, 19 Sep 2011 08:25:53 CEST Password can change: Mon, 19 Sep 2011 08:25:53 CEST Password must change: Sun, 18 Dec 2011 07:25:53 CET Last bad password : 0 Bad password count : 0 Logon hours : 30ACC81063 other successful migrated account: Unix username:W-4000-026$ NT username: Account Flags:[W ] User SID: S-1-5-21-2800255703-2035631742-3861056042-2219 Primary Group SID:S-1-5-21-2800255703-2035631742-3861056042-513 Full Name:W-4000-026$ Home Directory: \\filesrv\w-4000-026_ HomeDir Drive:L: Logon Script: logon-joh.bat Profile Path: Domain: BFE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 9223372036854775807 seconds since the Epoch Kickoff time: 9223372036854775807 seconds since the Epoch Password last set:Mon, 14 Mar 2011 08:54:54 CET Password can change: Mon, 14 Mar 2011 08:54:54 CET Password must change: Sun, 12 Jun 2011 09:54:54 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF tdbdump of both (made on the samba4 machine, if tdbtools version matters?): { key(17) = USER_w-2000-007$\00 data(199) = \00\00\00\00\FF\FF\FF\7F\FF\FF\FF\7F\00\00\00\00q\E0vN\8F\19zFq\87\EDN\0C\00\00\00w-2000-007$\00\04\00\00\00BFE\00\01\00\00\00\00\0C\00\00\00W-2000-007$\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\0C\00\00\01\02\00\00\00\00\00\00\10\00\00\00\8C\9A\F1\16\AA@\90\1Ef\0E\95\B2\CAW\7F\97\00\00\00\00\80\00\00\00\00\00\00\00\00\00 \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\000\AC\C8\10c\7F\00\00\00\80\00\10\00\00\00\00\00\00\00\00\00\00\00\00 } { key(13) = RID_0c3c\00 data(12) = w-2000-007$\00 } { key(17) = USER_w-4000-026$\00 data(199) =
Re: [Samba] samba3 to samba4 // logon hours // server role secrets.tdb, secrets.ldb
On Tue, 2012-10-16 at 08:45 +0200, Johannes Paechnatz wrote: fyi - samba3 tdbsam backend. I removed/edited serveral user accounts with Umlauts in Fullname/Displayname. (tdbdump/text editor/tdbrestore) until all user accounts got migrated. What was your 'unix charset' (we may need to add a conversion here, as we assume UTF8 at the ldb layer). old samba3 server: LANG=de_DE LC_ALL=de_DE smb.conf: display charset = ISO8859-1 unix charset = ISO8859-1 I remember the reason for this was a software that couldn't handle UTF-8 (which is fixed meanwhile) - and I know that we need to convert the whole content of the filesystem when we migrate... OK, that's certainly the issue here. Can you please file a bug, so we can try and handle or at least detect it more clearly at classicupgrade time? 1. machine accounts: some machine accounts don't have Logon hours FF what seem to be a problem. Could I manually change fields (which fields?) in the tdbsam dump? I tried pdbedit -Z of the specific account, but that seems to change it to an epoch style timestamp and migration fails again - so I removed them in the tdbsam dump to get the migration working, after that additional steps all user and machine accounts get migrated. Can you give me some more detail about what is wrong here? We generally do want to convert any valid samba3 account. old samba3 server: add machine script = /usr/sbin/useradd -c Machine -d /dev/null -g 1000 -s /bin/false %u all machine accounts are added via this entry - so I thought they are the same. Well, that doesn't control the samba passdb.tdb record, which is where the failure is. example: Failed to modify account record CN=w-2000-007,CN=Computers,DC=SAMBA4SRV to set user attributes: objectclass_attrs: attribute 'logonHours' on entry 'CN=w-2000-007,CN=Computers,DC=SAMBA4SRV' contains at least one invalid value! ERROR(class 'passdb.error'): uncaught exception - Unable to add sam account 'w-2000-007$', (-1073741811,Unexpected information received) File /usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib/python2.7/dist-packages/samba/netcmd/domain.py, line 1321, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/lib/python2.7/dist-packages/samba/upgrade.py, line 883, in upgrade_from_samba3 s4_passdb.add_sam_account(userdata[username]) on samba3 pdbedit -Lv Unix username:w-2000-007$ NT username: Account Flags:[W ] User SID: S-1-5-21-2800255703-2035631742-3861056042-3132 Primary Group SID:S-1-5-21-2800255703-2035631742-3861056042-513 Full Name:W-2000-007$ Home Directory: \\filesrv\w-2000-007_ HomeDir Drive:L: Logon Script: logon-users.bat Profile Path: Domain: BFE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 9223372036854775807 seconds since the Epoch Kickoff time: 9223372036854775807 seconds since the Epoch Password last set:Mon, 19 Sep 2011 08:25:53 CEST Password can change: Mon, 19 Sep 2011 08:25:53 CEST Password must change: Sun, 18 Dec 2011 07:25:53 CET Last bad password : 0 Bad password count : 0 Logon hours : 30ACC81063 That looks like an un-initialised value to me... other successful migrated account: Unix username:W-4000-026$ NT username: Account Flags:[W ] User SID: S-1-5-21-2800255703-2035631742-3861056042-2219 Primary Group SID:S-1-5-21-2800255703-2035631742-3861056042-513 Full Name:W-4000-026$ Home Directory: \\filesrv\w-4000-026_ HomeDir Drive:L: Logon Script: logon-joh.bat Profile Path: Domain: BFE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 9223372036854775807 seconds since the Epoch Kickoff time: 9223372036854775807 seconds since the Epoch Password last set:Mon, 14 Mar 2011 08:54:54 CET Password can change: Mon, 14 Mar 2011 08:54:54 CET Password must change: Sun, 12 Jun 2011 09:54:54 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF tdbdump of both (made on the samba4 machine, if tdbtools version matters?): { key(17) = USER_w-2000-007$\00 data(199) = \00\00\00\00\FF\FF\FF\7F\FF\FF\FF\7F\00\00\00\00q\E0vN\8F\19zFq\87\EDN\0C\00\00\00w-2000-007$\00\04\00\00\00BFE\00\01\00\00\00\00\0C\00\00\00W-2000-007$\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\0C\00\00\01\02\00\00\00\00\00\00\10\00\00\00\8C\9A\F1\16\AA@\90\1Ef\0E\95\B2\CAW\7F\97\00\00\00\00\80\00\00\00\00\00\00\00\00\00
Re: [Samba] [PATCH] Re: can not change mandatory owner to administrators
On Tue, 2012-10-16 at 13:17 +1100, Andrew Bartlett wrote: On Sat, 2012-10-13 at 19:30 +1100, Andrew Bartlett wrote: On Sat, 2012-10-13 at 09:58 +0330, Mohammad Ebrahim Abravi wrote: Solved Thanks a lot Thanks. The root of the issue is this automatically generated entry in your idmap.ldb: # record 12 dn: CN=S-1-5-32-544 cn: S-1-5-32-544 objectClass: sidMap objectSid: S-1-5-32-544 type: ID_TYPE_GID xidNumber: 10 distinguishedName: CN=S-1-5-32-544 What we need to do in your case is to remove that record, so it becomes regenerated as an IDMAP_BOTH. We also need to remove the generation of that record from provision. The issue is that as a GID, you of course can't own a file. The ntvfs file server papered over this issue (didn't deal with file ownership at a unix level), but the smbd file server needs to correctly set posix permissions. I hope this clarifies things. If you can please file a bug, I'll try not to forget this. The attached patch should prevent this for a new provision. Are you able to test if this fixes things for you (on a new test domain?) This updated version uses the primary group of root (or the --root user) rather than hoping that there will be a group by the same name. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org From 65b53382e4e8bae4a68fb7c3835b4d5a5f108a76 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett abart...@samba.org Date: Tue, 16 Oct 2012 13:08:22 +1100 Subject: [PATCH] provision: No longer use the wheel group in new AD Domains The issue here is that if we set S-1-5-32-544 (administrators) to a GID only, then users cannot force a mandetory profile to be owned by administrators (which is a requirement). There is no particularly useful reason for us to enforce this matching a system group. Andrew Bartlett --- source4/scripting/python/samba/netcmd/domain.py| 5 +--- .../scripting/python/samba/provision/__init__.py | 34 +- 2 files changed, 15 insertions(+), 24 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 6e3f35a..4ba305c 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -186,8 +186,6 @@ class cmd_domain_provision(Command): help=choose 'root' unix username), Option(--nobody, type=string, metavar=USERNAME, help=choose 'nobody' user), - Option(--wheel, type=string, metavar=GROUPNAME, -help=choose 'wheel' privileged group), Option(--users, type=string, metavar=GROUPNAME, help=choose 'users' group), Option(--quiet, help=Be quiet, action=store_true), @@ -237,7 +235,6 @@ class cmd_domain_provision(Command): ldapadminpass=None, root=None, nobody=None, -wheel=None, users=None, quiet=None, blank=None, @@ -393,7 +390,7 @@ class cmd_domain_provision(Command): krbtgtpass=krbtgtpass, machinepass=machinepass, dns_backend=dns_backend, dns_forwarder=dns_forwarder, dnspass=dnspass, root=root, nobody=nobody, - wheel=wheel, users=users, + users=users, serverrole=server_role, dom_for_fun_level=dom_for_fun_level, backend_type=ldap_backend_type, ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls, diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index d9ba90c..0cec8a9 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -241,12 +241,6 @@ def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, names.policyid_dc = str(res8[0][cn]).replace({,).replace(},) else: names.policyid_dc = None -res9 = idmapdb.search(expression=(cn=%s) % -(security.SID_BUILTIN_ADMINISTRATORS), -attrs=[xidNumber]) -if len(res9) != 1: -raise ProvisioningError(Unable to find uid/gid for Domain Admins rid) -names.wheel_gid = res9[0][xidNumber] return names @@ -692,7 +686,7 @@ def make_smbconf(smbconf, hostname, domain, realm, targetdir, def setup_name_mappings(idmap, sid, root_uid, nobody_uid, -users_gid, wheel_gid): +users_gid, root_gid): setup reasonable name mappings for sam names to unix names. :param samdb: SamDB object. @@ -702,12 +696,14 @@ def setup_name_mappings(idmap, sid, root_uid, nobody_uid, :param root_uid: uid of the UNIX root user. :param nobody_uid: uid of the
[Samba] Static gid/uid mapping
Hello! Is it possible to configure static maping between AD group and local group with winbind? I'm still looking for possibility to assign domain users to linux system groups (GID500), so they will have administrative permitions when logging in via ssh. best regards Jarek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change DNS method?
On 2012-10-16 05:40, Andrew Bartlett wrote: Hi, I'm having trouble parsing that, but yes, additional patches are required to have the internal DNS server accept static keys. We would need a key storage mechanism, and then code to implement that TSIG method. I've had patches to do this, but ditched them in favour for conflicting patches to implement GSS-TSIG. I think it would be a very valuable improvement. The algorithm is pretty straightforward, but I couldn't get the signature right the last time I tried. However, the logic on what parts of the packet to use for the signature is a bit tricky, but I'm sure I've now got that right for GSS-TSIG. Using a static key with md5 instead of gensec_sign should be straightforward, the interesting question is how and where we store the keys. Cheers, Kai -- Kai Blin Worldforge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin Samba team member http://www.samba.org/samba/team/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 4.0.0rc3 Available for Download
Release Announcements - This is the third release candidate of Samba 4.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.0 will be the next version of the Samba suite and incorporates all the technology found in both the Samba4 series and the stable 3.x series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. This release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect to upgrade existing Samba 3.x releases to) and the AD domain controller work previously known as 'samba4'. If you are upgrading, or looking to develop, test or deploy Samba 4.0 releases candidates, you should backup all configuration and data. UPGRADING = Users upgrading from Samba 3.x domain controllers and wanting to use Samba 4.0 as an AD DC should use the 'samba-tool domain classicupgrade' command. See the wiki for more details: https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO. Users upgrading from Samba 4.0 alpha and beta releases since alpha15 should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting Samba. Users upgrading from earlier alpha releases should contact the team for advice. Users upgrading an AD DC from any previous release should run 'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share with those matching the GPOs in LDAP and the defaults from an initial provision. This will set an underlying POSIX ACL if required (eg not using the NTVFS file server). If you used the BIND9_FLATFILE or BIND9_DLZ features, you'll have to add '-dns' to the 'server services' option, as the internal dns server (SAMBA_INTERNAL) is the default now. NEW FEATURES Samba 4.0 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. Samba 4.0.0rc3 ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default. Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used in all previous releases of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term. For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. When running an AD DC, you only need to run 'samba' (not nmbd/smbd/winbind), as the required services are co-coordinated by this master binary. As DNS is an integral part of Active Directory, we also provide two DNS solutions, a simple internal DNS server for 'out of the box' configurations and a more elaborate BIND plugin using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, you can select which backend to use. With the internal backend, your DNS server is good to go. If you chose the BIND_DLZ backend, a configuration file will be generated for bind to make it use this plugin, as well as a file explaining how to set up bind. To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. To use you need to start ntpd and configure it with the 'restrict ... ms-sntp' and ntpsigndsocket options. Finally, a new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. ## Changes ### smb.conf changes Parameter Name Description -- --- allow dns updatesNew announce as Removed announce version Removed cldap port New client max protocol New client min protocol New client signing Changed default dcerpc endpoint servers New dgram port New display charset Removed dns forwarderNew dns update command New homedir map
Re: [Samba] Samba4 sysvolcheck issue
Hi. Maybe my previous request was ignored for some reasons. Does anybody know how to definitely resolve sysvol acl issues ? It prevent us from upgrading to rc2. The command ./samba-tool ntacl sysvolcheck returns ERROR(type 'exceptions.TypeError'): uncaught exception - (61, 'No data available') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 168, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py, line 247, in run lp) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1570, in checksysvolacl check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, direct_db_access) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1523, in check_gpos_acl domainsid, direct_db_access) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1478, in check_dir_acl fsacl = getntacl(lp, os.path.join(root, name), direct_db_access=direct_db_access) File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py, line 73, in getntacl xattr.XATTR_NTACL_NAME) and the command ./samba-tool ntacl sysvolreset returns nothing. We use samba rc1 from git on a ubuntu 12.04. Upgrade to rc2 cause sysvol acl issues. Many thanks. --- *** OB *** Service Informatique *** Fondation de la Miséricorde -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] rsync sysvol problem
samba --version Version 4.0.0rc3-GIT-293b100 Hi I have a problem backing up my sysvol folder. Here is the acl after running: samba-tool ntacl sysvolreset getfacl /usr/local/samba/var/locks/sysvol/ getfacl: Removing leading '/' from absolute path names # file: usr/local/samba/var/locks/sysvol/ # owner: Administrator # group: wheel # flags: s-- user::rwx user:Administrator:rwx group::rwx group:wheel:rwx group:300:r-x group:301:rwx group:302:r-x mask::rwx other::--- I then try to back it up, e.g. rsync -auzv /usr/local/samba/var/locks/sysvol /usr/local But the ACL is not preserved: getfacl /usr/local/sysvol # file: sysvol # owner: Administrator # group: wheel # flags: s-- user::rwx group::rwx other::--- Am I missing an option with rsync -auzv? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Is there any limitation in cn field length??
Hello: I'm using samba4.1.0pre1. I'm having some issues with users whose cn field length is shorter than 5 characters in specific with the openfire server (jabber server). It was working fine when I had a windows 2003 server as a domain controller and once I migrated to samba4, users with short cn fields get an authentication error: Not authorized. Is there any limitation on the length of cn field?? Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] rsync sysvol problem
On 16/10/12 13:16, steve wrote: samba --version Version 4.0.0rc3-GIT-293b100 Hi I have a problem backing up my sysvol folder. Here is the acl after running: samba-tool ntacl sysvolreset getfacl /usr/local/samba/var/locks/sysvol/ getfacl: Removing leading '/' from absolute path names # file: usr/local/samba/var/locks/sysvol/ # owner: Administrator # group: wheel # flags: s-- user::rwx user:Administrator:rwx group::rwx group:wheel:rwx group:300:r-x group:301:rwx group:302:r-x mask::rwx other::--- I then try to back it up, e.g. rsync -auzv /usr/local/samba/var/locks/sysvol /usr/local But the ACL is not preserved: getfacl /usr/local/sysvol # file: sysvol # owner: Administrator # group: wheel # flags: s-- user::rwx group::rwx other::--- Am I missing an option with rsync -auzv? Cheers, Steve Hi Steve, how about: -A, --acls preserve ACLs (implies --perms) Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] rsync sysvol problem
On 16/10/12 14:57, Rowland Penny wrote: On 16/10/12 13:16, steve wrote: Am I missing an option with rsync -auzv? Hi Steve, how about: -A, --acls preserve ACLs (implies --perms) Hi Rowland Thanks. Works perfectly. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc3 Available for Download
On 16/10/12 10:31, Karolin Seeger wrote: Release Announcements - This is the third release candidate of Samba 4.0. Hi I've been updating from the v4-0-test branch and have landed at: Version 4.0.0rc3-GIT-293b100 A git pull tells me that it is Already up to date. To get rc3 do I have to download the tarball and rebuild? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc3 Available for Download
On 16/10/12 14:10, steve wrote: On 16/10/12 10:31, Karolin Seeger wrote: Release Announcements - This is the third release candidate of Samba 4.0. Hi I've been updating from the v4-0-test branch and have landed at: Version 4.0.0rc3-GIT-293b100 A git pull tells me that it is Already up to date. To get rc3 do I have to download the tarball and rebuild? Cheers, Steve Hi again Steve, in a nutshell, yes Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc3 Available for Download
On 16 October 2012 15:10, steve st...@steve-ss.com wrote: On 16/10/12 10:31, Karolin Seeger wrote: Release Announcements - This is the third release candidate of Samba 4.0. Hi I've been updating from the v4-0-test branch and have landed at: Version 4.0.0rc3-GIT-293b100 A git pull tells me that it is Already up to date. To get rc3 do I have to download the tarball and rebuild? If you run the following you will see the rc3 tag: $ git tag | grep 4.*rc release-3-4-0rc1 samba-3.4.0rc1 samba-4.0.0rc1 samba-4.0.0rc2 samba-4.0.0rc3 What you can do is create a new local branch pointing at samba-4.0.0rc3 like this: $ git checkout -b v4.0.0rc3 samba-4.0.0rc3 Switched to a new branch 'v4.0.0rc3' That should (unless I am mistaken) be identical to the tarball. If you want to switch back to the v4-0-test branch again later, just do this: $ git checkout v4-0-test -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change DNS method?
On 10/16/2012 12:57 AM, Kai Blin wrote: On 2012-10-16 05:40, Andrew Bartlett wrote: Hi, I'm having trouble parsing that, but yes, additional patches are required to have the internal DNS server accept static keys. We would need a key storage mechanism, and then code to implement that TSIG method. I've had patches to do this, but ditched them in favour for conflicting patches to implement GSS-TSIG. I think it would be a very valuable improvement. The algorithm is pretty straightforward, but I couldn't get the signature right the last time I tried. However, the logic on what parts of the packet to use for the signature is a bit tricky, but I'm sure I've now got that right for GSS-TSIG. Using a static key with md5 instead of gensec_sign should be straightforward, the interesting question is how and where we store the keys. Well you could have a dedicated account for it, and the secret just have to be md4(real_secret) in dhcpd, in this case you can use the unicodePwd, the other option is to use the supplementary credentials to store the password in clear text (less straight forward). Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 118, Issue 17
Pessoal, bom dia! Estarei de férias no período de 05/10 a 28/10, retornando no dia 29/10/2012. Na minha ausência as dúvidas poderão ser resolvidas pela seguinte equipe: Ricardo: Coordenação da equipe TI, e-mails e servidores – AMP e Inpacom - (011) 3616-1417 Igor: Gemma - AMP e Inpacom - (011) 3616-1438 Luciano e Vagner: Ginjo/ Silbra - Todos os sistemas - (011) 3659-3096 Robson: Indisa - Todos os sistemas - (019) 3765-6000 Essa é uma resposta automática. Até mais. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5 w/ Active Directory Share Authentication
Hi, I'm attempting to configure Samba 3.5 to authenticate share access via Active Directory. I do not wish to authenticate system users against AD, only Samba shares. I have successfully joined the server to the AD domain, with a few errors: $ net join -W buildel664 -U jbadmin Enter jbadmin's password: Using short domain name -- NA Joined 'BUILDEL664' to realm 'na.blah.lan' [2012/10/16 14:50:36.636201, 0] libads/kerberos.c:333(ads_kinit_password) kerberos_kinit_password BUILDEL664$@NA.FOLLETT.LAN failed: Client not found in Kerberos database DNS Update for buildel664.corp.xxx.com failed: ERROR_DNS_GSS_ERROR DNS update failed! I can't seem to figure out what is causing these errors, but the domain join is successful. I am able to successfully enumerate groups and users using wbinfo -g and wbinfo -u, although getent passwd only returns local users. I am not sure if this is a problem or not. While wbinfo -g does work, it does not return a listing that includes smb.conf's winbind separator. According to docs that I have found, wbinfo should output this separator. When I try to assign domain users/groups to a samba share I get an error in Samba's logs that the user is not valid. My smb.conf: workgroup = NA realm = NA.XXX.LAN security = ads template shell = /bin/false winbind use default domain = yes winbind offline logon = false winbind enum users = yes winbind enum groups = yes winbind separator = + idmap uid = 1000-5000 # increased for larger AD environments idmap gid = 1000-5000 # increased for larger AD environments encrypt passwords = yes server string = Samba Server Version %v # logs split per machine log file = /var/log/samba/%m.log # max 50KB per log file, then rotate max log size = 500 os level = 20 preferred master = no dns proxy = no load printers = no cups options = raw [adauth] comment = Testing path=/adauth create mask = 0660 directory mask = 770 writeable = yes browseable = yes valid users = +NA+jbadmin guest ok = no Any ideas how to further troubleshoot? Thanks, Josh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 successful deployment
Recently I migrated to samba4 in my company. So far so good. debian 6 samba4.1.0pre1 bind9.9.1-P1 (working pretty well. it even updates the reverse zone and no problems at all with the forwarder) ntp-4.2.6p5 All services authenticating with samba4: mail (postfix + dovecot + squirrelmail), jabber (openfire), proxy (squid), even MS Sql server 2000, Net Support Manager and GFI Endpoint Security. It's really a great job you've been doing, Samba Team!! Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Regarding samba add with AD
Dear team, kindly send to me steps(config file edit and all other steps) for add Samba system into AD if you having video send me thats also Thanking you Regards, *Dhinakaran* *kilpauk ,chennai * *Mob: +91-9176472187* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] wins: no nmblookup on 192.168.1.255 but 192.168.1.2
Hello, Rieker! I was wondering what version of the linux kernel are you running? I had a situation, where a bunch of Windows XP machines would not see their SAMBA server when looked up by Netbios name after I upgraded the linux kernel from 3.5.6 to 3.6.2. My solution was to revert back to the linux 3.5.x series, but now the 3.5.x series is officially dead [1]. If the SAMBA server was called by IP, a la \\192.168.1.1\ - the windows PCs would see the SAMBA server without problem. The setup I have is somewhat specific, though, as the SAMBA server has 3 NICs total, and routes traffic to the two subnets it feeds internet and SAMBA, among other services. The config file I use forces SAMBA to bind only to the 2 site local network interfaces, if that plays a role. Because mine is a production setup, I couldn't play with it and look for where the problem is. So I just switched back to the known good kernel and called it a day. My SAMBA version is 3.6.8. [1] http://article.gmane.org/gmane.linux.kernel/1375014 P.S. Please, CC me as I'm not subscribed to the list. -- Plamen Petrov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-10-16-0829/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-16-0829/samba3.stderr http://git.samba.org/autobuild.flakey/2012-10-16-0829/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-16-0829/samba.stderr http://git.samba.org/autobuild.flakey/2012-10-16-0829/samba.stdout The top commit at the time of the failure was: commit 2c3a8081ea2fd7eaa2d7bacffc35e0a58c54 Author: Matthieu Patou m...@matws.net Date: Sat Oct 13 01:36:06 2012 -0700 s4-dns: Fix the comments about ignoring zones in internal server Acked-By: Kai Blin k...@samba.org Autobuild-User(master): Kai Blin k...@samba.org Autobuild-Date(master): Sat Oct 13 12:37:53 CEST 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 35bfa14 VERSION: Bump version number up to 4.0.0rc4. via a3a7724 VERSION: Disable git snapshots for 4.0.0rc3. from 293b100 WHATSNEW: Update changes since rc2. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 35bfa1423ec7d50843ed7860a9d5987ddcb1812b Author: Karolin Seeger ksee...@samba.org Date: Tue Oct 16 09:24:35 2012 +0200 VERSION: Bump version number up to 4.0.0rc4. And re-enable git snapshots. Karolin commit a3a7724c7fcc9605d92a8e5eff221ce770341ee5 Author: Karolin Seeger ksee...@samba.org Date: Tue Oct 16 09:21:59 2012 +0200 VERSION: Disable git snapshots for 4.0.0rc3. Karolin --- Summary of changes: VERSION |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 75b8db5..bdc8768 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # - 3.0.0rc1 # -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE=4 # To mark SVN snapshots this should be set to 'yes'# -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.0.0rc3 created
The annotated tag, samba-4.0.0rc3 has been created at 7ec9bc72d2ba367c6b41eb24884e13c33c7e2a21 (tag) tagging fa4b3c953c1addcac75ddea2d1a50b38d43fb668 (commit) replaces samba-4.0.0rc2 tagged by Karolin Seeger on Tue Oct 16 09:44:49 2012 +0200 - Log - samba: tag release samba-4.0.0rc3 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) iD8DBQBQfRB6bzORW2Vot+oRAk31AJ9JW8fEkbzdrVCGEATwt4DzHhC+ogCgkNyk eL1hBgQO9MF3ALL3neus09g= =6F7v -END PGP SIGNATURE- Andreas Schneider (6): s3fs-smbd: Make sure the registry is set up before we init printing. waf: Build pam_smbpass module only if enabled. s3fs-printing: Fix RAW printing for normal users. packaging: Add config for systemd-tmpfiles. packaging: Add support for reloading systemd services. s3-printing: Increase debug level for info that the db is empty. Andrew Bartlett (32): docs: Remove references to default paramters in TOSHARG-PDC docs: Explain the no-domain-logons restriction applies to all HOME editions docs: Add mention of AD DC support in TOSHARG-PDC docs: Remove Win9X/WinMe mentions from TOSHARG-PDC selftest: Remove invalid security=share and rename secshare to simpleserver samba_dnsupdate: Move to using tmpfile/rename to keep the dns_hosts_file consistent samba_dnsupdate: Safely update/create names for Samba3 targets as well samba-tool: skip chown in sysvolreset when it would fail on a GID docs: Update docs to the modern age of Samba 4.0 docs: Remove distinction between server and domain accounts docs: remove references to security=server docs: update for modern kerberos libs docs: Remove confusing reference to smb signing and client use spnego docs: Remove references to old kerberos behaviour docs: Remove references to Subversion, replace with wiki link docs: Remove out of date links to pserver.samba.org and old tarballs docs: Remove referenece to autogen.sh and document waf build instead docs: Remove referenece to old Red Hat Linux habits on winbindd docs: Update BDC docs to recognise the AD DC and to exclusivly recommend LDAP docs: Remove reference to inetd startup, it is not recommended docs: Clarify TOSHARG-Bugs for 2012 docs: Update FastStart: remove security=share, avoid disable spoolss docs: Remove very outdated TOSHARG-Portability section docs: Remove very outdated TOSHARG-Other-Clients section docs: Remove references to sysv-style CUPS from TOSHARG-CUPS-printing docs: Remove references to mulitple passdb backends docs: Remove references to specific windows versions, instead mention Home/Professional/Server docs: Remove another reference to security=share docs: Update TOSHARG-Install docs: Fix typo in TOSHARG-Passdb docs: Remove mention of auth methods in TOSHARG-Passdb docs: Change TOSHARG-VFS to avoid suggesting VFS modules are Linux/IRIX only Björn Baumbach (3): s3-docs: Fix opening and ending tag mismatch in Samba3-HOWTO (Bug #9235) s4: samba_backup: Fix typos. s3-docs: add delete_lost option to vfs_streams_depot.8 Björn Jacke (3): replace: add some includes for poll.h packaging: apply some solaris packaging fixes autoconf: fix --with(out)-sendfile-support option handling Daniele Dario (1): Correct command help message David Disseldorp (4): vfs: fix lock logging in vfs_full_audit (cherry picked from commit 47becf6e20a970d273afab8be176d8cbe5ab2b9c) vfs: fix acl_blob_get* in vfs_full_audit vfs: add missing pwrite ops to full_audit vfs: check full_audit enum-str mapping on startup Günther Deschner (1): pam_winbind: match more return codes when wbcGetPwnam has failed. Jelmer Vernooij (43): smb.conf(5): Add basic documentation for 'server min protocol'. replace: Support setproctitle(). Remove compatibility code for setproctitle() now moved to libreplace. replace: Avoid returning value in void setproctitle() replacement. samba.provision: Fix formatting, NameErrors. (cherry picked from commit fdb873a203695f0b208967a561424c0357374e5b) samba.provision.backend: Fix formatting. (cherry picked from commit 858135920d54662a06252deac4dbf9191a251018) samba.provision.sambadns: Fix formatting. (cherry picked from commit cd7dcf4571b321f39eda07c489dd16833d8d4185) samba.provision.common: Fix formatting. (cherry picked from commit ebcb6a744791478bfc4be0b94733ace540ab06bc) samba.netcmd: Formatting fixes, break lines. (cherry picked from commit 0ff2ea56d97cd8df7abeea8e819d7ec0bfd5b886) s4-python: Formatting fixes, break lines. samba-tool domain-provision: Fix docstring. (cherry picked from commit 61ce3e871a1fc1d16202d337d74c2e10f64b2c86) samba-tool domain-provision:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1861213 selftest/knownfail: add samba3.rpc.lsa.privileges.lsa.Privileges via 266b4c5 Revert provision: Always create DNS user. from 2c3a808 s4-dns: Fix the comments about ignoring zones in internal server http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1861213d147e0d96fd637813c5badb4908ec14d1 Author: Stefan Metzmacher me...@samba.org Date: Tue Oct 16 08:34:35 2012 +0200 selftest/knownfail: add samba3.rpc.lsa.privileges.lsa.Privileges This failed more than 20 times in the last few weeks, e.g. https://git.samba.org/autobuild.flakey/2012-10-16-0629/samba3.stdout https://git.samba.org/autobuild.flakey/2012-10-16-0829/samba3.stdout [530/717 in 14m32s] samba3.rpc.lsa.privileges(s3dc) Using seed 1350368974 Testing OpenPolicy Testing OpenPolicy2 Testing CreateAccount Testing Delete Testing DeleteObject Testing EnumAccounts Testing LookupSids Testing LookupNames with 7 names LookupName of sharesec_user was unmapped LookupName of Everyone failed to return a result UNEXPECTED(failure): samba3.rpc.lsa.privileges.lsa.Privileges(s3dc) REASON: _StringException: _StringException: ../source4/torture/rpc/lsa.c:319: r.out.result was STATUS_SOME_UNMAPPED, expected NT_STATUS_OK: LookupNames failed FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites) metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Oct 16 10:43:02 CEST 2012 on sn-devel-104 commit 266b4c596346095f71a651e0a0231256c7409b0f Author: Stefan Metzmacher me...@samba.org Date: Tue Oct 16 08:30:17 2012 +0200 Revert provision: Always create DNS user. This reverts commit c2d14747d608d406de6410556807d467cd0b85ef. samba_upgradedns handles creates/removed the dns acount. See https://lists.samba.org/archive/samba-technical/2012-October/thread.html#87578 metze --- Summary of changes: selftest/flapping |1 + .../scripting/python/samba/provision/__init__.py | 31 +++ 2 files changed, 19 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/flapping b/selftest/flapping index f0b1528..afeae65 100644 --- a/selftest/flapping +++ b/selftest/flapping @@ -15,6 +15,7 @@ ^samba3.rpc.spoolss.printer.*addprinterex.print_test # another intermittent failure ^samba3.rap.printing # fails sometimes on sn-devel ^samba3.rpc.spoolss.printer.*addprinter.print_test # fails on some hosts due to timing issues ? +^samba3.rpc.lsa.privileges.lsa.Privileges\(s3dc\) # fails sometimes on sn-devel ^samba3.smb2.lock.*.rw-exclusive # another intermittent failure ^samba4.blackbox.gentest # is flakey due to timing ^samba3.smb2.acls.INHERITANCE\(plugin_s4_dc\) # Seems to flap - succeeds on sn-devel, fails on Fedora 16 diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index d9ba90c..9966192 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -969,7 +969,7 @@ def setup_samdb_rootdse(samdb, names): def setup_self_join(samdb, admin_session_info, names, fill, machinepass, -dnspass, domainsid, next_rid, invocationid, +dns_backend, dnspass, domainsid, next_rid, invocationid, policyguid, policyguid_dc, domainControllerFunctionality, ntdsguid=None, dc_rid=None): Join a host to its own domain. @@ -1048,14 +1048,17 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, samdb.set_session_info(admin_session_info) -setup_add_ldif(samdb, setup_path(provision_dns_add_samba.ldif), { - DNSDOMAIN: names.dnsdomain, - DOMAINDN: names.domaindn, - DNSPASS_B64: b64encode(dnspass.encode('utf-16-le')), - HOSTNAME : names.hostname, - DNSNAME : '%s.%s' % ( - names.netbiosname.lower(), names.dnsdomain.lower()) - }) +if dns_backend != SAMBA_INTERNAL: +# This is Samba4 specific and should be replaced by the correct +# DNS AD-style setup +setup_add_ldif(samdb, setup_path(provision_dns_add_samba.ldif), { + DNSDOMAIN: names.dnsdomain, + DOMAINDN: names.domaindn, + DNSPASS_B64: b64encode(dnspass.encode('utf-16-le')), + HOSTNAME : names.hostname, + DNSNAME : '%s.%s' % ( + names.netbiosname.lower(), names.dnsdomain.lower()) + }) def getpolicypath(sysvolpath, dnsdomain, guid): @@ -1143,7
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 05a5974 libcli/dns: Time out requests after a while from 1861213 selftest/knownfail: add samba3.rpc.lsa.privileges.lsa.Privileges http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 05a59748910cc11d43bffbfc4d00fdf3701e2ca1 Author: Kai Blin k...@samba.org Date: Sat Oct 13 02:09:57 2012 +0200 libcli/dns: Time out requests after a while Time out UDP requests after DNS_REQUEST_TIMEOUT seconds. Currently set to 2 seconds. This should fix bug #8878. Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Oct 16 12:58:32 CEST 2012 on sn-devel-104 --- Summary of changes: libcli/dns/dns.c |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/dns/dns.c b/libcli/dns/dns.c index da65ce4..43e1c4e 100644 --- a/libcli/dns/dns.c +++ b/libcli/dns/dns.c @@ -38,6 +38,8 @@ struct dns_udp_request_state { size_t reply_len; }; +#define DNS_REQUEST_TIMEOUT 2 + /* Declare callback functions used below. */ static void dns_udp_request_get_reply(struct tevent_req *subreq); static void dns_udp_request_done(struct tevent_req *subreq); @@ -92,6 +94,12 @@ struct tevent_req *dns_udp_request_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + if (!tevent_req_set_endtime(req, ev, + timeval_current_ofs(DNS_REQUEST_TIMEOUT, 0))) { + return tevent_req_post(req, ev); + } + + tevent_req_set_callback(subreq, dns_udp_request_get_reply, req); return req; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0296548 ccan: check for all the used config.h defines from 05a5974 libcli/dns: Time out requests after a while http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 029654897d721308c9ee782aee420abddce7edee Author: Rusty Russell ru...@rustcorp.com.au Date: Sun Oct 14 16:05:58 2012 +1030 ccan: check for all the used config.h defines In particular, not checking for byteswap.h meant we defined duplicates: https://bugzilla.samba.org/show_bug.cgi?id=9286 Signed-off-by: Rusty Russell ru...@rustcorp.com.au Autobuild-User(master): Rusty Russell ru...@rustcorp.com.au Autobuild-Date(master): Wed Oct 17 01:55:14 CEST 2012 on sn-devel-104 --- Summary of changes: lib/ccan/libccan.m4 | 16 lib/ccan/wscript| 21 + 2 files changed, 37 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ccan/libccan.m4 b/lib/ccan/libccan.m4 index 0d391ad..7b27c69 100644 --- a/lib/ccan/libccan.m4 +++ b/lib/ccan/libccan.m4 @@ -23,6 +23,8 @@ AC_SUBST(CCAN_CFLAGS) # fairly harmless. AC_CHECK_HEADERS(err.h) +AC_CHECK_HEADERS(byteswap.h) + AC_CACHE_CHECK([whether we can compile with __attribute__((cold))], samba_cv_attribute_cold, [ @@ -270,6 +272,19 @@ if test x$samba_cv_compound_literals = xyes ; then [whether we have compound literals]) fi +AC_CACHE_CHECK([whether we have flexible array members], + samba_cv_have_flex_arr_member, + [ +AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [struct foo { unsigned int x; int arr@:@@:@; }; ])], + samba_cv_have_flex_arr_member=yes) + ]) + +if test x$samba_cv_have_flex_arr_member = xyes ; then + AC_DEFINE(HAVE_FLEXIBLE_ARRAY_MEMBER, 1, +[whether we have flexible array member support]) +fi + AC_CACHE_CHECK([whether we have isblank], samba_cv_have_isblank, [ @@ -331,3 +346,4 @@ if test x$samba_cv_warn_unused_result = xyes ; then AC_DEFINE(HAVE_WARN_UNUSED_RESULT, 1, [whether we have __attribute__((warn_unused_result))]) fi +AC_HAVE_DECL(bswap_64, [#include byteswap.h]) diff --git a/lib/ccan/wscript b/lib/ccan/wscript index 334f8fe..4af9dd4 100644 --- a/lib/ccan/wscript +++ b/lib/ccan/wscript @@ -5,6 +5,9 @@ import Logs, sys, Options def configure(conf): conf.DEFINE('HAVE_CCAN', 1) conf.CHECK_HEADERS('err.h') +conf.CHECK_HEADERS('byteswap.h') +conf.CHECK_FUNCS('bswap_64', link=False, headers=byteswap.h) + # FIXME: if they don't have -Werror, these will all fail. But they # probably will anyway... conf.CHECK_CODE('int __attribute__((cold)) func(int x) { return x; }', @@ -107,6 +110,9 @@ def configure(conf): define='HAVE_BUILTIN_TYPES_COMPATIBLE_P') conf.CHECK_CODE('int *foo = (int[]) { 1, 2, 3, 4 }; return foo[0] ? 0 : 1;', define='HAVE_COMPOUND_LITERALS') +conf.CHECK_CODE('struct foo { unsigned int x; int arr[]; };', +addmain=False, link=False, +define='HAVE_FLEXIBLE_ARRAY_MEMBER') conf.CHECK_CODE(#include ctype.h int main(void) { return isblank(' ') ? 0 : 1; }, link=True, addmain=False, add_headers=False, @@ -121,6 +127,21 @@ def configure(conf): # backtrace could be in libexecinfo or in libc conf.CHECK_FUNCS_IN('backtrace backtrace_symbols', 'execinfo', checklibc=True, headers='execinfo.h') +# Only check for FILE_OFFSET_BITS=64 if off_t is normally small: +# use raw routines because wrappers include previous _GNU_SOURCE +# or _FILE_OFFSET_BITS defines. +conf.check(fragment=#include sys/types.h + int main(void) { return !(sizeof(off_t) 8); }, + execute=True, msg='Checking for small off_t', + define_name='SMALL_OFF_T') +# Unreliable return value above, hence use define. +if conf.CONFIG_SET('SMALL_OFF_T'): +conf.check(fragment=#include sys/types.h + int main(void) { return !(sizeof(off_t) = 8); }, + execute=True, msg='Checking for -D_FILE_OFFSET_BITS=64', + ccflags='-D_FILE_OFFSET_BITS=64', + define_name='HAVE_FILE_OFFSET_BITS') + def ccan_module(bld, name, deps=''): bld.SAMBA_SUBSYSTEM('ccan-%s' % name, source=bld.path.ant_glob('%s/*.c' % name), -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.13-289-g25d8860
The branch, master has been updated via 25d886060b138bc5e78fe93d7bebe3990264f29d (commit) via 36d25e96a2f8ae1461c5a708a2922f0475a39900 (commit) via 632c1b9c1cc2e242376358ce49fd2022b3f27aa2 (commit) from 08dbd9c7958f9a0ee3de314d49523d32e4be135c (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 25d886060b138bc5e78fe93d7bebe3990264f29d Author: Amitay Isaacs ami...@gmail.com Date: Wed Oct 17 11:38:37 2012 +1100 doc: Add info about execute permissions on event scripts Signed-off-by: Amitay Isaacs ami...@gmail.com commit 36d25e96a2f8ae1461c5a708a2922f0475a39900 Author: Amitay Isaacs ami...@gmail.com Date: Wed Oct 17 11:38:59 2012 +1100 doc: Fix documentation for setup event Signed-off-by: Amitay Isaacs ami...@gmail.com commit 632c1b9c1cc2e242376358ce49fd2022b3f27aa2 Author: Amitay Isaacs ami...@gmail.com Date: Mon Sep 3 12:39:36 2012 +1000 scripts: Remove duplicate code from init script to set tunables The tunable variables defined in CTDB configuration file are currently set up from init script as well as part of setup event in 00.ctdb eventscript. Remove the duplication of this code and set tunable variables only from setup event. During the setup event, it's possible that ctdb tool commands can timeout if CTDB daemon is not ready. To guard against such eventuality, wait till ctdb ping command succeeds before executing any other ctdb tool commands. Signed-off-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: config/ctdb.init| 14 +- config/events.d/00.ctdb | 37 + config/events.d/README | 10 +- 3 files changed, 35 insertions(+), 26 deletions(-) Changeset truncated at 500 lines: diff --git a/config/ctdb.init b/config/ctdb.init index 581844d..372affb 100755 --- a/config/ctdb.init +++ b/config/ctdb.init @@ -214,16 +214,6 @@ EOF done } -set_ctdb_variables () { -# set any tunables from the config file -set | grep ^CTDB_SET_ | cut -d_ -f3- | -while read v; do - varname=`echo $v | cut -d= -f1` - value=`echo $v | cut -d= -f2` - ctdb setvar $varname $value || RETVAL=1 -done || exit 1 -} - set_retval() { return $1 } @@ -304,9 +294,7 @@ start() { esac if [ $RETVAL -eq 0 ] ; then - if wait_until_ready ; then - set_ctdb_variables - else + if ! wait_until_ready ; then RETVAL=1 pkill -9 -f $ctdbd /dev/null 21 fi diff --git a/config/events.d/00.ctdb b/config/events.d/00.ctdb index 2a48afb..2f2116d 100755 --- a/config/events.d/00.ctdb +++ b/config/events.d/00.ctdb @@ -35,6 +35,30 @@ update_config_from_tdb() { fi } +set_ctdb_variables () { +# set any tunables from the config file +set | grep ^CTDB_SET_ | cut -d_ -f3- | +while read v; do + varname=`echo $v | cut -d= -f1` + value=`echo $v | cut -d= -f2` + ctdb setvar $varname $value || return 1 + echo Set $varname to $value +done +} + +wait_until_ready () { +_timeout=${1:-10} # default is 10 seconds + +_count=0 +while ! ctdb ping /dev/null 21 ; do + if [ $_count -ge $_timeout ] ; then + return 1 + fi + sleep 1 + _count=$(($_count + 1)) +done +} + ctdb_check_args $@ case $1 in @@ -51,14 +75,11 @@ case $1 in ;; setup) - # set any tunables from the config file - set | grep ^CTDB_SET_ | cut -d_ -f3- | - while read v; do - varname=`echo $v | cut -d= -f1` - value=`echo $v | cut -d= -f2` - ctdb setvar $varname $value || exit 1 - echo Set $varname to $value - done || exit 1 +# Make sure CTDB daemon is ready to process requests +if wait_until_ready ; then + # set any tunables from the config file + set_ctdb_variables + fi || exit 1 ;; startup) diff --git a/config/events.d/README b/config/events.d/README index 024af24..6075f39 100644 --- a/config/events.d/README +++ b/config/events.d/README @@ -13,6 +13,8 @@ As a special case, any eventscript that ends with a '~' character will be ignored since this is a common postfix that some editors will append to older versions of a file. +Only event scripts with executable permissions are run from CTDB. Any event +script that does not have executable permission is ignored. The eventscripts are called with varying number of arguments. The first argument is the event and the rest of the arguments depend @@ -33,11 +35,9 @@ init setup This event does not take any additional arguments. - This event is only invoked once, when ctdb is starting up. - This event is used to do some cleanup work from earlier