Re: [Samba] [Announce] Samba 4.0.0rc3 Available for Download
On 16/10/12 18:12, Michael Wood wrote: On 16 October 2012 15:10, steve st...@steve-ss.com mailto:st...@steve-ss.com wrote: On 16/10/12 10:31, Karolin Seeger wrote: Release Announcements - This is the third release candidate of Samba 4.0. Hi I've been updating from the v4-0-test branch and have landed at: Version 4.0.0rc3-GIT-293b100 A git pull tells me that it is Already up to date. To get rc3 do I have to download the tarball and rebuild? If you run the following you will see the rc3 tag: $ git tag | grep 4.*rc release-3-4-0rc1 samba-3.4.0rc1 samba-4.0.0rc1 samba-4.0.0rc2 samba-4.0.0rc3 What you can do is create a new local branch pointing at samba-4.0.0rc3 like this: $ git checkout -b v4.0.0rc3 samba-4.0.0rc3 Switched to a new branch 'v4.0.0rc3' That should (unless I am mistaken) be identical to the tarball. If you want to switch back to the v4-0-test branch again later, just do this: $ git checkout v4-0-test Hi I get: git branch master v4-0-test * v4.0.0rc3 and then an error: git pull There is no tracking information for the current branch. Please specify which branch you want to merge with. See git-pull(1) for details git pull remote branch If you wish to set tracking information for this branch you can do so with: git branch --set-upstream v4.0.0rc3 origin/branch I've tried reading man git and man git-pull but it's another project in its own right:( Is there anything simple I can do? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc3 Available for Download
On 17/10/12 11:37, steve wrote: On 16/10/12 18:12, Michael Wood wrote: On 16 October 2012 15:10, steve st...@steve-ss.com Also, the v4-0-test branch has disappeared. . . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Re: can not change mandatory owner to administrators
On Tue, 2012-10-16 at 18:09 +1100, Andrew Bartlett wrote: On Tue, 2012-10-16 at 13:17 +1100, Andrew Bartlett wrote: On Sat, 2012-10-13 at 19:30 +1100, Andrew Bartlett wrote: On Sat, 2012-10-13 at 09:58 +0330, Mohammad Ebrahim Abravi wrote: Solved Thanks a lot Thanks. The root of the issue is this automatically generated entry in your idmap.ldb: # record 12 dn: CN=S-1-5-32-544 cn: S-1-5-32-544 objectClass: sidMap objectSid: S-1-5-32-544 type: ID_TYPE_GID xidNumber: 10 distinguishedName: CN=S-1-5-32-544 What we need to do in your case is to remove that record, so it becomes regenerated as an IDMAP_BOTH. We also need to remove the generation of that record from provision. The issue is that as a GID, you of course can't own a file. The ntvfs file server papered over this issue (didn't deal with file ownership at a unix level), but the smbd file server needs to correctly set posix permissions. I hope this clarifies things. If you can please file a bug, I'll try not to forget this. The attached patch should prevent this for a new provision. Are you able to test if this fixes things for you (on a new test domain?) This updated version uses the primary group of root (or the --root user) rather than hoping that there will be a group by the same name. Fixing this and not breaking tests that subtly depend on idmap configuration is proving tricky, but I'll get this sorted soon. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc3 Available for Download
On 16/10/12 15:17, Rowland Penny wrote: On 16/10/12 14:10, steve wrote: To get rc3 do I have to download the tarball and rebuild? Cheers, Steve Hi again Steve, in a nutshell, yes Hi Rowland Where do you get it? I looked here: https://ftp.samba.org/pub/samba/samba4/ but the latest version is beta8 Any ideas? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] access my created share in smb.conf Only by Ip
Hello samba4 rc3 *s4-ad - samba server Host name test.s4.com - domain name* *Dns Server - Samba Internal DNS server , Bind 9.9.1-P2* *win xp* have access to default share such as sysvol by dns name (\\test.s4.com \sysvol) but if created a share in smb.conf Only access by IP such as : \\test.s4.com\myshare - no access and ask me for user and password ! \\192.168.1.6\myshare - access If using *s4-ad.test.s4.com* my share accessible !!! \\test.s4.com\myshare - no access ! \\s4-ad.s4.com http://test.s4.com\myshare - access ! \\test.s4.com\sysvol - access ! \\*s4-ad* http://test.s4.com. http://test.s4.comtest.s4.com\sysvol - access ! Note: In *\\test.s4.com* seen all the shared directory, but not accessible in *samba alpha17* no need type *s4-ad* what happened ? This is Bug in samba4 rc3 ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc3 Available for Download
On 16/10/12 15:17, Rowland Penny wrote: On 16/10/12 14:10, steve wrote: To get rc3 do I have to download the tarball and rebuild? Cheers, Steve Hi again Steve, in a nutshell, yes Hi Rowland Where do you get it? I looked here: https://ftp.samba.org/pub/samba/samba4/ Look here: http://ftp.samba.org/pub/samba/rc/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc3 Available for Download
On 17/10/12 12:54, steve wrote: On 16/10/12 15:17, Rowland Penny wrote: On 16/10/12 14:10, steve wrote: To get rc3 do I have to download the tarball and rebuild? Cheers, Steve Hi again Steve, in a nutshell, yes Hi Rowland Where do you get it? I looked here: https://ftp.samba.org/pub/samba/samba4/ but the latest version is beta8 Any ideas? Cheers, Steve Hi Steve, the location is at the bottom of the RC3 announcement, but anyway, here it is: http://ftp.samba.org/pub/samba/rc/samba-4.0.0rc3.tar.gz Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] access my created share in smb.conf Only by Ip
On 17/10/12 12:55, Mohammad Ebrahim Abravi wrote: Hello samba4 rc3 *s4-ad - samba server Host name test.s4.com - domain name* *Dns Server - Samba Internal DNS server , Bind 9.9.1-P2* *win xp* have access to default share such as sysvol by dns name (\\test.s4.com \sysvol) but if created a share in smb.conf Only access by IP such as : \\test.s4.com\myshare - no access and ask me for user and password ! \\192.168.1.6\myshare - access If using *s4-ad.test.s4.com* my share accessible !!! \\test.s4.com\myshare - no access ! \\s4-ad.s4.com http://test.s4.com\myshare - access ! \\test.s4.com\sysvol - access ! \\*s4-ad* http://test.s4.com. http://test.s4.comtest.s4.com\sysvol - access ! Note: In *\\test.s4.com* seen all the shared directory, but not accessible in *samba alpha17* no need type *s4-ad* what happened ? This is Bug in samba4 rc3 ? Thanks Hi, this sounds like a dns problem, but how did you provision? You posted: *Dns Server - Samba Internal DNS server , Bind 9.9.1-P2* This could mean that you are using two DNS servers, the Samba internal one AND bind. Also, why do you keep posting questions twice, once here and also on the samba-technical list? Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] access my created share in smb.conf Only by Ip
Hi Mohammad, I had the same problem like many others, so I think samba should include a note like mine in their documentation. This is the trick for successfully access the share with the hostname.. Be sure you have the following lines in the smb.conf: netbios name = yourhostname wins support = yes Find the name resolve order directive and be sure you have it in the following order. name resolve order = wins lmhosts hosts bcast Add the following line: hosts allow = the host ip / mask Where the host ip is your server ip. the mask is the mask you are using in all your windows clients. This is the most important thing. For example If you have in your server the mask 255.255.0.0 then all your clients must have the same network mask. Windows clients with the same mask of the server will see the server on the network with it hostname otherwise you need to access the server by its ip number. I think this is a Windows issue but they have left it in this way so we have to live with it. I hope this can help you. Carlos Santo Domingo, Dominican Republic On 10/17/2012 6:55 AM, Mohammad Ebrahim Abravi wrote: Hello samba4 rc3 *s4-ad - samba server Host name test.s4.com - domain name* *Dns Server - Samba Internal DNS server , Bind 9.9.1-P2* *win xp* have access to default share such as sysvol by dns name (\\test.s4.com \sysvol) but if created a share in smb.conf Only access by IP such as : \\test.s4.com\myshare - no access and ask me for user and password ! \\192.168.1.6\myshare - access If using *s4-ad.test.s4.com* my share accessible !!! \\test.s4.com\myshare - no access ! \\s4-ad.s4.com http://test.s4.com\myshare - access ! \\test.s4.com\sysvol - access ! \\*s4-ad* http://test.s4.com. http://test.s4.comtest.s4.com\sysvol - access ! Note: In *\\test.s4.com* seen all the shared directory, but not accessible in *samba alpha17* no need type *s4-ad* what happened ? This is Bug in samba4 rc3 ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Win2k auth on named share fails on mixed Windows network.
Hi there, Background: Samba 3.6.6 compiled from source on Debian Squeeze using the Debian- installed Kerberos (1.8.3) libraries. Running in an Active directory domain with mixed Win2k Server and Win2k3 Server DCs. Yes, I've been trying to persuade them. Both WINS and DNS name resolution work on the system. Samba uses the DCs for WINS, and the DCs are also name servers with an additional forwarder (dnsmasq) running on a firewall. Under normal circumstances, Windows 7 Pro and XP Pro clients have no problems (although a power failure does generally throw a spanner in the works for several hours - may be the subject of another thread). With the appropriate credentials, 'smbclient' running on the Linux server can connect to shares, but using the same credentials Windows 2000 Pro client workstations can access shares only by IP, not name. Searching the archives, this seems to be a very common problem which has sometimes been solved and sometimes not. I've tried setting kerberos method = secrets and keytab in smb.conf and KB833708, both to no avail. 8-- c:\net view palatine System error 5 has occurred. Access is denied. c:\net view 192.168.0.250 Shared resources at 192.168.0.250 Samba server Share name ... 8-- Samba logs show in this case: [2012/10/17 12:07:02.607012, 3] libads/kerberos_verify.c:429(ads_secrets_verify_ticket) libads/kerberos_verify.c:429: enc type [23] failed to decrypt with error Encryption type not permitted which indicates that the Kerberos libraries are not permitting the encryption type, either because it is not available in the libraries or because it's restricted by the config. I believe the encryption type to be available in these libraries, so my guess is that it is not being permitted for some reason. I postulate that it's considered a weak type, so I propose to permit weak encryption types. Questions: 1. If for example I were to make a change in /etc/krb5.conf to permit less secure encryption types by setting [libdefaults] allow_weak_crypto = 1 do I have to restart Samba for the change to take effect? The reason for the question is that restarting Samba in this situation causes a good deal of grief for the users, so I'd rather not have to do it. 2. Is there a way to ask Samba what encryption types will be allowed and what types will not be allowed? 3. Is there a definitive list of the encryption types and the integers used to refer to them in the Samba logs? 4. Is there some kind of 'graceful' Samba restart which users wouldn't dislike so much? :) I've been R-ing the FM and searching archives for a couple of weeks solid now and it's starting to hurt, so any pointers to bits of the FM to R will be more than welcome. -- 73, Ged. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] access my created share in smb.conf Only by Ip
On 17/10/12 15:20, Carlos R. Pena Evertsz wrote: Hi Mohammad, I had the same problem like many others, so I think samba should include a note like mine in their documentation. This is the trick for successfully access the share with the hostname.. Be sure you have the following lines in the smb.conf: netbios name = yourhostname This is set by default wins support = yes This turns on the wins server, you should only turn this on if it is the only one. Find the name resolve order directive and be sure you have it in the following order. name resolve order = wins lmhosts hosts bcast Add the following line: hosts allow = the host ip / mask Where the host ip is your server ip. the mask is the mask you are using in all your windows clients. If you set it like this, the only machine that will be able to connect would be the server itself. It should be, from data supplied, 192.168.1.0/255.255.255.0 This would allow any computer on the subnet to connect. This is the most important thing. For example If you have in your server the mask 255.255.0.0 then all your clients must have the same network mask. Windows clients with the same mask of the server will see the server on the network with it hostname otherwise you need to access the server by its ip number. I think this is a Windows issue but they have left it in this way so we have to live with it. I hope this can help you. I doubt it. Rowland Carlos Santo Domingo, Dominican Republic On 10/17/2012 6:55 AM, Mohammad Ebrahim Abravi wrote: Hello samba4 rc3 *s4-ad - samba server Host name test.s4.com - domain name* *Dns Server - Samba Internal DNS server , Bind 9.9.1-P2* *win xp* have access to default share such as sysvol by dns name (\\test.s4.com \sysvol) but if created a share in smb.conf Only access by IP such as : \\test.s4.com\myshare - no access and ask me for user and password ! \\192.168.1.6\myshare - access If using *s4-ad.test.s4.com* my share accessible !!! \\test.s4.com\myshare - no access ! \\s4-ad.s4.com http://test.s4.com\myshare - access ! \\test.s4.com\sysvol - access ! \\*s4-ad* http://test.s4.com. http://test.s4.comtest.s4.com\sysvol - access ! Note: In *\\test.s4.com* seen all the shared directory, but not accessible in *samba alpha17* no need type *s4-ad* what happened ? This is Bug in samba4 rc3 ? Thanks -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] access my created share in smb.conf Only by Ip
Let Mohammad try my recommendations and them we will talk about it. On 10/17/2012 9:07 AM, Rowland Penny wrote: On 17/10/12 15:20, Carlos R. Pena Evertsz wrote: Hi Mohammad, I had the same problem like many others, so I think samba should include a note like mine in their documentation. This is the trick for successfully access the share with the hostname.. Be sure you have the following lines in the smb.conf: netbios name = yourhostname This is set by default wins support = yes This turns on the wins server, you should only turn this on if it is the only one. Find the name resolve order directive and be sure you have it in the following order. name resolve order = wins lmhosts hosts bcast Add the following line: hosts allow = the host ip / mask Where the host ip is your server ip. the mask is the mask you are using in all your windows clients. If you set it like this, the only machine that will be able to connect would be the server itself. It should be, from data supplied, 192.168.1.0/255.255.255.0 This would allow any computer on the subnet to connect. This is the most important thing. For example If you have in your server the mask 255.255.0.0 then all your clients must have the same network mask. Windows clients with the same mask of the server will see the server on the network with it hostname otherwise you need to access the server by its ip number. I think this is a Windows issue but they have left it in this way so we have to live with it. I hope this can help you. I doubt it. Rowland Carlos Santo Domingo, Dominican Republic On 10/17/2012 6:55 AM, Mohammad Ebrahim Abravi wrote: Hello samba4 rc3 *s4-ad - samba server Host name test.s4.com - domain name* *Dns Server - Samba Internal DNS server , Bind 9.9.1-P2* *win xp* have access to default share such as sysvol by dns name (\\test.s4.com \sysvol) but if created a share in smb.conf Only access by IP such as : \\test.s4.com\myshare - no access and ask me for user and password ! \\192.168.1.6\myshare - access If using *s4-ad.test.s4.com* my share accessible !!! \\test.s4.com\myshare - no access ! \\s4-ad.s4.com http://test.s4.com\myshare - access ! \\test.s4.com\sysvol - access ! \\*s4-ad* http://test.s4.com. http://test.s4.comtest.s4.com\sysvol - access ! Note: In *\\test.s4.com* seen all the shared directory, but not accessible in *samba alpha17* no need type *s4-ad* what happened ? This is Bug in samba4 rc3 ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 118, Issue 18
Pessoal, bom dia! Estarei de férias no período de 05/10 a 28/10, retornando no dia 29/10/2012. Na minha ausência as dúvidas poderão ser resolvidas pela seguinte equipe: Ricardo: Coordenação da equipe TI, e-mails e servidores – AMP e Inpacom - (011) 3616-1417 Igor: Gemma - AMP e Inpacom - (011) 3616-1438 Luciano e Vagner: Ginjo/ Silbra - Todos os sistemas - (011) 3659-3096 Robson: Indisa - Todos os sistemas - (019) 3765-6000 Essa é uma resposta automática. Até mais. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] temporary profiles problem - don't want roaming profiles
Apparently my problem is a bad combination of mystifying and uninteresting :-) since I've not had a reply. Can anyone maybe suggest how to debug this? How can I find out what name it's looking for when it gets The network name cannot be found ? Is it true that I should be able to have a Samba-3 Domain without roaming profiles by just specifying logon path = logon home = in smb.conf and not providing any *sambaProfilePath* attribute in LDAP ? On Fri, Oct 5, 2012 at 5:42 PM, Jeff Dickens j...@seamanpaper.com wrote: I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two remote sites, I have some Samba BDCs. For now I've manually entered the DCs as WINS servers on the workstations I'm using for testing. At the remote sites, I can log in with an account that has no logon path or logon home specified, and it works perfectly. But at the main site, when I try to log on to one of these accounts I get first get the can't find the server copy of the roaming profile and then can't find the local profile logging you in with a temporary profile errors. I can't figure this one out. I'm using the same account, and the samba setups are nearly identical - just one is a BDC and one a PDC. This is smb.conf on the PDC: [global] workgroup = SEAMANPAPER server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 137 138 139 445 name resolve order = wins bcast hosts load printers = No printcap name = /dev/null disable spoolss = Yes rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 logon path = logon home = domain logons = Yes os level = 65 domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=intranet,dc=seamanpaper,dc=com ldap ssl = no ldap user suffix = ou=People panic action = /usr/share/samba/panic-action %d idmap config * : range = 100-199 idmap config * : backend = ldap printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [profiles] comment = Windows Profiles path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes browseable = No csc policy = disable [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No and on the BDC: [global] workgroup = SEAMANPAPER server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 137 138 139 445 name resolve order = wins bcast hosts load printers = No printcap name = /dev/null disable spoolss = Yes rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 logon path = logon home = domain logons = Yes os level = 65 domain master = No dns proxy = No wins proxy = Yes wins server = 192.168.10.127 ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com ldap group suffix =
[Samba] Permissions opening exel
When a user from a windows machine connects authentication to a share works fine. When they try to say, execute a excel document directly from a directory, user is presented with read only. If they try to drag the to the desktop from the share, thats ok make changes and save, thats ok. move the file back. permission denied. When i created the shares i applied chmod . The users are standard users under ubuntu server 12.4 lts. The conf file is using: Valid user = user Do i need to use. Writeable,browse, readonly =??? Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win2k auth on named share fails on mixed Windows network.
There was a problem with Debian Squeeze in early 2010 while still in testing, but it was fixed before being released as stable, so may not be the exact same problem. The problem was related to libkrb5-3. For me, it affected both w2k and xp systems - there were no Vista/Win7 systems here at that time. Check to see if this is relevant to you: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977 'smbcontrol [all/smbd/nmbd/winbindd] reload-config' might be the graceful restart for which you are looking. Dale On 10/17/2012 9:06 AM, G.W. Haywood wrote: Hi there, Background: Samba 3.6.6 compiled from source on Debian Squeeze using the Debian- installed Kerberos (1.8.3) libraries. Running in an Active directory domain with mixed Win2k Server and Win2k3 Server DCs. Yes, I've been trying to persuade them. Both WINS and DNS name resolution work on the system. Samba uses the DCs for WINS, and the DCs are also name servers with an additional forwarder (dnsmasq) running on a firewall. Under normal circumstances, Windows 7 Pro and XP Pro clients have no problems (although a power failure does generally throw a spanner in the works for several hours - may be the subject of another thread). With the appropriate credentials, 'smbclient' running on the Linux server can connect to shares, but using the same credentials Windows 2000 Pro client workstations can access shares only by IP, not name. Searching the archives, this seems to be a very common problem which has sometimes been solved and sometimes not. I've tried setting kerberos method = secrets and keytab in smb.conf and KB833708, both to no avail. 8-- c:\net view palatine System error 5 has occurred. Access is denied. c:\net view 192.168.0.250 Shared resources at 192.168.0.250 Samba server Share name ... 8-- Samba logs show in this case: [2012/10/17 12:07:02.607012, 3] libads/kerberos_verify.c:429(ads_secrets_verify_ticket) libads/kerberos_verify.c:429: enc type [23] failed to decrypt with error Encryption type not permitted which indicates that the Kerberos libraries are not permitting the encryption type, either because it is not available in the libraries or because it's restricted by the config. I believe the encryption type to be available in these libraries, so my guess is that it is not being permitted for some reason. I postulate that it's considered a weak type, so I propose to permit weak encryption types. Questions: 1. If for example I were to make a change in /etc/krb5.conf to permit less secure encryption types by setting [libdefaults] allow_weak_crypto = 1 do I have to restart Samba for the change to take effect? The reason for the question is that restarting Samba in this situation causes a good deal of grief for the users, so I'd rather not have to do it. 2. Is there a way to ask Samba what encryption types will be allowed and what types will not be allowed? 3. Is there a definitive list of the encryption types and the integers used to refer to them in the Samba logs? 4. Is there some kind of 'graceful' Samba restart which users wouldn't dislike so much? :) I've been R-ing the FM and searching archives for a couple of weeks solid now and it's starting to hurt, so any pointers to bits of the FM to R will be more than welcome. -- 73, Ged. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Regarding samba add with AD
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081/Join-Samba-3-to-Your--Active-Directory-Domain.htm http://www.enterprisenetworkingplanet.com/netsysm/article.php/3502441/Join-Linux-to-Active-Directory-With-Winbind.htm Simplest howto I've seen. Dale On 10/16/2012 4:24 AM, Dinakar wrote: Dear team, kindly send to me steps(config file edit and all other steps) for add Samba system into AD if you having video send me thats also Thanking you Regards, *Dhinakaran* *kilpauk ,chennai * *Mob: +91-9176472187* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is there any limitation in cn field length??
On 10/16/2012 05:36 AM, fe...@epepm.cupet.cu wrote: Hello: I'm using samba4.1.0pre1. I'm having some issues with users whose cn field length is shorter than 5 characters in specific with the openfire server (jabber server). It was working fine when I had a windows 2003 server as a domain controller and once I migrated to samba4, users with short cn fields get an authentication error: Not authorized. Is there any limitation on the length of cn field?? Not that I'm aware of can you increase the log level of samba ? Can you also see what's going on when you try to do ldbsearch -H ldap://ip_dc -s base -Uuser%password where user is a user with a short CN ? Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc3 Available for Download
On 10/17/2012 04:54 AM, steve wrote: On 16/10/12 15:17, Rowland Penny wrote: On 16/10/12 14:10, steve wrote: To get rc3 do I have to download the tarball and rebuild? Cheers, Steve Hi again Steve, in a nutshell, yes Hi Rowland Where do you get it? I looked here: https://ftp.samba.org/pub/samba/samba4/ Or http://samba.org then click on version and notes then click on the 4.0.0rc3 links, or just read emails before replying to them, quoting the announce email from Karolin: Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/rc/ ^^^ the address The release notes are available online at: http://www.samba.org/samba/ftp/rc/WHATSNEW-4-0-0rc3.txt Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) Also please note that samba4 != samba 4.0.0, samba4 was (is?) our project for AD DC support in samba, samba 4.0.0 is the merge of this project and the new development branch that started when we released Samba 3.6.0. HTH. Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 519836e Disable special box International Sites. from 6c326f1 Announce Samba 4.0.0rc3. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 519836e353508d578fc01d8f53293a72012168be Author: Karolin Seeger ksee...@samba.org Date: Wed Oct 17 09:49:29 2012 +0200 Disable special box International Sites. SerNet does not provide german news any longer, so the link should be removed. Karolin --- Summary of changes: index.html |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/index.html b/index.html index eeef19c..473e39d 100644 --- a/index.html +++ b/index.html @@ -77,6 +77,7 @@ /div div class=specialBoxBottom/div /div + !-- div class=specialBox id=specialBoxInternational div class=specialBoxContent h4International Sites/h4 @@ -87,6 +88,7 @@ /div div class=specialBoxBottom/div /div + -- div class=specialBox id=specialBoxRelated div class=specialBoxContent h4Related Sites/h4 -- Samba Website Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-10-17-1047/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-17-1047/samba3.stderr http://git.samba.org/autobuild.flakey/2012-10-17-1047/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-17-1047/samba.stderr http://git.samba.org/autobuild.flakey/2012-10-17-1047/samba.stdout The top commit at the time of the failure was: commit 029654897d721308c9ee782aee420abddce7edee Author: Rusty Russell ru...@rustcorp.com.au Date: Sun Oct 14 16:05:58 2012 +1030 ccan: check for all the used config.h defines In particular, not checking for byteswap.h meant we defined duplicates: https://bugzilla.samba.org/show_bug.cgi?id=9286 Signed-off-by: Rusty Russell ru...@rustcorp.com.au Autobuild-User(master): Rusty Russell ru...@rustcorp.com.au Autobuild-Date(master): Wed Oct 17 01:55:14 CEST 2012 on sn-devel-104
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 043b631 Remove old link. from 519836e Disable special box International Sites. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 043b631eb07f8f249bcbd7fb6e1c77d1ee207aaa Author: Karolin Seeger ksee...@samba.org Date: Wed Oct 17 11:47:37 2012 +0200 Remove old link. Karolin --- Summary of changes: index.html |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/index.html b/index.html index 473e39d..71f84c4 100644 --- a/index.html +++ b/index.html @@ -95,7 +95,6 @@ ul lia href=http://linux-cifs.samba.org/;linux-cifs.samba.org/a/li - lia href=http://survey.samba.org/;survey.samba.org/a/li lia href=http://talloc.samba.org/;talloc.samba.org/a/li lia href=http://tevent.samba.org/;tevent.samba.org/a/li lia href=http://tdb.samba.org/;tdb.samba.org/a/li -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d09ac96 Removed phpldapadmin inclusion for Samba 4. via 83d34bb dns_server: Try and use the dns-SERVER account if we were configured with it from 0296548 ccan: check for all the used config.h defines http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d09ac9636af6a31098156ca65ab62e11ce3a5d15 Author: Ricky Nance ricky.na...@weaubleau.k12.mo.us Date: Tue Oct 16 00:52:51 2012 -0500 Removed phpldapadmin inclusion for Samba 4. Signed-off-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Oct 17 12:55:44 CEST 2012 on sn-devel-104 commit 83d34bb2bbcbc0ebbcb81825590363e996979e08 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 16 15:08:30 2012 +1100 dns_server: Try and use the dns-SERVER account if we were configured with it --- Summary of changes: source4/dns_server/dns_server.c| 61 +++- .../scripting/python/samba/provision/__init__.py | 20 --- source4/scripting/python/samba/tests/provision.py | 10 --- source4/setup/phpldapadmin-config.php | 20 --- 4 files changed, 47 insertions(+), 64 deletions(-) delete mode 100644 source4/setup/phpldapadmin-config.php Changeset truncated at 500 lines: diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c index 8e25396..6824fef 100644 --- a/source4/dns_server/dns_server.c +++ b/source4/dns_server/dns_server.c @@ -748,7 +748,11 @@ static void dns_task_init(struct task_server *task) int ret; struct ldb_result *res; static const char * const attrs[] = { name, NULL}; + static const char * const attrs_none[] = { NULL}; unsigned int i; + struct ldb_message *dns_acc; + char *hostname_lower; + char *dns_spn; switch (lpcfg_server_role(task-lp_ctx)) { case ROLE_STANDALONE: @@ -787,29 +791,58 @@ static void dns_task_init(struct task_server *task) return; } - cli_credentials_set_conf(dns-server_credentials, task-lp_ctx); - status = cli_credentials_set_machine_account(dns-server_credentials, task-lp_ctx); - if (!NT_STATUS_IS_OK(status)) { - task_server_terminate(task, - talloc_asprintf(task, Failed to obtain server credentials, perhaps a standalone server?: %s\n, - nt_errstr(status)), - true); + dns-samdb = samdb_connect(dns, dns-task-event_ctx, dns-task-lp_ctx, + system_session(dns-task-lp_ctx), 0); + if (!dns-samdb) { + task_server_terminate(task, dns: samdb_connect failed, true); return; } + cli_credentials_set_conf(dns-server_credentials, task-lp_ctx); + + hostname_lower = strlower_talloc(dns, lpcfg_netbios_name(task-lp_ctx)); + dns_spn = talloc_asprintf(dns, DNS/%s.%s, + hostname_lower, + lpcfg_dnsdomain(task-lp_ctx)); + TALLOC_FREE(hostname_lower); + + ret = dsdb_search_one(dns-samdb, dns, dns_acc, + ldb_get_default_basedn(dns-samdb), LDB_SCOPE_SUBTREE, + attrs_none, 0, (servicePrincipalName=%s), + dns_spn); + if (ret == LDB_SUCCESS) { + TALLOC_FREE(dns_acc); + if (!dns_spn) { + task_server_terminate(task, dns: talloc_asprintf failed, true); + return; + } + status = cli_credentials_set_stored_principal(dns-server_credentials, task-lp_ctx, dns_spn); + if (!NT_STATUS_IS_OK(status)) { + task_server_terminate(task, + talloc_asprintf(task, Failed to obtain server credentials for DNS, + despite finding it in the samdb! %s\n, + nt_errstr(status)), + true); + return; + } + } else { + TALLOC_FREE(dns_spn); + status = cli_credentials_set_machine_account(dns-server_credentials, task-lp_ctx); + if (!NT_STATUS_IS_OK(status)) { + task_server_terminate(task, + talloc_asprintf(task, Failed to obtain server credentials, perhaps a standalone server?: %s\n, + nt_errstr(status)), + true); +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b557f34 s3:smbd: fix brace placements in validate_my_share_entries() for readability via 678cc44 s3:smbd: also log the offline flag when debugging the dos-mode from d09ac96 Removed phpldapadmin inclusion for Samba 4. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b557f34c80c9326d9aa887366501366bf3956ce1 Author: Michael Adam ob...@samba.org Date: Wed Sep 26 09:08:17 2012 +0200 s3:smbd: fix brace placements in validate_my_share_entries() for readability according to coding guidelines Signed-off-by: Michael Adam ob...@samba.org Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Oct 17 14:37:58 CEST 2012 on sn-devel-104 commit 678cc4403f78d36f277940add7b7b4294e13100e Author: Michael Adam ob...@samba.org Date: Thu Oct 11 07:41:19 2012 +0200 s3:smbd: also log the offline flag when debugging the dos-mode Signed-off-by: Michael Adam ob...@samba.org Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/smbd/dosmode.c |1 + source3/smbd/open.c|6 -- 2 files changed, 5 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index ad04a65..a98ac07 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -684,6 +684,7 @@ uint32 dos_mode(connection_struct *conn, struct smb_filename *smb_fname) if (result FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, (d)); if (result FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, (a)); if (result FILE_ATTRIBUTE_SPARSE ) DEBUG(8, ([sparse])); + if (result FILE_ATTRIBUTE_OFFLINE ) DEBUG(8, ([offline])); DEBUG(8,(\n)); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index efabe4a..7eb9f32 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1012,7 +1012,8 @@ static void validate_my_share_entries(struct smbd_server_connection *sconn, } if (is_deferred_open_entry(share_entry) - !open_was_deferred(sconn, share_entry-op_mid)) { + !open_was_deferred(sconn, share_entry-op_mid)) + { char *str = talloc_asprintf(talloc_tos(), Got a deferred entry without a request: PANIC: %s\n, @@ -1038,7 +1039,8 @@ static void validate_my_share_entries(struct smbd_server_connection *sconn, } if ((share_entry-op_type == NO_OPLOCK) - (fsp-oplock_type == FAKE_LEVEL_II_OPLOCK)) { + (fsp-oplock_type == FAKE_LEVEL_II_OPLOCK)) + { /* Someone has already written to it, but I haven't yet * noticed */ return; -- Samba Shared Repository