[Samba] CTDB / Samba / GFS2 - Performance - with Picture Link
Hi Volker, so i looked fort he brlock.tdb file and its local on each node. I added posix locking = no and locking = no. I think it will run now better. I again a strace file to the server. What do you think? http://dev.kupper-computer.com/intern/smbd_no_locking.txt I also added fileid:algorithm = fsname vfs objects = fileid for gfs2 whats better fsid or fileid? Thanks Sven -Ursprüngliche Nachricht- Von: Volker Lendecke [mailto:volker.lende...@sernet.de] Gesendet: Dienstag, 27. November 2012 17:05 An: Vogel, Sven Cc: samba@lists.samba.org Betreff: Re: [Samba] CTDB / Samba / GFS2 - Performance - with Picture Link On Tue, Nov 27, 2012 at 03:50:40PM +, Vogel, Sven wrote: Hi Volker, thanks for the fast reply. So used the strace command. I am not so a strace specialist but is it possible that the problem are the many polls?` 12513 15:33:24.593065 poll([{fd=9, events=POLLIN|POLLHUP}, {fd=7, events=POLLIN|POLLHUP}, {fd=40, events=POLLIN|POLLHUP}, {fd=32, events=POLLIN|POLLHUP}, {fd=34, events=POLLIN|POLLHUP}], 5, 4436) = 1 ([{fd=32, revents=POLLIN}]) 0.002497 12513 15:33:24.595615 read(32, \0\0\0T, 4) = 4 0.17 i added a link to the strace. I dont see which syscalls take long. There are such many syscalls in any second so i dont know whats normal. :-| http://dev.kupper-computer.com/intern/smbd.txt Did you have any idea? One question -- do you have your brlock.tdb on gfs? If so, move them to a local file system, they will be taken care of by ctdb. Your fcntl calls on that seem slow. Also, you might want to try posix locking = no. There is a call at timestamp 15:32:47.383963, 1.9 seconds to find out whether a range is locked. That shows that at this point in time GFS was busy regarding fcntl locks. Also, your network or your client seems to have a problem. For example at timestamp 15:32:51.837717 we are waiting 30 milliseconds for a new request from the client. This is very long for a client continuously trying to write. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CTDB / Samba / GFS2 - Performance - with Picture Link
On Wed, Nov 28, 2012 at 11:11:16AM +, Vogel, Sven wrote: Hi Volker, so i looked fort he brlock.tdb file and its local on each node. I added posix locking = no and locking = no. I think it will run now better. I again a strace file to the server. What do you think? I would not run with locking=no. It will certainly be faster, but it might cause data corruption. http://dev.kupper-computer.com/intern/smbd_no_locking.txt I also added fileid:algorithm = fsname vfs objects = fileid for gfs2 whats better fsid or fileid? Dunno, I never used GFS2, sorry. RedHat ships a cluster product with GFS2 and Samba, maybe they have a recommendation. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Custom, per share (or user) dfree command?
Hi list, I am Mikael and I am new to this list. In our data center I need to give some users low end backup storage to Windows servers. For this I thought Samba shares could be a very easy and nice solution. I am able to limit the user's disk usage with file system quota, but unfortunately the disk space and usage reported to the Windows machines are the total amount of storage space and the total amount of space left on the entire backup server. This is not that nice. I would like to somehow tweak the way Samba reports disk usage and total amount of disk space to its Windows clients. I could imagine a custom script that I write to get the user's quota information and pass that along to the clients. I have noticed that there is a dfree command in the global section. But that seems not to be able to work share specific. I must be able to somehow resolve a username-share mapping and get quota from that specific user. I thought about using homes instead of plain shares, but I'm not sure if that would help me in any way. I also played with the idea to have each user a loopback mounted file system of their own. Problem is that then they always use up all their storage space even if they actually don't need it. That's far from optimal. My backup server is an Ubuntu 12.04 LTS and the file system is ext3. The reasons for that old file system are historical and not easily replacable right now. But if changing file system is a requirement, I will consider it. The Samba version is the one packaged with Ubuntu (3.6.3-2ubuntu2.1). I appreciate all help and hints I can get. TIA, Mikael Bak -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Custom, per share (or user) dfree command?
Hi Mikael, On 11/28/2012 03:44 PM, Бак Микаел wrote: I am Mikael and I am new to this list. Welcome to the Samba mailing list :-) I am able to limit the user's disk usage with file system quota, but unfortunately the disk space and usage reported to the Windows machines are the total amount of storage space and the total amount of space left on the entire backup server. This is not that nice. I would like to somehow tweak the way Samba reports disk usage and total amount of disk space to its Windows clients. I could imagine a custom script that I write to get the user's quota information and pass that along to the clients. I have noticed that there is a dfree command in the global section. But that seems not to be able to work share specific. I must be able to somehow resolve a username-share mapping and get quota from that specific user. You can set the dfree command per share, but for use with the home shares it would need some more configuration. I thought about using homes instead of plain shares, but I'm not sure if that would help me in any way. Yes, this is the problem, you should use homes. I think the get quota command option is what you are looking for. It's a global option that specifies a custom script which receives amongst others information about the directory (e.g. /home) and a specific user/group. In this script you can use system tools to determine the needed values (e.g. free/used space). Please refer to the smb.conf man page for more information about the get quota command. Probably you'll find such a script for you system by searching for get quota command and your quota system. Best regards Björn -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Really confused on Samba and ACL
Hello, I am trying to build a Samba standalone server to serve file sharing in our office for both Ubuntu and Windows clients. Ubuntu user will use mount.cifs to mount the share. Windows (XP/7) will use workgroup to access the share. I am using Samba 3.6.9 on CentOS 6.3 (64bit). Now I am having problem to setup correct ACL so please help me. Here is my situation: I'll have directories like: /projects /projects/US /projects/US/clientA /projects/US/clientB /projects/US/clientB/projectXX /projects/US/clientB/projectYY /projects/CA /projects/MX Groups: --staff: all staff --projectadmin: the bosses (have full access to /projects and sub dirs) --projmanageus: US regional managers (have full access to /projects/US and sub dirs.) --projmanageca: Canada regional managers(have full access to /projects/CA and sub dirs.) --projmanagemx: Mexico regional managers(have full access to /projects/MX and sub dirs.) --projectXXgroup: (access the projectXX and sub dirs only) --projectYYgroup: (access the projectYY and sub dirs only) Here is the confused part: How many shares should I setup? I like to just setup one share projects and allow everyone to be able to mount it via cifs. But the further navigate (cd) will be controlled by ACL. For example, after mount the projects, user see all 3 sub dirs: US CA MX. But only member of projectadmin, projmanageus, projectXXgroup can access /projects/US/clientB/projectXX. I am trying to keep it simple to manage the share and the permission. So is the above possible? or I am totally on the wrong direction? Please help. Thanks a lot. Gao -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4 join error to MS Server 2003 - WERR_GENERAL_FAILURE
Hi all, I am just experimenting with Samba 4. I have a Ubuntu server 12.04 with samba 4 compiled successfully. I have webmin installed as well. I am trying to connect the Ubuntu/Samba server on system GIS30 to a web domain called CODOMAIN. CODOMAIN is administered by gis-server-2 a Microsoft Windows Server 2003 R2, Standard x64 - Edition Version 5.2 (Build 3790 : Service Pack 2) (x64). Gis-server-2 is an Active Directory server, and Exchange server. (Exchange Server 2007 Microsoft Corporation Version: 08.01.0436.000) If I was to guess it looks like the Exchange server component is causing some problem. I can see others referencing the error Failed to commit objects: WERR_GENERAL_FAILURE The following thread was from July 2012 and it appears some fix was put into the main but I believe I have downloaded and compiled a more current release of Samba 4 and yet I am still getting this error. http://samba.2283325.n4.nabble.com/Can-t-join-as-DC-on-Samba4-Beta4-5-td4634916.html Is there an update on this? Thanks for any help. When I attempt the join it fails. Below is the command line display. root@gis30://root/samba-master# bin/samba-tool domain join CODOMAIN.LOCAL DC --username=nwadmin --realm=CODOMAIN.LOCAL Finding a writeable DC for domain 'CODOMAIN.LOCAL' Found DC gis-server-2.CODomain.local Password for [CODOMAIN\nwadmin]: workgroup is CODOMAIN realm is CODomain.local checking sAMAccountName Adding CN=GIS30,OU=Domain Controllers,DC=CODomain,DC=local Adding CN=GIS30,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CODomain,DC=local Adding CN=NTDS Settings,CN=GIS30,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CODomain,DC=local Adding SPNs to CN=GIS30,OU=Domain Controllers,DC=CODomain,DC=local Setting account password for GIS30$ Enabling account Calling bare provision No IPv6 address will be assigned Provision OK for domain DN DC=CODomain,DC=local Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local] objects[402] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local] objects[804] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local] objects[1206] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local] objects[1608] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local] objects[2010] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local] objects[2412] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local] objects[2814] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=CODomain,DC=local] objects[3032] linked_values[0] Analyze and apply schema objects Partition[CN=Configuration,DC=CODomain,DC=local] objects[402] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[804] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[1206] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[1608] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[2010] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[2412] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[2814] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[3216] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[3618] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[4009] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[4238] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[4395] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[4554] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[4737] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[4837] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[4922] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[5010] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[5097] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[5183] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[5272] linked_values[0] Partition[CN=Configuration,DC=CODomain,DC=local] objects[5411] linked_values[0] Failed to apply records: attribute 'msExchOWATranscodingFileTypes': value #1 on 'CN=owa (Default Web Site),CN=HTTP,CN=Protocols,CN=GIS-SERVER-2,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=CODomain,DC=local' provided more than once: Attribute or value exists Failed to commit objects: WERR_GENERAL_FAILURE Join failed - cleaning up checking sAMAccountName Deleted CN=GIS30,OU=Domain Controllers,DC=CODomain,DC=local Deleted CN=NTDS
Re: [Samba] samba4 AD DNS zone corrupted
On 11/27/2012 08:32 PM, Matthieu Patou wrote: On 11/27/2012 02:56 PM, Johannes Schmid wrote: # samba-tool dns query sambapdc.mydomain.local mydomain.local @ ALL ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR') File /usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py, line 162, in _run return self.run(*args, **kwargs) File /usr/lib/python2.7/dist-packages/samba/netcmd/dns.py, line 925, in run Can you restart samba ? Also can you rerun this command with -d 10 and post the log on the list ? Restarting samba did not help (I already tried that multiple times). But thanks for the hint. I should have tried that myself! Anyway, I found what the problem is. Basically the problem cannot be seen in the samba-tool dns query debug output, but it can be seen on the samba *server* debug output. It look like the problem is an invalid record in the DNS zone: [2012/11/29 00:30:46, 2] ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone . [2012/11/29 00:30:46, 2] ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone mydomain.local [2012/11/29 00:30:46, 2] ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone 122.168.192.in-addr.arpa [2012/11/29 00:30:46, 2] ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone _msdcs.mydomain.local [2012/11/29 00:30:46, 1] ../librpc/ndr/ndr.c:411(ndr_pull_error) ndr_pull_error(11): Pull bytes 10 (../librpc/ndr/ndr_basic.c:420) [2012/11/29 00:30:46, 0] ../source4/rpc_server/dnsserver/dnsdata.c:782(dns_fill_records_array) dnsserver: Unable to parse dns record (DC=_kerberos,DC=mydomain.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local)Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED' [2012/11/29 00:30:46, 5] ../source4/lib/messaging/messaging.c:554(imessaging_cleanup) imessaging: cleaning up /var/lib/samba/private/smbd.tmp/msg/msg.0:0.43 [2012/11/29 00:30:46, 3] ../source4/smbd/process_single.c:104(single_terminate) single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED] I now remember that I added the _kerberos.mydomain.local TXT record in the Windows DNS administration MSC GUI. I now know that it is not necessary at all and that it shouldn't be there :) But I get an error when trying to delete the record: # samba-tool dns delete sambapdc.mydomain.local mydomain.local _kerberos TXT MYDOMAIN.LOCAL ERROR: Deleting record of type TXT is not supported Looks like samba isn't ready for handling TXT records in DNS :-( Unfortunately, I somehow got my TXT record into the zone and I have no idea how to remove it again. Again, any help is really appreciated! - PS: For completeness, here is the requested output: # samba-tool dns query sambapdc.mydomain.local mydomain.local @ ALL -d 10 INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] Processing section [netlogon] Processing section [sysvol] pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:sambapdc.mydomain.local[,sign] Mapped to DCERPC endpoint 135 added interface br0 ip=fe80::ea40:f2ff:fe3e:4e04%br0 bcast=fe80:::::%br0 netmask=::::: added interface vnet0 ip=fe80::fc54:ff:fe13:2bb1%vnet0 bcast=fe80:::::%vnet0 netmask=::::: added interface br0 ip=192.168.35.30 bcast=192.168.35.255 netmask=255.255.255.0 added interface br0 ip=fe80::ea40:f2ff:fe3e:4e04%br0 bcast=fe80:::::%br0 netmask=::::: added interface vnet0 ip=fe80::fc54:ff:fe13:2bb1%vnet0 bcast=fe80:::::%vnet0 netmask=::::: added interface br0 ip=192.168.35.30 bcast=192.168.35.255 netmask=255.255.255.0 rpc request data: [] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 K...K... [0020] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE PMW.@.f. [0030] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D O...v... ...] [0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ..+.H`.. [0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00
Re: [Samba] samba4 AD DNS zone corrupted
Hi, If you want to delete the TXT record my suggestion would be to use nsupdate. This tool is part of BIND. My advice would be to avoid samba-tool, or at least the dns part of it. When I tried to use it I just got errors. I think it's still rather experimental. But nsupdate works. One catch. DNS update requests to AD must be kerberos authenticated. This means you need the krb5 tool kinit. I use CentOS, and this is part of the krb5-workstation package. I don't know what you are using so I can't advise there. Run kinit and authenticate as the domain administrator: # kinit Administrator Response: Password for Administrator at MYDOMAIN.LOCAL: mypassword Then launch nsupdate: # nsupdate -g To delete the TXT record: update delete mydomain.local TXT send If you still have problems you could use nsupdate to update all the main zone entry records for the AD domain. To update a record just enter it again with the new values. Therefore: update add mydomain.local 3600 SOA server.mydomain.local hostmaster.mydomain.local serial-no 900 600 86400 3600 update add mydomain.local 3600 NS server.mydomain.local update add mydomain.local 3600 A 192.168.0.1 update add server.mydomain.local 3600 A 192.168.0.1 send These are the records created by Samba when provisioning the domain. Obviously adjust values to suit your hostname and IP address and increment the serial. You can use dig to report everything you currently have: # dig -t ANY mydomain.local For the record, I have a TXT record in my AD domain and it doesn't cause a problem. I can't recall whether I added it with nsupdate or the Windows DNS Manager, but I think it was the latter. Good luck. Regards, Stephen Jones Lloyd Systems Engineering On Thu, Nov 29, 2012, at 10:59 AM, Johannes Schmid wrote: On 11/27/2012 08:32 PM, Matthieu Patou wrote: On 11/27/2012 02:56 PM, Johannes Schmid wrote: # samba-tool dns query sambapdc.mydomain.local mydomain.local @ ALL ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR') File /usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py, line 162, in _run return self.run(*args, **kwargs) File /usr/lib/python2.7/dist-packages/samba/netcmd/dns.py, line 925, in run Can you restart samba ? Also can you rerun this command with -d 10 and post the log on the list ? Restarting samba did not help (I already tried that multiple times). But thanks for the hint. I should have tried that myself! Anyway, I found what the problem is. Basically the problem cannot be seen in the samba-tool dns query debug output, but it can be seen on the samba *server* debug output. It look like the problem is an invalid record in the DNS zone: [2012/11/29 00:30:46, 2] ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone . [2012/11/29 00:30:46, 2] ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone mydomain.local [2012/11/29 00:30:46, 2] ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone 122.168.192.in-addr.arpa [2012/11/29 00:30:46, 2] ../source4/rpc_server/dnsserver/dnsdb.c:136(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone _msdcs.mydomain.local [2012/11/29 00:30:46, 1] ../librpc/ndr/ndr.c:411(ndr_pull_error) ndr_pull_error(11): Pull bytes 10 (../librpc/ndr/ndr_basic.c:420) [2012/11/29 00:30:46, 0] ../source4/rpc_server/dnsserver/dnsdata.c:782(dns_fill_records_array) dnsserver: Unable to parse dns record (DC=_kerberos,DC=mydomain.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local)Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED' [2012/11/29 00:30:46, 5] ../source4/lib/messaging/messaging.c:554(imessaging_cleanup) imessaging: cleaning up /var/lib/samba/private/smbd.tmp/msg/msg.0:0.43 [2012/11/29 00:30:46, 3] ../source4/smbd/process_single.c:104(single_terminate) single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED] I now remember that I added the _kerberos.mydomain.local TXT record in the Windows DNS administration MSC GUI. I now know that it is not necessary at all and that it shouldn't be there :) But I get an error when trying to delete the record: # samba-tool dns delete sambapdc.mydomain.local mydomain.local _kerberos TXT MYDOMAIN.LOCAL ERROR: Deleting record of type TXT is not supported Looks like samba isn't ready for handling TXT records in DNS :-( Unfortunately, I somehow got my TXT record into the zone and I have no idea how to remove it again. Again, any help is really appreciated! - PS: For completeness, here is the requested output: # samba-tool dns query sambapdc.mydomain.local mydomain.local @ ALL -d 10 INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 9872a73 docs: Add some binaries to the SEE ALSO section via 7001c0a docs: Fix version in man smb.conf. via aa1e012 s3-rpc_client: try to use socket_addr if available in rpc_pipe_open_tcp() (bug #9426) from 92c3c86 WHATSNEW: Update changes since rc5. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 9872a7370ff7d59b6a86f52a92edaf947c8afdf4 Author: Karolin Seeger ksee...@samba.org Date: Tue Nov 27 11:46:38 2012 +0100 docs: Add some binaries to the SEE ALSO section of man smb.conf. Karolin Reviewed by: Jeremy Allison j...@samba.org (cherry picked from commit 5f0f50c542450b7ede855f8e538ec90450cd10ab) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Wed Nov 28 10:47:39 CET 2012 on sn-devel-104 commit 7001c0a7dfc4778096ad50dd756075078facd9e3 Author: Karolin Seeger ksee...@samba.org Date: Tue Nov 27 11:29:26 2012 +0100 docs: Fix version in man smb.conf. Karolin Reviewed by: Jeremy Allison j...@samba.org (cherry picked from commit 4a1b16fe57c31ae8125475137088215426997749) commit aa1e0127657a8a4668fd005ee6a9ba1d96c3d2ec Author: Günther Deschner g...@samba.org Date: Fri Nov 23 18:15:30 2012 +0100 s3-rpc_client: try to use socket_addr if available in rpc_pipe_open_tcp() (bug #9426) Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Nov 26 17:36:20 CET 2012 on sn-devel-104 --- Summary of changes: docs-xml/manpages/smb.conf.5.xml |5 - source3/rpc_client/cli_pipe.c| 23 --- source3/rpc_client/cli_pipe.h|1 + source3/torture/rpc_open_tcp.c |3 ++- 4 files changed, 23 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/smb.conf.5.xml b/docs-xml/manpages/smb.conf.5.xml index a73382f..71b097b 100644 --- a/docs-xml/manpages/smb.conf.5.xml +++ b/docs-xml/manpages/smb.conf.5.xml @@ -792,7 +792,7 @@ chmod 1770 /usr/local/samba/lib/usershares refsect1 titleVERSION/title - paraThis man page is correct for version 3 of the Samba suite./para + paraThis man page is correct for version 4 of the Samba suite./para /refsect1 refsect1 @@ -803,6 +803,9 @@ chmod 1770 /usr/local/samba/lib/usershares manvolnum8/manvolnum/citerefentry, citerefentryrefentrytitleswat/refentrytitle manvolnum8/manvolnum/citerefentry, citerefentryrefentrytitlesmbd/refentrytitle manvolnum8/manvolnum/citerefentry, citerefentryrefentrytitlenmbd/refentrytitle + manvolnum8/manvolnum/citerefentry, citerefentryrefentrytitlewinbindd/refentrytitle + manvolnum8/manvolnum/citerefentry, citerefentryrefentrytitlesamba/refentrytitle + manvolnum8/manvolnum/citerefentry, citerefentryrefentrytitlesamba-tool/refentrytitle manvolnum8/manvolnum/citerefentry, citerefentryrefentrytitlesmbclient/refentrytitle manvolnum1/manvolnum/citerefentry, citerefentryrefentrytitlenmblookup/refentrytitle manvolnum1/manvolnum/citerefentry, citerefentryrefentrytitletestparm/refentrytitle diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index f8c7b24..61e6cce 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2420,6 +2420,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, * Create an rpc pipe client struct, connecting to a tcp port. */ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host, + const struct sockaddr_storage *ss_addr, uint16_t port, const struct ndr_syntax_id *abstract_syntax, struct rpc_pipe_client **presult) @@ -2448,9 +2449,13 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host, result-max_xmit_frag = RPC_MAX_PDU_FRAG_LEN; result-max_recv_frag = RPC_MAX_PDU_FRAG_LEN; - if (!resolve_name(host, addr, NBT_NAME_SERVER, false)) { - status = NT_STATUS_NOT_FOUND; - goto fail; + if (ss_addr == NULL) { + if (!resolve_name(host, addr, NBT_NAME_SERVER, false)) { + status = NT_STATUS_NOT_FOUND; + goto fail; + } + } else { + addr = *ss_addr; } status = open_socket_out(addr, port, 60*1000, fd); @@ -2487,6 +2492,7 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host, * target host. */
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bc6bcee s3:vfs_gpfs: add no memory check in gpfs2smb_acl() via 0f630ab s3:vfs_gpfs: make sure we return the correct errno in gpfs2smb_acl() via b3eb78c s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl() via d598704 s3:vfs_aixacl2: make use of vfs_aixacl_util.h from 00e2d83 s3: Open gencache_notrans with TDB_NOSYNC http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bc6bceec655f241f23d713edc0d7a2633b5d6592 Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 28 11:44:58 2012 +0100 s3:vfs_gpfs: add no memory check in gpfs2smb_acl() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Wed Nov 28 14:06:27 CET 2012 on sn-devel-104 commit 0f630abb3f197a8b672c6aa96362d83fdad1f92f Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 28 11:44:15 2012 +0100 s3:vfs_gpfs: make sure we return the correct errno in gpfs2smb_acl() TALLOC_FREE() could overwrite errno. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit b3eb78c4f7123ccad6af50379c29d0939590d1ff Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 28 11:38:13 2012 +0100 s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit d5987048347beefa720f902d97b621e6cb719fdf Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 28 11:21:51 2012 +0100 s3:vfs_aixacl2: make use of vfs_aixacl_util.h This should fix the build. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org --- Summary of changes: source3/modules/vfs_aixacl2.c |4 +--- source3/modules/vfs_gpfs.c|7 ++- source3/smbd/open.c |2 ++ 3 files changed, 9 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c index 327b06d..65625d1 100644 --- a/source3/modules/vfs_aixacl2.c +++ b/source3/modules/vfs_aixacl2.c @@ -21,15 +21,13 @@ #include system/filesys.h #include smbd/smbd.h #include nfs4_acls.h +#include vfs_aixacl_util.h #undef DBGC_CLASS #define DBGC_CLASS DBGC_VFS #define AIXACL2_MODULE_NAME aixacl2 -extern SMB_ACL_T aixacl_to_smbacl( struct acl *file_acl); -extern struct acl *aixacl_smb_to_aixacl(SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl); - typedef union aixjfs2_acl_t { nfs4_acl_int_t jfs2_acl[1]; aixc_acl_t aixc_acl[1]; diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 8f5a19c..e2058e1 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -575,6 +575,11 @@ static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx) result-count = pacl-acl_nace; result-acl = talloc_realloc(result, result-acl, struct smb_acl_entry, result-count); + if (result-acl == NULL) { + TALLOC_FREE(result); + errno = ENOMEM; + return NULL; + } for (i=0; ipacl-acl_nace; i++) { struct smb_acl_entry *ace = result-acl[i]; @@ -608,8 +613,8 @@ static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx) default: DEBUG(10, (Got invalid ace_type: %d\n, g_ace-ace_type)); - errno = EINVAL; TALLOC_FREE(result); + errno = EINVAL; return NULL; } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 201f698..d736f4f 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3460,6 +3460,7 @@ static NTSTATUS inherit_new_acl(files_struct *fsp) size_t size = 0; if (!parent_dirname(frame, fsp-fsp_name-base_name, parent_name, NULL)) { + TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } @@ -3469,6 +3470,7 @@ static NTSTATUS inherit_new_acl(files_struct *fsp) frame, parent_desc); if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); return status; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cb0064d BUG 9436: Fix leaking sockets of SMB connections to a DC. from bc6bcee s3:vfs_gpfs: add no memory check in gpfs2smb_acl() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cb0064d35cdc60c7c625ad4561ad77739f8553c5 Author: Andreas Schneider a...@samba.org Date: Wed Nov 28 12:53:39 2012 +0100 BUG 9436: Fix leaking sockets of SMB connections to a DC. As this is a burst of 3 unbound sockets with each try to reach a DC we're running out of file descriptors pretty fast. So winbind is then mostly spinning in an accept loop failing with EMFILE. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Jim McDonough j...@samba.org Autobuild-User(master): Jim McDonough j...@samba.org Autobuild-Date(master): Wed Nov 28 17:17:21 CET 2012 on sn-devel-104 --- Summary of changes: source3/winbindd/winbindd_cm.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 79b5839..57027eb 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1598,6 +1598,10 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain, result = cm_prepare_connection(domain, fd, domain-dcname, new_conn-cli, retry); + if (!NT_STATUS_IS_OK(result)) { + /* Don't leak the smb connection socket */ + close(fd); + } if (!retry) break; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 941bb9b docs: Rename man ntlm_auth. via 29f90ec s3: Use dbwrap_parse_record in fetch_share_mode_unlocked from cb0064d BUG 9436: Fix leaking sockets of SMB connections to a DC. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 941bb9bb6dfd1c2dfd01696b2169e0782158ad6d Author: Karolin Seeger ksee...@samba.org Date: Wed Nov 28 12:46:31 2012 +0100 docs: Rename man ntlm_auth. Rename man ntlm_auth to ntlm_auth4. Karolin Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Wed Nov 28 20:41:48 CET 2012 on sn-devel-104 commit 29f90ecf53c8cebe955d5bb6762c6fe6de008ff0 Author: Volker Lendecke v...@samba.org Date: Tue Nov 27 15:40:06 2012 +0100 s3: Use dbwrap_parse_record in fetch_share_mode_unlocked Reviewed-by: Andreas Schneider a...@samba.org --- Summary of changes: source3/locking/share_mode_lock.c | 27 .../man/{ntlm_auth.1.xml = ntlm_auth4.1.xml} | 74 ++-- source4/utils/wscript_build|2 +- 3 files changed, 52 insertions(+), 51 deletions(-) rename source4/utils/man/{ntlm_auth.1.xml = ntlm_auth4.1.xml} (80%) Changeset truncated at 500 lines: diff --git a/source3/locking/share_mode_lock.c b/source3/locking/share_mode_lock.c index a82c44e..4f26099 100644 --- a/source3/locking/share_mode_lock.c +++ b/source3/locking/share_mode_lock.c @@ -389,6 +389,15 @@ fail: return NULL; } +static void fetch_share_mode_unlocked_parser( + TDB_DATA key, TDB_DATA data, void *private_data) +{ + struct share_mode_lock *lck = talloc_get_type_abort( + private_data, struct share_mode_lock); + + lck-data = parse_share_modes(lck, data); +} + /*** Get a share_mode_lock without locking the database or reference counting. Used by smbstatus to display existing share modes. @@ -400,25 +409,17 @@ struct share_mode_lock *fetch_share_mode_unlocked(TALLOC_CTX *mem_ctx, struct share_mode_lock *lck; struct file_id tmp; TDB_DATA key = locking_key(id, tmp); - TDB_DATA data; NTSTATUS status; - status = dbwrap_fetch(lock_db, talloc_tos(), key, data); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(3, (Could not fetch share entry\n)); - return NULL; - } - if (data.dptr == NULL) { - return NULL; - } lck = talloc(mem_ctx, struct share_mode_lock); if (lck == NULL) { - TALLOC_FREE(data.dptr); + DEBUG(0, (talloc failed\n)); return NULL; } - lck-data = parse_share_modes(lck, data); - TALLOC_FREE(data.dptr); - if (lck-data == NULL) { + status = dbwrap_parse_record( + lock_db, key, fetch_share_mode_unlocked_parser, lck); + if (!NT_STATUS_IS_OK(status) || + (lck-data == NULL)) { TALLOC_FREE(lck); return NULL; } diff --git a/source4/utils/man/ntlm_auth.1.xml b/source4/utils/man/ntlm_auth4.1.xml similarity index 80% rename from source4/utils/man/ntlm_auth.1.xml rename to source4/utils/man/ntlm_auth4.1.xml index 09a8961..da187d7 100644 --- a/source4/utils/man/ntlm_auth.1.xml +++ b/source4/utils/man/ntlm_auth4.1.xml @@ -3,19 +3,19 @@ refentry id=ntlm-auth.1 refmeta - refentrytitlentlm_auth/refentrytitle + refentrytitlentlm_auth4/refentrytitle manvolnum1/manvolnum /refmeta refnamediv - refnamentlm_auth/refname + refnamentlm_auth4/refname refpurposetool to allow external access to Winbind's NTLM authentication function/refpurpose /refnamediv refsynopsisdiv cmdsynopsis - commandntlm_auth/command + commandntlm_auth4/command arg choice=opt-d debuglevel/arg arg choice=opt-l logdir/arg arg choice=opt-s lt;smb config filegt;/arg @@ -28,10 +28,10 @@ paraThis tool is part of the citerefentryrefentrytitlesamba/refentrytitle manvolnum7/manvolnum/citerefentry suite./para - paracommandntlm_auth/command is a helper utility that authenticates + paracommandntlm_auth4/command is a helper utility that authenticates users using NT/LM authentication. It returns 0 if the users is authenticated - successfully and 1 if access was denied. ntlm_auth uses winbind to access - the user and authentication data for a domain. This utility + successfully and 1 if access was denied. ntlm_auth4 uses winbind to access + the user and authentication data for a domain. This utility
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via ecc9f5b Fix Bug 9422 - large read requests cause server to issue malformed reply from 0a52a89 s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(). (bug #9426) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ecc9f5bdb8c56853a37ff6e980fed815fc5ee0a9 Author: Volker Lendecke v...@samba.org Date: Thu Nov 22 21:46:53 2012 +0100 Fix Bug 9422 - large read requests cause server to issue malformed reply --- Summary of changes: source3/lib/util.c |2 +- source3/smbd/process.c |5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/util.c b/source3/lib/util.c index d751c5b..23bb11c 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -383,7 +383,7 @@ void smb_set_enclen(char *buf,int len,uint16 enc_ctx_num) void smb_setlen(char *buf,int len) { - _smb_setlen(buf,len); + _smb_setlen_large(buf,len); SCVAL(buf,4,0xFF); SCVAL(buf,5,'S'); diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 5aa19cb..358d051 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -151,7 +151,7 @@ bool srv_send_smb(struct smbd_server_connection *sconn, char *buffer, } } - len = smb_len(buf_out) + 4; + len = smb_len_large(buf_out) + 4; ret = write_data(sconn-sock, buf_out+nwritten, len - nwritten); if (ret = 0) { @@ -2030,7 +2030,8 @@ void chain_reply(struct smb_request *req) * example). */ req-chain_outbuf = TALLOC_REALLOC_ARRAY( - req, req-outbuf, uint8_t, smb_len(req-outbuf) + 4); + req, req-outbuf, uint8_t, + smb_len_large(req-outbuf) + 4); if (req-chain_outbuf == NULL) { smb_panic(talloc failed); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 40c6cfe Fix MD5 detection in the autoconf build from ecc9f5b Fix Bug 9422 - large read requests cause server to issue malformed reply http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 40c6cfeb6ff39e73d824f17cb2ddc26eedb2b022 Author: Matthieu Patou m...@matws.net Date: Thu Nov 22 16:14:42 2012 -0800 Fix MD5 detection in the autoconf build This is synthesis of patches made for bugs * 9037 * 9086 * 9094 * 9418 It checks if there is a library for md5 related functions (libmd or libmd5) and if so it checks for the presence of md5.h headers. Signed-off-by: Matthieu Patou m...@matws.net --- Summary of changes: source3/configure.in | 28 1 files changed, 12 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 2018a6e..a298183 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -752,35 +752,31 @@ AC_CHECK_HEADERS(netgroup.h) AC_CHECK_HEADERS(linux/falloc.h) dnl check for OS implementation of md5 conformant to rfc1321 -AC_CHECK_HEADERS(md5.h) - samba_cv_md5lib=none -if test x$ac_cv_header_md5_h = xyes; then - AC_DEFINE(HAVE_MD5_H, 1, - [Whether md5.h is available.]) - AC_CHECK_LIB(md5, MD5Update, [samba_cv_md5lib=md5]) -fi +AC_CHECK_LIB(c, MD5Update, [samba_cv_md5lib=]) -if test x$ac_cv_header_md5_h = xyes -a \ -x$samba_cv_md5lib = xnone ; then +if test x$samba_cv_md5lib = xnone ; then AC_CHECK_LIB(md, MD5Update, [samba_cv_md5lib=md]) fi -if test x$ac_cv_header_md5_h = xyes -a \ -x$samba_cv_md5lib = xnone ; then - AC_CHECK_LIB(c, MD5Update, [samba_cv_md5lib=]) +if test x$samba_cv_md5lib = xnone ; then + AC_CHECK_LIB(md5, MD5Update, [samba_cv_md5lib=md5]) fi if test x$samba_cv_md5lib != xnone ; then + AC_CHECK_HEADERS(md5.h) +fi + +CRYPTO_MD5_OBJ=../lib/crypto/md5.o +if test x$ac_cv_header_md5_h = xyes -a \ +x$samba_cv_md5lib != xnone ; then if test x$samba_cv_md5lib != x ; then LIBS=${LIBS} -l${samba_cv_md5lib} + AC_DEFINE(HAVE_LIBMD5, 1, + [Whether libmd5 conformant to rfc1321 is available.]) fi CRYPTO_MD5_OBJ= - AC_DEFINE(HAVE_LIBMD5, 1, - [Whether libmd5 conformant to rfc1321 is available.]) -else - CRYPTO_MD5_OBJ=../lib/crypto/md5.o fi AC_SUBST(CRYPTO_MD5_OBJ) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 1106ca5 BUG 9436: Fix leaking sockets of SMB connections to a DC. from 40c6cfe Fix MD5 detection in the autoconf build http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 1106ca59eea9fe5d95a1098c84f77c9e6108659f Author: Andreas Schneider a...@samba.org Date: Wed Nov 28 12:53:39 2012 +0100 BUG 9436: Fix leaking sockets of SMB connections to a DC. As this is a burst of 3 unbound sockets with each try to reach a DC we're running out of file descriptors pretty fast. So winbind is then mostly spinning in an accept loop failing with EMFILE. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Jim McDonough j...@samba.org Autobuild-User(master): Jim McDonough j...@samba.org Autobuild-Date(master): Wed Nov 28 17:17:21 CET 2012 on sn-devel-104 --- Summary of changes: source3/winbindd/winbindd_cm.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index d129e1f..9a02789 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1602,6 +1602,10 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain, result = cm_prepare_connection(domain, fd, domain-dcname, new_conn-cli, retry); + if (!NT_STATUS_IS_OK(result)) { + /* Don't leak the smb connection socket */ + close(fd); + } if (!retry) break; -- Samba Shared Repository