[Samba] recommended procedure for mandatory roaming profiles for win7 with samba 3
Hello, I have a PDC and a File (member) server for homes and profiles (Samba 3.4.17). For XP clients I have mandatory profiles with all user shell folders redirected to their respective home share. Now I'm adding win 7 clients to the mix and I want the same thing. It's (almost) working but I think my procedure is a bit dirty (i.e. I use windows enabler to build my ntuser.man roaming profile). Could someone help me or point me to some documentation? Regards, Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind - samba4
Hi, I am using centos 6.3 and did the migration from samba3 to Samba4. More the getent passwd does not return users. I made the link: ln-s /usr/local/samba/lib/libnss_winbind.so.2 / lib/libnss_winbind.so ln-s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 And change in /etc/nsswitch: passwd: files winbind shadow: files group: files winbind When I run the command: /usr/local/samba/bin/wbinfo-u Returns correctly. Can anyone help me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] recommended procedure for mandatory roaming profiles for win7 with samba 3
Thierry Lacoste wrote: Now I'm adding win 7 clients to the mix and I want the same thing. It's (almost) working but I think my procedure is a bit dirty (i.e. I use windows enabler to build my ntuser.man roaming profile). It's pretty much procedure on either --- with an important difference. Your XP clients won't be able to share profiles with your Win7 clients -- Windows adds a .V2 to the end of the user name and creates a separate profile dir for Win7 (I think it goes into effect in Vista). You can even force local profiles to be stored on the server (i.e. you don't need a domain). In my profile dir I see 'user' as well as 'user.V2'. Some caveats that you likely already know. There are 2 bad offenders that dump large quantities of data into a users roaming profile: Adobe and Mozilla Thunderbird. Between the two I've had to clean out as much as 10G from a 13G profile, which really hurts login/out. If you want to set local-user profile storage, look at the group policy editor snapin under administrative templates - System - User Profiles, There are about 10-15 settings... some useful ones -- 'set roaming profile path for all users logging onto this computer' and 'do not check for user ownership of roaming profile folders' (helped me avoid perm probs between server and local sys)... Hope this helps... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - samba4
On 03/12/12 12:07, Clodonil Trigo wrote: Hi, I am using centos 6.3 and did the migration from samba3 to Samba4. More the getent passwd does not return users. I made the link: ln-s /usr/local/samba/lib/libnss_winbind.so.2 / lib/libnss_winbind.so ln-s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 And change in /etc/nsswitch: passwd: files winbind shadow: files group: files winbind When I run the command: /usr/local/samba/bin/wbinfo-u Returns correctly. Can anyone help me. Hi, have you tried restarting Samba4? Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
I give all of your indexes in my conf but nothing changed: ls -l *bdb -rw--- 1 openldap openldap 61440 Dec 3 14:22 cn.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 dc.bdb -rw--- 1 openldap openldap 28672 Dec 3 14:22 displayName.bdb -rw--- 1 openldap openldap 40960 Dec 3 12:29 dn2id.bdb -rw--- 1 openldap openldap 8192 Nov 22 10:42 entryCSN.bdb -rw--- 1 openldap openldap 8192 Nov 22 10:42 entryUUID.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 gidNumber.bdb -rw--- 1 openldap openldap 36864 Dec 3 14:22 givenName.bdb -rw--- 1 openldap openldap 294912 Dec 3 13:10 id2entry.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 loginShell.bdb -rw--- 1 openldap openldap 45056 Dec 3 14:22 mail.bdb -rw--- 1 openldap openldap 69632 Dec 3 14:22 memberUid.bdb -rw--- 1 openldap openldap 36864 Dec 3 14:22 objectClass.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 ou.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaDomainName.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaGroupType.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaPrimaryGroupSID.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaSID.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaSIDList.bdb -rw--- 1 openldap openldap 40960 Dec 3 14:22 sn.bdb -rw--- 1 openldap openldap 45056 Dec 3 14:22 uid.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 uidNumber.bdb -rw--- 1 openldap openldap 8192 Nov 20 17:03 uniqueMember.bdb Any other suggestion? On Fri, Nov 30, 2012 at 6:16 PM, Harry Jede walk2...@arcor.de wrote: Am Donnerstag, 29. November 2012 schrieben Sie: I still dont understand why ldap search filter generated by samba ( i have this from samba log ) cannot find anything in database: smbldap_search_paged: base = [dc=gymsnv,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5- 21-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] [2012/11/29 18:15:14.227560, 3] lib/smbldap.c:1591(smbldap_search_paged) smbldap_search_paged: search was successful [2012/11/29 18:15:14.227647, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 If I remove sambaSID and try to find it in ldap, I will get all my groups. Filter = ((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=*)) Is this normal behavior or my ldap configuration can be incorrect? That's not normal. What indexes have you set? # ldapsearch -LLLY external -H ldapi:/// -b cn=config (objectclass=*) olcDBIndex This are my indexes: dn: olcDatabase={1}hdb,cn=config olcDbIndex: objectClass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: displayName eq,sub olcDbIndex: givenName eq,sub olcDbIndex: mail eq,sub olcDbIndex: dhcpHWAddress eq olcDbIndex: dhcpClassData eq olcDbIndex: cn eq,pres,sub olcDbIndex: sn eq,pres,sub olcDbIndex: ou eq olcDbIndex: dc eq olcDbIndex: default sub And this shows the files: # cd /var/lib/ldap/ # ls -l *bdb -rw--- 1 openldap openldap 32768 18. Nov 15:49 cn.bdb -rw--- 1 openldap openldap 8192 1. Jan 2012 dc.bdb -rw--- 1 openldap openldap 8192 18. Nov 15:49 dhcpHWAddress.bdb -rw--- 1 openldap openldap 24576 23. Aug 10:08 displayName.bdb -rw--- 1 openldap openldap 24576 18. Nov 15:49 dn2id.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 gidNumber.bdb -rw--- 1 openldap openldap 8192 1. Jun 21:57 givenName.bdb -rw--- 1 openldap openldap 98304 27. Nov 22:54 id2entry.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 loginShell.bdb -rw--- 1 openldap openldap 8192 1. Jun 21:57 mail.bdb -rw--- 1 openldap openldap 8192 1. Jun 2012 memberUid.bdb -rw--- 1 openldap openldap 16384 27. Nov 22:54 objectClass.bdb -rw--- 1 openldap openldap 8192 1. Jun 19:57 ou.bdb -rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaDomainName.bdb -rw--- 1 openldap openldap 8192 10. Mai 2012 sambaGroupType.bdb -rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaPrimaryGroupSID.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 sambaSID.bdb -rw--- 1 openldap openldap 8192 27. Nov 22:54 sambaSIDList.bdb -rw--- 1 openldap openldap 8192 1. Jun 21:57 sn.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 uid.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 uidNumber.bdb -rw--- 1 openldap openldap 8192 1. Jan 2012 uniqueMember.bdb root@capella:/var/lib/ldap# -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions:
[Samba] Samba3 PDC and Windows 8 RTM
Hi there, I have just purchased a new PC that came with Windows 8 Pro (Shudder...). I have been trying to add this machine to my Samba3 based domain. I'm getting the following error when doing so: The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain blah: The error was: DNS name does not exist. (error code 0x232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.blah I have applied the Windows 7 registry patches: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 Which others seem to suggest work - at least with Beta versions of Win8 - but the error message suggests these are not doing anything? I have also specified the DNS suffix of the network manually. I have also applied all available Windows updates. Its Windows 8 Pro (on a Dell machine, if that matters) and Samba 3.6.6-3 running under Debian Wheezy. Nothing at all in the Samba logs - but I guess thats as its not even trying NT4 domain style. Any help appreciated. Thanks Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3 PDC and Windows 8 RTM
It will not work at this time. You need to test samba4. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Didster Gesendet: Montag, 3. Dezember 2012 14:57 An: samba@lists.samba.org Betreff: [Samba] Samba3 PDC and Windows 8 RTM Hi there, I have just purchased a new PC that came with Windows 8 Pro (Shudder...). I have been trying to add this machine to my Samba3 based domain. I'm getting the following error when doing so: The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain blah: The error was: DNS name does not exist. (error code 0x232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.blah I have applied the Windows 7 registry patches: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 Which others seem to suggest work - at least with Beta versions of Win8 - but the error message suggests these are not doing anything? I have also specified the DNS suffix of the network manually. I have also applied all available Windows updates. Its Windows 8 Pro (on a Dell machine, if that matters) and Samba 3.6.6-3 running under Debian Wheezy. Nothing at all in the Samba logs - but I guess thats as its not even trying NT4 domain style. Any help appreciated. Thanks Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3 PDC and Windows 8 RTM
Hi, You say at this time does that mean ever? I've looked at Samba4 and it doesnt yet seem stable enough to for a role out. How come there are lots of people saying they have had Win8 working with Samba3? Or has this functionality been taken out by MS? Cheers On Mon, Dec 3, 2012 at 2:16 PM, Daniel Müller muel...@tropenklinik.dewrote: at this time -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3 PDC and Windows 8 RTM
I know no one running windows 8 in a way fitting in production, as with samba4. Myself has tested samba4 in a small ADS without any problems. For normal use it should be acceptable. EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: Didster [mailto:dids...@gmail.com] Gesendet: Montag, 3. Dezember 2012 15:21 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba3 PDC and Windows 8 RTM Hi, You say at this time does that mean ever? I've looked at Samba4 and it doesnt yet seem stable enough to for a role out. How come there are lots of people saying they have had Win8 working with Samba3? Or has this functionality been taken out by MS? Cheers On Mon, Dec 3, 2012 at 2:16 PM, Daniel Müller muel...@tropenklinik.de wrote: at this time -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Custom, per share (or user) dfree command?
Hi Bjoern, On 11/28/2012 04:25 PM, Bjoern Baumbach wrote: Hi Mikael, On 11/28/2012 03:44 PM, Бак Микаел wrote: I am Mikael and I am new to this list. Welcome to the Samba mailing list :-) I am able to limit the user's disk usage with file system quota, but unfortunately the disk space and usage reported to the Windows machines are the total amount of storage space and the total amount of space left on the entire backup server. This is not that nice. I would like to somehow tweak the way Samba reports disk usage and total amount of disk space to its Windows clients. I could imagine a custom script that I write to get the user's quota information and pass that along to the clients. I have noticed that there is a dfree command in the global section. But that seems not to be able to work share specific. I must be able to somehow resolve a username-share mapping and get quota from that specific user. You can set the dfree command per share, but for use with the home shares it would need some more configuration. I thought about using homes instead of plain shares, but I'm not sure if that would help me in any way. Yes, this is the problem, you should use homes. Yep. You are right. As soon as I switched to homes and set group quotas instead of user quotas everything worked as expected. No need to hack dfree command or get quota command. I'm happy! I think the get quota command option is what you are looking for. It's a global option that specifies a custom script which receives amongst others information about the directory (e.g. /home) and a specific user/group. In this script you can use system tools to determine the needed values (e.g. free/used space). Please refer to the smb.conf man page for more information about the get quota command. Probably you'll find such a script for you system by searching for get quota command and your quota system. I found some examples in perl but as I said I did not need to implement any special scripting after switching to homes and group quota on the file system. Best regards Björn Thank you very much for kicking me in the right direction! Have a nice day, Mikael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3 PDC and Windows 8 RTM
Hi, Yes this is what I have seen online - although I dont have min/max protocol set (as this breaks other clients). It is Win8 64 bit On Mon, Dec 3, 2012 at 2:42 PM, TAKAHASHI Motonobu mo...@monyo.com wrote: From: Didster dids...@gmail.com Date: Mon, 3 Dec 2012 13:57:03 + Hi there, I have just purchased a new PC that came with Windows 8 Pro (Shudder...). I have been trying to add this machine to my Samba3 based domain. In my environment, Windows 8 Pro 32bit with registry patched can join Samba 3.6.6 domain. Here is my smb.conf: - [global] workgroup = SAMBA366 domain logons = yes passdb backend = tdbsam add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u max protocol = smb2 min protocol = smb2 log level = 3 [homes] writeable = yes browseable = no - I'm getting the following error when doing so: The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain blah: This seems that DNSNameResolutionRequired value is not applied... --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS ACL with SMB2
On Fri, Nov 23, 2012 at 01:44:53PM +0100, Adrian Berlin wrote: Hi! Seems I cannot send attach to lists.samba.org Debug file with level 10 below: Please log a bug @ bugzilla.samba.org and attach the log there. Lists aren't the place for debug files. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File update detection
There are too many possible causes to tell with only these details. I would try inotify on the samba box to determine what is the process causing the change. If its the samba process that is doing the change I would look at the Windows box process list. Procmon might help you http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Regards, On Thu, Nov 22, 2012 at 6:08 PM, Dennis Verspuij - SpuyMore den...@spuymore.nl wrote: Hello, I run Samba 4.0.0-168.fc18.rc5.x86_64 on my Linux box. I use an editor on my Windows box to edit files on one of the Samba shares and that editor has a file update detection mechanism, polling every x seconds for changes to file modification timestamp. And around every 12 to 14 seconds it pops up the files have been changed while they aren't. Any idea what may cause this? Kind regards, Dennis Verspuij -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3 PDC and Windows 8 RTM
From: Didster dids...@gmail.com Date: Mon, 3 Dec 2012 13:57:03 + Hi there, I have just purchased a new PC that came with Windows 8 Pro (Shudder...). I have been trying to add this machine to my Samba3 based domain. In my environment, Windows 8 Pro 32bit with registry patched can join Samba 3.6.6 domain. Here is my smb.conf: - [global] workgroup = SAMBA366 domain logons = yes passdb backend = tdbsam add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u max protocol = smb2 min protocol = smb2 log level = 3 [homes] writeable = yes browseable = no - I'm getting the following error when doing so: The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain blah: This seems that DNSNameResolutionRequired value is not applied... --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3 PDC and Windows 8 RTM
2012/12/4 Didster dids...@gmail.com: If you could try Win8 64bit and let me know I would really appreciate it. Many thanks Simon I tried newly installed Win8 64bit, modified two registry values and successed to join and logon to the Samba 3.6.6 domain. My smb.conf is: - [global] workgroup = SAMBA366 domain logons = yes passdb backend = tdbsam add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u [homes] writeable = yes browseable = no - --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind - samba4
On 03/12/12 12:07, Clodonil Trigo wrote: * Hi, I am using centos 6.3 and did the migration from samba3 to Samba4. More the** getent passwd does not return users. I made the link:** ln-s /usr/local/samba/lib/libnss_winbind.so.2 / lib/libnss_winbind.so** ln-s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 And change in /etc/nsswitch: passwd: files winbind** shadow: files** group: files winbind When I run the command: /usr/local/samba/bin/wbinfo-u Returns correctly. Can anyone help me.*Hi, have you tried restarting Samba4? Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.** I did restart, but it did not work. The Samba4 is working normal. Only getent not. Clodonil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4 preexisting openldap servers
Hi all, We currently have a pair of openldap servers that we use pretty heavily for some of our web product authentication and for radius. We recently added the samba3 schema and got sambaNTPassword hashes created for our users so that we could implement PEAP/MSCHAP to simplify our radius authentication. We don't currently have AD or a samba PDC. We have a physical samba file server currently which gets its group info from ldap, but passwords are all stored in tdb. I was getting ready to build a new samba file server VM that could tie into our openldap server for authentication but I've hit a few snags along the way. I just noticed that Samba4 should be hitting release in just a few days (according to the wiki). I'm now tempted to hold off and just implement a full blown samba4 domain. Because samba4 is so new though, I'm having some trouble understanding some of the documentation. I'm not clear on how to implement this based on our current infrastructure. Can I use my existing openldap servers with samba4, or will I have to migrate my current ldap data into samba4's own ldap server? We are currently using a split view bind server for internal external DNS. Can we continue to use this or will we have to move our internal dns over to Samba4's builtin dns server? Will I need to ditch our current DHCP server as well? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - samba4
On 03/12/12 17:01, Clodonil Trigo wrote: On 03/12/12 12:07, Clodonil Trigo wrote: * Hi, I am using centos 6.3 and did the migration from samba3 to Samba4. More the** getent passwd does not return users. I made the link:** ln-s /usr/local/samba/lib/libnss_winbind.so.2 / lib/libnss_winbind.so** ln-s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 And change in /etc/nsswitch: passwd: files winbind** shadow: files** group: files winbind When I run the command: /usr/local/samba/bin/wbinfo-u Returns correctly. Can anyone help me.*Hi, have you tried restarting Samba4? Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.** I did restart, but it did not work. The Samba4 is working normal. Only getent not. Clodonil Hi, I take it that you have followed the upgrade howto at: https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO If you haven't, go there and see if you have missed a step. Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - samba4
On 12/3/12, Clodonil Trigo clodo...@nisled.org wrote: I am using centos 6.3 and did the migration from samba3 to Samba4. More the getent passwd does not return users. I made the link: ln-s /usr/local/samba/lib/libnss_winbind.so.2 / lib/libnss_winbind.so ln-s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 I had similar problem but with Debian package, so I'm not sure that I'll help you (debian samba4 package is rather interesting thing) but in my case the problem was that libnss_winbind expects socket to be in /tmp/.winbind/ (or .winbindd? Check with strings.) while winbind component stores it in /var/run/samba4/winbind/ (I don't know the correct path for your case). Try to make bind mount of socket directory or set correct path in smb.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] MIgrating users to new domain
We are currently setting up a new domain with samba 3.5.10 and openldap 2.4.23 (based off of Centos 6.3). The current domain is running older versions, 3.4.7 and 2.4.15 respectively. We are changing domain names also. There is alot of layout changes and the way it works. One change we are implementing is combining all the BDC's/home servers into one and moving them to the PDC. On the old domain every division of the agency has their own home server (BDC) that just connects back to the PDC for authentication and housed the sections shares and the users roaming profiles. On the new setup we are moving all the shares onto the PDC, also we are doing away with roaming profiles. The entire LDAP tree is being remade from scratch, meaning new UID's and GID's. Is there a way we could migrate a section of users at a time instead of having to do all 200 users at once? One problem we have thought of is making the shares consistent between old and new and the uid/gid issue. So say user1 is in group 501 on the old system but on the new system the group is 247. There would be file permission nightmares I would think. The second question is dealing with the conversion from roaming to local profiles. We still will be using netlogon scripts to mount the specific shares and such but just doing away with the roaming profiles. I have been testing this on windows 7 pc's (which account for about half of our users) and keep running into loading temp profiles. I did find some registry tweaks here on the list that seem to work but I was wondering if they are necessary or if I just didn't have something configured right. -- Donny B. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 RC5 BIND9 and DHCP
I'm attempting to get a recent build of S4 rc5 + Bind9 + ISC DHCP server running. I've got everything pretty much set up, have attempted to implement a modified version of the script from here: http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ but I keep getting a TKEY is unacceptable error. I've even attempted to step through the process contained in the script manually, but I still get the same error. Which keytab file should I be using in the first place, I haven't found docs explaining that. I know that the Windows clients update on their own, but we have some Mac/Linux clients as well that I would like to be able to have their entries updated dynamically. Any help would be appreciated, even an RTFM as long as I can get pointed to the relevant FM... For a little bit of filler info, this is for a new domain that will be a sub off our TLD (finally moving this to best practices) and we will be migrating clients over to the new domain. I have the domain provisioned, Bind9 is working, as well as DHCP. Windows clients update their entries just fine, however clients that need to use the external script can't update due to the TKEY error I'm getting. This is the last piece of the puzzle for me, so any help would be appreciated. -- Preston Kutzner -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Changing default primary Group sid from 513 to 515
bHi all, I have a Samba PDC with LDAP backend (using editPosix method) . Below are my versions RHEL6.3 samba-3.5.10-125.el6.x86_64 samba-common-3.5.10-125.el6.x86_64 samba-winbind-clients-3.5.10-125.el6.x86_64 samba-winbind-3.5.10-125.el6.x86_64 samba-client-3.5.10-125.el6.x86_64 When i Join a new Windows System to PDC, the system gets it's Primary gid as 513 (Domain Users) instead of (Domain Computers). When using smbldap-tools, this works fine but we would like to avoid smbldap-tools. Ouput of winxp system joined to Samba PDC. --- Unix username:WINXP2$ NT username: WINXP2$ Account Flags:[W ] User SID: S-1-5-21-3867639012-1738891662-3591060562-1010 Primary Group SID:S-1-5-21-3867639012-1738891662-3591060562-513 Full Name:WINXP2$ Home Directory: HomeDir Drive:X: Logon Script: %u.bat Profile Path: Domain: EXAMPLE.COM Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Sun, 02 Dec 2012 13:03:49 IST Returning valid cache entry: key = ACCT_POL/minimum password age, value = 0 , timeout = Tue Dec 4 01:00:45 2012 Password can change: Sun, 02 Dec 2012 13:03:49 IST Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Dec 4 01:00:45 2012 Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF Entry on LDAP # WINXP2$, Computers, example.com dn: uid=WINXP2$,ou=Computers,dc=example,dc=com uid: WINXP2$ sambaSID: S-1-5-21-3867639012-1738891662-3591060562-1010 sambaAcctFlags: [W ] objectClass: sambaSamAccount objectClass: account objectClass: posixAccount cn: WINXP2$ uidNumber: 10005 gidNumber: 513 homeDirectory: /home/EXAMPLE.COM/SMB_workstations_home loginShell: /bin/false sambaNTPassword: CE2914F0062745681734B36B65FCC704 sambaPwdLastSet: 1354433629 My smb.conf [global] workgroup = EXAMPLE.COM netbios name = EXAMPLEPDC server string = Samba Server Version %v interfaces = eth1, lo bind interfaces only = Yes passdb backend = ldapsam:ldap://localhost password level = 8 username level = 8 log level = 10 syslog = 0 log file = /var/log/samba/log.%m max log size = 0 name resolve order = wins lmhosts host bcast time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups disable spoolss = Yes logon script = %u.bat logon path = logon drive = X: logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Manager,dc=example,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=msdpl,dc=com ldap ssl = no ldap user suffix = ou=People idmap backend = ldap idmap alloc backend = ldap idmap uid = 1-2 idmap gid = 1-2 ldapsam:trusted = yes ldapsam:editposix = yes idmap alloc config:ldap_base_dn = ou=Idmap,dc=example,dc=com idmap alloc config:ldap_user_dn = cn=Manager,dc=example,dc=com idmap alloc config:ldap_url = ldap://localhost idmap alloc config:range = 1-2 max print jobs = 100 cups options = raw hide unreadable = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes share modes = No [Profiles] path = /var/lib/samba/profiles guest ok = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - Bind Config with DHCP
On 12/2/2012 10:11 PM, Gémes Géza wrote: 2012-12-03 02:24 keltezéssel, Jorell írta: On 12/2/2012 7:32 AM, Hleb Valoshka wrote: On 11/23/12, Joubert, Dawie dawie.joub...@rhdhv.com wrote: My question is thus: How can I make Samba4 update the DNS entries and allow DHCP to update the entries? Somebody should add this link to howto :) http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ Secondly, is this even necessry with the AD type domain? dunno I don't see how updating a M$ DNS server applies here. M$ DNS server (if AD integrated) uses the same RPC management protocol which is implemented by the dnsserver dcerpc endpoint server running by default inside the samba binary. I haven't used a recent build of Samba 4.0 but samba use to create a bind.conf file on creating the domain. If you merge the two you should be able to get everything working. Regards Geza Gemes That is very useful to know, but he said BIND. Would that sill apply? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Classicupgrade Failed
Hi, I am stuck on upgrading the current Samba3 to Samba4, currently used Samba 3.3.10 and upgraded to Samba 3.4.17 still the same problems below. I also try to upgrade the Python 2.4.3 to Python 2.7 still same problems, with the OpenLDAP 2.3.43. [root@ewanko]# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/var/lib/samba/ --use-xattrs=yes --realm=ewanko.local /etc/samba/smb.conf ERROR(exceptions.TypeError): uncaught exception - __init__() got an unexpected keyword argument 'epilog' File /usr/local/samba/bin/samba-tool, line 44, in ? retval = cmd._run(samba-tool, subcommand, *args) File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 201, in _run return self.subcommands[subcommand]._run( File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 201, in _run return self.subcommands[subcommand]._run( File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 142, in _run parser, optiongroups = self._create_parser(argv[0]) File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 130, in _create_parser prog=prog,epilog=epilog) Are there any links for those successfully upgrade their samba 3 to samba 4? Regards, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file server using ldap backend without AD or PDC?
On Fri, 2012-11-30 at 08:28 -0500, Brian Gold wrote: Hi all, I've been using samba for a few years now on a couple of file servers with a tdbsam backend for our user accounts. We use openldap for the vast majority of our identity management, so I would love to be able to tie into this. We recently started using sambaNTPassword in openldap for radius authentication, so this is populated for most of our users now. From reading through some of the documentation though, I'm a bit confused as to how this would be implemented. We don't currently have Active Directory and don't have any samba PDC/BDCs set up. Would it be necessary for us to have a PDC/BDC in order to use openldap as our backend? Yes, if you have multiple servers that you wish to use this for. Essentially you make your file servers DCs, even if you don't ever join clients to the domain. That way, they have the same SID, which is stored in LDAP (normally the domain SID is per-machine). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Classicupgrade Failed
Uprading on a New Server (Running on Centos 6.3, OpenLDAP 2.4.23 migrated the data from existing server). I dunno know where to fix it, or someone gave some idea how it works? [root@gaara samba]# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/home/ambot/Downloads/var/lib/samba --use-xattrs=yes --realm=ewanko.local /etc/samba/smb.conf Reading smb.conf WARNING: Ignoring invalid value 'cups' for parameter 'printing' Provisioning ERROR(type 'exceptions.AttributeError'): uncaught exception - 'NoneType' object has no attribute 'strip' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py, line 600, in upgrade_from_samba3 ldappass = (secrets_db.get_ldap_bind_pw(ldapuser)).strip('\x00') On Tue, Dec 4, 2012 at 3:21 PM, Mario Codeniera mario.codeni...@gmail.comwrote: Hi, I am stuck on upgrading the current Samba3 to Samba4, currently used Samba 3.3.10 and upgraded to Samba 3.4.17 still the same problems below. I also try to upgrade the Python 2.4.3 to Python 2.7 still same problems, with the OpenLDAP 2.3.43. [root@ewanko]# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/var/lib/samba/ --use-xattrs=yes --realm=ewanko.local /etc/samba/smb.conf ERROR(exceptions.TypeError): uncaught exception - __init__() got an unexpected keyword argument 'epilog' File /usr/local/samba/bin/samba-tool, line 44, in ? retval = cmd._run(samba-tool, subcommand, *args) File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 201, in _run return self.subcommands[subcommand]._run( File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 201, in _run return self.subcommands[subcommand]._run( File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 142, in _run parser, optiongroups = self._create_parser(argv[0]) File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 130, in _create_parser prog=prog,epilog=epilog) Are there any links for those successfully upgrade their samba 3 to samba 4? Regards, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 preexisting openldap servers
On Mon, 2012-12-03 at 13:13 -0500, Brian Gold wrote: Hi all, Can I use my existing openldap servers with samba4, or will I have to migrate my current ldap data into samba4's own ldap server? We are currently using a split view bind server for internal external DNS. Can we continue to use this or will we have to move our internal dns over to Samba4's builtin dns server? Will I need to ditch our current DHCP server as well? Samba 4.0 cannot use an external LDAP server. We know this is incredibly frustrating to users who deployed Samba 3.x 'classic' domains using OpenLDAP, because that was an incredibly flexible, productive partnership that integrated very well with so many other tools. However, try as we might, we couldn't make it work - the modal is just too different. On DNS, you can continue to use BIND, but the zone that your internal clients see must be the one handled by our BIND9 plugin, or forwarded to our internal dns server. How to configure BIND for that is up to you however. Samba 4.0 does not include a DHCP server, however be aware that the traditional DHCP+dynamic DNS configuration does not work, you will need to follow up on this list with those who have found the existing solutions to for DHCP and AD. (I'm rather keen to see this gap closed, but I don't expect to do that very soon). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] So no conversion from group_mapping.ldb to group_mapping.tdb?
On Thu, 2012-11-29 at 11:15 -0500, Robert M. Martel - CSU wrote: Greetings, I recently upgraded an AD member server from Samba 3.5.15 to Samba 3.6.9 and found that I had lost all the existing local group mappings. I see that the group mapping file has gone from group_mapping.ldb to group_mapping.tdb. I asked on this list as well as searching the web, Samba documentation (which still seems focused on version 3.5), and Samba Wiki and found nothing on a method to convert/migrate information stores in the group_mapping.ldb file to the new group_mapping.tdb - is that correct? Because of the way Active Directory is managed at out site I store dozens of local groups and their memberships in that file. I found NOTHING in the Samba 3.6.x release notes warning me of the change to the group_mapping file. Just wanted to confirm that there is no conversion utility that I missed and that I am on my own to migrate that information. It should auto-convert on upgrade. A minimal ldb parser is included to do that. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - Bind Config with DHCP
First: please keep discussion on list. 2012-12-03 02:24 keltezéssel, Jorell írta: On 12/2/2012 7:32 AM, Hleb Valoshka wrote: On 11/23/12, Joubert, Dawie dawie.joub...@rhdhv.com wrote: My question is thus: How can I make Samba4 update the DNS entries and allow DHCP to update the entries? Somebody should add this link to howto :) http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ Secondly, is this even necessry with the AD type domain? dunno I don't see how updating a M$ DNS server applies here. M$ DNS server (if AD integrated) uses the same RPC management protocol which is implemented by the dnsserver dcerpc endpoint server running by default inside the samba binary. I haven't used a recent build of Samba 4.0 but samba use to create a bind.conf file on creating the domain. If you merge the two you should be able to get everything working. Regards Geza Gemes That is very useful to know, but he said BIND. Would that sill apply? Yes it applies regardless of the DNS server (the program listening on port 53) because it manipulates the data underneath. So it should apply to both samba internal DNS server and bind (with dlz plugin) as well. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Classicupgrade Failed
2012-12-04 05:46 keltezéssel, Mario Codeniera írta: Uprading on a New Server (Running on Centos 6.3, OpenLDAP 2.4.23 migrated the data from existing server). I dunno know where to fix it, or someone gave some idea how it works? [root@gaara samba]# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/home/ambot/Downloads/var/lib/samba --use-xattrs=yes --realm=ewanko.local /etc/samba/smb.conf Reading smb.conf WARNING: Ignoring invalid value 'cups' for parameter 'printing' Provisioning ERROR(type 'exceptions.AttributeError'): uncaught exception - 'NoneType' object has no attribute 'strip' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py, line 600, in upgrade_from_samba3 ldappass = (secrets_db.get_ldap_bind_pw(ldapuser)).strip('\x00') On Tue, Dec 4, 2012 at 3:21 PM, Mario Codeniera mario.codeni...@gmail.comwrote: Hi, I am stuck on upgrading the current Samba3 to Samba4, currently used Samba 3.3.10 and upgraded to Samba 3.4.17 still the same problems below. I also try to upgrade the Python 2.4.3 to Python 2.7 still same problems, with the OpenLDAP 2.3.43. [root@ewanko]# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/var/lib/samba/ --use-xattrs=yes --realm=ewanko.local /etc/samba/smb.conf ERROR(exceptions.TypeError): uncaught exception - __init__() got an unexpected keyword argument 'epilog' File /usr/local/samba/bin/samba-tool, line 44, in ? retval = cmd._run(samba-tool, subcommand, *args) File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 201, in _run return self.subcommands[subcommand]._run( File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 201, in _run return self.subcommands[subcommand]._run( File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 142, in _run parser, optiongroups = self._create_parser(argv[0]) File /usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py, line 130, in _create_parser prog=prog,epilog=epilog) Are there any links for those successfully upgrade their samba 3 to samba 4? Regards, Mario It seems that it couldn't find secrets.tdb to read the password to bind to ldap with it. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 4ab547a s3-winbind: use new reconnect logic in rpc_lookup_sids() also. via c64473a s3-winbindd: rework reconnect logic in winbindd_lookup_names(). via 7cdebbe s3-winbindd: rework reconnect logic in winbindd_lookup_sids(). via 1c13408 s3-winbindd: remove lookup_sids_fn_t. via ea68747 s3-winbindd: remove lookup_names_fn_t. via 4a86c29 s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public. via bb5e0a9 s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public. via 5ccb4e5 s3-winbindd: add cm_connect_lsat(). via 83ac277 s3-rpc_cli: Remove some unused wrapping code. via bbaa714 s3: Make winbindd_lookup_names static from d7fdb05 spoolss: fix segfault when default devmode is disabled http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 4ab547a8ddcb45e479079361a601e08476954110 Author: Günther Deschner g...@samba.org Date: Thu Nov 29 14:31:19 2012 +0100 s3-winbind: use new reconnect logic in rpc_lookup_sids() also. Volker, please check. Guenther Signed-off-by: Günther Deschner g...@samba.org The last 10 patches address bug #9439 - ncacn_ip_tcp reconnection code for lsa lookups still broken. commit c64473ab88ca36462e7976bf0006bc092386894c Author: Günther Deschner g...@samba.org Date: Thu Nov 29 12:03:53 2012 +0100 s3-winbindd: rework reconnect logic in winbindd_lookup_names(). Guenther Signed-off-by: Günther Deschner g...@samba.org commit 7cdebbe5122c7174bc7e74297bf1e891cb14fe78 Author: Günther Deschner g...@samba.org Date: Thu Nov 29 12:03:16 2012 +0100 s3-winbindd: rework reconnect logic in winbindd_lookup_sids(). Guenther Signed-off-by: Günther Deschner g...@samba.org commit 1c1340846926f97bda823f4fac1fea86b4b6f0d1 Author: Günther Deschner g...@samba.org Date: Wed Nov 28 20:41:21 2012 +0100 s3-winbindd: remove lookup_sids_fn_t. Guenther Signed-off-by: Günther Deschner g...@samba.org commit ea687479739d6d6e371e641cf0aa432e355a2fce Author: Günther Deschner g...@samba.org Date: Wed Nov 28 17:03:40 2012 +0100 s3-winbindd: remove lookup_names_fn_t. Guenther Signed-off-by: Günther Deschner g...@samba.org commit 4a86c29fa5140a5a3ad68967abef5eeffaf448c1 Author: Günther Deschner g...@samba.org Date: Wed Nov 28 17:00:49 2012 +0100 s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public. Guenther Signed-off-by: Günther Deschner g...@samba.org commit bb5e0a95f62354129ef3569a23298091d58a02e3 Author: Günther Deschner g...@samba.org Date: Wed Nov 28 16:57:57 2012 +0100 s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public. Guenther Signed-off-by: Günther Deschner g...@samba.org commit 5ccb4e5a90aa1b681380899d56971dfc7ceb1b34 Author: Günther Deschner g...@samba.org Date: Wed Nov 28 16:57:24 2012 +0100 s3-winbindd: add cm_connect_lsat(). Guenther Signed-off-by: Günther Deschner g...@samba.org commit 83ac2771622d90e50ef27778a8227872571b9af3 Author: Günther Deschner g...@samba.org Date: Wed Nov 28 14:53:27 2012 +0100 s3-rpc_cli: Remove some unused wrapping code. Guenther Signed-off-by: Günther Deschner g...@samba.org commit bbaa7142d168949019d989c2d853717faad30cb0 Author: Volker Lendecke v...@samba.org Date: Tue Sep 6 18:33:35 2011 +0200 s3: Make winbindd_lookup_names static Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Tue Sep 6 20:03:56 CEST 2011 on sn-devel-104 (cherry picked from commit fd65e5eb8cdd38917a574734c9079cd75e4e1be0) --- Summary of changes: source3/rpc_client/cli_lsarpc.c | 101 ++-- source3/rpc_client/cli_lsarpc.h | 39 ++- source3/winbindd/winbindd_cm.c| 31 + source3/winbindd/winbindd_msrpc.c | 131 + source3/winbindd/winbindd_proto.h | 11 +-- source3/winbindd/winbindd_rpc.c | 23 ++- 6 files changed, 145 insertions(+), 191 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 99e0262..330774d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -330,16 +330,16 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h, * at 20480 for win2k3, but we keep it at a save 1000 for now. */ #define LOOKUP_SIDS_HUNK_SIZE 1000 -static NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, -
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-12-03-1042/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-12-03-1042/samba3.stderr http://git.samba.org/autobuild.flakey/2012-12-03-1042/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-12-03-1042/samba.stderr http://git.samba.org/autobuild.flakey/2012-12-03-1042/samba.stdout The top commit at the time of the failure was: commit 057c56ac2443abffbe169b06a72a93f41096fb67 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 16 12:51:44 2012 +0100 s4:dsdb/tests: add SdAutoInheritTests Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Fri Nov 30 18:59:50 CET 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 99efe84 s3:selftest: extend sids2xids test script to cope with ID_TYPE_BOTH mappings via 93c0c07 s3:passdb: don't look into group mappings in legacy_sid_to_unixid() via 5fbdc5f s3:passdb:pdb_ldap: treat Unix User and Unix Group in sid_to_id() via a0f4129 s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb() via 671f534 s3:passdb: add sid_check_object_is_for_passdb() via d96aede s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of pdb_default_sid_to_id() via ef0ed56 s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our sam via 2d3f7e3 s3:winbindd: use the new sid_check_is_for_passdb() in idmap_find_domain_with_sid() via 845a142 build the new sid_check_is_for_passdb() function into passdb via fecdf48 s3:lib: add utility function sid_check_is_for_passdb() via e3ee397 s3:winbindd: remove unused function idmap_backends_sid_to_unixid() via 7f2f296 s3:test:wbinfo_sids2xids: test the results with singular calls with filled and with empty cache via 25018d8 s3:test: fix intialization of WBINFO in test_wbinfo_sids2xids.sh via a1411a8 s3:idmap_autorid: force mapping type to ID_TYPE_BOTH for sid-unixid mapping via 55607f0 s3:idmap_rid: force mapping type to ID_TYPE_BOTH for sid-unixid mapping via c408126 s3:winbindd: remove unused idmap_sid_to_gid() via 5f7a372 s3:winbindd: remove unused idmap_sid_to_uid() via b47be53 s3:winbindd: remove unused server implementation of wbint_Sid2Gid() via c927ff4 s3:winbindd: remove unused server implementation of wbint_Sid2Uid() via aa77161 s3:winbindd: remove wbint_Sid2Gid from the wbint.idl via 8b73556 s3:winbindd: remove wbint_Sid2Uid() from the wbint.idl via de2cf94 s3:winbindd: remove now unused wb_sid2uid and wb_sid2gid modules via 5e74676 s3:winbindd: change winbindd_getgroups to use wb_sids2xids instead of wb_sid2gid via eb0fca9 s3:winbindd: change wb_getgrsid to use wb_sids2xids instead of wb_sid2gid via 55ea921 s3:winbindd: change wb_fill_pwent to use wb_sids2xids instead of wb_sid2[ug]id via 46f2dfa selftest:Samba3: provision the BUILTIN\Users group if the environment runs winbindd via 11ca063 selftest:Samba3: add wbinfo -p test to wait_for_start() via 5b975ce selftest:Samba3: add nmbd, winbindd smbd arguments to wait_for_start() via f7dca55 selftest:Samba3: call wait_for_start() from check_or_start() via 4210e08 s3:winbindd: make idmap_find_domain() static. via 27f88ba s3:winbindd: also use idmap_passdb for own sam and builtin in wbint_Sids2UnixIDs() via 370d625 s3:winbindd: add idmap_find_domain_with_sid() via 150cfb4 s3:winbindd: rename idmap_init_passdb_domain() - idmap_passdb_domain() via ee17a51 selftest:Samba3: provision the domain adminstrators group in the s3 environments via 28e7d73 s3:winbindd: use struct unixid instead of uint64 in Sids2Xids parent-child via da8d026 s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs() via 75a7524 s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs() via 3e7f04b s3:winbindd: use wb_sids2xids instead of wb_sid2gid in winbindd_sid_to_gid via 7637c93 s3:winbindd: use wb_sids2xids instead of wb_sid2uid in winbindd_sid_to_uid via 8e5ce1e s3:winbindd: factor winbindd_sids_to_xids into external and internal part via c58c68d s3:winbindd: convert some spaces to tabs in winbindd_sids_to_xids_send() via 349b9ac s3:winbindd: add explaining comment winbindd_sids_to_xids_send() via be033a1 s3:winbindd: factor lsa_SidType_to_id_type() out of winbindd_sids_to_xids_lookupsids_done() via b435e66 s3:winbindd: simplify winbindd_sids_to_xids_recv() a bit. via 3f0c31f s3:winbindd:util: add a comment explaining the function parse_sidlist() via 6f71071 s4:python/ntacl: add 'as_sddl' option to dsacl2fsacl() via 06f0263 s4:python/ntacl: allow string or objects for sd/sid in setntacl() via d48d0c5 s4:samba-tool/gpo: fix the operation order when creating gpos via dde7eb0 s4:samba-tool/gpo: use 'gPCFileSysPath' when deleting gpos via a1a525e s4:samba-tool/gpo: use the dns_domain from the server when creating gpos via a42c49c s4:libcli/finddcs_cldap: allow io-in.server_address as hostname via c4d51d8 s4:libcli/finddcs_cldap: try all NBT#1C addresses via 0e2e3ff s3:smbcacls: add --query-security-info and --set-security-info options via 9afba14 s3:libsmb: add cli_{query,set}_security_descriptor() which take sec_info flags via cf60338 libcli/security: remove duplicate aces in se_create_child_secdesc() via 8fbe39d s3:smbd/open: fall back to Builtin_Administrators if
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via de2c0f0 Use work around for 'winbind use default domain' only if it is set from 4ab547a s3-winbind: use new reconnect logic in rpc_lookup_sids() also. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit de2c0f0d3d1217814fce840a5050741de3938e0f Author: Sumit Bose sb...@redhat.com Date: Mon Oct 29 12:09:22 2012 +0100 Use work around for 'winbind use default domain' only if it is set Currently in smb_getpwnam() the NetBIOS domain name and the winbind separator character is always added to the user name returned by Get_Pwnam_alloc() if it does not contain the winbind separator character. As comments in the code indicates this is done as a work around if 'winbind use default domain' is set to yes in the samba configuration. This make sense if the option is set because otherwise the domain information is lost from the user name. But it causes errors if other services than winbind are used for user lookup, e.g. sssd. sssd can handle different kind of fully qualified user names as input, e.g. u...@domain.name or DOM\user, but returns a canonical name, by default u...@domain.name. While it would be possible to get around this issue with a special configuration either on the sssd or samba side I think the cleaner solution is to use the work around only if 'winbind use default domain' is set to yes which is what this patch does. Fix bug #9367 - Use work around for 'winbind use default domain' only if it is set. (cherry picked from commit 6c0b864654001046b8bbb585112e60a7e146cb2a) --- Summary of changes: source3/auth/auth_util.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index fc93641..1daddcd 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1174,7 +1174,8 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser, /* make sure we get the case of the username correct */ /* work around 'winbind use default domain = yes' */ - if ( !strchr_m( pw-pw_name, *lp_winbind_separator() ) ) { + if ( lp_winbind_use_default_domain() +!strchr_m( pw-pw_name, *lp_winbind_separator() ) ) { char *domain; /* split the domain and username into 2 strings */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via e42fef3 WHATSNEW: Update changes since rc5. via 5b1aeb6 dbwrap: Fix bug 9440: Do not rely on dbwrap_record_get_value to return a talloc object from 121157a WHATSNEW: Update changes since RC5. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit e42fef39ebc2f02fe574fa9ee81d7322da5d1eec Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 3 09:29:53 2012 +0100 WHATSNEW: Update changes since rc5. Karolin Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Dec 3 11:18:06 CET 2012 on sn-devel-104 commit 5b1aeb6703f941a240cf7e7b58375d3b9c380b4a Author: Volker Lendecke v...@samba.org Date: Thu Nov 29 16:45:15 2012 +0100 dbwrap: Fix bug 9440: Do not rely on dbwrap_record_get_value to return a talloc object db_tdb_fetch_locked returns the value as part of a larger talloc object that also contains the key. This means we can not realloc, but have to freshly alloc. Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Thu Nov 29 20:21:51 CET 2012 on sn-devel-104 (cherry picked from commit 2f38a77a2dfc72ccd94f5027807c9484dae54358) --- Summary of changes: WHATSNEW.txt |2 ++ source3/lib/dbwrap/dbwrap_watch.c |5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a08909a..0f4e981 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -202,6 +202,8 @@ o Amitay Isaacs ami...@gmail.com o Volker Lendecke v...@samba.org * BUG 9422: Large read requests cause server to issue malformed reply. +* BUG 9440: Do not rely on dbwrap_record_get_value to return a talloc + object. o Stefan Metzmacher me...@samba.org diff --git a/source3/lib/dbwrap/dbwrap_watch.c b/source3/lib/dbwrap/dbwrap_watch.c index 701ac9d..d7392a3 100644 --- a/source3/lib/dbwrap/dbwrap_watch.c +++ b/source3/lib/dbwrap/dbwrap_watch.c @@ -119,12 +119,13 @@ static NTSTATUS dbwrap_record_add_watcher(TDB_DATA w_key, struct server_id id) ids = (struct server_id *)value.dptr; num_ids = value.dsize / sizeof(struct server_id); - ids = talloc_realloc(talloc_tos(), ids, struct server_id, -num_ids + 1); + ids = talloc_array(talloc_tos(), struct server_id, + num_ids + 1); if (ids == NULL) { status = NT_STATUS_NO_MEMORY; goto fail; } + memcpy(ids, value.dptr, value.dsize); ids[num_ids] = id; num_ids += 1; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 42a2365 docs: Fix typo in the howto collection. from 99efe84 s3:selftest: extend sids2xids test script to cope with ID_TYPE_BOTH mappings http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 42a23653237bfc89ba90d83d91942746825e3ee9 Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 3 09:08:47 2012 +0100 docs: Fix typo in the howto collection. Thanks to Hermann Gausterer git-samba-2...@mrq1.org for reporting! Karolin Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Mon Dec 3 12:36:14 CET 2012 on sn-devel-104 --- Summary of changes: docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml b/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml index f2f3a30..2b12e11 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml @@ -309,7 +309,7 @@ Ideally, the implementation of SSO should reduce complexity and reduce administa The initial goal of many network administrators is often to create and use a centralized identity management system. It is often assumed that such a centralized system will use a single authentication infrastructure that can be used by all information systems. The Microsoft Windows NT4 security domain architecture and the -Micrsoft active directory service are often put forward as the ideal foundation for such a system. It is +Microsoft active directory service are often put forward as the ideal foundation for such a system. It is conceptually simple to install an external authentication agent on each of the disparate infromation systems that can then use the Microsoft (NT4 domain or ads service) for user authentication and access control. The wonderful dream of a single centralized authentication service is commonly broken when realities are realized. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d913fb1 docs: Merge both samba.8 manpages. via 0e69a7b docs: Add samba.8 and samba-tool manpage to waf build. via b7f66b4 docs: Update man 7 samba. via 4af921f lib/talloc: Move manpage to man/. via ede2aae lib/tdb: Rename manpages/ to man/. via 5323508 replace: Remove deprecated getpass() support. via ce29ecf ntlm_auth4: Use new samba_getpass() function. via 7cc108c cmdline: Use new samba_getpass() function. via de1288e smbget: Use new samba_getpass() function. via 353e83e util: Use new samba_getpass() function for passwd util. via 7f4af3d ntlm_auth: Use new samba_getpass() function. via 270d721 net: Use samba_getpass() function in net util. via 0d5f542 net: Use new samba_getpass() function for 'net rpc'. via bed6012 net: Use new samba_getpass() function for 'net ads'. via 1ded99c torture: Use new samba_getpass() in masktest. via 531af0a torture: Use new samba_getpass() in smbtorture3. via 17bcdb5 torture: Use new samba_getpass() in locktest2. via 3c79f85 util: Use new samba_getpass() function. via 85b1b84 smbclient: Use new samba_getpass() function. via 04c0d48 wbinfo: Use new samba_getpass() function. via 27a1327 util: Add a UNIX platform independent samba_getpass(). from 42a2365 docs: Fix typo in the howto collection. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d913fb1304378bdc8aac2543144d39ffa486f862 Author: Karolin Seeger ksee...@samba.org Date: Fri Nov 30 11:33:04 2012 +0100 docs: Merge both samba.8 manpages. Remove source4/smbd/samba.8.xml and add the additional content to docs-xml/samba.8.xml to be able to build this manpage with the autoconf build also. Karolin Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Mon Dec 3 16:28:32 CET 2012 on sn-devel-104 commit 0e69a7ba114ed5e0ad94e4ed7bb41d7eb0294b16 Author: Karolin Seeger ksee...@samba.org Date: Fri Nov 30 10:39:06 2012 +0100 docs: Add samba.8 and samba-tool manpage to waf build. Karolin Reviewed-by: Andreas Schneider a...@samba.org commit b7f66b43c512932e5265b974012e48d5631767b0 Author: Karolin Seeger ksee...@samba.org Date: Fri Nov 30 11:37:33 2012 +0100 docs: Update man 7 samba. Update man 7 samba. Still incomplete, but at least a bit more up to date. Karolin Reviewed-by: Andreas Schneider a...@samba.org commit 4af921fe882b59d8ad16b2b906e74c28b1b36c20 Author: Karolin Seeger ksee...@samba.org Date: Fri Nov 30 09:43:33 2012 +0100 lib/talloc: Move manpage to man/. Trying to be more consistent. Karolin Reviewed-by: Andreas Schneider a...@samba.org commit ede2aaef281048123cacab9ae879f5c546787080 Author: Karolin Seeger ksee...@samba.org Date: Fri Nov 30 09:39:22 2012 +0100 lib/tdb: Rename manpages/ to man/. Trying to be more consistent. Karolin Reviewed-by: Andreas Schneider a...@samba.org commit 532350877322cd3446cfa65459e82a45d5cef76c Author: Andreas Schneider a...@samba.org Date: Fri Nov 23 14:58:38 2012 +0100 replace: Remove deprecated getpass() support. Reviewed-by: Jelmer Vernooij jel...@samba.org commit ce29ecfd44613e4f3bae98418add1cc4d0ed59ab Author: Andreas Schneider a...@samba.org Date: Fri Nov 23 14:55:48 2012 +0100 ntlm_auth4: Use new samba_getpass() function. Reviewed-by: Jelmer Vernooij jel...@samba.org commit 7cc108c93cd10ac592c28605f2c1e366a7e507b2 Author: Andreas Schneider a...@samba.org Date: Fri Nov 23 14:48:00 2012 +0100 cmdline: Use new samba_getpass() function. Reviewed-by: Jelmer Vernooij jel...@samba.org commit de1288e13eb132768d22ae8c2f34a5e99bddcb33 Author: Andreas Schneider a...@samba.org Date: Fri Nov 23 14:38:14 2012 +0100 smbget: Use new samba_getpass() function. Reviewed-by: Jelmer Vernooij jel...@samba.org commit 353e83e4ee21e5d7955b79e3d1da046f3d1c96e1 Author: Andreas Schneider a...@samba.org Date: Fri Nov 23 14:34:39 2012 +0100 util: Use new samba_getpass() function for passwd util. Reviewed-by: Jelmer Vernooij jel...@samba.org commit 7f4af3d1fb0827714c8637ecc780ef9d88604bc4 Author: Andreas Schneider a...@samba.org Date: Fri Nov 23 14:29:38 2012 +0100 ntlm_auth: Use new samba_getpass() function. Reviewed-by: Jelmer Vernooij jel...@samba.org commit 270d721d36890a13ec9a393a09925d1ca27a337f Author: Andreas Schneider a...@samba.org Date: Fri Nov 23 13:17:13 2012 +0100 net: Use samba_getpass() function in net util. Reviewed-by: Jelmer Vernooij jel...@samba.org commit 0d5f5424b4b86c16d51a5793fa93c3bfe3cdb11a Author: Andreas Schneider
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 61e8b80 s3:passdb: fix building pdb_ldap as shared module from d913fb1 docs: Merge both samba.8 manpages. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 61e8b80c85bf114da7f1d3dadfc2207564f5fbaa Author: Michael Adam ob...@samba.org Date: Mon Dec 3 16:52:12 2012 +0100 s3:passdb: fix building pdb_ldap as shared module Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Mon Dec 3 19:12:29 CET 2012 on sn-devel-104 --- Summary of changes: source3/passdb/ABI/pdb-0.sigs |1 + source3/passdb/pdb_interface.c |4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/ABI/pdb-0.sigs b/source3/passdb/ABI/pdb-0.sigs index f32ca4f..4108b9a 100644 --- a/source3/passdb/ABI/pdb-0.sigs +++ b/source3/passdb/ABI/pdb-0.sigs @@ -238,6 +238,7 @@ pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state) pdb_sethexhours: void (char *, const unsigned char *) pdb_sethexpwd: void (char *, const unsigned char *, uint32_t) pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *) +pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *) pdb_uid_to_sid: bool (uid_t, struct dom_sid *) pdb_update_autolock_flag: bool (struct samu *, bool *) pdb_update_bad_password_count: bool (struct samu *, bool *) diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 436e774..775f8a3 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1425,8 +1425,8 @@ static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid, * The Unix User and Unix Group domains have a special * id mapping that is a rid-algorithm with range starting at 0. */ -_PRIVATE_ bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid, - struct unixid *id) +bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid, +struct unixid *id) { uint32_t rid; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 005d7c2 Final part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. via cc17ce3 More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. via 32892d6 Ensure when calculating the access mask for MAXIMUM_ALLOWED_ACCESS that we add in FILE_READ_ATTRIBUTES, even if this doesn't come from the file/directory ACL. via a115a4e Add comment explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's. via 1c7d00e First part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. from de2c0f0 Use work around for 'winbind use default domain' only if it is set http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 005d7c28e35f58d5f8b114fb6234e663a6c30824 Author: Jeremy Allison j...@samba.org Date: Mon Nov 12 16:30:32 2012 -0800 Final part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. We need to do the same check for overriding ACCESS_DENIED on DELETE_ACCESS as we do in smbd/open.c, as the ACL check is duplicated here. This has been fixed in 4.0.0 and later code. commit cc17ce366a459bf1cb2207a45e5528ea0167b323 Author: Jeremy Allison j...@samba.org Date: Mon Nov 12 16:26:25 2012 -0800 More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. Change can_delete_directory() to can_delete_directory_fsp(), as we only ever call this from an open directory file handle. This allows us to use OpenDir_fsp() instead of OpenDir(). OpenDir() re-checks the ACL on the directory, which may refuse DIR_LIST permissions. OpenDir_fsp() does not. As this is a file-server internal check to see if the directory actually contains any files before setting delete on close, we can ignore the ACL here (Windows does). commit 32892d6357469287bf9594b269bde5b9ffabd54e Author: Jeremy Allison j...@samba.org Date: Mon Nov 12 16:22:52 2012 -0800 Ensure when calculating the access mask for MAXIMUM_ALLOWED_ACCESS that we add in FILE_READ_ATTRIBUTES, even if this doesn't come from the file/directory ACL. If we can access the path to this file, by default we have FILE_READ_ATTRIBUTES from the containing directory. See the section. Algorithm to Check Access to an Existing File in MS-FSA.pdf. commit a115a4e9799e8e5497232a149d4d927308c81a5b Author: Jeremy Allison j...@samba.org Date: Mon Nov 12 16:21:15 2012 -0800 Add comment explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's. If we can access the path to this file, by default we have FILE_READ_ATTRIBUTES from the containing directory. See the section. Algorithm to Check Access to an Existing File in MS-FSA.pdf. commit 1c7d00e8ef48c2cd57d79a00cb26bc56a2979241 Author: Jeremy Allison j...@samba.org Date: Mon Nov 12 16:17:19 2012 -0800 First part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. Use the requested access mask before making the fd_open request in open_directory() rather than faking up an access mask of FILE_READ_DATA | FILE_READ_ATTRIBUTES. The underlying ACL may not permit FILE_READ_DATA. --- Summary of changes: source3/include/proto.h |3 +-- source3/lib/dummysmbd.c |3 +-- source3/locking/locking.c|3 +-- source3/modules/vfs_acl_common.c | 17 - source3/smbd/dir.c | 15 +-- source3/smbd/open.c | 20 +--- 6 files changed, 45 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 720f431..189b286 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1970,8 +1970,7 @@ void cancel_pending_lock_requests_by_fid(files_struct *fsp, enum file_close_type close_type); void send_stat_cache_delete_message(struct messaging_context *msg_ctx, const char *name); -NTSTATUS can_delete_directory(struct connection_struct *conn, - const char *dirname); +NTSTATUS can_delete_directory_fsp(files_struct *fsp); bool change_to_root_user(void); struct event_context *smbd_event_context(void); void contend_level2_oplocks_begin(files_struct *fsp, diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c index 2465e65..0ff0f2e 100644 --- a/source3/lib/dummysmbd.c +++ b/source3/lib/dummysmbd.c @@ -44,8 +44,7 @@ void send_stat_cache_delete_message(struct messaging_context *msg_ctx, { }
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via ceb2c81 s3-net: Fix DEBUG() location. via ac0f0e7 s3-net: give more control how to update/register DNS entries. via 0d41b63 s3-net: pass down a flags field to DoDNSUpdate(). via a294a6d s3-net: move out some prototypes to net_dns.h. via 2443f18 s3-net: pass down struct net_context to the dns update calls. from 005d7c2 Final part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ceb2c81481ea8a37bb281a4d4df604573b371a2d Author: Günther Deschner g...@samba.org Date: Mon Oct 1 16:19:28 2012 +0200 s3-net: Fix DEBUG() location. Guenther Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Tue Oct 2 18:06:17 CEST 2012 on sn-devel-104 Signed-off-by: Günther Deschner g...@samba.org The last 5 patches address bug #9451 - Allow to force DNS updates using net. commit ac0f0e7bc9126ee897d6eaac753c66853514326a Author: Günther Deschner g...@samba.org Date: Tue Sep 25 11:09:45 2012 +0200 s3-net: give more control how to update/register DNS entries. Guenther Signed-off-by: Günther Deschner g...@samba.org commit 0d41b631faf95714eafec4836f7424edb4dda4af Author: Günther Deschner g...@samba.org Date: Tue Sep 25 11:08:48 2012 +0200 s3-net: pass down a flags field to DoDNSUpdate(). Guenther Signed-off-by: Günther Deschner g...@samba.org commit a294a6d2fdbbd9fe54882a365cb54c1f49b900bc Author: Günther Deschner g...@samba.org Date: Wed Sep 19 15:35:15 2012 +0200 s3-net: move out some prototypes to net_dns.h. Guenther Signed-off-by: Günther Deschner g...@samba.org commit 2443f18b0c90956ae7840ac13487b9595b4cff4b Author: Günther Deschner g...@samba.org Date: Wed Sep 19 15:31:57 2012 +0200 s3-net: pass down struct net_context to the dns update calls. Guenther Signed-off-by: Günther Deschner g...@samba.org --- Summary of changes: source3/utils/net_ads.c | 42 source3/utils/net_dns.c | 96 -- source3/utils/net_dns.h | 43 + 3 files changed, 126 insertions(+), 55 deletions(-) create mode 100644 source3/utils/net_dns.h Changeset truncated at 500 lines: diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 6a7bc53..8f8b7b4 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -37,6 +37,7 @@ #include krb5_env.h #include ../libcli/security/security.h #include libsmb/libsmb.h +#include utils/net_dns.h #ifdef HAVE_ADS @@ -1123,12 +1124,9 @@ static WERROR check_ads_config( void ) #if defined(WITH_DNS_UPDATES) #include ../lib/addns/dns.h -DNS_ERROR DoDNSUpdate(char *pszServerName, - const char *pszDomainName, const char *pszHostName, - const struct sockaddr_storage *sslist, - size_t num_addrs ); -static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, +static NTSTATUS net_update_dns_internal(struct net_context *c, + TALLOC_CTX *ctx, ADS_STRUCT *ads, const char *machine_name, const struct sockaddr_storage *addrs, int num_addrs) @@ -1190,7 +1188,7 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, status = ads_dns_lookup_ns( ctx, root_domain, nameservers, ns_count ); if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) { - DEBUG(3,(net_ads_join: Failed to find name server for the %s + DEBUG(3,(net_update_dns_internal: Failed to find name server for the %s realm\n, ads-config.realm)); goto done; } @@ -1201,12 +1199,25 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, for (i=0; i ns_count; i++) { + uint32_t flags = DNS_UPDATE_SIGNED | +DNS_UPDATE_UNSIGNED | +DNS_UPDATE_UNSIGNED_SUFFICIENT | +DNS_UPDATE_PROBE | +DNS_UPDATE_PROBE_SUFFICIENT; + + if (c-opt_force) { + flags = ~DNS_UPDATE_PROBE_SUFFICIENT; + flags = ~DNS_UPDATE_UNSIGNED_SUFFICIENT; + } + + status = NT_STATUS_UNSUCCESSFUL; + /* Now perform the dns update - we'll try non-secure and if we fail, we'll follow it up with a secure update */
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via e0e7437 docs: Fix typo in the howto collection. via fabb2fd docs: Update man 7 samba. via 05fa60f docs: Merge both samba.8 manpages. via 2888d32 docs: Add samba.8 and samba-tool manpage to waf build. via 1f92994 lib/talloc: Move manpage to man/. via 83fb3ee lib/tdb: Rename manpages/ to man/. via af88aeb s3-net: Fix DEBUG() location. via 9032ddf s3-net: give more control how to update/register DNS entries. via 64047e3 s3-net: pass down a flags field to DoDNSUpdate(). via d2f5c83 s3-net: move out some prototypes to net_dns.h. via 95e91cb s3-net: pass down struct net_context to the dns update calls. via fb7e960 s3:passdb: fix building pdb_ldap as shared module from f86b276 WHATSNEW: Update changes since rc5. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit e0e7437dc1471a5aa8494906ce27406b4e423845 Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 3 09:08:47 2012 +0100 docs: Fix typo in the howto collection. Thanks to Hermann Gausterer git-samba-2...@mrq1.org for reporting! Karolin Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Mon Dec 3 12:36:14 CET 2012 on sn-devel-104 (cherry picked from commit 42a23653237bfc89ba90d83d91942746825e3ee9) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Dec 3 22:32:02 CET 2012 on sn-devel-104 commit fabb2fda91d6b5ea50911d3ac69927990b55901c Author: Karolin Seeger ksee...@samba.org Date: Fri Nov 30 11:37:33 2012 +0100 docs: Update man 7 samba. Update man 7 samba. Still incomplete, but at least a bit more up to date. Karolin Fix bug #9445 - samba.7 outdated. commit 05fa60feb506b820431f54c61339fb1f02b0e42b Author: Karolin Seeger ksee...@samba.org Date: Fri Nov 30 11:33:04 2012 +0100 docs: Merge both samba.8 manpages. Remove source4/smbd/samba.8.xml and add the additional content to docs-xml/samba.8.xml to be able to build this manpage with the autoconf build also. Karolin Fix bug #9444 - samba.8 not built with autoconf. commit 2888d32981ce6bc7bcb098f75897e94b26cf9727 Author: Karolin Seeger ksee...@samba.org Date: Fri Nov 30 10:39:06 2012 +0100 docs: Add samba.8 and samba-tool manpage to waf build. Karolin commit 1f92994784d4ae0e071894fd9ac54618109459d7 Author: Karolin Seeger ksee...@samba.org Date: Fri Nov 30 09:43:33 2012 +0100 lib/talloc: Move manpage to man/. Trying to be more consistent. Karolin The last 2 patches address bug #9443 - Manpages of the libraries are located in different subdirectories. commit 83fb3ee0af6b5ad395a7915161a40d3845a661f5 Author: Karolin Seeger ksee...@samba.org Date: Fri Nov 30 09:39:22 2012 +0100 lib/tdb: Rename manpages/ to man/. Trying to be more consistent. Karolin commit af88aebd5ec1e810461a13bea677d77b62116cc5 Author: Günther Deschner g...@samba.org Date: Mon Oct 1 16:19:28 2012 +0200 s3-net: Fix DEBUG() location. Guenther Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Tue Oct 2 18:06:17 CEST 2012 on sn-devel-104 Signed-off-by: Günther Deschner g...@samba.org The last 5 patches address bug #9451 - Allow to force DNS updates using net. commit 9032ddf51373fcf0eb75b5502c9935500801f36f Author: Günther Deschner g...@samba.org Date: Tue Sep 25 11:09:45 2012 +0200 s3-net: give more control how to update/register DNS entries. Guenther Signed-off-by: Günther Deschner g...@samba.org commit 64047e3c486c9b301f582ce8424aea638ace4a36 Author: Günther Deschner g...@samba.org Date: Tue Sep 25 11:08:48 2012 +0200 s3-net: pass down a flags field to DoDNSUpdate(). Guenther Signed-off-by: Günther Deschner g...@samba.org commit d2f5c835406c116dd09ba610803b08e1abb09911 Author: Günther Deschner g...@samba.org Date: Wed Sep 19 15:35:15 2012 +0200 s3-net: move out some prototypes to net_dns.h. Guenther Signed-off-by: Günther Deschner g...@samba.org commit 95e91cb0a9615db9d919fbaeb6a67ec64627fede Author: Günther Deschner g...@samba.org Date: Wed Sep 19 15:31:57 2012 +0200 s3-net: pass down struct net_context to the dns update calls. Guenther Signed-off-by: Günther Deschner g...@samba.org commit fb7e960e478152f5b11f21d354b31efcda4d6239 Author: Michael Adam ob...@samba.org Date: Mon Dec 3 16:52:12 2012 +0100 s3:passdb: fix building pdb_ldap as shared module Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master):