[Samba] samba 4 samba-tool user encrypted password
Hello, thanks with the good job with samba 4. I was wondering, is there a possibility to use an already encrypted password like sambaNTPassword or {SSHA} encrypted password with samba-tool user command ? Regards, Serge Conrad Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ? Je crée ma boîte mail www.laposte.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Domain Account Lockout
On Fri, 2013-01-11 at 22:54 -0500, Chris Stoneburner wrote: First off, I apologize if this is a duplicate - I had some issues with the first email I tried to join this list with! I'm currently using samba4 as an AD DC (domain and forest are both configured with the samba-tool command to be at the 2008_R2 functional level) for both Windows and Linux systems. I've got the default password settings set using the samba-tool domain passwordsettings command and I have all the GPOs configured as I need them for clients. However, I would like to configure how the account lockout functions for the domain accounts. I read in the archive for this list that there isn't currently support for server side GPOs, so I'm not certain how to configure this, or if its even possible. My question with respect to samba is two fold: is it even POSSIBLE to have samba detect multiple failed login attempts to a domain account (e.g., the default domain administrator) and lock the account once a certain threshold has been reached and if so how is that configured? No, this is not yet implemented in the AD DC. Sorry, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 samba-tool user encrypted password
On Wed, 2013-01-16 at 10:41 +0100, sergio.conrad wrote: Hello, thanks with the good job with samba 4. I was wondering, is there a possibility to use an already encrypted password like sambaNTPassword or {SSHA} encrypted password with samba-tool user command ? We need the plaintext because we need to make not only arcfour-hmac-md5 key (the unicodePwd, the NT hash), but also AES keys and (if configured) DES keys. You can set only the unicodePwd if you must, to the NT hash value, but not a {SSHA} value. You cannnot currently do this via tools, but see discussions on this list for examples of code that can set the magic flags to allow this. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Switching between acl_tdb and acl_xattr
On Tue, 2013-01-15 at 23:14 +, Steve Tice wrote: Andrew Bartlett abartlet at samba.org writes: Using Samba 4.0.0, the python bindings or even samba-tool ntacl get/set would be quite a good choice here. We can read directly the NT ACL from the tdb and then set it using the xattr code. I'm very happy to help out if you have any more questions here, as we certainly do have a good range of tools that should be able to help you out. Andrew, here's a status update on my attempts to accomplish this. 1. Attempted to build the source4 tree provided with the source tarball for the samba-3.5.10-125.el6 package. The build did not complete, failing when it tried to link bin/wbinfo. The pertinent output from make was Linking bin/wbinfo bin/mergedobj/cli_auth.o: In function `netlogon_creds_copy': (.text+0x17e3): undefined reference to `dom_sid_dup' collect2: ld returned 1 exit status make: *** [bin/wbinfo] Error 1 2. Successfully built (everything) from a samba-4.0.0beta8 tarball. Would you expect the source4 tree from the samba-3.5.10-125.el6 tarball to build without error? If it did build cleanly, would it even include the tools you mentioned above? No, it would not. Is it reasonable to continue on this path with samba-4.0.0beta8? Please use the Samba 4.0.1 release tarball. Why are you trying beta8? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: no --use-ntvfs option on samba-tool ntacl sysvolcheck
On Mon, 2013-01-14 at 13:11 +, Dominic Evans wrote: In samba-tool, sysvolreset has options for either --use-ntvfs or --use-s3fs to set the permissions appropriately However, sysvolcheck does not have the same capability, and always attempts to verify in s3 vfs. Is this a known limitation in Samba 4.0.0 ? It shouldn't matter. The options are needed for writing, as while the ntvfs server reads and writes version 1, the VFS layer from smbd reads version 1, 2 (never used) as well as the current version 3. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Suggest Forest/Function Level ?
On Sat, 2013-01-12 at 09:09 +0100, Johannes Paechnatz wrote: Hello, I setup an ADS with Samba4 plus a W2K8_R2 Server. Should I raise the Forest/Function Level up to W2K8_R2? We want to use it with some of Win7 Clients, so what's your suggestion/advice? It won't affect the clients, but using the default functional level (2008 R2) is a good idea. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 domain classicupgrade conversion not supported
On Sat, 2013-01-12 at 15:37 +0100, Juan Asensio Sánchez wrote: Anyone? Error converting string to value for line: CurrentVersion ERROR(runtime): uncaught exception - (31, 'WERR_GENERAL_FAILURE') File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 841, in upgrade_from_samba3 use_ntvfs=use_ntvfs, skip_sysvolacl=True) File /usr/local/samba/lib/python2.6/site-packages/samba/provision/__init__.py, line 2012, in provision setup_registry(paths.hklm, session_info, lp=lp) File /usr/local/samba/lib/python2.6/site-packages/samba/provision/__init__.py, line 939, in setup_registry reg.diff_apply(provision_reg) The connection to the LDAP server was closed I think the problem is: About to write CurrentVersion with type (null), length 3: 6.1 convert_string_talloc: Conversion not supported. Type null? Is normal the suffix hive=NONE? What is the conversion that generates the error? In short, your registry TDB has an unexpected string in it, so our conversion code breaks. We may not actually need this part of the conversion, and you may not need the values in the registry anyway. You could simply not provide that db, and we will skip it. Otherwise, hack the script to skip this step. If you could supply your actual database, we may be able to make the script more robust in the future. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow winbind lookups
Hiya, Having done horrific things (you don't want to know... believe me) I managed to remove the 'dead' server from my domain. No trace of it anywhere that I can find. The slowdown still remains. Can anyone point me in another direction I can persue? Thanks, Alex On 14/01/2013 11:18, Alex Matthews wrote: Hiya, I _might_ actually know what is causing this slow down. As I posted a while ago. My domain contains a 'dead' server that I am unable to remove. (post here: https://lists.samba.org/archive/samba/2012-December/170331.html) I think winbind is trying to connect to this dead server and timing out. Thus giving the delay. Is there any way to blacklist this server seeing as I am unable to remove it. Or would someone (Andrew??) Be willing to talk me through a way of manually removing it from my domain? Thanks, Alex On 10/01/2013 14:51, Alex Matthews wrote: On 10/01/2013 13:51, Hleb Valoshka wrote: On 1/10/13, Alex Matthews qoole.sa...@lillimoth.com wrote: wbinfo -u takes a long time to return a list of users I guess that if you attach output of strace wbinfo -u or may be even strace -f wbinfo -u you'll find assistance faster :) # strace -ftT wbinfo -u 14:09:01 execve(/usr/bin/wbinfo, [wbinfo, -u], [/* 37 vars */]) = 0 0.000259 14:09:01 brk(0) = 0xd9f000 0.31 14:09:01 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81143e4000 0.44 14:09:01 access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or directory) 0.30 14:09:01 open(/usr/lib64/tls/x86_64/libsamba-util.so.0, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.30 14:09:01 stat(/usr/lib64/tls/x86_64, 0x7fffdba49910) = -1 ENOENT (No such file or directory) 0.22 14:09:01 open(/usr/lib64/tls/libsamba-util.so.0, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.23 14:09:01 stat(/usr/lib64/tls, 0x7fffdba49910) = -1 ENOENT (No such file or directory) 0.42 14:09:01 open(/usr/lib64/x86_64/libsamba-util.so.0, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.29 14:09:01 stat(/usr/lib64/x86_64, 0x7fffdba49910) = -1 ENOENT (No such file or directory) 0.22 14:09:01 open(/usr/lib64/libsamba-util.so.0, O_RDONLY|O_CLOEXEC) = 3 0.28 14:09:01 read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\240\347\0\0\0\0\0\0..., 832) = 832 0.29 14:09:01 fstat(3, {st_mode=S_IFREG|0755, st_size=214200, ...}) = 0 0.22 14:09:01 mmap(NULL, 2310096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8113f9 0.24 14:09:01 mprotect(0x7f8113fc3000, 2093056, PROT_NONE) = 0 0.35 14:09:01 mmap(0x7f81141c2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x32000) = 0x7f81141c2000 0.29 14:09:01 close(3) = 0 0.21 14:09:01 open(/usr/lib64/libwbclient.so.0, O_RDONLY|O_CLOEXEC) = 3 0.34 14:09:01 read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0P#\0\0\0\0\0\0..., 832) = 832 0.23 14:09:01 fstat(3, {st_mode=S_IFREG|0755, st_size=43160, ...}) = 0 0.22 14:09:01 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81143e3000 0.23 14:09:01 mmap(NULL, 2145544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8113d84000 0.30 14:09:01 mprotect(0x7f8113d8e000, 2093056, PROT_NONE) = 0 0.33 14:09:01 mmap(0x7f8113f8d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f8113f8d000 0.26 14:09:01 mmap(0x7f8113f8f000, 3336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f8113f8f000 0.24 14:09:01 close(3) = 0 0.26 14:09:01 open(/usr/lib64/libreplace.so, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.29 14:09:01 open(/usr/lib64/samba/tls/x86_64/libreplace.so, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.28 14:09:01 stat(/usr/lib64/samba/tls/x86_64, 0x7fffdba498b0) = -1 ENOENT (No such file or directory) 0.22 14:09:01 open(/usr/lib64/samba/tls/libreplace.so, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.28 14:09:01 stat(/usr/lib64/samba/tls, 0x7fffdba498b0) = -1 ENOENT (No such file or directory) 0.28 14:09:01 open(/usr/lib64/samba/x86_64/libreplace.so, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.22 14:09:01 stat(/usr/lib64/samba/x86_64, 0x7fffdba498b0) = -1 ENOENT (No such file or directory) 0.27 14:09:01 open(/usr/lib64/samba/libreplace.so, O_RDONLY|O_CLOEXEC) = 3 0.29 14:09:01 read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\220\16\0\0\0\0\0\0..., 832) = 832 0.22 14:09:01 fstat(3, {st_mode=S_IFREG|0755, st_size=10240, ...}) = 0 0.27 14:09:01 mmap(NULL, 2105896, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8113b81000 0.30 14:09:01 mprotect(0x7f8113b83000, 2093056, PROT_NONE) = 0 0.45 14:09:01 mmap(0x7f8113d82000, 8192, PROT_READ|PROT_WRITE,
Re: [Samba] Server Key [Re-] Generation after Install?
On Tue, 2013-01-15 at 14:44 -0500, Jeffrey Walton wrote: Hi All, I recently stood up a Linux server with Samba and wanted to re-generate any keys the Samba server might be using. I used an Entropy Key (http://www.entropykey.co.uk/), and I believe the PRNG is in good working order now. Could anyone point out what I should do to re-generate any keys required by the Samba server. (Similar to ssh-keygen for OpenSSH server keys). There isn't currently a tool to regenerate all the keys. What role is this server being used in? That will help me give you a suggestion as to what you might want to re-generate (if anything). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to debug SID problems
Hi, Is there a tool to debug SIDs on a samba domain. To check that there is no problems with SIDs on the samba server, windows client or user? After an upgrade/reinstall of the samba server, I get an error message on the windows client saying that the profile could not be synced, when the user logs out. There are probably a problem with the machine account or the users SIDs. But I'm new to windows and samba so I find it dificult to navigate through this windows mess. Maybe there are some keys that should be deleted from the registry or something like that? Regards -- Knut Olav Bøhmer 41 000 108 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Mapping SIDUID (and reverse)
Hi I have a new Samba 3.6.10 server running on Solaris 10. The server is a member of the local Active Directory (which I'll call DOMAIN in this email). Unix username resolution is via NIS. All domain users have NIS usernames as well.Winbind is running to allow SMBD to perform siduid mapping and I have setup idmap_nss. I am not using winbind in /etc/nsswitch.conf as NIS performs that function already. The issue: If I create a file or ACL through Windows for user jack, the security tab ACL appears as DOMAIN\jack. If I add a file or filesystem ACL through Unix for user jill, the Windows security tab shows the ACL as Unix User\jill. However, if I later add a file, or ACL to a file, through Windows for user jill, the Windows security tab now reports the ACL as DOMAIN\jill. Files that previously reported Unix User\jill now correctly report DOMAIN\jill. So it would appear that Winbind is performing and storing the SIDUID mapping when an ACL is *set* through Samba, but it is not storing the mapping (or performing a UIDSID mapping) when performing a *read* of existing Unix file ownership or ACLs. Is this by design, a bug, or have I made a mistake somewhere? I would like it so that if a file or ACL is created on a file through Unix, then Samba will automatically map this to the domain SID. Can this be done? Thanks for any help! JR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Server Key [Re-] Generation after Install?
On Wed, Jan 16, 2013 at 6:41 AM, Andrew Bartlett abart...@samba.org wrote: On Tue, 2013-01-15 at 14:44 -0500, Jeffrey Walton wrote: Hi All, I recently stood up a Linux server with Samba and wanted to re-generate any keys the Samba server might be using. I used an Entropy Key (http://www.entropykey.co.uk/), and I believe the PRNG is in good working order now. Could anyone point out what I should do to re-generate any keys required by the Samba server. (Similar to ssh-keygen for OpenSSH server keys). There isn't currently a tool to regenerate all the keys. What role is this server being used in? That will help me give you a suggestion as to what you might want to re-generate (if anything). Member server. I was concerned about the machine keys for the S-Channel. Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems with smbclient send netbios message
Hi. First, sorry by my bad english :) I had a samba 3.0 and use a script with smbclient to send messages to 30 computers in my laboratory. I upgrade to debian squeeze and samba 3.5 and now i dont use the script command. root@escort:~# echo Testando | smbclient -NM LAB5-01 -I 192.168.3.200 Type your message, ending it with a Control-D cli_message returned NT_STATUS_PIPE_BROKEN I finding in samba bugzilla this: https://bugzilla.samba.org/show_bug.cgi?id=7635 When i test with RH 5.9 with samba 3.0 this work, only with samba 3.5 dont work. [root@delorean ~]# smbclient --version Version 3.0.33-3.39.el5_8 [root@delorean ~]# echo Teste | smbclient -M LAB5-01 -I 192.168.3.200 Connected. Type your message, ending it with a Control-D sent 7 bytes Please, can anyone helpme? -- José Carlos Colzani Formado em Gestão de Tecnologia da Informação Analista de Informática User linux - #241077 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Domain Account Lockout
No worries - thanks for the notice! If it's not already listed, is there a place I can recommend the feature to be implemented? Thanks again! On Wed, Jan 16, 2013 at 6:02 AM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-01-11 at 22:54 -0500, Chris Stoneburner wrote: First off, I apologize if this is a duplicate - I had some issues with the first email I tried to join this list with! I'm currently using samba4 as an AD DC (domain and forest are both configured with the samba-tool command to be at the 2008_R2 functional level) for both Windows and Linux systems. I've got the default password settings set using the samba-tool domain passwordsettings command and I have all the GPOs configured as I need them for clients. However, I would like to configure how the account lockout functions for the domain accounts. I read in the archive for this list that there isn't currently support for server side GPOs, so I'm not certain how to configure this, or if its even possible. My question with respect to samba is two fold: is it even POSSIBLE to have samba detect multiple failed login attempts to a domain account (e.g., the default domain administrator) and lock the account once a certain threshold has been reached and if so how is that configured? No, this is not yet implemented in the AD DC. Sorry, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
Is the workaround something I do or something that is fixed in the newer version? Thanks, Max Max Olivas moli...@northglenn.org 1/15/2013 6:54 AM Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS. Thanks, Max Andrew Bartlett abart...@samba.org 1/14/2013 3:01 PM On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote: Hey All, Thanks for the feedback. I've cleaned up my .tdb files some and have moved farther with the upgrade command but I'm still getting errors. This is what I'm getting now: idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 926, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1476, in setsysvolacl setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py, line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) I see that sid is for the Administrators group but I'm not sure what I need to do to it to complete the upgrade command without errors? Any help is much appreciated. A workaround for this is in the 4.0.0 release. Are you running Samba 4.0.0? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] compiling samba for ubuntu 12.4 lts
Hi, I'm trying to create a samba4.0.1-package for ubuntu12.4. It seems as if I've succeeded to resolve the dependencies and everything is compiling and linking just fine until it switches to the source4 directory. There I always get these kerberos/heimdal-related linker-errors: default/source3/libads/kerberos_57.o: In function `smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt':/data4/temp/samba4/samba-4.0.1/bin/../source3/libads/kerberos.c:126: undefined reference to `krb5_get_init_creds_opt_get_error' default/source3/libads/kerberos_57.o: In function `kerberos_kinit_password_ext':/data4/temp/samba4/samba-4.0.1/bin/../source3/libads/kerberos.c:216: undefined reference to `krb5_get_init_creds_opt_set_pac_request' I've installed the newest versions of all related packeges and now I'm stuck. Any suggestions? Thanks in advance and best regards, bbb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS trouble - Join a domain as a DC
I've tried to join samba a domain as a DC. I've followed Join_a_domain_as_a_DC How Tohttp://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Check_required_DNS_entries_of_the_new_host . Join domain was successfull, but samba_dnsupdate doesn't work. samba_dnsupdate --verbose --all-names say dns_tkey_negotiategss: TKEY is unacceptable I use bind9.8. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Server Key [Re-] Generation after Install?
On Wed, 2013-01-16 at 07:57 -0500, Jeffrey Walton wrote: On Wed, Jan 16, 2013 at 6:41 AM, Andrew Bartlett abart...@samba.org wrote: On Tue, 2013-01-15 at 14:44 -0500, Jeffrey Walton wrote: Hi All, I recently stood up a Linux server with Samba and wanted to re-generate any keys the Samba server might be using. I used an Entropy Key (http://www.entropykey.co.uk/), and I believe the PRNG is in good working order now. Could anyone point out what I should do to re-generate any keys required by the Samba server. (Similar to ssh-keygen for OpenSSH server keys). There isn't currently a tool to regenerate all the keys. What role is this server being used in? That will help me give you a suggestion as to what you might want to re-generate (if anything). Member server. I was concerned about the machine keys for the S-Channel. Just re-join the domain if you are worried. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
On Wed, 2013-01-16 at 09:23 -0700, Max Olivas wrote: Is the workaround something I do or something that is fixed in the newer version? Thanks, Max Max Olivas moli...@northglenn.org 1/15/2013 6:54 AM Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS. Thanks, Max Andrew Bartlett abart...@samba.org 1/14/2013 3:01 PM On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote: Hey All, Thanks for the feedback. I've cleaned up my .tdb files some and have moved farther with the upgrade command but I'm still getting errors. This is what I'm getting now: idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File Looking more closely at the error, this is different. Is there more detail to the error than what you pasted? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba AD Auth Stops After Patches
Hello, I have an issue that I can't sort out. Issue: Just applied the latest round of patches that brought me up to this Samba version and suddenly end-users are being prompted for authentication when attempting to access shares on this CentOS box from their Windows Vista, 7x86, and 7x64 workstations. Problem: I am new to Samba and seem to not be connecting the dots Layer 1: I can ping local host, Samba server name and IP from the Samaba Server and from a Win7x64 client Here is my research and observations: 1. cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.9 (Tikanga) --- 2. smbstatus Samba version 3.6.6-0.129.el5 --- 3. There are no permission problems on the shared directories nor the parent chain --- 4. (Symptom) There is an apparent group ownership problem on the shares. Where it used to resolve the active directory security group, now there is only a numerical string. Attempting to reassign the proper group ownsership fails as follows: 4a. ll | grep 12345 drwxrwxrwx 4 comp 1488701 4096 Jan 31 2006 12345 4b. chown -R comp:orrfo12345 12345 chown: `comp:orrfo12345': invalid group 4e. Ok, this is a big problem but what is causing it? --- 5. From the server hosting Samba, I looked to see if it could resolve the groups. (A Factor) One concern regarding this process is that we collapsed into a much larger domain about a year ago. As a result, what is retrieved for a data set is rather large. Also, it takes some time. That is why I grep in the following: 5a. wbinfo -g | grep -i ORRFO 5b. getent group OR+ORRFO12345 | awk -F: '{print $4}' | sed 's/OR+//g' | sed 's/,/\n/g' 5c. Both commands return a valid list after several seconds --- 6. Checking the winbind user: 6a. net help getauthuser 6b. The command returns the credentails of a active directory account that is present, unlocked, and set with the correct password. --- 7. Checking if it can resolve the domain controller 7a. wbinfo -I IPAddrOfDC 7b. It resolves correctly --- 8. Check to see if can get sid of windbind user 8a. wbinfo -n OR+linux.samba.svc 8b. The command returns the SID --- 9. Checked on services 9a. wbinfo -p Ping to winbindd succeeded 9b. wbinfo -t checking the trust secret for domain OR via RPC calls succeeded 9c. service --status-all | egrep winbindd|nmbd|smbd nmbd (pid 15246) is running... smbd (pid 28397 26486 21186 20942 20941 20940 20939 20938 20937 20936 20935 20934 20933 20930 20929 20927 20926 20925 20924 20923 20922 20921 20920 20917 20916 18027 14885 14878 6418) is running... winbindd (pid 9208 9187 9185 9184 9182) is running... 9d. wbinfo --online-status BUILTIN : online OR-CENTSAMBA-01 : online OR : online 9e. (Problem) Not sure if it is an issue but nmbd was not started initially. The results above come after having started it. --- 10. Verifying smb.conf. I cut out all but one of the shares to keep it simple. The allow connections section was also trimmed but all were ok. 10a. testparm /etc/samba/smb.conf MyWorkstationName MyWorkstationIP Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: The idmap backend option is deprecated WARNING: The idmap uid option is deprecated WARNING: The idmap gid option is deprecated Processing section [12345] Loaded services file OK. WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter. (by default Samba will discover the correct DC to contact automatically). 'winbind separator = +' might cause problems with group membership. WARNING: You have some share names that are longer than 12 characters. These may not be accessible to some older clients. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) Server role: ROLE_DOMAIN_MEMBER Allow connection from MyWorkstationName (MyWorkstationIP) to 12345 10b. (Don't Know) I am not sure if these warnings had been on the system before or if they are the result of patching. --- 11. I created a new user on the Samba server and added it to smbusers. An identically named account exists on another CentOS server that rides the backbone. I am able to access the directories from that server using without being prompted for auth: 11a. smb://OR-CENTSAMBA-01 --- 12. I checked the time on the DC against that on the Samba server and they are within seconds. --- 13. I refreshed the Kerberos ticket. It is good. --- 14. (Problem) Here is one I can't explain. I came accross this as a check but never found what to do if this didn't work. 14a. smbclient -L localhost WARNING: The idmap backend option is deprecated WARNING: The idmap uid option is deprecated WARNING: The idmap gid option is deprecated Enter root's password: Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED) --- 15. Here is my smb.conf 15b. more /etc/samba/smb.conf [global] workgroup = OR realm =
[Samba] Samba4 Integration With Google
Hello everone, In my Company we are going through a network redesign and Planning to retire our Novel edirectory, and Novel Servers and replace them with Samba4 (Over 150 Servers). We have setup a Samba4 test environment which seems to be working well so far. We are an organization with multiple locations and over 1200 users, we are also very heavy users of google apps. I have couple of questions that I need help with. 1- Is it possible to Integrate samba4 with Google Apps for Single sign-on, I know google has and application that Integrates Microsoft Active Directory with Google Apps, so I assume it should be possible with Samba4 too. Has anyone tried and used this feature with success? 2- We already have over 1200 accounts on Google. Is there a way to Import these user accounts into samba4? I would really appreciate any help in this matter and welcome any additional suggestions that you may have for a Project of this magnitude. -- *Varouj (V.J.) Avanessians | Sr. Linux Sys Administrator | ACCO Engineered Systems* 6265 San Fernando Rd | Glendale, California | 91201- 2214 (818)-730-5846 Mobile | (818)-244-6571 Main* * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba AD DC initial join fails at schema replication
Date: 16Jan2013 Samba Version: 4.0.1 OS Version: RHEL 6.3 Windows OS: Server 2012 Forest/Domain: 2008r2 Replaced libnet_vampire.c (corrected ERROR: no subClassOf 'top' for 'samDomain') source [https://bugzilla.samba.org/show_bug.cgi?id=8680] #/usr/lobal/bin/samba-tool domain join dnsdomain DC -U administrator Identifies DC, joins the domain and performs adding SPNs to the Domain Controllers OU . Setting account password for RHELDC1$ Enabling account Calling bare provision No IPv6 address will be assigned Provision OK for domain DN dnsdomain Starting replication Schema-DN[CN=Schema,CN=Configuration,dnsdomain] objects[402] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,dnsdomain] objects[802] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,dnsdomain] objects[1206] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,dnsdomain] objects[1593] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,dnsdomain] objects[1688] linked_values[0] Analyze and apply schema objects Can't continue Schema load: didn't manage to convert any objects: all 22 remaining of 1688 objects failed to convert Join failed - cleaning up . -d 1 returns several messages (some of the messages follow (would include more but I have to handjam them out), all of the messages state a failure to convert into ldb msg): ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x000908BA Warning: Failed to convert schema object CN=Computer,CN=Schema,CN=Configuration,dnsdomain into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x000908A5 Warning: Failed to convert schema object CN=RID-Manager,CN=Schema,CN=Configuration,dnsdomain into ldb msg ../source4/dsdb/schema/schema_syntax.c:1021: Unknown governsID_id 0x000A010D Warning: Failed to convert schema object CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,dnsdomain into ldb msg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 64a29fd tevent: Fix bug 9550 - sigprocmask does not work on FreeBSD to stop further signals in a signal handler via 9a21bc3 lib/replace: Include sys/ucontext.h if available. via d78f760 lib/replace: Add ucontext configure autoconf checks. via 8de4edd lib/replace: Add missing check for sys/wait.h from c89f3dd Fix bug 9548: Correctly detect O_DIRECT http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 64a29fdf0e3ec9138e946bab03ad28a965f3ebd0 Author: Jeremy Allison j...@samba.org Date: Mon Jan 14 15:22:11 2013 -0800 tevent: Fix bug 9550 - sigprocmask does not work on FreeBSD to stop further signals in a signal handler Mask off signals the correct way from the signal handler. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Jan 15 12:13:43 CET 2013 on sn-devel-104 commit 9a21bc35c565210767e71f4bc03a558fe61bdbc8 Author: Jeremy Allison j...@samba.org Date: Mon Jan 14 15:21:52 2013 -0800 lib/replace: Include sys/ucontext.h if available. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit d78f760280473c35b33d4f17d31528dd6269405a Author: Jeremy Allison j...@samba.org Date: Tue Jan 15 10:16:27 2013 -0800 lib/replace: Add ucontext configure autoconf checks. Signed-off-by: Jeremy Allison j...@samba.org commit 8de4edd42cf16bd761a6acc2c8b5656d088969a7 Author: Jeremy Allison j...@samba.org Date: Mon Jan 14 15:06:12 2013 -0800 lib/replace: Add missing check for sys/wait.h Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: lib/replace/libreplace.m4 | 15 ++- lib/replace/system/wait.h |4 lib/tevent/tevent_signal.c | 29 + 3 files changed, 47 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4 index 87e8fdb..67f8e3f 100644 --- a/lib/replace/libreplace.m4 +++ b/lib/replace/libreplace.m4 @@ -66,7 +66,7 @@ AC_FUNC_MEMCMP AC_CHECK_FUNCS([pipe strftime srandom random srand rand usleep setbuffer lstat getpgrp utime utimes]) AC_CHECK_HEADERS(stdbool.h stdint.h sys/select.h) -AC_CHECK_HEADERS(setjmp.h utime.h) +AC_CHECK_HEADERS(setjmp.h utime.h sys/wait.h) LIBREPLACE_PROVIDE_HEADER([stdint.h]) LIBREPLACE_PROVIDE_HEADER([stdbool.h]) @@ -105,6 +105,7 @@ AC_CHECK_HEADERS(stdarg.h vararg.h) AC_CHECK_HEADERS(sys/mount.h mntent.h) AC_CHECK_HEADERS(stropts.h) AC_CHECK_HEADERS(unix.h) +AC_CHECK_HEADERS(sys/ucontext.h) AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror strerror_r) AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename) @@ -325,6 +326,18 @@ if test x$libreplace_cv_struct_timespec = xyes; then AC_DEFINE(HAVE_STRUCT_TIMESPEC,1,[Whether we have struct timespec]) fi +AC_CACHE_CHECK([for ucontext_t type],libreplace_cv_ucontext_t, [ +AC_TRY_COMPILE([ +#include signal.h +#if HAVE_SYS_UCONTEXT_H +#include sys/ucontext.h +# endif +],[ucontext_t uc; sigaddset(uc.uc_sigmask, SIGUSR1);], +libreplace_cv_ucontext_t=yes,libreplace_cv_ucontext_t=no)]) +if test x$libreplace_cv_ucontext_t = xyes; then +AC_DEFINE(HAVE_UCONTEXT_T,1,[Whether we have ucontext_t]) +fi + AC_CHECK_FUNCS([printf memset memcpy],,[AC_MSG_ERROR([Required function not found])]) echo LIBREPLACE_BROKEN_CHECKS: END diff --git a/lib/replace/system/wait.h b/lib/replace/system/wait.h index f0c3bdc..146c61a 100644 --- a/lib/replace/system/wait.h +++ b/lib/replace/system/wait.h @@ -40,6 +40,10 @@ #include setjmp.h #endif +#ifdef HAVE_SYS_UCONTEXT_H +#include sys/ucontext.h +#endif + #if !defined(HAVE_SIG_ATOMIC_T_TYPE) typedef int sig_atomic_t; #endif diff --git a/lib/tevent/tevent_signal.c b/lib/tevent/tevent_signal.c index b790859..cc7fb0a 100644 --- a/lib/tevent/tevent_signal.c +++ b/lib/tevent/tevent_signal.c @@ -122,10 +122,39 @@ static void tevent_common_signal_handler_info(int signum, siginfo_t *info, if (count+1 == TEVENT_SA_INFO_QUEUE_COUNT) { /* we've filled the info array - block this signal until these ones are delivered */ +#ifdef HAVE_UCONTEXT_T + /* +* This is the only way for this to work. +* By default signum is blocked inside this +* signal handler using a temporary mask, +* but what we really need to do now is +* block it in the callers mask, so it +* stays blocked when the temporary signal +* handler
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 653ebe1 configure: Fix bug 9546, aio_suspend detection on FreeBSD from 64a29fd tevent: Fix bug 9550 - sigprocmask does not work on FreeBSD to stop further signals in a signal handler http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 653ebe132287ba66ef54675a3b58988994f0a486 Author: Volker Lendecke v...@samba.org Date: Mon Jan 7 11:06:15 2013 +0100 configure: Fix bug 9546, aio_suspend detection on FreeBSD NULL is not defined without some includes --- Summary of changes: source3/configure.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index a298183..0f805ee 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -5877,7 +5877,7 @@ int main() { struct aiocb a; return aio_cancel(1, a); }], AC_MSG_CHECKING(for aio_suspend) AC_LINK_IFELSE([#include aio.h -int main() { struct aiocb a; return aio_suspend(a, 1, NULL); }], +int main() { struct aiocb a; struct timespec t; return aio_suspend(a, 1, t); }], [AC_DEFINE(HAVE_AIO_SUSPEND, 1, [Have aio_suspend]) AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)]) fi -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via a950974 configure: Fix bug 9546, aio_suspend detection on FreeBSD via c5495c3 smbd: Fix bug 9544, part 2 via 787ba45 smbd: Fix bug 9544, part 1 via aa32e49 smbd: Always compile vfs_commit from 46473b4 Fix bug 9548: Correctly detect O_DIRECT http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit a95097414e453e05cbe535c42cc335c597283c8e Author: Volker Lendecke v...@samba.org Date: Mon Jan 7 12:53:27 2013 -0800 configure: Fix bug 9546, aio_suspend detection on FreeBSD NULL is not defined without some includes Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Wed Jan 16 11:48:16 CET 2013 on sn-devel-104 commit c5495c30fa197909724ce2b3e05e941889234751 Author: Volker Lendecke v...@samba.org Date: Mon Jan 14 21:37:52 2013 +0100 smbd: Fix bug 9544, part 2 Plug in async pwrite commit 787ba4532c7c814026824c60d4bd83d6d3a7b4d3 Author: Volker Lendecke v...@samba.org Date: Mon Jan 14 21:36:51 2013 +0100 smbd: Fix bug 9544, part 1 Adapt the sync function names commit aa32e4924b3549383d9f060fb93fe569b3c05bbd Author: Volker Lendecke v...@samba.org Date: Mon Jan 14 21:14:20 2013 +0100 smbd: Always compile vfs_commit There's no reason not to --- Summary of changes: source3/configure.in |3 +- source3/modules/vfs_commit.c | 86 - source3/wscript |3 +- 3 files changed, 87 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 93c3d1b..e719b53 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -459,6 +459,7 @@ default_shared_modules=$default_shared_modules vfs_crossrename default_shared_modules=$default_shared_modules vfs_linux_xfs_sgid default_shared_modules=$default_shared_modules vfs_time_audit default_shared_modules=$default_shared_modules vfs_media_harmony +default_shared_modules=$default_shared_modules vfs_commit default_shared_modules=$default_shared_modules idmap_autorid default_shared_modules=$default_shared_modules idmap_tdb2 default_shared_modules=$default_shared_modules idmap_rid @@ -5391,7 +5392,7 @@ int main() { struct aiocb a; return aio_cancel(1, a); }])], AC_MSG_CHECKING(for aio_suspend) AC_LINK_IFELSE([AC_LANG_SOURCE([#include aio.h -int main() { struct aiocb a; return aio_suspend(a, 1, NULL); }])], +int main() { struct aiocb a; struct timespec t; return aio_suspend(a, 1, t); }])], [AC_DEFINE(HAVE_AIO_SUSPEND, 1, [Have aio_suspend]) AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)]) else diff --git a/source3/modules/vfs_commit.c b/source3/modules/vfs_commit.c index 865250a..a6bc2a4 100644 --- a/source3/modules/vfs_commit.c +++ b/source3/modules/vfs_commit.c @@ -19,6 +19,7 @@ #include includes.h #include system/filesys.h #include smbd/smbd.h +#include lib/util/tevent_unix.h /* Commit data module. * @@ -275,6 +276,83 @@ static ssize_t commit_pwrite( return ret; } +struct commit_pwrite_state { + struct vfs_handle_struct *handle; + struct files_struct *fsp; + ssize_t ret; + int err; +}; + +static void commit_pwrite_written(struct tevent_req *subreq); + +static struct tevent_req *commit_pwrite_send(struct vfs_handle_struct *handle, +TALLOC_CTX *mem_ctx, +struct tevent_context *ev, +struct files_struct *fsp, +const void *data, +size_t n, off_t offset) +{ + struct tevent_req *req, *subreq; + struct commit_pwrite_state *state; + + req = tevent_req_create(mem_ctx, state, struct commit_pwrite_state); + if (req == NULL) { + return NULL; + } + state-handle = handle; + state-fsp = fsp; + + subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data, + n, offset); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, commit_pwrite_written, req); + return req; +} + +static void commit_pwrite_written(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct commit_pwrite_state *state = tevent_req_data( + req, struct commit_pwrite_state); + int commit_ret; + + state-ret = SMB_VFS_PWRITE_RECV(subreq, state-err); + TALLOC_FREE(subreq); + + if (state-ret = 0) { +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 46b6afc s4-torture: add ndr64 spoolss openprinterex to ndr test. via 6cdf59d s4-torture: allow to do ndr tests with flags, not only ndr_flags. via a4dcf7b spoolss: Make OpenPrinterEx work with NDR64 by using UserInfo Container. from 6bb7bf9 test: dbwrap_tool requires --persistent for the registry now http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 46b6afc69baf89ba346e4418452b2d5a49b3e322 Author: Günther Deschner g...@samba.org Date: Tue Jan 15 17:05:10 2013 +0100 s4-torture: add ndr64 spoolss openprinterex to ndr test. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Wed Jan 16 13:26:53 CET 2013 on sn-devel-104 commit 6cdf59d716eb41c8ce67ff55aa661eaa09fa2e1b Author: Günther Deschner g...@samba.org Date: Tue Jan 15 17:04:08 2013 +0100 s4-torture: allow to do ndr tests with flags, not only ndr_flags. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit a4dcf7b94d8f2d8180bb5b390f49e89e2c956a88 Author: Günther Deschner g...@samba.org Date: Mon Jan 14 17:26:31 2013 +0100 spoolss: Make OpenPrinterEx work with NDR64 by using UserInfo Container. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org --- Summary of changes: librpc/idl/spoolss.idl |3 +- source3/rpc_client/cli_spoolss.c|8 +++--- source3/rpc_server/spoolss/srv_spoolss_nt.c | 14 ++ source4/rpc_server/spoolss/dcesrv_spoolss.c |5 +-- source4/torture/ndr/ndr.c |5 source4/torture/ndr/ndr.h | 12 +++-- source4/torture/ndr/spoolss.c | 28 + source4/torture/rpc/samba3rpc.c |8 +++--- source4/torture/rpc/spoolss.c | 35 +-- source4/torture/rpc/spoolss_access.c|4 +- source4/torture/rpc/spoolss_win.c |8 +++--- 11 files changed, 84 insertions(+), 46 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/spoolss.idl b/librpc/idl/spoolss.idl index 06a0935..7d8e8de 100644 --- a/librpc/idl/spoolss.idl +++ b/librpc/idl/spoolss.idl @@ -2821,8 +2821,7 @@ cpp_quote(#define spoolss_security_descriptor security_descriptor) [in,unique] [string,charset(UTF16)] uint16 *datatype, [in] spoolss_DevmodeContainer devmode_ctr, [in] spoolss_AccessRights access_mask, - [in] uint32 level, - [in,switch_is(level)] spoolss_UserLevel userlevel, + [in] spoolss_UserLevelCtr userlevel_ctr, [out,ref] policy_handle *handle ); diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c index 5c8448b..1a8903d 100644 --- a/source3/rpc_client/cli_spoolss.c +++ b/source3/rpc_client/cli_spoolss.c @@ -40,7 +40,7 @@ WERROR rpccli_spoolss_openprinter_ex(struct rpc_pipe_client *cli, NTSTATUS status; WERROR werror; struct spoolss_DevmodeContainer devmode_ctr; - union spoolss_UserLevel userlevel; + struct spoolss_UserLevelCtr userlevel_ctr; struct spoolss_UserLevel1 level1; struct dcerpc_binding_handle *b = cli-binding_handle; @@ -55,15 +55,15 @@ WERROR rpccli_spoolss_openprinter_ex(struct rpc_pipe_client *cli, level1.minor= 0; level1.processor = 0; - userlevel.level1 = level1; + userlevel_ctr.level = 1; + userlevel_ctr.user_info.level1 = level1; status = dcerpc_spoolss_OpenPrinterEx(b, mem_ctx, printername, NULL, devmode_ctr, access_desired, - 1, /* level */ - userlevel, + userlevel_ctr, handle, werror); diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 28ef836..48a2981 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -1632,15 +1632,17 @@ WERROR _spoolss_OpenPrinter(struct pipes_struct *p, struct
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-01-16-1936/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-01-16-1936/samba3.stderr http://git.samba.org/autobuild.flakey/2013-01-16-1936/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-01-16-1936/samba.stderr http://git.samba.org/autobuild.flakey/2013-01-16-1936/samba.stdout The top commit at the time of the failure was: commit 46b6afc69baf89ba346e4418452b2d5a49b3e322 Author: Günther Deschner g...@samba.org Date: Tue Jan 15 17:05:10 2013 +0100 s4-torture: add ndr64 spoolss openprinterex to ndr test. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Wed Jan 16 13:26:53 CET 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9ba44cc build(waf): fix the abi_match for the pdb library from 46b6afc s4-torture: add ndr64 spoolss openprinterex to ndr test. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9ba44cc610426fb558b49aa9680b5bdf55c29082 Author: Michael Adam ob...@samba.org Date: Tue Jan 15 15:35:09 2013 +0100 build(waf): fix the abi_match for the pdb library The global wildcard match is automatically added by the parsing code if the global match list is empty. Specifying an explicit '*' as the only global match lets the parsing code add a second '*' to the local list, which is an error tolerated on my linux by ld (the GNU linker), but not by the stricter GNU ELF linker gold. Pair-Programmed-With: Gregor Beck gb...@sernet.de Signed-off-by: Gregor Beck gb...@sernet.de Signed-off-by: Michael Adam ob...@samba.org Signed-off-by: Alexander Bokovoy a...@samba.org Autobuild-User(master): Alexander Bokovoy a...@samba.org Autobuild-Date(master): Wed Jan 16 21:31:00 CET 2013 on sn-devel-104 --- Summary of changes: source3/wscript_build |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/wscript_build b/source3/wscript_build index 107587d..2e530f5 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -731,7 +731,7 @@ bld.SAMBA3_LIBRARY('pdb', include/passdb.h passdb/machine_sid.h passdb/lookup_sid.h''', - abi_match=private_pdb_match + ['*'], + abi_match=private_pdb_match, abi_directory='passdb/ABI', vnum='0', vars=locals()) -- Samba Shared Repository