[Samba] samba 4 samba-tool user encrypted password
Hello,
thanks with the good job with samba 4.
I was wondering, is there a possibility to use an already encrypted password
like sambaNTPassword or {SSHA} encrypted password with samba-tool user command ?
Regards,
Serge Conrad
Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ?
Je crée ma boîte mail www.laposte.net
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Domain Account Lockout
On Fri, 2013-01-11 at 22:54 -0500, Chris Stoneburner wrote: First off, I apologize if this is a duplicate - I had some issues with the first email I tried to join this list with! I'm currently using samba4 as an AD DC (domain and forest are both configured with the samba-tool command to be at the 2008_R2 functional level) for both Windows and Linux systems. I've got the default password settings set using the samba-tool domain passwordsettings command and I have all the GPOs configured as I need them for clients. However, I would like to configure how the account lockout functions for the domain accounts. I read in the archive for this list that there isn't currently support for server side GPOs, so I'm not certain how to configure this, or if its even possible. My question with respect to samba is two fold: is it even POSSIBLE to have samba detect multiple failed login attempts to a domain account (e.g., the default domain administrator) and lock the account once a certain threshold has been reached and if so how is that configured? No, this is not yet implemented in the AD DC. Sorry, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 samba-tool user encrypted password
On Wed, 2013-01-16 at 10:41 +0100, sergio.conrad wrote:
Hello,
thanks with the good job with samba 4.
I was wondering, is there a possibility to use an already encrypted password
like sambaNTPassword or {SSHA} encrypted password with samba-tool user
command ?
We need the plaintext because we need to make not only arcfour-hmac-md5
key (the unicodePwd, the NT hash), but also AES keys and (if configured)
DES keys.
You can set only the unicodePwd if you must, to the NT hash value, but
not a {SSHA} value. You cannnot currently do this via tools, but see
discussions on this list for examples of code that can set the magic
flags to allow this.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Switching between acl_tdb and acl_xattr
On Tue, 2013-01-15 at 23:14 +, Steve Tice wrote: Andrew Bartlett abartlet at samba.org writes: Using Samba 4.0.0, the python bindings or even samba-tool ntacl get/set would be quite a good choice here. We can read directly the NT ACL from the tdb and then set it using the xattr code. I'm very happy to help out if you have any more questions here, as we certainly do have a good range of tools that should be able to help you out. Andrew, here's a status update on my attempts to accomplish this. 1. Attempted to build the source4 tree provided with the source tarball for the samba-3.5.10-125.el6 package. The build did not complete, failing when it tried to link bin/wbinfo. The pertinent output from make was Linking bin/wbinfo bin/mergedobj/cli_auth.o: In function `netlogon_creds_copy': (.text+0x17e3): undefined reference to `dom_sid_dup' collect2: ld returned 1 exit status make: *** [bin/wbinfo] Error 1 2. Successfully built (everything) from a samba-4.0.0beta8 tarball. Would you expect the source4 tree from the samba-3.5.10-125.el6 tarball to build without error? If it did build cleanly, would it even include the tools you mentioned above? No, it would not. Is it reasonable to continue on this path with samba-4.0.0beta8? Please use the Samba 4.0.1 release tarball. Why are you trying beta8? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: no --use-ntvfs option on samba-tool ntacl sysvolcheck
On Mon, 2013-01-14 at 13:11 +, Dominic Evans wrote: In samba-tool, sysvolreset has options for either --use-ntvfs or --use-s3fs to set the permissions appropriately However, sysvolcheck does not have the same capability, and always attempts to verify in s3 vfs. Is this a known limitation in Samba 4.0.0 ? It shouldn't matter. The options are needed for writing, as while the ntvfs server reads and writes version 1, the VFS layer from smbd reads version 1, 2 (never used) as well as the current version 3. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Suggest Forest/Function Level ?
On Sat, 2013-01-12 at 09:09 +0100, Johannes Paechnatz wrote: Hello, I setup an ADS with Samba4 plus a W2K8_R2 Server. Should I raise the Forest/Function Level up to W2K8_R2? We want to use it with some of Win7 Clients, so what's your suggestion/advice? It won't affect the clients, but using the default functional level (2008 R2) is a good idea. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 domain classicupgrade conversion not supported
On Sat, 2013-01-12 at 15:37 +0100, Juan Asensio Sánchez wrote: Anyone? Error converting string to value for line: CurrentVersion ERROR(runtime): uncaught exception - (31, 'WERR_GENERAL_FAILURE') File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 841, in upgrade_from_samba3 use_ntvfs=use_ntvfs, skip_sysvolacl=True) File /usr/local/samba/lib/python2.6/site-packages/samba/provision/__init__.py, line 2012, in provision setup_registry(paths.hklm, session_info, lp=lp) File /usr/local/samba/lib/python2.6/site-packages/samba/provision/__init__.py, line 939, in setup_registry reg.diff_apply(provision_reg) The connection to the LDAP server was closed I think the problem is: About to write CurrentVersion with type (null), length 3: 6.1 convert_string_talloc: Conversion not supported. Type null? Is normal the suffix hive=NONE? What is the conversion that generates the error? In short, your registry TDB has an unexpected string in it, so our conversion code breaks. We may not actually need this part of the conversion, and you may not need the values in the registry anyway. You could simply not provide that db, and we will skip it. Otherwise, hack the script to skip this step. If you could supply your actual database, we may be able to make the script more robust in the future. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow winbind lookups
Hiya,
Having done horrific things (you don't want to know... believe me) I
managed to remove the 'dead' server from my domain. No trace of it
anywhere that I can find.
The slowdown still remains.
Can anyone point me in another direction I can persue?
Thanks,
Alex
On 14/01/2013 11:18, Alex Matthews wrote:
Hiya,
I _might_ actually know what is causing this slow down.
As I posted a while ago. My domain contains a 'dead' server that I am
unable to remove. (post here:
https://lists.samba.org/archive/samba/2012-December/170331.html)
I think winbind is trying to connect to this dead server and timing
out. Thus giving the delay.
Is there any way to blacklist this server seeing as I am unable to
remove it.
Or would someone (Andrew??) Be willing to talk me through a way of
manually removing it from my domain?
Thanks,
Alex
On 10/01/2013 14:51, Alex Matthews wrote:
On 10/01/2013 13:51, Hleb Valoshka wrote:
On 1/10/13, Alex Matthews qoole.sa...@lillimoth.com wrote:
wbinfo -u takes a long time to return a list of users
I guess that if you attach output of strace wbinfo -u or may be even
strace -f wbinfo -u you'll find assistance faster :)
# strace -ftT wbinfo -u
14:09:01 execve(/usr/bin/wbinfo, [wbinfo, -u], [/* 37 vars */])
= 0 0.000259
14:09:01 brk(0) = 0xd9f000 0.31
14:09:01 mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81143e4000 0.44
14:09:01 access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file
or directory) 0.30
14:09:01 open(/usr/lib64/tls/x86_64/libsamba-util.so.0,
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.30
14:09:01 stat(/usr/lib64/tls/x86_64, 0x7fffdba49910) = -1 ENOENT
(No such file or directory) 0.22
14:09:01 open(/usr/lib64/tls/libsamba-util.so.0,
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.23
14:09:01 stat(/usr/lib64/tls, 0x7fffdba49910) = -1 ENOENT (No such
file or directory) 0.42
14:09:01 open(/usr/lib64/x86_64/libsamba-util.so.0,
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.29
14:09:01 stat(/usr/lib64/x86_64, 0x7fffdba49910) = -1 ENOENT (No
such file or directory) 0.22
14:09:01 open(/usr/lib64/libsamba-util.so.0, O_RDONLY|O_CLOEXEC) =
3 0.28
14:09:01 read(3,
\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\240\347\0\0\0\0\0\0...,
832) = 832 0.29
14:09:01 fstat(3, {st_mode=S_IFREG|0755, st_size=214200, ...}) = 0
0.22
14:09:01 mmap(NULL, 2310096, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8113f9 0.24
14:09:01 mprotect(0x7f8113fc3000, 2093056, PROT_NONE) = 0 0.35
14:09:01 mmap(0x7f81141c2000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x32000) = 0x7f81141c2000
0.29
14:09:01 close(3) = 0 0.21
14:09:01 open(/usr/lib64/libwbclient.so.0, O_RDONLY|O_CLOEXEC) = 3
0.34
14:09:01 read(3,
\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0P#\0\0\0\0\0\0...,
832) = 832 0.23
14:09:01 fstat(3, {st_mode=S_IFREG|0755, st_size=43160, ...}) = 0
0.22
14:09:01 mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81143e3000 0.23
14:09:01 mmap(NULL, 2145544, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8113d84000 0.30
14:09:01 mprotect(0x7f8113d8e000, 2093056, PROT_NONE) = 0 0.33
14:09:01 mmap(0x7f8113f8d000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f8113f8d000
0.26
14:09:01 mmap(0x7f8113f8f000, 3336, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f8113f8f000 0.24
14:09:01 close(3) = 0 0.26
14:09:01 open(/usr/lib64/libreplace.so, O_RDONLY|O_CLOEXEC) = -1
ENOENT (No such file or directory) 0.29
14:09:01 open(/usr/lib64/samba/tls/x86_64/libreplace.so,
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.28
14:09:01 stat(/usr/lib64/samba/tls/x86_64, 0x7fffdba498b0) = -1
ENOENT (No such file or directory) 0.22
14:09:01 open(/usr/lib64/samba/tls/libreplace.so,
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.28
14:09:01 stat(/usr/lib64/samba/tls, 0x7fffdba498b0) = -1 ENOENT (No
such file or directory) 0.28
14:09:01 open(/usr/lib64/samba/x86_64/libreplace.so,
O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.22
14:09:01 stat(/usr/lib64/samba/x86_64, 0x7fffdba498b0) = -1 ENOENT
(No such file or directory) 0.27
14:09:01 open(/usr/lib64/samba/libreplace.so, O_RDONLY|O_CLOEXEC) =
3 0.29
14:09:01 read(3,
\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\220\16\0\0\0\0\0\0...,
832) = 832 0.22
14:09:01 fstat(3, {st_mode=S_IFREG|0755, st_size=10240, ...}) = 0
0.27
14:09:01 mmap(NULL, 2105896, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8113b81000 0.30
14:09:01 mprotect(0x7f8113b83000, 2093056, PROT_NONE) = 0 0.45
14:09:01 mmap(0x7f8113d82000, 8192, PROT_READ|PROT_WRITE,
Re: [Samba] Server Key [Re-] Generation after Install?
On Tue, 2013-01-15 at 14:44 -0500, Jeffrey Walton wrote: Hi All, I recently stood up a Linux server with Samba and wanted to re-generate any keys the Samba server might be using. I used an Entropy Key (http://www.entropykey.co.uk/), and I believe the PRNG is in good working order now. Could anyone point out what I should do to re-generate any keys required by the Samba server. (Similar to ssh-keygen for OpenSSH server keys). There isn't currently a tool to regenerate all the keys. What role is this server being used in? That will help me give you a suggestion as to what you might want to re-generate (if anything). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to debug SID problems
Hi, Is there a tool to debug SIDs on a samba domain. To check that there is no problems with SIDs on the samba server, windows client or user? After an upgrade/reinstall of the samba server, I get an error message on the windows client saying that the profile could not be synced, when the user logs out. There are probably a problem with the machine account or the users SIDs. But I'm new to windows and samba so I find it dificult to navigate through this windows mess. Maybe there are some keys that should be deleted from the registry or something like that? Regards -- Knut Olav Bøhmer 41 000 108 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Mapping SIDUID (and reverse)
Hi I have a new Samba 3.6.10 server running on Solaris 10. The server is a member of the local Active Directory (which I'll call DOMAIN in this email). Unix username resolution is via NIS. All domain users have NIS usernames as well.Winbind is running to allow SMBD to perform siduid mapping and I have setup idmap_nss. I am not using winbind in /etc/nsswitch.conf as NIS performs that function already. The issue: If I create a file or ACL through Windows for user jack, the security tab ACL appears as DOMAIN\jack. If I add a file or filesystem ACL through Unix for user jill, the Windows security tab shows the ACL as Unix User\jill. However, if I later add a file, or ACL to a file, through Windows for user jill, the Windows security tab now reports the ACL as DOMAIN\jill. Files that previously reported Unix User\jill now correctly report DOMAIN\jill. So it would appear that Winbind is performing and storing the SIDUID mapping when an ACL is *set* through Samba, but it is not storing the mapping (or performing a UIDSID mapping) when performing a *read* of existing Unix file ownership or ACLs. Is this by design, a bug, or have I made a mistake somewhere? I would like it so that if a file or ACL is created on a file through Unix, then Samba will automatically map this to the domain SID. Can this be done? Thanks for any help! JR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Server Key [Re-] Generation after Install?
On Wed, Jan 16, 2013 at 6:41 AM, Andrew Bartlett abart...@samba.org wrote: On Tue, 2013-01-15 at 14:44 -0500, Jeffrey Walton wrote: Hi All, I recently stood up a Linux server with Samba and wanted to re-generate any keys the Samba server might be using. I used an Entropy Key (http://www.entropykey.co.uk/), and I believe the PRNG is in good working order now. Could anyone point out what I should do to re-generate any keys required by the Samba server. (Similar to ssh-keygen for OpenSSH server keys). There isn't currently a tool to regenerate all the keys. What role is this server being used in? That will help me give you a suggestion as to what you might want to re-generate (if anything). Member server. I was concerned about the machine keys for the S-Channel. Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems with smbclient send netbios message
Hi. First, sorry by my bad english :) I had a samba 3.0 and use a script with smbclient to send messages to 30 computers in my laboratory. I upgrade to debian squeeze and samba 3.5 and now i dont use the script command. root@escort:~# echo Testando | smbclient -NM LAB5-01 -I 192.168.3.200 Type your message, ending it with a Control-D cli_message returned NT_STATUS_PIPE_BROKEN I finding in samba bugzilla this: https://bugzilla.samba.org/show_bug.cgi?id=7635 When i test with RH 5.9 with samba 3.0 this work, only with samba 3.5 dont work. [root@delorean ~]# smbclient --version Version 3.0.33-3.39.el5_8 [root@delorean ~]# echo Teste | smbclient -M LAB5-01 -I 192.168.3.200 Connected. Type your message, ending it with a Control-D sent 7 bytes Please, can anyone helpme? -- José Carlos Colzani Formado em Gestão de Tecnologia da Informação Analista de Informática User linux - #241077 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Domain Account Lockout
No worries - thanks for the notice! If it's not already listed, is there a place I can recommend the feature to be implemented? Thanks again! On Wed, Jan 16, 2013 at 6:02 AM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-01-11 at 22:54 -0500, Chris Stoneburner wrote: First off, I apologize if this is a duplicate - I had some issues with the first email I tried to join this list with! I'm currently using samba4 as an AD DC (domain and forest are both configured with the samba-tool command to be at the 2008_R2 functional level) for both Windows and Linux systems. I've got the default password settings set using the samba-tool domain passwordsettings command and I have all the GPOs configured as I need them for clients. However, I would like to configure how the account lockout functions for the domain accounts. I read in the archive for this list that there isn't currently support for server side GPOs, so I'm not certain how to configure this, or if its even possible. My question with respect to samba is two fold: is it even POSSIBLE to have samba detect multiple failed login attempts to a domain account (e.g., the default domain administrator) and lock the account once a certain threshold has been reached and if so how is that configured? No, this is not yet implemented in the AD DC. Sorry, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
Is the workaround something I do or something that is fixed in the newer version? Thanks, Max Max Olivas moli...@northglenn.org 1/15/2013 6:54 AM Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS. Thanks, Max Andrew Bartlett abart...@samba.org 1/14/2013 3:01 PM On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote: Hey All, Thanks for the feedback. I've cleaned up my .tdb files some and have moved farther with the upgrade command but I'm still getting errors. This is what I'm getting now: idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 926, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1476, in setsysvolacl setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py, line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) I see that sid is for the Administrators group but I'm not sure what I need to do to it to complete the upgrade command without errors? Any help is much appreciated. A workaround for this is in the 4.0.0 release. Are you running Samba 4.0.0? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] compiling samba for ubuntu 12.4 lts
Hi, I'm trying to create a samba4.0.1-package for ubuntu12.4. It seems as if I've succeeded to resolve the dependencies and everything is compiling and linking just fine until it switches to the source4 directory. There I always get these kerberos/heimdal-related linker-errors: default/source3/libads/kerberos_57.o: In function `smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt':/data4/temp/samba4/samba-4.0.1/bin/../source3/libads/kerberos.c:126: undefined reference to `krb5_get_init_creds_opt_get_error' default/source3/libads/kerberos_57.o: In function `kerberos_kinit_password_ext':/data4/temp/samba4/samba-4.0.1/bin/../source3/libads/kerberos.c:216: undefined reference to `krb5_get_init_creds_opt_set_pac_request' I've installed the newest versions of all related packeges and now I'm stuck. Any suggestions? Thanks in advance and best regards, bbb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS trouble - Join a domain as a DC
I've tried to join samba a domain as a DC. I've followed Join_a_domain_as_a_DC How Tohttp://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Check_required_DNS_entries_of_the_new_host . Join domain was successfull, but samba_dnsupdate doesn't work. samba_dnsupdate --verbose --all-names say dns_tkey_negotiategss: TKEY is unacceptable I use bind9.8. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Server Key [Re-] Generation after Install?
On Wed, 2013-01-16 at 07:57 -0500, Jeffrey Walton wrote: On Wed, Jan 16, 2013 at 6:41 AM, Andrew Bartlett abart...@samba.org wrote: On Tue, 2013-01-15 at 14:44 -0500, Jeffrey Walton wrote: Hi All, I recently stood up a Linux server with Samba and wanted to re-generate any keys the Samba server might be using. I used an Entropy Key (http://www.entropykey.co.uk/), and I believe the PRNG is in good working order now. Could anyone point out what I should do to re-generate any keys required by the Samba server. (Similar to ssh-keygen for OpenSSH server keys). There isn't currently a tool to regenerate all the keys. What role is this server being used in? That will help me give you a suggestion as to what you might want to re-generate (if anything). Member server. I was concerned about the machine keys for the S-Channel. Just re-join the domain if you are worried. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
On Wed, 2013-01-16 at 09:23 -0700, Max Olivas wrote: Is the workaround something I do or something that is fixed in the newer version? Thanks, Max Max Olivas moli...@northglenn.org 1/15/2013 6:54 AM Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS. Thanks, Max Andrew Bartlett abart...@samba.org 1/14/2013 3:01 PM On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote: Hey All, Thanks for the feedback. I've cleaned up my .tdb files some and have moved farther with the upgrade command but I'm still getting errors. This is what I'm getting now: idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File Looking more closely at the error, this is different. Is there more detail to the error than what you pasted? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba AD Auth Stops After Patches
Hello, I have an issue that I can't sort out.
Issue: Just applied the latest round of patches that brought me up to this
Samba version and
suddenly end-users are being prompted for authentication when attempting to
access shares
on this CentOS box from their Windows Vista, 7x86, and 7x64 workstations.
Problem: I am new to Samba and seem to not be connecting the dots
Layer 1: I can ping local host, Samba server name and IP from the Samaba
Server and from a Win7x64 client
Here is my research and observations:
1. cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.9 (Tikanga)
---
2. smbstatus
Samba version 3.6.6-0.129.el5
---
3. There are no permission problems on the shared directories nor the parent
chain
---
4. (Symptom) There is an apparent group ownership problem on the shares.
Where it used to resolve the
active directory security group, now there is only a numerical string.
Attempting to reassign the
proper group ownsership fails as follows:
4a. ll | grep 12345
drwxrwxrwx 4 comp 1488701 4096 Jan 31 2006 12345
4b. chown -R comp:orrfo12345 12345
chown: `comp:orrfo12345': invalid group
4e. Ok, this is a big problem but what is causing it?
---
5. From the server hosting Samba, I looked to see if it could resolve the
groups. (A Factor) One concern
regarding this process is that we collapsed into a much larger domain
about a year ago. As a result,
what is retrieved for a data set is rather large. Also, it takes some
time. That is why I grep in the
following:
5a. wbinfo -g | grep -i ORRFO
5b. getent group OR+ORRFO12345 | awk -F: '{print $4}' | sed 's/OR+//g' | sed
's/,/\n/g'
5c. Both commands return a valid list after several seconds
---
6. Checking the winbind user:
6a. net help getauthuser
6b. The command returns the credentails of a active directory account that
is present, unlocked, and set
with the correct password.
---
7. Checking if it can resolve the domain controller
7a. wbinfo -I IPAddrOfDC
7b. It resolves correctly
---
8. Check to see if can get sid of windbind user
8a. wbinfo -n OR+linux.samba.svc
8b. The command returns the SID
---
9. Checked on services
9a. wbinfo -p
Ping to winbindd succeeded
9b. wbinfo -t
checking the trust secret for domain OR via RPC calls succeeded
9c. service --status-all | egrep winbindd|nmbd|smbd
nmbd (pid 15246) is running...
smbd (pid 28397 26486 21186 20942 20941 20940 20939 20938 20937
20936 20935 20934 20933 20930 20929 20927 20926 20925 20924 20923
20922 20921 20920 20917 20916 18027 14885 14878 6418) is running...
winbindd (pid 9208 9187 9185 9184 9182) is running...
9d. wbinfo --online-status
BUILTIN : online
OR-CENTSAMBA-01 : online
OR : online
9e. (Problem) Not sure if it is an issue but nmbd was not started initially.
The results above come after having started it.
---
10. Verifying smb.conf. I cut out all but one of the shares to keep it
simple. The allow connections section
was also trimmed but all were ok.
10a. testparm /etc/samba/smb.conf MyWorkstationName MyWorkstationIP
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The idmap backend option is deprecated
WARNING: The idmap uid option is deprecated
WARNING: The idmap gid option is deprecated
Processing section [12345]
Loaded services file OK.
WARNING: The setting 'security=ads' should NOT be combined with the
'password server' parameter.
(by default Samba will discover the correct DC to contact automatically).
'winbind separator = +' might cause problems with group membership.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_MEMBER
Allow connection from MyWorkstationName (MyWorkstationIP) to 12345
10b. (Don't Know) I am not sure if these warnings had been on the system
before or
if they are the result of patching.
---
11. I created a new user on the Samba server and added it to smbusers. An
identically
named account exists on another CentOS server that rides the backbone. I
am able to
access the directories from that server using without being prompted for
auth:
11a. smb://OR-CENTSAMBA-01
---
12. I checked the time on the DC against that on the Samba server and they
are within seconds.
---
13. I refreshed the Kerberos ticket. It is good.
---
14. (Problem) Here is one I can't explain. I came accross this as a check
but never found what to
do if this didn't work.
14a. smbclient -L localhost
WARNING: The idmap backend option is deprecated
WARNING: The idmap uid option is deprecated
WARNING: The idmap gid option is deprecated
Enter root's password:
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
---
15. Here is my smb.conf
15b. more /etc/samba/smb.conf
[global]
workgroup = OR
realm =
[Samba] Samba4 Integration With Google
Hello everone, In my Company we are going through a network redesign and Planning to retire our Novel edirectory, and Novel Servers and replace them with Samba4 (Over 150 Servers). We have setup a Samba4 test environment which seems to be working well so far. We are an organization with multiple locations and over 1200 users, we are also very heavy users of google apps. I have couple of questions that I need help with. 1- Is it possible to Integrate samba4 with Google Apps for Single sign-on, I know google has and application that Integrates Microsoft Active Directory with Google Apps, so I assume it should be possible with Samba4 too. Has anyone tried and used this feature with success? 2- We already have over 1200 accounts on Google. Is there a way to Import these user accounts into samba4? I would really appreciate any help in this matter and welcome any additional suggestions that you may have for a Project of this magnitude. -- *Varouj (V.J.) Avanessians | Sr. Linux Sys Administrator | ACCO Engineered Systems* 6265 San Fernando Rd | Glendale, California | 91201- 2214 (818)-730-5846 Mobile | (818)-244-6571 Main* * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba AD DC initial join fails at schema replication
Date: 16Jan2013 Samba Version: 4.0.1 OS Version: RHEL 6.3 Windows OS: Server 2012 Forest/Domain: 2008r2 Replaced libnet_vampire.c (corrected ERROR: no subClassOf 'top' for 'samDomain') source [https://bugzilla.samba.org/show_bug.cgi?id=8680] #/usr/lobal/bin/samba-tool domain join dnsdomain DC -U administrator Identifies DC, joins the domain and performs adding SPNs to the Domain Controllers OU . Setting account password for RHELDC1$ Enabling account Calling bare provision No IPv6 address will be assigned Provision OK for domain DN dnsdomain Starting replication Schema-DN[CN=Schema,CN=Configuration,dnsdomain] objects[402] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,dnsdomain] objects[802] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,dnsdomain] objects[1206] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,dnsdomain] objects[1593] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,dnsdomain] objects[1688] linked_values[0] Analyze and apply schema objects Can't continue Schema load: didn't manage to convert any objects: all 22 remaining of 1688 objects failed to convert Join failed - cleaning up . -d 1 returns several messages (some of the messages follow (would include more but I have to handjam them out), all of the messages state a failure to convert into ldb msg): ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x000908BA Warning: Failed to convert schema object CN=Computer,CN=Schema,CN=Configuration,dnsdomain into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x000908A5 Warning: Failed to convert schema object CN=RID-Manager,CN=Schema,CN=Configuration,dnsdomain into ldb msg ../source4/dsdb/schema/schema_syntax.c:1021: Unknown governsID_id 0x000A010D Warning: Failed to convert schema object CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,dnsdomain into ldb msg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 64a29fd tevent: Fix bug 9550 - sigprocmask does not work on FreeBSD
to stop further signals in a signal handler
via 9a21bc3 lib/replace: Include sys/ucontext.h if available.
via d78f760 lib/replace: Add ucontext configure autoconf checks.
via 8de4edd lib/replace: Add missing check for sys/wait.h
from c89f3dd Fix bug 9548: Correctly detect O_DIRECT
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 64a29fdf0e3ec9138e946bab03ad28a965f3ebd0
Author: Jeremy Allison j...@samba.org
Date: Mon Jan 14 15:22:11 2013 -0800
tevent: Fix bug 9550 - sigprocmask does not work on FreeBSD to stop further
signals in a signal handler
Mask off signals the correct way from the signal handler.
Signed-off-by: Jeremy Allison j...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
Autobuild-User(master): Stefan Metzmacher me...@samba.org
Autobuild-Date(master): Tue Jan 15 12:13:43 CET 2013 on sn-devel-104
commit 9a21bc35c565210767e71f4bc03a558fe61bdbc8
Author: Jeremy Allison j...@samba.org
Date: Mon Jan 14 15:21:52 2013 -0800
lib/replace: Include sys/ucontext.h if available.
Signed-off-by: Jeremy Allison j...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
commit d78f760280473c35b33d4f17d31528dd6269405a
Author: Jeremy Allison j...@samba.org
Date: Tue Jan 15 10:16:27 2013 -0800
lib/replace: Add ucontext configure autoconf checks.
Signed-off-by: Jeremy Allison j...@samba.org
commit 8de4edd42cf16bd761a6acc2c8b5656d088969a7
Author: Jeremy Allison j...@samba.org
Date: Mon Jan 14 15:06:12 2013 -0800
lib/replace: Add missing check for sys/wait.h
Signed-off-by: Jeremy Allison j...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
---
Summary of changes:
lib/replace/libreplace.m4 | 15 ++-
lib/replace/system/wait.h |4
lib/tevent/tevent_signal.c | 29 +
3 files changed, 47 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4
index 87e8fdb..67f8e3f 100644
--- a/lib/replace/libreplace.m4
+++ b/lib/replace/libreplace.m4
@@ -66,7 +66,7 @@ AC_FUNC_MEMCMP
AC_CHECK_FUNCS([pipe strftime srandom random srand rand usleep setbuffer lstat
getpgrp utime utimes])
AC_CHECK_HEADERS(stdbool.h stdint.h sys/select.h)
-AC_CHECK_HEADERS(setjmp.h utime.h)
+AC_CHECK_HEADERS(setjmp.h utime.h sys/wait.h)
LIBREPLACE_PROVIDE_HEADER([stdint.h])
LIBREPLACE_PROVIDE_HEADER([stdbool.h])
@@ -105,6 +105,7 @@ AC_CHECK_HEADERS(stdarg.h vararg.h)
AC_CHECK_HEADERS(sys/mount.h mntent.h)
AC_CHECK_HEADERS(stropts.h)
AC_CHECK_HEADERS(unix.h)
+AC_CHECK_HEADERS(sys/ucontext.h)
AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror
strerror_r)
AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename)
@@ -325,6 +326,18 @@ if test x$libreplace_cv_struct_timespec = xyes; then
AC_DEFINE(HAVE_STRUCT_TIMESPEC,1,[Whether we have struct timespec])
fi
+AC_CACHE_CHECK([for ucontext_t type],libreplace_cv_ucontext_t, [
+AC_TRY_COMPILE([
+#include signal.h
+#if HAVE_SYS_UCONTEXT_H
+#include sys/ucontext.h
+# endif
+],[ucontext_t uc; sigaddset(uc.uc_sigmask, SIGUSR1);],
+libreplace_cv_ucontext_t=yes,libreplace_cv_ucontext_t=no)])
+if test x$libreplace_cv_ucontext_t = xyes; then
+AC_DEFINE(HAVE_UCONTEXT_T,1,[Whether we have ucontext_t])
+fi
+
AC_CHECK_FUNCS([printf memset memcpy],,[AC_MSG_ERROR([Required function not
found])])
echo LIBREPLACE_BROKEN_CHECKS: END
diff --git a/lib/replace/system/wait.h b/lib/replace/system/wait.h
index f0c3bdc..146c61a 100644
--- a/lib/replace/system/wait.h
+++ b/lib/replace/system/wait.h
@@ -40,6 +40,10 @@
#include setjmp.h
#endif
+#ifdef HAVE_SYS_UCONTEXT_H
+#include sys/ucontext.h
+#endif
+
#if !defined(HAVE_SIG_ATOMIC_T_TYPE)
typedef int sig_atomic_t;
#endif
diff --git a/lib/tevent/tevent_signal.c b/lib/tevent/tevent_signal.c
index b790859..cc7fb0a 100644
--- a/lib/tevent/tevent_signal.c
+++ b/lib/tevent/tevent_signal.c
@@ -122,10 +122,39 @@ static void tevent_common_signal_handler_info(int signum,
siginfo_t *info,
if (count+1 == TEVENT_SA_INFO_QUEUE_COUNT) {
/* we've filled the info array - block this signal until
these ones are delivered */
+#ifdef HAVE_UCONTEXT_T
+ /*
+* This is the only way for this to work.
+* By default signum is blocked inside this
+* signal handler using a temporary mask,
+* but what we really need to do now is
+* block it in the callers mask, so it
+* stays blocked when the temporary signal
+* handler
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 653ebe1 configure: Fix bug 9546, aio_suspend detection on FreeBSD
from 64a29fd tevent: Fix bug 9550 - sigprocmask does not work on FreeBSD
to stop further signals in a signal handler
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 653ebe132287ba66ef54675a3b58988994f0a486
Author: Volker Lendecke v...@samba.org
Date: Mon Jan 7 11:06:15 2013 +0100
configure: Fix bug 9546, aio_suspend detection on FreeBSD
NULL is not defined without some includes
---
Summary of changes:
source3/configure.in |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/configure.in b/source3/configure.in
index a298183..0f805ee 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -5877,7 +5877,7 @@ int main() { struct aiocb a; return aio_cancel(1, a); }],
AC_MSG_CHECKING(for aio_suspend)
AC_LINK_IFELSE([#include aio.h
-int main() { struct aiocb a; return aio_suspend(a, 1, NULL); }],
+int main() { struct aiocb a; struct timespec t; return aio_suspend(a, 1, t);
}],
[AC_DEFINE(HAVE_AIO_SUSPEND, 1, [Have aio_suspend]) AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
fi
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated
via a950974 configure: Fix bug 9546, aio_suspend detection on FreeBSD
via c5495c3 smbd: Fix bug 9544, part 2
via 787ba45 smbd: Fix bug 9544, part 1
via aa32e49 smbd: Always compile vfs_commit
from 46473b4 Fix bug 9548: Correctly detect O_DIRECT
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit a95097414e453e05cbe535c42cc335c597283c8e
Author: Volker Lendecke v...@samba.org
Date: Mon Jan 7 12:53:27 2013 -0800
configure: Fix bug 9546, aio_suspend detection on FreeBSD
NULL is not defined without some includes
Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org
Autobuild-Date(v4-0-test): Wed Jan 16 11:48:16 CET 2013 on sn-devel-104
commit c5495c30fa197909724ce2b3e05e941889234751
Author: Volker Lendecke v...@samba.org
Date: Mon Jan 14 21:37:52 2013 +0100
smbd: Fix bug 9544, part 2
Plug in async pwrite
commit 787ba4532c7c814026824c60d4bd83d6d3a7b4d3
Author: Volker Lendecke v...@samba.org
Date: Mon Jan 14 21:36:51 2013 +0100
smbd: Fix bug 9544, part 1
Adapt the sync function names
commit aa32e4924b3549383d9f060fb93fe569b3c05bbd
Author: Volker Lendecke v...@samba.org
Date: Mon Jan 14 21:14:20 2013 +0100
smbd: Always compile vfs_commit
There's no reason not to
---
Summary of changes:
source3/configure.in |3 +-
source3/modules/vfs_commit.c | 86 -
source3/wscript |3 +-
3 files changed, 87 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/configure.in b/source3/configure.in
index 93c3d1b..e719b53 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -459,6 +459,7 @@ default_shared_modules=$default_shared_modules
vfs_crossrename
default_shared_modules=$default_shared_modules vfs_linux_xfs_sgid
default_shared_modules=$default_shared_modules vfs_time_audit
default_shared_modules=$default_shared_modules vfs_media_harmony
+default_shared_modules=$default_shared_modules vfs_commit
default_shared_modules=$default_shared_modules idmap_autorid
default_shared_modules=$default_shared_modules idmap_tdb2
default_shared_modules=$default_shared_modules idmap_rid
@@ -5391,7 +5392,7 @@ int main() { struct aiocb a; return aio_cancel(1, a);
}])],
AC_MSG_CHECKING(for aio_suspend)
AC_LINK_IFELSE([AC_LANG_SOURCE([#include aio.h
-int main() { struct aiocb a; return aio_suspend(a, 1, NULL); }])],
+int main() { struct aiocb a; struct timespec t; return aio_suspend(a, 1, t);
}])],
[AC_DEFINE(HAVE_AIO_SUSPEND, 1, [Have aio_suspend]) AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
else
diff --git a/source3/modules/vfs_commit.c b/source3/modules/vfs_commit.c
index 865250a..a6bc2a4 100644
--- a/source3/modules/vfs_commit.c
+++ b/source3/modules/vfs_commit.c
@@ -19,6 +19,7 @@
#include includes.h
#include system/filesys.h
#include smbd/smbd.h
+#include lib/util/tevent_unix.h
/* Commit data module.
*
@@ -275,6 +276,83 @@ static ssize_t commit_pwrite(
return ret;
}
+struct commit_pwrite_state {
+ struct vfs_handle_struct *handle;
+ struct files_struct *fsp;
+ ssize_t ret;
+ int err;
+};
+
+static void commit_pwrite_written(struct tevent_req *subreq);
+
+static struct tevent_req *commit_pwrite_send(struct vfs_handle_struct *handle,
+TALLOC_CTX *mem_ctx,
+struct tevent_context *ev,
+struct files_struct *fsp,
+const void *data,
+size_t n, off_t offset)
+{
+ struct tevent_req *req, *subreq;
+ struct commit_pwrite_state *state;
+
+ req = tevent_req_create(mem_ctx, state, struct commit_pwrite_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state-handle = handle;
+ state-fsp = fsp;
+
+ subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
+ n, offset);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, commit_pwrite_written, req);
+ return req;
+}
+
+static void commit_pwrite_written(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct commit_pwrite_state *state = tevent_req_data(
+ req, struct commit_pwrite_state);
+ int commit_ret;
+
+ state-ret = SMB_VFS_PWRITE_RECV(subreq, state-err);
+ TALLOC_FREE(subreq);
+
+ if (state-ret = 0) {
+
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 46b6afc s4-torture: add ndr64 spoolss openprinterex to ndr test. via 6cdf59d s4-torture: allow to do ndr tests with flags, not only ndr_flags. via a4dcf7b spoolss: Make OpenPrinterEx work with NDR64 by using UserInfo Container. from 6bb7bf9 test: dbwrap_tool requires --persistent for the registry now http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 46b6afc69baf89ba346e4418452b2d5a49b3e322 Author: Günther Deschner g...@samba.org Date: Tue Jan 15 17:05:10 2013 +0100 s4-torture: add ndr64 spoolss openprinterex to ndr test. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Wed Jan 16 13:26:53 CET 2013 on sn-devel-104 commit 6cdf59d716eb41c8ce67ff55aa661eaa09fa2e1b Author: Günther Deschner g...@samba.org Date: Tue Jan 15 17:04:08 2013 +0100 s4-torture: allow to do ndr tests with flags, not only ndr_flags. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit a4dcf7b94d8f2d8180bb5b390f49e89e2c956a88 Author: Günther Deschner g...@samba.org Date: Mon Jan 14 17:26:31 2013 +0100 spoolss: Make OpenPrinterEx work with NDR64 by using UserInfo Container. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org --- Summary of changes: librpc/idl/spoolss.idl |3 +- source3/rpc_client/cli_spoolss.c|8 +++--- source3/rpc_server/spoolss/srv_spoolss_nt.c | 14 ++ source4/rpc_server/spoolss/dcesrv_spoolss.c |5 +-- source4/torture/ndr/ndr.c |5 source4/torture/ndr/ndr.h | 12 +++-- source4/torture/ndr/spoolss.c | 28 + source4/torture/rpc/samba3rpc.c |8 +++--- source4/torture/rpc/spoolss.c | 35 +-- source4/torture/rpc/spoolss_access.c|4 +- source4/torture/rpc/spoolss_win.c |8 +++--- 11 files changed, 84 insertions(+), 46 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/spoolss.idl b/librpc/idl/spoolss.idl index 06a0935..7d8e8de 100644 --- a/librpc/idl/spoolss.idl +++ b/librpc/idl/spoolss.idl @@ -2821,8 +2821,7 @@ cpp_quote(#define spoolss_security_descriptor security_descriptor) [in,unique] [string,charset(UTF16)] uint16 *datatype, [in] spoolss_DevmodeContainer devmode_ctr, [in] spoolss_AccessRights access_mask, - [in] uint32 level, - [in,switch_is(level)] spoolss_UserLevel userlevel, + [in] spoolss_UserLevelCtr userlevel_ctr, [out,ref] policy_handle *handle ); diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c index 5c8448b..1a8903d 100644 --- a/source3/rpc_client/cli_spoolss.c +++ b/source3/rpc_client/cli_spoolss.c @@ -40,7 +40,7 @@ WERROR rpccli_spoolss_openprinter_ex(struct rpc_pipe_client *cli, NTSTATUS status; WERROR werror; struct spoolss_DevmodeContainer devmode_ctr; - union spoolss_UserLevel userlevel; + struct spoolss_UserLevelCtr userlevel_ctr; struct spoolss_UserLevel1 level1; struct dcerpc_binding_handle *b = cli-binding_handle; @@ -55,15 +55,15 @@ WERROR rpccli_spoolss_openprinter_ex(struct rpc_pipe_client *cli, level1.minor= 0; level1.processor = 0; - userlevel.level1 = level1; + userlevel_ctr.level = 1; + userlevel_ctr.user_info.level1 = level1; status = dcerpc_spoolss_OpenPrinterEx(b, mem_ctx, printername, NULL, devmode_ctr, access_desired, - 1, /* level */ - userlevel, + userlevel_ctr, handle, werror); diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 28ef836..48a2981 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -1632,15 +1632,17 @@ WERROR _spoolss_OpenPrinter(struct pipes_struct *p, struct
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-01-16-1936/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-01-16-1936/samba3.stderr http://git.samba.org/autobuild.flakey/2013-01-16-1936/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-01-16-1936/samba.stderr http://git.samba.org/autobuild.flakey/2013-01-16-1936/samba.stdout The top commit at the time of the failure was: commit 46b6afc69baf89ba346e4418452b2d5a49b3e322 Author: Günther Deschner g...@samba.org Date: Tue Jan 15 17:05:10 2013 +0100 s4-torture: add ndr64 spoolss openprinterex to ndr test. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Wed Jan 16 13:26:53 CET 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 9ba44cc build(waf): fix the abi_match for the pdb library
from 46b6afc s4-torture: add ndr64 spoolss openprinterex to ndr test.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 9ba44cc610426fb558b49aa9680b5bdf55c29082
Author: Michael Adam ob...@samba.org
Date: Tue Jan 15 15:35:09 2013 +0100
build(waf): fix the abi_match for the pdb library
The global wildcard match is automatically added by the parsing code
if the global match list is empty. Specifying an explicit '*' as the only
global match lets the parsing code add a second '*' to the local list,
which is an error tolerated on my linux by ld (the GNU linker), but
not by the stricter GNU ELF linker gold.
Pair-Programmed-With: Gregor Beck gb...@sernet.de
Signed-off-by: Gregor Beck gb...@sernet.de
Signed-off-by: Michael Adam ob...@samba.org
Signed-off-by: Alexander Bokovoy a...@samba.org
Autobuild-User(master): Alexander Bokovoy a...@samba.org
Autobuild-Date(master): Wed Jan 16 21:31:00 CET 2013 on sn-devel-104
---
Summary of changes:
source3/wscript_build |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/wscript_build b/source3/wscript_build
index 107587d..2e530f5 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -731,7 +731,7 @@ bld.SAMBA3_LIBRARY('pdb',
include/passdb.h
passdb/machine_sid.h
passdb/lookup_sid.h''',
- abi_match=private_pdb_match + ['*'],
+ abi_match=private_pdb_match,
abi_directory='passdb/ABI',
vnum='0',
vars=locals())
--
Samba Shared Repository
