[Samba] tdb files
Hello, i recently had problem with a samba server. To make some tests i make logs more verbose then the var partition exploded. To make samba works fine i made this : stop samba services cleanup var partitions kill some smbd process make logs less verbose Then restart samba Since i've got some strange problems : When a user logout the process is not killed and sometime the user cant mount all his share. I think i sould reboot the server itself and maybe remove some tdb files. Does somebody could told me if i have to reboot server and if i have to remove some tdb files, which one i have to keep ? thanks for your answer and sorry for my poor english -- Pascal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA4: pdbedit not changing SID
On Tue, 2 Apr 2013, Ricky Nance wrote: http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTOhttps://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO should help. I have been following those instructions. I have a tdb backend, I am working on a VM that does not have SAMBA3 installed. The command: # samba-tool user list does not show my users. Interestingly, the groups seem to be there. If I use # samba-tool group list I see the expected groups. Simon Ricky On Tue, Apr 2, 2013 at 12:06 AM, Gémes Géza g...@kzsdabas.hu wrote: 2013-04-02 05:35 keltezéssel, simon+sa...@matthews.eu írta: On Mon, 1 Apr 2013, simon+sa...@matthews.eu wrote: On Tue, 2 Apr 2013, Andrew Bartlett wrote: On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote: 2013-04-01 02:36 keltezéssel, simon+sa...@matthews.eu írta: Since I don't seem to be having any luck with the classicupgrade, I decided to try starting from scratch and then adding users. I ran the command: /usr/local/samba/bin/samba-**tool domain provision --realm=my realm \ --domain=mydomain --adminpass 'mypass' --server-role=dc \ --dns-backend=BIND9_DLZ Then I tried both adding and changing users. In neither case can I change the SID with pdbedit. It seems to be added with a system-defined SID, irrespective of what I specify. pdbedit -v is able to list the user's parameters, including the SID. Any suggestions? I am pretty much stuck here trying to figure out how to migrate from an existing SAMBA3 domain to SAMBA4. Hi, Trying to add users one by one (preserving SID) is IMHO a lot harder(you would probably need to ldbmodify the user record of each one) todo, than fixing your samba3 install to have it classicupgraded. Indeed. The only way to safely import a list of users who already have SIDs is to migrate them to Samba 4.0's AD DC using one of the supported migration tools. These are 'samba-tool domain join dc' and 'samba-tool domain classicupgrade'. Perhaps I need to address why the classicupgrade did not work. I see now that I did not pass the --dbdir option when running it before. I'll try again. I went back to trying to get the classicupgrade to work: /usr/local/samba/bin/samba-**tool domain classicupgrade \ --dbdir=/var/lib/samba/ --dbdir=/var/lib/samba/ --realm=a.b \ /etc/samba/smb.conf --use-xattrs=yes For the realm, I used a subdomain of one of the two existing dns domains in the LAN. It appears to be processing the information from the old domain tdb files, although I see some errors: Cannot open idmap database, Ignoring: [Errno 2] No such file or directory Importing groups Could not add group name=Remote Desktop Users ((68, samldb: Account name (sAMAccountName) 'Remote Desktop Users' already in use!)) Could not modify AD idmap entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555, id=5077, type=ID_TYPE_GID ((32, Base-DN 'SID=S-1-5-21-4254857281-**3346836279-4152649156-555' not found)) Could not add posix attrs for AD entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555, ((32, Base-DN 'SID=S-1-5-21-4254857281-**3346836279-4152649156-555' not found)) Group already exists sid=S-1-5-21-4254857281-**3346836279-4152649156-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring. However, after this, all I get from pdbedit -L is: # pdbedit -L RAIDSERVER$:4294967295: Administrator:4294967295: [root@samba ~]# pdbedit -L RAIDSERVER$:4294967295: Administrator:4294967295: krbtgt:4294967295:--dbdir=/**var/lib/samba/ --realm=a.b /etc/samba/smb.confnobody:99:**Nobody Any ideas? What information might help debug this? Simon Could this happen because pdbedit is from the samba3 install? I recommend doing upgrade on a new box/virtual machine where no samba3 is installed, and copying the tdb files to the new box. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desperate plea for help with printer share
Hai, recheck your settings in smb.conf This is a working setup with cups for example. ## PRINTING Section 1 !! Global Settings !! ## printing temporary disabled load printers = Yes printing = cups printcap name = cups show add printer wizard = Yes disable spoolss = No max print jobs = 100 lpq cache time = 20 use client driver = No max reported print jobs = 1000 # PRINTING Section 2 !! # users are able to connect to any printer specified in the Samba host's # printcap file ( /etc/printcap ) provided through cups [printers] comment = All Network Printers printable = yes path = /home/samba/spool browseable = No guest ok = yes public = yes read only = yes writable = no create mode = 0777 lpq command = /usr/bin/lpq -P '%p' lprm command = /usr/bin/lprm -P '%p' %j lppause command = /usr/sbin/lpc hold '%p' %j lpresume command = /usr/sbin/lpc release '%p' %j queueresume command = /usr/sbin/lpc start '%p' queuepause command = /usr/sbin/lpc stop '%p' ### Printing Section 3 The Windows Printer drivers # Required permissions # The account used to connect to the Samba host must have # a UID of 0 (i.e., a root account). ( or Administrator ) # The account used to connect to the Samba host must be # named in the printer adminlist. # Or The account used to connect to the Samba host must have # SEPrintOperatorRights [print$] comment = Printer Drivers Download Area path = /home/samba/printers browseable = no guest ok = yes read only = yes write list = @Print Operators,@Domain Admins,Administrator,root create mask = 0664 directory mask = 0775 valid users = @Domain Users,@Print Operators,@Domain Admins,Administrator,root -Oorspronkelijk bericht- Van: marklap...@aol.com [mailto:samba-boun...@lists.samba.org] Namens Mark LaPierre Verzonden: dinsdag 2 april 2013 1:56 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] Desperate plea for help with printer share On 03/30/2013 11:45 PM, Gary Dale wrote: On 30/03/13 08:38 PM, Mark LaPierre wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. I can't see the printer from Windows so I can't mount it up. Nothing appears in the logs. The file shares work just fine. It looks like I've got Samba 3.6.9 on this machine: [mlapier@mushroom samba]$ rpm -qa | grep samba samba-swat-3.6.9-151.el6.i686 samba-doc-3.6.9-151.el6.i686 samba-client-3.6.9-151.el6.i686 samba-winbind-clients-3.6.9-151.el6.i686 samba-3.6.9-151.el6.i686 samba-common-3.6.9-151.el6.i686 samba-winbind-devel-3.6.9-151.el6.i686 samba-winbind-krb5-locator-3.6.9-151.el6.i686 samba-domainjoin-gui-3.6.9-151.el6.i686 samba-winbind-3.6.9-151.el6.i686 samba4-libs-4.0.0-55.el6.rc4.i686 [mlapier@mushroom samba]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [pictures] Processing section [budget] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 printcap name = cups idmap config * : backend = tdb [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes print ok = Yes browseable = No [pictures] comment = Pictures path = /home/pictures read only = No guest ok = Yes [budget] comment = Budget path = /home/budget valid users = nllapie, mlapier read only = No [mlapier@mushroom ~]$ Is there anything else I can share with you that will help you to diagnose my problem? Have you checked the CUPS printer sharing? Sure enough. The printer shared check box is checked so that's not the problem. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb files
On 04/01/2013 11:22 PM, Pascal Legrand wrote: Hello, i recently had problem with a samba server. To make some tests i make logs more verbose then the var partition exploded. To make samba works fine i made this : stop samba services cleanup var partitions kill some smbd process make logs less verbose Then restart samba Did you reach 100% in the filesystem ? Since i've got some strange problems : When a user logout the process is not killed and sometime the user cant mount all his share. I think i sould reboot the server itself and maybe remove some tdb files. Does somebody could told me if i have to reboot server and if i have to remove some tdb files, which one i have to keep ? Well first stop samba and check that you don't have any tdb open (sudo lsof | grep tdb), it's highly possible that you have some corrupted tdb. If there is no open file then you can first try to clean file in /run/samba and in /var/cache/samba (location on ubuntu) when samba is off. thanks for your answer and sorry for my poor english It's ok no need be ashamed. Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Recomendations for working with existing DNS setups
On Mon, 2013-04-01 at 23:46 -0500, Hef wrote: On Mon, Apr 1, 2013 at 11:33 PM, Andrew Bartlett abart...@samba.org wrote: On Mon, 2013-04-01 at 23:26 -0500, Hef wrote: I thought that samba was supposed to be able to use nsupdate to perform dynamic dns updates. Is this not accurate? Please keep comments on the list. Apologies, I misused the reply button. Thanks, These updates still have to be against a Samba DNS server. Even if Samba is configured to somehow update a different server, the windows clients and other DCs also need to do the same. And if they did, you couldn't add a windows DC with it's DNS server to the mix, because the data wouldn't be in the directory where it is expected to be. My thought was to have the DNS registrations against samba4 and then have samba4 re-register against a dns server via nsupdate. We don't have any way to do that. I hadn't considered interacting with other windows based PDC's in the domain. Would that imply that for an upsteam DNS server, I should have an NS record pointing to the samba4 server as a subdomain? and instead of having a AD domain example.com, I should have ad.example.com? Yes (or a forward zone, if you don't want to put the proper NS glue in there, and every DNS query already goes via that server). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SaMBa 4 - Join domain DC
On Fri, 2013-03-29 at 12:00 -0300, Celso Viana wrote: I can join the samba 4 (4.0.4) in a domain with active directory windows server 2012? We have some issues with 2012 at the moment, due to schema changes. A workaround patch is in bugzilla, and I'm working on what I think is a better/more complete solution, but I keep running into issues with my changes breaking our 'make test' and so have not made progress here. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: File ownership for Domain Admins members
On 01/04/2013 23:37, Andrew Bartlett wrote: On Thu, 2013-03-28 at 12:40 +, Daren Russell wrote: Hi I've just installed Samba 4.0.4 on FreeBSD to test for the moment. Everything so far has gone very well: joining the domain, GPO's etc. However one thing that is happening which I find unusual, is the owner of files created by a user who is a member of the Domain Admins group as well as Domain Users. All files created by the user are owned by id 300 (which I believe S4 maps to BUILTIN/Administrators) and not the actual user. If they are then removed from the Domain Admins groups (and so left only in Domain Users) and the file created, the owner is the actual user. I presumed a file would be owned by the user regardless of what group they were in. These file tests were carried out on each user's home directory, which was also owned by the user. The question is: is that the way it's supposed to be? Yes, I think it is, so that no particular domain administrator is 'special' above other domain administrators. I'm not sure of the exact semantics, or how it manages to happen, but it's not unprecedented. Ok, that's fair enough and I guess makes sense! Thanks Daren -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Untrusted domains with security=ads
Hello everyone, Samba 3.6.9 on CentOS 6.4. With security = ads, winbind doesn't authenticate requests that prepend a not-existent domain to the username. Users that have logged into the domain authenticate transparently to squid with NTLM (format is domain\username), but not users that are logged in locally or into another domain with the same username and password (format is something_else\username). This wasn't the case with security = domain and a Samba 3 DC: with security = ads: # wbinfo -a uni-ruse\\dstoykov%password plaintext password authentication succeeded challenge/response password authentication succeeded # wbinfo -a fgdgdgd\\dstoykov%password plaintext password authentication failed Could not authenticate user fgdgdgd\dstoykov with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error message was: No such user Could not authenticate user fgdgdgd\dstoykov with challenge/response with security = domain: # wbinfo -a uni-ruse\\dstoykov%password plaintext password authentication succeeded challenge/response password authentication succeeded # wbinfo -a fgdgdgd\\dstoykov%password plaintext password authentication succeeded challenge/response password authentication succeeded map untrusted to domain solves the same problem for smbd, but doesn't seem to affect ntlm_auth. [global] workgroup = UNI-RUSE realm = UNI-RUSE.BG server string = security = ADS load printers = No printcap name = /dev/null disable spoolss = Yes wins server = 172.16.0.6, 172.16.0.10 template homedir = /dev/null template shell = /sbin/nologin idmap config * : range = 100-199 idmap config * : backend = tdb Is this a bug or working as designed? Thanks, Deyan -- Deyan Stoykov, dstoy...@uni-ruse.bg System administrator Computing and Information Services Center University of Ruse -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Untrusted domains with security=ads
On Tue, 2013-04-02 at 16:28 +0300, Deyan Stoykov wrote: Hello everyone, Samba 3.6.9 on CentOS 6.4. With security = ads, winbind doesn't authenticate requests that prepend a not-existent domain to the username. Users that have logged into the domain authenticate transparently to squid with NTLM (format is domain\username), but not users that are logged in locally or into another domain with the same username and password (format is something_else\username). This wasn't the case with security = domain and a Samba 3 DC: with security = ads: See map untrusted to domain it defaults to no. The behaviour changed in 3.4 JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SaMBa 4 - DC to new domain
Hi all, I can put the samba as DC for a child domain in an existing domain tree? I tried: samba-tool domain join test.local SUBDOMAIN -Uadministrator --realm=test.local --parent-domain=smb.test.local Thanks -- Celso Vianna BSD User: 51318 http://www.bsdcounter.org Palmas/TO -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS CNAME not working
I upgraded to 4.0.4 and still did not have any success with CNAME records. As it turns out the problem was the syntax I was using to create the records. You need to include the full domain name and the period at the end. I think the samba-tool should validate these CNAME records when adding. Does anyone think that this raises to the level of a bug? bad bin/samba-tool dns add 127.0.0.1 mydomain.com my-server CNAME samba-001 -Uadministrator good bin/samba-tool dns add 127.0.0.1 mydomain.com my-server CNAME samba-001.mydomain.com. -Uadministrator Wayne Andersen System Administrator Clima-Tech Corporation 208-947-1849 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Methods Around Anonymous LDAP Binding for User Auth
Thanks, for the reply. I did read quite a few HowTo's about joing an AD and setup Samba that way. However, my company's IT department won't give out an LDAP binding user account because of their security policies, hence I need the capabilities of anonymous binding. Half of my file-sharing project can be solved with SFTP over SSH. WinSCP for Windows is a nice client for it, even though is not well integrated to Windows Explorer. I'm still hoping there's a clever way around the issue. Thanks, -Khanh From: Jeremy Allison j...@samba.org Sent: Mon, April 1, 2013 8:04:33 PM Join the Samba server to the AD Domain. Use winbindd. There are lots of HOWTO's available on this. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Methods Around Anonymous LDAP Binding for User Auth
On Tue, Apr 02, 2013 at 11:52:08AM -0700, Khanh N. wrote: Thanks, for the reply. I did read quite a few HowTo's about joing an AD and setup Samba that way. However, my company's IT department won't give out an LDAP binding user account because of their security policies, hence I need the capabilities of anonymous binding. Samba winbindd doesn't need an LDAP binding user account, only a machine account - the same account they're givng to *every single* Windows desktop in the domain. If they trust Windows desktops, then they only need to give the same trust to Samba winbindd. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Please help: classicupgrade not importing users
I have tried everything that I can think of, but the users are still not being imported. I deleted and re-created the /usr/local/samba directory (using make install), I added users to the local passwd file (ypcat passwd /etc/passwd) and then stopped ypbind. Still the same. The users are not imported while the groups are. I would really appreciate some help in getting past this step. The transcript of my last attempt at classicupgrade can be found here: http://pastebin.com/tP8bG5Yb I changed the realm that I used to a.b and made edits to the file to make it consistent. Simon On Mon, 1 Apr 2013, simon+sa...@matthews.eu wrote: On Tue, 2 Apr 2013, Ricky Nance wrote: http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTOhttps://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO should help. I have been following those instructions. I have a tdb backend, I am working on a VM that does not have SAMBA3 installed. The command: # samba-tool user list does not show my users. Interestingly, the groups seem to be there. If I use # samba-tool group list I see the expected groups. Simon Ricky On Tue, Apr 2, 2013 at 12:06 AM, Gémes Géza g...@kzsdabas.hu wrote: 2013-04-02 05:35 keltezéssel, simon+sa...@matthews.eu írta: On Mon, 1 Apr 2013, simon+sa...@matthews.eu wrote: On Tue, 2 Apr 2013, Andrew Bartlett wrote: On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote: 2013-04-01 02:36 keltezéssel, simon+sa...@matthews.eu írta: Since I don't seem to be having any luck with the classicupgrade, I decided to try starting from scratch and then adding I users. I ran the command: /usr/local/samba/bin/samba-**tool domain provision --realm=my realm \ --domain=mydomain --adminpass 'mypass' realm --server-role=dc \ --dns-backend=BIND9_DLZ Then I tried both adding and changing users. In neither case can I change the SID with pdbedit. It seems to be added with a system-defined SID, irrespective of what I specify. pdbedit -v is able to list the user's parameters, including the SID. Any suggestions? I am pretty much stuck here trying to figure out how to migrate from an existing SAMBA3 domain to SAMBA4. Hi, Trying to add users one by one (preserving SID) is IMHO a lot harder(you would probably need to ldbmodify the user record of each one) todo, than fixing your samba3 install to have it classicupgraded. Indeed. The only way to safely import a list of users who already have SIDs is to migrate them to Samba 4.0's AD DC using one of the supported migration tools. These are 'samba-tool domain join dc' and 'samba-tool domain classicupgrade'. Perhaps I need to address why the classicupgrade did not work. I see now that I did not pass the --dbdir option when running it before. I'll try again. I went back to trying to get the classicupgrade to work: /usr/local/samba/bin/samba-**tool domain classicupgrade \ --dbdir=/var/lib/samba/ --dbdir=/var/lib/samba/ --realm=a.b \ /etc/samba/smb.conf --use-xattrs=yes For the realm, I used a subdomain of one of the two existing dns domains in the LAN. It appears to be processing the information from the old domain tdb files, although I see some errors: Cannot open idmap database, Ignoring: [Errno 2] No such file or directory Importing groups Could not add group name=Remote Desktop Users ((68, samldb: Account name (sAMAccountName) 'Remote Desktop Users' already in use!)) Could not modify AD idmap entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555, id=5077, type=ID_TYPE_GID ((32, Base-DN 'SID=S-1-5-21-4254857281-**3346836279-4152649156-555' not found)) Could not add posix attrs for AD entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555, ((32, Base-DN 'SID=S-1-5-21-4254857281-**3346836279-4152649156-555' not found)) Group already exists sid=S-1-5-21-4254857281-**3346836279-4152649156-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring. However, after this, all I get from pdbedit -L is: # pdbedit -L RAIDSERVER$:4294967295: Administrator:4294967295: [root@samba ~]# pdbedit -L RAIDSERVER$:4294967295: Administrator:4294967295: krbtgt:4294967295:--dbdir=/**var/lib/samba/ --realm=a.b /etc/samba/smb.confnobody:99:**Nobody Any ideas? What information might help debug this? Simon Could this happen because pdbedit is from the samba3 install? I recommend doing upgrade on a new box/virtual machine where no samba3 is installed, and copying the tdb files to
Re: [Samba] samba-tool classicupgrade (from v3 to v4) aborts with Unable to get id for sid
From: Andrew Bartlett abart...@samba.org To: Max Olivas moli...@northglenn.org Cc: Jon Detert jdet...@infinityhealthcare.com, samba@lists.samba.org Sent: Friday, March 22, 2013 7:01:34 AM Subject: Re: [Samba] samba-tool classicupgrade (from v3 to v4) aborts with Unable to get id for sid On Thu, 2013-03-21 at 10:15 -0600, Max Olivas wrote: On 3/19/2013 at 8:28 AM, in message 2119021439.23770729.1363703293922.javamail.r...@infinityhealthcare.com, Jon Detert jdet...@infinityhealthcare.com wrote: I'm trying to upgrade from samba3 - 4. I ran this command: WORKDIR=/usr/local/mobius /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=$WORKDIR/var --use-xattrs=yes --realm=infinityhealthcare.com $WORKDIR/smb.conf but it failed with the error given in this email's subject. What does it mean, and how do I fix it? -- snip -- The big issue here is that passdb has never had a 'fsck', and Samba operates quite well as a 'classic' DC with an almost totally invalid database! --snip -- As to what has happened in your particular instance, could you please post me the output of ldbdump private/idmap.ldb? -- snip -- # /home/jdetert/samba4-master/bin/ldbdump /usr/local/samba/private/idmap.ldb dn: CN=CONFIG cn: CONFIG upperBound: 400 lowerBound: None xidNumber: None dn: CN=S-1-5-7 cn: S-1-5-7 objectClass: sidMap objectSid: S-1-5-7 type: ID_TYPE_UID xidNumber: 65534 dn: CN=S-1-5-21-4219228698-1431711829-1578001372-500 cn: S-1-5-21-4219228698-1431711829-1578001372-500 objectClass: sidMap objectSid: S-1-5-21-4219228698-1431711829-1578001372-500 type: ID_TYPE_UID xidNumber: 0 dn: CN=S-1-5-21-4219228698-1431711829-1578001372-513 cn: S-1-5-21-4219228698-1431711829-1578001372-513 objectClass: sidMap objectSid: S-1-5-21-4219228698-1431711829-1578001372-513 type: ID_TYPE_GID xidNumber: 100 dn: @INDEXLIST @IDXATTR: xidNumber @IDXATTR: objectSid # Still stuck on the same error (shown below). If I could determine which SIS can't be mapped to an ID, is there something I could do to make the map possible? E.g. by creating a posix user or group named similarly? The actual error : ERROR(class 'passdb.error'): uncaught exception - Unable to get id for sid File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 938, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1581, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1511, in set_gpos_acl passdb=passdb) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1474, in set_dir_acl setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service) File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py, line 104, in setntacl (owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desperate plea for help with printer share
-Oorspronkelijk bericht- Van: marklap...@aol.com [mailto:samba-boun...@lists.samba.org] Namens Mark LaPierre Verzonden: dinsdag 2 april 2013 1:56 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] Desperate plea for help with printer share On 03/30/2013 11:45 PM, Gary Dale wrote: On 30/03/13 08:38 PM, Mark LaPierre wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. I can't see the printer from Windows so I can't mount it up. Nothing appears in the logs. The file shares work just fine. It looks like I've got Samba 3.6.9 on this machine: [mlapier@mushroom samba]$ rpm -qa | grep samba samba-swat-3.6.9-151.el6.i686 samba-doc-3.6.9-151.el6.i686 samba-client-3.6.9-151.el6.i686 samba-winbind-clients-3.6.9-151.el6.i686 samba-3.6.9-151.el6.i686 samba-common-3.6.9-151.el6.i686 samba-winbind-devel-3.6.9-151.el6.i686 samba-winbind-krb5-locator-3.6.9-151.el6.i686 samba-domainjoin-gui-3.6.9-151.el6.i686 samba-winbind-3.6.9-151.el6.i686 samba4-libs-4.0.0-55.el6.rc4.i686 [mlapier@mushroom samba]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [pictures] Processing section [budget] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 printcap name = cups idmap config * : backend = tdb [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes print ok = Yes browseable = No [pictures] comment = Pictures path = /home/pictures read only = No guest ok = Yes [budget] comment = Budget path = /home/budget valid users = nllapie, mlapier read only = No [mlapier@mushroom ~]$ Is there anything else I can share with you that will help you to diagnose my problem? Have you checked the CUPS printer sharing? Sure enough. The printer shared check box is checked so that's not the problem. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba On 04/02/2013 02:47 AM, L.P.H. van Belle wrote: Hai, recheck your settings in smb.conf This is a working setup with cups for example. ## PRINTING Section 1 !! Global Settings !! ## printing temporary disabled load printers = Yes printing = cups printcap name = cups show add printer wizard = Yes disable spoolss = No max print jobs = 100 lpq cache time = 20 use client driver = No max reported print jobs = 1000 # PRINTING Section 2 !! # users are able to connect to any printer specified in the Samba host's # printcap file ( /etc/printcap ) provided through cups [printers] comment = All Network Printers printable = yes path = /home/samba/spool browseable = No guest ok = yes public = yes read only = yes writable = no create mode = 0777 lpq command = /usr/bin/lpq -P '%p' lprm command = /usr/bin/lprm -P '%p' %j lppause command = /usr/sbin/lpc hold '%p' %j lpresume command = /usr/sbin/lpc release '%p' %j queueresume command = /usr/sbin/lpc start '%p' queuepause command = /usr/sbin/lpc stop '%p' ### Printing Section 3 The Windows Printer drivers # Required permissions # The account used to connect to the Samba host must have # a UID of 0 (i.e., a root account). ( or Administrator ) # The account used to connect to the Samba host must be # named in the printer adminlist. # Or The account used to connect to the Samba host must have # SEPrintOperatorRights [print$] comment = Printer Drivers Download Area path = /home/samba/printers browseable = no guest ok = yes read only = yes write list = @Print Operators,@Domain Admins,Administrator,root create mask = 0664 directory mask = 0775 valid users = @Domain Users,@Print Operators,@Domain Admins,Administrator,root This smb.conf file seems to be for a specific hardware environment that is no similar to mine. Could you explain what hardware configuration this file is configured for? In the mean time, I'll paste in your printer sections, both global and printers, and I'll let you know how it works out. -- _ °v° /(_)\
Re: [Samba] Desperate plea for help with printer share
-Oorspronkelijk bericht- Van: marklap...@aol.com [mailto:samba-boun...@lists.samba.org] Namens Mark LaPierre Verzonden: dinsdag 2 april 2013 1:56 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] Desperate plea for help with printer share On 03/30/2013 11:45 PM, Gary Dale wrote: On 30/03/13 08:38 PM, Mark LaPierre wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. I can't see the printer from Windows so I can't mount it up. Nothing appears in the logs. The file shares work just fine. It looks like I've got Samba 3.6.9 on this machine: [mlapier@mushroom samba]$ rpm -qa | grep samba samba-swat-3.6.9-151.el6.i686 samba-doc-3.6.9-151.el6.i686 samba-client-3.6.9-151.el6.i686 samba-winbind-clients-3.6.9-151.el6.i686 samba-3.6.9-151.el6.i686 samba-common-3.6.9-151.el6.i686 samba-winbind-devel-3.6.9-151.el6.i686 samba-winbind-krb5-locator-3.6.9-151.el6.i686 samba-domainjoin-gui-3.6.9-151.el6.i686 samba-winbind-3.6.9-151.el6.i686 samba4-libs-4.0.0-55.el6.rc4.i686 [mlapier@mushroom samba]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [pictures] Processing section [budget] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 printcap name = cups idmap config * : backend = tdb [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes print ok = Yes browseable = No [pictures] comment = Pictures path = /home/pictures read only = No guest ok = Yes [budget] comment = Budget path = /home/budget valid users = nllapie, mlapier read only = No [mlapier@mushroom ~]$ Is there anything else I can share with you that will help you to diagnose my problem? Have you checked the CUPS printer sharing? Sure enough. The printer shared check box is checked so that's not the problem. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba On 04/02/2013 02:47 AM, L.P.H. van Belle wrote: Hai, recheck your settings in smb.conf This is a working setup with cups for example. ## PRINTING Section 1 !! Global Settings !! ## printing temporary disabled load printers = Yes printing = cups printcap name = cups show add printer wizard = Yes disable spoolss = No max print jobs = 100 lpq cache time = 20 use client driver = No max reported print jobs = 1000 # PRINTING Section 2 !! # users are able to connect to any printer specified in the Samba host's # printcap file ( /etc/printcap ) provided through cups [printers] comment = All Network Printers printable = yes path = /home/samba/spool browseable = No guest ok = yes public = yes read only = yes writable = no create mode = 0777 lpq command = /usr/bin/lpq -P '%p' lprm command = /usr/bin/lprm -P '%p' %j lppause command = /usr/sbin/lpc hold '%p' %j lpresume command = /usr/sbin/lpc release '%p' %j queueresume command = /usr/sbin/lpc start '%p' queuepause command = /usr/sbin/lpc stop '%p' ### Printing Section 3 The Windows Printer drivers # Required permissions # The account used to connect to the Samba host must have # a UID of 0 (i.e., a root account). ( or Administrator ) # The account used to connect to the Samba host must be # named in the printer adminlist. # Or The account used to connect to the Samba host must have # SEPrintOperatorRights [print$] comment = Printer Drivers Download Area path = /home/samba/printers browseable = no guest ok = yes read only = yes write list = @Print Operators,@Domain Admins,Administrator,root create mask = 0664 directory mask = 0775 valid users = @Domain Users,@Print Operators,@Domain Admins,Administrator,root Okay, I pasted in your global and printers section, restarted smb service, deleted the printer from the Win XP machine, and then reconnected to it with the add printer tool on XP. Now when I send a test file the file is accepted but does not print. [root@mushroom samba]# testparm Load smb config files from
Re: [Samba] Need Methods Around Anonymous LDAP Binding for User Auth
Thanks, Jeremy! That's great info. I'm scheduled to talk to IT tomorrow. I'm sure this will definitely lift some of their concerns. From: Jeremy Allison j...@samba.org Sent: Tue, April 2, 2013 12:13:16 PM Samba winbindd doesn't need an LDAP binding user account, only a machine account - the same account they're givng to *every single* Windows desktop in the domain. If they trust Windows desktops, then they only need to give the same trust to Samba winbindd. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desperate plea for help with printer share
On 04/02/2013 09:38 PM, David Kuntadi wrote: On Sun, Mar 31, 2013 at 7:38 AM, Mark LaPierre marklap...@aol.com mailto:marklap...@aol.com wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. If only to share to one computer, how about trying to use IPP printing instead? http://hostname:631/printers/printername So far for me it is the easiest way to share printer to windows. DK Hey Dave, Thank you for the interesting proposal. If all I had share to the Windows machine was the printer I would consider doing that but as have to share some files too then Samba is probably my best solution. I've received some help on my issue from others on this thread. The Windows machine can now send print jobs to the shared printer but is still unable to status the print queue. I'm getting closer. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdb files
Hello, If there is no open file then you can first try to clean file in /run/samba and in /var/cache/samba (location on ubuntu) when samba is off. By clean you mean remove all tdb files from /var/run/samba and /var/cache/samba (i'm on debian) ? i dont touch on tdb files in /var/lib/samba ? Thanks again for your answer -- Pascal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-04-02-1833/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-04-02-1833/samba3.stderr http://git.samba.org/autobuild.flakey/2013-04-02-1833/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-04-02-1833/samba.stderr http://git.samba.org/autobuild.flakey/2013-04-02-1833/samba.stdout The top commit at the time of the failure was: commit 5e9195756e7f0355a022b00f9d1cbfd8e761e006 Author: Andreas Schneider a...@samba.org Date: Tue Apr 2 13:08:19 2013 +0200 BUG 9758: Don't leak the epm_Map policy handle. Reviewed-by: Alexander Bokovoy a...@samba.org Autobuild-User(master): Alexander Bokovoy a...@samba.org Autobuild-Date(master): Tue Apr 2 17:16:56 CEST 2013 on sn-devel-104
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via f548787 Link CVE-2013-0454 and add it to the history from 1b2389d Add html header and footer http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit f5487872506be97f3ba7a299fbc5c6a80d3d321d Author: Lars Müller l...@samba.org Date: Tue Apr 2 19:21:52 2013 +0200 Link CVE-2013-0454 and add it to the history --- Summary of changes: generated_news/latest_10_bodies.html| 23 +++ generated_news/latest_10_headlines.html |4 ++-- generated_news/latest_2_bodies.html | 22 ++ history/header_history.html |1 + history/security.html | 12 security/CVE-2013-0454.html |8 ++-- 6 files changed, 42 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index a7755ea..bf82fcb 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,14 @@ + h5a name=CVE-2013-045402 April 2013/a/h5 + p class=headlineSamba 3.6.0 - 3.6.5 (inclusive) bug fix Available for Download/p + +pThis is a bbug fix announcement/b in order to address a +href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454; +CVE-2013-0454/a (A writable configured share might get read only/p +pA a href=http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch; +patch against Samba 3.6.5/a. +The patch file has been signed using GnuPG (ID 6568B7EA). + + h5a name=4.0.419 March 2013/a/h5 p class=headlineSamba 4.0.4 Available for Download/p @@ -128,15 +139,3 @@ now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.5.19-3.5.20.diffs patch against Samba 3.5.19/a is also available. See a href=http://samba.org/samba/history/samba-3.5.20.html; the release notes for more info/a./p - - h5a name=4.0.011 December 2012/a/h5 - p class=headlineSamba 4.0.0 Available for Download/p - pThis is the first stable release of the Samba 4.0 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-4.0.0.tar.gz;downloaded -now/a. See a href=http://samba.org/samba/history/samba-4.0.0.html; -the release notes for more info/a and the -a href= https://www.samba.org/samba/news/releases/4.0.0.html; -press release/a./p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index be4dd41..4416ab1 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,6 @@ ul + li 02 April 2013 a href=#CVE-2013-0454Samba 3.6.0 - 3.6.5 (inclusive) bug fix Available for Download/a/li + li 19 March 2013 a href=#4.0.4Samba 4.0.4 Available for Download/a/li li 18 March 2013 a href=#3.6.13Samba 3.6.13 Available for Download/a/li @@ -16,6 +18,4 @@ li 17 December 2012 a href=#3.5.20Samba 3.5.20 Available for Download/a/li li 11 December 2012 a href=#4.0.0Samba 4.0.0 Available for Download/a/li - - li 10 December 2012 a href=#3.6.10Samba 3.6.10 Available for Download/a/li /ul diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index 4cf9b5e..cbc581c 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,13 @@ + h5a name=CVE-2013-045402 April 2013/a/h5 + p class=headlineSamba 3.6.0 - 3.6.5 (inclusive) bug fix Available for Download/p + +pThis is a bbug fix announcement/b in order to address a +href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454; +CVE-2013-0454/a (A writable configured share might get read only/p +pA a href=http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch; +patch against Samba 3.6.5/a. +The patch file has been signed using GnuPG (ID 6568B7EA). + h5a name=4.0.419 March 2013/a/h5 p class=headlineSamba 4.0.4 Available for Download/p @@ -12,15 +22,3 @@ now/a. A a href=http://download.samba.org/samba/ftp/patches/patch-4.0.3-4.0 patch against Samba 4.0.3/a is also available. See a href=http://samba.org/samba/history/samba-4.0.4.html; the release notes for more info/a./p - - h5a name=3.6.1318 March 2013/a/h5 - p class=headlineSamba 3.6.13 Available for Download/p - pThis is the latest stable release of the Samba 3.6 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-3.6.13.tar.gz;downloaded -now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.6.12-3.6.13.diffs.gz; -patch against Samba
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via fc98b10 Add missing ) and try to make it a sentence from f548787 Link CVE-2013-0454 and add it to the history http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit fc98b10028ee6d4560ddcc405e7d7f1200b0bc85 Author: Lars Müller l...@samba.org Date: Tue Apr 2 19:43:04 2013 +0200 Add missing ) and try to make it a sentence --- Summary of changes: generated_news/latest_10_bodies.html |6 +++--- generated_news/latest_2_bodies.html |6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index bf82fcb..7489b5d 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -3,9 +3,9 @@ pThis is a bbug fix announcement/b in order to address a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454; -CVE-2013-0454/a (A writable configured share might get read only/p -pA a href=http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch; -patch against Samba 3.6.5/a. +CVE-2013-0454/a (A writable configured share might get read only)/p +pThis a href=http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch; +patch is required by Samba 3.6.5/a. The patch file has been signed using GnuPG (ID 6568B7EA). diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index cbc581c..56fe096 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -3,9 +3,9 @@ pThis is a bbug fix announcement/b in order to address a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454; -CVE-2013-0454/a (A writable configured share might get read only/p -pA a href=http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch; -patch against Samba 3.6.5/a. +CVE-2013-0454/a (A writable configured share might get read only)/p +pThis a href=http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch; +patch is required by Samba 3.6.5/a. The patch file has been signed using GnuPG (ID 6568B7EA). h5a name=4.0.419 March 2013/a/h5 -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 50e0060 Add a comment about why we are removing the INHERITED bit
so people understand.
from 5e91957 BUG 9758: Don't leak the epm_Map policy handle.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 50e0060091e008ad93fcfbb68cbbb81da5dec067
Author: Richard Sharpe realrichardsha...@gmail.com
Date: Tue Apr 2 06:48:03 2013 -0700
Add a comment about why we are removing the INHERITED bit so people
understand.
Signed-off-by: Richard Sharpe realrichardsha...@gmail.com
Reviewed-by: Andreas Schneider a...@samba.org
Autobuild-User(master): Andreas Schneider a...@cryptomilk.org
Autobuild-Date(master): Tue Apr 2 20:05:13 CEST 2013 on sn-devel-104
---
Summary of changes:
libcli/security/secdesc.c |9 +
1 files changed, 9 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index a7e9900..8570334 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -614,6 +614,15 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
if (!container) {
new_flags = 0;
} else {
+ /*
+* We need to remove SEC_ACE_FLAG_INHERITED_ACE here
+* if present because it should only be set if the
+* parent has the AUTO_INHERITED bit set in the
+* type/control field. If we don't it will slip through
+* and create DACLs with incorrectly ordered ACEs
+* when there are CREATOR_OWNER or CREATOR_GROUP
+* ACEs.
+*/
new_flags = ~(SEC_ACE_FLAG_INHERIT_ONLY
| SEC_ACE_FLAG_INHERITED_ACE);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 93bca18 Make sure that we only propogate the INHERITED flag when we
are allowed to.
from 97bb3cc torture: Add ntprinting latin1 test.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 93bca1881e3a8993c76fec408d7c0c369556683d
Author: Jeremy Allison j...@samba.org
Date: Thu Mar 28 09:36:41 2013 -0700
Make sure that we only propogate the INHERITED flag when we are allowed to.
Signed-off-by: Jeremy Allison j...@samba.org
Fix bug #9747 - When creating a directory Samba allows inherited bit to slip
through.
---
Summary of changes:
source3/lib/secdesc.c |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index b7c9fc5..7ff3a6a 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -602,7 +602,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
if (!container) {
new_flags = 0;
} else {
- new_flags = ~SEC_ACE_FLAG_INHERIT_ONLY;
+ new_flags = ~(SEC_ACE_FLAG_INHERIT_ONLY|
+ SEC_ACE_FLAG_INHERITED_ACE);
if (!(new_flags SEC_ACE_FLAG_CONTAINER_INHERIT)) {
new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b986a3a Ensure EA value is allocated on the right context. via 9b94de1 Final fix for bug #9130 - Certain xattrs cause Windows error 0x800700FF via 43becd6 Ensure we don't return uninitialized memory in the pad bytes. via 7bee3ef Add a test to show that zero-length EA's are never returned over SMB2. via b96bc9fa Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF via 875bedd Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF via 15fa043 Change estimate_ea_size() to correctly estimate the EA size over SMB2. via d9e7c82 Modify fill_ea_chained_buffer() to be able to do size calculation only, no marshalling. via 1e8bcce Ensure we can never return an uninitialized EA list. from 50e0060 Add a comment about why we are removing the INHERITED bit so people understand. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b986a3a9c988c6ec29c0e0a2f8609d5132e952f4 Author: Jeremy Allison j...@samba.org Date: Thu Mar 28 08:55:11 2013 -0700 Ensure EA value is allocated on the right context. Ensure we free on error condition (tidyup, not a leak). Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@suse.de Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Tue Apr 2 21:54:33 CEST 2013 on sn-devel-104 commit 9b94de161f30bb34c666c0cf0cc94250e6a7b863 Author: Jeremy Allison j...@samba.org Date: Wed Mar 27 11:54:34 2013 -0700 Final fix for bug #9130 - Certain xattrs cause Windows error 0x800700FF The spec lies when it says that NextEntryOffset is the only value considered when finding the next EA. We were adding 4 more extra pad bytes than needed (i.e. if the next entry already was on a 4 byte boundary, then we were adding 4 additional pad bytes). Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@suse.de commit 43becd6f305bd5d21d886027d38a92d4dff22d75 Author: Jeremy Allison j...@samba.org Date: Tue Mar 26 16:46:51 2013 -0700 Ensure we don't return uninitialized memory in the pad bytes. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@suse.de commit 7bee3ef68490bb38942d717e03e203d00be32f9f Author: Jeremy Allison j...@samba.org Date: Tue Mar 26 13:26:49 2013 -0700 Add a test to show that zero-length EA's are never returned over SMB2. Zero length EA's only delete an EA, never store. Proves we should never return zero-length EA's even if they have been set on the POSIX side. ntvfs server doesn't implement the FULL_EA_INFORMATION setinfo call, so add to selftest/knownfail. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@suse.de commit b96bc9fa260c397887ba6199181f3b8bca7046a6 Author: Jeremy Allison j...@samba.org Date: Tue Mar 26 16:38:00 2013 -0700 Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF Ensure ntvfs server never returns zero length EA's. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@suse.de commit 875bedc51df59f85ae7bbd7db52fbfb5ffef Author: Jeremy Allison j...@samba.org Date: Tue Mar 26 16:37:22 2013 -0700 Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF Ensure we never return any zero-length EA's. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@suse.de commit 15fa043b7d362ee197835c0a72a936684c774472 Author: Jeremy Allison j...@samba.org Date: Tue Mar 26 15:54:31 2013 -0700 Change estimate_ea_size() to correctly estimate the EA size over SMB2. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@suse.de commit d9e7c8219fd8b3d770301a87bc1cd62b07b989ca Author: Jeremy Allison j...@samba.org Date: Tue Mar 26 15:46:06 2013 -0700 Modify fill_ea_chained_buffer() to be able to do size calculation only, no marshalling. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@suse.de commit 1e8bcce52f233722fad5c25f2467b86d97cadfa0 Author: Jeremy Allison j...@samba.org Date: Fri Mar 29 10:07:20 2013 -0700 Ensure we can never return an uninitialized EA list. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@suse.de --- Summary of changes: selftest/knownfail |1 + source3/smbd/trans2.c| 70 +++ source4/ntvfs/posix/pvfs_qfileinfo.c |6 ++ source4/torture/smb2/setinfo.c | 121 ++ 4 files changed, 183 insertions(+), 15 deletions(-)
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 20b0adc Make sure that we only propogate the INHERITED flag when we are allowed to. via e95a1cd build: Do not pass CPP= to pidl, skip the env variable entirely via ad0bc91 build: Remove the forced use of only the first part of the compiler string via 5225216 scripting: No longer install samba_upgradeprovision via 12907e7 scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually them via bf68cd4 samba-tool classicupgrade: Do not print the admin password during upgrade via 6bcef4e s4-dbcheck: Allow forcing an override of an old @MODULES record via 81a75d0 selftest: Add test for rfc2307 mapping handling via c820ab7 s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307 via 0f174b7 build: Set LD_LIBRARY_PATH in install_with_python.sh from 9ec44d4 Fix bug #9724 - is_encrypted_packet() function incorrectly used inside server. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 20b0adc9a6da3e9c1c6dcbd65c8f76f921de88ff Author: Richard Sharpe realrichardsha...@gmail.com Date: Wed Mar 27 19:36:43 2013 -0700 Make sure that we only propogate the INHERITED flag when we are allowed to. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com Fix bug #9747 - When creating a directory Samba allows inherited bit to slip through. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Apr 2 23:07:34 CEST 2013 on sn-devel-104 commit e95a1cded19f7a7af0ecb51c8a575a564b912185 Author: Andrew Bartlett abart...@samba.org Date: Fri Mar 22 13:47:46 2013 +1100 build: Do not pass CPP= to pidl, skip the env variable entirely This will cause pidl to use $CC -E instead. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit afe9343880ee27cf9fe937c6379c469435ef20d6) The last 2 patches address bug #9739 - [PATCH] PIDL build fixes for hosts without CPP (Solaris 11). commit ad0bc9130d1d02fd0280e89c393f3d28b596d0a8 Author: Andrew Bartlett abart...@samba.org Date: Fri Mar 22 13:06:43 2013 +1100 build: Remove the forced use of only the first part of the compiler string This corrects parts of 378295c3fe813c70815a14c7de608e4a859bd6cc and 301d59caf2ee6f49e108b748b0e38221dec9bb96. This is seen if CC=ccache gcc and CPP isn't used for some reason. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit 7dc6dfd90c5182ed85042b22d4864d3e9b007531) commit 5225216d76df523bec29c8a08815c412deedac06 Author: Andrew Bartlett abart...@samba.org Date: Thu Feb 28 00:03:19 2013 +1100 scripting: No longer install samba_upgradeprovision This tool is an important part of the toolkit a Samba Team member can use to assist a user with the upgrade of a very old Samba 4.0 AD DC installation. However, like all powerful tools, it has sharp edges, and these need to have more protection added before we recommend the tool be used. The WHATSNEW already indicated that this tool should not be used but a large number of users have run it, and due to lack of testing in the past, some have run into bugs. While this tool can be run in debug modes, by default it simply fixes the database following a series of internal rule. This does a good job much of the time, but does not request permission in the way that dbcheck does, and will create extra objects for things like the DNS partitions. By removing this from the installed binaries, we provide another signal that it should not be used right now, until these matters are fixed and some clear documentation on how to safely use the tool can be written. Andrew Bartlett Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Tue Mar 12 02:51:23 CET 2013 on sn-devel-104 (cherry picked from commit 389197e7c31e8d6616e6503181c088940ddb5986) Fix bug #9728 - DO NOT install samba_upgradeprovision in 4.0.x. commit 12907e7f7f1d9fda4dc33da87849ac86a234c9a8 Author: Andrew Bartlett abart...@samba.org Date: Fri Dec 28 10:05:40 2012 +1100 scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually them This allows the script to be used to create/remove the samba-specific dns-SERVER account when we do not need to create the in-directory partition. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Jan 10 20:56:50 CET 2013 on
