Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
I created two folders as different win users in a samba share. 1. Folder is testadmin created as user Domain Administrator 2. Folder is testschueler2 created as user schueler2 ls -la drwxrwxr-x+ 2 300 users 4096 Mai 20 09:57 testadmin drwxrwxr-x+ 2 326 users 4096 Mai 20 09:59 testschueler2 What`s that number starting wird 3... and how do I know that this number belongs to wich user? Uli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
Hello Ulrich, It's simply the uid (user id) that are given by samba. You should have a command to find who ius which number, but I don't know it yet (I'm new to samba too !!) Thierry Gonon Archéologue - Administrateur Systèmes et Réseaux Responsable Informatique Chronoterre Archéologie - Mail original - De: Ulrich Schneider m...@ulrichschneider.de À: samba@lists.samba.org Envoyé: Lundi 20 Mai 2013 10:03:25 Objet: Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC I created two folders as different win users in a samba share. 1. Folder is testadmin created as user Domain Administrator 2. Folder is testschueler2 created as user schueler2 ls -la drwxrwxr-x+ 2 300 users 4096 Mai 20 09:57 testadmin drwxrwxr-x+ 2 326 users 4096 Mai 20 09:59 testschueler2 What`s that number starting wird 3... and how do I know that this number belongs to wich user? Uli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
let me rephrase: what do I have to do/install to make this ... valid users = @Domain\Group (windows domain / group) .. work Am 20.05.2013 10:16, schrieb Thierry Gonon: Hello Ulrich, It's simply the uid (user id) that are given by samba. You should have a command to find who ius which number, but I don't know it yet (I'm new to samba too !!) Thierry Gonon Archéologue - Administrateur Systèmes et Réseaux Responsable Informatique Chronoterre Archéologie - Mail original - De: Ulrich Schneider m...@ulrichschneider.de À: samba@lists.samba.org Envoyé: Lundi 20 Mai 2013 10:03:25 Objet: Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC I created two folders as different win users in a samba share. 1. Folder is testadmin created as user Domain Administrator 2. Folder is testschueler2 created as user schueler2 ls -la drwxrwxr-x+ 2 300 users 4096 Mai 20 09:57 testadmin drwxrwxr-x+ 2 326 users 4096 Mai 20 09:59 testschueler2 What`s that number starting wird 3... and how do I know that this number belongs to wich user? Uli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
Hi Thierry, that command is called wbinfo. For details, run wbinfo --help. Some examples below: To find the Windows sid of an uid, run: wbinfo -U 300 (or any other uid). That sid can in turn be used to find the username: wbinfo -s S-1-5-32-544 So if you want to combine the whole thing into one, just run: wbinfo -s `wbinfo -U 300` Which should output something like: BUILTIN\Administrators 4 The number following the username just tells how many Windows users or groups are represented by that uid, if I'm understanding it correctly. For reversed direction (to get the uid from username), try: wbinfo -S `wbinfo -n Administrator` Although in most cases you should be able to just run getent passwd username to find the uid, whether the account is a windows account or not. Pekka L.J. Jalkanen On 20.5.2013 11:16, Thierry Gonon wrote: Hello Ulrich, It's simply the uid (user id) that are given by samba. You should have a command to find who ius which number, but I don't know it yet (I'm new to samba too !!) Thierry Gonon Archéologue - Administrateur Systèmes et Réseaux Responsable Informatique Chronoterre Archéologie - Mail original - De: Ulrich Schneider m...@ulrichschneider.de À: samba@lists.samba.org Envoyé: Lundi 20 Mai 2013 10:03:25 Objet: Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC I created two folders as different win users in a samba share. 1. Folder is testadmin created as user Domain Administrator 2. Folder is testschueler2 created as user schueler2 ls -la drwxrwxr-x+ 2 300 users 4096 Mai 20 09:57 testadmin drwxrwxr-x+ 2 326 users 4096 Mai 20 09:59 testschueler2 What`s that number starting wird 3... and how do I know that this number belongs to wich user? Uli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
Thanks Pekka !! Thierry Gonon Archéologue - Administrateur Systèmes et Réseaux Responsable Informatique Chronoterre Archéologie - Mail original - De: Pekka L.J. Jalkanen pekka.jalka...@vihreat.fi À: samba@lists.samba.org Envoyé: Lundi 20 Mai 2013 10:50:29 Objet: Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC Hi Thierry, that command is called wbinfo. For details, run wbinfo --help. Some examples below: To find the Windows sid of an uid, run: wbinfo -U 300 (or any other uid). That sid can in turn be used to find the username: wbinfo -s S-1-5-32-544 So if you want to combine the whole thing into one, just run: wbinfo -s `wbinfo -U 300` Which should output something like: BUILTIN\Administrators 4 The number following the username just tells how many Windows users or groups are represented by that uid, if I'm understanding it correctly. For reversed direction (to get the uid from username), try: wbinfo -S `wbinfo -n Administrator` Although in most cases you should be able to just run getent passwd username to find the uid, whether the account is a windows account or not. Pekka L.J. Jalkanen On 20.5.2013 11:16, Thierry Gonon wrote: Hello Ulrich, It's simply the uid (user id) that are given by samba. You should have a command to find who ius which number, but I don't know it yet (I'm new to samba too !!) Thierry Gonon Archéologue - Administrateur Systèmes et Réseaux Responsable Informatique Chronoterre Archéologie - Mail original - De: Ulrich Schneider m...@ulrichschneider.de À: samba@lists.samba.org Envoyé: Lundi 20 Mai 2013 10:03:25 Objet: Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC I created two folders as different win users in a samba share. 1. Folder is testadmin created as user Domain Administrator 2. Folder is testschueler2 created as user schueler2 ls -la drwxrwxr-x+ 2 300 users 4096 Mai 20 09:57 testadmin drwxrwxr-x+ 2 326 users 4096 Mai 20 09:59 testschueler2 What`s that number starting wird 3... and how do I know that this number belongs to wich user? Uli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
Hi Try winbind: /etc/nsswitch.conf passwd: files winbind group: files winbind ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 ln -s /usr/local/samba/lib/pam_winbind.so /lib/security Does getent passwd return any AD users? No! I#ve done the changes like you suggested above ... Still getting the following output: uli@uli-sd30v10:/usr/local/samba/etc$ wbinfo -u uli@uli-sd30v10:/usr/local/samba/etc$ sudo net rpc join -U Administrator cannot join as standalone machine uli@uli-sd30v10:/usr/local/samba/etc$ sudo net ads join -U Administrator Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: This operation is only allowed for the PDC of the domain. uli@uli-sd30v10:/usr/local/samba/etc$ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Samba4] modifying attributes: no write access to self
Hi all *Context:* I'm trying to use the s4bind scripts ( http://linuxcostablanca.blogspot.com.es/p/s4bind.html) k5start is running So far, i've succeeded in * modifying (posixifying) the built-in Domain Users * adding a user to this group and i can login with this user (ssh), create files that are correctly owned, etc... The user also shows up correcly in ADUC. * retrieving user and group info (for user added in AD, and not existing locally) via getent *Problem: * I'm added a new group *samba-tool group add Leerkrachten* Then i tryied posixifying the group (as i did with the builtin group Domain Users *s4bind upgradegroup Leerkrachten 3* This however gives me ERR: (insufficient access rights) LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 2098: Object cn=Leerkrachten,cn=Users,DC=stp4,DC=stp,DC=internal has no write property access on DN cn=Leerkrachten,cn=Users,DC=stp4,DC=stp,DC=internal at block before line 7 Modify failed after processing 0 records It seems that there is no write access to self (i seem to remember something from my old openldap setup that is in place on the old samba3 domain) that specified things about access to blablable by self write. Is there something in the directory component of s4 like this too? and how to specifiy it? Is there a way to list acls on directory objects?) *Extra info* The s4bind script does the following: 1. creates a file (* /tmp/group ) *with the following content: *dn: cn=Leerkrachten,cn=Users,DC=stp4,DC=stp,DC=internal changetype: modify add: objectClass objectClass: posixGroup - add: gidNumber gidNumber: 3* It then runs the following command * ldbmodify --url=ldap://samba4-3.stp4.stp.internal --kerberos=yes --krb5-ccache=FILE:/tmp/krb5cc_0 /tmp/group* klist shows the following: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: SAMBA4-3$@STP4.STP.INTERNAL Valid starting ExpiresService principal 05/20/13 09:34:48 05/20/13 19:34:48 krbtgt/stp4.stp.inter...@stp4.stp.INTERNAL 05/20/13 10:37:42 05/20/13 19:34:48 ldap/samba4-3.stp4.stp.inter...@stp4.stp.INTERNAL thanx in advance ! -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
Getting the error message ... raised the following question ... is it not possible to run samba as an avtive directory domain controller and use winbind/wbinfo at the same time? uli@uli-sd30v10:/data$ sudo /usr/local/samba/sbin/samba -i -M single samba version 4.0.5 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote' You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks uli@uli-sd30v10:/data$ Am 20.05.2013 10:50, schrieb Pekka L.J. Jalkanen: Hi Thierry, that command is called wbinfo. For details, run wbinfo --help. Some examples below: To find the Windows sid of an uid, run: wbinfo -U 300 (or any other uid). That sid can in turn be used to find the username: wbinfo -s S-1-5-32-544 So if you want to combine the whole thing into one, just run: wbinfo -s `wbinfo -U 300` Which should output something like: BUILTIN\Administrators 4 The number following the username just tells how many Windows users or groups are represented by that uid, if I'm understanding it correctly. For reversed direction (to get the uid from username), try: wbinfo -S `wbinfo -n Administrator` Although in most cases you should be able to just run getent passwd username to find the uid, whether the account is a windows account or not. Pekka L.J. Jalkanen On 20.5.2013 11:16, Thierry Gonon wrote: Hello Ulrich, It's simply the uid (user id) that are given by samba. You should have a command to find who ius which number, but I don't know it yet (I'm new to samba too !!) Thierry Gonon Archéologue - Administrateur Systèmes et Réseaux Responsable Informatique Chronoterre Archéologie - Mail original - De: Ulrich Schneider m...@ulrichschneider.de À: samba@lists.samba.org Envoyé: Lundi 20 Mai 2013 10:03:25 Objet: Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC I created two folders as different win users in a samba share. 1. Folder is testadmin created as user Domain Administrator 2. Folder is testschueler2 created as user schueler2 ls -la drwxrwxr-x+ 2 300 users 4096 Mai 20 09:57 testadmin drwxrwxr-x+ 2 326 users 4096 Mai 20 09:59 testschueler2 What`s that number starting wird 3... and how do I know that this number belongs to wich user? Uli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
Hi, I think your problem may be that you are are trying to run the standalone winbind daemon at the same time as the samba deamon, you cannot do this, the samba daemon has its own built in winbind. Could you please confirm how you provisioned samba4, post a sanitized version of your smb.conf and explain just what you are hoping to achieve. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
Could you please confirm how you provisioned samba4, post a sanitized version of your smb.conf and explain just what you are hoping to achieve. Ok, I will do that. I want to use samba4 1. as an active directory domain controller 2. as a file server providing diefferent shares for different windows users/groups. To do so I used the samba provision script to set up samba as AD DC. Works fine. Then I read about restrctioning shares to win users/groups with: valid users = @SAMDOM\SCHUELER This is not working. When a user in the win group SCHUELER is accessing a share he gets a popup window with username /password saying that the acces was denied to this share. smb.conf # Global parameters [global] workgroup = SAMDOM realm = SAMDOM.EXAMPLE.COM netbios name = ULI-SD30V10 server role = active directory domain controller dns forwarder = 192.168.25.254 # security = ads password server = 192.168.25.133 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind cache time = 10 winbind use default domain = yes [netlogon] path = /usr/local/samba/var/locks/sysvol/samdom.example.com/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [schueler] path = /data/schueler comment = Schueler read only = no valid users = @SAMDOM\SCHUELER -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
Hi, Remove all of this: # security = ads password server = 192.168.25.133 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind cache time = 10 winbind use default domain = yes Then remove this line: valid users = @SAMDOM\SCHUELER restart samba4 Go here: http://linuxcostablanca.blogspot.co.uk/2013/04/sssd-in-samba-40.html Install sssd refering to the above link Then browse google for using ACL.s with samba4, this usually just entails adding 'acl, xattr' to the relevant line in your /etc/fstab Then set the access from a windows pc Forget winbind, it sucks, Samba4 winbind != Samba3 winbind, samba4 winbind != complete Note that this is just my own opinion. Rowland On 20 May 2013 11:57, Ulrich Schneider m...@ulrichschneider.de wrote: Could you please confirm how you provisioned samba4, post a sanitized version of your smb.conf and explain just what you are hoping to achieve. Ok, I will do that. I want to use samba4 1. as an active directory domain controller 2. as a file server providing diefferent shares for different windows users/groups. To do so I used the samba provision script to set up samba as AD DC. Works fine. Then I read about restrctioning shares to win users/groups with: valid users = @SAMDOM\SCHUELER This is not working. When a user in the win group SCHUELER is accessing a share he gets a popup window with username /password saying that the acces was denied to this share. smb.conf # Global parameters [global] workgroup = SAMDOM realm = SAMDOM.EXAMPLE.COM netbios name = ULI-SD30V10 server role = active directory domain controller dns forwarder = 192.168.25.254 # security = ads password server = 192.168.25.133 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind cache time = 10 winbind use default domain = yes [netlogon] path = /usr/local/samba/var/locks/**sysvol/samdom.example.com/** scripts http://samdom.example.com/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/**sysvol read only = No [schueler] path = /data/schueler comment = Schueler read only = no valid users = @SAMDOM\SCHUELER -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrate samba3 to samba4
Hi Everybody I have an environment with Samba3 and ldap in the company and we are studying the migration to Samba4, keeping the user base, groups and workstations registered. I would like to know the best way suited for this migration. One of unsuccessful attempts we had was to establish a trust relationship between the domain Samba3 and Samba4 to use ADMT from Microsoft and import users and groups, but it was not possible to establish the relationship between the domains/ -- Natália Vaz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrate samba3 to samba4
Hello Natalia, Am 20.05.2013 19:18, schrieb Natália Vaz: I have an environment with Samba3 and ldap in the company and we are studying the migration to Samba4, keeping the user base, groups and workstations registered. I would like to know the best way suited for this migration. One of unsuccessful attempts we had was to establish a trust relationship between the domain Samba3 and Samba4 to use ADMT from Microsoft and import users and groups, but it was not possible to establish the relationship between the domains/ Did you read http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO If you already followed this guide, then please provide some more information, what went wrong on this way, to find a working migration solution for you. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool of delegation of permissions
Hello Andrew, Am 19.05.2013 13:39, schrieb Andrew Bartlett: Have you read the 'Known issues/limitations' on that page (http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Known_issues.2Flimitations)? You still need 'acl:search=false' in your smb.conf, even if you run the latest version. If that is the case, after resetting the ACLs or on a fresh provision, please file a bug, showing how windows does it differently. We match windows behaviour now, as far as we know. The bug report about that, already exists: https://bugzilla.samba.org/show_bug.cgi?id=9788 Because I don't have Windows servers, I have no way to find out how Windows react. But when I wrote the Join machines to the Domain as non-Domain-Admin Howto, I take over the steps from MS: http://support.microsoft.com/kb/932455/en-us That's why I think, samba is still doing something different on delegation, than MS in that case, if I have to use 'acl:search=false'. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6 winbind issues
I've been using samba for several years now and so my configuration hasnt changed much in that time. We've setup a samba pdc+ldap backend and previously using smbldap-tools. I haven't had to add a new machine in a long while until recently a new user said they couldn't remote desktop to a windows server I have part of our domain. Older users still were able to access it. I decided to leave then join the domain, but that ran into another issue. I cant add the server back to the domain since I was getting 'no challanage send to client' messages. Searching this I found I needed to use winbind and setup idmap settings. Following the wiki, I set this up, but still unable to join to the domain. Now it says its unable to allocate a uid to create the machine entry in ldap. I'm not sure what to do next. wbinfo is able to report info on users, but wbinfo -g returns nothing. In the logs for winbind I see errors saying for gid 0 got 0 entries, and for a few other gids. I tried wbinfo --allocate-uid/gid and get the following: failed to call wbcAllocateGid: WBC_ERR_DOMAIN_NOT_FOUND Could not allocate a gid In the logs, all I see is Could not allocate gid: NT_STATUS_UNSUCCESSFUL Here is my samba global settings: [global] workgroup = X.X.X netbios name = ROSS server string = PDC %v encrypt passwords = yes passdb backend = ldapsam:ldap://X.X.X.X ldapsam:trusted = yes ldapsam:editposix = yes domain master = yes preferred master = yes local master = yes os level = 255 dns proxy = yes wins support = yes name resolve order = host wins lmhosts bcast domain logons = yes client ntlmv2 auth = yes loglevel = 2 auth:1 sam:10 winbind:10 passdb:0 smb:10 rpc_srv:3 log file = /var/log/samba/log.%m syslog = 0 time server = yes ldap suffix = dc=X,dc=X,dc=X ldap user suffix = ou=people ldap group suffix = ou=group ldap machine suffix = ou=machines ldap idmap suffix = ou=Idmap ldap ssl = start tls ldap admin dn = cn=samba,ou=DSA,dc=X,dc=X,dc=X logon path = \\%L\profiles\%U logon script = netlogon.bat time server = Yes deadtime = 10 case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd printcap name = /etc/printcap load printers = no interfaces = eth0 lo bind interfaces only = yes winbind enum users = yes winbind enum groups = yes idmap config * : default = yes idmap config * : readonly = no idmap config * : backend = ldap idmap config * : range = 1000-100 idmap config * : ldap_url = ldap://X.X.X.X idmap config * : ldap_base_dn = ou=Idmap,dc=X,dc=X,dc=X idmap config * : ldap_user_dn = cn=idmap,ou=DSA,dc=X,dc=X,dc=X winbind use default domain = Yes winbind nested groups = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (force) default security mask
That was a type error in my previous post, the line in my smb.conf is of course: read only = No Вск 19 Май 2013 14:58:39 +0400, ?icro MEGAS написал: Hello folks, Samba 3.5.6 running and I have following share: [public] path = /data/public read onlyXSSCleaned= No create mask = 0777 directory mask = 0777 directory security mask = 0750 vfs object = acl_xattr nt acl support = yes dos filemode = yes My filesystem ext4 which is mounted to /data supports acl,user_xattr and setfacl/getfacl works fine. ls -ld /data/public shows unix mode 0755 with owner=admin and group=Domain Users All users have full access to the share \\samba\public and therefore are allowed to create,modify,delete directories and files. My aim is that I want to have a directory called special which is in /data/public/special. Only restricted users and groups are allowed full access to this directory, the Domain Users should only be able to have read/execute rights, but no write/delete rights on this directory+subdirs. /data/public has no ACL set. Here's an output of my ACL I have set manually with setfacl on this special directory. Only user john and doe and group foobar have full access to this special directory, and Domain Users or other should only have read rights. root@samba:/data/public# getfacl special # file: special/ # owner: admin # group: Domain\040Users user::rwx user:john:rwx user:doe:rwx group::r-x group:foobar:rwx mask::rwx other::--- default:user::rwx default:user:john:rwx default:user:doe:rwx default:group::r-x default:group:foobar:rwx default:mask::rwx default:other::--- When user john, doe or anyone of group foobar creates a new directory inside the special dir, it has following modes: root@samba:/data/public/special ls -l drwxrwx-wx+ 2 john Domain Users 4096 19. Mai 12:43 newdir == This corresponds to unix mode 0773. The ACL mode looks like that: # file: newdir # owner: john # group: Domain\040Users user::rwx user:john:rwx user:doe:rwx group::rwx group:foobar:rwx mask::rwx other::-wx default:user::rwx default:user:john:rwx default:user:doe:rwx default:group::r-x default:group:foobar:rwx default:mask::rwx default:other::--- == This corresponds to ACL security mode 0773. Where does this strange 0773 come from? I would like to have ACL security mode 0750 on all new directories and files created inside special directory. I also have tried to use force directory security mode = 0750 in my smb.conf but that doesn't help either. I have realized another odd behaviour, too: when user john, doe, or anyone of group foobar creates a new directory and DON'T name it, it will be called New Directory. This directory has following ACLs: root@samba:/data/public/special# getfacl New\ Directory # file: New Directory # owner: john # group: Domain\040Users user::rwx user:john:rwx user:doe:rwx group::r-x group:foobar:rwx mask::rwx other::--- default:user::rwx default:user:john:rwx default:user:doe:rwx default:group::r-x default:group:foobar:rwx default:mask::rwx default:other::--- This would be the correct ACL I want to have to, it corresponds to 0750. But why does this be applied only, if a new directory is created through windows and not renamed to something else than the default directory name New Directory ? I don't understand that. Please anyone tell me how to set correctly ACL mode 0750 for all the new dirs/files inside my special dir. Any help appreciated. Thanks a lot in advance. Lucas. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Samba4] modifying attributes: no write access to self
[*update*] I've modified the sssd config to use Administrator as the default principal, and i've also done a *kinit Administrator*... and now i'm able to add and modify group and user attributes... seems like i need to either delegate this to a specific user or keep the administrator does all config One question tho: i _was_ able to create/delete users and groups and also add users to and delete them from a group... (with the DC computer account as default principal) Why then doesn't this work with the attribute stufff? (last but not least: i *really* need to look into these things called principals ... i honestly don't know what i'm playing with here, and i'm kinda ashamed to do so.. so next days i'll be reading up :) micahel 2013/5/20 Michael De Groote i...@sint-pietersschool.be Hi all *Context:* I'm trying to use the s4bind scripts ( http://linuxcostablanca.blogspot.com.es/p/s4bind.html) k5start is running So far, i've succeeded in * modifying (posixifying) the built-in Domain Users * adding a user to this group and i can login with this user (ssh), create files that are correctly owned, etc... The user also shows up correcly in ADUC. * retrieving user and group info (for user added in AD, and not existing locally) via getent *Problem: * I'm added a new group *samba-tool group add Leerkrachten* Then i tryied posixifying the group (as i did with the builtin group Domain Users *s4bind upgradegroup Leerkrachten 3* This however gives me ERR: (insufficient access rights) LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - 2098: Object cn=Leerkrachten,cn=Users,DC=stp4,DC=stp,DC=internal has no write property access on DN cn=Leerkrachten,cn=Users,DC=stp4,DC=stp,DC=internal at block before line 7 Modify failed after processing 0 records It seems that there is no write access to self (i seem to remember something from my old openldap setup that is in place on the old samba3 domain) that specified things about access to blablable by self write. Is there something in the directory component of s4 like this too? and how to specifiy it? Is there a way to list acls on directory objects?) *Extra info* The s4bind script does the following: 1. creates a file (* /tmp/group ) *with the following content: *dn: cn=Leerkrachten,cn=Users,DC=stp4,DC=stp,DC=internal changetype: modify add: objectClass objectClass: posixGroup - add: gidNumber gidNumber: 3* It then runs the following command * ldbmodify --url=ldap://samba4-3.stp4.stp.internal --kerberos=yes --krb5-ccache=FILE:/tmp/krb5cc_0 /tmp/group* klist shows the following: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: SAMBA4-3$@STP4.STP.INTERNAL Valid starting ExpiresService principal 05/20/13 09:34:48 05/20/13 19:34:48 krbtgt/stp4.stp.inter...@stp4.stp.INTERNAL 05/20/13 10:37:42 05/20/13 19:34:48 ldap/samba4-3.stp4.stp.inter...@stp4.stp.INTERNAL thanx in advance ! -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool of delegation of permissions
On Mon, 2013-05-20 at 20:04 +0200, Marc Muehlfeld wrote: Hello Andrew, Am 19.05.2013 13:39, schrieb Andrew Bartlett: Have you read the 'Known issues/limitations' on that page (http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Known_issues.2Flimitations)? You still need 'acl:search=false' in your smb.conf, even if you run the latest version. If that is the case, after resetting the ACLs or on a fresh provision, please file a bug, showing how windows does it differently. We match windows behaviour now, as far as we know. The bug report about that, already exists: https://bugzilla.samba.org/show_bug.cgi?id=9788 Because I don't have Windows servers, I have no way to find out how Windows react. You can download trail versions of Windows 2008r2 for testing and evaluation purposes. But when I wrote the Join machines to the Domain as non-Domain-Admin Howto, I take over the steps from MS: http://support.microsoft.com/kb/932455/en-us That's why I think, samba is still doing something different on delegation, than MS in that case, if I have to use 'acl:search=false'. We need far, far more detail - using this ACL, this attribute is visible/modified on windows but not on Samba - to be able to address this. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba fsmo/demote/unjoin trouble after crash
On Wed, 2013-05-15 at 10:09 +0300, Giedrius wrote: 2013.05.14 18:48, Denis Cardon rašė: Hi Giedrius, i've got initial setup on DC1 (4.0.1)... all working good and flawless Added additional geographically distributed controllers (DC2, DC3, DC4,DC5) with 4.0.5 - no problem. All PC's can connect to their own site/DC Transferred all FSMO's to DC2 - transferred successfully (with seize error bug) DC1 crashed badly during maintenance, SAMBA was updated to 4.0.5, data restored from backup. Now, the problem is: 1) DC1 sees itself as owner of all FSMO's, although DC[2,3,4,5] sees DC2 as owner of FSMO's 3) DC1 is missing some users (created between backup and crash), wbinfo for these users return E_DOMAIN_NOT_FOUND 4) Got decrypt integrity check failed errors, fixed with chtdcpass, witch not results to Failed to find HOST$#DOMAIN(kvno) (client reboot seems to fix this) 4) any attempt to replicate missing information from DC2/DC3 to DC1 (samba-tool drs replicate) results in errors after it (cannot find own NTDS) 5) impossible to demote / unjoin server and provision from scratch - some DRS errors Question is: how can i change FSMO owner (ldbedit ?) on DC1 to be DC2 and then: a) replicate missing users (and computer trust accounts) to DC1 b) force removing DC1 from domain for good ( reinstall from scratch ) Domain as a whole recreation from scratch is sadly *not* an option :( On https://wiki.samba.org/index.php/Backup_and_Recovery#General it is clearly stated that you shouldn't restore a DC from backup in a multi DC environment. Ok, my bad. Others DC have evolved since you backed up your data, and you cannot have synchronisation with the other DCs. It is not a Samba problem, but it is by design because the multi master replication between DCs. You should just re-install samba4 4.0.5 on your DC1 server, and then join it to the domain as a DC, it will synchronise and all will be back to normal. But how do i force remove the old server from domain ? (Windows tools and samba's net unjoin failed) Just re-join it with the same name, that does as much as we can do. It isn't perfectly ideal, but it should be good enough. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
The problem is that I'm descending further into the mire. Can't log on to the PC as local administrator account is disabled, can't log on in safe mode without arriving at the domain login screen, can't seem to find anything on the server side to fix this. Remembering well why I chose the dark side years ago, and losing the will to live... Steve On 20/05/13 19:22, Dewayne Geraghty wrote: Steve, Linda's on the money. We experience this problem when staff are absent for as little as a week, could just be a timing problem. Though if your PC's and server has been continuously up, then your PC's may have dropped the location of where the server is. If that is the case, then you might need to examine either: how your pdc advertises itself, or where you've told the PC's to find the WINS server. Typically an administrator accesses the PC and tells it to rejoin the domain. A simple leave and rejoin does the trick. Regards, Dewayne. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Linda Walsh Sent: Monday, 20 May 2013 11:29 AM To: Chris Rowson; Samba mailing list Subject: Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery... Chris Rowson wrote: On 19 May 2013 23:13, Steve Holdoway st...@greengecko.co.nz wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' I had this problem alot until I told my windows computer to disable machine account password changes. I think it changes them about every 30 days or maybe less -- but it would change it's password and the server wouldn't be informed, so the shared-secret between the two of them was no longer decipherable. To be honest, it doesn't sound like the BEST way, or the most SECURE way to fix the problem, BUT, given my windows machine is on a closed internal net, practicality trumps imaginary security problems -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
Stev e Holdoway wrote: The problem is that I'm descending further into the mire. Can't log on to the PC as local administrator account is disabled, can't log on in safe mode without arriving at the domain login screen, can't seem to find anything on the server side to fix this. Remembering well why I chose the dark side years ago, and losing the will to live... Can you try to use the remote net DOM feature...on the server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Continued compilation errors with samba 3.6.15
kiko seis wrote: And got the following error: net_rpc.c:(.text+0xcbc8): undefined reference to `libnetapi_net_init' Then I recompiled with the following parameters set: ./configure --enable-shared-libs=no --enable-external-libtalloc=no --enable-external-libtdb=no --with-libtalloc=no --with-libtdb=no --with-libnetapi=no --with-libsmbclient =no --with-libsmbsharemodes=no --with-libaddns=no Are you sure your configure parameters are all on 1 line... since the way you have it typed in, it looks like the lines after the 1st are possible on another line. 2nd, for the =no case , aren't those supposed to be --without-lib? (just some random thoughts...) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 Admt to other Domain Windows Server 2008
Hi, I have a Samba 4 domain created and now I need to transfer all users and groups to other Windows 2008 Domain. How can I use the ADMT? Thanks for your help. Best Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
I've found a howto to enable local admin via recovery/regedit, and have now enabled it. I can leave and re-join the domain with no problem at all, BUT STILL CAN'T LOG IN, even using the same account that I used to leave/join the domain. Hair long gone ): Steve On 21/05/13 15:06, Dewayne Geraghty wrote: Oh dear! You're in a really bad place. The PC can't join the domain. Therefore you can't use domain credentials. So the domain is out of the picture. This has occurred because the PC has changed its computer password and failed to notify the server within its normal limits. So - forget the domain. A local priv'ed account is your only option. But without that, or a local Administrator password, you're really hosed. Its meant to be this way... Windows is good at one thing, making it really difficult to own a machine when you don't have credentials. But not the data. If you have critical information on the PC and it hasn't been encrypted, then you should be able to extract it by taking the disk out and inserting into a UNIX machine, or perhaps another Win PC. I vaguely recall some Linux software that broke into the security db, about 12 years ago; but I expect MS has fixed that. If I were at this point, I'd try to repair the machine and take the system back to a known local account. And when this is all over, don't forget to create a priv'ed account on all PC's with a long complex password that is your ultimate failsafe. (I do this with all customers, and I don't recall the number of times that has been the ONLY solution.) Good luck, let me know if you are able to repair the system, if you take that course. Kind regards, Dewayne -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
On Mon, 2013-05-20 at 09:53 +1200, Steve Holdoway wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' on the client. Any suggestions?? One different avenue you might persue is upgrading to Samba 4.0 as an AD DC. This will bring Windows 7 back to a server it is much happier with than the current situation. Or at the very least, consider upgrading the domain as-is to Samba 4.0, running it as a classic DC. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Admt to other Domain Windows Server 2008
On Tue, 2013-05-21 at 11:19 +0800, wong lmark wrote: Hi, I have a Samba 4 domain created and now I need to transfer all users and groups to other Windows 2008 Domain. How can I use the ADMT? Why do you want to use ADMT? If you just need to move to Windows, then just join a Windows DC to the Samba domain as DC, transfer the FSMO roles, and then offline the Samba DC. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Admt to other Domain Windows Server 2008
Hi Andrew, I have tried to transfer fsmo. But I cannot sure that can transfer or not. In windows, I typed netdom query fsmo but it shown parameter is incorrect. And then, I found that my win 08 ad cannot open the GPO. Thanks for your help. Best Regards, Mark 2013/5/21 Andrew Bartlett abart...@samba.org On Tue, 2013-05-21 at 11:19 +0800, wong lmark wrote: Hi, I have a Samba 4 domain created and now I need to transfer all users and groups to other Windows 2008 Domain. How can I use the ADMT? Why do you want to use ADMT? If you just need to move to Windows, then just join a Windows DC to the Samba domain as DC, transfer the FSMO roles, and then offline the Samba DC. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Admt to other Domain Windows Server 2008
On Tue, 2013-05-21 at 12:02 +0800, wong lmark wrote: Hi Andrew, I have tried to transfer fsmo. But I cannot sure that can transfer or not. In windows, I typed netdom query fsmo but it shown parameter is incorrect. Then simply remove the Samba DC using the windows tools, and seize any roles left on that DC. If you tell windows it is permanently off-line, it should do the right thing. If you keep the Samba DC off during this process, then if it doesn't work, you can still just power windows off, and Samba on, and it should still be working. And then, I found that my win 08 ad cannot open the GPO. You will have to transfer GPO files manually - we do not support the replication protocol used for GPO files (sorry). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
On Tue, 2013-05-21 at 13:54 +1000, Andrew Bartlett wrote: On Mon, 2013-05-20 at 09:53 +1200, Steve Holdoway wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' on the client. Any suggestions?? One different avenue you might persue is upgrading to Samba 4.0 as an AD DC. This will bring Windows 7 back to a server it is much happier with than the current situation. Or at the very least, consider upgrading the domain as-is to Samba 4.0, running it as a classic DC. Andrew Bartlett It's certainly something I'm working on as a part of the squeeze - wheezy upgrade, but am trying to keep within standard repos for squeeze at the moment. Do you have a samba one? I haven't looked. As it happens, I think the message has changed... it now can't find a logon server. Progress?? Cheers, Steve -- Steve Holdoway BSc(Hons) MNZCS st...@greengecko.co.nz http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Admt to other Domain Windows Server 2008
On 21.5.2013 6:56, Andrew Bartlett wrote: On Tue, 2013-05-21 at 11:19 +0800, wong lmark wrote: Hi, I have a Samba 4 domain created and now I need to transfer all users and groups to other Windows 2008 Domain. How can I use the ADMT? Why do you want to use ADMT? If you just need to move to Windows, then just join a Windows DC to the Samba domain as DC, transfer the FSMO roles, and then offline the Samba DC. Also, it is good to note that even if you can't avoid ADMT (in the case you must migrate your users to another _existing_ domain) you'd still need to do as Andrew says and add a Windows DC to the _source_ domain first, because the target domain needs to be trusted by the source for ADMT to work at all. While Samba can be trusted by others, it currently cannot itself trust other domains, so ADMT simply cannot work without a Windows DC in the source. Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
On Tue, 2013-05-21 at 17:32 +1200, Steve Holdoway wrote: On Tue, 2013-05-21 at 13:54 +1000, Andrew Bartlett wrote: On Mon, 2013-05-20 at 09:53 +1200, Steve Holdoway wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' on the client. Any suggestions?? One different avenue you might persue is upgrading to Samba 4.0 as an AD DC. This will bring Windows 7 back to a server it is much happier with than the current situation. Or at the very least, consider upgrading the domain as-is to Samba 4.0, running it as a classic DC. Andrew Bartlett It's certainly something I'm working on as a part of the squeeze - wheezy upgrade, but am trying to keep within standard repos for squeeze at the moment. Do you have a samba one? I haven't looked. The sernet folks maintain enterprisesamba.com with packages, but the packages in Debian currently (even experimenetal) are not complete packages of Samba 4.0 as an AD DC. I'm actively working with them to prepare a better solution for the next debian release, and users of unstable or experimental. As it happens, I think the message has changed... it now can't find a logon server. https://wiki.samba.org/index.php/Capture_Packets A network trace may provide more of an indication. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] CTDB repository - branch master updated - ctdb-2.1-149-g0c07525
The branch, master has been updated via 0c0752515b1ffae24be5f138bd2fab4dec5c (commit) via b0cae7d5a00ef3764bae187affc8e9a252f4b329 (commit) from e143abd16ccde2e0edfe103673d31a5fb06b6aef (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 0c0752515b1ffae24be5f138bd2fab4dec5c Author: Christian Ambach a...@samba.org Date: Wed May 8 08:45:09 2013 +0200 build: Create sudoers.d dir during make install otherwise make install into non-standard prefix will fail Signed-off-by: Christian Ambach a...@samba.org commit b0cae7d5a00ef3764bae187affc8e9a252f4b329 Author: Amitay Isaacs ami...@gmail.com Date: Tue May 14 23:18:32 2013 +1000 eventscripts: Do not use bashism for string comparison Signed-off-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: Makefile.in|1 + config/events.d/60.ganesha |2 +- 2 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/Makefile.in b/Makefile.in index 7ffc3dc..86b4870 100755 --- a/Makefile.in +++ b/Makefile.in @@ -318,6 +318,7 @@ install: all manpages $(PMDA_INSTALL) mkdir -p $(DESTDIR)$(etcdir)/ctdb mkdir -p $(DESTDIR)$(etcdir)/ctdb/events.d mkdir -p $(DESTDIR)$(etcdir)/ctdb/nfs-rpc-checks.d + mkdir -p $(DESTDIR)$(etcdir)/sudoers.d/ mkdir -p $(DESTDIR)$(docdir)/ctdb ${INSTALLCMD} -m 644 ctdb.pc $(DESTDIR)$(libdir)/pkgconfig ${INSTALLCMD} -m 755 bin/ctdb $(DESTDIR)$(bindir) diff --git a/config/events.d/60.ganesha b/config/events.d/60.ganesha index 7e8d48d..80e5ae7 100755 --- a/config/events.d/60.ganesha +++ b/config/events.d/60.ganesha @@ -40,7 +40,7 @@ loadconfig nfs service_name=nfs-ganesha-$CTDB_CLUSTER_FILESYSTEM_TYPE -[ $NFS_SERVER_MODE == ganesha ] || exit 0 +[ $NFS_SERVER_MODE = ganesha ] || exit 0 ctdb_setup_service_state_dir -- CTDB repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 96f9724 ldb_tdb: Warn when reindexing is done via 74fa70c smbtorture: Show the list of cracknames we expect to have and the result via 6c4cf59 smbtorture: fix a warning due to a set but unused var via d42a31d smbtorture: fix crash when the returning a crackname with an empty name when a valid one was expected via d5b440f Fix warning by setting the variable from GUID to const GUID via 3734488 Fix more unused vars via 4cc3d06 Fix a warning about a set but unused variable by actually using it via 9724171 Fix warnings about set but unused variables via bfce969 Fix a warning about a shadowed variable by renaming the shadowing var via e1b71f1 buildtools: Fix compilation warnings via 61989ae operational: remove double loops via cd7f3fd dsdb-schema: remove looping on all schema classes for system_possible_inferrior from 61a2ad3 swat: Remove swat. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 96f972460ca458e86edbd97c682bfa462e01a242 Author: Matthieu Patou m...@matws.net Date: Tue Jan 1 20:57:25 2013 -0800 ldb_tdb: Warn when reindexing is done Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon May 20 15:47:33 CEST 2013 on sn-devel-104 commit 74fa70cdece0aabf86f8d70e4b48268d48879b9e Author: Matthieu Patou m...@samba.org Date: Fri May 17 17:14:29 2013 +0200 smbtorture: Show the list of cracknames we expect to have and the result Reviewed-by: Andrew Bartlett abart...@samba.org commit 6c4cf59fba463943fa4dfb9afe0a217d8a2b0b23 Author: Matthieu Patou m...@matws.net Date: Fri May 17 07:21:57 2013 -0700 smbtorture: fix a warning due to a set but unused var Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Andrew Bartlett abart...@samba.org commit d42a31d68f3154651f31618f74e2df77084f12f3 Author: Matthieu Patou m...@matws.net Date: Fri May 17 07:19:22 2013 -0700 smbtorture: fix crash when the returning a crackname with an empty name when a valid one was expected Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Andrew Bartlett abart...@samba.org commit d5b440fa897ace7bef4d02a7ad1af556819139a6 Author: Matthieu Patou m...@matws.net Date: Fri May 17 05:26:46 2013 -0700 Fix warning by setting the variable from GUID to const GUID Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Andrew Bartlett abart...@samba.org commit 373448804ba02378ab0957b0f80a6dd28910a261 Author: Matthieu Patou m...@matws.net Date: Fri May 17 05:24:08 2013 -0700 Fix more unused vars Reviewed-by: Andrew Bartlett abart...@samba.org commit 4cc3d065bca7ffe2b8bae58c8e2c4387add3ad52 Author: Matthieu Patou m...@matws.net Date: Fri May 17 05:22:33 2013 -0700 Fix a warning about a set but unused variable by actually using it Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Andrew Bartlett abart...@samba.org commit 972417131d8c23855d728f35fc7680c2dedb21b7 Author: Matthieu Patou m...@matws.net Date: Fri May 17 05:22:15 2013 -0700 Fix warnings about set but unused variables Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Andrew Bartlett abart...@samba.org commit bfce9690bf6e6592d32dd41642a33cbe3c027b81 Author: Matthieu Patou m...@matws.net Date: Fri May 17 05:17:41 2013 -0700 Fix a warning about a shadowed variable by renaming the shadowing var Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Andrew Bartlett abart...@samba.org commit e1b71f1c133fd43935135a44cdbbb7e912ff4279 Author: Matthieu Patou m...@matws.net Date: Fri May 17 04:50:20 2013 -0700 buildtools: Fix compilation warnings STATIC_%s_MODULES_PROTO is defined on the compilation command line by -DSTATIC_something_MODULES_PROTO which the compiler seems to turn into define STATIC_something_MODULES_PROTO 1 thus yielding a warning due to unused var Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Andrew Bartlett abart...@samba.org commit 61989aee31c6dbf5646579c4d774c5b1d7a7f74c Author: Matthieu Patou m...@matws.net Date: Tue Jan 22 00:09:11 2013 -0800 operational: remove double loops Reviewed-by: Andrew Bartlett abart...@samba.org commit cd7f3fd07215a7b8372b6b623faed02ae1310cb1 Author: Matthieu Patou m...@matws.net Date: Mon Jan 21 22:27:10 2013 -0800 dsdb-schema: remove looping on all schema classes for system_possible_inferrior The logic to populate possible inferriors and system possible inferriors is the same so instead of looping twice we do both attributes (depending on
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d7708fd talloc: Fix a typo from 96f9724 ldb_tdb: Warn when reindexing is done http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d7708fd360c1fa1e3111fd4df266b52c96cca196 Author: Volker Lendecke v...@samba.org Date: Mon May 20 14:26:08 2013 +0200 talloc: Fix a typo Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Kai Blin k...@samba.org Autobuild-User(master): Kai Blin k...@samba.org Autobuild-Date(master): Mon May 20 18:48:49 CEST 2013 on sn-devel-104 --- Summary of changes: lib/talloc/talloc.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c index 885d700..76f0aee 100644 --- a/lib/talloc/talloc.c +++ b/lib/talloc/talloc.c @@ -255,7 +255,7 @@ struct talloc_chunk { * if 'limit' is set it means all *new* children of the context will * be limited to a total aggregate size ox max_size for memory * allocations. -* cur_size is used to kep track of the current use +* cur_size is used to keep track of the current use */ struct talloc_memlimit *limit; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f80d56a s4-torture: No need to disable rpc.spoolss.win test when compiled with MIT kerberos. via 8b7788c selftest: mark the spoolss add print processor tests as knownfail for now. via 00ee6a6 s4-torture: add simple tests for spoolss_{Add|Delete}PrintProcessor. via fdf9474 doserr: add mapping for WERR_PRINT_PROCESSOR_ALREADY_INSTALLED. via 9744bf5 spoolss: fill in IDL for spoolss_DeletePrintProcessor. via e8797a3 s4-torture: also deal with Microsoft XPS Document Writer v4 as default driver. via cc153fe s4-torture: add ndr test for spoolss_RpcSetJobNamedProperty. via c568a2e s4-torture: add ndr test for spoolss_GetCorePrinterDrivers. via c51866e s4-torture: add simple test for spoolss_RpcSendRecvBidiData. via aa1e5f2 s4-torture: add test for spoolss_RpcEnumJobNamedProperties. via 3d567f6 spoolss: add spoolss_MonitorContainer IDL. via 1aafc84 spoolss: make RPC_PrintNamedProperty public via cc38511 spoolss: fill in IDL for JobNamedProperty calls. via ec29957 spoolss: make more container objects public for iremotewinspool. via 5a5ed68 spoolss: add idl for spoolss_RpcSendRecvBidiData. via b072bb7 s4-torture: add missing NTSTATUS checks in test_AddJob(). via 69d9e3e spoolss: add [ms_union] to spoolss.idl where appropriate. via 229108e spoolss: fix string types in spoolss_JTEXP. via 393ad20 spoolss: Fix two size elements in the devmode private spoolss_JTEXP struct. from d7708fd talloc: Fix a typo http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f80d56a1a0d62c5a1cdbe78ec3214b9f53e28946 Author: Günther Deschner g...@samba.org Date: Fri May 17 11:23:22 2013 +0200 s4-torture: No need to disable rpc.spoolss.win test when compiled with MIT kerberos. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Mon May 20 20:35:33 CEST 2013 on sn-devel-104 commit 8b7788c5d8ecbac3b8a41cdbb4fec7f0e73a9b76 Author: Günther Deschner g...@samba.org Date: Fri Feb 1 14:53:12 2013 +0100 selftest: mark the spoolss add print processor tests as knownfail for now. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit 00ee6a648b6290d6d3ddcb35fe5aa4c797222684 Author: Günther Deschner g...@samba.org Date: Fri Feb 1 14:07:50 2013 +0100 s4-torture: add simple tests for spoolss_{Add|Delete}PrintProcessor. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit fdf94747599e1461873fb2a5466f1e55d904333f Author: Günther Deschner g...@samba.org Date: Fri Feb 1 14:07:07 2013 +0100 doserr: add mapping for WERR_PRINT_PROCESSOR_ALREADY_INSTALLED. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit 9744bf519b1fcdab59ba7d55b2b664a6b44b30bd Author: Günther Deschner g...@samba.org Date: Fri Feb 1 02:34:11 2013 +0100 spoolss: fill in IDL for spoolss_DeletePrintProcessor. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit e8797a3ecc03cbbdbc51c3952ac72fd663d5849c Author: Günther Deschner g...@samba.org Date: Thu Jan 31 22:06:20 2013 +0100 s4-torture: also deal with Microsoft XPS Document Writer v4 as default driver. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit cc153fe86f780d4aefe40999064b294b612e92d6 Author: Günther Deschner g...@samba.org Date: Thu Jan 31 14:56:17 2013 +0100 s4-torture: add ndr test for spoolss_RpcSetJobNamedProperty. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit c568a2e5c58d01fdd27156e84b361e49c4666fb1 Author: Günther Deschner g...@samba.org Date: Tue Jan 22 10:17:27 2013 +0100 s4-torture: add ndr test for spoolss_GetCorePrinterDrivers. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit c51866eadf6159a6fa76af28be3b9a724ed28b46 Author: Günther Deschner g...@samba.org Date: Thu Jan 31 20:44:54 2013 +0100 s4-torture: add simple test for spoolss_RpcSendRecvBidiData. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit aa1e5f29af2a4560eecaac08ed62c2e63d3c8504 Author: Günther Deschner g...@samba.org Date: Mon Jan 21 22:09:22 2013 +0100 s4-torture:
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-05-21-0341/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-05-21-0341/samba3.stderr http://git.samba.org/autobuild.flakey/2013-05-21-0341/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-05-21-0341/samba.stderr http://git.samba.org/autobuild.flakey/2013-05-21-0341/samba.stdout The top commit at the time of the failure was: commit f80d56a1a0d62c5a1cdbe78ec3214b9f53e28946 Author: Günther Deschner g...@samba.org Date: Fri May 17 11:23:22 2013 +0200 s4-torture: No need to disable rpc.spoolss.win test when compiled with MIT kerberos. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Mon May 20 20:35:33 CEST 2013 on sn-devel-104