[Samba] custom permission for single user deep in tree where he has no access
Hello all, Got samba with AD integration and extended ACL up and running. Here is what I am trying to do. share1 in smb.conf: [share1] comment = share1 path = /mnt/data/share1 public = no writable = yes printable = no valid users = @DOMAIN+group1 user1 and user2 are members of group1 user3 is not user1 creates \\server\share1\dir1\user3 user1 grants permission only on the user3 directory to user3, not on any parent directories according to what I experienced with a windows file server, user3 should be able to access this folder on: \\server\share1\dir1\user3 But I get access denied with this samba setup. Are there any configuration directives I am missing? Kind regards, Coert Waagmeester PS HERE is my smb.conf: #=== Global Settings = [global] workgroup = DOMAIN server string = DOMAIN File server # --- Logging Options - log file = /var/log/samba/log.%m max log size = 50 # --- Domain Members Options security = domain passdb backend = tdbsam realm = DOMAIN.LOCAL winbind enum users = Yes winbind enum groups = Yes ;winbind use default domain = Yes winbind nested groups = Yes winbind separator = + idmap config * : range = 6000-2 idmap config * : backend = tdb ;idmap uid = 6000-2 ;idmap gid = 6000-2 ;template primary group = Domain Users template shell = /sbin/nologin template homedir = /mnt/data/DOMAIN/home/%D/%U root preexec = /usr/local/sbin/mkhomedir.sh %D %U ; password server = NT-Server-Name # --- Printing Options - load printers = yes cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups # --- Filesystem Options --- map archive = yes map hidden = yes map read only = yes map system = yes store dos attributes = yes # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [share1] comment = share1 path = /mnt/data/share1 public = no writable = yes printable = no ;write list = +staff valid users = @DOMAIN+group1, DOMAIN+user3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 errors
We found out that samba is performing connections on the RPC port (TCP 445) against itself, and it scales until the memory is gone completely and crashes. Any hint? On Mon, Jun 10, 2013 at 3:08 PM, Andreas Calvo flipy@gmail.com wrote: Hello, We've been using samba v4 for a while, but recently we faced two problems for which we cannot determine the source - nor the solution: - every day samba4 stops authenticating new users and sharing folders. While previous logged users can access resources and services, users that weren't logged can't log in. It happens either from kerberos or directly from LDAP. - We are forwarding all DNS requests to the internal DNS server in samba. When samba it's restarted, our main DNS server must be restarted too as it cannot forward new queries to the samba server - howerver, both reply to requests if queried individually. We have tried to update from 4.0.5 to 4.0.6, and to downgrade it as it wasn't working either. Logs don't show anything that we can identify as an error/misconfiguration - and samba main log file remains with extension %m, it does not get expanded; while client's log file end with the IP/hostname of the machine. What steps can we perform to identify the root of the problem? Is there a particular string in the log files that can help? PS: if necessary, we can upload a log file sample and the samba configuration. Thanks in advance. -- Atentamente, Andreas Calvo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DC IP address change
Hello, Am 10.06.2013 21:30, schrieb Saad Benateigha: Hello: I have been using a test network for testing Samba 4 Everything worked OK using 192.168.1.20 for DC When I changed the IP to another one in a different subnet I modified the following: * The hosts file * Network interfaces * IP forwarders I can access internet, I can ping the DC with the changed IP address But when I run host -t A samba.samdom.example.com. //changing the appropriate host and domain I still get the old IP 192.168.1.120 What am I missing You only changed the IP stuff on OS side. Not inside the Samba databases/AD. Have a look at the thread about the same topic one month ago: https://lists.samba.org/archive/samba-technical/2013-May/092259.html Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4+bind on centos
Hi All I've started again from scratch, following the wikipage at https://wiki.samba.org/index.php/Dns-backend_bind#Bind_9.8_.2F_9.9 I'm using bind 9.8.5-P1 and samba4 master (from yesterday I guess) compiling from scratch: bind: ./configure --with-gssapi=/usr/include/gssapi --with-dlopen=yes And the given named.conf in /etc/bind/ (as this is where I want the config to reside) I've include the local zones as provided and I modified the named in a few places: diff orig-named.conf /etc/bind/named.conf 6c6 directory /var/named; --- directory /etc/bind; 8c8 forwarders { 8.8.8.8; 8.8.4.4; }; --- forwarders { 172.16.1.12; 172.16.1.18; }; 16,17c16,18 10.1.1.0/24; ...other networks you want to allow to query your DNS...; --- 192.168.6.0/24; 127.0.0.0/8; #...other networks you want to allow to query your DNS...; 21,22c22,24 10.1.1.0/24; ...other networks you want to allow to do recursive queries...; --- 192.168.6.0/24; 127.0.0.0/8; #...other networks you want to allow to do recursive queries...; 24a27,28 tkey-gssapi-keytab /usr/local/samba/private/dns.keytab; 26a31 include /usr/local/samba/private/named.conf; This is just so bind actually works and the files created by provision are included Provision was done using: samba-tool domain provision Realm: example Domain [example]: example.com Server Role (dc, member, standalone) [dc]: dc DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_DLZ Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=example Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=example Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions See /usr/local/samba/private/named.conf for an example configuration include file for BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: sambabind02 NetBIOS Domain:EXAMPLE.COM DNS Domain:example DOMAIN SID:S-1-5-21-294307859-3325552197-969134079 stopped/started bind using the new config file Then I started /usr/local/samba/sbin/samba -D Then command: # /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names IPs: ['192.168.6.86'] Traceback (most recent call last): File /usr/local/samba/sbin/samba_dnsupdate, line 511, in module get_credentials(lp) File /usr/local/samba/sbin/samba_dnsupdate, line 124, in get_credentials raise e RuntimeError: kinit for SAMBABIND02$@EXAMPLE failed (Cannot contact any KDC for requested realm) It appears that samba_dnsupdate tries to get a ticket from the KDC that it tries to find using DNS, but the record isn't yet inserted in the bind dns database. Is it a chicken/egg problem? Now either the wiki hasn't been fully tested or it's missing a obvious step Any clues? /Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4+bind on centos
Have you created the reverse zone? Samba, for some reason, does not automatically create it. If I run your command, I get: IPs: ['192.168.0.2'] Calling nsupdate for A domain.lan 192.168.0.2 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: domain.lan.900INA192.168.0.2 and so on ~ Rowland On 11 June 2013 10:54, NOC n...@nieuwland.nl wrote: Hi All I've started again from scratch, following the wikipage at https://wiki.samba.org/index.**php/Dns-backend_bind#Bind_9.8_**.2F_9.9https://wiki.samba.org/index.php/Dns-backend_bind#Bind_9.8_.2F_9.9 I'm using bind 9.8.5-P1 and samba4 master (from yesterday I guess) compiling from scratch: bind: ./configure --with-gssapi=/usr/include/**gssapi --with-dlopen=yes And the given named.conf in /etc/bind/ (as this is where I want the config to reside) I've include the local zones as provided and I modified the named in a few places: diff orig-named.conf /etc/bind/named.conf 6c6 directory /var/named; --- directory /etc/bind; 8c8 forwarders { 8.8.8.8; 8.8.4.4; }; --- forwarders { 172.16.1.12; 172.16.1.18; }; 16,17c16,18 10.1.1.0/24; ...other networks you want to allow to query your DNS...; --- 192.168.6.0/24; 127.0.0.0/8; #...other networks you want to allow to query your DNS...; 21,22c22,24 10.1.1.0/24; ...other networks you want to allow to do recursive queries...; --- 192.168.6.0/24; 127.0.0.0/8; #...other networks you want to allow to do recursive queries...; 24a27,28 tkey-gssapi-keytab /usr/local/samba/private/dns.**keytab; 26a31 include /usr/local/samba/private/**named.conf; This is just so bind actually works and the files created by provision are included Provision was done using: samba-tool domain provision Realm: example Domain [example]: example.com Server Role (dc, member, standalone) [dc]: dc DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_DLZ Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=example Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=**example Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions See /usr/local/samba/private/**named.conf for an example configuration include file for BIND and /usr/local/samba/private/**named.txt for further documentation required for secure DNS updates Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.**conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: sambabind02 NetBIOS Domain:EXAMPLE.COM DNS Domain:example DOMAIN SID:S-1-5-21-294307859-3325552197-**969134079 stopped/started bind using the new config file Then I started /usr/local/samba/sbin/samba -D Then command: # /usr/local/samba/sbin/samba_**dnsupdate --verbose --all-names IPs: ['192.168.6.86'] Traceback (most recent call last): File /usr/local/samba/sbin/samba_**dnsupdate, line 511, in module get_credentials(lp) File /usr/local/samba/sbin/samba_**dnsupdate, line 124, in get_credentials raise e RuntimeError: kinit for SAMBABIND02$@EXAMPLE failed (Cannot contact any KDC for requested realm) It appears that samba_dnsupdate tries to get a ticket from the KDC that it tries to find using DNS, but the record isn't yet inserted in the bind dns database. Is it a chicken/egg problem? Now either the wiki hasn't been fully tested or it's missing a obvious step Any clues? /Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and
Re: [Samba] samba4+bind on centos
On 06/11/2013 12:15 PM, Rowland Penny wrote: Have you created the reverse zone? Samba, for some reason, does not automatically create it. If I run your command, I get: IPs: ['192.168.0.2'] Calling nsupdate for A domain.lan 192.168.0.2 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: domain.lan.900INA192.168.0.2 and so on ~ Rowland Hi Rowland, do you mean the samba_dnsupdate command? I don't think the command, when I run it, gets as far as you get. Where do you propose to create the reverse zone? statically in bind or by editing the file /usr/local/samba/private/dns_update_list? Cheers Simon On 11 June 2013 10:54, NOC n...@nieuwland.nl mailto:n...@nieuwland.nl wrote: Hi All I've started again from scratch, following the wikipage at https://wiki.samba.org/index.php/Dns-backend_bind#Bind_9.8_.2F_9.9 I'm using bind 9.8.5-P1 and samba4 master (from yesterday I guess) compiling from scratch: bind: ./configure --with-gssapi=/usr/include/gssapi --with-dlopen=yes And the given named.conf in /etc/bind/ (as this is where I want the config to reside) I've include the local zones as provided and I modified the named in a few places: diff orig-named.conf /etc/bind/named.conf 6c6 directory /var/named; --- directory /etc/bind; 8c8 forwarders { 8.8.8.8; 8.8.4.4; }; --- forwarders { 172.16.1.12; 172.16.1.18; }; 16,17c16,18 10.1.1.0/24 http://10.1.1.0/24; ...other networks you want to allow to query your DNS...; --- 192.168.6.0/24 http://192.168.6.0/24; 127.0.0.0/8 http://127.0.0.0/8; #...other networks you want to allow to query your DNS...; 21,22c22,24 10.1.1.0/24 http://10.1.1.0/24; ...other networks you want to allow to do recursive queries...; --- 192.168.6.0/24 http://192.168.6.0/24; 127.0.0.0/8 http://127.0.0.0/8; #...other networks you want to allow to do recursive queries...; 24a27,28 tkey-gssapi-keytab /usr/local/samba/private/dns.keytab; 26a31 include /usr/local/samba/private/named.conf; This is just so bind actually works and the files created by provision are included Provision was done using: samba-tool domain provision Realm: example Domain [example]: example.com http://example.com Server Role (dc, member, standalone) [dc]: dc DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_DLZ Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=example Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=example Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions See /usr/local/samba/private/named.conf for an example configuration include file for BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: sambabind02 NetBIOS Domain: EXAMPLE.COM http://EXAMPLE.COM DNS Domain:example DOMAIN SID:S-1-5-21-294307859-3325552197-969134079 stopped/started bind using the new config file Then I started /usr/local/samba/sbin/samba -D Then command: # /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names IPs: ['192.168.6.86'] Traceback (most recent call last): File /usr/local/samba/sbin/samba_dnsupdate, line 511, in module get_credentials(lp) File /usr/local/samba/sbin/samba_dnsupdate, line 124, in get_credentials
Re: [Samba] samba4+bind on centos
You need to create the reverse zone using samba-tool. Example using '192.168.0.10' for the Samba 4 server and the realm 'DOMAIN.LAN' samba-tool dns zonecreate 192.168.0.10 0.168.192.in-addr.arpa -U administra...@domain.lan Now add the AD server to the reverse zone. Here the Samba 4 servers FQDN is 'adserver.domain.lan' samba-tool dns add 192.168.0.10 0.168.192.in-addr.arpa 10 PTR adserver.domain.lan -U administra...@domain.lan Rowland On 11 June 2013 11:35, NOC n...@nieuwland.nl wrote: On 06/11/2013 12:15 PM, Rowland Penny wrote: Have you created the reverse zone? Samba, for some reason, does not automatically create it. If I run your command, I get: IPs: ['192.168.0.2'] Calling nsupdate for A domain.lan 192.168.0.2 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: domain.lan.900INA192.168.0.2 and so on ~ Rowland Hi Rowland, do you mean the samba_dnsupdate command? I don't think the command, when I run it, gets as far as you get. Where do you propose to create the reverse zone? statically in bind or by editing the file /usr/local/samba/private/dns_**update_list? Cheers Simon On 11 June 2013 10:54, NOC n...@nieuwland.nl mailto:n...@nieuwland.nl wrote: Hi All I've started again from scratch, following the wikipage at https://wiki.samba.org/index.**php/Dns-backend_bind#Bind_9.8_** .2F_9.9https://wiki.samba.org/index.php/Dns-backend_bind#Bind_9.8_.2F_9.9 I'm using bind 9.8.5-P1 and samba4 master (from yesterday I guess) compiling from scratch: bind: ./configure --with-gssapi=/usr/include/**gssapi --with-dlopen=yes And the given named.conf in /etc/bind/ (as this is where I want the config to reside) I've include the local zones as provided and I modified the named in a few places: diff orig-named.conf /etc/bind/named.conf 6c6 directory /var/named; --- directory /etc/bind; 8c8 forwarders { 8.8.8.8; 8.8.4.4; }; --- forwarders { 172.16.1.12; 172.16.1.18; }; 16,17c16,18 10.1.1.0/24 http://10.1.1.0/24; ...other networks you want to allow to query your DNS...; --- 192.168.6.0/24 http://192.168.6.0/24; 127.0.0.0/8 http://127.0.0.0/8; #...other networks you want to allow to query your DNS...; 21,22c22,24 10.1.1.0/24 http://10.1.1.0/24; ...other networks you want to allow to do recursive queries...; --- 192.168.6.0/24 http://192.168.6.0/24; 127.0.0.0/8 http://127.0.0.0/8; #...other networks you want to allow to do recursive queries...; 24a27,28 tkey-gssapi-keytab /usr/local/samba/private/dns.**keytab; 26a31 include /usr/local/samba/private/**named.conf; This is just so bind actually works and the files created by provision are included Provision was done using: samba-tool domain provision Realm: example Domain [example]: example.com http://example.com Server Role (dc, member, standalone) [dc]: dc DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_DLZ Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=example Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=**example Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions See /usr/local/samba/private/**named.conf for an example configuration include file for BIND and /usr/local/samba/private/**named.txt for further documentation required for secure DNS updates Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.**conf Once the above files are installed, your Samba4 server will be ready to use
[Samba] Clustered Samba 3.6.6 connection issues
Dear Samba Community, we recently did upgrade our data server cluster from Debian Squeeze (Samba 3.5.6) to Debian Wheezy (Samba 3.6.6). The cluster is configured to act as BDC too. After the upgrade, connecting to the server works for a short while and then users experience disconnects and are unable to reconnect the mapped network drive (mostly on Win7/64bit; connections from Linux machines work flawlessly). The only error message on the Win7 we could capture was: | This computer was not able to set up a secure session with a domain | controller in domain DOMAIN due to the following: | The RPC server is unavailable. | This may lead to authentication problems. Make sure that this computer is | connected to the network. If the problem persists, please contact your | domain administrator. A test cluster showed that with the very same config files, Samba 3.6.6 works just fine in a cluster when not being a BDC (domain logons = no and security = domain). It is perfectly fine for us to not use the cluster as BDC. But we'd like to find out what changed between 3.5.6 and 3.6.6 that could cause such a behaviour. Could someone please be so kind to guide us in the right direction? Thanks, Adi Kriegisch PS: Attached is a config file of our Samba cluster. We're using OCFS2 as data file system and glusterfs for the ctdb recovery lock file and to keep the netlogon stuff in sync (mounted at /var/csamba). In case you need any more information please let me know! [global] workgroup = DOMAIN netbios name = CLUSTER server string = data server cluster (Samba %v) passdb backend = ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi/ map untrusted to domain = Yes unix extensions = No deadtime = 15 ctdbd socket = /tmp/ctdb.socket cluster addresses = 192.169.10.30, 192.168.10.31, 192.168.10.32 clustering = Yes load printers = No printcap name = /dev/null logon script = %U.cmd logon path = logon home = domain logons = Yes security = user # as domain member: #domain logons = No #security = domain local master = No domain master = No wins server = 192.168.1.10 ldap admin dn = uid=admin,dc=domain,dc=org ldap group suffix = ou=Groups ldap machine suffix = ou=SambaMachines,ou=Users ldap suffix = dc=domain,dc=org ldap ssl = no ldap user suffix = ou=Users panic action = /usr/share/samba/panic-action %d fileid:mapping = fsid idmap config * : backend = tdb2 inherit permissions = Yes inherit acls = Yes use sendfile = Yes printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j wide links = Yes dos filemode = Yes vfs objects = fileid [homes] comment = Home Directories read only = No create mask = 0775 directory mask = 0775 strict allocate = Yes browseable = No [netlogon] path = /var/csamba/netlogon write list = @admin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 Additional DC existing domain
Using Ubuntu 10.04 LTS 32-bit. Tried following the wiki to install an additional DC in an existing AD domain. Here are the steps I took: 1. Installed the Ubuntu prerequisites and then I built from source. It compiled and installed successfully to /usr/local/samba 2. Skipped Step 1 Provision Samba according to the wiki It's not required to install as an additional DC in existing domain 3. Went to step 2 Starting your Samba AD DC located here: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 4. Set /etc/krb5.conf with the following: [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true default_realm = mydomain.local 5. Ran kinit Administrator and put in the domain admin password and I got absolutely no output. The command ran and I got no error or any indication that anything happened. Apparently I'm supposed to get something like this: 6. Ticket cache: FILE:/tmp/krb5cc_0 7. Default principal: administrator@mydomain.local 8. 9. Valid starting ExpiresService principal 10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/ Additionally, running /usr/local/samba/sbin/samba does nothing also. When I c heck for any samba running processes I get nothing. I'm stuck. I would appreciate some assistance on this. Thanks a lot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
Hello Dino, Am 11.06.2013 17:11, schrieb Dino Edwards: Using Ubuntu 10.04 LTS 32-bit. Tried following the wiki to install an additional DC in an existing AD domain. Here are the steps I took: 1. Installed the Ubuntu prerequisites and then I built from source. It compiled and installed successfully to /usr/local/samba 2. Skipped Step 1 Provision Samba according to the wiki It's not required to install as an additional DC in existing domain 3. Went to step 2 Starting your Samba AD DC located here: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 4. Set /etc/krb5.conf with the following: [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true default_realm = mydomain.local 5. Ran kinit Administrator and put in the domain admin password and I got absolutely no output. The command ran and I got no error or any indication that anything happened. Apparently I'm supposed to get something like this: 6. Ticket cache: FILE:/tmp/krb5cc_0 7. Default principal: administrator@mydomain.local 8. 9. Valid starting ExpiresService principal 10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/ Additionally, running /usr/local/samba/sbin/samba does nothing also. When I c heck for any samba running processes I get nothing. I'm stuck. I would appreciate some assistance on this. Thanks a lot Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. Can you start Samba with the following command and see, what it outputs: # samba -i -M single Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
Kinit doesn't have output on all systems (ubuntu is one of them) after running that, klist should show that you have an active ticket. Also do what Marc says samba -i -M single and see where samba is failing the startup. Ricky On Tue, Jun 11, 2013 at 10:38 AM, Marc Muehlfeld sa...@marc-muehlfeld.dewrote: Hello Dino, Am 11.06.2013 17:11, schrieb Dino Edwards: Using Ubuntu 10.04 LTS 32-bit. Tried following the wiki to install an additional DC in an existing AD domain. Here are the steps I took: 1. Installed the Ubuntu prerequisites and then I built from source. It compiled and installed successfully to /usr/local/samba 2. Skipped Step 1 Provision Samba according to the wiki It's not required to install as an additional DC in existing domain 3. Went to step 2 Starting your Samba AD DC located here: http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**domain_as_a_DChttp://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 4. Set /etc/krb5.conf with the following: [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true default_realm = mydomain.local 5. Ran kinit Administrator and put in the domain admin password and I got absolutely no output. The command ran and I got no error or any indication that anything happened. Apparently I'm supposed to get something like this: 6. Ticket cache: FILE:/tmp/krb5cc_0 7. Default principal: administrator@mydomain.local 8. 9. Valid starting ExpiresService principal 10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/ Additionally, running /usr/local/samba/sbin/samba does nothing also. When I c heck for any samba running processes I get nothing. I'm stuck. I would appreciate some assistance on this. Thanks a lot Did you followed *all* steps from the http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**domain_as_a_DChttp://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. Can you start Samba with the following command and see, what it outputs: # samba -i -M single Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
On 6/11/2013 10:58 AM, Ricky Nance wrote: Kinit doesn't have output on all systems (ubuntu is one of them) after running that, klist should show that you have an active ticket. Also do what Marc says samba -i -M single and see where samba is failing the startup. If I migh add issue the command with some debug level so you see some more info: samba -i -M single -d3 Cheers Ricky On Tue, Jun 11, 2013 at 10:38 AM, Marc Muehlfeld sa...@marc-muehlfeld.dewrote: Hello Dino, Am 11.06.2013 17:11, schrieb Dino Edwards: Using Ubuntu 10.04 LTS 32-bit. Tried following the wiki to install an additional DC in an existing AD domain. Here are the steps I took: 1. Installed the Ubuntu prerequisites and then I built from source. It compiled and installed successfully to /usr/local/samba 2. Skipped Step 1 Provision Samba according to the wiki It's not required to install as an additional DC in existing domain 3. Went to step 2 Starting your Samba AD DC located here: http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**domain_as_a_DChttp://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 4. Set /etc/krb5.conf with the following: [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true default_realm = mydomain.local 5. Ran kinit Administrator and put in the domain admin password and I got absolutely no output. The command ran and I got no error or any indication that anything happened. Apparently I'm supposed to get something like this: 6. Ticket cache: FILE:/tmp/krb5cc_0 7. Default principal: administrator@mydomain.local 8. 9. Valid starting ExpiresService principal 10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/ Additionally, running /usr/local/samba/sbin/samba does nothing also. When I c heck for any samba running processes I get nothing. I'm stuck. I would appreciate some assistance on this. Thanks a lot Did you followed *all* steps from the http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**domain_as_a_DChttp://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. Can you start Samba with the following command and see, what it outputs: # samba -i -M single Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- David Gonzalez DGHVoIP USA: MOBILE: +1.646.559.6200 COL: +57.1.382.6718 COL: +57.4.247.0985 URL: www.dghvoip.com Skype: davidgonzalezh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
I'm pretty sure I did unless I'm missing something. According to what I'm reading, the very first step is running the kinit administrator command which of course shows no output on the screen. So, to address the second suggestion when I run: /usr/local/samba/sbin/samba -i -M single I get this: samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote' You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks Dino Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. Can you start Samba with the following command and see, what it outputs: # samba -i -M single Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
-Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of David González Herrera - [DGHVoIP] Sent: Tuesday, June 11, 2013 12:02 PM To: Ricky Nance Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 4 Additional DC existing domain On 6/11/2013 10:58 AM, Ricky Nance wrote: Kinit doesn't have output on all systems (ubuntu is one of them) after running that, klist should show that you have an active ticket. Also do what Marc says samba -i -M single and see where samba is failing the startup. If I migh add issue the command with some debug level so you see some more info: samba -i -M single -d3 When I run: /usr/local/samba/sbin/samba -i -M single -d3 I get the following: samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered NTPTR backend 'simple_ldb' NTVFS backend 'default' for type 1 registered NTVFS backend 'posix' for type 1 registered NTVFS backend 'unixuid' for type 1 registered NTVFS backend 'unixuid' for type 3 registered NTVFS backend 'unixuid' for type 2 registered NTVFS backend 'cifs' for type 1 registered NTVFS backend 'smb2' for type 1 registered NTVFS backend 'simple' for type 1 registered NTVFS backend 'cifsposix' for type 1 registered NTVFS backend 'default' for type 3 registered NTVFS backend 'default' for type 2 registered NTVFS backend 'nbench' for type 1 registered PROCESS_MODEL 'single' registered PROCESS_MODEL 'onefork' registered PROCESS_MODEL 'prefork' registered PROCESS_MODEL 'standard' registered AUTH backend 'sam' registered AUTH backend 'sam_ignoredomain' registered AUTH backend 'anonymous' registered AUTH backend 'winbind' registered AUTH backend 'winbind_wbclient' registered AUTH backend 'name_to_ntstatus' registered AUTH backend 'unix' registered SHARE backend [classic] registered. SHARE backend [ldb] registered. At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote' You should start smbd/nmbd/winbindd instead for domain member and standalone file server task -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
Kinit doesn't have output on all systems (ubuntu is one of them) after running that, klist should show that you have an active ticket. Running: Klist I get the following: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator@MYDOMAIN.LOCAL Valid starting ExpiresService principal 06/11/13 12:22:52 06/11/13 22:22:42 krbtgt/MYDOMAIN.LOCAL@MYDOMAIN.LOCAL renew until 06/12/13 12:22:52 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 Ubuntu Package Available
Andrew- I'll be sure to join the mailing list and help out when I can. However, a bit of bad news, I started to use that package that resulted from your debian directory, and I'm having issues with LDB and replication (again!). Any ldb utility (e.g. ldbsearch) errors out as follows: WARNING: Module [samba_dsdb] not found - do you need to set LDB_MODULES_PATH? Unable to load modules for /var/lib/samba/private/sam.ldb: (null) Failed to connect to /var/lib/samba/private/sam.ldb - (null) On a possibly related note: replication spits out WERR_BADFILE for all inbound/outbound neighbors on the PDC. The secondary DC states the inbound is successful (even though they appear to not actually be) but attempts nothing for outbound. Manually setting LDB_MODULES_PATH=/usr/lib/x86_64-linux-gnu/samba/ldb/ fixes the ldb errors; however, I do not recall having to set this variable with older variables. Additionally, neither this nor manually replicated zones (listed as successful) seem to not fix the replication issues (WERR_BADFILE perists). My package doesn't seem to have the replication issues (at least with Samba Internal DNS) but does have the ldb modules issue. Any ideas on what could be going wrong with replication on the other package? Also, ideas on how to fix the ldb modules issue? -Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
Am 11.06.2013 18:21, schrieb Dino Edwards: samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote' You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks You haven't answered my previous question: Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. Because, if you haven't joined the domain, then you don't have an smb.conf either. And without a smb.conf, you get this error, too If you have an smb.conf, then please post it. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 Ubuntu Package Available
On Tue, Jun 11, 2013 at 11:38 AM, Mike Ray m...@xes-inc.com wrote: On a possibly related note: replication spits out WERR_BADFILE for all inbound/outbound neighbors on the PDC. The secondary DC states the inbound is successful (even though they appear to not actually be) but attempts nothing for outbound. A lot of times the WERR_BADFILE is due to the nameserver line in your /etc/resolv.conf, you need to set it to one of your DC's, then restart BOTH samba servers and see if that line goes away. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 errors
A more detailed output: [root@sauron ~]# netstat -tnp|grep 445|grep 192.168.0.222|grep 55257 tcp 24 0 192.168.0.222:55257 192.168.0.222:445 ESTABLISHED 17417/samba tcp0 0 192.168.0.222:445 192.168.0.222:55257 ESTABLISHED 23713/smbd Note that 192.168.0.222 is the IP address of the samba server. This occurs when the backup agent starts running. It seems that samba it's connecting to itself, and the socket remains open. On Tue, Jun 11, 2013 at 11:30 AM, Andreas Calvo flipy@gmail.com wrote: We found out that samba is performing connections on the RPC port (TCP 445) against itself, and it scales until the memory is gone completely and crashes. Any hint? On Mon, Jun 10, 2013 at 3:08 PM, Andreas Calvo flipy@gmail.comwrote: Hello, We've been using samba v4 for a while, but recently we faced two problems for which we cannot determine the source - nor the solution: - every day samba4 stops authenticating new users and sharing folders. While previous logged users can access resources and services, users that weren't logged can't log in. It happens either from kerberos or directly from LDAP. - We are forwarding all DNS requests to the internal DNS server in samba. When samba it's restarted, our main DNS server must be restarted too as it cannot forward new queries to the samba server - howerver, both reply to requests if queried individually. We have tried to update from 4.0.5 to 4.0.6, and to downgrade it as it wasn't working either. Logs don't show anything that we can identify as an error/misconfiguration - and samba main log file remains with extension %m, it does not get expanded; while client's log file end with the IP/hostname of the machine. What steps can we perform to identify the root of the problem? Is there a particular string in the log files that can help? PS: if necessary, we can upload a log file sample and the samba configuration. Thanks in advance. -- Atentamente, Andreas Calvo -- Atentamente, Andreas Calvo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 Ubuntu Package Available
Ricky- Thanks for the response. Unfortunately that did not work. The domain controllers that are running with the package created using the up-to-date debian folder continue to show the WERR_BADFILE error. Following your advice, I have tried resolv.conf with dc1 specified, with dc2 specified, with each specifying themselves via static IP and each specifying themselves via 127.0.0.1, but no luck with any (samba was restarted between every change). The domain controllers that are running with the package created using my debian do not show this error. Presently the resolv.conf on both state the nameserver as 127.0.0.1. -Mike - Original Message - From: Ricky Nance ricky.na...@gmail.com To: Mike Ray m...@xes-inc.com Cc: Andrew Bartlett abart...@samba.org, samba@lists.samba.org Sent: Tuesday, June 11, 2013 11:49:41 AM Subject: Re: [Samba] Samba 4.0.6 Ubuntu Package Available On Tue, Jun 11, 2013 at 11:38 AM, Mike Ray m...@xes-inc.com wrote: On a possibly related note: replication spits out WERR_BADFILE for all inbound/outbound neighbors on the PDC. The secondary DC states the inbound is successful (even though they appear to not actually be) but attempts nothing for outbound. A lot of times the WERR_BADFILE is due to the nameserver line in your /etc/resolv.conf, you need to set it to one of your DC's, then restart BOTH samba servers and see if that line goes away. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Losing Permissions of Files
Hi, I have a OpenSuse 12.2 system running Samba 4.0.6 (compiled from source). Every once in a while, we run into an issue where all permissions on a file are lost. I've checked the ACLs, and they seem fine. The only way to get permissions back is to copy the file to a new name, remove the old file, and rename the file back to the original name. Can anyone help solve this issue? My smb.conf follows: # Global parameters [global] workgroup = X realm = X netbios name = X server role = active directory domain controller dns forwarder = 555.555.555.555 dns forwarder = 555.555.555.666 [netlogon] path = /usr/local/samba/var/locks/sysvol/X/scripts read only = No browseable = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No browseable = No ## Samba shares [data] comment = General Company data path = /STR/corp/data read only = No [projects] comment = Projects path = /STR/corp/projects read only = No thanks, Tanveer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
You haven't answered my previous question: Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. I believe I answered it albeit indirectly. One of the first steps of joining a domain as a DC was to run the kinit command and upon success proceed with joining the domain. Since I wasn't getting any output from running that command, I stopped and didn't go any further with joining the domain because I thought there was something wrong. I wasn't aware that I had to run klist in Ubuntu in order to get the output that I needed. Once I did that, I went ahead and followed the steps to join the domain and I was able to get it working. Now I have a smb.conf file like I should. However, now I have a few other questions if you could be so kind to answer. When I pointed one of the windows machines to use the samba 4 DC as its DNS server, I was able to resolve hosts in the mydomain.local domain. However, I wasn't able to resolve hosts outside my domain. A Windows DNS server is able to do that. Is this behavior because I'm not using Bind with the samba 4 DC but instead I'm using the int ernal samba DNS? What do I need to do to rectify that? I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4 DC as the DNS server of the samba 4 DC in /etc/network/interfaces file vs. pointing to the Windows DC. Is that a correct assumption? And finally, rebooting the server does not automatically start samba. I have to start it manually. Do I need to create a script in /etc/init.d/ and if that's the case, is there a template for that somewhere? Thanks in advance. Dino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
did you put in a dns forwarder = ip.of.external.dns.server line? 2013/6/11 Dino Edwards dino.edwa...@mydirectmail.net You haven't answered my previous question: Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. I believe I answered it albeit indirectly. One of the first steps of joining a domain as a DC was to run the kinit command and upon success proceed with joining the domain. Since I wasn't getting any output from running that command, I stopped and didn't go any further with joining the domain because I thought there was something wrong. I wasn't aware that I had to run klist in Ubuntu in order to get the output that I needed. Once I did that, I went ahead and followed the steps to join the domain and I was able to get it working. Now I have a smb.conf file like I should. However, now I have a few other questions if you could be so kind to answer. When I pointed one of the windows machines to use the samba 4 DC as its DNS server, I was able to resolve hosts in the mydomain.local domain. However, I wasn't able to resolve hosts outside my domain. A Windows DNS server is able to do that. Is this behavior because I'm not using Bind with the samba 4 DC but instead I'm using the int ernal samba DNS? What do I need to do to rectify that? I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4 DC as the DNS server of the samba 4 DC in /etc/network/interfaces file vs. pointing to the Windows DC. Is that a correct assumption? And finally, rebooting the server does not automatically start samba. I have to start it manually. Do I need to create a script in /etc/init.d/ and if that's the case, is there a template for that somewhere? Thanks in advance. Dino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
Hello Dino, Am 11.06.2013 22:04, schrieb Dino Edwards: I believe I answered it albeit indirectly. One of the first steps of joining a domain as a DC was to run the kinit command and upon success proceed with joining the domain. Since I wasn't getting any output from running that command, I stopped and didn't go any further with joining the domain because I thought there was something wrong. I changed the HowTo a bit, to make it more clear, that the output shown is from klist and not kinit. When I pointed one of the windows machines to use the samba 4 DC as its DNS server, I was able to resolve hosts in the mydomain.local domain. However, I wasn't able to resolve hosts outside my domain. A Windows DNS server is able to do that. You have to add dns forwarder = 8.8.8.8 to your smb.conf and restart Samba. Adapt 8.8.8.8 to whatever you host is, to which you want to forward queries to, your Samba isn't authoritative for. I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4 DC as the DNS server of the samba 4 DC in /etc/network/interfaces file vs. pointing to the Windows DC. Is that a correct assumption? You can use the IP of any host, that is able to resolve your AD DNS domain(s). And finally, rebooting the server does not automatically start samba. I have to start it manually. Do I need to create a script in /etc/init.d/ and if that's the case, is there a template for that somewhere? Yes, you need something that start the service if you want Samba to come up on reboots. See https://wiki.samba.org/index.php/Samba4/InitScript Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
Hello Tanveer, Am 11.06.2013 21:41, schrieb Tanveer Virani: I have a OpenSuse 12.2 system running Samba 4.0.6 (compiled from source). Every once in a while, we run into an issue where all permissions on a file are lost. I've checked the ACLs, and they seem fine. The only way to get permissions back is to copy the file to a new name, remove the old file, and rename the file back to the original name. Can anyone help solve this issue? - What exactly do you mean by all permissions on a file are lost? - Can you show the 'getfacl' output on such a file, before and after? - If permissions getting lost, did someone edit the file? - Does it happen only on a special kind of files? - etc. Please give some more information on the issue. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
On Tue, Jun 11, 2013 at 3:19 PM, Marc Muehlfeld sa...@marc-muehlfeld.dewrote: I changed the HowTo a bit, to make it more clear, that the output shown is from klist and not kinit. Marc, thanks for adding that :). Also dns forwarder = 8.8.8.8 the 8.8.8.8 there is a Google dns server, so that ip WILL work :) but if you have a local one you'd rather use, then use it. (8.8.4.4 is another google one if I recall right) Ricky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
-Original Message- From: Marc Muehlfeld [mailto:sa...@marc-muehlfeld.de] Sent: Tuesday, June 11, 2013 4:19 PM To: Dino Edwards Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 4 Additional DC existing domain Hello Dino, I changed the HowTo a bit, to make it more clear, that the output shown is from klist and not kinit. Awesome, thanks! When I pointed one of the windows machines to use the samba 4 DC as its DNS server, I was able to resolve hosts in the mydomain.local domain. However, I wasn't able to resolve hosts outside my domain. A Windows DNS server is able to do that. You have to add dns forwarder = 8.8.8.8 to your smb.conf and restart Samba. Adapt 8.8.8.8 to whatever you host is, to which you want to forward queries to, your Samba isn't authoritative for. I added it in the [global] section of the smb.conf and it seems to work I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4 DC as the DNS server of the samba 4 DC in /etc/network/interfaces file vs. pointing to the Windows DC. Is that a correct assumption? You can use the IP of any host, that is able to resolve your AD DNS domain(s). And finally, rebooting the server does not automatically start samba. I have to start it manually. Do I need to create a script in /etc/init.d/ and if that's the case, is there a template for that somewhere? Yes, you need something that start the service if you want Samba to come up on reboots. See https://wiki.samba.org/index.php/Samba4/InitScript Awesome that worked too. Cheers, Dino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
That's exactly what I did From: Michael De Groote [mailto:i...@sint-pietersschool.be] Sent: Tuesday, June 11, 2013 4:15 PM To: Dino Edwards Cc: Marc Muehlfeld; samba@lists.samba.org Subject: Re: [Samba] Samba 4 Additional DC existing domain did you put in a dns forwarder = ip.of.external.dns.server line? 2013/6/11 Dino Edwards dino.edwa...@mydirectmail.netmailto:dino.edwa...@mydirectmail.net You haven't answered my previous question: Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. I believe I answered it albeit indirectly. One of the first steps of joining a domain as a DC was to run the kinit command and upon success proceed with joining the domain. Since I wasn't getting any output from running that command, I stopped and didn't go any further with joining the domain because I thought there was something wrong. I wasn't aware that I had to run klist in Ubuntu in order to get the output that I needed. Once I did that, I went ahead and followed the steps to join the domain and I was able to get it working. Now I have a smb.conf file like I should. However, now I have a few other questions if you could be so kind to answer. When I pointed one of the windows machines to use the samba 4 DC as its DNS server, I was able to resolve hosts in the mydomain.local domain. However, I wasn't able to resolve hosts outside my domain. A Windows DNS server is able to do that. Is this behavior because I'm not using Bind with the samba 4 DC but instead I'm using the int ernal samba DNS? What do I need to do to rectify that? I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4 DC as the DNS server of the samba 4 DC in /etc/network/interfaces file vs. pointing to the Windows DC. Is that a correct assumption? And finally, rebooting the server does not automatically start samba. I have to start it manually. Do I need to create a script in /etc/init.d/ and if that's the case, is there a template for that somewhere? Thanks in advance. Dino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Replication problems
Hi everyone, Samba4 has been going great for quite a while now, so I thought I would get a little adventurous. The goal is to install Openchange with SOGo. The SOGo part is fine, but Openchange extends the AD schema in a similar way that Exchange extends the AD schema. To facilitate this, I joined a new DC to the domain, and transferred the fsmo schema role to this new DC. When I say transferred, the transfer failed and it seized the role. The schema update went fine, but after all this I noticed replication errors had started to creep in. On the initial DC (lachesis), I get the following from a samba-tool drs showrepl Default-First-Site-Name\LACHESIS DSA Options: 0x0001 DSA object GUID: 89a6915d-6b54-42fb-9bf8-e670ed9f8d08 DSA invocationId: f8725c00-ec68-4fda-86c0-35a7ae76a094 INBOUND NEIGHBORS DC=DomainDnsZones,DC=hq,DC=domain,DC=com,DC=au Default-First-Site-Name\CHIRON via RPC DSA object GUID: ed493864-10ef-41da-9c50-11ffc3fb2763 Last attempt @ Wed Jun 12 06:34:13 2013 EST was successful 0 consecutive failure(s). Last success @ Wed Jun 12 06:34:13 2013 EST DC=ForestDnsZones,DC=hq,DC=domain,DC=com,DC=au Default-First-Site-Name\CHIRON via RPC DSA object GUID: ed493864-10ef-41da-9c50-11ffc3fb2763 Last attempt @ Wed Jun 12 06:34:13 2013 EST was successful 0 consecutive failure(s). Last success @ Wed Jun 12 06:34:13 2013 EST DC=hq,DC=domain,DC=com,DC=au Default-First-Site-Name\CHIRON via RPC DSA object GUID: ed493864-10ef-41da-9c50-11ffc3fb2763 Last attempt @ Wed Jun 12 06:34:13 2013 EST was successful 0 consecutive failure(s). Last success @ Wed Jun 12 06:34:13 2013 EST CN=Schema,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au Default-First-Site-Name\CHIRON via RPC DSA object GUID: ed493864-10ef-41da-9c50-11ffc3fb2763 Last attempt @ Wed Jun 12 06:34:13 2013 EST failed, result 58 (WERR_BAD_NET_RESP) 17 consecutive failure(s). Last success @ Tue Jun 11 23:00:46 2013 EST CN=Configuration,DC=hq,DC=domain,DC=com,DC=au Default-First-Site-Name\CHIRON via RPC DSA object GUID: ed493864-10ef-41da-9c50-11ffc3fb2763 Last attempt @ Wed Jun 12 06:34:13 2013 EST failed, result 58 (WERR_BAD_NET_RESP) 13 consecutive failure(s). Last success @ Tue Jun 11 23:01:47 2013 EST OUTBOUND NEIGHBORS DC=DomainDnsZones,DC=hq,DC=domain,DC=com,DC=au Default-First-Site-Name\CHIRON via RPC DSA object GUID: ed493864-10ef-41da-9c50-11ffc3fb2763 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=hq,DC=domain,DC=com,DC=au Default-First-Site-Name\CHIRON via RPC DSA object GUID: ed493864-10ef-41da-9c50-11ffc3fb2763 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=hq,DC=domain,DC=com,DC=au Default-First-Site-Name\CHIRON via RPC DSA object GUID: ed493864-10ef-41da-9c50-11ffc3fb2763 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au Default-First-Site-Name\CHIRON via RPC DSA object GUID: ed493864-10ef-41da-9c50-11ffc3fb2763 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=hq,DC=domain,DC=com,DC=au Default-First-Site-Name\CHIRON via RPC DSA object GUID: ed493864-10ef-41da-9c50-11ffc3fb2763 Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) KCC CONNECTION OBJECTS Connection -- Connection name: 3badecbb-3afa-4ced-ae91-5bf3da1bdd37 Enabled: TRUE Server DNS name : CHIRON.hq.domain.com.au Server DN name : CN=NTDS Settings,CN=CHIRON,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! The samba log show some interesting stuff. [2013/06/11 23:05:11, 0] ../source4/dsdb/repl/replicated_objects.c:525(dsdb_replicated_objects_convert) Failed to convert object CN=ms-Exch-Container,CN=Schema,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au: WERR_GENERAL_FAILURE [2013/06/11 23:05:11, 0] ../source4/dsdb/repl/drepl_out_helpers.c:701(dreplsrv_op_pull_source_apply_changes_trigger) Failed to convert
[Samba] Building Samba4 for Debian from Git
Hi, I am trying to build samba4 for an Ubuntu 12 server, as the provided package by Canonical is an alpha version. I got the latest? source from git:git clone git://git.samba.org/samba.git samba-master I then build it from this source (make/configure/maske install) and it worked. However, I realized that I neededto package it for Ubuntu to recognize the install and not offer to install it when other programs looked for samba4... I tried to build a package with git-buildpackage but I got a error for missing debian/changelog... I understand I was missing that file, but not only: debian/rules does not seem to be included. From there I got lost with various how-tos - even the official samba link git clone git://git.debian.org/pkg-samba/samba4 samba4-unstable Does not work either... I am sure there is a way to build a package for the last stable samba4 for Ubuntu, but I cant seem to figured it out... Anyone with some pointers? Thanks for the help, Cheers, Dominique -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Replicating Windows 2008 to Samba4
Hi, I am integrating the existing my domain with the samba4. For that, I tried to replicate one of my Windows 2008 DC to samba4 server DC. I successfully replicated the Windows 2008 to the samba4 DC. Here I can login with my windows client. In Linux client , Domain join is successful, But i can't login with the user credentials. In linux client, I am using PBIS application. In the log file /var/log/syslog , i got the following error ( error attached in this mail). -- with regards Ashok Kumar J -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Replicating Windows 2008 to Samba4
Hi, I am integrating the existing my domain with the samba4. For that, I tried to replicate one of my Windows 2008 DC to samba4 server DC. I successfully replicated the Windows 2008 to the samba4 DC. Here I can login with my windows client. In Linux client , Domain join is successful, But i can't login with the user credentials. In linux client, I am using PBIS application. In the log file /var/log/syslog , i got the following error ( error attached in this mail). -- with regards Ashok Kumar J -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Building Samba4 for Debian from Git
On Mon, 2013-06-10 at 10:40 +0200, Dominique wrote: Hi, I am trying to build samba4 for an Ubuntu 12 server, as the provided package by Canonical is an alpha version. I got the latest? source from git:git clone git://git.samba.org/samba.git samba-master I then build it from this source (make/configure/maske install) and it worked. However, I realized that I neededto package it for Ubuntu to recognize the install and not offer to install it when other programs looked for samba4... I tried to build a package with git-buildpackage but I got a error for missing debian/changelog... I understand I was missing that file, but not only: debian/rules does not seem to be included. From there I got lost with various how-tos - even the official samba link git clone git://git.debian.org/pkg-samba/samba4 samba4-unstable Does not work either... I am sure there is a way to build a package for the last stable samba4 for Ubuntu, but I cant seem to figured it out... I wish it was as simple as all that. We are only now in the final stages of preparing a package for debian experiemental. It is at git://git.debian.org/pkg-samba/samba in the samba_4.0 branch. It does build with git-buildpackage. We don't store Debian or Ubuntu packaging information in the Samba tree. It would be very helpful if you could work with the Debian Samba packaging team to help us finish the merged Samba 4.0 package. Discussions are held on this list: http://lists.alioth.debian.org/mailman/listinfo/pkg-samba-maint Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 errors
On Tue, 2013-06-11 at 19:03 +0200, Andreas Calvo wrote: A more detailed output: [root@sauron ~]# netstat -tnp|grep 445|grep 192.168.0.222|grep 55257 tcp 24 0 192.168.0.222:55257 192.168.0.222:445 ESTABLISHED 17417/samba tcp0 0 192.168.0.222:445 192.168.0.222:55257 ESTABLISHED 23713/smbd Note that 192.168.0.222 is the IP address of the samba server. This occurs when the backup agent starts running. It seems that samba it's connecting to itself, and the socket remains open. This has been fixed in master and in v4-0-test for the next 4.0.x release with the attached patch. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org From 1d610ce1a14f5a97c9b5cacca839b245df4bae6a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher me...@samba.org Date: Fri, 31 May 2013 16:04:26 +0200 Subject: [PATCH] s4:winbind: don't leak libnet_context into the main event context (bug #9929) This needs to be a talloc child of struct wbsrv_domain otherwise the cleanup of a broken connection doesn't work. The following command can trigger the leak on a domain controller. root@dc:~/samba# ls -l /var/lib/samba/sysvol/samba.private/ total 16 drwxrwx---+ 5 root 300 4096 May 14 14:46 Policies drwxrwx---+ 2 root 300 4096 May 14 11:45 scripts gid 300 belongs to Builtin\Administrators. The code triggers a ncacn_np: connection to the local smbd and complains that domain BUILTIN is not available: [2013/05/29 17:28:03, 2] ../source4/winbind/wb_init_domain.c:376(init_domain_recv_queryinfo) Expected domain name BUILTIN, DC dc.samba.private said SAMBA In that case the connection was not closed, which is fixed by this commit. Using ncalrpc: for all local SIDs and serving the BUILTIN domain is a project for another day... Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Jun 4 11:05:09 CEST 2013 on sn-devel-104 (cherry picked from commit 097a8c723925d3e35606215cb16be28a37b0112e) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Wed Jun 5 13:57:16 CEST 2013 on sn-devel-104 --- source4/winbind/wb_init_domain.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index 5e2aa47..70dbaa9 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -144,6 +144,8 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx, state-domain-libnet_ctx = libnet_context_init(service-task-event_ctx, service-task-lp_ctx); + if (state-domain-libnet_ctx == NULL) goto failed; + talloc_steal(state-domain, state-domain-libnet_ctx); /* Create a credentials structure */ state-domain-libnet_ctx-cred = cli_credentials_init(state-domain); -- 1.7.11.7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
Hi Marc, Here is the information that you requested. When I say that all permissions on a file are lost, this is at the windows level. In Windows Explorer, we go to open the file in the default program, we get an Access denied. Contact your administrator. error. When I right click on the file and goto Properties - Security, I get a You do not have permission to view or edit this object's permission settings. This usually happens after someone has edited the file. It is not one individual or group that has this issue. It could be anyone within the organization. These files are mostly Microsoft Office files (xls, ppt, and doc). ACLs of file with permissions lost: #getfacl BS June 11.2013.xlsx # file: BS June 11.2013.xlsx # owner: 359 # group: users user::rwx user:root:rwx group::--- group:wheel:rwx group:users:--- group:307:rwx group:359:rwx group:364:rwx mask::rwx other::--- ACLs after I copy the file (cp -pr file newfile) getfacl BS June 11.2013.xlsx.new # file: BS June 11.2013.xlsx.new # owner: nws # group: users user::rwx user:root:rwx group::--- group:wheel:rwx group:users:--- group:307:rwx group:359:rwx group:364:rwx mask::rwx other::--- As you can see, other then the owner, everything else is the same. Any help would be much appreciated, or if you require more info, please let me know where to look. Tanveer On Tue, Jun 11, 2013 at 2:23 PM, Marc Muehlfeld sa...@marc-muehlfeld.dewrote: Hello Tanveer, Am 11.06.2013 21:41, schrieb Tanveer Virani: I have a OpenSuse 12.2 system running Samba 4.0.6 (compiled from source). Every once in a while, we run into an issue where all permissions on a file are lost. I've checked the ACLs, and they seem fine. The only way to get permissions back is to copy the file to a new name, remove the old file, and rename the file back to the original name. Can anyone help solve this issue? - What exactly do you mean by all permissions on a file are lost? - Can you show the 'getfacl' output on such a file, before and after? - If permissions getting lost, did someone edit the file? - Does it happen only on a special kind of files? - etc. Please give some more information on the issue. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3fba9ba dsdb: reset schema-{classes,attributes}_to_remove_size to 0 via d2f8471 dsdb: use the correct talloc parent in dsdb_repl_merge_working_schema() via 5263f0a Revert s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort from 424a990 s4-dfs_server: check for netbios aliases in ad_get_referrals http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3fba9ba7ea85e33faac2718d2463c5d0cd2d85f4 Author: Stefan Metzmacher me...@samba.org Date: Mon Jun 10 10:46:41 2013 +0200 dsdb: reset schema-{classes,attributes}_to_remove_size to 0 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Jun 11 11:40:39 CEST 2013 on sn-devel-104 commit d2f847149d3d1310c829169564704b45ac43e978 Author: Stefan Metzmacher me...@samba.org Date: Mon Jun 10 10:45:25 2013 +0200 dsdb: use the correct talloc parent in dsdb_repl_merge_working_schema() schema-{classes,attributes} are the DLIST pointer not an array. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 5263f0a626dac3ac1fc48ece2324438279f187f0 Author: Andrew Bartlett abart...@samba.org Date: Wed Jun 5 20:44:17 2013 +1000 Revert s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort This reverts commit d799b25dd3ed0f72ee03949225ba241c5538d7d6. Sometimes the schema just isn't right. A segfault is not the correct answer in those cases. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source4/dsdb/repl/replicated_objects.c |4 ++-- source4/dsdb/samdb/ldb_modules/repl_meta_data.c |7 +++ source4/dsdb/schema/schema_set.c|4 +++- 3 files changed, 12 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c index b0abc1a..e018aa4 100644 --- a/source4/dsdb/repl/replicated_objects.c +++ b/source4/dsdb/repl/replicated_objects.c @@ -58,7 +58,7 @@ static WERROR dsdb_repl_merge_working_schema(struct ldb_context *ldb, * as the rest won't be modified and this is for * a short lived object. */ - tmp2 = talloc(dest_schema-classes, struct dsdb_class); + tmp2 = talloc(dest_schema, struct dsdb_class); if (tmp2 == NULL) { return WERR_NOMEM; } @@ -85,7 +85,7 @@ static WERROR dsdb_repl_merge_working_schema(struct ldb_context *ldb, * as the rest won't be modified and this is for * a short lived object. */ - tmp2 = talloc(dest_schema-attributes, struct dsdb_attribute); + tmp2 = talloc(dest_schema, struct dsdb_attribute); if (tmp2 == NULL) { return WERR_NOMEM; } diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 98e60d7..24dcc6f 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -663,6 +663,13 @@ static int replmd_ldb_message_element_attid_sort(const struct ldb_message_elemen a1 = dsdb_attribute_by_lDAPDisplayName(schema, e1-name); a2 = dsdb_attribute_by_lDAPDisplayName(schema, e2-name); + /* +* TODO: remove this check, we should rely on e1 and e2 having valid attribute names +* in the schema +*/ + if (!a1 || !a2) { + return strcasecmp(e1-name, e2-name); + } if (a1-attributeID_id == a2-attributeID_id) { return 0; } diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c index 73264f9..ce8facb 100644 --- a/source4/dsdb/schema/schema_set.c +++ b/source4/dsdb/schema/schema_set.c @@ -338,8 +338,10 @@ int dsdb_setup_sorted_accessors(struct ldb_context *ldb, TALLOC_FREE(schema-attributes_to_remove[i]); } - TALLOC_FREE(schema-attributes_to_remove); TALLOC_FREE(schema-classes_to_remove); + schema-classes_to_remove_size = 0; + TALLOC_FREE(schema-attributes_to_remove); + schema-attributes_to_remove_size = 0; /* free all caches */ dsdb_sorted_accessors_free(schema); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 57a6c8f dns: Support larger queries when asking forwarder via 81539da idl: Add support for parsing OPT records from 9328284 When message-type is drvupgrade, MSG_DEBUG should be replaced with MSG_PRINTER_DRVUPGRADE. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 57a6c8feb7ce69725bde5c152f4241126a69cc07 Author: Kai Blin k...@samba.org Date: Sat May 25 13:21:33 2013 +0200 dns: Support larger queries when asking forwarder This should fix bug #9632 Signed-off-by: Kai Blin k...@samba.org Reviewed-by: Michael Adam ob...@samba.org (cherry picked from commit df43027bd8c127a44304f7130bf61adfcdf73eed) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Jun 11 12:05:09 CEST 2013 on sn-devel-104 commit 81539da2c69b2192ff745d1e904f8156aa84c125 Author: Kai Blin k...@samba.org Date: Sat May 25 13:21:32 2013 +0200 idl: Add support for parsing OPT records Signed-off-by: Kai Blin k...@samba.org Reviewed-by: Michael Adam ob...@samba.org (cherry picked from commit 5bcebb54da8eed535e5f7034ed1f7a95456f19b1) --- Summary of changes: librpc/idl/dns.idl |8 source4/dns_server/dns_query.c | 13 + source4/dns_server/dns_server.c |2 ++ source4/dns_server/dns_server.h |4 source4/dns_server/dns_utils.c | 21 + 5 files changed, 48 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/dns.idl b/librpc/idl/dns.idl index 984f2b3..5b86f7e 100644 --- a/librpc/idl/dns.idl +++ b/librpc/idl/dns.idl @@ -106,6 +106,7 @@ interface dns DNS_QTYPE_ATMA = 0x0022, DNS_QTYPE_NAPTR = 0x0023, DNS_QTYPE_DNAME = 0x0027, + DNS_QTYPE_OPT= 0x0029, DNS_QTYPE_DS = 0x002B, DNS_QTYPE_RRSIG = 0x002E, DNS_QTYPE_NSEC = 0x002F, @@ -168,6 +169,12 @@ interface dns } dns_srv_record; typedef [public] struct { + uint16 option_code; + uint16 option_length; + uint8 option_data[option_length]; + } dns_opt_record; + + typedef [public] struct { dns_string algorithm; uint32 inception; uint32 expiration; @@ -216,6 +223,7 @@ interface dns [case(DNS_QTYPE_TXT)] dns_txt_record txt_record; [case(DNS_QTYPE_)] ipv6address ipv6_record; [case(DNS_QTYPE_SRV)] dns_srv_record srv_record; + [case(DNS_QTYPE_OPT)] dns_opt_record opt_record; [case(DNS_QTYPE_TSIG)] dns_tsig_record tsig_record; [case(DNS_QTYPE_TKEY)] dns_tkey_record tkey_record; [default]; diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c index 75f0e9f..4ebd91a 100644 --- a/source4/dns_server/dns_query.c +++ b/source4/dns_server/dns_query.c @@ -135,14 +135,17 @@ struct ask_forwarder_state { static void ask_forwarder_done(struct tevent_req *subreq); static struct tevent_req *ask_forwarder_send( + struct dns_server *dns, TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *forwarder, struct dns_name_question *question) { struct tevent_req *req, *subreq; struct ask_forwarder_state *state; + struct dns_res_rec *options; struct dns_name_packet out_packet = { 0, }; DATA_BLOB out_blob; enum ndr_err_code ndr_err; + WERROR werr; req = tevent_req_create(mem_ctx, state, struct ask_forwarder_state); if (req == NULL) { @@ -163,6 +166,15 @@ static struct tevent_req *ask_forwarder_send( out_packet.qdcount = 1; out_packet.questions = question; + werr = dns_generate_options(dns, state, options); + if (!W_ERROR_IS_OK(werr)) { + tevent_req_werror(req, werr); + return tevent_req_post(req, ev); + } + + out_packet.arcount = 1; + out_packet.additional = options; + ndr_err = ndr_push_struct_blob( out_blob, state, out_packet, (ndr_push_flags_fn_t)ndr_push_dns_name_packet); @@ -612,6 +624,7 @@ struct tevent_req *dns_server_process_query_send( in-questions[0].name)); subreq = ask_forwarder_send( + dns, state, ev, lpcfg_dns_forwarder(dns-task-lp_ctx), in-questions[0]); if (tevent_req_nomem(subreq, req)) { diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c index 29953c3..c7453e9 100644 ---
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c0cbf59 Remove remaining references to password level in the tree via 3f73002 docs: Do not encourage unix passwords, and remove reference to password level via 26279a9 auth: Remove password level from 3fba9ba dsdb: reset schema-{classes,attributes}_to_remove_size to 0 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c0cbf5936f0385ab93315cc366a0aa16c0ebd237 Author: Andrew Bartlett abart...@samba.org Date: Mon Jun 3 10:38:29 2013 +1000 Remove remaining references to password level in the tree Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Simo Sorce i...@samba.org Autobuild-Date(master): Tue Jun 11 16:25:54 CEST 2013 on sn-devel-104 commit 3f73002f2d5f8a27820e09b024f561fda1560184 Author: Andrew Bartlett abart...@samba.org Date: Mon Jun 3 10:27:41 2013 +1000 docs: Do not encourage unix passwords, and remove reference to password level Reviewed-by: Simo Sorce i...@samba.org commit 26279a969879bfbd943dfda03c511ed7e14057ba Author: Andrew Bartlett abart...@samba.org Date: Mon Jun 3 10:02:39 2013 +1000 auth: Remove password level We now only lowercase the password, we do not attempt to find another case combination that the password might be in. This option is already depricated, so it is now time to remove it. Andrew Bartlett Reviewed-by: Simo Sorce i...@samba.org --- Summary of changes: docs-xml/Samba3-Developers-Guide/unix-smb.xml | 13 ++-- docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml|2 +- docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml |7 +-- docs-xml/smbdotconf/security/passwordlevel.xml | 48 -- docs-xml/using_samba/appc.xml | 14 docs-xml/using_samba/ch06.xml | 14 examples/dce-dfs/smb.conf |1 - examples/scripts/shares/python/smbparm.py |1 - examples/tridge/smb.conf |1 - examples/tridge/smb.conf.fjall |1 - lib/param/loadparm.c |1 - lib/param/param_functions.c|1 - lib/param/param_table.c|9 --- packaging/LSB/smb.conf |1 - python/samba/upgrade.py|1 - source3/auth/pass_check.c | 79 source3/param/loadparm.c |1 - 17 files changed, 8 insertions(+), 187 deletions(-) delete mode 100644 docs-xml/smbdotconf/security/passwordlevel.xml Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-Developers-Guide/unix-smb.xml b/docs-xml/Samba3-Developers-Guide/unix-smb.xml index ae6bdcd..6964b7f 100644 --- a/docs-xml/Samba3-Developers-Guide/unix-smb.xml +++ b/docs-xml/Samba3-Developers-Guide/unix-smb.xml @@ -112,7 +112,7 @@ shares. titlePasswords/title para -Many SMB clients uppercase passwords before sending them. I have no +When plaintext passwords are used, very old SMB clients uppercase passwords before sending them. I have no idea why they do this. Interestingly WfWg uppercases the password only if the server is running a protocol greater than COREPLUS, so obviously it isn't just the data entry routines that are to blame. @@ -123,12 +123,11 @@ Unix passwords are case sensitive. So if users use mixed case passwords they are in trouble. /para -para -Samba can try to cope with this by either using the password level -option which causes Samba to try the offered password with up to the -specified number of case changes, or by using the password server -option which allows Samba to do its validation via another machine -(typically a WinNT server). +paraSamba will try an additional all lower cased password +authentication if it receives an all uppercase password. Samba used to +support an option called password level that would try to crack +password by trying all case permutations, but that option has been +removed. /para para diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml index 5ea2db2..657cc97 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml @@ -446,7 +446,7 @@ If it says quoteerrornamebad password,/errorname/quote then the likely c listitem para You have explicitly disabled encrypted passwords with - smbconfoption name=encrypt passwordsno/smbconfoption have a mixed-case password and you haven't enabled the smbconfoption name=password level/ option at a high enough level. + smbconfoption name=encrypt passwordsno/smbconfoption have a mixed-case password. /para /listitem diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4cd0e38 lib: Remove an unused variable via 61f59d8 winreg3: Fix a const warning via 9c95110 libsmb: add ABI/smbclient-0.2.1.sigs via 2252d78 Add smbc_getPort(), smbc_setPort(). Bump the .so minor number. via 47471c8 Plumb the 'port' parameter into the connect code. via ccb5c2d Add the port argument to SMBC_server(). via da6c84a Add port argument to SMBC_attr_server(). Does nothing as yet. via 534cf51 Add the ability to parse out the port to SMBC_parse_path(). from c0cbf59 Remove remaining references to password level in the tree http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4cd0e38fe0fa3432326fafd4baa845ec2483bb70 Author: Volker Lendecke v...@samba.org Date: Tue Jun 11 19:41:30 2013 +0200 lib: Remove an unused variable Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Jun 11 21:52:09 CEST 2013 on sn-devel-104 commit 61f59d84ae41fd2101cce91287ec54efd207cf28 Author: Volker Lendecke v...@samba.org Date: Tue Jun 11 19:27:17 2013 +0200 winreg3: Fix a const warning Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 9c95110b67ee5f9b40340861b5bb91e770398c3e Author: David Disseldorp dd...@samba.org Date: Tue Jun 11 14:20:53 2013 +0200 libsmb: add ABI/smbclient-0.2.1.sigs Required following ABI vnum bump for smbc_get/setPort changes. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 2252d781234b963f24a7827a1228f85ba9f6d7da Author: Jeremy Allison j...@samba.org Date: Tue Apr 16 14:53:09 2013 -0700 Add smbc_getPort(), smbc_setPort(). Bump the .so minor number. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit 47471c82d0d5a024a0c64eab68adae1d482bd972 Author: Jeremy Allison j...@samba.org Date: Tue Apr 16 14:13:57 2013 -0700 Plumb the 'port' parameter into the connect code. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit ccb5c2d6930eeb7672af33833adb195d0c525547 Author: Jeremy Allison j...@samba.org Date: Tue Apr 16 14:11:08 2013 -0700 Add the port argument to SMBC_server(). Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit da6c84aff0b4b01ae1bf3d31cbc4e8e176168a9a Author: Jeremy Allison j...@samba.org Date: Tue Apr 16 12:22:11 2013 -0700 Add port argument to SMBC_attr_server(). Does nothing as yet. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org commit 534cf516ed17d90bbd851fd8e190811a055aa5f0 Author: Jeremy Allison j...@samba.org Date: Tue Apr 16 12:09:41 2013 -0700 Add the ability to parse out the port to SMBC_parse_path(). Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org --- Summary of changes: source3/include/libsmb_internal.h |4 ++ source3/include/libsmbclient.h | 14 +++ source3/lib/popt_common.c |1 - source3/libsmb/ABI/smbclient-0.1.0.sigs|2 + .../{smbclient-0.2.0.sigs = smbclient-0.2.1.sigs} |2 + source3/libsmb/libsmb_context.c|1 + source3/libsmb/libsmb_dir.c| 38 ++-- source3/libsmb/libsmb_file.c | 14 +++- source3/libsmb/libsmb_path.c | 27 +- source3/libsmb/libsmb_printjob.c | 10 - source3/libsmb/libsmb_server.c | 23 +++- source3/libsmb/libsmb_setget.c | 19 ++ source3/libsmb/libsmb_stat.c |6 +++- source3/libsmb/libsmb_xattr.c | 18 ++--- source3/libsmb/wscript |2 +- source3/rpc_server/winreg/srv_winreg_nt.c |4 ++- 16 files changed, 151 insertions(+), 34 deletions(-) copy source3/libsmb/ABI/{smbclient-0.2.0.sigs = smbclient-0.2.1.sigs} (99%) Changeset truncated at 500 lines: diff --git a/source3/include/libsmb_internal.h b/source3/include/libsmb_internal.h index aba159a..7ce37d2 100644 --- a/source3/include/libsmb_internal.h +++ b/source3/include/libsmb_internal.h @@ -244,6 +244,7 @@ struct SMBC_internal_data { } smb; #endif + uint16_tport; }; /* Functions in libsmb_cache.c */ @@ -415,6 +416,7 @@ SMBC_parse_path(TALLOC_CTX *ctx, const
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e2a08e5 smbd: Remove an unused variable via ecff2b2 librpc: Fix some ignored asprint result warnings via 1b740e5 smbd: Fix a const warning via fc5e584 smbd: Fix a const warning via 606622c smbd: Remove unused code from 4cd0e38 lib: Remove an unused variable http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e2a08e54dd008fceb5d8aabcf02ab4e389286f03 Author: Volker Lendecke v...@samba.org Date: Tue Jun 11 21:07:26 2013 +0200 smbd: Remove an unused variable Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Jun 12 01:00:44 CEST 2013 on sn-devel-104 commit ecff2b25340daf38c326c2b9431568fee53ff78e Author: Volker Lendecke v...@samba.org Date: Tue Jun 11 20:53:05 2013 +0200 librpc: Fix some ignored asprint result warnings While there, it removes some alloc/free calls Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 1b740e5033d4adf4e3412bc2be7d9d4ff77ae271 Author: Volker Lendecke v...@samba.org Date: Tue Jun 11 20:37:11 2013 +0200 smbd: Fix a const warning Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit fc5e584536ad0c695b414698351e171dfae85fc6 Author: Volker Lendecke v...@samba.org Date: Tue Jun 11 20:35:55 2013 +0200 smbd: Fix a const warning Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 606622c10186d6197860c9b20385d9d84840da58 Author: Volker Lendecke v...@samba.org Date: Tue Jun 11 20:34:00 2013 +0200 smbd: Remove unused code Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: librpc/ndr/ndr_orpc.c | 27 +-- source3/smbd/close.c |7 --- source3/smbd/dir.c |2 -- source3/smbd/process.c |4 ++-- 4 files changed, 11 insertions(+), 29 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/ndr/ndr_orpc.c b/librpc/ndr/ndr_orpc.c index 6a55048..936a56b 100644 --- a/librpc/ndr/ndr_orpc.c +++ b/librpc/ndr/ndr_orpc.c @@ -93,23 +93,17 @@ void ndr_print_DUALSTRINGARRAY(struct ndr_print *ndr, const char *name, const st ndr-print(ndr, STRING BINDINGS); ndr-depth++; for (i=0;ar-stringbindings[i];i++) { - char *idx = NULL; - asprintf(idx, [%d], i); - if (idx) { - ndr_print_STRINGBINDING(ndr, idx, ar-stringbindings[i]); - free(idx); - } + char idx[13]; /* 2^32 has 10 digits */ + snprintf(idx, sizeof(idx), [%d], i); + ndr_print_STRINGBINDING(ndr, idx, ar-stringbindings[i]); } ndr-depth--; ndr-print(ndr, SECURITY BINDINGS); ndr-depth++; for (i=0;ar-securitybindings[i];i++) { - char *idx = NULL; - asprintf(idx, [%d], i); - if (idx) { - ndr_print_SECURITYBINDING(ndr, idx, ar-securitybindings[i]); - free(idx); - } + char idx[13]; /* 2^32 has 10 digits */ + snprintf(idx, sizeof(idx), [%d], i); + ndr_print_SECURITYBINDING(ndr, idx, ar-securitybindings[i]); } ndr-depth--; } @@ -162,12 +156,9 @@ void ndr_print_STRINGARRAY(struct ndr_print *ndr, const char *name, const struct ndr-print(ndr, %-25s: STRINGARRAY, name); ndr-depth++; for (i=0;ar-stringbindings[i];i++) { - char *idx = NULL; - asprintf(idx, [%d], i); - if (idx) { - ndr_print_STRINGBINDING(ndr, idx, ar-stringbindings[i]); - free(idx); - } + char idx[13]; /* 2^32 has 10 digits */ + snprintf(idx, sizeof(idx), [%d], i); + ndr_print_STRINGBINDING(ndr, idx, ar-stringbindings[i]); } ndr-depth--; } diff --git a/source3/smbd/close.c b/source3/smbd/close.c index 94ec789..64faf98 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -157,13 +157,6 @@ static NTSTATUS close_filestruct(files_struct *fsp) return status; } -static int compare_share_mode_times(const void *p1, const void *p2) -{ - const struct share_mode_entry *s1 = (const struct share_mode_entry *)p1; - const struct share_mode_entry *s2 = (const struct share_mode_entry *)p2; - return timeval_compare(s1-time, s2-time); -} -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3e66cb7 Fix bug #9932 - Currently the maximum number of aces in an SD is limited to 1000, but Microsoft supports around 1800. from e2a08e5 smbd: Remove an unused variable http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3e66cb7d771e9f2156f4183485736cca7d5609f9 Author: Partha Sarathi parthasarathi...@gmail.com Date: Fri Jun 7 16:30:07 2013 -0700 Fix bug #9932 - Currently the maximum number of aces in an SD is limited to 1000, but Microsoft supports around 1800. Issue description: I was trying to add maximum number of aces on Microsoft share, where I was able to add nearly 1800 aces on a file/folder SD. But Samba does not support adding 1800 aces to SD instead it limited to 1000. Expected behavior: Ideally SAMBA should also support as like Windows to compare with Windows standard. Set to 2000 until we add EA limits in the server. Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Jun 12 02:52:36 CEST 2013 on sn-devel-104 --- Summary of changes: librpc/idl/security.idl |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index d4324ab..00bb6e6 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -536,7 +536,7 @@ interface security typedef [public,gensize,nosize] struct { security_acl_revision revision; [value(ndr_size_security_acl(r,ndr-flags))] uint16 size; - [range(0,1000)] uint32 num_aces; + [range(0,2000)] uint32 num_aces; security_ace aces[num_aces]; } security_acl; -- Samba Shared Repository