Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
On Mon, Jul 8, 2013 at 11:49 AM, Nicolas Pagliaro npagli...@espectador.com.uy wrote: Hi, I am trying to add a fresh install Centos 6 to a Windows 2008 AD like a member I follow this steps: Yum install samba 4* Then I modify smb.conf, krb5.conf and nsswitch.conf like this Stop there. If you don't actually need an AD server on CentOS 6 or RHEL 6, yank out the Samba RPM's and replace them with older samba-3.x tools. The 4.0.0 release published in CentOS is seriously out of date, and is mostly there for some dependencies for other software. You'll be using the much more RHEL supported configuration. If you really need all the Samba 4.x features, such as a full-blown AD server, then hop over to https://github.com/nkadel/samba-4.0.7-srpm and prepare to spend some time building up the full toolchain, including an updated iniparser, libtalloc, libldb, libtevent, and recompiling the sssd softwaer for compatibility with the new libraries. I've done most of the work for you, except local compilation, and I know a few people are using it. But you probably don't need it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)
How about post your nslcd-config? This would be a great help for other users. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Chris Alavoine Gesendet: Montag, 8. Juli 2013 19:13 An: Marc Muehlfeld Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd) Hi Marc, I've had many many problems with Winbind and after a few weeks of dead-ends I decided to switch to nslcd and everything started working very nicely, so I haven't looked back. I've just had a major success on getting getent passwd to work by adding this to my nslcd.conf: # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member This now lets me see all users and groups via getent. Just doing some more testing now, but I think this may be fixed. Typical, you spend all day on something, finally decided to post on samba lists and then fix it 5 mins later :) Thanks for the swift reply though! Cheers, c:) On 8 July 2013 18:05, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Hello Chris, Am 08.07.2013 18:54, schrieb Chris Alavoine: My problem is that I have a Samba 3 member server (fileserver) that I'm trying to get to get work in this scenario. I've installed nslcd and am using the following conf file: Why don't you use winbind on your member server? http://wiki.samba.org/index.**php/Samba4/Domain_Memberhttp://wiki.sam ba.org/index.php/Samba4/Domain_Member If I then do a getent group I get success and can see all the groups, however getent passwd fails and I see this in the logs: Jul 8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry CN=ice,CN=Users,DC=test,DC=**internal,DC=com does not contain uid value Does this account have an uid attribute in AD? Regards, Marc -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
Hi Nico, thanks for your answer. I don't need to have an AD server installed in my centos. I just needs to connect to my Windows DC that have AD because I need to have samba shares with AD users permissions. Now I remove all samba4 package with. Yum remove samba4* I am downloading the last version of samba from git samba and samba-commons The rpm that you made for me will work for me? Really thanks Enviado desde mi iPad El 09/07/2013, a las 06:59, Nico Kadel-Garcia nka...@gmail.com escribió: On Mon, Jul 8, 2013 at 11:49 AM, Nicolas Pagliaro npagli...@espectador.com.uy wrote: Hi, I am trying to add a fresh install Centos 6 to a Windows 2008 AD like a member I follow this steps: Yum install samba 4* Then I modify smb.conf, krb5.conf and nsswitch.conf like this Stop there. If you don't actually need an AD server on CentOS 6 or RHEL 6, yank out the Samba RPM's and replace them with older samba-3.x tools. The 4.0.0 release published in CentOS is seriously out of date, and is mostly there for some dependencies for other software. You'll be using the much more RHEL supported configuration. If you really need all the Samba 4.x features, such as a full-blown AD server, then hop over to https://github.com/nkadel/samba-4.0.7-srpm and prepare to spend some time building up the full toolchain, including an updated iniparser, libtalloc, libldb, libtevent, and recompiling the sssd softwaer for compatibility with the new libraries. I've done most of the work for you, except local compilation, and I know a few people are using it. But you probably don't need it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)
Hi Daniel, This is what I have so far: - /etc/nslcd.conf should look like this: # /etc/nslcd.conf # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://10.30.54.2 # The search base that will be used for all queries. base dc=test,dc=internal,dc=com binddn cn=nslcd-service,cn=Users,dc=essence,dc=internal,dc=com bindpw XX (commented out!) pagesize 1000 referrals off # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member - Add this to top of /etc/pam.d/common-sessions: session required pam_mkhomedir.so skel=/etc/skel umask=0022 - I also needed to remove nscd otherwise groups were not being updated correctly: apt-get remove nscd This works fine for the *nix side of things, am having further difficulties getting the Samba side to work. So much so, that I'm considering building a new Samba member server from scratch using Samba 4 instead of 3. Thanks, Chris. On 9 July 2013 11:30, Daniel Müller muel...@tropenklinik.de wrote: How about post your nslcd-config? This would be a great help for other users. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Chris Alavoine Gesendet: Montag, 8. Juli 2013 19:13 An: Marc Muehlfeld Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd) Hi Marc, I've had many many problems with Winbind and after a few weeks of dead-ends I decided to switch to nslcd and everything started working very nicely, so I haven't looked back. I've just had a major success on getting getent passwd to work by adding this to my nslcd.conf: # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member This now lets me see all users and groups via getent. Just doing some more testing now, but I think this may be fixed. Typical, you spend all day on something, finally decided to post on samba lists and then fix it 5 mins later :) Thanks for the swift reply though! Cheers, c:) On 8 July 2013 18:05, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Hello Chris, Am 08.07.2013 18:54, schrieb Chris Alavoine: My problem is that I have a Samba 3 member server (fileserver) that I'm trying to get to get work in this scenario. I've installed nslcd and am using the following conf file: Why don't you use winbind on your member server? http://wiki.samba.org/index.**php/Samba4/Domain_Memberhttp://wiki.sam ba.org/index.php/Samba4/Domain_Member If I then do a getent group I get success and can see all the groups, however getent passwd fails and I see this in the logs: Jul 8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry CN=ice,CN=Users,DC=test,DC=**internal,DC=com does not contain uid value Does this account have an uid attribute in AD? Regards, Marc -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 - error during classicupgrade
Hi all, I found the problem, unsupported character in displayName prjLeudi+, samba don't like the charecter + in displayName. Next problem: SID on user Administrator. samba-tool classicupgrade don't terminate correcly because I saw that Administrator user don't have the correct SID (ending -500). We have 2 administrator user (in french and in english) : Administrateur Administrator SID S-1-5-21-4023731279-819928261-1073345436-500 is on user Administrateur. How can I force samba to by pass this test ? Stéphane --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 08/07/2013 17:01:50: De : Stéphane PURNELLE stephane.purne...@corman.be A : samba@lists.samba.org, Date : 08/07/2013 17:02 Objet : [Samba] samba4 - error during classicupgrade Envoyé par : samba-boun...@lists.samba.org Hi all, I have a problem during classic-upgrade : Importing groups Group already exists sid=S-1-5-21-4023731279-819928261-1073345436-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring. Group already exists sid=S-1-5-21-4023731279-819928261-1073345436-514, groupname=Domain Guest existing_groupname=Domain Guests, Ignoring. Group already exists sid=S-1-5-21-4023731279-819928261-1073345436-515, groupname=Domain Computers existing_groupname=Domain Computers, Ignoring. Group already exists sid=S-1-5-21-4023731279-819928261-1073345436-513, groupname=Domain Users existing_groupname=Domain Users, Ignoring. ERROR(type 'exceptions.ValueError'): uncaught exception - unable to parse dn string File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 1328, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 885, in upgrade_from_samba3 add_group_from_mapping_entry(result.samdb, g, logger) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 274, in add_group_from_mapping_entry m.dn = ldb.Dn(samdb, CN=%s,CN=Users,%s % (groupmap.nt_name, samdb.get_default_basedn())) The connection to the LDAP server was closed I use ldap backend. anyone could help me ? Stéphane Purnelle --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.0.7 DC in Windows 2003R2 AD
Greetings, The ultimate goal is a full implementation of Samba4/OpenChange/SOGo but that onion has too many layers to shoot for the whole thing at once. So, I've added a Samba/Ubuntu12.04 DC to the AD and want to get it totally correct before proceeding with OC. I have two questions (at the moment): First, PAM is not included on the Samba DC and I need to know if it is a requirement. The docs say that, if you want to use it, just rebuild after installing the necessary PAM libs but there are a fairly large number of various flavors of PAM libraries and I could use some help selecting the right set. Second, the Samba DC is using the internal DNS and one-way sync from the PDC seems to be working but not the other way and I always get the following error when running one of the DNS tests that the docs indicate should be run. root@sambadc:~# samba-tool dns query sambadc mydomain.com @ ALL -Uadmin GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:sambadc[,sign] Password for [mydomain\admin]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 974, in run None, record_type, select_flags, None, None) If I need to include additional info/files, let me know and I'll do so. Any help greatly appreciated. Thanx, Garth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)
Update. Have tried creating an Ubuntu 12.04 domain member fileserver following these docs here: https://wiki.samba.org/index.php/Samba4/Domain_Member With some minor package name changes all seems to work ok... except when I create a share the permissions appear to be being read from the *nix side. I'm seeing this: Everyone root (Unix User\root) root (Unix Group\root) Which looks very much like the posix perms on the member server. If I try and add my own permissions from the DC I get Access Denied when applying the security changes. Has anyone encountered this before? Thanks, Chris. On 9 July 2013 11:37, Chris Alavoine chr...@acs-info.co.uk wrote: Hi Daniel, This is what I have so far: - /etc/nslcd.conf should look like this: # /etc/nslcd.conf # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://10.30.54.2 # The search base that will be used for all queries. base dc=test,dc=internal,dc=com binddn cn=nslcd-service,cn=Users,dc=essence,dc=internal,dc=com bindpw XX (commented out!) pagesize 1000 referrals off # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member - Add this to top of /etc/pam.d/common-sessions: session required pam_mkhomedir.so skel=/etc/skel umask=0022 - I also needed to remove nscd otherwise groups were not being updated correctly: apt-get remove nscd This works fine for the *nix side of things, am having further difficulties getting the Samba side to work. So much so, that I'm considering building a new Samba member server from scratch using Samba 4 instead of 3. Thanks, Chris. On 9 July 2013 11:30, Daniel Müller muel...@tropenklinik.de wrote: How about post your nslcd-config? This would be a great help for other users. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Chris Alavoine Gesendet: Montag, 8. Juli 2013 19:13 An: Marc Muehlfeld Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd) Hi Marc, I've had many many problems with Winbind and after a few weeks of dead-ends I decided to switch to nslcd and everything started working very nicely, so I haven't looked back. I've just had a major success on getting getent passwd to work by adding this to my nslcd.conf: # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member This now lets me see all users and groups via getent. Just doing some more testing now, but I think this may be fixed. Typical, you spend all day on something, finally decided to post on samba lists and then fix it 5 mins later :) Thanks for the swift reply though! Cheers, c:) On 8 July 2013 18:05, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Hello Chris, Am 08.07.2013 18:54, schrieb Chris Alavoine: My problem is that I have a Samba 3 member server (fileserver) that I'm trying to get to get work in this scenario. I've installed nslcd and am using the following conf file: Why don't you use winbind on your member server? http://wiki.samba.org/index.**php/Samba4/Domain_Memberhttp://wiki.sam ba.org/index.php/Samba4/Domain_Member If I then do a getent group I get success and can see all the groups, however getent passwd fails and I see this in the logs: Jul 8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry CN=ice,CN=Users,DC=test,DC=**internal,DC=com does not contain uid value Does this account have an uid attribute in AD? Regards, Marc -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk
Re: [Samba] Samba 4.0.7 DC in Windows 2003R2 AD
Did you join your samba4 to w 2003R2 AD domain? Is it a firewall feature? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Garth Keesler Gesendet: Dienstag, 9. Juli 2013 14:43 An: samba@lists.samba.org Betreff: [Samba] Samba 4.0.7 DC in Windows 2003R2 AD Greetings, The ultimate goal is a full implementation of Samba4/OpenChange/SOGo but that onion has too many layers to shoot for the whole thing at once. So, I've added a Samba/Ubuntu12.04 DC to the AD and want to get it totally correct before proceeding with OC. I have two questions (at the moment): First, PAM is not included on the Samba DC and I need to know if it is a requirement. The docs say that, if you want to use it, just rebuild after installing the necessary PAM libs but there are a fairly large number of various flavors of PAM libraries and I could use some help selecting the right set. Second, the Samba DC is using the internal DNS and one-way sync from the PDC seems to be working but not the other way and I always get the following error when running one of the DNS tests that the docs indicate should be run. root@sambadc:~# samba-tool dns query sambadc mydomain.com @ ALL -Uadmin GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:sambadc[,sign] Password for [mydomain\admin]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 974, in run None, record_type, select_flags, None, None) If I need to include additional info/files, let me know and I'll do so. Any help greatly appreciated. Thanx, Garth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
On Tue, 2013-07-09 at 07:35 -0300, Nicolas Pagliaro wrote: Hi Nico, thanks for your answer. I don't need to have an AD server installed in my centos. I just needs to connect to my Windows DC that have AD because I need to have samba shares with AD users permissions. Now I remove all samba4 package with. Yum remove samba4* I am downloading the last version of samba from git samba and samba-commons I would stick with the samba packages as provided by the distribution. For a member file server like you want these provide everything you require and are of course covered by security updates as well. For a member file server there is little to be gained from moving to a 4.x version of Samba. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.7 DC in Windows 2003R2 AD
Yes, the Samba server was joined to an existing Win2003R2 AD raised to the Forest Domain level following the steps outlined at https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC. Both DCs are on a local LAN so there is no FW between them and I checked that the 2003 server has no FW running. Let me know what else I can provide. Thanx, Garth On 07/09/2013 08:51 AM, Daniel Müller wrote: Did you join your samba4 to w 2003R2 AD domain? Is it a firewall feature? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Garth Keesler Gesendet: Dienstag, 9. Juli 2013 14:43 An: samba@lists.samba.org Betreff: [Samba] Samba 4.0.7 DC in Windows 2003R2 AD Greetings, The ultimate goal is a full implementation of Samba4/OpenChange/SOGo but that onion has too many layers to shoot for the whole thing at once. So, I've added a Samba/Ubuntu12.04 DC to the AD and want to get it totally correct before proceeding with OC. I have two questions (at the moment): First, PAM is not included on the Samba DC and I need to know if it is a requirement. The docs say that, if you want to use it, just rebuild after installing the necessary PAM libs but there are a fairly large number of various flavors of PAM libraries and I could use some help selecting the right set. Second, the Samba DC is using the internal DNS and one-way sync from the PDC seems to be working but not the other way and I always get the following error when running one of the DNS tests that the docs indicate should be run. root@sambadc:~# samba-tool dns query sambadc mydomain.com @ ALL -Uadmin GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:sambadc[,sign] Password for [mydomain\admin]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 974, in run None, record_type, select_flags, None, None) If I need to include additional info/files, let me know and I'll do so. Any help greatly appreciated. Thanx, Garth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Do not close winbind socket during use
Hi Andrew, Am 03.07.2013 09:44, schrieb Andrew Bartlett: On Thu, 2013-06-27 at 11:42 +1000, Andrew Bartlett wrote: On Wed, 2013-06-26 at 20:39 +1000, Andrew Bartlett wrote: On Mon, 2013-06-24 at 15:26 +, philippe.simo...@swisscom.com wrote: Hi Andrew, and by putting more num-callers : valgrind --num-callers=50 samba -i -M single Thanks for getting me that. I've managed to reproduce it here, but not under valgrind, and only when I hack the code to force a timeout. At least this should help me figure out why we process the winbind socket close, which is the crux of this issue. I think I've found the cause of the issue you are hitting. There is still another issue with the nested event loop in the krb5 libs, but these two patches should help significantly. As you have had more luck than I in reproducing this in a unaltered setting, please let me know if this helps. Patches are for git master, but may apply to 4.0 as well. G'Day, The original reporter has confirmed to me that this removes the segfault for him. It changes it to a 105 sec hang, (due to the winbind client trying for 5 second at at a time many times). Can I get a review on it so we can rid master and eventually 4.0 of this nasty crash? I've looked through this patches and have some improvements. The main problem is that we're not sure wbsrv_call_loop() is called again on the terminated connection, when the last pending request is finished. That's why I remember all broken connections and try to clean them up before accepting a new connection or processing any new request on any connection. This way we're sure the connection gets removed eventually. I'm currently running some autobuild with the attached patches, they might also fix the current flakey crashes, e.g. https://git.samba.org/autobuild.flakey/2013-07-08-0055/samba.stderr metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Do not close winbind socket during use
Am 09.07.2013 17:33, schrieb Stefan (metze) Metzmacher: Hi Andrew, Am 03.07.2013 09:44, schrieb Andrew Bartlett: On Thu, 2013-06-27 at 11:42 +1000, Andrew Bartlett wrote: On Wed, 2013-06-26 at 20:39 +1000, Andrew Bartlett wrote: On Mon, 2013-06-24 at 15:26 +, philippe.simo...@swisscom.com wrote: Hi Andrew, and by putting more num-callers : valgrind --num-callers=50 samba -i -M single Thanks for getting me that. I've managed to reproduce it here, but not under valgrind, and only when I hack the code to force a timeout. At least this should help me figure out why we process the winbind socket close, which is the crux of this issue. I think I've found the cause of the issue you are hitting. There is still another issue with the nested event loop in the krb5 libs, but these two patches should help significantly. As you have had more luck than I in reproducing this in a unaltered setting, please let me know if this helps. Patches are for git master, but may apply to 4.0 as well. G'Day, The original reporter has confirmed to me that this removes the segfault for him. It changes it to a 105 sec hang, (due to the winbind client trying for 5 second at at a time many times). Can I get a review on it so we can rid master and eventually 4.0 of this nasty crash? I've looked through this patches and have some improvements. The main problem is that we're not sure wbsrv_call_loop() is called again on the terminated connection, when the last pending request is finished. That's why I remember all broken connections and try to clean them up before accepting a new connection or processing any new request on any connection. This way we're sure the connection gets removed eventually. I'm currently running some autobuild with the attached patches, they might also fix the current flakey crashes, e.g. https://git.samba.org/autobuild.flakey/2013-07-08-0055/samba.stderr Here's the next try, which hopefully don't crash in make test :-) metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Do not close winbind socket during use
Am 09.07.2013 18:03, schrieb Stefan (metze) Metzmacher: Am 09.07.2013 17:33, schrieb Stefan (metze) Metzmacher: Hi Andrew, Am 03.07.2013 09:44, schrieb Andrew Bartlett: On Thu, 2013-06-27 at 11:42 +1000, Andrew Bartlett wrote: On Wed, 2013-06-26 at 20:39 +1000, Andrew Bartlett wrote: On Mon, 2013-06-24 at 15:26 +, philippe.simo...@swisscom.com wrote: Hi Andrew, and by putting more num-callers : valgrind --num-callers=50 samba -i -M single Thanks for getting me that. I've managed to reproduce it here, but not under valgrind, and only when I hack the code to force a timeout. At least this should help me figure out why we process the winbind socket close, which is the crux of this issue. I think I've found the cause of the issue you are hitting. There is still another issue with the nested event loop in the krb5 libs, but these two patches should help significantly. As you have had more luck than I in reproducing this in a unaltered setting, please let me know if this helps. Patches are for git master, but may apply to 4.0 as well. G'Day, The original reporter has confirmed to me that this removes the segfault for him. It changes it to a 105 sec hang, (due to the winbind client trying for 5 second at at a time many times). Can I get a review on it so we can rid master and eventually 4.0 of this nasty crash? I've looked through this patches and have some improvements. The main problem is that we're not sure wbsrv_call_loop() is called again on the terminated connection, when the last pending request is finished. That's why I remember all broken connections and try to clean them up before accepting a new connection or processing any new request on any connection. This way we're sure the connection gets removed eventually. I'm currently running some autobuild with the attached patches, they might also fix the current flakey crashes, e.g. https://git.samba.org/autobuild.flakey/2013-07-08-0055/samba.stderr Here's the next try, which hopefully don't crash in make test :-) Ok, it passed 4 times on master and 4 times on v4-0-test, if you're ok with it I'll squash my changes and the missing Pair-programmed-with:, Signed-off-by:, Reviewed-by: tags and push it... Are you fine with that? metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Do not close winbind socket during use
On Tue, 2013-07-09 at 22:36 +0200, Stefan (metze) Metzmacher wrote: Am 09.07.2013 18:03, schrieb Stefan (metze) Metzmacher: Am 09.07.2013 17:33, schrieb Stefan (metze) Metzmacher: Hi Andrew, Am 03.07.2013 09:44, schrieb Andrew Bartlett: On Thu, 2013-06-27 at 11:42 +1000, Andrew Bartlett wrote: On Wed, 2013-06-26 at 20:39 +1000, Andrew Bartlett wrote: On Mon, 2013-06-24 at 15:26 +, philippe.simo...@swisscom.com wrote: Hi Andrew, and by putting more num-callers : valgrind --num-callers=50 samba -i -M single Thanks for getting me that. I've managed to reproduce it here, but not under valgrind, and only when I hack the code to force a timeout. At least this should help me figure out why we process the winbind socket close, which is the crux of this issue. I think I've found the cause of the issue you are hitting. There is still another issue with the nested event loop in the krb5 libs, but these two patches should help significantly. As you have had more luck than I in reproducing this in a unaltered setting, please let me know if this helps. Patches are for git master, but may apply to 4.0 as well. G'Day, The original reporter has confirmed to me that this removes the segfault for him. It changes it to a 105 sec hang, (due to the winbind client trying for 5 second at at a time many times). Can I get a review on it so we can rid master and eventually 4.0 of this nasty crash? I've looked through this patches and have some improvements. The main problem is that we're not sure wbsrv_call_loop() is called again on the terminated connection, when the last pending request is finished. That's why I remember all broken connections and try to clean them up before accepting a new connection or processing any new request on any connection. This way we're sure the connection gets removed eventually. I'm currently running some autobuild with the attached patches, they might also fix the current flakey crashes, e.g. https://git.samba.org/autobuild.flakey/2013-07-08-0055/samba.stderr Here's the next try, which hopefully don't crash in make test :-) Ok, it passed 4 times on master and 4 times on v4-0-test, if you're ok with it I'll squash my changes and the missing Pair-programmed-with:, Signed-off-by:, Reviewed-by: tags and push it... Are you fine with that? Thanks, please do that. Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
On Tue, Jul 9, 2013 at 6:35 AM, Nicolas Pagliaro npagli...@espectador.com.uy wrote: Hi Nico, thanks for your answer. I don't need to have an AD server installed in my centos. I just needs to connect to my Windows DC that have AD because I need to have samba shares with AD users permissions. Now I remove all samba4 package with. Yum remove samba4* I am downloading the last version of samba from git samba and samba-commons The rpm that you made for me will work for me? I only publish RPM building tools, not binaries. I don't consider my github or other personally available repositories secure enough for me to publush such critical binaries as Samba, but I'm happy to publish open source tools that way. So you'd have to build it. But if you're wirking with an upstream supported, stable environment like CentOS or Scientific Linux, why experiment with new tools you don't need? I wind up needing the newer tools, but suggest that for just a plain client, you should be fine with the default Samba 3.x from CentOS. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba license
Hi, I want to use library of samba that license is GPLv2 in my program that is proprietary. Is it possible to modify the license to LGPL? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help Samba license
Hi, I want to use library of samba that license is GPLv2 in my program that is proprietary. The source code version of samba is 3.0.6. Is it possible to modify the license to LGPL? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba license
Hi, I want to use library of samba that license is GPLv2 in my program that is proprietary. The source code version of samba is 3.0.6. Is it possible to modify the license to LGPL? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cd36a3e lib/param: sync debug related options with source3/param via 5f93822 lib/ldb-samba: only debug LDB_DEBUG_TRACE at level 10 via 8e0752f lib/ldb-samba: make use of DBGC_LDB via baecc86 lib/util: add 'ldb' debug class from e6f79b9 tevent: document tevent_req_create state zeroing http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cd36a3e902813c065e14059d325f7628b06595aa Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 4 18:11:02 2013 +0200 lib/param: sync debug related options with source3/param The most important change is debug hires timestamp = Yes and syslog = 1. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Björn Jacke b...@sernet.de Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Tue Jul 9 17:15:15 CEST 2013 on sn-devel-104 commit 5f93822ede7ec3dc79a8057174342b2c6bb94a3b Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 13:56:35 2013 +0200 lib/ldb-samba: only debug LDB_DEBUG_TRACE at level 10 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Björn Jacke b...@sernet.de commit 8e0752f4d6feea35304377222d3dd487355e4120 Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 13:56:08 2013 +0200 lib/ldb-samba: make use of DBGC_LDB Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Björn Jacke b...@sernet.de commit baecc863de0ceb64187c6eb3545bf28706bd84fc Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 13:55:44 2013 +0200 lib/util: add 'ldb' debug class Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Björn Jacke b...@sernet.de --- Summary of changes: lib/ldb-samba/ldb_wrap.c |4 +++- lib/param/loadparm.c | 18 +- lib/util/debug.c |1 + lib/util/debug.h |3 ++- 4 files changed, 23 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb-samba/ldb_wrap.c b/lib/ldb-samba/ldb_wrap.c index 028bd6f..65956ef 100644 --- a/lib/ldb-samba/ldb_wrap.c +++ b/lib/ldb-samba/ldb_wrap.c @@ -37,6 +37,8 @@ #include ../lib/util/dlinklist.h #include tdb.h +#define DBGC_CLASS DBGC_LDB + /* this is used to catch debug messages from ldb */ @@ -58,7 +60,7 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level, samba_level = 2; break; case LDB_DEBUG_TRACE: - samba_level = 5; + samba_level = 10; break; }; diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 310f95a..455c5e6 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2083,6 +2083,15 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, log level, 0); + lpcfg_do_global_parameter(lp_ctx, syslog, 1); + lpcfg_do_global_parameter(lp_ctx, syslog only, No); + lpcfg_do_global_parameter(lp_ctx, debug timestamp, Yes); + lpcfg_do_global_parameter(lp_ctx, debug prefix timestamp, No); + lpcfg_do_global_parameter(lp_ctx, debug hires timestamp, Yes); + lpcfg_do_global_parameter(lp_ctx, debug pid, No); + lpcfg_do_global_parameter(lp_ctx, debug uid, No); + lpcfg_do_global_parameter(lp_ctx, debug class, No); + lpcfg_do_global_parameter(lp_ctx, share backend, classic); lpcfg_do_global_parameter(lp_ctx, server role, auto); @@ -2302,7 +2311,14 @@ static bool lpcfg_update(struct loadparm_context *lp_ctx) ZERO_STRUCT(settings); /* Add any more debug-related smb.conf parameters created in * future here */ - settings.timestamp_logs = true; + settings.syslog = lp_ctx-globals-syslog; + settings.syslog_only = lp_ctx-globals-bSyslogOnly; + settings.timestamp_logs = lp_ctx-globals-bTimestampLogs; + settings.debug_prefix_timestamp = lp_ctx-globals-bDebugPrefixTimestamp; + settings.debug_hires_timestamp = lp_ctx-globals-bDebugHiresTimestamp; + settings.debug_pid = lp_ctx-globals-bDebugPid; + settings.debug_uid = lp_ctx-globals-bDebugUid; + settings.debug_class = lp_ctx-globals-bDebugClass; debug_set_settings(settings); /* FIXME: This is a bit of a hack, but we can't use a global, since diff --git a/lib/util/debug.c b/lib/util/debug.c index 34aa76f..a46b275 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -178,6 +178,7 @@ static const char *default_classname_table[] = { registry, /* DBGC_REGISTRY */ scavenger, /* DBGC_SCAVENGER*/ dns, /* DBGC_DNS */ + ldb, /* DBGC_LDB */ NULL }; diff --git
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-07-09-1942/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-09-1942/samba3.stderr http://git.samba.org/autobuild.flakey/2013-07-09-1942/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-09-1942/samba.stderr http://git.samba.org/autobuild.flakey/2013-07-09-1942/samba.stdout The top commit at the time of the failure was: commit cd36a3e902813c065e14059d325f7628b06595aa Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 4 18:11:02 2013 +0200 lib/param: sync debug related options with source3/param The most important change is debug hires timestamp = Yes and syslog = 1. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Björn Jacke b...@sernet.de Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Tue Jul 9 17:15:15 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 577cef8 s3-smbstatus: display [u|g]id of -1 as -1 in connection list via c52e61f s3-lib: hide incomplete smbXsrv_tcon_global records via 53aa069 s3-lib: fix segf while reading incomplete session info (bug #10003) via 191e6b9 waf: Build with RELRO if supported by the compiler. via aef8aad smbd: Fix a profile problem from cd36a3e lib/param: sync debug related options with source3/param http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 577cef82c776759c9f3cad7d33057ac865c40769 Author: Björn Baumbach b...@sernet.de Date: Tue Jul 9 12:32:34 2013 +0200 s3-smbstatus: display [u|g]id of -1 as -1 in connection list In order to avoid displayed uid or gid of 4294967295 instead of -1, we need to fetch the special case -1. The id can be -1 if we are reading e.g. incomplete session information. Signed-off-by: Björn Baumbach b...@sernet.de Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Jul 10 01:18:30 CEST 2013 on sn-devel-104 commit c52e61f7ba215da28cbb7b8e328aea110ad79b11 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 8 16:31:13 2013 +0200 s3-lib: hide incomplete smbXsrv_tcon_global records Part of fix for bug #10003 Pair-programmed-with: Björn Baumbach b...@sernet.de Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Björn Baumbach b...@sernet.de Reviewed-by: Jeremy Allison j...@samba.org commit 53aa069b97070c73b782e2868b9b9686abe353cc Author: Björn Baumbach b...@sernet.de Date: Fri Jul 5 13:19:59 2013 +0200 s3-lib: fix segf while reading incomplete session info (bug #10003) Pair-programmed-with: Stefan Metzmacher me...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Björn Baumbach b...@sernet.de Reviewed-by: Jeremy Allison j...@samba.org commit 191e6b9441d6789ecc16a3a80eb36ec5b410c083 Author: Andreas Schneider a...@samba.org Date: Fri Jul 5 08:13:56 2013 +0200 waf: Build with RELRO if supported by the compiler. Make sure we create binaries with full RELocation Read-Only support. See https://isisblogs.poly.edu/2011/06/01/relro-relocation-read-only/ for more details. The default is to check if the compiler supports RELRO and then enable it. Specifying '--with-relro' will make it mandatory and '--without-relro' will disable it. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit aef8aad638b916026651d900b91e963897b31c1a Author: Volker Lendecke volker.lende...@sernet.de Date: Tue Jul 9 11:02:39 2013 -0700 smbd: Fix a profile problem When trying to read a profile, under certain circumstances Windows tries to read with its machine account first. The profile previously written was stored with an ACL that only allows access for the user and not the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using the machine account, making it retry with the user account (which would then succeed). Samba under these circumstances erroneously gives NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not retry. The reasons is the dropbox patch in unix_convert, turning EACCESS on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes the dropbox behaviour only kick in when we are creating a file. I think this is an abstraction violation. unix_convert() should not have to know about the create_disposition, but given that we have pathname resolution separated from the core open code right now this is the best we can do. Signed-off-by: Volker Lendecke volker.lende...@sernet.de Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: buildtools/wafsamba/wafsamba.py |2 + source3/lib/conn_tdb.c | 22 - source3/lib/sessionid_tdb.c | 15 source3/smbd/filename.c |3 +- source3/smbd/nttrans.c |6 +++- source3/smbd/reply.c| 48 -- source3/smbd/smb2_create.c |3 +- source3/smbd/smbd.h |1 + source3/utils/status.c | 24 --- wscript | 18 ++ 10 files changed, 104 insertions(+), 38 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py index aaa0939..caa6fb1 100644 --- a/buildtools/wafsamba/wafsamba.py +++ b/buildtools/wafsamba/wafsamba.py @@ -348,6 +348,8 @@ def SAMBA_BINARY(bld, binname, source,