Re: [Samba] About NAS versus Samba
On Fri, 2013-07-12 at 11:55 -0300, Fernando Lozano wrote: Hi Andrew, I work on a NAS product myself, and at this vendor and my previous vendor Samba 4.0 as an AD DC was all I ever needed to use to test the AD integration features of the NAS. Thanks, Andrew Bartlett Please tell me which product this is, so I can contact the local reseller. :-) You can send me in pvt if you think it would not be ethical to advertise your employee on the list. If I someone tell me this product works I can by knowing if something bad happens it's something I can solve. Sometimes the management interface for a product won't let you do things the embebed software could do, so I don't want to risk a product without someone telling me this one worked for me. My point was more that Samba 4.0 as an AD DC really is AD, certainly for as much as a NAS cares about. As discussed, most of these devices are Samba based anyway, and Samba talks very well to our Samba AD DC. The difference is with Samba's 'classic' domain mode (Samba 3.x), because we use a different config option for that. Some vendors do not expose this functionality. That said, it isn't a secret that I work on the NETGEAR ReadyNAS. Previously I worked on the now discontinued Cisco Small Buisness NAS product. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] WARNING to those running Samba on OpenIndiana or other Illumos based systems with 16 groups
On Wed, 2013-04-24 at 10:31 +1000, Andrew Bartlett wrote: Just a heads-up, because this bug took me absolutely ages to chase down, and I want to save others the same pain. Samba is perhaps the most prominent reason why you might find a user in more than 16 groups on a Unix system, and so this bug may at first appear to be a 'Samba issue' (that certainly is why it found it's way to my attention :-) https://www.illumos.org/issues/3691 In short, unless the group list we supply to setgroups() is sorted, if there are more than 16 groups, the Illumos kernel fails to honour some of the groups. Presumably there is a bisection search being done. The symptom for Samba users is that as a user is added to more groups, they loose access to folders they previously had access too. Attached is a total hack that appears to resolve the issue, but the real fix needs to be in glibc or the kernel. Just as a follow-up, if you experience this please also see https://www.illumos.org/issues/3577 and https://bugzilla.samba.org/show_bug.cgi?id=7588 for WORKAROUNDS if you cannot fix/change your host OS. There is a patch for nss_winbind and smbd attached to that bug, both of which are required to ensure both Samba and other unix applications see all the windows groups. As we have now had success getting this fixed upstream I've not had time to get back to applying these to Samba when we run on Solaris, but the view was that for the small cost of a qsort we probably should. If a DENY ACL is involved, this may also be a SECURITY issue, which is how we finally got the route cause addressed upstream. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 - error during classicupgrade
On Tue, 2013-07-09 at 14:49 +0200, Stéphane PURNELLE wrote: Hi all, I found the problem, unsupported character in displayName prjLeudi+, samba don't like the charecter + in displayName. The bug here is that we should have escaped this value before we put it into the DN. Next problem: SID on user Administrator. samba-tool classicupgrade don't terminate correcly because I saw that Administrator user don't have the correct SID (ending -500). We have 2 administrator user (in french and in english) : Administrateur Administrator SID S-1-5-21-4023731279-819928261-1073345436-500 is on user Administrateur. How can I force samba to by pass this test ? What is happening here is that we simply ignore the -500 user from your import, and then re-add the administrator. The issue is that we add it in english, so if you have a second administrator (a bad idea in my view) it will collide. Just remove that from the import source before you start. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Classicupgrade set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER
Hi, I have a problem during the classicupgrade. The problem was discussed in march on this list, but there seems to be nosolution. Can anyone help? ... Setting password for administrator Administrator password has been set to password of user 'root' idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py, line 932, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File /usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py, line 1562, in setsysvolacl setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) File /usr/local/samba/lib64/python2.7/site-packages/samba/ntacls.py, line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) Regards Axel Urban -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-07-14-1646/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-14-1646/samba3.stderr http://git.samba.org/autobuild.flakey/2013-07-14-1646/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-14-1646/samba.stderr http://git.samba.org/autobuild.flakey/2013-07-14-1646/samba.stdout The top commit at the time of the failure was: commit 940395d38bcc348eb5f1be7ba03cd554d9d3bc93 Author: Volker Lendecke v...@samba.org Date: Thu Jul 11 16:22:26 2013 +0200 smbd: Fix a 100% loop at shutdown time In the destructor of fsp-aio_requests[0] we put another request into fsp-aio_requests[0]. Don't overwrite that with TALLOC_FREE. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Jul 11 20:56:42 CEST 2013 on sn-devel-104